hacker news with inline top comments    .. more ..    26 Aug 2014 News
home   ask   best   5 years ago   
Why Crunch Modes Doesn't Work: Six Lessons
33 points by support_ribbons  1 hour ago   13 comments top 5
bsmith 39 minutes ago 2 replies      
I wonder if the science on the 40-hour work week applies mostly to specialized jobs, or if it can be broadly applied to more generalized roles, i.e. _entrepreneur_, where one switches contexts several times per day/week. How many 'successful' startup founders only worked about 40 hours a week versus 60+? Is Elon deluding himself when he claims his 100+ hour weeks allow him to accomplish more than his less-disciplined competitors?
ehurrell 43 minutes ago 0 replies      
Worth reiterating, I've seen good people run themselves into the ground with an endless 'crunch', because they felt it was a valid strategy. 'Running themselves into the ground' might seem wishy-washy, but to make it more concrete: people have _had to_ take time off work days before a big deadline because they couldn't work. I'd rather the marathon than the brick-wall crunch.
themartorana 29 minutes ago 2 replies      
New title - "Why CONTINUOUS crunch mode doesn't work."

This feels a bit link-baity, because it says nothing of how short, uncommonly used crunch modes help or hurt productivity - just how super-long work weeks are eventually more detrimental than helpful.

Edit: I would posit that short bursts of overtime - perhaps a single 60-80 hour week at the ramp up to a major release can actually be helpful if not exciting - if used quite sparingly. Research on that theory would be more interesting to me.

shubb 31 minutes ago 2 replies      
The finance industry, particularly around the front desk, is notorious for freakishly long working hours. I don't work in that industry, but friends that do speak of 100+ hour work weeks, with 80 hours considered normal in some workplaces.

As outlined in the post, that way of working, doesn't (shouldn't) work. Especially when the code produced, or in the case of traders decisions made, might lose vast amounts of money due to a single mistake.

I'm curious, if anyone here works in that kind of an environment - How does this work? Are these numbers exaggerated? Are you all on stimulants? Do you see the kind of creeping errors and codebase decay one might expect?

danielweber 37 minutes ago 1 reply      
(From 2005)
The Relative Cost of Bandwidth Around the World
18 points by FredericJ  51 minutes ago   1 comment top
slagfart 6 minutes ago 0 replies      
Just as a note, Cloudflare is not alone in struggling with this. I'm very surprised that the status quo has been maintained for so long. I suggest that Cloudflare should look under the process of transit becoming 'Declared', within the Australian Trade Practices Act. More here: http://en.wikipedia.org/wiki/Competition_and_Consumer_Act_20...
Vermont Quits War on Drugs to Treat Heroin Abuse as Health Issue
247 points by benblodgett  9 hours ago   64 comments top 11
codeshaman 4 hours ago 4 replies      
Just back from Boom Festival in Portugal, where personal drug use is decriminalized.

There was almost no police/security at the gates or inside the festival, although selling drugs was not tolerated (eg. people selling on the festival grounds were kindly asked to leave). There were 42.000 people from 152 countries and most of them used some kind of substance or plant there (marijuana being the most abundantly and openly used). As a consequence (or despite this?), this was one of the safest and warmest places I have ever seen.

Instead of police watching everyone, there were a number of premises: there was a drug info stand, were one could go and test their drugs. The queue was quite long there, people stood 2+ hours in the queue to test their substances.

Then there was the Kosmic Care, a place were 20+ psychologists, doctors and shamans would bring people having 'bad' trips back to earth. They had 70 'bad' trippers in the first night alone and they were expecting a lot more on the full moon night.I've spoken to the psychologists there (out of curiosity, not because of a bad trip :) ) and they told me that that the majority of bad trips were caused by people taking 'fake' LSD. In fact, she said, 50% of the LSD people tested was not actually LSD but some designer substance with unknown consequences and effects.Other reasons for bad trips - was people mixing substances or taknig too much (usually young, unexperienced people) and people having prior mental illness.

I asked a guy there, how can one prevent people from having a bad trip again and the answer was 'well, after such an experience, most people grow up pretty quickly and it's unlikely they would take these substances lightly the next time'.

In most countries, these young people would end up in a hospital and then get arrested and possibly spend time in jail.

The war on drugs has caused a lot of suffering and has done very little to reduce drug use or addiction, yet it costs billions every year.

Protugal's approach to drugs is a great example of how the negative effects of drug use can be handled with minimal costs and lead to positive outcomes in drug users.All it takes is a bit of acceptance and common sense.

awjr 4 hours ago 2 replies      
"War on drugs" is a terrible world affliction. Prohibition neither works nor is conducive to a better society. Governments should just tax and sell the drugs to the general public. Alcohol is considered to be the most harmful drug but is legal because it can be taxed, controlled, and makes money. (http://www.economist.com/blogs/dailychart/2010/11/drugs_caus...)

Governments should also support people that want drugs to come off those drugs and while we're at it, release all prisoners who are specifically in for possession/dealing/trafficking.

We really need to give up on this idea of a drug free world.

I think we need to look to Portugal for an example of what can be done and also as a starting point for possibly developing a better model http://www.spiegel.de/international/europe/evaluating-drug-d...

praneshp 6 hours ago 4 replies      
I really wish it wasn't called "War on drugs". One of the things I dislike about America, as an outsider, is their tendency to call everything "War on X", which essentially makes everything us vs them.
amykhar 2 hours ago 2 replies      
The demographics of Vermont makes me curious. Many people say that the war on drugs is racially motivated in that more blacks and hispanics are prosecuted than whites. Vermont is 95% Caucasian. I wonder if this fact influenced the new policy in any way.
par 7 hours ago 4 replies      
What a wonderful world it will be when we help our sick instead of imprison them. I am looking forward to the rest of the world following suit. I'd also like to add this is a great time for US democracy to shine, as it is through statehood that things like this can be tested on a small scale, before rolling out to 'prod'.
tim333 1 hour ago 1 reply      
>This is an experiment, Shumlin says. And were not going to really know the results for a while.

Good stuff. I really wish those in power would more often try a scientific/engineering approach to see what works rather than politicians shouting about war on whatever.

blueking 3 hours ago 1 reply      
I wonder why the government needs to force everyone to hit a collective rock bottom before considering a new strategy. Throwing everyone involved in jail was a bad idea from day 1.

What they need to do is manufacture and sell the drugs at cost to registered addicts. This way you destroy the business of the drug cartels and you insure your citizens are at least using pure drugs.

Regardless of the legality of the use of the drug it is a health issue that the drugs your citizens consume are pure. The safety of your people should come first and a government that has taken this long to realize something that basic is simply incompetent.

Prioritizing law enforcement before public safety is a revealing and meaningful sign of incompetence or even corruption.

doctornemo 1 hour ago 0 replies      
If only the state would spend more money on this strategy. But we aren't.
BorisMelnik 6 hours ago 1 reply      
why not set up more suboxone clinics? I know it is just substituting one addiction for another, but it will reduce crime and stop deaths.
omegaworks 7 hours ago 2 replies      
>Representative Thomas Burditt: As everybody knows, the war on drugs is lost, pretty much. Its time to go down a new road.

There is a sane Republican! Hurrah!

dscrd 3 hours ago 0 replies      
War on Drugs has been won, not lost.
How Norway has avoided the 'curse of oil'
151 points by diminish  7 hours ago   70 comments top 15
prawn 5 hours ago 2 replies      
Statoil and how Norway essentially protected its future is a lot like how Australia should have dealt with the so-called mining boom.

Named and outlined better, our "mining tax" could have been this. It could have protected against capital flight and essentially built national strength for all at the expense of those (especially foreign interests) looking to dig up serious swathes of our ground.

Instead, we had a predictable response from the mining magnates and Coalition, an easily duped and panicked public, and a flailing government at the time who named the concept terribly and defended it poorly. And when challenged on the whole "it's barely made any money" front, caved instead of noting that it'd been potentially hampered for political reasons.

What's an easier sell to the public? "Mining tax" or "Future Fund; funded by giant, mostly foreign mining companies."

Look at the Coalition's "$20b" medical research fund. So many people think that's a current $20b fund, rather than a far smaller fund to be built up to $20b over a number of years, and then to fund research only from the earnings of the fund and not from the fund's base value. Labor should have framed the MRRT much more like this and it would've made for a better sell. Avoid the word tax, outline the goal with a specific value range and target date, and name the beneficiaries of the earnings - technology research, medical research, etc.

I can't see how this wasn't a big missed opportunity for Australia.

phaemon 5 hours ago 0 replies      
The steps of building infrastructure and investing outside the country, are pretty much exactly the same as was suggested for Scotland in the McCrone report in 1974.

Unfortunately, that report was classified as "secret" at the time, as it was felt the conclusions would boost support for Scottish independence. It wasn't released until 2005.

Link: http://www.oilofscotland.org/mccronereport.pdf

cel1ne 4 hours ago 3 replies      
Since we're talking about how awesome Norway is, this [0] should be mentioned.

[0] https://en.wikipedia.org/wiki/Freedom_to_roam#Norway

dharma1 3 hours ago 2 replies      
Probably one of the best examples of how natural resource wealth has been preserved and invested for the whole nation, instead of being lost to the pockets of few through privatisation, corruption or mismanagement of funds.

I think the magic ingredients (aside from being lucky with natural resources in the first place) are egalitarian society, high level of trust, very low level of corruption, a functioning democratic government and highly skilled fund managers.

adamnemecek 6 hours ago 2 replies      
The story of how Norway's oil industry started is pretty interestinghttp://www.ft.com/intl/cms/s/0/99680a04-92a0-11de-b63b-00144...
maaaats 3 hours ago 2 replies      
Kinda ironic having the picture of the current finance minister, Siv Jensen, there, as she is so opposed to us saving this money. She is mainly elected on promises on lower immigration, cheaper alcohol, cheaper fuel and lower taxes. Planning to achieve that by using the fund's money.
netcan 3 hours ago 1 reply      
The economics of mining are complicated, but there are some similarities to the startup/VC complex. A big part of developing mines is exploration. Finding minerals can be hard, especially in the north sea. The oceans are big. The difficulty is why there are still new deposits being discovered.

Exploration usually happens when the company doing it can hope to make money off of a successful discovery. They might even pay for the privilege. Imagine a scenario where a company finds a motherload of oil after a low probability exploration. Their exploration contracts (being signed before the deposits were known) guarantees them a huge profit. Unseemly, even. They are earning that because they took a risk. Now they get their 100X. Try explaining that in an election year.

New technologies are constantly being invented that improve exploration, surveying & mining. This means that there are new possibilities every year impacting which mine/well is profitable (minerals can be extracted at a profit. These all change underlying economic realities. A $1bn per year mine can only make a slim profit in years where commodity prices are high. It employs many people. The next year commodity prices change or some new mining or processing technique (fracking is a huge gamechanger) mean that some complicated contract is now worth a whole lot of money. The $1bn goes from a 2% margin ($20m) to a 30% margin ($300m) and everyone want a piece of it.

Meanwhile government departments, unions, armies, etc are salivating over the prospect of this wealth. The National University's long impoverished Oceanography faculty has their eye on a fleet of research vessels. Academics are starting companies offering to do (mandated) environmental impact studies. There is a lot of pressure for money now, from industry, politicians, constituents.

Politicians definitely don't want to be investing during their term for the benefit of politicians 10 years from now. The world can be cynical, but not always.

Norway has done well. I'm not sure if any one thing can be learned from them. Have smart people running things. Meanwhile Norway have their own political traditions, values, and probably pathologies.

jensen123 3 hours ago 0 replies      
Bergen is not the center of Norway's oil and gas industries. Stavanger is.


makmanalp 1 hour ago 0 replies      
There is also the related concept of "Dutch Disease" (http://en.wikipedia.org/wiki/Dutch_disease) which is what I expected this would be about. The idea is that once a country discovers it has reserves of a valuable natural resource, it tends to exploit and build its economy around that resource, at the expense of its more complex sectors like manufacturing. Norway seems to have handled that decently well so far, and part of the lack of spending probably comes from the fact that they realize their oil's a short term freebie boost not an economic strategy.
praptak 4 hours ago 1 reply      
I am jealous of Norway. Social relations in most other countries, even the "first world" ones, seem uncivilized by comparison. I always wonder how they arrived at this point - this looks like they have some magic ingredient that made their Prisoner's Dilemma converge on 'cooperate'. It must be the fjords.
valgaze 5 hours ago 0 replies      
The rise of these sovereign wealth funds has been pretty extraordinary- if corruption is kept under control those resources are politically "out of bounds" for spending.

This list ranks SWFs by size- notice there are several US states on the list: www.swfinstitute.org/fund-rankings/

elchief 6 hours ago 2 replies      
C'mon man. Norway's the #1 importer of Teslas [1]

Otherwise, man I wish Canada would manage our oil money like Norway. But we burned that bridge a long time ago.

[1] look it up

noir_lord 2 hours ago 2 replies      
I've often said the Nordic countries in general are as close to a Star Trek style civilisation as we've ever gotten.

As someone who lives in America Lite (the UK) your policies on just about everything strike me as insanely reasonable.

I pretty much feel shame whenever I think about our last two governments.

jokoon 4 hours ago 1 reply      
i want to go there so bad :(
Percentage of emails being encrypted during transport
17 points by Sami_Lehtinen  1 hour ago   6 comments top 3
teekert 24 minutes ago 1 reply      
I have been using checktls.com to see if I had set my personal mail server up in the correct way. While testing some other providers: gmail, me.com, live.com I found that the latter two did not provide TLS (this was about 4 months ago), I even made an Ask HN:https://news.ycombinator.com/item?id=7708882

But now, both started offering TLS, just recently it seems.

pyre 42 minutes ago 2 replies      
If you expand the inbound graph out to "90 days" or "1 year" there seems to be a pattern of spikes. I'm curious what causes these. I don't think that they are caused by volume of email spiking, because it's graphing the percentage of incoming email that is encrypted.
Show HN: I got hacked, felt paranoid, made an app GlassWire
840 points by greenwalls  19 hours ago   284 comments top 101
mbrownnyc 2 hours ago 1 reply      
Hello all,

The company that made this is: SecureMix LLC (est. 04/15/2014); aka Free Firewall Antivirus LLC (est. 10/17/2013); aka Blue Quail Capital, LLC (est. 06/21/2010).Here is the corporate registration: https://mycpa.cpa.state.tx.us/coa/servlet/cpa.app.coa.CoaGet.... The person opted to use a CPA (EDWARD H. GOWETT) to register their LLC (looks like a nice guy: https://www.linkedin.com/profile/view?id=34375436). And finally, the man, the myth the legend: ANTON BONDAR.

gregbarbosa 19 hours ago 8 replies      
Wow. I hate how so many Windows applications are considerably uglier compared to Mac counterparts. The Windows apps don't seem to push forward Windows design but rather get stuck in the Windows XP design days. This is beautifully designed and clear.

The graph visualization is prime, and I love that the peaks are "rounded" out instead of sharp declines (sharp declines would make it look more like a live stock ticker).

Extremely well done, and exactly something I have been looking for. I will keep an eye out for the Mac version.

highercenter 3 hours ago 1 reply      
I got hacked, felt paranoid, made an app... Yeah right!

This app is not a one man show! This app, with all it's license stuff, backdoors etc.. all ready to know a lot of all your network traffic going in and out, and you agree upon all this when you install it. Now YOU got hacked! Or do you think the app will also show in detail what data they store and share on their servers and third parties and more?

767 point and counting on HN, amazing...

Good luck!

Sir_Cmpwn 16 hours ago 5 replies      
All software related to security should be open source. This particular piece of software doesn't sit at a crucial point in a secure system, but a greater deal of transparency would be appreciated. I personally avoid using closed-source tools for security purposes, and especially closed-source tools that are hoping to monetize. I use Linux, though, so I guess it doesn't really matter to me in this case :)

I would also say that calling home is a huge no-no for this software. I would seriously consider revisiting that choice if I were you.

