Or is the pursuit of profit far more important than the perception of the brand overall?
Right now, and for the last year, the brand is being severely tarnished in all of the networks I have, tech and real-life. I don't see them winning on any front. A Pyrrhic victory.
There is no way I could suggest my friends and family sign up to such an intrusive service, so I quickly deleted my own account.
It's an absolutely stunning achievement to create a web-site that's even more offensively intrusive than Facebook. I hope Google are proud.
I recently deleted everything on my account (G+ & YT included) and it feels great to be free from the constant harassment. I only have Gmail active now. I'm still looking for a new mail provider but once I have one, my relationship with Google is over as far as I'm concerned.
It really depends on how much you need to use Google's services.
Regina: Gretchen, stop trying to make 'fetch' happen. It's not going to happen
Most people have terrrrrrrrrrrible password practices. Absolutely abysmal. And they are keeping extremely sensitive data inside their email as well as using their email address as the key to accessing many other websites and pieces of sensitive data. Think about how screwed you'd be if you lost access to you email address. Now think of how many people DAILY probably loose such access. Phone numbers are an easy, mostly reliable way to identify someone and give them access back to their email address without an investigation and without human intervention.
Plus, let's just get reasonable for one minute here. Google already has your phone number. Ever given it to someone via gmail? Someone else ever given your phone number to one of their friends through gmail? They're just asking for permission to send you a text.
The search result looks pretty good...
Facebook has taken an interesting more sneaky turn recently with their messenger app. Since now they can collect phone numbers without explicitly asking for them.
Once it's given to them just once.. Its with them forever.
And stop asking if I want to download the youtube app every time I go to youtube.com in mobile safari (It is the pop-up banner of this generation.) That goes for all you clever scripting savvy marketers, I fucking despise you.
That was the only choice in the whole page. I have to close the browser session and come back again. I really dont know what to do. Got sucked in. there is no way around. Soon i will get the courage to move out.
I think of it as similar to giving identifying information to my credit card company when I'm calling them. (Though citi pissed me off asking me for the full credit card number a few years ago).
Nothing makes like a website less than annoying screens I have to click through every time I go there.
After the recent upgrade, it did ask twice to turn on Talk for SMS messaging. I said no both times and it hasn't asked me since.
It makes the vocal minority much more vocal.
It'd be more annoying 6 months down the road.
Within the past 10 years, I remember seeing another another film set in NYC which showed a scene in Times Square, completely devoid of people or traffic. It was quite striking. Anyone remember what it was?
EDIT: I see from the other comments it was Vanilla Sky
I always think it's cool when we're able to capture this sort of rare feat on film, in this case emptying out Times Square for a few brief moments
the banners alone,
The lances unlifted,
the trumpet unblown.
And the widows of Ashur are loud in their wail,
And the idols are broke in the temple of Baal;
And the might of the Gentile, unsmote by the sword,
Hath melted like snow in the glance of the Lord.
Here's a series of photographs of major cities around the world done using this technique by Lucie & Simon:
Too bad I'm away for christmas this year, I'd love to stroll trough the empty streets ...
The rest looks like that at 05:30. in summer.
Console stagnation harms all gaming.
But vaporware is always revolutionary (I treat every unreleased software as vaporware). My predictions for steam OS - really rocky start that will settle few months in when the enthusiast community would have ironed most of the kinks and then the heavy gaming hitters will appear.
SteamOS has the potential to be a juggernaut of gaming that eclipses consoles. Will Valve prove to use their talent and determination to make this THE eventual go-to gaming platform? (Note: Rhetorical headlines can usually be answered with a "no.")
Maybe. They certainly have the opportunity.
If it's promise is true, maybe this is where we should look for the future of gaming, and the future of platforms.
Is this true?
(meta: yes, just a simple comment to say its great. Lets not forget to post these as well once in a while)
Ben: Maybe when you get everything right it could give you a big green tick or something?
But I still feel like both part 1 and part 2 are far too short; even if read together they provide very little information to digest.
I am currently reading Engineering a Compiler, and I eventually want to build my own small, interpreted language. Does anyone know of any great resources to supplement that book that is particular to interpreted languages? Is a supplement really needed?
On my Android phone:
* With standard Android, I have to whitelist an application when installing it. I cannot pick which permissions I give it, I cannot control when it can use those permissions, and I cannot remove permissions. Ever.
* With Cyanogenmod, I can restrict permissions fine grained both for permissions and applications. This would be really great if it were usable, but when I try to use it the applications behave very badly (often crashing) if they don't get unfettered permission to use my data.
I would love it if (a) applications behaved well in the absence of permissions (I fault Google for setting expectations of availability that don't require this) and (b) I had a UAC style permission granting mechanism so that I control an application's access to my data and can monitor what it is asking for and when. While it could still "steal" my data (cache it, send it to the borg) any time I gave it permissions, it would at least give me a clue that the application was not trustworthy if (when) it popped up unexpected permission requests.
 I cannot believe I said I like Windows UAC dialogs. That will cost me another year in purgatory. :-/
Unfortunately, I'm not sure other operating systems are much better.
> To me this is crossing some invisible but very clear line. I havent used the product yet, and its already trawling through my personal stuff?
I'm confused by this example. Isn't this exactly the purpose of MightyText, the app he installed? It's routing your text messages through you server. Obviously their system knows what texts you are sending, otherwise how would it function?Also, the product has been used if you give it permission to access your contacts.
In 1998 I worked at a large publicly traded insurance company. We provided quotes online and sent a follow-up email to the person with their written quote in it. I was asked to figure out a way to determine when the person read their email. Our infrastructure was Classic ASP so I:
1. Created a new web site in IIS
2. Changed IIS' processing of .jpg to run through the ASP processor
3. Created a .jpg program in the site that would update a quote's record as having read the email
4. Put an img tag in the HTML email that loaded the "jpg" file with the unique identifier on a querystring
Our business people used this to automatically initiate an outbound call to the person the second they read the email. A lot of people were creeped out, "OMG I just sat down to read your email, what a weird coincidence" but by god those people bought insurance from us.
Of course today, that is the reason why images don't automatically load in emails. But there are plenty of people finding new creepy things to do every day.
Because the most likely alternative is they have the exact same information but the consumer isn't fully aware. Which is actually more creepy.
I suggest that if someone doesn't like this business model, then purchase your programs; don't get ad-supported programs.
In other words:
"Yes, I know it's wrong and they should not know these things about me, but I want to use their product anyway, so can we please just pretend nobody knows what's going on in our society?"
Yes, we can! :-)
I can't imagine reading this and not feeling tears well up.
No sense of what I would call humanity. From what perspective does this make the world a better place?
What am I missing about being human that this fits into that I don't understand?
I don't think you can look at this in a vacuum - you need to see these punishments as simply another manifestation of this attitude. This is not a "this group vs. that group" thing; you may find this among "fire and brimstone" Democrats just as often as your "Limburgh Republicans".
I've often said the difference between these groups is: given 100 people asking for a free meal, the liberal will take satisfaction in feeding 99 hungry ones; this type of conservative will fret over the one person who "got away with" getting a free lunch he could have afforded himself.
(Side rant: these people tend to be among the loudest Bible-thumpers, and think "the Good Lord helps those.." is an actual biblical passage.)
Rehabilitation as a way of dealing with miscreants doesn't work in the US for the main part because there is too large a segment of the American populace who feel that these various programs equate to giving them a reward for bad behavior. Why should they (the convicted) get a free hand with job placement when no one else is "being coddled"?
(The wonderful quote "born on third base and thinks he hit a triple" always comes to mind here.)
So you see, Americans understand perfectly well all the logical and economic aspects of this issue. The fact is, it is built into our culture to punish people. We get satisfaction from it. We're not after what's best for the country, we're after revenge.
It's ugly, but I've been around for many years & I stand by that statement.
It's worth asking what is going on here. I'm no expert on law and punishment, but it seems like the U.S. is throwing more resources at the problem (perhaps prodded by for-profit prison lobbyists) and getting poorer results. The cultures are too similar to explain this away by saying Canadians are inherently less violent. As Canada considers harsher prison sentences and expanding prison capacity, it's imperative to understand if this will produce the intended results.
> Anthony Jackson has a sixth-grade education and worked as a cook. He was convicted of burglary for stealing a wallet from a Myrtle Beach hotel room when he was 44 years old. According to prosecutors, he woke two vacationing golfers as he entered the room and stole a wallet, then pretended to be a security guard and ran away. Police arrested him when he tried to use the stolen credit card at a pancake house. [...] Because of two prior convictions for burglary, Jackson was sentenced to mandatory life without parole under South Carolina's three-strikes law.
Emphasis mine. I can't get too worked up about a system that sentences this guy to life in prison. What would be the point of letting him out? He knew he wasn't supposed to walk into other people's hotel rooms and take their wallets. At what point does society get to tell people "you know what, knock it off"?
> After serving two years in prison during his mid-twenties for inadvertently killing someone during a bar fight, Aaron Jones turned his life around. He earned an electrical technician degree, married, became an ordained reverend, and founded the Perfect Love Outreach Ministry. Years later, Aaron was hired to renovate a motel in Florida, and was living in an employee-sponsored apartment with two other workers, one of whom had a truck that was used as a company vehicle by all the co-workers. Jones decided to drive this truck home to Louisiana to visit his wife and four children. When Aaron's co-worker woke up to find his truck missing, he reported it stolen. Aaron was pulled over by police while driving the truck.
I don't understand this one at all. Shouldn't the truck owner have testified on his behalf? Declined to press charges?
I made a cursory effort to look up the case itself, but I have no idea how to do that.
The problem is in the increasing meaninglessness of the term "felony". If they limited it to grievous crimes, there wouldn't be much controversy.
Also, it's weird to have something presented as "news" when The Simpsons covered it satirically about 15 years ago:
"taking a wallet from a hotel room" - we blame it on the court appointed lawyer. He's already been convicted and sent to jail twice for burglary and he continues to break into other peoples places and steal their stuff. Poor guy just took a wallet from those rich vacationing golfers. Screw that. If I was there I'd be scared to death. How many times do we let him keep doing this. Stop doing it stupid.
