hacker news with inline top comments    .. more ..    6 May 2014 News
home   ask   best   4 years ago   
Show HN: Hipster Domain Finder hipsterdomainfinder.com
84 points by coffeecodecouch  53 minutes ago   36 comments top 18
adamdavis 39 minutes ago 6 replies      
What exactly about this makes it a 'hipster' domain finder?

edit: Obtuse question I guess. What makes it a hipster domain finder is the fact the author called it one. Please, carry on.

shiftpgdn 4 minutes ago 1 reply      
Just a heads up to anyone thinking of buy one of these:

Google ranks your site according to the TLD. Buying an .es vanity domain will tank your results in the English speaking world.

RKoutnik 44 minutes ago 0 replies      
Wonderful logo and nice slight zoom on hover. It seems to be ordered by length/alphabet. It'd be nice to be able to sort by word usage as well (not many know what sutures are).
kingnight 27 minutes ago 1 reply      
Bummer, all the good ones are reserved for 'Corporate service' according to the referral links and are $200/yr.

Edit: Found & available elsewhere for cheaper, but probably for the best since I don't need to be buying domains...

ereckers 23 minutes ago 2 replies      
This got me to thinking about discoverability, seo, and distinction in general. Acquiring the domain name is one thing, but getting your business or app popular enough to outmuscle established businesses with less hip domain names is another.

The domain and term [limelig.ht] caught my eye.

In this instance, if you'd like to be known and searchable simply with the term "limelight" you'll have to beat out, limelight.com (Limelight Networks), a 1952 movie of the same name, and the dictionary definitions (wiki, etc.) for the term (it's actually not that bad really).

At this point, even if your domain name is [getlimelight.com], you'd be counting on the same seo, success, and buzz as you would by using [limelig.ht], except that you wouldn't have to explain to anyone that, "it's limelig dot ht".

listic 7 minutes ago 0 replies      
When and why did TLDs like .best, .rest and .sexy they get registered?
dmerrick 5 minutes ago 0 replies      
Picked up crow.bar. Now I need to think of something for which to use it!
Eduard 25 minutes ago 1 reply      

wow, that actually makes sense! Good match for a multiple sclerosis awareness website.

notahacker 36 minutes ago 0 replies      
I like the selection of names. eunu.ch anyone?
jackflintermann 44 minutes ago 0 replies      
Wow, this is really good! I'm surprised at how many shortwords are still available given a little creativity.
sneak 39 minutes ago 1 reply      
Does this mean that djb is the original hipster?!
karangoeluw 23 minutes ago 0 replies      
I liked brac.es. It could have been my new business's name. Sadly, it's gone. :(
akavi 34 minutes ago 1 reply      
fan.gs was definitely the best. Who's the lucky one who snapped it up?
ShaneCurran 46 minutes ago 0 replies      
Really like the site. The domains are pretty good and it's nice that it only displays available domains.
nickthemagicman 11 minutes ago 0 replies      
Dammit which one of you took jimmi.es!!!!

Im now rustled.

iamben 38 minutes ago 0 replies      
This is great, thanks. Money spent!
audiodude 34 minutes ago 0 replies      
I cannot believe that fetus.es is still available!!
ForHackernews 32 minutes ago 0 replies      
deflowr.com is available. Perfect for the startup that wants to be the ebay of virginity auctions. /s
Atom Is Now Open Source atom.io
627 points by jordn  7 hours ago   199 comments top 49
pachydermic 6 hours ago 5 replies      
I wonder why it wasn't this way from the get-go... Oh well, at least I'm actually interested in it now. Can't wait for the Linux version to try it out. Pumped that they did the right thing and open-sourced it so that it actually has a chance of becoming widespread, and more importantly, of sticking around for longer than a couple years.

Good on you, Atom.io devs

jwcrux 6 hours ago 3 replies      
This is fantastic news!

> As Emacs and Vim have demonstrated over the past three decades, if you want to build a thriving, long-lasting community around a text editor, it has to be open source.

I agree whole-heartedly. In fact, I don't believe that editors like Sublime Text would have such a large following if not for the extended "free-trial" functionality.

It will be exciting to see where this project goes, and I think open-sourcing the rest of the editor was a great move.

jordn 6 hours ago 3 replies      
Interestingly, Tom Preston-Werner (former CEO of Github) said in February that Atom wouldn't be fully open-source:

Atom won't be closed source, but it won't be open source either. It will be somewhere inbetween, making it easy for us to charge for Atom while still making the source available under a restrictive license so you can see how everything works. We haven't finalized exactly how this will work yet. We will have full details ready for the official launch. - Tom Preston-Werner, 27 Feb 2014 http://discuss.atom.io/t/why-is-atom-closed-source/82/9

There was a HN discussion about this here: https://news.ycombinator.com/item?id=7310017

davexunit 6 hours ago 6 replies      
> As Emacs and Vim have demonstrated over the past three decades, if you want to build a thriving, long-lasting community around a text editor, it has to be open source.

Using a free software license is a big improvement, but I wish that they used a copyleft license like the GNU GPLv3. Inevitably, we'll see proprietary extensions and "pro" versions. Strong copyleft is important for the freedom of end users.

pit 5 hours ago 1 reply      
Kind of cool that you can view issues all the way back to the beginning:


I realize this is inherent to the nature of version control, but it's neat to think about the history as a "Making-Of" Atom.

kabdib 3 hours ago 2 replies      
I tried Atom, and it was glacial.

The editor I use now (Epsilon) was last significantly rev'd about 8 years ago. It's a fine editor, but I'm starting to look for a replacement (and, oddly, I cannot stand where modern Emacs went).

Sublime Text 2 is darned close. If only I could teach it proper bindings of C-U . . .

rayiner 6 hours ago 1 reply      
I'm excited to see all these new IDE projects, but have we pretty much given up on having a good, integrated debugger?
ruswick 6 hours ago 1 reply      
This is an interesting reversal for Github. The original FAQ implied that Github would try to market Atom commercially. I'm curious as to what made them change their mind.
matthewmacleod 6 hours ago 1 reply      
Well, I'm thoroughly impressed and a little bit embarrassed about beating up on Atom only yesterday :)
AceJohnny2 2 hours ago 0 replies      
Alright, now I need a comparison of how Atom compares to Sublime Text, Light Table and Emacs (and maybe even Vim, but its moded editing makes it a completely different beast).
rubyn00bie 3 hours ago 0 replies      
Maybe someone will implement the UI without a Node/CoffeeScript backend? Memory usage has been pretty abysmal in my trials (though we've got some very large repos).

I'm definitely with the group that they 'opensourced' this because they had to... I know my entire office went from 'fuck-yeah' to '.... meh' to 'what? yeah, I forgot about that' in about two weeks time.

I mean, it's still damn good of 'em I just hope it gets some love. I'd like to see more competition in the space, but right now I have a feeling it's just going to be abandoned before too long then I'll be knocking on the door of ST3 or Vim again.

edwintorok 6 hours ago 1 reply      
Perhaps the blogpost should first mention what Atom is.

The first time I've heard about Atom was here:https://medium.com/p/433852f4b4d1

endijs 3 hours ago 0 replies      
Installed on Linux Mint. Some minor UI problems here and there. But that's nothing compared to how bad autocomplete is. At least for PHP development it's unusable at all. Because of that even had no intention to check further. But for those who wonder - yes, it works on Linux.
pavanky 4 hours ago 1 reply      
The cloned repo is ~238mb. I can't help but think some of it is not necessary.
jonahx 2 hours ago 0 replies      
Could someone give the tldr; version of advantages atom has over vim?
thejosh 6 hours ago 2 replies      
Running on Ubuntu 14.04, after following the instructions, running "atom" or /usr/local/bin/atom doesn't do anything.
brlewis 6 hours ago 0 replies      
I am now way more interested in atom than I was previously. I think this is going to be a good thing for github.
pdknsk 6 hours ago 2 replies      
I followed the steps, but it didn't download.

    $ git clone git@github.com:atom/atom.git    Cloning into 'atom'...    The authenticity of host 'github.com (' can't be established.    RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.    Are you sure you want to continue connecting (yes/no)? y    Please type 'yes' or 'no': yes    Warning: Permanently added 'github.com,' (RSA) to the list of known hosts.    Permission denied (publickey).    fatal: Could not read from remote repository.
This works.

    $ git clone https://github.com/atom/atom

ihuman 6 hours ago 3 replies      
For anyone who is curious (since there was a tad bit of concern about it in the past), here is a link to the core's license: https://github.com/atom/atom/blob/master/LICENSE.md

It looks pretty open to me. However, I don't speak legalese, so I may be misunderstanding it.

donaldguy 6 hours ago 2 replies      
This is exciting, and bad news for Sublime Text. Though it will be interesting to see if Atom's performance actually gets up there

The Atom Shell open sourcing is also interesting ... I wonder if it will lead to a rash of other Chromium-fork-apps

laureny 6 hours ago 2 replies      
It always makes me chuckle when I see companies trying to ship a product (free or not) and realize a few months later that it's not picking up adoption. Then they decide to open source it in an effort to make it popular but of course, they can't admit that, so they always come up with excuses like "We want the community to benefit from it" or "We really believe in open source", etc...

In the end, for most of these products, open sourcing is usually just the last step before the product dies.

avitzurel 2 hours ago 0 replies      
IMHO Tom (now gone from the company) always held a strong opinion to open-source ALMOST everything.

From the outside, looking at the conversations that took place on Twitter after the initial release, he seemed to have a strong opinion on Atom being the same way, core inside github and rest is open-source.

Now that he's gone, that limitation is off and it's open source as it should have been from the get-go.

There's absolutely no reason this product won't be open source to the core, the more people actively developing on it the better.

Me personally, I haven't used it and I don't see myself using it ever in the future, but it seems like a very nice concept project.

patrickg 6 hours ago 1 reply      

    Uncaught Error: Atom can only handle files < 2MB, for now.
I'd love to use an opensource editor for working on large xml files.

ErikRogneby 2 hours ago 0 replies      
I appreciate knowing the cost of opted in features: "This package added 66ms to startup time."
pwr 5 hours ago 0 replies      
I'm pretty excited about Atom Shell as it looks like they fixed the different js context problem that node-webkit had. The last time i tried node-webkit i was really annoyed by the sneaky bugs that pushing objects from one context to the other introduced.

Thumbs up, Github!

hxrts 5 hours ago 1 reply      
Can someone comment on whether it's feasible to port Atom to function in-browser? Seems like this + something like Codepen could potentially be an asset to frontend developers.
gberger 6 hours ago 4 replies      
Hopefully someone can package a Ubuntu build now.
Sekhmet 58 minutes ago 0 replies      
Thanks for sharing this.I received betz access, but I'm using linux. Have to try compile entire Atom to linux!
krautsourced 6 hours ago 0 replies      
I wonder if this was partially because they considered the effort involved to develop a Windows and Linux version, plus the amount to get the performance where people would like it, and then decided it's not worth it? At least commercially.
neil_s 2 hours ago 0 replies      
So still nothing on the homepage or anywhere else explaining why this is something useful compared to existing apps? I can't think of a single USP.
prezjordan 6 hours ago 0 replies      
I'm excited to compare atom-shell with node-webkit. I wonder if any big players will use it.
daviddoran 5 hours ago 0 replies      
I'm delighted to see Atom open sourced. I tried it out a few weeks back and came across a bug where the editor would lock up when a few empty files were created. Then I couldn't dig into the code to fix the issue but now I can.
ing33k 2 hours ago 0 replies      
Yeah, finally got in working on Ubuntu 14.04 , looks good and solid !

not working atm, looks like it makes a POST request to a server every times its launched and the server seems to be down .

fhinson 6 hours ago 0 replies      
Really great news for Atom.

Upon its initial launch, most of the criticism around it pertained to it not being open source. I think we can certainly expect to see its growth overtake that of Sublime Text, and I'm interested to see how the community interest will stack up against other open source editors like Light Table.

Hopefully Atom may join the legendary ranks of Vim and Emacs.

jbigelow76 5 hours ago 0 replies      
I don't need another editor but this interests me because of the Atom Shell and how that works.
sergiotapia 6 hours ago 0 replies      
Masivo props to Github. They just almost assuredly made this editor long-term. What was once a cool tech-demo is now probably going to go mainstream for everybody. Wow.

I just can't imagine a behemoth like Github not injecting itself into Atom for the better.

jhh 6 hours ago 1 reply      
I wonder if the way that atom was built is or can turn into a good way to build modern cross platform desktop apps while employing web technologies. Does anyone have any input or actual experience with this?
undoware 2 hours ago 0 replies      
Everyone knows the rules by now. If something awesome comes out that's not FOSS or even only partially FOSS (dual license, etc) just ignore it until it's either cloned or fully opened.

