hacker news with inline top comments    .. more ..    1 Nov 2014 News
home   ask   best   3 years ago   
SpaceshipTwo crashes shortly after Mojave test flight
428 points by llamataboot  6 hours ago   226 comments top 27
mixmax 5 hours ago 11 replies      
What this weeks events show us is that space travel is hard. Really hard.

Most systems operate in extreme conditions, sometimes bordering on the improbable. Thousands, sometimes millions of horsepower in an engine smaller than a car, cryogenic liquids at -200 degrees celsius cooling a nozzle that is 3000 degrees celsius 5 millimeters away, heatshields designed to absorb obscene amounts of heat, the list just goes on and on.

Most people don't realize how hard this is. The physics, the engineering, the design.

Yet we have made great strides, especially over the last few years, and Virgin Galactic is a part of this. There is a new era of cheap spaceflight on the horizon, driven forward by fearless men and women that want to go to space no matter what the cost.

This is commendable, and is what drives the human race forward. Without these fearless men we wouldn't have gone to the moon. We wouldn't have explored the depths of the ocean. We wouldn't have flown the skies.

Today it appears we lost one of these fearless men, but he now rests in peace assured that others will take his place, that he was not alone in his longing to drive mankind forwards into the unknown, that his dreams live on to inspire others.

We have conquered the skies, and we will move on. Eventually we will conquer space and make it accessible to all mankind. A fearless man has given his life to allow us to some day leave the cradle that is mother Earth.

His ultimate sacrifice won't be in vain.

adamfeldman 3 hours ago 0 replies      
This is a time when you re-read Gene Kranz's famous speech to the flight control division after the Apollo 1 fire.

Gene Kranz is the gentleman sitting in the flight director's chair in the Apollo 13 movie, wearing the white vest. He helped create the Mission Control organization at NASA.

"Spaceflight will never tolerate carelessness, incapacity, and neglect. Somewhere, somehow, we screwed up. It could have been in design, build, or test. Whatever it was, we should have caught it. We were too gung ho about the schedule and we locked out all of the problems we saw each day in our work.

Every element of the program was in trouble and so were we. The simulators were not working, Mission Control was behind in virtually every area, and the flight and test procedures changed daily. Nothing we did had any shelf life. Not one of us stood up and said, Dammit, stop! I dont know what Thompsons committee will find as the cause, but I know what I find. We are the cause! We were not ready! We did not do our job. We were rolling the dice, hoping that things would come together by launch day, when in our hearts we knew it would take a miracle. We were pushing the schedule and betting that the Cape would slip before we did.

From this day forward, Flight Control will be known by two words: Tough and Competent. Tough means we are forever accountable for what we do or what we fail to do. We will never again compromise our responsibilities. Every time we walk into Mission Control we will know what we stand for. Competent means we will never take anything for granted. We will never be found short in our knowledge and in our skills. Mission Control will be perfect.

When you leave this meeting today you will go to your office and the first thing you will do there is to write Tough and Competent on your blackboards. It will never be erased. Each day when you enter the room these words will remind you of the price paid by Grissom, White, and Chaffee. These words are the price of admission to the ranks of Mission Control."

Video re-enactment by Gene Kranz: https://www.youtube.com/watch?v=9zjAteaK9lM

JanSolo 6 hours ago 7 replies      
This is very bad. Not just for the family and friends of the poor guy who died, but for commercial manned spaceflight in general.

SpaceshipTwo is considered the 'simplest' and 'safest' of all the upcoming manned commercial vehicle. It has many features that should help keep it reliable. For example, instead of a real liquid rocket engine, it uses a hybrid engine; it has almost no moving parts apart from a valve or two. No turbopumps or gimbals or much mechanical stuff to go wrong. It only goes suborbital, so it does not need a heatshield because there's no re-entry. The landing system uses wings & wheels similar to any commercial jet. This stuff is mature and tested.

In fact, the only novel thing about SS2 is it's wing-feathering system. It's lets the craft to descend vertically still under the pilots control. I wonder if (and this is complete speculation) there was a problem restoring the wings to their 'atmospheric' flight position which prevented them from landing normally.

The consequences for commercial manned spaceflight will be quite severe, I think. I imagine that many Virgin Galactic customers will cancel their pre-orders. The flight test program is dead in it's tracks at this point; even those who don't cancel will be unlikely to fly for many more years while investigations and improvements are concluded.Other manned providers such as SpaceX and XCor will likely be extra cautious before allowing people to fly in their vehicles.

The image of manned commercial spaceflight will take a hit. If the 'Safest' of the commercial vehicles can crash before it even enters service, I worry that many potential customers will be put off. It never hurts to remember that Spaceflight is a dangerous business.

It's a sad day to top off a bad week in spaceflight. :(

sounds 6 hours ago 1 reply      
While I can't imagine how tragic this must be for the families of the pilots, I just want to say that one of the pilots has given his everything for this cause: that one day we will not be a one-planet species.

For that alone, all involved are heroes.

zepolud 5 hours ago 5 replies      
Test pilots? In the 21st century?

I find it absolutely reckless and inexcusable to require live humans riding on a prototype rocket when you have all the processing power needed to automate/remote manage the vehicle literally in your pocket.

EDIT: To those downvoting, you should really check that all current spaceplanes have the capability to fly and land autonomously--Boeing X-37, Dream Chaser, even Buran was fully autonomous and that was 25 years ago. There is simply no excuse for Virgin for being sloppy.

lutorm 6 hours ago 2 replies      
Nasaspaceflight.com has reports saying one pilot has been found alive and another didn't make it.


What a terrible week. :(

uptown 6 hours ago 0 replies      
This person is claiming to report from the scene: https://twitter.com/spacecom
htormey 1 hour ago 0 replies      
I am really sad to hear about this crash. In case anyone is interested in the technology behind SpaceshipTwo here is a brilliant documentary about Burt Rutan, Scaled Composites and the development of SpaceshipOne:


The documentary includes a very touching interview with a test pilot.

larrydag 3 hours ago 0 replies      
This reminds of studying the Space Shuttle Challenger as part of my Engineering training at school. We studied it as part of an ethics in engineering lesson. The Space Shuttle labels certain components as "Criticality 1". A Criticality 1 component means there is no back up system and failure can lead to catastrophic consequences during Space Shuttle operation, especially at launch. As you may guess the O-rings on the Space Shuttle rocket boosters were graded as Criticality 1. The Space Shuttle had over 700 components graded as Criticality 1.


Space vehicles and space exploration is a very dangerous and high risk endeavor. This week we are unfortunately reminded of this fact. Thoughts go out to the families of the brave pilots and those with the Virgin Galactic program.

cek 6 hours ago 0 replies      
Condolences to the friends and family of anyone who may have perished in this event.

While this is a major set-back and bummer, at the same time it is far better that something like this happen during a test than during a commercial flight. Whatever the design, manufacturing, or process issues are, they will now be sussed out reducing the chance of a failure later on.

I sincerely hope this is not such a huge set-back that it totally derails Virgin/Scaled's approach as I love the fact that we have competing commercial concepts working at the same time.

Fuzzwah 6 hours ago 0 replies      
From https://twitter.com/virgingalactic

> Virgin Galactic's partner Scaled Composites conducted a powered test flight of #SpaceShipTwo earlier today.

> During the test, the vehicle suffered a serious anomaly resulting in the loss of SpaceShipTwo. WK2 landed safely.

> Our first concern is the status of the pilots, which is unknown at this time.

> We will work closely with relevant authorities to determine the cause of this accident and provide updates ASAP.

Lambdanaut 6 hours ago 0 replies      
The ship came down in pieces and there's debris littering the ground. It's not sounding like they all made it.


This is awful. I hope that problems like this don't result in more regulations and barriers to private spaceflight. It's about as dangerous of a job as they come and we have to expect companies will lose men. Every astronaut is a hero for humanity and progress.

8_hours_ago 6 hours ago 0 replies      
Here's some background after reading a little bit of Wikipedia...

- Virgin Galactic has ordered a total of 5 SpaceShipTwos from the aptly named "The Spaceship Company".

- There are 2 built, the VSS (Virgin Space Ship) Enterprise and VSS Voyager.

- Only the VSS Enterprise has been flown, so I assume that is the ship which crashed today.

This is a sad day, indeed.

llamataboot 6 hours ago 1 reply      
Most information seems to be on Twitter at the moment. Only official statement from Virgin is that the flight experienced an in-flight anomoly: http://www.nbcnews.com/storyline/virgin-voyage/virgin-galact...
jack-r-abbit 5 hours ago 0 replies      
With regular flight in regular airplanes being so common and safe these days, it is easy to forget the lives that were lost so many years ago when brave men and women were testing the new technology of the time. Always pushing for faster planes, longer flights, higher altitudes. Lives were lost every step of the way. But it got us here. Today. We can cross oceans in a matter of hours rather than days (weeks?). So we continue to push the limits. And lives are lost each step of the way. Will I ever reach space? It is possible... but not likely. But I see no reason why my children won't. And it will be all because brave men and women, like the man that died today, continued to push the limits.
winslow 6 hours ago 0 replies      
First image of the crash. Looks like one of the tail wings. Unfortunately it seems that one of the pilots did not make it.


Flemlord 5 hours ago 0 replies      
I was lucky enough to attend the first public flight of SpaceShip One; it was one of the most inspirational things I've ever witnessed. Very sorry for the family of the pilot who died and generally everybody involved.
ColinDabritz 5 hours ago 0 replies      
My thoughts are with the Virgin Galactic team. Spaceflight is difficult, dangerous, and I believe crucial to the future of humanity. Test piloting is always dangerous, more so with space vehicles, but that doesn't make it any less heartbreaking or impactful when you lose someone. I'm sure they will learn from this even as they mourn the loss.

Virgin Galactic, especially those you lost today, you have my deepest respect for Daring Greatly.

Aaronontheweb 4 hours ago 0 replies      
Innovation can't happen without risk - it's a damn shame that pilots lost their lives in this, but it's an inevitability in the course of human progress. Best we can do is learn from the mistakes that happened here and try again.
boxcardavin 4 hours ago 0 replies      
This highlights how important crew escape systems are. The issue isn't just crew survival, but also the effect that loss of crew has on the program. If crew loss is a real danger, it will happen, and after it does the PR often kills the public will to press on.
DiabloD3 5 hours ago 0 replies      
Can we get a black border on HN for this?
denom 4 hours ago 0 replies      
China launches 3 rockets in one week[1]. Russia launches a resupply of the International Space Station, ready to fly just 9 hours after yet another space vehicle crashes here[2].

Say what you want about "cheap spaceflight", there is something dysfunctional going on here. This latest disaster makes me wonder if the US even has a current capability of space flight. Pinching a few pennies isn't worth it.

[1] http://spaceflightnow.com/2014/10/27/china-launches-third-sp...

[2] http://spaceflightnow.com/2014/10/29/russians-launch-progres...

arjn 6 hours ago 2 replies      
Its very sad but inevitable. At this cutting edge of technology and human endeavour, accidents are bound to happen.
Icybee 5 hours ago 1 reply      
What crashed?

The mother plane part, or the spacecraft part?

dang 6 hours ago 0 replies      
Url changed from http://www.kerngoldenempire.com/news/local/story/d/story/spa... because this one seems to have more information. If there's a better url, we can change it again.
Crito 3 hours ago 0 replies      
No. Absolutely not.

The Antares flight used refurb-Russian engines, and Antares could not be used for manned flight anyways. Even if Antares was flying great, the US would still depend on Russia for rides to the ISS. If the Russians wanted to sabotage something to make sure that the US remained reliant on them, it would be one of the launchers that will be used for manned flights in the near future; Atlas V or Delta IV (CST-100) or Falcon 9 (Dragon 2).

Virgin Galactic threatens approximately fuck-all of what the Russians do. Their spacecraft cannot bring people into orbit. In no conceivable way did Space Ship Two make the US any less reliant on the Russians.

whitehat2k9 1 hour ago 1 reply      
Another symptom of the United States' inability to compete in STEM.
Immutable.js Immutable Data Collections
69 points by swah  2 hours ago   11 comments top 6
ScottBurson 1 hour ago 0 replies      
> The difference for the immutable collections is that methods which would mutate the collection, like 'push', 'set', 'unshift' or 'splice' instead return a new immutable collection.

