hacker news with inline top comments    .. more ..    20 Dec 2014 News
home   ask   best   4 years ago   
Scans of North Korean IP Space
132 points by djcapelis  2 hours ago   23 comments top 9
ll123 5 minutes ago 0 replies      
Countdown until North Korea starts nuclear war with us after a vigilante counter hacks them
totony 1 hour ago 1 reply      
Despite the controversial topic, I think it is interesting to see what one can conclude about a country from freely available information (even though the nmap'ing might have been illegal, I'm not sure about laws regarding nmap anymore).
JonnieCache 1 hour ago 0 replies      
Kudos for resisting the temptation to login to that macbook's VNC server. Or at least, kudos for not telling us about it.
jmnicolas 47 minutes ago 1 reply      
I was surprised they're using Cisco. Some Chinese hardware (Huawei ?) would make more sense : both are back-doored, but at least the Chinese are kind of allies.
chubot 52 minutes ago 4 replies      
What are some good books/resources on things like "allocated" and "assigned" IP addresses? i.e. Internet governance, and IP in general? Where is he getting the data like: "inetnum: - ..."?

Also are there tools that take a list of services on ports and map it to likely hardware/OS?

I have been programming for a long time but somehow I missed out on this kind of networking knowledge. Are most people who know this stuff network engineers?

alexivanovs 1 hour ago 0 replies      
It seems strange the the author implies us to do some searching through the findings, but really, he has already given away most of what you can find...
berberous 26 minutes ago 3 replies      
The general population doesn't know or give a shit about the torture report. The educated don't really give a shit beyond shaking their head while reading the report in the Times, or posting a link on their FB saying that it is 'shameful.' Sad, but true.

We've known about these practices for years. The Abu Ghraib scandal was 11 fucking years ago. We've known about waterboarding and Guantanamo for years as well.

All of which is to say, I think if you believe that the U.S. government needs to create a false flag operation to bury the report, you are seriously out of touch with the political reality. Public apathy will bury it for them.

hspak 1 hour ago 1 reply      
Why is this Fishy? I suspect the author didn't feel comfortable dealing with this controversial topic on his main account so he made a throwaway.
billions 22 minutes ago 4 replies      
There is no way North Korea had the sophistication to hack SONY. Hacking requires knowledge of the latest security vulnerabilities. It's impossible to develop good hackers on such a censored network.
World Order: Why the ordering of some linguistic elements is fixed (1975) [pdf]
13 points by acangiano  56 minutes ago   discuss
N.F.L. Playoff Simulator
22 points by erickhill  1 hour ago   5 comments top 2
mbostock 56 minutes ago 2 replies      
Thanks for posting this.

The most enjoyable part of this project for me was implementing the NFLs incredibly elaborate tie-breaking procedures in code: taking a plain English description of the rules (that requires some interpretation) and porting it to JavaScript.


We should be open-sourcing the simulator implementation (the model, but not the UI) soon so you can see how it works.

There was also a fun moment when I realized I could make the simulator 10x faster by computing only the seed of the selected team, rather than the full order of teams in the playoffs. This avoided a lot unnecessary sorting and tie-breaking!

foobarqux 51 minutes ago 0 replies      
Note that they assume that every team is equally likely to win or lose any given game.
A Poor Imitation of Alan Turing
18 points by dave446  3 hours ago   5 comments top 4
geographomics 1 minute ago 0 replies      
I had the same feeling when watching this film. Instead of giving this portrayal the depth Turing deserved, Cumberbatch instead fell back on his usual typecast genius character with minor tweaks. Very disappointing.
NathanKP 10 minutes ago 0 replies      
I agree with the author's criticism of the movie, but I still personally enjoyed The Imitation Game.

It's good entertainment even if it is quite exaggerated and not 100% historically accurate. If it exposes more people to some of the history of computing and one of its great early engineers then I think that is positive.

revicon 16 minutes ago 1 reply      
TLDR; Real life doesn't make for a movie anyone wants to watch, so the director added a bit of extra drama and rearranged a few things to make for a coherent story.
thesimpsons1022 6 minutes ago 0 replies      
Why does benedict cumberbitch have to smear all my heroes D:. first assange, now turing.
Why Why Functional Programming Matters Matters (2007)
39 points by olalonde  8 hours ago   4 comments top 3
vorbote 1 hour ago 0 replies      
Better formatted version of the blog post:


The original paper by John Huges mentioned in the posting:

Internet Archive: https://web.archive.org/web/20070323095313/http://www.math.c...

PostScript, PDF and the BibTeX reference.

jonahx 1 hour ago 1 reply      
Related: Does anyone know of an html / epub / mobi link to the original paper (I could find only the pdf)?
icebraining 6 hours ago 0 replies      
DuetDisplay and Unattributed Open-Source
96 points by cyphunk  4 hours ago   42 comments top 9
mronge 1 hour ago 2 replies      
We've been developing app that also streams video content from Mac to iPad, and this recent Apple reversal on USB has been very frustrating for us.

About a year ago we submitted an app to the App Store that uses the same USB tech (PeerTalk), we wanted to see if Apple would allow it (we didn't want to build a business around something that could change on a whim). If it was allowed that would have changed the entire direction of our development. An Apple rep called us and informed as that USB access is not allowed.

With this in mind we went ahead with using WiFi, which has been HARD and time consuming. Now Apple all of a sudden allows USB access, what?!

How does Apple expect people to build serious apps when the ground is shifting beneath our feet?

Anyway.. I should write a post with more details.

beltex 1 hour ago 0 replies      

PeerTalk's README was just updated with a note about DuetDisplay.

steipete 2 hours ago 0 replies      
It's always possible that they have custom contracts with the creators of these open source projects; CocoaSplit could have offered them a custom license without x264 so that part can be dial-licensed.
cyphunk 51 minutes ago 0 replies      
Dean (the author of the article) mentioned that several other apps have attempted to use peertalk and other OSS code this app uses but had their app rejected by Apple (e.g. see mronge's comment). So perhaps the lack of attribution was made with the assumption that use of these OSS packages was part of the reason for rejection. If this is not the excuse then I can't imagine any reason for it. Attribution in this form is a simple footnote somewhere and giving credit to others never hurts your own brand. In fact I'd argue it contributes to it.
christoph 2 hours ago 5 replies      
I paid for it and have had very little luck in getting it to work properly. I've mailed their support and heard nothing back. I would personally advise people away from giving them money, especially now I know of their lack of crediting open source projects.
codezero 2 hours ago 3 replies      
Since the MacOS app is free, does the creator need to do anything but give attribution? Seems like the place to focus on for license issues is the iOS app which costs $10.
colinbartlett 2 hours ago 3 replies      
Can someone educate me a little more on these license issues?

What actual benefit is derived by an open source project when they are credited somewhere deep in an about page? Is tangible value provided there?

I feel that if I had produced an open source library, I'd be less interested in having my name anywhere near a project that I didn't actually produce. But I have little practical experience with such things.

zitterbewegung 2 hours ago 0 replies      
The only real way to fix this situation is to threaten some type of legal action to enforce your copyright or your licence is really meaningless.
jawngee 1 hour ago 2 replies      
Not taking sides one way or the other but:

- CocoaSplit's licensing isn't anywhere BUT in the credits.rtf which is buried. It's not in any of the source headers, not in the README.md. If you aren't using the app part of CocoaSplit, you would never know it was there unless you grep'd. And who amongst us has grepped for a license?

- PeerTalk and GPUImage are permissive licenses that only require attribution

I don't see what the big deal is, to be honest.

Bootstrapping POWER8 Little Endian and Common Pitfalls
36 points by wmat  4 hours ago   1 comment top
jmnicolas 40 minutes ago 0 replies      
I'd be curious to have some benchmarks to see how Power compares to X86.

According to IBM their architecture is miles ahead Intel, but there's never a real world bench to prove it's not just marketing.

The Spirit of the 1914 Christmas Truce
13 points by dctoedt  2 hours ago   3 comments top 2
Spooky23 40 minutes ago 1 reply      
The key assumption here was the soldiers considered themselves "bitter foes". I'm not sure this was the case. It required "court martial" -- ie. throwing soldiers against the wall and shooting them -- to resume the fighting in some cases.

I think that anyone who lived for more than a couple of weeks on the Western front came to the realization that the people engaged in the fight had more in common than not. The officers and rear echelon folks shot thousands of their fellow countrymen who cracked under the pressure of constant bombardment and death.

So as a soldier or junior officer, you faced certain death both in front of you and behind you. Survival meant huddling for warmth in a fetid hole. Those poor bastards were cogs in a murder machine -- the only "golden ticket" was losing a limb.

dalke 59 minutes ago 0 replies      
The informal truces of the First World War amaze me whenever I read about it. I have similar feelings when I read about the widespread dissent by US troops during the Vietnam War, ranging from Search And Avoid missions, to the "flattop revolts" and suspected sabotage of Navy ships.

The bitterest foes for the troops don't seem to be the enemy troops, but the politicians and upper staff, who offer the certainty of punishment and slander of dishonor, while the enemy troops offer only the chance of death or injury.

If true, I begin to understand why John Kiriakou, the only CIA agent jailed because the US decided to torture people, is a whistleblower and not one of the government torturers, including those that authorized the program. That sort of power structure requires that the authorities be able to be worse to its own people than what the enemy will do.

Cause And Effect: A New Statistical Test That Can Tease Them Apart
50 points by mazsa  6 hours ago   30 comments top 13
learnstats2 1 hour ago 0 replies      
This statistical test for causation (X->Y) is based on the idea that X and Y each contain noise - noise present in X flows causally to Y but noise present in Y won't flow back to X.

But, even if true, it isn't clear that this makes for a good test. For example, it's plausible that Y could have a damping effect and remove noise, which would reverse the results of the test.

"They say the additive noise model is up to 80 per cent accurate in correctly determining cause-and-effect." This has been exaggerated by Medium from "accuracies between 65% and 80%" in the original article.

But a coin-flip model should be 50% accurate. 65% accuracy is unconvincing. The journal article's conclusion admits that their results are not statistically significant in any sense. As such, the results do not even meet the weakest possible scientific standard. They couldn't reproduce earlier published results in this field (typical of publication bias).

Their final paragraph concludes that there is surely a method of doing this, but they just haven't found that method here.

In my opinion, the results do not support that conclusion.

righttoremember 7 minutes ago 0 replies      
In econometrics this approach is called "identification thorough functional form" because it relies on assumptions about the exact distribution of some is the variables.

