hacker news with inline top comments    .. more ..    15 Apr 2014 News
home   ask   best   5 years ago   
Heartbleed disclosure timeline: who knew what and when smh.com.au
97 points by dctrwatson  2 hours ago   53 comments top 8
mindstab 2 hours ago 3 replies      
I still like how these timelines are all about the big tech companies and not about governments, services and banks etc. These are arguably where some of the biggest risk targets are actually at (see today's post about Canada government's Revenue Services (tax agency) loosing people's info to heartbleed).

We probably need a stronger web security system people can be on. Also some of the blame falls to the big companies, banks, telcos etc themselves, I mean who wants to report security flaws to Telcos in a world where they then turn around and instead of giving you a $15k bounty, send you to jail like Weeve. And ok that's not the best comparison because he went well beyond discovering and did exploit as well. But none the less, some of the big corporate world need to clue in and get more friendly with tech rather than hostile, because right now they don't have a very good reputation and so then tech leaves them out in the cold. Did anyone think about notifying telcos and banks much? or just other big tech companies.

unreal37 1 hour ago 3 replies      
Has anyone asked how two security researches supposedly found the same exact bug (that's been in the code for 2+ years) within days of each other? How likely is that?
ithinkso 31 minutes ago 0 replies      
I wonder how one should proceed (if not working for any of this big tech companies) when one discover as critical bug as heartbleed?
jdubs 2 hours ago 1 reply      
"CloudFlare later boasts on its blog about how they were able to protect their clients before many others." I wonder if some companies will boast to potential new customers regarding their relationships with vendors that will offer them advanced patches on critical issues such as heartbleed. Kudos to their opportunistic marketing team, but I hope this trend does not continue.
protomyth 2 hours ago 2 replies      
How did Facebook get prior word but not Instagram?

I worry that Amazon wasn't given prior notice according to the timeline.

rshm 1 hour ago 1 reply      
I wonder instead of notifying to select few parties with an embargo, if it would have been a better handled by releasing an encrypted sources with documentation containing the url to high availability server containing keys that serves only after pre-defined point in time. And documentation on integrity verification, accessment of the source changes and implications on other softwares using openssl.
marcins 1 hour ago 2 replies      
How does it happen that after being in the wild for two years the bug was independently found by two different security researchers at roughly the same time? I'm not trying to suggest a conspiracy or anything, just genuinely curious how that works!
johnvschmitt 1 hour ago 1 reply      
There are many hackers who do not reveal their exploits.

This is an overly optimistic account of who knew what when.

And, how can we protect? Patch? Yes, that's necessary, but not sufficient. We have so many other protocols we rely on that are fragile & intercepted. Self-censorship sucks, and can't possible protect everything either. What to do?

Kernel 101 Lets write a Kernel arjunsreedharan.org
201 points by slashdotaccount  5 hours ago   60 comments top 12
akkartik 1 hour ago 0 replies      
I got this running on qemu by cannibalizing a tiny bit of code from xv6 (http://pdos.csail.mit.edu/6.828/2012/xv6.html) to replace the GRUB dependency. After cloning and building mkernel according to its instructions:

  $ git clone git://pdos.csail.mit.edu/xv6/xv6.git  $ cd xv6  $ make
Now you should be able to run xv6 by itself:

  $ path-to-qemu/x86_64-softmmu/qemu-system-x86_64 -serial mon:stdio -hdb fs.img xv6.img -m 512
To run mkernel on qemu, we'll replace xv6's kernel with mkernel's:

  $ dd if=/dev/zero of=mkernel.img count=10000  $ dd if=bootblock of=mkernel.img conv=notrunc  $ dd if=../mkernel/kernel of=mkernel.img seek=1 conv=notrunc
Now you can boot up the mkernel.img rather than xv6.img:

  $ path-to-qemu/x86_64-softmmu/qemu-system-x86_64 -serial mon:stdio -hdb fs.img mkernel.img -m 512
(Based on xv6 at hash ff2783442ea2801a4bf6c76f198f36a6e985e7dd and mkernel at hash 42fd4c83fe47933b3e0d1b54f761a323f8350904. Ping me if you have questions; email in profile.)

bebop 3 hours ago 0 replies      
This is a great resource for anyone who would like to take this further: http://wiki.osdev.org/Expanded_Main_Page

In particular, setting up interrupt handlers, paging, and getting a PIC setup is pretty neat.

mbillie1 4 hours ago 1 reply      
Very cool. I personally (as a developer without a CS background) find these sorts of posts wonderfully interesting, even if this kernel, as pointed out in this thread, lacks a lot of what a normal kernel does. I'd love to see one of these for a compiler!
ahelwer 5 hours ago 1 reply      
Neat read so far! Not done yet, but I think I've found a small error in kernel.c: the attribute byte of the characters in "my first kernel" should be set to 0x02, not 0x07.

edit: I misread. 0x07 is intentional, 0x02 was mentioned as an alternative. Good post!

boulderdash 4 hours ago 1 reply      
If anybody is doing this, let me share some words of advice based on experience.

Please use a virtual machine instead of doing this on your primary machine.You eliminate the risk of messing up your machine. Also, if you setup the VM properly, you get a debugger.

AdrianoKF 4 hours ago 1 reply      
Looks great, will keep an eye on this!

I also really enjoyed James Molloy's OS kernel development tutorial at http://www.jamesmolloy.co.uk/tutorial_html/, which takes you from "Hello World" to some real toy OS kernel implementation.

kyberias 4 hours ago 7 replies      
I'm not exactly Linus Torvalds but I'm pretty sure a program that prints one line of text is not "a kernel". :)
dkarapetyan 4 hours ago 1 reply      
I really like the new HN. Quality of articles is way up.
aaren 4 hours ago 2 replies      
Can anyone give me an idea how much different this would be for 64bit? Do I just change the nasm directive to `bits 64`?
zenbowman 4 hours ago 0 replies      
Looks great, looking forward to dive into this.
acomjean 4 hours ago 3 replies      
Why C?

I'm just curious if another language can be used. (c++, go, rust).

aortega 4 hours ago 3 replies      
Great! except that to be called a kernel it's missing just a process manager, memory manager, filesystem, process separation and hardware abstraction. Yeah I'm that guy, down vote me as you wish, the article is still wrong.

It's a way to load a ring-0 application into grub. Pretty cool, but not a kernel.

Welcome Kat, Yuri, Patrick, and Elizabeth ycombinator.com
163 points by sama  5 hours ago   19 comments top 10
zt 4 hours ago 1 reply      
I don't know Elizabeth (sure she's great), but the other three are amazing and always quite helpful.

Kat's been an amazing connector both within the YC community and in supporting applicants. She's connected me with some potential fintech applicants, which I think is a great way to leverage alums.

We met with Yuri a few times before he was a part-time partner and he was quite helpful and encouraging. We're in the enterprise space and he told us to just keep fighting the long-sales-cycle fight. That advice came at a critical moment where we really needed to just keep going through the slog.

I haven't talked to PC much since leaving Stripe but he obviously build a great company and culture there that I really enjoyed. He's going to be an amazing resource for YC companies.

far33d 2 hours ago 6 replies      
I don't understand how the CEO of a high-growth startup does anything at this level of commitment outside their existing jobs.

I barely understand how CEOs do even the one job.

jypepin 4 hours ago 0 replies      
I remember debating with friends a few years ago about how YC is helping startups.The conversation was mostly about what is more important, "PG time" or "Network effect".

With batches growing more and more, we kind of agreed that PG is not scalable and so that "Network effect" was slowly becoming more what companies were getting out from YC vs the "PG Time" they used to get in earlier batches.

Since, I've seen so many quality folks added to the team, I feel like the "PG Time" (which now is not only PG but all the partners) is becoming again more important than the network effect, and it's amazing.

Founders must be learning SO MUCH now going through YC...

congrats on that!

gregschlom 2 hours ago 0 replies      
> Several founders from the most recent batch went out of their way to tell me how much theyve liked working with [Yuri Sagalov].

After 2 years working with Yuri and Weihan at AeroFS, I second that :)

tptacek 4 hours ago 0 replies      
I hadn't realized that Patrick was part of Auctomatic. Huh.
derengel 4 hours ago 1 reply      
As someone who lives outside the U.S, can someone explain what does making him/her a partner means in this context?
brandonb 4 hours ago 0 replies      
Congrats all! A stellar batch of folks.
mathattack 3 hours ago 0 replies      
The depth and breadth of the YC partner community is astounding. They keep building from strength to strength. I've always viewed the weakness of the model as talent - it's harder to scale people than money. So far they seem to be relieving PG as the bottleneck pretty well. Let's see if they can keep the quantity of good entrepreneurs from being a bottleneck too.
jameshk 4 hours ago 1 reply      
Can YC company's get office hours with Patrick?
razvanr 4 hours ago 0 replies      
Well deserved! YC is better for it.
Etcd The Road to 1.0 coreos.com
35 points by bmizerany  2 hours ago   3 comments top
argc 47 minutes ago 2 replies      
Is there any benefit to using coreOS when you don't need a million machines? How much work is it to start with, for example, if you have no idea what your scaling needs will be in the future?
Show HN: A Customizable SoundCloud Player Built on the Web Audio API and d3 toneden.io
13 points by elsbree  49 minutes ago   8 comments top 6
graedus 4 minutes ago 0 replies      
Looks really nice. Am I blind or is there no volume control? Is there a reason you chose to exclude it?
rbaud 3 minutes ago 0 replies      
Nice work, Tim!

Just a heads up: the D3 visualization doesn't seem to be working in FF28 on Win 7.

timthimmaiah 44 minutes ago 1 reply      
Tim from ToneDen here. You can check out the full repo and documentation at https://github.com/ToneDen/toneden-sdk.

Let me know what you guys think!

shamsulbuddy 16 minutes ago 0 replies      
Mixture of Webaudio API with D3 is awesome , liked the themes as well .. good work :)
dalur 44 minutes ago 0 replies      
This is a beautiful player, and fast too. Thanks for open sourcing it. Great job!
rubyalex 46 minutes ago 0 replies      
This is awesome!
Why 9:41 AM is always the time displayed on iPhones andiPads tuaw.com
163 points by anderzole  6 hours ago   58 comments top 14
raimue 5 hours ago 3 replies      
HTC used to have an iconic clock on their Android handset, for which they always used 10:08 in marketing materials.

This probably stems from a tradition in advertisements for analog watches. They are usually set to some time between 10:08 and 10:10. Not only is this setting symmetric and therefore pleasing to the eye, but also any printed brand name is clearly visible and unobstructed.

205guy 5 hours ago 1 reply      
I think the article missed some very interesting aspects of this story. First of all, why bother setting the time in the first place? I think it's because having many different times in different ads/websites/docs looks sloppy. There's also the chance of someone working late (2:00 am) or having a strange time such as 20:02 or 11:11. These are very minor but could be distracting in high-profile ads or consistent docs. Much simpler to just say that all time displays will be a simple 9:41 (time 0 in the age of the iPhone, essentially).