"stealing tools from a tool shed" - oh he was just riding along. sure he was. already been convicted multiple times for burglary. The fact that he desperately misses his children does not make him less guilty of continuing to break into other peoples places and taking their things. Stop doing that stupid.
"borrowing a co-workers truck" - i think there is clearly more to this story. generally speaking, people don't normally drive other people's trucks 3 states away without letting them know. If it really was harmless, i'd expect the other guy to not press charges or testify on his behalf. Hey guys, it was just a misunderstanding I thought someone else took it. Also, "inadvertently killing someone" is a really nice way of saying he beat the shit out of someone in a fight and the guy died.
Perhaps some of these don't deserve life, but I don't really have that much of a problem with it. Maybe we could lower it to 20-30 years, but I have no problems with escalating penalties. If you are a productive member of society this isn't a problem. These mini-articles are all worded as if these people didn't do anything wrong and just made a tiny mistake this one time and now they are in prison forever. Not the case. Most of them made pretty big mistakes, and they made them repeatedly.
The US is leading the world in incarceration and the privatization of prisons is a big contributor to the problem. Corporations have a financial incentive to incarcerate more people and lobby to keep strict drug laws.
Meanwhile we make jokes and laugh about things like prison rape. I believe we will look back at prison rape the same way we look back at slavery. How barbaric are we that we think that's somehow okay?
For things to change, were going to have to change public perceptions and start demanding change. I wish we were a little less eager to deprive people of their most basic right to freedom.
Now, think, really picture, what a 3 year sentence would do. How hard it would be to recover from losing those years.
Now picture a 5 year, 7 year, 10 year, 15 year sentence. There is a reason Norway generally restricts its sentences to 21 years for even the most heinous crimes. The sentencing here in the US is truly draconian. It only seems proportional because we are measuring relative to what is already going on, so in context this stuff seems "not that bad."
I understand that we don't have the kind of problem that a8da6b0c91d mentioned here: https://news.ycombinator.com/item?id=6743406 however I really don't understand the common sense of the US judicial system.
If I were to be caught breaking some computer misuse act against a UK company it's more than likely a slap on the wrist would be handed down to me. Abuse a US corporation and I would expect extradition and 10 years or more in one of your comfortable prison cells.
Also compare the US and UK prisons themselves.
I am against prison or jail for any non-violent offense beyond fines or 'outpatient' like corrections, they cost much less and might actually help. They keep the individual contributing and don't subject people to a further life of crime locking them up, especially drug offenses when it is really most likely an illness or a non-issue.
If, when they gave a sentence, they reported the projected cost of that sentencing maybe some of this would change?
Things to try to help this:
1) Create common sense filters for sentencing so non-violent criminals or repeat offenses serve no more than x amount of years for a crime or remove jail/prison for non-violence altogether.
2) When sentencing is handed down, the projected cost of that sentence should also be read with the sentence except in extreme cases of violent sentencing. All non-violent sentencing should have a price right next to it so people understand what it really means. i.e. caught with a small amount of drugs = 10 years * 30k per year = 300,000 to put this person away for nothing. Right after that it lists their projected income and loss in taxes. Then a net benefit total which in this case is probably around 500k of economic value for this one offense.
Stupid events like this wouldn't happen if we changed this: http://www.nydailynews.com/news/national/video-shows-man-dyi...
Technology changing society is another side to this. In the past, laws were not only there to dissuade people from doing undesirable behavior but were also more lax and harder to get caught. Nowadays everything is tracked and aggressive laws are now problematic because it isn't just a dissuading factor anymore it is a certainty. If there is something that probably shouldn't be illegal but is based on this past we could be in trouble. So all laws or things like this with non-violence being locked up and a private prison industry run amuck, we need to change drastically soon. People are human and they can mess up, our systems for corrections sometimes mess up the rest of their lives for one momentary lapse of reason.
On the other hand, I'm perfectly OK with some criminals dying behind bars, such as the recently sentenced Whitey Bulger, and so are most other people. By making the headline about the undesirability of custodial life sentences in general, they'er losing a large chunk of their potential audience straight out of the gate.
For example, California's 3-strike law counts non-violent felonies, which sweeps up a lot of criminals into 25 year sentences that they don't deserve.
"The California law originally gave judges no discretion in setting prison terms for three strikes offenders. However, the California Supreme Court ruled, in 1996, that judges, in the interest of justice, could ignore prior convictions in determining whether an offender qualified for a three strikes sentence." 
But these so called "mandatory" sentences are not actually that, it's just that most judges simply don't have the guts to stand up for justice. A judge can use their discretion in setting sentences, but then can be challenged if Government can show the sentence is unreasonable. While following the guidelines is presumed reasonable, simply not following the guidelines is not presumed unreasonable.
Lois Forer was a judge in Philadelphia facing just such a decision, and he explains the process better than I can . In the end, the man he tried to save was resentenced by another judge to serve the balance of the "mandatory minimum" five years. This is a system which is ultimately perpetuated by the judiciary.
I don't blame the legislature for enacting laws that get them re-elected. I do blame the judges for letting a sentencing law unjustly destroy some peoples lives.
 - http://legal-dictionary.thefreedictionary.com/Three+Strikes+... - http://www.thefreelibrary.com/Justice+by+the+numbers%3B+mand...
Do human rights actually mean something in the US?
Ironic that that country, along with its New World cousin the USA, claimed ideals of freedom so strongly. Much more so in the USA. Mandatory sentencing has it's place it can be argued. This seems antithetical to first principles however.
"Patrick had no violent criminal history and had never served a single day in a Department of Corrections facility" - Right, but he obviously had a drug problem since he did NA in prison and probably got in trouble previously, just not enough to go to the Department Of Corrections facility (what his crimes and punishments were are left as an exercise to the reader)
The other stories have similar issues. Blame it on the abusive and threatening boyfriend, not the previous drug convictions and a three strikes law. Life in prison for borrowing a truck from a friend that accidentally reported it stolen?
Look, innocent people get in trouble for things they didn't do. Not innocent people get in trouble for things they didn't do, but were just in the wrong place at the wrong time due to the other things that they did do. It's an unfortunate part of the system and I'm all for things that minimize overcharging and punishing innocent people.
But anyone who can't read between the lines on these is either a sap or just believing what they want to. They even led into it with a statistic about race to soften you up. There are three strikes laws for a reason. There's massive amounts of context missing from these. It's a shame, I generally like the ACLU and what they do, but this is awful.
Would you consider these people so dangerous that you would personally build a small concrete box and forcibly keep them inside for many hours a day for the rest of their lives? Or, is that how you would treat your children if they committed some minor, nonviolent, kinda-maybe-bad act?
No reasonable person would - the moral decision above is clear. Would you pay for someone else to do this?
We are brothers and sisters in humanity, and we elect people who write these laws and treat fellow people like this (and/or refuse to reform the US Sentencing Commission). We are to blame.
It follows the War on Drugs in the USA. As an outsider (Irish living in London) I found it genuinely eyeopening on a topic I knew next to nothing about. For example did you know that the only difference between cocaine and crack cocaine is the addition of baking powder and heat. Although the later will get you 100 times the sentence of the former. There are 19 year olds being put away for the rest of their lives for the possession of a few grams of this stuff.
I don't care what stand you take on the legalisation/criminalisation of drugs, that is insane!
Instead of trying to reduce the rate of reoffending once released, it seems many states go out of their way to marginalise convicts so that virtually no law abiding avenues of employment remain for them. Talk about a vicious circle. That's not evening taking into account the effect of incarcerated parents has on the generation that follows.
I'm going to be honest and say that in general I am anything but a compassion. I have every bit of sympathy, however, for (relatively) innocent people being victims of things like bureaucracy, human stupidity, laziness, or sheer scumfuckery. It's hard for me to imagine what was going on in those judges' heads, but chances are it's something I despise.
This one was the worst for me:
> When he was 22-years-old, Lance Saltzman was charged with breaking into his own home and taking his stepfathers gun, which his stepfather had shot at his mother and repeatedly used to threaten her. He was convicted of armed burglary and sentenced to prison for the rest of his life.
It is obvious (to me) that some kind of exponentiation would be more effective. 2x - 3x elongation per offense would be plenty harsh, harsh enough for the offender to understand it's going to be much worse each time, without it having to be life in prison.
EDIT: On second thought, formulaic sentencing is bad. Sentencing is hard, consistency is hard, but to remove human judgment and discretion from the sentencing process seems obviously wrong.
... Why? Why can't they be brought out of their situation? I know some have been in there for 22 years already; but, why can't they be helped from this? I just... it doesn't make sense to me
Of course no analogy is perfect, but this one gave me pause.
That's how irrational and absurd this law is, the Taliban look like humanists compared to that.
This part struck me. There was grellas' comment on the Google vs Authors Guild thread were the judge decided to go against the 'mechanical' application of the law and took time to come up with a sensible interpretation to handle the case. It's crushing to think about a mother of two in prison for life for a crime the judge itself thought wasn't worth the sentence, potentially leaving her kids in the hands of an abusive husband (I hope they got sheltered at least)
Really drives home the idea that in some ways, America really isn't like the rest of the western world.
Seven out of every ten black men never went to the ninth grade
Didn't have 50 dollars and hadn't had 100 for a month when they went to jail
So the poor and the ignorant go to jail while the rich go to San Clemente"
-- We beg your pardon America, Gil Scott-Heron from the album The First Minute of a New Day (1975)
I think the problem is that on a manifesto a three strikes proposal looks very good especially for those concerned about law and order, the reality is these horrible injustices..
I like that mental model, because if you think about questions as tools to illuminate different areas that you are blind to (whether in your business or customer mindset) you ask different and more insightful questions.
If you want to figure out churn, and you're trying to figure out what you're blind to with your churn numbers you have a more investigative mind set and end up with better insights.
They dive more into it here: www.conversion-rate-experts.com/questions/
If you're bundling in all of your dependencies, or some images/models/sound files then Git gets very big, very quickly.