I think this is an unfortunate design decision which should be reconsidered. Functional operations should have different names than side-effecting operations. In general, I think that while side-effecting operations are commonly verbs, functional operations should be nouns or prepositions.

Particularly in a language without static types, you want to be able to look at an unfamiliar piece of code and see pretty quickly what types it is using. The semantics of mutable and functional collections are similar enough that using the same names is going to be very confusing, particularly in code that uses both kinds of collection -- and such code will definitely exist.

It's important that the names convey the semantics of the operation. Java's 'BigInteger' is a good example of this being done wrong -- the addition operation is called 'add', for example, and I have read that some newbies call it without assigning the return value to something, expecting it to be a side-effecting operation. I think that if it were called 'plus', such an error would be much less likely. We're used to thinking of "a + b" as an expression that returns a value, rather than an object with state.

I understand that introducing new names has a cost: people have to learn them. But keeping the old names is going to drive users nuts. If you won't change the names altogether, at least append an "F" to them or something.

EDITED to add: if you want some ideas, check out FSet: http://www.ergy.com/FSet.html

Havvy 1 minute ago 0 replies      
So, how does this compare to Clojurescript's Mori?
ebabchick 28 minutes ago 2 replies      
Random observation -- what's up with almost 20 of the 24 'contributors' to this project mostly having made 1 edit changes to the README? Is this some kind of pervasive Github resume padding scheme that I'm just now picking up on? (it will show the repo in the "Repositories contributed to" section of your profile even for just those 1-line README edits)


jypie 1 hour ago 2 replies      
What is the benefit of having immutable variables that are just fake-built at runtime? At compile time, knowing some variables are constant and will not change would give the interpreter/compiler a lot of optimization chances but does this apply the same at runtime as well?

the website says "efficiency" because immutable variables wouldn't need to be deep copied but would the deep copy operations be that frequent in JS?

nawitus 1 hour ago 1 reply      
Was this really hosted on Facebook initially? I remember this library before May, which is the date of the initial commit.
oahziur 1 hour ago 0 replies      
Even with 2FA, Google accounts can be hacked with just a phone number
68 points by philipn  2 hours ago   42 comments top 18
jasonisalive 1 hour ago 0 replies      
I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous.

We use computer monitors which customers face from the same angle as us. I'm sure someone thought it would make the retail scenario more inclusive, but security-wise it's a mess. I can't verify account details without pulling up those same details for the customer to see. So I ask people for their details, click the button, and cross my fingers that they're right. If they're wrong, what then? They might legitimately not have known whose name it was under. It might be under their dad, mom, partner or business' name. Doesn't matter, the system has absolutely no design affordances to allow multiple people various levels of security privilege in accessing and altering accounts which are used by more than one person.

Furthermore, we have no organisational clarity about access privileges. Everyone makes up their own standards. Some people in the company are very strict, and won't do a SIM swap without photo ID or full ID over the phone. Some people will do one if the customer quotes the same last name and could be theoretically the account-holder's child. But does it matter when any customer can easily find out name, DOB and address from coming in store, then call up and get the SIM changed over the phone? We do have account PINs but very few people set them. And you could find it out in store if you were sharp-eyed.

There's a constant tension between providing a good customer experience and protecting security and privacy. But our commission is based partly on customer experience feedback scores - and if you're the one asshole who tries to follow all the rules (or follow what you decide should be the rules, because there aren't any haha) then you're gunna get a) bad feedback and b) alienate and make life difficult for the majority of ambiguous security events, which I'm sure are 95-99% trustworthy people.

Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number. All you'd notice was that your SIM stopped working. It would all be too late by the time you'd gotten a new one re-activated - and you're still vulnerable.

I'm not sure what telcos are like in other countries but I doubt much better.

penguindev 2 minutes ago 0 replies      
This article is conflating two things:

- two factor login (you need password + sms text)

- account recovery (using only a phone) THIS IS DUMB.

I only use an alternate email for recovery (my wife and I cross). Thus, each recovery account is still 2FA secured.

There's already been a story floating around about a young kid charging his dad's credit card because of the phone recovery option (he had the android phone in this case). This is NOT the same as 2FA auth.

abraham 1 hour ago 1 reply      
Disable SMS for 2-step and SMS for password resets and use a 2-step mobile app.


andmarios 23 minutes ago 1 reply      
What strikes me most in these stories, is how you always have to find some higher ranking company employee through personal connections in order to get a tiny possibility to take your account back.

These companies build on their users but, when their users need them, they betray them.

thetrumanshow 1 hour ago 1 reply      
This just happened to me. The same timeframe, the same vector of attack, but a different target. They wanted my Twitter handle. Fortunately it was an old handle that Twitter had locked down and was not transferable. The hacker succeeded in making me lose my handle for a few days, but some friends came to my aid and I was able to get resolution through Twitter support.

My telecom company was helpful at first, but then we began to see circle-the-wagons behavior from them. We were at least able to get the call forwarding off of the account, but they would not tell us any details about what had happened on the account.

Until your story (and even now) I'm not exactly sure if my hacker had been able to forward the text messages or simply routed the phone call to his phone and using Google's password reset process was able to get a robo call to accomplish the same thing.

All of this is seriously making me consider creating my own 2FA service, only slightly better.

One quick recommendation I would add would be to put a passcode on your account with your mobile provider. Just call them and say "I'd like to add a passcode to my account", so you can at least add one extra layer of security there.

willscott 18 minutes ago 0 replies      
This is a good reminder that your phone may not be as secure as you think. In many countries governments are able to get access or ask for this type of change to be made from the national telco's.

The reactions you can take at the moment are to use a mobile App, (or preferably a security key!) rather than SMS backup, and if You're feeling especially uncharitable to your phone company, change the backup number google makes you enter to a google voice number rather than that of your actual phone - creating a circular situation where it can't really be used as a method for account recovery / hijacking.

psgbg 2 hours ago 1 reply      
Well I heard from a friend of mine that in Argentina the cellphone provider can access to your info.

The case was this one. He was cheating her girlfriend, a friend of her accessed to my friend's text messages log, saw the evidence, and told to the gf about it. Apparently, but I never confirmed this, the friend (the one who read the messages) worked in the cellphone provider of my friend.

Since then I know I can't trust in my cellphone ever again, but I always was suspicious about this could be possible.

iLoch 48 minutes ago 0 replies      
This is precisely why I thought Digits was such a terrible idea (check my comment history, it's there.) SMS is so incredibly insecure that anyone relying on it should not consider themselves security savvy. SMS TFA is lipstick on a pig. Cellphones are so cheap these days, they should all come with a TFA app pre-installed. I'm also not too keen on websites making it so easy to change your username. The story of @N on Twitter comes to mind. Is anyone working on Digits without the SMS part?
fiatpandas 42 minutes ago 0 replies      
Incredible the lack of barriers in place for adding a forwarding number to a cellphone account. Maybe the attackers got the last 4 of his CC from a hacked set? Or maybe the same for his social. And from there they were able to authenticate with the telco rep
tracker1 1 hour ago 0 replies      
Wild.. you know, using google voice for a number of years, I switched to using mvno operators for my cell phone a few years back... Now, I'm glad they don't allow call forwarding on those accounts.

Though it seems like a lot of work, It's hard to imagine going through this... with a similar mindset.

TimWolla 58 minutes ago 0 replies      
This story sounds like a djvu: https://news.ycombinator.com/item?id=7141532
jcfrei 1 hour ago 1 reply      
This leaves so many open questions. Foremost: How did they guess his GMail password? Is there a way to access GMail without knowing the password? Ie. by sending a reset password per SMS?
gear54rus 1 hour ago 1 reply      
Interesting, so adding 2FA actually decreased security... Well shit. Interesting case that shows just how unpredictable such things can be.

As far as I understand, though, 2FA increased the attack surface in this case. A web interface itself still remains impenetrable, doesn't it (know your hard-to-guess password and you should be fine)? Mobile provider was the weakest link and any system is as secure as its weakest link.

NeatoJn 1 hour ago 0 replies      
voicemail, then call forwarding, i wonder what is the next. People often ignore many of the service settings and leave them as is (me as well), which potentially creates chances for intruders.
jeffjia 38 minutes ago 0 replies      
The browser "back" button for the website is broken...
teacup50 59 minutes ago 0 replies      
This is why "2FA" is supposed to actually be two factors. If you're using a phone number for 2FA, then authentication still boils down to the same thing: Something you know.
davidu 1 hour ago 0 replies      
There is always a weak link. Ugh.
higherpurpose 1 hour ago 2 replies      
This is why I always recommend against using SMS-based 2-factor. Without even doing any serious research, it seemed pretty obvious to me from day one that at the very least someone like NSA/FBI could forge your number somehow with or without the carrier's help, but there's also the potential for other attackers to do it, too.

Call forwarding didn't even cross my mind, but it just goes to show how ridiculously broken SMS-based two-factor authentication really is then, and even worse than I thought.

Ideally what I'd want is an NFC ring or a smart band/watch that can use FIDO's U2F or a similar protocol that works through NFC, to do 2-step verification for me.

Japanese zoning
100 points by nkurz  4 hours ago   28 comments top 7
WildUtah 3 hours ago 3 replies      
It's worth nothing that bigger cities in most first world countries generally have more expensive housing, rent or buy. Wages rise in bigger cities, too, but not as fast as housing prices.

Sometimes we're told that it's a natural result of city living, sometimes we're told that without high rise apartment density, it's inevitable. Tokyo has 35 MM people, almost double the second largest first world city (Seoul, 21 MM), and has housing prices to income ratios far lower than London, New York, or Los Angeles. [0]

Tokyo has very few high rises, medium density (150/hectare or 40k/mi^2)[1], low traffic, quiet streets, and mostly single family residential homes. What it doesn't have is low density suburbs (everyplace is medium density), mandatory free parking, or a street grid that serves much car traffic.

There are eight first world cities over 10MM people and their housing to income ratios roughly run like this:

(Middle class people can easily buy homes)Osaka/KyotoSeoul Mexico City Tokyo(Things start to get really expensive)ParisLos AngelesLondonNew York(Insanely expensive)

Japanese zoning has a lot to be proud of. If Nagoya were a smidgen larger, Japan would dominate the liveable and affordable part of the list even more.


[1] SF is about 70/ha incl. parks, Manhattan 260/ha, Paris (20 arrondissements) 210/ha

mrschwabe 4 hours ago 1 reply      
The difference in zoning practices is super evident the moment you walk down any city street in Japan for the first time. In Japan, there are little shops and mom & pop restaurants on just about every street corner amidst even the most heavy residential areas. In many cases, the business owners live in the dwelling above.

As a north american, I found this odd initially; but came to really appreciate it given all the excellent options for eating nearby!

mattm 29 minutes ago 0 replies      
From the chart, I probably live in a Neighbourhood Commercial Zone which is weird for me coming from Canada. There are small factories making sheet metal or agricultural products right next door to or across the street from someone's home.

I live in a city of 400,000 people. The sheet metal factory has been in business for 65 years so I'm guessing that they were here first and as the city grew, the area was designated as a Neighbourhood Commercial Zone so they could stay but allow houses to be built since it is close to the centre.

Some other weird things in my area:

- there will be 3-4000 sq ft mansions and then down the street there are people living in basically what amounts to something a little bigger than a shack

- there is one new house near me that was literally built in a parking lot. It is surrounded on 3 sides by a parking lot and the back side faces right onto an apartment building.

- another house comes directly up against a graveyard

desdiv 4 hours ago 0 replies      
I was as giddy as a school girl when I read the phrase "euclidean zoning", but alas, it has nothing to Euclidean geometry:


JDDunn9 1 hour ago 0 replies      
It's unfortunate that zoning laws seem to keep us far away from our food and nature. The inventor of the skyscraper intended it to allow for high population density and be surrounded by nature. China's trying to do this with Sky City, but it would be hard anywhere else.
abandonliberty 2 hours ago 1 reply      
Japan has some of the most awesome architecture as house resale value is extremely poor.
sfall 3 hours ago 2 replies      
Zoning on a national level in the US would be horrible. I bet it can have some draw backs in Japan when you are trying to get something rezoned.
273 points by connoratherton  8 hours ago   47 comments top 24
thedz 6 hours ago 0 replies      
Hey! Guy who did the Polygon PS4 and Xbox review SVG animations here.

