hacker news with inline top comments    .. more ..    24 Jun 2011 News
home   ask   best   7 years ago   
1
Team Fortress 2 now free forever teamfortress.com
156 points by cookiecaper  3 hours ago   59 comments top 11
1
brianwillis 2 hours ago 3 replies      
If you care about gaming in any way, you owe it to yourself to give TF2 a try. It's quite complex, with intricate levels and lots of weapons, but it's easy to learn and you don't need to have every concept fully understood before you dive in.

I've also been surprised by the community that surrounds TF2. People are usually pretty nice about answering questions over chat, as opposed to Xbox Live where all communication comes in the form of racial slurs.

2
cookiecaper 2 hours ago 1 reply      
For the record, TF2 runs excellently on WINE and that's how I play it. Don't let the non-Linuxness of the game put you off.
3
patio11 2 hours ago 2 replies      
I've been saying for years that US gamers have been voting for the Korean/Chinese economic model: free clients and paid content locked down on company-owned servers. Hug your local pirate; you won't be able to buy any major PC games in ten years because the notion of selling games will be quaint.
4
retlehs 3 hours ago 2 replies      
TF2 is an extremely fun game. Looks like there's a Hacker News group on Steam with a few members..

http://steamcommunity.com/groups/newsyc

5
bprater 3 hours ago 1 reply      
League of Legends is a free game that has been making a big splash in monetizing through in-game purchases, which I believe TF2 is doing now? I'm wondering if Valve is making a similar big play in this area?
6
true_religion 3 hours ago 4 replies      
I'm curious if they're planning to fund the sever maintenance cost simply by selling hats.

I knew that microtransactions were a viable money maker, but not to this extent.

7
aaronbrethorst 3 hours ago 7 replies      
I don't suppose anyone knows why Valve made TF2 free, do they?

edit: Steam adoption+in-app purchases. Good call.

8
fuzionmonkey 2 hours ago 3 replies      
I think there's no doubt this is great for Valve.

But as a player who dearly misses vanilla TF2, how is Valve going to combat the influx of greifers and hackers? What stops someone from running TF2 in a VM and continually making new accounts?

I wish there was a way to bring back TF2 as it originally was (no hats, no gimmicks). But I guess the transition to gaming as a service was inevitable. Valve has been going in that direction for a long time.

I hope they do make a proper Half-Life 3.

9
natesm 2 hours ago 2 replies      
I wonder how they'll deal with cheaters, since you can now have infinite copies for free.
10
Sheepol 1 hour ago 1 reply      
What if I don't want to install that trashy Steam app?

If Steam is required, it's a gimmick and a joke.

11
jbermudes 3 hours ago 2 replies      
Well, at least until the Steam authentication servers go offline if Valve ever shuts down. While Gabe Newell has been quoted as saying that if that were to happen they would unlock everyone's games, it bugs me that there has been no official offer of such. Until then, people can continue to point at Steam and say "but DRM == evil!"
2
House Keys copyable from 200 ft away via camera ucsd.edu
53 points by nl  2 hours ago   23 comments top 10
1
slapshot 1 hour ago 2 replies      
This is perhaps an unintentional demonstration that "insecure against absurdly complex and specific attacks" does not always mean "insecure."

For a web system that is under attack 24/7 from 255^4 different attack vectors, you need "secure against even absurdly complex attacks" to be "secure."

But for my house? Your average thief isn't going to spend the time to take a high-res photo of my keys. Instead, they're just going to beat me until I give them my keys (the original "rubber-hose crytography") or just take a crowbar to the door. It's just not worth it to use such a complex attack.

(Yes, I can see uses for being able to break in without giving away the fact of the breakin, and I'd be surprised if the CIA/NSA/etc hadn't already used a similar technique, but for everyday life it's just a cool theoretical hack that would make a great plot point in a Neil Stephenson novel.)

2
InclinedPlane 1 hour ago 1 reply      
House locks pickable from 0ft away via $15 lock pick set. Or, you know, a crowbar.

A lock keeps out casual thieves, nothing more.

3
code_duck 1 hour ago 0 replies      
The quote "We built our key duplication software system to show people that their keys are not inherently secret" is interesting. Do the public and the authorities have a different attitude when you do this with physical security vs. electronic? Sometimes people have been threatened or even arrested for demonstrating vulnerabilities, as we know.
4
ChuckMcM 1 hour ago 0 replies      
Wow. It doesn't help that 'blanks' are standard and the number of pins in the lock is knowable. It is a nice piece of work, I expect to see it get re-used on all the cop shows :-)
5
k33l0r 59 minutes ago 1 reply      
I wonder if this also works for the Abloy locks which are the most common type here in Finland: http://en.m.wikipedia.org/wiki/Disc_tumbler_lock
6
pittsburgh 1 hour ago 1 reply      
This reminds me of the story from a few years ago when Diebold got itself in trouble for showing pictures of their voting machine keys online: http://www.bradblog.com/?p=4066#more-4066

This also has me thinking about the "Light Field" story from two days ago. ( http://www.hackerne.ws/item?id=2681554 ) If that technology becomes common, and camera resolutions continue to improve, I bet you could lift people's thumbprints from photos of them waving on Flickr. That sucks if you use a biometric thumb lock like they do in the shared office space I work out of.

Your thumbprint is like a password which you can never change. If your thumbprint appears in a single photo of you ever, there's no locksmith that can help you get that JPEG back from Lulzsec! :-)

7
waitwhatwhoa 1 hour ago 0 replies      
Great to see UC San Diego research on the front page again :)

a similar technology has been commercialized: http://dittokey.com/

also similar but relatively unrelated: http://eclecti.cc/hardware/physical-keygen-duplicating-house...

These efforts are unaffiliated with the authors but provide a far more tangible result.

8
Hilyin 1 hour ago 0 replies      
This is way more complicated than just bumping the lock. http://www.youtube.com/watch?v=7xkkS2p7SuQ
9
Arro 44 minutes ago 0 replies      
Hey UCSD, see this: http://en.wikipedia.org/wiki/Wikipedia:Don%27t_stuff_beans_u...

I know you're not responsible for other people's actions, but releasing this story may do more harm than good.

10
baconface 1 hour ago 0 replies      
Sounds perfect for a RepRap :D
3
Instapaper Server Update instapaper.com
65 points by psychotik  3 hours ago   16 comments top 5
1
tswicegood 2 hours ago 2 replies      
+1 to the attitude. It's all about getting the service back up and making it better. We (collectively) tend to spend too much time trying to figure out who to blame instead of just doing the cool shit that needs to be done. Kudos!
2
cheald 2 hours ago 1 reply      
Out of curiosity, does anyone know how volume-level encryption (like dm-crypt) holds up against this sort of thing? I find myself wondering what I'd tell customers if my server were seized as collateral damage like Instapaper's were. Will that sort of encryption serve as a plausible safeguard of customer data, or is it more of a padlock (easily broken with the right tools)?
3
ck2 2 hours ago 2 replies      
Assume all data on the drives has been cloned.

There's little chance they didn't.

4
gojomo 1 hour ago 0 replies      
Should services consider storing all user data on encrypted volumes?

Pro: after a powerdown, seizure/theft/cloning of the volume won' reveal user data

Con: need a secure way to supply decryption passphrase on each reboot

5
ichilton 2 hours ago 1 reply      
I hope he securely erased the data rather than just deleting it, otherwise it might not be just the FBI who have potentially got a copy...
4
The FBI stole an Instapaper server in an unrelated raid instapaper.com
508 points by garethr  15 hours ago   225 comments top 27
1
Xk 14 hours ago  replies      
Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe.

--

Obligatory statement on NEVER USING SHA-1 HASHES to make passwords "safe".

Any normal person can brute force millions of SHA-1 hashes (salted however much you want) per second on a GPU.

If the FBI so wanted (although I don't believe they do) I'm sure they could brute force almost every single password in that database. Granted, it's the government and they have better ways of obtaining such information, but if there is someone the FBI is watching on Instapaper's databases and they so wanted, storing the SHA-1 hash of the password all but handed them over to the FBI.

I am now glad my Instapaper password was generated randomly, 16 characters long, and I will now change it just to be safe.

For anyone running a database which stores ussername/passwords, take a look at bcrypt or scrypt. They're millions (no, I am not exaggerating) of time better than SHA-1.

(Edit: Grammar)

2
jsdalton 14 hours ago 1 reply      
Surely there is a legal precedent which provides at least some framework for what can or cannot be seized during a warrant search? This can't be the first time government agents have mistakenly seized property in an otherwise lawful search.

Also, while I completely understand Instapaper's unwillingness to pursue this through the courts, that is the way our legal system is structured. If you believe you have been harmed in some way by a government action, the courts are the avenue through which you must obtain recourse.

(Not a lawyer, so if I'm wrong about any of the above please correct me.)

3
mrcharles 14 hours ago 1 reply      
The more I think about it, the more I think this should be treated the same as any of the other thefts of data information to have happened in the past few months. Sony, Toyota, Sega, etc. A potentially hostile group now has a ton of personal info. People should know.
4
nbpoole 14 hours ago 3 replies      
So, the FBI has a copy of Instapaper's complete database and a copy of their website code. The database includes:

- Salted SHA-1 hashed passwords for Instapaper

- Encrypted passwords for linked Pinboard accounts (with the encryption key stored in the website code)

- OAuth tokens for linked Facebook/Twitter/Tumblr accounts (and presumably also the secret keys used by Instapaper to use those tokens).

That's (potentially) a lot of personal information.

5
justinweiss 4 hours ago 1 reply      
Looks like it's back:

http://twitter.com/instapaper/status/84106275796946944

"As of 2 minutes ago, my DigitalOne server is back online. The logs indicate that it was off and not booted during the time it was missing."

6
mrcharles 14 hours ago 4 replies      
All the more reason for data havens to exist. Run your server from a country where the police can't just take it with impunity.
7
bestes 14 hours ago 1 reply      
I think the OP was unreasonably harsh on DigitalOne (never heard of them let alone have any interests). It is very possible that they are consumed with FBI questioning, gag orders or who knows what else. I would give them a pass for a few days until more detail comes out.
8
johngalt 12 hours ago 1 reply      
Why isn't Facebook having their servers seized? Google? Amazon? If the FBI is really targeting the "badguys" I'm sure there have been more badguys using facebook/gmail/AWS than any single colo.

Why haven't there been similar seizures of any larger corporate entities? Even if the current FBI practices are valid, should the application of those practices be a function of size/wealth/power? Which servers of Sony's were seized after distributing rootkits?

