hacker news with inline top comments .. more
.. 6 Nov 2014 News
Imho if you've already "done your time" somewhere else, this option becomes a lot less palatable.
I made an iPad app (soonish to be universal) called Mindscope which has a similar "wall" idea but when you tap text, it opens up a sub-wall for that piece of text, which enables outliner-like navigation. https://itunes.apple.com/us/app/mindscope-mind-mapping-outli...
I've been considering what I could do to make a web app version of it, but web development is not my strong suit (yet).
Edit:
I made a quick walloftext page. I foolishly shared the link here on HN. I regret not recording a video of the mayhem as people began to pour in and edit the wall. People started having little conversations on some parts of the wall. Other people defaced them. It was all-around chaotic, like a full IRC channel with no moderation. It's really an interesting form of communication, and it was very cool to see it unfold.
It made me happy not because this is another channel to bring advertisers and consumers together (as others have pointed out) but because it seems like a way to leverage technology to really give help and hope to others.
Is there a reason why Microsoft shouldn't put their branding forward and promote their own devices if they put up money for the research? Apple does this all the time. I hope we take joy in the possibilities of freedom that this technology could provide.
Here is the video https://www.youtube.com/watch?v=BEzncMLLOxE
Also, this is fantastic. I can totally see this being of interested to the sighted as well; maybe it would see better uptake than glass.
Or it could be a proof of concept of a much wider plan, and from the results we would see the start of a massive undertaking involving huge swaths of cities clearing budget to put a bluetooth beacon on every street corner, public transport infrastructure is massively updated to have up to date realtime data accessible from the mobile apps In a usable format, shop owner and public facilities join the movement to enhanced their places for discoverability.
If this was an IBM project partenaring a metropolitan city council, I would be expecting the later. It's a Microsoft story centering on the technological aspect of it, I guess it's the former.
It's a rather cool attempt to draw the Mona Lisa using random, semi-transparent polygons
If you averaged over all those sets, would the resulting blobby heatmap resemble the original word in a legible form? Or something else?
To be really really useful, the OCR would need to consider at least all characters in the Unicode Basic Multilingual Plane. And then it needs to be able to reject an image as containing any word, and then it needs to solve the halting problem.
(1) You can use semicolons to get some web services to ignore the end of a request URL and respond normally, while tricking browsers into downloading the response as a file with an arbitrary name. This allows you to send a victim to a mainstream site (Google or Bing, e.g.) and have them end up with a file with the name of your choice in their Downloads folder.
(2) If the web service responds with user-submitted data, you can potentially get the contents of that file to be a valid executable. For example the author demonstrates a JSON response that is also a valid Windows shell script.
(3) By combining these two exploits, the author speculates that you can trick users into executing files that they wouldn't execute if they were hosted at g00gl3.com or similar.
The last part I'm not totally convinced of -- are there examples where attackers gain a big advantage by having a downloaded file come from a trusted URL?
Even setting that aside the first two parts are pretty neat, and I wouldn't be surprised if there are other interesting ways to exploit them.
Has anyone tried this on other browsers?
EDIT:
Here is the portion of the paper explaining why this no longer works:
"However, a common implementation error could result in Reflected File Download from the worst kind. Content-Disposition headers SHOULD include a "filename" parameter, to avoid having the browser parse the filename from the URL.
This is the exact problem that multiple Google APIs suffered from until I reported it to the Google security team, leading to a massive fix in core Google components."
- Install
- Setup
- Update
- Uninst
That's pretty amazing is this still the case? It's obviously a deliberate decision, and seems to totally negate the value of those warnings.
"The URI specification[1] defines the ability to send parameters in the path portion ofthe URI by inserting the semicolon character (before the query portion that starts with a question mark "?"). Many Web technologies support this feature [a.k.a. "path parameters"].
In simple words, if a web server accepts path parameters it does not really consider them to be a part of the path, which means we can inject any content, as it will be ignored. However, when it comes to determine the filename of a download the vast majority of Web browsers (all browsers but Safari) parse and set a filename from path parameters."
[1] http://tools.ietf.org/html/rfc3986#section-3.3
A fairly obscure feature of URIs, apparently Correctly handled by some web servers, but apparently overlooked by most browsers. Argh. Again.
https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Re...
http://lcamtuf.blogspot.com.au/2014/03/messing-around-with-d...
The content-disposition filename is an effective hack to fix RFD. But as other commenters pointed out, just linking to evil.com/worm.jpg.exe achieves a similar effect to RFD, and can be just as effective on many users.
Windows has failed to warn users about what is happening when random executables are run (and RFD attacks that in particular). They should improve on this.
Perhaps the browsers should also change their behavior? They could prompt users with information about what is happening when a protocol specifies that a download should begin.
1) Aren't the people who would execute files that randomly download exactly the people who can never find the files they download?
2) Aren't the people who execute random stuff from the Internet also the people who won't be able to tell whether a URL feels trustworthy or not?
So by 1) you could just as well serve funny.jpg.exe to the victim, and by 2) you can reach a wide enough audience by serving it from your bad guy domain rather than trying to masquerade as Google.