I would be more interested in how they implement this. I assume there is an internal style guide somewhere mandating the use of 9:41. But are people who make the images (photographers, marketing, web team, doc writers) supposed to set the devices (or their clocks) manually? Do they have corporate photoshop scripts for setting the time in "post-production?" Maybe there are test settings (later removed for shipped code) that allow the time to be "frozen" so all screenshots look natural at the desired time. Can anyone inside Apple tell us?

ChrisClark 5 hours ago 2 replies      
Google also uses specific times in their screenshots. But the times match up with the version of Android it is running.
EC1 5 hours ago 2 replies      
Anywhere else I have ever worked has pretty much always used 4:20 in the UI as a joke. When I started work as UI/UX lead at a bank a year ago, all the process work that was done with the previous team had some arrangement of 4:20 worked in everywhere haha.
anonymfus 5 hours ago 0 replies      
Nokia usually uses model numbers. 9:20 for Lumia 920, for example.
lukashed 59 minutes ago 0 replies      
I love these little details. I remember walking past the billboard in front of a not-yet-opened Samsung store that showed the Galaxy Gear and some other Galaxy Smartphones. All devices had different times on them.
adnrw 2 hours ago 0 replies      
Here is a 2010 article, also on TUAW, about the same thing: http://www.tuaw.com/2010/04/12/9-41-9-42-the-secret-of-apple...
sebbean 4 hours ago 1 reply      
can someone answer why 4:20?
leccine 3 hours ago 0 replies      
Mine has 4:20PM all the time. Does anybody know how to fix?
Aloha 5 hours ago 0 replies      
TMYK - I love stuff like this :-P
Ellipsis753 4 hours ago 0 replies      
Hehe. Interesting and kind of strange.If it's so important that the screen-shot shows the current time when it is displayed why not just have it show the correct time with a program? It doesn't seem like that would be terribly difficult.
Sharlin 6 hours ago 1 reply      
I wonder if it's a coincidence that 1, 4 and 9 are also the squares of the first three natural numbers. And, consequently, of course the relative dimensions of these: http://en.wikipedia.org/wiki/Monolith_%28Space_Odyssey%29
netcan 5 hours ago 3 replies      
Imagine having to reprint brochures, reshoot something or even have to tinker around with the clock so all your screenshots are 9:41.

There are cute quirks and there is attention to detail. But at some point or another it becomes a cultish bureaucracy no one knows the origin of demanding that all clocks alway show 9:41 for some long lost reason.

Bitcoin promoter Shrem indicted in NY for money laundering reuters.com
16 points by downandout  1 hour ago   9 comments top 2
downandout 24 minutes ago 0 replies      
Fortunately, this case is much more about Charlie Shrem and his penchant for violating laws than Bitcoin itself. I think this guy - who now refers to himself as "Charlie van Bitcoin" - just doesn't get it. There are laws out there, and he doesn't seem to want to follow them. Here's an example:

He is out on bail on this case right now. As someone out on bail for a federal felony, he is prohibited from using or possessing deadly weapons (knives, guns etc.). There are people in his position that have found themselves in trouble over kitchen knives. Yet Charlie publicly posted yesterday that is the proud new owner of a World War II Nazi Dagger.


He will eventually learn, but apparently he hasn't yet.

sillysaurus3 39 minutes ago 5 replies      
Setting aside the fact that allegedly he was doing illegal things, it's interesting to note that PGP didn't protect him.

(I'm basing this on two assumptions: SR encourages its users to use PGP, so therefore unless he was blindingly stupid, he, too, was using PGP; and that he never slipped up once. The second assumption is probably invalid.)

Anyone have details as to how these charges came about?

What if we never run out of oil? theatlantic.com
28 points by todayiamme  2 hours ago   26 comments top 10
jeremyjh 52 minutes ago 1 reply      
'Because the costliest stuff is left in the ground, there will always be petroleum to mine later. When will the worlds supply of oil be exhausted? asked the MIT economist Morris Adelman, perhaps the most important exponent of this view. The best one-word answer: never.'

Yes, but it does not follow: "Effectively, energy supplies are infinite."

This is such a massive failure of basic logic that I really do not think anything more needs to be said. Yet I will say it. The fact that a given energy source requires more energy to produce than it can yield does not make it an infinite source! Nor does a source which can yield a positive flow but does not present a better return on capital than other existing sources off an infinite supply. Just because it will never be used does not mean it is infinite!

_red 1 hour ago 2 replies      
Basic economics already says we will never run out of oil. Sure it may be $10,000 per barrel, but it will still be available.
tokenadult 1 hour ago 0 replies      
Previous submission of this 2013 article (which I think is not the only one, as I remember another with more comments):


nfoz 16 minutes ago 0 replies      
What if the sky rained donuts!
dfa0 18 minutes ago 0 replies      
We don't know how much oil exists,but we do know it is finite.

The sun's energy will out last us all, millions of times over. Plants have it figured out. We should ask them.

Plus what happens when we are ready to leave Earth? Surely we'll need a way to feed off of the stars then anyway, so why not start now.

fulafel 22 minutes ago 0 replies      
The even bigger deal about methane hydrate is its release from the formations as climate warms (and it's a feedback loop) - https://en.wikipedia.org/wiki/Clathrate_gun_hypothesis
blacksmith_tb 1 hour ago 2 replies      
So, if we switch to using methane hydrates and shale gas instead of coal and oil, we will be emitting less CO2 - obviously not as big a step away from fossil fuels as going all renewable (and/or nuclear), but seemingly better than doing nothing...
api 1 hour ago 1 reply      
We won't ever run out of oil. What will happen is that oil EROEI will drop and cost will increase until other sources of energy are more cost-competitive and oil becomes obsolete. (... OR if other sources cannot replace oil, economic collapse and demand destruction until demand equals supply.)
yeukhon 1 hour ago 0 replies      
I wonder how much power we could generate if we really have an affordable solar panel for everyone to use, put a giant sheet of panel up in the space, storing mechanical and wave energy as we walk, drive on the road and move things around the house, convert organic waste (human and animal poop) into energy.
comicjk 1 hour ago 1 reply      
Methane hydrates are not oil. This article is amateur nonsense.
The Guardian and Washington Post win the 2014 Pulitzer Prize for Public Service pulitzer.org
293 points by danso  5 hours ago   20 comments top 6
etiam 5 hours ago 1 reply      
In terms of importance, I think this was practically a given, but I've seen statements from people doubting if the Pulitzer Prize Board would have the courage to make a decision that still wouldn't sit well with certain powerful people.

Turns out they did. I'm very pleased to see that. Congratulations to the winners!

jwr 4 hours ago 0 replies      
...while Edward Snowden, the source of all the information they published, is being hunted down and prosecuted.


danso 5 hours ago 0 replies      
Journalism geekery: the "Public Service" award is often considered the best of the Pulitzers, partly because it is relatively equally distributed among smaller, lesser-known organizations as well as the big organizations...so it's sort of a implicit statement on how great journalism shouldn't be dependent on market size and staff resources.

So when a big organization like the Washington Post, and the Guardian US, win it, that's a strong statement. They could've just as likely been given the National or Investigative reporting awards.

(also, unlike the other prizes, there is no cash prize for the Public Service award)

The WaPo has won it before, including for Watergate and the Walter Reed investigation: http://www.pulitzer.org/bycat/Public-Service

hpriebe 5 hours ago 1 reply      
Interesting to see that the runner up - Newsday - was selected for using digital tools to expose shootings, beatings and other concealed misconduct by some Long Island police officers. This highlights the increasingly complimentary role of digital tools and traditional reporting.

Anyone know what kind of digital tools they used?

Anyone know of other digital tools journalists/the press use to investigate/uncover content?

spacefight 5 hours ago 0 replies      
This is great news and well deserved. I hope that the price strongly motivates those in charge at either news company to press on with their coverage.
subdane 5 hours ago 0 replies      
The awards are for breaking the Snowden secret surveilance revelations.
Huginn: Like Yahoo Pipes plus IFTTT on your server github.com
394 points by ColinWright  13 hours ago   77 comments top 20
albertsun 10 hours ago 2 replies      
The best part of Huginn is being able to self-host and write any arbitrary agents you want.
malanj 10 hours ago 2 replies      
This looks really awesome for managing an office. We're currently automating things using Google scripts and other custom glue to do things like order food, get feedback on lunch and mail people weekly digests activities. Sounds like this could be a great solution for this.
hyp0 9 hours ago 1 reply      
I always liked the Yahoo Pipes concept... but it didn' seem take off... and I personally found it too limited for everything I tried to do with it. Perhaps it's just another case of the old "visual programming language" is harder than it looks.

I hope Huginn does better. I like their copywriting "You always know who has your data. You do."

danso 12 hours ago 0 replies      
Also relevant: How the New York Times interactive team uses Huginn


> Most prominently, we used it during our Olympics coverage to monitor the results of the API we built and let us know if the data ingestion pipeline ever grew stale. To do that, we set up a pipeline

fasteddie31003 11 hours ago 2 replies      
I am working on a similar project called Taskflow.io that is aimed at more backend business oriented tasks. It can do similar things through an interface flowchart editors where you make the actual flowchart that gets executed. I would still consider it a public beta. I would love your feedback.
yukichan 9 hours ago 0 replies      
Zapier is also good with lots of integrations, but it's a little pricey. Yet if you calculate what your time is worth and include the amount spent on making this work plus customizations, it's probably less. Depends on if Zapier can do what you want.
thomasfl 7 hours ago 1 reply      
Will this run on a standard heroku stack? The wiki says it will run on OpenShift and CloudFoundry. https://github.com/cantino/huginn/wiki
FroshKiller 12 hours ago 1 reply      
One of the developers posted about this recently: https://news.ycombinator.com/item?id=7582316
c0nsumer 8 hours ago 1 reply      
This is a really frustrating name. Hugin is already used for panoramic photo stitching software: http://hugin.sourceforge.net/

This just has another N bolted on to the end and does something completely different.

jayxie 5 hours ago 0 replies      
Exciting stuff, it would be amazing to build an AI layer on top of this that mines your browsing habits (depending on your paranoia settings) and automatically generates agents based on your interests.
zwentz 2 hours ago 0 replies      
This would be very cool for automating parts of AWS. Inclement weather coming? Or an earthquake? Start spooling up servers in another region.
platz 8 hours ago 3 replies      
Excluding the UI, I wonder if storm is a more robust, if more complex, option to do the same types of things: http://storm.incubator.apache.org/
kzahel 10 hours ago 4 replies      
Does this have a companion android/iOS app to upload location data?I really like the idea of self hosting something like this.
weavie 11 hours ago 0 replies      
This sounds like an excellent project to make use of my raspberry pi.
kirk21 8 hours ago 1 reply      
Where can you get an invite code? http://snag.gy/xh6uk.jpg
SloughFeg 10 hours ago 1 reply      
Is there an online sandbox anywhere to check it out? A project like this simply calls out for their to be a live demo.
rcyeager 10 hours ago 1 reply      
Another Pipes+IFTTT tool: https://wewiredweb.com
notastartup 10 hours ago 1 reply      
what would be great is if each agent was somehow able to obtain it's own ip address.
psaintla 10 hours ago 1 reply      
Am I missing something or is this just another rules engine?
dfc 9 hours ago 1 reply      
You are doing it wrong. Colin's style is more like this:

  Previous discussion of the project:  https://news.ycombinator.com/item?id=7582316 # Yesterday  https://news.ycombinator.com/item?id=5377651

My Ideas: My bosses' Property nytimes.com
5 points by jcabala  13 minutes ago   discuss
How the backpropagation algorithm works neuralnetworksanddeeplearning.com
65 points by oskarth  5 hours ago   9 comments top 8
dave_sullivan 3 hours ago 0 replies      
This book is really coming together. It's been a while since I've put together a (100% not comprehensive) list of good places to start if you're looking to learn more and/or use deep learning in your projects.

