hacker news with inline top comments    .. more ..    22 Sep 2013 News
home   ask   best   4 years ago   
1
Chaos Computer Club breaks Apple TouchID ccc.de
148 points by biafra  43 minutes ago   39 comments top 20
1
WestCoastJustin 33 minutes ago 1 reply      
The "How to fake fingerprints" link [1], is one of the scariest things I have seen, given how simple it is, and how much we reply on fingerprints for linking people to crimes.

BTW, for anyone who does not know about Chaos Computer Club (CCC) [2], they run a massive conference in EU. You can look at some of their talks @ http://media.ccc.de/

[1] http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?langu...

[2] http://en.wikipedia.org/wiki/Chaos_Computer_Club

2
MarcScott 21 minutes ago 4 replies      
If we've learned anything over the past few months, it is that security is an illusion when it comes to Google, Apple and Facebook.

The fingerprint scanner is not intended to protect your personal data from being accessed by nefarious cyber-spooks or crackers. The $5 dollar wrench technique is fairly effective in bypassing such security anyway.

The fingerprint scanner is there so that when your phone is nicked by a mugger, they can't reset to factory defaults and sell it on eBay. If some knife wielding thug that robs me of my phone has the intellectual capability of lifting my fingerprints off the case and then using them to bypass the security, he still has to know my AppleID password before he can remove the 'Find my Phone' feature.

Give Apple a break. This is just another layer of security. It's _not_ the panacea to all our security woes, and they have never claimed it was.

3
arrrg 30 minutes ago 1 reply      
Expected. Still much, much better security than no code at all. I will use it (with full knowledge of its downsides and tradeoffs) and it would behoove the CCC to not portray security as a binary state. (Just as much as it would behoove Apple to be truthful in their marketing.)

Don't use it if thieves would consider going through all the effort of faking out the scanner. That's what I take from this no doubt valuable and important work from the CCC.

(I assume that iPhone tracking and activation lock cannot be disabled with the fingerprint, so stolen phones will still be easily remotely wiped and bricked, with fingerprint or without. Thieves will have to be crafty and quick if the want to pull this off.)

4
nodesocket 0 minutes ago 0 replies      
Honestly, TouchID is better than what we have today; a 4 digit useless passcode. If somebody has to take a photo of my fingerprint off a glass surface to gain access to my phone, so be it.
5
cowsandmilk 1 minute ago 0 replies      
> The method follows the steps outlined in this how-to with materials that can be found in almost every household

I own almost none of the materials they list. They have a very different idea of what materials can be found in almost every household.

6
gjmulhol 22 minutes ago 2 replies      
I have accidentally seen basically all of my friends' passcodes as they type it in at bars etc. I could get into their phones easily. TouchID is more secure than that simply because someone needs to take a 2400dpi image of the person's finger to do it.

Locks (when physical access to a device is available) are to keep honest people honest. Most security experts that I know agree that if an intruder has physical access to a device, it can be considered compromised because it is just a matter of time.

7
sarreph 26 minutes ago 0 replies      
An interesting comment on the YouTube video: Not cleaning your iPhone is likely to leave fingerprint evidence/marks directly on the device's housing that could be faked.
8
neilk 12 minutes ago 0 replies      
I think they're missing the point. The passcode on an iPhone defends against other people in your environment - family members, coworkers, roommates - getting your information opportunistically. It doesn't defend against hackers, the government, or even slightly savvy thieves.

Also, if a fingerprint sensor is significantly easier to use, and in practice will deter a class of privacy violations, it could increase overall security. This is a question you can only answer by looking how people behave, not solely with an analysis of the technology.

The fingerprint sensor worries me more that it records biometric information at all. It's one thing to leave fingerprints all around your environment, but there is now the potential to steal your biometrics over the internet. The device supposedly hashes the data derived from your fingerprint, presumably with a hardware-based secret, but I worry someone will find a way around that.

9
pcl 8 minutes ago 0 replies      
Here's an idea that would improve security in conjunction with the new sensor:

Create a random pattern of ridges and, using the technique outlined in the OP, build a latex key. Attach that to your keychain (in some sort of case to improve durability, maybe). Then, enjoy 2-factor auth, between the phone's pass code and the synthetic fingerprint.

10
JofArnold 3 minutes ago 0 replies      
Presumably solvable by using a digit that isn't normally in contact with your phone - eg the pinky of your non-dominant hand?
11
rickjames28 30 minutes ago 0 replies      
"Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

Yes

12
chmars 13 minutes ago 0 replies      
What is the resolution of the fingerprint image stored in biometric passport, i.e., the kind of passport you need to enter the US?

Biometric passports store an actual fingerprint image and not just a hash like the iPhone 5S. So if the resolution was high enough, everyone with access to a biometric passport for example by scanning people carrying such passports around at an airport could forge fingerprints

13
induscreep 2 minutes ago 0 replies      
This isn't new, some other guy broke TouchId by making a fake finger from gelatin and soy sauce.

http://blog.fortinet.com/iPhone-5s--Basic-Fingerprint-Replic...

14
professorTuring 19 minutes ago 0 replies      
Of course they have broken it, I had no doubt it would be broken like any other fingerprint security systems.

The issue here is that it's ok, it doesn't really matter. It is all about the amount of security you need. Does a normal user need unbreakable security? No. The security provided with this method is more than ok, it is kinda secure and it's faster (imho) than writing your passcode. After all your "enemies" here are nosy friends or similar...

If you need "unbreakable" security then you shouldn't use iphone or android, or you should use an specific secure storage application (cyphered content, hard to guess pass or whatever). If you need "unbreakable" security you better consider hiring a security consultant.

So, the question here is, are the security systems in mobile devices more than fine for most normal users? I guess so...

15
drakaal 34 minutes ago 1 reply      
Kind of a "well duh" post. All of the image scan finger print readers are easy to game.

Even the ones that use capacitance can be beaten with a rubber glove and a copy of the finger print, printed on the latex. (the best is actually an Vinyl condom that doesn't come pre-lubed, the ink sticks better and the vinyl is less of an insulator)

16
danpalmer 25 minutes ago 2 replies      
I'd be interested on peoples' opinions, is this more or less secure than a 4-digit passcode?

From a real security perspective, users should have alphanumeric password, as far as I know, businesses often enforce this.

Obviously a 4-digit code is easy to brute-force on a computer, but it requires far more technical knowledge to do so - booting custom firmware, using some script to brute force, etc, and if the attacker doesn't have the skills, they are limited to 10 tries, maybe more after waiting a few minutes or an hour.

It seems to me that, excluding users leaving smudges on their screen and seeing the passcode that way, a fingerprint is even easier to break than a 4-digit passcode.

17
s_q_b 32 minutes ago 0 replies      
iOS security is trivial to break if you have physical access to the device. TouchID (and passcodes) should be considered little more than a convenience, not a serious security measure.
18
fmax30 29 minutes ago 0 replies      
Nice , The mythbusters did this in their fingerprinter scanner episode , although they didn't have the iPhone5s but I am sure the same principle/technique would work.
19
Marazan 29 minutes ago 1 reply      
Wasn't Gruber getting awfully excited about how amazing and revolutionary Apple's finger print sensor was?

Will he be claim chowdering?

20
yohann305 30 minutes ago 0 replies      
These findings would have been more surprising if the fingerprints were taken from the phone itself!
2
BackgroundCheck kennethcachia.com
105 points by zzzsh  3 hours ago   16 comments top 10
1
MarcScott 3 hours ago 0 replies      
I'll start by saying that I think this is pretty cool and clever, and pretty useful for text. It works great on Safari.

I should however add, that while moving the elements over the picture, I didn't once lose sight of my cursor, as it is black with a white outline, which seems to be a much simpler solution to the problem.

2
andrewvc 3 hours ago 3 replies      
This is a nice step, but not good enough for practical use. Put the text half on the black lamp, half off, and you get 1/2 invisible text. While interesting, it's not reliably accurate enough to use in any sort of automated fashion.
3
matthuggins 3 hours ago 0 replies      
Didn't seem to do anything. I'm on Chrome 29.0.1547.65.

Edit: I tried again, this time releasing the elements. It sounded like it should be live updating as I'm dragging in the description, but it's only when you DROP the elements, not DRAG the elements.

4
reginaldjcooper 3 hours ago 0 replies      
This is cool but I think the best general solution is bordered text. You can see some edge cases where this solution fails for half the text, like the edge between dark and light on the tub.
5
MarkHarmon 3 hours ago 0 replies      
This is cool, but I found a small defect. If you drag the dot over the images while they are loading, the color change doesn't take place. It might be necessary to call your function after images have been loaded on your demo page.
6
crb002 1 hour ago 0 replies      
I would do it in RGB space. Run kmeans to get a set of Voronoi cell centroids, 5-6 should be good. Then take the Delaunay triangulation of that and pick a color midpoint between Voronoi neighbors that maximizes the distance sum from all the Voronoi generator points.

[1] http://en.wikipedia.org/wiki/File:Delaunay_Voronoi.svg

[2] http://people.sc.fsu.edu/~jburkardt/isu/reu_2001/voronoi_pap...

7
gbog 2 hours ago 0 replies      
Hehe, nice. I tried to put the small dot on the big one, both had the same dark hue, so I guess it works only on background, not on other placed elements, right?
8
joeframbach 1 hour ago 0 replies      
http://imgur.com/pQjoQ White text with black outline can be read on any color.
9
RobotCaleb 1 hour ago 0 replies      
Elements don't drag from where I click. They seem to snap.
10
Emass12 3 hours ago 2 replies      
Elements won't drag Firefox 23.0.1
3
Show HN: Send Secret Messages over Twitter as Public Tweets github.com
48 points by dpapathanasiou  2 hours ago   22 comments top 7
1
rw 6 minutes ago 0 replies      
I wrote a textual steganography tool in 2011, called Plainsight: https://github.com/rw/plainsight

Additionally, @workmajj and I wrote TweetFS using Plainsight. It lets you recursively pack up directories and post them as an encoded linked list of Tweets to Twitter: https://github.com/rw/tweetfs

I presented Plainsight at Hack'n'Tell NYC in 2011 and a video was recorded: http://bit.ly/pecGgW

Plainsight uses each byte of the input message to generate tokens. Bits are used to decide how to traverse the token tree, weighted by frequency. The drawbacks are 1) verbosity and 2) incorrect grammar.

I also wrote a fuzzing tool, called Shag, to find edge cases, e.g. for single-byte inputs: https://github.com/rw/shag/blob/master/shag.rb

-- Example 1 (regular text)

Type your message to encode:

   echo 'Meet at Union Square at noon. The password is FuriousGreen.' > cleartext
Then, pipe it through Plainsight:

   cat cleartext | plainsight -m encipher -f sherlock.txt > ciphertext
The output will be gibberish that Doyle could've written:

   cat ciphertext | fold -s   which was the case, of a light. And, his hand. "BALLARAT." only applicant?"    decline be walking we do, the point of the little man in a strange, her    husband's hand, going said road, path but you do know what I have heard of you,    I found myself to get away from home and for the ventilator little cold night,    and I he had left my friend Sherlock of our visitor and he had an idea was not    to abuse step I of you, I knew what I was then the first signs it is the    daughter, at least a fellow-countryman. had come. as I have already explained,    the garden. what you can see a of importance. your hair. a picture upon of the    money which had brought a you have a little good deal in way: out to my wife    and hurry." made your hair. a charge me a series events, and excuse no sign his    note-book has come away and in my old Sherlock was already down to do with the    twisted
Now, decipher that ciphertext:

   cat ciphertext | plainsight -m decipher -f sherlock.txt > deciphered   cat deciphered   Meet at Union Square at noon. The password is FuriousGreen.
-- Example 2 (binary data)

   $ dd if=/dev/urandom of=/dev/stdout bs=1 count=10 | plainsight -m encipher -f 1984.txt   10+0 records in   10+0 records out   10 bytes (10 B) copied, 9e-05 s, 111 kB/s   Adding models:   Model: 1984.txt added in 0.89s (context == 2)   input is "<stdin>", output is "<stdout>"      enciphering: 100%|#####################################################################################################################################################################|474.67  B/s | Time: 0:00:00      which is a war is real, the proles used mind on the telescreen. He could see through all right to. You have read what said. 'Yes,' only in the Ministry

2
dpapathanasiou 2 hours ago 3 replies      
This is a side project I've been working on for the Lisp in Summer Projects[1] contest.

It's a text steganography app using a simple book cipher, written in Clojure.

I welcome any feedback from HN so let me know what you think!

[1] http://lispinsummerprojects.org/

3
danieldk 41 minutes ago 0 replies      
Cool! One other fun approach may be to use syntactic transformation (topicalization, middle field ordering, etc.) or lexical variation (e.g. through synonyms):

https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/PSI0...

The advantage of such an approach is that you can use coherent text/messages.

4
cbr 23 minutes ago 0 replies      
For this to be secure (one-time-pad) you can't reuse the corpus. That's a big enough pain that I doubt people will actually do it. Which means you can start decoding their tweets once you collect enough.
5
drakaal 1 hour ago 4 replies      
The big issue I see is that Twitter detects and delete gibberish as spam. So at best case your posts randomly get filtered when you use this.

At worst case after posting a bunch of gibberish Twitter bans your account.

6
gpsarakis 30 minutes ago 0 replies      
Nice project. Considering a stream of tweets how can you find the beginning and the end of a sentence/message?
7
alexharris66 44 minutes ago 0 replies      
Cool. Much better than my secret twitter message project: http://www.twhatever.com/tweets :)
4
If PyPy is 6.3 times faster than CPython, why not just use it? stackoverflow.com
23 points by neokya  1 hour ago   2 comments top 2
1
kbuck 14 minutes ago 0 replies      
I actually experimented a while ago by running a long-running Twisted-based daemon on top of PyPy to see if I could squeeze more speed out. PyPy did indeed vastly increase the speed versus the plain Python version, but once I discovered that Twisted was using select/poll by default and switched it to epoll, my performance issues with the original CPython version were gone (and PyPy couldn't use Twisted's epoll at the time).

Another major issue was that running the daemon under PyPy used about 5 times the memory that the CPython version did. This was a really old version of PyPy, though, so they have probably fixed some of this memory greediness.

2
seiji 37 minutes ago 0 replies      
[actual real code story example]

I wrote two approaches to the same problem.

The first approach uses simple python data structures and greedy evaluation. It runs under CPython in 0.15 seconds. Running under pypy takes 1.2 seconds. pypy is 8x slower.

The second approach (using the same data) builds a big graph and visits nodes v^3 times. Running under CPython takes 4.5 seconds. Running under pypy takes 1.6 seconds. pypy is almost 3x faster.

So... that's why. "It depends." Butit's great we have two implementations of one language where one jits repetitive operations and the other evaluates straight-through code faster.

5
The Free Software Foundation is even more relevant now than before markwatson.com
31 points by Tsiolkovsky  2 hours ago   9 comments top 2
1
clarry 1 hour ago 3 replies      
Free software is nice, privacy and security are needed, yada yada. Yes, I absolutely agree. What does the FSF have to do with this? This an interesting claim in the title, but the post does nothing to explain the relevancy of FSF.

