hacker news with inline top comments    .. more ..    7 Mar 2013 News
home   ask   best   5 years ago   
Consumer key/secret for official Twitter clients github.com
102 points by matsuu  2 hours ago   44 comments top 7
dewitt 2 minutes ago 0 replies      
For some reason several of the commenters here are explaining this away as a protocol bug (specifically with OAuth) but the challenge isn't at all protocol specific. Rather, it's a hardship with all client/server apps, specifically in that trusting any client requires additional support from the platform (self-assertion or possession of a secret by the client alone is insufficient) and even then it's known hard problem.

This has been true of client/server apps for a very long time, well predating any particular protocol. I'd be interested in any solutions that people come up with that don't depend on additional extrinsic platform capabilities.

pilif 2 hours ago 3 replies      
And with this one of the huge flaws of OAuth comes to play. OAuth just doesn't work with locally installed applications as it's impossible to hide anything there, but OAuth strongly relies on the client having some secret knowledge (the client token).

As long as all clients are equal when using the API, this might go well (minus some malicious clients), but once some clients start to be more equal than others - even more so as the service starts to get to be real jerks - then the whole system will fall down.

What we see here is twitter's secrets leaking out (though remember: That's more or less public data as it's technically impossible to hide that info - the server has to know) due to them being jerks giving their client preferential access.

What does this mean? For now, probably not much as I can imagine the bigger third-party-clients want to behave.

It might however make Twitter reconsider their policies.

If not, this is the beginning of a long cat and mouse game of twitter updating their keys and using heuristics to recognize their own client followed by twitter clients providing a way to change the client secret[1].

Though one thing is clear: Twitter will lose this game as the client secret has to be presented to the server.

Using SSL and certificate pinning, they can protect the secret from network monitors, but then the secret can still be extracted from the client, at which point, they might encrypt it in the client, at which point the attackers will disassemble the client to still extract the key.

It remains to be seen how far twitter is willing to go playing that game.

[1] even if the keys don't leak out, as long as twitter allows their users to create API clients, an editable client secret is a way for any twitter client to remain fully usable

yock 6 minutes ago 0 replies      
Perhaps someone who knows better can explain, but why are these "secrets" managed on a per-application basis? Is there some technical limitation to each installation having its own "secret?" Couldn't Twitter handle this with a public/private keypair scenario, where twitter obtains the private key through secure means and the public key is distributed to each client installation?

I have to be wrong somehow, because this all seems so ridiculous.

zacharyvoase 1 hour ago 1 reply      
Something I've been pointing out about OAuth for ever is that it's a method for delegating authorization to agents who wish to act on behalf of the user. When it is the actual user him/herself who is acting, there's nothing wrong (and a lot of things right) with username/password authentication.
Kudos 1 hour ago 0 replies      
For people who think this is going to cause drive-by Twitter hijacks, remember that Twitter stores the callback URL on their side for this very reason. Any web app impersonating these apps will fail at the callback stage.
mathias 1 hour ago 0 replies      
If you ship a binary to a person's computer and that binary has a secret embedded in it, that secret will eventually be discovered.

This has been discussed here before: http://news.ycombinator.com/item?id=4411696

lukeholder 2 hours ago 2 replies      
uh, this is not good. Why would someone post that under their own github account?
From idea to AppStore in 2 weeks alasdairmonk.com
23 points by timparker  1 hour ago   9 comments top 5
Kurtz79 16 minutes ago 1 reply      
I'm really curious about that.

There are about half dozen similar applications on the Appstore, for free.

I tried a few, and most of them did they job they were suppose to do fairly well.

How did you convince people to choose yours as opposed to the other ones that already existed ?

Clearly the Metro article is what pushed people (that possibly didn't know that those apps existed) to actually get and download your app.

Congrats and kudos.

purephase 41 minutes ago 2 replies      
Congrats. I still can't get by the initial cost of RubyMotion. I know, it will pay for itself, but that's a lot of initial buy-in going on faith. I wish they had a demo version available to try before buying.
gearoidoc 41 minutes ago 0 replies      
Great post - I love reading about this rapid fast releases, even better when the writer had to learn a new language.

I was curious about ruby motion beforehand but now I can't wait to get stuck in.

Oh, and congrats! :D

ceeK 14 minutes ago 0 replies      
This is great. I spent much, much longer on my first iOS app and it isn't half as successful. Very well thought up and executed.
mgkimsal 49 minutes ago 1 reply      
Might just be the fonts, but this looks like a Windows 8 app.

Congrats on the launch!

The Dropbox Sync API is here dropbox.com
94 points by cpg  4 hours ago   28 comments top 14
brown9-2 11 minutes ago 0 replies      
For a just-released API/SDK, the documentation and tutorial on this is pretty nice.

Especially nice that for the Android SDK documentation, they didn't just publish javadoc-generated html files.

HorizonXP 3 hours ago 0 replies      
This is awesome stuff. It really adds a lot of end-user benefits when your app is able to sync via Dropbox.

While the APIs are only for iOS and Android, on BlackBerry 10, it's technically baked into the OS. If the user has linked their device to Dropbox, the OS automatically syncs the filelist and presents it as a part of the filesystem. This means that the user can open, edit, and save files directly to their Dropbox, without having to worry about connectivity. This also means that every BlackBerry 10 app can access your Dropbox folder, for free.

Even still, I have a feeling the Sync API likely offers something more than what I've described, but I haven't had a chance to delve into it. But I'm glad to see Dropbox branching out like this.

Aissen 35 minutes ago 0 replies      
Android has had a Backup API for a long time:

It's one of the most useful, yet under-used feature of Android. It allows apps to save their settings for when users change devices. Sadly, it doesn't allow sync-ing.

qompiler 4 hours ago 5 replies      
I never understood this, the tutorial shows how to authenticate.

mDbxAcctMgr = DbxAccountManager.getInstance(getApplicationContext(), APP_KEY, APP_SECRET);

So anyone with some basic Android knowledge will be able to extract my applications key and secret?

mpvosseller 3 hours ago 0 replies      
If a user doesn't have an account (or hasn't linked their account yet) Dropbox should let developers store data in an anonymous account tied to that device until the uses does. I think developers would pay for that.
smogzer 3 hours ago 1 reply      
I could use this for a Qt app. Why not a c or c++ api instead of IOs and android ?
cmelbye 4 hours ago 1 reply      
How did apps that used Dropbox handle it before this? Did they have to write a mechanism to sync data themselves?
adlpz 3 hours ago 0 replies      
It'd be nice to have the API also for platforms like Windows Phone/Windows 8 and a pure javascript implementation.

Still, this is quite good.

rehashed 4 hours ago 3 replies      
Does this require that my apps users each have a dropbox account?
dmishe 3 hours ago 0 replies      
Wasn't this announced a month or so ago?
sammorrisdesign 1 hour ago 1 reply      
I kind of hope this ends up replacing iCloud in a lot of apps. iAwriter could really do with using Dropbox by default.
marban 3 hours ago 0 replies      
I'd like to see this baked into Mac/Win applications since I'm not using Dropbox but would still like to use sync capabilities without having to install the whole desktop client.
defrndr 3 hours ago 1 reply      
Is there anyway one can use it for a web app? I only see Android and iOS support.
rasmuskl 3 hours ago 0 replies      
Great stuff. Now it just needs to find it's way into the KeePass apps.
Tern. Intelligent JavaScript editing ternjs.net
87 points by aerique  4 hours ago   30 comments top 9
antirez 8 minutes ago 0 replies      
"Tern is not currently open source. I'd like it to be, but I have to pay my bills. So I'm running a crowd-funder where interested parties can pledge money. If successful, Tern will be released under an MIT license."

Very odd model... take your code.

cromwellian 2 hours ago 2 replies      
I find most of these attempts to code-completion in JS to be annoying, like bad speech recognition, if the accuracy is poor, it becomes frustrating. Not to knock their attempt, but I find that if codeassist isn't like 98% accurate, it often becomes more work to step through all of the wrong entries and not find what I want, then to just type it out.

The closest I've seen to something that works well is IntelliJ IDEA 12, when working with ActionScript, Closure annotated JS (JsDoc'ed libraries), or by comparison, the Dart editor.

With IntelliJ 12, if you're looking at a library with enough JsDoc on functions, the type inferencing seems to be a lot more accurate. Find Usages, Go to Definition, code-assist, all seem to be more pleasurable to use.

I don't like Flash, but ActionScript3 in IntelliJ is as close to the Java/C#/et al experience you'll get with respect to accuracy of assist. Probably wouldn't hard to port this over to JSX or Typescript which have similar syntax.

kayoone 1 hour ago 2 replies      
It might sound like an abomination, but Visual Studio is apart from obv. being excellent in C++/C# also a very pleasant IDE for Javascript, Python or even PHP!

In fact i have been an "texteditor-only" type in the past, but coding C# in Visual Studio has really been a revelation for me.

adlpz 3 hours ago 1 reply      
Well, that looks really nice. I am not a IDE type, but I do enjoy nice coding helpers when I write. This, well integrated into say, Vim, would make Javascript programming really comfortable.
meryn 1 hour ago 1 reply      
Looks cool!
How do you gauge the difficulty of adding support for CoffeeScript to this?

Re the indiegogo campaign: I think you should consider adding an extra supporter tier between 25 USD and 1000 USD. The 200 USD tier of CoffeeScript Redux http://www.kickstarter.com/projects/michaelficarra/make-a-be... brought in over 20% of the total amount pledged.

vukmir 1 hour ago 0 replies      
I think that anybody who works with JS should support this project and its author (Marijn Haverbeke of the Eloquent JavaScript fame.)

P.S. Works fine on Chromium Version 24.0.1312.56 Ubuntu 12.04 x64

V1 2 hours ago 1 reply      
Backed. Like everybody who touches JavaScript should do. Also. mmmm finally decent vim bindings for javascript?

I do wonder how it will compare to Eclipse Orion's JavaScript content assist which is using Esprima as parser.


jakozaur 3 hours ago 2 replies      
Amazing, but it could be even more awesome if you could provide API that could be integrated with other editors.
dotmanish 3 hours ago 2 replies      
I typed "[[[[" and the script became unresponsive (hung).

Repeated by reloading the page. Same result.

FireFox / MacOS.

The enigma of the Ford paradox scottlocklin.wordpress.com
31 points by mef  2 hours ago   12 comments top 5
Strilanc 1 hour ago 1 reply      
Summary of the Ford paradox (which the post takes forever to actually get to): Quantum mechanics has only periodic orbits, but chaotic systems aren't periodic. How do we reconcile this with the existence of, say, double pendulums?

My guess: because the abstract double pendulum is a model that only approximates real double pendulums. Analogously, computers based on Turing Machines exist despite Turing Machines requiring an infinite amount of space.