Follow this algorithm for an open net. Profit margins get pretty tight tho

plg 5 hours ago 1 reply      
are there demos somewhere that show the value added over sublime text or emacs or vim?
math0ne 4 hours ago 2 replies      
Ugh.. still mac only....
danielweber 3 hours ago 1 reply      
The FAQ doesn't tell me what Atom is.
hitlin37 4 hours ago 0 replies      
want, atom with python support for a simpler version of ipython notebook!
vitaluha 6 hours ago 1 reply      
How about translating it to other languages?
chrisabrams 5 hours ago 0 replies      
Does atom-shell allow for 64 bit node on OS X?
anjanb 6 hours ago 0 replies      
I look forward to getting a RHEL/CentOS 6.x(6.3) package soon.
ing33k 5 hours ago 0 replies      
nice, trying to install it on Ubuntu 14.04 .
uger 5 hours ago 1 reply      
I'm surprised how much memory it takes up.
mempko 6 hours ago 1 reply      
Congradulations to the github team for releasing atom with an open source license. I hope future projects are free software instead of open source.

EDIT: I fudge fingered this. I meant copy left license. MIT is a free software license.

digerata 4 hours ago 2 replies      
I'm still trying to find out why a great company like GitHub would shamelessly copy Sublime Text 2. It's one thing to say we need to build another text editor because nothing out there gives you what you need. But to say we need another text editor and then copy Sublime... What the heck is that?

I installed it today for the first time because this was the first time I didn't need to be in a special club to use it.

I opened a directory of source that ST opens instantly. This thing took 5 seconds to open. Then when I quit the app, I get an "Editor is not responding." message. Everything feels sluggish.

This is progress people!

Silicon Valley Billionaire Battles Surfers Over Beach Access kqed.org
44 points by wavesounds  58 minutes ago   9 comments top 7
dmckeon 4 minutes ago 0 replies      
Previous discussion at:https://news.ycombinator.com/item?id=7135206

Property rights recap at:https://news.ycombinator.com/item?id=6917815

tl;dr: The property was granted to the original ownerby the government of Mexico before California was partof the US. The property rights were preserved by thetreaty of Guadalupe-Hidalgo in 1848. California's rightof access to the shoreline does not override the pre-existing property right.

Welcome to the Southwest, and if you think this is strange,try exploring seniority of water rights.

Don't like the situation? Write your congress-crittersand legislators, or take it to court. Other members ofthe tech community might respond, but are unlikely to haveenough leverage to secure access to that beach. No, Idon't like it either.

JoshTriplett 1 minute ago 0 replies      
There's a very interesting analogy here to cloud services: if you don't own something, don't assume you'll be able to use it indefinitely under the same terms. The owner can change their mind at any time, or sell to someone else with a different policy.
nashequilibrium 27 minutes ago 0 replies      
This is just so disgusting, i remember thinking about this when this guy was at techcrunch disrupt last year, acting like he's trying to make the world a better place. The tech community will stay silent because nobody wants to bite the hand that feeds them.
discardorama 10 minutes ago 0 replies      
Previously on HN: https://news.ycombinator.com/item?id=7135206 ( 197 points )
dbroockman 5 minutes ago 1 reply      
In Hawaii all beaches are public property and maintaining public access routes (and parking!) to all beaches is required by law. If rich Californians keep up this crap, they might just inspire a voter initiative that would make things even worse for them.
nomadlogic 9 minutes ago 1 reply      
Not sure why anyone would surprised about this. It's in the same mentality that allows things like Sean Parker's wedding fiasco in Big Sur happen.
dosh 9 minutes ago 0 replies      
I remember seeing the documentary on what billionaires buy for houses and on there, the real estate agent who worked with Larry Ellison, said he literally went house after house knocking on their doors and offered a money the owners can't refuse, got multiple houses in a single row on the same beach and it became his beach.
2048, success and me gabrielecirulli.com
506 points by terabytest  7 hours ago   152 comments top 47
pdeuchler 6 hours ago 8 replies      
A couple of OT thoughts...

1) It was very odd seeing something go from the HN "new" page, to the front page, to seeing people talk about it on twitter, to hearing about it from friends who have no idea what a "github" is, to my mom asking me to help her download this new game all her friends are playing. I still don't know how I feel about it. And yes, for some reason I feel like I have some sort of ownership simply because I found it early. An interesting case study of the human psyche all around.

2) At the very least I think it's a great example that while we very often find ourselves lost within the HN bubble, we need to remember that (hubris aside) what we do everyday, even if it's just a side project we did for fun one evening, has the potential to change the world in an instant. Exciting and scary at the same time (and depressing when you realize you haven't tapped into this potential yet).

3) It definitely pissed me off to hear of friends paying for the game when I could have just sent them the link to Gabriele's github. (Note that I haven't found any versions where you have to pay to download, I'm assuming these people made some kind of in-app purchase)

4) While definitely in the extreme minority, I now have a couple curious friends who upon inspecting the original github link found the repository, and now are very interested in learning to code. I think we underestimate the power of showing people the "behind the curtain" stuff so to speak.

5) My absolute favorite observation is the amount of people who "hate math" or "just aren't good at math" who love this game. I think there's great potential to use 2048 or a derivative as an educational tool.

stevenh 4 hours ago 5 replies      
A few thoughts as someone who has developed games for iOS, Android, and the web:

In today's world, if you want to retain implicit ownership of your product's name, a simultaneous triple-platform release is not optional, it is required. It must be performed in precisely the following way, or your launch will fail:

- Register your game's domain before announcing it to the public.

- Next, upload your iOS app to iTunes Connect and wait for up to one week for the app to be approved.

- Next, upload your Android app to the Google Play store; approval only takes a few hours.

- Finally, make the web version public, and announce the game along with links to the mobile versions.

If you deviate from this order, then you're screwed. One example: I released a game on the web and waited one day to upload the Android version to the Google Play store. I figured that gave me a little extra time to test and check for bugs, and what's the rush anyway? Nobody could steal a game in just 24 hours, right? Wrong. My app was rejected because Google insisted my app was attempting to impersonate another developer's app. The other developer's app was simply my own website, stolen line for line, tossed into Phonegap, and released the same day as my website. I explained this to Google in the appeal form, even including a link proving I owned the site the other developer stole it from, and they rejected my appeal without checking the link - I could clearly see in my server logs that they never clicked on it. Google does not allow you to file a second appeal, so I had to give my app an awful name no one would recognize it by, and the clone received all the downloads and glory thanks to the buzz my website's name was generating for it.

Another example: I was the first to publish an iOS app with the same name as my website. After the app had been waiting for review for four days, I figured it would be approved any moment now, and that it was safe for me to launch my website. I launched, and it turns out that Apple's app review process is not FIFO, because two days later, a clone with the same name and all the code stolen from my site was already approved for iOS, yet my own app was still waiting for review. My app was then rejected a few days later because it had the same name as an app that stole my code... again.

Gabriele Cirulli is an extremely unlucky man stuck in an extremely unfair landscape, and I cannot fault him for wallowing in the first of the five stages of grief. If Flappy Bird's alleged $50,000/day income can safely be assumed to be the average earned by the ads on any given #1 iTunes free app, then the entity which first claimed the name "2048" in iTunes Connect is currently a millionaire, because 2048 was at the very top of the iTunes free app charts for weeks. Gabriele seems to believe or hope that the masses will see his "repost" of his own app and be stricken by the desire to do the ethically right thing and uninstall all of the rushed clones and install the legitimate version and play it with all the fervor and excitement as if the global 2048 hype still currently existed. Unfortunately this will NEVER happen.

On a side note, Phonegap is only getting worse over time. Typical Adobe rot is setting in; the last version had a catastrophic bug causing the xml manifest to simply not be read during the build process, because a critical "for" loop was referencing the child element of a nonexistent variable. They swept this under the rug; countless hapless developers were mindlessly releasing broken apps during this period. Half of Phonegap's documentation refers to "Cordova" and executing "cordova" on the command line where it should say "Phonegap". Commands that have different names between Cordova and Phonegap are still documented as the Cordova equivalent, so one must use Google to find other people who searched for hours until they themselves came across the explanation that the same command in Phonegap requires the use of a completely different word. It is an absolute trainwreck, but aside from that, the primary issue for consumers now is that apps built with Phonegap no longer work correctly on newer versions of Android and haven't for months, which is why Gabriele's extremely simple and resource-minimal app is currently getting a bunch of 1- and 2-star reviews in the Google Play store with complaints about the speed.

kohanz 6 hours ago 7 replies      
Thanks to the help of my parents and my friends, I realized that the only way to get over this without feeling like I had missed an opportunity would be to embrace it and produce an app. I wouldnt be doing it for profit, though. In fact, that is not what matters to me.

I'm slightly confused, because he repeatedly states that profit is not a motivator, but then that menu screenshot of the app shows a "Remove Ads" button, which presumably means there is some monetization in there.

I don't have anything against the OP monetizing the app, but if he had the altruistic intentions that he claims, wouldn't the app be 100% free?

edit: seeing that I'm getting down-voted - it's an honest question. I don't mean it to be accusatory. I personally think the OP should monetize his creation. It's what I would do if in his shoes. I would just be honest with myself about it.

pdkl95 5 hours ago 2 replies      
The thing I found most interesting about the 2048 was the sudden assortment of variations that immediately followed. It was a perfect example of how the thing we call "culture" works: people recursively sharing their interest in something, often without even trying ("hey, that looks cool. What are you playing?").

It is also a powerful argument in the idea (described very nicely by Lawrence Lessig[1]) that culture and creativity are hindered by copyright. While git (via github.com) made it technologically trivial to clone the source, it's the lack of the "don't touch it - somebody will sue me" barrier that allowed a huge number of people to try their hand at a variation.

To re-use a quote used by Mr. Lessig[2], said by composer John Philip Sousa as the technology of the phonograph (and the ability to restrict the use of music through copyright) quickly became widespread:

"These talking machines are going to ruin artistic development of music in this country. When I was a boy, in front of every house in the summer evenings, you would find young people together singing the songs of the day, or the old songs. Today, you hear these infernal machines going night and day. We will not have a vocal chord left..."

I believe talk about "profit" or "lost opportunities" misses the forest for the trees. The potential of future personal profit on a small game like this can be very hit-or-miss, but the contributions to our shared culture have already been huge. The fact that the game caused an incredible amount of attention - with multiple people sending messages about taking the idea further - is conclusive evidence of the cultural impact it had.

The reaction by the authors of "threes"[3] (linked from this article) is an interesting example from the other side. It is clearly annoyed at the loss of profits that 2048 may have caused. Their game is also proprietary, restricting the possibility of making a legal derivative work. this eliminated one of the big sources of initial "word of mouth"/"viral' attention their game received.

I'm not trying to argue for the elimination of copyright[4] or other sweeping changes. For some works - especially games and other works of art - the monopoly benefits of copyright are probably worth the loss of some popularity. I simply suggest that there are other benefits besides "profit". As this article mentions, even stuff like "lack of stress" can be a huge advantage; knowing you've been able to impact so many people is something many artists dream about and hope for their entire lives[5].


If you're thinking of trying to squeeze some profit from a small work like this, you may want to consider letting it spread in our shared culture and taking the fame and reputation as the author of a Cool Game/App.


[1] http://www.ted.com/talks/larry_lessig_says_the_law_is_strang...

[2] ibid.

[3] http://asherv.com/threes/threemails/

[4] While I do believe we should eliminate most "IP" laws, that argument is for another day.

[5] said best by the comic PFSC: https://31.media.tumblr.com/2cbf666fc1881d6c0f158a6bece2bb95...

swalsh 6 hours ago 5 replies      
He seems so worried about taking someone else's credit, that he's missing the value HE brought to the table. He made the game approachable. The visual style of the game made it more fluid, which made it more approachable. At least to me, the two games he derived his own from don't seem to pull me in the same way. The app has a similar appeal. In games, there's a lot of value in visual design... he got the visual design right.
prezjordan 6 hours ago 1 reply      
Really enjoyed this post. As someone who has been on the "Threes! was there first!!!!" train since 2048 took shape, I think I agree with both parties. Threes! is a polished game that people can pay $2.99 for in the App Store and enjoy. 2048 is a free web game that's insanely approachable (it's free) and people "get it" immediately. They both provide immense value.

I see where the Threes! devs are coming from because, well, a lot of people called their game a 2048 clone, and I'm sure it sucks to see people playing a similar game instead of buying yours.

I also see where Gabriele comes from. The guy just wanted to make a game! He wasn't trying to steal anything from anyone, he made a lot of people very happy and he has nothing to be ashamed of, or worried about.

To be honest, I think if you take the intersection of 2048 players and people who would pay $2.99 for Threes!, you'd end up with a pretty small group.

I think everybody won here.

md224 1 hour ago 0 replies      
> Many of the people around me, however, didnt feel the same. My friends and parents thought that my choice was honorable, but at the same time I was probably throwing away a chance that I would be unlikely to get a second time.

> A few days later, all of the issues I thought I had overcome crumbled back on me much harder than before. I had started to regret wasting this opportunity, and I felt as if the people around me were disappointed by my actions.

