hacker news with inline top comments    .. more ..    11 Oct 2014 News
home   ask   best   4 years ago   
Toxo, the cysts in our brains from cats, can improve self-control (2013)
42 points by DLay  1 hour ago   11 comments top 4
amitparikh 47 minutes ago 0 replies      
There's a fascinating RadioLab episode which focuses on various parasites, including Toxo (Season 6, Episode 3: http://www.radiolab.org/story/91689-parasites/).

One of the key mechanisms of Toxo's behavior is that it can penetrate the brain of rodents and make them sexually attracted to feline urine -- the point is to facilitate the reproduction of the parasite which can occur only on feline intestines.

MrBuddyCasino 1 hour ago 2 replies      
"it seems to make men more introverted, suspicious, unattractive to women, and oblivious to the way others see them"

So basically, cats created 4chan and its userbase. Well played!

But seriously, none of these articles ever seem to mention that a cure is being worked on. Also, is there an easy way to test for this parasite?

farmdve 52 minutes ago 3 replies      
Is the article sensational when it says that about cysts in the brain? Cause I've had a cat for over 4.5 years now.!?

The wikepedia article says that Toxo is linked to ADHD and OCD, both of which I have, OCD since last year.

lifeisstillgood 53 minutes ago 1 reply      
>> Up to a third of the world's human population is estimated to carry a Toxoplasma infection[http://en.m.wikipedia.org/wiki/Toxoplasmosis]

That's almost inconceivable. The other studies around this bounce from 10-25% too. I assumed toxoplasmosis was rare - but that kinda scares me.

How do I get a test for me and the family?

The Story of the PING Program (1997)
58 points by julien421  3 hours ago   8 comments top 4
lbenes 1 hour ago 3 replies      
Am I the only one that finds the MS Windows ping more useful for quick troubleshooting that the Linux/Unix variants? A few weeks ago I was dealing poor performance on my cable modem. When I pinged a valid IP, I was seeing the successful packets only. It didn't show time-out packets until the summary displayed on exit. This makes it useless for quick real-time monitoring. MS ping on the other hand will show time-outs along with the successful ones.

Why is Linux ping this way? Is this a fundamental design flaw?

PeterWhittaker 34 minutes ago 0 replies      
I loved the bit about piping ping through sed through vocoder, playing it on the stereo at 11, and finding the network fault by seeing which wiggled connector caused silence.
RegW 48 minutes ago 0 replies      
I remember years ago the SunOS documentation used to have a ping joke: http://docs.oracle.com/cd/E19504-01/802-5753/6i9g71m4p/index...
thefarcry118 2 hours ago 1 reply      
Sadly the author of ping, Mike Muss, died in a car accident in 2000. [1]


Pdf-tools: Emacs support library for PDF files
19 points by akakievich  1 hour ago   discuss
272 points by antoinec  9 hours ago   84 comments top 32
beeker87 2 hours ago 3 replies      
Saw this posted over on PH and checked it out, extremely impressive game and I'm sure there's a ton of dev time on this. Good job and props to the creators.

I wanted to notify you guys though of some security flaws within the game.

Probably the biggest issue I see is the lack of server side checks against changes coming from the client. I only tested this out on the player object as a PoC, but it only takes changing a variable within the player object to modify things like player speed, mountable craft speed, etc.

For instance, while you obfuscated the name of the player object within the ig.game object, it was easily found by checking for modifications to the health variable, where another function listed it as ig.game.O1376. This name for this player object is also static for every game instance, so it's easily referred to every time.

Once the player object was found, it's easy to modify the variables and the world (server side) accepts it. It was also easy, for the most part, to identify what certain variables did as they were in plain text. To change player jump height for example, all it would take is this piece of JavaScript:

window.ig.game.O1376.altJumpReducedGravityFactor = 0.1;

Now the player can super jump and the server is fine with it (verified by numerous 'holy sh!' and 'wtf!?' comments from other players).

The second thing I see is just obfuscating the code more.

I would suggest first and foremost to do the server side checks. Even if you left all your code in plain text, any modification someone tried to make from the client would be seen, verified, and handled accordingly by the server. Second I would try obfuscating all variable names that you can, especially the class definitions like EntityPlayer. To go further on it, I would have it produce the obfuscated names randomly on each load of the game script so they're not easily referred to.

Just wanted to bring the issue up to you guys after finding it.

j_philipp 9 hours ago 3 replies      
This is an infinite browser-based mmo universe where everything can be drawn and placed into the world, wiki-style... give us a shout if you need anything! You can also script blocks to have interaction or influence the environment (for instance, here's an adventure: http://manyland.com/newpolis ).
joshdotsmith 3 hours ago 0 replies      
I became a cat. And I mounted a nyan cat. http://cl.ly/image/2G2X2P3j0C3M

My life is now complete.

minikomi 7 hours ago 1 reply      
Spent a long time wandering alone and eventually got to a very strange place.. http://i.imgur.com/eNI8Cp2.png
cpeterso 2 hours ago 1 reply      
Very cool. This reminds me of Lucasfilm's Habitat, the world's first (?) graphical MMO, from the mid 1980s:


which incidentally is being restored by booting the original servers found in a collector's basement:


calgoo 4 hours ago 1 reply      
Im getting script error as i block google-analytics in my firewall. Is it really needed to play the game?
fulafel 7 hours ago 1 reply      
An skynet-free registration option would be nice.
hardmath123 2 hours ago 0 replies      
Shiny! It's like a mature Club Penguin.
_random_ 2 hours ago 0 replies      
Reminds me of https://bombermine.com.

But for a not a fan of Minecraft like me kinda lacks a purpose.

Impressive demo scene though - making things like that with just some scripts and a browser.

plumeria 1 hour ago 0 replies      
I get lost and cannot find back people! That's what I don't like about this game.
paul9290 3 hours ago 0 replies      
love the jump right in and play and along the way watch a youtube demo vid while playing.

Great on-boarding!