The main problem is that it requires making assumptions that are very hard or impossible to test. Nonetheless it's an interesting idea, but I doubt this method can replace randomized trials or instrumental variables except in a tiny fraction is cases

cafebeen 2 hours ago 0 replies      
This isn't as generally useful as the title suggests... due to these assumptions:

"that X and Y are dependent (i.e., PXY=PXPY), there is no confounding (common cause of X and Y), no selection bias (common effect of X and Y that is implicitly conditioned on), and no feedback between X and Y (a two-way causal relationship between X and Y)"

panarky 1 hour ago 0 replies      
Here's a tool Google built called CausalImpact to go beyond correlation and get at cause and effect in time-series data.


And their related research into using Bayesian structural time-series models to infer cause and effect.


jsprogrammer 1 hour ago 3 replies      
>Obviously temperature is one of the causes of the total amount of snow rather than the other way round.

Can someone explain how this is 'obvious'?

How can this be a claimed scientific way to tell cause and effect and then drop a sentence like that in the middle of the explanation?

Even if you accept that it's true that temperature determines snowfall, it seems there is likely some feedback loop in there. The fallen snow doesn't just disappear, wouldn't it affect later measured temperatures? Remove a bunch of (cold) snow from an area and the average temperature of the area should increase faster than if you had left the snow, no?

mazsa 6 hours ago 3 replies      
"The key assumption is that the pattern of noise in the cause will be different to the pattern of noise in the effect. Thats because any noise in X can have an influence on Y but not vice versa."[...] "Thats a fascinating outcome. It means that statisticians have good reason to question the received wisdom that it is impossible to determine cause and effect from observational data alone." https://medium.com/the-physics-arxiv-blog/cause-and-effect-t...
raverbashing 38 minutes ago 0 replies      
Would be interesting to test this in data such as these: http://www.tylervigen.com/
streptomycin 1 hour ago 0 replies      
Reminds me of http://www.pnas.org/content/104/16/6533.full - interesting, but probably only applicable to very simple systems. If you have various complex interconnections between components, simple A -> B reasoning is not helpful.
fitshipit 1 hour ago 0 replies      
It's like all statistical tests -- it works really well (provably well) when the assumptions it requires hold. However, it's usually impossible to know if those assumptions hold without holding the desired answer in the first place. That's why nonparametric tests are so popular (not saying they have much to do with the article at hand, but people are definitely willing to get less definitive results in exchange for making fewer assumptions).
xtacy 1 hour ago 0 replies      
Nice article. I think the fact that testing if "X-caused-Y", by exploiting the fact that this is not symmetrical, has also been used by the "pseudo-causality" Granger causality test: http://en.wikipedia.org/wiki/Granger_causality

Also, causality in reality can be quite complicated if there are feedback loops: X-causes-Y-causes-X.

yarrel 36 minutes ago 0 replies      
Sonitus post hoc ergo sonitus propter hoc.
keithpeter 1 hour ago 0 replies      
Has anyone zipped up the data sets referenced in the paper in a handy file at all? Just before I start right clicking...
dang 2 hours ago 4 replies      
We changed the URL from http://arxiv.org/pdf/1412.3773v1.pdf because, with some exceptions (such as computing), HN tends to prefer the highest-quality general-interest article on a topic with the paper linked in comments.

This comes up often enough that it is a good case for linking related URLs together, which is something we intend to work on in the new year.

The 100 Year Old Electric Car
16 points by DavidWanjiru  4 hours ago   10 comments top 3
desdiv 44 minutes ago 0 replies      
Here's a site with pictures of more than 50 (!!) early electric cars:


DavidWanjiru 4 hours ago 3 replies      
I actually submitted this hoping it'd already been submitted and discussed and HN would redirect me to the thread, but it turns out it hadn't been submitted. I'd searched to no avail.Anyway.

If they had a working electric car in 1909, I have no idea what to think. Because there's so much to think:

How different would the world have turned out if vehicles powered with electricity, rather than gasoline, had become the main mode of 20th century transport.

How differently the development of and investment in electricity generation and transmission would have developed if the point above were true.

*How much better off the world would be today, in terms of environmental pollution.

I'd love for somebody to burst this bubble for me, coz the idea that we had a working, production electric car in 1909 but still somehow fucked it up is depressing for me.

ricardobeat 1 hour ago 0 replies      
Is the torque figure for the Doble Steamer correct? 1000 lb-ft is quite a bit more than the 687 in Tesla's top performance model. That car would fly like a rocket.
A Day in the Life of a Kiva Robot (2011) [video]
20 points by ZeljkoS  8 hours ago   7 comments top 3
leke 1 hour ago 1 reply      
Ok, so I'm thinking the need for this could become huge. How does one get into this industry as a programmer? What would I need to learn? What kind of diplomas are useful? What should I start practising on?
jsilence 2 hours ago 2 replies      
Interresting that energy wise it is feasible to transport a whole lot of items that are not being used to the picker and back. But I am pretty sure that this has been taken into account when designing the size of the storage pods.Pretty impressive!
Animats 46 minutes ago 1 reply      
Here's a more useful video of Kiva robots:https://www.youtube.com/watch?v=3UxZDJ1HiPE

This one shows the picking station, where the humans take things out of bins and put them in other bins. A computer-controlled laser pointer points to the item to be taken out, and a light shows where the item goes, and a bar code scanner checks on the human. The job takes about two minutes to learn, and full productivity for new humans is achieved in about half an hour. There is no possibility of promotion. Machines should think. People should work.

Kiva is a huge success. Before Amazon bought them, they had about 20% of online order fulfillment in the US. It's higher now, with Amazon using them. Kiva is so successful because it's so simple to install. All it needs is a big flat floor with some bar code stickers, a supply of cheap shelving units, and the robots. All the robots are small and interchangeable, so they don't have to be repaired on-site and there's no need for expensive on-site technicians and repair shops. So converting to Kiva robots is fast, cheap, and easy.

Automated warehousing isn't new, but it used to be a lot more complicated and far more custom. The older systems involved conveyors, machines that moved on tracks, extensive site-specific and product-specific engineering, and good onsite maintenance. Here's a state of the art version of a classic automated storage and retrieval system in a frozen foods warehouse. (The frozen foods industry has been heavily into warehouse automation for decades, because they work in a sub-freezing environment.) This is impressive, but look at the sheer complexity and number of moving parts involved. All those belts, motors, lifts, and sensors, and all dedicated - if any of that stuff breaks, it has to be fixed, not just bypassed. With Kiva, any dead robots can be pushed out of the way and dealt with later, off-site.


Here's a direct competitor to Kiva. This approach, with tiny robot cranes, is less successful.https://www.youtube.com/watch?v=0-G70CivfLM

Another competitor. This one uses an overhead robotic crane.https://www.youtube.com/watch?v=Peef_5W9nOQ

Compare the mechanical simplicity of the Kiva system.

Kiva was started by one of the executives of Webvan. (Remember Webvan - first dot-com boom?) Webvan offered same-day delivery a decade ago. It was popular. It just cost too much to provide that service. If they could only get rid of all those warehouse employees and complex warehouse machinery... Well, they did. Most of them.

But humans are still needed to take things out of one bin and put them into another. For that, there's the Amazon Bin-Picking Challenge:


Win up to $26,000 and eliminate 30,000 jobs at Amazon. Entries for the first round closed in October.

Whistleblower reveals how fraud of Booking.com worked
32 points by known  2 hours ago   4 comments top 2
uladzislau 1 hour ago 0 replies      
"Booking.com has estimated that about 10,000 people were affected."

I'm wondering why Booking.com allowed this happening on such a scale - they probably got tons of customer complaints to react upon?

alexivanovs 2 hours ago 1 reply      
I agree, does this mean that they were able to successfully gain access to the Booking.com database to get those details, or was she just putting those claims out there for no apparent reason?
Stripe SQLite data exports beta
55 points by rscnt_  6 hours ago   8 comments top 5
Killswitch 2 hours ago 0 replies      
Josh Pigford and Baremetrics are going to go bonkers on this.
zrail 4 hours ago 0 replies      
I threw together a little reporting package for these data files, if anyone is interested.


The existing reports are pretty basic, but all of the data is in the schema to write really interesting reports.

orf 5 hours ago 2 replies      
This is a great idea, I love it. Perhaps it would be a good idea to offer exports in the form of .sql files that can be loaded into any database, a la 'curl api.stripe.com/export... | psql'. I'm sure the export would be bigger than a binary sqlite file but it would remove the dependency on sqlite.
zrail 6 hours ago 0 replies      
I've tried this out and it is very neat. I can imagine a lot of little reporting tools being built with this.
themonk 3 hours ago 1 reply      
From where I can get sample db with dummy data, or details about tables and columns.

I need this to build custom reporting tool.

Looking Back and Forward for Open-Source Mathematics Software
20 points by martinralbrecht  4 hours ago   1 comment top
bagofx 1 hour ago 0 replies      
This Python library has PicoSAT SAT solver integration, and parses DIMACS files:


State of the Specialization: Generics over primitives in Java and JVM
20 points by udalov  7 hours ago   discuss
The Cheapest Generation (2012)
19 points by stuff  3 hours ago   18 comments top 9
ArkyBeagle 6 minutes ago 0 replies      
Here's the critical point:"Since World War II, new cars and suburban houses have powered the economy and propelled recoveries."

Emphasis suburban houses, not a loft in a building built in the 19th century in a formerly downtown industrial space.

This because new cars and new houses are a lot about debt money creation. In every recession since 1980, these have mostly led recoveries.

Without debt money creation, we'll likely see more slack. Or something - capacity utilization is actually up.

From the banking-industrial-advertising complex's view ( roughly congruent with the mores of the Silent Generation ), this IS cheapness. My parents were Silent Generation and were extremely cheap by those standards. But at that time, the stock of both existing cars and housing was well under demand.

douche 1 hour ago 1 reply      
It would appear to me, as a 25 year old college grad, that I and my peers are spending just about every dollar that we are able to make just to get by. That doesn't give us much opportunity to make purchases that require substantial down-payments in addition to financing, like vehicles and property.

Prices have inflated so dramatically since our parents' generation, on virtually everything, that saving up enough money to put 10-20% down on a major purchase, like a home, requires 5-10 years of savings. Then there is the job market uncertainty, where one cannot be assured that it will even be possible to remain employed in the same area more than a couple years down the road. Under such unstable conditions, tying oneself down into a home that it may not be possible to sell when circumstances dictate a change is a losing proposition.

morgante 28 minutes ago 1 reply      
I don't know what this has to do with being cheap: my generation just doesn't care about the same exact purchases that previous generations did.