Open source

Pylearn2 (used to win kaggle galaxies competition): http://deeplearning.net/software/pylearn2/

Theano (symbolic math library used by Pylearn2): http://deeplearning.net/software/theano/

Deep learning tutorials with theano (build your own neural networks): http://www.deeplearning.net/tutorial/


Convnet JS: http://cs.stanford.edu/people/karpathy/convnetjs/

Sentiment Analysis: http://nlp.stanford.edu:8080/sentiment/rntnDemo.html

3d word cloud (webgl): http://wordcloud.ersatz1.com/


Ersatz (I'm a co-founder, it's a PaaS providing neural network software with cloud GPU servers): http://www.ersatzlabs.com

Good Reading

Deep learning of representations: looking forward http://arxiv.org/pdf/1305.0445v2.pdf

Zero-Shot Learning Through Cross-Modal Transfer: http://arxiv.org/pdf/1301.3666v2.pdf <-- C'mon, that's pretty amazing...

Solution for the Galaxy Zoo challenge: http://benanne.github.io/2014/04/05/galaxy-zoo.html

Pylearn2 in practice: http://fastml.com/pylearn2-in-practice/

j2kun 1 minute ago 0 replies      
Can someone explain to me why NN's are always in layers?
avaku 1 hour ago 0 replies      
Can I come up with a bit of criticism? This book does provide a great description of the details of the algorithm inner workings (very cute demons too). However, after reading this chapter (sorry I haven't looked at the other ones), there is still a feel of a bit of mystery about why it works, and even more why it might not work. Possibly is is covered in other parts of the book, so I apologise if this criticism is not justified. I am personally a big fan of Christopher Bishop's book Pattern Recognition and Machine Learning, where backprop is described as an architecture for efficient computation of multiple stochastic gradient descents... I was involved with NNs before, but only after understanding where the algorithm for individual neurons comes from, I could properly appreciate the benefits of backprop (and understand the drawbacks).
argc 2 minutes ago 0 replies      
Or "Why I wish I was better at math."
oskarth 5 hours ago 0 replies      
This is chapter two of Michael Nielsen's book on Neural Networks and Deep Learning [1].

If you haven't heard about it before, I highly suggest you check it out.


agibsonccc 4 hours ago 0 replies      
This is a great explanation of backpropagation. For those who just want the formulas, my personal favorite has been stanford's ufldl resource:


The general intuition behind backprop is that, taking prediction error in to account (think how many labels it got wrong) How far off were the predictions? Based on that go back and penalize the weights that caused the error by that much.

Multi layer perceptrons (as well as multi layer deep nets) have multiple layers whereupon you send the input through the network and make a guess.

Then you basically keep updating the weights (iteratively via gradient descent, conjugate gradient, LBFGS,...) till it doesn't change much. It does this by conducting a search navigating using the cost: or objective function. For more in depth, obviously the above book covers this quite in depth.

For those who want to just use deep learning, I will be giving talks at both OSCon and Hadoop Summit this year on distributed deep learning using 2 different frameworks I commit to [1] and [2]. Happy to answer questions!

[1]: http://deeplearning4j.org/[2]: http://github.com/jpatanooga/Metronome/

plg 4 hours ago 1 reply      
Nice description of backprop for sure.

Aren't people using conjugate gradient descent to optimize NN weights now? Sure you need the partial derivatives but ... that's what GPUs are for, right? :)

cjauvin 5 hours ago 0 replies      
This seems like it will be a very interesting book. If anyone is interested, I have written a short and compressed intro to NNs, using very simple Python code:


'Gods' Make Comeback at Toyota as Humans Steal Jobs From Robots bloomberg.com
28 points by sologoub  2 hours ago   7 comments top 4
alrs 18 minutes ago 0 replies      
The future of software is the aggregate of teenagers the world over messing around with Linux, Arduino, etc.

Without entry-level jobs they're just going to be distro-hoppers who never get a foot in to industry.

jpwright 1 hour ago 0 replies      
I can't wait to pick up a hand-crafted artisanal Camry from local Kami-sama.
sbierwagen 1 hour ago 1 reply      
Naked, obvious PR plant.
dang 1 hour ago 2 replies      
The original url was blogspam [1]. I changed it to point to the original source. When you submit an article, please make sure it isn't lifting from some other source; if it is, please follow the HN guidelines and submit the original instead.

[1] http://www.leftlanenews.com/toyota-assembly-line-robots-repl...

Sketch 3 released bohemiancoding.com
166 points by jrnkntl  12 hours ago   101 comments top 25
chestnut-tree 6 hours ago 1 reply      
I've always wanted to try Sketch after reading so much positive praise. But I'm on Windows and I doubt the Sketch team have the resources (or interest) in producing a Windows version.

For those of us on Windows looking for an alternative to Adobe Illustrator, here are two possibilities. Neither of these match Illustrator feature-for-feature, but they're perfectly capable for designing interfaces or web graphics.

Inkscape: free, open source and cross-platform (Windows/Mac/Linux). It holds up well against Illustrator and can produce professional-looking results. If you're familiar with other vector drawing apps, the interface won't feel too intimidating. If you're a complete newbie, it might take a little while to learn the interface. Downsides: It doesn't do multi page layouts (not an issue for everyone). It doesn't feel like a native windows app and can be slow at times with large or complex drawings. Some of the dialogs are cluttered and not always clearly laid out. There are tutorials on the web (and books) but nowhere near the volume you'll find for Illustrator.


Xara Photo and Graphics designer: Windows only ($90/70). This is fast (faster than Illustrator) and well featured. The interface in my opinion is better than Illustrator in many respects. For example, to add a drop shadow, simply drag out a shadow from a shape. In Illustrator, it's done non-interactively via a modal pop-up dialog box. You can create multi page layouts (much easier than Illustrator's clumsy artboard management). Downsides: like inkscape, it has an enthusiastic community of users but nowhere near the number of learning resources as Illustrator. It produces anti-aliased images but for web graphics this can sometimes be problematic because the anti-aliasing is applied to straight lines too (so you sometimes get slightly blurry straight edges rather than crisp ones). Illustrator has solved this with its "align to pixel grid" option.

There is a free trial of the program available


dogduty 0 minutes ago 0 replies      
Please stop complaining about having to pay $50 for an upgrade. That wouldn't even get you 2 months adobe subscription. Nobody is forcing you to upgrade.
relix 11 hours ago 4 replies      
In case anyone else was looking for this: Sketch 3 is not a free upgrade like Sketch 2 was. If you bought Sketch 2 after March 31 you get Sketch 3. For everybody else, there's no upgrade license, you have to get the full version even if you own Sketch 2.

The price is $50 until until April 21, then it'll be $80.

Source: http://bohemiancoding.tumblr.com/post/82681566874/sketch-3-i...

For me the Mac app store (non US) still shows Sketch 2, so I'm assuming there's some caches that need to expire before everyone will be able to see it.

EC1 11 hours ago 6 replies      
I LOVE Sketch, but I the two issues I have with it are:

First, text is buggy when at an extreme size: [1][2]

To view it properly I have to resize or slightly move my canvas and it somehow "refreshes" the view.

Second, there is a huge lack of support and little to no tutorials on Sketch. It's also hard to Google any problems because it's called... Sketch.

I find it ridiculous I have to shell another $50 / $80 for a new version. Just give me an upgrade for $25.

Also, for any iOS designers, I highly suggest buying Sketch mirror: [3]

You can preview your designs live on your iOS device and move through different screens, live, while you design. This, and then using LiveReload to code mockups is super efficient and fun.

[1] http://cl.ly/image/0g3y1w3i3Y3m

[2] http://cl.ly/image/3z3k0x2J151s

[3] https://itunes.apple.com/us/app/sketch-mirror/id677296955?mt...

DigitalSea 3 hours ago 0 replies      
One of the very few and highly rare occasions I am jealous of Mac users. As a Windows user who used to religiously use Adobe Fireworks for all facets of web design, I am very jealous that Mac users have a decent alternative to Fireworks after it was discontinued last year.

I think there is a big gap in the market for a company (whether that be Bohemian Coding or not) to create a program like Sketch for Windows. I read somewhere a little while ago that there won't be a Sketch for Windows any time soon, but still holding on to the hope that one day there'll be something at least like it for Windows. Sketch 3 looks fantastic.

betadreamer 5 hours ago 2 replies      
For those of you who have the latest Sketch2, here are the major improvements:

1) Symbols - Group of objects that will sync. Although I prefer Unity3D's prefab approach, it will be useful.

2) Export tool is soo much better. Especially multiple size format. No longer just 1x or 2x.

3) Bitmap editing. No longer have to open PS for cropping/editing.

4) Vector modes is in UI. No more click/trial/error.

There are other small ones but these are the main advantages.

In my opinion if you are a professional its definitely worth an upgrade. But for hobbyist like me, these new features are not worth the jump.

pornel 11 hours ago 2 replies      
I'm disappointed that even modern applications have poor PNG compression.

With pngquant (--quality=95) and ImageOptim I'm able to make Sketch's "Exported for web" files literally 3 times smaller.

shawndumas 10 hours ago 1 reply      
Watch out! the link on the home page goes to the older version. I just bought the more expensive version 2 when. (In my excitement it never occurred to me that they didn't update the link and also I am a moron.)


here is the correct link --> https://fnd.io/#/mac-app/852320343-sketch-3-by-bohemian-codi...

AhtiK 11 hours ago 1 reply      
Seems to be caching old version of the website for some locations.

https://twitter.com/marciplan/status/455694272487251968/phot... is how the new website must look like. I still get the old version regardless of how many times I refresh.

Could someone with a new page post the itunes url for Sketch 3 so I can check the minimum reqs if it's still 10.7? (I'm on OS X 10.7.5 and not all apps support it these days..)

psteinweber 11 hours ago 1 reply      
Useful app that I use in web design production a lot. I hope version 3 gets rid of some of the annoyances (e.g. weird behavious and crashes after long use). A more detailed changelog would be great.