It can be really disorienting when our intuitions and convictions clash with those of the people we listen to and trust. The cognitive dissonance can be so great that we find ourselves desperately trying to reorient our perspective to dissolve this conflict, as Gabriele manages to do:

> Thanks to the help of my parents and my friends, I realized that the only way to get over this without feeling like I had missed an opportunity would be to embrace it and produce an app. I wouldnt be doing it for profit, though. In fact, that is not what matters to me. All that matters is knowing that I didnt waste a chance, no matter if Im going to succeed or fail.

This is not to say that Gabriele "sold out" or did the "wrong" thing. Rather, "right" and "wrong" are concepts we assign to actions as we fit them into our own patchwork of moral attitudes, and are probably more malleable than we'd like to believe.

I was once faced with a very lucrative offer from a major tech company to work on analytics for their popular ad engine. I was extremely conflicted about this as I happen to dislike online advertising, and especially search engine marketing. To my horror, the majority of my friends and family encouraged me to take the position despite my ethical qualms, as the benefit to my resume would be enormous. Up until this point my own ethical intuitions had more or less aligned with those of my peers, but suddenly I found myself alienated. Was I stupid to pass up this opportunity, or were they wrong to tell me to take it?

It was one of the most difficult decisions of my life, but I decided to turn down the offer. It was liberating, in a sense; I came to realize my own ethical agency and that I could choose for myself what "right" and "wrong" meant. But it was also a lonely decision, one whose "rightness" was not shared with those I cared about.

I'm not sure what my point is here, except to say that I'm glad Gabriele found peace with his decisions. When you believe one thing and everyone else believes another, it can be difficult to know whether to change your own beliefs or not, especially when the content of those beliefs is something as abstract as "right" and "wrong." In some sense, there is no right choice, only the one you make.

benjamincburns 19 minutes ago 0 replies      
I think Gabriel's aversion to profiting from this creation is laudable, but I wonder how much of it is driven by a sense of guilt over the reaction from the creators of Threes. That said, I'd hope that those guys would get in tough with Gabriel and have a candid conversation which amounted to "okay, seriously dude - make some money already!"
habosa 5 hours ago 1 reply      
gabrielecirulli's success has been one of my favorite moments I've witnessed on HN. Congratulations to him, it was/is an amazing phenomenon. I also think we can take a few important lessons here to take the tech world a little more out of the shadows.

1) As a few have said, show your friends the source code and say "if you could learn to do this, you could have made 2048". It's not too intimidating of a codebase and it might make some more people want to learn to code.

2) If you've ever met anyone who didn't see the point of open source, the 1000s of 2048 derivations are a public monument to FOSS. I have tried to explain to my friends a million times what Github is, but then all I had to do was say "yeah for that clone someone just forked the original repo and changed yellow to blue" and suddenly they get it. I know that leaves out the part of open-source where people contribute back to the original but it's a good starting point.

3) This, or some variation of this, is why many of us do what we do. The power for a few thousand keystrokes to become a worldwide phenomenon with the only cost being $0.00 and some time. It's amazing how much influence you can have from behind a laptop monitor. When people explain why I code/blog/read HN for fun, what i tell them is that programming gives you an amazing sense of mental potency. 2048 really maxed out the gauge on how potent you can be.

arandomJohn 4 hours ago 0 replies      
Having played a lot of 2048 and Threes, I have to say that while 2048 is fun, it is a shadow of the game that Threes is.

There is a polish and outright joy to Threes that the clones lack. While the games are superficially similar Threes has a depth of play, complexity, and game design that reflects true craftsmanship. They took an idea and put in the hard work to make it the best they could make it. 2048 and other derivatives play like a rough draft of Threes.

As a hobbyist game designer myself I can appreciate the difference.

I'd challenge any 2048 fan to drop the $1.99 on Threes and see what they're missing.

All that said, I appreciate the awkward position Gabriele is in and appreciate his effort to address what has been going on in an open fashion. He's not the bad guy here. He has made a very good clone of an imitation of a great game.

bicknergseng 43 minutes ago 1 reply      
Threes hardly came up with this combination game idea. I know for certain Triple Town [1] has basically the same gameplay (except you drop instead of swipe, some extra cutesy elements) and is from 2011, and I highly doubt it originated the concept or gameplay. To use their example, I feel like Asher Vollmer and Greg Wohlwend created Dr. Mario and not Tetris, and were shocked when people started playing other Tetris knockoffs. I understand being frustrated that someone else hit success with the same idea and different execution, but I don't get the "my copy is novel" attitude. Feels like a 1 click buy patent.

[1] https://play.google.com/store/apps/details?id=com.spryfox.tr...

chrisBob 6 hours ago 1 reply      
I don't understand the concerns about theft and ethical issues about profiting from this. The license on GitHub says I am welcome to copy the source, modify it, and sell copies. Maybe I take that too literally, but if you see a popular game that people are willing to pay for, and there isn't already one in the app store I think you should take advantage of MIT licensed code and put it up for people to enjoy. Anyone who doesn't like the idea is welcome to make a better version and offer it for free.

I am strongly against blatant copies of apps someone is basing a business on, but I support making apps based on open source code, and making fun games available to as many people as possible.

diziet 3 hours ago 0 replies      
Quick thing -- you should title your iOS app something like '2048 - The Original Version', not '2048 - by Gabriele Cirulli'
notatoad 6 hours ago 4 replies      
it's kind of sad that so many people insist on a native app. 2048 has always worked great on my nexus 7 just using a browser, there's no need for an app. Developers shouldn't be forced to put in extra work porting webpages to native code just to ensure they don't get overrun by cheap clones in various platform's app stores.
chrissnell 4 hours ago 2 replies      
Am I the only one who feels like his new "native" version feels slower than his web app? There's a brief but noticeable delay between my finger flicks and the sliding of the tiles. I wonder if this has anything to do with his use of Phonegap.
danielweber 7 hours ago 0 replies      
Very interesting insight. I don't always agree with the decisions he made (and he doesn't even agree with the decisions he made), but it's a pleasure reading someone's feelings as all the stuff of the modern world hits you at once.
napolux 6 hours ago 1 reply      
IMHO It's to late for the "official" apps. So many clones out there (let's call them clones, even if they're maybe based on the original code).

I think that this is a big missed opportunity for him (even if he had enough "success" from the original game alone)

aroman 4 hours ago 0 replies      
I disagree -- I don't think either of those things were major factors contributing to the success of 2048.

The how would either of those facts have changed the basic viral mechanism of the game -- click this link and play? It didn't go viral because everyone was forking it, or because people enjoyed the lack of ads. It went viral because it was very easy to share, addictive, and a novel concept to most people.

iambateman 6 hours ago 2 replies      
I added that thing to my homescreen and played it as an "app" for weeks. The only problem is 2048 gets really boring once you have a framework for how to do it.

It's nice to see the background of how he was feeling during that time. The (relatively muted) outcry of "derivative" never felt fair to me. His game is more fun to play than Threes. Millions of people agree.

beobab 7 hours ago 0 replies      
I would have done nothing with the initial success too. I have a very definite "freeze" reaction to stress, which causes quite a few problems for me. I can sometimes progress to "flight", where I run away from the problem, but "fight" is very often out of reach.
eco 5 hours ago 0 replies      
It's a shame it's not a truly native app. Input response is very sluggish even on my LG G2 (high-end phone with a Snapdragon 800).
arek2 4 hours ago 0 replies      
If someone wants to cure his addiction, here is my variant of the game - 2048 with AI autoplay and taking back moves:


Also, 511 is a variant of 2048 on a 3x3 grid, completely solved:


alecsmart1 2 hours ago 0 replies      
Can someone please enlighten me? The number one 2048 app in the iOS store is by some company called Ketchapp. It looks pretty much the same (very similar). Did they all clone the web version by the op? Has op released his own version after a month? How does he expect to climb up the charts?
armandososa 5 hours ago 1 reply      
That was a good read, but I think that in the fear of losing an opportunity he ended up blowing it entirely by releasing a PhoneGap app which is very slow and unresponsive even when it's very well designed.
MrScruff 6 hours ago 0 replies      
The difficulty for the Threes guys was that they spent a lot of time polishing what was a very simply concept. Nothing wrong with this, but it made their game straight forward to clone. If someone was releasing Tetris for the first time in the current climate they would have the same problem.
embwbam 4 hours ago 0 replies      
I just want to say I think you made the "right" choices along the way even if they maybe weren't the most savvy financially. I hope you profit from your app. It's hard to know what to do and stay motivated. Good luck!
TheMagicHorsey 5 hours ago 0 replies      
I prefer the original Threes game. But this is a cool game too.
fallinghawks 4 hours ago 0 replies      
Thanks for the post. I suspect the creator of Flappy Bird had similar feelings of shock, worry, being overwhelmed, and the need to defend himself -- but was unable to get to the point of reconciliation.

I thoroughly enjoyed 2048, played several variations, and even made one myself with photos of raptors :)

allthatisgold 5 hours ago 0 replies      
I understand where he is coming from about the stress and the relief he felt when he renounced the idea of developing it for mobile.

I think the lesson we can all learn is that we should do both, reduce stress and pursue the goal, otherwise it might be too late and you might regret it for the rest of your life. Someone he knows could have developed the mobile app for him. He could have offered them money right away or a percentage of profit. If he doesn't know anyone, I'm pretty sure any company would have jumped at the chance if they were offered a reasonable percentage.

Even if you are blocked, at times of stress try to think of what the possible alternatives available to you are. Write them down on paper, cross them out, write them again until you are happy with your final decision.

ScottWhigham 6 hours ago 1 reply      
FYI for those searching for this on Android: (1) it isn't on Amazon yet (or at least I couldn't find it), and (2) to find it on Google Play, you have to search for Gabriele Cirulli if you want to find the actual game he's talking about. He links to the app in his post but, because I had a bit of trouble finding it, here it is:


jmzbond 4 hours ago 0 replies      
I find it interesting that this is the first I've heard of the original game. Before now, I had only ever seen/ played the Doge version. Thinking about what that says about me...
junto 6 hours ago 0 replies      
I've been playing the mobile web version daily since this hit HN. It is a great little game for those times when you are standing in a queue or waiting to see someone. Who cares who came up the idea first. Yours is very mobile friendly. Credit goes to Gabriel for that.
artursapek 5 hours ago 0 replies      
Every week I see more people playing it on the subway in NYC. Congrats mate.
dynamic 6 hours ago 0 replies      
Great post. I don't know why you feel so hesitant--it's your design and implementation that made the game a hit.

Looking forward to trying your app version.

Larrikin 6 hours ago 0 replies      
I downloaded it from the blog post but I find it sad I couldn't find it from the Play store search
softvar 1 hour ago 0 replies      
Awesome success story ! Inspiring !!
munimkazia 5 hours ago 0 replies      
It's a pity that phonegap apps don't perform nearly as well as a natively written one, especially on older phones.
chris_mahan 3 hours ago 0 replies      
My son asked me yesterday if he could play 2048 on android. (I showed him the js version on my computer)

I hope there is the option to tilt the phone to make the tiles slide...

stillsut 5 hours ago 0 replies      
When you're 20 years old, and you get 20 million hits, you should have something reallllly good that you're working on to justify not pursuing your breakout hit.
davidgerard 6 hours ago 3 replies      
Question: why does the app need "full network access"?
rikkus 6 hours ago 0 replies      
Put a price on the app, I'll be happy to buy it to say thanks!
jff 5 hours ago 0 replies      
I can understand why but DAMN the article from the Threes! people comes off really bitter.
3lackRos3 5 hours ago 0 replies      
Thanks to gabriel. 2048 made me interested in learning javascript. Forked and had fun.
higherpurpose 6 hours ago 0 replies      
For authors/creators that feel themselves in situations like that, should see this talk, it might help:


I hate seeing people quit because they've been too successful all of the sudden, like the Flappy Bird guy, too, and not necessarily because "they've made it" and don't want to work anymore, but because they're freaked out about launching a "failure" next (at least in comparison with the previous breakout success).

melloclello 6 hours ago 0 replies      
Good on you for staying cool man
FilhoDaPuTa 6 hours ago 1 reply      
I have been playing the 2048 for Android in the Top 1 of 2048 apps and now tried this guy original. Well it sucks..

the original programmer 2048 is so slow and laggish in comparison it makes it unplayable for who's coming from the other one. Visuals are also better.

grrrando 6 hours ago 2 replies      
Well, we all have the opportunity to steal things in everyday life. But in the human space outside of the twilight zone we call "HN", there are laws that keep people from profiting from stolen material. Unfortunately, you're enabled by the app stores and their allowance this type of theft. Calling it an opportunity doesn't mean you should take it.

You already had the gift of recognition, even for something that wasn't truly your own creation. Did it need to be milked further, or could you have moved on and created another game, riding your reputation? That's a big "if", but it would have been the right thing to do.

Alibaba F-1 sec.gov
38 points by nikunjk  1 hour ago   12 comments top 4
TrainedMonkey 1 hour ago 1 reply      
"We operate a micro-finance business that provides micro loans to small- and medium-sized enterprises who are sellers on our wholesale and retail marketplaces, or our SME loan business. We extend micro loans through our lending vehicles licensed by the relevant local governments in China."