Also, a minor nitpick: the post seems to equate 'not periodic' or 'chaotic' with 'is random', which I think is misleading. Pseudo-random, I guess, but the output of a simulation of a chaotic system is highly compressible and thus not random in the information theoretic sense.

jheriko 18 minutes ago 1 reply      
Doesn't this miss something important about entropy and information creation? From what I understand the classical system isn't producing information...
3pt14159 46 minutes ago 0 replies      
The answer might be stuffed in the "this system will likely shut down prior to generating more information than the sum of the information in the individual subatomic particles."
q_revert 57 minutes ago 1 reply      
anyone who found the discussion of dynamical systems here interesting would be well served by having a look at http://www.scholarpedia.org/, which has some very good articles on the area


Nursie 1 hour ago 1 reply      
Never tried the Ford Paradox, quite like Mustangs though...
Tarski's high school algebra problem wikipedia.org
23 points by ColinWright  2 hours ago   3 comments top
flatline 46 minutes ago 2 replies      
A little disappointing that it all boiled down to the lack of a way to handle a negative coefficient, but fun problem nonetheless.
How I migrated from Heroku to Digital Ocean with Chef and Capistrano github.com
18 points by matteodepalo  1 hour ago   8 comments top 3
danso 41 minutes ago 1 reply      
This was a very helpful and practical tutorial. I don't know why sysops is a source of perpetual confusion for me but it's good to have as many examples as possible. Could you elaborate on the actual hoops that creating a non-root user was creating for you?
thibaut_barrere 1 hour ago 1 reply      
Interesting article I think (as someone who already uses Chef).

That said like I commented on your post, create a proper user instead of running as root, really.

evaneykelen 1 hour ago 1 reply      
I'm planning to move away from Heroku too, partly because of the routing system issues you mention in your article, but also because I want to sharpen my sysadmin fu. Have you considered https://www.cloud66.com/ because it seems like a nice tradeoff between going "bare metal all the way" and Heroku's comfy environment.
Building my first web app - 5 months later premiumthemes.com
19 points by premiumthemes  2 hours ago   8 comments top 4
forbes 8 minutes ago 0 replies      
I'm one of the guys who built ThemeForest. (I don't work at Envato any more.)

I built the rollover previews on that site (which has been rebuilt and improved many times since). I can tell you that you are going to have trouble keeping the preview in view when they are as large as the ones that you are using, whilst still making it possibly to see the other icons in the grid. You'll need to flip it left and right, up and down depending on the position of the mouse.

I also think you need to think about what value you are providing. I think a curated site with less themes with proper reviews would be much more useful than just a scrape of the thousands of themes out there. Your own reviews would be original content which might have a slim hope of outranking the actual themes themselves in Google results. Without that, I don't think you will get a lot of traffic.

Good luck.

cocoflunchy 1 hour ago 0 replies      
Cached: http://webcache.googleusercontent.com/search?q=cache%3Apremi...

PS/Protip: In Chrome, add "cache:" in front of the URL to find the cached version of the current page.

mattmanser 1 hour ago 1 reply      
Abid Omar

I'm the man who keeps this site running.

Don't tempt fate next time ;)

pinouchon 53 minutes ago 1 reply      
To me, this looks like a themeforest redirector
Intro to the Python Framework Pyramid sixfeetup.com
36 points by saurabh  4 hours ago   8 comments top 2
boothead 58 minutes ago 1 reply      
Flexibility and scalability - those are the two takeaways from this.

I've always found django (for example I'm not specifically down on django) to be quick to get up and running but to lead you gently down a path that ends with a very high brick wall.

Pyramid on the other hand is so flexible that pretty much any part of the framework can be swapped out for something else and you can abstract the important parts of your app into a mini-framework for yourself. An example of this: The code I have <100 lines of code in a file called rest_traversal.py that maps SQLAlchemy mapped tables to urls like:

/db/Model -> all instances of Model
/db/Model/1 -> model 1
/db/Model/1/relationship -> all members of model 1's relationship

I'm currently using Pyramid to build the real time front end to an algorithmic trading system and it's been the perfect balance for me.

lifeisstillgood 2 hours ago 2 replies      
I am "mentoring" a python dev on HN and far and away the most important thing I think he can do is not learn a framework till the underlying WSGI process is firmly embedded in his brain

I used to think getting a site up and running in ten minutes meant something bu I tend to believe it is usually teaching bad habits or allowin untrue mental models to develop

Dammit we need developer education. !:-)

Blog in 500 lines of bash ub.es
6 points by deadwait  45 minutes ago   1 comment top
pixelbeat 1 minute ago 0 replies      
It's cool to see static web sites becoming popular.
As for comments (dynamic) you could integrate with discuss, or as I do wrote my own simple comments app for google app engine.

Details here: http://www.pixelbeat.org/docs/web/feed.html

Dear Startups: stop begging investors and pitch your clients 123ship.it
36 points by grenek  5 hours ago   20 comments top 7
Mitchella 4 hours ago 1 reply      
This is a slightly ignorant claim to make. There are plenty of startup companies who have different business models than just "make a program and sell it".

Additionally, you're assuming that every startup is also a saas startup. Most aren't, meaning they might have a thousands in lets say production molds and an order of 10000 units from retailers. They'll need the investment money to help them fulfill orders and grow.

Lastly for many other startups there are costs that exceed past general development. Security is a good example of one of these large costs especially if you're dealing with money or private data in any way. These additional necessary costs could be minor but for many startups they're large and unable to be paid for by the hopeful entrepreneur.

meerita 4 hours ago 2 replies      
Another article about stop thinking investment and do something that magically will work without the initial money inyection.

I think these articles are good motivators but they don't fit in the real world. Let me sumarize my view point:

1. You can develop your MVP at home with your buddies, yes, but maybe you need money to make something crucial that requieres some expert contracting to get it done.
2. You can make a web app, yes, but maybe you need money to get some important licences to operate in the real world.
3. You can launch your project with a pitch, but, it will take ages to reach profitability without proper advertising campaign.

I guess some startups became important businesses in less than a month without money inyection, but they're not the rule and, in most cases, they've managed to get important attention from the press.

Hermel 3 hours ago 0 replies      
Pitching to a large client puts you at risk of becoming a contractor for that client. This is a dangerous trap if your goal is to sell a scalable product.
sylvainww 51 minutes ago 1 reply      
Exactly. Get some clients to pay for your product (or your soon-to-be product).

I am not ever again doing the mistake of developing something in my corner. I want to see the money!

Find market/fit before trying to grow.

ivix 2 hours ago 2 replies      
Argh. Pitch TO your clients. TO your clients. English - use it right.
clark-kent 2 hours ago 1 reply      
There is a difference between clients and customers. If I ran a startup I would prefer to have customers not clients.

You don't know how an idea will turn out until you build the mvp. The Only validation you should need is that you are building something to solve a pain you are having.

It's easy to go overboard seeking validation data for an idea, don't forget to trust your intuition, its often a more accurate source of data.

mctx 2 hours ago 1 reply      
A couple of typos: shedule -> schedule, developement -> development, won't be broken -> broke
Things Java Programmers can learn from Clojure lispcast.com
83 points by goatslacker  8 hours ago   30 comments top 11
skrebbel 6 hours ago 3 replies      
Nice article. It does, however, trigger a thought:

> By making values mutable, this magical-changing-at-a-distance is always a possibility.

I agree, very much so. However, I could also simply promise that none of my code, nowhere, will modify that DateTime. On top of that, I'll ask all my colleagues to not mistreat it either.

Now, that's what many of us are doing now, and the entire point if the OP's first section is that that's just asking for trouble. But how is that fundamentally different from promising to never call toRubles() on a DateTime object? That's what you do with dynamic typing. Yo, here's an object. Please only call methods that it has, and I won't tell you which those are so you'll have to guess the types it may have and then browse to the API docs first (unless it has a method_missing, which you'll have too look at the API docs for as well - but what if it's duck typing and only one of the ducks quacks method_missing?)

Sure, I'm exaggerating. I like dynamic typing. I just have the idea that immutability is for nouns what static typing is for verbs. Just like Java has it half-assed, I feel a bit that Clojure has it half-assed the other way around.

In terms of Steve Yegge's conservative vs liberal discussion[0], it feels like Clojure went all liberal on one end, just to get super-conservative on the other.

[0] https://plus.google.com/110981030061712822816/posts/KaSKeg4v...

lazydon 6 hours ago 3 replies      
Why these things in stay in books and blogs and never make their way into Java web apps:

1. Use immutable values:

Models used in client server communication need to follow Java Bean spec which is like the exact antagonistic concept to immutability. Service methods that implement business logic are stateless. As objects are not shared across threads, nobody feels the need for immutability. The most popular frameworks Spring and Hibernate dictate this architecture.

2. Do no work in the constructor

Are constructors still used? All services are wired using dependency injection. Models are either DTOs or Hibernate POJOs - both dumb and anyways don't do any work.

3. Program to small interfaces:

Interfaces are dictated by functionality they provide and not size. They can have hundreds of methods. This is how it looks: DocumentService - put every document related method in here, FinancialInstrumentService - put every instrument related method in here

4. Represent computation, not the world

Almost everybody begins OOP with this misconception - objects in real world directly map to OOP objects. Its maybe a good place to start but how many grow up from the initial simplistic rule - map nouns in requirements to classes. So, you end up with objects that don't really mean anything and don't do much. Naive use of UML diagrams also leads to this. Discovering abstractions is tricky. One needs to really live with requirements inside out before they present themselves. Who has so much time? Believe me in a quarterly release- developers get around only 3 weeks " rest is divided into BA, QA, UAT, freeze, deployment time.

PS: Please don't get me wrong OP makes good points. It's sweet but the reality is different. May be Google does this (and they do in Guava which is just an example one after another of good stuff in Effective Java). But there's a big corporate java world out there that does things differently. They have well defined easy run of the mill patterns where these things don't fit (yet). This was just a peek into it.

shad0wfax 36 minutes ago 0 replies      
Good article.

Writing immutable software is hard, when the language doesn't provide constructs for it. It will require some discipline. There are some good frameworks/tools for the JVM for Java programmers for this (the whole AKKA package is a good place to start).

I would highly recommend Venkat Subramaniam's book for Java programmers: "..Concurrency on JVM.."- http://pragprog.com/book/vspcon/programming-concurrency-on-t...

martinced 2 hours ago 0 replies      
OK but these things are not enough. I'm a long time Java dev and all these were known in c.l.j.p. and IRC since a very long time. I was doing precisely that, even using the "functional Java" libs when they came out and doing even more radical things...

And I can tell you that even when doing that switching to Clojure is pure joy.

Because even when doing what TFA talks about, this still doesn't solve lots of very nasty Java issues, like the totally outdated approach to concurrency.

What Java programmers can learn from Clojure is that it's possible to create a language targetting the JVM which cannot deadlock and which can offer a dramatic reduction in the size of the source code.

Sadly you simply cannot apply these to "Java the language": Java is utterly verbose and there's no way to have a "sane" way to deal with concurrency in Java (yes, I've got my Java "Concurrency In Practice" copy since it came out).