Most annoying thing hasn't changed though: the name. It makes it really hard to get relevant Google results when searching for bugs, features etc.. Adding "bohemian coding" helps sometimes, as does adding "app" (but less so). Would have liked to see "Bohemian Sketch" or "Sketch BC" or something alike.

Let's complete my wishlist with a discount for upgraders (a.k.a. the biggest fans).

Anyways, will very likely continue using it, no matter how it's called. And the price is still very competitive compared to Adobe's Photoshop and/or Illustrator.

_zen 7 hours ago 2 replies      
Do Pixelmator and Sketch 3 complement one another? I already use Pixelmator and love it.

Unless mistaken, Pixelmator is like Adobe Photoshop and Sketch 3 is like Adobe Illustrator?

jasallen 10 hours ago 1 reply      
Anyone know if you can open a multiple artboard .ai file with Sketch? Well, it opened, but I can only see the first artboard. Hoping I'm missing an option somewhere?
coldcode 11 hours ago 2 replies      
I wonder if it still does the stupid duplicate functionality that S2 did which was totally unlike the past 30 years of drawing program functionality. I really wanted to like S2 but this turned me off from using it. I guess it will cost $49 to find out.

I wish Apple would allow trial versions but I know why they don't. It doesn't matter to them.

TheBindingVoid 11 hours ago 0 replies      
Reusable Symbols like Fireworks! I really do hope they keep picking up the good parts of Fireworks and create a dedicated, high quality screen design tool. Because there is none at the moment.
kaivi 11 hours ago 1 reply      
Just downloaded the demo version and got this: http://cl.ly/image/161S1B0d1j3E Also, the App Store is still selling Sketch 2, nor is there anything about v3 on their website.

How do I get the new version and the list of improvements?

1st1 6 hours ago 1 reply      
One thing I was expecting to see fixed in the next major Sketch version is accuracy of resizing vector shapes. Suppose I have a big vector icon (or outlined text-logo), and want to scale it down. When I do this in Sketch, the scaled down version looks crippled.
hit8run 1 hour ago 0 replies      
Aaaaaaaand BOUGHT :D
seymores 11 hours ago 1 reply      
I am a big fan of Sketch.That said, I really hope they give some discount for upgrade.
leemcalilly 7 hours ago 0 replies      
Is this a good replacement for Illustrator? I need something that allows me to edit and create vector logos, etc.

The other option I'm looking at is iDraw.

SneakerXZ 8 hours ago 2 replies      
How does Sketch compare to Photoshop for web design and mobile design?
mengto 11 hours ago 0 replies      
Sketch is by far the best UI design application out there.
zeel 10 hours ago 0 replies      
They still haven't fixed the "Set Style as Default" bug for fills on the vector tool.
jasonlotito 12 hours ago 4 replies      
It mentions it's for mobile design and talks in general terms, but I'm getting a sense it's limited to just iOS? Is there support for Android?
mbrutsch 10 hours ago 2 replies      
Meh, Mac.
pawelkomarnicki 8 hours ago 2 replies      
Pah, another iterative upgrade with a hefty price tag...
SpaceX CRS-3 launch scrubbed due to helium leak livestream.com
161 points by mkempe  12 hours ago   104 comments top 14
gedmark 8 hours ago 5 replies      
Just to set expectations, SpaceX has tried to recover the 1st stage of almost all of its launches to date. (Using just parachutes for most of them). They've yet to successfully recover a first stage.

Their most recent test went pretty well all things considered. For the first time they tried a "death swoop" maneuver, turning the 1st stage 180 degrees around as it was starting to re-enter and refire some of the engines to slow it down. It picked up a nasty roll though and centrifuged the propellant, cutting the engines prematurely. They recovered some debris but that's about it.

It's hard to overstate how big a deal it will be if they pull this off. But the odds of success are very low, given the propensity of these things to tumble and roll on reentry.

haswell 5 hours ago 1 reply      
Sadly, the launch has been scrubbed due to a helium leak.


Next attempt will be April 18th.

Gravityloss 9 hours ago 1 reply      
If the first stage reusability works fine and cost per flight goes down a lot, then it starts making sense to optimize the upper stage and spacecraft for lower cost per flight as well. (Because now, even if the first stage flight was free, the launch would still cost a huge amount of money.)

In manned flights to low earth orbit, since the spacecraft reenters, at least that part could be reused.

The second stage is hard to reuse because it flies so far downrange horizontally and reenters at very high speed. The engine also can't run low in the atmosphere, meaning somehow different recovery than for the first stage.

The parts of the spacecraft that are not heat shielded (service module) will be sacrificed, but in the future the whole spacecraft might be a monolithic entity or even part of the second stage and do its mission and reenter and land as a whole.

rbanffy 3 hours ago 0 replies      
I imagined the launch control announcing the abort with a chipmunk voice...
geerlingguy 11 hours ago 0 replies      
There's also a good thread with links, updates and commentary over on Reddit: http://www.reddit.com/r/spacex/comments/22zo8c/spacex_crs3_l...

Launch time is 20:58:44 UTC (16:58:44 EDT), and of note, this launch will be deploying over a hundred femtosats, and will be SpaceX's first attempt at first stage vertical landing (over water).

wolf550e 9 hours ago 0 replies      
live updates with video:


NASA live stream (higher resolution than above):


SpaceX live stream:


simonh 9 hours ago 4 replies      
I obviously don't know what I'm talking about, but my main concern is the landing legs. Building deploy-able landing legs strong enough to handle a landing but light enough to make the concept viable isn't going to be easy.

The leg frame on Grasshopper looks massively over-engineered, which is fine for a test vehicle but would be far too heavy for an actual launch vehicle. We have still to see the final leg design, and the ones in the CGI mockup video look, to my untrained eyes, very skinny. Grasshopper has proved the basics of the maneuvering and landing capability, but there's still a fair way to go.

unreal37 11 hours ago 0 replies      
Interesting, it's going to land vertically in water as if it was on land. Low chance of success (30-40%)
dm2 11 hours ago 2 replies      
Is this one of their Grasshopper rockets?

Apparently the name Grasshopper was just the name of the rocket during the tests, because I can't find that term used anywhere.


hyp0 10 hours ago 0 replies      
This would be awesome! Can you imagine seeing that thing land! Like the numerous very cool test flghts, up-down, but for real...

This is an incredibly significant step, and crucial for the long-term vision of cheap space-travel through reusable vehicles.

coreymgilmore 10 hours ago 2 replies      
This is like "guess and check" method, just on steroids for rocket scientists. 30-40% sounds like a good enough percentage to me.

If I remember correctly, it wasn't until the space shuttle solid rocket boosters that NASA managed to recover a 1st stage. SpaceX is a lot younger.

callesgg 7 hours ago 2 replies      
Seams to me that a braking parachute could help enormously with the fuel economy of the landing.
rkarachinsky 11 hours ago 1 reply      
FYI, the launch itself will be at 4:58pm ET.
api 9 hours ago 2 replies      
This is IMHO bigger than Apollo. The moon missions were an expensive one-shot, while this has the potential to truly open the frontier.
Scalable Program Architectures haskellforall.com
84 points by mightybyte  9 hours ago   53 comments top 5
quchen 8 hours ago 2 replies      
Gabriel is also the author of the popular Pipes Haskell library, and nice person in general. Both of these make me heartily recommend his other blog posts about various Haskell topics, which often portray advanced features remarkably well.


Scrap your type classes: http://www.haskellforall.com/2012/05/scrap-your-type-classes...

Hello Core: http://www.haskellforall.com/2012/10/hello-core.html

Coding a simple concurrent scheduler yourself: http://www.haskellforall.com/2013/06/from-zero-to-cooperativ...

Tutorial as part of library doc (!): http://hackage.haskell.org/package/pipes-4.1.1/docs/Pipes-Tu...

twic 6 hours ago 8 replies      
The idea that this composability is unique to Haskell is false. Java's streams are an example of exactly the same thing in another, non-functional, language. The Gang of Four "decorator", "composite", and "chain of responsibility" patterns are further general examples.

It is true, perhaps, that in Haskell, programmers reach for homogeneously-typed composition more readily than programmers in other languages. Good for them! But it's either arrogance or ignorance to assert that this is a special Haskell thing.

Furthermore, i am dubious that this really is a good strategy for building large programs. The idea that you can combine lots of parts of some type to build a bigger part of the same type is extremely appealing. But in my experience, the bigger part often has slightly different properties, behaviours, or uses which warrant a different type with more features. Unless you want to impose those features on the smaller types too.

For example, consider a batch application which processes files through a number of stages (i realise it's the 21st century, but apparently we still need to do this). There is clearly a type for a stage, with values for things like uncompressing, validating, renaming, parsing, etc. There is probably going to be a type for a chain of stages, with values for various uses of the application. A chain looks like it should have the same type as a stage - ultimately, both take a file in, and spit a file out.

But then, it turns out that we want to move the file through a sequence of directories, one for each stage, as we process it (the operations guys are really keen on this). Furthermore, we need to be able to report on what files are currently at which stage. So, a stage knows which directory it owns - presumably, it has a property of type directory for that. But a chain owns all the directories of its component steps, so it owns several directories - it's going to need a property of type collection of directory. So what do you do? Report a single directory for the chain, and somehow expose the rest through a backdoor? No, that's a kludge. Have every step report a collection of directories, which will mostly be single-element collections? No, that's weak, because the type of a step no longer fully describes its the constraints on it. Use a higher-kinded type parameter, so the chain can have a collection of directories, while the steps have a single one? Mad wicked, but racks up the reader's cognitive load. Use different types for steps and chains? Well, actually, since that's simple and doesn't have any practical drawbacks, probably yes.

dkarapetyan 45 minutes ago 0 replies      
I think the general principle here is combinator based approaches to program structure. Combinators are just as easy to use in object oriented languages as they are in functional languages especially languages that allow some form of operator overloading. The following is all valid ruby code

  f > g  f | g  (f | g) >> lambda { ... }  (f > g) >> lambda { ... }
Taking these ideas a little bit further you end up with mini DSLs purpose built for expressing things very concisely. In fact if you squint a little bit you could imagine the above code expressing some form of BNF grammar as Ruby code and there are several parser combinator libraries out there that do exactly that.

I find it a little annoying that the general principles get lost behind smoke and mirrors like monoids and monads when things are in fact much more accessible and do not require anything other than some basic understanding of abstract algebra. It's the algebraic and not the fancy static types approach that has paid the most dividends when it comes to how I structure my code for readability and maintainability.

gregw134 2 hours ago 0 replies      
If anyone wants to contribute to a similar project, I've started a concurrency framework for Java: https://github.com/Gregw135/Simple-Java-Concurrency-Framewor...
briantakita 7 hours ago 3 replies      
> This is one reason why you should learn Haskell: you learn to how to build flat architectures.

I suspect that most people learn the advantages of flat architectures with experience using any programming language. For me, I started to "get it" with Javascript & Ruby. So Haskell hardly has a monopoly on this.