SoreGums 2 hours ago 0 replies      
This is great.

Surprising really it has taken so long to get an app like this on Windows. I've been using My Data Manager[1] on Android for a the previous 2-3yrs.

The closest I've gotten on Windows up to this date is CFosSpeed[2] in traffic shapping = off mode + process explorer. There have been other apps that attempted to present the data, however none have done it like GlassWire.

Looking forward to the paid version, this is awesome :)

Got a few rendering issues on Windows 8.1[3]

Hopefully these issues get sorted out, quickly.

[1] https://play.google.com/store/apps/details?id=com.mobidia.an...

[2] http://www.cfos.de/en/cfosspeed/cfosspeed.htm

[3] http://i.imgur.com/0jOFvos.png

Swannie 10 hours ago 1 reply      
Holy crap, this got popular fast.

This will probably stop some drive-by hacking - great. But my understanding from some well informed people, is that increasingly rootkits can hide their network traffic.

So, whilst this will add piece of mind, you'll still need to maintain security - because all this will really do is let you know you've been "hacked" again. Sure, it may prevent the dropper from connecting out - but often that would look like Flash or Java just connecting out to a random host.

As someone who got hacked, and installed NoScript, I'm amazed at the number of hosts that even mainstream websites connect out to. I struggle to stay on top of my whitelists. I just don't think you're going to see the dropper in time and stop it.

TeMPOraL 13 hours ago 3 replies      
Holy hell, this was the app I was looking for for a long time! It does exactly what I want it to do and does it beautifully. Thank you! I'll be happy to pay you when you provide that option.

By the way, I'm surprised this isn't a default feature of OS'es. I always thought knowing exactly what apps are talking to the world and how much is something one would like to know about.

DogeDogeDoge 2 hours ago 0 replies      
You felt paranoid and made an app which a random binary from internets we should download and run.

Feels like a trap.

cyanbane 19 hours ago 1 reply      
Beautiful app, I looked at the Privacy Policy on the site & breezed through the Install legalize and it doesn't seem to include specific network traffic information being relayed back to remote servers in anyway (I easily could have missed this), can you confirm that you guys are not collecting network usage statistics from the app?
Semaphor 55 minutes ago 1 reply      
It doesn't seem to do what it says.According to it, Outlook initiated it's first Network connectivity just now. A point in time where I had already sent and received mails for some hours.

At least it so much better looking than other windows apps

purpl3p3rs0n 19 hours ago 1 reply      
This is immensely helpful (and beautiful). I really like how you can monitor remote boxes. Customization of alerts is great too!

Any chance you will support hi-res screens (see http://imgur.com/ztN8cL3)?

fabulist 6 hours ago 1 reply      
Would you or others care to share the story of how they got hacked?

The only time I've been aware of getting hacked, my friend handed me his computer and said, "You're a nerd, find me a live pirate stream of the Big Game. Quick, people are coming over!" Friend may be too strong a word, but I gave it a shot even though I thought it hopeless. I went to some sketchy pirate sites, and I clicked on a link. A popup launched, and immediately there was an error; "Shockwave has crashed."

"Do you install updates?"

"No, why?"

Another time, my brother was lamenting that he couldn't take pictures with his phone because his SD card broke. I never used mine, so I pulled it out and handed it to him. A few days later I had to get some information immediately and the only device available was my phone. I was on a website and an error popped up; it was to the effect of "Can't download someapp.apk because you don't have an SD card."

Close call.

Edited to add:

https://incidents.org has good reads.

ofir_geller 19 hours ago 1 reply      
Please send my compliments to the designer of both your app and website. both designs are clean, beautiful and work with the UI. bravo.

it would be nice to have more info about how you monitor the connection and prevent any Trojans from going around the monitor point.

frik 18 hours ago 1 reply      
Nice app. Please test it with the Windows classic theme (Windows 7/2008 R2), the "Glasswire" button is a bit glitchy.

What's the overhead of Glasswire? For me it's 2-6% CPU (of my many core systems).

What does the gwdrv.sys kernel driver do exactly? Hook into the TCPIP.sys kernel driver?

Is the "Glasswire control service" an app update service? Blocking it in the "Firewall" tab has no negative side effect so far.

bbarn 12 hours ago 2 replies      
I know some have mentioned white/black lists, but in addition to known malicious stuff, one feature that might be really helpful is a known list of what connections are used for, or processes/executables.

i.e., "spynetus.microsoft.akadns.net" could have some clearly Glasswire edited note that said something like "Used by Windows Defender". You could even add a +1232 Safe/-12 Unsafe that linked to a crowdsourced/forum sourced "what's this" registry. Sort of like reviews on processes or hosts.

maouida 16 hours ago 3 replies      
Bug report: After few hours of installing the app. I got a blue screen KERNEL_SECURITY_CHECK_FAILUR which repeated 3 times.I removed the app from the start up list and disabled the windows service. now everything is back to normal.System: Win 8.1
superpano 16 hours ago 0 replies      
Can anyone explain why the Qt DLLs are offset in size? I compared them to Qt 5.3 and even replaced them and app works fine with original Digia compiled versions. Maybe it is the digital signature? I just recall a trojan people used before by re-compiling the Qt Libraries with malicious intent.
nanexcool 14 hours ago 0 replies      
I know saying just 'Wow, what a beautiful, useful app' doesn't really add much to the discussion, but it's all I can muster.

Beautiful app. Amazingly designed. Insanely useful with zero configuration. Would love to pay money for this, especially if you can bring this sort of zero click usability to a LAN environment.


cheeyoonlee 17 hours ago 0 replies      
Clearly one of the most beautiful app on Windows. Just installed on my desktop, looking forward to the mac version ;)
ki11a11hippies 13 hours ago 1 reply      
ITT: people care way more about the superficial qualities of security software than, ya know, security.

This looks way easier and prettier than open sourced NIDS and HIDS like snort and OSSEC, and I think that's why I'm supremely skeptical they hired enough security people versus frontent people.

agildehaus 18 hours ago 1 reply      
Beautiful. I can easily see using this regularly on my Windows machines.

Some items:1) It'd be nice to be able to scroll around directly on the graph using mouse gestures (middle-click drag?).2) Graphing of bandwidth seems to be off somehow. If I do a speedtest.net, my ~104Mbps transfer shows up on the graph as 38 Mbps and the graph scale shows a max of 20 Mbps. http://imgur.com/QkZMVvj

luckysahaf 3 hours ago 1 reply      
This is great app. However, I am facing an issue.

I am not able to connect to a remote server. I don't know why! This is what I am doing:1- Allowing server access in Server tab in Settings on one computer.2- Trying to connect from another machine using the credentials.

I am not able to connect. Does anyone else face the same issue?

walterbell 19 hours ago 1 reply      
Nice graphs. On the site, why did you choose to promote the monitoring features over the outbound firewall features?

Can it import existing whitelists or blacklists?

If there are competing products (paid or free), a comparison would be helpful.

andrea_s 2 hours ago 1 reply      
This is awesome. I would be happy to pay for your upcoming "pro" version. Do you already have an in-app mechanism that will warn me when this is available?
ps4fanboy 14 hours ago 0 replies      
Any chance of a write up of the design process and UI frameworks used?
eps 18 hours ago 1 reply      
From FAQ page:

> GlassWire keeps an up to date list of known suspicious hosts and alerts you if you contact one. Suspicious hosts are often related to botnets, malware, and other malicious behavior

How is this implemented exactly? Does the app phone home? Does it do some sort of RBL check (if so, against which servers)?


itisbiz 6 hours ago 0 replies      
Great app! Serious question: why hasn't something like this become a standard app if not OS feature? It is something I have always wanted. Want something similar for Android phone too.
stronglikedan 17 hours ago 0 replies      
Beautiful! And just a future feature request for the paid version: Would it be possible to limit the bandwidth allotted to an individual application? I know it's a monitoring tool, and that would be more of an administration tool feature, but I think it could fit in with the concept.
miles 18 hours ago 3 replies      
Beautiful UI! Just curious: why not block connection attempts from new programs automatically? By the time a user has noticed and blocked future connections, it may well be too late.

On a related note, I recently tested a number of firewalls for Windows using Comodo's HIPS and Firewall Leak Test Suite[1]; the only one I found that passed all tests with virtually no setup or changes was SpyShelter Firewall[2]. Not an endorsement by any means, just an observation.

[1] http://personalfirewall.comodo.com/cltinfo.html[2] http://www.spyshelter.com/spyshelter-firewall/

justkos 3 hours ago 1 reply      
Another request from me for a Linux version!

---maybe related...I remember when switched to linux some years ago, the software I really missed was ZoneAlarm and still haven't find a nice alternative (for fast and easy control of the outbount(!)/inbound net trafic). I liked that I could block and unblock the internet access of each application from the systray icon.Any suggestions?

acasetta 18 hours ago 1 reply      
I actually just signed on to HN to comment on this news. Great job, first of all for a good solution to a real problem. Next, great design: finally an application that does not pale in comparison to its Mac counterparts.
px1999 11 hours ago 1 reply      
Impressive software. Simple (looking, and to use) and beautiful; but with plenty of technical depth/value. I've been running it on my machine all day, and plan to roll it out to others in my local network.

I'm definitely curious to see what the paid features will be...

shreshthmohan 1 hour ago 0 replies      
You sound a lot like Linus Torvalds. :-)
biot 13 hours ago 0 replies      
I've wanted a replacement for CoreForce for quite some time:


It was a piece of security software modeled after OpenBSD's pf firewall which let you define policies around network, file, and registry access for applications. You were able to setup really fine-grained policies as well, for example to only allow access to the C:\temp directory for list and read access, but to deny delete access, and to ask the user to accept/reject if it tries to open a file for writing.

So instead of monitoring access after the fact, CoreForce let you actively grant permissions and would either silently deny or interactively prompt you when an application went outside the resources you granted.

JimmaDaRustla 14 hours ago 1 reply      
Wow. Presentation is everything. You nailed it.

Downloaded it just to see if those screenshots were real. Keeping it because its awesome!

aen0 4 hours ago 1 reply      
I believe that the hosts history should not be visible by default. It also shows hosts while browsing in private mode.

Maybe only visible with an UAC auth.

wnevets 16 hours ago 1 reply      
Looks pretty but I dont know how well this will help with detecting a compromised system. Once a system has been compromised cant it lie about its network usage?
Fundlab 4 hours ago 1 reply      
Why does it only pop up internet explorer icon in the alert? Is it possible to show an icon of what application is initiating the connection instead?
superasn 8 hours ago 1 reply      
I wish there was something like this for my wifi router (or in the Tomato Firmware) because that way if there is a malware in the phone, or my laptop I can immediately know about it without installing this on each device.

Also I hope it has list of known malware hosts for which it should give a huge red alert dialog if a connection is made to it.

morepyplease 19 hours ago 1 reply      
Looks beautiful, What's it written in?
wfjackson 19 hours ago 1 reply      
What about rootkits that can falsify the data that the app sees? It would be good to have something similar that plugs directly into the router logs.
codexon 16 hours ago 1 reply      
Not to be a downer, but I don't see how this is any better than a real firewall like Comodo.

If you cannot block new connections, it is likely the valuable information on your computer has been siphoned off, or glasswire bypassed before you noticed it on those fancy but useless graphs.

voltagex_ 14 hours ago 1 reply      
I wonder if the OP should set up UserVoice or similar for feature requests/voting.

My wishes:

* A pay-once Pro version

* A plugin API so I can add my ISPs usage monitor

* Per-app bandwidth limiting (difficult on Windows I think)

geoelectric 15 hours ago 2 replies      
Shamelessly bikeshedding, since I can't use the app until you have an OS X version, but would be nice if it could query my router via SNMP to get whole-network usage.

That's what I currently do via NetUse, but this looks quite a bit better.

jelias 18 hours ago 1 reply      
It's Little Snitch for Windows? Love it.
danielweber 18 hours ago 0 replies      

Could you make it so when the graph rescales, it just doesn't snap into place, but gradually (say, animate over a half second) resizes?

EDIT: If I have GlassWire on my second monitor, and click "+ 2 more" to see what else is going on, the pop-up opens on my first monitor.

nilved 17 hours ago 3 replies      
Cool app, but if you're the kind of person who gets hacked, why should we trust your sec?
service 17 hours ago 1 reply      
Looks awesome. Little Snitch is one of the things I miss most from my Mac days and this looks like it will feel that hole nicely.

e: After trying it, yep, this is excellent. And far too good to be free. I almost feel guilty using it.

paranoid123 4 hours ago 0 replies      
See my problem is that I am already paranoid... How do I know glasswire does not provide access to my machine to its developers?

My point being it's a closed source project by using it you implicitly trust its developers.

serve_yay 19 hours ago 0 replies      
I don't have Windows so can't evaluate, but this looks quite nice. Good job!
servowire 6 hours ago 0 replies      
Reminds me of BlackIce back in the day... awesome tool this Glasswire. This is what I wanted for everyday network paranoia.
jonalmeida 8 hours ago 0 replies      
This has been an application idea I've been wanting to build for a long time, but not having much networking know-how when it comes to these things, I put it on a to-do list.
ejp 18 hours ago 1 reply      
This is excellent - I was looking for similar functionality just recently in the Windows networking system. I look forward to seeing what the paid features are!

Here's my minor feature request (I'm sure you'll get a hundred or so today) - how about a config setting to turn on an automatic virus scan of the executable on first network activity? I imagine this would not be enabled by default for performance reasons, but I'd like to run it this way for a few days before reverting to default settings.

hrjet 9 hours ago 0 replies      
While this is great for certain types of attacks, I wouldn't be surprised if the really smart attacks try to fly under the radar, by distributing traffic and activity. Does this app somehow help detect that?
kingcan 15 hours ago 1 reply      
This looks really nice. One thing I'd like is that it would show the current download and upload speed when hovering over the tray icon.
bobbles 15 hours ago 1 reply      
Does anyone know how to remove the red notification numbers from the icon? I hate these things drawing attention in my taskbar
marcamillion 10 hours ago 1 reply      
Love this. The installed app looks just as good as the screenshots.

One question, what does "powered by Symantec" mean?

Is this just a sexy UI on top of a Symantec engine?

geographomics 13 hours ago 1 reply      
I haven't installed the app, so I don't know if this is part of some alert functionality, but why are there Twitter and Facebook API links in the code? https://i.imgur.com/QPIYUfQ.png
mback2k 18 hours ago 1 reply      
Great application, please create one that can be run on Linux and Windows machines as a service and monitoried using such a beautiful client software.
lechevalierd3on 18 hours ago 1 reply      
Stunning landing page!You get the message instantly and it got me curious enough to want to boot my windows box to try it out.

Great job.

leemac 19 hours ago 1 reply      
Looks beautiful. I love its simplicity as well. Can you give a quick breakdown of what was used to develop this? Looks like Qt was used.
elwell 18 hours ago 2 replies      
This is really pretty, but I don't use anything in this vein except for Spybot Search and Destroy. I wonder what other HNers are think about that: am I asking for trouble? I haven't had any problems in years. I'm a Windows user, and I run SS&D every month or so (I don't run the resident process).
ToastyMallows 19 hours ago 1 reply      
Site is getting hammered right now, but everything looks awesome. Are there any settings for VPNs? Does it work with VPNs?
blub 19 hours ago 1 reply      
This looks brilliant and is badly needed on Windows. However the fact that it's free gives me pause, especially since we're talking about privacy software that is not open source.