The other major thing to learn about Clojure + Datomic is that there's a world out there made of something else than the special kind of hell that Java/C# + ORM ([N]Hibernate) + XML + SQL is. (and before you start whining like cry-babies, Datomic can be backed by SQL DBs)

Programmers who haven't done it so yet should really go watch videos by Rich Hickey, here are three particularly good ones:

"Simple made easy"

"The value of values"

and "The Database as a value"


Now sure some will criticize Clojure as being a Lisp-1 and not having real reader macros, others will rightly point out that Clojure's documentation sucks big times and that stacktraces are still a serious issue.

But at least Clojure is showing that there's a saner way than this Java madness.

You have to realize that Clojure is Rich Hickey's fourth attempt or so at a Lisp dialect and that he had lots of very painful experience working on Java Real-World [TM] maddening codebases.

lazydon 6 hours ago 0 replies      

OP reminded me of Google Testing Blog [1]. Misko Hevery used to share lots of great insights there. Awesome yet practical stuff on coding in Java world, which anybody will greatly benefit from but not many are aware of. I hope more people read his stuff. I wish he stayed a bit longer before moving on to the AngularJS project - Java needed him more than the script.

Another Google Testing Blog star was James Whittaker, who's now moved on to Microsoft. Google Testing Blog doesn't seems the same exciting place any more. And to add to that the crazy new design of blogspot - some stuff keeps happening on the page that's beyond one's control.

[1] http://googletesting.blogspot.com/

dlss 4 hours ago 1 reply      
Re >2. Do no work in the constructor

The author doesn't propose a solution here, so I'm worried he's thrown out the baby with the bath water. Yes, it's true that you should have no File IO in a constructor when it violates the SRP. At the same time (and as the author notes), it's very convenient to have Foo.fromFile(String path) or similar.

Here's what I think the compromise looks like:

   public static OptimizedPage fromFile(String path) throws IOException {
return OptimizedPage.from(path, FileReader.readFile(path));

Which seems like having your cake and eating it too.

Or to put it another way: that File IO needs to happen either way -- forcing the caller do write:

   OptimizedPage foo = OptimizedPage.from(path, FileReader.readFile(path));

whenever they mean

   OptimizedPage foo = OptimizedPage.fromFile(path);

Is a subtle violation of DRY.

iSnow 2 hours ago 0 replies      
What bothers me just a wee bit in section 1 of his example is that Date is more or less a simple container class for data - one that could be implemented as a HashMap.

It is easy to make classes like Date immutable, but that does not help with a lot of problems. Date is super-easy to test, only state, no logic. Similarly, static methods are easy to test.

The real pain in Java is when a class has both state and logic - and those are precisely the classes you cannot easily make immutable.

zvrba 6 hours ago 3 replies      
I thought that classes+methods were meant to transform an object from one consistent state to another consistent state. So why is immutability suddenly a big deal? (I.e., if it's a big deal, may it be because encapsulation is lacking? IOW, is immutability a rediscovered "private" keyword, just much more cumbersome to use?)
tawgx 7 hours ago 1 reply      
If Java programmers would only apply the concept of immutability the world be such a better place... Every time I log from within a setter to see who's calling this and when, a little fairy falls from the sky.
jared314 7 hours ago 0 replies      
I would add "Create custom annotations sparingly". It makes Java interop and debugging harder. But, that is just a personal pet peeve.
gordaco 6 hours ago 0 replies      
I think that the article's defense of immutability is a bit poor. Making a date mutable means that it won't always reference the same point in time: yeah, a birthday will remain constant, but an appointment may not; the same goes for a lot of types. That's why C and C++ gives us the "const" keyword: the same object can now be used as mutable or immutable, depending on circumstances.

The other points, especially the second, are spot on, although they have a lot more to do with the Java culture than with the language itself.

Software Development Is Bad For Your Health (And What You Can Do About It) alexmedearis.com
3 points by aliston  12 minutes ago   discuss
EmberJS Confuses Me wekeroad.com
246 points by statenjason  17 hours ago   114 comments top 39
ef4 16 hours ago 1 reply      
> When talking routes, urls, and resources - that's a RESTful consideration and involves stateless state "stuff" (sidestepping the REST debate here). What is this concept doing in a desktop app?.

Ember is explicitly not about "desktop apps". That's actually why Ember broke off from Sproutcore. Ember is very opinionatedly focused on building web applications that are native to the web and stick to web conventions.

The best web applications still behave like the web is supposed to behave: they have shareable, bookmarkable URLs that allow the application's state to be recreated. This is a big reason Ember's router is different than the other examples you mentioned -- in Ember the router automatically handles a lot more of the state reconstruction stuff.

avolcano 16 hours ago 1 reply      
While I actually totally agree with the confusion in the router, I want to explain what I see in Ember's MVC:

As far as I attempted to implement it in my app (https://github.com/thomasboyt/noted-app), it seemed simple enough. Models were data; all they contained was their properties and operations that controlled their properties.

I mainly used controllers as the "state" for parts of my app. In Ember, this doesn't even need to mean it's tied to a specific model type. For example, my Dropbox integration is handled within a controller that's bound to several separate views (in this case, those views included buttons that triggered syncing and modals that displayed the progress of syncing). There's no "Dropbox model," just other models that I'm using this controller to sync. Controllers are not simply an intermediary between models and views, they are an intermediary between state and views.

> I'm trying my best to reconcile this with the notion that a controller (classically speaking) is supposed to ... well control the view. Here, it's not doing that.

I think what the author was looking for in controllers is what's actually handled by, well, views. The view handles any user interaction, and then uses the controller to change the state of various bits (whether calling methods in the controller or simply updating properties on it).

To sum up: model is data, controller is state (including instance(s) of models), and the view is user interaction. Templates can bind to properties on any of these. Routes are what hook these components together depending on the page.

jondot 5 hours ago 0 replies      
In the past I've been working on enterprise application suites for the desktop. The kind of monstrous applications that run on electronics manufacturing floors.
Such a typical application has a shell, modules, inter-module communication, dynamic module loading, plugins, and much much more.

One can think of it as Eclipse with its ecosystem.

To build such a system on the Enterprise with its typical NIH (not invented here) paranoid attitude was VERY hard.

I had to reinvent a lot of wheels.

On the Web, I've used backbone for a long time now, since almost the time it was out. I saw the same problems building complex applications with it (that backbone-marionette amends to a great deal). For a larger project, I evaluated Angular. Had very strong negative feelings about it.

Then I tried Ember. It took me a long time to "get" it. The only thing that kept me motivated is knowing that Yehuda, Tom and Trek and other capable people are contributing on it. I kept fighting through the outdated tutorials, the outdated videos, and even the peepcode video was embarrassingly confusing to me at some point.

But then it hit me. Ember and its infrastructure, the way its MVC is rigged, was very similar to what I was building from scratch on the desktop many years ago. It truly IS the one framework that "gets" desktop, or client-side, applications.

The causer of my confusion was that I didn't completely let go of the "Web-think" for building application. I was stuck at either server-side MVC (MVP), or bare-bones frameworks such as Backbone.

It's been just too long out of the real complex desktop game for me, to realize what that I'm looking at is a proper MVC framework.

So for me, Ember ended up as being great - it still takes me back to the way I was building desktop applications, and I'm sure it will become even better and better.
To understand it, you need to cold-boot your thoughts into that classic desktop MVC place; and if you were never in it, I think Ember is an excellent way to get into it as opposed to other frameworks.

jfarmer 17 hours ago 1 reply      
I've never used EmberJS and am not familiar with any of the front-end JavaScript frameworks, but I don't get what's confusing.

It looks like instead of the controller pushing data to the view, the view asks the controller for data (which it might proxy to the model).

This makes sense with a long-running controller, right? On the web both the controller and view are ephemeral -- they last for just that one request -- but if the controller is running continuously then it needs to reflect changes in the models as they happen. The model(s) the controller references can change without the view changing its reference to the controller.

Without something like this the view would render stale data. I'm assuming this is why we have a controller.model, to add that layer of indirection.

What am I missing? How is this more complicated making the controller<->view relationship pull instead of push?

pilgrim689 17 hours ago 2 replies      
> The downside to this approach is that your HTML is "compromised", if you will, and many developers don't like that. My thought is that it's already compromised using Handlebars so what's the difference here? Personally I have no issue using the ng-* directives. Some people do, and I respect that.

I'm a bit off-topic, but you don't need to "compromise" your HTML with AngularJS, you can place "data-" in front of your attributes and you're HTML-compliant again :).

sideproject 15 hours ago 1 reply      
I come from Backbonejs background with which I have worked for about 1.5 years. So I feel quite comfortable with it.

I decided to try Emberjs - not for any other reason than trying to pick up something else and see how other JS framework approaches.

I gave full two-days worth of time into it. Initially I thought - "How different can it get?" Plus, I believe even if it's very foreign I'll just keep reading, googling, stackoverflowin', youtube-tutorialin' to get my head around.

I gave up though. Here's my hopefully constructive rant, though my views are probably not as deep as the OP's.

* Many of the posts on the net are outdated. I followed a few tutorials here and there, and then things didn't work, so I asked on Stackoverflow, then the answer I got was "Dude, your code is outdated". Sure this is probably similar thing for other frameworks - but I'm just sayin'

* Models - So there is Ember Object, which you can use as models, but you can also use Ember-data.js which is more "glorified" data. Documentation wasn't clear on the difference. Plus, Ember-data.js was quite hard to get started with. It didn't work well with other versions of Emberjs. I really had to dig in to find the right one to start off with. I ended up cloning a github repo of a tutorial that worked, because nothing else did.

* Documentation on "convention over configuration" - OK, so convention over conf. is fine. But the official documentation and many of the tutorials didn't explain what all the conventions there were. I went through a tutorial app, which only had Controller, but things just "worked", because the Emberjs builds all other things for you. Well I didn't know that! THE BEST INTRO EMBERJS VIDEO I found was this.


It finally made sense in the end for me.

* But in the end, among all other things I wanted to do, I gave up, because the frustration was mounting up. I guess I can still persist through it. But I just finished AngularJS tutorial demo and in 2 hours, it makes sense to me.

jacquesc 17 hours ago 0 replies      
Really nice constructive writeup (as always by Rob), and I think it should be addressed by some better EmberJS docs and tutorials. They do a good job explaining the "what", but it could probably use more "why".

It took me a while as well to figure out why controllers proxied to models. However it started to make a lot of sense in when building an app, since the controllers are there to stay around, and the models are swappable.

Having the option to easily swap out a model at the controller level is worth the extra layer abstraction. That and the ability to add additional UI specific properties on the controller that don't necessarily belong in the model (since they don't need to be persisted).

tree_of_item 16 hours ago 2 replies      
I think the problem is MVC itself is a confused mess. It means whatever each person wants it to mean, since it's too easy to make up a bunch of reasonable sounding argumentation for whatever you want to do if you use the words model, view, and controller a lot.
pixelcort 16 hours ago 0 replies      
Think of Ember controllers as proxies, or pointers if you will.

The idea is you can have a commentsController instance, and when you switch to a different post, the view(s) bound to it will automatically pick up the new comments array that is swapped out on behind the controller.