Jean-Philipe 1 hour ago 0 replies      
If I had time to play, I would definitely hang out here!
hellbanTHIS 2 hours ago 0 replies      
Ah I'm stuck in an infinite death loop in the dodgeball room

Edit: it somehow fixed itself and gave me a skateboard

huhtenberg 8 hours ago 5 replies      
Looks interesting, but it's laggy as hell. Running latest Firefox on a beefy hardware. Got booted off twice already with "you have performance issues" and a suggestion to switch to Chrome (haha). Just FYI.
JJJollyjim 1 hour ago 1 reply      
I'm confused as to why there would be a Kindle Fire app, but no Android app. Aren't apps for the two platforms nearly identical?
Kiro 8 hours ago 2 replies      
Very cool. How is input sent to the server? Is it one packet when you press the button down and one packet when you release or constinuously sending packets while you hold the button down?
daddykotex 8 hours ago 1 reply      
Damn that's nice, what is behind it?? It's quite impressive.
jzig 3 hours ago 1 reply      
I have an X on my little hand thing by my name, along with a red question mark. I'm unable to chat or interact with anything in the environment.
ninsen 2 hours ago 0 replies      
Reminds me of Jet Set Willy in both style and the fact that it's also incompletable;


Gracana 7 hours ago 1 reply      
I haven't figured out how to use it yet, but the 2D editor I saw in a video that showed up when I sat on a bench was really cool. Efficient editing of the world around you is a really neat feature to have. I think the Starbound devs have an external tool to do that sort of thing, but having it internal is even better.
tommoor 5 hours ago 2 replies      
Surprised no-one has mentioned Glitch or GNE yet - love this kind of thing.
nanoscopic 5 hours ago 1 reply      
Seems awesome from what I am seeing so far from just poking around.

Could you add a way to import assets easily so that they can be developed using other tools or imported?

endel 1 hour ago 0 replies      
Awesome project. Loved it.
tolmasky 6 hours ago 1 reply      
Impressive performance on mobile (safari).
api 5 hours ago 1 reply      
I love it! Lovelovelove!

I thought "what a nice wind sound effect" until I realized it was the CPU fan in my laptop. Heh. But that's not really a big deal, at least for now, and I'm sure you can optimize.

Experiments like this show us that graphics and VFX are overrated. It's true for games, and it's true for movies too. Primer is still one of the best sci-fi flicks I've seen in the last ten years, and they used what looked like surplus air conditioning equipment as props. Sometimes too much FX actually gets in the way of your imagination. When I visit a virtual world, I kind of want it to be unlike the physical.

I tried a Rift the other day too, and that has its appeal as well. But it's a different appeal.

Noticed it was a tad laggy and then tracerouted and found that it's in London and I'm in Southern California. I suppose that's understandable. I guess if things take off you'd be able to geo-locate a bit via other cloud services.

yamaneko 7 hours ago 1 reply      
Really cool!

Just a small suggestion: could the sound of forbidden actions be replaced by something smoother?

kghose 8 hours ago 1 reply      
This is awesome!

But I got on a horse, flew to the edge and now I'm falling for ever.

odc 6 hours ago 1 reply      
Why is Firefox still to slow to play this?
felixrabe 5 hours ago 2 replies      
Minecraft 2.0? :)
fiatjaf 3 hours ago 1 reply      
My computer cannot handle this.
yoodenvranx 4 hours ago 1 reply      
Is there a reason why we often have shitty nondescriptive titles like this? I almost always have to click on every link on the frontpage because it is impossible to predict if I might be interested in the article/webpage behind the title or not :(
nakodari 3 hours ago 0 replies      
Imagine having a hall where everyone can meet to pitch their startups in front of thousands of other players.
Gedanken: A Simple Typeless Language (1970) [pdf]
22 points by rutenspitz  1 hour ago   discuss
Remains of Alexander the Great's Father Confirmed Found
25 points by megafounder  2 hours ago   discuss
A Promising Pill, Not So Hard to Swallow
7 points by dnetesn  42 minutes ago   discuss
Pro-Democracy Websites in Hong Kong Targeted with and Serving Malware
15 points by bindrpc  2 hours ago   discuss
Stand by for Weather Map
15 points by daddy_drank  2 hours ago   discuss
YC Startup School Live Notes
11 points by ryanSrich  4 hours ago   2 comments top 2
odajay 21 minutes ago 0 replies      
Thank you for doing that, I (and probably others) really appreciate.
What I Saw as an NFL Ball Boy
28 points by jhonovich  3 hours ago   4 comments top 2
drawkbox 23 minutes ago 1 reply      
I think they could do much more for players to help them.

- Weight limits in the NFL. I know linemen need to get big but the average weight of linemen is way too high.

- The padding is almost too good, concussions will go up as they have with better equipment. Players feel too safe to unleash a hit. There needs to be more alerting/warning systems on collisions. i.e. if a player is about to get blindsided, alert them inside the helmet. Give them eyes all around.

- All linemen should use knee braces all the time or improved support. Players remove padding because others do to stay competitive. There needs to be more support for knees/ankles that is required. (smaller linemen will help this)

- Testing for HGH is finally in, this will help some.

- Allow players to use marijuana, for pain and for calming rather than DUIs. They treat players like children so they end up lashing out.

- Provide drivers free of charge for all NFL players for all activities. Require that they use the drivers (they can personally hire them) if they are having fun but DUIs should not be allowed.

thebiglebrewski 37 minutes ago 1 reply      
This is revealing, but really unsure how this relates to Hacker News
The Internet of Someone Elses Things
79 points by BIackSwan  7 hours ago   26 comments top 7
Animats 4 hours ago 4 replies      
The "Internet of Things" is still rather pointless. I went to an "Internet of Things" meetup in San Francisco last month. All parties defined "IoT" as "controlling something via a smartphone and cloud server". Most of the applications are rather banal. There are smartphone-connected garage door openers.

The speaker for Samsung had some good insights. They have a refrigerator with a touchscreen and Instagram connectivity, which costs more than a regular refrigerator plus an iPad. He said that they saw three classes of customers:

- Those who want the latest thing.

- Those who like to show off their houses to others (the granite-countertop crowd.)

- Those who just have a lot of money and buy the high end version by default.

None of those people are getting this stuff because it's useful in any way. These are decorative objects to them.