What usually happens with freeware like this is that it becomes adware or dies. I think you have enough features to charge for it now.

hammer_of_thor 5 hours ago 0 replies      
beautiful design!

other than that am gonna say what everyone ELSE is thinking, Security + Microsoft, give me(us) a break, last time i checked the word security does NOT exist in Windows

am surprised how THIS made it to the top of HN, probably has something to do with those users who were defending IE's developer tools ;)

g3orge 19 hours ago 0 replies      
something like this for linux?
sinofer 4 hours ago 0 replies      
The software and graphs look amazing. I started Windows after a long time just to try it out. I hope you will launch the linux equivalent soon.
sahaskatta 18 hours ago 1 reply      
I just installed this on a Surface Pro 3. First off great app, but just wanted to give you a heads up: The icons in the taskbar and notification area are blurry due to a HDPI screen. A good portion of the interface is cut off or broken likely due to scaling issues.
tokenizerrr 19 hours ago 0 replies      
Looks very nice, though as with any security software it would be lots better if it was open source.
ferongr 16 hours ago 1 reply      
Minor nit, not everyone has their notification area at the bottom right of the display (I use a vertical taskbar on the left). It'd be neat if the notifications showed up near the notification area.
gcb0 18 hours ago 1 reply      
well done. but useless for the intended purpose.

most malwares will rip thru this like butter.

i would only trust something like this running out of the box believed to be compromised. in the router for example.

patatino 4 hours ago 0 replies      
little bug: ireland flag is wrong, you used the flag of italy.
nkohari 19 hours ago 1 reply      
Looks like a nice implementation of a good solution to a real problem. Kudos.
BorisMelnik 18 hours ago 0 replies      
really love the color scheme and design on your website. sorry I don't have any more relevant feedback to add. I deal with colors, UX and UI all day long and this was refreshingly lovely.
fgvb 9 hours ago 1 reply      
"GlassWire is not compatible with this Operating System."

XP x64

kruxor 13 hours ago 0 replies      
This is such a nicely made app, Thank you!!
Siliticxx 18 hours ago 0 replies      
I gotta ask, why not open source? i feel slightly paranoid - too.
EGreg 19 hours ago 1 reply      
How do I know this isn't a trojan? :P
woohoo7676 18 hours ago 1 reply      
Downloaded it, love the idea and UI. My only niggle about the app now is that it could use better support for hidpi (the text is a bit jumbled). Other than that, great work!
fra 19 hours ago 1 reply      
Really nice looking page. I'd love to get an OSX version...
huhtenberg 17 hours ago 3 replies      
Any reason why WhoIs data on glasswire.com is concealed?
jnazario 13 hours ago 1 reply      
very great stuff, nicely packaged and presented. jealous it's only for windows.
RubyPinch 17 hours ago 1 reply      
considering you are also monitoring physical changes to the box (network interface changes for example), would it be within scope to monitor workstation locking/unlocking and hibernation? same question with removal/addition of plug-and-play devices (HDDs for example)
voltagex_ 14 hours ago 1 reply      
Any plans for a plugin API? I'd love to add my ISPs usage monitor to this.
wyck 11 hours ago 0 replies      
oh wow it's so shiny. Seriously people are downloading this and it's not open source, maybe they should blog about it on medium.
nehz 12 hours ago 0 replies      
Does it use a kernel driver? and how does handle rootkits ?
vini 18 hours ago 1 reply      
Beautiful, would be nice if it had an option to open the folder where the listed apps are located.
Xorlev 18 hours ago 0 replies      
Beautiful app. Almost (but not quite) regret jettisoning the Windows ecosystem.
Brosper 16 hours ago 0 replies      
What about AUTO-UPDATE ?
duiker101 19 hours ago 0 replies      
Ok, I need to know. how you made such a beautiful app?
GimbalLock 9 hours ago 0 replies      
This is so gorgeous.
guest123 11 hours ago 0 replies      
what is the charting library that is used for time-series data?.
Joyfield 16 hours ago 0 replies      
What graphing components do you use?
Zakuzaa 18 hours ago 1 reply      
What are you using for forum software?
nmb 8 hours ago 0 replies      
Thank you.
haukurk 14 hours ago 0 replies      
Thumbs up! Really.
Brosper 16 hours ago 0 replies      
Wow, this app is the most beautiful app for Windows ever made.
api 14 hours ago 0 replies      
All OSes should have this built in.
Todoed 18 hours ago 0 replies      
kolev 18 hours ago 0 replies      
Oh, wow! Amazing! Puts "Little Snitch" on Mac to shame!
ninjakeyboard 19 hours ago 0 replies      
This is cool - looks more appealing than little snitch - needs a mac version :P
The fundamental problem of programming language package management
58 points by route66  4 hours ago   20 comments top 5
chrisfarms 3 hours ago 2 replies      
Nix, NixOS, Nix ... a thousand times Nix.

I can't believe the article doesn't mention it.

I've been using NixOS as my OS for development, desktop and we're in the middle of transitioning to using it for production deployments too.

Nix (the package manager not the distribution) solves so many of the discussed problems. And NixOS (the linux distribution) ties it all together so cleanly.

I keep my own fork of the Nixpkgs repository (which includes everything required to build the entire OS and every package), this is like having your own personal linux distribution with the but with the simplest possible way of merging changes or contributing from upstream.

I use it like I'd use virtualenv.I use it like I'd use chef.I use it like I'd use apt.I use it like I'd use Docker.


danielweber 44 minutes ago 0 replies      
When I sit around and think "what's the biggest improvement I could make personally to the computing world?" there's always this voice in my head saying "kidnap whoever is building the next package management system and lock them in a deep dark box."

There seems this fundamental disconnect between people making languages about how people use their languages. I don't have time to follow your Twitter feed, because I'm working on a lot of different things. I know it's important to you, the Language Developer, and so you think it should be important to me, the Language User. But I have dozens of things to keep track of, and all of them imagine that they're the most important thing in my world.

It's like the old office culture mocked in "Office Space" where the guy has 7 different bosses, each imagining their own kingdom is the most important.

shadowmint 2 hours ago 2 replies      
yeah yeah, I read the previous post (http://www.standalone-sysadmin.com/blog/2014/03/just-what-we...) too.

Maybe this time we can talk about how to meaningfully solve these problems instead of just fighting pointlessly about if old tools are so great should be used for everything.

Decentralized package management huh?

How would that work?

A way of specifying an ABI for a packages instead of a version number? A way to bundle all your dependencies into a local package to depend on and push changes from that dependency tree automatically to builds off of it, but only manually update the dependency list?

I'm all for it. Someone go build one.

davidgerard 2 hours ago 1 reply      
Every program with plugins of any sort will eventually include a sketchy rewrite of apt-get. Not just languages - WordPress, MediaWiki ...

If you're very lucky, the packaging in question will not conflict horribly with apt or yum. So you probably won't be lucky.

calpaterson 2 hours ago 1 reply      
The downside he mentions to "pinned versions" actually applies to everything on this page. If you don't pay attention to security updates, you will be vulnerable whether or you forgot about your pinned versions or you forgot about your stable distribution.

"Stable" distributions have an additional downside he doesn't mention: when you upgrade every package all at once it's a LOT more effort than if you had upgraded them slowly over time. Dealing with multiple library changes at once is an order of magnitude more difficult than dealing with them one-at-a-time.

And also, to some extent, if all the libraries you are using have a long term stable API, then it doesn't actually matter which one you pick - anything is painless.

Self Employed CV
23 points by sudorank  54 minutes ago   13 comments top 8
Tloewald 40 minutes ago 3 replies      
Build your CV around projects not employers (I was taught this style of CV writing when I worked at Andersen Consulting (aka Accenture) and it's one of a handful of things from that time that stuck with me). Also try to state clearly and concisely what the project was and what your role was. AC also suggested anonymizing employers -- e.g. "medium sized construction company" which is a wise thing to do if the work is not public.
onion2k 19 minutes ago 1 reply      
Anecdotally, I've found it difficult to persuade potential employers that I won't just quit after six months and start another business. It's a legitimate concern on their part - if you're someone who likes the challenge and (potential) reward of running your own business then you're less likely to stay in a salaried job for as long as someone else. Employing someone should really be a long term commitment from both parties.

Secondly, it's quite hard if you failed. I learnt a huge amount about running a company, building software, even about who I am, when I've been doing startups, but ultimately the main thing I've demonstrated is that I can put a lot of time and energy in to projects that fail. I didn't have the insight to change what needed to change to ensure success or to walk away earlier to limit my losses. Those aren't great things to show people.

All in all, being self-employed does make it harder to get a job afterwards. If you recognise why though, you can defend yourself against those issues that employers will have.

ffn 4 minutes ago 0 replies      
You could always change your title from something like "CEO of XYZ Co.", "Founder at Acme Inc.", or "Chairman of Dog Corp" to something less ambitious like "lead developer", "marketing manager", or even just "web developer".

Sure, occasionally, you might get employers in the valley who (claim) they care a lot about your personal growth, but from my experience outside the tech world, plenty of employers would much rather just have a dull but trustworthy tool who gets the job done without fail to someone incredibly smart, unscrupulous, and motivated. To these people (which I will venture to say is the majority of small-business owners), your ambition is scary to them, so you're better off not coming off as being ambitious.

TL;DR: best way to market self-employment? Don't. Instead market it as regular employment where you had a lot of responsibilities.

cik 11 minutes ago 0 replies      
IMHO - which doesn't mean much, it's really a combination of industry and geography. And of course, I fully realize that what I'm writing below is based on generalizations that I've witnessed/experienced.

For example, here in Canada there's very little risk tolerance, regardless of what people tell you. You see it in the ways companies raise funds, are valued, and even the execution points. Being 'self-employed' can be a hindrance, especially in marketing. On the other side 'Founding X company - building the overall business to over $YY in revenue' is a positive spin on the same result.

On the other hand, discussing a project-based approach looks VERY good. At that point you're a consultant, rather than a contractor or freelancer. Here, that resonates better, in that people go 'ah, well paid expert'. This in turn means that you can pivot the discussion around to project successes, the values you've learned working on multiple projects, etc.

But most importantly, don't underestimate the value of the cover letter - which I used to believe no one reads. If you can explain your passion to join organization X (for some specific reason), then effectively you're priming your resume reader. That helps you positively change the conversation - a brilliant technique from behavioral economics.

Good luck!

barrystaes 5 minutes ago 0 replies      
For me, as a programmer, having a (1 employee = me) business / being self-employed alongside my study and some jobs has helped in building my CV.

On one hand it gave me a lot of first-hand experience with a lot of things, and second it shows that i'm not keen on sitting on my hands.

victorstanciu 36 minutes ago 1 reply      
There's nothing wrong with self employment in and of itself. I've been self employed for many years now, and this hasn't stopped me constantly receiving jobs offers. Of course, I've also been employed for many years before that, and that probably counts too.

I think self employment only looks bad when it's interspersed with very small periods of employment, from a couple of months to six months. Having long periods of unemployment, followed by short bursts of a couple of months here, three months there could maybe be interpreted as a sign that the candidate has a problem with keeping jobs, and that there are probably good reasons for that.

Having only ever been self employed could also be seen as a bad sign. Having never worked within a company, maybe the candidate has no teamwork skills, cannot work within a hierarchy, cannot keep a fixed schedule, etc.

I can't think of any other situations when self employment would look bad.

graeme 29 minutes ago 0 replies      
Which forums? Not everyone uses the term the same way. I stopped saying "self-employed" and started calling myself "entrepreneur".

When I said self employed, people either heard "unemployed" or "marginal freelance person, barely made ends meet". When I switched to entrepreneur, people heard "successful businessman". The change was uncanny.

Now, my activities didn't change. So the questions to ask are:

  1. How did the people complaining about self-employed mean the term?  2. Does that match what you do?  3. How should you brand it so that the person hiring you understands it correctly?
I never had a problem with other entrepreneurs or managers. We spoke the same language. I even got some unsolicited job offers when working for myself, which never happened before.

In general, I think it's seen as a positive thing, as long as you're talking about the kind of self-employment we mean here on Hacker News. Fairly lucrative, manage your own schedule, no shortage of clients, but more overhead and uncertainty than a job and a need to focus on non-technical stuff. The latter two points explaining why someone might want a job instead of self-employment.

kybernetyk 15 minutes ago 0 replies      
I don't want to have a conventional job ever. So I don't have to worry about my CV.
The Surveillance Engine: How the NSA Built Its Own Secret Google
281 points by aburan28  14 hours ago   51 comments top 16
pdkl95 9 hours ago 1 reply      
What I want to know is if this search tool is the backend for the "parallel construction" application forms[1] from earlier this year?

[1] https://www.techdirt.com/articles/20140203/11143926078/paral...

eyeareque 11 hours ago 2 replies      
People always assumed they did this but now we have proof.

I thought it was amazing that the government spent so much time discussing the call records being logged.. when they are doing so much worse. Maybe that's how they keep people focusing on what the government wants to talk about? (aka look over here, nevermind that thing over there...)

This find is way worse than call detail records..

MalcolmDiggs 11 hours ago 3 replies      
It's kind of remarkable that they kept the lid on this on long as they did. With so many local/loosely-related agencies involved, I'm surprised somebody didn't leak this much sooner.
curiousDog 10 hours ago 4 replies      
Wonder how and where they recruit their top-talent. Pretty much every top scorer in my school went to Facebook/Google/Msft/Amzn. The mediocre ones went to Northrop Grumman/Raytheon/Rockwell and the like.
us0r 12 hours ago 1 reply      
Somewhat OT but its amazing out of 3 "FTEs" 1 was for design ("GUI") and this is what they came up with. [1] pg 22


DigitalSea 6 hours ago 1 reply      
Imagine if hackers were to somehow to find out where this tool is being hosted and then brute force their way in? Presumably such a tool is heavily secured and off the grid, but if it is somehow accessible from the Internet and an attacker were to find out where, it's only a matter of time now that the cat is out of the bag. Could you imagine hackers having access to troves of metadata and information like that? It's a scary thought.

I'm surprised such a thing took so long to be revealed. If you've got as much data as the NSA has, wouldn't you want a Google like search engine to be able to search through it? It makes so much sense which is why I am surprised some people are surprised about this.

niels_olson 8 hours ago 1 reply      
Is it just me, or is it tragicomical that I can't access firstlook from a government network?
eli 10 hours ago 2 replies      
I guess it's always cool to learn about top secret stuff that spies do, but I don't get why the specifics of how their search engine works is significant. Am I just missing something?
BorisMelnik 5 hours ago 1 reply      
I am just not surprised about this at all. They have more information than I could ever imagine, wouldn't any rational person assume there is a search engine to index, sort, parse, and return results?

seems like a lot until you consider how many indexed pages Google has:http://i.imgur.com/EqIJAoL.jpg

why not throw in grains of sand or atoms in the universe?

Twirrim 7 hours ago 1 reply      
I think I'm more surprised that this was a surprise to people.

Of course they built a search engine. Wouldn't you? Don't you have similar at your workplace? We use them all the time. Think about web interfaces built on top of ElasticSearch, for example. Is that not a 'search engine'?

DanielBMarkham 46 minutes ago 2 replies      
This has been released and is use by almost two dozen federal agencies and now is the first time we're hearing about it?

When folks tell us crazy things, like the government is tracking every place you go and your opinions through your cell phone and social networks, we're supposed to say something like "That's extraordinary. With extraordinary claims, we require extraordinary proof" Then, if they persist, we're supposed to say something like "Such a program would require far too many people to keep a secret. We couldn't even keep the atom bomb a secret. The government is terrible at keeping secrets. Such a claim is just too far-fetched."

These are the traditional things taught to people who are supposed to be clear-headed and rational. It's the way we engage crackpots without taking them too seriously.

These responses seem to have failed us miserably in the current circumstances. As it turns out, yes, that's what they were doing, and yes, it was extraordinary and required lots of people to keep incredible secrets. But it still happened.

