hacker news with inline top comments    .. more ..    11 Jan 2015 News
home   ask   best   3 years ago   
1
We are moving the Roslyn code to GitHub
343 points by taspeotis  9 hours ago   133 comments top 22
1
bcantrill 7 hours ago 8 replies      
This is getting terrifyingly close to my prediction that Microsoft should/would/will buy GitHub. When I first started predicting this two or so years ago, it was mainly for its comedic value (it always got laughs, followed by "yeah, they should!" followed by nervous laughter followed by "wait, do you think they would actually do that?!"), but after the open sourcing of .NET I honestly think anything is possible. Especially because the counter to MSFT buying GitHub was always "but... CodePlex!", and here they are explicitly moving a high-profile project from CodePlex to GitHub. Scary!
2
tzs 2 hours ago 2 replies      
Are there any major public repository hosting services that provide good organizational tools for multiple repositories?

GitHub, as far as I have been able to determine, only supports a flat list sorted by last update.

This is annoying when a developer has a lot of repositories. I'll come across something useful in one of my areas of interest from a given developer, and then want to look at their other repositories to see if they have anything else in that area of interest. In a sane design, all of their repositories in that area would be organized under a folder, and this would be easy.

BitBucket seems to have the same limitation.

3
niutech 3 hours ago 0 replies      
Every monopoly is bad. GitHub is becoming one. I don't think it's a good move, as well as Google abandoning Google Code.
4
icehawk219 8 hours ago 3 replies      
> HOW: This will be a simple switch turn off CodePlex, turn on GitHub. Youll be able to see our check-ins on GitHub that same day.

It's probably a safe bet that CodePlex's days are numbered. Which is kind of a shame. It was definitely heavily lacking but I can't help but think that some more competition in the space would be a good thing.

5
benbristow 3 hours ago 1 reply      
BitBucket for private stuff/stuff I don't want showcasing.GitHub for open-source.

Works perfectly fine for me and since they're both Git based there's no extra learning curves for either of them.

6
antaviana 2 hours ago 1 reply      
Perhaps Microsoft wants to divest out of the git+online tools space? Github is the incumbent that they did not crack how to beat and it will be a bit more crowded with Amazon who seems to be also coming this year with CodeCommit. So far, Amazon strategy has been to suck all air from the room.
7
lbradstreet 8 hours ago 1 reply      
With Microsoft making moves like these for their open source projects, it seems like network effects are alive and well, and working for GitHub. Of course, it did require some change from above to get to the point where Microsoft is willing to open source this stuff in the first point.
8
Permit 8 hours ago 1 reply      
This post only mentions Roslyn, but the F# project will also be moved over. :)
9
josteink 3 hours ago 0 replies      
I definitely hope they will blog more about the migration and source-code conversion and how they did it, much like ESR blogged about the Emacs BZR to Git conversion[1].

It would probably be very interesting for customers thinking about migrating from TFS to Git themselves.

[1] http://esr.ibiblio.org/?p=5634

10
aurelien 34 minutes ago 0 replies      
Always fun to see Microsoft moving to free software.
11
iamcreasy 8 hours ago 2 replies      
Pretty cool!

Are all these happening because Satya Nadella is trying to steer MS in new direction?

12
nl 8 hours ago 2 replies      
One of the GitHub founders has talked about being offered a job at Microsoft out of college, and deciding to take the risk starting GitHub instead.

Must feel satisfying....

Edit: Ok, not straight out of college. No less satisfying though.

13
XorNot 3 hours ago 0 replies      
Makes sense to me. I've not met anyone who doesn't think Visual Studio is solid software, and received numerous recommendations that an IDE is definitely something worth paying for. MS looking to be developer friendly can only be good for them.
14
waitingkuo 6 hours ago 0 replies      
That's interesting!!! So what's Microsoft's next step? Aquire Github?
15
jng 3 hours ago 1 reply      
Microsoft embracing open source and open culture without having a clear path forward ensuring business. This reminds me of Sun a lot. That didn't end up well.
16
farresito 6 hours ago 1 reply      
What were they previously using before the switch to git? Mercurial?
17
ck2 7 hours ago 0 replies      
I had to double take and check if it was April 1st already.
18
davidgerard 6 hours ago 0 replies      
>as well as switching to use git internally

LINUS INFILTRATES

19
XzetaU8 7 hours ago 1 reply      
Embrace.
20
JBiserkov 1 hour ago 1 reply      
Can someone please change the title to

.NET Compiler Platform ("Roslyn") is moving to GitHub

The current one makes it seem that MSDN is moving to GitHub (wouldn't that be a sight? :-)

21
CmonDev 6 hours ago 0 replies      
"Well be using GitHub Issues for both discussions and bugs after the switch"

Hilarious! Did someone call GitHub "social"?

22
edpichler 18 minutes ago 1 reply      
Microsoft has being doing good decisions lately. They are becoming more open, also integrating more with industry leaders. Another good strategic decision they made was the partnership with Dropbox (https://blog.dropbox.com/2014/11/dropbox-microsoft-office-pa...) not mattering if they already have a similar service (OneDrive).

To me, these are signals of a good administration. This company is changing to keep growing, and I believe it is working. It's not the same Microsoft we knew a decade ago.

2
An Attack on Telegram
66 points by escapologybb  3 hours ago   25 comments top 10
1
Shank 5 minutes ago 0 replies      
I find it interesting in how there is some dependence on the fingerprint secret being shared across the Telegram channel in order to verify identity.

What if a user sends the screenshots of the fingerprint over, say, a medium decided in the chat on the fly? Unless you can MITM every service they're using, you could just /tweet/ the fingerprints, for instance, and check on a different machine for a matching key. Or what if the screenshot is tampered with by hand, like, signing the center of the square with a finger drawn, transparent signature? How would an attacker replicate that?

Of course, the "supervillain" model still works and enough computation time and power might find it, but there are a multitude of ways to ensure that the secrets match on everyone's devices.

2
shmerl 3 minutes ago 0 replies      
They still didn't release the server code, didn't they?
3
utnick 39 minutes ago 0 replies      
So the attack is due to the fingerprint of the key being smaller than the actual key and therefore theoretically possible to find another key with the same fingerprint..

Doesn't textsecure and threema have the exact same problem? Both show a fingerprint to the user instead of the actual key.

4
imaginenore 1 minute ago 0 replies      
O(2^64) is the same as O(1)

Pretty pointless estimate.

5
sz4kerto 2 hours ago 2 replies      
"Some viable alternatives I can recommend are Threema or TextSecure."

The problem with Threema and TextSecure is that it's hard to convince my friends to use them because

- Threema is not free and does not have desktop/web clients, and multi-device setup is not supported afaik- TextSecure is not really multi-platform

The only popular, multiplatform messengers at the moment are Whatsapp, FB Messenger, Viber/Line and Telegram. Whatsapp doesn't have a desktop client, Messenger requires a Facebook Login, Telegram and Whatsapp does not have voice chat and I hate Viber's design -> so I keep using Telegram for messaging and Skype for voice.

The network effects can be very nicely observed in messenger usages. In my home country almost everyone uses Viber, but in other countries I have worked (W-EU) almost everyone uses Whatsapp. In Germany people seem to know Telegram, in other places nobody heard about it.

6
known 11 minutes ago 0 replies      
7
cyphunk 1 hour ago 2 replies      
Every one of these new chat systems have similar problems with key authentication. they fail in similar ways and try to solve the problem in similar and different ways. This articles contribution, while very valid with its "greater than though" tone, is gets on my nerves. I have no idea why it always seems to be a constant when people talk about Telegram without really investigating the dramatic headlines authors claim. Is it that we just hate anything engineered in Russia, China. Its boring already.
8
aw3c2 2 hours ago 2 replies      
Huh! Just yesterday I was fed-up with Textsecure being so buggy and bad that I looked at the Telegram homepage and thought "nice" apart from not completely being free software (or is it?). It says "Telegram messages are heavily encrypted and can self-destruct." which made me believe that all messages are heavily encrypted.

Now this post says "By default, messages (...) are logged and stored on Telegram's servers". Damn.

9
tomaskafka 2 hours ago 1 reply      
Isn't all this pointless when Telegram could just MITM everyone at will of any agency, as the client is closed source?

Unless the whole client code is audited by third parties (and it is ensured that app store version = audited version), this whole exchange of keys with colorful qr code could be a charade.

10
air 2 hours ago 0 replies      
"This past spring, Juliano Rizzo (@julianor) and I came up with a cryptographic attack on Telegram's MTProto "secret" chat communications which can be performed in O(2^64) time."

Using asymptotic notation without an argument (usually "n") makes me cringe. O(2^64) = O(1)

3
If Scheme's numbers were like Scheme
25 points by jsnell  6 hours ago   discuss
4
Google Analytics, Casualty of Spam
139 points by amitmittal1993  3 hours ago   59 comments top 23
1
notlisted 1 hour ago 1 reply      
I think there's more to it than referrer spam: unscrupulous SEO/SEM people artificially pumping up their performance to justify their rates.

A friend's analytics showed an amazing number of visits for a tiny site. While traffic was up, it did not lead to new clients. She fired the company she'd engaged for SEO/SEM because they kept raising their rates as traffic milestones were reached (hundreds of dollars a month).

Immediately after terminating that relationship, she noticed a 95% drop in traffic and panicked (see http://i.imgur.com/WwJ0vYo.png ). I was asked to fix it for her. One look in the referrers showed that this 95% all originated from China (ads.acesse.com) and was useless/fake (very few page views, very short durations). While we have no proof to support a lawsuit, the timing was too much of a coincidence to ignore.

2
charlieirish 2 hours ago 4 replies      
Google have responded to this (in the past) by implementing an automated spam/bot/spider filtering service:

https://plus.google.com/+GoogleAnalytics/posts/2tJ79CkfnZk

If you're seeing nefarious traffic/referrers you may want to tick this box which I believe is unticked by default.

3
gk1 3 hours ago 3 replies      
Oh boy... Declaring a world-class analytics tool dead because you haven't figured out how to prevent script hijacking.

Just create a view filter that ignores traffic on any hostname other than yours. That's it.

4
gingerlime 2 hours ago 0 replies      
I'm not sure what level of sophistication goes into GA's anomaly detection, but if those spammy domains show up, then I'm guessing it's not that difficult to cause much more damage using similar techniques.

Scenario:

I want to annoy / confuse / distract my competitor by making their analytics data less-effective (potentially totally unusable). I grab their tracking ID and send tons of fake events / requests / page views. Now my competitor can't really figure out what actual traffic they're getting and what's real and what's fake... Plus they spend time trying to figure out what's going on, clean up their data etc.

It can go way beyond referring domains - think custom events, ecommerce tracking, site speed... anything that analytics tracks can be faked.

5
aselzer 2 hours ago 4 replies      
It seems like they are targeting smaller sites desperate for traffic.They are trying to make the owners monitoring (Google) analytics look at their own site offering "SEO", "marketing", "social optimizations" and similar services that are probably as shady as their way of "contacting" the owners of low-traffic sites.

I have a site with less than 200 "visits" per month.20% of traffic apparently comes from the site semalt.semalt.com. 10% comes from this site: buttons-for-website.com.Another 6% is from this one: make-money-online.7makemoneyonline.com

6
jarcane 3 hours ago 0 replies      
I've been noticing this for several years. A significant enough bulk of my logged traffic to my publishing label is this kind of spam that Ukraine shows up as my second largest source of traffic. My 9th most frequent referrer is, indeed, semalt.com, as mentioned in the article.