I used to be an avid supporter of the FSF, but in the recent years I've been shying away from them because I don't see how they're relevant to the well-being of free software. In fact I've come to see them as a lobbying group pushing their one-sided view of what free software is and how it should be. I much prefer to support free software projects and the people who actually write and maintain free software. I do this in the form of testing, code contributions, code review, bug reports, and user support. I'd also donate if I weren't living on a student's budget.

I used to be subscribed to some FSF mailing list. They kept asking for donations, but never did they give the impression that they're spending it on improving or making any free software I value. Sorry, I don't want to support their lobbying with my money.

2
laureny 46 minutes ago 2 replies      
The FSF has never been very relevant so saying it's more relevant than before is not setting the bar very high. Besides, that's probably what you'd expect to hear from someone bragging they've been supporting it for 30 years.

I appreciate the value that free software brings but what differentiates me from the people at the FSF is that I also realize that free software is not a panacea and that closed source, commercial software is a necessary complement to the existence of a healthy ecosystem.

6
Flat Docker Images 3ofcoins.net
35 points by mpasternacki  3 hours ago   7 comments top 4
1
dkulchenko 1 hour ago 0 replies      
Very cool. Here's the corresponding GH issue for docker itself to get this sort of functionality: https://github.com/dotcloud/docker/issues/332
2
consonants 2 hours ago 1 reply      
Off-topic, but pertains to Docker images:

Do people usually roll out their own images from source/based on verified binaries from the parent distribution's repositories or are base images provided by the community?

3
gmuslera 2 hours ago 2 replies      
In Docker 0.6.2 was added -rm as builder parameter to delete intermediate containers
4
nickstinemates 2 hours ago 0 replies      
That's a pretty perl script. Well done.
7
Musings about Debian and Python pault.ag
79 points by plessthanpt05  5 hours ago   29 comments top 13
1
fingerprinter 4 hours ago 4 replies      
I didn't realize there was a fight going on.

It seems like this is where everyone settled and is a good solution:

Virtualenv + pip for development

system wide (apt, dpkg) python etc for system tools and packages.

This makes sense to me. Keep your personal code sandboxed from your system tools.

As an aside, I know there are quite a few tools and programs in both Debian and Ubuntu written in Python. I wonder if we'll look back in 5-10 years and realize/think this was a mistake. Particularly for UI code. I love me some Python, but I cringe every time I have to interact with a Python GUI application.

2
pedrocr 3 hours ago 1 reply      
Where I like to draw the line between apt and rubygems/pip is between "things that are base system" and "things that are app deployment". So in a typical rails stack that would be apt installs the system-wide stack (apache, ruby, passenger, rubygems) and then capistrano is used to deploy my webapps with their gems from my dev machine to their app-specific directory in the production server.

This way I can have my sysadmin hat on while setting up the server and depend on debian/ubuntu to handle security upgrades and generally create a consistent system. Then I can put my devops hat on and use capistrano and bundler to manage the security/dependencies of my own code.

But I see where this breaks down. If the base stack is moving at a much faster pace than the distributions (e.g., right now the version of passenger in Ubuntu LTS is incredibly old) it's attractive to just ignore the system packages and install everything from original sources (e.g., install ruby from source with rbenv). But doing that is just throwing away the integration work the distribution has done. I'd much rather include some extra repositories to get updated versions that integrate through apt for the few things that I care to upgrade faster than Ubuntu LTS allows me. Right now that's puppet, passenger and a few more.

3
TheSwordsman 4 hours ago 0 replies      
I think I agree with the blog post in its entirety, as a fellow Pythonista / Debianite. The Debian packages that are released always seem to be top-notch, stable, and fit for production. (Let's forget the OpenSSL incident, shall we?) I don't fear that the new version is going to break my currently installed software, and I'm not worried about dependencies somehow having been missed causing havoc. It just works.

(And when it doesn't, it's because I did something deep within dpkg/apt I should not have.)

I can't say I've always had the same experience with other distributions which is the reason why I moved to Debian in the first place. Truthfully, I can't ramble any specific scenarios off from the top of my head.

Any time I've had an issue with a Debian software package, the bug threads have always been constructive with proponents for both sides explaining why it should be one way over the other. Eventually, the best decision is made (even if I personally disagree).

However, the sacrifice for this stability is the fact packages can become a bit 'stale' when it comes to new versions. I don't mind sacrifices like this. And if you need newer stuff, that's why backports exist.

If you want the latest and the greatest use pip. But for the love of all things, couple your pip usage with a virtual environment. Hell, even if you aren't using pip get in the habit of using a venv.

My only bad experience with virtualenvs was a recent Python security update (related to /dev/random). The system libraries changed, the Python executable in the venv did not, sadness ensued. Even then, once I figured out the issue, it was a quick fix. Just re-init the virtualenv, and it fixed it for me. No need to move code around.

In short, if I want a stable system I don't need to babysit, I go with Debian. I trust the people maintaining the packages. I use virtualenvs for 90% of my Python development, and use pip inside of those venvs.

Hasn't failed me, yet. Probably shouldn't jinx myself...

4
don_draper 4 hours ago 0 replies      
"I prefer virtualenv based setups for development"

I'm a casual python user and I find virtualenv to be very helpful.

5
zdw 4 hours ago 0 replies      
More background on Python's packaging methods and history: http://aosabook.org/en/packaging.html

I'd also add that native packages tend to be far more repeatable when you have to deploy and update a lot of systems in any environment.

Note that with tools like fpm or other similar quick and dirty package generation tools, in general don't have to stick to the upstream system's development guidelines, but you get the benefits of using the native package tools.

6
emillon 3 hours ago 0 replies      
The background of this post is a thread on the debian-python mailing list, relative to a new PEP:

http://lists.debian.org/debian-python/2013/09/msg00049.html

7
st3fan 4 hours ago 1 reply      
Or do what I did: give up on Python packaging and use Go or a JVM based language that produce single artifact deployables.

I have been in this Python mess far too long. Now I just make a .war file or tell Go to compile for my target platform. Both result in single files that can be deployed without post-processing, installing/compiling dependencies or whatever ... it simplifies things for everyone. Developers, CI, packagers, ops, security folks.

8
ekr 4 hours ago 2 replies      
I don't want to start any argument, but there is a reason why Stallman recommends writing GNU packages in C (so that users don't need to acquire and install all kinds of dependencies, and not just them). I certainly think again about installing something when I see that the software is written in Java or Python, mostly because I don't like to bloat my system.
9
jrochkind1 2 hours ago 0 replies      
interesting that debian and perl have come to the same impasse as debian and ruby.
10
zipfle 3 hours ago 1 reply      
The design of this blog is so good that I almost didn't notice how good it is.
11
auvrw 2 hours ago 0 replies      
well-written (and -typeset) article, although i think there is probably less controversy around this than the tone of the article suggests?

anyway, side note: switched from nm-applet to wicd-client and haven't looked back.

12
Siecje 4 hours ago 0 replies      
virtualenv and pip for your own project and use the package to satisfy requirements of installed programs.
13
jamtan 2 hours ago 0 replies      
I like to get the best of both pip and the distro's native package manager ...

https://github.com/jordansissel/fpm

8
Show HN: Onions.io secure and open-source text storage in the cloud onions.io
13 points by bennyg  1 hour ago   9 comments top 4
1
tptacek 33 minutes ago 1 reply      
You appear to be encrypting "Onions" with CBC with a static IV, using the hash of a string as the key, and with no integrity. You can't use a static IV. You can't encrypt without providing for authenticity. How do you know you don't have a padding oracle? The code you have right now will, from what I can tell, behave differently if an attacker modifies the ciphertext.

Where did the crypto design for this system come from?

Why are you hand-rolling your own crypto? Why didn't you use something like Nacl instead, which was already carefully designed to make crypto safe for developers that haven't studied the topic?

2
jcoder 50 minutes ago 1 reply      
How do you prove that onions.io is running https://github.com/onionsapp/Onions-Rails-API?
3
bennyg 1 hour ago 0 replies      
Beta Codes:

  ebcc8d74-edee-46c6-a640-020741a9b2eb  15ea4fa0-3ad6-46ea-a3b8-07136117f722  64641c44-2d78-495d-b900-4534312f59be  fdb92162-6de6-4868-b5f1-d5e1ba35516d  c8d0fbb9-60c5-4156-92d2-8c9db48f1600  e88a760e-7a4b-4ff2-9276-039d7630edd1  59bd9776-ee53-401f-9d20-8a259a25007f  80888b40-bce3-4d1d-a9ad-e555e5aaf37c  5ed2e9e2-c152-4176-b7cb-aaf4700c4f4b  2ab69676-c618-43bb-90fc-0353ceac756c  a913abf4-5dbc-44ed-9e32-0b9ec08dd69d  9cd734ff-e28e-42e4-95df-635f7d487dcc  b4261b97-e6a9-4b10-a219-21f7b36913fc  14d108b3-652b-4123-88f7-bdf8e3d87c04  a8090aaa-b9ec-417f-9e62-98f0972587d4  949c1467-40c1-4b93-bca8-97d80b756926  b61fc80f-0f9e-45a9-82f3-61b0deaf52c9  84b449d5-6b0b-4775-b4b0-531d50f25afc  a09023fd-4ff2-4e8d-aabb-ee3c94dec08b  806db2ef-42e3-46c6-901a-053da569561e  4654e5c5-878a-4609-95c0-060f3ea81669  21092de4-c521-4329-9bc7-1793dd3c1b4a  4ea9e54c-cc31-40b4-bcf7-fadf75859964

4
kevinday 51 minutes ago 1 reply      
I know you say you're not storing the password on your end, but what prevents you (or a hacker who somehow gets access to your server) to suddenly start logging the passwords as they're sent to the server when someone logs in?

You've got what looks like a good approach to storing things in an encrypted way, but it's still requiring the user to trust that the server is actually doing what it says it's doing and no more.

9
4.2.2.2: The Story Behind a DNS Legend tummy.com
52 points by martinml  5 hours ago   11 comments top 7
1
cbhl 2 hours ago 0 replies      
Previous discussion: https://news.ycombinator.com/item?id=1282213 94 points, 1250 days ago, 39 comments
2
chrissnell 2 hours ago 2 replies      
I started using 4.2.2.1 in early 1999. A friend of mine was a sysadmin at Genuity (then the new owners of that block) and they used it a lot internally. I went on to show it to a lot of my fellow sysadmins and I guess a lot of other folks did the same.
3
ghshephard 3 hours ago 0 replies      
I've been using 4.2.2.2 on almost daily basis since 2003 - every time I want to see if I'm connected to the Internet, anywhere in the world - that's my canary.

It had never occurred to me to wonder why I was using 4.2.2.2. Just something I learned from one our network engineers, who learned it from someone else...

4
ck2 3 hours ago 1 reply      
Just imagine how much traffic they get.

If they really didn't want people to use it, I am sure it would be easy for them to block whole swaths of the net from using it.

5
Nux 2 hours ago 0 replies      
Been using 4.2.2.2 (and 4.2.2.3) for almost a decade now.

In recent years I stopped using them though because of privacy and reliablility causes; I usually setup a caching server on the local host or network.

6
lysium 3 hours ago 1 reply      
I did not understand why we shouldn't use 4.2.2.2. If they did not wan people to use it, why is it open? Too bad none of the reports the authors has read about that were linked.
7
efm 2 hours ago 0 replies      
I use 8.8.8.8 which is Google's public DNS
10
Lightweight HTML5 Grooveshark Player grooveshark.com
80 points by vinnyglennon  7 hours ago   48 comments top 14
1
ashray 6 hours ago 2 replies      
Grooveshark is amazing. They have the best library out there hands down. Yes, they got it through piracy yadda yadda but they have more music than any of the legit services out there (I pay $9.99 for rdio per month..).

The thing is that I can find label music on Grooveshark (iTunes top 500 sort of stuff) but I can also easily find the most obscure stuff you can think of. So fan remixes, and regional music (Indian music, Pakistani music, Lebanese music, etc. etc.). The other services out there have a LONG way to go to make that happen.

2
bdz 7 hours ago 6 replies      
How the hell is Grooveshark still alive? Essentially it's a streaming frontend for illegaly uploaded music.
3
dsirijus 5 hours ago 3 replies      
This is live for ages. I think they just started PR around this because it can now not die on iOS 7, running in background.

As a side note, try out Leap Motion playback controls on GS (in Settings > Subscription, wtf), they're super sweet. I just wave my hands around to control music, it's awesome!

4
wslh 6 hours ago 2 replies      
Side note: my favorite radio show is uploaded to Grooveshark and the other day I needed to listen it offline, so I just used a proxy (fiddler) and save the stream from the proxy session console. There is an API where you can do the same, I think, because is just one request with the location of the MP3 audio. There are a lot of apps for downloading mp3 from Grooveshark but they usually came with a lot of crapware.
5
benbristow 50 minutes ago 0 replies      
GrooveShark is great, but because of the user-uploaded content half the songs are incorrectly tagged and the albums are mostly incomplete.
6
notregistering 2 hours ago 0 replies      
The HTML5 player has been standard for at least a year now for GS. The two primary reasons I've avoided it are:- Lack of broadcasts. (Presumably available in their native app.)- Lack of wired.com-esque topnav position fixing in Chrome mobile. It's a minor thing, but having the entire page shift down every time you scroll can lead to incorrect menu selections when mindlessly selecting music.
7
code_duck 5 hours ago 1 reply      
I would use this all the time but there's one problem: the song doesn't advance to the next one on my iphone unless Safari is open. So, my phone has to be on with the screen on or the music ends when a song ends. (Grooveshark has had this player for a while... I haven't tried it in iOS 7).
9
Mozai 5 hours ago 3 replies      
Odd. In Midori and Chromium, seems to work correctly. In Firefox, it appears crippled and I get 38 errors on the console -- SyntaxError, TypeError, ReferenceError -- including:

[09:42:19.907] SyntaxError: in strict mode code, functions may be declared only at top level or immediately within another function @ http://html5.grooveshark.com/build/app.min.js:1

10
auggierose 5 hours ago 3 replies      
If you access the site from Germany, they tell you that they have shut down in Germany because of too high operating costs.
11
alexvr 3 hours ago 0 replies      
I've been using this for ever. I think I deserve hipster brownie points.
12
um304 5 hours ago 2 replies      
Grooveshark has been my favorite online music player for last 3 years, but recently I have observed a lot of bugs on their site, which hinders smoooth experience and forces me to consider alternatives.
13
vially 5 hours ago 1 reply      
Where is the volume button?
14
torbit 4 hours ago 0 replies      
I can make a radio station based on my playlist anymore?
11
Deciphering the Business Card Raytracer fabiensanglard.net
283 points by cremno  15 hours ago   48 comments top 8
1
chrissnell 13 hours ago 1 reply      
If you want to make your own, like Fabian Sanglard did, take this block of binary numbers and draw your initials (left-justified) with 1's:

  0001110000010001110  0010000000000010000  0100000000010010000  0100000000010001100  0100000000010000100  0010000010010000010  0001110001100011100
That's my initials, cjs. If you unfocus your eyes, you can see the letters pretty clearly.