These things keep happening in the realm of automated surveillance, both by the government and corporations (and worse, when corps do it and the govt scoops it all up later) that would have been considered completely whacked just ten years ago. The stuff of paranoid fantasies.

Our tools of rational inquiry have failed us.

nowarninglabel 10 hours ago 0 replies      
I don't think it remained "under the radar" like some are commenting. There's mention of it in Snowden's disclosures and if you search around, lots of government recruiting related info, e.g., http://www.socnet.com/archive/index.php/t-108034.html
wyck 11 hours ago 0 replies      
Brought to you by meta data commodities and pattern recognition limited - don't be evil. just be data.
cryptolect 7 hours ago 0 replies      
To me, this explains why the five eyes nations are pushing for (meta)data retention legislation. It's a condition of participating in the scheme.
fit2rule 4 hours ago 0 replies      
I believe its really telling that, rather than take the tactic of fully promoting open society, the inclination is towards more and more secrecy. Like, dire, utter secrecy. Kill someone-style, secrecy.

Imagine the other end of the scale - where in fact every detail about everyones lives is wide open and available for everyone and anyone to access. Willingly. Freely. A new order of celebrity: total telepathy.

Do you think we'd be dealing with terrorism, then? Would there be the idealist, killing souls, for a little private time?

Dolimiter 1 hour ago 2 replies      
Is anyone else puzzled that stories about the NSA are accepted as gospel fact when posted on Hacker News?

The Reality Distortion Field appears, and people believe, because they want to believe.

It depresses me, the lack of intelligent discourse.

Most tech people I meet actually believe that the NSA records and stores all telephone calls. It's depressingly stupid, but I have given up arguing, logic and sense are not welcome when the NSA is the topic.

Unknown orange-red glow over Pacific Ocean
279 points by 3rd3  23 hours ago   84 comments top 29
davidw 5 hours ago 0 replies      
Guy has a lot of other nice pictures:

St. Elmo's fire: http://www.pbase.com/flying_dutchman/image/156304671

Northern lights from inside the cockpit: http://www.pbase.com/flying_dutchman/image/155775399

gazaleon 10 hours ago 1 reply      
From Wikipedia

  "Earthquake light is an unusual luminous aerial phenomenon  that reportedly appears in the sky at or near areas of  tectonic stress, seismic activity, or volcanic eruptions."

Considering there were reports of seismic activity in the area around the approximate time of the event, it's possible that ionized air promoted formation of sprites and/or ball lightning.

Blahah 44 minutes ago 1 reply      
Nobody seems to have considered a biological explanation.

What about a tide of bioluminescent bacteria or algae? Typically these emit blue light and are known, in the case of bacteria, as the 'milky seas effect'[0]. But algal tides sometimes bioluminesce red or orange. With a high local concentration of nitrogen or another limiting nutrient (which might upswell from the seabed due seismic activity below) you might get extremely high concentrations leading to the patterns shown in the photograph.

0: http://en.wikipedia.org/wiki/Milky_seas_effect

geoffsanders 10 hours ago 2 replies      
Considering lava cools and darkens almost immediately under water, I'd imagine it would have to be an incredibly epic underwater eruption (and thus, detectible) for that much light to make its way through that much water and project itself onto the clouds above that location. Also, the light should diffuse as it makes its way through water, air, and onto the clouds above, so the seemingly neat circles of light don't seem to match up with a sea floor-based light source either.
pittsburgh 9 hours ago 0 replies      
A possible explanation from a 2003 paper is Electron Holes ( http://en.wikipedia.org/wiki/Electron_hole )

"Rocks That Crackle and Sparkle and Glow: Strange Pre-Earthquake Phenomena"

http://www.scientificexploration.org/journal/jse_17_1_freund... [PDF]

michaelsbradley 9 hours ago 1 reply      
Earthquake Alarm: Impending earthquakes have been sending us warning signals--and people are starting to listen


"A light or glow in the sky sometimes heralds a big earthquake. On 17 January 1995, for example, there were 23 reported sightings in Kobe, Japan, of a white, blue, or orange light extending some 200 meters in the air and spreading 1 to 8 kilometers across the ground. Hours later a 6.9-magnitude earthquake killed more than 5500 people..."

brianstorms 7 hours ago 1 reply      
There was a quake right nearby where the pilot saw this phenomena. Relation?


I wish the pilot had indicated exact UTC time the phenom happened. Hard to pinpoint but nevertheless, his position and the quake's position are quite close, even if the two events were hours apart.

lotsofmangos 1 hour ago 2 replies      
Flying towards Alaska south of the Kamchatka peninsula...

I bet he saw this hypersonic vehicle being blown up and the lights from a massive observation fleet.


"An experimental hypersonic weapon developed to reach targets anywhere in the world within an hour has been destroyed by the US military four seconds after its launch for public safety.

The test in Alaska in the early hours of Monday morning was aborted after controllers detected a problem with the system, the Pentagon said, and the launcher is believed to have detonated before the missile was deployed."

Fragment 3 hours ago 0 replies      
Well, the comments are interesting...


richardwigley 5 hours ago 1 reply      
Mysterious lightning flashes that appear to precede earthquakes could be sparked by movements in the ground below, US scientists say.


"Our first suspicion was this has got to be a mistake. There must be something stupid we are doing," said Professor Troy Shinbrot, of Rutgers University, New Jersey.

"We took a tupperware container filled with flour, tipped it back and forth until cracks appeared, and it produced 200 volts of charge.


eric_bullington 10 hours ago 1 reply      
I'm hoping a resident atmospheric scientist and/or geologist will show up with answers. There's probably a very good explanation for the (electrical?) bolt of light that he saw at first and the green color of the night sky, and I'd bet almost anything that both have to do with submarine volcanic eruptions.
callmeed 7 hours ago 2 replies      
Browsing the various discussions on Reddit, the most plausible explanation is (IMO) fleets of squid fishing boats.


madaxe_again 4 hours ago 0 replies      
How about mid-oceanic methane flares lit by lightning? Would explain the initial flashes and the incandescent look of the lights.
kevinwang 10 hours ago 1 reply      
The comments below the post are mostly toxic.
narrator 4 hours ago 0 replies      
There was a mysterious giant crack in the earth in Mexico last Friday.


elijahparker 7 hours ago 0 replies      
The lights in the ocean are a mystery to me, but the green light in the sky would be airglow (1). I've seen it many times, even stronger than in the op's photos. I don't believe there's any connection between the sky and the ocean lights. 1: http://en.m.wikipedia.org/wiki/Airglow
dperfect 9 hours ago 6 replies      

I could be wrong, but I think it would be almost impossible to capture an 8-second exposure while flying and somehow manage to keep the stars from becoming light trails - at least not without some very serious camera stabilization equipment.

Since the photographer didn't seem to mention anything special used for taking the photos, I'm inclined to say they've been 'shopped.

astigsen 7 hours ago 1 reply      
When the earthquake hit California there was also people reporting seeing a blue light.

Some examples here: http://abcnews.go.com/US/northern-california-struck-60-magni...

moron4hire 41 minutes ago 0 replies      
At first, I thought this might have been an announcement for a spin-off of "Welcome to Night Vale."

If you're not familiar, it's a fiction podcast that presents itself as a community announcement hour on the town of Night Vale's public radio station. There was a particular story arc involving a sentient, glowing cloud that descended on town and demanded to be made a part of the city council.

It's free, and it's cute. If you like such things, check it out. http://commonplacebooks.com/

CucumberLime 5 hours ago 2 replies      
Wow, those stars are amazing at altitude and with no light pollution, I wish the passengers could see up too (and also without a nose-greased, scratched-up plastic in between).
windsurfer 10 hours ago 1 reply      
Here's an aerial picture of fishing boats near Thailand: http://i.imgur.com/kvOF9nL.jpg

The pattern seems similar.

kghose 9 hours ago 4 replies      
I don't understand how, with an 8s exposure from a moving vehicle, the photos have perfect stars. There should be streaking.
Intermernet 10 hours ago 2 replies      
This earthquake (MB4.6 Kuril Islands, Aug. 24, 2014, 9:45 p.m. UTC) matches closely to the time and location, but it doesn't really explain the claimed observations.


EGreg 8 hours ago 0 replies      
Underwater volcano is quite possible near a subduction zone. Were they flying over one?
spiritplumber 8 hours ago 0 replies      
Is this where we start building giant robots in preparation for the giant monsters that will appear?


No, because that would kick all sorts of ass.

McCoy_Pauley 6 hours ago 0 replies      
nnq 4 hours ago 0 replies      
R'lyeh is rising, of course. Heil Cthulhu!
nether 7 hours ago 1 reply      
These are hostile... Why must we meddle?
waynemr 9 hours ago 0 replies      
Viral marketing for Cloverfield 2 or Pacific Rim 2?
Helmhurts: Placing a WiFi router with the Helmholtz equation
90 points by signa11  9 hours ago   8 comments top 5
physPop 7 hours ago 0 replies      
Good fun here, and a neat exercise! However, a few comments for people looking to do the same:

- Ignoring the 3D nature of antenna placement, you need to model the concrete walls properly to get an answer that is semi reliable. All materials have frequency dependent reflection and transmission (attentuation) coefficients. Its pretty easy to extend a toy FDTD sim to include these.

- For the reasons above, inferring 2.4Ghz behaviour from ~1GHz (30cm) signal isn't really a good thing to do (even in a "hand waving" manner).

- When displaying E-fields, you usually want to plot the ||E||^2 averaged over one complete wave cycle -- the nodes shouldn't jump around. If they do, it means the simulation hasn't reached a steady state.


pawelkomarnicki 1 hour ago 0 replies      
Isn't it kind of obvious that the best coverage will be when the emitter is in the middle of the area to cover? ;-)
mgraczyk 6 hours ago 0 replies      
Did you solve that system by inverting the helmholtz matrix? Your steady state time independent solution looks like it's suffering from major numeric instability. If you didn't already, you should solve the system with linsolve() and see if your results stay the same.
Rabidgremlin 6 hours ago 2 replies      
Someone should build a web app that lets you upload a floor sketch to run these calcs on :-)
xwintermutex 6 hours ago 0 replies      
Now it would be a nice next step if he uses his wifi card's RSSI + Helmholtz reciprocity to verify the theory.
The poisoned NUL byte, 2014 edition
149 points by tshtf  10 hours ago   12 comments top 5
tptacek 9 hours ago 1 reply      
This is one of the all-time great exploit writeups.
deathanatos 5 hours ago 1 reply      
Can someone explain this a bit? While I can understand how these bugs arise, I'm not the best at exploiting them.

The summary states,

> disclosed a glibc NUL byte off-by-one overwrite into the heap.

> a full exploit (with comments) for a local Linux privilege escalation.

Normally, I wouldn't see how such a bug could lead to privilege escalation. (glibc runs in userspace, after all.) But it is glibc, and glibc is everywhere.

I think the key is in the source code, where they state,

  // It actually relies on a pkexec bug: a memory leak when multiple -u arguments are specified.
pkexec is setuid, so if it has a bug, then it's a great target for privilege escalation. Is the exploit the fact that they're passing bogus arguments to pkexec in such a way as to trigger this bug, corrupt the heap, and cause pkexec to either execute a binary of their choice or execute arbitrary code?

jfindley 4 hours ago 1 reply      
I was interested to learn that the kernel actually allows you to pass 15 million arguments via execve(), with each one allowed to be enormous.

It seems very much like asking for trouble - I can't offhand think of a good reason why this would be required.

I'm sure there are plenty of programs that have similar memory leaks with commandline args, as many authors might, not unreasonably, think that abuse would be prevented by the shell ARG_MAX, which is 2621440 bytes on many systems. Perhaps some sort of adjustable lower limit might be appropriate here.

muppetman 3 hours ago 0 replies      
That's very impressive. It's also why you should be running a pax/grsecurity enabled kernel.
JonnieCache 3 hours ago 0 replies      
geohot hunts bugs for google now. I did not know that. Nice to see a happy ending there.
Amazons Twitch Acquisition Is Official
441 points by lalwanivikas  19 hours ago   232 comments top 33
fidotron 13 hours ago 4 replies      
Amazon really aren't on the radar round here nearly as much as they should be. As some in this thread have pointed out their strategy is to spend absolutely all income on slightly out there R&D, which in the case of things like their web services wildly over return.

Just because they aren't based in the valley and make Apple look positively liberal when it comes to secrecy and working practices doesn't mean they should be ignored. Quite honestly I think they're the single most terrifying company in the US today, an idea Bezos would take as a compliment.

The big picture is they are gunning to become the universal middle men for when people actually spend money on the net. Google only have the ad side of things together, but never really cracked getting end users to open their wallets, yet Amazon are in the position of starting in front of users, and slowly moving themselves into being the background glue between everything else, facilitating transactions between everyone while taking their cut and enforcing their rules. Terrifying, and brilliant.

dang 14 hours ago 0 replies      
We changed the url from http://online.wsj.com/articles/amazon-to-buy-video-site-twit... because everyone hates the paywall.

In general, we want the best article out there on a given topic, where "not being behind a paywall" adds points toward "best".

staunch 18 hours ago 12 replies      
Twitch is not going to be another YouTube success story. There just aren't enough great uses for live streaming yet and video game streaming is very far from being mainstream. Twitch obviously can't believe it's very close to reaching NFL-like status either or it wouldn't sell for a mere billion and change.

Amazon or Google will piss off or drive away the Twitch user base. The users will all move to Hitbox.tv or any number of new sites that will pop up. It's easy to do live streaming, it's just expensive. This acquisition will bring funding and Yahoo will buy the next popular live streaming site.

christopherslee 19 hours ago 6 replies      
I thought it has previously been confirmed a few months ago that Google was acquiring Twitch. Did that fall through or was the confirmation later retracted?
imjk 16 hours ago 1 reply      
I think this makes sense for Amazon for two reasons:1) One of the barriers to entry of live-streaming sites is the expensive hosting costs. With AWS infrastructure, Amazon could potentially have another competitive advantage over other live-streaming sites. They may even provide a better service through higher resolution streaming as they wouldn't be as constrained with bandwidth costs.

2) As Amazon enters the online advertising space to compete with Google Adwords and Adsense, they'll want to own web properties with high impressions for their display ads. User based video creation is great for that but comes with risk for copyright violations. Twitch solves both these issues as it'll give display ads high impressions without much concern about copyright violations as these will mostly be legit user-originated content.

mmxiii 18 hours ago 6 replies      
Twitch is a great marketing platform for games/new games and this opens up the ability for Twitch/streamers to monetize through Amazon referrals.

For now, Amazon is selling physical copies, but seems reasonable to reuse their content delivery infrastructure for game downloads in the future.

antoncohen 16 hours ago 0 replies      
The acquisition has been confirmed by Twitch:


samelawrence 19 hours ago 3 replies      
Wow. Google buying them made a lot of sense for deeper integration of live-streaming services into YouTube and going after current-gen console owners... but Amazon?

What are you working on, Jeff?

bhouston 18 hours ago 2 replies      
Theory: Something some imagined synergies with gaming to the Amazon FireTV Console. But none of the micro-consoles have really succeeded with gaming.

Does anyone have statistics on whether FireTV is doing better with gaming that OUYA? Does anyone actually use the gaming features?

alexgaribay 18 hours ago 0 replies      
Regardless of who actually ends up buying Twitch, I'm happy to see that they are valued so highly. They are a great service and have helped make competitive gaming more mainstream due to exposure.
oelmekki 4 hours ago 0 replies      
Could that be acqui-hire dodging ?