This is really great stuff; has a super friendly API to boot.

FWIW, we also released a generalized library for some of the things we were doing WRT frame-based and duration-based animation:


(Reason being that for some animations, we wanted it to finish in a precise amount of time, but for others, maintaining frame rate was paramount, even if total elapsed time was longer)

sergiosgc 7 hours ago 1 reply      
The current link does not work for me (Firefox 36.0a1 on Debian). The correct content seems to be here: http://connor-personal.herokuapp.com/walkway

Why doesn't it work? I imagine it's this funky DNS config:

  sergio@sergio-laptop:~ > dig www.connoratherton.com  ;; QUESTION SECTION:  ;www.connoratherton.com.INA  ;; ANSWER SECTION:  www.connoratherton.com.3529INCNAMEhttp://connor-personal.herokuapp.com.  http://connor-personal.herokuapp.com. 229 IN CNAME us-east-1-a.route.herokuapp.com.  us-east-1-a.route.herokuapp.com. 55 INA50.19.235.218
This is not valid CNAME content. Does this work on some browsers???

scott_karana 6 hours ago 5 replies      
Firefox 33.0.2 on OSX 10.9 here.

It renders well if the tab is in focus (fantastic work!) but there's a bug: if I open it in a tab in the background, and visit it later (after the animation would have completed?) I see only a nearly-blank page. Confused me for a bit, as I open mass-tabs here on HN...

connoratherton 7 hours ago 1 reply      
Sorry guys, I really didn't expect this much traffic. I still have to do some compatibility testing, I'm aiming to do it this weekend.
sighlent 4 hours ago 0 replies      
I made this http://grayarea.org/theater/ after being inspired by the Polygon animations.

I'm using Two.js https://github.com/jonobr1/two.js to do the SVG interpreting and processing.

yblu 3 hours ago 0 replies      
This article by Jake Archibald does a good job of explaining the underlying mechanism used by libraries such as walkway.js: http://jakearchibald.com/2013/animated-line-drawing-svg/.
jakelear 7 hours ago 0 replies      
Hey Connor, awesome work. You would have saved us a lot of work had you created this a year ago ;)
thrush 6 hours ago 1 reply      
Really silly request, but could someone provide an implementation where I can just drop in an svg and it would have this effect? Please, and thank you.
olso4052 5 hours ago 0 replies      
Very nice. It's funny, I keep clicking on these 'new JS library' links thinking, oh geez, not another one... but then I leave thinking, wow, that is very impressive and super useful.
TheAceOfHearts 7 hours ago 0 replies      
If I open this in a tab and wait a while to go there, it never plays the animation.


chadillac 8 hours ago 1 reply      
Nice work, looks great.
liminal 7 hours ago 0 replies      
This seems like an awful lot of code for animating the path's strokeDashArray and strokeDashOffset attributes. Especially if you're already using another library with built in transitions, such as D3 or even jQuery.
lnanek2 6 hours ago 0 replies      
make sure to leave and come back/hit refresh etc to try to get the animation to fire. looks cool, although there was nothing on the screen the first time i went to the tab on Chrome/MacOSX
drunken_thor 7 hours ago 0 replies      
it seems that it doesnt run if I open this in a new tab and stay on the current page but if I reload the page it works (all done with chrome) Seems like a page focus event gone wrong
coob 7 hours ago 0 replies      
Cool! We've been using a similar technique in our in-app sales page, also inspired by the Verge articles. I'll upload a video when I get a chance.
Mithaldu 8 hours ago 2 replies      
On my machine the animation never plays in Opera 12, and in Chrome and Firefox the black color is never applied.
S4M 8 hours ago 0 replies      
"server not found".

I don't know if HN crashed the server or if there is some irony involved.

erex78 7 hours ago 3 replies      
How would somebody do this w/ D3? Are there any similar bl.ocks that anybody knows about?
mintone 6 hours ago 0 replies      
--"I loved the animations for the polygon ps4 review a few months back and decided to create a small library to re-create them."
rmtutty 7 hours ago 0 replies      
Site's not available?
jh47 7 hours ago 0 replies      
Works great for me on Safari 8 (Yosemite)!
ChrisArchitect 7 hours ago 0 replies      
was gonna ask if inspired by Verge/Polygon console reviews from awhile back... nice.
cdnsteve 6 hours ago 0 replies      
Should be called Hawt.JS
jerrysievert 7 hours ago 1 reply      
not working in Safari with Yosemite.
A Programming Language for Games: Demo [video]
30 points by GuiA  2 hours ago   6 comments top 2
Betelgeuse90 1 hour ago 0 replies      
A bit of context without even watching the video:

This dude nearly single-handedly made Braid, and is now working on a really cool 3D title that's well into its development.

jzila 1 hour ago 1 reply      
This talk is way too long and not very information dense. I jumped through it a little and liked what I saw, but I was wondering if anyone had a link to a white paper or an overview that could summarize the language features.
Judge Rules Suspect Can Be Required to Unlock Phone with Fingerprint
51 points by dustinfarris  3 hours ago   31 comments top 15
jaunkst 0 minutes ago 0 replies      
I suspect that future idealologies of what is considered to being an extension of ones personal being will be challenged.
DigitalSea 2 hours ago 2 replies      
It was bound to happen. You can view the fingerprint reader on the iPhone and other phones like the Samsung Galaxy S5 which feature fingerprint readers as having made it easier for law enforcement to get into your phone.

I would not be surprised if the fingerprint scans the police take from you down at the station or the ones you give up when entering a US airport when travelling from another country could be used to open up a fingerprint protected phone in the near future.

No matter what anyone says, the fingerprint reader is convenience, not extra security.

serf 2 hours ago 1 reply      

"One of the contest's organizers, Washington D.C.-based security researcher Nick de Petrillo, scanned his penis with TouchID and then used it to unlock his phone. He announced his success on Twitter on Saturday (Sept. 21) and fellow security researcher Andrew Ruef replied "Now no one will ever, ever steal your phone. [Is this] the secret to the correct use of TouchID?" "

Future HN headline: "Judge Rules Suspect Can Be Required to Unlock Phone with Penis"

remarkEon 5 minutes ago 0 replies      
Anyone find a link to the actual ruling? I'm sort of tired of seeing these ad hoc write ups. I need to see what the judge actually wrote.
suprgeek 31 minutes ago 0 replies      
If he still wants to ensure that the Cops should actually have to do more work despite this decision, then there are four possible outs:

- If Touch ID hasn't been used in 48 hours, you'll need to enter your passcode or password to re-enable it.

- If your iPhone has been rebooted or reset, you'll need to enter your passcode or password to re-enable it.

- If a fingerprint isn't recognized 5 times in a row, you'll need to enter your passcode or password to re-enable it.

- If a remote lock has been sent via Find my iPhone, you'll need to enter your passcode or password to re-enable it.

Remote lock - or delay for 48 hours - or - give the wrong finger 5 times in a row - or get the phone reset/Rebooted

(careful of contempt of court - there few things more unstoppable than a pissed-off Judge with contempt powers)

rayiner 41 minutes ago 0 replies      
Not surprising if you think about the law. The historical bent of the Anglo-American legal system is that courts have very expansive powers to facilitate the collection of evidence. The 5th amendment is a specific limitation to this power, which prohibits compelling a person to serve as witness against himself. Taken literally this is a very specific limit, but has been construed expansively. But a physical action like unlocking a phone with a fingerprint is not testimonial at all.
DevX101 2 hours ago 1 reply      
emergentcypher 1 hour ago 0 replies      
Having your fingerprint as the key is no different than having a physical key. Which the police can steal and use. It's not in your head, so there is no 5th amendment protection for self-incrimination. I only see it being useful as an additional factor in multi-factor auth.
pseudometa 47 minutes ago 0 replies      
"Broccoletti believes police still may be unable to unlock the phone because it should require a password, in addition to a fingerprint, once it has been shut off."

What a great ending to the story.

andreyf 2 hours ago 1 reply      
> Baust will head to the police station on Monday morning [to comply with the ruling], but [his lawyer] believes police still may be unable to unlock the phone because it should require a password [demanding which is unconstitutional], in addition to a fingerprint, once it has been shut off.

Am I naive for thinking these technicalities are really silly? Is not the goal here to establish whether accessing and searching one's phone is fair game at some point in an investigation / trial?

deadgrey19 1 hour ago 2 replies      
"providing fingerprints and other biometric information is considered outside the protection"

Is it just me, or is there a contradiction here? I'm happy to provide you with a finger print (in ink), but that in itself is not enough to unlock the phone. You need my live hand attached to my live finger.

I think the problem here is that it is an oversimplification to call it a "finger print".

dkopi 2 hours ago 0 replies      
"But providing fingerprints and other biometric information is considered outside the protection of the Fifth Amendment, the judge said."

Which is why 2 factor authentication is so important.

orbitingpluto 1 hour ago 0 replies      
So now having eczema qualifies you to be in contempt of court?
edwhitesell 2 hours ago 1 reply      
I'm surprised it took this long to come to a legal decision.

A fingerprint is a means to identify someone, not a security mechanism (like a password).

blazespin 2 hours ago 1 reply      
Just use the wrong finger.
Eleven countries studied, one inescapable conclusion the drug laws dont work
46 points by evo_9  2 hours ago   8 comments top 4
noonespecial 1 hour ago 2 replies      
I suspect they work just fine, its what they are actually supposed to do that most people are unclear on.

I'm not quite tin hat enough to think that they were actually created for these purposes, but I do think they've stabilized on a sub-optimal local maximum where the general populace is complacent because they feel like "something was done" about those awful (counterculture) drugs and they laws themselves have become broadly useful to the political class for all sorts of reasons that have nothing at all to do with the reality of drug use on the street. So here we sit. It will take substantial political force to budge off this local maximum point.

jpmcglone 1 hour ago 0 replies      
I wish Singapore was part of the study. I think generally, drug laws do not 'work' (by work I mean, it doesn't stop people from doing drugs and in many ways it probably gets them into situations to commit crimes not related to drugs), but I'm curious how much the study would have been thrown off by Singapore's results.
click170 1 hour ago 1 reply      
Drug laws aren't supposed to stop people from using drugs, and that hasn't been the goal for a while now.

The goal is to give them a reason to request military-grade toys, and to give them a "reason" to use said military toys despite not being in a war zone. Their thinking (perhaps correctly) is that if they don't use it, they'll lose it.

And this is before we consider lobbying of the for-profit prisons who are literally trying to have innocent people thrown in jail. (0)

(0) http://en.wikipedia.org/wiki/Kids_for_cash_scandal

lifeisstillgood 44 minutes ago 1 reply      
I am genuinely interested in knowing how we go from here to there. Alcohol for example after prohibition - what was the transition from illegal to legal like. Did more people drink suddenly? What organisations sprang up to legally manufacture and distribute? Where the mafia still involved?

Saying "decriminalise" is all good - but if at any point in the supply chain we dip into the underground market we shall not escape the violence and control of crime. So are there plans for movin from prohibition to open market?

How L1 and L2 CPU caches work, and why theyre an essential part of modern chips
27 points by nkurz  4 hours ago   2 comments top 2
userbinator 8 minutes ago 0 replies      
In the late 70s/early-to-mid 80s memory was actually faster than the CPU, and this is partly what motivated the RISC philosophy - at the time, instruction decoding was the main bottleneck and there was plenty of memory bandwidth available so it was a good idea to design CPUs to make better use of that. Now that it's the exact opposite, and we have multilevel caches, I wonder how different CPUs would be today if the engineers back then had realised that their surplus of memory performance would be very short-lived and cores would become faster while latencies to access memory continue to increase, and designed for this long term situation.
ganzuul 1 hour ago 0 replies      
ARM is using L3 cache as a DMA-like interconnect, on the SoC side of things.
F.C.C. Considering Hybrid Regulatory Approach to Net Neutrality
21 points by gordon_freeman  2 hours ago   6 comments top 2
dbrower 19 minutes ago 0 replies      
Awful. Instead of throttling Netflix at the backbone level, they'll do it in the local loop.