Generally, unless there's a major traffic spike from one source or another, I largely consider my traffic reports complete fiction because of this level of spam referrers.

7
jerrac 41 minutes ago 1 reply      
Heh... I have an old Analytics site that hasn't had live code available on the web for years, and it got 4 hits last month. Are they randomly generating the ids?
8
andrewstuart2 2 hours ago 1 reply      
For the record, blurring (even when applied appropriately) is still a pretty bad idea for hiding information [1]. I know this has been on HN a few times.

I'm not sure what you can do with the GA key or if it's even private, but just adjusting levels in gimp shows the numbers.

[1] http://dheera.net/projects/blur

9
kmfrk 2 hours ago 0 replies      
Reminds me of this video [https://www.youtube.com/watch?v=oVfHeWTKjag] on the bogus Facebook engagement you pay for: https://www.youtube.com/watch?v=oVfHeWTKjag.
10
countryqt30 1 hour ago 0 replies      
So 300 "spammers" are visiting your site regularly. Why are they doing that? Only that you visit _their_ website which is usually offline or doesn't offer anything?

I don't get the point of this spam.

11
steventhedev 3 hours ago 0 replies      
For the server-side analytics, it's simple. Just use the GA Measurement Protocol, or a wrapper like staccato[1]. You can push the cid through ajax and javascript so you can even make proper reports, and just send everything from the JS to a dummy property.

[1] - https://github.com/tpitale/staccato

12
Kiro 38 minutes ago 0 replies      
Can't Google just check on their end that the key was called from the website of the GA account?
13
artursapek 3 hours ago 0 replies      
Ah, so it's not just me. I guess I'll be putting more efforts into my server-side tracking/logging...
14
zuck9 2 hours ago 0 replies      
This is not just with Google Analytics. I saw these same referrers in my WordPress.com Stats too.

Looks like spammers are deploying spiders browsing the internet with fake spam referrers.

15
cornewut 2 hours ago 1 reply      
Adding to this - most privacy/adblock plugins also block analytics. So I really have to doubt that Google Analytics is of much value.
16
dazc 2 hours ago 0 replies      
I have compiled a list of persistent offenders over the past 12 months and block them using SetEnvIfNoCase.It's a surprisingly short list with semalt being the winner by a long way.
17
gii 3 hours ago 1 reply      
You can create global filters in Google Analytics by going to Administration -> Global Filters

create a new custom filter for field Referrer and exclude the spammy site from there (do not forget to escape the dot \.)

18
PinguTS 3 hours ago 1 reply      
It is not only Google Analytics. I discovered the same with my Piwik installation.
19
josteink 2 hours ago 0 replies      
I don't think the spammers are targeting Google Analytics specificaly as much as they are trying to get links for their domains on to the internet.

Lots of websites posts their visitor logs or stats on a special status-page (or at least used to do). If those links aren't rel=nofollow, then congratulations, your referer-spamming just gained yourself some SEO-bonus.

20
BMorearty 1 hour ago 0 replies      
I've been wondering since like forever why hackers hadn't figured this out yet.
21
binarymax 3 hours ago 4 replies      
Its not clear to me why spammers would do this, can someone please explain how a 3rd party benefits from incrementing hits on an unrelated site?
22
elberto34 2 hours ago 3 replies      
maybe this can be fixed by requiring some mouse over action before the hit is registered
23
arb99 2 hours ago 0 replies      
referrer spam is something that has been happening to years, and GA is actually quite good at filtering it comapred to a lot of other stats programs out there. This is really not an issue.
5
Fast, Scalable Networking in Go with Mangos
18 points by signa11  2 hours ago   1 comment top
1
chimeracoder 31 minutes ago 0 replies      
This is a cool project, though the name might be a bit confusing in conversation. The MongoDB driver for Go is called "mgo" and pronounced "mango"[0].

[0] https://labix.org/mgo

6
The Glider: An Appropriate Hacker Emblem (2014)
32 points by prajjwal  3 hours ago   15 comments top 8
1
sanqui 2 hours ago 0 replies      
I love the glider as a hacker emblem. Here's a tiny version with Unicode Braille:
2
agumonkey 21 minutes ago 0 replies      
3
fishnchips 1 hour ago 1 reply      
I'm not convinced that the glider represents the 'hacker community' as a whole - I know a good few folks (not only 'web developers') who have no idea about Game of Life. Damn, I know at least one good coder who never heard of IRC. So much for shared experience.

In all fairness I don't think a 'hacker community' as such exists any more - if there ever was one.

4
sramsay 1 hour ago 2 replies      
The page says May 2014, but this is quite old. ESR proposed it in 2003 and it . . . failed to catch on.
5
Rhapso 39 minutes ago 0 replies      
This, along with a life-long fascination with cellular automata, inspired me to get a tattoo of the glider sequence a few years ago. It is a tattoo that is occasionally difficult to explain to innocent bystanders but it constantly reminds me of what motivates and inspires me.
6
robotkilla 1 hour ago 1 reply      
I've long felt that some variation of the anarchy symbol would be more appropriate for a hacker symbol being that hacking represents total freedom (in my mind).
7
Schiphol 2 hours ago 1 reply      
A still life would be even better. The emblem would be doing what it is supposed to be doing: stay put.
8
cognitive-waste 33 minutes ago 0 replies      
Might have caught on if it were hackable in plaintext. The graphic is abhorrent.
7
Show HN: App for Falling in Love
115 points by ada1981  10 hours ago   54 comments top 15
1
ada1981 10 hours ago 3 replies      
I was so impressed with the NYTimes article I saw posted this morning about a study done on strangers falling in love, that I took the questions from the original study and built an app / game. Should be a great tool for first dates or for fun with your lover. Enjoy!

The inspiration was this thread:https://news.ycombinator.com/item?id=8866933

2
morgante 48 minutes ago 0 replies      
Awesome to see this! After reading the article, I too thought about making an app for it, but kudos to you for beating me to the punch.

I might suggest making a native app though. Several developers made an absolute killing off their native versions of the NYT's 7 minute workout article (eventually pushing the NYT to release their own app).

3
ada1981 2 hours ago 1 reply      
I just realized that yesterday was the to-the-day 1 year anniversary of my girlfriend of 3 years dumping me in Palo Alto (via email) the day after she told me she could see us married and happy together (ouch!). Woke up, read HackerNews, and had this insatiable urge to blow off everything I had on my plate for PRMatch.com and code this sucker up. So grateful for all the praise / support / people using it and signing up for more free relationship tools.

Looking forward to some wedding photos!

xo, Anthony

4
binarymax 5 hours ago 1 reply      
I have an idea for an experiment: take this to the UN and have two quarreling diplomats go through the process with each other. Next step - world peace.
5
tmuir 8 hours ago 2 replies      
Is the premise really that just the exercise alone produces the result? Wouldn't two people who were totally repulsed by each other's answers not fall in love? What about people who were just lukewarm towards each other's answers?

If that's the case, how does this idea allude to anything other than the concept that two people who generally get along with each other, and were already predisposed to liking each other in the first place, would develop feelings for each other after spending a few hours conversing and learning about each other?

6
myrmi 8 hours ago 1 reply      
7
dllthomas 8 hours ago 1 reply      
I like the "grab a partner" as if it doesn't matter who.
8
blubbi2 3 hours ago 1 reply      
I really like the carousel. Nevertheless, for those that are too lazy to click 36 times:

Given the choice of anyone in the world, whom would you want as a dinner guest?

Would you like to be famous? In what way?

Before making a telephone call, do you ever rehearse what you are going to say? Why?

What would constitute a "perfect" day for you?

When did you last sing to yourself? To someone else?

If you were able to live to the age of 90 and retain either the mind or body of a 30-year-old for the last 60 years of your life, which would you want?

Do you have a secret hunch about how you will die?

Name three things you and your partner appear to have in common.

For what in your life do you feel most grateful?

If you could change anything about the way you were raised, what would it be?

Take 4 minutes and tell your partner your life story in as much detail as possible.

If you could wake up tomorrow having gained any one quality or ability, what would it be?

If a crystal ball could tell you the truth about yourself, your life, the future, or anything else, what would you want to know?

Is there something that you've dreamed of doing for a long time? Why haven't you done it?

What is the greatest accomplishment of your life?

What do you value most in a friendship?

What is your most treasured memory?

What is your most terrible memory?

If you knew that in one year you would die suddenly, would you change anything about the way you are now living? Why?

What does friendship mean to you?

What roles do love and affection play in your life?

Alternate sharing something you consider a positive characteristic of your partner. Share a total of 5 items.

How close and warm is your family? Do you feel your childhood was happier than most other people's?

How do you feel about your relationship with your mother?

Make 3 true "we" statements each. For instance "We are both in this room feeling ... "

Complete this sentence: "I wish I had someone with whom I could share ... "

If you were going to become a close friend with your partner, please share what would be important for him or her to know.

Tell your partner what you like about them; be very honest this time saying things that you might not say to someone you've just met.

Share with your partner an embarrassing moment in your life.

When did you last cry in front of another person? By yourself?

Tell your partner something that you like about them already.

What, if anything, is too serious to be joked about?

If you were to die this evening with no opportunity to communicate with anyone, what would you most regret not having told someone? Why haven't you told them yet?

Your house, containing everything you own, catches fire. After saving your loved ones and pets, you have time to safely make a final dash to save any one item. What would it be? Why?

Of all the people in your family, whose death would you find most disturbing? Why?

Share a personal problem and ask your partner's advice on how he or she might handle it. Also, ask your partner to reflect back to you how you seem to be feeling about the problem you have chosen.

Almost done. Now silently look into your partners eyes for 4 Minutes.

Congrats! You're in love! :)

9
shawndrost 2 hours ago 1 reply      
Suggestion: rename it as "The Love App". Easier to remember, better for media.
10
orblivion 8 hours ago 1 reply      
I appreciate this for the same reason I appreciate metasploit.
11
Mauricio_ 1 hour ago 0 replies      
Was this made in one day?
12
Kiro 8 hours ago 1 reply      
Add the space so it shows up in the Show HN tab.
13
vonseel 8 hours ago 2 replies      
That was quick.
14
kgc 9 hours ago 1 reply      
Quickly looked over it. Needs spellcheck.
15
sp4ke 6 hours ago 3 replies      
Sad that we need an app to fall in love now ... kudos for making the app though
8
151-byte static Linux binary in Rust
144 points by adito  11 hours ago   32 comments top 7
1
Alupis 10 hours ago 6 replies      
reminds me a bit of the "Creating Really Teensy ELF Executables" writeup[1], which got down to 45 bytes.

But honestly... does it really matter how small your executable is? I'd care a lot more about performance characteristics than binary size.

[1] http://www.muppetlabs.com/~breadbox/software/tiny/teensy.htm...

2
Keyframe 1 hour ago 1 reply      
I just had a look. Installed nightly Rust on OSX and ran through it a hello world program - 307K! HW in C with gcc 4.2.1 (LLVM) makes 8.7K.
3
starmole 7 hours ago 1 reply      
Wow. This is seriously impressive. Rust looks like it actually might be capable as a systems programming tool to match C. I have to learn more about it now! :)
4
yazaddaruvala 6 hours ago 1 reply      
I'd actually love to ask Linus' on his opinion of the practical uses of Rust in the Linux kernel. Does he think it could have a place, if not, why? Can those issues be addressed, etc?