Routing is just rewiring the pointers on your controllers and getting the right views up on the page.

pradeepin 7 hours ago 2 replies      
Yes, I too agree EmberJS always a confusing library, Following are my resaons.

1)They say it follows MVC. Its actually MVC but MVP, if you look closely at the implementation.

2)Controller job is not precisely defined.
Example: Even the data validations are done at controller level not a model level

So i switched to Backbone.js, which is very flexible library with tons of plugins that can be used when needed.

Since implementation of UI is different from requirement to another requirement. I feel EmberJS doesn't satisfy this, which leads to people using Backbone.js.

Regarding AngularJS, please use it only if you are new javascript and prefer learning Angular Javascript (which is not javascript by the way) :)

tonycoco 15 hours ago 2 replies      
Curious for yourself? Try following my simple starter app tutorial of Rails + Ember.js here: http://www.devmynd.com/blog/2013-3-rails-ember-js

Though, I understand the pain of coming from a server-side MVC architecture, I found it refreshing that Ember.js takes the "desktop" MVC approach. Our web apps are now living on the client, acting like desktop apps. Most people struggle with this reverse at first, but can conceptually catch on if shown the way. I think what really needs to happen is a good screencast or two walking through these concepts. I'm interested in putting something together and will when I have the time.

selvan 9 hours ago 1 reply      
I tried Emberjs and Angularjs recently, as both framework offered two-way binding between view & model, at client side.

Angularjs was easy to pickup and I have completed what I wanted to do in about half a day, except one issue, angularjs template rendering is DOM driven. I wanted server-side templates, hence I have to boot phantomjs at server-side. I didn't quite like booting phantomjs for server-side templates.

Since Emberjs offered, handlebar based templates, I was happy that I could render my templates at server-side. So tried emberjs, it took about 3 days, to get it done. Many out dated tutorials & documents spread across internet about older versions of Emberjs. Documentation at emberjs.com is minimal and not helpful. I started looking at source code of discourse.org and try to understand how they used ember.
I felt the power of emberjs when I needed complete control of context and rendering of nested templates. It was real beauty.

nXqd 1 hour ago 1 reply      
The only reason is you are in love with AngularJS. I will find someone who really hates angularJS because if we have a lot of validation, it will become a messy of ng-*.

So no matter which framework we use, we should talk about real world project. Not simple usage that only exists in trying and testing.

Use the framework, you love and you will make it beautiful no matter what :D

andreipop 15 hours ago 0 replies      
Take a look at Yehuda's talk from Seattle: http://www.youtube.com/watch?v=4Ed_o3_59ME - I think it explains a few things very well, and helped me out a ton
tericho 14 hours ago 0 replies      
I'm by no means an "expert" but I shared the same struggles and after 2 weeks of trying to build a complex app I gave up.

I switched to Angular (which I also had never used before) and got the same app up and running in a couple days with even more functionality because I was able to hash lots of the trickier "outside-the-box" functionality that I could not for the life of me get working in Ember.

That being said I really like Ember's syntax, Handlebars integration, core values (performance & stability specifically) and have the utmost respect for its creators. I'm hoping since it hit 1.0 that lots of new sample apps, blog posts and SO-type Q&A resources will start showing up and actually stay relevant for more than a month.

clintjhill 17 hours ago 1 reply      
The examples provided to describe the difference between controllers in Ember and Angular do not appear to be different to me at all. In fact I'd argue that they are identical. It feels to me as though the author is wanting them to be different because maybe it's a style preference from the templating perspective?
stevewilhelm 13 hours ago 1 reply      
> Ember is explicitly not about "desktop apps". That's actually why Ember broke off from Sproutcore. Ember is very opinionatedly focused on building web applications that are native to the web and stick to web conventions.

This may be the issue. I think most of us never really wanted to build web applications, but we were forced to do so due to browser and framework limitations.

We really just wanted to build the best damn desktop app possible that just happened to be deployed in a browser via the Web. This might explain our confusion and disappointment when client side frameworks don't deliver on that desire.

melc 4 hours ago 0 replies      
i've been using ember for the past three months in a fairly complex project and i'm very happy with it ; a platform that builds business web apps dynamically for devices (20+ pages,250+ fields per app with validations, calculated fields, conditional flows etc , rendering/theming in jqm -> packaged with phonegap) and client web browsers (render/theme in bootstrap),the backend is in java. So, i certainly don't feel the same way for emberjs as the writer.

I had decided to build the frontend in a js mvc framework and the candidates were backbone, emberjs (pre version), angularjs. Read about them and gave backbone a try, however from the documentation only emberjs approach felt better maybe because of a similar in-house development java framework that we work on. So i tried to give emberjs a try at the same time, due to the tight deadlines. I dropped backbone, and spent more time on emberjs because everything simply worked and fitted together nicely. All these binding mechanisms are great and actually work :) . Haven't tried angularjs.

The system now works with emberjs (pre and rc) with a nice layered architecture and separate independent business logic modules.

My advice is to read the documentation carefully and choose what fits better to your needs and coding styles.

newishuser 16 hours ago 1 reply      
Don't give up! Ember has a steep learning curve but once you've got a bunch of it memorized development gets much easier.
gavanwoolery 10 hours ago 0 replies      
I have not used Ember, but you mention MVC, which immediately brings to mind Sencha. I have used Sencha a lot, and although I think it is mostly great, I do not like how they try to pidgeon-hole you into the MVC methodology, which just does not make sense in many contexts.
itsbits 5 hours ago 0 replies      
I have been into MVC frameworks for 4-5 months now...mostly used BackBoneJS before switching to EmberJS..conceptually I did felt EmberJS very tough in the beginning..i was worried whether i made the right choice in using EmberJS for my product..but now with the latest 1.0rc2, its so easy in development..routing has been improved very much..Binding is the awesome feature i liked and helps me thgh..an added advantage over BackBone...i cant say about angular..but am quiet happy with EmberJS...
Tichy 16 hours ago 0 replies      
I think the way controllers work here is similar to Ruby on Rails? It confused me in Rails at first (coming from the Java world), but I think it is essentially just a hack to allow for "easier" passing of data to the view (the controller gets exposed to the view). So instead of scope.whatever = "hello world" you can write this.whatever = "hello world" (OK not really shorter, but something like that).

That usage of Controllers is not part of the MVC pattern, I'd say. It's just a recycling of the controller instance - not forbidden, just confusing if you wonder what it has to do with MVC.

Actually it's also the RoR way to have short lived controllers (a controller is instantiated for every request), other frameworks use one static controller instance instead.

pspeter3 17 hours ago 1 reply      
Watching the peep code screen cast helped a lot
sandstrom 15 hours ago 0 replies      
Although really old (and outdated) I found this Sprout Core introduction useful. The first 3-4 minutes was enlightening for me.


anarchotroll 15 hours ago 2 replies      
Seems like the big confusion about the controller is that it is closer to a ViewModel (think MVVM) than to a Controller itself.

Potatos, Potahtos.

terbanator 16 hours ago 1 reply      
Your examples are incorrect. The Route's model is set as the content of the controller, so all you need to say is #each item in content. Your model is set as the "content" of your controller, so your model is not "nowhere to be found"
fcatalan 7 hours ago 0 replies      
Ember confuses me too. I've worked with many server and desktop MVC frameworks for almost 20 years. I'm familiar with MVC, it plays simple and easy, like rock-paper-scissors.
My problem with Ember is that it seems to be more like "rock-paper-scissors-lizard-spock but for us the rock punches through the paper and the scissors cut the rock like butter. And you can play without actually showing your hand". Confusing.
richo 13 hours ago 2 replies      
> I think Yehuda is a very nice and smart person

I always get confused by this. I don't understand how being nice factors into technical decisions?

(For the record, I also think wycats is nice, but I don't really care when I'm trying to decide whether or not what he's saying makes sense)

mark_l_watson 16 hours ago 0 replies      
Until tomorrow there is a 37% discount on the MEAP http://www.manning.com/skeie/ The discount code is m137
randall 17 hours ago 1 reply      
The Angular example is a bit incorrect... when you do an ng-repeat, you're going to do like ng-repeat="person in people" and then each template item will be like {{person.name}} as opposed to just {{name}}.

Just a little clarity in the code. Thanks for the writeup!

seivan 16 hours ago 0 replies      
Wonder how many iOS developers feel home with Ember?
I don't. I also do Rails, and I feel more at home with Batman than Ember.
jhysum 16 hours ago 0 replies      
Instead of controlling the view directly from the controller, the view uses the controller object (proxy to model) in any way it wants allowing you to change the view without changing the controller and same with the controller. I think the issue you are facing is thinking that you are tightly coupled to the controller by using the controller object, depending on what you think about how much coupling is too much coupling you can argue that just using one object might really be decoupling. I'm not sure if I was able to get my point across.
gosukiwi 17 hours ago 1 reply      
Well, I don't know EmberJS but for the handlebars code you showed, seems like the controller is somewhat more like a ViewModel (MVVM pattern), maybe learning KnockoutJS first would help a bit?
ZoFreX 17 hours ago 0 replies      
Thanks for sharing this Rob, it was actually very informative about Ember to a newbie!
devinrhode2 15 hours ago 0 replies      
At first read, I thought your point about routing was really good - why not have route('about').template('aboutTemplate').controller('aboutController') - and then I realized this is all reapeating the same mumbo jumbo. This is all automatically matched up by the naming convention (which frustrates me too, but until I figure out a better way...)
nirvanatikku 14 hours ago 0 replies      
+1. you hit the nail on the head and articulated what I was feeling when I played with ember.
BlindRubyCoder 11 hours ago 0 replies      
The whole point of EmberJS confuses me.
xmlninja 7 hours ago 0 replies      
You are not alone.
Introducing Sodium, a new cryptographic library umbrella.com
171 points by kzrdude  15 hours ago   76 comments top 11
tptacek 14 hours ago 3 replies      
This is based on NaCL. NaCL is an extremely great library that we virtually never recommend because it is very difficult to integrate into most people's dev environments.

Libraries like NaCL, Keyczar, and Cryptlib work by removing all the design choices from cryptography. You don't pick the key sizes, you don't pick the algorithms, you don't even pick what kind of keys you exchange. They implement a whole cryptosystem, as if for some new unreleased version of PGP, subtract the file format, and present it as an API. They're great. They are literally the only way you should be deploying cryptography in your applications.

I think this is a great development, but I am not qualified to say. This sits in a weird place in between a language binding for NaCL and a fork of NaCL. As a bindings package it's an overachiever; as a fork, it seems to have made extraordinarily conservative changes.

You'd really like a real crypto dev --- Matthew Green, Colin Percival, DJB (NaCL's primary author; @hashbreaker on Twitter), Steve Weis, Trevor Perrin, &c --- to say "this is all totally sane, and if you buy the premise of NaCL, go ahead and use this instead.