It seems like this entire article could be explained through increased urbanization. As more Millenials choose to move into (and stay in) cities, one would 100% expect:

* Decreased car ownership (public transport is definitely preferable in an urban environment)

* Decrease home ownership (you're probably living in an apartment)

* Increased communal living (space is more expensive in a city)

None of this has to be attributed to some inherent "cheapness." I myself am choosing to live in NYC and don't plan to buy either a car or a house anytime soon, but that doesn't make me "cheap" (my Christmas spending would definitely beg to differ).

hawkice 1 hour ago 0 replies      
The impulse is to only speak up when you contradict the story, so here's my evidence: I'm 21, I've been a salaried software engineer since I was 17, I have never owned a car and barely know how to drive (even though I spent two years in Los Angeles). I don't spend all the money I make, but I do spend quite a lot on things I _do_ value. I'm not sure if I am a trend, but I also don't see how that would change any of my decisions, so I guess I don't care?
stank345 1 hour ago 0 replies      
I wonder how this trend relates to where people live. It seems like not owning a car is only possible if you live in an urban environment. We make it work thanks to good public transportation and ZipCar.

Perhaps people still own cars, but only one to a couple instead of two?

GFK_of_xmaspast 2 hours ago 1 reply      
Maybe the answer to why kids aren't spending money is (a) student loans and (b) there are no freaking jobs anymore.
ajaimk 1 hour ago 1 reply      
Gen Y isn't cheap. They just don't want to own a car or a house cause they think of better uses for their money.
sosuke 1 hour ago 1 reply      
I keep wondering, do these trends apply even to places without walkability or public transportation?
rokhayakebe 1 hour ago 2 replies      
In America a vehicle is a way to display status. If you drive a "shitty" car, it is mostly likely because that is all you can afford.

I spent some time in Europe, and it seems they just do not see cars the same way (in general). Nobody is judged by the ugly car they drive.

In America, good luck showing up on your first date as a an adult in a 1997 Ford Escort. In Europe, at least in France, it just did not seem to be something they cared for.

Oil droplets mimicking quantum behavior: How far can we push an analogy? [pdf]
17 points by sjcsjc  9 hours ago   2 comments top 2
kozlovsky 9 minutes ago 0 replies      
The original article was discussed here: https://news.ycombinator.com/item?id=8554996
ARMv7 vs. x86-64: Pathfinding benchmark of C++, D, Go, Nim, Ocaml, and more
102 points by logicchains  9 hours ago   83 comments top 22
userbinator 4 hours ago 0 replies      
I'd really like to see a "pull out all the stops" benchmark using highly-optimised Asm for the two architectures, as then it's just a matter of how much you can squeeze out of the CPU itself and not something limited by the thick layers of language abstractions on top of that. That would be a nice theoretical maximum to compare against.

Edit: I tested the C++ version on my 5-year-old i7, with an even older compiler (just had to modify the code to not use C++11 features), and with the max optimisation level, it produces a result of 1465ms - which is pretty damn amazing, considering that this is a 16-year-old compiler generating 32-bit code and the most recent CPU it had knowledge of was the Pentium Pro (P6)! I'm convinced that an Asm version could be <1s though, so there's still plenty of room for improvement.

FraaJad 11 minutes ago 0 replies      
No love for nim on this thread? nim is as fast as c++ with clang. http://www.reddit.com/r/programming/comments/2pvf68/armv7_vs...
lispm 6 hours ago 1 reply      

    (defun get-longest-path (nodes node-id visited)      (declare (optimize (speed 3) (space 0) (debug 0) (safety 0)                         (compilation-speed 0)                         #+lispworks (fixnum-safety 0))               (type fixnum node-id)               (type (vector node) nodes)               (type (vector atom) visited))      (setf (aref visited node-id) t)      (Let ((max (loop for neighbour of-type route across (node-neighbours (aref nodes node-id))                       unless (aref visited (route-dest neighbour))                       maximize (the fixnum                                     (+ (the fixnum (route-cost neighbour))                                        (the fixnum (get-longest-path nodes (route-dest neighbour) visited)))))))        (declare (fixnum max))        (setf (aref visited node-id) nil)        max))
Above Common Lisp version improves the runtime from 8.5 to 3.6 seconds in SBCL and from 30 seconds to 2 seconds in LispWorks 64bit. Computer: i7 Mac mini.

Symmetry 3 hours ago 1 reply      
So if it's a "Galaxy S3 with 2GB of ram and a quad-core 1.3ghz processor" then this should be the version with the Exynos SOC. That means that these are cores inside are A9s. The Intel cores are from the Westmere generation.

I wonder how much of the difference we're seeing between various languages is the quality of the code their compilers generate for various backends and how much is due to the different languages benefiting more from architectural differences between the two chips.

I imagine that languages that generate code with more indirection are going to excersize the prefetcher and branch predictor of the core they're running on much more than languages that generate code with simpler control flows. Both the A9 and the Nehalem cores are out of order but the Nehalem has a much, much more sophisticated set of facilities for that. I predict that if you were to re-run the benchmarks on an iPhone 5S you'd see much less of a difference between the various ARM times. And if you were to run it on a cheap Android phone with A7 or A53 cores you'd see a much larger difference.

rwmj 8 hours ago 3 replies      
Which version of OCaml? The ARMv7 backend was rewritten about 2 years ago, and merged in 4.00.


The new backend is supposed to be considerably faster on floating point code. This code looks integer only, and I don't have relative performance of old/new backend for integer code.

As a wider question: Who cares much about ARMv7? ARMv8 is a completely different beast, requiring a different backend, with much better raw performance (on the same terms as x86-64). That's where languages should be concentrating their current efforts.

IsTom 6 hours ago 2 replies      
> Functional code in Haskell/OCaml can be faster than imperative code using iorefs.

IORefs involve locking. They are bad performance-wise. An algorithm like this should be done either fully functionaly without any mutation at all or in ST.

pja 4 hours ago 0 replies      
Based on profiling the C++, this seems to be more a benchmark of function call cost in various languages than anything else - this code makes 42975348 calls to

  int getLongestPath<16>(std::vector<node, std::allocator<node> > const&, int, std::bitset<16>)
Which is fine, but seems a slightly limited platform / language comparison!

nly 6 hours ago 1 reply      
Seeing as how they're likely the most widely distributed Java runtimes on ARM, I would have liked to see Dalvik and ART benchmarks for the Java code

Key takeaway for me is that statically typed languages that are compiled to native code are still 2-3x faster than the fastest JITs. On both platforms.

jarcane 8 hours ago 2 replies      
The Racket and Lisp comments are a bit odd. To the best of my knowledge Typed Racket does support gradual typing, and as well, comparing it's compatibility to Scheme is a category error: Racket is not Scheme anymore, that's why it's called Racket now and not PLT Scheme.
timthorn 6 hours ago 0 replies      
This is a comparison of specific implementations of the two processor architectures. The benchmarking is still an interesting work, but it isn't a straight comparison of language performance across architectures. It might be a more enlightening result to know the number of opcodes each run executed.
icefox 2 hours ago 1 reply      
Something not measure that is just as important as speed (if not more so) was how long it took to create a working program in each language.
kev009 6 hours ago 1 reply      
I'm not really sure what this data means because amd64 and ARMv7 are ISAs. For instance, you could make a very deep and superscalar ARMv7 chip that blows a typical amd64 out of the water if you sacrifice size and power. Is the intent simply to show that some language backends are not optimized? Otherwise, without something like "These two chips and clock-for-clock or watt-for-watt it looks like this" it seems meaningless.
gaius 8 hours ago 1 reply      
This is some quality work. The Java results are particularly striking! It would be interesting to see some more languages that have more than one implementation compared.

What is the difference between FSharp and F#?

melling 2 hours ago 1 reply      
"The F# was however nowhere near as fast as the OCaml"

I find this a bit odd. Microsoft should be able to build a better compiler. I thought F# was getting a lot of traction.

atoponce 8 hours ago 2 replies      
The LuaJIT results don't surprise me. I've always been impressed with LuaJIT. The OpenJDK results also don't surprise me. If you work in a Java shop, you learn very quickly to throw out OpenJDK in favor of Sun/Oracle Java. OpenJDK is indeed a "steaming pile of crap".

However, I would have liked to see Julia and Javascript benchmarks in those results. I've heard great things about Julia, and knowing just how incredibly far we've brought the Javascript VMs over the past decade, it wouldn't surprise me to see Javascript fairly high on the list.

bluecalm 7 hours ago 1 reply      
Obligatory question: what compiler options did you use for c++? Good first try is -o3 -march=native. It really makes huge difference in case of C/C++
0x0 8 hours ago 2 replies      
It seems kinda unfair to compare 32bit ARMv7 against 64bit x86-64. Wouldn't it be much fairer to compare ARMv7 against the register-starved x86, or to compare AArch64 against x86-64?
kyrra 6 hours ago 1 reply      
In the Go code, if you want to ignore an err you can write _ in its place.

Another things that I'm not sure you can even do anymore is disable bounds checking by adding "-gcflags -B" to the compile.

mrottenkolber 6 hours ago 1 reply      
That is some horrible Common Lisp code. I have to try this out....
mda 7 hours ago 1 reply      
That's some alien Java code indeed.
steveklabnik 7 hours ago 1 reply      
> [Rust] 0.12 is so much prettier; vec[i] instead of vec.get(i), for instance

That was just a momentary bit of weirdness, vec[i] has since returned.

EDIT: Further down, the author acknowledges that this has been fixed. That's what I get for commenting before scrolling the whole way down!

w8rbt 4 hours ago 1 reply      
C++ wins again. There's really no competition.
Guido van Rossum: The Theory of Type Hinting for Python 3.5
126 points by kibwen  17 hours ago   48 comments top 15
ronjouch 6 hours ago 2 replies      
Reading this pre-PEP, I'm not sure I understand what I will gain from this as a Python programmer. Can anyone explain what we can expect both short-term (first release, Python 3.5) and long-term (later version, accompanied by tooling and more side work)?

a. Better quality and maybe programmer productivity through static checking?

b. Better performance thanks to enforced type letting the compiler do a better job?

c. Something else?


bsaul 5 hours ago 0 replies      
That post cheered me up for the day. Things seem to finally move to a (IMHO) great direction for this language. I was thinking about rewriting my latest large project from python to go, but now i think i'll wait a bit to see where this thing leads to.
Animats 1 hour ago 0 replies      
Ten years ago, this could have accelerated the development of fast CPython replacements. With the incompatible changes in Python 3, all the alternatives to CPython took years to catch up. Or, like Microsoft's Iron Python, were abandoned. Now that PyPy is getting close to the point where it might replace CPython, a major change to the language comes out of nowhere.
travisb 2 hours ago 2 replies      
This very much sounds like a type inference with hinting version of the C type system with a minor extension. It also seems to have many parallels to the Objective C type system with id, but again in a type inference variant.