Even if that means him dismissing me/my question entirely lol.

5
CyberShadow 4 hours ago 0 replies      
I did something similar in D/Win32:

http://forum.dlang.org/post/qcbicxrtmjmwiljsyhdf@forum.dlang...

The PE format is rather bulkier than ELF, though.

6
tdicola 10 hours ago 2 replies      
That is really impressive. Now for comedy, someone find the size of a similar program in Go.
7
userbinator 10 hours ago 1 reply      
That main() can still be improved... try this:

    push 1    pop eax    mov edi, eax    mov esi, 400008h    push 7    pop edx    syscall    push 3ch    pop eax    xor edi, edi    syscall
It should be 10 bytes shorter.

9
The Dawn Wall El Capitans Most Unwelcoming Route
29 points by lalmachado  4 hours ago   4 comments top 3
1
scottcha 36 minutes ago 0 replies      
The graphic is amazing, definitely one of the better implementations which help put the scale in to perspective.

Couple of details which I think help put this route in to perspective for the non-climbers:

1. Caldwell, one of the best climbers in the world, has been working on trying to climb this since 2007--the combination of longevity and perseverance is hard to match.

2. The easiest pitch (out of 30 total for the route, a pitch being a rope length usually between 100 and 200 feet) is 5.11 which is pretty hard but the real kicker is that there are 5 pitches 5.14 and of those 2 are 5.14d which is was the upper limit of difficulty until the last decade. Most 5.14 routes are short single pitch routes which take pros sometimes weeks or months of practice to climb. Not every pro can climb every 5.14 since they require a high degree of specialization dependent. There are 10s of 5.12 and 5.13 pitches thrown which makes the whole project together the hardest complete free route in history.

I'm kind of amazed to see this much press (multiple NYT stories, new channel coverage) on a big wall climb (or any climb not involving someone dying) and can't really remember something equivalent.

This is a pretty good article with more specific details about the climb: http://www.adventure-journal.com/2015/01/why-is-climbing-the...

2
Friedduck 1 hour ago 0 replies      
I recommend everyone visit Yosemite once. The scale is mind-bending. The falls appear in slow motion because the water is traveling such a great distance. Enormous, ancient trees appear as peach fuzz atop the walls.

I can't think of another place where you can walk right up to something so massive rising out of the earth.

I climbed a much more modest, easy peak there 15 years ago, and saw the headlamps across the valley of climbers on el cap. Its an awe-inspiring scene in the literal sense.

If you go, take the time to hike away from the crowds. It's a zoo of cars but quiet and breathtakingly beautiful if you explore.

3
harlanlewis 1 hour ago 1 reply      
Very cool. I was lucky enough to see them on the wall a week ago, and the scale and difficulty of it completely blows my mind. This visualization does a better job reproducing the in-person awe than any others I've seen.

I wonder if NY Times is using this 3D map of El Capitan? http://news.nationalgeographic.com/news/2013/06/130612-yosem...

10
Forget Wearable Tech. People Really Want Better Batteries
46 points by frostmatthew  3 hours ago   50 comments top 15
1
meesterdude 1 hour ago 2 replies      
I would welcome some additional thickness in my iphone for a better battery life. The end goal should not be a paperthin phone; it should be a phone that has a long charge time and fits reasonably into your pocket / hand. Phones are pretty important to people and it's silly something so important is so needy of recharging.

It's not technology so much that is the problem, it is design principles and priorities.

2
userbinator 43 minutes ago 4 replies      
Also related: easily removable batteries, and preferably in standardised sizes. The fastest way to get from empty to full is not to wait for it charge, but to swap in an already-charged battery.

I think thinness is overrated too, as a device thinner than ~10mm starts getting rather difficult to pick up from a flat surface and hold comfortably (I have big hands.)

3
bpodgursky 1 hour ago 2 replies      
If phone manufacturers weren't in a constant race to cut the last .1 oz off of their phones while still being barely-sufficient to get through a day, this wouldn't even be an issue. I'd be happy to double my phone's weight for 3 days of life.
4
vinceguidry 1 hour ago 2 replies      
The company that wins the jackpot on this isn't going to be the one with the most advanced batteries. It's going to be the company that figures out how to cut platform bloat down to a reasonable size, reducing energy consumption by an order of magnitude.

They're also going to have to figure out ways to keep third-party apps from undoing their hard work.

5
dorfsmay 1 hour ago 0 replies      
True. I'm one of those people who religiously plug my phone every night, yet, I often ran out of power when I really needed it (eg: browsing / tethering on a long train trip).

I recently got a One plus one, and I really couldn't tell you all the good geeky spec, I actually don't care about all it's little flaws, but I loves the amazing battery life. I will not buy another phone with lesser battery life. There is no other geeky spec that can trump that.

6
marknutter 20 minutes ago 2 replies      
What percentage of people don't/can't charge their phone every night? And of those who don't/can't, what percentage of them aren't satisfied with the myriad external battery cases and on-the-go-chargers available for smart phones. I challenge the assumption that the majority of people are asking for better batteries. I think it's like people asking Ford for a faster horse.
7
jordanpg 13 minutes ago 0 replies      
Is it worth noting that if wearables caught on, this would offload some of the work from phone batteries, effectively extending battery life? A big if, to be sure.
8
jacquesm 19 minutes ago 1 reply      
This is one of the main reasons I still don't have a smartphone. Battery life on an old Nokia is well in excess of 5 days, it works whenever I need it when on the road even when there are no wall sockets for miles around.
9
jokoon 32 minutes ago 2 replies      
other alternative, just make slower hardware, and optimize the software running on it.

optimizing and reducing the amount of functionalities might also save a very big amount of battery.

Honestly, what I'd buy, is a

* 4 inch e-ink screen device

* that can close like a laptop, with a physical keyboard,

* with a CPU that sacrifice features and speed for less power consumption

* no camera,

* only wifi, or with 3G disabled by default, no phone function

* browser with a very limited set of feature: limited to css 2, js deactivated by default: it's amazing the amount of firefox modules that can be disabled: http://sourceforge.net/projects/lightfirefox/

* no video acceleration, no graphics acceleration, and no fading/smooth window transitions, 10hz refresh rate is more than enough to read text

I wonder which of those things save the most battery, but I guess all of this would easily double battery life. Also I guess that device would cost much less and be very attractive for students, and be enough to just code if you'd have an online compiler. If you want calls, just buy a candybar phone, like the the latest nokia 100 or 200 series.

I'd buy it even if it cost $300. I wonder how expensive e-ink screen are, but I would not be surprised it's mostly a patent issue.

10
Kiro 29 minutes ago 0 replies      
So I must choose? Wearable tech or better batteries but you can't have both! Of course people want better batteries but I don't see how that leads to the conclusion of the headline.
11
k-mcgrady 1 hour ago 1 reply      
If Apple announced the next iPhone and it had a battery that lasted twice as long as the current one I think a lot of people would be happy. I've noticed I get about 1.5 days now with my iPhone 6 and not having to worry if I forget to charge it at night is great. If it could get me to the end of the next day it would be perfect. It seems that every year phone manufacturers make battery improvements but these are offset by the new sensors and screens. If they skipped everything except battery for one generation, doubled it, and then went back to features would they be able to continue adding features at the previous rate while maintaining the new battery life?
12
cheatdeath 25 minutes ago 0 replies      
Is there some sort of Parkinson's Law that phones will consume as much power as is available to them?
13
acd 55 minutes ago 0 replies      
I think wearable watches has to be designed differently.Think a watch bracelet with the battery around the arm, also add solar cells to recharge that battery.
14
shocks 1 hour ago 2 replies      
I got an LG G3 recently and the battery life is excellent. It'll happily last two days.
15
mikeash 22 minutes ago 0 replies      
It's really interesting how much improved batteries could improve all sorts of tech. Phones and wearables are pretty much the least interesting of them, too.

Imagine for a moment that batteries are 1000x better than now. A ton of problems are magically solved. Renewable energy is suddenly trivial. Run the world on solar and wind, done! Electric cars are now the only reasonable kind. Trucks and trains too. Even airplanes. Many satellites could be replaced with long-duration drones. Those that remain can be built lighter and cheaper. Supersonic airliners might even come back, since fuel costs would drop through the floor.

Oh, and your smartphone could run for three years on a charge. Woohoo.

Compare with something like fusion power, which only solves a tiny fraction of the above. Without storage, fusion isn't that interesting. With good storage, it's not necessary!

11
Breaking antivirus software
10 points by kramarb  2 hours ago   2 comments top 2
1
DominikD 17 minutes ago 0 replies      
Here's PDF:http://mincore.c9x.org/breaking_av_software.pdf

Disclaimer: I hate slideshare with passion. Presentation format and how they use HTML makes it painful to use if there are some connection issues (and their servers routinely hang on slides.

2
leni536 52 minutes ago 0 replies      
This is mostly just sad. Updating through HTTP without proper signing, really? Also last time I checked I couldn't even download Avast through HTTPS.
12
Tesser Clojure reducers, but for parallel execution on distributed systems
29 points by abishekk92  5 hours ago   1 comment top
1
cursork 2 hours ago 0 replies      
Saw the presentation for this at ClojureX in London. I'm definitely interested to have a look

https://skillsmatter.com/skillscasts/5738-keynote-by-kyle-ki...

13
Why does a car like the Tesla still have old-style fuses?
85 points by primigenus  10 hours ago   45 comments top 16
1
x0054 5 hours ago 4 replies      
Because cars are not expected, under normal circumstances, to experience abnormal amounts of current on any given circuit. Unlike a house, where you can easily plug in something into the outlet that can overwhelm the circuit, in a car each circuit is designed specifically for a given maximum load.

When you blow a circuit in a house, you have most likely massed up and plugged too many things into one outlet, or your device is drawing too much power. You learn from your mistake, unplug the device, and reset the circuit. If a car blows a circuit, then there is something seriously wrong with some component of the car or the wiring. You don't want the user to be able to reset the circuit, you want someone who knows what they are doing to figure our what went wrong.

I fix all of my own cars, and never once have I ever had a blow fuse "just because." There always was an underlining cause which needed to be addressed. Except once, when a 10A fuse was used in a circuit that required a 25A fuse, on a window motor.

So, basically, in a well functioning and well designed car a fuse will not fail just because. So why bother replacing a part that costs less then a cent with a part that costs several dollars. I hate this attitude, just because something CAN be complex, does NOT mean it has to be complex.

Take car modules for instance. It used to be that back in the day (the 90s) your headlights were operated by a mechanical relay. This relay was expected to fail at some point (though they very rarely actually did fail) and as a result this relay was installed in an easily accessible place. If it did fail, it would cost $10-15 to replace it plus 5 minutes of labor.

New cars nowadays have solid state switching modules to operate headlights, and everything else in your car. These components are not expected to fail, even though they often do. Don't believe me, talk to any mechanic. However, because they are not expected to fail, they are often installed deep inside the car. So, now, if your headlight module fails, it costs $400 in parts, and several hours of labor to fix the same problem. Progress?

Stop making things needlessly complicated. Blade fuses are a fine solution to a problem.