Fortunately that difficulty has a huge payoff that SVN simply can't beat. Git has a superset of SVN's functionality - it can act as a central repository, and can also support any granularity of permissions you wish.
And you can pull in, pull out subtrees using Git using the git subtree module.
Things like thermal insulation, choice of materials for biocompatibility/minimal long-term hazard etc are all important parts of the design.
There's a fairly in-depth tear-down and explanation of the bits of one by Mike Harrison online. The battery tech used there is particularly neat IMO.
Yeah, it is some 5kg of "litter" if you want to call it that. How much litter is thrown onto train tracks on a normal train station in one day? Will enthusiast jump after it to return it to some organisation?
Yeah, the paths of these "seeds" might cross some air plane or some person on the ground but it is highly highly unlikely. Ever wondered why nobody is hit by rocket parts on new year's eve? It happens but rarely enough because human heads cover such a low percentage of earth that it just doesn't matter even with billions of private rockets shot every year.
We oftentimes ran into the situation where a potential customer really liked our solution, but wanted to run Windows instead of Mac OS X (this was arguably a lot tougher in 2005 when we started, and less so after the iPhone hit). There were a variety of reasons for this:
- Windows was the OS that the company was also using for employee machines, so they knew it.
- The IT department only wanted Windows machines on their network (our grand solution for this was that our machines were sold with direct support and did not need to run on the customers network, which also removed a lot of security pain)
- The customer was afraid of Mac OS X because they thought it would not be stable enough
But most importantly, it came down to simple risk aversion. The employee at a big company that was internally responsible for the 'digital signage' project, would base every decision on which choice would be less risky for his carreer in case the project fails. Lets say they roll out digital signage, and it costs a lot of money, and it doesn't work right. In that case, the employee needs to be able to defend himself against all sorts of questions: "Why was this product chosen", "Why was this vendor chosen", "Why was it implemented in this way", etc. In that case, being able to answer "We choose Windows, because it is the de facto standard" is better for the career than having to say "It seemed to be a stable product". Out of this reason alone, we found companies would choose a solution where they knew that it was far worse (less stable, less flexible, less features) simply because on paper it looked less risky.
In theory, this developer could just use Mono to run his .NET app on Linux. But that requires them to learn how to do that. Personally, I've never found a clear tutorial on how to take a .NET GUI app that you've just written in Visual Studio and get it running on Mono. I haven't looked in several years, so I thought I'd give it a try right now. I googled "visual studio mono" and these were the top 3 results:
None of those are clear at all. The second page links to this screencast: http://www.mfconsulting.com/product/prj2make-sharp/tutorial/...
which illustrates how to use this thing with Visual Studio 2003(!) and demonstrates part of the problem: the Mono version of the app looks noticeably different from the native Windows version. Sure, this can probably be fixed, but it's yet another issue that the dev has to spend time learning how to hack around.
This situation results in substantial cognitive overhead. It's unlikely that an average .NET dev will be able to go into work, install this Mono plugin, compile their app using it, and present to their coworkers, "Look! We don't have to change our process at all, and we can deploy our app on the latest Ubuntu with a minimum of hassle."
It's hard to imagine how wonderful it is to build .NET apps compared to dealing with Qt, because Visual Studio's GUI designer is just so good. Suffice to say, there are a lot of network effects that keep a developer mentally locked into Visual Studio's paradigm of "here's how you make this GUI form;" a paradigm which is immensely difficult for Linux to support natively.
I think it's a mistake for Linux to even try to support this, though, because it's probably focusing on the wrong problem. The way to beat Microsoft is to make it so easy to write cross platform business apps that newer generations never even bother figuring out how to install Visual Studio. I think the web browser will be that solution within the next decade. It's not quite there yet -- it's way easier to get a GUI workflow up and running using VS's designer -- but it seems inevitable. So if you share the author's concerns, then the best course of action is to write some quality tutorials for your web frameworks, and to invent easier frameworks. The advantages of the web will naturally outweigh any possible native program advantage.
My point is that no general purpose OS is immune from fault. All you can really do is remove or disable things which aren't absolutely needed to get your work done. In this case they should have disabled Windows explorer (which, by the way, is supported) or used one of the specialized cut-down versions of Windows (e.g. Windows Embedded 8).
PS - Although I will readily admit that Microsoft makes it insanely hard to licence Windows Embedded, particularly for SMBs. But Microsoft's licensing is far harder than it needs to be across the board, they have an old-mode mindset where they can charge more if they make the whole process harder.
Because the licensing costs are pretty small compared to the project costs.
Because there is plenty of tech support available.
Because Windows flash support is good.
Because there are plenty of developers who will customize it for you.
Because it is easy to add to the existing networking systems being used.
There are plenty of reasons to choose Windows for this kind of thing. why is the article even complaining that the OS is old? No need for cutting-edge here. (EDIT: Oops, that was in the comments section)
(LOL at the mouse jiggler software though!)
If you work in IT for any length of time, you come across people who use Excel as a text combiner to parse tabular text in ways similar to how a regex could, or have similar convoluted workarounds for any number of tasks.
In some ways, these are quite clever hacks.
In other ways, it's kind of sad as it obviously shows how badly GUI-centric "It's a fancy typewriter" attitudes toward computers have ruined generations of users by giving them substandard tools which they barely can make work for an automation task.
I'd love to see a "Signs in Stores-ix" as much as the next guy... but most people who do this are probably designers or businesspeople whose computer worldview doesn't extend behind Photoshop and Powerpoint. And thus, that's what was mandated on the displays...
To be honest I'm more concerned when I see ATMs running Windows 98; at least these advertising displays can't do any real damage...
"raspberry pi" -- 1,060,000 results
"linux" -- 4,890,000 results
"os x" -- 6,910,000 results
"windows" -- 32,800,000 results
I've changed a set of digital signs from running full screen IE on windows (with very long VGA cables) to chromium on Raspberry Pis. The new system behaves a lot better but there were lots of little things to tweak to get it running well. I wrote a short blog post with all the relevant configuration: https://shutdownscanner.com/Blog/Posts/Raspberry-Pi-Digital-...
A lot of the new TVs are smart and come with a built in android browser so you don't need anything else. We have one of these and run Pis on all the existing dumb TVs.
- The cost of a Windows license is tiny compared to the cost of the hardware and software.
- The cost of installation and maintenance: How much does it cost to pay someone to attach that screen to the wall and run wires around the building to the room containing the server?
- Back in 1995 it probably did make sense to use Windows, since it had wider support for hardware and good developer tools. Now that there is a huge amount of software written in the 90s for Windows, it's going to take a very long time to change that (if ever).
- Windows might actually be better for this even now.
At my current gig, we use SiteKiosk which locks windows down tight. It uses the IE WebBrowser control via ActiveX/COM/.Net/however the hell it works. Its basically IE but slightly shittier due to there not being a 1:1 between it and IE proper. SiteKiosk has some pretty powerful digital signage features you don't really get from a Windows Embedded scenario. One feature of 8.1 I was looking forward to was "kiosk mode" but with WinRT being blocked from talking to localhost, except through a hack (yes, fuck you Microsoft) it was stillborn for my tastes.
.NET apps are ClickOnce or xbap, which is basically pre-Silverlight. This is the suckiest part. SiteKiosk can run normal applications and Silverlight with no problems but it took SL 5 to get proper COM support and it isn't terribly easy to make your normal .NET library "just work" so that wrapper for a card dispenser isn't as easy to leverage. Due to the low number of these apps (2), we haven't bothered migrating away from shitty xbap.
The largest amount of applications use typical wamp running a lightweight PHP framework and sometimes MySQL as localhost. Some are completely or partially Flash driven applications as well.
SiteKiosk and leveraging IE lets us focus on perfecting the experience though I've become complacent. IE development is just too slow now and testing in Chrome with superior dev tools are absolutely essential. The problem there is we can easily paint ourselves into a Chrome-only corner if we aren't careful.
Leveraging the POS equipment like barcode readers, card dispensers, or printers are the only thing the web proper isn't really suited for unfortunately. This may be where Windows has much more leverage due to their driver model. Most equipment we interfaced with had a .NET library or simple instructions of use with P/Invoke. I saw very little (<1%) that had anything to do with Linux and in typical fashion wasn't something to simply use via something like PHP or Ruby/Rails. Maybe we chose Windows friendly vendors, though, so take this with a grain of salt.
Well, they know the windows platform and had windows machines lying around. They hooked up PC's to these TV's mounted high up on the wall, either mounted the PC on the TV or put it somewhere that couldn't be seen, and put powerpoint viewer on the PC's.
This might sound like a disaster, but the higher-ups loved it. And it worked quite nicely to my surprise. Windows can easily be configured to start the powerpoint file of your choice in fullscreen mode when the machine starts. Creating the material was as easy making a powerpoint.
So, in the end, the cost of materials and time was minimized because these guys used Windows + Powerpoint for their digital signage. And since they weren't using some buggy piece of custom software, it was fairly stable.
You may not like Windows, but it's a _fine_ computing platform. People get _work done_ with it. Personally, I'll stick with OSX.
Recently we rewrote from stratch our software in Qt so it would run on Linux and Android, even on the Raspberry Pi.
The main barriers we found in Linux adoption were:
- Support staff only knows Windows. This gets worse when screens get installed in remote areas, like we have some screens at Manaus, in the Amazon Forest. There is just no one to support Linux there.
- Flash support state in Linux is unknown. Adobe seems to be discontinuing support for flash in Linux, and flash movies cannot be run on the Raspberry Pi or any ARM device.
- HTML5 is the next target, but even on Windows the embedded webbrowsers are not up to par yet on performance, in Raspberry Pi it is inviable. It cannot replace 100% Flash yet.
- Remote admin support on dynamic IP is great in Windows with Logmein, terrible on other platforms. Yes there's TeamViewer on Linux but it seem not too stable, not to say it looks like to be running emulated. Our customers don't trust it the way they trust Logmein.