If that's the Internet of Things, it's going to be a fad. Granite countertops are so last-year now, you know.

e12e 16 minutes ago 0 replies      
Firechat really isn't the best counter-example as it is closed source and uses (afaik) a proprietary protocol. Additionally, it's only available in the walled ios and android gardens, meaning google/apple and the developers are both in a position to push updates. I'm not sure a profiliation of propietary networks is a good solution to the centralization of the Internet.
jandrewrogers 3 hours ago 0 replies      
Articles like this remind me that people have a really difficult time wrapping their head around just how mind-bogglingly different the nature of the Internet of Things architectures actually are. Traditional technical solutions to most problems completely break down for this use case. Some specific points:

- A lot of IoT data is passively collected and reconstructed external to a device you own for applications that run on the device. Decentralizing the applications does not decentralize access to the data in practice. This makes perfect engineering sense: it saves a lot of battery and bandwidth on the device to not have the device involved in phoning home even if it is effectively "phoning home". (Few people grok how sophisticated this type of data reconstruction is.)

- IoT data coming off consumer devices is higher velocity and higher volume than anyone imagines unless you work with it. Billions of records per second continuously, petabytes per day, from single data sources. See above: the data your device effectively generates is not limited by the bandwidth of the device. Most applications of this data joins several of these data sources, often in real-time.

- The fundamental operation done on IoT data that makes it uniquely useful for consumer and other applications is the spatial join. If you think you are going to do that on a decentralized peer-to-peer network then you don't understand spatial joins. Doubly so considering the aforementioned bandwidth requirements.

Having physical control of a device will allow some control of where data goes but the architectural requirements of IoT will greatly constrain the extent to which this is possible in practice.

__Joker 2 hours ago 0 replies      
For one thing, I suspect that at some point, after the first wave of the Internet of Things, open APIs and root access will become a selling point

Hardly so. I really doubt users would care less. How many people really bother about that iPhone is locked. You can root android based devices with little ease still, people really don't bother or care. People will use things which are easier to use, have a seem less experience.

jeffreyrogers 5 hours ago 4 replies      
The article mentioned the possibility of a peer to peer based internet of things and then suggested it use some sort of block-chain like algorithm as its distributed consensus algorithm. That seems a bit strange to me since if I understand the block-chain correctly it requires a massive amount of storage that only grows as the network is more widely used.

When you also assume that most of the IoT devices are going to be very low power and probably not have much storage or processing power, it seems an odd choice to use. What's the advantage of block-chaining over something like Paxos which is already widely used and more or less the standard distributed consensus algorithm?

thechut 4 hours ago 0 replies      
The AllJoyn [1] protocol supports local communication between devices. It gives devices of certain types the ability to tie into defined APIs for specific shareable functions. So that your door lock could turn on your lights for example.

Not saying this is a perfect and open system, but it could be a step in the right direction and does not require a live internet connection for your things ot talk to each other.

AllJoyn has a lot of major backers but has yet to take off.

1: https://www.alljoyn.org/

woah 5 hours ago 0 replies      
IIRC Firechat uses a central server, but sometimes over a bluetooth mesh.
The man who built the online attendance system for Indias government officials
30 points by aptwebapps  5 hours ago   11 comments top 6
whizzkid 1 hour ago 0 replies      
When I saw the screenshots of this article, it reminded me how much stress my indian colleagues were dealing with, a year ago.We have worked some time together on a project with Indian people (still friends with them, awesome people) and the way they explained their working environment was not really appealing at all unfortunately.

They were indirectly forced to worked more than eight hours a day (around 9 to 10), and was required to report everyday to their managers about the progress done during the day in a stylesheet. Their managers were trying cut off financially as much as they can to save some more money in the department so that managers can get extra money at the end of year depending on the savings.

This caused employees more stress, more work, less comfort and less time with family. Since there are already a lot of people waiting to get job out there, they did not have much choice but accept the companies' rules..

I am hoping for a more trust oriented employer-employee relationships for my indian fellows..

sjtrny 17 minutes ago 0 replies      
I see this system as a force that compels people to work longer hours than is neccesary. Public access to this data will make people name and shame particular individuals in the bureaucracy who might consistently clock in a little bit late, even though the reason behind the lateness might be legitimate (caring for others in family or long term illness). This is not transparency it just makes bureaucracy worse.
jpatel3 1 hour ago 0 replies      
Seeing the implementation would be a interesting, but certainly it can be powerful and bring transparency.
keithpeter 4 hours ago 1 reply      
Nice idea for taking the class attendance register at College/school.

Just mild concern about the biometric data being stored centrally.

dang 2 hours ago 0 replies      
avinassh 3 hours ago 1 reply      
How come there are no concerns about privacy? Most of the people's email ID and personal phone numbers are visible in that site
Learning from an animal that can regrow its head
9 points by pulkitpulkit  3 hours ago   discuss
Aptly: Owning Your Debian Distribution
129 points by smira  12 hours ago   41 comments top 13
lamby 7 hours ago 2 replies      

Here's my solution to this. Love using .debs for distribution.

jcapote 3 hours ago 0 replies      
This looks neat, just in time for the weekend :)

I've been using the free plan at https://packagecloud.io for my debs (handles my rpms and gems too), and it's been working well so far.

zwilliamson 3 hours ago 0 replies      
Aptly rocks. I put this together for those who use Vagrant and want to test out some of Aptly's commands and functionality.


It also sets up a Jenkins server so you can test out some build jobs that interact with Aptly.

I am looking forward to Aptly's REST API. Also on the roadmap is the ability to manage Yum repositories.

helper 7 hours ago 1 reply      
We use deb-s3[1] to maintain a custom apt repository in s3. It supports signed release files and does all the hard work for you.

[1]: https://github.com/krobertson/deb-s3

vacri 2 hours ago 0 replies      
I just finished putting together an aptly repo system on Friday, with a 'testing', 'staging', and 'production' repo. Buildbot dumps unsigned builds into testing, and a meatspace process copies those builds into staging or production when appropriate.

Aptly is a godsend to people who want to run .deb repos, as previously the software was basically "run a full mirror" or "sucks to be you". Jordan Sissel (fpm author) once remarked that 'there is a lot of silly ceremony in managing .debs'. We were previously using reprepro, which was alright, but had the glaring flaw of only allowing one version of a package to live in the repo. No easy rollbacks or machines on different versions there.