2
lylebarrere 9 hours ago 2 replies      
The response from Kristin Paget at Tesla:

"So theres a few things at play here. For context, I run the Product Security team at Tesla and Im safety-trained on the HV systems - Im also working hands-on with a small drive inverter on a hobby project right now.

First and foremost, our large drive unit pulls about 1000A at full load, and switching that with silicon is tough. We use a bank of custom IGBTs on each of the high/low sides of each of the 3 rotor phases in order to handle the power, and thats with active fluid cooling. You can switch that much current with silicon but it aint cheap, and youll need either active cooling or a bunch of thermal mass if you want the thing to switch more than once. http://www.teslamotorsclub.com/attachment.php... is a decent pic, the object on the left is a single-phase switch, you can see 6x transistors laying flat at the front for one side of the phase (the other bank is behind).

Secondly, Model S is an AC induction motor so the current through the winding ramps up more-or-less linearly over time until the phase switches off (or changes direction). Youre at high power but youre not switching the load at zero-crossing as you would in a resonant load such as a Tesla coil, instead you have to switch at an increasing current depending on how much power you want to the wheels. You now dont just have to switch a lot of power, you have to switch it FAST so that the resistive losses in the FETs dont blow out the power channel due to ohmic losses. Your switch is now not just big and bulky, its complicated (since you need an additional HV supply) and pretty sensitive to things like stray capacitances. On the previous pic the big black brick on top of the PCB is the capacitor that dumps into the IGBT gates to make them switch fast enough.

Finally, I believe theres a regulatory issue. I think Im right in saying that automotive standards around the world require that all electrical systems are fused, and considering that theres multiple separate power rails its not inconceivable that an event could take place that leaves the HV drive rail powered on but kills the 12V accessory rail that powers a lot of the CAN systems. You could end up disabling your active fuse while the HV system is still energized, and considering the amperage our lithium packs can deliver (P85D draws up to 1.5kA) thats not going to end well.

Woz: I would LOVE to put you under a Tesla NDA and then give you a _real_ tour of the vehicle - ping me at kpaget@teslamotors.com if youre interested. Im curious, do you still have one of my RFID cloners on your shelf somewhere?"

3
csirac2 9 hours ago 1 reply      
Well, amateur experimental aircraft have something like this available: http://verticalpower.com/ - but there's a lot of negative reactions to this kind of technology, because it introduces new failure modes where none previously existed before.

But I think something that people forget is that generally, fuses are there to protect wiring and fixtures (switches, connectors, etc) from fire. Preventing the device on the circuit that you, the user, cares about from completely melting down is just a nice bonus.

That's why building wiring codes generally spec fuses to cope with the capacity handled by wiring and switches, rather than the loads attached to it.

EDIT: In any case you NEVER want the car to silently and automatically try to "re-set" a tripped breaker, surely. You want this kind of fault to present itself noisily and obviously; it's a precursor to a potentially dangerous condition.

Any automatic re-set will have to factor in some cool-down time for the wiring in between attempts... what is the temperature of an overheating pair of conductors in the wiring loom when the breaker tripped? What rate of heat dissipation is there allowing them to cool down again? A wire which has experienced overheating will have a different (higher) resistance after the short-circuit event. Even if the wire isn't permenantly damaged, the temporary increase in temperature will still guarantee a momentarily higher resistance. Will the wire still have low enough resistance to trip the breaker again when the short is applied again?

4
upofadown 3 hours ago 0 replies      
The fuse is also protecting the wire. So in a car you have a big fuse (fusible link) protecting the big wire to the fuse box. Then you have a bunch of little fuses protecting the wire on each branch circuit. All these fuses are intended to last for the life of the vehicle. The only time they would blow would be on the type of fault that would require further troubleshooting. It is unlikely that you could produce an electronic current limiter that would be cheaper and more reliable than a single use fuse.

My father the mechanic used to like to tell me about an exception to the rule as an object lesson about the trade off between risk and reliability. Back in the days of breaker ignitions the ignition circuit was almost never fused. A blown fuse in the ignition circuit could strand people out in the middle of nowhere. The extra risk was acceptable to eliminate the situation where the fuse blew when the ignition might of been able to continue to work in some sort of degraded mode. It was OK that that degraded mode might involve smoke and flame.

5
sokoloff 1 hour ago 0 replies      
The short answer is cost and that fuses are perfectly sufficient.

Blade fuses are 100 for a dollar. PTCs are a handful for a dollar. Infineon ProFETs are a couple dollars per.

When's the last time you blew a fuse on your car? For most of us, it's never. For those of us who have, there was almost certainly an electrical fault that was the root cause.

6
teovall 9 hours ago 2 replies      
This is a perfect example of the KISS principle. Since I would never presume to call Woz stupid, let's call it the KISW (Keep It Simple Woz) principle in this case.

Woz is proposing that Tesla take well proven, very reliable, simple, inexpensive fuses that are very rarely even seen by customers and replace them with complex integrated circuits and software that will need a lot of testing, almost certainly be more expensive, and almost certainly be less reliable. For what? Very little benefit for a very small subset of customers.

KISW! Sometimes a small length of wire in a plastic holder is the best answer to a problem.

7
lnanek2 37 minutes ago 0 replies      
Can't say I've ever seen a fuse in a car blow that didn't come from a short that had to be fixed anyway. Having a circuit breaker or software solution some end user would just flip again would damage the system even more and risk fires. Maybe Woz is smart about computers, but doesn't know anything about cars?
8
venomsnake 7 hours ago 0 replies      
Even before seeing it was Woz that posted - the answer in my head was "because they work". And he made no compelling argument to have something else.

I don't believe in smartness for smartness' sake. For a fuse to fail you need 1) wrong fuse 2) physical damage to the fuse (not sure if there is a case in which this would cause it to not break the circuit), different set of laws of physics.

9
spiritplumber 6 hours ago 0 replies      
I've replaced most of the easily blown fuses in my car (accessories, etc.) with PTCs. Now I joke that turning the car off and then on again fixes the problem. However, I wouldn't do that with a vital system (starter motor, etc.) because a blown fuse generally informs you of a deeper problem, rather than being the problem itself.

http://en.wikipedia.org/wiki/Resettable_fuse They make these in automotive format, or you can go to Digikey, get a PTC of the current you like, and solder it onto a blown fuse.

PTCs have the advantage of being straight replacement, and if you want, you can add a Hall sensor to see if current is flowing without creating paths to ground or other problems.

Anyone knows how to add this answer to Woz's thread? The "awesome power of social networks" isn't that awesome, since I can't answer on the thread linked...

10
davidbanham 6 hours ago 1 reply      
To me the interesting part of this was how social media is sometimes absolutely amazing. Woz idly poses a question about the fuses in his car and has an engineer from the manufacturer write a detailed response in short order. That is incredible.
11
sfeng 10 hours ago 2 replies      
Having fuses as a last-ditch safety measure can be a really good idea, as often the alternative to a fuse blowing is a fire. That said, they should probably be using self-resetting circuit breakers rated to trip before the fuses blow. It's possible they do and his car has a legitimate short.
12
Too 9 hours ago 0 replies      
In a way what he is proposing is already used for some systems of a car, although far from everything and mostly for lower currents. Some ecus are capable of delivering enough power from their own I/O pins to drive other components, if any of these outputs are shorted the ecu can detect this, power off the output and enter appropriate failure mode(diagnostics code + disable other functions). When the short is gone it will automatically activate again if considered safe.
13
antidaily 3 hours ago 0 replies      
"What's the problem?""Car won't start.""Did you try restarting it?"
14
raverbashing 9 hours ago 0 replies      
Well, even planes use CB today instead of fuses (and remote CBs on top of that, meaning they can be turned on/off electronically)

I think WOZ is suggesting an active current control that, while doable, is probably too risky (and you really don't want to blow the expensive parts)

15
vxNsr 9 hours ago 0 replies      
Someone at tesla answered the question:

Marc Rogers[0] Woz - Kristin[1] cant post to your thread but here is her answer:

So theres a few things at play here. For context, I run the Product Security team at Tesla and Im safety-trained on the HV systems - Im also working hands-on with a small drive inverter on a hobby project right now.

First and foremost, our large drive unit pulls about 1000A at full load, and switching that with silicon is tough. We use a bank of custom IGBTs on each of the high/low sides of each of the 3 rotor phases in order to handle the power, and thats with active fluid cooling. You can switch that much current with silicon but it aint cheap, and youll need either active cooling or a bunch of thermal mass if you want the thing to switch more than once. http://www.teslamotorsclub.com/attachment.php... is a decent pic, the object on the left is a single-phase switch, you can see 6x transistors laying flat at the front for one side of the phase (the other bank is behind).

Secondly, Model S is an AC induction motor so the current through the winding ramps up more-or-less linearly over time until the phase switches off (or changes direction). Youre at high power but youre not switching the load at zero-crossing as you would in a resonant load such as a Tesla coil, instead you have to switch at an increasing current depending on how much power you want to the wheels. You now dont just have to switch a lot of power, you have to switch it FAST so that the resistive losses in the FETs dont blow out the power channel due to ohmic losses. Your switch is now not just big and bulky, its complicated (since you need an additional HV supply) and pretty sensitive to things like stray capacitances. On the previous pic the big black brick on top of the PCB is the capacitor that dumps into the IGBT gates to make them switch fast enough.

Finally, I believe theres a regulatory issue. I think Im right in saying that automotive standards around the world require that all electrical systems are fused, and considering that theres multiple separate power rails its not inconceivable that an event could take place that leaves the HV drive rail powered on but kills the 12V accessory rail that powers a lot of the CAN systems. You could end up disabling your active fuse while the HV system is still energized, and considering the amperage our lithium packs can deliver (P85D draws up to 1.5kA) thats not going to end well.

Woz: I would LOVE to put you under a Tesla NDA and then give you a _real_ tour of the vehicle - ping me at kpaget@teslamotors.com if youre interested. Im curious, do you still have one of my RFID cloners on your shelf somewhere? [2]

[0]https://www.facebook.com/marcrogers?fref=ufi

[1] https://www.facebook.com/kristin.paget

[2]https://www.facebook.com/stevewoz/posts/10153145090701282?co...

16
ck2 7 hours ago 0 replies      
So if the computer fails the car doesn't burn to the ground?
14
East of Palo Altos Eden
164 points by erehweb  15 hours ago   90 comments top 14
1
lrvick 4 hours ago 4 replies      
Decided to start over in the bay area last year with my wife. Our housing criteria was: central to everything (I have locations of interest all over the bay), Within walking distance of my job (Downtown Palo Alto), 1 bedroom, low rent (under $2k/mo), 100Mb+ internet, and the ability to move in right away. Everyone told me that was impossible.

EPA however met all that criteria perfectly. Landed on a Friday, picked out an apartment over the weekend, and had the keys on Monday. Unlike many areas in the bay, demand is fairly low in EPA and there are available apartments everywhere.

Despite being a perfect fit for my needs, never did I realize what kind of judgement I would get from so many people for living here. I get a shocked expression almost every time I mention I live in EPA. Some people even get angry. "Why would you drag your wife to place like that?!?!". Many people I know when shopping for apartments themselves openly say there is no way they could ever live somewhere so "unsafe" and just consider my wife and I to be "lucky" or "living dangerously". The very idea that a white couple with a tech job income would -choose- to live in EPA blows peoples minds. I used to just tell people I live in Palo Alto to avoid the judgement, but now I happily claim it and discuss the misconceptions. My wife and I are pretty happy with all our ideals met. We won at housing by ignoring meaningless stigma and will be squatting here for a while. Might even buy a house while the market is still 1/4. Property value here is sure to soar once people realize the "murder capitol" age is distant history.

