hacker news with inline top comments    .. more ..    15 Oct 2015 News
home   ask   best   4 years ago   
How is NSA breaking so much crypto? freedom-to-tinker.com
635 points by sohkamyung  11 hours ago   159 comments top 31
misiti3780 9 hours ago 4 replies      
"Since weak use of Diffie-Hellman is widespread in standards and implementations, it will be many years before the problems go away, even given existing security recommendations and our new findings. In the meantime, other large governments potentially can implement similar attacks, if they havent already."

can someone explain to me why this cant be fixed over night. im no crypto expert, but

" If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. "

why can't you just switch the large prime number and then continue on sending encrypted data?

vbezhenar 3 hours ago 2 replies      
When I setup TLS for web or smtp, there's an option to generate custom dh params. So basically one must generate new dh params for every installation to be safe against attack presented in the article, is it correct?
andyjohnson0 4 hours ago 2 replies      
"For the nerds in the audience, heres whats wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. [...] an adversary can perform a single enormous computation to crack a particular prime [...]"

Can someone explain to me what the authors mean by "cracking" a prime? Is the difficulty of this related to the difficulty factoring a composite number? The language used is annoyingly imprecise.

Edit: Question was already asked by smegel, and has some useful answers.

too_late 38 minutes ago 1 reply      
Wouldn't this be easy to subvert, though?

I mean, say we put through a few patches and started generating primes more often. Then there big-ass special purpose prime machine becomes an order of magnitude less-effective, right?

I think the best way to defend against these one-to-many attacks is to spread out the cost of decrypting large quantities of data. If we all had our own keys, even if they weren't as strong as one single key that everyone used, that much more work has to be done to decrypt data for a group of users.

I know nothing about crypto, but a layman can hear about these implementation architectures and immediately realize what's wrong with it all.

Pyxl101 9 hours ago 1 reply      
Some advice from the authors on how to properly deploy Diffie-Hellman:


smegel 8 hours ago 2 replies      
Can someone explain what "breaking a prime" means? What is the output after your year of computation?
thiagoharry 1 hour ago 0 replies      
According with the estimated cost given to that machine (few hundred million dollars) and the problem's nature, what they propose is very similar to TWIRL, an hypothetical machine that could factor 1024-bits integer to break RSA. That was the reason that made a lot of people consider 1024-bit RSA not secure anymore and change their keys to 2048 bits. The same should happen with DH now.
crozewski 23 minutes ago 1 reply      
Can we use distributed computing to crowdsource the computation of more/better primes? Can OpenSSL look to this pool for its primes?
paulgerhardt 10 hours ago 0 replies      
See also Martin Hellman's oral history on trap doors: https://conservancy.umn.edu/bitstream/handle/11299/107353/oh...
acd 3 hours ago 0 replies      
You can check for web sites common Diffehellman primes onssllabs.com Check section Protocol details"Uses common DH primes"

Also the latest openssh package warns against Diffie hellman ssh keys now we know why they warn us.

AnonNo15 10 hours ago 4 replies      
Crap. So what are the immediate countermeasures? Switch to elliptic curves cryptography?
ibmthrowaway271 1 hour ago 0 replies      
Is there a tool to output the DH params being used when attempting a TLS connection (not dumping them from a packet capture)?

I know I can, but I'm hoping for something simpler than having to parse the TLS messages from:-

 openssl s_client -connect host:port -msg
to work it out.

542458 10 hours ago 1 reply      
I wonder what the effort to break a 2048-bit prime would be. I suspect it's heading into "dyson sphere powered ideal computer" territory, but I'd be curious to know what it would actually be.
kristopolous 8 hours ago 1 reply      
about 12 years ago I came up with a pretty clever way to factor numbers that I never pursued the computational complexity of.

The basic algorithm is that you take some candidate X (which will be our 2048 bit number here) and classify your question (primality, whether it is the product of 2 primes, etc) --- once you have your question, Q, then you can pick a number Y0 to get X % Y0 = Z0 ... sometimes ~sqrt(X) works well, other times it's the closest prime factorial, etc.

now using those results, [Q, Y0, Z0], you can optimally pick Y1 and do the operation again, X % Y1 = Y2 ...