A single, neutral regime is the only viable one that doesn't mess things up.

The trick is how to NOT turn title II into a highly regulated service like the POTS loop, but into one the encourages competition within the bounds of traffic neutrality.

adventured 1 hour ago 2 replies      
It's striking that Comcast so thoroughly dominates the US Government that the FCC has to approach 'solutions' from the position that they have to route around Comcast.

Hybrid systems always lead to a worst of both worlds outcome. Such systems are always designed not with excellence in mind, but with placation in mind. Someone with influence threw a tantrum at the proper solution, so the hybrid was introduced as a way to pacify them.

This is not how you lead the world in Internet connectivity and deploy universal gigabit+ broadband with no tax on Internet services (ie what we should be aiming for).

At Penn, students can get credit for Wasting Time on the Internet
72 points by jkopelman  5 hours ago   18 comments top 8
hxrts 4 hours ago 3 replies      
It's worth taking a look at the instructor, Kenneth Goldsmith's, bio[0]. He's one of the founders of UBUweb and MoMA's first poet laureate. He also had a recent interview with Stephen Colbert where they talk about his new book which consists of live television and radio transcripts of the moment announcers found out about major events in US history (JFK's assassination, 9/11, etc.) as a study on the language of improvisation.[1]

[0] http://en.wikipedia.org/wiki/Kenneth_Goldsmith

[1] http://thecolbertreport.cc.com/videos/5tqazj/kenneth-goldsmi...

AdmiralAsshat 4 hours ago 3 replies      
Worth noting from the course listing that this is an English/Creative Writing class, not a Computer Science class. So I imagine you would be writing papers about wasting time on the internet rather than actually doing so.
filmgirlcw 3 hours ago 0 replies      
I love this. I unsuccessfully tried to get my University to let me create my own major in Pop Culture back in 2005. A decade later, it's an actual option for comms students now.

Also, I bet doing well in this class will be much harder than it appears.

anmonteiro90 2 hours ago 0 replies      
I suppose we'll have some post-course experience shared on the internet, but I fail to see the point of the course only from the news article. Maybe I lack creativity?

Although I agree that "[...] the Internet is actually making us smarter.", I wonder what will students write after a semester of 3-hour weekly lectures surfing the web.

jaredmcdonald 4 hours ago 0 replies      
Kenny Goldsmith [0], the guy who teaches this class, has done a lot of thinking about internet-based poetics... highly recommend his book "Uncreative Writing"[1] for those interested

[0] http://en.wikipedia.org/wiki/Kenneth_Goldsmith

[1] http://www.amazon.com/Uncreative-Writing-Managing-Language-D...

SandersAK 2 hours ago 0 replies      
This could also read:"At Penn, students get credit for going to college."
higherpurpose 3 hours ago 0 replies      
But that sounds like work.
dang 5 hours ago 1 reply      
The WaPo article provides so much more info that we changed to it from http://www.english.upenn.edu/Courses/Undergraduate/2015/Spri..., even though the latter is an original source.
NSA Phone Surveillance Faces Fresh Court Test
25 points by christianbryant  2 hours ago   2 comments top 2
jdp23 1 hour ago 0 replies      
This is an appeal of Klayman vs. Obama, where Judge Leon ruled last December that "[b]ulk telephony metadata collection and analysis almost certainly does violate a reasonable expectation of privacy," which, in turn, likely results in a violation of the Fourth Amendment.[1] This is probably the biggest win so far in this round of NSA cases, although EFF and ACLU also have complementary lawsuits in progress. The government's arguing that Klayman doesn't have standing because (they say) it's extremely unlikely his metadata would ever be viewed by a human being, as opposed to just recorded and analyzed.

This is by the way the same Larry Klayman who's suing the federal government arguing that the current Ebola screening procedures open the door to ISIS suicide terrorists. [2] Strange bedfellows. Indeed.

[1] https://www.eff.org/deeplinks/2013/12/historic-ruling-federa...

[2] http://www.washingtonpost.com/blogs/the-fix/wp/2014/10/14/la...

lsiebert 2 hours ago 0 replies      
There is a paywall if you go to the link directly. Try going throughhttps://news.google.com/news?ncl=dkcZSdqad8lGX_MN3eau-UDuh7y...

Which worked for me.

Show HN: Install on DigitalOcean button for open source apps
228 points by timmorgan  10 hours ago   42 comments top 16
timmorgan 10 hours ago 0 replies      
Hey everybody. I built this small Sinatra app because I wanted a simpler way for people to install my software OneBody[1] on DigitalOcean.

I'm not sure my little VPS will hold up under the strain of HN, but you can see the app in action at http://installer.71m.us and even use it to install itself (how meta!) on DigitalOcean.

This uses the new MetaData[2] feature of the DO API to pass a config string to be processed by CloudConfig[3].

Once that is done, there is a small bit of code running on the VM to tell this app when the install is finished so you get a progress bar while you're waiting.

To be clear, DigitalOcean is doing all the real work -- this app simply acts as a hand-off between your app.yml config file on GitHub and the DigitalOcean API.

[1] https://github.com/churchio/onebody

[2] https://www.digitalocean.com/community/tutorials/an-introduc...

[3] https://www.digitalocean.com/community/tutorials/an-introduc...

andrewsomething 10 hours ago 0 replies      
Love it! This is the exact type of thing that we hoped would come from providing the MetaData service.

Please submit it to our projects page so we can highlight it:


swanson 10 hours ago 2 replies      
I'd be interested in adding this button once it gets offical support from DigitalOcean.

I added the Heroku Button[1] to a self-hosted OS app I wrote[2] and it seems to be useful (over 100 "recent deploys" per Heroku). It would be great if there was some affiliate commission as well - if someone signs up for a VPS to run an app, would be awesome to get a small kickback from DigitalOcean.

[1]: https://buttons.heroku.com/

[2]: https://github.com/swanson/stringer

diminoten 4 hours ago 0 replies      
How are you planning on handling support for this going forward?

I have no specific need, I'm just always curious about how folks transition from, "I have a neat idea" to "I want my neat idea to work for most people".

level09 9 hours ago 0 replies      
I have written something similar, it deploys Enferno (enferno.io) a flask based app on ubuntu (not necessarily digital ocean)

it's an ansible playbook that configures the server and installs all requirements, and sets up nginx, python for you.

whoever is interested, here is the source code:


hunvreus 9 hours ago 0 replies      
Very neat. We did something very similar with the devo.ps button, allowing you to define configurable settings: http://devo.ps/blog/deploy-your-meteor-apps-on-digital-ocean...

We have yet to properly document the feature, but we've used it in a few places already.

gohrt 7 hours ago 1 reply      
Something Something WebIntents.

Why is "DigitalOcean" a choice made by the app, instead of by the user? Can there be a standard for this sort of installation metadata?

thisismitch 10 hours ago 0 replies      
Great use of OAuth, API, and user data!
mbertrand 9 hours ago 0 replies      
This is very cool, nice work!
bhhaskin 10 hours ago 2 replies      
I like the idea, but runcmd could be dangerous as well as setting sudo permissions.
alex_chang 8 hours ago 1 reply      
I'd definitely fund a company based around this.
acron0 9 hours ago 0 replies      
Will definitely use :)
phalgun_g 10 hours ago 0 replies      
This is quite cool.
zwischenzug 9 hours ago 2 replies      
Why not just use docker for this? Then you can install anywhere that has docker.
nodata 9 hours ago 3 replies      
Does this kind of go against the spirit of open source?
How long do GUIDs really need to be?
109 points by adamschwartz  7 hours ago   71 comments top 18
xenadu02 5 hours ago 5 replies      
This seems like useless optimization that has a high probability of biting you in the ass later on.

Using the standard UUID generation facilities in your OS of choice there's zero chance you get something wrong and screw yourself.

UUIDs are great because we can pretty much guarantee global uniqueness. Acquire a company, decide to integrate with someone, need to merge a database, etc? No problem, zero chance of record collisions no matter what happens in the future. (It also means zero chance of accidentally interpreting record #58274 as type A when you meant type C).

Furthermore, a 1 in 1 million chance of collision is far too frequent for my liking, but even if it were acceptable what happens when your service/product becomes far more popular than you imagined and you blow through your initial estimates?

ColinWright 7 hours ago 0 replies      
This is interesting, but it plucks from nowhere the equation for the chances of collision. Here's my write-up of where that comes from:


It's intended to be gentle, but a few people have said it's a bit quick in places. I'd appreciate any feedback.

Added in edit: I've submitted it as a separate item - it's been a few months since it was discussed here.


perlgeek 6 hours ago 1 reply      
You can generalize this idea to: if you are willing to exercise control over some parameters that go into your UID, you need fewer random bits.

For example you could encode a number that identifies the host (like, the last byte or last two bytes of the public IP address) and the process id of the process generating the ID, and as a result you need less entropy for avoiding collisions.

But you risk that somebody who doesn't know UID algorithm screws things up. For example if you use the last byte of the IP address, and some network administrator decides to give each host an IPv6 net, the last byte of the IP might very well be one for each host. (OK, that's a bit of a contrived example; maybe PID namespaces are a better one?).

Or things outside of your control. Your company gets acquired by a much bigger one, and for some reason they decide to use your system for the whole company. Or for a huge customer. And now you're facing a factor 1000 more records than you ever thought possible. Or a factor 10000. History is full of software systems that have been used way beyond what they were planned for originally, and of course nobody revisited all relevant design decisions.

Second point to consider: by making parts of your UIDs deterministic, you also leak information. Like when a dataset was created, and on what host. Which might be relevant for timing attacks, or other kinds of security nastiness that you don't even think about right now.

stith 1 hour ago 0 replies      
I had a similar issue with an app I'm writing now. I wanted short IDs so my URLs wouldn't be fugly, but with a low chance of collisions. The solution I went with (in javascript) is:

    // Make a "pretty unique" ID for this session.    // Since RethinkDB doesn't have a way for us to guarantee a _short_    // random unique value (short of trying the insert and regenerating if it    // doesn't save), we'll just have to rely on the unlikeliness of a collision    // with both this time-based ID and the title-based slug.    // I'm sure this will never ever cause any problems     var alphabet = "0123456789abcdefghijklmnopqrstuvwxyz";    var id = new Date().getTime().toString().match(/.{1,2}/g).map(function(val){return alphabet[val % alphabet.length];}).join('');    var slugPart = slug((this.title || "").substring(0,60).toLowerCase());    this.url_slug = id + "/" + slugPart;
That is, get a current timestamp (in milliseconds), and use every group of 2 digits to pull a letter out of an alphabet string. Then append "/title-of-the-thing-made-url-safe". This results in strings that look like "ee7zrm9/something-goes-here", which is then used as the primary key for the document. It's not perfect by any means, but it gets the job done, and I thing appending the title makes collisions extremely rare.

lobster_johnson 5 hours ago 0 replies      
The article mentions "friendly" URLs as being a driving factor. That makes it a presentation issue; ie., it's part of the content, and it is wise to consider if you can derive it from the content.

For a blog post, for example, there is a title. The classic way of adding a readable date to the URL is useful, if you're reading the URL in the first place. This particular blog post uses that approach: https://eager.io/blog/how-long-does-an-id-need-to-be/.

For other objects there might still be useful data. Instead of /invitation/3jdix8jAJm you might have /invitation/myblog/bob@example.com/u7pW, the last part being an auto-generated random component. The benefit is that the ID becomes self-explanatory (self-describing) and very nice for tracing through logs and the like. Of course, one has to be careful about not exposing anything exploitable.

SeoxyS 45 minutes ago 0 replies      
I do something very similar: 64-bit IDs start with a timestamp with a custom epoch, and fill in the rest with random data. I store these in bigints in Postgres.
JoshTheGeek 58 minutes ago 0 replies      
Couldn't you generate a UUID and then check the database that it is unique before using it? You could then repeat until you got a unique identifier.
chris_va 4 hours ago 0 replies      
As a warning, don't try to be too clever with your ID system. You can get collision bugs that aren't usually visible in testing.