In any case, it seems that the real bug is that browsers don't properly recognize `;` as a separator and can derive the resource name from what comes after. That's definitely a problem; it would be crazy if, for example, you could craft a querystring ending with "&/file.bat" and the browser would parse it as a file download.
Perhaps someone could verify the following.
If a user is logged in without privileges (not the admin user for example on Mac but a "standard user") then there is no (is there?) way to "gain complete control over the computer" without entering an admin user and password later in the process.
Typically I operate two (or more) logins under OSX. One is "standard" user and one is "admin" user. I only browse under "standard" user never under "admin" user. To me "admin" user really serves no purpose but needs to be there for obvious reasons.
This way I always have to enter the name of an admin user in order to install or make any system changes.
Further, from the command line I would need to do:
su <admin user name>[password]
and then
sudo -s [password]
It wasn't super-easy to figure out who in the grand ecosystem view of things is going to have to care about these instructions, but I guess database and OS folks.
Also, if the author reads this, the first block quote with instruction descriptions has an editing fail, it repeats the same paragraph three times (text begins "CLWB instruction is ordered only by store-fencing operations").
It is plausible that with another layer of in-package cache they could eliminate DRAM altogether, replacing it with ultrafast NVM. Imagine the resume/suspend speed and power savings of a machine whose state is always stored in NVM.
There are alternatives. Non-volatile memory could be treated as a key/value store, or a tree, with a storage controller between the CPU and the memory device. With appropriate protection hardware, this could be accessed from user space through special instructions. That's what I though this article indicated. But no. This is just better cache management for the OS.
Memory is becoming the new disk. This could have major security implications, as memory contents are unencrypted in general.
Fortunately, Intel CPUs will have hardware support to encrypt SGX enclaves. Perhaps that support can be used for general memory access as well.
Is this really a privacy breach? It's been obvious that Google stores revision history since it launchedyou've always been able to access a thorough revision history in the UI itself...
As somebody who has worked full-time, over-time, and essentially in my sleep with Word files, PowerPoints, and highly sensitive bid documentation...yeah, I have to agree working in the cloud for this kind of stuff strikes me as career suicide. Maybe not in your turf, re: software development, but with respect to management, operations and marketing people, there should only be one person with the key to the kingdom. I'm not kidding about this, even if just talking internal development.
Also, this is why everything went out as a locked down PDF, unless explicitly mandated otherwise by RFP/etc specifications...and even then, Track Changes > Accept All Changes is gospel. Anybody in my line of work saw what the .GOV did with converting PDFs and simply redacting with a graphic over the text...yeah, that's why I'm a first-class proposal developer, because I've seen carnage yo.
I am curious to see who is (brave enough?) to show their writing process in all its glory.
I dislike revision-able software for a number of reasons. Privacy is the foremost reason. Yes, yes, "if you've nothing to hide, you've nothing to fear..." That old chestnut gets trotted out every time someone worries about security or privacy.
Since about 2000, I keep my documents in plain text only on an encrypted drive backed up several times over -- none of the backups are online, but I'm still good if my house burns down, my machines get stolen, you name it.
No, just no.
[1] http://wave-protocol.googlecode.com/hg/spec/federation/waves...
[2] http://code.google.com/p/wave-protocol/ - wave protocol project (initiated by google, now maitained by apache) is the root from where gdocs adopted OT.
Is this a typical way to write a magazine article? I wouldn't have expected so much time revising the opening sentences before getting the rest of the article in place. (But there's probably a lot of variation between writers.)
The author mentions that his system doesn't handle rich text, which is fine, but I'd just like to comment on how difficult of a problem handling rich text is. If anyone is interested in having a personal text-only replay editor, check out http://sharejs.org/ by an ex-Google Wave engineer.
As far as handling rich text, I've talked to the original co-founders of Writely (which became Google Docs), and I've also spent a good 8+ months on it as well. There are lots of tradeoffs involved, that diff-patch-match (as mentioned in the article) won't work on. Doc's ultimately expresses styles as applied ranges, rather than actual markup.
Point being, Google keeping every keystroke you've made is absolutely necessary for realtime collaborative writing.
So will document retention specialists trying to foil laywers doing discovery.
So will hackers looking for sensitive information, and security specialists looking to avoid sharing sensitive information.
There probably really ought to be an "erase history" function.
I don't use Google Docs (and probably never will), but if I did, all those requests - "these /save calls every time I typed something" - would be enough for me to investigate why it's generating so much traffic. I'm using an OS that still has a useful network activity indicator icon, so I easily know when there's data being transmitted/received when there shouldn't be.
There's a line of thought that says those sorts of indicators are unnecessary and a distraction, and that maybe valid justification for removing them, but I can't help feeling like their removal is making users more unaware of what their machines are doing - and thus easier for companies to do things like this to them.
But I'm curious: Can one delete these kind of revisions displayed here? Those visible in the GDocs UI are only a few, mayor revisions (which may be troublesome in itself for people not knowing about it and sharing a document).
Actually, Firepad does replay the history to display the current version on load (though it also has some snapshotting system to restart faster, but snapshots do not erase the history, they are kept in another location).