9
yuvadam 14 hours ago  replies      
I'm trying to think of an analogy which can explain why this might be reasonable from the FBIs perspective.

Suppose you were using a shared storage space (shared servers, or server farm) with several other dudes. One of them is a drug dealer. One day the police/FBI decide to raid the storage space since the drug dealer has been using it to store illegal drugs.

Is it not reasonable to consider this collateral damage (which, granted, is totally unnecessary) during law enforcement operations?

I'm not saying this is OK in any case, but might this not be a reasonable move by the law enforcement agencies?

10
leon_ 14 hours ago 1 reply      
Hmm. I've built something similar to instapaper for myself. (Using a native OS X app). People were making jokes at me how I was re-inventing the wheel.

Now I'm somewhat happy having done the extra work. At least the FBI doesn't have my "read later" bookmarks. (Which often consist of the words 'hack', 'malware' and 'reverse engineering'.)

I guess I will reinvent the wheel instead of using cloud services more often in the future.

11
smackfu 12 hours ago 1 reply      
To be clear, the server stopped responding, and the host he is paying for the server has not responded at all. The server could simply be unplugged, or all the network cables were unplugged during the raid. Who knows? I guess "The FBI stole my server is a better headline" though.

In my experience with our leased data center cages, we are expected to fly in to town if we ever need to physically manipulate the servers or even plug things in. The data center employees don't even go into the locked cages.

If the FBI forced open a locked cage, and did stuff in there, I would not expect anything to be addressed until DigitalOne showed up to fix it.

12
tritchey 13 hours ago 0 replies      
"a Swiss hosting company leasing blade servers"

If they are truly blade servers, then they were possibly sharing the same chassis, power supply and backplane. Could the FBI have pulled just the blades in question? Possibly. But I can very easily imagine the entire blade chassis being viewed as a monolithic component that they would want to be able to perform whatever forensic analysis they are planning. They could also have pulled whatever blades they were not after, and left them, but until you replace the chassis, you are dead in the water.

13
teoruiz 14 hours ago 1 reply      
I can't help to compare this raid with the feds raid to the Novus Ordo Seclorum hosting company pictured in Cryptonomicon.
14
gokhan 11 hours ago 1 reply      
What's the proper way of storing OAuth tokens in this situation? Given that all the tokens of users and your private key is on the server (even if it's embedded in code), there's no way for Instapaper for keeping those tokens secure in case of a compromise (by FBI or Lulzdudes or anyone).

Seems like Instapaper should change it's private key for, say, Facebook.

15
iqster 3 hours ago 0 replies      
16
Astrohacker 14 hours ago 4 replies      
I think it may be prudent to begin encrypting all data on disk that can reasonably be encrypted while being able to set up the server remotely so that no one can just snatch your server and get all your data.

This could work by encrypting your database in a truecrypt volume that must be mounted by entering the password. Thus, the data is only ever saved on disk in encrypted form, and the key to access the data is not saved on the disk. Of course, it is still in principle possible for anyone to access that information if they have physical access to the computer while it's running, but at least this makes that much harder.

17
mmaunder 13 hours ago 0 replies      
Contact the ACLU, they will probably take your case.
18
ChuckMcM 11 hours ago 0 replies      
It would make for an interesting Freedom of Information (equipment) request. "Give me my damn server back." But the damage is of course done.

If you are a voting citizen of the US I recommend you write (not email, write a letter, put postage on it and everything) to your elected congressional representatives and ask that Congress immediately put curbs on the police powers of the FBI when it comes to infrastructure seizures.

19
andrewcooke 14 hours ago 0 replies      
is there a better solution that encrypting data and putting the password in the source? obviously this is for cases where you can't use a hash.

it seems to me that, at least, it would make sense to have the db and web server physically separate in that case (although i guess someone stealing hardware is not normally a common scenario).

20
jarin 14 hours ago 3 replies      
Looks like the FBI is operating from the Department of Homeland Security playbook now.
21
engtech 3 hours ago 0 replies      
Julian Assange stated that the feds have backdoor, no court order access to gmail, yahoo, facebook, et all.

Why worry about this?

23
bproper 11 hours ago 1 reply      
You think it's a coincidence they nabbed Whitey Bulger this morning, after 16 years on the run?

His Instapaper account was probably full of stories about Santa Monica.

24
drjoem 14 hours ago 2 replies      
i am wondering why these companies wern't using EC2?
25
bhartzer 12 hours ago 0 replies      
yet another reason to make regular backups of your site.
26
gcb 12 hours ago 0 replies      
who watches the watchers?
27
tptacek 14 hours ago 0 replies      
I didn't downvote you, but your "If you're the FBI and you want X, you'd simply Y" has nothing to do with reality. In reality, when any law enforcement organization needs digital evidence of any kind, they take everything. There are chain-of-custody rules that require it.
6
Kind of Screwed waxy.org
515 points by joshuacc  17 hours ago   205 comments top 29
1
grellas 15 hours ago 5 replies      
The legal process will grind you in any serious dispute against a determined adversary.

Get a supremely optimal outcome and get the case dismissed right out the gate because it is legally defective even assuming all the facts alleged are true? Sticker price: $10K and up (more likely $25K to $50K to make it definitive after several opportunities to amend are given to the adversary).

Go through discovery to find out what witnesses will say on deposition, dig through all key documents, and then move for and get a summary judgment before trial by which a case is tossed on grounds that the law allows only one result based on material facts that are undisputed bearing on the legal point? Sticker price: $100K and up, with a year or more of grief thrown in as a bonus.

Go through trial and get vindicated by a judge or jury based on a complete presentation of evidence? Sticker price: $250K and up, after a year or two (or more) of wrangling.

And don't forget the appeals.

Most cases never get to trial and cost is a major factor prompting litigants to settle even though they are not particularly happy with an outcome. Charles Dickens, though he exaggerated for dramatic effect, got the spirit of this right in Bleak House (http://en.wikipedia.org/wiki/Jarndyce_and_Jarndyce), and little has changed since.

This, by the way, doesn't mean that you can't defend against cease-and-desist demands. Costs cut both ways. But it is sad how many times parties who are right nonetheless must fold because the costs of engaging (monetary and otherwise) are just not worth it.

2
Confusion 16 hours ago  replies      

  And it's worth noting that trying to license the image
would have been moot. When asked how much he would've
charged for a license, Maisel told his lawyer that he
would never have granted a license for the pixel art. "He
is a purist when it comes to his photography," his lawyer
wrote. "With this in mind, I am certain you can understand
that he felt violated to find his image of Miles Davis,
one of his most well-known and highly-regarded images, had
been pixellated , without his permission, and used in a
number of forms including on several websites accessible
around the world."

The pixelated version was incredibly appropriate for a chiptune tribute and anyone that claims to care about art should applaud such a use of an imitation, mockup or inspired work. I don't like artists who think their work is so special that any change ruins it. 99.999% of people don't care about his original 'masterpiece' in any way, but a few more may care now that there was a different rendition of it. Artists should recognize there is a bit of luck involved in them and their art becoming famous. For every well known great artist, there are ten who were better, but simply didn't become known.

3
swilliams 15 hours ago 4 replies      
What would the reaction be if, for the sake of argument, EMI took a photo that a small independent photographer made, ran it through what looks like a basic Photoshop filter, and slapped it on the next Coldplay album? Internet outrage right?

And then what would happen if the photographer sued EMI and Coldplay, and won a $32K settlement? I'm guessing the Internet would either be satisfied or angry that $32K is too little for such deep pockets.

I understand and agree that Jay was too vicious in this, but how is he in the wrong again?

4
jordanb 11 hours ago 0 replies      
It strikes me that very few people would have seen the remixed artwork had Maisel not insisted on extracting his "pound of flesh" from Andy. Now it's going to be spread all over the internet -- along with the story of Maisel's self-righteous ego.

Could this be a new variation of the Streisand Effect? Lawyering up on some inconsequential copyright violation and getting your poor behavior broadcast across the entire internet? Should it be the Maisel Effect or does Sony already have trademark?

5
SoftwareMaven 12 hours ago 1 reply      
I know this will be an unpopular viewpoint here, but the pixel representation looked really similar to the original, to the point that I wouldn't be able to tell the difference at 5 feet.

I appreciate what the author was trying to accomplish, and my geek side totally understands the transformative nature, my photographer side thinks it is too close, especially for a commercial work.

I don't think this was a case of "Internet entitlement", but rather a case of two cultures clashing, which is unfortunate, because the cover fit the album so well.

6
tensafefrogs 15 hours ago 2 replies      
Wow. To add some other interesting info to this, Jay Maisel is the owner of (and lives in) a large building in lower manhattan 190 Bowery. If you've ever walked past this building you'd recognize it as it's covered in street art all the time, and is constantly changing as more art is added and falls apart.

I always though Jay was a good guy for letting artists use that space (even if it was a silent agreement), but maybe that's not the case...

Not that it directly involves this case of fair use, but that building is worth millions of dollars, so Jay was doing this for the sake of "artistic purity" or whatever you want to call it, not because he's a starving photographer...

An article about his building a few years back:
http://nymag.com/realestate/vu/2008/09/50481/

7
ChrisLTD 14 hours ago 1 reply      
It's ridiculous that a photograph from 50 years ago is still under copyright.

Copyright law is supposed to encourage artists to create new work. However, it's been perverted to let artists (but mostly large corporations) milk money from a single cow in perpetuity.

8
jellicle 13 hours ago 0 replies      
Every time copyright comes up, there are always small, independent artists/programmers/writers who chime in and say "I love copyright! It protects me!" and every time I point out, no, actually, you only get screwed by copyright maximization.

I want to forcefeed this article to all of them.

9
pinko 16 hours ago 2 replies      
The "extra credit" question at the end is a fascinating one, I think. I would /love/ to hear the opposing side's answer, since we know the first image is not acceptable to them and presumably the final image would have to be.
10
noahc 15 hours ago 0 replies      
Would have putting this project into its own LLC (or other business structure) have been beneficial in anyway?
11
gallerytungsten 16 hours ago  replies      
You can read the seeds of the downfall in his own words:

"I went out of my way to make sure the entire project was above board, licensing all the cover songs from Miles Davis's publisher..."

All well and good; or mostly well and good, as he didn't seek to license the cover shot. Therefore, the "entire project" wasn't "above board" and the statement above is disingenuous. So why didn't he try to license the cover shot? Apparently, he thought that wasn't necessary. Leading to this conclusion:

"If you're borrowing inspiration from any copyrighted material, even if it seems clear to you that your use is transformational, you're in danger. If your use is commercial and/or potentially objectionable, seek permission."