I had a catastrophic bug (ala private data going to the wrong person) from 96-bit (32 bit segment number, 64 bit random local docid) ID collisions when the caching code decided it was going to use docid as the cache key without realizing it was missing a bunch of bits.

chacham15 5 hours ago 1 reply      
There is a bit of possible misunderstanding/misinformation here: there is a difference between a primary key and a rowid. The reason that I point out this distinction is that rows are stored on disk by rowid, meaning that an insert will still usually insert to the end. On the flip side, yes, the index will have this problem, but the index shouldnt be very large relative to the table meaning that it shouldnt be as expensive as the OP is thinking. Note: often the database will optimize and use the auto increment primary key as the rowid, but it wont for a uuid primary key.
StavrosK 5 hours ago 0 replies      
I didn't like long UUIDs either, so I wrote this small Python library to re-encode them using a more varied character set:


pbhjpbhj 5 hours ago 3 replies      
>When your IDs are random however, each new record has to be placed at a random position. This means a lot more thrashing of data to and from disk. //

Just use the GUID externally and use have a sequential primary key as the table index?

amelius 4 hours ago 0 replies      
The short answer: if the probability of a collision is smaller than the probability of a meteor landing on your head, then you're fine.
lectrick 5 hours ago 0 replies      
Twitter came up with a different scheme called Snowflake (https://github.com/twitter/snowflake).
whitten 7 hours ago 1 reply      
I appreciate this article. The mention of the Birthday problem made the calculation reasonable, and the trick to ensure time-locality as a fixed bit pattern was enlightening.
jacques_chester 5 hours ago 0 replies      
UUIDs have the advantage that they are well-understood and widely supported. If you really need to shave a few bytes here and there, developing your own coding scheme is useful. But for the most part, I don't see the win.

Locality is definitely important, but I must be missing something -- if lookup by date, machine ID etc is required, why not create indices on those fields? Why rely on coincidental locality?

erik14th 5 hours ago 1 reply      
I don't get GUIDS, couldn't you just prefix the sequential IDS for each node producing IDS?
mark-r 6 hours ago 2 replies      
This seems overly complicated. Why not generate an ID out of two numbers, one a server or thread ID and another that auto-increments? Assigning a unique number to each entity that can generate IDs seems like a tractable problem, and the odds of generating a collision can be reduced to zero if you negotiate a new number when the counter wraps around.
Google Retools Its Flu Prediction Engine After Getting It Wrong
15 points by jakek  4 hours ago   discuss
Making PostgreSQL Scale Hadoop-style: Benchmark Numbers
102 points by ranvir  8 hours ago   20 comments top 9
joshhart 6 hours ago 1 reply      
I wish this were open-source. Citus could certainly still make money hosting or supporting the code.

But lack of sharing is what we get when major open-source projects do not choose the GPL.

berns 7 hours ago 3 replies      
Pricing pages without prices. I hate them.
ddorian43 7 hours ago 1 reply      
covi 1 hour ago 0 replies      
There are some basic SparkSQL configs not discussed in the blog post; see more here: http://apache-spark-developers-list.1001551.n3.nabble.com/Su...
digitalzombie 5 hours ago 2 replies      
I wish postgresql was easy to cluster.

I tried google'n for tutorials but there are none.

There are no books on clustering or sharding postgresql too? At least I haven't found any.

gopalv 7 hours ago 1 reply      
Neat. Postgres has always had a kick-ass I/O layer - particularly on ext4.

I think showing Q2 and Q11 numbers would've been great, because for something like Tez, this is how those plans look in Hive (before the cost-based optimizer work)



Postgres's query planner should shine for those.

flavor8 6 hours ago 0 replies      
I would love to see a comparison to a cost-matched Redshift cluster, especially since this test is running on Amazon's hardware.
chaostheory 5 hours ago 0 replies      
So what's the difference between Citus and Greenplum?
arthursilva 7 hours ago 0 replies      
Great results. Kudos to Citus team.
Message Security Layer: A Modern Take on Securing Communication
40 points by jedberg  4 hours ago   4 comments top 3
drderidder 1 hour ago 0 replies      
This a very interesting development, an OTT* protocol for secure communication that can sit on top of HTTP. Perhaps this was inevitable given that so much of the underlying security infrastructure has been compromised. It appears to be able to function independently of the application layer protocol as well.

[edit] *I originally wrote 'over-the-top protocol', which in the telecom industry just means "on top of HTTP". Puzzled as to why this got down-voted until I realized some people probably interpreted it as a negative remark. On the contrary, I think OTT protocols like this may be a great way to leverage existing infrastructure while layering on new and potentially better approaches to security.

reedloden 4 hours ago 1 reply      
Yet another new crypto protocol... "Yay"

What about when HTTP/2 becomes popular? You'll still have to deal with TLS then unless you deal with TCP connections directly (and bypass HTTP).

teacup50 1 hour ago 0 replies      
Given Netflix's position on browser DRM, and their references in this post to "platform integration" and device keys, it sounds like they're trying to implement HDCP for sockets.


Making Connections to Facebook More Secure
224 points by jboynyc  13 hours ago   101 comments top 16
mike-cardwell 12 hours ago 7 replies      
It concerns me that they were able to brute force a key for facebookcorewwwi.onion. If they can do that, what's to stop somebody else coming along and brute forcing a key for the same hostname.

Looks like Tor hidden services are now broken to me...

[edit] What's to stop Facebook from brute forcing a key for any of the existing hidden services?

[edit2] If Facebook can brute force keys like this, so can the NSA and GCHQ. Tor hidden services are officially broken.

[edit3] A colleague of mine suggested that this might be simply Facebooks way of making it public knowledge that Tor hidden services can no longer be relied upon.

[edit4] Facebook are saying (on the Tor Talk list) that they generated a load of keys starting "facebook" and then just picked the one which looked most memorable, and were extremely lucky to get such a good one:


jgrahamc 12 hours ago 2 replies      
The most interesting part of this (to me) is that they brute-forced the .onion address (which is normally the SHA-1 hash of a public key).

Good thread on StackExchange about how to do that: http://security.stackexchange.com/questions/29772/how-do-you...

justcommenting 12 hours ago 1 reply      
Although this will be useful, I hope users will keep in mind that identifying themselves while using Tor could make their other traffic less than anonymous. In the Tor Browser Bundle, compartmentalizing your traffic via frequent use of the 'New Identity' feature is usually a good idea.

Using this would also add to the data that one of the world's most aggressive advertisers and an NSA PRISM partner will have about you as a Facebook user.

One plus: at least the login page appears to load correctly without javascript enabled.

Edit to add: someone whose only interest is in not sharing their IP address/location with Facebook could access this URL via facebookcorewwwi.tor2web.org but the usual browser fingerprinting and potential tracking caveats apply

xnull 7 hours ago 0 replies      
From Tor:

"So I'm totally anonymous if I use Tor?


First, Tor protects the network communications. It separates where you are from where you are going on the Internet. What content and data you transmit over Tor is controlled by you. If you login to Google or Facebook via Tor, the local ISP or network provider doesn't know you are visiting Google or Facebook. Google and Facebook don't know where you are in the world. However, since you have logged into their sites, they know who you are. If you don't want to share information, you are in control."

steakejjs 11 hours ago 0 replies      
If you want more information on the specifics behind how FB did this, here is a really really informative mailing list conversation about it. Instead of coming up with facebookcorewwwi and then searching for it, they found a bunch of "facebook" first, and then picked the best one.


aestetix 12 hours ago 3 replies      
While Facebook gets props for their astonishingly clever .onion address, it seems rather odd to promote unlinkability while continuing to enforce their legal names policy. I'd probably respect this a lot more if it was accompanied by setting up Tor exit nodes, which invites actual risk and things like FBI visits.
DanBlake 7 hours ago 0 replies      
I think its much more likely that facebook is utilizing this to better track abuse. Its not always easy to tell if a user is using tor, and a statistically higher percentage of tor users are doing things facebook doesnt like.

By creating a entry point, they can more easily track and label users that even use that entry point, to better handle abuse.

junto 10 hours ago 1 reply      
Can the NSA 'tag' a specific user using Tor? If so, wouldn't using Facebook over Tor then provide them with a direct link between your FB identity and your other Tor activity?
bhartzer 2 hours ago 0 replies      
I'm sorry, but even the thought of a more secure Facebook site won't get me to post on there.
dataminded 11 hours ago 2 replies      
Can someone help me understand the intended user experience?

As I currently understand it, you connect anonymously to Facebook, login and link your activities to your real life identity and Facebook turns over the information that you provide to whatever powerful government entity you are hiding from.

Why would anyone do this?

lorddoig 12 hours ago 0 replies      
I dread to think how much electricity it cost them to brute that vanity URL.
spacefight 12 hours ago 3 replies      
Which CA signed the .ontion cert in that case? Self signed?
wtbob 12 hours ago 1 reply      
Heh, my first reaction was, 'shoot, they brute-forced an address!' and I see that a lot of others had the exact same idea. I wonder how tough that was to doI'm guessing that they didn't use Shallot!

Looks like some sort of CA structure is going to be pretty vital to Tor

cordite 11 hours ago 1 reply      
Huh.. I wonder if something like Cloudflare would offer something like this next? (Whether or not they might brute force vanity URLs is another matter)
revelation 10 hours ago 1 reply      
Last I checked, Facebook doesn't work at all unless you are logged in.

So I can now tell Facebook my personal information and a list of associates securely, which it will then promptly share with any government interested.

I guess its the best way yet to illustrate the basic problem with Tor (no technology in the world can protect you from giving the bad guys your home address), but can't shake the feeling that this makes an utter mockery of the idea behind Tor.

rbcgerard 10 hours ago 0 replies      
awesome! I can now securely hand over my personal data to a company that will turn around and sell it...what a relief...
Mathematical urban legends
71 points by mikevm  6 hours ago   35 comments top 13
CurtMonash 3 hours ago 3 replies      
Since the thread there seems locked, I'll add:

I would be surprised if the snarky Ivy League mathematician from Japan was Hironaka. He was much too gracious for that, including in that he overpraised my thesis to my parents at my thesis defense.

Dean Yang's conjecture about Andy Gleason getting calculus onto the qualifying exams was very credible. I'll add the story that a significant fraction of Harvard math grad students passed their qualifications conditional on an passing a later oral exam in one or two sub-disciplines. Joe Harris' conditional was said to have been on calculus.

A Bulgarian visitor (this was in the 1970s) told me that all university graduates in his country, or at least in his university, had to write a senior thesis on applying Marxist-Leninist thought in their disciplines. He didn't go on to explain how he'd done this in mathematics.

A visitor from, I think, the UK had rock-star style long hair. It was set on fire by a candle at wine and cheese. I'm pretty sure Raoul Bott was the guy working most closely with this visitor, which was regarded as funny since he seemed a bit square in such respects.

I heard the Milnor story from Nick Gunther, who'd been a Princeton undergrad. Nick was a heck of a story-teller in general. (His father was John Gunther, of Death Be Not Proud fame.)

I have no stories about Andrew Wiles. He was quiet and polite.

Mackey was a character. I find the story believable.

Zariski's 80th birthday conference included a new paper by him, if I recall correctly.

DMac87 57 minutes ago 0 replies      
MathNews, UW Math department's student weekly newsletter, had/has a section 'profQuotes' - just about the only part worth reading.. samples from this week:

"Tragically, we will need to prove both cases. Fortunately, I can do one in class and assign the other for homework."

"Im sure youre familiar with the proof technique Ill use here... [writes 'Exercise' on the board]

dnautics 4 hours ago 1 reply      
1) One of my high school buddies who went to the Courant institute for his math Ph.D. defended his thesis and then it turned out his proof was one that his own advisor had completed 10 years ago in a side note to a publication of a bigger result. They still gave him the Ph.D. (and I think the advisor was reprimanded); he wound up in finance.