Like the Chinese remainder theorem each Z gives you information on the next optimum Y given your question Q ...

I called it tunnel factoring and saw some great early results ... but for some reason I haven't ever pursued it

agwa 10 hours ago 2 replies      
There aren't any new findings here. It's merely a rehash of the Weak DH attack (by the same researchers) that was made public in May of this year: https://weakdh.org/

Still, it's a good reminder that you should not be using 1024-bit Diffie-Hellman.

zmanian 9 hours ago 1 reply      
How much software has been updated to use stronger DH either ECC or 2048 bit prime field?

Is there an easy way to check if a VPN provider has updated?

The ASICs NSA built for breaking some common 1024 bit fields are probably breaking specific RSA keys now...

onderkalaci 4 hours ago 1 reply      
There seemed to be no reason why everyone couldnt just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes.

Then, if the prime number is standardized or hard-coded, why they just not use it? Why we need to break it?

mrb 10 hours ago 0 replies      
FYI this is not really new news. The authors of that research had already disclosed their findings at https://weakdh.org about 5 months ago.

Today they simply formally presented their research at ACM CCS.

petra 2 hours ago 1 reply      
Since we don't exactly know what other ways to break crypto are there - why aren't we focusing on concatenated encryption(at least for critical apps) - while working hard to ensure no crypto vulnerable to malware type attacks, especially considering that malware isn't a good way for web scale surveillance ?
puppetmaster3 44 minutes ago 0 replies      
Hello. I'm L.E. Give me your keys.Thank you for your cooperation, you can see your kids now.
z3t4 5 hours ago 1 reply      
Check your root certificates. If any of those has capabilities of "Man in the middle", they can see your SSL traffic. That's probably how they do it.
cm2187 6 hours ago 1 reply      
Isn't the bulk of the https traffic using RSA, not Diffie-Hellman?
kobayashi 6 hours ago 1 reply      
Regarding VPN usage, is the fix a client-side or a server-side solution?
ck2 5 hours ago 1 reply      
This is an arms race and it doesn't address the underlying cause.

The government of the people should not be spending $10B a year to monitor and track all of its people just to warehouse the data.

That is quite literally Stasi. Not vaguely like, exactly like.

chinathrow 4 hours ago 3 replies      
Imagine the money spent on both a) measures and b) countermeasures related to the ongoing spying by the intelligence apparatus around the world.

Imagine the money not spent on more pressing issues we face these days: health problems, poverty and the destruction of nature earth, just to name a few.

Why do we, as a society, tolerate this?

auntienomen 10 hours ago 0 replies      
Ha ha! (Seriously, nice paper.)
ape4 10 hours ago 0 replies      
Important stuff.
mkagenius 4 hours ago 1 reply      
Devil is in the details, I would take this with a grain of salt before I read the paper.

What if few hundred millions is 10x less than actual amount. What if it takes 10 years instead of 1.

nosuchthing 8 hours ago 3 replies      
Being that crypto is 'just math', why would crypto be safe? The only claim that crypto is safe assumes computational power is limited. Is that a safe assumption? Assuming the crypto math is safe, one also has to be certain the entire system which runs the crypto is safe as well.

Analysis and attempts to decode the Voynich manuscript lead me to believe mathematical patterns intended to hide information, languages in particular, are not safe in the least.

dogma1138 9 hours ago 2 replies      
Breaking crypto is what the NSA was created to do, playing a cat and mouse game with it means you'll always loose.If the NSA cannot break crypto it's useless, and given 2 outcomes them giving up or them just asking for more money and being more intrusive the latter is much more likely.

No one will get their privacy "back" by fighting the NSA through technology, considering their mission, budget and capabilities they'll always win, the only way to pacify the NSA is through legislation that will ensure that they only use their capabilities when it's warranted.

NN88 9 hours ago 5 replies      

I wonder what world you all live in in which this is a bad thing. Theres real threats out there and i'd hate to live in a country that lacked the geopolitical leverage to make use of these tools to my nation's interests.