Take each line, top to bottom, and convert to decimal:

http://www.mathsisfun.com/binary-decimal-hexadecimal-convert...

Edit Paul Heckbert's code (lines 12-13, the "G" array), replacing the numbers from right to left with the decimal values. In other words, the last number in the array is the top line of the binary block above.

Clean up the justification and you have your business card raytracer, courtesy of Mr. Heckbert.

I probably could have coded this in the time that it took me to draw my initials in binary pixels.

Also, here's a version with the camera moved slightly farther out so that the letters don't clip:

https://gist.github.com/chrissnell/6656963

2
a_e_k 13 hours ago 3 replies      
Hi there, code author here. I've been lurking here for years, but couldn't resist an invitation like this.

I've always enjoyed Fabien's analyses so it's great fun to see what he makes of my own code. Anyway, a few clarifications from what I remember of this. (I wrote this '09, and I don't have my old notes in front of me right now):

* The `n` value returned by the trace function, `T()`, is the surface normal. It returns this whether it hit the plane or a sphere.

* The `r` vector in `S()` is the reflection vector off whatever was hit.

* The mystery `c` point in the `main()` function is the offset from the eye point (ignoring the lens perturbation `t`) to the corner of the focal plane. Note below that we're nominally tracing rays for pixel (x,y) in the direction of ax+by+c. At the image midpoint, this should be `g`.

* "although I suspect this to be a side effect: This is not how soft-shadows are done." True. There are true soft shadows in this, but this isn't where they're computed. That's the job of the randomization where `l` is computed in `S()`.

Anyway, please feel free to ask any questions about it.

3
jevinskie 14 hours ago 2 replies      
Would the wasted empty space in a #define return <pick a single character> make up for the several return statements that I see? That is why typedef statements are nice, you can ; terminate them!
4
milesf 14 hours ago 4 replies      
The output file is .aek but I can't figure out what to do with it. My Google-fu is failing me this evening.

How do you view the output?

5
ggambetta 9 hours ago 0 replies      
I love this kind of thing. I've made a similar one (minus texturing) in Javascript, drawing to a Canvas; my current version is 975 bytes. Output, full source and live demo here: http://gabrielgambetta.com/tiny_raytracer.html
6
dinkumthinkum 14 hours ago 0 replies      
Very nice article and straight to the point. It's really nice to see a pithy discussion and impressive demonstration.
7
thenomad 8 hours ago 0 replies      
Along the same lines, albeit much less compact - a 99-line Path Tracer (the next evolution from a straight-up raytracer, performing global illumination calculations):

http://www.kevinbeason.com/smallpt/

8
eaxitect 13 hours ago 0 replies      
This is really single piece of sh*t I like most for a while... simple and elegant
12
The average faces of women in different countries myscienceacademy.org
34 points by creamyhorror  1 hour ago   15 comments top 9
1
fchollet 6 minutes ago 0 replies      
The fact that some very individually distinctive features are still present on some pictures (why do some of these faces smile, and some don't?), I would guess that the number of pictures that was averaged was ridiculously low, 10 maybe.

The result is therefore all about the original ~10 pictures that were chosen... and it is certainly not an "average face" (which would require a statistically representative sample, north of 10k for most countries). Chose 10 other people from the same ethnicity and you get a different face.

2
virtualwhys 0 minutes ago 0 replies      
Poland was not high on my list of travel destinations, but, I mean, if the women look like that ;-)
3
irickt 49 minutes ago 4 replies      
4
lostlogin 6 minutes ago 0 replies      
Funny not to capitalize country names, and why does India get a double entry? There are other places where geography correlates with different appearing faces too.
5
drakaal 32 minutes ago 0 replies      
The software uses a default face, if you go to http://faceresearch.org/demos/average

You can see that even picking to very lopsided in the same way face, like Right eye higher than left, and mouth off center, results in a face that looks good when averaged.

The method they are using is clearly flawed.

6
yetanotherphd 37 minutes ago 0 replies      
Funny that China is the only country where they specify the ethnic group, even though many other countries in that list have sizable ethnic minorities.
7
cliveowen 20 minutes ago 0 replies      
I guess the Netherlands is worth a visit.
8
raldu 7 minutes ago 0 replies      
Where is the average American women?
9
officer_gotcha 22 minutes ago 0 replies      
Way prettier than my experience.
13
Cubr Solving Rubik's cube using webcam and Python cbarker.net
23 points by lelf  4 hours ago   5 comments top 5
1
M4v3R 57 minutes ago 0 replies      
I nice algorithm for finding optimal cube solution: http://kociemba.org/cube.htm. In Download section you can find an implementation, along with source in C.
2
nonchalance 23 minutes ago 0 replies      
There are some really cool rubiks cube solvers using Lego mindstorms
3
ronaldx 56 minutes ago 0 replies      
I just had a flashback to programming a Rubik's cube solver in QBASIC 15+ years ago.

It's nice to see some progression in what's considered introductory: very good stuff, well done :)

4
djent 3 hours ago 0 replies      
Here's another video of using a webcam to solve a Rubik's Cubehttp://www.youtube.com/watch?v=VaW1dmqRE0o
5
teddyknox 1 hour ago 0 replies      
Introductory CS class?
14
Setting the Record Straight on False Accusations linkedin.com
19 points by r0h1n  4 hours ago   15 comments top 8
1
lawnchair_larry 1 hour ago 1 reply      
It seems that this person doesn't understand the difference between getting permission and tricking the user. If the users also felt that they gave permission, there would not be a lawsuit.
2
lifeisstillgood 42 minutes ago 1 reply      
it's not a legal definition, but it is a marketplace definition:

  if I give you permission that I did not realise  or understand, it's not really permission.  if I give you permission to do something, and the  way you do it is so out of whack with my expectations  it's not really permission.
The lawsuit is about one or both of these happening. neither has any realistic legal hope without legislation, but that's not the point. LinkedIn, one of the great professional business hopes for a real revolution in how we find and work with others, is a spammy marketeer. And worse, they don't realise it.

nb - you don't have to be a spammy marketeer all the time for it to be an accurate description. just as you don't have to beat your wife every night to be accurately described as a wife beater. you might think you are being a good husband tonight - she is just waiting for the next round

a long winded way to say you have lost my trust LinkedIn. One day a viable alternative will appear and you will discover the meaning of freefall. in the meantime have my monthly subscription darn it

3
lutusp 43 minutes ago 1 reply      
Let me guess -- LinkedIn automatically and surreptitiously "opts you in" to sharing your email contact list and there's either no meaningful way to opt out, or the option is buried by people as skilled as those who buried Jimmy Hoffa, or it doesn't exist at all.

So they now can speak the half-truth that those malcontents who are suing them didn't find the opt-out option, therefore it was all right to exploit their contact lists.

One more thing. Given that a lawsuit is pending, it's extremely unwise to reveal one's defense in advance of the proceedings -- that can only help the other side. When a lawyer tells you to say nothing publicly about an upcoming legal action, you really should listen to him. This tells me that LinkedIn either doesn't have competent counsel, or they're in the habit of ignoring wise advice.

4
bsullivan01 35 minutes ago 0 replies      
You "get" permission by tricking users. I am very web-savvy and almost fell for your tricks, so I hope you have to pay at least a $billion as a message.

(That and clicking on ads on Google and other SE, they make it extremely hard to distinguish between ads and content. If we had an FTC that stuff would end after threats of lawsuits and billion dollar fines.)

5
chopin 1 hour ago 1 reply      
I'd still like to know whats technically going on. There are bold accusations in another thread (https://news.ycombinator.com/item?id=6425444)for which I do not understand how they are accomplished technically. Both XSRF and simply OAuth seem possible. The latter can't go on unnoticed, imho.
6
dreen 1 hour ago 1 reply      
So upon reading this I went to my LinkedIn to find the settings he is talking about but I don't see them anywhere. Can anybody help me? Where can I disable this?
7
3327 40 minutes ago 0 replies      
I have personally felt the same anger against linkedin. Enough to sign my name under a class action. They deserve this and I think its justified.
8
Fourplealis 1 hour ago 0 replies      
Well, they didnt explained what have they done to make people angry. Those invites didnt send themselves.
15
An Insider's View of Mobile-First Design wired.com
16 points by joemir  3 hours ago   3 comments top 2
1
_greim_ 3 hours ago 1 reply      
> Fake It Til You Make It

I.e. don't wait for confirmation from the server that the action was successful, before you indicate success the user. This can dramatically boost perceived performance in an app, mobile or otherwise.

However, even if this gain is too tempting to resist for a startup struggling to gain traction, I think it deserves to be mentioned that it's a slightly dishonest thing to do. For example I've been burned a few times after closing the app and going several hours or days, only to learn that my photo never went live. It can be infuriating. For less trivial apps, it can only be worse.

2
wallflower 1 hour ago 0 replies      
Instagram was referenced. The original presentation by Mike Krieger is much better in my opinion.

https://speakerdeck.com/mikeyk/secrets-to-lightning-fast-mob...

16
Datomic: Can Simple be also Fast? dotkam.com
60 points by espeed  8 hours ago   12 comments top 5
1
ryanbrush 6 hours ago 1 reply      
Whether through Datomic or something else, it seems like some version of "database-as-a-value" (as described by Rich Hickey) is bound to happen. We're keeping immutable version histories of as much as our hardware and systems will allow, from source code management through other types of media. Why in the world wouldn't we do this with our data if we could?

It'll be interesting to see how this plays out. Widespread adoption of technology tends to follow a path of least resistance. Does Datomic offer a simple enough path to pull many people over? I also know many of us have a preference for building on open source systems; will this be an obstacle for Datomic?

2
philjackson 6 hours ago 1 reply      
Never Trust Sheep - isn't it the sheep that spot the bugs, scaling issues in real-world scenarios, indirectly help get the funding for the parent company so that they can scale teams and isn't it sheep that write tools, clients and community documentation?
3
joevandyk 3 hours ago 0 replies      
One database pattern I use is to have new data/events be inserted into tables. Then use either window functions, views, and/or triggers to get a snapshot of the most current version of the data. It takes more space, but it allows me to figure out why the database is in the state that it is.

For example, if I want to track ups shipments, I'd set up a shipment_events table. Every time I check the status of a shipment, I'd insert into the shipment_events table. If the shipment changes state from in_transit to delivered, then I'd set shipments.state="delivered".

4
est 4 hours ago 2 replies      
I am always interested in Datomic's approach. How can you build a simple thread-safe counter with it?

If you do it in a time-series db fashion, there will soon be too many facts to count.

5
wheaties 4 hours ago 1 reply      
Isn't HornetQ the queue that allows one "ack" to speak for the past five messages. That is, if I were to lose one of the past five messages I sent, I would never know because the system would consider the message delivered. To me, that is a severe flaw and could open you up to a nightmare of debugging if used improperly. Either go full acks or go ack-less.
17
The Rise, Fall and Survival of Ashton-Tate's dBASE eweek.com
31 points by ohjeez  6 hours ago   17 comments top 8
1
rmason 1 hour ago 0 replies      
OK so do you want the real story? The genius behind dBase was Wayne Ratliff. When George Tate died of a heart attack on 1984 at age 39 the company's new CEO was Ed Esber.

While Tate had a productive relationship with Ratliff and realized he was important to the companies success. Ed Esber fought with Ratliff. He famously told dBase's inventor that his contributions to the company were no important to the success of Ashton-Tate than the guy on the loading dock.

Ratliff quit and started Migent to compete against Ashton-Tate. Esber sued the young company over appropriation of trade secrets. You can trace the company's decline from this point. Ratliff introduced an innovative client server database called Emerald Bay but lacked the marketing chops to succeed. SQL was beginning to take off and when Microsoft introduced Access and made it easily accessible to the same customer base that dBase targeted it was the death knell.

2
jasim 2 hours ago 0 replies      
My first programming language was dBASE, soon after which I started using Clipper, a superset of dBASE which compiled to p-code based binaries. It had a thriving third party library market, and supported code blocks (anonymous functions) and much more.

Clipper was also abandoned by Computer Associates who bought it from the original Nantucket Corporation. There are however two open-source projects that are still being actively developed: Harbour (http://www.harbour-project.org/) and xHarbour (http://xharbour.org/). Both are being used by enterprises that still has xBase apps around.

3
linker3000 28 minutes ago 0 replies      
PC-file FTW. I created a stock tracking app for our electronics R&D department with it. It was one of the original shareware apps. Must have been about 1985.

http://en.wikipedia.org/wiki/PC-File

4
RexRollman 2 hours ago 1 reply      
Until last year, I was a daily user of dBase IV for DOS at work. Amazingly stable and easy to use, and to this day, Excel can read and write those .dbf files. I really liked it.
5
davidw 4 hours ago 1 reply      
If you've never read it, "In Search of Stupidity" ( https://www.amazon.com/dp/B001C6MQA8/ref=as_li_ss_til?tag=de... ) covers this and other companies that rose and fell. His thesis is that the most successful companies weren't really all that brilliant and visionary - just less stupid than some of their competition.
7
D9u 1 hour ago 0 replies      
dBASE was my first "real" programming language (.bat & basic don't count) and we used Clipper. (circa 1993)

Of further note was the mention of FoxBase, which became FoxPro and is what we used to develop one of the first online offender databases for our state sheriff's department. For some reason using FoxPro seemed less like "programming" than using Clipper. (too much like Visual Basic)

Thanks for the walk down memory lane!

8
DanielBMarkham 4 hours ago 3 replies      
I did my first contracting gig getting paid by the hour hacking DBase business programs. On the side I wrote a checkbook program, calendaring app, and RPG character generator.

I have fond memories of DBase, especially DBase III+. I remember when computers had "turbo" buttons and you could make a dog program run like lightning by simply hitting the button. I also remember compiling DBase programs in Clipper, and all sorts of other fun stuff. I worked for one guy that bought faster crystals to make his CPUs run better -- the very first PC overclocking that I ever saw.

Eventually, the home/small business database market went to Microsoft, who released MS Access. All of the "real" programmers said it was a toy and wouldn't deign to use it, but consumers bought it up and started creating their own apps. This was great news for me, because most of the time they created a mess and somebody had to come in and clean it all up. DBase was a big part of how I went from high school kid to independent programmer.

Good times.

18
Spy Files 3 wikileaks.org
359 points by frank_boyd  22 hours ago   22 comments top 7
1
TheLegace 16 hours ago 3 replies      
From the gist of the incredible difficult to decipher training manual there are 4 systems. Overview of network topology is here:http://i.imgur.com/gzw6nAT.png

1) ADMF-Client & Infection GUI

These seem to be HP Compaq computers, running Windows 7 Ultimate, FinFlyISP GUI and a XMPP client(which runs over TLS and is secure).This is a tool for LEA to use which interfaces with the ADMF backend for managing infections, selection of infection methods, realtime status info and management of all components.

2) ADMF - Central Administration Function

This is the backend which all the LEA terminals in 1 connect to. These are HP DL380 G6 Intel Xeon X5550 @ 2.67GHz servers running hardened Debian(by Dreamlab best practices). It is a core component of their infrastructure and communicates in realtime with all their other component systems. It stores the configuration and initiation of infections. Realtime exchange of info and states(target coming online, being infected, etc.) Contains RFC XMPP used for secure encrypted communications.