The stigma from past history is incredibly present, but the _reality_ is this is one of the safest feeling places I have ever lived. (And I have lived a lot of places)

2
mpweiher 6 hours ago 0 replies      
While the article is an interesting read overall (didn't know about the connection to "Dangerous Minds"), it perpetuates the myth that Palo Alto Airport was imposed on an existing poor/ethnic community.

This is not true, the airport preceded other development, having been opened prior to World War 2.[1] There were similar voices after the twin-engine Cessna crash as to the outrage of building an airport next to (inexpensive) housing[2]. The causality is reversed from the truth: the housing was/is cheap because there was a pre-existing airport. (And routes do not go over East Palo Alto's residential areas).

(Oh, and the starting photo brings back memories of entering the pattern to land)

[1] http://en.wikipedia.org/wiki/Palo_Alto_Airport_of_Santa_Clar...

[2] http://www.csmonitor.com/USA/2010/0217/Tesla-plane-crash-Con...

3
dluan 13 hours ago 3 replies      
When we first moved down to the bay area for YC, we moved into a new development house in EPA right next to Ikea. I frequently joke that EPA is not the same as Palo Alto, and while the rest of our batchmates had apartments in dowtown Mountain View or houses in the Los Altos hills, I really enjoyed living in EPA.

It was grimy, I'd frequently hear cop car sirens at 4 in the morning. And, there wasn't much to do in the immediate area unless you wanted to cross the freeway into Palo Alto. Being there was always a stark reminder of how little that community had, and also how little we had compared to all of the riches around us. Being there felt appropriate for us.

I appreciate my time in EPA, because it was a little microcosm that trapped some of the larger, harder problems of the real-world, hidden inside the bubble that is silicon valley.

4
bjones22 11 hours ago 1 reply      
I grew up in Redwood City and maintain very close friendships with high school teammates from EPA. This article caused me to make an account on hacker news so I could share a not so unique, but perhaps unheard, perspective on what it means to have a community like East Palo Alto (a.k.a. 'EPA') in the middle of silicon valley.

EDIT: this post quickly digressed into a four page behemoth that was too long to post in a single comment. It's long and I fear the formatting would have been awful. I will put up a WP site sometime tomorrow so that I may edit it and format it nicely. Below is a brief excerpt from the end. I'll make an edit to this post as soon as the WP site is up.

----------------------

If anything is to be taken away from my experience and these stories is that the men and women who are forced to grow up in this environment live in cyclical state of despair. A vacuum that requires quite nearly a winning lottery ticket to escape.

For it to be located so close to the affluent areas of silicon valley is practically criminal. It is eerily close to being the pit in which Bane grew up in during the Batman movies, the one where he lived in a prison that could see freedom and happiness just a couple hundred feet away.

If I make any sort of dime in Silicon Valley I fully intend to research and hopefully participate in philanthropy that will contribute to problems such as these.

I believe it becomes our responsibility when it is in our own back yard.

5
elorant 13 hours ago 3 replies      
First time in the last three years that I bothered reading an article on Techcrunch.
6
Stratoscope 12 hours ago 1 reply      
The redlining maps of San Francisco and Oakland are interesting, but their resolution is artificially limited. You can see the full resolution maps by removing the height and width parameters from the URLs:

https://tctechcrunch2011.files.wordpress.com/2014/12/nbnlkqx...

https://tctechcrunch2011.files.wordpress.com/2014/12/oakland...

7
lsiebert 14 hours ago 1 reply      
This is some excellent long form journalism on how systemic issues have created an absurd divide between Palo Alto and East Palo Alto.
8
gyc 9 hours ago 2 replies      
While the article is well worth reading, I was bothered by the article implicitly defining Asians as not counting towards a diverse workforce. I admit my point is unrelated to the bigger points of the article.
9
jefflinwood 13 hours ago 4 replies      
There's a huge demand for housing of any kind in the Bay Area, so it doesn't surprise me that areas like East Palo Alto and the Bayview are going to face a lot of demographic upheaval, unless new housing units are brought online in other areas.

There doesn't seem to be any appetite whatsoever for filling in more of the San Francisco Bay to create land, and there are restrictions and conservation easements on most of the land stretching from 280 to the Coastside.

One possible area to expand into would be Coyote Valley, south of San Jose, which was a growth target during the first dot.com bubble in 1999, around a Cisco campus. If Caltrain could put in a station there, along with express lines, that may open up a middle-class area to new housing opportunities.

10
bcx 9 hours ago 0 replies      
If you liked this article, you might like the movie Dreams of a City, which talks about the creation of East Palo Alto: http://vimeo.com/23458988

EPA's has a really interesting history, back in the 1920s an entrepreneur by the name of Charles Weeks started a Poultry Colony, preaching "one acre and independence". (http://www.paloaltoonline.com/print/story/2008/04/16/one-acr... , http://www.santaclararesearch.net/SCBIOS/cweeks.html)- you can still see the remnants of this in the structure of the lots along Runnymede street. http://epawiki.pbworks.com/f/Remnants+of+a+Failed+Utopia.pdf

11
nawitus 4 hours ago 1 reply      
Pretty funny that Wikipedia states East Palo Alto had "only" five murders in 2008, even though the population is 28000. From an European perspective even a single murder would be significant..
12
ebiester 13 hours ago 0 replies      
It's more complicated than that. It's a soft racism -- many are fine with wealthy or well-to-do black neighbors, but do not want poor neighbors.

They also don't want to do what is really required to make sure the next generation of black citizens is truly on equal footing, including actual poverty remediation. That means taxes and wealth redistribution.

13
IndianAstronaut 12 hours ago 0 replies      
White flight is still an occurrence today in the bay area. For different reasons though. Cupertino is very heavily Asian dominated and many whites move to south San Jose or other areas.
14
enlightenedfool 14 hours ago 2 replies      
"We dont even want people like you in our subdivisions".It happens even now. I see in our Boston suburb, whites usually abandon apartment communities that increasingly host foreign workers. And that's not because of violence. I really don't find it bizarre and it's perfectly natural. We find ourselves more comfortable among people of our own kind. If that's not acceptable then nationalism too shouldn't be because that's another kind of discrimination and at a different level.
15
TrackingPoint shows off the Mile Maker, a rifle with 1,800-yard range
6 points by lelf  3 hours ago   2 comments top
1
jacquesm 13 minutes ago 1 reply      
> The weapon at least for now is built around an enormous, enormously heavy, custom-milled steel barrel

How do you mill a barrel? I was under the impression that barrels were turned, bored and then rifled.

http://www.firearmsid.com/feature%20articles/rifledbarrelman...

You might be able to mill some bits out of the exterior but I really wonder how a mill could be part of the machining of the business bits of a barrel.

16
Computer Science in the DPRK [video]
61 points by brownbat  10 hours ago   4 comments top 3
1
gii 3 hours ago 0 replies      
For me the interesting part was the tablet he brought back from DPRK. It contained 70+ books with their leader' speeches, but they somehow customized the Android so it is not possible to extract them :D
2
kayman 5 hours ago 1 reply      
It was interesting to hear he never saw red star OS.From the recent link, I was under the impression that red start was the defacto OS of DPRK.

And the have their won TLDs. (top level domains).web sounds cool

3
brainburn 5 hours ago 0 replies      
"uhhh".

Makes it really hard to watch this.

17
WebGL Water Simulator
220 points by Exuma  19 hours ago   63 comments top 23
1
Exuma 18 hours ago 2 replies      
Fun trick: Pause the simulation with the space bar. Then, take your mouse and drag it on the surface of the water, you will notice it creates ripples but in the paused state.

Drag the mouse rapidly back and forth in a very tiny area so that it creates a layered 'ripple' that grows and grows. If you spend about 2 minutes doing this you can make the ripple go like 10 feet high completely off the screen.

Then unpause the simulation for a massive tsunami.

2
jsheard 15 hours ago 3 replies      
Doing this in a browser is a neat trick, but the actual state-of-the-art in realtime GPU fluids is slightly more impressive. nVidias FleX middleware is a good example:

https://www.youtube.com/watch?v=1o0Nuq71gI4

4
FrankenPC 13 hours ago 1 reply      
Sanity check: Wasn't this posted on HN before?

Regardless. It's awesome that a browser with WebGL can achieve that kind of speed and behavioral complexity. Is ray tracing the reflections part of OpenGL? Or is that a separate library?

5
Animats 18 hours ago 0 replies      
That's beautiful. I used to write physics engines back when we had 100 MIPS, and could only dream about doing stuff like that in real time.

A nice use for this would be to emulate a ripple tank, as used in high school physics labs.

6
boomskats 16 hours ago 0 replies      
I've been using this to test whether I've got WebGL acceleration working properly for ages. I'm pretty sure I've seen this posted a couple of times before though :)
7
ricardobeat 15 hours ago 0 replies      
Wow, this runs at a smooth 60fps in iOS8!
8
jrockway 17 hours ago 1 reply      
This is extremely well done.

The only minor nit I can come up with is the lack of surface tension. When you pull the ball up through the surface of the water, some of the water should stick to the ball. Maybe the ball is made out of lotus leaves, though.

I'd also expect some more bubbles when violently stirring the pool with the ball.

9
tdicola 14 hours ago 2 replies      
That's awesome, and holy cow I think this is the first time I've ever seen Chrome on Linux actually render WebGL. Did they finally enable it by default in recent updates?
10
cturhan 6 hours ago 0 replies      
I think this was the fourth duplicate post here
11
jpmonette 15 hours ago 0 replies      
Can't wait to see some more crazy stuff done in WebGL! Working fine on my MBA 2014, but I think it's the first time I heard the fan spinning :)!
12
imaginenore 17 hours ago 0 replies      
This is 4 years old.
13
S_A_P 13 hours ago 1 reply      
I remember trying to run this on my phone previously and it not working. I also remember it causing my cup fan to fire up when I played with it on my laptop. The fact that the iPhone 6 runs this so well is pretty dang cool.
14
frozenport 17 hours ago 2 replies      
On Android Firefox:

    Error: Rendering to floating-point textures is required but not supported.

15
cracker_jacks 14 hours ago 1 reply      
Shouldn't the ball cause ripples when moving underwater?
16
rndn 16 hours ago 1 reply      
Does anyone happen to know what the effect is called that the sky is reflected stronger at shallow angles and whether that is the same effect which makes rough surfaces reflective at very shallow angles?
17
shurcooL 17 hours ago 1 reply      
> This demo requires a decent graphics card and up-to-date drivers. If you can't run the demo, you can still see it on YouTube.

Works great on my iPad mini 2. Pretty incredible.