How to know if where you live is up and coming: fried chicken vs. coffee shops medium.com
125 points by edward  5 hours ago   80 comments top 25
smikhanov 1 hour ago 2 replies      
A more interesting indicator that authors may consider is how many people living in the area do jogging.

When I moved to London's SE4 postcode three years ago (it's pretty close to Peckham, FWIW), the regeneration of the area has just started and the more middle-class looking people appeared around, the more men and women in running gear were visible in the streets in the morning. Poor on average take worse care of their health and fitness, so tapping into Runkeeper's data may prove useful.

In the meanwhile, during these three years, the value of my home grew more than 100%.

Xophmeister 4 hours ago 4 replies      
There's no justification for the assumption of a high coffee-to-chicken ratio implying up-and-coming. It's not an unreasonable assumption, but it's definitely anecdotal.
angdis 1 hour ago 1 reply      
My "rule-of-thumb" indicator: whether or not there are a lot of check-cashing, bail-bond and furniture rental establishments.
huskyr 1 hour ago 0 replies      
We made this (Dutch) dataviz a couple of months ago about the gentrification of Amsterdam, and indeed, the number of yoga studios and coffee bars closely resembled the gentrificated areas:


DannoHung 2 hours ago 4 replies      
This analysis would be tremendously racist in America.
swalsh 1 hour ago 0 replies      
As a lover of fried chicken, i'm not sure this is the right metric to use for my housing search.
Shivetya 54 minutes ago 3 replies      
So besides "chicken shops" which must be a regional indicator for poor or undesirable what other establishments are also present? There should be an obvious transition type of business that precedes the coffee shop. Combined with chicken shops perhaps the availability of different businesses could give entrepreneurs an indicator where to set up similar or buy up space?
mhax 2 hours ago 2 replies      
"Not many outlets selling fried chicken"... in Peckham?? I'm not sure the authors data is all that accurate.
acgourley 3 hours ago 2 replies      
Wouldn't you want an area with both? I may be missing the context of London's culture - but if 'up and coming' means 'being gentrified' wouldn't you want to pick an area that has a barbell distribution of upper class and lower class establishments?
some1else 2 hours ago 0 replies      
Peckham might be considered up and coming, but it doesn't look like much :-S


TeMPOraL 2 hours ago 2 replies      
Well, China is definitely not an "up and coming" country. I've been here like a week and I already don't want to ever look at chicken in my life again.
sotoer 1 hour ago 0 replies      
Another "up and coming"-ness indicator is the abundance of white guys walking around the neighborhood wearing small shorts.
scottlilly 56 minutes ago 0 replies      
If you want to dig deeper into this, I suggest reading "The Clustering of America", by Michael J. Weiss.

I think some of the key indicators it used were number of bowling alleys, liquor stores, and payphones (keep in mind, it was published in 1989).

aembleton 4 hours ago 1 reply      
Where did you get the data on coffee shops and chicken shops from?
throwaway049 2 hours ago 1 reply      
This analysis is too broad-brush. Although London has richer and poorer neighborhoods, it is common for luxury property to be right across the street from much cheaper property.
onion2k 3 hours ago 1 reply      
You put a fried chicken shop in a place where lots of people go while you put a coffee shop in places where there are few coffee shops. I'm sure that correlates with 'up and coming', but it's not necessarily a signature. Some up and coming places will have neither.
sarreph 3 hours ago 1 reply      
I don't necessarily agree with the premise of this article, as many other commenters point out.

To offer an alternative, my own theory is that the 'up and coming' areas are cropping up down the Shoreditch fringe, i.e. Borough (which is seeing a lot of commercial and residential development, and Elephant & Castle (same as Borough, albeit more behind in completion). Such a 'fringe' also spills off into the East, too.

You could extrapolate this trend to Peckham, one of the primary areas the author has highlighted, however I doubt we're going to get anywhere near same level of 'pop-up' commerce/entertainment in these much more southernly areas for some time to come indeed.