Funny that these happened to appear on the same day :)
Apparently Canon's wireless printers are well known for doing mDNS floods:
http://digitalhome.ca/forum/showthread.php?t=148153
http://forums.anandtech.com/archive/index.php/t-2171044.html
The primary issues are touch handling and clipping. The safari team nailed clipping (or they just relied on the GPU to do it for you) and touch handling has always been a little bit hit or miss, fortunately not huge for our requirements (although I did end up writing my own raycasting to compensate in some unreleased things). Chrome has been somewhat of an utter disaster with clipping and based on the current demo, still is (things flicker in and out randomly). They've come a long way (Android Chrome was locked around v18 or so for a while which was completely unusable for this sort of thing), but the fact that Chrome supports both real GPU accelerated and acceleration in software appears to have somewhat muddled their implementation.
If you actually want to implement 3D graphics in production, please learn it first from a proper source.
This free online course get's you up and running on the basics of 3D graphics with WebGL: https://www.udacity.com/course/cs291
There are fairly decent books on WebGL available as well which also run you through the basics.
To get coherent 3D stuff going you need to actually understand what is going on at a fairly deep level, or you will just ruin everyones day who is a stakeholder in your project. Learn to use Blender at least on a rudimentary level. Learn WebGL. Figure out how to get the 3D content from Blender to your renderer. Then reconsider this.
[Note: I have a few years of professional graphics programming under my belt so I think I know what I am talking about.]
I guess this should be a nice test case for lots of work fixing z-indexing/z-buffering glitches for the Chrome developers, because I get constant z-fighting between the objects.
The fact that this works at all is a testament to how amazingly powerful modern DOM rendering engine are. All this from something that was initially designed to layout text on computer screen!
What we really see here is a JavaScript 3D engine with a CSS backend. Impressive - yes. A good idea - not so much.
What? Knowing how to transform each object though is the hard part - especially as scaling needs to change if you are only using rectangles. The demo is a little wonky for me but I am also on an old FF system currently so I will look again when I get home.
I think this is really cool, and could be really interesting - I am mostly wondering how you transform 3D objects into the CSS dimensions.
Also, the CSS syntax seems very straightforward as compared to the WebGL I've seen, which I haven't ever really been able to understand just by glancing at it.
Download the source package and open it in NetBeans! For what I needed clicking build JUST WORKED. For my purposes it was a short trip to adding some new arg commands and modifying functionality, then building and packaging it back into a .deb ready to go. I'm not sure if this is still the case, but NetBeans was pretty fantastic for this just 2 years ago.
I'm currently working on my own library using libuv, http-parser, nghttp2 and wslay, which is very similiar in it's use to node.js. As you might guess a echo server is therefore only about 15 lines of code, but about as performant as your framework. The downsite is that it's not as flexible due to the missing "4-part abtraction" (really an excellent idea).
That's why your release somehow saddens me: When I'm going to release my framework to the public, it might be pretty good for cross platform apps etc. compared to others, but it will never ever be as popular as yours. Heck I don't even have 10 twitter followers.
EDIT: I wrote an example as fast as possible https://github.com/lhecker/libnodecc
Building simple, standalone http services with good performances seems to me what those two projects (proxygen and golang) are really about.
Now the question is, how much faster using C++ is, and how much safer and faster writing golang is...
3D models and audio are saved to the clients disk. It's the state of the persistent world that is stored on the server.
This was probably straightforward for an old game like this but I can't imagine that reverse engineering the infrastructure required for modern games is feasible. I doubt games companies will have the cash or resources spare to consider this from the beginning nor years after.
[1] http://www.gamespot.com/articles/abandonware-now-legal/1100-...
I use "mine" because obviously the idea is not mine. It's an idea I'm sure hundreds of us of have had.
This particular site/product was one I "dreamed up" immediately after a very disappointing interview performance. The sting of that experience made me want to fix it for other people by giving them a clear path for being prepared for "Google-esque" interviews. This particular implementation looks to be fairly well executed. I signed up and hope it works out because I think it could be useful.
What these experiences confirm for me is something we all already know. There are really no new ideas under the sun. Or at least they are very, very rare. Just pick a problem you know you can solve and then solve it the best way you possibly know how and if your best is better than anyone elses best, and it's a good idea, and the timing is right, you'll probably be successful.
On another note, I think it's interesting the creator choose the "2 egg problem" as the example problem. I believe it is the prime example of everything that is wrong with engineering interview culture. Not sure if that makes it ideal material for a site like this or pointless trivia.
Interview questions as a whole apparently have nothing to do with ability to really code. That's just sad isn't it? Riddles are no fun if they have to be solved under pressure.
I wonder if anyone else studies these types of problems and gains something from it, or if they're just asked during interviews and then forgotten.
The best interview I ever had was basically a small amount of spec work accompanied by a writeup of why I did what I did.
I figured that software programmers would immediately latch onto the concept, because they are familiar with the concept of inheritance. You elect a legislator to vote on your behalf, and in many situations that legislator's vote is the same as your own, yet you retain the right to cast your own vote on any given issue.
But there are several objections that I could not overcome:
1) In our free, open, representative-style government, each legislator's voting record is a matter of public record, but each individual citizen's voting record is confidential. If we were to switch to augmented representative democracy, the question arises: Do we make each citizen's voting record public or private? Both options come with potential problems. For instance, if all votes are private, we lose out on transparency, and anonymity tends to embolden people to make some pretty nasty choices. (Exhibit A: Any online forum.) But if all votes are public, it could invite retribution that the average citizen is not equipped to handle.