That said, we are seeing increased Linux adoptions for some markets. If the Qt5 Blink-based webbrowser is more on par in performance with current desktop browsers, than the adoption may rise a lot.
EDIT: fix newlines
Because it's cheaper. All you talk about is license but what about actual work of setting it up and making it work?
Also, you really think that only WinOS kiosk systems are crashing? You really are so ignorant to think that LinuxOS kiosk systems never crash?
Sure as hell not the way I'd do it, but for a non-critical system that really just kind of sits there and doesn't cause any problems when it crashes, why not if they only know Windows desktop dev and are only deploying a few? Use what you know.
Doing it this way was probably the easiest way in the mind of the responsible engineer and i am sure it generally works fine.
That MouseJiggler thing is pretty lame though ;)
Always wondered what the hell, especially since it doesn't even seem to provide stability.
Seriously, complaining that an out of disk space error message pops up on signs? I have a Slackware Linux box that has been running for years. Probably ran out of disk space a dozen times since I first installed it so I know from personal experience it's not immune from running out of disk space.
I never took "hello world" seriously until I started doing embedded systems work; it's now an extraordinarily important tool for me (I work an anomalously weird number of different environments).
I had a lot of things wrong. It took me a while to understand the difference between control-D and EOF, for instance (how embarrassing). But the 30 days I spent without a compiler made me think about program behavior.
I'm not saying this is a great way to learn a language, but it can be done.
I keep hearing people complain about K and R being "a terrible book." For me it was perfect: pragmatic, succinct, with great examples and good exercises.
Anyway, the hardest step for me in learning a language is when I take some running code and make one change to see what happens. Once I get in the swing of it, it gets much easier, but that first step is still hard to do.
For some reason google decided to show videos 'relevant' to me. But all I want is videos related to what i'm watching.
Thanks, I really like it.
EDIT: I really like the site & hope you flesh it out. Just not getting my hopes up too high. :)
 Neal Stephenson reference.
I still think there is an opportunity to create an alternate video sharing site that's good enough.
Good job, though! I will be using your site instead of youtube as long as your site is live.
Interesting that there's still a Google Analytics tracking call on the page.
It's by far the best solution I've found since it stays out of the way, and when I click on a Youtube link the page is much nicer.
Grats on hitting the front page and I hope you can retain users, its the hardest part about websites like this.
I've heard there's a way get your browser to always connect directly to YouTube's servers, but I could never get it to work.
Will use this instead of YouTube for a while!
PSCan you make "load more" optional? I just want stuff to be loaded as I scroll automagically. :)
However, I agree with others that building a UI on top of it is not much of innovation. I'd rather see new and better apps instead of new and better props for the old and ugly services.
Someone documented it here:
just kidding, great job
- It's blazing fast, much faster than the original.
- Doesn't have that stupid loading bar at the top.
- No more glitched video page loads.
- Isn't going to be redesigned every 5 months like YT.
- The video player is center aligned and not left aligned.
- Drops all the unnecessary UI elements and doesn't bother me to start using my real name with G+.
I've become so pissed off at Google for the way it's been handling YT redesigns (and Analytics redesigns too). It's like they get the most amateur designers out of high school, and go on an a/b test spree by changing absolutely everything they can. YT's gone through 3+ redesigns now. Each one getting progressively more annoying than the last. And they just keep tinkering with things that aren't broken. Remember the slideshow playlist at the bottom of the screen a year back? And who in their right mind would left align the div holding a video player?!
It's annoying when a company treats one of its flagship products like a never ending science project experiment.
Good job on FixYT, my only suggestion: give me the option to turn the color scheme black.
This is a great execution of a bad idea. It's the worst kind of bad idea because it seems like a great idea until you try it. It's novel, interesting, timely, and attractive from a technical perspective, but unless your market is tech porn, you're selling to nobody.
This use case is served by countless hosting services, saturated at all levels from cheap VPS's to Amazon clusters to private farms. The market is really efficient here and doesn't afford much overhead. Distributing computation over volunteer users is enormous overhead both for you and your users -- in terms of molding problems to fit the computation model, maintaining the infrastructure, keeping it reliable and performant -- the list is endless. This overhead means you can't compete with the existing players. Forget about being significantly better, which you would need to be to get significant numbers of people to switch.
Quite simply, the math for this doesn't work. Not yet, maybe not ever.
Maybe there's some amazing secret sauce here, but I don't see it. So I offer a warning that a lot of people have tried this idea and failed because they were oblivious to reality.
First of, market. Not there isn't a market for computing power, but a market for this kind of thing. This is a good parlour trick, to show of browser power, but as a computational framework it doesn't work. There are far better and cost sensitive solutions, even using the cheapest AWS service. I know, because I did the math.
Second there is the ethical problem. You are are off shooting the cost of cloud computing to the website client that will pay for the extra electric power generated by your tasks. How do you justify that? More so, how can you justify a ecological minded person paying for mapreduce geological data from oil company?
Third, and the one that kills you, security. You cannot assure the confidentiality of the data being processed. You can not use homomorphic encryption because you do not know the operations you need to do on your data, and since you are working over it, at least in memory it must exist in plain text. Therefor you cannot assure your clients data confidentiality. Worse, this screws up the market fit. The only people that have big data needing to be processed that isn't confidential is research institutions. The thing is, research institutions buy computer power by the stack. I know, I work at one. There is always some grant that allows them to buy a bunch of computers to do parallel processing.
I've heard about you guys for over an year. And it took you more than a year to complete the full product to launch it. What have you been up to? I've seen clones of your product on techcrunch 500. I made a clone of your product using bitcoins, in a weekend. (I did the calculations and wasn't cost effective and I decided not to launch it) Where I work, Tcnico Lisboa, we are actually thinking about deploying my clone in my work, over computers we own and provide that computing power to the faculty. Actually I've seen this in 2009, when it was shown of by Ruben Fonseca on Codebits (http://blog.0x82.com/2010/11/22/map-crowd-reduce). If anyone can do this, how can you assure the competitiveness of your product.
I'm also reminded of hivemind from defcon this year.https://github.com/seantmalone/HiveMind
0. Obviously, its major strength is its "real-time" nature: I have built multiple chat systems (and presumably so has anyone else who's used Meteor, because it's an example of something that's fun and easy with Meteor but relatively hard with a traditional stack) as well as a map application that tracked the motion of a company's employees in relation to their destination (as part of a dispatching system).
1. It's also the least complicated way of sharing code between the browser and the server that I've seen to date.
0. It's non-npm package manager feels like NIH to me (although I'm sure the team had valid reasons, I've never looked into it). Apparently it's still possible to require npm modules, although I've never tried it.
1. You're more or less stuck with MongoDB for the time being, which I guess a lot of people like but it's not really my thing.
3. It's kind of too auto-magic for me sometimes. The documentation is generally very good, but I occasionally run into weird variable scoping issues and the like, without any way of really figuring out what's happening. Of course, the source code is available if I had time to read it. (Well-written, but big, and I find reading Node code to be mentally more taxing because of all the callbacks.)
4. The biggest con, for me, is that Meteor is basically limited to web applications. I really enjoy the typical single-page web app approach of building an API first, which you can access from other apps later (ie. mobile/tablet). I have no idea how I'd do that with Meteor. I'm experimenting with bundling a Meteor project and inserting the client-side code into a Phonegap app, for a mobile chat thing I'm working on, but that's obviously not ideal.
Generally, I love working with Meteor. I know I've written more cons than pros, but the pros I've listed are huge, and they've allowed me to work on cool stuff. You just need to know what you're getting into.
0. The scare quotes are for the people familiar with embedded real-time systems who seem to always find these comments and complain about how that word has an entirely different meaning when it comes to web applications.
I started using Rails in professional work in late 2005. That turned out to be a good decision. There is hype around Meteor in the same way there was hype around Rails in 2004/2005. The praise and objections are similar. Meteor is not Rails, so don't go looking for too many parallels. And the development climate in 2013 is not the same as 2005. You won't be able to predict Meteor's success or failure in five years, so it's not worth speculating.
When Rails came out, I was ready for it, technically speaking. My skills were in the right place and I was ready for a change. Similarly, I felt I was in a good spot to learn Meteor last year.
So the real question is, are you excited, ready, and able to learn it? If so, go for it. The worst that will happen is you will learn a new programming paradigm (perhaps) and it will inform any other development work you do.
It works for some cases, but it quite limited in the type of database tables it will support. And in the end it's polling mysql for changes to feed to meteor clients.
I also added meteor support to a leaflet-draw package to allow users to share drawing on a map:
Powerful and fun!
Bottom line: Very interesting platform; nicely done in many ways; some concerns about architectural choices; not quite ready for prime time (production use) but probably will be soon.
0. Meteor is in version 0.6.6.4 so there are things not as good as they could/will be.
1. scaling: meteor is 100% scalable. There are meteor smartcollections which use the MongoDB optlog. Nice read: http://meteorhacks.com/lets-scale-meteor.html .
2. Right now you have to stick to MongoDB this will change in a later version.
3. Meteor will get a new rendering engine which will allow you to put angularjs( god only knows why ) or haml or some other templating thingy in meteor.
4. You can use meteor with phonegap right now.
Will meteor solve all your problems? No!
Will meteor will make you not think? No!
It's a great new piece of technology and you will learn new pattern and things. the livedata package and ddp package are great packages on their own.
Everything(almost) is worth learning , the question is , is it worth using ? you give 0 clue as to why you'd need that stuff.
They have packages to take care of most of the stuff for you such as their accounts-ui package.
One helpful place to learn meteor from beginner to advanced is via the screencasts on.
I built http://opentalk.me with it
 - http://www.discovermeteor.com/
If real time collaboration is at the core of your web app, then you'll love Meteor.js.
Meteor buzzed me out - the auto-updating views, syncing data across client & server. Your app can achieve amazing real-time capabilities with very little code.
But now I'm a few thousand LOC into an application, admittedly I've pretty much hit the "wall". The magic baffles me. I'm struggling to solve problems in performance, code organisation and security.
