hacker news with inline top comments    .. more ..    27 Mar 2012 News
home   ask   best   6 years ago   
A Pinterest spammer tells all dailydot.com
81 points by taylorbuley  1 hour ago   33 comments top 12
DanielBMarkham 45 minutes ago 1 reply      
There are multiple angles to this story, and each has a compelling narrative.

Social sites are not just games or freebies. They exist based on the premise that they can use human nature against itself in order to create free content from users to be consumed by other users. At the end of this road we have Facebook, where they spend tens of millions of dollars to program users to create and consume like you'd program an alarm clock.

The spammers of course are in it for nobody but themselves, so it's tough to ding them any more than the rest of folks. At least most of them seem honest about it.

There's a third party here too, though: the honest internet citizen who likes creating and sharing content and making money while doing so. They don't run bots and they actually review the stuff they talk about.

The spammers make their money because they can "fake out" the system to think they're the honest money-making folks. The danger here is that we're going to only end up with two giant contenders, the addictive social sites and the spammers. That the little guys get crushed. To me it seems that the web, once wide open, is closing in bit by bit. (That probably sounds hyperbolic. Apologies.)

bproper 24 minutes ago 0 replies      
If he is pinning relevant pictures to themed board and simply doing it at scale, is he really abusing the site?

e.g: pictures of cakes on a recipe board about desserts that link back to a cookbook and he gets 4 cents per click through...

joshuahedlund 39 minutes ago 1 reply      
Will Skimlinks (or someone similar) offer a reverse-affiliate service that strips affiliate IDs from links on your site instead of adding them? Does this already exist?

(It would be trivial for Pinterest to manually do this, say, for Amazon, which could instantly crush a spam model based only on Amazon, without any spam network detection/banning required)

Personally, though, I think affiliate links in social networks are pretty innocuous, if not slightly positive.

pavel_lishin 1 hour ago 2 replies      
I'm not suggesting that this is trivial to implement, but in principle, wouldn't it be fairly simple for Pinterest to identify these guys based on their 'social networks'? If a group of accounts only 'pins' posts of other accounts in that same group, that suggests either a spambot farm, or a very inclusive group of friends. False-positive detection could be decreased by looking at account sign-up dates, or profile photos.
AznHisoka 1 hour ago 1 reply      
As Google is killing more and more content farms, it makes sense spammers are moving towards sites that have tons of authority, and spamming there. Can't get "buy car insurance" to rank for your spamblog? No problem, create a fake question in Yahoo Answers with the keywords in your title, and a fake answer with your affiliate link. Repeat in Pinterest, Amazon Askville, Quora, etc.
benologist 21 minutes ago 0 replies      
Sucky thing for pinterest to deal with and it's only going to get worse for them - the obvious spam is just the tip of the iceberg, the more insidious stuff can go undetected pretty much forever judging by HN, Reddit etc.
taylorbuley 1 hour ago 0 replies      
So-called "skimming" of links does not strike me as being terribly wrong (or different from what Pinterest does itself), but the practice likely still undercuts their bizmodel because they don't skim links that already have affiliate ids attached to them.
ebaysucks 44 minutes ago 2 replies      
What exactly is outrageous about a community service like Pinterest or a forum using Skimlinks?
shagbag 7 minutes ago 0 replies      
Does anyone know if Steve's actions are legal under United States law?
jcdavis 15 minutes ago 0 replies      
Aside from the (good) conversation here, I'm actually shocked the guy agreed to an interview. How many HN people just spent some time thinking about how you would do one of these? Not that nobody could have possibly thought about pinterest spamming before, but this interview has certainly increased knowledge of it
codexon 53 minutes ago 1 reply      
An easy way to find Pinterest spammers.


I think the spammer moved his affiliate tag to womansdesign-20.

krschultz 16 minutes ago 1 reply      
Frankly this sounds like what Pinterest should be doing for revenue. Isn't basically what promoted tweets are for Twitter?
Woodcut Maps: Handcrafted wood-inlay maps, designed by you woodcutmaps.com
35 points by aaronharnly  1 hour ago   3 comments top 2
tamersalama 1 minute ago 0 replies      
I love the idea and service. Congratulations.
aaronharnly 48 minutes ago 1 reply      
I'd love to hear the dev talk about the architecture of this service ‚Ä"¬†there's nice work for the site itself with queued renderers, and apparently back-end work to generate the laser-cutting instructions.

More on the process: http://woodcutmaps.com/process

The Mac App Store Needs Paid Upgrades wilshipley.com
145 points by mynameisraj  3 hours ago   70 comments top 9
kennywinker 3 hours ago 3 replies      
The consensus among all the devs I've talked to is that this feature will magically appear the next time Apple does a significant update to one of it's bigger ticket apps... Final Cut, Aperture, Logic, etc.

I can't see any way they can get around this problem without adding paid updates.

Until then 3rd party developers are high and dry.

ianterrell 3 hours ago 2 replies      
It's not a 1-to-1 replacement or panacea, but in app purchases can mitigate the problem‚Ä"i.e. free update with new features disabled until purchased.
Terretta 14 minutes ago 1 reply      
Apple's not keeping iWork up-to-date despite sitting on one hundred billion dollars.

And here I was blissfully unaware that Pages and Keynote had rotted into uselessness simply because of the calendar year.

ricardobeat 1 hour ago 0 replies      
I think this is mostly a mismatch in expectations. "pay full price, suckers" only rings true if it's not actually a major release - small features, security/compatibility updates should be free. A new version should offer enough benefits to be worth the price.
deedubaya 3 hours ago 6 replies      
As a developer with Apps in the MAS, I can see where this makes sense from the developer's perspective. But I think it is a mater of laziness on the dev's part.