I understand that Haskell has a different take on this. It seems the author has found a pattern in Haskell that he frequently uses.

Ideally, I can use patterns in multiple languages, so my experience can seamlessly transfer.

This often means there's a lowest common denominator to a particular pattern. I'm afraid that if I learn a pattern unique to Haskell, that it is not applicable to any other language. I suspect that there are underlying & common principles that are expressed differently with Haskell.

A performance comparison between Java and C on the Nexus 5 learnopengles.com
141 points by fysx_  12 hours ago   94 comments top 17
jeswin 10 hours ago 11 replies      
I've been an Android user since my first smartphone. I've heard several times iPhone users complain that Android equivalents of their iOS apps felt sluggish; though they couldn't pinpoint it exactly. If these numbers are true, it might well be true. Objective-C might not suffer from such a significant slowdown.

I think it is one of the things Apple gets right; they know what matters. As an outsider to the iOS/Mac ecosystem I've often felt that Apple makes trade-offs in productivity to achieve a better experience for the end user. While these tests aren't indicative of typical app performance (most apps aren't doing math in a loop), an order of magnitude performance difference is enough to show up on many apps.

I wonder if Google made a mistake by not choosing native code for Android apps. We have heard forever about Java (and other run-times) getting close to C in performance, but outside of specific test cases native code still runs circles around everything else out there.

Narishma 11 hours ago 1 reply      
He keeps saying C but the source code he shows at the end is clearly C++, even if the file has a .c extension.
izacus 10 hours ago 1 reply      
Well, yeah, when you start developing for Android you quickly find out that Dalvik JIT is kinda crap and it just doesn't do inlining and hotspot optimizations very well.

Which means that pretty much computationaly intensive tasks (e.g. image processing, crypto, etc.) are several orders of magnitude slower than what you're used from desktop JVM. That's especially noticable in Android's BouncyCastle crypto implementation, where standard algorithms like PBKDF#2 derivation function can take ages (e.g. 3 seconds for 10.000 iterations on Nexus 4). Simply just moving those algorithms to C library without any optimizations quickly gives you orders of 100-500x speedups just from the GCC compiler (the before mentioned OpenSSL implementation of the derivation algorithm runs about 80-150ms for same parameters and result). So now we do pretty much any crypto or bitmap algorithms in C and just call C library via JNI.

Of course... most apps don't really do anything computationally expensive so C doesn't give much benefits.

rossjudson 7 hours ago 1 reply      
No source code for the test framework; can't see how the code is called. If there are repeated calls through JNI, JNI transit time can often be a significant factor.

How many times through the benchmark? Did the JIT get a chance to warm up? Caliper provides a framework that can be used to properly assess performance.

There's no benchmark here without seeing a more complete picture.

hrjet 11 hours ago 0 replies      
Proguard does a lot of optimisations ahead of time and is part of the standard workflow for Android development. It would have been a more fair comparison if Proguard optimisations were enabled (or mentioned if already enabled).
justin66 2 hours ago 0 replies      
Why do we often use graphs when displaying benchmark results? Because it gives us a way of avoiding sentences like this:

Even the slowest native build using clang is not more than 43% slower than the best native build using gcc.

sehugg 1 hour ago 0 replies      
It's weird that the author chose to use field accesses (in every possible instance) instead of local variables in the manually optimized version.
nly 10 hours ago 1 reply      
Take home: Dalvik still sucks and ART isn't good enough to replace C++ for numerical computation on Android yet?
sagargv 8 hours ago 1 reply      
An important aspect of mobile performance that this article doesn't really go into is memory. Its not just about CPU speed. Java performs quite close to C when excess memory is available, but performs poorly under low memory conditions. This is true of all GCed langs. The fact that iOS apps feel snappier is in no small part due to better memory management (ARC).

Source: Why mobile web apps are slow - http://sealedabstract.com/rants/why-mobile-web-apps-are-slow...

hyp0 11 hours ago 5 replies      
i'm amazed and hurt that dalvik doesn't do inlining (but if JIT will need a few runs to get going... not unreasonable on a phone, if the app can stay resident in memory)

for my fellow perplexed: ART is a java runtime (dalvik alt) https://source.android.com/devices/tech/dalvik/art.html

impressive improvement, x2 dalvik (on this one case...)

BUT for similar GHz (2.3 vs 2.6), intel is x2 to x8 times faster than ARM...

bratao 11 hours ago 3 replies      
Its very common to see people claiming that Java is faster than a native compiled application. But my gut feeling says otherwise.

I don't know the Java internals on Windows. But someone know why applications with graphical interfaces feels so slow ? My rough guess is that even if Java is fast for mathematical operations, it needs to call native libraries for drawing and this is expensive because of the isolation.

lnanek2 9 hours ago 1 reply      
I wonder if he is using ProGuard. He mentions having to manually inline functions, so I think not. It is built-in to the Android build process, nowadays, though, and can be turned on with just a property setting.
raverbashing 10 hours ago 1 reply      
And this is one of the reasons the iPhone feels more responsive with the same (or worse) hardware

Sure, Dalvik may have a JIT but it's difficult to do miracles with a limited amount of memory (and the JIT needs to be fast as well)

higherpurpose 10 hours ago 2 replies      
When is Google going to support Go in Android?
fsk 3 hours ago 0 replies      
I thought that C on Android compiles to bytecode just like Java, rather than being a true native binary?
kurtisnelson 11 hours ago 3 replies      
This leads to the question: How soon until I can use Art as my daily driver?
userbinator 10 hours ago 0 replies      
It's interesting to see the saying "Java: compile once, run (slowly) everywhere", which has been around for about as long as Java has, still applies after all these years despite claims that somehow "better technology" in compilers will make the efficiency gap disappear.

You don't have to be a computer scientist to see that the fastest way of doing anything is not doing it at all --- and with Java's architecture, there will always be instructions executed which are completely unnecessary in native code. They can make huge sacrifices in memory consumption (e.g garbage collection that doesn't collect at all, if you have enough memory) to try to reduce things like allocation/deallocation cost, but in the end they're still wasting more resources.

Building Carousel: How we made our networked mobile app feel fast and local dropbox.com
43 points by spoletto  6 hours ago   4 comments top 3
didgeoridoo 5 hours ago 1 reply      
For more on the subject of "optimistic interactions", check out Luke Wroblewski's post from July of last year on getting the Polar app to feel super-responsive: http://www.lukew.com/ff/entry.asp?1759
mwcampbell 49 minutes ago 0 replies      
The couple of short code fragments in this article suggest that the cross-platform code in this app is in C++. Can anyone inside Dropbox say whether this is correct? And if so, were you able to use any tools to make the JNI glue code less tedious to write for the Android version?
chj 16 minutes ago 0 replies      
I don't understand. Isn't this what Dropbox Sync API for?
Laboratory-grown vaginas implanted in patients kurzweilai.net
138 points by ca98am79  11 hours ago   60 comments top 11
tokenadult 9 hours ago 1 reply      
The journal The Lancet, which published the peer-reviewed case report[1] on the latest news commented on in the submission here, makes available the full text of a commentary article from 2011[2] about the work of the same doctor, who has worked on several kinds of replacement human organs.

My alma mater university is one of several centers around the world of research on growing human tissues on spatial matrices of various kinds to grow replacement organ parts (e.g., heart valves) or organs (e.g., tracheae).[3] I had the pleasure of touring one of the labs here with one of my children, and the researchers in the lab said the research involves experimenting with different materials to form the matrix on which the human cells grow, and of course learning what three-dimensional form of the matrix will produce the best replacement part, with plenty of other issues to research besides. This path of research is one of the reasons why I think it is quite plausible that incremental improvements in life expectancy at middle age and old age, which have been steady throughout my lifetime,[4] will continue as each reader of Hacker News reaches middle age and old age.

[1] Abstract of "Tissue-engineered autologous vaginal organs in patients: a pilot cohort study"


[2] http://www.thelancet.com/journals/lancet/article/PIIS0140-67...

[3] http://www1.umn.edu/news/news-releases/2010/UR_CONTENT_17680...

[4] http://www.prb.org/Journalists/Webcasts/2010/humanlongevity....


Shinkei 9 hours ago 1 reply      
Physician here. I read this paper when it was posted on Reddit a few days ago and it was very impressive.

I'll link to the discussion because the top comment was comprehensive and summarizes the published article:


To address questions of how this can be applied to other organs, growing tissue like a trachea or skin is becoming easier. They grow the cells on a scaffold and then you have a tissue. Organs are much more complex and a penis is an organ. We are not at that level of sophistication to grow an entire, functional organ ex-vivo, at least for human use.

Pitarou 9 hours ago 2 replies      
I'm curious to know whether this could be offered to M->F transsexuals.
hyp0 9 hours ago 3 replies      
While an artifical ear or eye has practical benefits, genitials might mean more to the recipients. Hard to tell: which would you rather go without?

It mentions that nerves grew into the structure, but doesn't explicitly state how well feeling was restored.

Restoring the related organs, uterus, fallopian tubes and especially the eggs themselves, still seems like science-fiction - at least, for now.

brianbreslin 9 hours ago 3 replies      
Do you think we'll start seeing people with bad livers/kidneys/organs pre-ordering new ones and having them frozen/stored? if i'm some rich 80 year old tycoon with a bum heart, i could see myself having new versions of all my parts stored for me at a lab for when i need them.
frozenport 6 hours ago 0 replies      
Fun Fact: Laboratory-grown babies implanted in patients happened decades ago.
51Cards 9 hours ago 1 reply      
Sex industry jokes aside it has been amazing to watch this field of research advance. While still limited to relatively simple structures (tracheas, vaginas, cartilage, etc.) this is helping actual patients now, not just lab demos. Imagine when we can grow a new eye, kidney, lung, or heart.

I love what our industry does with technology but to me it still pales in comparison with things like bio-engineering. Perhaps that's just my perspective.

EDIT: Attaching a bit of a personal outlook. I am about a month away from having a tumor removed and the primary surgery doesn't bother me as much as the reconstruction process that will be required after. Having my own tissues grown to fill in the hole would definitely change my perspective.

rjknight 9 hours ago 0 replies      
Or robots with penises. Paging Pintsize[1]...

[1] http://questionablecontent.wikia.com/wiki/Pintsize

EDIT: well, now this makes no sense. The parent comment basically asked whether or not lab-grown penises might exist, and what uses may be found for them.

undoware 8 hours ago 4 replies      
As a trans woman, I'm very happy about this sort of advance, but I question why I'm seeing it at the top of my HN feed.

A lot of people here seem to REALLY LIKE vaginas.

Just saying.