18
Kenji 16 hours ago 0 replies      
This is an old piece but it doesn't cease to amaze me. Well done, creating this must have taken a lot of time and skill.
19
guidedlight 18 hours ago 1 reply      
Surprisingly, this demo works great on my iPad 4.
20
josephpmay 18 hours ago 2 replies      
The author of this simulation seems to have forgotten the effects of refraction. Besides that, it's great!
21
elberto34 17 hours ago 1 reply      
does this use the navier stokes equations? How are the ripples generated?
22
sand500 15 hours ago 0 replies      
if you drag the ball round and round, it doesnt create a votex.
23
snooze82 18 hours ago 0 replies      
you can even move the ball.
18
Scala Actors: Unifying thread-based and event-based programming
7 points by tambourine_man  6 hours ago   discuss
19
Battling the Monsanto law in Ghana
7 points by givan  7 hours ago   discuss
20
Algorithms for Designing Pop-up Cards [pdf]
6 points by StylifyYourBlog  2 hours ago   discuss
21
Keypress: A robust JavaScript library for capturing keyboard input
87 points by Exuma  14 hours ago   13 comments top 6
1
duncanawoods 5 hours ago 1 reply      
A big problem I experience is the lack of web-safe keyboard shortcuts for complex web-apps. If looking for a safe key-combination, you have to consider the superset of OS and Browser combinations and that leaves almost nothing.

The gmail approach is for unmodified keys but that only works if you don't have focus in an editable field. The gdocs approach is for menu chords but that sucks for frequent actions and still generates weird dual handling of events by the browser.

I'd love a web/browser standards committee to preserve the universal utility of the keyboard. It could ring-fence some application specific shortcuts, give a semantic abstraction of some actions e.g. undo, and standardise mechanisms for os specific remappings.

As it is, as more tech comes along, the less usable keyboards become. I am still dumbfounded that the iPad lacks a tab button or any chord for one despite claiming to be usable for word-processing. This basically means no web-app can ever assume a keyboard has a tab key. Gah.

2
double051 10 hours ago 1 reply      
Getting an error on that page in Chrome.

    Refused to execute script from 'https://rawgithub.com/dmauro/Keypress/master/keypress.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
EDIT: It's because Keypress is using rawgit.com instead of cdn.rawgit.com to host the actual keypress.js script.

Details here - http://rawgit.com/dmauro/Keypress/master/keypress.js

Working script source - http://cdn.rawgit.com/dmauro/Keypress/master/keypress.js

3
taspeotis 13 hours ago 1 reply      
Previous discussion https://news.ycombinator.com/item?id=6464138

    Keypress: A Javascript library for capturing input (dmauro.github.io)    192 points by nsmalch 468 days ago | flag | cached | share | comments

4
codecurve 4 hours ago 0 replies      
More aimed at game developers, but for anyone who wants a super lightweight subset of this functionality.

https://github.com/danprince/keystate

5
jefftchan 10 hours ago 0 replies      
I'd like to see scoping added so it's possible to easily switch keyboard bindings based on the feature/context.

https://github.com/madrobby/keymaster does an OK job with this, and too bad it's not being actively maintained.

6
Tad_Ghostly 12 hours ago 0 replies      
Now with Konami code!
22
That Whole Thing with Sound in In-Browser Emulation
73 points by xai3luGi  13 hours ago   17 comments top 7
1
fenomas 8 hours ago 1 reply      
The author bemoans overly complex modern web standards, but surely this is an inevitable result of the web's transition from "an easy way to view documents" to "a safe mechanism for remote code execution". I mean sure, in the old days anyone could learn the important HTML tags in a weekend, but they couldn't use those tags to emulate an MS-DOS game. The only way to enable that was to gradually evolve web APIs that safely exposed all the low-level functionality.

Or, the only way apart from plugins, anyway. In comments the author writes:

> In the future, I suspect some group will do it right and create a wonderful plugin or default wrap-in for all browsers that will simply function as the native environment all this material needs. At that point, MESS and DOSBOX will be ported to this...

..which is essentially Flash (which has had solid dynamic audio for years, and console emulators built on it with good audio support (see:nesbox)). In a parallel universe where Flash was an open standard, it'd be exactly what the author is asking for. Except in that universe, Flash would presumably share whatever problems the author finds with web standards.

Unless we want to choose One Browser or One Plugin, I'd say we're better off with complicated, slow-moving standards (like Web Audio), even if they are developed and implemented by adversarial companies.

2
flohofwoe 5 hours ago 1 reply      
I think the main problem with WebAudio is that it was originally designed under the assumption that Javascript would be too slow to fill audio buffers fast enough for low latency buffer queueing, and thus this complex audio-node system was conceived where audio data would flow through black-box processing nodes written in C/C++.

In a perfect world, a low-level web audio API would focus on providing an as direct-as-possible way to stream raw audio data (buffer queueing like in OpenAL, or a wrap-around buffer like in DirectSound), make sure that this works well with WebWorkers (i.e., worker thread should be able to queue new data when required, not when the main loop gets around to it), and move all the complicated high-level audio-graph stuff into optional Javascript libs.

3
conradev 10 hours ago 1 reply      
I put together a mobile-friendly version of a Javascript NES emulator for a hackathon [1], and I converted it to use the Web Audio API[2]. It works, but sounds very janky. I had to divide all of the integer audio samples into floating point values just so that they could be converted to integer values at some point later on. I also wanted to be able to use a gamepad for the emulator, but the last revision to the Gamepad API was a year ago[3], and browser support is pretty lacking[4]. I really like the idea of browser emulation because native emulators are banned from the App Store, but the web APIs are just not there yet.

Side note: If anyone wants to take over webNES and make it awesome, free free to message me

[1] http://webn.es

[2] https://github.com/conradev/jsnes/commit/6b0ef8d5b5d0a7b17e6...

[3] https://dvcs.w3.org/hg/gamepad/raw-file/default/gamepad.html

[4] http://caniuse.com/#feat=gamepad

4
tracker1 12 hours ago 2 replies      
I know several people who have been going over the audio issues in browsers. I remember how painful flash's audio was to deal with, and the browser vendors have managed to make something worse... I do hope that web audio gets better (good for that matter).

To really get where people want to go in terms of browser based gaming (even if the idea disgusts you) is going to hinge on 3D video, great audio composition and good controller capabilities.

5
bobajeff 11 hours ago 0 replies      
Here's hoping that Spartan not only is on rapid release cycle but it's fork of Trident and Chakra are developed in an open source project (e.g. Gecko, WebKit, Blink) so developers can submit fixes and features and not have to wait a year for them to be available.
6
javajosh 9 hours ago 0 replies      
There is a temporary work-around, I would think. Presumably the data that games expect to be driving sound comes out in a byte stream, like anything else, expecting to be passed to a side-effect producing function provided by the environment. You wouldn't need to even write the code that processes that data into sound, you could just sample (perhaps on original equipment) and provide sound resource files, and then make sure to play the right sample for any particular set of bytes passed to your implementation. (Even if Web Audio standardizes, it's not clear to me how you would handle essentially arbitrary output-to-be-interpreted-as-sound from an arbitrary process!)
7
callesgg 10 hours ago 0 replies      
The color choice of that page is insane.My eyes literally hurt after reading the article.
23
Scientists say theyll soon extend life well beyond 120
5 points by forloop  5 hours ago   discuss
24
Judge Orders NYPD to Release Records on X-ray Vans
259 points by JumpCrisscross  1 day ago   71 comments top 12
1
UnoriginalGuy 1 day ago 5 replies      
They have a very interesting way of reporting radiation exposure (ditto with airport scanners). Instead of reporting the total body accumulated dose, they report the dose a single scanning beam sweep induces over a small area.

These machines use a tight beam (or several) which sweep. Each individual beam when measured in isolation likely deliver 0.1 microSievert of radiation. However the total body dose (accumulated dose) is significantly higher than that (because you'd measure the total dose delivered, rather than the total dose delivered to a small 1x1 square cross-section).

This is interesting because while the body can and does (continuously) repair DNA damage, it has diminishing returns. So 0.1 microSieverts to the entire body is totally inconsequential, however 0.1 * 100 or more? Particularly to people who are frequently scanned (or those with weakened bodies due to illness or age).

Plus these X-Ray means can and do bounce. So imagine three 1x1 cross sections, you scan the left and right, but the middle will have a measurable radiation exposure even if not directly exposed to the X-Ray beam (partly because the beams are imprecise but partly because of reflected X-Rays).

Honestly 0.1 Sv is the headline figure. What is the full body accumulated figure? I'm going to guess as much as .30 Sv per scan.

2
k-mcgrady 23 hours ago 3 replies      
>> "The X-ray vanswhich reportedly cost between $729,000 and $825,000 eachare designed to find organic materials such as drugs and explosives."

As much as I don't like this at least explosives are a good reasoning for using them. Drugs? Come on! Exposing citizens to radiation, no matter how little, so you can find people in possession of drugs is ludicrous. Every time you think the war on drugs has reached the height of stupidity they raise the bar even further.

3
loceng 1 day ago 0 replies      
'"While this court is cognizant and sensitive to concerns about terrorism, being located less than a mile from the 9/11 site, and having seen firsthand the effects of terrorist destruction, nonetheless, the hallmark of our great nation is that it is a democracy, with a transparent government," she [Supreme Court Judge Doris Ling-Cohan] wrote in her decision last month.'
4
tesq 22 hours ago 1 reply      
What implications does this program have for the 4th amendment right to not have a search conducted without a warrant? If they're used on the public at large, generating mass probable cause or a blanket expectation that anyone could be a dangerous terrorist as justification is a scary precedent.

It's reminiscent of the FLIR vans used to catch marijuana growers that the Supreme Court determined to be mobile Constitution violators. They are still being used to bust people who like to grow Christmas trees or tomatoes indoors.

I feel bad for the minority that are terrorized by authorities suspecting them of engaging in criminal activities based on their nationality or skin color and fuzzy scans of their businesses, homes and vehicles.

5
tightfleece 1 day ago 6 replies      
> "releasing the documents would hamper the department's ability to conduct operations and endanger the lives of New Yorkers."

Then apparently the lives of New Yorkers are protected by security through obscurity, with absolutely no evidence of efficacy and absolutely no auditable evaluation of safety.

I'm thinking that a strong education in science should be a requirement for anyone who touches these programs with a ten foot pole.

6
pluma 2 hours ago 0 replies      
Fourth Amendment issues aside, as a non-American this strikes me as an obvious violation of Human Rights (especially the right to bodily integrity in particular).

I'm not sure what the situation is like in the US, but I'm fairly certain that in my country you couldn't be subjected to an x-ray scan without consent, unless there is sufficiently strong suspicion and an x-ray scan would be the least invasive option (e.g. this is why you can be forced to give a blood sample if you refuse to take a breathalyser test when assumed to DUI).

I have no idea how random drive-by x-rays on the street could be considered reasonable and not in violation of Human Rights unless you're in a freakin warzone.

7
fnordfnordfnord 23 hours ago 0 replies      
>>But most Federal Drug Administration regulations for medical X-rays do not apply to security equipment, leaving the decision of when and how to use the scanners up to law enforcement agencies such as the NYPD.

Brilliant.

8
medecau 1 day ago 3 replies      
Would a Geiger tube detect these X-Rays?

https://www.sparkfun.com/products/8875

I'm thinking Arduino boards and webcams.

9
throwaway7625 19 hours ago 0 replies      
The use of these vans seems like an opportunity for some investigative journalism.

Setup dosimeters to detect the x-rays as the vans pass by, record a video of it happening, then tell the pedestrians nearby that their government just irradiated them without their knowledge or consent and see what they say in response.

Or setup stands that detect the x-rays and automatically announce over a loudspeaker that people standing nearby are being irradiated an observe the reaction.

If the police are not confident that the responses will be welcoming, they should not be doing this.