Let me explain:

From a users perspective, this would suck. It is an antiquated system. "I have to pay for an upgrade just so it works on the new OS?" Think of how many times you've had to do this in the past, and how you felt.

Apple will act in the best interest of Joe User, not Joe Developer.

Instead of paid upgrades, dev's should be providing In-App purchases for new features. Maintenance of the App should be provided for free. Win-win for all.

Now stop bitching about what the MAS should have, and start using the solution Apple has given you! :)

stretchwithme 28 minutes ago 0 replies      
I was just thinking about this last week.

Eventually, nearly all your users have already paid, leaving you unable to charge them for enhancing the app. You may have a huge installed base and eventually have no incentive to improve the product.

mmuro 3 hours ago 0 replies      
Perhaps the incentive is the wrong one. If the goal is to get users to upgrade, offer a launch sale that entices existing and new users to upgrade.

I don't think it's so terrible that there is multiple versions out there. Reduce the price of the older version and setup the page to let people know there's a new one out there before buying.

cjensen 3 hours ago 1 reply      
The Mac software scene has always had lots of indie developers. Let's look at that scene for some facts... The indies generally charge an upgrade fee for "major" versions, and give free upgrades for "minor" updates.

Most, like Wil, do the right thing. Delicious Library hasn't had a major release in years, but it is maintained.

Others (for example, in my experience "DVD Remaster Pro" and Parallels Desktop), clearly abuse the major update system as a revenue source. They release fake major releases with lots of new skin but few features every six months or a year to rake in the dough.

Honestly, it's a mess. But the solution to me is obvious: Angry Birds from Rovio. Rovio didn't just release the thing and stop. They keep adding significant features (the game is probably 10X as large as when I bought it for the iPad). Customers feed back with great reviews. Rovio is rewarded with continuing sales and stays in the top seller lists. Meanwhile, apps like "Plants v. Zombies" are static and drop off the top lists quickly after a quick burst of popularity.

phillmv 3 hours ago  replies      
I want to say something about sharecropping, but I have a hard time thinking of the appropriate analogy.

It's making me think about the service model as being a superior revenue stream, for-better-or-for-worse. From a user's perspective, the MAS already acts as a service; the subsidy is just being paid for at the developer's end of the scale.

I love the iTunes/MA stores as a marketing and distribution channel, but I hate how heavy handedly Apple behaves with enforcing business models. I think there's an argument to be made that we can avoid the Android marketplace crapware without forcing everyone to become serfs.

There's no speed limit (2009) sivers.org
499 points by tnorthcutt  10 hours ago   161 comments top
sivers 9 hours ago  replies      
Surprised to see a post of mine here on Hacker News. (First time in a long time. Thanks!)

Feel free to ask me absolutely anything here.

How I failed and failed some more, but in the end persevered. demeulenaer.com
24 points by charlesdm  1 hour ago   4 comments top 4
highace 11 minutes ago 0 replies      
I remember there already being an app for ventrilo, so I just went off to find it and it turns out they had to pull it: http://www.ventafone.com/

Is yours not similar?

dangero 28 minutes ago 0 replies      
Great post. You repeated your success which is when you really know you've got the hang of it.

The part about working a day job and trying to build something is so true. Things move so slow when you're splitting your time like that. Very inspiring.

riskish 58 minutes ago 0 replies      
Great post, would love to see more people talk about their success with side projects an apps like this.
sammville 45 minutes ago 0 replies      
Great post! Going through a period of depression after a failed startup. It's just want i needed for the extra boost!
How To GitHub: A Complete Guide to Forking, Branching, Squashing and Pulls gun.io
103 points by Mizza  4 hours ago   10 comments top 7
dfc 38 minutes ago 1 reply      
Rebasing is the thing I need a good howto for. Some documents give me the impression that rebasing is evil and then others like this one make it seem harmless.
gcb 57 minutes ago 0 replies      
offtopic, but looking on the main page for gun.io i saw their tech stack, and i went to see what etherpad was about, and saw one of the best Descontinued Product Page ever.


they mention that they release the source, and list alternatives to the terminated product BEFORE sending you over to their google docs.

DrCatbox 57 minutes ago 0 replies      
I tried using git for several weeks now and still cant manage to do the simplest things, like maintain a work repo and a sync repo and then pull/merge between them before pushing upstream from sync. It feels like I have to know the internals of git workings just to perform a simple action, and I need to know all the side-effects of its actions, and how to fix those as well. With mercurial all the commands I need to know are hg log, diff, incoming, outgoing, pull, update push and merge. With git I need to know at least two or three flags for each command where each flag is really special to that command and using/not using it changes everything. With mercurial I just know -p -r and -l for limits thats it.

I hate git with a passion now. Its like forcing everything through its world view, for the tinies action it barks are you with insane messages.

Version control systems are supposed to model commits or sets of changes on a repo, not model and show you their own internal representation of what it thinks about my code.

Also Ive noticed most git tutorials really simple things (like this is how you do cvs but now with git), while "the rest" is left to some black ninja voodo magic expert dudes who "get" it.

And this is just another tutorial to work in a very specific environment using git.

Im so glad we use mercurial at work right now.