Aptly is really flexible, and although it does have some corner cases or slightly unintuitive behaviour (to me), it has excellent documentation and is in heavy development. Kudos to you, smira.

dzderic 8 hours ago 1 reply      
For anyone who has ever battled with maintaining their own apt/yum repos, this seems like a godsend.

The most-used tools for getting a package into your repo involve scp'ing the file to the repository server and running a command to update its index. It's nice to have a proper toolset to do this, but it's too bad I spend most of my time with YUM nowadays.

jvdb 9 hours ago 0 replies      
This sounds really nice. I've been using apt as a deployment mechanism not unlike the use-cases describe. While the whole thing's been rock solid, the repo management could do with a cleaner interface. Looking forward to giving it a go!
dkarapetyan 11 hours ago 1 reply      
This is really cool. If you're using Ubuntu or Debian as your base OS then you really should be managing your software with something like this and offloading your deployment to it as well. The benefits of a setup like that are dead-simple rollbacks and deployment scripts.
robinson-wall 8 hours ago 0 replies      
Props to smira + other contributors to aptly, it looks like it has come a long way in a short time.
oblio 8 hours ago 0 replies      
So, basically Nexus/Artifactory for deb. Cool.
Havvy 10 hours ago 1 reply      
What does this give you over using NixOS?
Dewie 8 hours ago 0 replies      
Half of the posts in this thread are about the author's English. I know that clear communication and constructive feedback on one's command of a language is good, but... come on.
pan69 11 hours ago 3 replies      
I'm no grammar Nazi but the first sentence on this website had me completely tripped up:

>> Linux distribution is well-tested collection of packages carefully organized and supported by the vendor.


Fish School Us on Wind Power
9 points by dnetesn  4 hours ago   discuss
Dynamic consensus filters
10 points by vishnupr  8 hours ago   discuss
The Microsoft Empire Reboots
122 points by aseem  18 hours ago   113 comments top 12
Rapzid 3 hours ago 1 reply      
The biggest shift I've noticed in Microsoft in recent years is its support and push for open source, cross platform components and projects. It seems that there may be a paradigm shift towards selling tools and an integrated platform while providing more choice and making inroads into the open source comminities.

This is exciting for me because I absolutely love .net and friends, but I'm also a Linux engineer and lean heavily toward open source and cross platform technologies. In recent years I have noted that with the existence of mono and mono develop(xamarin) C#/F# is right on the verge of being an excellent choice for open source tools and projects. I've been lamenting the fact that Microsoft's early platform lock in approach has prevented .net from being a serious java alternative(or the alternative it deserves to be). Its nature stiffling the open source ecosysytem .

The outlook has been getting rosier over the past 2 years though. Now we have OWIN, ASP.NET vNext, MVC6, entity framework 7, F#, and a strange officially unofficial interest in mono. Projects on github! These are welcome steps in an attempt to boost relevancy IMHO.

Immortalin 9 hours ago 8 replies      
Their greatest mistake(s) were the removal of visual basic 6 line of products and windows 10. Visual basic 6 is my first programming language and is probably still my favourite. The problem with lua and python and most other "beginner friendly" languages is that it is hard to do anything useful when u are just starting other than printing hello world to terminal. My intro to vb6 was creating a simple calculator, it was amazing knowing that i could create an application simply by dragging and dropping some elements and writing some code. I never had to worry about things like gtk bindings and makefiles etc. The earlier version of visual studio started up in less then a second and I never experienced any lag. The killer feature was probably the combination of both an just-in-time interpretator and a full-blown compiler. I could simply click play and the app would run, if i need an exe, it would also export one. This feature put most modern "repl-based languages" and "test-driven development" to shame. A lot of people complain that vb 6 is not object-orientated enough, but remember, C is not object-orientated either, and it still tops the tiobe programming list. Windows is sorely in need of an Rapid application development framework. Although vb6 still installs on windows 7, a lot of its features are broken. I really miss having an IDE that doesnt get in your way, starts up quickly, and allows you to get things done fast. The argument that vb6 encourages bad programming practices etc. is not really that valid when the user is not an professional programmer. After all, would you rather teach your kids to code by teaching him about build tools and commandlines and gui bindings or would you simply give them an environment where they can create whatever they want in a fuss-free way? Now, lets just hope that microsoft isnt stupid enough to nerf asp.net web forms.......
grokys 7 hours ago 1 reply      
> The holy grail for Microsoft would be getting developers to write new software for Windows again, putting Windows back at the center of a new virtuous circle.

And yet there is no currently properly supported way to write desktop applications for Windows! MFC = obsolete, WinForms = maintenance mode, WPF = Dead on arrival, WinRT = Metro only.

For all the people saying "web is where it's at", there are some things that are simply still best done on desktop. And native development in iOS and Android is still going strong.

MichaelGG 4 hours ago 3 replies      
>I put the A-team resources on Longhorn, not on phones or browsers.

Hilarious. It wasn't the lack of an A-team resource on browsers, it was the lack of any team. Microsoft just left browsers there and did nothing.

Microsoft's other big sin is counting on its hardware partners. They could have preempted the iPod, for instance, but they just hoped Creative and others would deliver a great experience, while they sat back and wrote the software and cashed in on licenses. Same for tablets. Tablet PCs were great in the 00s, and I loved using them. Except, they were clunky and had little mass appeal. Once again, MS just counted on its partners and never gave a thought to the full experience.

Also, the fact that Windows still is touch/pen unfriendly outside of Metro just shows they Don't Get It. Instead of working on some tech to make Windows work well across all its apps, they ditch everything and hope Metro will work. It's hard to imagine that anyone could be so myopic.

__Joker 9 hours ago 0 replies      
More oft repeated history apart from the later part of the article which discusses the present and the future direction.

"The holy grail for Microsoft would be getting developers to write new software for Windows again ", this necessarily isn't true. The developer go where users and money are. And users not necessarily go to devices which have lot of apps. This might sound like a chicken and egg problem, but look at amazon, if developers are writing software for its devices, Amazon is bootstrapping its devices with software. I take out the other devices, the desktop and servers, might not have as much impact as it may sound.