2) It's hard enough to monitor roughly 535 federal legislators, to make sure they're not taking bribes or kickbacks in exchange for their votes on particular pieces of legislation. Could you imagine if you had to instead monitor all 207.6 million eligible voters? True, it also becomes more difficult to influence a significant number of them through nefarious means. (Suppose you need to bribe five senators to tip the scale in your favor on a particular piece of legislation. So you offer them each $1 million. Now suppose every eligible voter got to weigh in. You'd need to bribe more than 10 million of them, assuming they all voted. And a $1 bribe isn't nearly as attractive as a $1 million bribe.) But on bills where the vote is really, really close ... there is really no viable way to keep everybody honest.
3) A legislator's workload is (or should be) a full-time job. It takes a lot of time to read through bills and understand them. It takes even more time to fully consider its broader implications and its potential unintended consequences. As part of that process, you'll likely have to engage in discourse with fellow legislators; evaluate expert testimony; listen to the concerns of constituents, trade groups, lobbyists, and other organizations; and weigh the potential for the law to be challenged as unconstitutional. All of that takes time, and it's unrealistic to expect every eligible voter to assume that responsibility for the purpose of voting on policy directly.
4) In practice, the cases in which this augmented representative democracy would result in a vote different from the legislator's would be relatively few -- and yet there would be a whole lot of extra effort required to support the system. Basically, you would need an issue where the legislator's vote is different than what the people who elected him would expect (and the legislator, if he wants to be re-elected, is only going to do that sparingly), and you would need a substantial turnout of people willing to overrule him. Considering how few people vote in general elections, that's a tall order.
5) When you break it down, augmented representative democracy is really direct democracy, and not true representative democracy. And one objection to direct democracy -- take it for what it's worth -- is that there's a danger of mob-mentality policy decisions. If you look at some historic decisions, at least here in the U.S., the legislature was a bit ahead of the curve, compared with the population at large. So ... I guess the question is ... could direct democracy have derailed or delayed something like the civil rights legislation of the mid-20th century?
I worry that letting people delegate their vote to their favorite outspoken political ideologue would make things even worse, because it would give those people real and direct power. Imagine Rush Limbaugh having the power to vote on behalf of millions of people.
I can recommend reading this proposal: http://www.context.org/iclib/ic11/calnbach/
The clear benefit of this approach is that it would be a much simpler and more transparent process, with far less opportunity for the emergence of career politicians and corruption. People would also feel that they were far closer to the democratic process, when they were represented by others just like themselves, and the actual decision makers may be enticed to make better decisions when they are ordinary people that will have to live with the result of their choices afterwards.
Rather Than governmental Democracy. Have a system where people can communicate information and ideas to large non-governmental entities.
Run a tree of delegates who feed information based upon its quality up to a higher level. Anyone may listen to anyone and speak to anyone but you can also choose to ignore anyone. You choose delegates for each individual case by picking someone receptive to your comment. People higher up the tree will generally only listen to people they know and trust.
This system would provide a useful middle ground to the current situation that people find themselves in when they need to communicate. Their main point of contact are automated systems or de-facto automated humans following processes. To get action on some significant issues, you need to win the publicity lottery and have you case become virally popular to the point where someone who can actually help makes contact.
It isn't as ambitious as running a government, but would serve a real need. As an example of the sort of thing where this may help, there have been numerous instances of Obvious Malware on the Google Play store that have managed to acquire a significant number of downloads. When these instances have been noticed and appear on reddit /r/android, they are swiftly removed from the store. I'm sure similar instances have happened where a company has taken the action they needed to take only after the problem has reached the front page of HN. Rather than having to make a big public noise (which only really works for a few), people should have an avenue to get information where it is needed.
As a business model I would aim to have companies pay to have their top tiers of the tree managed by full-time staff.
This is absolutely what's going to happen if such system is implemented.
Appearing to delegate one way, but having their votes counted another way? Seriously? It is way too complicated for an average voter. Even if you implement some sort of plausible deniability scheme (so that aforesaid someone can't just login with your credentials and set it up the way they want) - imagine explaining plausible deniability to a 90-years-old grandma or some uneducated farm worker, or a drug addict...
Elections are rigged this way even in countries with supposedly secret votes: bad guys might ask you to prove your vote by, say, snapping a picture of "correctly" filled ballot alongside your ID, but even that is not necessary - enough people will do what someone with power tells them to on a vague threat "if you try to fool us we will find out", or because it's a "patriotic" thing to do, or simply because they are told to and don't know better.
Not to mention that a huge number of people just couldn't care less. Half of population simply don't show up at the polls. How many of them will simply sell their right to vote for a token sum of money?
The current system is bad in many ways [1], but this proposal is even worse - way too much potential for abuse.
[1] Some reasons why - http://en.wikipedia.org/wiki/First-past-the-post_voting
On the other hand, I do have some faith my my fellow citizen. Ask a group of us to set aside some time, do some research, sit down with some others, and make the best decision we can... and it wouldn't surprise me if we did a better job than either the legislature (not having to constantly think about how X will play with Y in the next election) or the broader mass of voters (having the time to focus on one particular issue, and knowing we have the responsibility of having our voice matter).