Inversechi 32 minutes ago 0 replies      
This is exactly the kind of article I was looking for! I'm still very much learning git and eager to commit to more Repos on Github however have been unsure about how to do this effectively.
hardik988 3 hours ago 0 replies      
Thanks for this. I'm still learning git and didn't know about the squash feature.. Now that I think about it, even if I spend 5 minutes on HN, I manage to learn something new! Cheers.
Radzell 3 hours ago 2 replies      
Thanks managing a team github problem sometimes feels like a full time job on top of coding. It doesn't get errors a lot, but when it does they stick around.
dudus 2 hours ago 0 replies      
Not only a good guide to Git but also a good guide to open source collaboration for new-comers.
Mozilla's BrowserQuest - Massively Multiplayer HTML5 Experiment mozilla.org
337 points by guigui  8 hours ago   74 comments top 16
paulrouget 8 hours ago 1 reply      
Article about how the game works: https://hacks.mozilla.org/2012/03/browserquest/
kenrikm 6 hours ago 1 reply      
I like how they made it really easy to get in. No signup just name your guy and go. I generally don't have time to play games however I appreciate the amount of work that goes into them. Good Job.
riffraff 8 hours ago 2 replies      
NPC soldiers with HTML5 orange shield are just too cute :)

And this is actually a nice little game. Buy then again, where is browserid and open badges support ?

flexterra 4 hours ago 0 replies      
Awesome! Thanks for the productivity kill mozilla. Looks great and it's a lot of fun. Now I want to learn how to do this stuff in the browser.
user2459 6 hours ago 4 replies      
Really organized, easy reading source too: https://github.com/mozilla/BrowserQuest

Outstanding work that I'm sure is going to inspire a lot of people. Though I don't see a license file anywhere.

sbarre 8 hours ago 1 reply      
Very fun and well done. Nice of them to publish the source as well..
soapdog 5 hours ago 0 replies      
Just collected the 20 achivements. Really fun demo, inspired me to learn more about pixel art. I can code well but my art skills are bad. Wish they expanded it...
franck 7 hours ago 0 replies      
You can follow the player population in real-time on this dashboard: http://browserquest.mozilla.org/status/
michaelmartin 4 hours ago 0 replies      
Brilliant game, the little Easter Eggs really made it worth playing.

For anyone wondering about the 2 mystery achievements at the end; the clues are in client/js/game.js ( https://github.com/mozilla/BrowserQuest/blob/master/client/j... ), line 278.

Hiding the clues in the code like that just adds to the coolness. Great touch!

pepijndevos 6 hours ago 1 reply      
Did anyone figure out how to get to the mario pipe, and what the ??? quest is?
jiggy2011 6 hours ago 4 replies      
Anyone know how they do the networking?

Websock , Comet or ajax?

aw3c2 7 hours ago 0 replies      
works with opera but eats a whole cpu core
ecto 8 hours ago 0 replies      
This is so awesome. Well done Mozillians!
weixiyen 3 hours ago 0 replies      
The mouse movement is laggy. Why not use hardware mouse speeds? For an interaction with that much frequency, it makes the game unplayable.
overshard 8 hours ago 3 replies      
Could not move while on Chrome... was nifty though, I applaud the effort put into this. One day Flash, one day...
xtian 7 hours ago  replies      

It's weird to me that they list the node dependencies in the server README instead of using a package.json.

Very cool project, though.

Subsecond Offset Visualizations: Unusual patterns from cloud computing dtrace.org
45 points by brendangregg  2 hours ago   1 comment top
nitrogen 16 minutes ago 0 replies      
The method used to identify the zoneadmd freeze in Riak would be perfect for diagnosing x-runs in realtime audio applications. Here's hoping that awesome monitoring and visualization techniques developed for the cloud find their way into the hands of the jackd and ALSA developers.
YC Demo Day Session 2: Midnox, 42Floors, Sonalight, Your Mechanic techcrunch.com
32 points by guiseppecalzone  2 hours ago   10 comments top 2
jerrya 32 minutes ago 0 replies      
YourMechanic should provide some idea off the bat as to where they are providing service at this time, and perhaps a timeline as to when they expect to expand.

A simple, YourMechanic is currently providing service to the San Francisco Bay Area, or something.

After going through several steps in their chain:

Select Service -> Service Details -> Provide Name, Address, Email, Phone

The Mechanic Bids step failed with

errno: erange "Sorry, we currently do not serve this location right now."

endlessvoid94 2 hours ago 2 replies      
I think YourMechanic is an excellent idea.
ZeroRPC github.com
115 points by m0th87  6 hours ago   26 comments top 10
Loic 4 hours ago 3 replies      
> If you want to connect to multiple remote servers for high availability purposes, you insert something like HAProxy in the middle.

On our PaaS[1] we are running ZMQ everywhere and you do not need HAProxy in the middle to get high availability, you do it directly with the right ZMQ devices depending on your requirements. HAProxy is another piece of infrastructure to maintain where you can get HA with the majordomo pattern using several brokers and retrying the requests etc. Check the ZMQ Guide[2], you have nearly everything nicely explained there. So this comment just ring a "warning" for me, the system looks really interesting, but are the ZMQ primitives well enough understood?

[1]: http://notes.ceondo.com/mongrel2-zmq-paas/
[2]: http://zguide.zeromq.org/page:all

Update: Missing some parts of the comment, stupid me.

espeed 42 minutes ago 0 replies      
Is there a ZeroRPC-Java or Jython interface so you can call JVM methods from Python?
KenCochrane 6 hours ago 0 replies      
Here is a video about it from this years Pycon.