ChristianMarks 3 hours ago 0 replies      
I want one.
simsicon 9 hours ago 0 replies      
lol the comment by cam44 in the post.
Heartbleed and Games on Android apportable.com
4 points by collinjackson  49 minutes ago   discuss
Nerdsniping: A glimpse into a stubborn mind andyet.com
109 points by philip_roberts  12 hours ago   83 comments top 22
forrestthewoods 19 minutes ago 0 replies      
And here we all are reading this post during work hours. My god, the amount of productivity lost because of that simple question in chat!
vernie 3 hours ago 0 replies      
Yikes. I understand that companies use these posts as a form of advertising, but seeing your "application security specialist" struggling with such a basic expression gives me pause.
romanovcode 12 hours ago 2 replies      
I was working with this guy - he always tried to prove that everything is possible wasting time. He ALWAYS over-complicated simple things. He was horrible to work with and everyone hated him.

Not to say you are just like him etc. but this post reminded me of him because it was probably exactly what he would do.

aaronem 1 hour ago 0 replies      
It's not often I see an HN thread which so aptly demonstrates the exact effect under discussion.
gcr 34 minutes ago 0 replies      
This kind of abuse is also available in Python!

    In [3]:    class TheObjectThatIsEqualToAnything(object):        def __eq__(self, other):            return True    In [4]:    x = TheObjectThatIsEqualToAnything()    In [6]:    x == 3 and x == 5    Out [6]:    True

mncolinlee 10 hours ago 8 replies      
And this is why Javascript can be such an awful language. Leaving off a single equals has such a profound effect, often without a new coder even realizing it while reading the code.

Imagine what happens to your code when someone tries to write a function for its side effects similar to the example seen in the blog post. Then releases it in production for it to break in six months with a feature change.

ronaldx 12 hours ago 2 replies      
The differences between programming syntax and elementary/Boolean algebra are very awkward to understand clearly and deal with correctly. We clearly understand mathematical algebra to work one way, and we naturally assume programming algebra works the same way, which it doesn't at all.

Here, the antagonist says that b can't be 1 and 2 at the same time, which would be self-evident in mathematical algebra, but turns out to be quite irrelevant to Javascript and to programming paradigms generally (since two statements will never be checked simultaneously).

This difference in how syntax is understood actually presents a barrier to programming for modestly trained mathematicians, who would otherwise be expected to excel.

gyepi 10 hours ago 0 replies      
Nerdsniping reminds me of the Walt Whitman poem:

   There was a child went forth every day;   And the first object he lookd upon, that object he became;   And that object became part of him for the day, or a certain part of the day, or for many years, or stretching cycles of years.
It's especially bad if you'd really rather be doing something other than what you're currently doing.

level 8 hours ago 0 replies      
Call me nitpicky, but it always bugs me when someone references some content, but doesn't link to it. Specifically the XKCD and Stackoverflow links. Link to the comic and question specifically, rather than making me go hunt for that content.
antinitro 11 hours ago 1 reply      
var i=0;

var b = {};

b.valueOf = function () {

  return ++i:

if (b==1 && b==2) {//success}

tatalegma 12 hours ago 1 reply      
"I want my code to execute if port is 80 or 443, and http is false"

Couldn't you simply do this?:

if ((a==='80'||b==='443') && http===false) { ... }

alistairjcbrown 11 hours ago 0 replies      
> I guess weve messed with the prototype too much, and JavaScript isnt really convinced its still a proper number anymore.

You're comparing a literal number with an object, which are not the same type.

  2 === new Number(2)  // => false  2 == new Number(2)  // => true

scjody 12 hours ago 1 reply      
> Have I learned anything directly useful?

You probably haven't. But a less experienced programmer has learned why you should always use ===.

yeahbutbut 4 hours ago 2 replies      
And so far everyone has missed telling the poor OP how to avoid writing two equality checks...

    if( [80, 443].indexOf(port) !== -1 && http === false )

mfonda 7 hours ago 3 replies      
I think there was a more general question here that was missed: can a == x && a == y ever be true for any arbitrary values of a, x, and y, where x != y.

From a logical point of view, no, this can never be true. I would suspect this can never be true in javascript, and could only be made true in a language where you can override == to always return true.

I think when most developers use the word "never", what they really mean is "never (within the current context)". This makes conversations a lot simpler. Imagine how difficult conversations would be if you always had to qualify never. "This can never be true (assuming a weird valueOf method hasn't been defined and assuming I didn't modify the javascript interpreter to always return true for == and assuming ...)".

wambotron 10 hours ago 2 replies      
I think the answer to "can something be fuzzy equal to one value and strictly equal to another in JS?" has an easy answer that doesn't take much effort to find. This might be cooler in another language, though.

var b = 2;

b == '2'; // true

b === 2; // true

peterkelly 10 hours ago 2 replies      
And now for exercise 2:

Port the solution to Haskell

Dewie 11 hours ago 0 replies      
Defining a number to be a procedure (or 'word' in the parlance) is simple in Forth.

> : a 2 ;

> : 2 3 ;

> a 2 =

> a 3 =

The two flags on the top of the stack are now equal.

tarpherder 6 hours ago 0 replies      
Might not be Java but still interesting, it made me think of one of my favorite little quirks in C++:

  #include <cmath>    //Floating point model: Strict:Precise:Fast  //Will code execute  float a = nanf("");  if (a == a)//S:No P:No F:Yes      (do something);  if (a != a)//S:Yes P:Yes F:No      (do something);  if (a < 0.f || a > 2.f)//S:No P:No F:Yes      (do something);  if (isnan(a))//S:Yes P:Yes F:Yes      (do something);
NaN's (Not A Number) can propagate a long way through your code, possibly reaching places where they cause real problems. When dealing with input, especially networking, one should always check for NaN's. Basically the rule with NaN's is: The comparison always returns false if any NaN is involved. But as you can see; specifying the fast model throws that out of the window. (Code was otherwise unoptimized.)

In the third statement an otherwise fine check is done to make sure the value in a is sane, it doesn't get changed but its certainly not what you'd want it to be.

Whole lots of fun can be had when serving this to game servers. :D

mathattack 11 hours ago 0 replies      
Is this a case of readability versus theoretical perfection?
cinitriqs 10 hours ago 0 replies      

(everything == all && all == everything) == stardust/code

ssdfsdf 9 hours ago 1 reply      
This took you 11 days?!
Suicide Prevention Sheds a Longstanding Taboo: Talking About Attempts nytimes.com
21 points by Xero  4 hours ago   33 comments top 4
graeme 1 hour ago 6 replies      
Serious question: is someone who attempts suicide in the same group as someone who successfully commits suicide?

For instance, far more men commit suicide. But far more women attempt suicide:


I'm sure there are other differences. To me, the questions are:

1. Why do people fail at suicide attempts?

2. Will information that dissuades a failed suicide attempt dissuade someone from making a successful suicide attempt?

dclowd9901 2 hours ago 3 replies      
"...in the past few years, scores of them have come together on social media and in other forums to demand a bigger voice in prevention efforts."


I'm by no means a heartless person. However, I truly believe if you don't want to live any more, that it's your right and your responsibility.

I'm not in your head. I don't know what you're thinking. Most of the time, I won't even know that you're depressed. Many people mask it very well. Why is it my fault that you decided to kill yourself?

evanlivingston 2 hours ago 1 reply      
The longstanding taboo I think is actually allowing people to commit suicide. This question rarely enters the debate.
slc 3 hours ago 1 reply      
This is stupid. And I can't believe it doesn't sound stupid to those who are the most likely to attempt suicide seriously.

Why doesn't anyone talk about "misery prevention" ?

900 social insurance numbers stolen from Revenue Canada via Heartbleed cbc.ca
96 points by rpledge  12 hours ago   44 comments top 10
stygiansonic 11 hours ago 0 replies      
Oops, I submitted a duplicate of this. (Upvoted yours)

Vulnerability was disclosed on Monday, April 7th. CRA website was shutdown on Wednesday, April 9th. Didn't take long for the baddies to take PoCs and point them at vulnerable sites.

Any other high-value sites that took more than a day to patch should take this as a warning.

scrabble 10 hours ago 0 replies      
I wonder if the data was stolen after or before the vulnerability was disclosed.

On the other side of it, I think it's really great that they've been able to determine exactly what was stolen from this so that they can attempt to repair any damages.

increment_i 9 hours ago 0 replies      
Considering the significance of the vulnerability, the only thing I can say is the government is extremely lucky that the number is only 900. For Canadians, SIN numbers are about as critical as it gets.
personZ 11 hours ago 5 replies      
How would they know this? Presumably they would have to log the entirety of IP communications with their services.
scosman 7 hours ago 2 replies      
For those who don't know, SIN = social insurance number. Similar to US SSN.
PeterWhittaker 11 hours ago 0 replies      
tl;dr: "We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed." The agency says those affected will be contacted via registered letters, and that any attempts to contact a taxpayer via email or telephone are fraudulent.
Pxtl 9 hours ago 0 replies      
Wonderful timing that this vulnerability popped up smack in the middle of tax time, eh?
JoeAltmaier 6 hours ago 0 replies      
Presumably the numbers were stolen along with associated identity information. The numbers can be easily guessed; they are created with a simple algorithm.
neil_s 9 hours ago 1 reply      
Is this the only reported case of malicious use of Heartbleed so far? (Besides US government agencies allegedly)

If so, is it safe to say that this crisis was dealt with rather well? Or is it just too early to know how many sites were actually attacked?

jwr 10 hours ago 9 replies      
How can you steal a number?

Here's a number: 147334572. Have I stolen it?

This is yet another alarming signal that the whole idea that your SSN/SIN or credit card number is somehow secret and can be used for authentication is flawed. We need to work on fixing this. At the very least, we should stop talking about "stolen numbers". And even if the breach in question resulted in attackers gaining access to names + numbers (unclear from the article), it should not cause any serious consequences.

Meyrin: CERN Terminal Font optional.is
81 points by bpierre  11 hours ago   36 comments top 10
sdkmvx 7 hours ago 1 reply      
For those who don't know (apparently including the authors), this is the standard 3270/IBM terminal font. It is available all over the web in various formats, notably in bitmap format with http://x3270.bgp.nu/, though it is in a different encoding (EBCDIC probably). I may look into converting it later.

There's also one a copy at https://github.com/rbanffy/3270font, and you may be able to find a better copy by doing more searching.

raldi 8 hours ago 2 replies      
> This meant we needed to write a quick shell script to loop from 0 to 255 and try to output to screen the ASCII representation [...] The computer locked-up and we needed to hard-reset it

That sounds like you echoed a Ctrl-S character, which tells a terminal to stop updating; the opposite command is Ctrl-Q, but since that came earlier in your sequence rather than later, you were out of luck.