The three rules to apply to quite directly to standard OO C:

1. If t1 is a subclass of t2, t1 is also consistent with t2. (But not the other way around.)

Using the standard OO C method of subclassing structs, ie.

struct t2 {...};struct t1 {struct t2 t2; ...};

This is obviously true and the normal subclass relationship, though the C syntax to use this is a bit awkward:

t2_method(&t1->t2, arg1, arg2);

2. Any is consistent with every type. (But Any is not a subclass of every type.)

In C the Any type is void. Using the class definitions above this is entirely valid and produces no warnings:

void v;

struct t1 = v;

So if you have an object of void type you can use it wherever you might require a stricter type. If you pass in something which is not consistent you'll get a runtime error (usually a segfault in the case of C).

3. Every type is a subclass of Any. (Which also makes every type consistent with Any, via rule 1.)

This just says that you can do the following without getting any warnings:struct t1 t1;void v = t1;

And this works quite well in C.

The extension to the C type system, beyond the type inference, is to make these rules recursive, especially in function types. For example, this produces a warning under GCC, though it will compile and run fine:

void f(int* func(int b, int c)) {}

void* g(void b, void c) {return b;}


That might just be a limitation of GCC's type checking though.

I think this is quite a good direction to take. C's type system has proven sufficiently powerful over the decades to build large systems and at the same time is trivially bypassed when you paint yourself into a typed corner or you want flexibility strict static type checking finds cumbersome to provide.

AnkhMorporkian 9 hours ago 1 reply      
I may be mistaken, but wasn't GVR fairly opposed to anything beyond simple type annotations? Don't get me wrong, I love that he might be turning around on this, but has anyone followed the transition and can provide some context? What led to this turnaround?
mcintyre1994 8 hours ago 4 replies      
Is there any documented information on how the decision to use consistency instead of subclassing was made? Naively it seems very similar to say c# or java with Any instead of Object at the root - except that Any is consistent with all types.

That seems odd and I'm not sure I understand the benefits of it. I get that it only applies to things typed as Any (and presumably like with Object, typing as Any is quite rare to want to do - especially with support for union types) but is there an example where you'd want this and the c#/java subclassing would be limiting?

piinbinary 2 hours ago 0 replies      
It would also be nice to see some interface-based type assertions. For instance,

    def comma_sep(items):        return ','.join(map(str, items))
requires two things:

- items be iterable

- each item have a __str__ method

macobo 10 hours ago 2 replies      
This is exciting - ever since reading Jeremy Siek's post on Gradual Typing [1], I've been missing this in my python and ruby. This could be the killer feature that would both move larger corporations towards python 3!

Two things in the pragmatic side seem hairy though - type declarations in types and `Undefined`.

[1]: https://news.ycombinator.com/item?id=8594079

eva1984 8 hours ago 0 replies      
This looks interesting. If such potential features come true in Python 3, I would have better motivation to migrate to it.

However, it does, somehow, with type alias syntax as proposed in this article, make python3 looks even similar to Go.

fiatjaf 3 hours ago 2 replies      
I want to get this page as HTML, instead of a Javascript script that builds the page? I can't (easily) send it to my Kindle this way.

This is a TEXT DOCUMENT, right?

(I don't want a downloadable PDF also.)

grondilu 3 hours ago 0 replies      
Putting the type declaration in comments is a neat idea.
gcb0 10 hours ago 1 reply      
gaius 8 hours ago 6 replies      
Can we please just do Hindley-Milner? They knew all this stuff in the 1970s...
jfe 2 hours ago 1 reply      
...or you can just use Julia :)
Machine Learning: The High-Interest Credit Card of Technical Debt [pdf]
119 points by jcr  16 hours ago   22 comments top 7
Animats 12 hours ago 0 replies      
That's a good read. Some of those problems are known from quantitative finance, where trying to extract statistical signals from data has been going on for decades. After much effort, all the easy wins (easy to find correlations) have been found and are no longer easy wins, because too many players have found them.

Some of the other problems listed are new, coming from taking what used to be research techniques and putting them into production programs. Those are more like ordinary big system problems, such as configuration management. The article points out, though, that your huge training set is now part of your configuration.

Then there's the problem of systems assigning excessive significance to features which happen to work but are really irrelevant. Those image recognition demos on HN last week illustrated this problem. At least there, though, there's a way to visualize what's happening. For many ML systems, humans have no clue what the system is actually recognizing. If your ML algorithm has locked onto the wrong features, it can become drastically wrong due to a minor change in the data. I saw an example of this in a web spam filter that was doing fairly well, working on 4-character sequences taken from web pages. It was actually recognizing specific code text used by one ad service. The page content seen by humans was totally irrelevant.

PaulHoule 5 hours ago 1 reply      
I think a lot of the problem is that ML practitioners often don't know much about software engineering. The other half is that people frequently manage programs as if they were projects.
freework 13 hours ago 2 replies      
This paper's conclusion (I only read the abstract) jives with my experience. Whenever I've tried to make something "intelligent" it always ends up in headaches. Now-a-days when building code, I try to stay away from having the computer make decisions. I've found its much easier to build stuff in a way that put a real human in charge of making all decisions.
majc2 10 hours ago 1 reply      
Side note: I love the analogy of a credit card to describe technical debt and its one I've used with clients before and they really respond to it.

People (in the UK at least), understand that the interest on a credit card can kill you, while a regular loan assumes that you're paying off the principal month to month. Posing the question, are you paying off that technical debt month to month or is it just sitting there really gets people thinking.

polskibus 11 hours ago 0 replies      
Many of the problems they talk about can be found in any system that uses some kind of ETL process that pulls data from at least one external source.
michaelochurch 5 hours ago 0 replies      
To me, this is a big part of what makes machine learning exciting: it's so challenging to implement it well. The result of it is that machine learning touches a lot of computer science, from high-level languages and formal verification to low-level languages and systems concerns (GPU programming, operating systems).

This difficulty is also a reason why machine learning programmers who are, at least, validated tend to get a lot of trust from the business that CommodityScrumDrones don't get (and that's why most good programmers want to redefine themselves as "data scientists"; it's the promise of autonomy and interesting work). No one tells a machine learning engineer to "go in to the backlog and complete 7 Scrum tickets by the end of the sprint". Of course, the downside of all this is that true machine learning positions (which are R&D heavy) are rare, and there are a lot more so-called "data scientists" who spend most of their time benchmarking off-the-shelf products without the freedom to get insight into how they work.

I actually think that the latter approach is more fragile, even if it seems to be the low-risk option (and that's why mediocre tech managers like it). When your development process is glue-heavy, the bulk of your people will never have or take the time to understand what's going on, and even though operational interruptions in the software will be rarer, getting the wrong answer (because of misinterpretation of the systems) will be more common. Of course, sometimes using the off-the-shelf solution is the absolute right answer, especially for non-core work (e.g. full-text search for an app that doesn't need to innovate in search, but just needs the search function to work) but if your environment only allows programmers to play the glue game, you're going to have a gradual loss of talent, insight into the problem and how the systems work, and interest in the outcomes. Reducing employee autonomy is, in truth, the worst kind of technical debt because it drains not only the software but the people who'll have to work with it.

At any rate, I'd say that while this seems to be a problem associated with machine learning, it's just an issue surrounding complex functionality in general. Machine learning, quite often, is something we do to avoid an unmaintainable hand-written program. A "black box" image classifier, even though we can only reason about it empirically (i.e. throw inputs at it and see what comes out) is going to be, at the least, more trustworthy than a hand-written program that has evolved over a decade and had hundreds of special cases, coming from aged business requirements that no longer apply and programmers from a wide spectrum of ability, written in to it. All in all, I'd say that ML reduces total technical debt; it's just that it allows us to reach higher levels of complexity in functionality, and to get to places where even small amounts of technical debt can cause major pain.

abhgh 14 hours ago 1 reply      
FYI: this was accepted in NIPS-2014
U.S. Imposes Steep Tariffs on Chinese Solar Panels
45 points by ytNumbers  3 hours ago   26 comments top 9
revelation 2 hours ago 3 replies      
The cynic in me would probably ascribe actions to tax Chinese solar panels as small steps towards banning and slowing the adaption of clean energy generation.

Because the alternative is just too stupid to consider. Making solar panels as they exist today is 1) a commodity business and 2) very, very, very simple. Surely no one would be stupid enough to believe that US manufacturing could be cost-competitive with China in manufacturing a product where the sole complexity lies in sourcing high purity silicon? There aren't even any manufacturing jobs involved here, it's probably 100% automated.

Some argue that China is subsidizing chinese solar panel manufacturers and thereby distorting the market. But then that's not even necessary, as explained nobody would be insanse enough to try and rival them by manufacturing a commodity in the US when you would have to ship the silicon over from China first.

So the effect chinese solar subsidies are having is making solar panels extremely cheap for Americans, transforming the way the US generates energy. They're financing our switch to clean energy.

joshhart 1 hour ago 2 replies      
What?? Aren't we supposed to be committed to reducing carbon emissions? Why is the government forcing me to pay more to do the right thing for the environment? If someone is willing to give us solar panels for super cheap why are we upset?

Many of the Chinese solar manufacturers are again making a profit. I find evidence that people are intentionally making panels below cost to be dubious. There was a war for market share and a lot of companies like Suntech Power went bankrupt. Seems like the market is working.

justinsb 2 hours ago 1 reply      
Seems like a biased source (author is "talking his book"). Better sources:

http://blogs.barrons.com/asiastocks/2014/12/18/china-solar-l... "...the new ruling will have limited impact as Chinese solar companies have adjusted strategy since the preliminary decision."


crazy1van 1 hour ago 0 replies      
I can't help but think this is a classic bootleggers and baptists situation [0]. Traditional energy producers (gas, coal, etc) want to keep the price of solar energy high. Domestic and other nation's solar energy manufacturers want their competition's price to be high as well. Both groups win with high tariffs on Chinese solar panels. However, the average citizen loses.

[0]: http://en.wikipedia.org/wiki/Bootleggers_and_Baptists

FrankenPC 2 hours ago 2 replies      
None of this would matter if the US Solar installers would stop price gouging the customer. I just got 4KW installed of Canadian Solar panels. They come with an actual 25 year insurance bond to cover the warranty. I'd like to see China try that. The installation was literally half what SolarCity quoted me. The little guys make a nice profit but don't gouge and you get superb quality panels.

Capitalism. it's really hard to tell what's really an issue and what's abject greed.

aikah 2 hours ago 0 replies      
Interesting case where U.S. protectionism promotes manufacturing over developers and installers.