ChuckMcM 5 hours ago 0 replies      
Oh this looks very very cool. As a person who runs a bunch of machines I can see several uses for it, not the least of which is monitoring diagnostics.
izak30 5 hours ago 1 reply      
I was apparently working on this concurrently (and much more specifically, not for general use) as dotcloud. I'm really glad they released it. We've seen great performance characteristics and very easy development with zeromq+python+gevent. I chose to use gevent_zeromq package rather than write our own, but it's very similar here.

I'm really looking forward to using this next time.

nivertech 5 hours ago 1 reply      
You just reinvented (sort of) Erlang's erl_call [1] in Python:

Starts an Erlang node and calls erlang:time/0.

    erl_call -s -a 'erlang time' -n madonna

[1] http://www.erlang.org/doc/man/erl_call.html

makmanalp 4 hours ago 0 replies      
This is awesome! This saves craploads of trouble in terms of actually parsing messages and interpreting them as functions. Instead I can have an implicitly rigid and safe server / client hop. This makes it way easier to set up a set of daemons talking to eachother in the backend of a web app.
alexmic 5 hours ago 0 replies      
We've done something similar here at EDITD but not as complete:

(1) The original: https://github.com/geoffwatts/zmqrpc
(2) A rewrite I am working on: https://github.com/alexmic/zmqrpc

DevX101 5 hours ago 1 reply      
Can someone provide examples of where this would be useful?
calloc 5 hours ago 0 replies      
Where I work we are doing something similar more by hand though in that we are using ZeroMQ with protobuf.
Kevin Korb's Jokes: Care and Feeding of Your Hacker sanitarium.net
19 points by jacquesm  1 hour ago   2 comments top 2
sounds 46 minutes ago 0 replies      
I first thought from the title that it was a guide for your S.O. ( http://www.google.com/search?q=a+girls+guide+to+geeks )

Still a fun read. If you're not familiar with the Jargon File, you may find you lose a few unaccountable hours there.

gonzo 18 minutes ago 0 replies      
Moar esr-fluffing.
Fame Game Hopes To Make You Internet Famous for a Day play-fame.com
63 points by dclaysmith  4 hours ago   44 comments top 19
kitsune_ 2 hours ago 2 replies      
This is the stupidest shit I've ever heard of. Combining humanity's idiosyncratic desire for fame with a lottery system.
Skywing 1 hour ago 0 replies      
Nice. I made this exact same concept almost a year ago, too. It was fun to code and watch to see who randomly won. These guys definitely have a little bit better Photoshop skills than I do, though. :) I called mine Crowdwoo.

Here is my post about mine: http://news.ycombinator.com/item?id=2576392 and my source code for it, https://github.com/ryancole/crowdwoo.com

and with a time machine snapshot to see what it looked like: http://web.archive.org/web/20110708205146/http://crowdwoo.co...

and finally a link to the original idea source, compliments of Dave Winer: http://scripting.com/stories/2011/05/15/socialMediaBubblePop...

Karunamon 3 hours ago 2 replies      
Really nifty idea. What I'd like to see is an option to not automatically unfollow the person after the day that you can set on this site - maybe the person who won that day is really interesting!
mhp 1 hour ago 0 replies      
This sounds like it's ripe for spammers, and given the recent article on the Pinterest spammer, and the current winner tweeting about her "lipob fat loss shots", I don't think it will get any traction. (Or at least it won't be abused).
kirubakaran 2 hours ago 2 replies      
I like the idea. But why unfollow the next day? At least this should be optional with default set to "don't unfollow".
CrazedGeek 3 hours ago 1 reply      
This is pretty awesome! Simple silly question -- if you're already following the winner before they win, they won't be unfollowed when their day's up, right?
__abc 2 hours ago 0 replies      
I signed up just to see who gets picked and, if I like what they have to say, etc.

I know who I know. Finding people who I don't know, that might be interesting, is becoming difficult.

bhartzer 3 hours ago 1 reply      
Great idea. Putting a new twist (i.e., twitter) on an old, OLD concept (like iWannaBeFamous.com started over 10 years ago) is a good thing.

I'd like to see this up to 100,000 or more followers to really give the featured person some real fame.

jonbro 2 hours ago 2 replies      
you have to email them to remove yourself? Really? It seems like you could have some type of removal thing.
tibbon 2 hours ago 1 reply      
That's... cute.

But wouldn't that get a lot of people's accounts banned? If I remember right (from some time ago) you couldn't follow/unfollow too many people all the time, or you'd get banned.

orta 4 hours ago 0 replies      
I think this is a great idea, it adds a little hint of surprise to your twitter stream.
lifeformed 3 hours ago 1 reply      
Cool, idea, but I think it'd work better with longer time periods, like one drawing per week. Once it loses it's novelty, nobody is going to be gunning to get the title of "295th play-fame.com winner".

Plus, accumulating a weeks worth of followers seems to be (more than linearly) a better prize.