Turns out reading these is actually useful, I had no idea they issued microloans.

coreymgilmore 29 minutes ago 0 replies      
Of note, the NASDAQ has lost year to date what Alibaba will be valued at. Interesting anomaly in the market.

Also a tough time for a tech company to go public since the general marketplace seems pretty overpriced as it is these days. The fact that Alibaba is an established business with history should help it perform well on IPO day.

lifeisstillgood 37 minutes ago 2 replies      
It failed to list in Hong Kong after HK said the partners could not retain control of board nominations after the sale

"""The negotiations foundered after regulators decided they would not allow Alibaba's partners to retain control over board nominations, maintaining that all shareholders should be treated equally, sources said.""" [+]

So does that mean that the SEC is going to allow them control? Does that mean HKSE is better governed than NYSE?

[+] http://mobile.reuters.com/article/idUSL4N0HL10H20130925?irpc...

rdl 1 hour ago 1 reply      
Only raising $1B? Or is that a placeholder?

I would have assumed more like $20-30B.

App.net State of the Union app.net
109 points by mergy  3 hours ago   87 comments top 26
moot 2 hours ago 1 reply      
I found myself in the same exact position with Canvas/DrawQuest earlier this year. Everyone (including myself) was laid off a few months ago, but we'd hoped to keep the app running with the remaining revenue/cash-on-hand and volunteered time (cut short by a recent hack).

It sucks, but I think we'll see more of it in the coming months/year. A lot of the seed-funded apps/companies from the past few years simply won't represent later-stage venture opportunities, and may find themselves in a position where they can't raise additional capital but can keep the service afloat without the payroll overhead.

davidu 2 hours ago 6 replies      
They renewed me without any reminder. I had forgotten about the service. That's irksome. And I'm willing to bet a VERY LARGE number of the renewals were people just like me.

There is no business there, and worse, they auto-renewed people without a single reminder it was coming.

jaredcwhite 2 hours ago 5 replies      
It's frustrating news because the platform never actually got to the point where it could be used as back-end infrastructure in the manner of something like, say, Stripe. In other words, I couldn't built a website where users simply sign up/in, use the service, share content, etc., and not really be aware they're using App.net under the hood. I think App.net shot itself in the foot by being implemented more or less as a Twitter clone to start with. That meant that there was constantly a branding problem -- user wonders "Why am I on Website X and they're asking me to create an App.net account...what's that?!?!"

We still need a ubiquitous social/identity/billing platform that undergirds the web, yet can be used seamlessly by devs of any particular site without exposing the guts of said service. I'm waiting for someone to actually build that...waiting...waiting...

mcone 2 hours ago 1 reply      
"The bad news is that the renewal rate was not high enough for us to have sufficient budget for full-time employees. After carefully considering a few different options, we are making the difficult decision to no longer employ any salaried employees, including founders. Dalton and Bryan will continue to be responsible for the operation of App.net, but no longer as employees."

Did these guys burn through over $3 million in less than a year? They got $2.5 million in August 2013. (http://techcrunch.com/2013/08/14/app-net-new-funding/)

jusben1369 2 hours ago 2 replies      
I'm always think "rage" startups are the most risky. App.net was based on a super small but vocal group that hated advertising in their social apps. Dwolla is a payments based rage sort of startup born from a founder who hated paying 3% of his money to credit card fees. A very small, passionate, group can convince each other that there must be enough people like them or even similar enough to dramatically change their behavior (create a whole new payment flow, try and get important and interesting information through a new source) The problem is after that 5% of passionate users you just fall off a cliff in terms of how much effort then next 5% and ultimately 95% will do.
unreal37 3 hours ago 3 replies      
Talk about a buried lede.

They are profitable as long as they don't pay anyone a salary. That hardly counts as profitable. How can the service grow?

windsurfer 1 hour ago 2 replies      
I've been on HN for a long time. I've seen many app.net posts fly by. I've read the start of many articles, been to their home page and even read their "Learn more" page. I still don't understand what it is. Is it something new, or just a Facebook clone? How is it different from Mozilla Persona or OAuth?

I am apparently, as a web developer, their target market. I think maybe their disdain for marketing has caused their marketing and communication to suffer.

X-Istence 32 minutes ago 0 replies      
I didn't renew my App.net subscription, there really was no value for me. Checking it along with Twitter got tiresome (I was hoping someone would integrate the two into a single client) and overall everyone I care to follow is on Twitter, it was difficult to get people interested and on the App.net bandwagon.
thu 2 hours ago 0 replies      
I think everyone remembers Alpha, the Twitter clone. But there was also Backer (https://backer.app.net/). I looked at it a few weeks ago and I didn't understand why there was no list of currently active Backers. Actually I always been very curious about the future of App.net, especially beside the Twitter clone as I never fully grasped what you could do with it "as a platform".
robot 3 hours ago 2 replies      
I think there is a simple reason why app.net did not take off: There was no significant differentiation from twitter other than paid / no ads argument.
programminggeek 2 hours ago 1 reply      
This is one more indictment to the idea that you can build a profitable business on consumer apps without just slapping on ads and then the revenues are so low per user that unless you have millions of users, it's probably not going to support much of a business.
7cupsoftea 56 minutes ago 0 replies      
This post is a stark reminder that startups are extremely challenging. There are many elements and, often times, a good bit of luck needed for big success, especially when you are doing something novel (http://mariocaropreso.com/post/62811446044/nonlinearities-an...).

Nassim Taleb talks about entrepreneurs as people who should be championed when they fail. They take on projects with very long odds. It is a tough life with little upside if you don't make it big. These entrepreneurs teach us a lot. We all get to learn from the path they traveled down. Dalton tried something new and it didn't work out as planned. Someone else will build on what he started and we'll all be better for it. Failure is part of our ecosystem. These situations are good reminders that those that make it big have learned from others and have often had a few lucky breaks to help them out.

nivertech 41 minutes ago 0 replies      
Usually platforms built around some useful service or product.

For example Apple built a platform for iOS devices, Microsoft for Windows OS, Facebook Platform for Facebook social network, Amazon for AWS, Google for Android, ChromeOS and Cloud Platform, etc.

App.net did it in reverse, they built a platform and hoped that useful products and services will be built on it.

I think they had better chances if they were white-labeled Social PaaS/BaaS/mBaaS completely hidden from the end-users.App developers would be paying for the BaaS Platform, not their app's end-users.

rajbala 52 minutes ago 0 replies      
The big lesson learned here: don't pay a high cost to only operate at the margin.

That's what App.net did --- they built out a complete product offering to only be marginally different from the alternatives.

sylvinus 1 hour ago 1 reply      
As discussed more than 1 year ago (https://news.ycombinator.com/item?id=4346303), the (very) hard times they had signing people up, with constant posts on HN without much effect, should have been a strong indicator people didn't actually need this.
jimmytidey 2 hours ago 2 replies      
For me pieces of infrastructure like Twitter shouldn't be owned by for profit companies. A Twitter-like public forum ought to be the town square of the web, and it should run along the same lines as Wikipedia. The data should be ours to do as we please with, there should be no purchasing access through adverts. App.net, and the insanely confusing concept of the Alpha app within it, might not have been the right solution, but they were asking the right question.
jcomis 2 hours ago 0 replies      
ugh, tried to turn off auto-renewal only to find out you can't. Downgrading is the only option, and it is immediate rather than at the end of the period I already paid for. That's annoying.
joewee 3 hours ago 1 reply      
I signed up for app.net when it first offered the paid option and was billed for the renewal, but honestly I haven't touched the site in a year. I just forgot to cancel my subscription. I really want to support it but I have no reason to engage with it.

I'm willing to support the company, so I can't understand why they don't pivot to something people are happy to pay for? I might even pay for a light social media dashboard. No reason to wind down in my opinion...

mantrax5 2 hours ago 2 replies      
Remember rev="canonical"? It was to save us from the tyranny of bit.ly and co. Geeks rallied behind it.

Remember Open ID? It was to save us from the tyranny of Passport.NET and co. Geeks rallied behind it.

Remember Diaspora? It was to save us from the tyranny of Facebook. Geeks rallied behind it.

Remember App.net...?

The history of geeky "open" (or ad-free or whatever) alternatives to commercial social media services is littered with corpses. What geeks never learn is that social media services can't survive if the only appeal of the service is some righteous motivation that only they care about.

Sooner or later even geeks realize that using a "better" service to talk to nobody isn't very useful.

I know it seems easy to be Captain Obvious now that App.net is falling apart, but just you watch. Soon enough it'll happen again (and then again, and again).

wmf 48 minutes ago 0 replies      
Why can't it be both?

That Sublevel landing page looks like a parody of a social-local-mobile app. Snarky, yet providing no information.

frade33 2 hours ago 0 replies      
at the risk of being stupid, which I am, 'aint they beating the dead horse' i'd love someone to enlighten me, if it was really worth it and why?

They tried hard to build an 'elite' club of rich twitter users, and it wasn't clearly going to work. Because rich people can not listen to each other.

PS: i happen to be rich twitter user myself haha! i did pay them $29 and spent like a week there and quitted., because no one'd listen to me. ;)

SmileyKeith 2 hours ago 1 reply      
As a developer on the platform who relied on the developer incentive program this is extremely disappointing. Like many other developers using ADN as a backend I relied on that to make my application free and got a small amount of money each month if people voted for it with the program. It wasn't a significant amount of money but it was enough to pay for my developer membership. Now I imagine even fewer users will be on the service and I have very little incentive to keep improving the application.
mergy 1 hour ago 0 replies      
I really enjoyed ADN for quite a while. I do think though that recently there were some opportunities to make a shift to provide more visible and direct value for users if they clarified to the outside world they had many different uses.

I could've seen them go down more of a road like Zoho.


and really be outright focusing on an application or conduit infrastructure.

jaxomlotus 2 hours ago 1 reply      
It was a really hard business model to support and get to work. You are paying for the forward belief that the network itself will be strong enough to ultimately justify the costs, but over time if that belief isn't met (and it wasn't) then you will lose subscribers.

I give Dalton and Brian kudos for trying. Ultimately I think the lesson here is users simply aren't offended enough by ads that they would be willing to pay a subscription service to avoid them.

kirbyk 1 hour ago 1 reply      
Did this surprise anyone?
moeedm 2 hours ago 0 replies      
I give it 6 months.
Show HN: Turn an email to a web page mailp.in
30 points by mailpin  1 hour ago   8 comments top 4
nathancahill 11 minutes ago 0 replies      
Thread.is tried to do this a couple years ago. Gone now. Not sure there's a good use case for it.

Archive: http://web.archive.org/web/20121118205935/https://beta.threa...

Twitter: https://twitter.com/threadhq

stanmancan 43 minutes ago 1 reply      
This is a neat idea. It would be cool to somehow allow you to add a list of recipients that should receive the link once it's pinned, but I guess that takes away from the simplicity of it.
roryhughes 35 minutes ago 1 reply      
It would be handy if you could attach a js or css file to the email which would be used in the published page.
scoj 39 minutes ago 0 replies      
I like the idea. I can't think of a specific use-case for me yet, but email integrated apps are often pretty cool and make for easier adoption.
When a bad day gets worse getting hacked twice in one day chrishateswriting.com
158 points by killwhitey  5 hours ago   46 comments top 14
knowtheory 4 hours ago 3 replies      
Having been through open sourcing an app platform repo (https://github.com/documentcloud/documentcloud ) that wasn't explicitly created w/ open sourcing in mind, moot has my deepest sympathies.

Moot left out the most sensible response to Mistake #5:

I went through a rushed 8hr rebase to remove all of our keys, certificates, cookie secrets and the like before DocumentCloud's platform was opened. Two days after, a friend asked me why I hadn't simply revoked and replaced all of our secrets to the sound of me facepalming repeatedly.

It is always much easier just to revoke and replace your secrets. Doing so should always be relatively easy for you to execute, and having a chance to practice that is also always good.

matthuggins 4 hours ago 1 reply      
I'm not familiar with DrawQuest, but why not sell it "as is" instead of shutting it down completely? Especially when you have 100k monthly actives?
LukeB_UK 4 hours ago 0 replies      
Thanks for this Moot, I love the fact that people are being more and more open with how they were hacked. These post-mortems help others identify areas where they may be vulnerable which in turn helps the community as a whole.

Sorry about you getting hacked twice in one day though. I hope things have been better since then!

driverdan 3 hours ago 1 reply      
The list of vulnerabilities in 4chan read like a standard web hack CTF. I'm surprised a site as big as 4chan has multiple OWASP top 10 issues, especially after the source was leaked. Storing credentials in client side cookies? Who wrote that shit?
coldcode 4 hours ago 0 replies      
Shows you that strict controls over your AWS credentials are worth whatever hassle they might be. 100 huge instances spun up can cost you big time.
primitivesuave 3 hours ago 1 reply      
Some security bad practices, but it happens to the best of us. Glad you got that figured out though.