Try reversing the for-loop next time!

donpdonp 9 hours ago 2 replies      
I love the history/nostalgia in this font, but after opening a Gnome Terminal with the .ttf font, its unusable. The characters are full of horizontal 'scan lines' which look neat when zoomed in but make the font fade to almost nothing on a black background. Ironically the sceenshot in the story for the terminal shows solid characters.
bhauer 10 hours ago 1 reply      
Clever. Just a small nit I noticed at first glance: the tail of the lowercase 't' uses two horizontal pixels in the photo, but only one was provided in the font.
zokier 7 hours ago 1 reply      
Here is VT220 emulation font of similar style (complete with scanlines): http://sensi.org/~svo/glasstty/

edit: webfont sample here: http://johanneshoff.com/vt220/

hsx 10 hours ago 2 replies      
It's a pretty sweet font. I just made a little test with @font-face: http://hugo.sx/meyrin/
chli 4 hours ago 0 replies      
For those who don't know "Meyrin" is the name of the municipality that hosts part of the CERN.


owenversteeg 9 hours ago 1 reply      
Wow, I didn't realize it was this easy to make a font from SVG files. Thanks!
jlgaddis 9 hours ago 2 replies      
I don't have my MBP nearby to try it out, but this font + "Cathode" [0] seems like it'd be pretty neat.

[0]: http://www.secretgeometry.com/apps/cathode/

Create 10 hours ago 1 reply      
lack of an element of social responsibility in the contract policy is unacceptable. Rather than serve as a cushion of laziness for supervisors, who often have only a limited and utilitarian view when defining the opening of an IC post, the contract policy must ensure the inclusion of an element of social justice, which is cruelly absent today.


Why C++ for Unreal 4 unrealengine.com
155 points by zschoche  15 hours ago   140 comments top 24
flohofwoe 9 hours ago 4 replies      
We've also been there done that (about 10 years ago though), we had a very powerful scripting approach integrated into our game engine which gave direct access to game play systems in order to let our level and game designers build scripted behaviour into the game. In the end we ended up with a terribly huge mess of script code (I think it was about a third of the actual C/C++ code) and the majority of the per-frame performance-budget was lost somewhere in this scripted mess. The game sometimes suddencly crawled to a halt when some crazy scripting construct was called, and we had a lot of trouble getting stuff into a shippable state until the gold-master milestone (this is the game: http://www.metacritic.com/game/pc/project-nomads).

The main problem with scripting layers is that you are basically handing programming tasks over to team members who's job is not to solve programming tasks, and thus getting a lot of beginner's code quality and performance problems which are almost impossible to debug and profile (unless you have a few top-notch coders in the game- and level-design teams).

And then there will be definitely those "creative workarounds" to get something done which neither the engine nor the scripting layer was designed for, which make entertaining horror stories the programmers tell the new hires when they inevitable ask why your engine doesn't have scripting ;)

A better approach is to give the level designers simple, pre-programmed, combinable high-level building blocks (AI behaviours, actions, triggers, etc), and let them customize a level (as in game area) with this. But never build the entire game logic with such an approach! With this, stuff can still be fucked up, but at least the performance-sensitive stuff can be implemented by the programming team, and it's much easier to debug and maintain.

[edit: typos]

octo_t 14 hours ago 3 replies      
The phrase

> 'What starts out as a sandbox full of toys eventually grows into a desert of complexity and duplication.'

is beautiful and is a pattern I've seen multiple times before. Its not feature creep per-se, but more something a bit more insidious in software development.

xedarius 13 hours ago 3 replies      
I developed two titles with the Unreal Engine and whilst initially UnrealScript seems like an advantage it very very quickly becomes problematic. My favorite being the dependency of the C++ code on the script and the script on the C++, so if you're not careful you can end up being completely unable to do a build.

As much effort as they put into the IDE it would always play second fiddle to Visual Studio. When I left there was no way to remote debug unreal script on the target device (this may not be the case now).

I know that all of the guys I worked with in the studio would welcome pure C++ approach. The only real losers here are mod makers who will have a higher entrance bar.

mccr8 8 hours ago 0 replies      
These issues are all very similar to the difficulties with interaction between JS and C++ in web browsers. A lot of engineering and specification effort has been expended in browsers to improve these problems, on things like WebIDL [1], codegenned bindings[2], JITs that understand some of the behavior of the underlying C++ operations [3] and so forth, but for a game engine where you aren't running potentially malicious code I can see that it would make a lot more sense to just tell people to use C++ rather than expend that effort.

[1] http://www.w3.org/TR/WebIDL/

[2] http://jstenback.wordpress.com/2012/04/11/new-dom-bindings/

[3] https://bugzilla.mozilla.org/show_bug.cgi?id=938294

syncsynchalt 1 hour ago 0 replies      
Inner Platform Effect: "the tendency of software architects to create a system so customizable as to become a replica, and often a poor replica, of the software development platform they are using" - http://en.wikipedia.org/wiki/Inner_platform

Seems an appropriate term here.

HeXetic 11 hours ago 2 replies      
It's important to note that what is being talked about in this post is not, "why we wrote the Unreal engine in C++", because it already was in C++. Many games, older Unreals included, had a separation between "code" and "scripting", where stuff like animations, weapon firing, etc. was written in scripts, in the belief that this would be easier to update as required vs. C or C++ code.

Doom 3 and previous Unreal engines had scripting languages; even the first moddable FPS engine, Quake, had a 'scripting language' of sorts -- Quake C, a sort of subset of C. id software turned back to pure code with the Quake 4 engine, however, recognizing the mistake that introducing the overhead of script-vs-code, and the limitations of scripts, outweighs any gains from being "easier to edit".

daenz 9 hours ago 1 reply      
This was refreshing. I'm struggling with the same problem...I've embedded Lua in my C++ engine for high-level scripting. Unfortunately, as my scenes became more and more complex, I found myself struggling with representing the inheritance hierarchies in Lua, as well as things like object ownership/gc (resorting to passing around shared_ptrs in Lua userdatas). And for each new data type, I had to write the same old C++ boilerplate to make it available in Lua the way I needed to. The complexity is getting to be too much.

I think this article is going to push me to strip out the embedded Lua from the engine and use plain old C++ as well. Great read!

pjmlp 12 hours ago 0 replies      
The PVS-Studio guys have a static analysis of the code quality


beefsack 12 hours ago 6 replies      
It will be interesting if any major game engines pop up using Rust as the core language, or even Go. C++ has been the king of highly optimised game engines for so long, I can't help but feel it has become so entrenched in the industry that it will take something monumental to disrupt it.
CyberShadow 13 hours ago 1 reply      
There was a talk at last year's D conference how Remedy Games have used D as their "scripting" language:


I wonder if some of the same points would apply here. The short version of the talk is that D compiles much faster than C++, has limited C++ link compatibility (e.g. classes, but not templates), and overall has nicer syntax / language features than using C++ directly. Metaprogramming / compile-time introspection allow automatically serializing/deserializing data to allow updating data structures without restarting the engine.

archagon 14 hours ago 4 replies      
On the other hand, I feel that tools like Unity are successful precisely because they let you tinker with your game in a WYSIWYG kind of way. It's really liberating to be able to work inside such a tight feedback loop, and it's a little weird to see a modern game engine distancing itself from that approach.

(But maybe I'm missing something. What exactly is the role of the Unreal Editor in UE4? Is it mostly for things like graphics and sound?)

EDIT: OK, so apparently UE4 has something called Blueprints. I'm still not exactly sure what they are, but people in the thread are saying that they're superior to C# in Unity, and that they can even allow you to make a game without knowing how to program. So why is Tim Sweeney saying that C++ is replacing UnrealScript for gameplay code?

nly 13 hours ago 3 replies      
Maybe UnrealScript was just too damn complex. Having not used it, and just Googled it, my first reaction was "this looks just like C++ anyway". What's language features are there specificity catered for games? It doesn't seem very DSLy
pjmlp 13 hours ago 1 reply      
The whole C# vs C++ discussion going on the forum shows how little current generations understand of compiler design and language implementations, oh well...
leoc 13 hours ago 3 replies      
The upshot is likely that a community-created Lua or JS binding will gain a significant userbase.
XorNot 13 hours ago 0 replies      
I remember back when Descent 3 was being developed, the devs must've run straight into this problem since pretty late in the development cycle they suddenly dropped their script language for pure C++ libraries for scripting levels.
kayoone 14 hours ago 2 replies      
Unity runs well with a Scripting approach and for everybody where thats not enough, you can still get the full source license. I think Unity did it quite clever in that the engine itself is c/c++ and all the interfacing with the engine is done through C#/Mono.
golergka 12 hours ago 0 replies      
Right now I sit through the second week of non-stop iOS crash logs of our Unity game, which are opaque, unclear and mysterious for the most part, and I can't agree more.
danso 13 hours ago 4 replies      
> Developers seeking to take advantage of the engine's native C++ features end up dividing their code unnaturally between the script world and the C++ world, with significant development time lost in this Interop Hell.

Replace "C++" with "JavaScript/client-side processing" and "script" with "server-side scripting" and I feel like this adequately describes web-development.

jokoon 7 hours ago 1 reply      

Now, to make the gameplay programmer and level designer's job easier, you still have to build well made and documented building blocks.

It's either that or hire people who do know how to talk a statically typed language. Might be good news for the job market, I always found it weird to have people making games who were not really competent in programming. always baffled me.

I guess you can still force people who are unable to write good c++ to write c++ anyways and hire somebody else to valgrind everything. In the end using a statically typed language is more a requirement for performance, clarity and consistency than a lack of flexibility.

Setting the bar high or demanding discipline if you prefer. Computers are stupid, so you need to be precise when you work with them.

chris_wot 11 hours ago 1 reply      
Looking at the comments around the post, the amount of people who don't really understand pointers but who seem to be Unreal developers is a little surprising!
anoplus 11 hours ago 0 replies      
A(programming) language gets very powerful by simply being accepted as standard. Take English as example.
Aardwolf 13 hours ago 1 reply      
Can you script actors and such with C++ from within UnrealEd then?
thomasahle 12 hours ago 0 replies      
The idea:

> It is ... more dangerous than UnrealScript, C#, and JavaScript. But that is another way of saying that it's more powerful.

is why we can't have nice things.

hyp0 10 hours ago 2 replies      
Am I cynical? The recent changes in Unreal 4 make me think the company is in extremely serious trouble. It's because they aren't addressing the key reason people buy a graphics engine (viz graphics), but all this ancilliary stuff. While it is important, it's off center...

But maybe they are just trying to fend off Unity (open source, a more coherent experience). Usually when companies do this, it's too late. I've no idea if that's the case here.

The MIT Lockpicking Guide blurofinsanity.com
167 points by AndyBaker  16 hours ago   66 comments top 19
Stratoscope 8 hours ago 2 replies      
If anyone is wondering, everywhere the guide mentions "sheer force" and "sheer line", that should be "shear force" and "shear line". It's like "wind shear".

"Sheer" doesn't even make any sense in this context: "sheer force" would be twisting the tumbler so hard you break all the pins, and that would not exactly be considered "lock picking"!