koopajah 2 hours ago 1 reply      
Do you need to have a minimum of followers before "trying out" ? To avoid people submitting a lot of empty profile just to maximize their chance of being picked up?
spullara 1 hour ago 1 reply      
You should really just have everyone follow the @fame account and then retweet the winners tweets for the day.
wiradikusuma 3 hours ago 2 replies      
How to make sure everyone plays fairly? E.g. I can cut the ties once I'm famous.
OzzyB 3 hours ago 0 replies      
I have a big soft spot for concepts like this -- bravo!
rduchnik 2 hours ago 0 replies      
I think it's genius way to get people to follow you, they will rack up followers with this over time.
duxup 2 hours ago 0 replies      
Silly but it isn't as if mass attention is logically or productively focused. Why not just go randomly? ;)
paraschopra 2 hours ago 1 reply      
Why, god, I ask Why?
Messin with core.logic clojure.net
19 points by jimduey  1 hour ago   discuss
YC Demo Day Session 1 techcrunch.com
35 points by canistr  3 hours ago   3 comments top 2
redstripe 14 minutes ago 0 replies      
Would YC even consider putting these demos up on youtube, or would that be too distracting for the participants? It would be interesting to see how rough they start out and how they progress. Perhaps even hire an in house film maker?
taylorbuley 1 hour ago 1 reply      
Even reading about these second-hand, lines like "hockey-stick growth" show the prezos were quintessentially YC.
Bayes nets by example with Python and Khan Academy data derandomized.com
92 points by kohlmeier  6 hours ago   discuss
Even Non-Techies Aim to Learn the Internet's Language nytimes.com
29 points by branola  3 hours ago   3 comments top 3
droithomme 8 minutes ago 0 replies      
I am happy to hear that one can be a developer and understand TCP/IP and not be a "techie" since the dimunitive nounized form of tech, "techie", always has a condescending air about its use. Likewise "coder" and often even "geek". When my partner stays up all night reading wikipedia I can humorously say "Looks like you had a major geek-out session." This is taken in a very different sense than when a touring MBA says "So is this the cage where you keep the geeks?"
lachyg 23 minutes ago 0 replies      
Great article, good to see the recent trend of programming education / programming as the new literacy getting a lot more attention.

Disappointing to see http://devbootcamp.com/ and CodeAcademy not got a mention. Those are the two notable programs that take in beginner-level / no-level programmers and teaches Ruby (on Rails).

dpearson 16 minutes ago 0 replies      
Aside from the cheesy opening line, it is nice to see an author that does a decent job writing to a nontechnical audience (as well as one who provides examples of the value of programming to readers). With increasing publicity, it will be interesting to see if more people actually sign up for and complete online courses (from sites like Codecademy).
Himera: ClojureScript Compiler Web Service himera.herokuapp.com
48 points by swannodette  5 hours ago   8 comments top 5
ibdknox 3 hours ago 0 replies      
BTW, the continuation of working on such an editor/environment, based on the live game editor [1] fogus talks about in his post, is a potential Google Summer of Code project [2] :)

[1] http://www.chris-granger.com/2012/02/26/connecting-to-your-c...

[2] http://dev.clojure.org/display/community/Google+Summer+of+Co...

jemeshsu 4 hours ago 0 replies      
This blog post by the author explains the project:


swannodette 4 hours ago 2 replies      
Note that you can use the REPL to interact w/ jQuery:

  (.-length (js/jQuery "div"))

rys 1 hour ago 0 replies      
Hilariously off topic, but the background image to the website made me think my computer screen was dirty.
MatthewPhillips 3 hours ago 0 replies      
So... how do we use this?
The least popular post I will ever write thescore.com
7 points by J3L2404  38 minutes ago   discuss
Safety and liveness: Eventual consistency is not safe bailis.org
29 points by pbailis  4 hours ago   3 comments top 2
cperciva 23 minutes ago 0 replies      
[1] Eventual convergence is likely the strongest convergence property we can guarantee given unbounded partition durations.

I don't think this is true. Consider the property I call "eventually known consistency", wherein the system can be asked "are all operations performed before time T visible everywhere?", with a "yes"/"maybe" response, where "yes" is guaranteed to eventually be returned after some bounded period of non-partition.

Eventually known consistency can be used to get AP (just ask for the data), CP (let T be the current time; spin until ConsistentUpTo(T) returns true; then perform the read), or CA (in the sense that if as long as a partition does not occur, the algorithm for CP provides a response within a bounded time), and is thus strictly stronger than other properties.

saurik 1 hour ago 1 reply      
FWIW, the original Dynamo concept supported safety by returning not just the latest version, but all conflicting versions: the client then had the opportunity to make a merged version of the data that was newer than either of the inputs, and store that as a replacement.

It should therefore be remembered that many/most implementations of "eventual consistency" have these issues, it is not a requirement of the mechanism, and some implementations realize this and either have merge implementations or have plans to provide them.

(I am not certain where Cassandra is on this axis, but last I paid attention they were actively trying to decide whether to modify the client protocol to match Dynamo, or provide server-assisted merge operators more similar to their existing server-assisted comparison operators.)

SecureUDID Is An Open Source Solution To The Apple UDID Problem techcrunch.com
38 points by KB  4 hours ago   11 comments top 6
antirez 1 hour ago 0 replies      
I don't understand why Apple instead of just deprecating the UDID API did not added at the same time an API returning an application-specific UDID. No privacy problems, no issues for developers.
gyardley 3 hours ago 0 replies      
Interesting. Based off of the FAQ, the only thing that keeps developers from sharing their users' SecureUDID with other developers and/or SDK-based companies seems to be their own discretion - turning over the domain and salt unlocks the keys.

There's also, as far as I can see, nothing to stop a company with a SDK from including this code in their SDK and tracking across every application that uses it. If I was still running an iOS analytics company, I'd be pretty tempted by this in the post-UDID era.

Well intentioned, I'm sure, but to me this looks like a great tool for continuing business as usual. I'm no expert, though - please let me know if I missed something.

shangrila 2 hours ago 2 replies      
Most of the UDID replacement "solutions" proposed so far are just cookies. They generate an identifier and write the data to a location such as the keychain, or a private pasteboard as in the case of SecureUDID. These locations may be somewhat persistent and might even outlast a delete & reinstall of a particular app in some cases, but in the end they are still volatile and therefore do not actually identify devices. The information can still be lost in the event of an OS restore.