I've been disappointed by the progress and the team behind it. All that funding and I can't see it progressing quickly. The docs are quite weak, there's not many example apps, progress seems slow.
So... on one hand it's awesome and well worth learning. But I'm reluctant to back it for the long term, as I don't see the team/framework moving in the right direction.
Meteor.js seems great but is still a bit of a gimmick in my eyes. But If I'm pressed to pick one, I have to say I'm much more interested to see what happens with Go and web frameworks like martini.
3 good reasons why:
1. It's ambitious.
Meteor is not yet another nodeJS web-framework or client side JS framework. It also doesn't stop at combining the both (with a beautiful DDP to share data between C/S). Meteor' s architecture will make it possible to use it's components for all sorts of applications (other then the obvious web-apps).
2. It's as easy or as complex as you want it to be.
You can write a meteor app in 4 files or in a complex packaged structure. No need to overcomplexify, if you dont't want to. But you cn write large, complex, stable and maintainable code.
3. It embraces the eco-system.
You can rely on all of the NPM packages out there for your serverside logic and use all of the available frontend UI libraries and scripts. It will also enable writing complete reusable components in 1 package: servers-side logic, data-model, client-side logic, UI, ... all in one.
Biggest upcoming updates:
* Meteor UI.Better approach then any other UI framework out there (including Facebook's react or FTLab's fruitmachine)
* Galaxy.Deploy and scale your app on your own infrastructure or in the cloud by pressing a few buttons.
To counter a few of the cons in this thread:
* It's not reached 1.0 and it is therefor not production ready. I'd suggest writing your new applications in meteor anyway. Meteor matures quicker then any other framework out there. Is is well funded and here to stay.
* It is not scalable. Maybe not easy right now to make it scalable. But it certainly will be soon, when using mongodb oplog and galaxy will make it really easy to scale your service.
I run an agency in Belgium (redandivory.com) and we switched completely to meteor for all of our new projects. I think it's the framework of the near future.
If not, then learning Meteor would be a great way to become familiar with JS frameworks, and make the move to more complex frameworks (Angular FTW!) in the future.
Either way, awesome tool!
Was it worth learning? I'd say yes, it has a low barrier to entry and is great for practicing front-end development.
Meteor is a combination of handlebars, jquery, mongo, sockets, and a handful of other technologies. It can be hard to debug or develop unless you are familiar with those technologies. I think meteor would benefit from more transparency, make it clear which frameworks provide which features.
You will find more applicable documentation by searching "Handlebars Templates" instead of "Meteor Templates".
The threats that the TSA itself admits are non-existent? (http://tsaoutofourpants.wordpress.com/2013/10/17/tsa-admits-...)
The best I can see coming of this is that the TSA will start to ban braided leather belts and condoms.
Just short them out and throw them somewhere strategic. Takes all of a minute.
TL;DR: AXE body spray is super combustable!
I know this because my shoe fell apart a couple of months ago and one came out: I'd been through multiple airports with this on my feet and I think it's highly likely that a majority of people are incidentally carrying sharp metal blades because of this.
Huge crowds are already caused by homeland security theater.
Are they still taking water bottles from people and throwing these "dangerous materials" right into the trash next to everyone?
So anyone who has the money to charter a private jet is also able to carry whatever they want onto an aircraft, which illustrates the double standard inherent in most tyrannical systems.
There was also the people who were successfully able to get through with decoy explosives without a hitch, but this is much more whimsical.
People know what an AK47 is and they know it will kill what it is used on.
Power lies not in the weapon, it lies in what people think of the weapon.
Another thing, since 911 passengers most likely assume they will be killed whether if they cooperate or not.Certain death in a plane crash or possible death trying to take a terrorists weapon.
However it looks like they are relaxing that:
A bullet point list of materials, a paragraph of description, a few diagrams and an embedded video demonstration would be far more effective. A slideshow would also work well.
I apologise if this seems nitpicky, but as interesting as I found what you've done, I only watched half your videos because I found it so painful to sit through them. I doubt I am alone in this.
Could someone make a short montage of all the weapons firing/being detonated? Slow internet and a lack of weapon descriptions make for quite the frustrating evening.
However, I think that most of these things could be solved with a second screening. None of these options would pass a secondary x-ray, for instance. Or, a better option would be to have all items purchased in duty free to be shipped as luggage, and retrieved in the destination airport. Those would both be a huge pain in the ass, however, and I doubt anyone would put up with it.
One happy face is still a happy face. When you rate it 1 happy face, do you mean "I really don't like this feature, so I'm rating it the lowest I can, 1/5", or "I like this feature, it deserves a smiley"?
Case in point: positive 1-star reviews on app stores. " - This app is amazing!"
One suggestion: make the vote/check icon mechanism asynchronous so that it shows up as selected on the client immediately.
I really like the general idea of something like this, but a way to restrict by category or train it in some way would make it a lot more useful for me.
My recommendation would be to make sure the "Next" button never moves. Some really long titles cause it to get pushed down a bit and that gets annoying when you're clicking on "Next" at a fast rate.
I also agree there needs to be a little more information on the page because of the sometimes-indirect post titles. I find myself hovering the Amazon link to see the name of the book.
As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.
I can't see the banks being happy about customers cloning their own cards. In fact, it will probably be a convenient excuse for them to absolve themselves of all liability in the case of loss, theft, or misuse. Some, if they found out, might pitch a fit and close the account.
This also is going to pose a lot of problems when used with non-domestic cards, as they point out in their FAQ. It's possible to use an EMV-based card with just the magstripe, but it's a pain in the butt and the bank may well be aware that all your meatspace transactions are not using the EMV-chip. They may assume that your card is broken or (quite correctly) cloned and block it. A call from the fraud department may well lead to a fit being pitched.
From wikipedia: "Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process."  Oops, now your card is blocked.
Retailers might also get skittish if they figure out this isn't actual bank-issued plastic. They may well refuse it because of the risk of fraud. I would. I really wouldn't want to be running someone's cloned card, even if the cardholder was the one that did the cloning. In fact, it might jeopardize a retailer's merchant account if the acquiring bank found out the merchant were running cloned cards!
The best way to counter a bulky wallet is to not add bulk in the first place. How many credit cards and debit cards does one need to carry on a daily basis? I carry maybe two or three cards, some ID, my Oyster card, and a Costa rewards card that I use daily. I also have a backup wallet that contains a second set of cards in case I lose the first. The bulk of my wallet is receipts that accumulate, but even when I carried way more my life wasn't burdened by a whalelike wallet.
It'd also be a pain in the butt to use this with some rewards cards. For example, my Costa rewards card is swiped at the same time as I'm paying. Would I really want to fumble through pressing a button to find the right rewards card, give that to the cashier, have it handed back so I can fumble through pressing buttons again so I can pay? Certainly not, and even less so the impatient people in line behind me.
Sorry to promulgate the Hater News stereotype, but it's just too easy to poke holes in this idea. It has superficial appeal but I really wouldn't pay $100 for so many potential problems, especially as it would only make my wallet a few mm thinner.
Dead in the water - as much as I would personally like to see them succeed.
The biggest problems here are security.
() Merchants will hate it since there is no physical imprint / swipe of the bank-issued card. This will lead to chargebacks in favor of the customer. So this alone kills this company/product.
() Banks might change their terms forbidding customers to create digital copies / clones of their card. As per card holder agreements, if you (or Coin) has ever read one, you don't own your card. You're fully bound by the terms of the agreement.
() There is the issue of PCI-DSS compliance. They mention they're "in the process of earning" it but this is a lengthy, difficult and _costly_ process ($100 k). They're using a loophole to ensure consumer peace of mind but this won't last at all.
() Adding a card seems flawed. You're asked to take a picture of the physical card after swiping to "prevent fraud" ok but unless Coin uses some advanced image processing/OCR to validate the card with the swiped data, you can take a picture of any card. So big fail here.
() Coin seems to access a cloud service. Another major reason that this simply isn't going to work. If you've paid any attention to the NSA situation within the past 6-months, ordinary/average consumers (not the HN crowd) are becoming weary of cloud/hosted service. Not to mention, Coin will never ever work outside of the US (or San Francisco for that matter).
Practical usability problems:
() Most users are totally fine with credit cards and big wallets. It's actually empowering to them. I spoke to a guy who loves the fact that he has every color Amex card! So in essence, this is geared towards a micro-niche of tech savvy SF/NY/LA crowd.
() Selecting a card by tapping the button - great. What if the waiter taps the same button? Or someone you're paying does? So many issues with this button here.
"Weve designed the button to toggle cards in a way that makes it difficult to trigger a "press" unintentionally" -- yeah, well most of the time, credit card fraud is an intentional act. What a stupid response. And quite frankly, offensive to anyone with half a brain.
() The obvious issue of losing Coin and losing everything. People like backups. It's a mindset.
() Battery issues with digitizing a non-battery product (credit card). Be in no doubt that more than half of users will forget to charge their credit card (as if we don't have enough things to charge). So you'll see people having lunches and presenting a dead Coin. And since you don't have any plastic, well, now you're screwed.
Products are supposed to make life better, easier, more intuitive.
Conceptually, it sort of makes sense. But the execution is flawed in so many ways.
You're being sold a product that now requires more steps than you did before. And that is the killer fellow HN'ers.
I don't want to have to sync, take photos, select a card by pushing a button, make sure it's within range to my device, update the app when needed for it to work, deal with merchants who won't take it, CHARGE my credit card (!), deal with issues because I tapped/selected the wrong card - vs - take out and swipe. Done.
The product is inherently flawed
Their Echo card is exactly the same idea, with some minor variation in implementation. It has not yet launched.
As far as the concerns voiced here (accidental button presses, etc.), Chris Bartenstein, a Protean co-founder, has addressed some of that in the comments on this TechCrunch story: http://techcrunch.com/2012/08/02/the-protean-echo-reduces-al...
To me, this sounds like a big data play, except in this case the company is getting the user to cover the cost of acquisition. I imagine the actual cost of production on a card like this being well < $20 shipped (disclosure: I've been involved in shipping and starting up several physical products).