You'd also really like Sodium to say "this is as much as we're changing from NaCL and nothing else", because what makes NaCL worth building on is the expertise that went into designing it in the first place, which, like me, Frank Dennis probably doesn't have.

SeoxyS 7 hours ago 1 reply      
I just completed a major cryptographic project overhauling the security at my company. (Re-doing our password hashing and authentication, and the protocol for all our networking and communications.)

The password hashing was easy: a portable implementation built as a static / shared C library + language bindings linking to OpenSSL's `libcrpyto` for PBKDF2 (with an alternate implementation using CommonCrypto on iOS / OSX).

The encryption and authentication layer for the communications was much tricker. The first draft was an implementation based on industry standards: RSA2048 + AES256. It needed to be portable to iOS in addition the various other platforms supported, and Apple has deprecated OpenSSL on iOS and OSX. Annoyingly, OpenSSL does not ship with darwin-arm support out of the box, so a custom compile was not an easy option either.

In the end, I ended up picking NaCl, and specifically `libsodium` as a portable implementation. The library, unlike OpenSSL, is beautifully designed and very easy to use, and implements asymmetric crypto functions (based on elliptic curves) which are actually much superior to RSA, providing much greater security for much shorter key length.

Libsodium is highly recommended.

apaprocki 13 hours ago 2 replies      
It is unfortunate so many projects have overlapping names, even playing off the same kind of puns.

This: NaCL + Sodium

Google: NaCl (Native Client) + Pepper

andrewcooke 1 hour ago 0 replies      
how is this better than keyczar?

keyczar is about to support python 3 (there's a patch) and i was planning to make simple-crypt delegate to keyczar (or just delete the project entirely, since its only reason for existence was nothing better existed on python 3, but people seem to be using it). should i delegate to this instead of keyczar? what is the difference?

http://www.keyczar.org/ https://pypi.python.org/pypi/simple-crypt

DeepDuh 11 hours ago 0 replies      
If it keeps its promises this will be huge. To be honest it's almost too good to be true (and to have such an open license). Looking forward very much to using this in future projects.
peripetylabs 11 hours ago 0 replies      
This is great, especially the Python bindings. I've been looking for something similar for a while. I was hoping to package just a reference (portable) implementation of 'crypto_secretbox', but the code seemed to be split up in multiple files and I couldn't understand their build system...
alexjeffrey 14 hours ago 2 replies      
If it works as suggested, this library binding will be a godsend to frontline developers. Cryptography is exceedingly hard to get right and unfortunately existing libraries often tend to be written for developers who are already familiar with cryptography. Hopefully this will see the adoption it deserves and we'll see less incidents like the Mega encryption scandal.
rosser 14 hours ago 2 replies      
NaCl isn't new; it's been around since at least 2009.
newman314 11 hours ago 1 reply      
Next step, openssh ported to use Sodium as an alternative?
anonyfoo 11 hours ago 2 replies      
Excuse my ignorance -- I find myself fairly knowledgeable in crypto/security, but I'm confused by "Sodium also provides a secure, chroot()-resistant drop-in replacement for the arc4random() function family, including the ability to generate random numbers within a given interval with a nearly random distribution."

What does chroot have to do with arc4random()?

jsdalton 13 hours ago 2 replies      
Yeah, cryptography libraries in general are a pain to use and typically require a lot of seemingly arcane configuration and confusing (to the novice) setup.

I wrote this library recently (primarily to scratch an itch on another project), which really does nothing more than pass sane defaults to PyCrypto and eliminate crypto jargon:


Honestly I think it took more time to wrap my head around the simple use cases than it did to implement this wrapper once I did.

Pwn2Own owned all major browsers hp.com
89 points by zobzu  10 hours ago   47 comments top 8
othermaciej 6 hours ago 1 reply      
"All"? Not Safari yet (knock on wood). Which is a big change from back in the day when it was usually pwned first in this contest. Or are you saying it's not a major browser?
kriro 1 hour ago 1 reply      
Are any vendors offering no questions asked X$/0day rewards all year long instead of dedicated events? Seems like it would be a decent move. If the going rate is really in the 50k ballpark why can't say Google offer 10-20k per Chrome exploit?

Their engineers don't make peanuts and the attacks on the software happen regardless. After a year or two you'd probably have a pretty secure system for a reasonable cost.

I don't think there's much negative press involved either if you spin it a la "we have the best security experts in the world attack our software and fix it asap".

+You might pull off a decent talent grab or two as long as you understand how the people would like to work (probably not from a google office)

fruchtose 7 hours ago 0 replies      
It looks like George Hotz [1] is attending! Judging by his work with the PlayStation 3, I expect him to do pretty well at cracking Adobe Reader.

[1] http://en.wikipedia.org/wiki/George_Hotz

omgtehlion 6 hours ago 2 replies      
Interesting how Java was pwned thee times in spite of the lowest reward.
TheAnimus 3 hours ago 1 reply      
Considering Chrome had a last minuite patch applied

It's good to know it still got taken down, because I had a horrible fear they where going to try and advertise they were 100% safe because they weren't exploited.

pavs 6 hours ago 3 replies      
woah! whats with the hp site permalink/URI/url formatting?


andrewchoi 6 hours ago 3 replies      
I don't really understand the competiton. Do people come to these with just the intention of finding exploits, or do they come with the exploit ready, waiting to collect a reward?
dereksy 7 hours ago 1 reply      
Where's Safari?
Hacking First Meetings For Startups startupmoon.com
3 points by tawgx  32 minutes ago   1 comment top
nivstein 15 minutes ago 0 replies      
It appears we sometimes focus so hard on getting the answers we need, that we forget to take that one step back and make the conversation more pleasant for both parties -- something that would in turn yield better results and better relationships.
The Country That Stopped Reading nytimes.com
85 points by uladzislau  8 hours ago   45 comments top 12
confluence 5 hours ago 3 replies      
What an atrocious article. Anecdotal overload, complete non-understanding of statistics, and great dollops of confirmation bias and the fundamental attribution error.

It actually sickens me that this is what the NYTimes has become.

> Mexico is floundering socially, politically and economically because so many of its citizens do not read

Are you fucking kidding me? Does this guy understand that a narco fueled civil war is currently being waged throughout Mexico with nearly 60K deaths in the last 5 years (http://en.wikipedia.org/wiki/Mexican_Drug_War).

I'd respond to the rest of his article - but it's just so, so bad that I really can't be bothered.

magoghm 31 minutes ago 0 replies      
I'm Mexican and live in Mexico City. Although there are people in Mexico who like to read books, I'd say they represent less than 5% of the population.

When I'm invited to somebody's home, one of the first things I tend to look at is the books they have. Often there doesn't seem to be any books there, and when I ask them about it they do confirm that nobody in that house owns any books. It turns out that the only books they have ever had were their school textbooks and they usually quite puzzled about why I think anybody might be interested in owning any books.

logjam 13 minutes ago 0 replies      
"The Country That Stopped Reading" vs "The proportion of the Mexican population that is literate is going up, but in absolute numbers, there are more illiterate people in Mexico now than there were 12 years ago."

In other words literacy is increasing.

And that's where I stopped reading Toscano's vapid screed.

jessriedel 6 hours ago 3 replies      
I am more worried that, in the most famous newspaper in the most powerful country in the world, opinion pieces are overwhelmingly dominated by emotionally charged anecdotes while actual data plays only a cursory role.
auggierose 1 hour ago 0 replies      
I am really shocked by many of the answers I am reading here. Do you really think that reading books is an optional thing? I would even go as far as saying: if you are not a regular reader of books, you cannot be a world class programmer. Because you just lack the necessary imagination for it.
stephengillie 5 hours ago 4 replies      
Even if baseline literacy, the ability to read a street sign or news bulletin, is rising, the practice of reading an actual book is not.

This means literacy is on the rise. The author is one of many people who are concerned because our society is moving away from the novel as a form of expression.

I would argue that videogames are filling that niche -- instead of sitting and reading a book for 40-60 hours, we sit and guide a character and live their story for 40-60 hours.

The question here becomes: Are Mexican children playing enough videogames?

corporalagumbo 1 hour ago 1 reply      
This article reinforces my belief that there is just something very, very important and special about books. I'm going to have to think about exactly what this is, but it seems like books are the difference ultimately between people with dignity and values, things they are willing to make a stand and fight for, and people without. Why is that I wonder?
jurassic 6 hours ago 4 replies      
After several months of intensely self-studying Spanish, I decided to try to find some native language books or magazines to use for reading practice. I thought that in Los Angeles, a city with latino population measured in the several millions, I'd be able to find some kind of book shop catering to Spanish speakers. But I never did. The most promising place -- Libreria Mexico de Echo Park -- appeared to be out of business when I went by one afternoon. I asked a few native speakers near the shuttered bookshop where else I might be able to find books and nobody had any suggestions. But maybe they just didn't want to talk to a crazy gringo.

If anybody knows a good place to browse and buy spanish language books in the LA area, I'd love to know about it.

gadders 2 hours ago 0 replies      
I'm an atheist, but if there is a hell, people like the leader of the teachers' union, Elba Esther Gordillo, need to be in it.

The amount of lives that have been ruined by her union and the teachers they control must be in the millions.

pigou 5 hours ago 1 reply      
> Nowadays more children attend school than ever before, but they learn much less. They learn almost nothing. The proportion of the Mexican population that is literate is going up, but in absolute numbers, there are more illiterate people in Mexico now than there were 12 years ago.

So...literacy rates are going up? That doesn't sound so bad.

OGinparadise 5 hours ago 1 reply      
This can be and it is said for many countries: "back when were in school...now teachers....all day on facebook...we were afraid of our parents...kids these days"

Maybe it's a generational thing.

guard-of-terra 6 hours ago 3 replies      
It is very strange to me that people can be illiterate (as in, unable to read anything) in Mexico considering how easy the written Spanish language is (compared to e. g. English) and how prevalent is it around the globe.

They should be seeing written phrases everywhere and these should be trivial to read once they know the alphabet.

Frozen Android phones give up data secrets bbc.co.uk
4 points by iProject  1 hour ago   discuss
Rejecting industry dogma, Costco backs calls to lift minimum wage latimes.com
167 points by SparksZilla  17 hours ago   368 comments top 25
tptacek 17 hours ago 20 replies      
I like Costco, I think we should raise the minimum wage, and I am a reliable Democratic voter, which is one of the reasons I know that Costco is a key corporate supporter of the Democratic party, and that the minimum wage is a Democratic party identity issue.

Agree also with the other comment here that the minimum wage is a structural advantage for Costco against Walmart.

Symmetry 15 hours ago 4 replies      
Whenever I hear people talking about the minimum wage I want to know why they don't talk about the earned income tax credit instead.

EITC: Money is given to the poor people that need it most. The money that goes to them comes out of progressive taxation. Very little dis-employment effect.

Minimum wage: Money mostly comes from higher prices, which fall disproportionately on poor people. Fairly substantial dis-employment effect.

The only reason to favor the later is that politicians can rely on the public not noticing that they're paying for it.

kevinpet 15 hours ago 5 replies      
The most utterly evil profit maximizing business would always prefer that the government mandated minimum wage is somewhere near what they pay their lowest paid employees.