As a visual artist, I don't like getting ripped off. It's happened any number of times, on a small scale. So I can sympathize with Maisel, even if he comes across as a hardass. I can also sympathize with Baio, but not as much, because he explains pretty clearly how he did it to himself.

I should also note that the US Congress ratified the Berne Copyright Convention, which includes protection of the "moral right of the artist." This includes explicit protection against someone else modifying one's work.

One person's "transformation" is another's "mutilation."

12
figital 16 hours ago 1 reply      
Now you'll be sued by Yahoo: http://www.delicious.com/favicon.ico
13
uptown 16 hours ago 3 replies      
So he agrees to a settlement where he pays a fine, and agrees to never use the artwork again … and then he goes and uses the same image as well as a variety of other variations of that image as part of his blog-post on a website at least partially supported by ads?
14
natural219 16 hours ago 1 reply      
This is way off-topic, but that last frame of the extra credit looks like a beautiful color scheme for a website. Not that I'm going to steal it, you know, or anything..
15
afterburner 14 hours ago 1 reply      
I wonder here if a "loser pays" rule, where the loser pays the other party's legal bill in part or in full, would have encouraged the author to pursue his defense longer.
16
6ren 14 hours ago 0 replies      
It's unpopular, but I tend to side with the creator in copyright cases. I like creators. But in this case, they're both creators.

One point: I think a mechanically produced low-resolution version of the image would not be "transformational". The image here does look mostly like that - an exception is the tie, which is rendered as if flat, to preserve the pattern. I think if all or most or enough of it was like that - a sort of cubist version - it would be transformational.

It really sucks to pay tens of thousands of dollars. And the experience itself sucks even more. The guy should have just got an injunction, not damages etc. Though I guess, many had been sold already - it was too late to prevent the problem. The only justification I can think of for the artist is to cover his own legal costs. I wonder if he would have just asked Maisel to stop, with no lawyers involved, if he'd known in time? OTOH, Maisel firmly believes he was in the right - so I also wonder if he would have stopped? Maybe lawyers - and their costs - had to be involved

17
jianshen 13 hours ago 0 replies      
I've always been curious about how many Etsy-type stores sell video game trinkets referring to classic video games without asking for permission from the original game makers. Somebody recently told me that the general rule is "if they havent't made a similar product in the market, then go right ahead", which didn't comfort me much.

Are there any landmark cases that have set good precedence for fair use online beyond allowing for parodies of works?

18
kanamekun 4 hours ago 0 replies      
Andy could do a new Kickstarter to fund a short documentary about digital reinterpretations of copyrighted works. The profits could be used to raise money to pay off the settlement.

If you're reading this Andy: just make sure that you don't use the same image in your documentary! :-)

19
JacobIrwin 5 hours ago 0 replies      
Valid point are made throughout. I suppose we must keep in mind the balance that must be maintained:

1.) Protecting the rights of artists - those who dedicate their resources to CREATE

2.) And along the same lines, offering the freedom of expression to newcomers; re-creating art through new mediums.

20
marckremers 13 hours ago 0 replies      
That's your new cover right there: http://marckremers.com/hn/md.png
21
aptsurdist 14 hours ago 0 replies      
A couple little images that are hopefully a show of support:
http://aptsurdist.wordpress.com/2011/06/23/a-story-by-waxy-o...
22
mgeraci 10 hours ago 0 replies      
For what it's worth, if any of you haven't heard Kind of Bloop yet, it is fantastic. Seems like HNers are basically the target market for it, too.

Coming from knowing Kind of Blue very well, it's fascinating to hear what other people take from Miles' songs, and I've caught things from Kind of Bloop that I had never noticed in the original. Highly recommended.

23
BasDirks 13 hours ago 0 replies      
When you sell things make sure they are yours, or you'll get burned by the decadent dinosaurs they belong to.
24
njharman 11 hours ago 1 reply      
Definitely seems clearly to be a derivative work and a copyright violation.
25
VMG 16 hours ago 2 replies      
mirror?
26
Spines11 16 hours ago 1 reply      
It sure seems like fair use to me, especially since he had his friend draw it, rather than deriving it from the original by putting the original through a pixelating program or something.

It's sad that since the potential losses of going to court are so high, most people have no option other than to settle.

27
smackfu 16 hours ago 0 replies      
Maybe if it wasn't also being used for an album cover it would have flown under the radar more. Also using photos as your source material gets you more attention since photographers are constantly having to track down copycats.
28
Fooman 16 hours ago 1 reply      
If I took his album "Kind of Bloop" and compressed it by 50%, could I start selling it as my own? Andy sez that is cool.

I don't see Andy's side at all.

The artwork is a copy, used for commercial purposes and without permission.

Copyright restricts copying. This isn't fair use. It isn't a parody or an even an homage " which can blur the line.

29
th0ma5 17 hours ago 3 replies      
At $8300 a month for http://decknetwork.net/ advertising, it is compelling that this sort of content can both 1) have this kind of viral platform for current issues surrounding intellectual property as it is now and 2) allow you to support and/or be complicit in the ongoing battle.
7
The lsm command for Latent Semantic Mapping apple.com
32 points by lars512  3 hours ago   9 comments top 4
1
lars512 1 hour ago 1 reply      
Latent semantic mapping is a technique which takes a large number of text documents, maps them to term frequency vectors (vector-space semantics), and performs dimensionality reduction into a smaller semantic space. This then lets you determine how similar in meaning different documents are. You can use this for a variety of tasks.

Wikipedia: Latent Semantic Mapping
http://en.wikipedia.org/wiki/Latent_semantic_mapping

WWDC 2011 talk, now available: "Latent semantic mapping: exposing the meaning behind words and documents"
https://developer.apple.com/videos/wwdc/2011/

2
wooster 1 hour ago 0 replies      
We used this, when I was at Apple, to make the Parental Controls web content filter (which I worked on), among other things. It works surprisingly well.
3
yters 1 hour ago 0 replies      
How have you used this? Looks pretty interesting.
4
spitfire 3 hours ago 1 reply      
I just can't ever see Microsoft shipping something like this available to every user. This sort of quiet progress is why I like Apple. Sure they highlight the glossy stuff, but below the surface there's so much blood and guts progress.
8
Camera+: The Road to 3 Million (infographic) taptaptap.com
64 points by Titanous  6 hours ago   12 comments top 10
1
theli0nheart 4 hours ago 0 replies      
Now this is what I call an infographic!

Unlike many others which I have seen in the recent past, this infographic delivers a ton of data in a very clear, concise, easy to parse way.

I can't stand those infographics that just throw a bunch of numbers onto a canvas and expect it to make any sense. There was one on bottled water [1] that was a perfect example of this.

[1]: http://www.onlineeducation.net/bottled_water

2
kelnos 4 hours ago 0 replies      
Not bad, $2.7m in sales over a year, 8 people, gives you around $350k per person. Presumably they're not sharing equally, but that's still not a bad return for the first year on the market. I wonder how many person-years it took to build and market... I would assume less than 8, so they seem to have done pretty well for themselves.
3
athst 1 hour ago 0 replies      
The first infographic I've seen in a while that is actually good - insightful data, good design, and it actually has real analysis behind it. I don't think I've ever seen a circle time chart like that before - really cool.
4
zach 1 hour ago 0 replies      
Worth pointing out that the Instagram launch was on October 6, right in the middle of that gap between Camera+'s banhammering over VolumeSnap and their December reinstatement. Talk about great timing.
5
keyle 5 hours ago 0 replies      
I now use it pretty much every day. I've only got good things to say about this app.

http://www.flickr.com/photos/lightfocus/

Sadly, they never responded to my improvement suggestion list. Now I see why.

6
hrabago 4 hours ago 1 reply      
I wonder how they got the top effects and scene mode numbers. Do they send usage information from the app to their servers?
7
bryonrealey 4 hours ago 0 replies      
Camera+ is the single best app I've added to my iPhone4!
8
smackfu 4 hours ago 0 replies      
Enough with the infographics!
9
superstructor 4 hours ago 0 replies      
This is a must have application for iPhone4. Its far superior to every other photo app and I've tried them all. If you ever use your camera, at all, buy this app.
10
resnamen 2 hours ago 1 reply      
This is the web, not a magazine. We don't need information packaged in this form. I don't like this trend; it's abusive to my scrollwheel.
9
Nevada passes law authorizing driverless cars forbes.com
361 points by iqster  15 hours ago   177 comments top 24
1
alanh 13 hours ago  replies      
We expect people to be frightened of robotic cars for the same reason they are scared of dying in a plane crash: Some deep-seated fear of dying in a manner that isn't our own fault. Thoughts:

1) Marketing/PR for autonomous vehicles needs to really drive home their safety, so when you hear “robot car,” you think “… saves lives.”

2) Is it hard to imagine the opposite fear in children born 10 years from now? Having seen mostly robotic cars in real life, and human-driven cars getting in accidents on TV and in movies, might the child of the future react with terror when the robotic chauffeur intones, “human driver detected, approaching from rear”?

2
mkr-hn 15 hours ago  replies      
I think driverless cars could be the future of public transportation. Instead of big trains and buses with limited reach, we would have thousands of public vehicles that take you where you need to go when you need to be there. It eliminates the big barriers to public transport--the lack of personal space, timing, and reach.

No car? Just hop on the municipal/county dispatch website, request a car, pay your fee, and wait for the nearest open vehicle to bring itself to you. It can even coexist peacefully with private transportation.

3
iqster 15 hours ago 0 replies      
Apparently, Google had been lobbying the state of Nevada for this.

It's very interesting to read this Scientific American article from late May (mentions Google's lobbying efforts):
http://www.scientificamerican.com/article.cfm?id=google-driv...

Edit: NY Times article talking about this more directly ...
http://www.nytimes.com/2011/05/11/science/11drive.html?_r=1

4
kellishaver 13 hours ago 1 reply      
As an individual who is legally blind and cannot drive, I very much welcome the day when this technology becomes wide-spread and affordable.

It is extremely annoying to be in your mid 30's and have to rely on/inconvenience someone else to drive you around.

So whether it were getting my own vehicle or seeing vast improvements made to less-than ideal public transportation systems, either would be great.