As mentioned, twitch is a very central part of esport community. But in the same time, it might not have enough credibility on "mainstream" startup world. I wonder if google was interested in twitch service more than twitch team.

tehwebguy 16 hours ago 0 replies      
tdicola 18 hours ago 3 replies      
How much longer does Amazon have before investors start beating the drum to become profitable? Would love to see where Twitch fits into their bottom line--I guess it might help sell Fire TVs?
bdz 19 hours ago 2 replies      
As an avid gamer I'm happy about that. Rather Amazon than Google.
Someone1234 18 hours ago 4 replies      
In recent times Amazon has started making content exclusive to their own hardware (Amazon TV, Fire tablets/phones). Go check out the comparison chart here:


Note what Amazon Prime Streaming works on. Then go here:


Note that aside from Apple's devices, Amazon Prime video works only on Amazon's own mobile hardware.

Is this why they're buying Twitch? To make it another "Amazon Exclusive" for Fire devices? Frankly that would explain a lot. If they can lock the content down it will force people into their ecosystem if they want mobile access.

eroo 18 hours ago 0 replies      
Non-paywall article on the same: http://arstechnica.com/gaming/2014/08/amazon-not-google-repo...

None of the reporting outlets have any substantial details yet though.

LeicaLatte 3 hours ago 0 replies      
Glad Twitch has some clout now to fight big intimidating movie studios whenever needed.
ig1 16 hours ago 0 replies      
Actual confirmation from BVP who are investors in Twitch:


chx 14 hours ago 1 reply      
How is $970 million more than $1B?
funkyy 17 hours ago 0 replies      
Alternative link that does not require log in or sign up to WSJ:


mbesto 16 hours ago 1 reply      
The underlying story for me here is this:

Twitch has the potential to both compete in the same sentence as ESPN ($$$ bil) and provide a new model for content delivery in sports content consumption.

LeicaLatte 15 hours ago 0 replies      
Given their recent track record in making products in house (looking at you 3d phone lol) this is good for amazon. They can never build a streaming community this cool.
tzm 11 hours ago 0 replies      
I predict Twitch will become Amazon's Youtube.
goeric 18 hours ago 1 reply      
Here's a short URL to the full WSJ article: http://bit.ly/wsjtwitch
programminggeek 18 hours ago 1 reply      
So, this will change basically nothing about Twitch? I assume all of their infrastructure is already on Amazon, so probably more business as usual than having to move everything on to Google's infrastructure (which seems to usually derail product development for 3-6 months on most acquisitions).
mmuro 19 hours ago 4 replies      
Amazon.com Inc. has agreed to acquire Twitch, a live-streaming service for videogame players, for more than $1 billion, according to a person who has been briefed on the matter.

The deal could be announced as soon as Monday, the person said.

Google Inc. had earlier been in talks to acquire Twitch, but those talks cooled in recent weeks, according to people familiar with the matter.

Twitch, launched in June 2011, is the most popular Internet destination for watching and broadcasting videogame play. The startup raised $20 million from investors, including Thrive Capital and videogame-maker Take-Two Interactive Software Inc. in September.

News of the acquisition was earlier reported by tech website The Information.

namityadav 18 hours ago 4 replies      
Can we please have a rule against posting paywall links? I know we can find a cached version or search on Google or whatever, but it's still frustrating! We're not talking about work-arounds.

Imagine what our reaction will be if someone posts a link to their own blog which doesn't allow visitor to read the content without paying $1. Even if they have a work-around like you can inspect element and hide the paywall popup.

kudu 17 hours ago 0 replies      
In this case, linking to the WSJ article wasn't helpful or advisable, and isn't in the best interest of readers. First of all, it's paywalled, and requires a Google search as a workaround, and not every reader is aware of that.

The main issue with it is that it doesn't bode well with the requirement for original reporting. In this case, there are 4 sources of which I'm aware (The Information, WSJ, Bloomberg and Recode) who reported on this, and all of them were original reports. Even if The Information was first to press, they all conducted their reporting indepedently and the fact that four sources have the same information is very relevant. By linking to only one original report, you're depriving the average HN reader of knowledge of this journalistic consensus.

Even if the link had to be to an original report, it would make more sense to link to The Information, which is also paywalled, but was first to press. But really, I'd prefer the top HN link to be to a site like Ars Technica, which diligently compiled all the different reports.

genericacct 16 hours ago 0 replies      
Please let me know when it's official so i can short AMZN ..
rhspeer 13 hours ago 1 reply      
I just watched 4 guys get stuck in a dumpster and shout profanities at each other for 2 minutes. A questionable use of a billion dollars IMHO.

Maybe this means I'm old now?

paul7986 17 hours ago 1 reply      
I'm still bummed they closed my cable TV service, justin.tv.

I have since found other TV/movie streaming sites, but none are as mature or reliable as JTV was.

This Man Built a $3M Business a Year After Four Years inPrison
91 points by rbobby  8 hours ago   19 comments top 5
diasks2 4 hours ago 1 reply      
I think this shows one reason it can benefit young people to join a company in the industry they are targeting before jumping into startup life. One of the best/easiest ways to find pain points is to be knee deep in the industry. Obviously in this specific case I am not recommending going to prison, but hopefully you get the point.
song 5 hours ago 2 replies      
I don't really understand the logic behind preventing inmates from accessing internet. It seems to me that if the aim of prison is rehabilitate inmates and reduce crime then giving them access to internet would be beneficial.

I can understand why some inmates should not have access to internet to prevent them from directing their activities outside of prison but I'm sure that those are a small minority.

serge2k 5 hours ago 1 reply      
> When you take away that seven percent or so that did something violent

Is that accurate?

jonemo 5 hours ago 1 reply      
I clicked the baity headline so you don't have to:

The company provides services that make it easier to communicate with inmates, including "The easiest way to send printed photos to your inmate directly from your computer or mobile phone!"




ck2 2 hours ago 1 reply      
US is going to be reduced to a few industries in the next decade.

Law enforcement, prison system, healthcare.

Everything else will be imported.

Dylan: the harsh realities of the market
139 points by kryptiskt  14 hours ago   71 comments top 16
BruceM 11 hours ago 3 replies      
I'm the Bruce that he mentioned in the post.

For better or worse, I've been pushing Dylan forward heavily over the last few years and am effectively the primary maintainer.

Over the last couple of years, we've made a lot of progress. We've completely revived the documentation from 1990s era FrameMaker files and have it published via a pretty modern system. We've converted from SVN to Git and moved to GitHub. We've done 4 actual releases. We've improved our platform portability. We've provided some basic debugging integration with LLDB. We've fixed some long standing issues in the compiler and tool chain. We've improved the GC integration on all platforms.

But there's a lot to do. We need to fix our Unicode support. We need to improve the type system in at least minor ways if not major ways. We need to improve how parse failures are handled as the errors are not always friendly. We need more libraries. Some of this is really easy, some isn't. But for pretty much everything, there are bite-sized pieces of work that could be done in a couple of hours/week that would lead to significant gains.

I've wanted to just flat out use Dylan for something and have built some small prototypes with it and while they've worked out well enough, the actual projects themselves didn't go anywhere (unrelated to the use of Dylan).

I think this blog post was triggered by a comment that I'd made publicly yesterday that I'm feeling rather discouraged at this point. There was also a private email that I sent to 19 people who have been involved with Dylan recently, but the author of this post didn't get that email.

I view Dylan, not as a language from the past, but as a stepping ladder towards building a better language for the future. We don't have to get bogged down in a lot of the minutiae involved in creating a new language as a lot of the work has been done. We get to focus on things at a different level and those things are just as important. People bring up Goo often when Dylan comes up. Goo is interesting, but the implementation is nothing close to being industrial enough to survive an encounter with the real world.

I came to Dylan because I saw the mess that Scala and other languages were. I didn't like where they were going and following some people on Twitter like https://twitter.com/milessabin and others seems to show that I'm not alone.

And that's why I'll probably keep at it with Dylan. I want a better future and I'm going to keep trying to build it.

georgegeorges 11 hours ago 8 replies      
If you're going to rant, you might want to actually have a clear point to make.

> college kids on comp.lang.lisp asking for the answers for problem-set 3 on last night's homework

Surely not during the Naggum days. CLL was a hostile wasteland.

> That is the lesson of perl and python and all these other languages. They're not good for anything. They suck. And they suck in libraries and syntax and semantics and weirdness-factor and everything.

What? How have you not heard of CPAN? There is not a single language in the world that can touch Perl's libraries. I'm not sure why you feel the need to toss either Perl or Python under the bus to make some petty point about Dylan's lack of popularity. Python replaced Scheme at MIT. It's time to move on. I know I have.

You have to have your head pretty far up your own ass to not see how much Common Lisp sucks. It's a language designed by committee, and it looks like it.

I've used Erlang too. For everything Erlang does well, there are countless areas that make you want to bang your head against the desk.

Languages don't matter. Platforms matter. APIs matter. Playing nicely with the rest of the world fucking matters. Common Lisp wouldn't.

eudox 12 hours ago 2 replies      
The article hits rather close to home, as someone who, for better or worse, is committed to improving Common Lisp's ecosystem. I often feel this existential dread of "Is it worth it? Whose lives will it change? Will I spend years labouring in obscurity for nothing?". And while the answer to all those questions is probably not what I'd like to hear, I still do it.

This is why ecosystems are, for most people, more valuable than intrinsic language features: Tribalism along the lines of "We have X thousand people backing us up"/"X thousand devs can't go wrong". People don't care about monads or macros, they care about feeling like they're part of a large community.

rdtsc 8 hours ago 2 replies      
> These languages are defined, right there in the dictionary.

Erlang: see 'career wrecker.'

Please. Someone, wreck my career some more.

Unlike Dylan Erlang was created by a company for a purpose with very clear goals and it did and still excels at meeting those goals, and nothing out there gets close to the qualities it has. Not everyone needs those qualities, but sometimes nothing will do. Erlang is at the core of many solid industrial applications -- mobile to internet gateways, message queues, trading systems, large databases, handling millions of concurrent connection and billions of messages per day for WhatsApp.

What does Dylan do? This is the second time I heard about Dylan. I've played with Mercury, Prolog, Nimrod, Curry (Haskell + Logic programming) and other rather obscure languages but haven't heard about Dylan much.

Some languages just don't make it, sometimes it is just luck. However I don't like the disparaging and angry remarks thrown around at other languages and ecosystems. That does nothing to promote Dylan it only pushes people away.

nostrademons 12 hours ago 1 reply      
Dylan was my favorite language back in college. I remember following PG's essays to Lisp, and then Lisp to all the newer dialects like Dylan or Goo. Dylan had it all: a metaobject protocol, generic functions, optional static typing, infix macros. I even got started working on an Eclipse plugin for it, which I ended up shelving after like 3 weeks when I lost interest.

Unfortunately, there are large network effects to programming languages, and the stuff that really makes you productive - libraries and tooling - Dylan just lacked. It wasn't practical to write anything larger than an ICFP contest entry in it. So I went from Dylan to Python, which lacks many of the really cool language features and is a lot slower, but at least comes with so many batteries included that you can whip up a prototype for anything really quickly.

Fice 11 hours ago 1 reply      
You could think of it as putting a low-pass filter on some of the good ideas from the 60s and 70s, as computing spread out much, much faster than educating unsophisticated people can happen. In the last 25 years or so, we actually got something like a pop culture ... So I think the lack of a real computer science today, and the lack of real software engineering today, is partly due to this pop culture.

A Conversation with Alan Kay, ACM Queue, 2004, https://queue.acm.org/detail.cfm?id=1039523

loup-vaillant 12 hours ago 4 replies      
> Algebraic types? Dependent types? You'll never see them. They're too ... research-y. They stink of academe, which is: they stink of uselessness-to-industry.

One may think that because closures are finally entering the mainstream (after what, 5 decades?), we have hope for those things to come as well.

But then I saw Swift. Built-in support for an Option type, so one can avoid null pointer exceptions. At the same time, this languages manages to recognize the extreme usefulness of algebraic data types, without using them in their full generality. Like, why bother with a generic feature when we can settle for an ad-hoc one?

I'd give much to know what went so deeply wrong in our industry that we keep making such basic mistakes.

rayiner 12 hours ago 1 reply      
Dylan is also, unfortunately, an example of "worse is better" in action. The extant Dylan implementations were incredibly ambitious. CMU's d2c built on the experience with CMUCL. Harlequin Dylan (AKA OpenDylan) was "Dylan all the way down" with a sophisticated native code compiler and an IDE written in Dylan. Multithreading, generational GC, etc.

And what filled the dynamic language niche? Interpreted languages like Ruby and Python that have yet to achieve 1970's levels of implementation sophistication. But simplicity made them agile and portable and allowed resources to be spent on libraries.

davidw 6 hours ago 0 replies      
There are a lot of things that strike me as being wrong about this essay. Most importantly, to understand the success or failure, you have to think about it, and its economics, like any other product on the market. Granted, programming languages have different characteristics as products than lighthouses or tv shows or telephones, but they do share things with them that we can learn from. This is a somewhat dated attempt of my own to share a bit of that thinking:


A few other things:

* Like rdtsc says, Erlang does not fit the mold in a lot of ways. It had a large corporate sponsor from the get-go, which was good for it in some ways (money for developers), and perhaps bad in others: lots of production code early on means it's not possible to change stuff that is less than optimal.

* As per my article, new/small/unpopular languages need a niche, a beachhead if they are to gain traction. You can't create a new language and platform from scratch with an ecosystem as big as Java's (indeed, piggybacking on the JVM is a popular strategy because of this), so you'd better have one thing where you absolutely kick ass. Erlang has this in spades, for instance. Ruby had Rails. Tcl had Tk and a few other "killer apps". PHP was way easier to get started with than mod_perl, back in the day. I don't see this for Dylan, particularly, but then I don't know much about it, so maybe it's there somewhere, and BruceM will figure it out and the language will gain a following.

enduser 12 hours ago 0 replies      
I appreciate this article by someone who is serious about contributing useful solutions to the world--not just the social aspect of programming--and appreciates a language that empowers him to develop those useful solutions as readily as possible.

When I'm not programming I like to get some distance from my work and hang out with people who have diverse interests. When I'm serious about programming I use Common Lisp. When I'm serious about connecting with other people I use English. Many people seem to confound these pursuits and end up with languages that compromise weakly between talking to people and talking to computers.

For me, programming is about solving business problems ASAP in a manner that is amenable to a long series of minor improvements over many years. Having a stable language standard with language improvements happening as add-on libraries is a huge win. My old code keeps working, so I can stay focused on improvements instead of bailing water.

Also Lisp has the seemingly magical property of being one of the easiest languages to read, understand, and reason about by programmers who have the aptitude to learn it--and it scares the pants off of people who don't. With all of the "expert programmer" pretenders out there it's helpful as an employer to have something that separates the serious programmers from the pretenders.

pjmlp 4 hours ago 0 replies      
Very interesting read.

I have a soft spot for Dylan from magazine articles back in the Newton days.

Here we have a Lisp like language, with a more approachable syntax for the average Joe/Jane developers, AOT compilation and Apple kills it.

I think it is also important to bring out the paper from Erik Meijer about using Visual Basic to hook the typical enterprise developer into FP (via LINQ).


nickbauman 12 hours ago 1 reply      
If you want to gauge a language look at one thing and one thing only. Who are these people using it and what are they using it for? The answer to that question is more important than anything else on the list after that. Amen.
jbergens 5 hours ago 0 replies      
You must find the corporate developer who cares ;-)http://steve-yegge.blogspot.se/2010/12/haskell-researchers-a...

And then maybe try to get more like him/her.

yarrel 7 hours ago 0 replies      
I love Dylan. We should all be using it instead of C++ and Java. Particularly C++. Each time I type "friend" in C++ or have to use the STL, I miss Dylan.
AndrewKemendo 11 hours ago 3 replies      
Something I never quite understood about languages was why they are restricted to one or another domain. For example the author writes:

Algebraic types? Dependent types? You'll never see them. They're too ... research-y

Why can't those features be baked into C++ or Java?

cschep 11 hours ago 0 replies      
just say fuck! we're all thinking it!
Front End JavaScript Error Tracking
14 points by volldabei95zwei  2 hours ago   1 comment top
STRML 15 minutes ago 0 replies      
This is a cool project- I've been working on a version of this using Sentry, a PhantomJS web scraper and a simple XHR.