Sad state of journalism that a group of businesses lobbying for their self interest is swallowed so frequently as selfless action for the public good.

jurassic 17 hours ago 2 replies      
This doesn't surprise me at all. Since they already pay their workers a lot more than minimum wage, the increase would mainly be a hit to their primary competitor that relies on low wages: Walmart/Sam's Club.
hkmurakami 16 hours ago 1 reply      
>And why Costco, a public company that has investors watching every penny and questioning every management decision?

I guess the author doesn't know that Costco is one of the few companies out there who famously give the middle finger to Wall Street analysts (who want them to reduce wages and benefits, and increase the price of goods sold)

mistercow 16 hours ago 4 replies      
The more time goes on, the more I think maybe a minimum guaranteed income is the solution that makes the most sense. Maybe we should just accept that there isn't going to be enough work for everyone, and that that's going to become more true in the future, not less. And furthermore, maybe we should accept that that's a good thing, as long as we shape our economy accordingly.
sukuriant 16 hours ago 1 reply      
This is a dangerous statement; but I know that raising the minimum wage doesn't really hurt people making six figures; but, doesn't it hurt people making only a small multiplier of minimum wage? Like people making 1.25x minimum, and 1.5x minimum, because they'll now be making 1.05x and 1.15x minimum wage, reducing their own personal buying power once the prices settle again..?

I'm all for people earning more functional income. I've said before that I hate the corporate-level, money-hungry models of wages; but I had been taught that increasing the minimum wage, though it helps for a short while, ends up hurting in the end

aneth4 11 hours ago 1 reply      
This makes complete sense:

1) Costco already pays much more than the minimum wage, so they would not be affected directly from a cost perspective.

2) Competitors do not necessarily pay more than minimum wage, so this can only increase the costs of competitors.

3) Increasing minimum wage gives income to the lowest income people who will spend all of this money and are likely value shoppers of the kind attracted to big box stores like Costco.

There is nothing for Costco to lose here.

While I admire Costcos ethics all around, I can't say this is an entirely selfless gesture. Costco behaves rationally good with a long term view rather than irrationally bad with a short term view.

w3pm 16 hours ago 3 replies      
Costco is free to pay their employees as high of wages as they'd like, no legislation required. This lobbying isn't out of their good will but a strategic play to hurt competitors that rely on lower wages. Such is politics.
kokey 6 hours ago 1 reply      
Large, established retailers, in general, will favour a higher minimum wage if it's enforced on themselves and all their competitors. It's actually good for them, since they operate at a scale that can do more with less people. Unfortunately it reduces the market to a combination of large retailers, and small family run operations which can effectively get members of their family to work for less than the minimum wage, and very little in between.
stretchwithme 16 hours ago 0 replies      
The labor market is governed by the law of supply and demand, just like any other. If you arbitrarily increase the price of something, in this case low-skilled labor, surpluses are the result.

If you want to help people, find a way that doesn't destroy the incentives to hire them and the incentives to become a more valuable employee.

windsurfer 17 hours ago 1 reply      
sageikosa 17 hours ago 2 replies      
I'm pretty sure that increasing the cost of labor will drive the prices of labor dependent goods and services up, while also probably flattening growth or decreasing employment numbers when employers try to maximize the margins on the labor they already employ.
davidroberts 14 hours ago 0 replies      
It makes sense for Costco, because they pay above minimum wage anyway, and any increase in the minimum wage will hurt their competitors more than them.
lifeisstillgood 16 hours ago 3 replies      
Here is a plan - set the minimum wage at a level where one person working full time will not have to collect any state benefits in order to raise their family.

Any other level, is an indirect but tangible subsidy to companies who employ minimum wage staff

jdreaver 17 hours ago 2 replies      
They want a wage of $10.10 per hour? I bet a Costco employee starts around $10.20 per hour.
protomyth 16 hours ago 0 replies      
A bit of statistics about minimum wage workers http://www.bls.gov/cps/minwage2011.htm
bjhoops1 15 hours ago 0 replies      
I support a minimum wage increase (trickle-down economics is moronic and makes much less sense than a bottom-up approach, but I digress), but let's not forget that a minimum wage increase helps Costco's bottom line, since their biggest competitor's business model is completely tied to low wages. Just saying let's not pretend this is as righteous of a move as it would be if it were coming from Wal-Mart (who stands to lose). :P
scotty79 4 hours ago 1 reply      
I'd much preferred if they removed minimum wage and almost all of the welfare programs and replaced it with basic income guarantee (http://en.wikipedia.org/wiki/Basic_income_guarantee)
paltman 16 hours ago 0 replies      
just another story of a business getting involved in public policy in order to hurt competitors. costco can (and already does) pay workers more than minimum wage as is in line with their operating philosophy. government shouldn't be in the business of regulating wages, that's an agreement between an employer and employee.
kyllo 13 hours ago 0 replies      
Costco employees start higher than minimum wage already, so this won't affect them. But it's in Costco's interest for their competitors to have higher labor costs. So, Costco supports minimum wage increases.

Labor unions do the same thing.

smsm42 12 hours ago 1 reply      
It probably hurt small independent shops much more than it would hurt Costco, due to economies of scale - if you have 100 workers and you had to raise wages 10%, you probably could do the same with 90 workers or cut a little service here and there without too much effect, but if you have just one worker and you don't have enough money for 10% raise, you're toast.
vijayboyapati 3 hours ago 0 replies      
This is terrible. Costco can get away with a higher minimum wage because they sell at a higher end. All this is doing is forcing Walmart to stop competing at the lower end of the spectrum of goods. The only people harmed by that are the poor.
AlbertoPier 10 hours ago 0 replies      
Costco is supporting the rise in minimum wage only because it helps them. They have lower labor cost then their competitors. I can hardly see any employees in Costco warehouses. This is the same type of hypocrisy as them supporting higher taxes for the rich and then getting a huge loan to pay ahead of schedule bonuses for the execs and board members to avoid new tax rates.
jimzvz 15 hours ago 3 replies      
Higher labour costs just push business overseas. Is this not true?
Fix the DMCA fixthedmca.org
209 points by sinak  20 hours ago   50 comments top 11
AnthonyMouse 19 hours ago 1 reply      
A couple of things:

1) DMCA 1201 is "treaty implementing legislation" for the WIPO agreements. Repealing it entirely is unlikely without getting that fixed -- but we (the United States) are the ones who actually wanted that crap in the treaty to begin with, so if the executive is behind scrapping it, pushing for that to happen internationally would be a big win. In the meantime, fixing the law so that circumvention-without-infringement is never illegal would still be a great improvement even if we can't be rid of the whole thing immediately.

2) There are two relevant parts to DMCA 1201. The first is that circumvention is prohibited. This is the thing the Librarian of Congress currently is allowed to create exemptions for. The second is that circumvention tools are prohibited. The exemptions the Librarian makes apparently don't apply to this -- if we're doing some reform, it really ought to exempt tools with a "substantial non-infringing use." This is the thing that prohibits Walmart from selling e.g. a DVR-like device that allow you back up all your DVDs and stream them to your phone whenever you want. There is a serious amount of innovation that doesn't happen because of the lack of that exemption.

wheaties 18 hours ago 0 replies      
It's great but the only people who it would speak to are technical people. If you started with the section on blind people, then security researchers, then go into detail about other things like getting apps from an app store first, you'd appeal to more people. And if I studied english more I'd have learned how to write that without a run-on sentence.
largesse 20 hours ago 2 replies      
Nice, but the DMCA needs more reform than that. There is a severe imbalance in the fact that parties who feel that they have been infringed can serve financially disastrous take-downs that must be complied with immediately. The only recourse for served parties is a long expensive legal process.

Something needs to be done to bring this into balance.

pdonis 16 hours ago 2 replies      
Why are we trying to fix the DMCA instead of just trying to get it repealed? What parts of the DMCA are worth keeping?
sinak 19 hours ago 9 replies      
This is a bug thread.

We built this in 72 hours while on a bus going from San Francisco to Austin on terrible cellular connections and running on 9 hours sleep in total (StartupBus). Please help us debug. If you see CSS/JS that needs changing, tell me and we'll get it done immediately.

ensignavenger 18 hours ago 0 replies      
This is a start, but what you guys really need to do is author specific legislation and then lobby to get a few sponsors to introduce it. Once you have identified a few potential sponsors, we can focus our efforts into lobbying them, ad once it is introduced, we can lobby the rest of Congress to pass it.
awwstn2 19 hours ago 0 replies      
This campaign needs all of the support it can get. If you'd like to help, please upvote on reddit: http://www.reddit.com/r/technology/comments/19sbuc/fixthedmc...
aptwebapps 10 hours ago 0 replies      
We don't need a set of permanent exemptions, we need to repeal the anti-circumvention provision. Not the whole DMCA, although there are other parts that could use adjustment. This provision stifles innovation all over the place and I seriously doubt it has any significant impact on piracy, which was it's original intent.
Zikes 20 hours ago 2 replies      
Aren't media backups, including DVDs, already legal under Fair Use? Is there any legal precedent to the contrary?
larkinrichards 6 hours ago 0 replies      
Totally support this.

Also, Streem is listed twice as a supporter. Mistake?

Pyramids 19 hours ago 0 replies      
A very valid argument, however nothing on the current DMCA Takedown Notice provisions enforced upon "Online Service Providers" (aka pretty much any service, platform or ISP which makes content available online)

That seems like an area which is worth addressing as well, at least in passing, and there are plenty of examples of abuse hanging around.

LayerVault Sends DMCA Takedown Letter re Flat-UI github.com
369 points by bencevans  22 hours ago   326 comments top 51
ender7 18 hours ago 10 replies      
For the lazy, here's a summary of the claims that LV/DN is making:

Some icons appear to be heavily inspired by LV.

Here are three icons (circled) from Flat-UI: http://i.imgur.com/xDDULcG.png

You can see that the gears and news icons do bear some similarity to LV's versions: http://dribbble.com/shots/800428-LayerVault-icon-set-for-del... and http://imgur.com/rli5IVU the latter via http://news.ycombinator.com/item?id=5332741)

In addition, LV claims that Flat-UI ripped off a number of other icons from dribble.com, such as this clock and map (Flat-UI above, originals below): http://cl.ly/image/3Q181w0b1u2K (original dribble links: http://dribbble.com/shots/695458-Nasa-Playbook-Icons and http://dribbble.com/shots/877061-Map-2013).

Finally, the color schemes have been claimed to be identical: http://pixxel.co/feed/layervault-issues-dmca-takedown

LV appears to be confused as to what constitutes copyright infringement. None of these icons are actually copies of the original, and even if they were LV would not have a right to issue a DMCA takedown for the ones they didn't own.