5
stevenp 13 hours ago 1 reply      
This means there's going to be a market for in-car bar equipment! Someone is going to make millions on DC-powered blenders and cup holders that can safely accomodate cocktail shakers. :)
6
rdouble 12 hours ago 2 replies      
I'm surprised by the comments that imply we'll solve traffic congestion and be snoozing safely in the passenger seat as our robot cars zip us to work in 10-20 years. I live in a technical world where a team of geniuses can barely keep a system up that exchanges 140 character messages.
7
cal5k 15 hours ago 1 reply      
This is great news! Nevada is pretty consistently willing to be the reference case on a lot of forward-thinking ideas.
8
roundsquare 2 hours ago 0 replies      
Interesting that the limited the law to highways (edit: the law limited the use of autonomous vehicles to highways) (section 2, paragraph 1). I suppose it makes sense since highway driving is more predictable but its also higher speed and thus accidents are more dangerous. Also, this limitation would require the presence of a human driver to get the car to the highway.
9
wccrawford 15 hours ago 5 replies      
I really didn't expect this to happen within 10 years. I'm amazed that this happened so fast.
10
rmason 11 hours ago 1 reply      
My state of Michigan is known as the birthplace of the automobile. We had the first stretch of paved road in the world as well as the first stoplight.

But we've abdicated our leadership in the automotive industry by turning our back on this development. Michigan rightly should have been the first state to legalize this technology.

It seems as if the auto technology breakthroughs are coming from Silicon Valley. Bob Lutz said the Chevy Volt was developed in response to the Tesla's embarassing us. Now its Google's turn to embarass and challenge Detroit's engineers.

11
bh42222 13 hours ago 1 reply      
YES!

Here is why this is great. As the industrial revolution was just starting up, many places in Europe banned this or that new labor saving invention - to preserve jobs. But not all, many others allowed the new machinery, this quickly forced all other to either also allow it or fall behind economically.

Back to Nevada, Google will now start moving cars there. I can't be the only who wants to sleep during the commute to work, people in Nevada will start doing that. At least some old people will use this, and then more and more as they see how great it works and grants them greater independence. Parents could start using it for their teenagers. It will save lives. How long before someone in Nevada starts an all driver-less taxi service?

This marks the beginning of an honest to goodness technological revolution, how often do you see that happening in one lifetime? And it's staring in Nevada.

12
darrennix 13 hours ago 1 reply      
I believe one of the most overlooked benefits of driverless cars is that it makes small-engine, low acceleration (high efficiency) cars acceptable for the American market. Most Americans are currently unwilling to drive a 1 liter engine car because of its no fun to drive, but if you are lounging in the back seat you won't care.
13
callahad 11 hours ago 1 reply      
Can anyone comment on the state of autonomous vehicles with regard to their ability to operate in mixed, human traffic? I would think that human drivers would be dangerously erratic and thus extraordinarily difficult to account for.

And what do you do, as a passenger, when your driverless car induces road rage in a human driver?

14
monkeypizza 7 hours ago 0 replies      
from an open letter to the French Parliament in 1845:

"We are suffering from the ruinous competition of a rival who apparently works under conditions so far superior to our own for the production of light that he is flooding the domestic market with it at an incredibly low price; for the moment he appears, our sales cease, all the consumers turn to him, and a branch of French industry whose ramifications are innumerable is all at once reduced to complete stagnation. This rival, which is none other than the sun, is waging war on us so mercilessly we suspect he is being stirred up against us by perfidious Albion (excellent diplomacy nowadays!), particularly because he has for that haughty island a respect that he does not show for us."

"We ask you to be so good as to pass a law requiring the closing of all windows, dormers, skylights, inside and outside shutters, curtains, casements, bull's-eyes, deadlights, and blinds " in short, all openings, holes, chinks, and fissures through which the light of the sun is wont to enter houses, to the detriment of the fair industries with which, we are proud to say, we have endowed the country, a country that cannot, without betraying ingratitude, abandon us today to so unequal a combat."

from "A PETITION From the Manufacturers of Candles, Tapers, Lanterns, sticks, Street Lamps, Snuffers, and Extinguishers, and from Producers of Tallow, Oil, Resin, Alcohol, and Generally of Everything Connected with Lighting."

source: [http://bastiat.org/en/petition.html]

15
chacha102 14 hours ago 2 replies      
I'm guessing that it will be really important to allow cops to disable autonomous cars, or at least force them to pull over and stop.

I'm really interested in how they will handle that issue.

16
phlux 15 hours ago 2 replies      
This should be a feature that one can enable should you have consumed any alcohol.
17
icey 15 hours ago 0 replies      
I can't wait to be able to buy one of these.
18
zaidf 4 hours ago 0 replies      
Anyone else think this thread may be linked to 10-20 years from now when this thing begins to take off?
19
allenp 14 hours ago 0 replies      
This could make road trips a lot more fun.
20
hollerith 12 hours ago 0 replies      
It would be more difficult for an innovation like driverless cars to get a start in a country like France where almost any change in the laws requires the involvement of the national government. (In the U.S., most legal cases, including the laws of the road and most serious crimes like robbery, rape and murder, are handled by the individual 50 states.)
21
Hawramani 14 hours ago 6 replies      
[Survey question] What are Google's options for monetizing driverless cars?
22
rmrm 6 hours ago 0 replies      
unfortunately I get car sick. A robot car means either extreme boredom or sickness, I cant look away from the road. But I will be happy to be the last human driver, surrounded by safe robot cars.
23
jarek 11 hours ago 0 replies      
My other driverless car is a subway
24
tejaswiy 13 hours ago 0 replies      
Come on guys, no William Gibson references yet? - "The future is already here " it's just not very evenly distributed."
10
Apple posts WWDC2011 session videos apple.com
70 points by st3fan  7 hours ago   27 comments top 4
1
cageface 6 hours ago 1 reply      
I consider these to be the real value of my $99 developer fee. The talks from last year were outstanding.
2
_pius 1 hour ago 1 reply      
Has anyone been able to find the sample code to go with these?
3
fullsailor 7 hours ago 4 replies      
"You need to use Safari to view this video." Grr.
4
kkowalczyk 5 hours ago 1 reply      
I think it's great and a big improvement over what used to happen (you had to either attend WWDC or pay astronomical amounts of money) but I still don't get why Apple insists on putting any kind of barrier between developers and information on how to develop on Apple's platform.

Microsoft makes the talks from their conferences, like PDC, freely available few days after the conference.

Google goes even further by live streaming some of the talks (as in this year's Google I/O conference).

Apple can't seem to break free from their "top secret, control freak" approach even when it doesn't seem to make any sense.

11
How the demands of a Stanley Kubrick led to two new cinematographic tools visual-memory.co.uk
22 points by redial  3 hours ago   3 comments top 3
1
Argorak 1 hour ago 0 replies      
While not built for his demand, Kubrick was also one of the first to use the Steadicam for full effect in The Shining.

I think he is a good example of someone who didn't want to settle with a "bigger horse".

I've seen his collection of film and foto equipment in the film museum in Berlin and it filled the complete main room of the museum. Kubrick was a true nerd for the technology he used, but usually used it for effect, not just for fun.

2
hristov 2 hours ago 0 replies      
This is one of the candlelit scenes Kubrik shot with those lenses.

http://www.youtube.com/watch?v=3c_dOMVXRhw

3
joshu 2 minutes ago 0 replies      
F/0.7!!??!! Wow.
13
Google switches GTalk's VOIP protocol to Jingle xmpp.org
134 points by sciurus  12 hours ago   34 comments top 9
1
senko 11 hours ago 0 replies      
The annoucement email itself: http://mail.jabber.org/pipermail/jingle/2011-June/001640.htm...

This is great news. Google has been one of the driving forces behind Jingle, but as they were implementing it far in advance of being standardised, the drafts/standards have since changed. Other implementations have to maintain support for several close but not quite the same dialects. Google updating their software will make interop much easier.

I've been somewhat critical of Google's attempts in this direction (http://senko.net/en/gmail-videochat-the-good-the-bad-and-the...), and I'm very glad to see I was wrong :)

2
pthatcherg 11 hours ago 1 reply      
My original email had more details:

We are pleased to announce that we have launched support for Jingle
XEP-166 and XEP-167 for Google Talk calls to and from Gmail, iGoogle,
and Orkut. We have also added the same level of support to libjingle
(http://code.google.com/p/libjingle), which is used by many native
clients. From this point on, it will be our primary signalling
protocol, and the old protocol will only remain for backwards
compatibility. We also plan to soon update Google Talk on Android to
speak Jingle, but we do not plan on updating the Google Talk Windows
application.

We suggest all clients that interop with Google Talk to switch to
using Jingle rather than the old protocol. We will remain backwards
compatible with legacy clients by continuing to speak the old protocol
as well. If you wish to continue working with legacy clients, such as
the Google Talk application for Windows, you may also wish to continue
speaking the old protocol. But the future is Jingle, and the old
protocol will eventually go away.

Finally, we are still working on implementing XEP-176 (ICE-UDP). In
the meantime, you'll need to use our draft-06 version of ICE, which is
implemented both in libjingle and in libnice, two open source
libraries.

I hope that this will be a support to the Jingle community and futher
our efforts to have open standards for voice and video communication.

3
kalleboo 50 minutes ago 0 replies      
I find it a real shame Apple have no interest in making their iMessages and FaceTime networks interoperate with XMPP and instead going their own way. We're going to end up with people on different mobile OSes hesitating to communicate with each other because they'll fall back on expensive SMSes (a network effect much like today with discounted in-network calling).
4
lenni 10 hours ago 3 replies      
Can iChat speak Jingle?

I just tried the combination of web-based Gmail <-> iChat and the web client can see that the iChat client has a camera and I can initiate a call but iChat never shows an incoming one.

If I go iChat<->iChat over Google's XMPP server I can make a call. Does iChat speak yet another incompatible video call extension if it used with an XMPP network?

Adium can't do AV either.... Can anyone recommend a OS X client? Video chat is currently the last thing that stops me from uninstalling Flash.

5
ComputerGuru 11 hours ago 1 reply      
I wonder why the Windows client will officially not be updated to Jingle? If it was just "not at the moment," they would have either kept mum or said so, but to actually say that it won't be updated..... that says a lot.
6
sthustfo 11 hours ago 2 replies      
Well, I am not sure why Google went with XMPP when the rest of the telecom and networking industry is gravitating towards IETF SIP as signaling protocol. There are so may overlaps in both of them in the sense that they use the same components such as SDP and ICE. Can anyone from Google or otherwise throw some more light on

- Why Google prefers XMPP over SIP
- In what areas XMPP is better that SIP

I am not stating that one is better than the other, but would like to understand the core differences and advantages.