For some (most?) developers, this might be sufficient. But if you need to actually, truly identify devices, these solutions are not good enough. The only way to identify a device itself is to use actual hardware-specific info. Since Apple is removing the UDID, the WiFi MAC address is pretty much the only thing left.

Any solution not based on hardware-specific info but which pretends to "distinguish devices" (as SecureUDID does) is not actually doing what it claims to do. It's a subtle but important distinction.

corysama 3 hours ago 1 reply      
What a lot of apps really need is for Apple to provide a UDID replacement that gives a different ID per app, but is consistent if the app is deleted and re-installed on the same device. SecureUDID is still based on CFUUID which is not consistent across re-installs.
cpeterso 3 hours ago 0 replies      
In his Android Pro-tips talk, Reto Meier (tech lead on the Android Developer Relations team) recommends generating a random UUID and saving it in your app's SharedPreferences. The Android BackupManager will backup SharedPreferences in the Google cloud. If the user restores their user profile from the BackupManager to a new phone, their UUID will be preserved.


EvilTrout 4 hours ago 1 reply      
Question: In the example given, you supply a salt and a domain when coming up with your UDID.

Isn't the salt of another app really easy to decompile and figure out?

After that, a competing app could find out if you've used the device ID already, which actually seems less secure than the original UDID apple provided.

The last thing I want is for apps I install to phone home with a list of other apps I have installed!

IOS design: a case study slideshare.net
113 points by Wolfr  9 hours ago   18 comments top 10
kalleboo 9 hours ago 1 reply      
A little off-topic, but HN gets so many slideshows posted so I have to ask this: Why don't any of these slide sharing services have a decent "all on one page" option, or a powerpoint-style outline view? (this one has some SEO-text of all the slides at the bottom, but it's not very readable) I really hate clicking next-next-next through individual slides that are pointless when you don't have a presenter talking.
phil 2 hours ago 1 reply      
I question whether it makes sense to implement custom UI with transparent PNGs like the slideshow describes. It's pretty tough to get it exactly right, and that approach leads to a lot of interfaces that look a bit off.

On iOS, with some drawing code you can build custom table cells that are more flexible, are easy to reuse and look exactly right.

(Kudos to the author by the way -- the design methodology in this presentation looks really good).

numlocked 5 hours ago 0 replies      
This is really fantastic. I've passed it along to the all the designers I work with, and will certainly be using some of the resources you reference.

A very small suggestion - when you mention various design resources it would be great to just put parenthetically whether they are free or not. For those of us who are not professionals but like to play around it would save a number of clicks. Thanks for the great presentation, and I love the sticky note format!

nanijoe 6 hours ago 0 replies      
Thanks for sharing..I went through all 110 slides, even though I started out meaning to see only the first few.
phil 2 hours ago 0 replies      
Thanks for all the killer links in here - I got a bunch of useful tools (rotated iPhone image template) that I didn't know about out of it.
ashishgandhi 8 hours ago 1 reply      
Didn't open on my iPhone. :( O, the irony!
devinfoley 7 hours ago 0 replies      
I will recommend this to everyone I know that works with iOS in some capacity. What a great resource! Thanks!
strukturedkaos 7 hours ago 0 replies      
Thanks for this presentation. I passed it along to our team's designer. Definitely provided clarity for us on how to go from design to development. For example, we weren't sure if it would be best to use images for the backgrounds of tableview cells and buttons or to use iOS coloring.
Wolfr 9 hours ago 1 reply      
This presentation delivers some insights on the whole process of creating an iPhone app from scratch to finish.
nox_ 5 hours ago 1 reply      
Is that just me or Svbtle looks a lot like Wolfr's website?
Google Drive: Finally coming this April gigaom.com
67 points by taylorbuley  6 hours ago   54 comments top 12
georgemcbay 4 hours ago 1 reply      
"GDrive is the like the wolf in the fable, The Boy Who Cried Wolf. Well, after long history of false alarms, the storage drive might just see the day in early April"

So... this year, like every year since 2005, GDrive may or may not be coming.

Thanks for the update, Om.

Kylekramer 4 hours ago 1 reply      
The key differentiator for Google Drive would be online interfaces. I love Dropbox to death, but the fact that when I am on a strange computer I have to download a spreadsheet to make a minor edit and then upload again is completely annoying. And it is mostly useless for media playing. If Google gives me a box to store/sync stuff offline and makes Google Docs/Music/Picasa seamlessly work with that box, I'd switch in a heartbeat.
artursapek 49 minutes ago 0 replies      
I really hate snarky comments like these:

One whole gigabyte? Wow!

Oh good. Now Google can mine your documents to find more ways to blast your with advertising. Buh-bye privacy.

People really need to stop bitching about privacy and the like. Nobody is stopping you from building your own server backup system in your basement with as much space as you desire. If you use this technology Google has been secretly working on for who knows how long now, for FREE, you can fucking put up with ads or minor fees if you want more space. People feel so fucking entitled these days.

pitdesi 4 hours ago 0 replies      
Relevant: interesting HNsearch: http://www.hnsearch.com/search#request/all&q=gdrive&...

I like that the first one is Drew's YC app from 5 years ago.
And then: GDrive is here! in august 2007

This is an interesting story of why it was killed originally:

gfodor 5 hours ago 2 replies      
Am I the only one that saw that and thought "driverless cars this April?!"
pitzips 5 hours ago 2 replies      
If the prices are anything like what their current storage options are, it will be the best option available.