3) Network Data processing component (iProxy/NDP01/NDP02)

Infections are remotely activated by ADMF in 2 via the GUI. Each NDP is bridged with 10GB/s fiber bypass module. Incase of hardware/logical failures this module switches automatically to by-pass mode. Thus traffic will never be interrupted. ATTENTION this is highly dynamic bridge, do not change any configuration manually. NDP has been specially configured for his network, any changes are tightly coordinated with Dreamlab.

4) Radius Probe(RP01/RP02)

Realtime monitoring of AAA processes which include:

1. Targets coming online

2. Receiving IP Addresses

3. Changing IP Addresses

4. Going offline

Recording of RADIUS authentications and accounting dialogues. Being always up to date of target IPRP sends info to ADMF, the ADMF provisions the NDP. Running same hardware/OS as 3. The RPs have bidirectional connection with broadband remote access server(BRAS) [1] which are what connect to the global internet from a ISPs network. BRAS aggregrates user sessions from access network. This is where ISPs can inject policy management and QOS. Aggregrates DSLAM connections from locally dispersed in an ISP area network.

Communications Visualized

The slide explains that communication of all components always is initiated towards the ADMF.

http://i.imgur.com/qOQfVYd.png

Use Cases

1. GUI->ADMF [Infect a target]

2. ADMF->Radius prove [Start monitoring/set a trap on target]

3. Radius->ADMF->NDP/iProxy [Handover of IP]

4. iProxy->NDP [iProxy requests NDP to analyse datastream on IP and "interesting" traffic]

5. NDP->iProxy [Handover traffic matching request]

6. iProxy [changes traffic and modifies data by adding infection parts]

7. iProxy->NDP [iProxy sends modified traffic data to NDP]

8. NDP Reinject [NDP recalculates checksums/resequences TCP/IP packets and reinjects traffic into the stream]

9. Target infection done [Data successfully sent to target]

[1] http://en.wikipedia.org/wiki/Broadband_Remote_Access_Server

2
conductor 20 hours ago 1 reply      
I'm glad this time it is getting more up-votes than the previous submission [0].

There are many interesting documents here, for example the "Finfisher FINFly ISP 2.0 Infrastructure Product Training" [1] which is a presentation/guide from www.gammagroup.com about how to use their software to "infect" the target and collect information about it.

[0] - https://news.ycombinator.com/item?id=6329435

[1] - https://wikileaks.org/spyfiles/docs/GAMMA_2010_FinfFINFISP_e...

3
detcader 17 hours ago 1 reply      
Making all the text of these docs searchable from a single webpage would be lovely..
4
mkup 7 hours ago 1 reply      
There's a screenshot at the page 49 of https://wikileaks.org/spyfiles/docs/GAMMA_2010_FinfFINFISP_e... logs of ADMF trojan upload service) which mentions resource "chrome_installer(3)_129271991323222656.exe" was processed.

Doesn't it mean that ADMF of FinFly somehow interferes with browser auto-update in order to upload its trojan to the target computer? I know browser update file must be somehow cryptographically signed, but NSA may have access to private RSA key used for browser updates, which allows such types of attacks. Isn't it?

5
runn1ng 9 hours ago 2 replies      
This is why you need actual journalists... this is just heap of data that's hard to decipher and hard to make sense of.
6
joering2 18 hours ago 1 reply      
I don't have time to read all this but I wish. Please anyone: I need names of organizations and those on the top involved, so I can create my own "no-use list" and avoid those at any cost.

Thank you.

7
shandip 3 hours ago 0 replies      
I'm moving from US, it just keeps on getting worst. Fuck it.
19
Dave Eggers's 'The Circle' Takes Vengeance on Google, Facebook wsj.com
35 points by RockyMcNuts  4 hours ago   16 comments top 8
1
kmfrk 2 hours ago 3 replies      
Apropos theft, Eggers may have "appropriated" the work - and life - of Kate Losse for his book: https://medium.com/p/bf1a7c77873b.

http://www.theatlanticwire.com/technology/2013/09/did-dave-e...

2
Apocryphon 2 hours ago 2 replies      
Upton Sinclair wrote the The Jungle as a call for socialist action, and it was only because of the public's disgust at the very unsanitary conditions of food production that the FDA and food purity laws were created. This novel seems to be depicting a totally fictional and exaggerated environment for satire. Not the same thing as The Jungle at all.
3
base698 20 minutes ago 0 replies      
I read "A Heart Breaking Work of Staggering Genius", a book partly about the death of his parents, after my mom died as a recommendation--it was fairly insufferable to say the least. I couldn't empathize with it at all. I'm very interested in social commentary on tech and social, especially given my trade, but I doubt it will be anything but hype. The Amazon comments are pretty funny.
4
IvyMike 2 hours ago 0 replies      
I just pre-purchased this book and used the Amazon feature to "share this purchase on facebook."
5
andrewcooke 11 minutes ago 0 replies      
i guess in sinclair's time it would have been the letter pages of the press where people would say how the work was nothing but hype, or plagiarism, or something much less important than whatever is was being compared to.

you've come so far, hn.

6
pfortuny 1 hour ago 0 replies      
"Privacy is theft," that is a good one, really.
7
cinquemb 2 hours ago 1 reply      
The accolades the writer of the article gives makes me wonder: Was 'The Jungle' hyped up by the media before or after its release?

I don't mean to take away from the subject at hand, but If people haven't changed their behavior after NSA's doings went mainstream, what makes one think a book will be the straw that breaks the camels back, and do people need to be prodded into doing the Right Thing? That would seem no more sincere than muse of the book

8
TruthElixirX 2 hours ago 0 replies      
Paid plug.
20
Creating a Proxy Server with Go codingcookies.com
37 points by jokeofweek  6 hours ago   13 comments top 2
1
tptacek 3 hours ago 2 replies      
I know it's irrational, but it drives me a little nuts how the proxy idiom in go is "two goroutines implementing socket-to-socket copy". The inner handler loop of a proxy is a place where, to me, select/poll might actually make the code easier to follow; also, the idiom doubles the number of goroutines required to handle a given connection load, and while goroutines are cheap, they aren't free.

I know it's possible to pull select() into Golang programs (I ended up having to, to write a fast port scanner), but Golang people look at you weirdly when you tell them you did that.

2
mcot2 5 hours ago 5 replies      
I'm not sure I agree with how channels are used here. What's the point of this spaces chan? Why couldn't a simple atomic counter solve this (see sync/atomic)? Why allocate a thousand bools?

    // The booleans representing the free active connection spaces.    spaces := make(chan bool, *maxConnections)    // Initialize the spaces    for i := 0; i < *maxConnections; i++ {        spaces <- true    }
}

Is this really how people use go???

21
LinkedIn sued by users who say it hacked their e-mail accounts arstechnica.com
169 points by shawndumas  17 hours ago   88 comments top 19
1
cubicle67 12 hours ago 7 replies      
I deleted my LinkedIn account some time back, but I still get email like this (copy from actual email, not paraphrased)

Subject: [Freind]'s invitation is awaiting your response

Body: [Friend] would like to connect on LinkedIn. How would you like to respond?

[Photo of friend] Confirm you know [Friend]

... and ...

Subject: Invitation to connect on LinkedIn

Body: [Photo of friend]

[Me],

I'd like to include you in my network to share updates and stay in touch.

- [Friend]

All emails sent from friend's email account, not LinkedIn. I've confirmed with friend that they were completely unaware of this and were quite embarrassed.

Not cool, LinkedIn, and most definitely dishonest.

2
Paul_S 10 minutes ago 0 replies      
Any person who used their company email to sign up to linkedin and then leaked the password by giving it to linkedin should be sued by the company that employs them for negligence. They are the same people who re-use their passwords and write them on post-it notes.

Frankly I have no sympathy for them at all. As you can probably tell.

3
fragsworth 16 hours ago 4 replies      
This is somewhat off-topic, but has anyone felt like they are "typecast" into a certain industry or job position by their LinkedIn profiles?

What if you don't want to stay with the same industry for the rest of your life? All your contacts probably already endorsed you for your skills in a that industry. It seems like a situation that increases friction in trying to move between fields, industries, and job positions.

Should you delete your profile? Would it seem weird to potential employers/business relationships that you are missing a LinkedIn profile?

I think this will become a more visible problem in the near future.

4
andmarios 16 hours ago 3 replies      
I abstain from LinkedIn deliberately and I can confirm that I am sick from their spam.

Every time a friend joins their network, I get tons of invitations to connect, despite the fact that I have unsubscribed from their spam-list (to which I never subscribed in the first place) enough times.

Real professionals should not need spammy social networks to prove themselves.

5
daviddaviddavid 15 hours ago 4 replies      
The "People You May Know" feature of LinkedIn is downright disturbing. Everyone in my third-party email's Address Book shows up as a person I may know. This includes people without LinkedIn accounts, people who've been dead for years that I never removed, people that I've only ever exchanged a single email with.

I never gave LinkedIn my email creds (I'm astounded that they have the gall to ask for my email password). Also, it is 100% inconceivable to me that all of these people would have given LinkedIn access to their email accounts.

6
eonil 13 hours ago 0 replies      
LinkedIn has tried phishing people to take email account using username(so the email address)/password entered when login.

I really scared on it when I discovered it. I could avoid this because I was using different password for mail account, anyway I think many people gave their email account to LinkedIn silently.

And now they are finally getting punished.

7
TheSwordsman 16 hours ago 1 reply      
LinkedIn is the primary reason I'm cautious to link my different services to something external (facebook, twitter, etc.). Even those I'm a bit more lax on compared to my email.

Nothing, but me and my devices, should ever have a reason to access my email. If someone or something is trying to access my email, even with explicit permission, there's no way they can be up to anything good.

The activities that originate from LinkedIn touching your email account is definitely sketchy at best, and definitely spam. There doesn't seem to be a good way to stop unwanted emails going to a single address.

Hell, I've found that even getting them to stop sending you emails regarding your account / groups you joined doesn't always work. Speaking to their support department ends in a response with something like "our engineers are aware" with no change in behavior.

Half of me wants to just get rid of LinkedIn, the other half of me likes seeing old acquaintances getting promotions/moving on to greener pastures.

===

Dear LinkedIn,

Please stop being scummy...we'd all appreciate it.

Cheers!

-Everyone from the Internet

8
wfunction 16 hours ago 1 reply      
I used to think people were just being ignorant, and that if they had read the screen they would've known to not give out their passwords.

Then I got a LinkedIn account and almost got tricked into typing my credentials... it was only when the Google authorization screen came up that I realized what had happened.

9
Renaud 11 hours ago 1 reply      
I really do not understand how LinkedIn is still in business after all the crap they have pulled over time: they have been trampling on their users for years.

Is everyone so cheap that they wouldn't pay for a professional that would not have to resort to these fishy and downright scammy (scummy) tactics?

What does it say about the value of your professional life when all you can afford to further it is to give that much power to an organisation whose sole incentive is to make money off your back by whatever means necessary?

10
jval 9 hours ago 0 replies      
I would presume that their acquisition of Rapportive plays some part in their use of emails and recommendations.

I know for a fact I have never given them access to my email accounts but they have started surfacing 'people you may know' recommendations that are actually email addresses from my contact book where I have Rapportive installed.

11
scarmig 14 hours ago 3 replies      
Does anyone have any alternatives to LinkedIn? I think it plays a function that's useful, particularly the floating, easily discoverable resumes you can point people at plus recommendations. But the cons just drastically reduce its overall value well below zero.

The resume aspect is easy enough to host yourself, and the searchability is not clearly an overall pro anyways: I really don't want to be harassed by random recruiters who found me using a keyword search.

But would it be weird to host your recommendations of others on your own site? I.e. include a link to some canonical representation of their identity and vouch for them? That may be getting into the weird territory. And what about hosting their recommendations of you? That seems well into the weird territory.

Maybe the best thing that LinkedIn offers is a willingly creepy networking site that gives you an excuse to ignore social norms.

12
yeukhon 16 hours ago 0 replies      
thank god someone took this step. LinkedIn. I will never work for you. I don't like your service. One time I chose to only send invite to several friends. Instead, Linkedin sent out invites to every single person on my gmail contact list, some are public mailing list and it was embarrassing. Linus way: FU LinkedIn. Your UI sucks.
13
brador 13 hours ago 1 reply      
> which allows the company to slurp up the contacts list of the third-party e-mail account with which the member signed up, if the member is logged into that e-mail account in the same browser.

Is this a thing? Can any website slurp my contacts if i have hotmail or gmail open in the same browser? How are they doing this?

14
Fourplealis 6 hours ago 0 replies      
There was discussion about this day ago: https://news.ycombinator.com/item?id=6421742
15
gurkendoktor 8 hours ago 0 replies      
The saddest announcement about OS X 10.9 was that Apple will add LinkedIn support. No one should support a cheap scam company like them, much less bake them into the operating system :(
16
anodari 1 hour ago 0 replies      
Surely they use deceptive techniques to try to broaden the base. I would not doubt they improperly accessing the email accounts when someone uses the same password to register.
17
mswe 11 hours ago 0 replies      
I deleted my account but it's not even deleted. Hope other lawyers take on them and sue the hell out of them. HATE LINKEDIN!
18
nwzpaperman 5 hours ago 1 reply      
LinkedIn is great if you need more emails in your inbox to boost your self-importance quotient, but I haven't heard of anyone in my sphere that was discovered and hired due to LI.

It seems all of the technology companies are givin their best effort to invading privacy and undermining trust on a societal level. There will be lasting consequences for these behaviors.

19
livestyle 15 hours ago 0 replies      
It's just Growth Hacking, nothing to see here.
22
More Thoughts on CPU backdoors (2009) theinvisiblethings.blogspot.com
9 points by fejr  3 hours ago   1 comment top
1
mikemoka 2 hours ago 0 replies      
23
Peachy Printer - The world's first $100 3D Printer 3ders.org
284 points by jschwartz11  23 hours ago   98 comments top 31
1
WestCoastJustin 22 hours ago 3 replies      
Kickstarter link @ http://www.kickstarter.com/projects/117421627/the-peachy-pri...

This is such a cool concept -- I backed it! I do not want to highjack the conversation, but I think it is worth mentioning, that this is kind of a "grinds my gears" [1, 2] moment when someone links to a summery, which borrows the video and images of a Kickstarter campaign, you are essentially diverting the campaigns traffic, why not just link to the campaign? This article was kind enough to at least link to it in the last paragraph. This summery is currently #1 on HN, which it likely driving tens of thousands of people to this suboptimal page [3, 4].

[1] http://www.urbandictionary.com/define.php?term=Grinds%20my%2...

[2] http://www.youtube.com/watch?v=dHtRnOXXZ0w

[3] http://aberrant.me/front-page-of-hacker-news/

[4] http://www.backwardcompatible.net/179-traffic-hacker-news-ef...

2
SwellJoe 22 hours ago 2 replies      
This is the first 3D printer I've been excited about since the very first one I saw maybe a decade ago.