Oh, and pay us a high rate for our time. It would still be cheaper than running a campaign.
But it is very much still pervertable, and the devil is in the details as always.
It would be nice to see a thorough analysis of the ways DD can fail, and mitigations. Andrew hinted as some (including privacy and coercion) but most discussions are this are light on critique.
* The problem of the majority "choking" the minority in each district in the ordinary majoritarian system
* The problem of partisanship tending towards mergers and eventually a dual-party equilibrium in the proportional electoral system
I'm pretty sure this idea is not new and even has a name. And I'm wondering what potential drawbacks such a system could have.
Wouldn't it be subject to the same limitations of the electoral college, that future laws could restrict how delegates vote based on popular election results, etc.?
Another might be that a delegate could present a popular set of views in public for the purposes of gaining a large number of delegate votes but then they could privately vote for their real beliefs which might be much more fringe, or perhaps they might change their mind close to the election.
Besides, people already vote with their dollars in the private sector, which should be the first place to attempt to solve problems.
Who writes the legislation? Do we still have representatives for that? What does the Senate do? Seems to require a massive re-write of the constitiution. A non-starter.
Here's what I said previously. https://news.ycombinator.com/item?id=2936365
I'd say something approximately as arrogantly today.
Price discrimination appears, at first glance, to be about maximising profit, but really it's about clearing the market.
Say you're a cinema, and you set your list price for a ticket at 10. 20 adults show up and buy the tickets and are happy. Then 10 students show up, scoff, and go home - they weren't willing to go above 7. The market has not cleared: you'd be happier with 70 from them than the nothing you've got, and the students would be happier being 70 worse off but having seen the film. Neither party got what they wanted, no trade occurred, and no economic value was created.
The situation could be improved so that everybody gets what they want without harming anybody else: set a student rate at 7. Students get to see the films and your cinema makes more money - everyone is as happy as they could be.
In this example, the criteria for price discrimination is discovered by intuition, existing knowledge of students, maybe surveys. But even this isn't ideal - what about that one really tight student who buys pasta in 20kg bags and who values a trip to the cinema at 4? Ideally you want their 4 and they want to see the film - but how to cater for them without shooting yourself in the foot by making the student price 4 across the board?
Until the advent of the internet and fancy algorithms that could at least try to understand you, you couldn't. But today maybe we can.
Everyone has their own "true" valuation for a given product (not how much they think it should be worth, but how much they're willing to pay), and if you're a supplier with a magic ball which can divine this with 100% accuracy then you're as well selling your product at 1p over cost if that's your customer's true valuation. Again: they get the product they wanted and you get profit you couldn't have had any other way, and everyone's as happy as they can be.
But we don't have magic balls, and you can't ask someone for their true valuation because suddenly you'll find yourself knee-deep in a bartering game of bullshit and lies. Your only option is to try to divine it somehow.
This is what these guys are doing. And it's a good thing. To say "this is wrong and it should stop" is incredibly selfish - with reference to the example above, an equivalent statement might be "Yes I'll pay 10 to see this movie, but only if those students don't get a discount, which I implicitly understand to mean robbing you, dear cinema owner, of 70, and those students of the chance to see this hot new flick, even though both of those things are fuck all to do with me."
If you're a habitual bargain hunter (not out of necessity, more as a personality trait) and you're feeling affronted by this then all you need do is take a cue from these companies and adjust your tactics to suit the 21st century. Googling around may have done you proud up til now, but the world has moved on. I daresay that once you've mastered the art of using a VPN, user agent spoofing, and possibly the cultivation of a set of dishonest consumer profiles, you may find you'll save even more money in the face of this new enemy.
For instance, Artificial intelligence a modern approach is $135 right now, but using this site I can see that it was <$90 in January of this year and it hit $100 in September: http://camelcamelcamel.com/Artificial-Intelligence-Modern-Ap...
Same story with Introduction to Algorithms, except it is now $80 and the lowest it hit was $44 in October: http://camelcamelcamel.com/Introduction-Algorithms-Edition-T...
some may claim that these practices can benefit consumers, but unless it's done transparently in ways that consumers know and understand, it primarily serves to increase information asymmetry.
1. Each shopper specifies the max they're willing to pay for the item. Perhaps pre-auth this price on their credit card.
2. Merchant calculates - for every hypothetical price point - total revenue from all the shoppers who would we willing to pay at least that hypothetical price.
3. Whichever price causes the most revenue wins. All shoppers who are willing to pay at least this much are charged and receive the item.
http://www.ccs.neu.edu/home/cbw/pdf/imc151-hannak.pdf
The authors didn't find any smoking gun. None. Zero.
They found some travel sites offering member discounts--no surprise there. They also found sellers were personalizing search rankings--no surprise again. And they found a persistent pricing differential for Home Depot, but were careful to note that it could be a server-side quirk.
Several years ago, for a brief period I used no user-agent header, which caused quite a few sites to show nothing more than an obscure "500 internal server error" message, which disappeared as soon as a UA header was added, even if it contained nothing more than random rubbish.