This seems to be a massive PR blunder for the LV guys. They could have put up a blog post enumerating how many of their (and others') designs were ripped off (which is not the same thing as copyright infringement) and probably garnered some internet sympathy. Now, by misusing the much-hated DMCA takedown notice they've positioned themselves in the same camp with all the DMCA bullies we have grown to loathe.

mrmaddog 20 hours ago 10 replies      
And here's a reply from Allan:

Looks like the pitchforks are out over on HN.

It was pretty straightforward. Our reaction was "Cool, a flat UI theme" to "Wait, this looks familiar" to "Wait, are those our illustrations?".

I contacted the designmodo people over email, because that's the right way to handle this. The owner was being stubborn at first and refused to admit wrongdoing. At that point, I submitted the DMCA request. Eventually, he removed the most blatant icons which (in my eyes) is an admission of guilt.

They even managed to kinda lift the old DN icon :) http://imgur.com/3zoKuvH

If you have some intimiate knowledge of LayerVault's UI (which their designer apparently does), the similarities are a bit more than striking. That's not a huge issue until you release everything together - the icons, the colors, the UI elements, whatever.

We give a lot of our stuff away for free. We put a lot of our projects on cosmos.layervault.com, we write about interesting concepts we've come up with and include the code on our blog, whatever. This isn't about thinking we own "Flat Design" or being mad that there's some other design out there with a similar aesthetic.

recoiledsnake 20 hours ago 7 replies      
Someone please lend LayerVault some contrast.




I cannot believe a "top notch" design house can get this so wrong.

Edit: Designer News seems to suffer from the same affliction.


A lot of sites that are HN these days seem to lack contrast, what's up with that?

justjimmy 19 hours ago 2 replies      
Complete Side by Side Comparison


Noun Project vs Layer Vault vs Flat UI


If anyone notice other similar icons, I can update image with side by side comparison.

Thanks to fellow HNers for the links to the images. I just stuck it all together side by side.

Edit: Updated with more samples.

aviraldg 20 hours ago 4 replies      
Why don't we, as a community, collectively agree to boycott copyright trolls? (and teach them a lesson in the process)

esp. when the target audience consists of developers/designers

EDIT: I tried to cross-post this on Designer News, but it turns out they're invite-only. Can someone do me the honour?

HeyImAlex 20 hours ago 3 replies      
I have the old pre-dmca Flat UI gitgub page from yesterday open in another window, and designmodo has apparently made a few changes since then. Just based on that, I'm going to guess that the problem was stemming from these.


andyl 20 hours ago 1 reply      
I learned one thing: I will never use LayerVault's service, and discourage anyone I know from using it.
jgj 20 hours ago 1 reply      
The founder of LayerVault is claiming it was specific illustrations which were stolen


ajross 21 hours ago 4 replies      
Can someone please summarize for those of us not plugged in to the web UI framework (or whatever this is) community? I'm seeing entities like "LayerVault" and "Flat UI" and products (?) named "trend" that I've never heard of.

Is this an abuse of process I should actually care about or is it just a "who did what?" spit between estranged developers?

mnicole 21 hours ago 3 replies      
Am I understanding this right; that LayerVault is trying to claim that they are the sole owners of the flat UI trend? I'm sorry Allan, I've been a fan of yours since before LayerVault was even launched, but this is really low. And if I'm remembering correctly, this isn't the first time you guys have harassed someone about using "your" aesthetic.
Pyramids 21 hours ago 2 replies      
Filing a counter notification is extremely straightforward, and moves this to a court dispute, which will almost undoubtedly never happen.

You can use Chilling Effects Counter-Notification generator to automate the process:


For those who are unfamiliar with DMCA notices, in short:

1. Content Provider Receives DMCA

2. Content Provider must act 'expeditiously' to remove content which is claimed to be infringing

3. Individual has an opportunity to submit a counter notification to their content provider, in which case the content can be reinstated after 10 business days regardless of the other parties claims. (Unless an injunction is obtained.)

4. Any further action is only by legal means (court injunction)

Disclaimer: IANAL (yet)

newishuser 15 hours ago 0 replies      
You can't copyright a color pallet.
You can't copyright an icon concept.

Sending DMCA take-downs without full intent to prosecute and full conviction that your copyrights have been violated is not only illegal but shameful.

bluetidepro 21 hours ago 2 replies      
Whether this is true or false, I see this hurting LayerVault more than it's worth fighting. It will be interesting to see this play out.
kunai 18 hours ago 0 replies      
What's kind of ridiculous is that LayerVault took a lot of inspiration (I repeat, A LOT) from Hacker News with regards to the design of their discussion site. From the URL, the minimalism, and the link design. Heck, even the name is copied -- Designer News? Really?

I guess pg should send a DMCA takedown notice to them, then.

Daiz 20 hours ago 0 replies      
What I personally don't understand is that if DesignModo did actually copy assets from LayerVault, why doesn't LV name said assets and possibly include screenshots or whatever in the DMCA claim? Or make a post about it. Or really, anything that would include the specific information so that people wouldn't be left guessing. As evident by the reactions, not being specific here only serves to make LV's claims seem unsubstantial. I'm personally rather doubtful about their validity for the same reason as well.

Also, I think it's pretty ridiculous that a DMCA takedown can even be "valid" without specifying what exactly was infringed - "I am the exclusive rights holder for the artwork contained within Flat UI, Free Web User Interface Kit" isn't exactly saying much.

ck2 21 hours ago 1 reply      
I thought "look and feel" lawsuits over UI were settled long ago?


throwaway420 21 hours ago 0 replies      
Without some extraordinary explanation by Layer Vault detailing an actual theft of files or copying of their actual work, it sounds like Layer Vault just did a major scumbag move that harms designers everywhere.

And that's a shame because I like Layer Vault a lot.

Duhck 21 hours ago 2 replies      
Maybe Hacker News should send you a take down notice for copying HN with "Designer News" aka DN?


beernutz 17 hours ago 0 replies      
I don't care for the whole "flatUI" trend, but I REALLY can't stand this kind of blatant abuse of the DMCA (which itself can be argued to be an abuse of common sense).
stefanobernardi 14 hours ago 0 replies      
The reality is that DesignModo is not new to this.

I have been waiting for this to happen for a while. Their "Bricks UI" is an extremely blatant copy of Google Ventures' web site, and it's weird nothing happened there.


I'm not on either side, but it's just painful to watch the reactions on HN. It seems like a lot of the commenters were just closed down somewhere waiting for the right occasion to blame some copyright enforcer.

largesse 20 hours ago 2 replies      
What are the penalties for a false DMCA claim?
sobering 20 hours ago 0 replies      
For being a design oriented company, LayerVault can't choose type colors worth shit. I can barely read any of the body text on nearly every page of their site.

They need to read up on W3's proposed contrast minimums: http://www.w3.org/TR/WCAG/#visual-audio-contrast-contrast

vicbrooker 18 hours ago 0 replies      
I can't help but think this sort of thing is going to happen more and more as we move towards a flat/minimalist UI.

I've read comments (not on HN) from people who have endorsed the DMCA takedown because of their personal ethics and morals rather than knowledge of the law. Particularly one who claimed that the similar colour palettes between LV and Flat UI justified the takedown - even though colour palettes themselves are currently not copyrightable subject matter. To win on those grounds you'd need a genius (and crazy) lawyer and a judge who is either asleep at the wheel or bribed. Then you'd lose on appeal anyway.

Colours can be only trademarked. Using that colour is not a copyright violation. Hence no DMCA.

It makes me sad that as we all move towards minimalist design startup founders will need to know IP law better than a few years ago. Some of this is due to trolling and some because of a mislead or otherwise naive understanding of the law like I mentioned above. It's just adding pressure on founders that we don't really need and more work for lawyers.

A lot of us are doing whatever we're doing for the first time and that makes us (potentially) easy targets. A better knowledge of the law in this scenario might have prevented everything from blowing up like it has. But Flat UI and Layervault wouldn't have had as much energy put into the product and so everyone suffers.

Then again I'm in law school right now so at least I know there's a job in all of this if i ever need it :-/

I guess I just wish we could stop bickering about stuff like this and get on with building cool stuff.

dreamdu5t 19 hours ago 0 replies      
Am I the only one here who sees nothing wrong with copying icons? Layer Vault doesn't own the things they freely display for others to imitate.

I'm repulsed at the idea of "owning" a visual depiction of a fucking newspaper.

And yes, I've worked for years of my life as a designer. I know what if feels like to have people copy you.

3amOpsGuy 21 hours ago 2 replies      
The designmodo logo is quite debian-esque. Maybe too close to debian's i'd think.

EDIT: https://secure.gravatar.com/avatar/7d9027189b18855f5f2ddeb7d...

justjimmy 20 hours ago 0 replies      
Does anyone have a active subscription to Layervault?

Here's the Flat UI designs:

LV is saying that illustrations/artwork was the reason for the notice so if anyone have artwork on the dashboard they can compare that'd be great (cause I can't find any copied artwork from their main site).


The issue is artwork/illustration.

SmeelBe 21 hours ago 2 replies      
I not see any resemblance between layervault project and Flat UI, colors are different, icons too... explain please guys what is the problem?
beatboxrevival 18 hours ago 0 replies      
Always With Honor should go after LayerVault.
Saul Bass should go after Always With Honor.
Picasso should go after Saul Bass.

Any designer that doesn't understand that design is an iterative process, shouldn't be a designer anymore.

etchalon 18 hours ago 5 replies      
I'm not a massive fan of the most of the responses in this thread.

Any designer would look at Flat UI and immediately realize that they drew inspiration from LayerVault. The similarities aren't minor, in either style, tone, or techniques.

The three icons DesignModo removed were the most obvious offenders. And by obvious, I mean, "Yeah, you completely ripped those".

So DesignModo has absolutely no right, in any sense, to be indignant. They produced unoriginal, lazy, copied work, and got called out on it.

Within this thread, I see lots of idiotic bits such as "LayerVault doesn't own hex codes!", "You can't own a style!", etc etc. These type of comments miss the forest for the trees.

Individually, no, LayerVault has no right to claim ownership of any specific color. But Flat UI's rip is the combination of a rip of all things together, not one thing in specific. Change the color scheme of the illustrations and you'd have less of a case. Change the shadow technique, or the general aesthetic of the icons.

It's the COMBINATION of all of these factors which makes this a "rip".

Now, what DesignModo did may not be illegal, but why is anyone rushing to defend them? In what terrible universe is being an insipid, unoriginal copier something any community champions?

And why would anyone walk away with a negative opinion of LayerVault? Really? You don't think they should be slightly irked that DesignModo ripped off their distinctive style, and is _charging_ people for the chance to use it?

It baffles the mind.

camworld 17 hours ago 0 replies      
Congratulations to LayerVault on their biggest day of traffic ever. Whether this brew-ha-ha was intentional or not, a lot more people are now aware of them than before today.

I like browsing their Designer News links on a daily basis, but I would think twice about signing up for a service run by people with questionable character and morals, which is the feeling I am coming away with after reading through this thread.

This whole thing could have been handled a lot better and with far more professionalism.

justjimmy 21 hours ago 1 reply      
This is why we can't have nice things.