The reason is that it is actually a novel approach that I can see is in its very infancy...and it's clever as hell. The reality of 3D printers is that at this stage of their development, they aren't useful for a lot of people; at least not useful enough to make them a cost-effective purchase.

This, however, begins to make it seem a reasonable purchase for a wide variety of people. Any hobbyist or artist that builds things would find this an awesome tool for taking their ideas to the next level. Table top gamers can make their own models. People who work on electronics can make their own boxes and internal parts. The possibilities are pretty broad. They've always been broad...but the printer options have always been expensive, or required you to build it yourself.

We're getting close to a 3D printing revolution. I'm not the first person to say that. But, this is the first time I've ever said it, because it's the first time I saw a glimmer of hope that it would actually soon be in the same league as laser and inkjet printers in terms of cost.

And, this may be the time when I finally opt to jump into the pool and try out this new tech. If I can think up something I'd actually want to regularly use it for, I probably will.

Anyone know how tough the resulting objects are? Could I use it for something, such as gears or a chassis for an outdoor computer, that needs to take a lot of abuse and expect it to hold up?

3
grannyg00se 15 minutes ago 0 replies      
I was just talking to my mom about 3D printers on Friday, trying to explain the processes of the different types, and how the most accurate ones like this (lasers, laser-sensitive liquid, directed high precision curing) are the best but also the most expensive. That conversation would have gone much differently had I seen this project a few days ago.

One hundred dollars is a major game changer. I've been somewhat reserved on the 3D printing hype because of a lack of necessity for most people, and a lack of precision/usefulness at the lower price range. This can change all of that. For one hundred dollars you no longer have to worry about longer term entertainment value or interest for children. It's the cost of a couple of video games. And for project work, you don't have to worry about needing it for multiple projects. At $100 a single use justifies the cost many times over. I'm looking into spending $400 right now on a single 3D print for a small product I'm working on.

I love rewarding ingenuity.BACKED!

4
noonespecial 22 hours ago 0 replies      
That's the "Woz-est" engineering I've seen in some time.
5
lumberjack 22 hours ago 1 reply      
Damn I didn't quite realize the ingenuity of using a mirror instead of fixed axis until I read this:

>Build volume: There is no certain limit on build volume. In the same way that a flashlight beam gets bigger the further it shines, so does the build volume of the Peachy Printer. Although this has not been tested, we have high hopes to print a full size canoe! This will require a build volume of approximately 3'x3'x16'. The real limiting factor in build volume is time... It could be possible to calibrate the Peachy Printer to print a house, but it would take years![1]

And here I am thinking it was to save money on the rods and stepper motors.

[1]: http://www.peachyprinter.com/?_escaped_fragment_=printer-spe...

6
kevingadd 22 hours ago 6 replies      
I wonder how much error is introduced by the use of the headphone jack to drive the printer - you've gotta deal with line noise from the computer's sound card, mixing latency/glitches from the OS, and the device sampling rate, along with any noise introduced on the audio cable.

Does a 3D printer like this not actually require high-precision data to work correctly?

7
tonyarkles 1 hour ago 0 replies      
This is rad! As I looked through the list of people involved, I learned that one of the guys doing it was a close friend of mine through EE school.

And I have to chuckle a little bit about how much of a prairie farmer hack this is. People around here build crazy hacks like this all the time on their farm equipment, glad to see them getting some publicity!

8
ibrahima 23 hours ago 1 reply      
Hmm, this is pretty much getting into impulse buy territory (for a 3D printer), and it even helps with my #1 problem justifying getting one which was that I haven't really learned any 3D modeling, by being capable of scanning (though I guess you could also do something similar with a Kinect). Could anyone with more insight into these things explain further why this is unique and whether there might be drawbacks? This almost seems too good to be true.

(for background, I just want a 3D printer to tinker with, and if it works at all for $100 I'll be satisfied - I might have as much fun building it as using it)

9
tinco 23 hours ago 1 reply      
This is great stuff. I have no idea what I'd use a 3d printer for, but this guy's awesome approach to engineering has me wanting to buy one just to reward his work.
10
andrewcooke 23 hours ago 2 replies      
this may be obvious to everyone else, but took me a while... stereo!

[there are two mirrors to drive (or, equivalently, a point in 2D to target with the laser) and i couldn't see how to do that with a single audio signal.]

11
rbanffy 14 hours ago 0 replies      
After a close look at the simple and clever design and the not quite practical printing method, I'm about to say this is the ZX-81 of 3D printers. Not quite an Apple II, but cheap and may serve to ignite some imaginations.
12
mrleinad 18 hours ago 0 replies      
"Grayson wrote an add-on to blender which translate 3D model into an audio waveform".

This guy probably has a t-shirt that reads "What would McGyver do?"

13
scoofy 22 hours ago 1 reply      
This is a bit too good to believe, but at $100 i'll bite. I've been into 3d printing for years now, and my main concern is material. If this resin is durable, and doesn't get soft in the car on a warm day, this design could be really groundbreaking. If not, it'll be a waste of everyone's time. The quality looks pretty decent given how awful low end 3d printers can be without a ton of tinkering. My current printer cost me about 2K and ABS/PLA at $40ish/kg actually adds up when prototyping. I'd love to have something really cheap like this to test out prints before finalizing them in ABS.
14
DanBC 22 hours ago 1 reply      
> The software we wrote as an add on to blender takes the data from that 3D model and translates it into an audio waveform. It then plays the audio file out to the printer through the headphone jack in your computer. This waveform drives a pair of electro magnetic mirrors. The higher the volume, the higher the voltage, the more the mirrors move. The purpose of these mirrors is to reflect and control the path of the laser beam. By using the audio waveform generated from the 3D model data to drive the mirrors, we are able to get the laser beam to draw out the shape of the object. That's takes care of the X and Y axes.

I look forward to people doing weird interesting things with this!

I have no idea how lissajous figures could work, but they're cool and in 3d resin print they'd be cooler.

15
dm2 19 hours ago 0 replies      
Awesome product! The beginning of the video needs to be redone, stop switching the camera angle and get rid of the techno music. I'd recommend starting the video with a timelapse of a printing with some basic explanation audio.
16
jimktrains2 22 hours ago 4 replies      
Mount a Raspberry PI to the side of it (with a USB microphone)and you could treat it as a network-attached printer :-
17
ttty 1 hour ago 0 replies      
Why when I visit this website I get a torrent downloade automatically? widgets_tweet_button.html.torrent
18
daeken 22 hours ago 0 replies      
I got my first ever 3d printer today (Makerbot Replicator 2). It is seriously the coolest piece of tech I've ever seen, which is really saying something. I can't wait for the price to drop, and for damn near everyone to have a 3d printer of some sort.
19
jlgreco 22 hours ago 0 replies      
I wonder if this will work with a combined headphone/microphone jack.

Regardless, I love the approach taken here; really quite clever.

20
scotty79 22 hours ago 3 replies      
Awesome idea. But isn't mirror inertia a problem?

Also constant velocity of z-axis movement might pose some inefficiencies because if you want to print a box you have to set the rate of ascend low enough for the laser to create full bottom and you can't speed up when you are building sides of the box.

21
mcantelon 21 hours ago 0 replies      
Is the resin for this a standard type of resin? Seems like you don't get much of it with the kit.
22
robomartin 1 hour ago 0 replies      
It's clever and really neat. That said, please don't think you are going to get parts of the quality, accuracy, surface detail and durability attainable through other more established methods.

The only reason I am funding it is to support someone thinking outside the box. I really have no use for it due to the issues listed above. I'll probably gift it to someone who might. I've done that a number of times with KS projects.

23
nanofortnight 10 hours ago 0 replies      
I wonder if you're able to get accurately sized objects for gears and such. The resin for photolithographic printers normally suffer from shrinkage after printing.
24
codehero 22 hours ago 0 replies      
I really like it and its entirely analog nature is refreshing. It makes sense to set aside something like a raspberry pi for it (I would never use a PC, especially on update tuesdays. And I would not want to set my PC audio to full blast so the output swings the full +-2.5V).

Mechanically delicate though. Vibrations disturbing the surface of the liquid will skew the print and cause poor layer adhesion. And you have to make sure your surface is perfectly level.

25
marincounty 16 hours ago 0 replies      
I just heard a few weeks ago that the patents on laser 3-D printers expired. I really hope this freedom fromlawsuits will inspire many more Inventors.

physibles!

26
ris 19 hours ago 0 replies      
I wouldn't trust the dimensions of things made by this one millimeter.
27
tocomment 18 hours ago 1 reply      
So why does it have to use audio? And why can't it use servos to move the lasers?
28
samstave 12 hours ago 0 replies      
At this price - I would love to see an array of these printing into a larger vat to produce large objects.

This will make it so meta-printers can be hacked together:

Mount the Peachy onto XY motion capabilities (whats the word for this?) axes? -- and it should be trivial to make a hydrolically lifted resin system that is quite large indeed. (that was the most ingenious part of this design, IMO.

It should be easy to create a resin vat calculator where you simply provide the XYZ dimensions of your container and it will calculate the drip-resolution for you so you know at what rate to adjust the flow to get whatever resolution you need.

I'm getting several of these.

29
fudged71 20 hours ago 0 replies      
Very clever ideas in this design. I hope it can scale up the way he suggests!
30
antr 23 hours ago 2 replies      
why does the site, before it finishes loading, want me download a *.torrent file?
31
agumonkey 21 hours ago 0 replies      
beautiful approach. love the audacity 'model preview'.
24
How Bitcoin Works Under the Hood [video] youtube.com
33 points by nvk  3 hours ago   9 comments top 4
1
Aqueous 36 minutes ago 0 replies      
Another cool BitCoin video which is not very technical, but has impressive visuals:

http://vimeo.com/63502573

2
kimar 1 hour ago 0 replies      
Very good video. Wish he had said a few words about how it all started and who is behind the technology.
3
joemir 3 hours ago 2 replies      
Seems very accurate.
4
MarkTanamil 3 hours ago 1 reply      
when is this pathetic fad going to die?
25
The American Dream, RIP? economist.com
54 points by soundsop  3 hours ago   78 comments top 13
1
jonnathanson 1 hour ago 2 replies      
Social mobility and income distribution are not the same thing, and people leap to some intellectually dubious conclusions when they conflate the two.

A lot of comparisons are being drawn, for example, between the 1920s and today. While the income distribution curves look startlingly similar, the concentration of wealth is very different. Most of today's 1%+ are "working rich," i.e., they receive the bulk of their income from salaries and bonuses -- not from ownership or direction of capital.

Most of the turn-of-the-20th-century rich were actual capitalists/industrialists -- "robber barons" who secured monopolies on commodities, trade routes, new technologies, and so forth. These robber barons built generational fortunes whose relative scale and unshakable concentration are unmatched by anything since, including today. Their children, grandchildren, and great-grandchildren enjoyed lavish fortunes not of their own merit or creation.

Today's income gap appears troubling, and I don't want to downplay it. But the frequent comparisons to the Gilded Age are superficial at best, and they veer us off topic. This is true whether one is looking at the comparison from either side of the politico-economic spectrum: the pro-capitalist side (because the majority of today's elites are not capitalists, per se, but wage earners in highly paid fields like finance), or the egalitarian side (because what, exactly, are we proposing to redistribute? Opportunity? Wealth? Salary? Market demand? And how will we do this?).

And that's not even touching on globalization, which seems inevitable, and which has had a major effect on the disappearance of working-class and middle-class jobs. The article touches on the effects of new technologies, access to them, and ability to master them -- but this seems pretty meritocratic unless access is restricted to the children of privileged families. That's where we need to turn our lens. That's where things start to look less meritocratic and more aristocratic.

It's time we took a more nuanced view of this issue. For one thing, we should look beyond the present income inequality and toward the future implications. Is social mobility going to suffer for the next generation? Is wealth concentrating in generational amounts? Is the current power-law distribution crystalizing into a caste system? By some indications it is, and by other indications it's not. Let's go there. Let's dissect this. We need less hand-wringing and more investigation.

I'd be much more troubled by an uneven playing field than by uneven scores at the end of the game. By many accounts, today's playing field is fairly uneven -- and that's where we should be focusing our attention and effort. At the same time, we need to be comfortable with the probability than a perfectly even playing field will still produce uneven outcomes. It might produce more uneven outcomes, depending upon one's choice of modeling. Nevertheless, we're looking too much at the symptoms and not enough at the underlying sickness in the system.

2
tokenadult 2 hours ago 6 replies      
I've read various reviews of Tyler Cowen's new book (and I read his blog, very occasionally). I'm not worried about what he is worried about. I have lived overseas, twice. I'm back in the United States because the joint conclusion of my family (including my wife, who grew up in another country) is that the United States still offers us, and millions of other people, a whole lot of opportunity for personal advancement that is hard to find in other countries, even thriving, developed countries that also have representative government, a free press, and broad protection of individual liberties.

The death of the middle class in the United States has been predicted for a long time, but middle-class Americans still look like rich people in most other countries. The whole economy has been transformed over the last century (my uncle farms land that was first developed into a farm by my grandfather a century ago, when a large percentage of the United States population were farmers), but people are still mostly employed, and living in larger, more comfortable houses, eating better, and living longer[1] than ever. What is called decline in the United States looks a lot like progress anywhere else in the world. People are still very eager to immigrate to the United States,[2] so what exactly is the problem?

[1] An article in a series on Slate, "Why Are You Not Dead Yet? Life expectancy doubled in past 150 years. Heres why."

http://www.slate.com/articles/health_and_science/science_of_...

Life expectancy at age 40, at age 60, and at even higher ages is still rising throughout the developed countries of the world.

http://www.scientificamerican.com/article.cfm?id=longevity-w...

[2] http://www.theatlantic.com/international/archive/2013/09/232...

http://www.gallup.com/poll/161435/100-million-worldwide-drea...

AFTER EDIT: I've still got time to edit this comment, so I'll respond to the people who think I am ignoring important trend lines. I respectfully disagree. (Note that I am well known here on Hacker News for saying that United States K-12 education needs improvement, so I am by no means saying that there is nothing left to improve, or nothing to worry about, here.) A funny comment posted on Hacker News about Japan's "lost decade" (posted before I opened my user account here)

https://news.ycombinator.com/item?id=329218

shows how difficult it is for a developed country to lose ground:

It was terrible. People were forced to eat raw fish for sustenance. They couldn't get full-sized electronics, so they were forced to make tiny ones. Unable to afford proper entertainment, folks would make do by taking turns to get up and sing songs.

I've grown up in the United States, and I've been hearing predictions of doom here throughout my life. Doom here still looks like heaven to most people in most parts of the world.

3
1qaz2wsx3edc 1 hour ago 0 replies      
The thing, I think people miss about automation is that it will increase unemployment rates -- forever. The more society is automated the less labor humanity has, the less we need to do to survive.

I think, as automation become common place, society will have a larger unemployment rate, continuing into a welfare-based society. It will be a time where art, science, and creative will grow, as basic needs will be supplied easily via automation.