Dropbox - Current options

50 GB ($99.00 USD per year) -
100 GB ($199.00 USD per year)

Google Storage - Current Options

20 GB ($5.00 USD per year) -
80 GB ($20.00 USD per year) -
200 GB ($50.00 USD per year) -
400 GB ($100.00 USD per year) -
1 TB ($256.00 USD per year) -

nextparadigms 5 hours ago 4 replies      
Only 1 free GB? That seems highly unlikely. But if it's true, I think it will be very disappointing.
gfaremil 2 hours ago 1 reply      
The main problem with Google Docs is that it is just too complicated - or better to say, has some rules which are quite unique.

For example, normal people get very confused that you can have multiple files with same name. Also the concept of collections is something quite broken since they represented as "folders": yes great on a paper but people assume if a document A in collection X is different document than the same document in collection Y.

I wonder how the above things will map to local filesystem without confusion.

lukebaker 4 hours ago 0 replies      
Every detail points to them providing an local client for Google Docs. Google Docs has: 1GB free, ability to upload arbitrary files, web preview of a variety of file types (videos, music, documents, etc.), an API, Google Apps integration.
stuckk 3 hours ago 0 replies      
I have been using Microsoft LiveMesh/skydrive recently alongside dropbox and it has been working flawlessly.
What I like about is the huge space compared to dropbox and that you can sync multiple folders without plug-ins or anything hacky.
nthitz 5 hours ago 3 replies      
If they allow me to stream video off my GDrive like I can with Google Music I am definitely in!
tonfa 3 hours ago  replies      
You mean, like Gmail?
YC Demo Day Session 3: Crowdtilt, Flypad, Carsabi, Anyperk, TiKL, Dealupa techcrunch.com
4 points by jedc  26 minutes ago   discuss
YC Demo Day Session 3: Crowdtilt, Flypad, Carsabi, Anyperk techcrunch.com
3 points by guiseppecalzone  3 minutes ago   discuss
Foamicate: A new system for authenticating users without using passwords. foamicate.com
46 points by romaimperator  3 hours ago   46 comments top 14
marshray 2 hours ago 2 replies      
There have been several security systems over the years with this same problem. The issue is basically here:

Step 1: Require users to install a binary plug-in.

(OK, the website doesn't exactly say it that way.)

But web security begins and ends at the user. All of the security depends on the user noticing security warnings and then refusing to continue. Look at it from the user's perspective. "In order to create an account on this website you must turn off your malware blockers, click here, then click 'OK' to the next 3 warning screens that are going to tell you that what is about to happen is a really bad idea. Trust us, we're legit."

I would wager any site that places selection pressure on their userbase to favor those who agree to install random binary stuff from the web is going to have more issues with user credentials than those which do not.

Disclosure: I work for an authentication company (PhoneFactor) that has replaced these plugin-based systems in the past.

kijin 2 hours ago 2 replies      
Interesting concept with an unfortunate name. Foarnicate? Foarnicator? With just the right font and kerning, "m" becomes indistinguishable from "rn".

Also, a common problem with all browser-based authentication systems seems to be what happens when the user loses the browser. (Hard drive failure, theft, etc.)

With LastPass, I can retrieve my passwords by reinstalling the add-on and entering my master password, because all the data is kept on their servers. With browser-based authentication schemes without a central server, once you lose your browser, it's gone. It's also virtually impossible to remember a randomly generated private key, unlike even a 10-word passphrase. So I'll only ever be able to use this with unimportant sites, not e-mail or banking. I see that this problem is mentioned in the "technical limitations" section, but any good idea to fix this without asking users to trust a central server?

e1ven 3 hours ago 2 replies      
So I've been thinking about systems like this for a bit.

How is this different than Client-side certs, except it requires an addon?

How do you sync keys between machines?

If I'm going to have to deal with syncing and installing a plugin, why not just install 1Password, and have it automatically generate unique-passwords for each site..?

mbleigh 3 hours ago 2 replies      
Mozilla has already been working on a standards-based implementation of user agent authentication: https://browserid.org/
jacquesm 2 hours ago 1 reply      
Finally expertsexchange.com has competition.
sgdesign 2 hours ago 2 replies      
This looks like a cool technology, so sorry to be somewhat off-topic. But unless there's something I'm not getting, isn't this a really bad name?

Basically one letter change away from reading like "Fornicate"…

VikingCoder 2 hours ago 1 reply      
At this point, I just wish I could use my two-factor authentication on Google to sign in to any site on the internet, and disable all other methods of signing in.

Bonus points if I could do it anonymously. Meaning, the site never has any idea of who I am.

7952 2 hours ago 1 reply      
Surely the only real advantages are:

- Server has no knowledge of password, and less knowledge than a hashed password.

- Master password based private key is possibly more secure than a cookie.

However, if the client machine is compromised a virus could get hold of the private key, and have access to numerous websites.

The best way to improve security is to have a third party login provider (openid, Google, Facebook etc), preferably with three factor authentication. This allows the client, and the server to be compromised, and still limit damage.

jarin 2 hours ago 1 reply      
What's the difference between this and just storing a long session ID in cookies?
jonny_eh 2 hours ago 0 replies      
This won't work for iphone users, right?
guan 3 hours ago 1 reply      
Foamicate uses a browser extension. Is there any reason the client side portion can't be implemented in JavaScript with keys stored in localStorage?
daenz 2 hours ago 0 replies      
I read this as Foarnicate.
krupan 3 hours ago 0 replies      
Higher security, and not needing to type passwords on my phone would be awesome.
rwj 2 hours ago 0 replies      
Is there plans to support sharing you keys between devices?
YC Application Resources kippt.com
60 points by enra  7 hours ago   12 comments top 9
RuggeroAltair 45 minutes ago 0 replies      
I would like to understand why a few people say that the recommendation is so important.