Even Apple didn't even go after others when rounded corners, glassy/glossy, gradient buttons was the trend. (Yes, Apple didn't invent those, just as LV didn't invent flat UI or the art work - which btw, is just a flat color. Glad Pantone isn't going around with LV's mentality.)

Just speechless.

enra 19 hours ago 1 reply      
When the Flat UI was released, I was waiting for Layervaults response. In their defence, the style, colors, some of the icons are very close to Layervaults, so I can understand their frustration. I have no doubt that designmodo had more than "inspiration" from Layervault.

Probably they didn't break copyright, but basically they copied the style and made it a commodity (this is like the Svbtle thing all over again). Flat design is a trend, but I haven't seen similar site, with similar colors and style as Layervault. When you ripoff something almost 1:1 in design, necessarily it isn't illegal but it isn't honorable either. As a designer, you shouldn't do that to other designers.

melvinmt 20 hours ago 0 replies      
I like the way how Github handles DMCA requests by the way, everything's out in the open, including the lame claims people come up with.
ebbv 20 hours ago 2 replies      
Really glad I downloaded Flat UI yesterday before this crap started 'coz I'm gonna be using it for a project this weekend.

Fortunately I only wanted the CSS. If an illustration was stolen (which seems unlikely, or at least it wasn't done with designmodo's knowledge), that won't affect me since I'm not using any of them.

jbverschoor 21 hours ago 1 reply      
I think I'll send myself a DMCA notice, post it on HN and get lots of traffic and noise around my brand
largesse 20 hours ago 1 reply      
Could a site have a policy where if you issue a DMCA takedown for something on the site they drop your content and ban you?

It's sort of like the logic of GPL.

lucaspiller 20 hours ago 0 replies      
Anyone got a clone of flat-ui?
mattwdelong 20 hours ago 1 reply      
Does anyone notice a striking similarity between the "Debian swirl" and the e in Designmodo?

It's obviously not a copy of it, but rather an "inspired version" of it. With that being said, it's definitely possible that designmodo didn't copy layervault, but rather was "inspired" by them. Not sure how that would stand up legally, but I would say that if I were designer, it would be "ethically annoying".

aubreyrhodes 19 hours ago 0 replies      
Seems like their complaining about the news icon. Here's the DN icon and the flat-ui icon side by side: https://acr-skitch.s3.amazonaws.com/news.png-20130306-130455...
jcomis 20 hours ago 0 replies      
The only thing that is not completely generic imo is the color scheme FlatUI picked, which is similar to the scheme on LayerVault. But it's not exactly the same (I checked, everything is quite close though). Don't think something like that warrants an action like this at all.
brendanobrien 14 hours ago 0 replies      
I think this serves as a great testimony to just how homogenous / under-considered the "flat" aesthetic has become. For crying out loud, flatUI is a kit for replicating this appearance! I love the flat look, but as soon as kits for replicating a look start to grow in popularity, it's time to move on.
fuddle 15 hours ago 0 replies      
It is still available for download on their site: http://designmodo.com/flat-free/
bratao 18 hours ago 0 replies      
Anyone can provide a mirror ?
saiko-chriskun 21 hours ago 2 replies      
anyone manage to clone the repo?
ryanAmurphy 20 hours ago 0 replies      
Maybe they own a few hex codes.
creullin 21 hours ago 0 replies      
Coders Twitter account https://twitter.com/iurevych
SmeelBe 20 hours ago 0 replies      
let me guess, the next one you're going to report is microsoft, or google?
bzelip 20 hours ago 0 replies      
so disappointing when our generation(s) act to limit the Internet. LayerVault please stop, we really dig ur stuff.
Challenge yourself and be Awesome filipekberg.se
12 points by knasteddy  2 hours ago   discuss
Show HN: QR Codify, The Most Useful Snippet I've Ever Written zacharyvoase.com
248 points by zacharyvoase  1 day ago   110 comments top 39
harel 1 day ago 6 replies      
I use Chrome to Phone with my android phone. One click on a button sends the current url to my browser, or I can select any text, right click it and send it to my phone where it is then available on my clipboard to paste wherever. It also keeps a history of all this on my phone so I can recall what I sent last week. That feature alone is why I'll probably never own an iPhone.

Edit: Still a cool extension you've got there! Not taking anything away from it.

martinaglv 23 hours ago 2 replies      
I read through the comments, expecting to see a JS version of this, but I didn't find one so I made it:

  javascript:(function(){ var i = new Image();i.src = 'http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl='+ encodeURIComponent(getSelection());i.onclick=function(){i.parentNode.removeChild(i)};i.setAttribute('style', 'position:fixed;top:50%;left:50%;margin:-150px 0 0 -150px;box-shadow:0 0 20px rgba(0,0,0,0.2)');document.body.appendChild(i)})();

Create a new bookmark, name it "QR Selection" and add the above code as the URL. Only tested in Chrome.

Edit: Added missing apostrophe.

klinquist 20 hours ago 1 reply      
Nice. I've built a web app that pushes a mobile provisioning profile to iOS devices with your wifi ssid & password - lets people easily jump on your wifi

Works with Redlaser only as most QR code readers open web links in a viewport instead of pushing out to safari.


ctdonath 17 hours ago 1 reply      
I saw this, thought "yeah right, gonna be more of a pain than depicted, why bother", downloaded & installed it anyway because I've got a stupid fondness for the idea (if not the awkward reality) of QR codes ... and not 2 hours later was using it for real. Dang handy, nicely implemented.


Only quibble is: how big a code can this viably render? tried something not particularly large for fun and just got a big "PNG" icon instead.

WickyNilliams 2 hours ago 0 replies      
Been meaning to look into Automator ever since I got my mac. Does anyone have a good guide on all the features available?
chaosphere2112 23 hours ago 1 reply      

    Fortunately, OS X now has Services

This feature originates in NeXTSTEP, and I'm fairly certain it has been in OS X since the beginning.


claudius 23 hours ago 1 reply      
Look, this even works when you're offline :)

   qrencode -o - -l L -s 10 -- "$(xsel)" | display

TheBindingVoid 1 day ago 0 replies      
For Android users there is the Chrome to Phone extension which uses Web Intents. No need to scan a QR code. You can directly send selected text, web links, phone numbers or map links to your phone.
Herald_MJ 3 hours ago 0 replies      
If you have an iPhone and Mountain Lion, you can just pass messages between devices via the Notes apps and iCloud.
duck 1 day ago 1 reply      
I can't recommend http://pushbullet.com enough... it allows you to send anything to your phone and works very well.
keyboardP 1 day ago 2 replies      
I created a bookmarklet that does the same thing for any website you're browsing. Makes it easy to transfer from PC to phone, assuming the phone can read QR codes.


shill 15 hours ago 0 replies      
Nice work! This inspired me to create an Automator service for pretty printing JSON.


mef 1 day ago 3 replies      
Great hack. Another way to get text quickly to your phone, if you have an iPhone, is to send yourself a message on Messages.
shawn-butler 1 day ago 1 reply      
Cool, I like it and would use it daily. I sometimes use dropbox like a pastebin for same thing.

QR Code transfer is probably patent encumbered (like well almost everything).

Nokia has app to do this but in reverse. Look at photo gallery on phone in their app. When you find picture you want to see, open browser on desktop and see QR code. Point camera at screen and the QR code in browser is replaced by image from phone.


franze 1 day ago 2 replies      
if you like URL "hacking" you can do something like this

http://miniqr.com/"hello world"

does mostly the same as mentioned above, does this for i think now 4 years (i coded this on a beach in mexico, lets say my memories are fuzzy)

after looking at the market fo QR codes now for 4 years, i don't think i will get rich with just that side project. QR codes just do not fulfill any use case for users (they fulfill a use case for content publishers and advertisers, but non for users)

p.s.: if you want to (really) see people scanning QR codes, there is a page for that, too http://replycam.com/browse.php

neilparikh 11 hours ago 0 replies      
Can services be used on Firefox for Mac? It doesn't show up on my right click context menu.
lepht 1 day ago 2 replies      
I've been using a Chrome extension I created for the same purpose. The nice part is that it does it without making an external web request, using javascript and canvas.

Also, iPhone users should check out the Scan app[1] for a QR code reader. It's by far the fastest starting, simplest QR scanner I've been able to find; Most of the other apps seem to be cramming in price-checking features and have butt-ugly icons.

[1]: http://scan.me

marban 1 day ago 2 replies      
Just keep in mind that Google's QR Code (Infographic) API has been deprecated.
zacharyvoase 1 day ago 1 reply      
What do you mean?
ssdsa 18 hours ago 0 replies      
Since the selected text is sent to Google in plain text via a regular HTTP connection, you shouldn't use it on confidential data.
conradev 21 hours ago 0 replies      
If you want to read the QR codes just as quickly on your iOS device, check this out:


tucosan 19 hours ago 0 replies      
I use a bash function to immediately display the code:

  function qrshow(){ qrencode -s 10 "$1" -o - | display - ; }

gaving 21 hours ago 0 replies      
Use pastebot from tapbots (authors of tweetbot) for this sort of thing personally. http://tapbots.com/software/pastebot/
sandesh247 10 hours ago 0 replies      
How do I make the "Services" submenu show up in the right click menu?
yahelc 22 hours ago 0 replies      
My solution here is usually to just send myself a text message from Google Voice. For me, it's faster to open a new tab and paste my text than to find my QR reader and scan.
xlevus 20 hours ago 0 replies      
What would make this perfect, is a "QR Keyboard" that reads from the QR code and dumps it into any other input field.
pi18n 21 hours ago 0 replies      
There's also a few apps that can copy and paste between devices. I use Any Send to pass links and PDF's around.
peterhajas 20 hours ago 0 replies      
> Fortunately, OS X now has Services

This has been a feature for OS X for a long, long time.

lorenzfx 23 hours ago 1 reply      
I'm using a zsh function with similar functionality for exactly the same purpose:

    qrdisplay () {
qrencode -o - "$1" | display

ispekhov 8 hours ago 0 replies      
Now go generate tons of QR codes and scan them all with Qriket to earn money.
ekarulf 20 hours ago 0 replies      
Google's chart API also supports ssl: https://chart.googleapis.com/chart?cht=qr&chs=300x300...
dreen 1 day ago 1 reply      
QR sounds useful for some minor applications, but for anything serious placed in a public place on a physical medium (like a billboard) its a phishers dream: just put a sticker with your phishing url over the original one and noone will ever realise.
YPetrov 23 hours ago 0 replies      
Great idea! Never knew about the Automator. That got me inspired to create a HN Search service for myself: http://news.ycombinator.com/item?id=5331370
batemanesque 1 day ago 1 reply      
here's something intended to serve roughly the same purpose for iOS/Mac: http://www.getbeamapp.com/
eliasmacpherson 16 hours ago 1 reply      
can i get that in ascii please?
seivan 21 hours ago 0 replies      
I love the hacker in you. :
ya 20 hours ago 0 replies      
       cached 7 March 2013 14:02:01 GMT