A political choice has been made.

Let's see how it goes in the long run.

transfire 1 hour ago 1 reply      
Meanwhile everything else at the Great Walmart is tariff free from China.
Animats 2 hours ago 1 reply      
This tariff would have been more useful to US manufacturers if it had been in place before Applied Materials exited the solar cell business and Solyndra went broke.
hindsightbias 2 hours ago 2 replies      
This plus falling oil prices is going to set back PV for a long time.
Buffett Reminds His Top Managers: Reputation Is Everything
7 points by known  2 hours ago   2 comments top 2
iokevins 18 minutes ago 0 replies      
Note: this biennial letter follows, nearly word-for-word, the format of letters from previous years, with updates to the various statistics (for example, number of employees). Mr. Buffett included the 2010 letter in that year's annual Shareholder Letter: http://www.berkshirehathaway.com/letters/2010ltr.pdf via: http://www.berkshirehathaway.com/letters/letters.html
iokevins 27 minutes ago 0 replies      
Text of the memo:


To: Berkshire Hathaway Managers (The All-Stars)

cc: Berkshire Directors

From: Warren E. Buffett

Date: December 19, 2014

This is my biennial letter to reemphasize Berkshires top priority and to get your help on succession planning (yours, not mine!).

The top prioritytrumping everything else, including profitsis that all of us continue to zealously guard Berkshires reputation. We cant be perfect but we can try to be. As Ive said in these memos for more than 25 years: We can afford to lose money even a lot of money. But we cant afford to lose reputation even a shred of reputation. We must continue to measure every act against not only what is legal but also what we would be happy to have written about on the front page of a national newspaper in an article written by an unfriendly but intelligent reporter.

Sometimes your associates will say Everybody else is doing it. This rationale is almost always a bad one if it is the main justification for a business action. It is totally unacceptable when evaluating a moral decision. Whenever somebody offers that phrase as a rationale, in effect they are saying that they cant come up with a good reason. If anyone gives this explanation, tell them to try using it with a reporter or a judge and see how far it gets them.

If you see anything whose propriety or legality causes you to hesitate, be sure to give me a call. However, its very likely that if a given course of action evokes such hesitation, its too close to the line and should be abandoned. Theres plenty of money to be made in the center of the court. If its questionable whether some action is close to the line, just assume it is outside and forget it.

As a corollary, let me know promptly if theres any significant bad news. I can handle bad news but I dont like to deal with it after it has festered for awhile. A reluctance to face up immediately to bad news is what turned a problem at Salomon from one that could have easily been disposed of into one that almost caused the demise of a firm with 8,000 employees.

Somebody is doing something today at Berkshire that you and I would be unhappy about if we knew of it. Thats inevitable: We now employ more than 330,000 people and the chances of that number getting through the day without any bad behavior occurring is nil. But we can have a huge effect in minimizing such activities by jumping on anything immediately when there is the slightest odor of impropriety. Your attitude on such matters, expressed by behavior as well as words, will be the most important factor in how the culture of your business develops. Culture, more than rule books, determines how an organization behaves.

In other respects, talk to me about what is going on as little or as much as you wish. Each of you does a first-class job of running your operation with your own individual style and you dont need me to help. The only items you need to clear with me are any changes in post-retirement benefits, acquisitions, and any unusually large capital expenditures. But I like to read, so send along anything that you think I may find interesting.

I need your help in respect to the question of succession. Im not looking for any of you to retire and I hope you all live to 100. (In Charlies case, 110.) But just in case you dont, please send me a letter or email giving your recommendation as who should take over tomorrow if you should become incapacitated overnight. These letters will be seen by no one but me unless Im no longer CEO, in which case my successor will need the information. Please summarize the strengths and weaknesses of your primary candidate as well as any possible alternates you may wish to include. Most of you have participated in this exercise in the past and others have offered your ideas verbally. However, its important to me to get a periodic update, and now that we have added so many businesses, I need to have your thoughts in writing rather than trying to carry them around in my memory. Of course, there are a few operations that are run by two or more of you such as the Blumkins, the Merschmans, the pair at Applied Underwriters, etc. and in these cases, just forget about this item. Your note can be short, informal,handwritten, etc. Just mark it Personal for Warren.

Thanks for your help on all of this. And thanks for the way you run your businesses. You make my job easy.


P.S. Another minor request: Please turn down all proposals for me to speak, make contributions, intercede with the Gates Foundation, etc. Sometimes these requests for you to act as intermediary will be accompanied by It cant hurt to ask. It will be easier for both of us if you just say no. As an added favor, dont suggest that they instead write or call me. Multiply 80 or so businesses by the periodic I think hell be interested in this one and you can understand why it is better to say no firmly and immediately.

Chasing the Dread Pirate Roberts
14 points by bmajz  9 hours ago   2 comments top 2
garrettgrimsley 1 hour ago 0 replies      
You'd be better off reading some of Gwern's posts about Silk Road, as this NPR piece contains fundamental inaccuracies.


arto 1 hour ago 0 replies      
> The Dread Pirate believed in total economic freedom, but in order to make his market work, he had to do some very bad things.

WTF. As if unsubstantiated, increasingly dubious allegations were actual established fact.

Read some quality reporting from Patrick Howell O'Neill instead: http://www.dailydot.com/authors/patrick-howell-oneill/

How to Send Email Like a Startup
233 points by bvanvugt  22 hours ago   38 comments top 12
moe 12 hours ago 2 replies      
And then there's the tldr version that everyone seems to be actually using:

1. Send at least one mail per day to urge your user to try out a random feature that he doesn't care about.

2. Make sure every mail claims to be "not a bot", "not automatic", "I'm a real human!!1".

3. Close every mail with an offer to be available at any time for everything and anything.Make sure your user knows that he can call your CEO at 5 in the morning if he feels a sudden urge to have a personal product tour.

4. Mention at least two awesome webinars in every e-mail. Send regular reminders about webinars.

5. Also send invitations for every congress, meetup, bbq party, that you are however involved with.

cessor 7 hours ago 3 replies      
I believe I had mentioned this before - and received a lot of downvotes for it: I, as a user, wish not to be bothered with emails.

I often just briefly want to see what the fuzz is all about. The app then "tricks me" into providing them with an email address, by pretending they need this as an identifier, most of the time in order to create an account. They then feel free to send me "Greg from blahblah app"-Emails.

To me, this is spam. It is an email I do not want. To me there is no difference between a random spammer who wants to sell fake viagra and Greg from blahblah app, who wants me to use his cloud-driven javascript thingy.

I believe there is a role missing, in the view on customer relationships. Just because I am looking at things in your store doesn't mean I want to be treated as a customer already. I believe there should be a differentiation between somebody who already bought something and somebody who is about to. Aggressively sending email at any chance isn't the way to make this transformation, imho.

jccalhoun 4 hours ago 1 reply      
Whoever is telling web companies that it is a good idea to suddenly start mailing "newsletters" to people that signed up for accounts is lying to them. Over the past year or so I've started getting emails from web sites I haven't visited in years - for example I signed into an old hotmail account and apparently fark is sending out newsletters now?

The only thing these things do is make me click unsubscribe and make a mental note that the site sucks.

bevacqua 21 hours ago 1 reply      
Took the liberty of turning it into markdown so people can collaborate on the guide.


shalnoff 11 hours ago 0 replies      
This article actually explains how to make your client hate you and your business.

Dear colelagues, please don't use HTML email notifications as far as some technically advanced people just turn HTML off to a) reduse valnurability (i.e. see all links and remove possible frames, img & JS) b) make email processing faster and less resource consumptive

IMHO I see just one common and most important rule of email notifications. it must be simple as possible and not obstructive. And please never force client to register and leave email without real necessity. Minimize it and keep simpe. Then your audience (smart and most referenced group of it, at least) will love you.

Pephers 22 hours ago 2 replies      
What a great resource, bookmarked!

Of course much of this has been written about in various blog posts, but having it all compiled in a single resource is very handy, especially when being in the startup phase of a SaaS business selling booking software (https://zapla.co). I'll definitely be implementing a lot of this advice!

thebiglebrewski 17 hours ago 1 reply      
Spam people until they unsubscribe?
dreeves 12 hours ago 0 replies      
Really good advice here. One thing I particularly liked is the advice to email the first 1000 users manually and only set up automated drip campaigns as a way to automate what you find yourself sending over and over.

I'd also like to add this PSA: Don't send automated emails that pretend to be from a human. http://blog.beeminder.com/smarmbot Blog post, "Don't Be a Smarmbot", in which I argue with @patio11 about this.)

oblio 5 hours ago 0 replies      
Minor nitpick: surely the title should actually be "How to Send Email as a Startup". The current phrasing seems a bit odd - especially considering the fact that it is a lecture on reaching out to potential future customers :
tehabe 3 hours ago 0 replies      
I was disappointed. I hoped for a satirical view on what weird emails I get from sites but no. :-(
curiously 20 hours ago 4 replies      
I like that first 1000 customers you must touch them personally.

My biggest hinderance is getting a phone number that won't cost a fortune to call people in US or abroad from Canada. some Canadian telecom companies absolutely adore ripping people off when it comes to dialing other countries as if we were in the 1980s.

Basically I want to approach my customers with a call me number that won't cost them a lot and won't cost me a lot to talk on.

I'm still reading through this wonderful guide it is ripe with useful information.

stevebot 18 hours ago 2 replies      
percent of acquisition emails that I click through: zero
Hiding malware in plain sight from online scanners
14 points by lelf  8 hours ago   discuss
Open-sourcing OvertureJS the JavaScript lib that powers FastMail
164 points by robn_fastmail  20 hours ago   40 comments top 14
brongondwana 20 hours ago 4 replies      
I've been pushing for this to be done for a while :)

There's no point open-sourcing the crappy old parts of our architecture which we wouldn't advise new projects to use (like our Perl framework. There are so many Perl frameworks these days, and many of them better than ours) - but Overture is high quality stuff. Enjoy!

dingdingdang 19 hours ago 0 replies      
Overture is impressive in its inclusiveness, from article: "Theres also one-line support for animating views. You declare the layout property and its dependencies, and Overture will handle animating it between the different states. Full support for drag and drop, localisation, keyboard shortcuts, inter-tab communication, routing and more mean you have everything you need to build an awesome app."