I always tell my devs on the first day, "leaving AWS keys in a public repository is as bad as showing up drunk to work". Mainly because the last guy to leave our AWS keys in the open was drunk at work.

Kiro 1 hour ago 1 reply      
So Mistake #4 is something you hear over and over again is bad but I don't understand why it's so bad. If you have the password you can just login anyway and I don't see how it affected this particular case either. Please enlighten me.
ufmace 4 hours ago 2 replies      
This makes me wonder what kind of practice change would be best to help avoid this sort of thing. Maybe anytime you put in something that you know is hacky and insecure as a one-off, you should put a note in wherever you would look regularly, and maybe some kind of reminder too, to make sure that your one-off is either removed or properly secured reasonably quickly.

Or maybe just a rant on PHP and/or frameworks that make it easy to do the wrong thing, and hard or time-consuming to do the right thing.

danso 4 hours ago 1 reply      
The disclosure of these mistakes is both kind of relieving, in that the errors were obvious in nature, and terrifying, in that even though they seem "basic", they were still committed by a dev as experienced as moot. This would be a good post to create a checklist from, if nothing else.

I wonder how old the code was for "Mistake 2"? SQL injection is something most sites have patterns/frameworks to prevent, but unless the site started out with such practices...the code that was written when the site was just a fun side-project might go unchecked even as the site becomes a well-run project in its later years.

pearjuice 35 minutes ago 2 replies      
moot, why do you refuse to speak to us on 4chan while go happy hand-in-hand with all these web 3.5 cloud entrepreneurs here? Want to find some investor friends? Thanks for ignoring your actual friends.
loceng 4 hours ago 1 reply      
So simple. Could have been much more painful.
rushonerok 4 hours ago 1 reply      
Putting the hashed password directly in the cookie? That's shameful. A hack was well deserved.
anus666 17 minutes ago 0 replies      
How much shekels did you get webm implementation?

HOW does it make you feel that web is becoming less W3C and more Google Blink ?

SDGT 4 hours ago 1 reply      
> Boneheaded cookie authwe simply stored the bcrypted password from the database in a cookie, which was all that was required to pass PHP auth.

Wh... Why... Who...

How was that ever OK?

I don't love the single responsibility principle sklivvz.com
16 points by sklivvz1971  34 minutes ago   4 comments top 4
userbinator 1 minute ago 0 replies      
I've found that if you approach OOP from a more pragmatic point of view, metrics like the sizes of classes mean very little: the point of classes is to encapsulate code+data so they can be reused to avoid duplication, so it feels obvious to me that if you see (non-trivial) functionality in a class that is likely to be reused in the future, then extract it into another one, but if you don't then there's no point in doing so, because it will only increase the overall complexity. Same for OOP in general - it's a tool, use it when it makes sense and simplifies the design. Sometimes you don't need a class, and sometimes a function doesn't belong in one because it does things across several, so all the "which class should this function go in" questions have a straightforward answer to me: if it's not immediately obvious which class it goes in, it probably doesn't belong in one. I mainly use Asm/C/C++ so I have the luxury of doing this, but I can see how some of the "more-constraining" languages make this more difficult.

All the examples I see are one-way towards simply creating a million single method classes.

That's a phenomenon that I've definitely seen a lot; often with the accompanying obfuscation that the method bodies have only one or two statements in them, that just calls into some other methods. It may look like it's made the code simpler locally, but all it's done is spread the complexity out over a wider area and increased it. This isn't "well-designed" or "straightforward", it's almost intentional obfuscation.

sillysaurus3 10 minutes ago 0 replies      
It seems like the best way to design a codebase is to redesign (rewrite) it several times and then go with the most succinct design. For any given problem, it's unlikely you'll design the codebase properly on the first try. Also:

when one writes code, there are only real, present requirements. The future is pretty irrelevant

I'd disagree with this. The future of your codebase matters unless you're writing a throwaway prototype. And when you rewrite a codebase N times, you'll discover that there are ways of structuring it so that future tasks will become far easier. E.g. for Lisp you'd refactor common patterns into utility functions, and for C you'd carefully craft the interfaces between modules so that they're unlikely to be used improperly / unlikely to be surprising.

romaniv 6 minutes ago 0 replies      
This article speaks about one of the many, many reasons I don't like Robert Martin's approach to programming. If some principle results in a handful of single-method classes that don't really do anything on their own, the principle is not a good basis for design.

I find the author's alternative much more useful in practice.

jacquesm 4 minutes ago 0 replies      
Typically I write something 3 times. The first is a proof of concept, I don't care much about how it works as long as it works. The second time I put a lot more care into the 'how' but I usually still get a few things wrong enough that they are out of place and feel awkward to maintain or extend. The third time I have a really good handle on the problem, where the tricky parts are and how to tackle them. That third version will then live for many years, sometimes decades. Some of stuff I wrote like that in the 80's is still alive and well today (or some descendant thereof).

I try very hard not to get attached to code too much, refactor agressively and will throw it out when I feel it needs redoing. For larger codebases I tend to rip out a chunk between a pair of interfaces and tackle that section indpendently. I'll change either the code or the interfaces but never both in the same sitting.

Deis 0.8.0 CoreOS Integration deis.io
42 points by polvi  2 hours ago   10 comments top 7
marceldegraaf 1 hour ago 1 reply      
Awesome! I've been playing with all the components of the new Deis (CoreOS, etcd, fleet, docker) over the last few weeks and I -really- like them. This might be the future of how we do devops (I hope so, at least).

Thanks for this great update!

siliconc0w 49 minutes ago 1 reply      
Definitely going to re-evaluate deis. I like chef but I like it for SCM - using it for cluster management via databags was interesting but that problem is better solved elsewhere (i.e fleet, flynn's layer-0 or mesos).
gabrtv 2 hours ago 0 replies      
I speak for the whole Deis team when I say we're extra excited about this release as it lays the groundwork for our 1.0. Happy to answer any questions here.
neon_electro 41 minutes ago 0 replies      
Love the idea of the "easy-fix" tag on GitHub to encourage developer involvement in the project. Best of luck with the project!
jschneiderhan 1 hour ago 0 replies      
I've been playing with Deis the past few weeks and really like it. There has been a lot to learn (CoreOS, Etcd, Fleet, Docker), but the documentation makes it quite easy to get a cluster up and running. The Deis folks have also been very friendly and helpful on Github and IRC. If you're having any trouble I strongly recommend reaching out to them. Keep up the good work!
labianchin 48 minutes ago 0 replies      
Looks awesome!With this release, what would be the difference between Deis and Flynn?
nickstinemates 2 hours ago 0 replies      
Great release, deis team!
Fishing for Hackers: Analysis of a Linux Server Attack draios.com
117 points by gighi  5 hours ago   33 comments top 12
jwcrux 3 hours ago 2 replies      
OP may also benefit from the use of an SSH honeypot. I use kippo (https://code.google.com/p/kippo/) with great success. It tracks all commands run, as well as keeps copies of all downloaded files.

In addition, it limits available commands to a certain predefined subset, allowing the host to prevent damage caused (e.g. a DoS attack in this case) by the system being compromised.

dthakur 4 hours ago 1 reply      
Great article. I had not heard of sysdig previously.

Based on the timestamps of the entered commands, I guess one of the takeaways for the attacker is to look into config management tools (eg ansible) :)

fragmede 3 hours ago 3 replies      
So a DO/Rackspace/AWS VPS with a guessable root password can expect to be cracked in ~4 hours?

That's terrible!

AFAIK, AWS defaults to ssh-key logins with password logins disabled. Can someone comment about Rackspace/DO?

collingreene 3 hours ago 1 reply      
Cool article! A friend and I once did this but then recorded the commands attackers ran and replayed them on a big tv in our office. We called it hacker fishtank.
DodgyEggplant 2 hours ago 1 reply      
Great article, thanks. Does sysdig ready for production servers? tested so it does not introduce new issues?
salibhai 5 hours ago 1 reply      
Genius idea. Love it. Shared it with my favourite web host. I hope more security companies think like you do and do this type of reverse-phishing on the bad guys ;)
Dorian-Marie 4 hours ago 0 replies      
For those who don't know sysdig: http://www.sysdig.org/
johnnymonster 3 hours ago 0 replies      
Love this kinda stuff! Glad that there are people out there actively looking for the latest and greatest threats to the internet.
cosud 3 hours ago 0 replies      
Wow a Romanian script kiddie at work. This kind of modus operandus is so 2004. Nice tool showcased though.
pwelch 3 hours ago 0 replies      
Great article! Thanks!
Gepser 3 hours ago 1 reply      
But how did they enter? Force attack?
iplaman 4 hours ago 0 replies      
good job!! nicely done!
The Customers You Do Not Want northwestern.edu
14 points by prlin  56 minutes ago   4 comments top 3
slyall 3 minutes ago 0 replies      
I wonder if this works for TV shows.

I know plenty of people who like all/most of Firefly, The Sarah Connor Chronicles, Dollhouse, Defying Gravity, Almost Human, etc.

All shows that got cancelled after a season or two because they failed to attract a wide enough audience.

te_platt 36 minutes ago 0 replies      
This was not what I expected. I thought it would be about toxic customers. It's actually about a set of very good customers who happen to like products that are doomed to failure. The idea is that some people have a distinct out of the mainstream taste. Kind of like when I tell my daughter I like her outfit so of course she won't wear it again.
rgbrgb 15 minutes ago 1 reply      
This is pretty interesting but may not be so relevant in the context of digital products or doing a startup. Yes, we want our products to be mass market from day 1 but if your low-capital 2-person company can get traction in a 1% niche market then you'll have money to focus, retarget, and grow to 2%, 4%, 8%. Pepsi, on the other hand, needs to pay for inventory, shelf space, marketing, and distribution so their profit margins probably depend on mass market adoption. They're also in a position where it's more profitable for them to just axe less popular products and try again rather than steal shelf-space and mindshare from their big sellers.
The Next Chapter kippt.com
43 points by jorde  2 hours ago   18 comments top 11
EduardoFonseca 1 hour ago 1 reply      
This is shameless plug, but...

The startup that I'm at is working in a similar space. We're devoting a lot of resources to being able to easily search (from Google) your links, as well as share them. May be useful if you used Kippt, https://www.kifi.com/

Disclaimer: Again, I work there, but I really like what we are building. :)

conesus 2 hours ago 0 replies      
Kippt is a great product and Brian is very fortunate to have you guys join his team. And your talents will be multiplied at a place like Coinbase.

Congrats and best of luck.

Kiro 1 hour ago 0 replies      
Sad but not unexpected. Kippt has always felt like the kind of service that's nice and everybody likes but has a hard time getting any real traction. I'm sure being example site #1 on the official Bootstrap page was a good driver of traffic but sometimes the product just isn't vital enough.
webwanderings 2 hours ago 0 replies      
Change is always good, whenever it happens. Success or failure is a relative thing in this world anyway.

I am just a user, somewhat technically savvy. Back in the days when new services were coming up frequently, all free for anyone to use; I had a feeling that this service is not going to go anywhere. Here you are few years later.

The business of letting people save bookmarks, tag, share, are long gone, and so are the services with them.

tannerc 2 hours ago 1 reply      
It's always sad to hear when an elegant and useful application like Kippt has to be more-or-less abandoned. Still, congrats to Karri and Jori for joining Coinbase, where their style and keen eyes will certainly do some good.

As for Kippt, does anyone have a good alternative? In the event it does get shutdown, breaks, or some other event occurs?

shravan 1 hour ago 1 reply      
I'm sad to see Kippt go. I've been an avid user for about a year now.

Can you comment on what led to this change? Inbound traffic looks like it's still pretty solid. Was it just that not enough people were converting to paid plans?

jpdlla 1 hour ago 0 replies      
Congrats to Karri and Jori. Really enjoyed collaborating and helping out with developer resources while building FeedLeap. Best to both.
caiob 2 hours ago 0 replies      
Oh, no! I loved my Kippt account. Sad to see it go, but I totally understand, it's hard to keep a project going without growth in the userbase.
smirksirlot 1 hour ago 0 replies      
So sad :( Love Kippt!
kumarski 2 hours ago 2 replies      
What will become of sendtoinc.com?
adamnemecek 2 hours ago 1 reply      
That's some http://ourincrediblejourney.tumblr.com material right there.
Google Maps On Mobile Gets Uber Integration techcrunch.com
84 points by viscanti  5 hours ago   43 comments top 8
salimmadjd 4 hours ago 3 replies      
This is either a huge victory for Uber or a trojan horse by Google.

Google can use this strategy to train users to rely on google maps for Uber. If they see traction, they can roll out their own competing ride sharing service on top of google maps where they already have built traction and have users by using Uber.

Dorian-Marie 5 hours ago 3 replies      
Knowing Google, it will be an Android API service where you can register your app, so here Uber is an example in the screenshot but other apps will be able to register too.