What's interesting to me is how pervasive this misspelling has become. A Google search for "lock picking sheer force" finds 17,500,000 matches, but "lock picking shear force" finds only 205,000. I wonder if all these misspellings originated from this MIT guide, or if there was something else before that?

sampo 15 hours ago 5 replies      
Why does most of the world continue to use the pin tumbler locks, when the disc tumbler lock (invented in 1907) is almost impossible to pick?



fabulist 16 hours ago 7 replies      
On a legal note;

IANAL, but I did a little research before getting started in lock picking a while back. iirc, there are no federal laws against having picks. However, states often have laws against "possession of burglary tools". In my jurisdiction, if they can establish intent to burglarize -- ie, you're also carrying an empty duffel bag, a crowbar, and a map with the bank circled on it -- its a class II felony.

I repeat; I am not a lawyer.

ryannevius 16 hours ago 1 reply      
A really invaluable skill. Picking locks has saved me on multiple occasions, to get into my own property. It has also made me rethink the way I secure my valuable goods. If only for this second reason, I think basic picking skills should be learned by everyone.
delinka 6 hours ago 0 replies      
The goal of your [physical?] security shouldn't be to be uncrackable, but to delay the would-be criminal long enough to be detected and, hopefully, apprehended. "Yes, the lock can be picked in a week, but by then, your employees should have returned to the office and noticed the burglar picking away at it."

It's easier to just walk into the open bank, masked, and make demands. And there's still a chance to get away with it. A chance, however slim.

edem 16 hours ago 3 replies      
There is a guy on youtube called bosnianbill, his channel: https://www.youtube.com/user/bosnianbill is full of useful information.

You can also find Mike Gibson's "Lock Picking: Detail Overkill" which is a great book for starters!

hf 13 hours ago 1 reply      
I believe one of the more famous Richards werementioned in this everlasting classic:

Richard P Feynman, who, on having picked a certainlock, complained that "[t]he trouble with playinga trick on a highly intelligent man like Mr.Teller[0] is that the time it takes him to figureout from the moment that he sees there is somethingwrong till he understands exactly what happened istoo damn small to give you any pleasure!"

The volume Surley, You're Joking Mr Feynman![1]contains many, at times only seemingly so, light-heartedreminiscences in similar spirit.

[0] Edward Teller (1908, Budapest 2003),a Hungarian-US nuclear physicist known colloquiallyas "the father of the hydrogen bomb"; seehttps://en.wikipedia.org/wiki/Edward_Teller

[1] https://en.wikipedia.org/wiki/Surely_You%27re_Joking,_Mr._Fe...!

bob_george33 15 hours ago 0 replies      
mx12 9 hours ago 1 reply      
After I saw this guide a while ago, I got really interested in lock picking and ended up buy a kit. There a decent subreddit and it's a good resource to get started. I purchased the kit they recommend PXS-14, and it works great. I remember I picked my first lock in about 5 minutes and then spend another hour trying to do it again. It takes a while to feel right and become consistent.



Plus there getting starting guide:


PXS-14 Kit:


barking 14 hours ago 2 replies      
For a while tv shows commonly had people getting in using a credit card to push back the bolt.

You don't see it anymore though

INTPenis 15 hours ago 0 replies      
Funny thing but my only real life experience of lock picking and none of those techniques were used. It was a combination lock with 4 wheels and it was easy to figure out the combination with a little piece of plastic wedged between each wheel and the lock face.
chrmaury 12 hours ago 5 replies      
Does anyone know of a link to download this resource? I'm not confident that it will remain active, especially after all of this attention.
tlow 6 hours ago 0 replies      
This looks instructive, is it a legal copy and if so is there a downloadable version?
darksim905 11 hours ago 0 replies      
I still don't see why this was "renamed" or why it's being posted at other sites -- was it originally taken down from MIT or moved or not maintained or what?
jonalmeida 15 hours ago 1 reply      
I remember there being a neat 3D gif floating around Google+ that showed how to pick a lock in a few (frames per?) seconds.
chrisBob 9 hours ago 1 reply      
Are there any successful, self-taught lockpickers here? I have tried to learn a few times, and I think I understand the theory, but it is hard to put into practice. Every time I need to open a lock I don't have a key for, I still grab a drill.
arca_vorago 9 hours ago 0 replies      
I remember reading this as a teenager and buying my first keychain lockpick set. One of my favorite sayings is that, "In order for a locksmith to fix a lock, he must first understand it's inner workings. Just like a locksmith, before we can understand X, we must understand how it works first."

I fell out of practice, but whenever I cruise by a hacker space with a lockpick area I will try and take the time to test my abilities. These days lock technology makes some locks very difficult (double-mushroom pins, etc), so I usually can only do the medium difficulty locks.

I had amassed a huge collection of lock/key templates and even some stuff about safecracking, but unfortunately had a hdd crash and lost most of it.

The bottom line with lockpicking, like other things, is that nothing beats practice.

ngcat 16 hours ago 0 replies      
We all know the story, the Book Hackers by Steven Levy tells it all.
Show HN: Poor Man's VPN With a Cheap VPS longren.io
54 points by tlongren  9 hours ago   53 comments top 16
colinbartlett 6 hours ago 4 replies      
For $20 LESS per year than this "poor man's VPN", I can get an actual VPN that I don't have to maintain, has multiple world-wide POP's, and doesn't log customer usage: https://www.privateinternetaccess.com
yogo 8 hours ago 4 replies      
Or just

ssh -D localport -fN user@vps

Then for chrome/chromium:

chromium --proxy-server="socks5:localhost:localport"

If you need multiple instances running different proxy connections use different data directories like:

chromium --user-data-dir="other-dir" --proxy-server="socks5:localhost:localport"

Edit: sshuttle covers more than port forwarding but the article was geared at browsing the web through a vps hence my comment.

kh_hk 5 hours ago 1 reply      
Always wonder how come tinc is not as popular as other VPN solutions. Peer to peer network routing via tun/tap interfaces, all traffic encrypted, each host has a public/private key pair.

I have been using it to build an VPN network with cheap VPS from different providers and found it really reliable and easy to set up. Besides that, once used it to watch some south park at UK and also worked wonders, no need to even setup a proxy, just route your traffic through the interface.

Link for the interested: http://www.tinc-vpn.org/

borski 6 hours ago 2 replies      
We built an incredibly easy single click OpenVPN setup tool for DigitalOcean and Rackspace during Sochi: http://www.tinfoilsecurity.com/vpn

Enter API key creds, it makes the box for you, sets it up, and hands you a config you can use for your client of choice. (The script is open source for those of you that don't want to enter creds - we don't store them, and actually remove access whenever we can; for example, we delete our own SSH key from DO because they let us).

Spittie 7 hours ago 1 reply      
Like everyone else here, I've been using ssh -D. Which is awesome especially because I have my hosts organized into my ~/.ssh/config file, so if I need a connection in the USA, I'll just type "ssh -D 4444 us".

I have a similar setup on my Android phone, by using Vx ConnectBot (http://connectbot.vx.sk/) plus ProxyDroid (https://github.com/madeye/proxydroid).

If anyone need some of the advanced features provided by OpenVPN, I can suggest this script: https://github.com/Nyr/openvpn-installI've successfully used it to install OpenVPN several times, and it's mostly effortless.

As for the VPSs, I can suggest http://lowendspirit.com/, awesome owner and can't beat the 3/year (yes, year) price. You don't get a public dedicate ipv4, but if you need only a VPN then it's not really needed.

babuskov 1 hour ago 0 replies      
Am I crazy for using PPP over SSH for this?

I enabled masquerading on the server for ppp0 interface and then I'm doing this on the client:

    route del default    route add -host vps.host gw my_local_gateway eth0    pppd pty "ssh vps.host -t -e none -o 'Batchmode yes' sudo /usr/sbin/pppd" local nodetach silent    route add default ppp0
I guess some of this could be automated in ppp-options but I never bothered as it's a simple script I can run at any time.

rahimnathwani 1 hour ago 0 replies      
I thought this would be an article about setting up PPTP and/or OpenVPN on a low end VPS. For anyone doing this for the first time, these shell scripts may be helpful:



driverdan 8 hours ago 3 replies      
This should be called a lazy man's VPN, not poor. You can run a VPN on the same $5/m VPS.
Karunamon 7 hours ago 1 reply      
OpenVPN is nice too and will work on the same cheap VPS. They have a command line version, and a paid product, Connect, which has a web UI for configuration.

It's free for a low number of users, though. And it also has clients for Android.

I find that I get better speeds through OVPN than through an SSH tunnel. YMMV :)

robk 7 hours ago 1 reply      
SoftEther is really simple to configure and works very well using normal VPN clients, which is easier for non-tech friends/colleagues to access vs SSH.
chewxy 4 hours ago 0 replies      
I was setting up my connections before going to China. I found this guide useful: https://blog.ls20.com/ipsec-l2tp-vpn-auto-setup-for-ubuntu-1...
sitkack 8 hours ago 2 replies      
This sort of VPN is useful for getting around filtering and blockades but is not good for deniability. Tor and or a commercial VPN that doesn't keep logs is for being more anonymous.
quasque 7 hours ago 1 reply      
Seems like an easier solution would be to run Tor on the VPS instead of via his home internet connection. Nice to learn about sshuttle though.
kayman 1 hour ago 0 replies      
openvpn access server takes only a few minutes to setup. Digitalocean has an article on how to as well.https://www.digitalocean.com/community/articles/how-to-insta...
wernerb 7 hours ago 0 replies      
I can also recommend Docker + joyent/digital ocean with Openvpn. [0] Just paste a few commands, install tunnelblick and you are ready to go.

[0] http://blog.docker.io/2013/09/docker-joyent-openvpn-bliss/

gprasanth 8 hours ago 0 replies      
Ssh -d along with proxy chains - been doing this for ages.
A Quick Guide to Sublime Text ghost.io
95 points by wobobobo  12 hours ago   49 comments top 8
piratebroadcast 4 hours ago 3 replies      
I use Sublime but I have vim envy; Most of the folks I work with use tmux and vim and using sublime makes me feel like a wannabe.
skrowl 10 hours ago 2 replies      
If you're at all interested in sublime, you owe it to yourself to check out http://brackets.io/.
lyinsteve 12 hours ago 7 replies      
Sublime text is really nice, but I can't bring myself to ditching vim for Sublime, even with a nice, keyboard-shortcutted workflow.

Vim is just way too fast for me to leave.

ozh 12 hours ago 2 replies      
I so badly want to use ST, but I need a sidebar with a function list like several editors & IDE can generate (yeah, I know fuzzy search, no, it's not what I need).

Seriously, if anyone with enough python-foo wants to code this, I'm sending cash their way.

Zarel 6 hours ago 0 replies      
Referring to Cmd as Super is sort of unnecessary when most of the shortcuts in question are specific to OS X and don't work on the other platforms with a Super key...
scald 11 hours ago 0 replies      
I'm a big fan of the sublime-grunt packages ... http://crosstek.net/2014/03/03/building-projects-with-grunt-...
LanceH 9 hours ago 2 replies      
Is Sublime still being updated?
adem 11 hours ago 0 replies      
Thanks for the ShortcutFoo tip!
       cached 15 April 2014 01:02:01 GMT