2) Although I'm a biochemist, I did a math degree at the UofC - one memorable lecture was the analysis class lecture where we proved that pi was irrational (Professor Carlos Kenig). It started with the assertion, "assume pi is less than 6". Then he said, "actually it doesn't really matter what the number is it still works, I don't know how to count past 2, I'm sure 6 is big enough."

jeremysalwen 2 hours ago 2 replies      
Somewhat similar to some of the posted ones, my father relays me this story about a professor he TA'd for:

The professor taught a class with a single student enrolled, who would sometimes show up late. However, the professor would always start the lecture on time regardless, and so the student would have to quickly take notes to catch up. If the professor filled up the board before the student arrived, he would simply begin overwriting the old material, and the student, once he arrived, would be in a race with the professor to copy it down before it was erased. One day, the student missed the class entirely, and the professor gave the entire lecture to an empty room.

I thought this story was apocryphal, but my dad said it's likely true, as it was fairly specific about this professor.

postit 4 hours ago 0 replies      
Unfortunately I don't have any reputation on MO to post this story.

On the first math class during 5th grade our math teacher (who was giving her first class after Graduation) spend about one hour talking about how mathematics could be challenging and another hour talking about her thesis (now I know, at time I wasn't understanding a shit)

Once she finished her non-sense lecture, she dictated us our home work.

"Go to the library and find what's Pie"

With a couple of classmates we spent our afternoon on the public library's culinary section writing our essays about measuring pies.

wpietri 39 minutes ago 0 replies      
Hah. I thought: "That sounds like an interesting topic. How could it have escaped Stack Overflow's ruthless prohibition against interesting reading?" And of course it hasn't.
jimhefferon 4 hours ago 2 replies      
I propose a new Law of SE: any topic of interest will eventually either get rejected or locked for being historical only.
thelogos 4 hours ago 2 replies      
It boils my blood every time that I come across an interesting topic on SO just to see it locked. Something is wrong with the site when you see more topics locked than open.
AnimalMuppet 3 hours ago 1 reply      
I've heard the one where the professor is lecturing, and says, "It's obvious that..." A student challenges him: "Come on. Is it really obvious?" The professor looks at the board for a moment, and then runs out of the room. 45 minutes later, the professor returns, and says, "Yes, it's obvious."
raldi 1 hour ago 0 replies      
Can someone explain the introductory story? Why is it significant that the spaces were finite?
KhalilK 4 hours ago 0 replies      

   Here's another great one: a certain well known mathematican, we'll call him Professor P.T. (these are not his initials...), upon his arrival at Harvard University, was scheduled to teach Math 1a (the first semester of freshman calculus.)    He asked his fellow faculty members what he was supposed to teach in this course, and they told him: limits, continuity, differentiability, and a little bit of indefinite integration.   The next day he came back and asked, "What am I supposed to cover in the second lecture?""
The funny thing about this is that we covered all of that in a total of 6 hours (2 hours per day) during my first year in CPGE.

ssw1n 3 hours ago 0 replies      
There is this no nonsense, star faculty in the department where I did my undergrad.

Urban Legend in the department says that in one of the offerings of his classes, there was this smug student, who would chime in, and comment on the material being presented at every chance he got.

One day, while the faculty was presenting a particularly tough topic material to the class, the smug student raised his hand and asked, "Would it be OK if I ask a stupid question?"

The faculty looked at the student's face, grinned and said, "It is perfectly fine. After all, there is nothing such as stupid question." He paused for a bit, and then completed his sentence. "But there is only such a thing as stupid student."

rolha 3 hours ago 0 replies      
In the same vein:

In my Physics undergrad, a teacher called a friend of mine to the board and asked him to write Snell's law.

He picked up the chalk and wrote "Snell's law".

Slack raises $120M Led by Google Ventures and KPCB at $1.12B Valuation
165 points by BIackSwan  11 hours ago   139 comments top 32
B5geek 9 hours ago 19 replies      
I must be in the minority (based on the comments that I have read), but I hate it.The other day the PHB announces to the office: We are going to use Slack and move away from IM, Skype, etc.So I signed up.What I don't like:-you need to keep a a tab open all the time,

-you need to keep an eye on that tab in case something comes up,

-the 'notifications' don't work all the time (Archlinux + Firefox)

It's like somebody took all the bad qualities of IRC, and shoehorned it into a web-page and all the horror that brings.The features that I don't understand:

search-able logging of messages. Email and/or Pidgin already does that.

Group messages: Email already does that.

Transferring of files: Email and/or corporate LAN shares already do that.

But it does add the necessity of stopping my workflow every 5-10 minutes so I can check to see if there are any messages that _might_ apply to me.

The quicker it can be killed with fire the happier I will be. Or am I missing the point?curmudgeonly - check

beard - check

Unix admin - check

Perhaps there is no hope for me. Next thing you know people will want to take pictures with their cellphones! =)

javery 9 hours ago 6 replies      
The most interesting things to me is that Campfire was around before this and Hipchat before that. It goes to show that execution is everything, Slack has completely crushed it from a feature and integration standpoint and the polish is amazing. We switched from Hipchat and we didn't really have a good reason - it just felt better.

If Campfire was growing $1MM a month I am pretty sure 37signals would now be called Campfire and not Basecamp.

d0m 1 hour ago 2 replies      
I'd love to know more about why did Slack were able to get so much traction and raise that much money compared to Flowdock/Groove.io/Hipchat.

I've used Flowdock in the past and tried Hipchat too. I've also been a huge IRC fan when I was younger. I don't see that much of a difference between those and Slack.. Maybe:

  - More intuitive for people who don't already know IRC.  - Really cross-platform  - Well integrated with various tools people love.  - Very good "on-boarding" flow.
But still, the difference in term of traction is massive, am I missing something?

Personally, I think we switched because I was a bit frustrated about the status quo. IRC was too complex for non-tech and didn't have a good cross-platform integrated solution. Hipchat app just felt so clunky and ugly.. same with Campfire, it felt really old. I've used and liked Flowdock but I thought it was just too much with widgets all over the place and smart inbox, where what I wanted was "just" a "IRC" I could use with colleagues.


rdl 2 hours ago 1 reply      
I basically hate every one of these services that I've ever used. Crashy, resource-intensive clients.

At work we use HipChat which is "better than skype", but still pretty crap. In stark contrast to the rest of the Atlassian suite which is basically good.

IRC, in the form of irssi+screen on some kind of unix host, is however awesome. There's no great mobile solution, and OTR crypto should be available on top.

What's amazing to me is so many companies in this space and so much money and all the products suck.

brianstorms 9 hours ago 4 replies      
IRC FTW. Slack gets big, gets acquired, integrates with Outlook, SAP, etc., becomes Outlook & SAP, nobody ever got fired for using Slack, etc., etc., Stewart becomes a billionaire, yadda yadda.

Meanwhile, IRC.

dkrich 5 hours ago 1 reply      
I just don't see how SaaS at this scale can ever be profitable. Asana, Slack, and the like have to support large teams while the enterprise sales cycle is extraordinarily expensive. If you're Oracle and can charge $5k a seat plus consulting fees, then sure, I understand it. If you're an also-ran SaaS business charging $8 a user, you're never going to be profitable.

All of these are just different spins on the same communication features. There's nothing that's really defensible about any of them.

jscheel 9 hours ago 0 replies      
For the people who say group messaging is fine in email: are you all masochists? Seriously, if I have one more 45-email thread between 3 different people, I'm going to smack somebody. There is a time and place for email, but group chat is not it.
fourstar 55 minutes ago 0 replies      
The issue with slack is that they have these NUX notifications all over the place. If your product is that complicated, there's probably a deeper issue.
pkorzeniewski 9 hours ago 6 replies      
Everyone praises Slack here but I find e-mail + IM completely sufficient and I work in a very large company.. Something urgent? Use IM. Something can wait? Use e-mail. It's that simple.
cjbarber 8 hours ago 0 replies      

Just goes to show that this is definitely a great time to raise money!

Personally, I think Slack is smart to take the cash, although obviously it's going to require some serious discipline from them to make sure that it only helps them rather than hinders them.

I'm not an employee/investor/etc but I've been convincing freinds to apply to work at slack recently, I think if you are obsessed with productivity tools or communication tools, Slack, Asana or Quip are all companies worth looking at.

There's a compiled set of info on working at slack [1]. Disclaimer: I compiled it!

Back to my first point - now they have a ton of cash to hire a ton of people - very curious to see @slack in 6-12 months.

[1]: http://www.breakoutlist.com/slack/

stevebot 9 hours ago 0 replies      
Having used Slack I found it ammusing the way they describe it:

Slack, the enterprise collaboration platform

It actually is true and a great way to market.

1.2B valuation seems high, but I guess this is a lesson that you can do the same thing everyone else has done, but do it better ( or at least differently) and actually be successful. Sometimes hard to believe that.

yarone 9 hours ago 2 replies      
Multiple folks have told me that Slack is the very first app that they check when they wake up in the morning. And then they use it for hours every single day.

To me, that's an incredibly powerful fact. Not many apps comsume user attention like that.

burpee 7 hours ago 1 reply      
I don't really see how this is worth a 1.12B valuation - even with this amount of users. I also think that the pricing for Slack is over the top.

I used Flowdock https://www.flowdock.com/ for about a year for a distributed team, before Slack even existed.

From what I can tell Slack is a direct copy of Flowdock from top to bottom in regards to features, while Flowdock charges $3/mo/user.

austenallred 10 hours ago 1 reply      
Our (small) team adores slack. I didn't even realize what the pricing was when we first started - I thought it was free forever with some freemium features. Then all the sudden we hit our quota (after a month of heavy, heavy use), and paying for the full subscription was a no-brainer. The product truly is fantastic, and we'll pay for it all day long.
massel 9 hours ago 3 replies      
Serious question, can someone explain why a team using Hipchat should switch to slack?
damon_c 10 hours ago 0 replies      
In my experience and having tried everything since Google Wave, Slack is the first platform to come along that has really significantly reduced email usage while improving team communication.

I predict that it is really going to be huge.

lazzlazzlazz 3 hours ago 0 replies      
There are no discernible improvements over HipChat. I don't understand what the fuss is about. We're in a bizarro-world.
chatmasta 8 hours ago 2 replies      
Slack has been around since February 2014. An eight-month-old company raising $120M is damn impressive, no matter how you spin it.

This is just another testament to b2b software. They only have a couple thousand customers, but that's enough to get them a $1.12B valuation. If my mental math is right, that's roughly 200k per current customer? This is probably a strategic play on the part of GV/KPCB, moving into the enterprise market where they already have investments. They will leverage partnerships with other portfolio companies to multiply Slack's revenue, likely bringing that valuation in range closer to $XX,000 per customer -- far more reasonable in Enterprise.

Nice job Slack!

gtirloni 8 hours ago 0 replies      
First thought: "Why is Google VC investing in Slackware?"

Made my heart rate accelerate I little bit.

thinkingkong 7 hours ago 1 reply      
I know you should take money when you can, but part of me is wondering if this is indicitive of some kind of "winter" coming for VC funding. If slack is growing that quickly, why not wait another 6 months and drive for a better valuation?
blumkvist 8 hours ago 0 replies      
Anyone remember Yammer?
ravivyas 8 hours ago 0 replies      
What I really like about Slack is that it reduces the amount of office email. I also love the number of integrations they have.

For me Slack + Trello really work for an enterprise.

I know they are looking for a Windows Phone guy to build their WP app, good time to join them I guess.

jonathanwallace 9 hours ago 0 replies      
I feel like Slack is what Campfire should've been. Or what IRC with a fast, searchable history and a decent GUI is.
mwarkentin 6 hours ago 0 replies      
I've been using Slack by myself as a replacement for email notifications from various services for my side projects and open-source projects. Works quite well!
tzakrajs 9 hours ago 0 replies      
How Atlassian of them.
general_failure 8 hours ago 0 replies      
I will add this to the list of things that I thought can never be worth so much :-(

/me just do something already

OoTheNigerian 9 hours ago 1 reply      
HipChat slacked (I know..;) ). They had this IM for business covered. Then The Slack people came in and took the integration thing seriously.