That would actually be amazing the see the different prices / times for each service like Uber / Lyft / Taxi / Bus / Metro / etc.

hershel 2 hours ago 1 reply      
Currently the biggest challenge of UBER is regulatory - cities are fighting it tooth and nail. One way to exert strong political pressure is to offer a real breakthrough new service for the mass population(and not something like UBER which is an incremental innovation targeted for a small section of the population). This also fits with the breakthrough mentality shown by google's leaders.

Such service could work like UBER for public transit[1], basically enabling people to share rides with multiple other people while decreasing the costs significantly and maybe making such a service an viable alternative to private transportation. Such an offer would be hard for politicians to resist for long.

One key to enable such service at scale, is access to plenty of people and their real-time travel data, and having an ability to offer them an highly targeted ad + route + service. That sound perfect for google+UBER. Like a huge market they're positioned perfectly for.

[1]Previous HN thread: https://news.ycombinator.com/item?id=7391885

NicoJuicy 3 hours ago 1 reply      
I wonder how it works in Brussels and in Germany, where UberPop has been forbidden.

And does it integrate Uber only (where only legit taxidrivers can participate) or does it also integrate UberPop (that has been illegal in Brussels and Germany). Cause according the website, UberPop is still available in Germany (https://www.uber.com/cities/berlin ) and in Brussels (https://www.uber.com/cities/brussels)...

Anyone knows what specificly is integrated?

jamesgeck0 2 hours ago 0 replies      
The lane information they're adding to the UI is great, but I hope it's added to the navigator voice, too.

There haven't been many times when I've had to cross three lanes of traffic in a hurry because Google Maps waited until the last minute to tell me to turn right, but they tend to be memorable when they happen.

tricolon 4 hours ago 0 replies      
> If you have the Uber app installed, you can now compare your ride with transit and walking directions right from Google Maps in some cities.

That doesn't sound like an ad. It sounds like if I don't have the app installed, I won't see it.

ignostic 5 hours ago 1 reply      
I did not see that coming - does anyone know whether money changed hands here? It'll be interesting to see how Lyft and others respond.
sarreph 4 hours ago 0 replies      
And, before long, the road will be jammed full of Gbers...
Viennese Mazes: What They Are, and How to Make One zulko.github.io
13 points by bbotond  1 hour ago   discuss
2048 in Emacs bitbucket.org
52 points by qdot76367  4 hours ago   12 comments top 4
kjhughes 3 hours ago 2 replies      
That's just the colorization. Here's actual elisp by Steve Sprang (ssprang):


Correction: Steve's above code is another implementation.

Colorization is against Zachary Kanfer's (zck) implementation in MELPA, which is here:


And don't miss David Thompson's (davexunit) Guile version mentioned below.

I'd much prefer to see these core code packages in the spotlight over the OP's mere colorization link.

zck 3 hours ago 1 reply      
Whoa. I'm the author of this 2048-game.el (the one in MELPA; there are many implementations), located at https://bitbucket.org/zck/2048.el. The coloring is definitely something I've wanted to add to the game, but was holding off on for the moment.

Why? Scoring. 2048 has a score that's also a number. So if you colorize only based on keywords, you'll color the score too. And that's bad.

Edit: I'd happily take patches, suggestions, or pointers to documentation on how to do the colorization properly. Email in profile.

dang 1 hour ago 1 reply      
Since [1] was just adding colors, it seemed fair to change the url to the underlying implementation, so we did that.

[1] http://sachachua.com/blog/2014/05/2048-emacs-colours/

swah 3 hours ago 0 replies      
Poll: Would you take $10M now or start your own company?
6 points by Walkman  17 minutes ago   1 comment top
saiko-chriskun 0 minutes ago 0 replies      
take the $10 million, start another company. everyone knows it's about the execution, not the idea.
Rust for C++ programmers part 5: borrowed references featherweightmusings.blogspot.co.uk
85 points by AndrewDucker  6 hours ago   59 comments top 2
eq- 5 hours ago 3 replies      
I wonder if there's a (simple syntactical) way to unlink the constness of unique pointers and their targets. It's not a huge obstruction, but seems like an unnecessary restriction not found in the near-equivalent C++ construction.
ExpiredLink 5 hours ago 11 replies      
This 'ownership semantics' of pointers in Rust is just the wrong kind of abstraction. At least for a language nascent in 2014 AD.
Chicagos Last Tannery thedistance.com
50 points by gregmolnar  5 hours ago   25 comments top 4
rjett 4 hours ago 3 replies      
I have a friend who quit his day job working as a developer for a design agency. He now makes handcrafted leather products for men because he likes the satisfaction of working with his hands on physical products. Incidentally, Horween supplies all his materials. As you would expect from reading the article, it's quality stuff. If you're in the market for some cool products that will last a lifetime, check out starkmade.com.
photoGrant 3 hours ago 1 reply      
Go past the place quite a lot. Definitely know it's there, the stench!
twosheep 4 hours ago 3 replies      
I got Alden shell cordovans, which are made with Horween leather, and I can already tell that they will last years longer than my other shoes. Don't spend $100 on shoes every year, spend $600 on shoes that will last for 10 years.
freehunter 4 hours ago 4 replies      
I've never understood the need for putting the source of the article in the title of the submission. It's usually not important (I have no idea what The Distance is), it can be confusing (is The Distance the name of the tannery?) and it's printed literally right after the title of the submission (thedistance.com). I see it all the time, though, mostly on other sites like Reddit (Major Political Scandal Breaking - Forbes (forbes.com)).


Get some money back on your crappy flight experiences getairhelp.com
5 points by sieva  30 minutes ago   discuss
How to talk to an open source project as a large scale or interesting user powerdns.com
148 points by whocanfly  10 hours ago   107 comments top 13
jackgavigan 2 hours ago 2 replies      
It's interesting how the title "How to talk to an open source project as a large scale or interesting user" implies that the onus is on the user to approach the open source project in the correct manner.

It might be more productive to think about "How an open source project should talk to a large scale or interesting user".

I was deploying open source software in large corporations more than a decade ago[1] and I formed the impression that open source projects could do a LOT more to engage with and support their users. It sometimes felt like the developers just didn't care about users. Documentation was often sorely lacking[2] and "support" typically came in the form of mailing lists that were full of users trying to figure out how the software worked, and swapping advice and tips - often a case of the blind leading the blind.

The end result was that corporate users would sometimes choose commercial software, despite the cost, because it came with decent support and/or had functionality that the open source alternative lacked.

These days, I think that a product manager is an essential part of any open source project team.

1: e.g. http://mail-archives.apache.org/mod_mbox/tomcat-users/200009...

2: e.g. https://www.mail-archive.com/linux-raid@vger.rutgers.edu/msg...

roberthahn 8 hours ago 2 replies      
What I'm seeing here is a customer support problem. And IMHO, PowerDNS isn't taking the correct steps to solve it.

It's funny, because the answer is right in the article. If your customer:

* is large and/or interesting* has a legal/security/marketing/ team that's worried about sharing information publicly* has an IT dept that doesn't know the whole company is depending on a single open source product* feels they have to use gmail accounts and made-up names to talk to you

Then maybe a public forum really isn't the place to expect your customers to ask for help.

I would suggest creating a partnership program for businesses like Cloudflare - swap tech support for publicity (which will then help drive adoption)

pilif 6 hours ago 2 replies      
tangentially related: Thanks for once again pointing to PowerDNS. I've been using bind forever and I never really looked out for other alternatives ("it works - why should I bother learning something new?").

I had no idea what I was missing as from now on, I'll never again have to deal with forgotten serials or manually adding slave zones to the secondary DNS server.

Everybody still running with bind, thinking it's "good enough", ask yourself how many times you were inconvenienced by either of the two issues and decide whether it might be worth looking at alternatives.

The fact that PowerDNS apparently also is really performant doesn't matter for my mostly minimal use case, but it's good to know that if something great happens, I won't have to migrate again (not that migration is hard - powerdns comes with a helper tool to read your bind config and produce SQL for your zone files)

baudehlo 8 hours ago 1 reply      
I have definitely had this issue with Haraka (a highly scalable SMTP server). On the one hand we have Craigslist as a user, who have been incredibly open and contributed heavily to the project, and on the other we have had people post cryptic bug reports that it didn't work for them, but clearly they were trying to use it at an interesting scale, and we would love to have helped.

We pride ourselves on being one of the friendliest MTA communities out there, so to find people who give up and quit using it is always sad. Many times we've contributed custom code to companies for free to help them out, but we can't do that if you are silent. So speak up, companies, even if it's only in private messages.

dmourati 6 hours ago 0 replies      
It is impossible to comment on this specific example without seeing the actual email exchange. What I can say, is that a user chooses how to disclose their identity and the identity of their company making the best analysis of an imperfect situation. Having worked for largely smaller companies (not in the business of protecting the global internet), I've been relatively lax in posting who I am and where I work. This transparency has been helpful on more than a few occasions.

If you are a "large and/or interesting" company, it would behoove you to disclose your identity in a safe and responsible way to projects (open source or otherwise) who represent any important part of your business. The trick is to do so in such a manner so as to derive the many benefits (increased responsiveness) without the many liabilities (spam, sales calls, etc).

By remaining mum about who you are, the signal to noise ratio of your requests do not stand out from the crowd. This is unfortunate for both sides. It does, however, reinforce the notion that companies and projects should aspire to provide excellent support to all users. You never know when you have a "secret shopper" in your midst.

chris_wot 10 hours ago 2 replies      
Curious to understand what the issue was.
alexdowad 2 hours ago 0 replies      
No sympathy. If your support for users is poor, then it is simply poor, and no excuses please. "We didn't know how big they were" doesn't cut the mustard.
ibmthrowaway218 10 hours ago 3 replies      
This is one of the pitfalls of a public only support mailing list. I know I post using a gmail psuedonym to get support for various open source apps that I use for side projects.

I'd be looking to provide an extra private/internal support email address made available to the largest customers.

doxcf434 7 hours ago 0 replies      
Often when a company want's to "help" it means make a sale regardless of how poor the technical implementation is, waste your time with SE level support, and power point presentations. When instead they should be focusing on the product first. If your user is reporting a scaling issue and your product is all about scale, that should be your first priority.

Vendors also need to remember, your users change companies, a user could be at some small unknown company on day, and the next be in control of a large budget at a high profile company. Your reputation follows that user, and what they want to see is you're making a good product. If the smallest company is reporting an issue that would affect your customers, I'd want to see that you're addressing the issue with that company so I don't have to at my large/interesting company.

philjackson 6 hours ago 0 replies      
I read the first part of that quote as "White PowerDNS" and wondered if I was dreaming.
EGreg 5 hours ago 0 replies      
How are DNS servers different from nameservers?
sambeau 9 hours ago 16 replies      

For HN'ers who are still learning the finer points of English this title shows one of the many weird inconsistencies of the language.

Normally, when trying to say 'a thing' where the thing starts with a vowel we change the 'a' into 'an' so 'a axe' becomes 'an axe', 'a umbrella' becomes 'an umbrella'.

However this is a notable exception: when pronouncing 'user' there is an unwritten 'y' e.g. it is said 'yoozer', thus we wouldn't normally add another consonant here so it should be 'a user' not 'an user'. If you say it out loud you can hear it (and hopefully feel the extra tongue work that, traditionally, we try to avoid).

Another common exception is 'Hotel'. It takes 'an' rather than the expected 'a' as for some reason we drop the 'H'. For me it rolls better off the tongue with 'an' but this may purely be due to conditioning.

'Herb' is a difficult one as in the US it's pronounced 'erb' while in the UK it has a hard 'H'. Thus in the UK we use 'A herb' I assume the US says 'an Herb' correct me if I'm wrong.

It's nonsense like this that makes me pity you brave fellows who attempt to master our pidgin of a language!

Edit: change 'pigeon' to 'pidgin' :)

gilrain 9 hours ago 5 replies      
To complain that the only reason you gave someone bad support was because you didn't know who they were is pretty tone deaf.

Would you want to dine somewhere that got panned by a restaurant critic and then wrote an essay saying, "Well, we'd have been a lot more careful with his food if we'd known he was an important critic!"?

Ledger, a powerful CLI accounting tool ledger-cli.org
4 points by mercurial  19 minutes ago   1 comment top
dragonwriter 3 minutes ago 0 replies      
Ledger is awesome, but hardly new...What's the news here?
High-Tech Push Has Board Games Rolling Again nytimes.com
68 points by jbae29  7 hours ago   43 comments top 14
replicatorblog 2 hours ago 1 reply      
Boardgames are quietly one of the most lucrative categories on Kickstarter. Multiple miniature-based boardgames have out earned Oculus Rift and up until the end of 2013 5 of the top 20 projects were board games. There are a couple companies that are approaching $10MM in revenue by running multiple campaigns. There are also lone artists who have raised millions.