Second, Xbox, Bing, may sound looser, but they may be interesting in the next round of battle. The smart phone battle is more or less is over and it is not going to make much difference, but the future of the smart device fields will be another story, if only MS can concentrate on the future in coherent way.

ilaksh 6 minutes ago 0 replies      
Microsoft has some of the most amazing products and many terrific engineers.

Unfortunately, it is also has some extremely negative associations, most of which have been earned and even, perhaps, proven.

* unfair and sometimes illegal business practices

* sabotage of innovative technologies when they conflict with Microsoft's monopolies

* eugenics

* empire

* surveillance state (Skype/NSA)

gvb 8 hours ago 1 reply      
There is a Macintosh in the background of the picture "JUST KIDS Gates and former C.E.O. Steve Ballmer at Microsofts offices in Bellevue, 1985."

Not unexpected given the date and the relationship between Apple and Microsoft at the time, but interesting that it shares the desk (albeit off in a corner) with the IBM-PC.

x0x0 11 hours ago 2 replies      
(I think) it's not hard to understand where microsoft went wrong. Ballmer just doesn't seem to get where the industry is going. As evidence, this quote from the article:

   Indeed, Ballmer seemed to have no intention of leaving when he announced a    massive reorganization of the entire company in July 2013. Behind the scenes    he had also begun negotiating an acquisition that was meant to transform    Microsoft. He had become convinced that the company had to make hardware    too. The reason why goes back to his chart. The two companies which have    seen the greatest increases in the share of profits they take are Apple and    Samsung, particularly Apple, whose share of the technology industrys    profits leapt from 7 percent in 2008 to 21 percent in 2013. To Ballmer, the    message was clear, and so, in December 2012, he began talking to the Finnish    smartphone-maker, Nokia, whose C.E.O., Stephen Elop, had worked at    Microsoft. There was a defensive reason for the deal as well as an offensive    one. Nokia was pretty much the only company left that was making Windows    phones. If Nokia went under, what would happen to Microsofts phone business?
Apple and Samsung's phone businesses are entirely different. Apple is selling ios to the high and middle end market. Samsung is getting devoured from the bottom, because there is very little difference between android oems, whereas Apple doesn't need (or want!) the bottom. It's pretty amazing that someone like Ballmer wouldn't see that coming, given that Xiaomi and the other chinese competitors are running a classic competitive playbook on Samsung.

Stratechery has written about this at length, though I don't recall if it was clearly discussed in a single article or my mental synthesis from a collection. Either way, differentiated companies -- apple -- require completely different strategies than nondifferentiated -- samsung.

SandB0x 12 hours ago 1 reply      
Impossible to read on my phone. Single page print version is better:


deanclatworthy 12 hours ago 2 replies      
How is it in this day and age a magazine like VanityFair can have such an awful UX on mobile:

- I can't read the article because some as keeps jumping me back to the top of the page a few seconds after I scroll

- the article font is tiny and hard to read anyway

- for some reason even though there is a large body of text, ios doesn't allow me to use reader mode

higherpurpose 12 hours ago 2 replies      
Oh, good. Because it's a corporate empire what consumers want.
scientist 8 hours ago 1 reply      
Microsoft seems to be a crumbling empire. They seem not even able to maintain their websites. Here is a message I got today from Microsoft Azure: "NO ACTION REQUIRED: We want to notify you of an upcoming maintenance operation to your Virtual Machines in West Europe, starting at 23:00 Saturday, October 18th UTC. Single instance virtual machine deployments that are not in availability sets will reboot once during this maintenance operation. We expect the update to finish within six to eight hours of the start time. Please note that Cloud Services using Web or Worker roles aren't impacted by this maintenance operation. This link contains additional information: http://aka.ms/vax58". The link they give leads to a 404 error.
The Holder of Secrets
7 points by srslack  5 hours ago   discuss
Core Secrets: NSA Saboteurs in China and Germany
221 points by patrickgokey  19 hours ago   99 comments top 11
rl3 16 hours ago 1 reply      
The document titled "ECI Compartments" is interesting:

* It's possible work out the geographic region of certain compartments based on the organizational code attached to it.

* The redactions in the "Control Authority" column are variable size, possibly even proportionate to character length.

* The fact that document was merely classified "confidential" is odd.

* I was able to identify[0][1] all but one item listed in the "Organization" column.

The sole item that eluded identification was "S0242". It is listed alone under two compartments. I couldn't find anything on it; one can only surmise it is something within the Signals Intelligence Directorate (probably something boring, despite the mystique).

[0] http://en.wikipedia.org/wiki/National_Security_Agency#Struct...

[1] http://www.matthewaid.com/post/58339598875/organizational-st...

bmh100 1 hour ago 0 replies      
It is unfortunate the shadowing did not also go to homework and extra curricular activities. This is an area that is neglected too. If he had sat through a practice, then gone home to read 200 pages and do two hours of homework, his conclusions would be even more dramatic.
xnull2guest 18 hours ago 8 replies      
The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSSs overall cryptologic mission, the briefing document states. Unauthorized disclosurewill cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.

Maybe they could have not published this one.

I'm very much interested in the Snowden Documents and am a strong advocate for civil liberties (look at some of my other posts, and the ones under the handle 'xnull').

I also repeatedly explain, on Hacker News, and other places, that there is a global cyber intelligence war and that the Snowden Leaks showed us key insights into what was going on, how it's not 'about terrorism' and a great number of other things.

But I'm bewildered by this article. It seems really damaging, and like it doesn't really add very much to the corpus they've already published.

Any ideas?

Edit: Glenn Greenwald, Laura Poitras, Edward Snowden, etc all decide what material to publish and what material not to publish. Greenwald, by his own admission, works with US officials to redact information and to choose which stories make it out of the gate. He's also said that he isn't revealing (paraphrasing) 'the most horrendous material in the Snowden documents, for fear of the fallout'. My question should not be thought of a challenge to revealing Snowden documents as a whole. Contrary to this I think it is of the very highest service. My question is only 'why this document'?

eyeareque 17 hours ago 2 replies      
I read the entire article with the hopes that company names would be mentioned. Let's see who took cash to weaken encryption. Let's see who helped the government create back doors. That would have made this article stand out. But alas it contained more of the same things we already knew or assumed was going on.