It's a pretty amazing story about brining full instant on scientific notebooks to everyone.
It's running on the High Memory OnMetal instances here at Rackspace. Each container gets 512mb of ram.
I love the reproducible science movement and iPython is perfect for that. Glad to see Nature talking about it.
As much as I hope things like this will be a tipping point for python in the scientific community (from a major player to the dominant player), monoculture hurts everyone. Fortunately, one of the great things about ipython/jupyter is that it's designed to be language independent.
I'm sure a lot of folks here are already aware of this, but just in case you're not: There are Julia, R, Haskell, Ruby, and who-knows-what-else kernels for ipython/jupyter.
I know the basic idea has been around for a long time (e.g. Mathematica), but ipython really is an incredibly well-done and flexible execution of the idea.
Can someone tell me something about the notebook? I want to decide if this is something I should bookmark, and visit at a later date.
"Conflict"
They all say
I'm a child of few words
This I don't deny
But actually
Whether I speak or not
With this society I'll still
Conflict
"They've always told me that I was a quiet child. I do not deny that fact, however, whether I speak up or not doesn't alter the fact that I feel incompatible with this society."
The main beef I have with the translation is that conflict is a very explicit word whereas Chinese is much more implicit. It's pretty obvious that there was a large disconnect with what he wanted out of society vs reality. This is unfortunately quite common in China.
Being someone who grew up reading Chinese novels extensively, I can attest that the culture itself is heavily romanticized and when compared to the modern subversion influenced by the communist party, it's figuratively night and day.
[1] http://www.cbc.ca/fifth/episodes/2013-2014/made-in-banglades...
"Conflict" They all say I'm a child of few words This I don't deny But actually Whether I speak or not With this society I'll still Conflict -- 7 June 2013Every socialist experiment I'm familiar with has almost instantly devolved into a form of a capitalism based on social pull with the bureaucracy rather than financial leverage. The final endpoint of this trajectory seems to be the mafia state -- pure social pull capitalism within criminal-state complex hierarchies.
If there's a solution here, it may not lie within politics as we ordinarily think about it.
Alternatively, how about sowing 0.01% of your cash back into these workers and demanding that the factory improve working and living conditions?
What is different about the Universal Fund? Is this just the formal announcement of what was already in place? Also, will Teespring be matching the recurring donations that were already in place before this announcement? Thanks!
When I fund a watsi patient, I usually post it to my facebook and try to herd a whole bunch of my friends into giving to the patient.
Something to think about: How does a funder know if the partner is not giving raised prices the operation. How well do you guys trust the partners and how close are your relationships?
[Edit] Found more info about the partners in their FAQ: https://watsi.org/faq#what-is-a-medical-partner. I guess the FAQ pretty much answer my questions.
For people who haven't tried the normal funding flow for Watsi - https://watsi.org/fund-treatments, directly funding someone's healthcare is an amazingly personal experience.
It literally costs you $10 to be part of changing someone's life and sometimes $100 to be the difference between them getting treatment or not. Making the donation recurring lowers the friction for someone to keep helping people if they had a good first experience.
Putting a face to the contribution bridges the gap. Sign me up!
But last night an article ran in our local paper stating that the Coast Guard will continue to enforce federal marijuana regulations [0]. In Alaska, that's a huge asterisk next to legalization. You can't carry marijuana on a boat, which includes the ferries in southeast and throughout the Gulf of Alaska. That also impacts all of the villages throughout the state whose main access is by river. And finally, transporting marijuana by air is against federal regulations as well. That means marijuana is essentially legalized on the road system of Alaska, which leaves much of the state in another legal limbo.
I look forward to the day where the entire country has a more reasonable approach to marijuana regulation.
[0] http://juneauempire.com/local/2014-11-03/smoke-water#.VFpFQT...
EDIT: Looking at the results, these counties that voted 'No' surprised me
Los Angeles County (Los Angeles, Long Beach, Glendale, Santa Clarita, Pomona, Palmdale, Pasadena, Torrance, Inglewood, Burbank, Carson, Santa Monica etc.)
Santa Clara County (San Jose, Santa Clara, Cupertino, Gilroy, Palo Alto)
Riverside County (Riverside, Moreno Valley, Corona, Palm Springs)
Orange County (Santa Ana, Anaheim, Irvine, Huntington Beach, Laguna Beach)
Will these areas kneejerk the same restrictions with marijuana, or will they wait to see how the community reacts?
/serious off
It's illegal to give a moose alcohol in Fairbanks:http://www.legalsource360.com/index.php/strange-laws-in-alas...Hope they're not left out, again.
Back in the 90s I would not have expected all other "Cascadian" states would legalize marijuana before British Columbia.
http://www.youtube.com/watch?v=wBPsbgKeIFM
Hopefully all her energy was enough.
Interesting historical fact is that initial tensions over marijuana came about because slaves, and later Mexican labourers were frequent users. White plantation owners (tobacco farmers) took issue with their practices. So, at least in part the banning of marijuana can be partially attributed to racism.
We lead the nation in welfare, alcohol abuse and fetal alcohol effects, suicide, sexually transmitted disease, credit card debt, number of women murdered, and domestic abuse.
Now we are all going to be high as a kite, too.