Especially having pre-fixed inter-tab comm. sounds enticing for me, haven't heard of other frameworks handling this out of the box!

speg 15 hours ago 2 replies      
I just signed up for Fastmail this weekend and the snappyness of their app really impressed me. I emailed Neil and asked him about the framework and he said they would release more info soon happy to see it so quick! I'm assuming the mobile app uses the same in a Webview?
tomcam 18 hours ago 0 replies      
UndoManager is an unusual and welcome addition to such libs. Codebase as a whole looks pretty darn clean.
couchand 16 hours ago 1 reply      
Very excited about this. Was just having a conversation about what to migrate our Angular app since we're no longer happy with Angular.

Also, looks like until Tuesday it was named Vibrato [0]. I think I can understand the motivation to change that.

[0]: https://github.com/fastmail/overture/commit/2a8252764a124b19...

drinchev 9 hours ago 1 reply      
It is really well done. Bravo.

I'm not sure about your team opinion about modifying globals. I saw this a lot in your code. Why did you decided on this approach?

NikhilVerma 9 hours ago 0 replies      
@nmjenkins - so glad to see it's finally out for everyone to use! :)
bambax 11 hours ago 0 replies      
I use and love Backbone, how does this compare? What are the pros and cons of each approach?
gcb0 11 hours ago 2 replies      
it uses sugared dom for template. while it's fast on mobile web kit, it's shower than inner html on Firefox mobile. and if you are serious about mobile you know that's the future.
AbuAssar 10 hours ago 1 reply      
very nice work , good job.I'm considering using it , but I encountered a small bug regarding i18n:

in the todo example , I added a new todo with arabic script , but the search function didn't work on the arabic script.

thanks for sharing

itsbits 15 hours ago 1 reply      
it looks more of early Ember type Architechture. I can see since both followed Sproutcore.
brohoolio 17 hours ago 0 replies      
Awesome! Thanks fastmail folks.
WasSlowbanned 17 hours ago 2 replies      
Is this framework inspired by Cocoa at all? seems like it from just glancing at it.
alexro 6 hours ago 0 replies      
You guys need to join forces to work on ReactJS - the concepts pretty much overlap, only React takes it further, providing good compromise between in-code templating and html files.
A Meditation on the Art of Not Trying
56 points by juanplusjuan  17 hours ago   29 comments top 13
RangerScience 1 hour ago 1 reply      
So about two months ago, on about my two-year anniversary with the company, I switched from "Software Engineer" to "Solution Architect" (aka "Biz Dev Engineer"). It means that I now go to a lot of meetings (frequently with clients), where people draw on my knowledge of how our things work, and build a few things on the side. Mostly marketing material.

It's a crazy different experience from actually writing the code, and some of what I've learned and noticed has to do with "just being yourself". Part of that learning process has definitely involved being placed in high-enough stress situations that I was put off internal balance: by gaining familiarity with not being myself, I got a better idea of where myself was and how to stay centered there.

The first realization was that I could label my activities as reactive or proactive. As a software engineer, basically all my time was proactive. Now, most of my time is reactive. But... the original phrase I used to describe the reactive activities, and the way I try to approach them, is "to go be myself at things". The desired outcome is secondary to the experimental juxtaposition.

Another way to put it is, I think: I (like everybody) am a unique snowflake. The point of including me on anything and of sending me hither and yon is to have that uniqueness present and available. Well, part of the point.

It seems to be working. I think (although it's a little early to tell) that I'm more successful at this job than the last. At the least, I'm happier. Your mileage may vary.

As a final note, when applied to personal growth, I think this attitude ends up something like this: Don't aim for results, aim for experiences. Your "higher-self" (whatever that means to you) can't just rewrite your "lower-self" (the thing you're being when you're being yourself), but the former can aim the latter at particular experiences. Go find out what it's like to be yourself at that thing, and you learn a little bit about who you are and who you are changes a little bit. It's an explorative act.

thewarrior 7 hours ago 4 replies      
Tl;dr There is no try. Only Do.

Practical advice fromThe way to approach this concept it to first understand your struggle. Beneath the need to struggle is a fear that the world is an unfriendly place and you are not supported. This view arises from the mind rather from the way, which teaches that the flow, the ever present essence of life, is the way. You can trust that the way will lead you. In truth, the mind-made view of the world, where struggle is necessary, is merely illusion. No matter how real it might appear. Wu Wei is the way.

To follow Wu Wei you must first let go of struggle. Stop fighting with life and trying to make things happen. You are struggling against the flow. You must first realize that you can give this up. Then it is the case that you act, you are not passive - merely waiting for things to happen, but you are no longer opposing the flow of events. Instead, you act, but let go into the uncertainty of life, and you see how life actually occurs. You become open to the mystery of which you are part. In a sense it is total acceptance of yourself and this moment. Of course, it is necessary to practice this. While the way is not of time, and we can be there in an instant, practice connects us to this place over time. Through practice the way reveals itself. Only through practice can this truth be revealed.

e.g.: Water may be directed and controlled by man-made dams, but it will always flow to its destination naturally. To be in accord with that nature, give up making dams for it only delays that flow.

Source : http://en.wikipedia.org/wiki/Wu_wei#Practice

gumby 3 hours ago 0 replies      
I think we all understand this at a simple, pragmatic level. For example, we all want to become so comfortable with the keyboard that when we think of the variable "bar" our hands automatically type it. I read the point of the article as saying that this applies at higher and higher levels of function as well: if we make things automatic we can spend more time thinking about and accomplishing the higher goals. And as the article mentions flow, again, I think we all know this to some degree.

And I was amused, if not surprised, to see that the confucianist writers had twisted this to support obedience to the power structure. We're lucky Plato had never heard of them!

Terr_ 9 hours ago 0 replies      
Don't use conscious effort to do whatever-it-is directly.

Instead, use that deliberate-brainpower to create patterns and habits that your un/sub-conscious will continue even when you aren't actively paying attention.

UhUhUhUh 3 hours ago 0 replies      
All narratives about enlightenment contain a form of letting go. Zazen, Koan. Siddartha and his quest etc. I read a book years ago from a French guy who suggested that this could be reached by writing meaningless sentences, which he made a long winding point is more difficult than it seems. I guess one can look at Azimov's A guy like that too.What it says, apparently, is that there is a reality behind all this. The human mind does have the ability to make qualitative jumps.We just need to get rid of the travail first...
keithpeter 10 hours ago 1 reply      
> Ive been out in the fields helping the sprouts grow, he explained, whereupon his worried sons rushed out to see the results. They found a bunch of shriveled sprouts that hed yanked to death.

There is a fair amount of sprout yanking going on in my little education world at present. I can use that quote.

hownottowrite 7 hours ago 2 replies      
Socially, many people are trained to react and fill the gaps created by others. We fill awkward pauses in conversations with chatter. We feel compelled to do work that some other leaves unfinished.

Wu Wei is a practice designed to short circuit this action through the pursuit of conscious non-action. The main effect on everyone else is to evoke a mild state of panic or at least some uncomfortable fidgeting.

You can test this pretty easily the next time you talk to someone by saying nothing. Just leave a gap on purpose. Take no action. The person across from you will feel the pause and will most likely fill it. Sometimes, if the pause is long enough, they will fill it with personal details they would otherwise never share.

One feels drawn to a person like this because their inaction creates a gap we feel compelled to fill. This is the "charismatic" effect the author mentions in the article. In reality, it's more or less a passive aggressive technique to get people to do your work for you through willful negligence.

fsloth 8 hours ago 0 replies      
Is this about Analysis paralysis vs. learning by doing?

From what I understand of asian philosophy, I think the dichotomy between he Confucean and Taoist value systems is a very good mental tool - the former stresses academic learning and analysis while the latter strives for simplicity and doing what you can, right now, with the knowledge and tools you have.

To draw a caricature: The confucean systems hold the bureaucracy that keeps systems going for decades in the highest regard while a taoist would value the spontaneity of an "agile and lean" system the most.

I think the "wu wei" concept is linked to a situation where a person has an intutive understanding of a system and it's practical degrees of freedom and constraints, and thus can let his subconscious to perform most of the heavy lifting, versus a situation where for one reason or another the person does not have a lucid mental model of the field where he tries to work and proceeds through constant conscious cognitive evaluation. I might completely off in my understanding, though.

jacobsimon 3 hours ago 1 reply      
This is also known in Italian as sprezzatura: it's the practiced skill of making everything you do appear effortless or natural.


FrankBlack 3 hours ago 0 replies      
louwrentius 10 hours ago 3 replies      
I'm sorry, I do catch the idea, but it really sounds like fluff to me. As with many of these type of articles, I see some discussion and history, but no content or true insight whatsoever. Only some anekdotes and religion-style stories.
quonn 7 hours ago 0 replies      
Easy is right.

Begin right

And you are easy.

Continue easy and you are right.

The right way to go easy

Is to forget the right way

And forget that the going is easy.

-- Chuang Tzu

pwr22 9 hours ago 0 replies      
We as a society have forgotten, or not yet learned, that the thing we call "us" is but a part of the organism that is actually us
North Korea, Denying Sony Attack, Proposes Joint Investigation With U.S.
83 points by fivedogit  4 hours ago   101 comments top 24
crdoconnor 1 hour ago 4 replies      
Reasons for pretending that North Korea did it rather than a disgruntled ex-employee:

Sony executives:

* Sony gets tons of free publicity for its new movie.

* It diverts attention away from those emails that were starting to make certain Sony execs look really bad.

* They don't look quite so hopeless and incompetent if they're getting hacked by a nation state.


* It's something that can be used to deflect heavy criticism of their all-pervasive surveillance.

* It's something they can use to wangle more money - to face the exciting new "cyberwar" threat.

Reasons for North Korea denying involvement if they actually did it:


splike 3 hours ago 10 replies      
I find this whole thing really weird, and I suspect sites like reddit are being manipulated by someone.

Lets the timeline right

1. North Korea makes its disapproval of The Interview public and complains to the UN in the summer of this year

2. Sony is hacked and passwords are leaked. The passwords are the focus of the story

3. A couple of days go by, no mention of North Korea or The Interview

3.5 I've gotta be missing something here

4. Theaters (not Sony directly) decide the pull The Interview because of threats from NK

5. FBI blames NK for sony hack

6. Obama gets involved (?????)

The sequence of events just makes no sense. Then there are sites like reddit that are completely consumed by the story. The number of posts about it is insane, and there is little skepticism about the bizarre sequence of events or the blaming of NK.

frevd 4 minutes ago 0 replies      
An indirect proof of who hacked Sony is easy: depending on whether the 'Hackers' publish the movie or not (given they got access to it and given Sony does not publish it as they say) will show who's behind it.
dschiptsov 1 hour ago 0 replies      
Oh, come on. There is a simple theory that "all oversimplified/naive theories are wrong" (this is, by the way, a consequence of "all mental theories are wrong, but some of them are useful).