HipChat seems to have felt the competition and now they are taking it seriously. I use HipChat with my distributed team and it works VERY well. HipChat has Android and Windows native clients and have now set up a serious API. The Windows app need some work though.

HipChat is free and you can get all and more of what Slack offers at a VERY affordable cost of $2/month.

HipChat also uses standardized protocol of XMPP.

Sqwiggle now looks like it could be very attractive to slack with their video technology. Except that raise a lot of money soon, I'm predicting an acquisition.

PS: I have no relationship with HipChat. I am just a happy user :)

bsjolund 5 hours ago 1 reply      
Nice to see a decent Flowdock competitor, but I still don't see a reason to switch.
kingrolo 8 hours ago 0 replies      
Also, the Slackbot is the friendliest bot I've come across.
thearn4 9 hours ago 0 replies      
$1.12B kind of blows my mind, but me and my team really do love the service.
rabino 9 hours ago 0 replies      
I'm so happy for them. Great team and great product.
nc 8 hours ago 0 replies      
Wonder if they'll offer to buy MetaLab now.
How to track your coworkers Simple passive network surveillance
23 points by combray  4 hours ago   9 comments top 7
JakeSc 2 hours ago 1 reply      
Good post, but is pinging the broadcast address really "passive network surveillance"? My definition of "passive" involves never sending new network traffic.
pritambaral 2 hours ago 0 replies      
Just tried it out on our LAN. Had to modify options to ping to '-bc 4' (I'm on desktop Linux), still didn't work. The only host that responded was the gateway. We have Windows, Debian, Ubuntu and Arch Linux hosts on our network.

EDIT: Linux discards normal broadcast ICMP responses. Must switch off /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts. Even after doing so, no responses. I guess broadcast ping flood is a serious DoS concern that it's almost universally disabled.

eridal 2 hours ago 0 replies      
This is cool!

This have the problem that most phone devices does not reply to ping; that's why software like fing[1] need to send an ARP to each ip in the network space; every client in the network is required to answer those.

[1] http://overlooksoft.com/fing

blissofbeing 3 hours ago 0 replies      
Hmm, I get this error when trying to run this script:

.../.rbenv/versions/2.1.4/lib/ruby/2.1.0/resolv.rb:128:in `getname': no name for (Resolv::ResolvError)

martin_ 3 hours ago 0 replies      
"those can't be changed like the computer names can."

What about "ifconfig ether eth0 hw ether xx:xx...."?

This is a cool script, most routers offer a remote syslog functionality which may be a good tool too.

gsibble 2 hours ago 0 replies      
Do most phones actually respond to pings?
freshflowers 1 hour ago 1 reply      
I use this simple tool to discover what's on the network around me: http://www.iwaxx.com/lanscan/

(Usually just to figure out which IP some device is on.)

Crash-Only Thinking
58 points by zdw  10 hours ago   4 comments top 3
oretoz 6 hours ago 0 replies      
I have been reading Ribbonfarm for sometime now and I really like how Venkat analyses things. But to me, the problem starts after I finish reading those articles as I really don't know what to do with that knowledge.

So I have started to summarise what he says which incidentally is the exact opposite of how he likes to write i.e. write long pieces with almost every conceivable point covered.

And to me, the TLDR version of most things he says on his blog is this:

- Life is messy so don't look for smooth contours. Instead, indulge yourself into the messiness.

This is quite similar to what I felt when I (partially) read Antifragility by Taleb. I am sure there are many nuances but there was one TLDR version of that book that kept popping up in my head and it was this:- "What doesn't kill you makes you stronger." So the best strategy is not to avoid death but to make sure you get yourself into situations where death is a real possibility.

kukla 35 minutes ago 0 replies      
Here is a summary of the crash-only software paper at muratbuffalo blog. It is a really neat concept.


fideloper 2 hours ago 1 reply      

Did Venkatesh write this by crashing into the keyboard?

It feels like the author is breathlessly moving on from point to point like a stream of cociousness.

What sort of allocation rates can servers handle?
34 points by r4um  6 hours ago   16 comments top 4
thoughtpolice 3 hours ago 2 replies      
> When they can choose (and there is a choice) to use collectors that don't pause, the pressure to keep allocation rates down changes, moving the "this is too much" lines up by more than an order of magnitude.

You mean - like choose the only garbage collector on earth that actually can do this - for the JVM only - which your old company wrote and keeps guarded as a heavily proprietary secret, with the currently published specifications for the design (in the C4 paper) requiring untenable, unmergeable and extensive hacks in the operating system virtual memory layer that will never be largely accepted, with the current design in your product (which alleviates this) again being a heavily guarded secret that will never be revealed, and never have source available, and costs a shitload of money? Which basically means Azul is going to have the only available pauseless GC for the forseeable future?

Well, now that you said it like that - you're right! We really do have a choice... a choice of actually using and working with things that exist and are widely available today, or already living in a land of unlimited money for licensing of a single product that might be completely and totally irrelevant to most of us. I guess the 'choice' isn't so clear, when you say it like that.

Look, that aside, great blog post, and extremely informative. I'm a giant fan of Gene's work, seriously. But this work is Azul's brainchild and they'll never let it go. And I don't blame them for that. But drop the rhetoric, please - few people have the 'choice' of spending shitloads of money on a proprietary JVM like Azul.

ougawouga 2 hours ago 0 replies      
Bodes well for Rust as a server language. No GC, and almost as pleasant to write as a high level language. And with memory safety and a compiler that catches errors like crazy.
robotresearcher 2 hours ago 1 reply      
It looks like this is in the specific context of Java application servers. Is that correct? Can anyone explain how the advice generalizes?
cperciva 4 hours ago 1 reply      
Can we have s/allocation/memory allocation/ in the title here? It doesn't make much sense otherwise.
The Tup Build System
57 points by timtadh  8 hours ago   14 comments top 7
dezgeg 1 hour ago 0 replies      
The one thing I really miss in Tup is the '* * ' glob, i.e. '* ' that also recurses through subdirectories.

Other than that, it's great. I was able to replace my C++ project's (utilizing generated sources and headers and other nontrivial things) custom-written and brittle makefiles (of 100-ish lines) with under ten lines of Tup.

codemac 6 hours ago 0 replies      
I used this tool in a very large engineering org (100+ engineers on the same project), and it really held up for our C and C++. I highly recommend this tool for anyone considering what to do about builds with c/c++ and don't want to hassle with overwrought things like waf or scons.
burke 5 hours ago 1 reply      
skybrian 4 hours ago 1 reply      
Reversing the arrows looks pretty silly at first, but apparently the idea is that if you start with the files that changed, you can read partial dependency graphs and start building any downstream dependencies that changed before the entire build graph is loaded. If you start from the top down, you have to load and compute the entire dependency graph up front.

This will matter for large build systems where just loading the build files takes significant time. Another way to solve it is just to make loading the build file very fast so that it's a non-issue, which is what ninja [1] does.

Apparently there's some influence: "There are many other build systems that are more user-friendly or featureful than Ninja itself. For some recommendations: the Ninja author found the tup build system influential in Ninjas design, and thinks redo's design is quite clever." [2]

[1] http://martine.github.io/ninja/[2] http://martine.github.io/ninja/manual.html

hardwaresofton 6 hours ago 0 replies      
Skeptical at first, but it certainly introduces an interesting build tool that seems very easy to understand.

I particularly liked tup monitor - grunt-like functionality for C code is awesome.

Comparison to make is impressive:http://gittup.org/tup/make_vs_tup.html

xt 3 hours ago 0 replies      
I use tup in my web projects to monitor my folders for things to "compile". This includes CoffeScript, MoonScript, SASS/SCSS, Less and more. Very fast and painless.
kolev 1 hour ago 0 replies      
I've been using it for a couple of years now, but for simple projects, it's a bit overcomplicated. In other words, it's a great tool for the right projects, but not a silver bullet.
Khrushchev visits IBM
52 points by colinbartlett  12 hours ago   9 comments top 4
zavulon 5 hours ago 2 replies      
> Khrushchev commented on the excellent IBM plant, but said that computers were very highly developed in the Soviet Union too; such things as A-bombs or the H-bomb could have never been developed in the Soviet Union if it hadn't had highly complicated and sophisticated computers.

LOL that's such B.S. Cybernetics was considered a capitalist anti-science in the Soviet Union up until the 60's, and it was waaay behind western world. In the 1970's and early 80's, my parents' worked in scientific institutes with the most advanced computer technologies in the country. They used tech that was long ago obsolete in the west (punch cards). IMHO, that was one of many reasons for the collapse of USSR's economy.

Also, another anecdode I've heard about Khruschev's visit to USA (not sure how true this is) is that he arranged to bring Pepsi back to USSR for a trial, and people travelled thousands of kilometers to taste it, from Syberia to Moscow, and brought it back all the way in little plastic cups.

Unfortunately, all the "thawing" efforts got turned 180 degrees as soon as Kruschev's rule ended and Brezhnev came to power.

jonjacky 7 hours ago 1 reply      
The novel Red Plenty by Francis Spufford is about computer scientists and mathematicians in the Soviet Union in this era. Krushchev is also a character in the book, which depicts his visit to the US (but doesn't include this episode).
listic 3 hours ago 1 reply      
Reading this as a Russian: Such a disgrace that our leader went down in history like that... But then, I can't think of any other leader for the last 100 years who wasn't a disgrace. :(
zazzcomputer88 4 hours ago 0 replies      
Thanks Supreme Leader (former) of USSR aka 'the evil empire.'We are friends and the question:

How did the USSR develop H-bombs so fast?

1.)of course there were NO SPIES and or alleged 'collaborators insidethe USA system.'

2.)there's a long history of autoiobography memoirs of leaders ofalleged 'EVIL EMPIRE.' Yeltsin is mentioned by name in book byDEFECTOR Albek, Biohazard - secret biowar weapons.

3.)Yeltsin calls it a 'research facility' and it is true that it was insidea 'milk factory' - going by memory, so check the book.

4.)Did the USSR need computers like Intel chip with theobvioius flaws of sinh, transcendental numbers buillt into theinstruction set architecture?

5.)Answer: everything fails in the USSR empire EXCEPT FORexcellent education as leaders in math and physics andmoscow ballet who not works for Cirque du Soleil.

6.) The SECRET of GOOGLE TALENT? recruit from russia andpromise plenty of vodka drinks / free snacks.

7.)simply review Khrushchev's flattery speech against the backgroundof the Russian tank. The result of Russia vs. Finland was theFINLAND inventors making MOLOTOV COCKTAILS.These homemade grenades would set the engine air filter on fireresulting in engine exposions.

Finland has NO grenades. Allegedly double crossed by Britain andthe allies. Tanks were pinned down by children pouring water tomake slick ice skating ponds for the USSR TANKS.

So, the Russian Tanks had advanced designs and deep thinking.The manufacturing was horrible.

12.)Supreme leader former of USSR Khrushchev is sadly misinformed."comrade HN of the first order." Please do not laugh.

Much of the books on H bomb development show thetrial and error and strong need for basic physics, rather than theIBM Microsoft Windows software game emulations, IMHO.

As the USSR defector who ran the bioweapons labs put itthe scientists and organizational structures were filled withKGB agents.

The KGB agents were 'incompetent scientists' who seem to beonly interested in snooping, rather than doing real work.The TOP KGB had 2 or 4 phones on their desks and often noPC computer, as they had NO ENGINEERING BACKGROUND.

So, support of scientists and engineers BULIDING THE H BOMBwith ADVANCED IBM computers is unlikely in such a culture ofparanoia.

PS. many of the KGB... they are gone so insert other 3 letter acronymis going back to typewriters and paper. It must be a capitalistplot this Microsoft Windows aka 'Evil Empire.'

insert your favorite quote from Austin Powers movie here.PPS. the story of BIOHAZARD by USSR defector is much moreinteresting. no need for very complex nuclear codes and theADVANCED IBM computers.

Reversing D-Links WPS Pin Algorithm
91 points by PaulSec  9 hours ago   22 comments top 7
m-app 8 hours ago 1 reply      
A while ago I found out that the D-Link router I had (655), had some XML output available for DHCP Lease status and interface statistics. I also noticed that these stats only became available after logging in initially from a certain IP/MAC (no session state kept). The router gives a salt that is valid for a while and on the client side that salt is used together with the password to generate a hash which is used to login. You can then proceed to retrieve the XML data.