4
eldude 1 hour ago 1 reply      
So the worst case here is that the poor might move to GASP Texas! And enjoy a better quality of life associated with a smaller government. What a bizarrely narrow-mindedly ignorant perspective, which I imagine will resonant quite well with the anti-Walmart crowd that is equally too narrow-minded to appreciate the impact and empowerment Walmart has on the poor.
5
JulianMorrison 38 minutes ago 0 replies      
The American dream of meritocracy and working your way up has been a lie from day one. In a pyramidal social structure, even if rising is possible, it's probabilistically unlikely. You should predict that your "merit" is in the normal range and you will remain in the largest class, subsistence workers. To convince people that "anyone can make it" implies "everyone can make it" has been a triumph of political bullshit, and the sooner it unravels the better.
6
wffurr 1 hour ago 1 reply      
"The American Dream" was a myth from its very inception, perpetuated to suppress labor and preserve the capitalist status quo.
7
cliveowen 1 hour ago 1 reply      
I don't know, at this point I've read a great deal of similar articles that seem to imply a golden age for software developers and technology entrepreneurs and a dark age for everyone else. Even worse, the implication seems to be that the winner-takes-all mechanism will concentrate wealth in an ever-shrinking elite. I don't think this is completely true, while on one hand we have more automation and ever-lowering operating costs for many kinds of businesses that in the end let relatively few people service even millions of customers (think Instagram for a recent, technology-related example) I think, we're also heading to an even more globalized landscape where every company will try and capture customers in every country. Servicing not millions, but billions of people and offering services in every corner of the world will actually create demand for people with average skills, a new form of middle class will emerge. If the future will get to a point where everything will look really bleak, I think jobs will be created with the sole purpose of keeping the cash flowing. Unemployed, unhappy people aren't customers, are lost sales. A middle class is needed, middle class jobs are needed, if they won't come up naturally, someone will make sure they'll exist somehow.
8
cmdkeen 1 hour ago 1 reply      
I think the final paragraph points out the obvious point - social mobility has never really fully existed. Previously large swathes of the workforce were never expected or enabled to progress - women and ethnic minorities.When they are included I doubt the golden age looks so golden from the point of view of "everyone" suddenly getting rich off the economic returns of work.

Now the economy is much more open to merit - the problem with meritocracy (as the article points out) is that once you open it to everyone whole swathes of people lose out. See the trends of successful women marrying successful men thus creating a more closed top tier of society.

9
mmagin 1 hour ago 0 replies      
Feels like somewhat of an overlap with the kind of trends Nassim Nicholas Talib has been writing about -- extremely non-gaussian curves for the probability of various outcomes including wealth.
10
VLM 2 hours ago 1 reply      
I had to LOL at the paragraph incorrectly beginning with "It describes a future largely stripped of middling jobs". He's describing the present.

The future is already here, just not smoothly distributed.

11
rickjames28 25 minutes ago 0 replies      
Another clown(writer) with an agenda.
12
robomartin 45 minutes ago 0 replies      
This is a typical extremist view of the universe. One in which things are always absolutes operating at the ideological limits. A social digital scale, if you will. Nothing in the middle. Everything is either a one or a zero.

It is utter nonsense.

The real world does not work this way.

The United States is still a place where anyone can reach nearly any goal he or she desires. The pre-conditions are simple: You have to be willing to make the effort to reach your goal.

It's that simple.

Do you want to be somebody? Then be somebody. Don't waste your time playing games and watching TV. Optimize for future success rather than for current comfort and self-satisfaction. Be uncomfortable. Be hungry. Understand that ignorance is not a platform for success and learn something. Learn lots of things. Take risks. Fail. Take more risks. Fail again. Don't give up. You will succeed. And, when you do, you'll get to read an article by someone pointing to the great unfairness and inequality of our society. And the first thought that will pass through your mind is likely to be "clueless".

This is my problem with folks who have never touched the real world. If you look at his CV [0] it shows he has lived in academia his entire adult life. This is like the idea of sex without having the experience of sex. It's like watching a bird fly, learning and researching the physics of bird flight and not really understanding what it is to be a bird and fly. There's a huge disconnect between people who operate in these sterilized environments and those who actually touch the real world.

I've had mind-blowing conversations with experienced business owners who barely got a high-school diploma. The insight and understanding of the real world some of these people develop is absolutely amazing. And, in most cases, the results parallel their understanding. They are successful, build great businesses and enjoy a fantastic quality of life.

I realize I am shooting the messenger. This approach perfectly valid and logical when justified. People who come from a purely academic world view have, through no fault of their own, a view of reality that is utterly distorted. There's a huge difference between talking about the statistics of business and wealth and the act of actually getting out there and devoting ten or twenty years of your life putting it all on the line to create businesses and wealth. That's the perspective their writings lack. And that's why, despite credentials, these messengers are not to be trusted to understand reality. It's like a teenager thinking they understand sex by watching lots of porn. Not the same thing.

How many economists warned us of the economic implosion of 2008/9? Not many. The folks who did were actually living in the trenches and neck-deep in the muck of reality.

[0] http://www.gmu.edu/centers/publicchoice/faculty%20pages/Tyle...

13
frank_boyd 1 hour ago 1 reply      
26
Trader Joe's Ex-President To Turn Expired Food Into Cheap Meals npr.org
96 points by mdturnerphys  17 hours ago   60 comments top 13
1
jjoe 15 hours ago 2 replies      
With the exception of infant formula, the laws that the Food and Drug Administration (FDA) administers do not preclude the sale of food that is past the expiration date indicated on the label. FDA does not require food firms to place "expired by", "use by" or "best before" dates on food products. This information is entirely at the discretion of the manufacturer.

A principle of U.S. food law is that foods in U.S. commerce must be wholesome and fit for consumption. A "best by", "use by" or expiration date does not relieve a firm from this obligation. A product that is dangerous to consumers would be subject to potential action by FDA to remove it from commerce regardless of any date printed on a label.

Source: http://www.fda.gov/aboutfda/transparency/basics/ucm210073.ht...

2
billybob255 16 hours ago 2 replies      
Not to downplay the good work he's doing, but both of those things (selling expired food and giving it away) are both pretty common. There are discount stores who specialize in expired food.
3
pedalpete 15 hours ago 0 replies      
I think what most of the comments here seem to be missing is that (what I think is being said) he is takin on the fast food market in under-privileged areas where finding healthy food is a challenge. I think this is the case because the interview says they will cook the food for the patrons, and that he'll be serving the inner city areas not currently served.

Many of the people living in the area dine on fast food because it is incredibly cheap. "Real" food a"can't compete at this price. However, maybe post sell by date foods can.

The challenge is likely to be one of marketing, as it won't be difficult for the fast food chains to label the newcomer as selling rotten food.

4
_lex 15 hours ago 8 replies      
I HATE this. I previously shopped at Trader Joe's with confidence - I knew I wasn't being gouged on price, so I generally ignored prices. I knew the food was good, so I could turn my brain off and just buy whatever I fancied. However, maybe 7 months ago, I started to notice that I was buying expired or nearly expired things from Trader Joes - bread that would go bad the next day (got mouldy), cheese with mold, etc. It was super irritating, and I would never remember to return those things so I'd wind up eating the cost.

I eventually realized that for perishable goods, they put the new stuff in the back of the shelves, so now I just head for the back of the shelf when I need to buy perishables there. This sucks for me, since buying at TJs used to be a stress-free experience, and now I check the 'use-by' dates on everything.

I actually flirted with shopping at Walmart (the one on San Antonio), but even though the prices are lower, the checkout lines are crazy at peak times, which is when I shop.

I also checked out Safeway, but they do a pricing technique that I call "Price Warfare". They randomly advertise products on heavy discount, and get you to incorporate those products as defaults in your shopping habits, then they switch their discounts to other products. This means that I've wound up paying $7 for basic icecream (which usually costs around $3:50). They also like to prominently display expensive items and hide their cheaper substitutes. This is most visible in their produce section - if you go in looking for grapes and without your senses about you, you'll pick up organic grapes by default. It also means that shopping at Safeway is mentally exhausting, since I've got to recalculate the 'best' prices on everything I buy every time I go there - so I avoid it now. <end rant>

5
eyeareque 16 hours ago 0 replies      
It is great to see an entrepreneur tackling an issue that will benefit the world (in a huge way) vs tackling an issue that will make someone build wealth for themselves.
6
detrino 15 hours ago 1 reply      
I worked at TJ's as a teenager and they gave away the expired bread to a homeless shelter.
7
smsm42 16 hours ago 1 reply      
I've always wondered where the products go when they are past their expiry date. They don't suddenly go bad at the second expiry date passes... Are they just thrown out? Sold to discount stores? Sent to local homeless shelter? It it legal to give expired products to anyone? Does it expose one to liability?
8
septerr 13 hours ago 0 replies      
I have always felt bad about fresh produce going to waste in my fridge.Between my buying the produce and it going bad, there is always a point where I know I am not going to be able to use this stuff and in 2-3 days it will be unusable. I have looked for services in my area where I could take these items to. Something like soup kitchens who can then incorporate them into their cooking. But all the organizations I found took only canned goods and prepared food from large scale organizations like restaurants.

I had even thought it would be a great program for a charity register homes that are willing to give away soon-to-go-bad food. Then have volunteers stop by these homes on a predetermined schedule (once a week or so) to stop by and collect anything that the home might want to donate.

9
kunai 16 hours ago 1 reply      
It's not really "expired" food. The sell-by date is just an indicator of when the item begins to go slightly stale. In the case of foodstuffs like fruit and milk, there are expiry dates and it's best NOT to eat past that expiry date.
10
marincounty 16 hours ago 3 replies      
I had a crazy friend who ate for years out of Trader Joe'sgarbage cans. One day a cops were called. After, thathe still went back, but a lock was put on the garbage.
11
S_A_P 14 hours ago 0 replies      
I'm reminded of an experience I had at a deli. I ordered matzo ball soup. The cup of soup I got had an expiry tag from 2 weeks prior in it. I still ate it. I lived. I can't say that I was happy about it though.
12
bsullivan01 13 hours ago 0 replies      
This will go on until an adorable child dies and everyone--even the aunt that has never seen the child--sues
13
ck2 13 hours ago 1 reply      
How is this a "good thing" ?

Take something they rightfully have to give away and instead make profit from it.

I already see grocers giving out tons of food to the local food bank, if they can convince governments to let them profit from it, that is one more path against poverty taken away by corporate entities.

Another way to eliminate waste would be to price the product lower?

If a regional grocery throws away tons of bananas each week, why not make the bananas half the price and run out of bananas each week?

27
AppSeed Turn sketches into functioning prototypes fast kickstarter.com
43 points by kimburgess  12 hours ago   6 comments top 5
1
bengotow 1 hour ago 0 replies      
I don't really understand projects like this on Kickstarter. It's a great concept - the demo looks awesome, etc. But it's a viable product. Why should I kickstart an app that will be a paid product after it's finished? I know folks use Kickstarter as a form of market validation, but I think the number of apps in this space already demonstrate that the market is valid.
2
mjn 8 hours ago 0 replies      
If people are interested in digging into this kind of thing, there are some very interesting papers on the subject:

http://scholar.google.com/scholar?hl=en&q=sketch-based+proto...

One of the bigger chunks of funding has come from the U.S. military, which wants to let commanders sketch battlefield diagrams like they do on paper, but get computerized results, both for dissemination, and for use in things like simulations (where typical RTS interfaces are too foreign to be good for realistic wargaming): http://www.qrg.northwestern.edu/papers/files/forbususherchap... / http://www.cs.northwestern.edu/~gdunham/papers/nuwar-AIIDE05...

3
johncampbelljr 6 hours ago 1 reply      
I'm sure there are other apps in the same space--this is one I've used in the past:

https://popapp.in/

I found that using a tool like the pop app helps me focus on UI/UX without thinking in code. The 30 minutes or so I spent building out a wireframe has been a valuable time saver once I started coding.

4
rajeevk 5 hours ago 0 replies      
I was also thinking to add similar feature in my app Lekh Diagram (http://www.avabodh.com/lekh). I have not spent much time on this yet but, IMO the biggest challenge in doing sketch recognition is to resolve ambiguity on interpreting recognized shape/strokes . A hand drawn shape can be interpreted differently by different people and can be interpreted differently in different context. A computer program interpreting exactly what user has intention, is a challenging task. But I believe that a system can be build which will probably work 90% of time correctly.

Wishing good luck to these guys!!

5
dansmog 1 hour ago 0 replies      
is it possible to link screens together? Like for instance, on the homepage screen, there is a login, and i have a seperate screen for login, so can it be linked together.
28
Show HN: Mr. Poole - A butler for Jekyll github.com
13 points by theOnliest  6 hours ago   8 comments top 3
1
asiekierka 49 minutes ago 2 replies      
It might end like moot.it. Just saying.
2
jvzr 5 hours ago 2 replies      
Funny how we had the same idea for the name: https://github.com/jvzr/MrPoole

But kudos to the OP for delivering. I switched over to Middleman, so mine will never be publicly released.

3
noufalibrahim 4 hours ago 0 replies      
I was a lot less imaginative and wrote a little Emacs mode called Hyde which can be used to manage a Jekyll blog - https://github.com/nibrahim/hyde
29
How to tell your mother and bosses why they should protest surveillance slate.com
105 points by casca  5 hours ago   36 comments top 14
1
corysama 2 minutes ago 0 replies      
Wish I had a quick link to the reddit post I read from a guy who lived in an active police state. He explained what it's like to be contacted by the government asking for a "favor". And, "btw, we noticed some questionable items in your uncle's file."

It's not just about you. It's about everyone you've ever cared about being used against you. Now imagine anyone considering doing anything the govt might not appreciate in that environment...

2
rayiner 4 hours ago 3 replies      
I think this is important, but abstract arguments aren't really going to fly with grandma. Tell them that atheist Obama is reading her church emails. That'll get them fired up. Or if your grandma voted for Obama, tell her that can you imagine if Dick Cheney were reading your DNC emails?

You have to make political issues personal. Personify them. That's why "welfare queen" was such a smashing success. Privacy advocates have to figure out how to put a face on NSA spying.

3
phaer 5 hours ago 1 reply      
* It undermines the freedom of the press because journalists need to protect their sources.

* It undermines the rule of law because the government should not know what you discuss with your lawyer.

* It sabotages the health system because you should be able to talk to your doctor in privacy.

4
raldi 3 hours ago 0 replies      
A shorter response to "I have nothing to hide" is "Why do living room windows have curtains?" (It's not because of crimes or orgies.)

Another good response is, "Then would you mind if I inspect your wallet, nightstand, medicine cabinet, and tax return?"

5
summerdown2 32 minutes ago 0 replies      
If you want to explain why surveillance is creepy, show your mother or boss this video and ask how they'd feel:

https://www.youtube.com/watch?v=Uz8PdALdQDI

To give some background, it's a man who simply walks up to people and starts taking video. It's amazing how many people get annoyed with it.

I think this runs close to performance art, and is the best demonstration possible, because it's so easy to empathise with those under scrutiny.

6
boi_v2 4 hours ago 0 replies      
I say: Never give truth to the power.