10
serf 15 hours ago 0 replies      
I wonder how many shipments of dosimeter badges arrived 'like new'.

(I kid)

11
lifeisstillgood 1 day ago 1 reply      
It seems the NYPDs argument is that releasing information on the vans will allow people to predict where they are (or more likely be told ala speed cameras) and so avoid them (civilians as well as criminals).

That's kind of the point of a deterrent.

You cannot scan every car on every journey, at least not without a massive spike in cancers, so this is a deterrent.

And it's a secret deterrant....

So it won't catch anyone because you can't scan everyone, and it won't deter anyone because no one knows it's there

Seems a waste

12
johansch 23 hours ago 4 replies      
(Swedish. Politically speaking right-wing in that spectrum. In the US political spectrum; probably centrist.)

If I were a NYC citizen, I'd approve of a police authority that was innovative enough to bring these things onto the streets. NYC is a terrorism magnet, as has been shown.

25
Ask HN: Is web app specific gravity a good metric?
13 points by ophuichi  2 hours ago   4 comments top 4
1
jnaglick 0 minutes ago 0 replies      
I think measuring "human-usable information" is a slippery slope. You'll start with just believing that only human-language text qualifies, but the definition can be pushed.

For example, "human-usable information" could be added by changing the color of certain words. If our site is meant to teach English, changing all nouns to the color green is useful and definitely "human-usable information," right? But how do you measure the amount of information it conveys?

It's ultimately very philosophically hard. This matters because a webapp's assets (images, styling, scripts) are as much a part of its content as the actual text on a page. If you confine your definition to encompass only human-readable, I don't think it's useful.

2
aakilfernandes 8 minutes ago 0 replies      
I think it's an interesting metric that can act as a starting point for a more in depth understanding, but by itself its pretty hollow.
3
Hytosys 1 hour ago 0 replies      
How would you measure, say, Google Drive's specific gravity? GitHub's? I'm confused because you use a single page as a representation of the entire application.
4
percept 1 hour ago 0 replies      
Sounds great, and no, that doesn't seem optimal--1.7MB total for those 25 links.

But that seems to be where we're at now, unfortunately.

26
A plastic card for easy to remember strong passwords
180 points by qycard  21 hours ago   100 comments top 34
1
agwa 21 hours ago 8 replies      
This is a substitution cipher and it's not very secure. Consider what we can do if we compromise the Amazon password that's given as an example on the website:

   sh(/J3HqAfQsu..u.rqf
Since the password came from Amazon, we know that the last 6 characters are "Amazon," which tells us that:

  . = A  u = M  r = Z  q = O  f = N
Now we can start attacking the codeword, which are the characters between the 8-character "space bar code" and the website name:

  AfQsu.
Using the letters we already know, we can determine that the codeword is:

  _N__MA
It's probably a dictionary word, and we know that the blank spaces don't correspond to any of the letters we already know. According to the following command:

  grep '^[^amzon]n[^amzon][^amzon]ma$' < /usr/share/dict/american-english
...the only possible codeword is "engima," so now we know that:

  A = E  Q = G  s = I
Combine with another compromised password, and we're coming dangerously close to being able to generate a password for any arbitrary website.

Edit: I agree with the replies that this is an unlikely attack considering how passwords are typically compromised. And it's probably better than how most people choose passwords. But the website claims that this generates "very strong passwords," which is nonsense.

2
beering 21 hours ago 1 reply      
This is a lot like PasswordCard[0] except not free.

[0] https://www.passwordcard.org/en

I think I'd like PasswordCard because it's pretty freeform - just pick a starting point and a visual direction/pattern and copy letters from the card. But honestly I don't much like the idea of relying on a physical token if I don't need to. Almost losing my 2FA last year was a bit scary.

3
samspot 20 hours ago 3 replies      
Except it's not going to work, because of the bank who doesn't allow '(' as a special character, or the ticket website that requires at least 3 digits, or the financial firm who only allows 8 character passwords. As soon as you have a few sites with 'rogue' password policies, the system breaks down.
4
crazygringo 14 hours ago 0 replies      
Besides other problems (like not working with certain password requirements), this particularly doesn't work when a site forces you to reset your password because of a breach or time limit or who knows what. (Yahoo just forced a mandatory password reset on me today, without even giving a reason except to "protect my account".)

Then you've got to remember -- are you now on amazon3 or amazon4 or gmail4 or gmail5? And then it defeats the whole purpose of the card.

5
midnitewarrior 1 hour ago 0 replies      
What about trust?

Who is selling me this card, and with my name, address and (optional) email address, how long will it take him to crack every one of my accounts, considering that he has the key?

6
stevewilhelm 20 hours ago 1 reply      
What prevents me from using this type of strategy is the inconsistent adoption of password requirements.

For example, some of the websites I use require passwords to contain at least one capital letter, or a digit, or a punctuation mark (e.g. ! ? #, etc.). But other Website do not allow punctuation marks or digits.

Some require a password of a minimum length, but a dwindling few can only accept fairly short maximum length password.

7
z1mm32m4n 13 hours ago 1 reply      
If the end goal is to turn a long, comprehensible password like "correcthorsebatterystaple" into something not remotely subject to a dictionary attack, then merely shifting your fingers over on the keyboard by one key is much more convenient: "vpttrvyjptdrnsyyrtudys[;r". Sure, it suffers from the same short-comings as mentioned above (it's still a substitution cipher), but it's much more convenient than going to the card for each individual letter. "vottrvyjptdrnsyyrtudys[;r" is as quick to type as correcthorsebatterystaple but much more secure.
8
w8rbt 19 hours ago 0 replies      
These others have been around for ages. And, they are free.

http://www.passwordcard.org/en

9
docubot 18 hours ago 0 replies      
That's all well and good until you lose it or run it through the washing machine. Then your entire password system is gone. Any backup would need to be stored in a place that might as well be your 1Password/LastPass database.
10
patrickdavey 20 hours ago 1 reply      
I actually really like this idea. I guess if your attacker did get your password in the clear (bad encryption or whatever) then they'd basically have access everything right? I mean, the number of letters at the start is presumably fairly constant, they'd know the site it was for so they could then work out the "unique secret" in the middle right?

That said, there's a certain amount of security through obscurity I guess.

Still, for any of the sites I really care about I use two factor authentication. I'd take a mediocre password and 2FA over a strong password (But happy to be proved wrong ;)

11
bigbugbag 7 hours ago 0 replies      
This is a poorly thought out (qwerty only ?) and weak security attempt to make money ripping off the concept from the much better and secure password card at https://www.passwordcard.org/ that anyone can print themselves.
12
raarky 19 hours ago 0 replies      
my current "scheme" for creating new passwords is to simply write a long, unique passphrase with the idea that I will only remember it for the short time needed to log in after registration.

If I need to log in sometime in the future, I simply reset the password.

13
alejohausner 10 hours ago 1 reply      
How about doing Vigenere in your head? This is what I do: I actually write my passwords down in my little black book, which I carry in my pocket. I use a simple Vigenere cypher in case I lose the book. Each password is encrypted with the same master key, which I memorize.

For example, if my master key was 1234, and my password was 'baNana3', it would write down 'ayKwmy0'. When I look up the password, I shift the letters forward as I type them:

a + 1 = b

y + 2 = a (wrap around the end of the alphabet)

K + 3 = N

w + 4 = a

m + 1 = n

y + 2 = a

0 + 3 = 3

It's not too hard to advance 9 or fewer letters in the alphabet as you type.

I think i'm safe. Am I?

14
tantalor 21 hours ago 0 replies      
In general I really like generating passwords like this, but there are some downsides. It is difficult to change it later, e.g., if the password expires or is compromised.
15
trymas 5 hours ago 0 replies      
I'll just leave this right here: http://xkcd.com/936/
16
b_white 13 hours ago 1 reply      
It's rather ironic this site is all about strong security, when their SSL/TLS settings are terrible. (Including being open to the POODLE and OpenSSL CCS vulnerabilities)

https://www.ssllabs.com/ssltest/analyze.html?d=qwertycards.c...

17
gnerix 12 hours ago 0 replies      
Many sites where I perform sensitive transactions require me to periodically change my password (banks, brokerage, etc.)

The Shannon entropy of the impossible to remember example password is 3.68418, which is not much better than the xkcd "easy for a human to remember" password 3.36386

18
theophrastus 19 hours ago 0 replies      
Some of us have even made do with variations on the "Old School Tabula recta": http://lifehacker.com/5715794/how-to-write-down-and-encrypt-...

"If I'm logging into Amazon I'll find the intersection of column M and row A (the second and third letters of Amazon) and then read off diagonally 16 characters."

19
zokier 19 hours ago 0 replies      
I don't believe in these sorts of database-free password management systems. These require users to remember too much stuff and are not flexible to be used universally. And using these gets only more painful over time as exceptions etc accumulate. These issues have been discussed fairly comprehensively in the various HN threads on hash-based password managers, which share most if not all the downsides with this particular project.
20
johnchristopher 5 hours ago 0 replies      
Are each card produced with a different substitution pattern ?
21
gravedave 20 hours ago 0 replies      
So what this site is essentially selling is a single run of a random number generator printed on a piece of plastic and a 3-step process?
22
mason240 21 hours ago 1 reply      
This would actually be very useful for my Google and LastPass password. I have everything else in my LastPass manager, but it is always trying to get into my google account from different places is difficult, so I have a rememberable password for both.

This would let me keep a much more secure password for both.

23
Sir_Substance 17 hours ago 2 replies      
Brilliant!

Until you lose your wallet.

Much like lastpass and other password management software, you're putting all your eggs in one basket, and having faith it won't fail.

Passwords are a shitty idea people. We need a better system.

24
qycard 21 hours ago 1 reply      
We've got you covered: https://www.qwertycards.com/frequent_questions.html#lost_sto...

Every card ships with a letter showing the only unique copy of the card.

25
bkeroack 21 hours ago 0 replies      
Fine idea if the codes are generated randomly for each person. Do not use the same card as someone else.

Or you could use something like (one of my side projects): https://www.wordentropy.org

26
Animats 18 hours ago 0 replies      
Who has access to the "random" info on those cards? How randomly are they generated? If you bought a few of them, could you work backwards to the generation algorithm?
27
jnellis 19 hours ago 0 replies      
I have just as hard a time remembering my usernames as I do passwords.
28
mingabunga 16 hours ago 0 replies      
29
dogma1138 21 hours ago 0 replies      
Nice code book but you can just as well print it yourself :D
30
scenefinale 19 hours ago 0 replies      
I use dvorak, you insensitive clod!
31
jaynate 19 hours ago 0 replies      
Cool solution for folks like us. Best way to diminish password as an attack vector and secure services for the thronged masses is to reduce the number of passwords required to use the Internet. And couple a master (eg My google account) account with a second, biometric factor.
32
izolate 14 hours ago 0 replies      
damn, edgware is the last place I'd expect to find a tech company. cool concept though. do you sell these out of your office too?
33
lifeisstillgood 19 hours ago 1 reply      
Sadly this is still a fail - I have found numerous sites whose fatuous restrictions on what are or are not legal entries include banning punctuation, never ending in a letter and more.

This seems an amusing and useful idea to making passwords - it's usability seems longer lived than my previous (personal) attempts (md5 hashing passwords and domain names).