Here's hoping for next time.

aburan28 10 hours ago 1 reply      
The NSA has clearly recruited employees from companies like Google, Facebook, Cisco, etc to compromise and place vulnerabilities that the NSA can exploit. The fact that the NSA has decided that the legal channels to acquire data through warrants and actual investigations no longer applies must be stopped.
philip1209 14 hours ago 0 replies      
I don't see any reference to domestic surveillance, so my interpretation is that a spy agency is spying.
icantthinkofone 8 hours ago 0 replies      
I can't find any article titled "Chinese and German Saboteurs in America". Why?
duckery 8 hours ago 0 replies      
Thank God we are clustered with Germany and South Korea in this. I can only imagine the not-giving-a-fuckery if the targets were "China, Iran and Cuba"
illumen 16 hours ago 1 reply      
TLDR; Secret police do secret police things.
curiously 15 hours ago 1 reply      
I wonder what's in the tip of the pyramid, shaded in black. Somethings I like to imagine:

- Kennedy was assassinated by CIA

- Aliens transferred technology to US government

- Former strongman of South Korea was assassinated by CIA

- List of other assassinations by CIA

- Iraq WMD was made up and knew about it but went ahead with war anyway.


t-rex1 9 hours ago 1 reply      
Revealing mass surveillance is one thing (great!), but some of these leaks feels like revealing too much and some of whats meant to be protecting us...no??
Show HN: One Adaptive API for Dropbox, Google Drive, OneDrive
55 points by cloudrail  9 hours ago   38 comments top 10
liadmat 29 minutes ago 0 replies      
A little less "we are changing the world", a little more "we offer a JavaScript SDK for file storage accross many services".

That's the short version. I initially wrote a long comment with a list of things I don't like, but I decided I was being too harsh so I removed it. If you're still interested, I can mail it to you.

diafygi 3 hours ago 1 reply      
Looks neat! This sounds very similar to the concept of unhosted.org[1], where the user provides their own data storage location. Being based in Europe, have you had any interaction with the unhosted team or their remoteStorage.js[2] library? It seems like they are trying to integrate in Dropbox/GoogleDrive into that library, too.

Also, you mention encryption in the Example Applications section. I've been working on a similar concept of having a client-side javascript library that creates an encrypted filesystem on Dropbox/Google Drive, called Bring Your Own Filesystem[3]. The most interesting thing with the system is that these storage locations allow for public files, which means you can set up end-to-end encrypted communication between two Dropbox accounts[4]. I'd love to learn more about your implementation of the encryption layer and how you plan to develop that further. What plans do you have for privacy/encryption?

[1] - https://unhosted.org/

[2] - https://github.com/remotestorage/remotestorage.js

[3] - https://github.com/diafygi/byoFS

[4] - https://www.youtube.com/watch?v=WTPimUSIWbI

narsil 3 hours ago 0 replies      
Very cool. There's definitely demand for a unified cloud storage API. Kloudless (https://kloudless.com) provides one as well, with some open-source UI tools. Disclaimer: co-founder here.

I'd suggest making the docs more easily accessible for developers looking to get a better understanding of CloudRail. In addition, the link/magnify icons on the cloud storage logos on the product page seem unnecessary, since the logos could just link to their individual pages.

aytekin 8 hours ago 1 reply      
Great idea.

We (JotForm) spend so much time implementing and maintaining integration with these services.

You definitely need pricing information. If you want to keep it free at the beginning you can say something like "we are free until 2016", but many people might avoid using you because there is no information on how much it will cost when you go out of beta.

slantyyz 1 hour ago 0 replies      
This is pretty great. It would be nice to see support for OneDrive for Business (Office 365) as well.
whizzkid 7 hours ago 2 replies      
Good idea!

And a small feedback;

- Please fix your scrolling on the page. It is not a pleasing scrolling experience.

- Slider interval is quick, kind of disturbs while reading, do not auto-slide at all maybe.

Edit: Sorry for not going into detail about scrolling.

I am using Chrome on Mac OS, and when i try to scroll on the main page, whoops!, I am at the end of the page, it feels like scrolling sensitivity is too high and i need to tap it once more to stop scrolling. It may give different experience with a mouse maybe but using touchpad gave me this experience.

jeremydw 8 hours ago 1 reply      
A friend of mine is on the team for Kloudless (https://developers.kloudless.com/). I haven't actually used it, but the marketing material tells of the same value prop as your project. Have any quick summary of the differences?
cloudrail 8 hours ago 3 replies      
Open for any feedback you might have ;)
cilantro1994 7 hours ago 0 replies      
Good idea. Where is the pricing information? For some reason if you cannot create a sustainable business will you open source it? Good luck with your endeavor.
jeromedoyle 6 hours ago 0 replies      
Your fontawesome icons are displaying as boxes. Looks like a CORS issue.
Code-Pointer Integrity [pdf]
8 points by mustapha  8 hours ago   discuss
A veteran teacher turned coach shadows two students for two days
124 points by MrMrtn  8 hours ago   23 comments top 6
vvpan 4 hours ago 0 replies      
I grew up and went to school in Russia, but spent my last three grades in the US. Both have their pros and cons, but some cons of the US system were very apparent.

1. In Russia I remember having eight classes a day only briefly and that quickly came to an end because having so many classes was considered to be close to child abuse. Six was the norm, sometime seven, but definitely not every day of the week. Here I had 9 classes every single day. I was not pleased at all.

2. The breaks between classes were only 3-5 minutes long in the US. Whereas in Russia they were 10-15 minutes. You can't socialize during 3-5 minutes you have to run to another class. Yes, you are less likely to "get in trouble", but getting in trouble is part of socializing.

3. Not really a problem with the schooling system, but the above two combined with living in the suburbs produces a great problem. You know you won't see any of the students for the rest of the day, unless your mom drives you to the mall or something. Socializing time is very brief during the school day, but really, that's all you've got...

Needless to say I hated going to the US school tremendously. Color me cynical, but I am somewhat surprised that there are not many more school shooting than there are now. Oh and I graduated more than a decade ago, so perhaps things have changed, but I doubt it.