Admittedly, HTML2Canvas (or anything that creates <canvas> from the page so it can be screenshotted) is pretty cool and allows this great sort of annotation/selection capability where a user can choose to highlight what went wrong and provide some feedback. That's great. I found html2canvas to be really resource heavy when taking the snapshot, and there was no way to do it 'automatically'. Why does that matter? When debugging, I want history.

My ideal bug-reporting tool would not only give user specs, stack traces and a screenshot, but a history of screenshots going back to an arbitrary length so I can figure out exactly what the user was doing that triggered that error. Trial and error could lead one to the correct sequence of screenshots but I've found one per 10s / 6 max (so 60s of history) to be a pretty good way to do it.

So if you know you want history, how do you get it? You can't use html2canvas to just take snapshots the entire time the user is using the page (I've tried (work account on GitHub): https://github.com/niklasvh/html2canvas/pull/270). It's far too slow, memory heavy, and if done asynchronously can create really strange render bugs if the user scrolls or mutates the DOM. Some of these issues can be fixed but it will forever be slow and take a ton of CPU. So I came up with something else.

At the same time I was working on a web scraper + screenshotter using PhantomJS that talked to RabbitMQ. I thought: why render the screenshot at all on the client? I have all the same resources; I can recreate the environment from source, on my own time, asynchronously, without making the client do the work for me and slowing down their browser. So the implementation I came up with does the following:

1. Maintains a rolling 5-element array of HTML snapshots (usually via document.firstChild.outerHTML), tied to setInterval. That part is easily configurable to your preference. The snapshots even contain a virtual cursor element that I just track using mousemove events.2. On error, collects the usual data using Raven (the client-side library that reports to Sentry, the open-source error aggregator).3. Rather than hit Sentry directly, the browser POSTs to a local route. That route separates the HTML snapshots from the Raven/Sentry data, and creates UUIDs for each snapshot to create S3 filenames.4. The Sentry data is sent to Sentry along with the S3 filenames, and the HTML + filenames are put on a RabbitMQ queue.5. A separate process is listening to the queue, grabs HTML off the queue and renders the page using the CSS (no scripts) from the running webserver. The screenshot is then uploaded to S3.6. A Sentry plugin displays those images in the bug report, assuming the S3 urls are valid. They may take a while to resolve but they usually show up in < 2 minutes.

Since there are a lot of moving parts, I've always wanted to create a simple devops service out of this, but I haven't had the time, being busy with other projects. But if there is interest, I could open-source some of the components.

70 points by jweir  10 hours ago   15 comments top 6
millstone 8 hours ago 3 replies      
> In summary, a typed constant obeys all the rules of typed values in Go.

I think this is too optimistic. For example, you can divide by a 0 value but not by a 0 constant:

    1.0 / 0.0 // compile error

    zero := 0.0    1.0 / zero // infinity
Or try:

        foo := 0.0fmt.Printf("%f", -foo) // outputs -0.0        fmt.Printf("%f", -0.0) // outputs 0.0
So negating a zero value is different than negating a zero constant. Rather confusing.

eru 2 hours ago 1 reply      
It's strange that they only have numeric and string constants. What about, say, constant arrays?
kornakiewicz 4 hours ago 2 replies      
When I was playing around one of most irritating thing in Go was that I need to write a lot of type conversions, especially since there's eight "normal" integer types. In my opinion, for sake of simplicity it could be reduced.
pilif 3 hours ago 0 replies      
This brings back memories of times long since past as this is pretty much how Delphi deals with constants.
twotwotwo 8 hours ago 0 replies      
Kind of fun that, say, uint(0+0i) works, not that I'm going to use that tomorrow.
kristianp 8 hours ago 1 reply      
This is the permanent link for the constants article, currently the link points to the blog front page:


edit: it has been updated now.

News Feed FYI: Click-baiting
114 points by btimil  19 hours ago   36 comments top 11
mbesto 12 hours ago 1 reply      
Round and round the circle here we go...

This is what "growth hacking" really looks like today...

1. Manipulate a non-perfect signal-to-noise ratio ranking scheme with the most traffic (PageRank/EdgeRank)

2. Gain massive popularity

3. Sell your business to a greater fool

4. Ranking scheme changes rendering your model worthless

Demand Media, Zynga, Socialcam, etc. etc. ....and now BuzzFeed. The list goes on and on. The winners are the investors and the ones creating the ranking themselves, no one else.

cheepin 9 hours ago 4 replies      
"80% of the time people preferred headlines that helped them decide if they wanted to read the full article before they had to click through"

What in the world do the other 20% want?

otikik 4 hours ago 0 replies      
I make a point to never follow a link containing the strings "You will never believe", "You will be amazed", "We didn't expect what happened next" or similar lazy copy text. I'm considering developing an adblock-plus-like plugin to remove them from the pages I visit.
dredmorbius 5 hours ago 0 replies      
Facebook isn't a company I praise often, but this is both a very good change and one which I desperately hope will carry through both to how other sites (HN, reddit, G+, all of which, unlike FB, I actually do use) treat clickbait, and how publishers optimize their own content.

The race to the bottom among aggregators, which started quite some time back with HuffPo (nearly a decade old now) has become quite maddening. I've long since resorted to flagging such content as spam, where possible (curious that comments here suggest FB has an "I don't want to see this" option, G+ most certainly doesn't), and increasingly have resorted to unfollowing or blocking those who post such crud.

Much as xkcd suggested a format for getting bots to contribute usefully to online forums, it would be quite slick if search and social engines would reward actually good and quality content.

nemothekid 11 hours ago 0 replies      
Reminds me of a similar action YouTube took against the ReplyGirl (http://en.wikipedia.org/wiki/Reply_girl), by similarly factoring engagement in their ranking algorithm.
exogen 13 hours ago 3 replies      
Hmm, that's not how I imagined them doing it. It seems like Facebook could log the click on their site, and then use the Page Visibility API or even just scrolling events to detect your return all without a tracking bug on any other site.
tinloaf 12 hours ago 2 replies      
So now you can punish those annoying click-baits by clicking them and then returning to facebook as fast as possible? Nice. Also, this could be used to "punish" legit links someone does not like...
the_watcher 11 hours ago 0 replies      
I like this update. The legacy of BuzzFeed and Upworthy can live on with click-bait in headlines and titles, but now, they'll have to be backed by engaging content. The reason clickbait emerged is that those headlines were engaging and interesting to people. It would be fascinating to go back to the most egregious clickbait/low quality content examples and actually create the content the headline teased.
DanAndersen 10 hours ago 0 replies      
I'd love to see some Clickbait filters similar to Bayesian spam filters. My initial guess is that any headline with the word "this," second-person pronouns, and future tense (e.g. "you won't believe this blah blah blah") would rank highly.
skeletonjelly 9 hours ago 1 reply      
Aww. I guess this means I'll see less Clickhole in my feed.
cliveowen 3 hours ago 3 replies      
Anyone else wonders who are these people that answered their survey? I don't know about you, but Facebook never asked me anything, let alone to compile a survey. My guess is that these people are Facebook employees. What is wrong with that, you ask? It's simple, Facebook is used by 1B+ people, so the results from a survey answered by a few thousand doesn't tell you anything about the general consensus. Even worse, you're only seeing what a very specific niche wants: the American, mostly white, tech-minded portion of the userbase. It's good dogfooding your products to root out bugs, but it's downright reckless to use your own people to make assumptions over the needs of the real user base.
Notch programming a Doom-like in Dart
215 points by cranium  19 hours ago   134 comments top 17
zubspace 17 hours ago 8 replies      
I'm so impressed watching Notch program in realtime. "Last Minute Christmas Chopping" was an eye opener for me. (http://www.ludumdare.com/compo/ludum-dare-28/?action=preview...). I was totally baffled when he started to draw the ascii character map pixel by pixel in an 48h competition, but the result was usable and actually quite simple.

My takeaway is this: Doing something quick and dirty for a first draft and improve it later on often leads to better results in the long run than planing and over-engineering a solution beforehand, because you can start refining details much earlier or throw away bad approaches without investing too much time.

What I don't get is, why he seems to like Dart so much. Don't get me wrong: I love Dart as an language. The syntax looks very familiar to someone coming from c#, adds syntactic sugar and the editor, with line step debugger, is great. But in the end it's still javascript which makes it hard to create native and mobile builds. Wouldn't Haxe be more suitable?

eamsen 18 hours ago 4 replies      
Watching Notch hacking on the Ludum Dare competition is such a comforting experience - to me he is the Bob Ross of game development. He also seems to end up developing the same thing over and over again with different shades of green on the leaves.

Even though you may don't like his style, you have to admire his pragmatism, productivity and humbleness.

antoncohen 16 hours ago 0 replies      
Notch uploaded the code to GitHub:


yason 18 hours ago 4 replies      
I'm amazed how much of editing he actually does by hand (like growing/shrinking indentation) and mouse. That sort of switching between actual coding and lexical editing would kill my flow.
odonnellryan 16 hours ago 1 reply      
I found these hilarious: https://github.com/xNotch/dark/issues
chops 14 hours ago 1 reply      
Notch's Ludum Dare video for Metagun (https://www.youtube.com/watch?v=ZV-AFnCkRLY) was inspiration for a series of scripts I now use for clients and my own entertainment purposes (for some loose definition of "entertainment").

It's a series of shell scripts I use that screencap videos of coding and set them to music (so, for example, rendering a 48-hour coding competition to a 5-minute song, or as I more typically do for clients, render the development process down to a few minutes for them to watch in fast-time how their development was done).

It's called watchmecode (https://github.com/choptastic/watchmecode) and I just have to do

  ./make-av-video.sh /path/to/video.mpg /path/to/song.mp3
And it does the rest, and outputs it to "done.mp4"

The result is something that looks like this: https://www.youtube.com/watch?v=Hwn7mfmo0SQ

(disclaimer, I've plugged this before on HN: https://news.ycombinator.com/item?id=5685859)

chucknelson 19 hours ago 1 reply      
So how does his process work? Does he start with the original C engine source and start porting to Dart? Does he do some of the work beforehand?
swirlycheetah 15 hours ago 6 replies      
Each time there's a Ludum Dare or someone prolific livestreams themselves coding (usually Notch) I get all excited and want to do the same but I can never find a website or platform which really caters to coders. Am I alone in this? Is there somewhere? Is there actually any demand for this?

Either way, I've created a quick landing page to see if anyone would actually be interested in a live streaming site specifically for coding - http://devv.tv

It's nothing pretty but some validation or feedback before I jump head first into this would be amazing.

tosh 18 hours ago 6 replies      
For me personally it is interesting to see that Notch seems to prefer Dart Editor (Built on the Eclipse platform) over something like Intellij IDEA or Webstorm (https://www.dartlang.org/tools/webstorm/).
leishulang 17 hours ago 2 replies      
Maybe it's time for me to quit the VIM/Emacs addiction.
ColinDabritz 16 hours ago 0 replies      
I think it's great to see some live programming, with all the goofs and dead ends. While I appreciate the prepared demos that are common at conferences and elsewhere, they are more of a quick way to provide an intro to something new, and I feel they can give beginners the wrong idea about how real programming works. Seeing the whole development process, warts and all, live like this is amazingly educational. Props for doing this Notch!
swah 17 hours ago 5 replies      
Btw, this is 2014 and I feel like we would already be able to play a simple game like Doom in the browser, just like the real thing. But no..


...multiplayer with several people, of course.

maikklein 17 hours ago 0 replies      
I can't change the streaming quality? Is this a bug?
elwell 16 hours ago 0 replies      
It has now ended.
presty 18 hours ago 3 replies      
Hey Notch, why Dart?
hayksaakian 19 hours ago 4 replies      
It sucks that hitbox doesn't work on mobile.
randunel 16 hours ago 0 replies      
Clicked, watched someone's screen reading the same messages I was reading with "Bubble butt" in the background for 1 minute, then closed and commented this...
PACER Deleting Old Cases; Time to Fix PACER
81 points by thinkcomp  12 hours ago   19 comments top 6
engined 12 hours ago 1 reply      
PACER is definitely interesting, a bit antiquated, and to date, the data has mostly resided in the hands of the big information companies (Lexis, Westlaw, etc.).

I've been building a system/website to access, search and develop intelligent analytics from PACER court information. We're tracking cases, attorneys, parties, judges, as well as the actual case dockets. The data is a treasure trove of information, and if anyone's interested, I'd be very happy to chat more about it.

The site (a signup for now as I'm working out the kinks in the system) is www.docketleads.com. Email me there or ping me here for more info.

r00fus 12 hours ago 3 replies      
I wonder if Recap [1] would help in addressing the censorship/deletion issue. Ultimately, the way we fund these programs is the root the problem (and the privatization of what is supposed to be public data).

[1] https://www.recapthelaw.org

thrownaway2424 12 hours ago 1 reply      
It would cost Google negligible money to host this data and the only people who would be upset would be the rent-seeking jerks responsible for the current PACER debacle.

And EDGAR after that.

oneweirdtrick 1 hour ago 0 replies      
The day that PACER gets fixed is the day judges stop using WordPerfect.
amha 11 hours ago 1 reply      
Un-fucking-believable. PACER has always been awful (I've used it since about 2005), but this is a new low---this is ACTIVE awfulness.

I assume, based on the weird specificity of what they're removing, that the PACER office is doing this at the request of the individual courts. Which just sort of underscores how awful this is---that courts get to decide how public their own opinions are.

MWil 12 hours ago 0 replies      
I'll say it again: Bonkers!
California Governor Signs Law Requiring a Kill Switch on Smartphones
67 points by sgustard  12 hours ago   45 comments top 10
lukifer 11 hours ago 5 replies      
> In May, Minnesota became the first state to require a kill switch on all smartphones sold there. But the California bill is unusual in that it requires manufacturers... to ship smartphones with the anti-theft technology turned on by default.

I wasn't aware that an opt-in version of this was already on the books. I'm curious to see exactly how much the user is in control of this "technology" in practice. If the user can (a) disable the feature, and (b) is the only person who can initiate a remote shutdown, then it's probably to the consumer's advantage. But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.

Cars are also stolen every day, and society manages to get by, through insurance and opt-in theft deterrence tools (both manufacturers and consumers already have plenty of incentive to deter theft). I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope. Regardless of intent, this power will be abused.

parley 11 hours ago 4 replies      
Could someone with relevant industry insight comment as to why we're not just using IMEI blacklists?

From Wikipedia: "For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to "blacklist" the phone using its IMEI number."

Is it because it's actually mutable/not properly authenticated? Or because global blacklist synchronization isn't good enough and not all operators respect them?

f3llowtraveler 3 hours ago 1 reply      
How about a hardware switch that physically cuts the electricity to the microphone, the camera, the transmitter, and even the battery itself?

With my own phone, I'd love to be able to switch that off/on. Why is that option not available to me?

spacefight 6 hours ago 0 replies      
Remember, the revolution will not be televised. And now also not on <your favourite app>. And not on your news channel. No smartphone, no coverage, no action.