So now, I have something that collects and unifies data across multiple purchase vectors, sending that back to a single source. In other words, I've paid for the privilege of helping another company get the same sort of insight that mint.com was building, except that I'm also including loyalty data.
Colour me out.
Q. Can a Coin be used to skim cards? A. No. You can only add cards that you own to your Coin.
 Who am I kidding? I love being pedantic.
The product/fit questions have already been asked, but there's still this: Why is Coin taking pre-orders several months in advance just to raise $50k? I can't help but wonder why a YC company wouldn't just raise the needed $50k from investors?
If this is an attempt to test the market, are you sure that a crowdfunding approach is the best image for a financial company? I want any company dealing with my financial data to be rock solid and reliable, and crowdfunding is the exact opposite of that.
Also, why aren't you collecting shipping addresses? I read your answer in the FAQ, but that makes me twice as concerned. You say, "A lot can happen between now and Summer 2014. For example, you could move. To reduce confusion, well get those details from you once we get a little closer to getting you your Coin."
This is a problem for two reasons: (1) you are emphasizing that the ship date is far in the future, and (2) it comes across as though Coin is run by young founders who move around a lot and don't see value in long term planning. That's the wrong mindset for a company handling financial data.
If it is because of the "tradition problem", it's not much better than Square Wallet either: In more than one place I've been to the cashier was supposed to manually enter the last four digits of CC# manually for the transaction to get through. You'll have to carry a backup card with either Square or Coin.
I like the vision of completely ditching the credit card far better, and the marginal compatibility benefit does not seem good enough for this to get anywhere in its current shape.
Of course, things can change.
(BTW, wasn't Google doing the same thing with a physical card for Google Wallet and ended up abandoning it?)
Personally, I like the idea of using my phone over the coin thingy.
Also, I'm curious about how sturdy this thing is. Maybe it's my wallet or maybe I just shop too much, but I tend to wear out my debit card really quickly (< 1 year).
It won't be long before most swipe terminals are themselves augmented with wireless transceivers, making the "CoinCard" a redundant middleman-device. That is, your phone could just send archived magstripe details, after your onscreen-app confirmation of payment-intent, to the retailer's terminal.
Coin's real strategy may be for that world - the hardware will fall away like a first-stage-rocket at some point... even faster, say, than Netflix moved from DVDs-through-mail to pure-network-delivery.
I'm from the UK and EMV (Called Chip & PIN) has been around for years now. No-one issues non-EMV cards anymore, except perhaps for cards designed exclusively for use in ATMs. Something like Coin would not be possible and, frankly, I'm happy this is the case. While having to carry multiple cards around is not an optimal solution I'd much prefer this over the ability for my cards to be trivially cloned.
Aside from the security issues how would this work in relation to fraud with your card issuer? I'm not sure if it is different in the US but if you are the victim of fraud and you were not seriously negligent (i.e stored your PIN in the same wallet as your card) then the issuing bank will refund any money fraudulently taken/spent. Assuming something similar operates in the US, would using this service give the issuing banks a excuse to hold you responsible for fraud? I'd also wonder if you were breaking any agreements you have with your bank in relation to your use of the cards they issue you with.
As a consumer I'd love to have something like this but it will never fly. Stores will lose liability protection since there is no security. Unless they partner with card issues to provide some kind of secure card verification it will end up being banned by merchant agreements. No store in their right mind would accept it.
Or, maybe only allow switching within a foot or two of your smartphone.
That would eliminate the concern people have about where the waiter accidentally pushes the button and switches the active card.
And then really, while I'm dreaming....I just want my phone or an app on my phone to deal with paying because carrying around a card just feels so 2000s.
This is a slick implementation, though.
I'm also more worried about actual merchants refusing to take something like this.
Here's how it works. Users register their cards on the company Web site and upload the information into the iCache. When they want to use it, they activate the device with a fingerprint on its biometric strip, scroll through a list of cards on its screen and choose one. Out pops a plastic card with a magnetic stripe, temporarily loaded with the chosen card's data. Just swipe the card and pop it back into the iCache. After one use, the information on the card disappears. The device even works with loyalty cards, such as those handed out by supermarkets.
The hardware technology is certainly more advanced, but I'm of the opinion that the true endgame is going to be a scannable or NFC "card" stored entirely on the user's device (ala Passbook), not using a physical middleman.
Ideally, it'd be something like:
* Entering your key keeps exactly one card decrypted for up to 2 minutes* Changing cards requires a reentry of the key
You could even go crazy and do things like allow different cards to have different passkeys. Not sure how useful that would be though
At the time of account creation, create means by which both the web site and the user can prove unequivocally at a transaction later, that they are the same person who was there when the account was created.
Nothing about "who" they are, or "what" or "where", but just that the person or entity doing this transaction right now, is exactly the same as the person who created the account.
One more thing that crossed my mind is, what happens if you give this to the waiter, the waiter goes away to handle your payment and it happens to be outside of reach of your bluetooth ping; then you will most likely become worried that the waiter ran away with your card, or you will start ignoring it when it notifies you that it is outside of reach.
While talking about the waiter, what happens when the waiter accidentally clicks the "change card" button and takes the personal lunch on your business card? You might not notice until it's too late and people start asking questions..
The first one I ever heard about was back in 1999, PocketVault from Chameleon Networks. They lingered with a website that was updated every couple of years promising a release soon.
Next came the iCache. That one did a Kickstarter and actually made it out to market... sorta. I have one, but the company ran into huge manufacturing issues and folded under very odd circumstances.
A few others I've kept an eye on are:
Dynamics, Inc. Card 2.0 -- Was supposed to come out with exactly this product.. ended up doing a very reduced feature set that lets you just select A or B rewards.
Protean Echo -- Same concept. Originally promised 2013 but recently updated saying they weren't ready yet.
There was another that was a similar concept company/site, but I can't find a link to it or remember the name at the moment. :/
There is also a recent company that had a successful Kickstarter: Loop. Rather than a programmable credit card, they are hacking the magnetic readers themselves by making a mobile phone case or dongle that emits a magnetic field that tricks the reader into registering a card swipe. Pretty neat stuff to compete with the struggling NFC solution, but unfortunately, it isn't 100% compatible with all swipe readers, and totally incompatible with dip readers.
It also appears that the Coin is programmed over Bluetooth. Why bother swiping to steal when you can run a smartphone app and take all of the cards on all of the coins in range?
If this takes off and fraud goes up, credit card companies will drop the discount vendors currently get by swiping. Maybe vendors that currently swipe will start entering CVVs? Will Coin then start storing CVVs per card?
Vendors might refuse to accept Coin in the first place (there's already a comment here from one who won't). Or credit card companies will have Coin outlawed as a counterfeiting tool. I can see how this seems like a good idea, but I don't think it will work out.
* Coin is in the process of earning a PCI certification. This should have been done before launch. Also, what level?* Coin uses 128/256bit for security but HOW and WHERE?* Coin essentially skims cards (through the reader) to playback for terminals. I don't see how they can say with a straight face that it is less susceptible to the same techniques.* Adding what are supposed to be funny Q&As to a FAQ trivializes what are supposed to be important questions for people thinking about using this.* I understand the love of "the cloud" but I wish people would also consider scenarios for a disconnected model. These are solutions that do not necessarily require a full time connection.
I could see using this for pre-paid gift cards but not for my actual credit cards.
I would maybe pay $50 for the beta card because I think it's super cool and I love trying new tech, but definitely not a price point I would pay to solve a problem that is hardly a problem at all. (to be fair, this might be one of those problems that you don't realize how bad it is until you solve it.)
I can't see myself paying more for this than I would spend on a wallet, which is less than $20.
Just having to enter a pin in Australia is going backwards.
Coin could even take this idea one step further and allow you to store your credit card, but when you swipe their card it provides the merchant with a randomized credit card number useful only for a one-time purchase. Now that'd be cool.
However - if you're looking for the future, I think I've got something interesting - feeless payments bank to bank by oAuthing consumers directly into their online banking. Completely secure - merchants never get the personal information, they just get paid. Better: I've built it, and we have beta customers. I'm posting a couple comments on HN to start the conversation, because anyone who cares about payments or accepts them online - I'm trying to talk. You'll be hearing more from me in the coming weeks and months - and it's going to be exciting. We're going to kill credit card fees, because we don't need them anymore.
If you want to talk, email me @ email@example.com and let's just chat. I'm not selling anything - we just need to know what hackers are thinking about payments. It's the most valuable info we can have.
That might not end well. But I guess that has been an open security hole for a long time now, hopefully has been addressed.
What happens when merchants/banks start offering the ability to make purchases using your smartphone? Doesn't that render this product obsolete? (if I'm not mistaken, you need a smartphone to set it up)
i really would love to see a one-card-for-all tho that supports chip + nfc, but my understanding is that card issuers are eager to ensure that this will not happen.
If this happens with Coin then I guess I'm screwed and embarrassed.
I agree wholeheartedly - the idea is good
It would be useful for things like gift cards and reward cards - but is it worth it for that?
Though it only supports a maximum of 4 cards, at scale it would cost ~500x less.
I call it "penny." Here's my prototype: http://imgur.com/49auKC4
(reposted from https://news.ycombinator.com/item?id=6733584)
Question: what kind of BLE technology goes in a card that thin? Looking into some applications of BLE myself and I haven't seen anything like that. I'd love to know what's in the card and how I could build a similarly small bluetooth device.
I have 2 cards, only one is actually credit, but that's because I am expat, so I still keep one card from my home country.
Someone mentioned owning 16 or 9 cards, which sounds so unbelievable to me.
Q. Which is better; Tiger or Monkey style Kung Fu?A. Depends on the terrain.
If you're a photo sharing / blogging app, sure that kind of tongue in cheek humor is okay and acceptable.
However if I'm supposed to give you access to my credit cards, that is entirely unacceptable.
>A. Your Coin account is password protected and the mobile app requires that you type in your password before you can access sensitive card details.