To make people understand what I mean I tell them about Martin Luther King and how the FBI concerned him as a threat to the public, he was kept under strict surveillance to collect information that would be used to blackmail him. The FBI collected information about Dr. King's plans and activities through and extensive surveillance program, from wiretapped telephones to hidden microphones in hotels and motel rooms.

Then aI ask: What if your kid is the next dissident, can you guarantee she/he won't have to step up and fight some absurdities? What will happen with she/he under the surveillance state we live today?

The problem with "normal people", those who have nothing to hide, is mainly one: you are telling the power what is important for you. I know this seems silly if we only think about ourselves (micro view), but it became a real problem when we realise the whole society is doing the same at the same time (macro view), telling the power what is important, where they should invest, make money, find/manipulate our geniuses, blackmail, incarcerate or kill our dissidents is just non-sense.

7
ijk 4 hours ago 1 reply      
Everyone has information they would rather not be public, but many people don't realize that until it happens. Remember, most people aren't the focus of mass attention; we don't care if the information gets out because we can't imagine other people actually caring about us en masse until it happens.

Bruce Schneier has responded to "I have nothing to hide" with "tell me your salary." We all have things that we'd rather not have specific other people know, but privacy is usually thought of as protection against the anonymous crowds, and our social taboos haven't caught up to the new world.

8
uptown 3 hours ago 0 replies      
I believe one of the most compelling arguments for mainstream individuals is to appeal to their sense of fairness. People don't always understand privacy - but they tend to understand fairness.

A simple, relatable example would be exploiting insider information to use in the stock market for huge financial gain. Access to confidential business communications gives individuals an unfair advantage to exploit that information for personal gain.

Now, there's no proof that this has taken place, but one has to assume that given the scope of what's collected, it easily could - and eventually will, if it hasn't already.

9
spydum 3 hours ago 0 replies      
For the longest time, I combatted my conspiracy theorist friends who were sure the government was out to steal our freedoms by saying that such a conspiracy would require collusion by far too any people, and that since the advent of the internet, that kind of thing would be near impossible. The only thing that concerned me was the possibility of controlling communications (under guise of internet censorship). I asserted that if such censorship ever got passed, our brilliant cryptologist and internet freedom fighters would step up with larger efforts such as TOR to defeat such measures, and preserve our communication freedom and privacy. Someone would start a new network, trying to resolve some of those vulnerabilities that governments and criminals had found exploitable in the past. I am no longer comfortable with that answer. It seems this has all transpired, and we have been left unprepared. Perhaps the internet is too big to fail, and people will lay down and accept the abuse we suffer, because it is too difficult to find another way? More upsetting is, perhaps those friends and relatives weren't so crazy after all?
10
bjoyx 4 hours ago 0 replies      
Remember Minority Report? What happens when "big data" applied to the dragnet flags you as dangerous because of a false positive. Let's start by comparing patterns in the data of known terrorists to everyone else and put the closest matches on a no-fly list.
11
dllthomas 1 hour ago 0 replies      
A playful response to "I have nothing to hide" is "... are you really that boring?"
12
mmariani 5 hours ago 2 replies      
Too much text. If anyone want to have at least some slim success conveying these ideas the message has to be impactful and short. That's why "think of the children" and "if you have nothing to hide you have nothing to fear" work so well.
13
nilved 4 hours ago 1 reply      
Could somebody post this on pastebin for people who don't like to visit Slate?
14
Evolved 2 hours ago 0 replies      
The nothing to hide idea is interesting because it works both ways. If I have nothing to hide then I shouldn't worry about the NSA, according to them. On the other hand, if I have nothing to hide then they should have no reason to surveil me and shouldn't do so.
30
The Ph.D.-Industry Gap chronicle.com
141 points by unignorant  1 day ago   201 comments top 44
1
xianshou 23 hours ago 11 replies      
I've interviewed a lot of Ph.D. candidates for software engineering jobs at startups, and have only ever encountered two problems: (1) lack of ability to code, and (2) mismatched expectations.

Poor coding skill accounts for perhaps 80% of the industry no-hires. Well...that's not exactly fair. Poor coding skill under pressure. Most Ph.D. candidates are either out of practice or used to taking a long time to think about and solve a coding problem. That's great for academic software, but misaligns with both rapid development and (importantly for the candidates) the style of interviews. Most Ph.D.s wither under the expectation of producing a feature very quickly.

Some Ph.D. engineers can code extremely well. If they don't end up at the company, it's because the following dialogue happened, implicitly or explicitly:

PhD - Look, I'm great.

Company - Yes, you are. How about $X?

PhD - Given my specialized skill, I was expecting more like $1.5X.

Company - Well, $.8X is what we pay the new grads, so $X is what we'll pay you.

In other words, their ability is clear, but their market value isn't enhanced very much by their specialization, when most companies are looking for the skills that developers get during their bachelor's or master's.

2
jblow 23 hours ago 4 replies      
The article is hard to read because it feels like this guy is really fooling himself.

If he were as good in academia as his rhetoric claims (building software that "revolutionized" a field) he should have no problems. He should not even need a job, as he ought to be able to just start something. He should have no shortage of strong ideas about what he could be doing.

Instead he is aimlessly searching for a job.

So, I have no choice but to disbelieve his rhetoric. He probably isn't particularly good at anything, and just stumbled through the PhD system. Well, surprise, that isn't worth much!

3
Xcelerate 21 hours ago 5 replies      
Wow, a lot of harsh criticism for Ph.D's on here! I can't speak much for a graduate degree in computer science (I don't know anything about it), but at least in my field - chemical engineering - there are many jobs that absolutely require a Ph.D. When I was an undergrad, I was dismayed by the number of "Ph.D. required" comments I saw on Intel's job listings for anything involving original processor design (only a BS was necessary for being a fab engineer).

A BS in chemical engineering basically qualifies you to be a process engineer. Sure, you can get a R&D job, but it's going to be a lot harder than if you have Ph.D. And there's plenty of research jobs out there; it's basically the impetus for a company's success over its competition (again, the science-y industries). There's certain tasks I would not consider hiring anyone for unless they either had a Ph.D. or had somehow independently demonstrated the capability for novel, unique research and problem solving skills.

I know the article was about CS, but the title was "Ph.D. - Industry Gap" and there's many fields out there where I feel like a Ph.D. is almost essential for particular jobs in those fields.

4
rayiner 16 hours ago 0 replies      
This is what I find ridiculous about the software industry. On one hand, everything is highly derivative. Python, Ruby, C#, whatever, is just a warmed over syntactic variation of the same basic technologies that have been in existence since the early 1970's. On the other hand, the industry is hyper-focused on finding people with exactly the experience in the particular warmed over rehash that happens to be the blue plate special this week.
5
freyr 19 hours ago 1 reply      
I hate to cast doubt on the guy, but he seems to have based the entire article on his own personal experience. So we have one side of the story from the most partial participant. Despite claiming to have approached the problem scientifically, he's only considered a sample size of one. If he's writing an article about this perceived societal issue, why not broaden the scope beyond himself? What percentage of CS PhD's are unable to find employment? What about Stanford CS Ph.D.s?

Further, I encountered a fairly high proportion of people in grad school who had, for one reason or another, difficult personalities (heck, this probably applies to myself). How do we know he isn't bombing the interviews for such a reason? We don't.

That said, it sounds like his graduate work was performed in an area that's irrelevant to industry. Despite acknowledging this, it sounds like he believes that this work alone (and the academic reward it received) should qualify him to work. He needs to realize that many employers don't think this way. They don't make the leap "He did X, so certainly he can do Y for us". That's just the way it is, and the sooner he realizes that and refocuses his attention towards the employers needs, (rather than his prior solution to an unrelated need), the better off he'll be.

6
lvs 23 hours ago 1 reply      
It's a great observation, but I think the cause runs a bit deeper than the author attempts in this short piece. The issue is that academia has grown a lot over the past several decades [1]. Federal funding has approximately doubled in the past two decades, and the annual number of PhDs has increased by ~50% [2]. At the same time, the number of tenure track faculty positions in the US has nearly halved [3].

So you have a situation in which we're training a lot more PhDs, so mean research group size is growing dramatically, but we're offering fewer of the sort of academic jobs that can allow them to excel in their trained discipline. As these folks then leave academia, they're very often leaving for jobs outside their field. This is a really unfortunate loss of the incredible taxpayer investment in their education that we should all be supporting, not discouraging.

[1] http://www.aaas.org/spp/rd/fy2014/fedperf14p.jpg

[2] http://www.nsf.gov/statistics/infbrief/nsf10308/tab3.gif

[3] (embarassing wiki link, since labor statistics are a nightmare to sort though) http://en.wikipedia.org/wiki/Tenure_(academic)#From_1972_to_...

7
hapless 23 hours ago 2 replies      
"the worlds most respected, business-savvy professors can misjudge companies valuations of the doctoral degrees they so thoughtfully hand out"

It is impossible to convince a man of something when his salary rides on his not believing it. Your professors have certain incentives to hold particular beliefs about the value of a phD.

There is no polite way to say that, which must be why it was not included in the essay.

8
dkhenry 23 hours ago 1 reply      
You know poor candidates can go to great schools, they can even get doctorates. They can also be useless, and the set of skills that make you useful are not necessarily the set that you get from an advanced degree.

Also FWIW the part about "dropped out of PhD a plus" is intentionally taken out of context. The full context from the link

    BS/MS in Computer Science or equivalent (PhD or dropped out of PhD a plus)
After reading that I am very leery of taking anything else he said at face value. This is a target piece that is clearly putting the headline above the truth.

9
georgemcbay 23 hours ago 1 reply      
In my experience (as someone who dropped out of undergrad to enter the industry, fwiw) there is a pretty widely held bias against people with PhDs in quite a lot of the software development industry. Almost like having spent the time to earn a PhD is like a way worse version of coming to a (non-financial sector) software development job interview in a three piece suit with a tie... you're just instantly distrusted by a lot of folks. I'm sure it varies from company to company, but I've seen this behavior repeatedly over many years.

I don't agree with it, for what it's worth. I do understand the rough justification that academic work is very different than real-world coding, but even if you accept that reasoning 100% then at the very worst a PhD should be seen as a neutral to slightly positive indicator (at least they see things through) if the person is otherwise a fantastic fit, not a negative. However, in my experience this negative bias towards PhDs in the greater software development sphere is a real phenomenon.

10
benihana 22 hours ago 2 replies      
The analogy about the Porsche is really telling. This guy isn't a Porsche. This guys is a Kia that costs as much as a Porsche and so therefore is convinced it's a Porsche. A Porsche doesn't need to tell you how fast it can go, how well it's engineered, how beautiful it is. A Porsche can speak for itself. A Kia can't - it needs to be proven, and the only way it'll get a chance to prove itself is if it's cheap and the risk of it sucking is mitigated. John Carmack is a Porsche. Donald Knuth is a Porsche. This guy is not.
11
sidww2 2 hours ago 0 replies      
It seems to me that their must be more to this situation -- I'm doing a PhD in CS and I don't know of a single PhD I knew in undergrad (top 20 program) or grad (top tier program) who wasn't able to find a job right after graduation -- and by that I mean a job that payed more than what an undergrad straight out of college would get (though it may not involve any research). This was irrespective of the subfield in which the PhD in CS was.

It sounds very weird that someone coming from a Stanford CS PhD -- a top tier PhD program in the heart of the Silicon Valley would not be able to find a job quickly...

At any rate, whatever the circumstances, from anecdotal experience, such a case is almost unheard of for a PhD in CS coming from a good program.

12
yetanotherphd 23 hours ago 0 replies      
As someone who searched for jobs as a de facto CS PhD, I can relate to what the author is saying. PhD's tend to slot into very specific niches, and if you don't fill that niche they won't want you, even if your skills are a superset of the skills they need. I was rejected for certain jobs because my research wasn't closely related enough. People whose research was squarely in that area had no problem getting these jobs. In the end, my job ended up being something I didn't realize I was qualified for, but with hindsight I fitted the niche perfectly.

Part of the problem is simply that the market is "thin". There are less jobs, and less PhD's than there are people with Masters or Bachelors in CS. So the matching process takes longer. People won't want to hire you for a job you are overqualified for, and in the long run this would be bad for both parties.

As to the people who think that professors are just over-confident so they can keep churning out PhD's, I think this is wrong for two reasons. First, the situation is subtle, and hard to understand for someone who isn't actually going through it. Second, the market is not bad, it's just very peculiar: as you can see, the author did get a good job in the end, it just took a lot of time.

13
msutherl 23 hours ago 1 reply      
The elephant in the room is that if you're a successful academic, you should be either networking to get invited into the sort of position that companies don't post openings for or founding a company. Jobs, and especially job calls, are for suckers.
14
ivan_ah 23 hours ago 1 reply      
I have a PhD and have been talking to different employers and they don't know what to do with me. Sure I can code, sure I can sysadmin, sure I can solve problems, and convert cutting edge research into practical applications, but what exactly am-I good for? The chameleon analogy is very good...

So I say, f*ck it, and keep doing what I know how to do best: teach, write and build tools for teaching and writing.

To all chemistry and biology PhDs out there, please get in touch with me if you want to write a short textbook to introduce UGRADs to your field. Together, we can partner and take over the textbook industry.

15
Swizec 23 hours ago 2 replies      
The problem, essentially, boils down to the fact that the author had a Ph.D. but was a junior at whatever the companies he was applying for needed. But didn't want to get a junior level position.

This is where "And (2) my Ph.D. background, while impressive, just didnt fit the profile of a data scientist (whose background is usually in machine learning or statistics), a product manager (Ph.D.s couldnt even apply for Googles Associate Product Manager Program until recently), or a programmer (my experience writing code at a university, even on a product with 47,000 unique downloads, didnt count as coding experience)."

I don't know about the other profiles, but programmers with only academia experience rarely code better than complete juniors. I've recently helped a team of Stanford grads get to grips with coding in an industry environment and the biggest surprise seemed to be that just because it works it doesn't mean it's done. You have to make it supportable, make it workable-on by others etc. etc.

16
tosseraccount 22 hours ago 1 reply      
Take your Ph.D off your resume.

Real world software production needs little "computer science" expertise. There's too many Ph.D.s that take a research angle on projects. The goal is to design/implement/test/ship/support/improve and make money.

Best programmer I ever met didn't graduate high school.

Supply and demand determine wages. Ph.D. does not entitle to more pay. The industry simply does not rely on credentials like, say , the medical industry which does require an M.D. for the best paying "line" jobs.

17
RogerL 23 hours ago 0 replies      
I don't know the author, so I cannot say how his interviews went. In general I think you have to take control of the interviews and just show the person why you are valuable. It's hard to find talent; the person interviewing wants to like you, if for no other reason than she can get back to coding.