Also with Google moving on with XMPP and other major vendors converging on SIP, where do you see the inter-operability issue heading towards?

7
illumin8 11 hours ago 1 reply      
I wonder what impact this will have on 3rd party devices like the great Obihai that interface with Google Voice?

http://www.obihai.com

8
sciurus 10 hours ago 0 replies      
For information on support in GNOME's Empathy IM client and on Maemo/MeeGo, see http://blog.barisione.org/2011-06/broken-gtalk-calls/
9
JacobIrwin 6 hours ago 0 replies      
Google Translate integrated with Jingle could/will be a joy to use.

I would love to talk to a college student in Greece about the local economic sentiment over VoIP.

14
How to program independent games the-witness.net
89 points by teamonkey  10 hours ago   5 comments top 2
1
aashay 7 hours ago 0 replies      
As someone who is (usually irrationally) paranoid about optimization, I found this talk to be inspiring. Also, Braid was by far one of the most wonderful gaming experiences I've ever had. So for that, thank you Mr. Blow.
2
MetallicCloud 3 hours ago 2 replies      
An excellent talk, but the thing that I disagree with is his defense of having functions with thousands of lines of code in them.

It's true that breaking up a function into smaller ones just for the sake of it doesn't make sense, but if you have a function that needs to be over 1000 lines in the first place, it makes me think that the code wont be very reusable in future projects.

15
We Spent $1,138 on Facebook in 6 Days: Numbers and Lessons Learned signnow.com
95 points by shanecox1  10 hours ago   44 comments top 13
1
patio11 1 hour ago 2 replies      
I don't exactly want to hijack the thread, but let me present an idea of how one could burn $1,000 if one wanted to do it for promotion.

Step 1: Install Wordpress. Good, already done.

Step 2: Create a big ol' list of keywords which you think are relevant to your business. For example, [sign contract online], [sign document online], [sign contract with iPhone], [sign contract with Blackberry], etc etc. This doesn't cost anything more than your time.

Step 3: Design a template which, given a particular keyword, includes a few hundred words of content about the keyword and also acts as a landing page for your service. I'm assuming this is effectively free for most of us on HN. The last time I did it it required copy/pasting one file in Wordpress and then five minutes of hacking the PHP to do what I wanted it to do.

Step 4: Write between 50 and 100 of these, depending on how you get them done. This is what costs the $1,000, since you're probably going to zone out after doing this five times, write up the process, and then hire the rest out to freelancers.

Predicted results: on average, depending on query volumes, you're going to pick up a handful of hits for each page every month for life. So instead of having 1,400 clicks once, you'll get somewhere on the order of 400 clicks a month for forever. And instead of them being someone who was just gawking at a pretty girl in Chemistry class or poking their sheep while farming virtual cabbage, it will be someone who is right now trying to solve a problem which is costing their business money.

And if you have $2,000 to spend? It scales right on up.

And if you're savvy about how you do this? Suffice it to say that the MVP of this project gets you a wee little asset to build a business on, and implementing this strategy in a really effective way can basically carry a business on it's back. This is not limited to bingo card publishing empires, trust me.

2
Silhouette 9 hours ago 5 replies      
Am I missing something here?

The author seems pleased with the results, but as an outsider who isn't familiar with his company I see an ad campaign that cost over $1,000, achieved clickthroughs well under 0.1% despite targeting, and does not appear to have resulted in any measurable benefit at all. There are some comments at the end of the article about how Facebook is great for brand awareness, but there doesn't seem to be much evidence of that in the numbers.

If I were looking at ways to spend advertising budget for a new company (oh, wait, I am looking for...) then this seems like a pretty compelling argument for not wasting money on Facebook ads.

3
mcdowall 9 hours ago 3 replies      
So essentially $1100 for ~600 likes, I certainly wouldn't be happy with that return. It's an informative piece but I think your summary is a bit off regarding the campaign a success generally.

I think by simply joining Facebook groups in this sector and engaging with the group you could've achieved 600 likes in the same timescale and saved yourself the money.

4
aantix 9 hours ago 1 reply      
I took a look at their ads and still do not have a clue as to what SignNow is about. Still scratching my head as to what they were advertising..
5
dcosson 4 hours ago 0 replies      
Looks like they didn't really get enough traffic to do this (and idk how easy it is to do with FB and google analytics) but it would have been interesting and probably smarter to also measure each ad's effectiveness by how many conversions it led to on their site rather than just click-throughs to the facebook page. With their "most successful" ad they spent ~$500 to have a bunch of 21-year-olds click on a picture of beer that says nothing about what they do - I doubt these people will respond to a future marketing campaign any better than a random set of the population.

In any case, the analysis was interesting enough to make the front page of HN, which I'm betting will bring them a lot more than 139 visits. So well done with that.

6
kposehn 8 hours ago 1 reply      
Great experiment! Glad to see you got some engagement.

As someone who has run FB ads since the beginning though, I would disagree with one thing: in my experience over the years, people are ok with leaving Facebook, so long as you have a very nice, clean, easy to understand page with a clear value proposition.

My suggestion going forward is this:
1. Take each winning ad and make 3 more variants.
2. Take each interest you were targeting, make a separate campaign for each.
3. Place all variants of your winning ads in each campaign.

The purpose of this is to find which actual interest is responding to your product. Once you find that out, refine it again by breaking up location, age, gender, education, etc.

Get really granular over time. The end result is very good ROI and a solid way of making money on FB :)

7
alanlewis 9 hours ago 1 reply      
And now the post on HN about the ads will generate far more impressions for SignNow than the ads did.
8
iworkforthem 5 hours ago 2 replies      
Most would agreed that campaign did not performed, instead aim to achieve CTR > 1% and Bid < $1.

Facebook ads is used widely by affiliate marketers, you could spend some time on blogs like MrGreen ( http://stackthatmoney.com ), or affiliate marketing news aggregator ( http://affbuzz.com )

I would change the following if my objective is to get more likes & users.

- Target person, i.e vc, developers, etc instead.

- Limit and test the age groups.

- Target Tech events.

Bids will be cheaper & CTR will be more targeted. If it is not CTR, KILL it. Personally I like what you are doing at signnow, much easier to use than those I used when opening up my trading account.

Maybe you want;

- Add the Facebook icon or something to link to your Facebook page in your website.

- I am kinda of surprised that there's no YouTube explaining signnow, considering doing a hipmunk-like video explaining what signnow does.

- If you have existing customers, do a video case study what it does your customers and how signnow could come in handy in other industries or applications, etc.

9
ulvund 7 hours ago 0 replies      
This looks ridiculously expensive for such low traffic numbers for a free app
10
rickmode 7 hours ago 1 reply      
Regarding the ad the worked best, I couldn't tell what the heck the image was, and I'm curious - the image was interesting. Looks like a spiral of some sort. (I didn't see it as a stack of beer until I looked back after reading what it was.)

I suspect the higher click-through rate was more about curiosity about the image.

11
brianjolney 8 hours ago 1 reply      
a point for improvement: facebook's auction system is quite aggressive in picking its favorites. Having that many ads in one campaign, especially one with such a low daily budget, will cause one to get nearly all the impressions and take over.

You also can't stop ads after only a thousand or so impressions. Let them run for 50k+ before cutting, as an ad that performs well will take a decent amount of clicks for the bid to fully come down.

12
g0atbutt 9 hours ago 1 reply      
Site is down. Does anyone have a mirror?
13
mchusma 8 hours ago 0 replies      
servers upgraded, sorry about any slowness.
16
SocketStream: a real-time web framework for Node.js github.com
109 points by philipDS  12 hours ago   34 comments top 14
1
silentbicycle 10 hours ago 3 replies      
Do people not realize that "real-time" actually means something specific, you can't just claim something is "real-time" because it's fairly fast?

Nothing against this project, specifically, but I've seen this a lot lately (especially among Javascript programmers).

2
TrevorBurnham 8 hours ago 0 replies      
Really cool to see another Node framework that uses CoffeeScript. SocketStream joins the likes of:

* Brunch: http://brunchwithcoffee.com/

* Zappa: https://github.com/mauricemach/zappa

* Coffeemate: https://github.com/coffeemate/coffeemate

Of course, SocketStream's use of websockets to deliver all content (after an initial payload) is a very different, very opinionated approach. I also like the look of API namespacing, which allows client and server code to be structured analogously without having to use `requires` at the top of every file (one of Node's weaker points, as Ryan Dahl would be the first to tell you). It all sounds very well thought-out, and I can't wait to see where this framework goes from here.

3
fdiotalevi 10 hours ago 1 reply      
Just seen the live presentation in London and it really looked interesting, even if really in its early stage.

Two demos available so far: https://www.socketracer.com and http://ssdashboard.com.

Also interesting that AOL is officially putting money in the project, and with the intention to keep it under the MIT license.

4
aashay 8 hours ago 0 replies      
> So how secure is SocketStream? Well, to be honest - we just don't know. The entire stack, from Node.js right up to the SocketStream client is brand new and no part of it is claiming to be production-ready just yet. So for now we recommend using SocketStream internally, behind a firewall.

I must say, I'm excited for this to become more robust, but I appreciate their candor in telling me why I shouldn't use it in production yet. Back to old fashioned socket.io I guess (or maybe NowJS).

5
gokhan 11 hours ago 0 replies      
"SocketStream is kindly sponsored by AOL."

Interesting.

6
revorad 8 hours ago 0 replies      
Just seen this demoed at the HN London meetup and it looks really cool. I'd read about how having the same language on the client and server is nice. But seeing someone live debugging the same code on the client and server was really eye opening. Kudos to AOL for funding this.
7
bascule 1 hour ago 0 replies      
"Effortless, scalable, pub/sub baked right in"

I was curious how this system scaled beyond one node and thus a single point of failure. I then saw it used Redis. Hooray, they relocated the single point of failure.

But hey, Redis is really really fast, right? That's definitely within the spirit of node.

8
philipDS 12 hours ago 1 reply      
"Note: SocketStream will be announced at the Hacker News meetup group in London on Thursday 23rd June. We'd appreciate it if you don't tweet/blog/post about it until after the announcement. Thank you."

I read about it on Twitter from a socket.io contributor, so I guess it's safe to publish this.

[edit] here's a racing game demo, powered by SocketStream: https://www.socketracer.com. Impressive

9
mythz 10 hours ago 0 replies      
Looks like a fantastic framework! with the best handpicked choice of technologies in one basket, really looking forward to using this!
10
MatthewPhillips 11 hours ago 1 reply      
> SocketStream automatically compresses and minifies all the static HTML, CSS and client-side code your app will ever need

Even while I'm developing?