Afton 5 hours ago 1 reply      
The three points from the article:

> [1] Students sit all day, and sitting is exhausting.

> [2] High School students are sitting passively and listening during approximately 90% of their classes.

> [3] You feel a little bit like a nuisance all day long.

People wonder why high school aged students are unruly, unpleasant, and filled with deep negative emotions (anger, disdain, need-to-rebel). I look at this list (especially [2] and the lack of autonomy that follows) and the reason seems really clear. The basic model seems broken.

Periodic 5 hours ago 3 replies      
I'd like to step back from this from a moment and get a little more abstract and ask if this idea of shadowing applies to software products (or any other business, really).

Has anyone really sat down and shadowed one of their users for a whole day? I know small usability studies are pretty common. You get someone in a room, ask them to perform some tasks, see what they do. But if you have an app that people are going to spend their whole day in, e.g. email, office suite, productivity, does anyone really sit down and shadow a user for a day?

There might be things you don't notice if you only do it for an hour or two, or is it just not the same when the user isn't required by an authority to be present?

Mithaldu 7 hours ago 2 replies      

  > In addition, there was a good deal of sarcasm and snark  > directed at students  > ...  > I realize that sarcasm, impatience, and annoyance are a  > way of creating a barrier between me and them.
From a european point of view that is something the entire us-american culture embraces and grapples with vigorously, to the detriment of interactions among themselves and with other cultures. It would make sense that this is started and reinforced in school already.

keeptrying 4 hours ago 0 replies      
Whats really amazing is that this experiment would have been a first of its kind in nearly 100s of years.

I personally think that our class based education systems are languishing at some 100 year based minima right now w.r.t effectiveness.

Present systems don't take into account:1. Most subjects require different modalities of learning. Teaching computer science via lecture format? seriously?

2. Students have different economic situations which usually means real demands on their time and attention. The system HAS TO cater to this to be more effective.

3. As the environment changes the teaching methodology has to change. Right now phones and tablets really inhibit concentration. So something to counter this would be effective for all other classes.

4. Schools primary function is a safe place to keep your kids. Their inability to accept this makes them stuff the day with classes.

gizmo686 2 hours ago 0 replies      
Regarding #1

>Students sit all day, and sitting is exhausting.

Doing any unfamiliar job all day is exhausting. There are plenty of other professions where sitting all day is the norm (like programming). Of course, most have the option of taking a stretch when they want to, but the only time I have seen people do this on a regular basis was for medical reasons.

In high school, I had an administrator (the dean of students) enroll in one of my classes for a year.

Show HN: An iOS app I made for my wife and decided to share: Just Puppies
16 points by maju6406  3 hours ago   1 comment top
yeukhon 31 minutes ago 0 replies      
Nice. But where do you get these photos? Do you pay to get them? Not sure about the copyright implication here, especially you are offering paid version.
Kaya: Declarative Reactive
62 points by david927  8 hours ago   29 comments top 8
hammerandtongs 2 hours ago 2 replies      
This really looks interesting, I'd love to _read_ more about it.

I have two major concerns after watching the video through.

First is the spreadsheet ui. Much of the drama and nonsense with bad spreadsheet programming is related to not having the _table_ as the primary data organizational tool. Data should be in labeled and typed columns not laid out in cells on the main sheet and then postfacto treated as coherent data.

I was more genuinely more confused by what you were trying to explain in the early part of the video because of the awkwardness of your spreadsheet ui metaphor. Ie as you were explaining the columns and rows, reordering etc around 4:30+ .

The spreadsheet should be just a layout medium for expression of A view of data tables.

Apple tried to fix this with https://en.wikipedia.org/wiki/Numbers_%28spreadsheet%29 but ymmv on how successfully.

Suggestion - experiment with using a graph (or just cards) with tables as nodes. Figure out how to use the edges to express the program coherently.

Your asteroids demo was nicely done but I would be very unhappy reading a medium size program with your current ui.

Suggestion - have tables only built as they are defined. Don't try to be too much like existing spreadsheets (though obviously some of your audience would like to see a very traditional spreadsheet ui).

My second major concern is that I think spreadsheets and spreadsheet programming would benefit from stronger typing. You seem to not be addressing that? As as an example from your video are people's children not people too?

How can we keep a money column from being used as someone's age etc (without a function in between)?

albertzeyer 5 hours ago 1 reply      
Is there anything else than the video? Some homepage or so? Is this an Open Source language or a commercial one?

I guess this is not related to this? http://kayalang.org/ http://en.wikipedia.org/wiki/Kaya_(programming_language)

SandroG 4 hours ago 1 reply      
After watching the video, I appreciate the potential of Kaya. I clearly see the benefits of the native many-to-many construct, and its unified data/instructions model.

I wonder if Kaya could store graphs efficiently, in addition to hierarchies. For example, can you have one table called Employees with a property Reports To, which references another Employee? In other words, can Kaya allow this: Employee.ReportsTo = @Employee?

vanderZwan 6 hours ago 0 replies      
I have a hunch that Lloyd's Algorithm[0] would make for a nice demo in this environment, automagically updating the voronoi cells every iteration until an equilibrium is reached. Although I don't know if there's an efficient way to implement voronoi cells in this paradigm.

[0] http://en.wikipedia.org/wiki/Lloyd%27s_algorithm

rdrey 4 hours ago 2 replies      
I'd like to see how this differs from what Chris Granger's Eve[0] will be one day.

His description of Eve is still very vague.