There is no way in hell I would trust a single password to protect all of my debit, credit, loyalty, or gift cards.
Moreoever, I'd rather have my smartphone do it all, and by all I mean all: cc, id, insurances... Most places I care about now accept IC cards and RFID, which means I should be able to pay directly by pointing my phone at something while punching an sending a encripted 4-digit pin.
Using Google Wallet, Paypal, Square and others would be even better. It's coming and the pace is just accelerating...
Have a good one!
Does this happen to anyone else? It has happened with the last two wallets I've owned.
Q. My souffls keep collapsing! What can I do?
A. In order for the meringue to peak properly we suggest adding a little lemon juice to the bchamel. This strengthens the mixture and prevents tragedy.
Alas, I'm afraid that kind of disruption cannot be brought forth in a market context...
Sorry, but I really don't see what this is saving me/doing for me? Whats the problem this solves?
If I have to use this card, do I also have to have my cell phone with me all the time? If I go downstairs to get a Bagel in the morning, I need to take my phone, or else no Bagel for me? And it seems from the "Iphone will alert you using Bluetooth" facility, that I need to have Bluetooth on all the time, which I normally do not, to save battery life (adds an hour or so on my Iphone4). To me this is a functional gridlock.
Does it also need to be connected to some data network or the other to work?
If I lose this Coin card, then is it same as losing all my cards? If my assumption is true that this needs to be paired with a phone always, then will it not be possible to nullify the card, using the app on the phone, in case I lose the Coin card?
Sounds cool, then you think about it, then it turns out pretty useless if they don't partner with everyone.
The demo is very, very good though. Nicely done.
So the card would be like Coin's but would have fixed credentials. Then when you open an account you'd provide your ID for the bank to register (or sign the registration with your public key); that account would be added to your card as an option.
But this changed after the CIA got their hands on the technology through in-q-tel acquisition of the french company gemplus then world n1 company in the business. Then cards with chips were coming the US and it was expected for the rest of the world to get backdoors with their US issued chip cards, years later the french government finally bought back control of the company but way too late.
Now that they have the technology, I'm surprised the switch has not happened yet, even more so since cloning and other kind of fraud is quite easy with magstripes (not that it is that much harder with chips, see yescards).
The coin introduced here seems anachronistic to my european eyes which have not seen a card being swiped in the last 30 years and a great opportunity for fraud. Better use than reducing the number of card in a wallet is obviously to charge other people for your expenses by cloning their cards.
U.S.-based customers: Coin will work overseas, but we recommend that you bring a backup card when you travel.
Customers located outside of the U.S.: Coin does not support EMV yet. If the country you live it requires it we recommend holding off your purchase for now."
Found this in FAQ
As a consumer I have a few suggestions:
1. Make the card switch/activation button detect the fingerprint of the owner. (The merchant or waiter sliding the card could press the button accidentally and switch to a different card)
2. Show me that a tap-scanning tool can't take the data for all of my cards. (from hackers to accidental taps)
3. Can a magnet disable this card?
4. What happens if someone steals my coin? Can I disable it remotely with the app? Can it happen automatically?
Needs chip support for Canada and perhaps the rest of the world.
Where can I sign up?
And referral: https://onlycoin.com/?referral=lvCn3taaplease use it :)
I just wish my phone did all stuff related to money.
However this feels like an awkward stop-gap between the current card-payment system and online payments. I don't want to give a waiter a piece of plastic and get a little paper receipt back, give me some kind of abstracted account ID and I'll transfer you the money from my phone/laptop/smartwatch/glass (/whatever we'll all have by the time a new payment method is sufficiently penetrant to be useful).
Now if you could get my phone to be as slim as that Coin that would be pretty sweet too.
The problem is that in Finland there is very few places that uses the "swipe" your card and sign method anymore. Back some 2-3 years ago it was a custom, but for security reasons (anyone can swipe a stolen card and sign it, the law does not require an ID unless the amount being paid is over 100 euros) it was abandoned and now you simply enter your PIN and that that.
Im not sure about other countries, but atm this is the norm in Finland.
I know this oversight can happen and it sucks, but the two are in the same industry (Macquraie has a global presence and quite a substantial US one), so it might come under some sort of copyright infringement. Just a heads up!
of course with the exception of it altering you if you left it at home, however that is a bit creepy, and, well let's just say I won't be getting a coin for my wife anytime soon
I'm pretty obsessed with keeping the wallet light & thin - this seems to help out with that.
I wonder if this could potentially store other cards in some way as well? Gift cards etc - would be super convenient.
Incredible to squeeze that much tech in such a thin form factor - would love to see the internal hardware
That would mean the company gets a log of all transactions.
What a product, I love it, and I love this guy's quirkiness. Love. Love. Love.
At $50/card, with anywhere from 5 to 15 cards, it quickly adds up...
however, $100 is way too much for what is basically a very minor convenience. $50 is too much. For $20, I'd consider it.
from a business perspective, I wonder if they have deals with the banks. I wouldn't be surprised if they get slapped with some cease n desists just because the megabanks want their shiny pieces of plastic on display at all times.
I'd much rather have my financial data stored on my phone as I keep the device encrypted and can erase it remotely.
It's great to see that someone actually brought this to life!
There is a huge window of opportunity in the altcoins market right now.
I know of an alternative that I bookmarked a long time ago. Have just submitted a link to their landing page, they're practically doing the same, but allow more card types to be fused and it's a mini-computer. They were on the market much earlier than Coin and it looks very prestigious & elegant.
The alternative card can be found here: https://news.ycombinator.com/item?id=6736606
(A post, because I'm curious how the Echo is worse or better, without interrupting the Marketing of the Coin, on this board)
I am not sure how to think about this in general, but @nlh has really good points. I agree with him that he needs the imprints, but to be honest, those imprints don't guarantee security.
First let me say that I am pretty sympathetic to Hammond and Swartz (though I think their actions were totally different). I am sympathetic because I've been in Hammond's shoes actually. I had my door kicked in when I was 15 for things I shouldn't have done online.
What Hammond has said here really bothers me for two reasons. The first is that he attempt to conflate things that are not equal in any way. Swartz may have had a "legitimate political cause" but he sullied it (in my opinion) with illegal activities. Anonymous may also have a legitimate gripe but their actions were illegal and Hammond is now paying the price. That's how it works. It is wrong to act as if you somehow should be looked at differently by the law because you had a "legitimate political cause."
Also, it's really not fair at all for Hammond to compare his situation to Swartz. The damage done by what Swartz did is nothing compared to damage and potential for real harm with what Hammond did. Maybe I'm alone in this but I think that is an asinine comparison that does Swartz's reputation a disservice.
At the same time, I wonder at what seems like a tone of surprise about the outcome. What he did is not materially different from breaking into secure offices and stealing copies of private documents. Apparently he or others working with him also made donations in the order of millions of dollars using stolen credit card numbers from this hack. His punishment should be of the same order as someone who did those things. Political motivation is not a get out of jail free card.
Presumably he knows this and the emphasis in this direction is the work of the article's author. Or maybe I'm picking up on something that's not there.
Part of Sabus interest in him, he now believes, was that Hammond had access to advanced tools including one known as PLESK that allowed him to break into web systems used by large numbers of foreign governments.
He did a significant amount of damage to a legitimate business. Some people seem to hate STRATFOR, without articulating any reasoning for feeling that way, other than using certain triggers for up votes, "government," "CIA," "evil," etc.
The files posted to Wikileaks largely showed them to be a surprisingly competent private forecasting company. The outcry over telling an attractive intelligence collector to use her looks as a means by which to get people to be more pliable? Welcome to the real world. Sex sells, and it also buys.
Many subscriber's identities were stolen in the process. My personal information was leaked, and it was difficult and costly to deal with. Some will never be able to fully undo the damage personally done to them by Jeremy Hammond. I'm not sure how his actions bettered the world, or even sought to.
Activism is valid, and a discussion of hacktivism as a form of civil disobedience that can effect necessary change, would be welcome.
A guy who selected a target while being almost completely ignorant of the work they do, a guy who, rather than going to some effort to minimize collateral damage, actually worked to inflict as much collateral damage as possible, is not a hacktivist, but a criminal, and a pretty inconsiderate criminal, at that. Doing harm for the sake of ego isn't hacktivism, it's mayhem.
I'm OK with people like that being segmented from civil society, no matter how just the cause he thought it would further. If a guy walked around keying cars in the parking lot because he wanted to achieve world peace, I'd respect his desire to achieve world peace, but also want him prevented from doing so again until he demonstrated some understanding and therefore the necessarily resultant remorse.
I subscribe to STRATFOR's informative, insightful, and apolitical news service, and think most people who wax lyrical about how evil they are probably don't, or they'd realize they tend to write things like "Germany's Problematic Trade Surplus," or "Colombia's River Revitalization Plan."
A hacktivist picked a bad target and sought maximum collateral damage of innocents. People like that need to demonstrate that they understand why that's incompatible with living in a civilized society before they get to sit at the big kid's table again.
I'll get down voted for this, but if Jeremy Hammond still thinks the same way when his 10 years are up, he will have been released too soon. Sometimes prison is about rehab and reform, sometimes it's about damage control.
edit: wrong word
Like morally wrong? If you think the law is bad, what is morally wrong about breaking it and saying "I understand the law, but I don't think I should be punished for this act"? That's what civil disobedience is. I can understand if you think it's stupid, or if you think the justice system should ignore those people, but I don't understand what morally wrong about it.
Could somebody please tell me there's another kind of PLESK beyond that which is shat forth by Parallels?
Edit for below: oops! liberty indeed :)
> ... he saw quotes marked CW for co-operating witness ...
"Confidential witness", that is.
"CI", short for "confidential informant", is also commonly seen in similar documents.
Disclosure: I'm a subscriber, and have been for a number of years now, and find most of the Stratfor-bashing that inevitably (and predictably) happens in these discussions to be void of any understanding of what they actually produce. So, please read up and then tell us why the fact that he attacked a private forecasting company somehow makes his sentence unjust.