11
robertfw 10 hours ago 0 replies      
Really excited to start playing with this. I've been hoping for a more socket focused framework that meshes well with the node style
12
invisiblefunnel 10 hours ago 0 replies      
Well done README. I certainly appreciate that.
13
wildmXranat 8 hours ago 0 replies      
Very interesting.
14
antrover 11 hours ago 2 replies      
Coffee Script. Geez. This is interesting, but too bad for the use of Coffee Script. Yes, I realize I could convert all the files to .js and be a happy camper.
17
Counterpoint: 200,000 apps is what they want 37signals.com
55 points by joshuacc  8 hours ago   12 comments top 6
1
kenjackson 5 hours ago 1 reply      
As I'm sure Jason knows -- the iOS app store actually has over 400,000 apps. But at 200,000 was it a poor shell of its current self?

The problem with Mac vs PC in the old days was threefold:

1) Device drivers

2) Enterprise LOB apps (think VB)

3) Games.

These three concerns actually probably played a much larger role than app availability in the mid-90s. Apple stagnating the late 90s made it a no brainer. But now with OS X (1) has been knocked off the table. Notice no one talks about the much larger PC app ecosystem. Because it really doesn't matter once you get beyond a reasonable number of apps on the platform.

For this reason, I have no problem recommending a phone based on how well it nails the basics. My MIL has no clue what Color is, nor will she likely ever miss it.

2
sdizdar 1 hour ago 0 replies      
I have this weird vision that apps (and apps stores) are just a temporary solution for current lack of fast wireless connectivity and not so strong CPUs in mobile phones. I believe that in 3 years from now, apps will be so passée...
3
Terry_B 4 hours ago 1 reply      
Surely, it's a case of each person only having 10 or so apps that matter to them, but it's kinda a different 10 for everyone.

Like the old, 80% of users only use 20% of the features. But it's a different 20%.

4
jswinghammer 5 hours ago 0 replies      
I tend to be on the "MORE APPS" side of this discussion.

I like apps and in particular I like games. I spend a decent amount of time on the train every day standing up so reading would be unpleasant for me. I listen to music or play a simple game while I ride to pass the time. The people who produce those games provide me a real service.

5
dools 3 hours ago 2 replies      
But Nokia have an app store, and there are plenty of apps on it. I bought apps from the Nokia store and some of them I use everyday. s2putty, the app I used the most, is free (and a million times better than anything you can kludge on iOS).

Apps are better on Symbian than they are on iOS they're just not as shiny.

6
Steko 3 hours ago 0 replies      
I think the main problem with the original argument is that apps aren't just "things you might use every day or never".

For the app consuming community most of the apps we get are cheap/free impulse buys that are never meant to be anything more than tiny bits of consumption, no different from that book, magazine or toy which people bought to amuse themselves during the boring parts of life. Life goes on without them but it sucks a little less with them.

18
Tampermonkey: Greasemonkey for Android android.com
3 points by there  29 minutes ago   discuss
19
Grubwithus (YC W11) Launches In Boston bostonherald.com
24 points by nikhilpandit  5 hours ago   discuss
20
Porting Node to Windows With Microsoft's Help nodejs.org
171 points by icey  16 hours ago   58 comments top 10
1
krmmalik 13 hours ago 2 replies      
This is great news, i cant upvote this enough. Ever since learning what Node is, its always excited me.

I'm only into part-time/hobby development and so havent been able to justify spending the time (or the money) to do a Unix based OS setup for this, since all my machines run Windows.

With a node executable and native Windows support, it means i can have a dabble more often, which could lead to completion of a real project, even if im only working on it part time. I think for that reason alone, it will increase adoption of Node many fold. Not that i have anything against Apache, but it might just get unseated as the hobbyist's first choice as multi-platform web server (assuming its still on the top spot. I havent used it in ages).

I just hope it doesnt get restricted to the Windows Server family of OSes. I did a quick dig, and can see Windows 7 supports IOCP, so i'm hopeful.

2
vyrotek 15 hours ago 1 reply      
Ooh, node on Azure. Finally a good excuse for a .Net guy like myself to finally play around with Node.
3
iamelgringo 10 hours ago 0 replies      
(Node.js Windows server side) + (HTML5 + javascript + CSS on Windows 8 native ) == really really interesting
4
kenjackson 15 hours ago 0 replies      
Nice. The first time I heard a node.js talk my first thought was, "shouldn't be too bad to implement with IOCPs". Glad to see it happening.
5
boneheadmed 11 hours ago 1 reply      
I got node.js to work on Windows XP via Cygwin about 4 or 5 months ago. Here are some useful links:

- Building node.js on Cygwin (be sure to RTFM regarding which version to build).
https://github.com/ry/node/wiki/Building-node.js-on-Cygwin-(...

- helpful comments on StackOverflow - in particular running the obscure ash.exe and doing rebaseall seemed to help
http://stackoverflow.com/questions/3360948/compiling-node-js...

- self-contained windows binaries of nodejs - I did't try this, but seems like it could save some headaches
http://node-js.prcn.co.cc/

6
Flenser 15 hours ago 4 replies      
Surprised that Microsoft would support V8 as a server side JavaScript engine instead of doing something with Chakra.
7
iambot 16 hours ago 2 replies      
thats great, funnily enough loving working with node, is one of the things that pushed me over the edge and made me buy a mackbook pro, sick of having to deal with cygwin on windows. but this is good news, albeit too late for me.
8
moomin 15 hours ago 2 replies      
Now tell me they're writing a SQL Server driver, and I'll be very interested...
9
baconner 15 hours ago 3 replies      
Overblown .net developer panic in 3...2...1...
10
gord 9 hours ago 0 replies      
Open Source Node.js on Windows using IOCP = great

M$ involved in any way with Joyent and/or Node.js = really bad idea

21
Study finds web trolls get a feeling of abandon similar to drunks news.com.au
21 points by nreece  5 hours ago   7 comments top 3
1
mattgreenrocks 4 hours ago 0 replies      
The best way to shut these people down is not to give them an outlet. Few people seem to step back enough from the problem to ask, "do we need comments?" Rather, it ends up being yet another half-assed feature that usually adds intellectual and visual noise to a page.

But, hey, it drives visitors to return, so it has to be good, right?

2
olalonde 4 hours ago 1 reply      
> "People believe the myth that they can say things that ordinarily they wouldn't be able to say just because they are online."

Is it really a myth?

3
parallel 2 hours ago 0 replies      
I don't think the concept of contributing anonymously is necessarily a bad thing. Your online personality might be polite and contribute positively where as your real world personality might very shy and unable to participate in discussions at all.
22
Card.io - fast and easy mobile credit card scanning card.io
138 points by davidedicillo  15 hours ago   52 comments top 13
1
socmoth 14 hours ago 6 replies      
(Full disclosure, I'm a stock holder in Square)

There are two good reasons Square doesn't do this that I can think of off the top of my head.

First, CNP vs CP card processing rates. http://en.wikipedia.org/wiki/Card_not_present_transaction

Every credit card has the CC number encoded in to the back of the card, but in addition to that, it has a couple bytes of extra information. That extra information qualifies the merchant for a lower processing rate if they SWIPE the card. That means, when you take a picture, you are paying closer to 3.5% instead of 2.75% for every transaction. (rates quoted are square's cp vs cnp rates)

Some merchants are extremely sensitive to this, other aren't. The larger a merchant is, the more likely they are going to care. On the other hand, no merchant wants to lose a sale, 3.5% of a sale is still better than 100% of a lost sale.

The other reason is based on UX. It feels really weird to have someone take a picture of your credit card using their cell phone. The apps that use this technology might be doing anything with that image.

Otoh, more people should take credit cards!

(edit: Sidenote, Square considered doing this before the swiper was invented, during the very first month or so. Doesn't mean it is a bad idea, just that Square moved away from it in favor of a swiper.)

2
mmettler 14 hours ago 2 replies      
Hi gang, this is Mike from card.io.

socmoth, CrazedGeek, and tbgvi are right that this is considered a CNP transaction and rates are higher. However, our focus is on mobile developers, not retail merchants. By taking friction out of the mobile checkout flow for those developers (because customers don't have to type out their cc number), conversions are higher, and thus revenues are higher.

Regarding the user experience: folks are used to scanning barcodes with RedLaser, business cards with CardMunch, and checks with PayPal and the Chase mobile app. If we can make credit card purchasing easy and fast on the phone, that's a good user experience.

Thanks for the feedback!

3
gregschlom 14 hours ago 0 replies      
Interesting. I was talking about this idea 2 weeks ago with some friends. Here in France Square doesn't work since only chip cards are accepted, not magnetic stripe cards. So card.io could have a greater market penetration worldwide than Square.
4
marcamillion 13 hours ago 2 replies      
This looks awesome. One thing I could see becoming an issue is in your best case scenario.

Say things are wildly successful and people come to expect that merchants will be taking a pic of your credit card with their phone. So you easily hand over your card to some random person to take a pic of it - assuming they are using Card.io.

However, what is to prevent nefarious people from just taking a pic with their own app or their own camera ?

So what would be good would be if there is some way to indicate (quickly) to the cardholder that the user is actually using Card.io to take the pic, rather than the Camera app - so they are not paranoid about people stealing their numbers.

Maybe turning the flash light red (is that even possible?) or something subtle that is a unique indicator that Card.io is being used and not some other app.

With Square, it is that little dongle - although I know that once Square gets big enough and the incentive gets large enough for people to create knock-offs of that dongle, I think it's much harder than say using a Camera.

Otherwise, awesome app.