This feature will be abused.

sgustard 12 hours ago 1 reply      
Can someone explain how a kill switch works, and prevents a thief from reinstalling the OS?
tobico 9 hours ago 1 reply      
Seems like a pretty good idea. It's kinda weird that no such technology exists for cars actually.
unethical_ban 8 hours ago 1 reply      
Cell phone theft cannot be such a large problem that this is a politically beneficial thing to do, much less a legitimate use of power.
gremy 11 hours ago 1 reply      
I think that at the moment the kill switch is more for protecting the data on the phone, rather than protecting the phone from being reused. For the common thief, this will be an inconvenience in probably reselling the phone, but there will always be hackers out there who will be able to reinstall the OS.Also as far as I know Carries can blacklist Phones based on IMEI. So the kill switch could also trigger the Carrier blacklisting. I think that iPhones already have something built in for this.
Theodores 11 hours ago 1 reply      
At some stage smartphones will become as cheap and ubiquitous as Nokia feature phones were before the iphone took hold. Sure they will have some secondhand/stolen goods value - $10 - but buyers might be hard to find as, by then, it might cost $30 to buy a new one. When this point happens (and it will), it will be hard to sell $$$ mega-bucks phones as new or into the second hand/stolen market.

People used to burgle houses for VCR's once, and for DVD players. Nowadays a DVD player is a giveaway item, nobody gets them stolen anymore.

bcheung 10 hours ago 2 replies      
This seems like a great feature but doesn't California have bigger issues to worry about? Why not let the market decide?
Why Do Nigerian Scammers Say They Are from Nigeria? (2012)
132 points by luu  16 hours ago   70 comments top 19
S4M 13 hours ago 3 replies      
One thing I have been wanting to do for a long time about Nigerian like scams, but never got around doing it, was the following: 1. create some bait email accounts from gmail, yahoo, and so on, and expose them somewhere on internet so they get harvested by scammers. 2. write a dumb program that is able to do some primitive parsing of the emails from the scammers, and reply to them. For example, let's say the email from the scammer is:

    Dear friend,        I am the widow of the former Prime Minister of Nigeria and I need your help to get out of Nigeria where my life is threatened, along with the  $50M currently in my bank account. If you help me I am willing to give you 30% of that money, please reply me to see how we can proceed.    Regards,    Mrs Mary Noscam
The program would have just to reply something like:

    Dear Mary,    I am very interested to help you, how can I help you to get out of Nigeria?    Regards,    Mr John Victim.
The point would be to make the scammer spend 10 minutes to read the reply and answer to it. After couple of emails, he will probably realize that he has been wasting his time with a bot, and just move on, but with lots of emails responding, he will have much less time to deal with actual victims, making his time worthless. I think writing a bot that is able to reply to the scammer is quite doable, since:

    1. There are example of bots having actual conversation, such as SHRDLU (http://en.wikipedia.org/wiki/SHRDLU) that was recently submitted here.    2. The answer doesn't have to be very elaborate.
Now I think I got blocked by the fact of having to make the bot be able to receive and send emails... maybe I will start that project some day...

hughw 13 hours ago 1 reply      
As a point of interest: Nigerian scam letters predate the internet. In the eighties and nineties, colleagues in the oil and gas industry, and I, received frequent postal letters, postmarked Nigeria. One memorable one I received from a high official in the Nigerian National Petroleum Company, requested I keep his proposal a secret so "that my image may not be dented." We assumed they combed the Oil and Gas Directory, or the Geophysical Directory, to obtain our names. Perhaps these original, truly Nigerian scams, were less sophisticated than the later Internet imitators, since targeting technical professionals isn't targeting the dumbest of the dumb. Or, the rich veins they mined were not yet depleted.
sehrope 15 hours ago 3 replies      
Including typos in the spam messages falls in this same category. If seeing typos in an "official communication" triggers your alarm bells then you probably would not fall for whatever scamola it's a part of. It'd be in their interests to get you to drop off early.
cgio 12 hours ago 1 reply      
I am writing an article about the "art" of business writing, where I use this analysis to refute the usual consulting wisdom of making everything simple to grasp, even if that means taking things out of context. My argument is that sophisticated meaningful writing on difficult concepts acts as filter to identify the readers (and potential business relationships) that will be more willing to pursue visionary projects and supportive of different approaches. In this domain, you do not need or want to address the whole market, just the businesses that want to lead. Individuals who take the time to read and understand or comment, emit signals of active and insightful engagement.
justboxing 15 hours ago 1 reply      
Interesting Study. There is also a related question addressed on Quora (circa 2010), on why these scams almost always originate from Nigeria and not else where. The geo-political reasons are quite interesting too http://www.quora.com/Why-do-so-many-wire-fraud-scams-origina...
robert_tweed 14 hours ago 1 reply      
Reminds of of this later and somewhat funnier article about the "one weird trick" ads:


They reached the same conclusion and in that case, I can believe it's correct because those ads cost money, so must bring in more revenue, or they'd have stopped a long time ago.

In the case of 419 scams, a large proportion of the scammers may not be that sophisticated. It's entirely possible they really are just as dumb and incapable of spelling as a naive layperson would assume. The fact that "scam baiting" is a thing provides some evidence of that, although it's likely that many of those reports are fake as well.

MasterScrat 15 hours ago 2 replies      
That abstract was the most convoluted way possible of saying: "because they want dumb people".
bosky101 10 hours ago 0 replies      
To get a sense of how big a problem this is - americans reportedly had to recover 2 Billion USD* as a result of nigerian scams in 2013 alone, followed by China at $1750M, UK at $1210M and India at $870M.

What % of that was recovered is unknown.

Any team recovering even a small percentage of this makes it a fine acquisition target for the biggest banks in the world for a solution that works.

time saved in prevention of fraud; is time saved for banks not handling fraud, angry customers or hiring lawyers or training staff.

Expect one team applying to YC, trying to tackle this problem.

[*] See page 33 of http://www.ultrascan-agi.com/public_html/html/pdf_files/Pre-...

mlakkadshaw 2 hours ago 0 replies      
This is also mentioned in the book "Think like a Freak" by by Steven D. Evitt and Stephen J. Dubner
vardhanw 13 hours ago 0 replies      
How 2 of them were caught recently by a Mumbai citizen - http://timesofindia.indiatimes.com/city/mumbai/Mumbaikar-bea....

Given that non-productive responses (false positives) are harmful to the scammers, one can think of spamming them with false positive responses as well, right?

oelmekki 3 hours ago 0 replies      
That's why I always answer them as soon as I have some time. Lot of fun.

And now I realize, it's been a few months since I didn't get one of those mails.

chrischen 2 hours ago 0 replies      
Now that's what they call product market fit.
sopooneo 12 hours ago 0 replies      
Could it then be the case that many of the them aren't really Nigerian? Has an anti-brand been created that others use to their advantage?
dr_faustus 4 hours ago 0 replies      
Say what you want about Microsoft but Microsoft Research is a pretty cool outfit.
notahacker 14 hours ago 1 reply      
I can't help wondering what percentage of the victims of the vanilla "Nigerian scam" over the internet are in developing countries nowadays where lawyers and bankers generally do use free webmail accounts for their correspondence, sending and receiving money via Western Union is quite normal, and requests for funds to bribe an official barely raise an eyebrow.
brudgers 13 hours ago 0 replies      
The previous discussion on HN [two years ago] for anyone interested:


zzz1m 14 hours ago 1 reply      
Is anyone else bothered by Figure 8, where the researcher assumes that seraches of "Nigeria" would auto-produce "Nigeria Scam"....which is not always the case, due to google personalizing seraches, (eg. if you search nigeria scams for information, you will likely autoproduce that as an auto-complete) "Figure 8: Google search offering NigerianScam as an auto-complete suggestions for thestring Nigeria." As per caption

Ultimatly the figure isn't a big deal.....idk, maybe i'm wrong..

salvadormrf 14 hours ago 0 replies      
To filter dumb people (their targets) from normal people.
anoother 14 hours ago 1 reply      
Can we have a [2012] on the title, please?
Breaking the 4-channel Barrier: The PC Tracker War and More
31 points by deverton  9 hours ago   8 comments top 2
paulnasca 5 hours ago 1 reply      
I wonder if the source code of FastTracker 2 will be available.

Of course, I am aware of the open-source trackers (like MilkyTracker, etc), but I believe that the FT2 played a huge part of the demoscene and it should be preserved (the original source code).

inoop 5 hours ago 2 replies      
ModEdit, Trackblaster, that brings me back. Raise your hand if that was you in your dad's garage soldering together a DAC to go on your parallel port ;)
MakeDrive: Filesystem for the web
60 points by khc  18 hours ago   6 comments top 6
gbog 2 hours ago 0 replies      
Great, I appreciate getting back control on my files, and it seems this could help. For instance a web-app could have some configuration and save it in a text file instead of in some cookie or session data. Then I could backup this config, sync it with other accounts, etc. For any serious web-based editing, I certainly would need such a tool.

By the way, recently I started to use BTsync to get back control (I would prefer an open-source implementation, but hey) and it feel so much better. Sample workflow: take picture with DSLR, import them on desktop at work, near-instantly get them synched to my phone, check and remove bad shots on my phone, also rotate and adjust them, have the edited and filtered pics ready on my laptop back at home, have all the thing on a linode where I have some scripts doing renaming and analysing. And, guess what, all of this in China, where dropbox and google drive are often unreachable.

The most important in this workflow, which I also use for music, is that when I remove a picture or a track, I want it removed from all the devices, and never come back before my face. It is suprisingly difficult... (In both senses: it is artistically difficult and necessary to decide to delete for good a file, and it seems technically impossible with services like Google photo, Dropbox's camera upload, etc.)

callesgg 7 hours ago 0 replies      
Nice work, looks great:)

On thing i noted as beeing polisheble was how the conflicting was done and renames of files.

When a file was renamed the other browsers acted as if the file had been deleted then recreated.

radiospiel 3 hours ago 0 replies      
I can see the use case, but I can't yet figure out how MakeDrive is different from a syncing solution (say, OwnCloud, SparkleShare, SeaCloud etc.) combined with a node.js service which allows to access local files.

What do I miss?

epayne 7 hours ago 0 replies      
This is a very exciting project! Well done! This and the "Remote Storage" movement [1] seem to be making movements towards a web with data in the hands of the users. This is important if smaller SaaS companies want to sell into the big enterprise that have strict policies about data storage remaining on the internal network.

[1] http://remotestorage.io/

jbardnz 11 hours ago 0 replies      
This looks really cool. I love the demo application integrating with Brackets. I could imagine me setting this up and running it on my Chromebook instead of Google Drive.
frequent 5 hours ago 0 replies      
Here is another (work-in-progress) project with similar approach:


Same idea, JavaScript only, multiple storages, simple API, with basic query-syntax.

Disclaimer: I contributed some parts to the project.

Applications for YC W15 are open
184 points by lalwanivikas  20 hours ago   83 comments top 21
soneca 14 hours ago 1 reply      
Paul Graham used to say it is good to apply early, as the partners would review your application with less hurry.

But I never got a good answer to a doubt: I submitted my application just now, just because. But I am in a particular good period for user grownth (first customer two weeks ago, and now things are happening). I will have considerably more traction in October (including a reliable growth rate, as it would be at least passed 2 months).

The question: if I update my application on October 14 with the updated traction numbers, will it make a difference?Will someone actually see it or my application will already be judged and decided and that's it?

mck- 19 hours ago 1 reply      
> Yes decisions will include the amount well invest and the percent of the company wed want for it.

Since last batch, wasn't there a "New Deal" that fixed the amount to $120k for 7%? [1]

[1] https://news.ycombinator.com/item?id=7629630

RRiccio 13 hours ago 1 reply      
If you're asking yourself whether to apply or not, do it. Going through YC changed my life.

I'm happy to review applications, especially from international founders. Roberto at Glio dot com.

iandanforth 11 hours ago 1 reply      
No Co-founder? Let's get organized! Post your idea (or interest but lack of idea) and see if someone bites!


It's like founder-dating with a deadline.

MateuszMucha 2 hours ago 2 replies      
I have a question about the "founder" status. I've been working on my project for quite some time and it's taking off. It's very likely I'm going to be able to afford inviting a friend on a part-salary/part-equity basis in the next few weeks. I'm still going to have a vast majority of shares. Will it be OK to count him as a co-founder?
flipside 17 hours ago 2 replies      
Cool that the application explicitly asks for progress updates for those of us that have applied before (8th try is the charm?). Before I was never sure how much my previous applications impacted things so it's nice to be able to make my own case for things.

Really glad for the application overhaul, looking good.

CSDude 19 hours ago 4 replies      
> Are any of the following true? You are the only founder.

If I'm the only founder, is it considered negative?

TheMakeA 20 hours ago 1 reply      
Love the new application page. It seems a little weird that the "Are any of the following true?" question wasn't changed to just be checkmarks though. Also seems like "Half or more of your group cant move to the Bay Area." and "One or more founders will keep their current jobs." could be inferred from the new founder bios.

One final nitpick would be to move the timeline at the bottom of https://apply.ycombinator.com to the top.

Otherwise, really cool.

scobar 17 hours ago 2 replies      
I thought I had read on the S14 application that teams could submit an application, update it, and resubmit it before the deadline. I can't find anything that states the same with the new format. Is this still true?

My cofounder and I would like to ask for some critique on our answers including the personal questions. However it seems that the statement, "We will send an email to each founder to fill out additional information about themselves." implies that the application must be submitted before we see the personal questions. I just want to confirm if the first submission should be the final draft before we proceed.

Hopefully the questions about hacking a non-computer system and most impressive thing we've built/achieved are included in the personal questions. Those were some of the most fun to answer.

orangewarp 16 hours ago 2 replies      
Anyone else having trouble submitting the application? I'm not sure if this is some kind of weird test but I doubt it. I can save, just not submit and it does the same thing in other browsers. Acts as if the submit/click handler isn't working.
rjanoch 18 hours ago 1 reply      
New app asks for founder's gender. Should have much better data with this class on the number of female founders and percentage of total. Also should have better data on number of technical female founders.
eatitraw 12 hours ago 1 reply      
Interestingly, there is no real-world hack question("Please tell us about the time you (...) most successfully hacked some (non-computer) system to your advantage"). Why is so?

The "How to Apply to Y Combinator" essay hasn't been updated to reflect this change.

aswath87 16 hours ago 1 reply      
It'll be great to have a list of YC alumni who'd be willing to review applications. Would improve quality of applications overall.
Sir_Cmpwn 18 hours ago 1 reply      
Can you guys clarify the process for non-profits? Not just the application, but the entire YC experience. What's different?
corry 17 hours ago 1 reply      
Nice application process! It's funny what a little bit of styling does.

Is this a small side web app you guys rolled yourself or are you using a decision-making product (like Submittable, etc) for the back-end?

maresca 17 hours ago 1 reply      
What if you're a solo founder that has a cofounder lined up but are waiting for the right catalyst to bring them aboard? What if you're solo but have been contracting out the areas where you need help?
zura 16 hours ago 1 reply      
Interesting, do we have any alternative of YC in [eastern] Europe?
tschellenbach 19 hours ago 1 reply      
The startup event in London was great, getstream.io will definitely be applying.
johnreagan 16 hours ago 0 replies      
I'd love to see how the application review process works.
sjtgraham 19 hours ago 3 replies      
Found a page I shouldn't be able to see. I emailed sama, but there is probably someone more appropriate. Any ideas?
akshxy 19 hours ago 0 replies      
Lets do it
The Loss of Skill in the Industrial Revolution
60 points by stang  19 hours ago   11 comments top 6
sfk 1 hour ago 1 reply      
"If we were talking about innovations that got more output from less energy, then holding output constant while lowering energy consumption would be what everyone hoped to see. Why should human capital be different?"

Wow. I'm not a Marxist, but perhaps this person may want to start by reading Marx' view about de-humanization in industrial production.

dmix 10 hours ago 0 replies      
Ayn Rand would love the questions near the end.

Although most markets have historically had a high concentration of output from the top percentile, so its not exactly a far fetched proposition to say that 5% of the workforce led development during the IR.

VLM 9 minutes ago 0 replies      
Could also be phrased "the rise of under-employment" rather than loss of skill. Hundreds of years ago my direct ancestors were making coo coo clocks in the black forest, and on paper that carpentry skillset is completely lost after a couple generations of job titles, although I am actually a modestly skilled wood butcher, I am beyond your average handyman or roofer or maybe even average rougher, but I am good enough to know I'm at least one step, maybe two, beneath the true masters of the craft. I might be a higher skilled carpenter than some of my less competent ancestors, despite it merely being a hobby.