It's fascinating on a number of levels, from the individual creator stories (Frustrated designer quits job, raises $2MM) to the way small businesses are evolving the platform (some co's have turned stretch goals into a marketing artform). I've written about a few of these companies in the past if you'd like more details:







ixnu 5 hours ago 1 reply      
My family with two teenagers has recently discovered that board games (specifically Dominion) are the most effective and enjoyable means of communication. We have spent over $250 on expansions and accoutrements. It is worth every penny and more.

If anyone is struggling to connect with your teenagers in a meaningful way, you should really try board games. It sounds funny to say, but board games have improved our relationship within our family more than any other experience we have tried. I would be devastated with family game nights now.

I'm thankful that I stumbled on Will Wheaton's TableTop series on YouTube (http://geekandsundry.com/shows/tabletop/). If you need tips on good games, this is a great place to start.

kriro 18 minutes ago 0 replies      
I love board games (own a little over 150) and enjoy them a lot more than video games.You can extract pretty good optimization problems form many of them (especially Eurogames).

In fact I own quite a few games that I haven't really played a lot but spent quite some time thinking about AIs for those games...dunno it's a strange but fun hobby :D

Cooperative games are probably the most popular ones in my collection. Incidentally they make for excellent solo puzzles as well.

gault8121 5 hours ago 3 replies      
Board games can connect people in ways video games cannot. There is a level of rapid interaction, brought about by being at a shared table, which cannot be mimicked digitally.

If you like Settles of Catan, and you are looking for something more advanced, I'd highly suggest Eclipse, Twilight Imperium, and Puerto Rico. These are challenging games that require careful resource management, political negotiations, and long term strategic thinking. In many ways these games mirror the challenges of building a company.

karlb 4 hours ago 3 replies      
The BoardGameGeek Gift Guide opened up a whole new world for me: http://boardgamegeek.com/wiki/page/Board_Game_Gift_Guide_201...

I now own about half of the games on it.

I discovered early on to buy only games that are either suitable for my two young kids (like Carcassonne, King of Tokyo, Blokus and Labyrinth) or are suitable for two players (my wife and me; Dominion, Pandemic and Ticket to Ride Europe).

We seldom get to play the games that require four or more adults.

Incidentally, my favorite board games on iOS are Dominion, Blokus, Neuroshima Hex, Hive and Chess.com's app. However, I'd recommend against getting games on your phone that you also play with your family, because you'll either become too good at them or you'll get bored of them before your family does.

thomaslangston 3 hours ago 1 reply      
I would posit that Meetup.com and other public social networking sites are also a significant factor in the recent board game boom. Finding and playing games with 3 to 6 adults is much easier when you can quickly find multiple free events each week in any major U.S. metro area.
eliot_sykes 58 minutes ago 0 replies      
Here's a good episode of The Incomprable podcast where they discuss their favourite board games, helped me discover new games to play: http://5by5.tv/incomparable/184
silverlight 3 hours ago 1 reply      
Shameless plug for our product which lets you play RPGs and board games online with others for free: http://roll20.net
michaelochurch 5 hours ago 2 replies      
Tabletop games are also great for helping people overcome social anxieties, which are common among smart people. The "flow" state is deeply anxiolytic. Games are good for getting people, who don't know each other, together to do something that isn't drinking.

This is why I thought Google+ should have focused on putting German-style board games (using Hangouts, then an enormous technical advantage) instead of Zynga dreck in its Games product. The original G+ vision was that Hangouts would actually be something people "hang out" in, coming and going like it was a dorm room in college. That was a long-shot, an attempt to centrally direct culture, but games provided the perfect context for getting that motion going.

Semaphor 3 hours ago 0 replies      
When I was younger (14-21), we had LAN parties. The older we got (starting at around 18), the rarer they became, what happened instead were board games: Descent, Axis & Allies, Twilight Imperium (or pretty much anything in the 6-12h range or sometimes more).

My friends from school and me moved all to different places, but we still meet up once in a while to spend a day and night playing, all of us getting close to being 30 :)

I love board games.

jaydub 4 hours ago 0 replies      
Board games are great because they are one of the last refuges of shared attention.

I'm personally a big fan of Axis & Allies, Puerto Rico, Castles of Burgundy etc. There's something really nice about people coming together and focusing on the same thing.

code_chimp 5 hours ago 0 replies      
My six year old daughter loves this game and Monopoly.
chris_mahan 5 hours ago 1 reply      
My son (9 next month) loves playing Munchkins, Risk, Monopoly, Settlers of Catan. We've also played Puerto Rico, but it's not very fun with only two players.
batmansbelt 5 hours ago 1 reply      
Were board game sales ever suffering? You wouldn't know it after dealing with some of my insufferable board game aficionado friends.
Seeding torrents from S3 celingest.com
40 points by celingest  5 hours ago   25 comments top 5
aroch 4 hours ago 2 replies      

    The upload speed for S3 seeding was usually between 72 and 80 KiB per second
So not horribly helpful for larger blobs that you expect to have a lot of initial demand for. You'd be better off serving the blob or renting a seedbox / cheap server if you want to do initial seeding for distribution if you were interested in your users experience.

dublinben 4 hours ago 0 replies      
This is probably an incredibly expensive way to seed torrents. There are any number of seedbox providers who will give you several hundred GB of storage, several TB of traffic, and much higher speeds for a flat rate of ~$15 a month.
profquail 30 minutes ago 1 reply      
Another idea: you could also use S3 as a web seed for a .torrent you hosted somewhere (or even a magnet link); it seems likely the speeds would be much better as well, since you'd be able to take advantage of S3's load-balancing.
antr 3 hours ago 1 reply      
Quick question: is anyone here using BT Sync with S3? I'd like to know about the experience, ease of use, access, redundancy, etc.
teepo 4 hours ago 1 reply      
Why?This would work... until the surprise bandwidth bill comes in.You could just do this for free using dropbox though, or another less expensive object storage.


Elastic Containers: auto-scale and pay for what you use elastichosts.co.uk
15 points by porker  2 hours ago   2 comments top
porker 2 hours ago 1 reply      
Just discovered them this evening - I'd like to hear experiences of using ElasticHosts. Reliability? Backups? (no mention of anything, or their storage array). Cost-effective? Know what they're talking about?
Google Debuts Classroom, An Education Platform For Teacher-Student Communication techcrunch.com
17 points by emadkhan  2 hours ago   21 comments top 7
chestnut-tree 47 minutes ago 1 reply      
These tools and services look very promising but Google needs to be clear and transparent about what data it captures when rolling out this service.

Is it tracking and recording the usage and behaviour of teachers and students who use these tools? What does it use this data for? ("we use this data to improve services" says absolutely nothing.)

If you start using these tools in your student years, then continue to use your email and Google apps into adult life, can you imagine the phenomenal amount of data Google will have captured and recorded about you?

cm2012 42 minutes ago 2 replies      
Like 95% of Google side projects, they will barely support this and it will slowly languish until killed.
joezydeco 16 minutes ago 0 replies      
I need to show this video to some teachers I know, just so I can count how many turn white seeing a room full of kids using laptops with the screens turned away from the teacher's view.

I'm guessing this will be a non-zero value.

protomyth 32 minutes ago 0 replies      
So, how are the student accounts handled and can I call someone when we have a problem?

[if the answer is G+ account, I don't think I can risk it given Google hate for certain types of names]

jpace121 1 hour ago 2 replies      
It's going to be interesting to watch how this competes with Blackboard.

Anecdotally, it definitely looks like Blackboard has an almost monopoly on class room management stuff. Since the education market is so slow to adopt new things, Google definitely has their work cut out for them.

With that being said, Blackboard definitely leaves a lot to be desired, and with classes supposedly going online more and more, the market is definitely ripe for some disruption.

wehadfun 55 minutes ago 1 reply      
"to help teachers create and organize assignments"

Teachers do not want to create assignments. I created a similar thing for my wife and discovered this and a lot more

wehadfun 59 minutes ago 0 replies      
Fat JSON tbray.org
161 points by cedricr  11 hours ago   110 comments top 42
malgorithms 6 hours ago 1 reply      
An update on Keybase, since it was chosen as the example. The API now supports field declarations. For example, these all work:

   https://keybase.io/_/api/1.0/user/lookup.json?username=chris&fields=basics,pictures   https://keybase.io/_/api/1.0/user/lookup.json?username=chris&fields=basics,pictures,profile   https://keybase.io/_/api/1.0/user/lookup.json?username=chris&fields=basics,public_keys
This change was intended from the beginning, but we are still in alpha. It was a quick addition, so the HN post made it timely. The nice thing is that this isn't just a client-sensitive change. Loading a user's info is module, so those above examples should be faster and less work for our server than getting everything about someone.

tel 7 hours ago 4 replies      
This is immediately solved by Lenses

    _Object . key "them" . key "public_keys" . key "primary" . key "bundle"
which you might complain saying that this is yet another idiosyncratic method of traversing data types. In fact this whole thread is full of examples of other idiosyncratic methods of traversing (JSON only) data types.

Except lenses aren't. Lenses are highly principled and compose and combine in ridiculous ways while maintaining their exact behavior. Half the features proposed in this thread exist naturally and "emergently" by the nature of lenses. Finally, they follow mathematical laws describing how everything should work together all to the T.

At the highest level a Lens is a getter plus a setter bound together. You can extract either component to get or set a subpart of a value.

At the next level, you can take note that lenses "compose" (as a category) by letting you reach deeper and deeper into a structure. This is what I took advantage of with the JSON example above: composing them with `(.)`.

At the next level, lenses generalize naturally to "traversals" which target multiple subparts all at once and "folds" which build exotic "getters" over multiple targeted subparts.

At the next level, lenses "dualize" to prisms which deal with branching types. This is hard to explain if you haven't used a language with a true sum type (Scala, Haskell, ML, and lets not get into lazy/strict sums) but I used one above to traverse into the "Object" indicating failure if my assumption of the structure of the JSON blob were wrong.

At the next level you generalize these into isomorphisms which have nice mathematical properties determining when two types are identical by giving you invertible mappings between the two. This is like a lens which focuses on the entire type as its "subpart".



At the end of the day there are even more steps in that hierarchy. It sounds ridiculously complex, and it is a little bit to learn. The advantage is, however, that the intuition of "focusing on a subpart" applies over any data type and with pretty near any weird combination of "lens-like" operators you can dream up.


Usually when someone first hears about lenses they say "Oh, getters and setters. I have those already, no big deal". That's really far from the case, however... Lenses end up being the XPath of everything.

chriswarbo 9 hours ago 3 replies      
I make heavy use of a similar thing in PHP. I have a function "lookup" which lets me say:

    lookup($foo, array('bar', 'baz' 15, 'quux'))
This is equivalent to any of the following:

    $foo->bar->baz[15]->quux    $foo->bar->baz[15]['quux']    $foo->bar['baz'][15]->quux    $foo->bar['baz'][15]['quux']    $foo['bar']->baz[15->quux    ... and so on
It's useful in Drupal when the required data is often at the end of a long chain of objects-containing-arrays-containing-objects-....

I've been a bit naughty with its types for the sake of convenience: if a non-array is given as the second argument, it's wrapped as a singleton array, ie.

    lookup(array('foo' => 'bar'), 'foo') === 'bar'
Also if any of the components aren't found, it returns NULL, ie.

    lookup(array('foo' => NULL), 'foo') === lookup(array(), 'foo')
It would be theoretically better to return an empty array on error and a singleton array on success, since they can be distinguished, but in practice that's so far down the list of problems with PHP that it's not worth the effort of adding such wrappers at the moment.

A really nice thing about this function is that it curries nicely:

    $find_in_foo = partially_apply('lookup', $foo)    $get_blah = partially_apply(flip('lookup'), 'blah')    $find_in_foo('x') === lookup($foo, 'x')    $get_blah($foo) === lookup($foo, 'blah')
Actually, my argument-flipping function is already curried, so I can just say:

    $get_blah = flip('lookup', $foo)
This currying is great for filtering, mapping, etc.

ig1 8 hours ago 2 replies      
I had this exact problem in Python and wanted to be able to use dot-notation (i.e "book.metadata.title") to query the structure (like MongoDB, etc do) so built my own library for doing it:


(Also available from pypi via "pip install pson")

skywhopper 5 hours ago 0 replies      
I feel like Tim (like a lot of people connected to the web standards community and systems-oriented folks in general) rushes too quickly to thinking about how to standardize and generalize an approach to breaking down large JSON documents like this. But this isn't a standards failure, it's just an API failure. APIs will always need to be refined in various ways after they're released. A "standard" method of asking the server to chop up a JSON document for you would solve this particular problem, at the expense of creating a lot more work on the server side (likely a new layer of abstraction), and there's a limit to how useful that is. Versus just tweaking the API to make it more focused and flexible is a process that's always going to be necessary, no matter what JPath/JWalk/etc standards are developed.
malgorithms 7 hours ago 0 replies      
Happy to see one of our Keybase API responses used as the example here. I can share our intentions with that API call in the long run, and how it'll end up smaller, which is especially important for mobile devices.