In the end I need a trustable approach to storing encrypted data on my iphone - I suspect i have missed one. Any ideas?

34
ninjakeyboard 13 hours ago 0 replies      
I just registered dvorakcards.com and colemakcards.com.Thanks,
27
Watching the sixties and seventies through 2001 and Alien
91 points by benbreen  17 hours ago   22 comments top 3
1
mikerichards 4 hours ago 1 reply      
Heh, I loved the term "truckers in space", which pretty accurately described some of the characters in Alien - Brett, Parker, Dallas.

Speaking of Ridley Scott, my favorite movie of all time is Blade Runner. I was watching it the other day, and noticed that the incept dates of some of replicants were 2016. Oh boy, Ridley got that one wrong. But they still used payphones too, like in Alien. Remember Deckard calling Rachel from the video pay phone at the bar?

So it seems like filmmakers predictions either grossly mispredict the amount of technological progress at the big scale. Everybody thought there would be moon colonies by now, or advanced cyborgs. Or they don't see the technological innovation at the small scale. They can't see things like cell phones, the internet, etc..

I have seen several movies with the 70s or so, with flat screens hanging on the wall. So I guess they ocassionally get things right

2
rexignis 11 hours ago 2 replies      
If imdb's movie /year/1979/ list is to be believed, there was a lot of self loathing going on in films in the late 70s (i.e. Vietnam).
3
beloch 6 hours ago 1 reply      
------

"The U.S. is not waging the Cold War in outer space. We have no moon colonies, and our supercomputers are not nearly as super as the murderous HAL. "

2001 was a prescient film, but the details have turned out somewhat differently than Kubrick and Clarke imagined. HAL was portrayed as truly sentient. The same cannot be said of any AI existing today. However, HAL was also immensely limited. He was like a servant or child in his abilities. He was not the the oracle and gateway to the sum of all human knowledge, as the computers of today have become. If you asked HAL how to build a boat or how to score a date with a beautiful woman, he'd have been baffled. Google, on the other hand... HAL also had a large central core that could be attacked. If we built a true AI today, it's possible that the brains of such a beast could be the size of a pocket watch and the software copied and transferred freely. If such a viral consciousness had infested the Discovery, Dave would truly have had nothing to strike back against. HAL would not have been a single consciousness, but a legion!

Meanwhile, the U.S. is very much still engaged in a struggle for control of space. Other challengers have appeared, but Russia hasn't gone anywhere, and that particular war seems to be getting colder by the minute. However, the commercialization of space has been late in coming. Pan Am's collapse must have delayed things somewhat. However, it's finally starting to happen.

------

"Mother, on the other hand, spends the whole movie like a fated southern belle hooked on laudanum, locked in her room. She cant even advise on how to defeat the monster. The computer cannot help. No costly investment in heavy capital will keep nature at bay. "

Alien does indeed present a very different view of technology. Where, in 2001, technology was the tool of humanity, uplifting it to greater and greater heights, in Alien technology cannot overcome the base nature of humans. The people in space aren't heroes or explorers, but working-class stiffs trying to make a living. Technology serves its owners first and foremost. The corporation's interests reign supreme, even over the space workers very lives. This vision too is both wrong yet prescient. The computers of today are of tremendous help, but are also tools of control. You can ask google how to do practically anything, but you have to accept the fact that your request will be logged by the NSA (and probably other organizations) for future reference should you ever be naughty. Computers do not directly control us, but other humans use computers to tell us how to do things. For example, look up why UPS drivers are trained to avoid turning left. Computers and automation have eliminated many jobs, but always seem to create even more in the process.

-------

The last few years have greatly increased my optimism for the future. It seems that we're finally pulling out of the cyberpunk dystopian funk of the last decade or so and trying to do "big" things once again. Electric cars are finally a practical reality. Self driving cars are close at hand. Private space flight is taking off. People are talking about capturing and bringing asteroids down to Earth for their resources. Space elevators that will make getting bulk quantities of material off of Earth seem almost possible. Quantum cryptology is currently in limited use and expanding, and may one day offer us all security from the NSA's of the world, even should they gain the tremendous power of quantum computers, which themselves will offer humanity fantastic new abilities. 3D printing is rapidly improving and making new things possible, and our advances in nanotechnology will only amplify and ramify their capabilities. It's an exciting time to be alive, even in spite of all the nicks and cuts we receive from the other side of every new sword we invent. Humanity needs to keep its ideals and be on guard against the darker half of it's nature, but there are many great reasons to think we might just surprise ourselves and turn out okay after all.

28
My history with Forth and stack machines (2010)
46 points by pmoriarty  11 hours ago   18 comments top 7
1
pointfree 49 minutes ago 0 replies      
I was just discussing Forth metacompilers a moment ago:

http://www.reddit.com/r/tinycode/comments/2rzuwp/da_here_h_2...

http://www.reddit.com/r/Forth/comments/2s0g4a/da_here_h_2_h_...

I think there is an opening again for Forth in the Internet of Things. That's many low-power (and thus) small computers.

2
lukego 7 hours ago 1 reply      
Hacking for the latest and greatest Xeon CPUs feels a lot like Forth on small machines to me. Each core has only 256KB of fast private memory (L2 cache). Squeezing the working set into that memory means fast execution that is independent of the other cores. That is really worth spending some brain cycles on when optimizing for 36+ core servers.

The more things change, the more they stay the same?

3
andolanra 5 hours ago 0 replies      
Various past comment threads:

* https://news.ycombinator.com/item?id=1680149

* https://news.ycombinator.com/item?id=8146306

* https://news.ycombinator.com/item?id=3963896

* https://news.ycombinator.com/item?id=2985601

* [a handful of zero-comment and one-comment reposts I've elided]

This is a very popular repostas it should be, because it's a very good and well-thought-out article, and a surprisingly well-reasoned and well-written example of the "meditation on a programming language" genre of blog postand each of the past comment threads is also worth consulting.

4
agumonkey 3 hours ago 0 replies      
Eric LaForest did a nice course on stack machines : http://csclub.uwaterloo.ca/media/Eric%20LaForest:%20Next%20G...
5
chipsy 10 hours ago 1 reply      
I'm among those who have enjoyed the satisfaction of making my own Forth-like, and I've even used it only to find the same kinds of difficulties as author. Aiming for less is always a valid approach, but it's hard to reconcile with this era of software and the benefits of sheer magnitude. It might have been less true in the early 70's when software was less of an "ecosystem."

But on re-reading this for the n'th time I think the lede of this one is in the comments. Like any guru who is selling a "right way of doing," Chuck Moore has always had a business interest in selling snowflake Forth services of some kind. He, and other Forth followers, may well believe the pitch fervently. It is, at least, a relatively self-consistent ideology, and it discards the messy aspect of building any kind of institutional presence. But it also has a kind of dogmatic quality.

6
jacquesm 10 hours ago 1 reply      
I love Forth.

It's quirky but extremely elegant.

Either its time has long gone or its time hasn't come yet, hard to decide which.

7
SixSigma 7 hours ago 2 replies      
I'm building a Javascript based Forth-like that uses JS values (including functions) rather than bytes.

http://github.com/lawless-m/North

Stack based is fun.

29
The Strange Life of 'Lord' Timothy Dexter
91 points by samclemens  17 hours ago   17 comments top 6
1
Animats 12 hours ago 1 reply      
Dexter was a little too early. The United States, although it had dumped the nobility concept, still had the English feudal concept that big landowners ruled, almost by right. Manufacturing hadn't yet displaced landowning as the way to make money.

In England, that model held on until 1880 or so. (http://www.nytimes.com/1990/11/04/books/never-has-so-few-own...) In the US, it ended earlier. But it was still in full force in Dexter's day.

As for the follies of the rich, we still have that. Larry Ellison has a huge, silly house in Woodside, where, through much cutting of rock, a sort of pseudo rural Japanese landscape was created, complete with fog machine. In China, where being rich is a new thing, people are still trying to figure out status symbols. The results are amusing. (http://www.gq.com/news-politics/201501/chinas-richest). There are outfits selling titles of nobility on line. (http://nobility.co.uk/).

2
hyp0 6 hours ago 0 replies      
As the first American eccentric, he was a hipster before it was cool.

The common wisdom is a model of the world, but must be wrong in some ways, simply because the world is far more complex than any model we could comprehend. Bed pans weren't brought to the tropics because they weren't needed, therefore their other uses were not discovered. Acting on what you think is a good idea, that nobody else does, can lead to success. (Plus Luck...)

In investing, contrarianism can work, because the market often over-reacts to bad news. By buying on bad news, you can come out ahead, especially if you also do some checking. For example, Warren Buffett bought American Express when it was involved in a fraudulent salad oil transaction. Because its business (of credit cards) was based on trust, it was thought this would be diastrous. But Buffett checked the local shopping center to see consumers still using it. Their daily habits weren't affected by the news. So he bought big, and made a(nother) fortune.

3
habosa 15 hours ago 3 replies      
Timothy Dexter's Wikipedia article is probably my favorite page on the entire site (I keep a list of my favorite weird finds, such as "List of Sexually Active Popes").

I have shown this story to dozens of friends, and every one finds it incredibly entertaining. This man's life should be a movie, and Steve Martin should play the lead.

4
xacaxulu 14 hours ago 0 replies      
This is really interesting. I'm wondering if he was just sandbagging or at some point just figured out his own unique hustle with respect to his apparent intellectual deficiency. Definitely is now on my list of 'historical figures I would have liked to get drunk with'.
5
Pyret 11 hours ago 3 replies      
This is the funniest thing I read in a long time. I find Dexter admirable.
6
ceejayoz 14 hours ago 2 replies      
These days he'd probably wind up as a VC accidentally investing in a bunch of hot startups.
30
The little book about OS development (2012) [pdf]
201 points by StylifyYourBlog  1 day ago   17 comments top 8
1
helino 17 hours ago 2 replies      
One of the authors here, if you any questions, feel free to ask!

Me and Adam, https://github.com/tgwizard, wrote the book based on our experiences writing aenix, https://github.com/helino/aenix.If you find any issues with the text, please file an issue or open a PR at https://github.com/littleosbook/littleosbook

Please be aware that some typos and errors have been discovered, check the issues for more details!

2
jacquesm 22 hours ago 0 replies      
Very nice, a guide like this would have saved me a full year at some point in the past.

Note that this is 32 bit specific. I'd be very interested in a 64 bit version of this.

3
amelius 18 hours ago 1 reply      
I think the main part that is missing is an in depth analysis of what we actually want from an OS.

Building an OS from scratch is nice, but I think the requirements may have changed since the 80s. :)

4
jmgrosen 23 hours ago 1 reply      
Is there a similar guide available for ARM? x86 seems pretty messy.
5
nawazdhandala 8 hours ago 0 replies      
This book is under 100 pages. Awesome! This is what I was looking for. :)
6
paulsmith 21 hours ago 1 reply      
Trying to link the kernel with the GNU ld script on page 12 of the PDF, I get this error:

ld:link.ld:5: syntax error

Not familiar with GNU ld script syntax, anyone know how to fix this?

7
0xFFC 1 day ago 0 replies      
this is exactly what is was looking for , thank you
8
scriptdevil 1 day ago 2 replies      
Why not just link it to http://littleosbook.github.io/ - While PDFs are fine, it takes so long for it to load when compared to a HTML page.
       cached 11 January 2015 17:02:01 GMT