[0] http://www.chris-granger.com/2014/10/01/beyond-light-table/

fnordsensei 7 hours ago 1 reply      
Cool! This would be really interesting if immutability were the default to support time travel in queries and whatnot.
david927 8 hours ago 0 replies      
Skip to 25:00 for the demo
StefanKarpinski 6 hours ago 4 replies      
The HN title is total flame bait and does not match the actual post title on either LtU or Vimeo; a mod should really change it. It may also make sense to change the link to the Vimeo presentation as linking to the LtU discussion forces people to click through to see anything and is a little strange are we supposed to watch the video or read the LtU thread?
Modular, composable, typed optimizations in the tagless-final style
3 points by edwintorok  1 hour ago   discuss
Startup School Silicon Valley 2014 Live Stream
56 points by kevin  5 hours ago   31 comments top 13
dang 34 minutes ago 1 reply      
Since the live stream is sadly not working for most people, we downweighted this post. Somebody let me know if it starts working again! In the meantime, an HN user has been keeping live notes at https://news.ycombinator.com/item?id=8442712.
ashg 9 minutes ago 0 replies      
It seems to be working now. For those who are on linux/chrome, use the 'user agent switcher' and change it to either IE9 or Firefox15, it will then switch it to flash player.
pskittle 21 minutes ago 0 replies      
What's going on with the live stream? . It sucks that it had to happen when the whatsapp founder is talking.
arnorb 3 hours ago 0 replies      
xur17 2 hours ago 0 replies      
If it isn't working for you, try this in VLC player:


sgy 3 hours ago 5 replies      
Error loading player:No playable sources found
saganus 2 hours ago 1 reply      
Not working for me either.

Says "Error loading stream: Could not connect to server"m3u8 link for vlc doesn't work for me either :(

dharma1 22 minutes ago 0 replies      
was good for 10 mins.. oh well. looking forward to the recorded videos
journeeman 59 minutes ago 1 reply      
Since the live stream isn't working, will the recorded videos be uploaded later?
NickSarath 2 hours ago 0 replies      
Is Mark going to be attending this year's startup school?
lebek 3 hours ago 3 replies      
Why role their own live streaming tech when Livestream/Ustream seem to do a pretty good job? This stream is stuttering for me.. cutting out completely every minute or so.
staunch 3 hours ago 0 replies      
Live streaming this is a very nice thing to do. Thank you!
bruceb 22 minutes ago 0 replies      
is it down?
Using knitr and pandoc to create reproducible scientific reports
14 points by leephillips  5 hours ago   1 comment top
davecap1 5 minutes ago 0 replies      
Is there something like this for Python, other than iPython notebooks?

edit: just found a couple if anyone is interested (https://github.com/AndreasHeger/CGATReport, http://mpastell.com/pweave/, https://github.com/stdbrouw/python-literate)

Decrypting Android Snapchat images
58 points by fla  12 hours ago   54 comments top 13
the8472 6 hours ago 0 replies      
"Digital files cannot be made uncopyable, any more than water can be made not wet." - Schneier on DRM
quotemstr 11 hours ago 3 replies      
Nothing instills confidence in cryptographic code like the constants "bananas" and "seems legit...". I'd have hoped that anyone dealing with AES and block cipher modes would take the task a bit more seriously, even if the whole task is, in this instance, ultimately futile due to the lack of a trust root.
espadrine 12 hours ago 2 replies      
> The key is generated from an MD5 hash using the Android ID concatenated to the string 'seems legit...'.

That is a stellar decision. I wonder if there were application-specific constraints that prevented a more secure option.

habosa 3 hours ago 1 reply      
Snapchat does not take security seriously. I used the Gibsonsec description of the SnapChat API to make a Java Snapchat client called JavaSnap (github.com/hatboysam/JavaSnap). It has been used in many Android apps with close to 2M combined downloads (from what contribs have told me).

It was too easy. This is why things like 'The Snappening' happen (note: I never did anything evil like that, but it would not have been hard).

fidotron 6 hours ago 1 reply      
The fundamental problem here is application security in situations of rooted devices is non-existent. Android lacks mechanisms for apps to tell they're running as root too (as the root user could disable this) so you can't disable functioning on rooted devices. (Chrome OS does not have this problem, as the official builds are signed by a single authority).

Newer Android versions have support for hardware DRM modules which would allow potential for some sort of nasty workaround (which may involve transcoding any images into movies), but in the general case for the wider market it's not going to work yet.

Finally, this is also why the NFC stuff is generally accompanied by another isolated system, though I seem to recall early versions of that (like in the Nexus S) proved to be sidesteppable.

alecco 9 hours ago 0 replies      
This work was done within the Sadosky Foundation in Argentina under a new program to research/enhance security for mobile users. World renown researchers are part of the team. Kudos to them!
mukyu 8 hours ago 1 reply      
I don't understand why it says the IVs are unnecessarily stored as without them you could not decrypt the first block for each image properly.
jszymborski 7 hours ago 1 reply      
I don't know much about the Android environment, and I get that regardless you're storing keys in a hostile environment, but would using the Android KeyChain to store the passwords instead work?


higherpurpose 9 hours ago 1 reply      
If Snapchat is serious about its users' private messages, it should be implementing the Axolotl protocol for end-to-end encryption (what TextSecure uses, too). But Snapchat isn't serious about it, as we've seen in several securiy/privacy scandals involving the company so far, so I'm not going to hold my breath for this.


Pro tip for future chat app start-ups promising "security" or "privacy" or as the latest trend goes, "anonymity" for their users. If you can't really hold your end of the bargain, don't do it! Promise cute emoticons or whatever, instead. Hopefully there will be some class action lawsuits against companies like Snapchat, soon. They need to learn their lesson.

dpweb 9 hours ago 0 replies      
Lemme get this straight.. The password is hardcoded into Java code, so by decompiling it you can get that pw and break it? So essentially simple decompilation was all that was needed? That's weak.

What would have been some better alternatives to keep the encrypted files safe on the phone? Couldn't they have it call the server for a dynamic (safe) key?

jaimex3 9 hours ago 1 reply      
This is nothing, you can intercept the snap with wireshark and MITM:


ExpiredLink 10 hours ago 2 replies      
The end of Snapchat?

I cannot understand people who confide their privacy to companies like Apple and Snapchat. Of course their photos will be 'leaked'. It's just a matter of time.

wellboy 9 hours ago 3 replies      
How a company with $163M in funding is not able to put just a normal encryption into their app or hire someone who knows about encryption is out of my comprehension.

We implemented a standard Blowfish encryption in university at a small project on the side and it was better than that.

I'm by no means a cryptography expert, but you don't store keys on the device, they are generated dynamically. Storing them in a directory that seems like an unimportant directory is the most amateur mistake of trying to increase security, as it adds zero security.

       cached 11 October 2014 22:02:01 GMT