As a close to the heart analogy, everyone here knows that if you graduated with a BSCS and didn't do the IT/accounting or the graphics arts/web design track then the student probably did the stereotypical academic track with all manner of highly skilled senior year classes like automata theory, compiler design, maybe some control theory (although thats more EE). I did well in those classes and like many (most?) people I'm highly underemployed. I would guess that well over half, maybe 90 percent, of my fellow students in automata class and compiler class are just doing CRUD web apps or mobile apps, which hardly require those skill levels / skill sets.

I'd be slightly interested in sociological commentary on societies where underemployment increases. Does it always increase infinitely, or crash after awhile, or just not matter much?

A better proxy for carpentry skill level of a society might be the total sales of tools and supplies. I think the total economic size of the "at least somewhat skilled woodworker" is larger today than in the olden days.

Another interesting aspect is expansion of titles. Everyone in a skilled craft no matter if its programming or carpentry knows some are more equal that others, in carpentry no matter if you all have the same job title, or hobby name, some guys can barely be trusted with material handling and rough carcasses while other guys can be trusted to trim the finest kitchen cabinets, despite all having the same title. And obvious IT/CS analogies.

calibraxis 8 hours ago 1 reply      
One problem with deskilling is loss of bargaining power. Because you become a cog in the machine, easily replaced. Good if you own/rent people, sucks if you're the "human capital".

(Companies often reject profit-improving innovations which empower skilled workers. On the flipside, unions to the extent they exist also have the incentive to reject improvements which damage bargaining power. That's one problem with capitalism's built in boss/worker antagonism.)

Another is mind-numbing work. Adam Smith rants about how division of labor makes people "stupid and ignorant as it is possible for a human creature to become... But in every improved and civilised society this is the state into which the labouring poor, that is, the great body of the people, must necessarily fall, unless government takes some pains to prevent it." (http://www.econlib.org/library/Smith/smWN20.html#V.1.178)

Another (since the last century) is the rise of managerialism, with its bureaucracies. David Noble points out that tech can deskill workers and strengthen management, or empower workers and peel away management layers.

fiatmoney 10 hours ago 0 replies      
This is particularly interesting in combination with Gregory Clark's ("The Son Also Rises: Surnames and the History of Social Mobility") research into social mobility and relative fecundity by social strata.
InclinedPlane 8 hours ago 0 replies      
I think the modern wave of industrialization (post invention of the micro-computer) is starting to reverse the trend, especially as leisure time is potentially increasing.
What's all this fuss about Erlang? (2007)
23 points by dlcmh  7 hours ago   20 comments top 5
renox 2 hours ago 1 reply      
> Heres the good news for Erlang programmers: Your Erlang program should just run N times faster on an N core processor

I hate this kind of marketing trick.

So let me add: And here's the bad news, your Erlang program can be much slower than a C program on one core: for example in the alioth 'benchmarks' Erlang run between 3X and 30X slower than a C program on one core ( http://benchmarksgame.alioth.debian.org/u64/benchmark.php?te... ) so you may have to throw MANY core at it before the Erlang program is faster than the C program.

So beware! YMMV.

That said, I hope that Elixir will improve Erlang's adoption as the high availability feature are the big deal IMHO.

unterstrom 57 minutes ago 1 reply      
I really like his minimalistic writing style. Wish other authors (especially americans) would follow his example. Not every simple fact needs an anecdote.
kornakiewicz 3 hours ago 2 replies      
Quick question: If you recommend to start learning Erlang now, it's better to play with normal one (I actually don't like syntax since I'm used to semicolons and other C-influenced stuff) or Elixir, which looks pretty neat?
davidw 4 hours ago 1 reply      
There was some hype about Erlang 6/7 years ago, too, but it didn't seem to be enough to give it much momentum:



dasmithii 5 hours ago 3 replies      
Was Erlang designed in light of any ancestor languages? Or is it fairly original - create from scratch?

I'm interested in the language design process.

Show HN: I lose things constantly, so I built this service
133 points by madchops1  18 hours ago   85 comments top 38
bdcs 12 hours ago 1 reply      
Can you add in how much the service charges? If it is 0$ then make it that. I get the feeling* that you're going to hold my items for ransom after someone finds them. I suggest you make it obvious that you're not a bad actor.

* I think the negative connotation comes from your logo's dollar sign, $. It looks like a scammy pay-day loan or something. I'm not saying to change your logo, or your website sucks -- it looks awesome! -- I'm just letting you know my take on it.

GBiT 17 hours ago 1 reply      
You show picture on website with ID 123456. Right now if I enter this number I'm getting error. You should make it DEMO.
mgninad 30 minutes ago 0 replies      
Dose GoReturnMe take a cut out of the rewards or we need to pay a fee to receive the lost items?
Semaphor 2 hours ago 0 replies      
CODE-No.com [0] has been doing this in Germany for quite some time (and from the looks of it they are by now active in all of Europe)

[0] https://code-no.com/

whymsicalburito 17 hours ago 1 reply      
My headphones came with a service like this. https://www.rewardtag.com/
ams6110 16 hours ago 1 reply      
Small typo on the "How it works" page:

You make up your own reward value per item. If someone find's your item you can choose to release the reward or not.

Should be "finds"

Yeah it's a nitpick but for some reason these kinds of things really catch my eye.

Edit: Heh... and right above that: Nobody can compete with us! We'll give you free tags and therefore free protection of your item's. Guess my eye isn't as sharp as I thought.

TeMPOraL 16 hours ago 0 replies      
The website says:

"People are returning lost items to owners through GoReturnMe everyday."

Is this true?

makmanalp 18 hours ago 0 replies      
Ha - this makes me think of the story about Hiram Maxim, the great inventor. http://gutenberg.net.au/ebooks09/0900131.txt Search for "12". The entire book is great too, definitely worth the read.


quotemstr 17 hours ago 0 replies      
I'm a bit confused --- other than the pretty pre-printed labels, how is this service better than offering a reward and paying it directly myself?
avalaunch 11 hours ago 0 replies      
Nice idea. When someone finds an item, what happens next? It wasn't clear from your site. They enter the tag number and then they're connected with the person who lost the item? Or do they send the item to you and you forward it to the person who lost it? Or something else entirely?

Also, I really think you should consider changing your logo (and matching color scheme). As another commenter mentions, it looks like a pay-day loan logo which has some pretty negative connotations. In addition, you've geared the logo towards the person finding the lost item, when ultimately, your customer is the person with items they're afraid they might lose. For them, you're selling peace of mind, but your logo is not at all reflective of that. You don't really need to worry yourself too much about the people returning lost items as the mention of a reward should be enough to motivate them to visit your website and return the item, if they weren't already inclined to do so.

sensecall 15 hours ago 1 reply      
Looks great! We released something similar last year - https://loseproof.com

Did you do much research into rewards vs. no rewards?

mosselman 17 hours ago 1 reply      
The idea is nice, I bet it is one of those things people (including myself) will say "Hey I thought of that too" but never did anything with it. You did!

Also, something that holds me back from using your service is that I don't like the design for something like my wallet. It looks a bit sporty so I don't want to stick it on my nice leather wallet or slick laptop. What about creating a few different styles?

lucb1e 12 hours ago 0 replies      
It asks me for a state to ship the stickers to. I don't live in a state.
jodi 16 hours ago 0 replies      
Same concept as belon.gs but your site is more clear and better designed. I have several of their tags from a startup event a few years ago but haven't lost anything yet. http://belon.gs/
pkfrank 18 hours ago 1 reply      
Really simple and cool service; does anything like it exist? I'd imagine you'll eventually take a small % of the reward itself (processed through the site). If people ever marked their item "totally lost" you could also hit them with affiliate marketing replacements.

I think it's a fairly narrow use-case. I'd always just write my name/phone # on a large % of my stuff; but I suppose I would rather put a sticker on some things (phone, wallet, electronics, etc.)

Pretty cool - how long have you been live? And how are you coming up with this 80% "return rate?" Do you have a sense of when things are actually marked "actively lost?" as opposed to "if it ever is... this sticker will come in handy" ?

firebones 11 hours ago 1 reply      
Marketing idea: create a case study where you buy a bunch of crap, label it, lose it in various places and then blog the results of how long it took to return and what came back and what didn't.

You wouldn't have to spend a lot if you did it with items with fictional sentimental value or old generation throw away technology.

NickNam 9 hours ago 0 replies      
What happens when I sell the phone? Can you take the tags off? Or am I obligated to use the service if someone sends it back (as the new owner)? Also what happens if in the time that I lost the item, I've replaced it. Then do you keep my phone? Sell it?
TelmoMenezes 17 hours ago 1 reply      
Doesn't this create a new incentive for people to steal your stuff?
huhtenberg 15 hours ago 1 reply      
They were selling keychains and stickers exactly like this for several years now. I saw them sold in Canada and they are also sold in every post office here in Switzerland. I'm yet to see a single person to be actually buying them.

The only difference in your case seems to be that you are targeting online audience and it might be more receptive to the idea, but otherwise I'd say it's a pretty crowded space already.

mikeg8 18 hours ago 0 replies      
I think this is very clever, I've never seen anything like this. Great work, your site does a nice job of explaining itself quickly.
madchops1 17 hours ago 0 replies      
Thanks everybody. Your response and input is awesome. I will implement as many of your good ideas as possible!
antihero 17 hours ago 0 replies      
The we got tags box has a typo "We have tags that are disigned for all types "
aftbit 17 hours ago 2 replies      
I'm amused that the average reward for tablets is higher than phones, and the average reward for phones is higher than laptops.

  Phone $100-200  Keys $40-100  Wallet $40-100  Tablet $200-500  Laptop $40-100

cmaxwe 17 hours ago 0 replies      
Great idea. I don't usually watch Dragons Den but one of the few episodes I watched had this exact thing and they said they were already partnering with Sony and that their tags were in the box of every Sony laptop (I think).
drstewart 16 hours ago 1 reply      
A small typo on the how it works page:

>Nobody can compete with us! We'll give you free tags and therefore free protection of your item's.

Should be "items", not "item's"

smegel 16 hours ago 2 replies      
Pretty sad we need to pay people to do the decent thing. I would be happy to reunite someone with their lost item.

Why can't we all be like Japan...

ianwalter 17 hours ago 0 replies      
I had this idea a couple of years ago. I'm so glad someone's making it happen, good luck!

PS - I would pay for a small card and/or keychain.

triptych 17 hours ago 2 replies      
Would be great if you had some way like RFID to scan for those tags, so that when you lose your phone in your house, you can quickly locate it :)
mattryanharris 11 hours ago 0 replies      
Just got my tags :) looking forward to sticking this on my phone and laptop!
goeric 17 hours ago 0 replies      
It's like Bungie tags but gamifies it with a reward. Love it. That simple incentive will for sure increase the rate of return. Congrats!
mattypov 11 hours ago 0 replies      
This is AWESOME! All you pay is shipping for tags? BEST idea I've seen all day. Ordering mine now for my forgetful ass!
mosselman 17 hours ago 0 replies      
I am amused by "Our system is safe and secure because we use: stripe".
PeterWhittaker 17 hours ago 1 reply      
Typo on the front page: "notice there is a reward if they reurn it".
franko10000 15 hours ago 0 replies      
Helping people and getting $ for it. I can't wait till those get big and I find phone or keys.
abritishguy 17 hours ago 2 replies      
Currently violating stripe's ToS
nate9ei 17 hours ago 0 replies      
Wow, what a fantastic idea. I'm gonna be ordering a few myself.
gary_host 18 hours ago 0 replies      
Great idea
Writing a Simple Garbage Collector in C
149 points by webkike  20 hours ago   44 comments top 10
munificent 15 hours ago 1 reply      
This article teaches you how to write a conservative GC, which is what you'd do if you wanted to garbage collect in C or some other system where you don't know the shape of objects at runtime.

If you do know that -- like you're writing a GC for a higher-level programming language -- you can write a precise GC instead and avoid all of the (very interesting) muckiness this article goes through.

I wrote an article on that a while back:


millstone 19 hours ago 1 reply      
> Local variables can also be stored in registers, but we won't worry about this because registers and usually dedicated to local variables, and by the time our function is called they'll probably be saved on the stack anyway

Heh. No wonder it's 32 bit! You can only hope to get away with this on a register-poor ISA like i386.

I wonder if you could use setjmp to portably get access to register values?

IgorPartola 19 hours ago 3 replies      
So am I reading this correctly, in that if I get allocated a segment at 0x12340 and then a random variable on the stack happens to have the value of 0x12340 for a different reason, then that segment would never be freed? Is this strategy still sound?

Also, while this is a nice explanation, does anyone actually use GC's while writing code in pure C? I never found the idea of calling free() that troublesome. On the other hand, writing a GC in C for another language is obviously a good use case.

doty 19 hours ago 1 reply      
"People seem to think that writing a garbage collector is really hard [...] Well it's not. In fact, it's rather straight forward."


"Thirdly. Please don't use this code. I did not intend for it to be wholly correct and there may be subtle bugs I did not catch."

ChuckMcM 19 hours ago 1 reply      
Not sure if webkike is Matt or not, but either way its a nice little mark and sweep GC. It reminded me a bit of the first one that was written for Oak (the pre-cursor language to Java). I have always been a fan of building versions of technology like this to experiment with because it helps you figure out where the hard parts are of the 'simple' programs. One of my favorite interview questions is to start with traversing a list to arrive at an answer, now the list is getting insertions from multiple sources ...

So too with GC that you start with a hook into your allocator and you end up with coloring references and aging them and disabling compiler optimizations and all sorts of other things that lead to really unexpected behavior in your environment.

crazypyro 15 hours ago 0 replies      
It would be helpful to note that some of the variables used in the first two function examples are defined further down the page. I was trying to understand how his first loop in add_to_free_list worked and couldn't figure out how because *freep was never declared anywhere and that was his list of free blocks. Took me a page of scribbling pointer diagrams and 5 minutes to figure out that it was declared and set further down the page as a global.
rurban 17 hours ago 0 replies      
re preciseness: You should really add your preciseness limitations. Also add that pointers located in loaded shared libs are not detected with this method. Boehm has special methods to detected the ranges of loaded shared libs.

Maybe you should mention weak refs and volatile also. volatile to keep pointers on the stack, so that you don't have to inspect the registers also. And some easy ways to make it precise. E.g. int tagging, float boxing, ...

oppositelock 18 hours ago 2 replies      
This code won't work.

It scans heap memory, and if a word looks like it points into allocated memory, it's assumed to point into allocated memory, and that memory is marked as used.

When dealing with numbers, such as times, file sizes, etc, you will inevitably store an integer value that looks like a pointer into a valid block.

The reason you can do mark and sweep in Java, is that there is a distinct wrapper for all pointers, so you can disambiguate pointers from data. You can't do that in this algorithm, it's impossible. This is also the same reason that disassembly of executables is so hard; it's not always clear what's data and what's instructions.

kazinator 19 hours ago 2 replies      
1. Writing a simple anything isn't hard.

2. Especially if simple means you don't have any interrupts or threads.

3. Writing anything is a lot easier if you carefully exclude "debugging" from "writing".

When you have GC bugs, they don't always occur in the collector itself, but rather when the code which relies on GC breaks the conventions that allow GC to work correctly (because that code is generated by a C compiler which doesn't understand your conventions, and so they are ensured by hand).

allegory 4 hours ago 0 replies      
I wrote a simple GC for C once. It wasn't simple. I gave up after I hit what I felt like was the five-thousandth edge case and about 6000 LoC.
       cached 26 August 2014 13:02:01 GMT