The theory that North Korea was upset about a crappy movie and hacked Sony is such a naive nonsense, it cannot be considered seriously. In is HN, after all.)

Less naive could an idea that some guys hacked Sony (for money, what else?) and used this as a "cover story". How does this happen? By a chance, like most events in Universe.

The hack itself, probably, was due to neglected security, like WEP hot-spots, unpatched Windows crap, everyone has Administrator privileges, updates disabled - everyone knows how it is.

And in order to "save the face" everyone jumped on that naive story - it is highly sophisticated hack by foreign intelligence, not an "admin" (or "fuck") password on some hotspot or Windows domain. It was a media division, btw, not a "techie" department.

I am exaggerating a bit about passwords, but the idea, I hope, is clear.

Mobiu5 3 hours ago 0 replies      
Am I mistaken, or did the "hacker group" only mention The Interview AFTER the media proposed the connection? It seems like whoever hacked sony (edit: or somebody else!) just took advantage of an opportunity to cause some chaos. And the whole "FBI confirms NK" thing seems shady. None of this quite adds up.
blueflow 3 hours ago 3 replies      
I have some trust issues on that topics, it wouldn't be the first time they made something up.

And its just in time to distract from the CIA report.

nkoren 24 minutes ago 0 replies      
Translation: "We have no idea how this attack was perpetrated, but would sure like to find out."

(Nudge nudge, wink wink, you know what I mean, know what I mean?)

sopooneo 1 hour ago 1 reply      
If it really was North Korea, why would they deny it? Doesn't an act of retaliation require the perpetrator to take credit in order for it to have any benefit to them? Or could it be that North Korea is publicly denying it with the understanding that everyone really knows it's them?
saranagati 1 hour ago 0 replies      
im really not one for conspiracy theories but this one just seems so obvious.

* sony gets hacked.

* a few news articles about it.

* cia torture facilities get leaked and admitted.

* news coverage all over about it.

* US federal government does something its never done before and calls out a specific nation state as the attacker for the sony breach.

* news coverage of sony skyrockets and cia stuff disappears from media.

* us government goes on to say that they need to increase their "cyber defense" by having more control over the internet to protect individuals and companies from other nation states.

edit: oh also wasnt it just earlier this week that there was an article on hn about sock puppets?

totony 1 hour ago 0 replies      
Too much NK bashing. Just because a state is recluse and has barely any relation with other states doesn't mean we can just speculate and blame them for everything without real proof.
UhUhUhUh 3 hours ago 0 replies      
This whole deal really looks like a chess move (and a pretty good one too) more than a pissed-off reaction. This feels Russian to me.
fivedogit 2 hours ago 1 reply      
OP here. This thing is confusing the hell out of me. I go back and forth on a daily basis as to whether I think it was the NKoreans or not. One major factor in my head that I haven't heard stated elsewhere is this: If the government says today "It was North Korea" and tomorrow a hacker group says "Lulz! It was us. Gotcha!", that makes the FBI/CIA/NSA look really, really bad. Bad enough that it would outweigh any benefits to blaming the NKors. Why would the feds go out on a limb like that if they weren't absolutely sure?
cyorir 3 hours ago 4 replies      
Would North Korea even have an interest in attacking a company like Sony Pictures in this way? Normally, when a nation-state goes for a cyber attack, they go after useful targets. For example, they go after a government to get an upper hand in negotiations, or maybe they go after industry or academia, to secure knowledge about some helpful technology. Sony pictures would not be a canonical target for a nation-state, because they really don't have much to offer a state like North Korea (it's not like this attack will help the struggling North Korea film industry). In contrast, there would be more for North Korea to lose if the US retaliates.

I can't quite understand the allegation that NK is behind this because I don't see a motive.

joesmo 2 hours ago 1 reply      
I can't wait to see this movie now, not because I think it'll be great but just because of the controversy surrounding it. Especially if Sony doesn't officially release it, I find it extremely ironic that so called hackers are the ones threatening Sony (which is a dubious claim at best) and hackers will likely be the ones to get it "released," considering Sony's lackluster (at best) security.
robertszkutak 3 hours ago 1 reply      
"While some computer experts still express doubts whether the North was actually behind the attack, American officials said it was similar to what was believed to be a North Korean cyberattack last year on South Korean banks and broadcasters. One key similarity was the fact that the hackers erased data from the computers, something many cyberthieves do not do."

I won't pretend to be an expert on information security but surely this isn't anywhere close to being unique enough to point blame at North Korea?

lotsofmangos 4 hours ago 1 reply      
I've said this elsewhere, but if this whole thing was perpetrated by the North Korean state because of the potential offence to North Korea from showing their leader being killed, why has the scene of their leader being killed been leaked by the hackers supposedly controlled by North Korea and is now posted all over reddit?
krick 3 hours ago 3 replies      
Literally every day now I run across something mentioning "Sony hack", but haven't understood yet why it's so significant topic. It seems to gather way more attention than I imagine something like this should. Every now and then somebody gets "hacked", sometimes it's somebody pretty big, it's not that uncommon that some really important data gets leaked, but it never goes further than mentioning it on HN or something, no jokes about it on 9gag, no North Koreas joining investigation. What's the matter?

Maybe it's because I missed original news. Can somebody provide link or explanation why the heck it's so important that even completely non-technical people buzz about it all the time?

ohsnap 2 hours ago 0 replies      
Anyone else frustrated that you can't have a conversation about this without the vast majority of threads taking on a conspiratorial tone? I suppose it's human nature for something with such power players as Sony/FBI/NK to seek out hidden motives and what not - but the comment quality really drops off.
joelrunyon 3 hours ago 7 replies      
A few questions:

1. Does NK even have the capability to pull something like this off? They seemingly fail at every other intimidation stunt they pull off & now they have a massive success out of nowhere? Hm...

2. Why would they deny it if they did it? It's very out of character for them to not pounce on the chance of something being very embarrassing to the US.

3. With all the talk of it being so complicated to pinpoint exactly where the attacks came from, what info is the US gov using to pin this on NK (besides the very easy narrative around the context of the movie). They have to have a bit more intel than they're letting on...or something is fishy here.

blazespin 3 hours ago 0 replies      
The Russians or NK could have secretly hired Chinese hackers to make it look like NK. Now they can embarrass the U.S. for jumping the gun like they did in Iraq and weapons of mass destruction (assuming the connection can not be proved).
exabrial 3 hours ago 0 replies      
I think there are more important things to worry about...
hooo 3 hours ago 0 replies      
If NK did hack them, a joint investigation would be great as they'd learn what techniques the US used to identify NK.
maxharris 1 hour ago 1 reply      
Nothing that North Korea says should be treated as though it were legitimate. This is a country that keeps something on the order of a quarter of a million people in actual concentration camps, and tens of millions more utterly brainwashed and in unspeakable poverty. This is now, today, in 2014.




jdawg77 3 hours ago 0 replies      
When was the last time most, if not all, of the community here hung out with a guy or gal from the Foreign Service? Or better yet a member of the State Department of the USA?

Or the equivalent in their home country; that's just as well, given that the people I've met all over the world who work in their country's foreign service department are generally good people.

If you haven't seen, "A Beautiful Mind," it's a great film and the math literally helps explain why North Korea, despite evidence, might be a, "Sock puppet," used by...well, let's see.

What country is having a really, really crappy time with economic sanctions right now?

Maybe, just maybe, a bit of experience at interacting with the folks who (gasp) make these kinds of decisions would make the whole situation easier to explain. Or if most of us simply revisit kindergarten in the US, eg, the game of, "Tag." Remember how to claim a cookie that you're not supposed to eat?

Touch it. "If I touch it, I own it," because nobody wants to eat the cookie you touched after you liked your finger, right? So, Russia perhaps, "Licks their finger," tunnels through, and then when we discover the breach, "Look, it's the North Koreans!"

If not them, I'd say Luxembourg is behind it all. We know most American companies that have operations overseas use them to launder (I mean, mitigate) tax burdens in Europe, right?

Large Belarusian IT portal losing its .by domain over new law
26 points by hippich  4 hours ago   13 comments top 8
throughTheWay 1 minute ago 0 replies      
Original: http://news.tut.by/it/428870.html

(just so that the URL doesn't get masked by translate.google.com)

salimmadjd 2 hours ago 0 replies      
Having a dev a team there in Belarus I spent 4 months of that past 12 there. This seems to be about pricing.

Because of the strong economic ties between Russia and Belarus, the sanctions in Russia is also causing a huge devaluation on Belarusian currency.

My friends have been telling me of long lines at the banks to convert their money to Dollar. To prevent the rush, starting today, there is a 30% tax on converting your money to Dollar. Essentially a 30% devaluation of their currency.

Since many things are imported in Belarus any currency devaluation effects the price of goods, so people rushed to stores to buy anything they can (and now I've been told the shelves are almost empty).

But here's another issue, prices seem to be control by the government. For instance, when you go to restaurants all menus that have price on them, have a stamp and signature (think of it like a notarized stamp). This is so restaurants wont be able to increase the price as they wish.

From the google translation, it seems to me the online store started increasing their prices to match the devaluated currency and the government didn't like it. Because it contradicts their message on stability of their currency. They might have done the same at a physical store in this case.

sam_lowry_ 2 hours ago 1 reply      
It is indeed not an IT portal, but an ecommerce website. Very similar to Alibaba in its business model. Had a catalogue of every imaginable product and the best ever search over it.
gesman 3 hours ago 2 replies      
He smelled the problem long before it started but failed to implement a simple remedy:

Creating 301 redirect to portal copy hosted in stable jurisdiction.

colinbartlett 3 hours ago 0 replies      
Another reminder that you don't own domain names, you rent them. And the owner can take it back at any time.

It's for this reason that solutions such as Namecoin and other decentralized solutions are increasingly intriguing to me.

out_of_protocol 2 hours ago 0 replies      
Actually alibaba-style catalog + gsmarena-arena-style product details catalog + IT News site + forum + other stuff. #2 site in the country
guard-of-terra 2 hours ago 0 replies      
Looks like it's an ecommerce site, not an IT-portal.
avodonosov 3 hours ago 1 reply      
Isn't that typical for Belarus :)
Possible upcoming attempts to disable the Tor network
486 points by dewey  21 hours ago   110 comments top 20
cjbprime 21 hours ago 3 replies      
(Disclaimer: I am not affiliated with Tor, I'm just poking around their source code. My conclusions may be totally wrong.)