5
jarin 14 hours ago 1 reply      
This looks even smoother than Square, but I'm curious to see how it handles credit cards with the silvery ink worn off of the numbers, or cards with complex graphics on the front.
6
modeless 11 hours ago 0 replies      
Can you scan the back to get the CVV2 code? All the information you need from the front is embossed so you can read it on the back too.
7
dave1010uk 10 hours ago 0 replies      
When I buy stuff online then I always make sure the browser's sending data over HTTPS (both on my mobile & desktop). I don't think I'd trust a 3rd party app to safely store and transmit my credit card data. Even non-technical people know to "look for the padlock". Have there been any usability studies to see if users are happy scanning their card from an app?
8
kyleslattery 11 hours ago 1 reply      
I'm a little unclear on this--does Card.io handle the payment processing too, or just the card capture itself? If they don't handle the payment processing, how does the card number get passed along?
9
pud 11 hours ago 1 reply      
Constructive criticism: This is an example how how the illusion of a beautifully designed, professional-looking site is easily burst by an amateur how-to video.
10
jvandenbroeck 13 hours ago 2 replies      
Looks pretty cool, but wouldn't apple screw you? I don't think they'll like this, they want users to buy with the app store.
11
pclark 13 hours ago 0 replies      
How reliable is this? I can barely read my american co-founders credit card numbers on his card.
12
brevityness 3 hours ago 1 reply      
Gaaahh! Shaky camera action!
13
baconface 14 hours ago 2 replies      
Is anyone aware of any direct competition in the credit card "scanning" space?
23
Tech journalists who make no sense 37signals.com
137 points by wlll  14 hours ago   34 comments top 14
1
JackWebbHeller 14 hours ago 3 replies      
I'll give David credit where it's due - Rework is an excellent book, ROR has a great fanbase, and 37Signals products are generally very well executed.

However I find myself paying little attention to anything he says because it's all just so negative. I unfollowed him on Twitter because I just found every single one of his tweets to be criticising someone else or someone else's business. There's only so much negativity you can take from one person. </2¢>

2
wccrawford 14 hours ago 7 replies      
You know what's awesome? That the journalist makes perfect sense to me. This guy is just apparently not the target audience.

First off, the more data that Salesforce controls, the better they have locked in their customers... Or the more customers they have. I pity anyone who uses Salesforce and decides to leave for greener pastures. It would be a bloody nightmare.

The second clip talks about using social networking to learn more about their customers and increase retention. Not that mystical.

The third throws some buzzwords, sure, but it also warns people that not everything that's called a 'cloud' is actually a 'cloud'. In other words, some services behave like you expect 'cloud' services to (insane uptime and rendundancy) and others don't.

3
saraid216 14 hours ago 2 replies      
"Beware of false clouds" is my favorite line. It should continue, "They come to you with miracle solutions, but inwardly they just want your money."
4
taylorbuley 14 hours ago 0 replies      
I'm a programmer and former technology staff writer at Forbes.

For what it's worth, this guy isn't a tech journo

5
BasDirks 14 hours ago 0 replies      
This concept uses social media to gain knowledge of internal activities and externally about customers to ultimately help increase customer loyalty and foster interaction between employees and between the company and its customers.

Reminds me of psychotic speech patterns.

6
Deestan 13 hours ago 0 replies      
I've found that you can just keep shoving marketing bullshit through badtranslator[1] until the message becomes clear:

> Salesforce.com remains a stock with much upside, according to analysts at RBC Capital Markets, as the company continues to control larger quantities of customer data and leads the way to a post cloud world.

becomes

> Royal Bank of Canada investment of foreign customers, Salesforce.com (NYSE).

[1] http://www.cheatingtranslators.com/bad-translator

7
RyanMcGreal 12 hours ago 0 replies      
A lot of tech journalism looks like it was written with a markov chain generator.
8
cgart 14 hours ago 0 replies      
I completely agree with that blog post. We are currently in the process of bootstrapping a web project http://bebbl.com and got some echo from the local media. From all the media coverage we recieved there was only one journalist who was able to write about our project correctly. All other either just copied text from others or were not really able to get the idea right.

I suppose the problem for them, is that they need to produce something really fast and have no time to go deeper into the field.

9
scorpion032 10 hours ago 0 replies      
Irregardless of the synergies we find when enhancing our “web 2.0” ubiquitous utilization, enterprise-quality, shovel-ready progressive monetization schemes, we cannot eschew obfuscation assiduously enough.
10
roedog 12 hours ago 0 replies      
I agree there is bad reporting and in his example the bad editing that let the story though. I'm interested in hearing where other people find good reporting.
11
wlll 14 hours ago 0 replies      
"I'm sure all fields have terrible reporting, but the shit that's coming out of the tech world must be eligible for some sort of cake."
12
car 8 hours ago 0 replies      
Kudos for telling it as it is.
13
darwinGod 6 hours ago 0 replies      
I choked on my morning tea when I lol'd reading this.!! :-/
14
yumraj 11 hours ago 1 reply      
Add Cringley to the list, who claims (or rather thinks at: http://www.cringely.com/2011/06/intercontinental-ballistic-a...) that Apple's App store will eliminate software piracy.

If only the world was so much simpler :)

24
Should I Change My Password? shouldichangemypassword.com
135 points by jamesjyu  14 hours ago   74 comments top 20
1
gst 10 minutes ago 0 replies      
If you share your password across different sites: Yes - you should change it to a non-shared password. There are plenty of password managers that can store randomly generated passwords for you. And if you don't like that there's also PwdHash, although this is less secure as someone might be able to compromise your master password.
2
aw3c2 42 minutes ago 0 replies      
Terrible interface. I entered "password" and it told me "It looks like your passwords may be safe. No instances of compromise are recorded in this database. However, it's good practice to change your critical passwords regularly and ensure they are not re-used across multiple sites."

Why did I not enter an e-mail address like the light text in the input box says? Well, I let myself mislead by the header image.

3
mmaunder 17 minutes ago 0 replies      
Thanks. I think you just saved me some hassle. Pretty sure it was compromised in the perlmonks hack.
4
jplewicke 12 hours ago 2 replies      
It'd be cool if they added an option to subscribe for $10/year for a quick SMS and email notification if your account is compromised. I'd get it for myself and my family.
5
bryanalves 13 hours ago 3 replies      
Can't this entire site be replaced with:

<html>
<body>
<h1>YES</h1>
</body>
</html>

6
JeffL 13 hours ago 3 replies      
Please tell me I didn't just accidentally give my email to a Spam list.
7
phlux 12 hours ago 4 replies      
so, can someone answer this for me?

I have a personal domain on google apps. The login ID is different than the email address I use/advertise.

e.g. my username for login is first-initial+last-name@[domain].com

But the email address I use for everything on that account is first-name@[domain].com

This service states that my account was compromised on 12/12/2010 most recently at the first-name@[domain].com though you could not login to my account with that email address...

So - how valid is such a check. Also - without it showing what information it is checking against, it feels really spammy. as if they are asking you to enter your email for a "check" knowing that you will enter a valid email - then they harvest the email as valid for spam.

8
VMG 14 hours ago 2 replies      
The site should treat @gmail.com and @googlemail.com as equal. I found my leaked MtGox mail address for one variant but not the other.
9
encoderer 8 hours ago 0 replies      
I guess extreme caution is good. But saying to somebody Your email, username, and password have been compromised" strikes me as a little sensational.

Granted, the average user doesn't need to know or understand the vagaries of password hashes. But if somebody reads this, they should think "OMFG somebody can login to my email account!" I mean, that's exactly what it says. But there's no legitimate reason to believe that.

Moreover, if you look at MtGox, Google locked every account on that list and forced people to change their passwords. But if you're Joe User looking at this today, are you going to connect the dots enough to see that yes, you WERE in a data leak, but then you changed your password, but this site just didn't know about it and is informing you only of the leak?

10
Scorponok 13 hours ago 2 replies      
My first thought was that this would have fields for me to enter my email address and password, under the pretense of "we will test your password to see if it's secure". Wonder how many people you could get with that...
11
bluehex 10 hours ago 0 replies      
I wish I could query using a hash of my email address.
No matter how much their FAQ says they won't use the email for anything but a "single database query" It's hard to trust anyone. Even if this site is legit (I think they probably are) this would be quite the front for a spammer to collect addresses.
12
mahyarm 2 hours ago 0 replies      
It would be nice if it also did username+.*@gmail.com searches for us who use the feature to make spam email addresses.
13
user9756 14 hours ago 2 replies      
Am I the only one that feels uncomfortable with these kind of sites?

Anyway, I tried "abc124" and received: "It looks like your passwords may be safe. No instances of compromise are recorded in this database. However, it's good practice to change your critical passwords regularly and ensure they are not re-used across multiple sites."

14
Kwpolska 13 hours ago 0 replies      
Useful, even if I thought I'd see a big-ass "YES" and nothing else.
15
viraptor 10 hours ago 1 reply      
Strangely, the exact moment I received the email from mtgox, gmail told me I have to change the password. I wonder if they had a trigger for that message, or did someone really try to access my account (different password, so very unlikely)
16
wccrawford 14 hours ago 0 replies      
Here, let me save you some time:

If you're asking, then YES. You should change your password.

Edit: I get what this is doing, and it's a neat idea... But the answer is still always YES if you ask that question.

17
knotty66 12 hours ago 1 reply      
Find the MD5 of your password and Google that.

Plenty of sites still store an unsalted hash in the database and these are often compromised.

If your hash turns up in a rainbow table in Google's index, definitely change it to something more secure (longer, more symbols).

18
lostbit 12 hours ago 0 replies      
Sources are mentioned in the FAQ and top page: https://shouldichangemypassword.com/sources.php

It's checking the e-mails on those databases.

19
hogu 12 hours ago 1 reply      
I was confused be cause I typed "password" into that box and it told me I was safe.
20
kosei 11 hours ago 0 replies      
Privacy policy?
25
Echoprint: Open-source music fingerprinting echoprint.me
185 points by chl  18 hours ago   51 comments top 15
1
a3_nm 15 hours ago 1 reply      
I'm a bit confused by the database license. Why do you want people to contribute additional data specifically back to you, rather than requiring them to release it under a compatible license which would allow you to incorporate it if you wish? This is substantially different from usual copyleft licenses.

As an example, notice that Wikipedia does not require people to send modified articles back to the Wikimedia Foundation, or to allow them to use the data as they see fit (this is clause D. 3. d. in your license). They just require people to contribute under a copyleft license, and they can thus incorporate derivative versions published elsewhere if they want. This is nice because it ensures that the Wikipedia content can be useful even if the Wikimedia Foundation disappears.

Anyway, awesome work, congrats!

2
chl 17 hours ago 2 replies      
Given how threat-, or, let's say, notification-happy Landmark was just a while ago [1], does anyone have an idea regarding the patent situation? Is this implementation different enough to be considered (reasonably) "safe"?

[1] http://www.redcode.nl/blog/2010/07/patent-infringement/

3
megamark16 18 hours ago 1 reply      
This is really amazing, and I can't wait to see all of the possibilities it opens up now that people can create their own databases. I'm tempted to set up an app to fingerprint and dedupe all of the music spread out throughout the network here at work.
4
JonnieCache 17 hours ago 0 replies      
Echonest are some cool people. Their earlier APIs enabled the illustrious although sadly now defunct http://www.donkdj.com which was done by a classmate of mine as a project for a Generative Creativity course we did at uni.