This does not make my job any easier.
It was good to have an opportunity to reveal a few additional details, like how the guy wanted their passports in exchange for a "room", and other behind-the-scenes info I didn't want to share with the whole internet while it was happening.
The incident helped catalyze and strengthen anti-trafficking efforts within the State Department. Pollomacho, the State Dept. rep who contacted me, ended up receiving a meritorious service award for his work.
I posted other updates over the years if anyone is interested. http://metatalk.metafilter.com/23482/Hazlitts-love-letter-to...
This is pretty corny:
Every year I go to Burning Man. It's the only "real" vacation I really take. I completely detach. No phones, no television, no news from the outside world, and except on days when I have volunteer shifts, no sense of "time".
It's pretty amazing how much you end up detaching from "default" world (which is burner parlance for the world outside of Black Rock City). By a few days in, default just feels impossibly far away, like none of it matters whatsoever, and you are completely detached from it. BRC is on another planet, and Default Planet doesn't matter.
All of the social conventions are different, all of the interactions or somehow (although indescribably, at least for me) different. Everything just feels different somehow.
Do most people get that feeling on "normal" vacations?
When it turned out nothing quite so dramatic happened to the first space travelers, the idea was dropped, but it's certainly worth considering that less dramatic effects might yet have practical import in the future of human space travel.
(continued here)https://www.youtube.com/watch?v=jIJRoj2qwsc
When James May returns to the Earth it's obvious that he's had a very special experience.
"If everybody could do that once, it would completely change the face of global politics, religion, education, everything."
This isn't supposed to be scary, just a reminder that you can lose control easily.
This is a complex issue and if you think it goes away by saying things like "well then don't stand in front of the camera naked." then you are missing the point.
Somethings are not good for the cloud, not only is there a picture of your buttocks in the cloud, its a lot easier to get a warrant to peek at Dropcam/Google's data than it is to get one to get a computer from your house and scan its hard drive. And if someone is fishing for a reason to get your attention, well getting snapshots inside your house is a lot easier than getting a search warrant for your house.
I was looking at the comm vaults Comcast and others put into the ground where they are doing fiber pulls and realized that it wouldn't be that hard to put one in a back yard, or in a weird kind of data center (kind of like a cemetery but selling server vaults instead of burial plots) which would at least keep your data 'off site' in the sense that your house burning down wouldn't cause it to go away.
But this is like saying "If you don't want to get scammed, then don't respond to scammy emails." That is, it's perfectly good advice, which is fine for people who visit Hacker News, but maybe not sufficient for the vast majority of people who aren't aware of the ins and outs of our rapidly advancing technology.
There are whole communities of people devoted to the practice of finding women who accidentally configured their phones to upload all pictures to a publicly accessible cloud storage server. The women whose nudes are distributed this way may not realize their pics are being mirrored- or they may assume it's to a private site (because why the hell isn't that the default?!?)- or they may have shared these pics with a dude who made the same mistakes.
But regardless, the point remains- any individual is easily capable of being immune to this problem. But there's a whole population of vulnerable victims who don't even know they're being victimized. And that is a real problem.
If you don't want naked pictures of yourself taken, then you don't undress in front of a running video camera, right? Seems kinda obvious.
This fellow put together a setup that automatically takes pix of whatever happens and uploads them to a company's server and ... he's shocked when it does what it's supposed to?
I don't get it.
--------
EDIT. Been pondering this. Perhaps he began with a misconception akin to that of a politician who wants a backdoor for the good guys to use, but who doesn't understand that if the good guys can use it, then so can the bad guys. Then the e-mail and his resulting thoughts showed him that he wasn't thinking about the world properly; thus his feeling of shock.
It'd be nice if Dropcams were more hacker friendly, and allowed recording to personally-owned devices, instead of forcing you to use their (fairly expensive) cloud recording service.
(Not to mention the ~100ish GB/mo bandwidth savings to stream this video, which is a fairly nontrivial requirement.)
It has definitely made me more mindful of situations like this.
(It actually sporadically refuses to take a photo on the new laptop right now, so http://lishin.org/pavelcam.jpg doesn't always get updated.)
What if you want a remote live stream?
Linux or OS X, please.
It's a good idea but you probably shouldn't buy the fancy "cloud" version. Just set up your own FTP server ...
Now that the data is in someone else's control there are no guarantees whatsoever as far as who has it and if it's been deleted.
Yes, you are doing it wrong.
On the plus side, everybody has an ass and this one is so far into the background of the picture that the only conclusions I can reach about the subject are 'Mathowie is quite pale' and 'he has an ass like every other member of the human race.' In other words, this isn't really awkward enough to serve as a cautionary tale to anyone else. Now if he had been dressed up as a lobster that would be quite a different kettle of fish.
But I'm pretty sure the NSA doesn't care about looking at some random guy's ass.
In the unlikely case that they do need to investigate the ass for national security reasons, they aren't going to disseminate the picture to the world, similar to how they don't disseminate intelligence data.
Which means the ONLY way the public will see the ass-picture is if:a) The ass is of interest to national securityANDb) The ass is of such concern to national security it is stored in the NSA's internal ass-databaseANDc) There exists some kind of ass-Snowden that leaks all the asses in the NSA arsenal.