In case anyone is interested, the (very hacky) scripts are on Github: https://github.com/michielappelman/router-stats

drzaiusapelord 5 hours ago 2 replies      
WPS is broken anyway. Its trivial to crack via brute force. Why its still being shipped as a feature, let alone a feature that's on by default is beyond me. The failings of the wifi consortium are pretty obvious, to the point where I wonder if there's some NSA trickery involved in making sure these things are insecure by default. I wish they took security more seriously.


jgrowl 5 hours ago 1 reply      
Aren't WPS Pins completely flawed in their design anyway?

I seem to remember being able to use an exploit to break into my own router that had WPS enabled about a year ago using a program called reaver.

The exploit had something to do with routers telling the attacker whether or not they guessed the first 4 digits correctly and then it narrowed it down enough to where bruteforcing was easy.

osivertsson 4 hours ago 0 replies      
Funny thing is that I've been looking at D-Link's (actually Cameo's) /sbin/ncc and other binaries the last couple of days (well actually nights...) on a DIR-636L.

I even have a note here wondering where they read from NVRAM or similar related to WPS because I couldn't spot it. Guess I have the answer now!

I doubt I will have the time to investigate it, but my feeling is that there is a lot of funky stuff in /sbin/ncc and the companion binaries.

Moral_ 8 hours ago 2 replies      
Craig is so damn smart. I love how he went in looking to exploit some format string vulnerability, or an incorrect escaping of arguments passed to system(). But came out with a way to systematically grab WPA/2 keys from D-link. Why would D-link roll their own WPS key generation scheme? All the in-home routers i've seen come with the WPS pin set in NVRAM and written on the bottom of the router.
Someone1234 8 hours ago 2 replies      
Off the top of my head the only way to exploit this would be either by your ISP or the security services (via your ISP, or the router manufacturer).

Since WAN mac addresses don't travel very far upstream. Typically only to the local exchange. So in order for someone to utilise that to generate a WPS key they would have to sit at the exchange (on your side of the connection) and do it.

The manufacturer might also store the WAN mac addresses of each piece of equipment they produce (along with serial, etc) and depending on the supply chain you purchased the router down or if you registered it, they could figure out your router's WAN/WPS pin that way.

In general PIN-based WPS is a bad idea. Turn it off and do button WPS only. Or turn it on only as needed.

tokenizerrr 8 hours ago 1 reply      
Is there any reason at all the WPS pin would be derived from this kind of information? I don't want to seem paranoid, but this sounds like a backdoor?
Show HN: Sift A lightweight and easy-to-use tool for accessing your clouds
26 points by nijiko  4 hours ago   4 comments top 2
wonjun 36 minutes ago 0 replies      
I didn't realize this is from Mojang. This seems pretty useful.
tracker1 3 hours ago 2 replies      
This is really pretty cool... It's interesting how many of these types of tools are being written against node/npm.

Maybe it is just me, but I think a video of how to use this tool would be beneficial... Also, don't see any mention of support beyond AWS, which is fine.

Communication between brain networks in people given psilocybin
158 points by eksith  13 hours ago   73 comments top 7
michaelvkpdx 8 hours ago 8 replies      
Psychedelics, mushrooms in particular, are essential tools for any wise programmer. Very very powerful, only to be consulted on rare occasions, but immensely valuable in solving intractable problems.

We essentially owe our profession to psychedelic explorations by pioneers of software engineering. Companies who drug test developers are ignorant of this history, and are the enemies of the digital revolution.

Brilliant, beautiful languages and programs came from these pioneers, and it's likely because of their rich neural networks, enhanced by psychedelics as seen in the Wired article. The ability to connect humanistic art and feeling with symbolic systems and code requires a sophisticated neural network. Psychedelics help build the mental infrastructure for software development that actually benefits humans.

I would love to see any stats or info about the relative consumption of psychedelics- both kind and amount- among engineers at specific companies or types of software firms.

fsiefken 6 hours ago 1 reply      
The late Bob Wallace (Microsoft) experimented with low dose psychedelics as aid to programming. http://en.wikipedia.org/wiki/Bob_WallaceUndoubtedly there are more, but they keep understandably silent about it. Even more interesting would be (to me) programmers who would use meditative practices. Techniques - or better named attitudes - like mindfulness, self-awareness, the ability to take a step back to look at the bigger picture also aid in all areas of life. I was presently surprised to hear someone talk about mindfulness in relation to programming on a developer conference (Arrrrcamp):http://beatimpostorsyndrome.net/actions.html

About other programmers, I think it's telling "Why the luck stiff" referred to John Lilly's metaprogramming of the mind in his famous kaleidoscopic Ruby guide page 107:

"You might be inclined to think that metaprogramming is another hacker word and was first overheard in private phonecalls between fax machines. Honest to God, I am here to tell you that it is stranger than that. Metaprogramming began with taking drugs in the company of dolphins."

"We learn. But first we learn to learn. We setup programming in our mind which is the pathway to further programming. (Lilly is largely talking about programming the brain and the nervous system, which he collectively called the biocomputer.)Lillys metaprogramming was more about feeding yourself imagery, reinventing yourself, all that. This sort of thinking links directly to folks out there who dabble in shamanism, wave their hands over tarot cards and wake up early for karate class. I guess you could say metaprogramming is New Age, but its all settled down recently into a sleeping bag with plain old nerdiness. (If you got here from a Google search for C++ Metaprogramming, stick around, but I only ask that you burn those neural pathways that originally invoked the search. Many thanks.)"

For sure mushrooms and psylocybin are unsuitable for programming, but low doses of cocaine, acid or 2C-* might have their value. The best programmer however learns to meta-program and hack his mind without chemicals.

jeremysmyth 12 hours ago 3 replies      
The article's title is somewhat misleading, because it talks about how one of the main chemicals (psilocybin) temporarily creates or encourages connections between typically unconnected parts of the brain. The effect is temporary, and reverts when the drug wears off.

This is not to be confused with earlier findings that are more permanent but are psychological rather than neurological in effect, such as those found at http://www.livescience.com/16287-mushrooms-alter-personality... and http://www.psychologytoday.com/blog/beautiful-minds/201110/p...

murbard2 10 hours ago 1 reply      
As it's been pointed out, the title is a bit misleading.

That said, one should keep in mind that, technically, everything you experience changes your brain -- it's called learning.

xefer 9 hours ago 2 replies      
Everything in moderation.

Ken Kesey wrote two of my favorite books "One Flew Over the Cuckoo's Nest" (1962) and "Sometimes a Great Notion" (1964), but basically produced nothing of much merit after that.

I'm convinced that his subsequent over-indulgence in psychedelics destroyed his ability to produce great literature.

codeshaman 4 hours ago 0 replies      
Interesting that while the brain is interconnected the way it's depicted in the article, people report having mystical experiences (eg see God), traveling vast distances through galaxies and strange worlds, see spirits of plants and objects, see themselves as a small insignificant part of the large organism that is Earth and at the same time, realise that they are immortal and that this life is one of an infinity of others and that they are God.The larger the dose, the deeper the experience and I would speculate that the number of brain parts interconnected is even higher and the connecting lines even thiker.

Why is that ? What would happen if 100% of the brain would start exchanging information like this?What if we could connect only the blue or green areas?

Psychedelics are the new unexplored frontier in science.

Imagine a technology (or drug) which allows selecting which networks in the brain to interconnect (temporarily). This could be used to design new mental abilities, train or enhance existing ones.

I'm really pleased that the taboo regarding these substances is slowly being lifted. I'm also happy that more and more people will take these substances and as a consequence will "expand their minds".

blimblab 5 hours ago 0 replies      
Don't forget about the risks of taking psilocybin. I myself had a psychosis triggered by them, no fun at all (believe me) and in many cases not reversible.
Friends Don't Let Friends Clap on One and Three: A Backbeat Clapping Study
75 points by Munksgaard  11 hours ago   48 comments top 13
spenuke 6 hours ago 4 replies      
Duke Ellington routinely gave his audiences a lesson in his inimitable style: https://www.youtube.com/watch?v=nPcZ5ex2t-g

Harry Connick Jr. didn't bother educating his European audience with any explanation. He simply skips a beat, and then they're clapping on 2 and 4. It happens after the first sung chorus. You can see the drummer raise his hands in joy: https://www.youtube.com/watch?v=yD3iaURppQw

And, of course, the great Slim Gaillard was so saturated in swing, his predominantly white 1950s television audience SPONTANEOUSLY clapped on the 2 and 4: https://www.youtube.com/watch?v=ZKdrnTTDTqo

dnautics 4 hours ago 0 replies      
actually the notion that european music is "harmonically rich and rhythmically unsophisticated" is incorrect; it's relatively modern phenomenon that the rhythms in european music were simplified. Traditional eastern european rhythms are incredibly complex and western european liturgical and vernacular music tended to have complex ryhthms until around the 16-17th century.

IIRC this was basically an effect of the church decided to try to monopolize music in the service of liturgy and "dumb down" the music so that everyone could participate in hymnals, etc.

This could also partially be a result of music printing; it's harder to notate complex rhythms - if you've ever sung medieval music that's pushed into modern notation, sometimes wierd things happen, like time signatures that don't quite line up with the all of the music lines because polyphony is going on; invasions of 3/4 measures in an otherwise 2/4 song, etc.

rlucas 5 hours ago 2 replies      
My circle of friends used to joke about the "Republican Test." You administer it like this: play the song "I Heard It Through the Grapevine," ideally the Marvin Gaye version, and ask the subject to "clap along with the music" however he or she feels.

Our unscientific observations showed a high correlation with 1/3 clapping and being old, square, uptight, or an alien from an unfunky and obsolete dying planet.

thangalin 6 hours ago 1 reply      
The following blog post provides examples of swung beats and clapping, as it pertains to dancing:


A few songs are missing from the page:

https://www.youtube.com/watch?v=oFtNC8BwKI0 Dinah; NSFW)

https://www.youtube.com/watch?v=8YqDbd6pUC0 (Everything is Jumping)

To get a feel for clapping on the even beats:

https://www.youtube.com/watch?v=z_WZenJnT8M (Shout, Sister, Shout!)

https://www.youtube.com/watch?v=Vg_pi0r75mA (Lavender Coffin)

Harry Connick Jr. beat-shifts the audience from clapping on 1 & 3 to 2 & 4 (at 40 second mark):


Usually the Ultimate Lindy Hop Showdowns have live music, which induces the audience to clap:


A tradition called a jam circle involves encircling dancers who steal the spotlight, with the audience clapping (on even beats) for encouragement:


This tradition goes back a long way; see Hellzapoppin' (1941) and Keep Punching (1939):



rmxt 6 hours ago 0 replies      
A YouTube link to the Taj Mahal concert mentioned:


guelo 6 hours ago 2 replies      
This presentation would much better as a youtube video with audible samples of the beats.
zaius 4 hours ago 0 replies      
psenior 2 hours ago 0 replies      
thornofmight 4 hours ago 2 replies      
"We can determine the metric salience of each event in a rhythmic pattern byrecursively breaking down a musical pattern (with an initially specied length)into subpatterns of equal length. The more subdivisions it takes to reach a given event, the lower its metrical salience. In 4/4 time, the downbeat is themost salient position, followed by beat three. It would seem natural to clap onthe strongest, most salient beat."

Anybody know what this quote is trying to say? What is a "given event"?

ArekDymalski 5 hours ago 0 replies      
I'm genuinely grateful for this article, because I'm going to show it to my wife as an explanation why I dance the way I do. (dnb and classical Indian music fan
mnemonik 4 hours ago 0 replies      
Here is an excellent 18 minute piece on the Amen Break, mentioned in TFA:


gavinking 3 hours ago 0 replies      
Well both are wrong. You don't clap on two and four; you click your fingers. I thought everyone knew that...
conitpicker 6 hours ago 1 reply      
slide 28 (tabla player gets in the groove..) is fascinating.
       cached 1 November 2014 01:02:01 GMT