The PhDs that I've interviewed have applied for very senior positions, yet not brought all of the skills needed. Which is more than jusr abstract thought. You need to turn out code that is maintainable and readable by the team. You need to ruthlessly reduce the problem and algorithms to a level that allows you to launch before you run out of money. Far more than being a thinker or researcher, you need to be an engineer. You need to be very, very productive. And so on. I'm not sure what the answer is, but there is a pretty big gulf. You look at the projects and okay, it's somewhat interesting, but impractical. You ask them how they'd solve a problem that you are trying to hire them to solve, and you get "I'd conduct a study..." when we have 6 months to market and your study would take a year, and probably not provide definitive results. It's just a different mind set. I can't afford to bring you into a senior role and wait while you learn to be an engineer, while you learn to code at a higher level than 'University code' (a disparaging quote about the quality of the code Sergy and Larry brought to Google) and so on. We have a real, hard problem, and need an extremely focused, skilled, multidimensional person to perform it. I've yet to come across a PhD that made me think they could do it.

"I can learn to do that". Well, sure. Anybody can, it's just that so few do. Only a small handful of people actually produce at a high level in the ways I'm talking about. I don't want to bet on you being one of the few.

18
foobarian 23 hours ago 0 replies      
I was in a similar situation, and I did notice a certain uneasiness in my interviewers due to the degree. I thought the reason was that it's hard to believe that someone who gets a fancy degree would be willing to stoop down to a software engineering job. That's very important to employers because they don't believe you will stick around. My interviewers asked me repeatedly if I was aware that the job wasn't going to have any glamorous paper writing or research or going to conferences, and that I would have to gasp write code. I caught on quick and was able to reassure them, and after a few fizzbuzz type questions they were convinced.

And amazingly, they told me that many Ph.D. candidates who come through cannot write a single line of code. I don't understand how that's possible but I would be wary too, in their shoes.

19
eliben 2 hours ago 0 replies      
Google grabs able PhDs like hot cookies. Is this another "I failed my programming interviews, hence all programming interviews are bad!" rants, thinly disguised behind an attention-grabbing headline?
20
websitescenes 2 hours ago 0 replies      
Paying for knowledge that is freely available will always be kinda silly in my opinion. This is how I see school in general and why I dropped out and never looked back. School is great for some but very detrimental for others. If your field requires a certification then you need school, if not, you're probably wasting your time. Try building something or making your own company.
21
tsotha 21 hours ago 2 replies      
Where I work an advanced CS degree is a strike against you. What we've found over the years is people with advanced CS degrees just aren't very productive when it comes to actually producing code.

They tend to want to rewrite things that work but aren't very elegant, or they become despondent over the language we're using and the reluctance of management to allow them to use Haskell for their piece of our Java project.

22
mathattack 3 hours ago 0 replies      
It is very hard for me to have sympathy for someone who spent 5+ years at a great school, likely funded, in a useful discipline that struggles to get a job.

I would like to hear from academic departments on why they said no the academic superstar from Stanford. I would like to hear from IBM and Microsoft on why they couldn't use him. That's what's missing.

Maybe it's entitlement? Some of that creeps into the article. Maybe it's a personality that just isn't agreeable? Some of that is in the article too.

23
dimitar 8 hours ago 0 replies      
* Are you truly focused on the job at hand or are you focused on proving your credentials?

The difference is subtle, but its a trap that many highly qualified people fall into. I'm under the impression that the author spent a lot of time talking about his PHD and what he knows rather than the problems at hand.

* Are you sure you are not overvaluing yourself? Jobs are in short supply, PHD looks like risk.

And the example with the Ferrari was awful - if the luxurious car was on sale with a marginally lower price it would sell. Faster, the lower the price.

24
dev1n 3 hours ago 0 replies      
There was an article on HN recently about how the STEM job-gap is a myth. In the article the author discusses how if there were in fact a job shortage in STEM careers, STEM wages would be driven up. Chand Johnson's article seems to go right up this alley. The perceived "STEM shortage" is really just a way to drive wages down in the technology center so that corporations can reap the rewards.
25
morgante 18 hours ago 1 reply      
The experience factor is huge here, and should be pinpointed. Being able to work in a non-academic environment is incredibly important, because honestly the pace and quality of technical work done in academic settings just isn't comparable.

> "Companies hesitated to hire a Ph.D. with no industry experience"

That, for me, would be the #1 red flag. How does one even go through getting a PhD without getting any industrial experience? Not a single internship, even as an undergraduate?

This tells me that either the PhD literally can't code (and hence nobody even wanted them as an intern) or despises industry so much that they never wanted an internship (and hence I'd be pretty worried about how much they'd be committed to the new job).

26
phamilton 23 hours ago 1 reply      
I would like to see someone like this remove their PhD from their resume and see if the conversation changes at all.
27
dajohnson89 21 hours ago 1 reply      
The author lost me here: "Despite having programmed computers since age 8, I was rejected from about 20 programming jobs."

This reeks of entitlement and, well, whining. When I first entered the SofEng job market after undergrad, I stopped counting rejections once the number passed 30. It took another 6 weeks after that, and the rejection count must have pushed 100.

Should I write a navel-gazing blog post too?

28
asafira 23 hours ago 3 replies      
Hi everyone,

So I am actually a PhD student in physics, but I've been in love with tech for as long as I remember. I am actually doing a master's degree in CS along the way, both because I'm incredibly interested and because I thought that would really give me an edge when I want to finally go into the tech sector. (i'd be able to say more than "I have the technical chops and have done well throughout my academic career.")

This article troubles me though. Am I going to be faced with an employment brick wall in a few years? I have a lot of friends in tech, and they are very supportive of me joining. Will my PhD actually stifle my ability to get jobs I want? I haven't seen very convincing articles about it, but if there are Stanford CS PhD students having difficulties, what's going on?

I plan to do an industry internship next summer, and I hope that will at least help. What if I want to go into product management though? I have a google interview coming up in two weeks for a software engineering role, but I was shut down for even an interview for their APM roles. Maybe I needed more tech experience? Would this summer internship be enough? It's just unclear and troubling.

29
bigd 15 hours ago 0 replies      
Most of the time if you do not get a job is because no one wants to work with you.In my opinion, PhD to PhD, is that you have to learn to be modest and do not sound like an overconfident asshole.you are not an used car to sell. Academia is famous for making people who loves the smells of their own farts. Be humble, be modest, demonstrate that you are good, and you'll get a job.
30
lnanek2 19 hours ago 1 reply      
Doesn't sound like he had much of a portfolio of launched apps. Just one 47k lines project is the only one he was specific about. The rest was about education that doesn't matter much.

If he really wants a programming job he should get his hands dirty and publish some apps, either alone or meeting up with tech meetup or study group. A PhD is not studying how to code, you just may code a little as a by product. Then he could talk about launching and features and getting code done day after day instead of talking incessantly about education, and he'd land the job.

Kind of strange he wasn't able to place due to the old boys network, though. I know tons of people running startups who simply check their alma mater first and foremost when hiring. Especially schools like his.

31
tildedave 8 hours ago 0 replies      
A big piece I found missing missing from the original article is the question of engagement: how do companies know that you're going to like the job? The kind of person who enjoys an academic career may not enjoy a software development career because the activities and values involved are rather different.

I moved from academics (freshly graduated computer science PhD) into software development four years ago and when I did I had to answer a lot of questions about why I wanted to make the move.

My experience is of course not universal but I think that career trajectory is a big part of senior interviews once it's been established that you can do the job. It's a broader issue than just academics vs industry. No matter what field you're in, you have to sell you your career transitions as 'make sensing' to the jobs you're applying to. Job searching from the company side is more complicated than accumulating experience and rewards (the Porsche in the original article) to end up being granted a job.

I wrote up some longer thoughts on this: http://www.davehking.com/2013/09/22/jumping-from-academics-i...

32
ssivark 22 hours ago 1 reply      
"It was like being a chameleon and trying to get jobs where you had to be red, blue, or black. Yes, youre capable of becoming any of those colors, but companies would rather hire animals that already were those specific colors."

"I eventually realized that, like many Ph.D.s in many other fields, I had fallen into the Ph.D.-industry gapi.e., the gap between highly specialized Ph.D. training and corporate-world expectations..."

There seems to be a dissonance in these two statements. If the former is true (based on description of his experiences) then companies would rather have specialized people to fit into slots (red/blue/black) than have a generalist (chameleon) who could grow to match nuanced needs. It seems like the problem was that he was not specialized enough in the very narrow skill they were looking for. If that's the case, then it goes against the commonly held opinion expressed in the 2nd excerpt.

33
resu 23 hours ago 1 reply      
You'll probably have a much easier time if you're willing to sell your soul and apply for quant jobs on wall street.
34
kenster07 18 hours ago 0 replies      
Say you have person A and person B who have equal raw ability. Person A spends 6 years gaining domain-specific knowledge for his job through real work experience, and person B pursues a PhD in a somewhat related field. Which person do you think will command a higher salary in the job market?

It doesn't seem to be an efficient usage of time to pursue a PhD for the express purpose of earning a higher salary upon graduation.

35
Dewie 21 hours ago 0 replies      
> I dont believe that top graduates are entitled to jobs, or that going to a top university makes you better than anyone else, or that I deserved an easier job search.

Well... apparently you do.

36
muneeb 19 hours ago 1 reply      
I'd be surprised if someone from http://csl.stanford.edu wrote that article. My point is that it matters a lot what area you did your PhD in and not just that you finished a PhD in CS. If your area was Machine Learning and you can't get a data scientist job then you obviously messed up. If your area was networks/systems and you can't get a programming job then you obviously messed up! Those cases are very clear (and rarely ever happen). But you can't take a specific case of working in an area outside of core systems or ML and then try to generalize it as the "PhD -- industry gap". CS is an exception, and not an example, of the PhD--industry gap. Try talking to grad students outside of CS and you'll see how envious they are of CS PhDs finding industry jobs.
37
leeny 23 hours ago 1 reply      
I'd love more info about what happened during the interview process at each of the 20 jobs the author applied for.

I can definitely imagine a situation (and being a recruiter, have seen situations) where a PhD will keep you from getting your foot in the door. There can be concerns about the ability to actually write code, the ability to be practical, to be OK with working with unclean data, the ability to get stuff out the door and have a hacker mentality, etc etc.

However, these concerns tend to arise BEFORE starting the interview process. Once your foot is in the door, unless there's a huge disconnect between the people doing the hiring and the people doing the filtering or unless the job description changes midstream, how you do in interviews is more important than your background.

38
marincounty 15 hours ago 0 replies      
I think the business world has realized many professions don't need the Ph.D. 'Give me a hungry kid who's willing to learn' --Gekko That's one of the lines that really resonated. Actually, that movie, along with Platoon really captured the duality of man--at least for me. Off subject, but I'm off today.
39
wtvanhest 23 hours ago 0 replies      
Hey, if you don't customize both your resume and the message to the job you won't get it.

You are getting beat by people who want it more and who don't feel entitled by having the PhD.

40
michaelochurch 18 hours ago 0 replies      
This guy's getting shredded-- and unfairly so-- here, and Porsche is the wrong metaphor (he's more like a high-end supercomputer; almost no one has any use for more than an iPad these days). However, he's dead right about one thing, and it will affect everyone here who is serious about programming.

As you get better, the jobs available to you get better, but the job searches get a lot harder.

PhD programs exacerbate the problem. You get better fast (faster than people do on typical early-20s grunt work) and by 27, you're already at that level of skill that starts to complicate job searches. (Again, jobs available are better; but 3-5 month searches are common.) In addition, you haven't learned the judgment-of-character skills that most people pick up in entry-level hell; whereas most people, by the time they get good enough that it starts to actually cost them job prospects, have learned those skills.

41
MichaelMoser123 8 hours ago 0 replies      
Depends on what type of job one is looking for; it depends upon the niche.

- i think that as an algorithm expert one will find places that do value a Ph.D

- as developer/coder you will have to consider that your prospective manager will feel discomfort at managing you (regardless of the applicants coding skills); A manager needs somebody who gets the job done, he does not need somebody smarter/more educated than his own person.

42
tomrod 16 hours ago 0 replies      
I'm worried that I'm going to follow this guys footsteps. I'm an academic economist with a penchant for data science (not useful really in consulting or smaller research groups). We'll see how this next year goes -- I might be writing a similar blog post.
43
kirk21 23 hours ago 0 replies      
If you have the 'right topic' like chemistry, a PhD can do wonders for your career. If you work on other topics (like movie studies), not so much if you don't want to become an academic.

Small weekend project: What type of PhD student are you? https://bohr.typeform.com/to/PPzzY8

44
graycat 17 hours ago 0 replies      
There is an easier answer, a much, much, much easierand better answer: Nearly all of business and industry are stillorganized as a hierarchy much like in the earlyfactories of Henry Ford where the supervisor issupposed to know more and the subordinate issupposed to know less and to add muscle to the workof the supervisor.

If a supervisor has a subordinate that knows more,then the subordinate can challenge and compete withthe supervisor on technical grounds, look morequalified than the supervisor, and threaten thesupervisor's job. Academics has solutions to thisproblem: An assistant professor can win a Nobelprize without damage to the career of the departmentchair. But industry has no solution.

More generally, a Ph.D. must report to another Ph.D.or to the CEO of the company. Put this fact intothe connected, directed, acyclic graph of thehierarchy of the organization chart and see theconsequences.

In particular, industry just will not, Not, NOTevaluate qualifications in a reasonable way.Instead, they tend to have a list of 'skills' andwant to check them off -- Java, JavaScript, PHP,Python, Django, JSON, C++, Mongo, SQL Server, etc.If you can code heap sort or an AVL tree on a whiteboard, okay.

This whole situation is part of a larger one:Basically the US economy for 'careers' as hired'employees' is nearly dead. So, GE, GM, AT&T, etc.are no longer offering 'career paths'. Actually, acareer needs to last about 40 years which meansthat, really, only rarely since the start of theIndustrial Revolution did large, US corporationsoffer 'careers'.

The flip side of this situation is good news: Therole of a good Ph.D. with some interest in businessshould be a company founder, get some 'traction',then take a walk down Sand Hill Road and collectsome Series A checks. Use the Ph.D. and/or thecorresponding learning/talent for the crucial, core'secret sauce' of the business. Then type in thesoftware and get the 'traction'. No one on SandHill Road will question just what the heck yourqualifications were for typing in the software.

Then f'get about a 'job'. That is, if you want ajob, then create one for yourself. An advantagehere is that, just as a solid consequence of justwhat you have seen, the big organizations will beessentially helpless at doing work that duplicatesor equals yours.

One short term option is to be a contract employee.That is, some company needs some SQL storedprocedures or some such written, so you write them.

One 'academic' solution may be to get a job in aB-school that wants to have a good course or coursesequence in 'information technology'. There yourqualifications are fine.

The 'gap' is all on the side of industry, and it canbe taken advantage of.

You can tell the EE department at Stanford that a EEPh.D. can easily want to swap their degree for anelectrician's license.

Why? Because the Ph.D. needs a large organizationwhich is in international competition, and anelectrician with a license has a geographicalbarrier to entry, can work in nearly any town of theUS, can't be fired, and can make money enough to buya house. For the EE Ph.D. in a large corporation,he can be fired after a few years (because he didn'tget promoted into management -- only a smallfraction of new hires do) and find that the guy heknew in high school mowing grass now has eight trucksand 20 employees and is doing better than the Ph.D.is.

       cached 22 September 2013 19:02:01 GMT