The dictionary describing the user you requested comes back with some high level sub-dictionaries in it: "profile", "basics", "public keys", "pictures", etc., and the API replies, currently, with all the data to which you're entitled. This is quite huge as Tim mentioned in his post.

Server-side we have a module for loading user information, which allows you to request which of these fields you want when loading a "user object". For example, on a certain page of the site we might load a dozen users but only need [user.BASICS, user.PICTURES], so that's the only data that will be loaded.

The API simply doesn't expose this filtering mechanism, yet, as calls the API hit [user.ALL] which is a combo of everything available about a user. So, in essence, all we need to do to trim these down is allow you to pass a filtering parameter.

Btw, going in the other direction, there'll be a way to query for multiple users at once, fattening things back up :-). So for example you could request just basics + pictures for an array of usernames or userids.

jerf 8 hours ago 2 replies      
Honestly, what's happening here is that you've hit the limit of JSON. JSON trades fairly significant verbosity for ease-of-use... when it stops being easy-to-use, well, you've stopped needing JSON. While you may be forced to hack around it, I'm not sure I'd spend too much time trying to figure out how to be principled in that hacking, because hacking it shall ever be.

JSON's nifty and convenient, but it's huge... with JSON from "the wild" I often find it gzips by a factor of 16. And that's just gzip, which isn't even the best at this sort of thing. If the API provides only a vague question that you can ask it, and it hands you back a huge chunk of very fluffily-serialized data, well... in a lot of ways you've already lost, twice (once for fluffy serialization and once for a presumably-foreign API giving you too much data).

CyberShadow 10 hours ago 1 reply      
Somewhat related, jq is a command-line utility which allows filtering JSON data, and uses its own path/filter syntax:


Zelphyr 6 hours ago 5 replies      
I just don't see how

  JWalk.getString(user, "them", "public_keys", "primary", "bundle");
is better than

What am I missing?

justizin 3 hours ago 0 replies      

I've been raising cain about this in the chef community for some time - node objects can easily be as large as 128kb+ of json, which can consume over 1-2MB once parsed into a ruby json object. An empty search of a system with over a thousand nodes can consume over a gigabyte of ram!

The worst case I experienced this was writing out an /etc/hosts file, for which you only need two fields : name and ip, of each host, but you still get a list of every cpu core, dimm, etc..

Excited to see the potential examples, I might try to work on into chef if I get time. The chef solution has been to have 'whitelisted attributes' which is a whole mess unto itself.

drachel 9 hours ago 5 replies      
I'm a little surprised not to hear any mention of JSON Pointer (RFC 6901). It deals with exactly this:


With JSON Pointer syntax, it would be something like:

    JWalk.getStringPtr(user, "/them/public_keys/primary/bundle");
It's concise, complete/unambiguous, and has implementations in a growing number of environments, so I think it could be worth mentioning as an approach. It also defines a useful URL fragment syntax for referencing nodes within documents, which would be a good thing for the JSON world.

habosa 5 hours ago 0 replies      
I know everyone is saying this is an oversimplification and just another person rushing to create a library etc, etc. But the fact of the matter is if you ask any Java developer who has dealt with JSONObject they'd probably want to use this. And that says something.

Why can't I make a contract with my JSON parser. Saying: look, last time there was a 200 OK response all of these fields were there. I promise, they'll be there next time too. I don't need to try { get field } catch {} every single time.

The best way around this currently is to hope that the API has a client library, but that just means that every API maintainer now has to write my Java for me too.

I'm not sure what the solution looks like, but I want a modern Java JSON parser that understands how the API landscape looks today. This extends to other languages that are static typed and have exceptions as well.

Edit: for the record OP is Tim Bray who invented the XML spec, so he has some experience with traversing documents.

drostie 9 hours ago 0 replies      
Given that someone uses fat JSON, it seems plausible that you'll have to face those sorts of problems (either simple selectors with logic for potentially dealing with multiple responses, or complex selectors into the tree). What you're really saying in JSON-land is something like, "this whole object should be destructured; I just want a flat object with short keys."

That's the right design approach for the "structs" of JSON; it's wrong unilaterally (JSON also has "hashes" with the same syntax, and they should be separated from that context. Similarly you don't want to destructure an array from {data: [1, 2, 3]} into {data_0: 1, data_1: 2, data_2: 3} unless you absolutely have to.)

Once you flatten it, then partial responses for things which return a struct do exactly what you want; you say e.g.:

    ["myQuery", {on: "stuff", _fields: ["a", "b", "c"]}]
and you just get {"a":1,"b":2,"c":3} as your JSON response.

So what I'm saying in summary is that if you write your own APIs you can get this sort of functionality without building a magic tool; the reason that the magic tool is not mainstream is because it's only right for dealing with structs and not hashes (because if there's a hash elsewhere in the object a user might register their own key in the hash called "ctime"); and given that some API gives you a complex structure, flattening it the way you're doing is potentially a little risky because later updates might say that there's another ctime to some other part of the Users object.

lhnz 10 hours ago 0 replies      
I had a similar idea[0] that I haven't actually had time to finish. The README.md kind of explains where I was thinking of going philosophically. It's a bit out-of-reach with my current workload but I'd love to contribute with others that could tackle the areas I find difficult.

[0] https://github.com/sebinsua/jstruct

jhh 7 hours ago 1 reply      
Once you have used a parsing library to create generic data structures (in your programming language) from your JSON all of this no longer has anything to do with JSON, right? That's something that confuses me about this blog post. To me it seems that it talks about a very generic issue in very specific terms.
iSnow 7 hours ago 1 reply      
If you generate your JSON with Java using Jackson, it offers Jackson-Views, a very nifty way to define sets of JSON properties according to use case.

* http://wiki.fasterxml.com/JacksonJsonViews

* http://techtraits.com/programming/2011/08/12/implementing-ja...

jb55 5 hours ago 0 replies      
Weird I also made a small dot-lens javascript library to do the same thing just the other day...


It even works for zooming into arrays

billpg 10 hours ago 0 replies      
RFC 6901 specifies a simple XPath-esque notation.
heterogenic 9 hours ago 1 reply      
Help me out here HN... I remember somewhere seeing an API format where you passed up the empty JSON object which you wanted filled and returned.

Something like:

  (request)  {username:"",address:"",credits:""}  (response)    {username:"Manilow, Barry", address:"Hollywood Bowl", credits: 99}    
Clearly not optimal, but it worked pretty well and was very intuitive.

uptown 9 hours ago 0 replies      
I rolled my own solution to this for a mobile turn-based game I have in development. Most of the time, the device is just polling to see whether there's anything that needs updating. As part of my polling query I pass a signature of the current game state (game-round, with a few other bits). On the server, if that checks out, then the reply is tiny. If there's the need for an update, I send back what's changed and update my views on the client-side. It's definitely not the right solution for every scenario, but I've found it works well for my specific situation.
lttlrck 10 hours ago 0 replies      
If path features became common it would likely lead to even more bloated and less thoughtful APIs.
carsongross 7 hours ago 0 replies      
One of my pet theories when I developed intercooler.js (http://intercoolerjs.org/) was that, by targeting specific UI elements with only the data necessary, you might actually cut down on the amount of data transfer between the client and server when compared with some general JSON APIs, despite the fact that HTML is a less efficient data format.

I'd expect this to hold, in particular, in areas where JSON isn't particularly a particularly efficient encoding mechanism (e.g. tables)

It's an interesting thing to consider, at least.

HarrietJones 5 hours ago 1 reply      
If only there were some kind of structured query language we could invent that allowed us to choose the fields and records we needed to look at. We could get some kind of standards institute to ratify it so everyone used the same interface.

A pipedream, I know. A crazy, wild pipedream.

mjs 10 hours ago 2 replies      
Letting clients choose the fields they want to receive leads to the awkward realization that any generic, flexible and future-proof mechanism for doing this leads to system where a client can suck down an entire website with a single request.

(If clients can choose not to receive some information, then by symmetry, they should also be able to choose to receive some additional information that's not included by default. And since everything is linked to everything else (orders are linked to users, etc.), you end up with a single resource that potentially embeds everything else.)

These systems also break caching, of course, and also to some extent the principle that within-server links are indistinguishable from cross-server links. The web is not optimized for performance or file size.

filipncs 10 hours ago 1 reply      
I must be missing something obvious. How is Tim's JWalk example different than doing:

  try {      var key = json_object.them.public_keys.primary.bundle;  } ...
Is it to better allow dynamic keys? More consistent error handling?

crazy_geek 9 hours ago 0 replies      
My security senses are tingling. A server evaluating potentially hostile client provided expressions? Proceed with extreme caution.
nailer 9 hours ago 2 replies      
http://agave.js includes (prefix)getPath by default on any object.

    var mockObject = {      foo: 'bar',      baz: {        bam:'boo',        zar:{          zog:'something useful'        }      }    }

or, alternatively:

will return:

    'something useful'
It's also got a bunch of other useful stuff like 'kind' (closest prototype of an object, that works consistently everywhere), number methods like (2).weeks().ago(), and reads more cleanly than underscore as it uses actual methods.

efsavage 8 hours ago 0 replies      
I do this on a current project. Certain fields are rarely need and turned off by default, others are usually needed and turned on by default. It's not done via a special syntax though, just query parameters, so something like /person/123?bio=false&salary=true. A standard path syntax might be nice but for handcrafted APIs this works well.

The front-end models are reusable and don't really need to care so long as the properties they need are available.

AshleysBrain 10 hours ago 2 replies      
Couldn't a "possibly null" member access operator help here? E.g.:

   var key = user?.them?.public_keys?.primary?.bundle;

is equivalent to

    object ? object.property : null

dukedougal 9 hours ago 1 reply      
First world problem, man. Important only to the performance obsessed. Most developers concerned about this have too much time and not enough commercial imperative.
jedp 5 hours ago 0 replies      
JSONSelect lets you do queries on JSON objects using CSS-style selectors. There's an interactive demo here:


The code is on github:


zupa-hu 8 hours ago 1 reply      
This is the typical nice-to-have feature. It takes time to implement, adds server-side overhead, adds complexity but adds very little value. OP is arguing that it costs him resources to traverse the entire JSON. There are way more clients then servers, thus increasing server-load to make it cheaper for the clients sounds weird to me.
bananas 9 hours ago 1 reply      
So we're ending up with JSON with schema and query support.

In a couple of years: XML is the new best thing (as people finally realise that they've needed it all along).

facorreia 8 hours ago 0 replies      
The Open Data Protocol (OData) specifies ways to declare server-side filters and to restrict the fields sent in the response.
alexose 3 hours ago 0 replies      
I'm a little late to the party, but I recently wrote something that can help with this problem. It has the added benefit of acting as a kind of reverse proxy:


datashaman 7 hours ago 0 replies      
Use JSONPath, it's a JSON version of XPath and it's awesome.


colinramsay 10 hours ago 0 replies      
This is definitely a problem. I work with an existing API and am building a mobile client based around it, and while there's limited support for selecting which fields you bring down, it doesn't work for nested object.

This results in a bloated response, which on mobile is a real problem for responsiveness and data costs.

We considered building a proxy which would form responses tailored for the mobile client, but that felt like a hack. Mind you, so does Google's partial response solution.

Maybe some services could allow you to build your own response, creating a custom version of an API just for yourself?

philo23 8 hours ago 0 replies      
That sort of syntax reminds me of Objective C's key paths.

  [object valueForKeyPath:@"them.public_keys.primary.bundle"];
which is part of the larger, more in depth, Key-Value coding interface. It was definitely something I missed going back to PHP, Javascript and other languages after using Objective C.

jaredmiwilliams 9 hours ago 0 replies      
We built a jackson extension to offer this sort of friendly filtering automatically with JAX-RS endpoints: https://github.com/HubSpot/jackson-jaxrs-propertyfiltering
tonetheman 9 hours ago 1 reply      
underscore.js does this with a pick function

_.pick( {a:1,b:2}, "a" );

underscore is cool.

andrewstuart2 8 hours ago 0 replies      
As I understand it, there's a lot of places overhead creeps in that tends to make this sort of thing vastly more efficient than making multiple calls. Sure you'll maybe send data people don't want this time, but it will probably save processing and networking overhead that would be spent building and sending a long list of the fields they want. When designing an API I tend to lean to being a bit more verbose than I need to be, if only to save the HTTP overhead of another request. At least until HTTP2 helps us out there.
yeukhon 5 hours ago 0 replies      
It is important to note that when you accept selected fields to output you must validate those field names as well.

Sometimes people has a giant object from database, and on return they return a subset of it. But someone may make a mistake by iterating over that object to return selected fields.

    if options:       return {key: object[key] for key in options}    else:       return safe_output_for_this_api(object)
So collapse that into safe_output_for_this_api instead :D

Easy, Fast, Powerful: This is Your Rails on Ninefold (Review) palominolabs.com
4 points by millioncents  34 minutes ago   discuss
How to Hire a Winner? Try a Game of Ping Pong inc.com
8 points by promocha  1 hour ago   discuss
       cached 6 May 2014 22:02:01 GMT