Looks like their research has taken them a lot further!

5
brianwhitman 18 hours ago 5 replies      
if you have any questions, let me know. we're very excited about this!
6
stevenp 13 hours ago 0 replies      
This is huge. I've been mulling some ideas for awhile that would require music fingerprinting, but I've always been too overwhelmed by the available options, from a licensing and implementation standpoint. I can't wait to play with this!! :D
7
natch 16 hours ago 0 replies      
I'd love to see a project where the data is MIT licensed too, not just the code.
8
regomodo 10 hours ago 1 reply      
A very interesting project. I've whipped up a little test program(https://github.com/regomodo/handy_scripts/blob/master/echopr...) in Python and found either the codegen or echonest to be a little buggy. Daft Punk fingerprints come back with some very unusual results. http://pastebin.com/8Tfvd0SZ
9
caf 18 hours ago 3 replies      
Why aren't the fingerprints in the database covered by the recording copyright on the song that they were derived from?
10
denimboy 12 hours ago 0 replies      
I think the fingerprinting part is similar to pHash: http://www.phash.org/ but echoprint is more focused on music and they are building a database of fingerprints.

I think pHash also has functions for fingerprinting music but might not be as precise since pHash is not strictly focused on music.

11
jbrennan 16 hours ago 1 reply      
Looks incredible! One note though, the page seems to partially break for me in Safari on the Mac (the sidebar overlaps onto the content as I scroll horizontally).

But the tech looks incredible. Good work for releasing this!

12
paulnelligan 17 hours ago 2 replies      
How is this different from Shazam?
13
brianwhitman 17 hours ago 0 replies      
for more on the whys, here is the EN blog post: http://blog.echonest.com/post/6824753703/announcing-echoprin...
14
highace 17 hours ago 0 replies      
Woah. This is going to be massive. The amount of things that could potentially be built on top of this is scaring me.
15
paisible 17 hours ago 0 replies      
Holy balls you guys are awesome for releasing this.
26
How An Introverted Engineer Came Out Of His Shell To Lead Mozilla fastcompany.com
10 points by mbrubeck  3 hours ago   discuss
27
A First Step Toward a Prosthesis for Memory technologyreview.com
4 points by jcr  1 hour ago   2 comments top 2
1
jcr 1 hour ago 0 replies      
This is a bit of a dupe, but it's the best written general article
I've found so far on this new research. Sure, it's very early work, but
it seems very promising and potentially very important.

More information can be found on the USC website:

http://www.viterbi.usc.edu/news/news/2011/restoring-memory-r...

You have to sign up for a "free" account (no confirmation email) but you
can download the paper here:

http://iopscience.iop.org/1741-2552/8/4/046017

2
D_Alex 1 hour ago 0 replies      
I want one. Pre-loaded with memories of Marilyn Monroe.
28
Q: Why can I access an out-of-scope C++ var? A: So you rent a hotel room... stackoverflow.com
391 points by sutro  1 day ago   95 comments top 12
1
yaakov34 23 hours ago  replies      
I say this as a C++ programmer (C++ is essentially the only choice in the domain in which I currently work), but this really underscores how unreasonable C++ is for writing secure/high reliability applications. On the one hand, the compiler will curse you out for trying to use a non-const iterator in a const function (sheesh, what kind of an idiot are you, anyway)? On the other hand, you can read and write to every bit of memory allocated to your application, and it will stand by and do nothing. I think the number of applications which had buffer overflows at least at some point is statistically indistinguishable from 100%.

Try this hotel analogy: you go to a hotel in which you once stayed, and tell them that you're going to dump every bit of possessions and furnishings in all the rooms outside on the street, rifle through them, set them on fire, then photograph all their guests in the nude and distribute the pictures. Most hotels will object. C++ won't.

2
solutionyogi 1 day ago 2 replies      
Eric Lippert is a prolific writer and is amazing at explaining anything related to computer programming. His blog is a MUST read for every .NET developer: http://blogs.msdn.com/b/ericlippert/

I also follow Eric's activity on SO here:

http://stackoverflow.com/users/88656/eric-lippert?tab=activi...

Some of his answers which I liked:

http://stackoverflow.com/questions/2704652/monad-in-plain-en...

http://stackoverflow.com/questions/921180/how-can-i-ensure-t...

http://stackoverflow.com/questions/5032081/coding-style-assi...

He is on HN as well:

http://news.ycombinator.com/threads?id=ericlippert

3
codexon 1 day ago 7 replies      
I'll probably get downvoted, but I think elaborate real-life analogies like this are more likely to confuse novices than help them.

A better explanation in my opinion is to draw a diagram of a stack and showing that returning from a function just decreases a pointer. C++ programs don't scrub the top of the stack once you finish a function because it is a waste of time.

If another function was called before the 2nd call to foo(), then the variable on the stack would be overwritten.

4
city41 19 hours ago 1 reply      
Eric Lippert was one of the highlights of working at Microsoft. He was (and I'm sure, still is) very active on the internal C# mailing list. His answers are always very entertaining to read. He has a smugness that is deserved and not irritating (mostly :)), and inside the walls of MS he turns that smugness up quite a bit higher.
5
wheels 1 day ago 5 replies      
Local variables in C and C++ are just put on a stack (i.e. the stack) and its behavior is pretty predictable. For example:

  #include <stdio.h>

static int *foo(void)
{
int i = 42;
return &i;
}

static int *bar(void)
{
int i = 43;
return &i;
}

int main(void)
{
int *f = foo();
/* with next line commented out prints 42, with it, 43 */
bar();
int i = *f;
printf("%i\n", i);
return 0;
}

Until you've made another function call that reuses that space on the stack you'll almost certainly still have valid values when accessing those local variables by address. Things are a bit vaguer in C++ where those variables may be objects which have destructors which have already been called.

Edit: Made it predictable, per caf's (correct) comment by adding:

  int i = *f;

6
jamesgeck0 18 hours ago 0 replies      
I had a roommate in college who would write code like this. I (and several other people) tried to explain to him that he couldn't necessarily count on the pattern working all the time. His response was to say, "But it works here!" and continue abusing C++'s undefined behavior.

I stopped giving him help with his CS coursework in fairly short order.

7
briandoll 1 day ago 0 replies      
Great analogy and well written. We often see attempts at this style of explanation, but we usually fail at one or both of those qualities.

While I wish I saw more of this style of teaching in technical publications, it's admittedly rarely done well enough to convey the point.

8
dools 1 day ago 2 replies      
I'm not sure I agree entirely with this explanation. He emphasises that this is unsafe behaviour that is protected against in safer languages - I've never heard it said that the use of pointers should be considered unsafe and there are also pointers in other languages that exclude things like multiple-inheritance and have garbage collection (which could be considered safer languages).

I like the room key analogy (almost) but I don't think it needs to be stolen and I don't think all the talk about policies and contracts is necessary at all.

It could simply say the thing you're returning is not the local variable. It is a pointer.

I have a box and instead of giving you the box I give you a key to the box. Anytime you want to use the contents of the box you must come over to the box and open it, but you can't take the box with you. If you want to put something in the box you just walk over and put it in - but here's the rub: you have no guarantees that you're the only one with a key. I could give out the key to a bunch of people so you don't know what will be in the box and who owns it.

Use with caution!

9
skrebbel 14 hours ago 0 replies      
if you can always legally access the book, which will for sure be available to you in that drawer, then the hotel key you stole must be a closure.
10
thewisedude 17 hours ago 0 replies      
A good analogy no doubt! But you should be careful when using analogies. Every behavior of the analogy might not be applicable to the original problem.

Analogies can only help make people "understand" something. Normal brains try to relate things to what it has learnt so far. So analogies seem to help. Analogies in themselves are not scientific explanations obviously.

A scientific/rational explanation to the question posed by the user would be - C++ makes no promise about the behavior of the program when out-of scope C++ variable is used. Obviously this explanation -a simple one is quite less dramatic.

11
ConceitedCode 1 day ago 0 replies      
Title is a bit misleading... but still a great answer.
12
stevetjoa 1 day ago 1 reply      
200 upvotes in nine hours?! Is that a Stack Overflow record?
30
53 VCs from 40 firms send letter opposing PROTECT IP usv.com
89 points by akozak  14 hours ago   20 comments top 8
1
acabal 11 hours ago 4 replies      
Since it's a commonly-held sentiment that politicians and the laws they make are bought and paid for, I don't understand why some of the shockingly wealthy VC firms don't start buying up their own lobbyists. Surely it would make business sense for them to purchase laws in favor of internet openness?

While the media corporations are throwing buckets of cash at our lawmakers, the best that wealthy VC firms ($13B wealthy!) can come up with is a strongly-worded letter? Am I just misinformed, or being overly cynical?

2
forensic 9 hours ago 0 replies      
There are a lot of names missing. From my quick scan I don't see any of the well-connected old players signing on to that document.

The omissions speak more loudly than the inclusions.

This does not look like a politically influential list to me:

  Andreessen Horowitz
AOL Ventures
Avalon Ventures
Benchmark Capital
Betaworks
Court Square Ventures
Draper Richards
EDventure Holdings
First Mark Capital
First Round Capital
Floodgate
Flybridge Capital Partners
Founder Collective
Foundry Group
Greycroft Partners
Greylock Partners
IA Ventures
Index Ventures
Khosla Ventures
Lerer Ventures
North Bridge
OATV
Rand Capital
RRE Ventures
Softbank Capital
Spark Capital
SV Angel
True Ventures
Union Square Ventures
Venrock

3
phlux 13 hours ago 1 reply      
At some point there just has to be a disobedience of some laws. Just everyone flat out ignoring them.

Why is it that we cannot hold lawmakers accountable for shit?

4
dminor 8 hours ago 0 replies      
Didn't Wyden already place a hold on this?
5
mrschwabe 13 hours ago 2 replies      
When injustice is law, rebellion is duty.
6
Bud 13 hours ago 0 replies      
Pity that this guy leans on McKinsey to support his argument. That will cost him some credibility, as recent events in the health care debate have shown that McKinsey is more than willing to discard any notions of scientific, impartial research if they have a political bone to pick.
7
mariuskempe 13 hours ago 0 replies      
Could you all send a similar letter for the patent reforms?
8
startupcto 11 hours ago 0 replies      
So VCs are really in for the money but who are they to say the IP Protection is pointless and useless and retards innovation.
       cached 24 June 2011 08:02:01 GMT