When you look at insurgencies you start asking, it feels horrible to say this, what a life is worth to a cause. If the insurgents take out a couple of soldiers but lose a bomb-maker then they've done poorly on the exchange, if they take out a general or political figure but lose a few dozen suicide bombers they've done well.
Some lives are more valuable to a cause than others.
Here someone relatively smart, a high value target so to speak - though apparently not overly skilled in opsec, has been taken out of the game. That's a win for the powers that be, and perhaps helps to explain the punitive nature of his sentence. Anonymous has a lot of people who turn up in crowds, but we don't hear about them having a lot of high-quality hackers.
There are people that it makes more sense for them to sacrifice. To have the attacks that these people do executed by someone other than the people capable of making the tools in the first place.
They could do everything through encrypted channels, that could be made largely immune to traffic analysis, with the sort of really fluid cell structures that would facilitate. Just the first idea that springs to mind: uploading an encrypted steg'd message as part of a lolcats image on reddit that thousands of people are going to download - the noise to signal ratio would be enormous.
But then, insurgencies - in general - do a lot of things that don't make sense when taken purely from the perspective of their cause. I wonder how that sort of approach would interact with the social dynamics of A, how they'd find people who were up for it. Whether that's more what we're going to be looking at if A gets to mature as an organisation or whether their largely ephemeral nature excludes that sort of distribution of risk.
Everything went fine until I put in an invalid treasure value which apparently caused some random memory locations to be modified, corrupting the game. Unfortunately, game state was written back to the same floppy disk that holds the game itself, rendering the game unplayable.
Fortunately, I could borrow a second floppy drive, borrow an uncorrupted copy of the game, and repair the game with a disk-to-disk copy. Unfortunately, I plugged in the disk drive connector crooked, sending -12 volts into a chip on the controller board that didn't want -12 volts. The result was a "pop" and a disk controller that no longer worked. Needless to say, my father wasn't happy.
Finding the problem was easy - it was the chip with a square hole blown out of it where the silicon had vaporized. Unfortunately getting a replacement chip wasn't easy when you live in the middle of nowhere. So I built a replacement circuit on a solderless breadboard and wired it into the controller board, and everything worked fine until I could get the proper replacement chip.
TL;DR: cheat at games and you will be punished
Anyway, one day a long time after that, I was playing this new mod for Half-Life called Counter-Strike. It was fun, and I had started learning C and about OpenGL to understand a bit more about how HL worked itself. But on this day I saw a guy just running through de_dust getting tons of headshots. Watching his camera, it seemed he had superhuman aiming. Comments about cheating flew, and this was long before the game was infested with cheats. He also seemed to know where everyone was. How?
A few hours later I discovered he was using a cheat called ViperG. It along with another cheat called XQZ were the only known public cheats at the time. ViperG was open sourced on a forum called clientbot at the time. Since I was learning C, I was actually able to read the code. Back then, HL only imported mod client function implementations using DLL imports, so you could write a DLL that exported fake client functions while also importing the real ones from a renamed client.dll, which let your cheat intercept all of the client API calls. Most in ViperG were just pass throughs, but one would gather entity information from a drawing API and another would draw some text on the screen in a HUD update API, etc. It was almost no code but it rendered little '+' signs on every player through walls and would let you automatically aim at their heads. Crazy.
This is when I realized that I could actually take software people had written and break it to make it do whatever I wanted, and that's when I feel like I really started learning things. Understanding how programs ran on my OS and learning how to reverse engineer came pretty rapidly. XQZ was closed source but had some really nice features, so I'd reverse its gl function exports and figure out exactly what it was doing so I could replicate them in my own cheat.
Doing what the author did here for modern MMOs can actually be a very difficult exercise, even for seasoned reverse code engineers. I've done it for several games, essentially reversing the entire netcode to write cheats that automate client actions, and there are all sorts of ridiculous traps I've seen to prevent you from doing so. One game even went so far as to require you to parse a terrain file and send the cell ID of your movement target in every movement packet, along with the absolute coordinates. This was slow as an iterative find process as a map had tens of thousands of triangles and you'd be sending these quite often, so naively you'd just loop over each triangle and check if your target coordinates were inside of it. This gave me a nice introduction into quadtrees and other algorithms that can make this operation asymptotically much faster. Yay learning.
To this day, I can only play a game so much before I get an overwhelming urge to break it. I think that despite the stigma of cheating, it's a great way to learn. It's comparable to taking something apart to see how it works and change it around a bit. Just don't take it too far and ruin games for other people.
Unlike later games, it was possible to keep leveling up and making money by farming only instead of inviting friends. Plow fields, plant crops, and then harvest them hours later -- repeat as fast and as frequently as you can. TONS of tedious clicking. Of course, I wanted to automate it, and I wasn't alone. Searching around, I found a Perl script that someone had written and I adapted it for my PC.
I just fired up Farmville, and here's what my farm looks like: http://i.imgur.com/nrtkitJ.jpg. It's almost all crops (maximize $) and it requires the farmer to be trapped within hay bales. Otherwise, he walks to where you're clicking and can sometimes get in the way of the click. It would mess up every now and then, but was fairly reliable -- just run the script and let it do its thing for a few minutes. The trick was to flip the game into full screen mode, zoom all the way out, start at a known (x, y) position on your screen's resolution, and then loop through all crop positions by incrementing/decrementing (x, y). Only slightly tricky because of the isometric view and avoiding clicking on some non-crop positions. Picking the right crop was important too, to maximize yield. I just wanted to do two runs a day: first thing in the morning and then in the evening when I got home from work.
I moved up fairly quickly and quit when I beat all of my friends. Got some jeers from those who thought I was actually playing Farmville so much, but had a few requests for said script ...
One of the things that kept people from snooping around was encryption. All communication went to 1 vaguely named endpoint with 1 parameter, which was a an encrypted list of the parameters and the action to take. This will deter some, but not others.
At the start of a game, the client had to contact the server for a key. This changed each time you played. Any score submission required this key - if it was wrong I ignored it. Only 1 score submission per key.
Note that you have other useful information now: you know how long they were in game to get their score. I flagged scores that were abnormally high for the time it took to get them. I would then review them, and based upon their score history hellban them - they could still play, but no-one saw their high scores except themselves.
If Candy Crush did something similar, they would likely catch you. You wouldn't even know until you gloated and your friends said they can't see your score. Some people who got hellbanned would contact me, and I'd give them a free pass.
Of course you could cheat and get a normal score in a normal timeframe, but I didn't care as much about that.
Beyond trying to thwart cheating, I'm a big fan of cheating in games myself. It's part of why I enjoy eve online so much, because they encourage the usage of 3rd party tools more than any other game I've played.
The most extensive thing I've programmed for cheating is probably a custom MUD client to facilitate multiplay. The clients report to eachother information they know. All clients keep the state of the group and the things I'm fighting. They also keep track of which client can do what, so I can type into any client that I want to heal someone and the program will figure out which client is able to do that, and tell it to do so.
18 U.S.C. 1030(a)(4)
Whoever(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period . . .shall be punished as provided in subsection (c) of this section.
"Protected computer" in this context means any computer that is connected to the Internet. And the value obtained would be unlimited use of the game, which would normally be a limited. True, that last part is up for debate, as it is possible to play the game without paying, but I wouldn't want to be forced to argue this in court...
I wrote it up here: http://timotheeboucher.com/on-writing-laconic-error-messages... but the gist of it was that their score submission endpoint required a checksum, but the error message if the checksum was wrong was:
<Response type="error" reason="Checksum failed (ext_csm = cc7ae8d3d26d911f9d6e6178d93b9fc0, int_csm = c1f19e476622b8df7f830ee0c45df533)" server_ver="1.0"/>
Step 2: Starbucks Marketing advertises 'Unlimited Candy Crush lives at Starbucks!'
Step 3: Profit! Well, assuming all of the squatters actually buy stuff.
Game piracy used to mean stealing the game. Now 'piracy' is getting extra lives.
Based on the "seed" going back and forth at the start/end of games, I'd have to assume that they are doing something with it. Anyway to see if that's happening?
I expected a similar "hack" with Candy Crush, and was surprised by how "high-tech" their solution is. Good stuff.
The most interesting part was the way they decided to do the random generation of letter tiles. At the start of the game, each client was given the same PRNG seed (in the case of Words with Friends, the PRNG was a Mersenne twister), and when tiles needed to be drawn from the bag, instead of having the server tell you what tiles you received, you would use the preseeded PRNG to randomly draw your tiles from the available pool.
Of course, as your opponent is also doing this with the same preseeded PRNG, this also allows you to determine what tiles your opponent has, and what order the tiles will be drawn in for the rest of the game.
source : http://fugiman.com/blog/2013/08/17/on-click-fueled-javascrip...
But luckily in the EU the European court for human rights should stop such stupidity in its tracks.
After 10 days i was number one in the rankings. Scores and amounts of $ was so large that the iphone app was starting to bug... Of course it does not work anymore.
The only winning move is not to play.
Whats this? It looks like we can just tell the game we finished a level, without any other hassle
The single environment HTML5 showcase is also often supported by another development team who is actively trying to support their specific use cases; Microsoft with IE/WinJS, Mozilla with Firefox/WebOS, Sony with a PS4-optimized WebGL implementation, etc.
When the big players hit roadblocks during the development of something as high profile as their UI for their next-gen console, the browser can be changed on-the-fly to overcome them. That option isn't available to the rest of the world, and "audio doesn't work like we need it to" being a solvable problem can certainly influence whether or not you believe HTML5 is a suitable app platform.
EA's open source initiatives almost all use an embedded webkit lib/browser to render UI content (some also use Scaleform (flash) -- skate 3 uses it a bunch).
Back in the day EA did this more often, they also had an EASTL for game optimized STL containers/usage: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n227...
When WebView on iOS and Android finally get WebGL support ( what's taking so slong?!!?), native app development with native SDKs will plummet.
WebGL is the natural next step.
So, why didn't they use just native GL code? Because of sandboxing limitation?
(At least to someone stuck doing LoB/ERP work and CMS development.)