...why does anyone care about this?
When my dad passed away, I went through his computer to help my mom figure out what to do with it. I say it was to help my mom, but really it was one last conversation about computers with my dad. I pored over the projects he was working on, and the books he had open on his desk. I remember thinking that this was the last language he'd use, the last modern framework he'd be working with. I remember feeling sad that no one would get to use this last project he was building.
So I see the old OS's popping up in the virtual machines described in the article, and all I can see is my dad. It starts to feel like grief, but then that feeling mixes with appreciation for everything my dad shared with me over the years. I didn't go into programming professionally out of college, but my dad's passing is pulling me back into it. I wish for one more day's conversation with him, to share what I'm doing these days.
We all love programming for many reasons, but at the end of the day it's really about how our work with computers and programming brings us into close circles with some of the best people we'll know.
"Windows is the Superbowl Halftime Show of operating systems. Given what everyone got paid, and how many people were involved, youd think it would be a lot more memorable."
As someone who spends a lot of time with Windows...yeah. But the post is really an amazing blend of technology and sentiment, kind of reminiscent of Neal Stephenson at his best. Makes me want to dust off my PDP-11 emulator and take another crack at Unix V6.
I feel no amount of planning an getaway vacation or getting a great project at work etc can bring me back that feeling of just kicking back with my friend jacking around with HIMEM.SYS to play Falcon 3.0 while we waited for duck tales to come on...
I miss you Nick - I wish you never found that gun.
Well done.
I have an Apple //e on my home work desk. It's running nicely, and it has a spiffy card that allows me to plug a USB flash drive in, boot from an image file on it, and reenter the first real computing world I started with.
Prior to the Apple, I got to flirt with a TRS-80 Model 1 a neighbor owned. Writing a few BASIC statements and actually having the machine respond was intoxicating for me. Loved it, and I knew right there and then I would be doing things with and on computers.
The Apple //e machine represents a whole lot of that early discovery time we all are thinking about. It was open, had a monitor, mini-assembler, reasonable BASIC, and, and, and...
I got bootstrapped onto computing and the magic of assembly language on that machine. And there were others, but that one really was the first. The friends I made, stuff we did, things we learned were like magic. I miss it all.
So, I boot that machine every so often. Really, I always just want to know if it still works. Then, I decide I want to write, play, code, and I do.
When I write, I can do it on that excellent keyboard, with the machine and it's memorable feel. The whole thing takes me back in time, and I do remember. And then I can get it back onto a modern machine with that same USB stick and wonder at such a gap, still being useful.
I was moved by the idea of keeping in touch with the little kid part. Yes. I have a great memory of my childhood, and can tell you many events, times, places, things, people. To be honest, I draw on it an awful lot. Sometimes it's to realize new perspectives for what they are, not as they are framed up, or colored to be. Other times, it's to remember that spark of interest and the drive to learn and explore.
Play. That too.
I love these machines and I love all the people I've come to know related to them. To me, I can understand a lot about somebody when we share a computing experience, be it retro, modern, or maybe something of a hybrid, like embedded.
@japhyr, I don't do it professionally either. Though I have done a few projects, drivers and problem solving. As you are aware, it's a bug that bites deep. Doesn't let go. Have fun. Remember. Your Dad would be happy with you doing just those things.
I have had a relationship with computing like many of the commenters here. I remember our kindergarten teacher letting us take turns grounding ourselves under the keyboard of an Apple IIe. I can't explain it but I could tell from that moment that I had a thing for computing technology.
I remember playing games at a friend's house on an IBM PC. Her dad worked there and we would just mess around and had no idea what we were doing in the game. I just loved interacting with the thing.
I remember long nights playing games on my cousin's C64. Playing Archon and some racing game. Doing basic programming.
I begged my parents for a computer and we eventually got one in 1993. It cost around $2,000 back then and was 33 MHz, had 8 MB RAM, and had a 207 MB hard drive. No sound card, CD ROM, or printer at the time. Game over from that point on. I knew I had to do something in computing technology for a living.
Things seem so figured out these days. I wonder if kids get that same feeling of novelty we got back then?
I'm over-thinking this, but it honestly transports me to old web fora and Usenet newsgroups and late nights with a modem, stumbling around in alt. and coming across spammed chapters from "The Trance-Formation Of America" is pretty damned creepy at 3 AM when you're the only one awake, and learning about the deep C secrets in chatty posts is amazing when your only other source is "Learn Java in 21 Days For Dummies", but O'Reilly books come close.
Names come back. Dan Pop. Chris Torek. (I'm pretty sure they're still alive.) From a different group, Pascal Bourguignon, whose name I spelled right the first time although I'm sure I still can't pronounce it.
Strange typographical quirks. That's all it takes.
So, so very relatable. Thank you for this. Now I want to figure out where I put my old archived BBS, unpack it, and take it for a spin in the dark.
I'm always trying (and occasionally succeeding) to recapture that feeling of catching a glimpse of some amazing thing in a game magazine. The wanting and imagining was always better than the thing itself, which is probably why I generally seem to prefer watching screencapped videos of the games to actually playing them.
Does anyone think that some "retro programming" tutorials would be of any interest?