You can see the list of trusted directory authorities in Tor's src/or/config.c:


There are nine of them (actually ten, but one is just for bridges), so you'd have to disrupt at least five of them to prevent them forming a majority vote on consensus together. Looks like the countries that own the IP address allocations for each dirauth are:

Austria, Germany, Germany, Holland, Holland, Sweden, US, US, US

If the above is all correct, a US<->Germany collaboration - to pick the largest set from two countries - would be one way to cause a large problem.

declan 19 hours ago 3 replies      
This is a very big deal if it happens. Roger's linked post on the Tor site talks about "seizure" of directory authority servers; only government authorities would have that power. In the U.S. that would typically happens only after a court grants a seizure order, which would be under seal at this stage.

Of the countries where the servers are located, the U.S. has the most extreme copyright laws, which means, sadly, FedGov is the leading candidate to be behind any possible seizure.

It would be interesting if an enterprising journalist were to ask MIT, SF-based Applied Operations, and RiseUp if they've been contacted by law enforcement on this matter. Those organizations host some of the U.S.-based servers. RiseUp has a warrant canary but it hasn't been updated recently: https://help.riseup.net/en/canary

Of course we don't know what actually is going on and it all may be (I hope!) a false alarm.

PS: If multiple governments cooperate and a majority of servers are taken down, what happens to Tor after the consensus interval expires? I don't know; maybe someone more familiar with Tor does. The consensus interval was changed to 72 hours a few years ago: https://trac.torproject.org/projects/tor/ticket/7986

PPS: Remember that FedGov's "copyright infringing" domain name seizures have on occasion taken down non-infringing sites in error, as I wrote about here: http://www.cnet.com/news/dhs-abruptly-abandons-copyright-sei...

discostrings 21 hours ago 2 replies      
It's very interesting that the project has some advanced notice about a threat.

My first guess would be that a nation has made some demands of the project that the project won't comply with, and that country has suggested they will seize the directory authority servers located inside it if the demands aren't met soon. [Edit: a new comment by arma on the original story, "To be sure to keep our source safe, we're not providing more details quite yet", makes this seem less likely.]

Or perhaps an insider has leaked some plans to the project.

Along another line of thought, if the US government wanted to further complicate online privacy, I imagine they'd choose a time like now, when headlines about the "cyber intrusions" of 2014 are at a peak. I wonder what other actors could have large enough power over their directory authority servers for the project to post this message.

Edit: Indeed, from a post below by paralelogram [0] and by checking https://atlas.torproject.org , it appears 4 of 9 are in the US. There are also two in Germany, one in the Netherlands (as well as another there that is only for bridge relays), one in Austria, and one in Sweden.

[0] https://news.ycombinator.com/item?id=8775009

robertfw 21 hours ago 2 replies      
What ability does TOR have to operate in a decentralized manner without the directory servers? Is that something that is possible now, or is it being worked on, or is it even possible?

edit: this question was asked in the blog comments, here is arma's response

> There are a bunch of research papers looking at exactly this question.Check outhttp://freehaven.net/anonbib/#usenix11-pirtorfor one direction, and thenhttp://freehaven.net/anonbib/#wpes09-dht-attackhttp://freehaven.net/anonbib/#ccs09-shadowwalkerhttp://freehaven.net/anonbib/#ccs09-torskhttp://freehaven.net/anonbib/#ccs10-lookupfor another direction to consider.The current situation is that nobody knows of a better design that is actually better in practice. The one we have is well-studied and has well-understood downsides, so I'm not eager to move to one that is poorly-studied and has poorly-understood downsides.

d0mdo0ss 20 hours ago 0 replies      
Someone posted a somewhat toxic but somewhat valid point, and the project responded with more details about their 'source'. I add their response but it may be best to read the original post.

To be sure to keep our source safe, we're not providing more details quite yet.

But actually, we don't know many more details than the ones we posted. And as for your 'why', that's an excellent question, and one we've been wrestling with too. There are nine directory authorities, spread around the US and Europe. If they're trying to hunt down particular Tor users, most possible attacks on directory authorities would be unproductive, since those relays don't know anything about what particular Tor users are doing.

Our previous plan had been to sit tight and hope nothing happens. Then we realized that was a silly plan when we could do this one [post the warning] instead.

mike_hearn 19 hours ago 4 replies      
I doubt this will be a popular post, but I'll make it anyway.

If there are some seizures of directory authorities or other project infrastructure, this won't be some totally unpredictable occurrence. It was only about a month and a half ago that some relays were seized as part of a general takedown against Tor hidden services. The Tor project posted this blog in response:


That blog post convinced me to shut down my relay. The reason is, to an ambitious prosecutor this blog post looks like:

"We view law enforcement operations as attacks and are looking for ways to defeat them, because we are determined to shield the identities of our criminal clients"

... which is exactly what resulted in the operators of the Silk Roads getting arrested even though they were not personally selling drugs.

The blog post makes casual reference to the "enormous social value" of hidden services and claim they're worried about "secret police repressing dissidents", but doesn't cite any actual examples. Actually I've never heard of a hidden service that has enormous social value - whilst there are a small number of .onion addresses that aren't completely illegal or unethical, for all the examples I know of the operators are not anonymous.

To police forces around the world who keep having investigations hit a dead end because of Tor, going after the project directly will not seem very different than going after services like Liberty Reserve. The people running it are stating publicly that they will do their best to frustrate investigations, and that is dangerously close to admitting participation in a criminal conspiracy. Thin ice doesn't even begin to describe their current situation.

jwcrux 21 hours ago 5 replies      
Assuming it's a legal entity that will be performing these seizures, I'm curious to know the case against these servers. To my (albeit somewhat limited) knowledge of the Tor network, these DA's exist solely to maintain the integrity and structure of the network, and to provide a list of known relays to clients.

I also understand that this list of trusted DA's is hardcoded into Tor clients. Since this is the case, I'd be curious how the network could be restored if there is a coordinated action on these servers.

jgwest 11 hours ago 1 reply      
Seems like somebody in the DoJ just decided that Tor's balance between geeky CompSci curiosity and enabler of real-world criminal behavior has tipped too far in the latter direction. The legal case has been ripe for a while-- after all, Megaupload and many other networks have been disabled by the US government for enabling significantly LESS serious criminality. Ummm... world's biggest drug marketplace, anyone??? What's important to remember is that the gov't can't just go in and seize the directory authority servers willy-nilly. Instead, they must do it as part of a legal process against a specific, identified target. In this case, the likely target is going to be the Tor project itself and possibly the individuals leading it. The legal case might ruffle a few techie feathers but only an insignificant portion of the general public will care, and that portion can be mollified with the "stopping the bad horrible criminals" routine.
sandworm 18 hours ago 0 replies      
If this turns out to be (1) real and (2) linked to the Sony fiasco, then North Korea has triumphed. They have taken down two enemies in a single hack: a film and an internet technology. That puts them ahead of the MPAA and the NSA combined.
click170 20 hours ago 1 reply      
Is there anything that users can do to help with this? Donating money or hosting, or running a Tor node?

There wasn't any info on the blog about what regular users can do to help with this, if anything.

nickodell 21 hours ago 1 reply      
Does anyone have any more information?

What jurisdictions are these Directory Authorities located in?

pc2g4d 19 hours ago 0 replies      
Sounds like time to stand up some spare directory servers, preferably in different legal jurisdictions than those currently represented.
guelo 19 hours ago 1 reply      
I'm surprised they're able to talk about this, seems. Like the FBI would have gone with a NSL (National Security Letter).
sandworm 11 hours ago 1 reply      
Aside from the physical takedowns, expect a financial crackdown. Tor project assets would be seized, Paypal accounts locked, and CC services withdrawn.
mortov 20 hours ago 0 replies      
I think we can guess we're about to be told the North Koreans used TOR so decisive action needs to be taken against the network as part of the retaliation measures just announced.
driverdan 17 hours ago 0 replies      
What are the specs of these servers and how much bandwidth do they require?
justcommenting 21 hours ago 3 replies      
the most recently restarted dirauths appear to run Tor, including four of the five US-based dirauths (moria1, Faravahar, urras, dizum). gabelmoo, tor26, longclaw, Tonga, and maatuska appear to be running Tor dannenberg is running Tor

roger's dirauth (author of the post) moria1 (US) restarted ~1d ago and shows a blip in traffic earlier today, which may or may not have something to do with the post: https://atlas.torproject.org/#details/9695DFC35FFEB861329B9F...

peter's tor26 (austria) restarted 12h ago: https://atlas.torproject.org/#details/847B1F850344D7876491A5...

dizum (netherlands) was also recently restarted 16h ago: https://atlas.torproject.org/#details/7EA6EAD6FD83083C538F44...

Tonga (netherlands) looks mostly normal, restarted ~7d ago: https://atlas.torproject.org/#details/4A0CCD2DDC7995083D73F5...

sebastian's gabelmoo (germany) restarted 2d ago: https://atlas.torproject.org/#details/F2044413DAC2E02E3D6BCF...

CCC's dannenberg (germany) restarted 3d ago: https://atlas.torproject.org/#details/7BE683E65D48141321C5ED...

jake's urras (US) is showing relatively low bandwidth & restarted ~2d ago: https://atlas.torproject.org/#details/0AD3FA884D18F89EEA2D89...

Faravahar (US) restarted 4d ago: https://atlas.torproject.org/#details/CF6D0AAFB385BE71B8E111...

riseup's longclaw (US) restarted 9d ago: https://atlas.torproject.org/#details/74A910646BCEEFBCD2E874...

linus's maatuska (sweden) has been up for 30d: https://atlas.torproject.org/#details/BD6A829255CB08E66FBE7D...

recent activity in tor's commit log may also offer up some clues: https://gitweb.torproject.org/tor.git/log/?showmsg=1

aburan28 19 hours ago 1 reply      
The United States Government will fail because even if they were to significantly disrupt the Tor network we'll pull out the Zero Knowledge Proofs on them. We have the crypto and technology to build a super resilient Tor replacement that they cannot do a single thing about. Tor is antiquated and I personally hope they take it out because it's replacement will be 100x better.
Aoyagi 21 hours ago 5 replies      
>Tor remains safe to use.

What are these not-so-rare reports of mass unmasking of people then? I'm genuinely curious, not begging the question.

kordless 15 hours ago 1 reply      
I'm hoping Utter.io can help with this by making the infrastructure more trustworthy in the coming years. I'll be launching a Kickstarter right after the 1st to raise money for the project (which is currently in preview mode): https://www.kickstarter.com/projects/kordless/683224456?toke...

If funded, a user governed foundation will be set up to help prevent influence by misaligned interests, such as those seen with existing providers and closed source software vendors. Infrastructure was always meant to be open, transparent and trustworthy.

Especially for those who don't know any better.

       cached 20 December 2014 20:02:01 GMT