If it is, then it means that the application process isn't working very well.

I understand that it can help if for some reason the application isn't very clear, but it shouldn't help "a lot", like someone said in one of the links.

unignorant 6 hours ago 1 reply      
Another suggestion (from my blog):


Hadn't heard of Kippt before, but it looks useful.

untog 5 hours ago 0 replies      
Having only really come up with a new idea yesterday, this batch of YC is probably a little late for me. But still, it's fascinating to see the energy and devotion people are putting into their stuff, look forward to seeing the outcomes.
astrofinch 2 hours ago 0 replies      
At a certain point, you have to stop reading and start working on your product...
sethbannon 3 hours ago 1 reply      
Great resource, thanks for compiling. FYI the list of articles doesn't render in Safari on the iPad.
enra 7 hours ago 0 replies      
If anyone has more suggestions, I'm happy to add them on the list.
julien 7 hours ago 0 replies      
Is that a new #Kippt feature? Seems pretty cool.
WadeF 6 hours ago 1 reply      
http://www.guidetoyc.com/ is pretty good. Nice collection of articles found there as well.
Basho Unveils New Cloud Storage Software: Riak CS basho.com
80 points by tsantero  8 hours ago   25 comments top 6
viraptor 1 hour ago 0 replies      
Uh... marketing speak really stands out on pages where I expect technical information: "the world's most advanced distributed database".

Otherwise, it's nice to see S3 becoming a web storage standard (or one standard emerging in general). Openstack Swift also supports it.

rarrrrrr 6 hours ago 1 reply      
How many options are there for an open source cloud storage product you can run at your own site now?

I'm sure I've overlooked a few, but the ones I'm aware of (roughly in chronological order of when they first became usable) are:

Eucalyptus's Walrus http://open.eucalyptus.com/wiki/EucalyptusStorage_v1.4

OpenStack's Swift http://swift.openstack.org/

SpiderOak's Nimbus.io https://nimbus.io/

Basho's Riak CS http://basho.com/products/riakcs/

Glad to see so much interest in this space.

I think Basho made a good strategic choice with what they call "Per-Tenant Visibility", which will facilitate other cloud hosting providers that compete with Amazon reselling Riak CS as a storage service.

cagenut 7 hours ago 3 replies      
Thats interesting considering they killed off the luwak plugin a few months ago.
hkarthik 8 hours ago 4 replies      
Basho's products look great, but I hardly hear of anyone using them. Most folks in the Ruby community tend gravitate towards MySQL, MongoDB, and Postgres. Any insight as to why that is? Riak looks like a pretty solid database too.
siculars 6 hours ago 1 reply      
Interesting. Grats on the announcement. Will Riak CS support range requests on binary objects? Aka. give me bytes 100-200.
chaostheory 8 hours ago 2 replies      
This company has some great open products. Too bad what they ask for in yearly support subscription fees, feels too much.
Rookies in the Bike Shed heinemeierhansson.com
58 points by jashkenas  7 hours ago   39 comments top 6
jashkenas 7 hours ago 6 replies      
The Rails commit that spurred this post, apparently: https://github.com/rails/rails/pull/5329
parfe 3 hours ago 1 reply      
I saw one post mention File.world_readable? I don't know Ruby and the result surprised me.

  irb(main):002:0> File.world_readable?('/etc/passwd')
=> 420
irb(main):003:0> File.world_readable?('/etc/shadow')
=> nil

420 is decimal for octal 0644 which is the permissions on my /etc/passwd file. Fair enough, but as someone looking from the outside it seems weird to leak partial and unreliable information like that. Especially if I was to write

  readable = File.world_readable?('/etc/passwd')

and later readable has an integer in it representing an octal value which can't be used for more than a true/false value. Is it common to throw !! in front of truthy/falsey calls to get down to the boolean literal?

jasonlotito 5 hours ago 1 reply      
And this is why people reinvent the wheel. If you disagree with the core teams decision here, you are at an impasse. So, you fork and move on. Or, you think about it, and decide to create your own framework that will be like Rails, but do things the way you want to do them, including making xhr? work the way you think it should.

Reinventing the wheel gets a bad wrap. People suggest you should contribute to existing projects. The problem is when that existing project's direction diverges from your needs. Reinventing the wheel is part of the power of open source.

On a side note, considering the sheer number of types of wheels, "reinventing the wheel" comes across as a bit odd.

sunir 3 hours ago 0 replies      
I agree this is a good approach for any open source project leader to have.

It's valuable to let rookies argue small debates so they can learn the ropes and get a feel for the community; it's even more valuable for the veterans and leadership to make decisions, set priorities, and maintain focus on what's important. Both are necessary to grow and sustain an open community project. You bring people in and get them engaged whilst reinforcing what the project is focused on, its tone, style, and mission.

Making a decision civilly, whether everyone agrees or not, is very reassuring to newcomers and oldtimers alike. It proves that the community is fun and worthwhile.

spacesuit 6 hours ago 5 replies      
This post raises some interesting points about the difficulty of contributing to open source for the first time. Over the last year, I've taught myself to code. I want to contribute to open source, and I think I can provide value to smaller projects. But the public nature and unique culture of open source have left me feeling a bit overwhelmed. So I observe instead.

What's the best way for a rookie to find small, welcoming open-source projects to contribute to?

mvgoogler 2 hours ago 0 replies      
This reminded me a bit of this thread:


       cached 27 March 2012 22:02:01 GMT