PeterStuer 1 hour ago 0 replies      
You might also look at where the city plans to create new pedestrian areas and bicycle lanes. Absence of car traffic makes real-estate prices soar.
dbattaglia 1 hour ago 0 replies      
Would be interesting to see this done for Brooklyn, which has a lot of "up-and-coming" areas and a plethora of fried chicken and coffee shops.
artur_makly 1 hour ago 0 replies      
back in the early 90's nyc , it was when you started seeing French bars.
mattlutze 3 hours ago 1 reply      
My office computer is blocking Medium for some reason, but, certainly the choice of a fried chicken joint must be localized?

There's a few regions of the US I've lived where fried chicken isn't really a thing, in general. I'm not sure that'd it would make sense to extend the model to those locations at least.

timwaagh 2 hours ago 1 reply      
the theory is worth very little. you could identify two other random density factors (like cigarette butts and chelsea fans) and come up with some heatmap to identify the best value houses. only time-series data could give some indication and then you would still have to test it (and then the market would price in your findings shortly after they are published. this kind of arbitrage rarely lasts long).
agounaris 3 hours ago 1 reply      
Inspiring assumption... I don't think Peckham is exactly your dream area :)
rblstr 3 hours ago 0 replies      
Wow. Our 'up and coming' excuse for living in South London is actually turning out to be true.
SixSigma 3 hours ago 0 replies      
I would say that "coffee" = daytime activity and "chicken" = night time activity.

What a data scientist would have done is find the list of shops and property prices and see which correlate.

Of course, you also need to do it over time because "up and coming" implies the future state, not the current.

1. Buy cheap housing in area that attracts new grads / creatives / artists

2. Those people attract certain business types

3. Hot area attracts richer people + people in 1 get more money

4. Property prices rise

5. Sell

Guix-tox, a functional version of tox rdoproject.org
15 points by civodul  1 hour ago   7 comments top 5
travjones 15 minutes ago 0 replies      
I honestly skimmed the article and didn't read it deeply because I have to run in a bit. But the fact that GUIX is a language-agnostic package manager sounds very neat. I write Go code and one of the things I had to cope with in the beginning was not having a really good package management system. Go still gets criticized for this (although we can always vendor our apps/packages to make sure all dependencies are included). It seems as though GUIX could be used as a package management solution in Go. It might be worthwhile for someone to write a tutorial on GUIX + Go dev.
sschueller 27 minutes ago 1 reply      
For a moment I though this was about https://tox.chat/
calpaterson 11 minutes ago 1 reply      
This sounds great. For projects that use lxml/numpy/scipy/pandas this could be a real help for getting set up on different machines especially if there is some kind of caching that can be done for the built packages.

It's a shame it can't use all of PyPI though.

liotier 13 minutes ago 0 replies      
Naming collision... https://tox.chat
wyldfire 13 minutes ago 0 replies      
I haven't encountered these problems with tox. But I'm all for having more explicit environment definitions while testing.
Social Media Cracked the Case of MH17 bloombergview.com
62 points by henrik_w  3 hours ago   29 comments top 8
korisnik 23 minutes ago 0 replies      
Russian/rebel social media also played a role in all this, in a way that's not mentioned in this article.

There are some official and close-to-official social media accounts that are used by the Russian rebels to announce progress (Twitter, Facebook, VK) usually straight from the mouths of commanders and higher ups.

When MH-17 was downed they boasted about shooting down a Ukrainian plane only to find themselves quickly deleting all mention of it several hours later.

Those same accounts also boasted about acquiring a Buk missile launcher weeks earlier, but those status updates were also deleted.

jacquesm 1 hour ago 2 replies      
"Meanwhile, Russian officials denied the allegation.Officials of the producer of the Buk missile, Almaz-Antey, told a news conference on Tuesday that they had carried out their own analysis of traces found on the aircraft. They said even if the jet was shot down by a Buk, it was an old type that is no longer used by the Russian military.

The official also hinted that the missile was fired from a village in the Donetsk region, where Ukrainian forces were said to have been stationed at the time of the crash.

Russian deputy foreign minister Sergei Ryabkov called the report an attempt to make a biased conclusion.He argued that the report had failed to take account of the Russian investigations."



So, even if the truth is out in the open (and given the tweets right after hitting the plane there wasn't much doubt) there is apparently no way Russia is going to own up to this.

Kristine1975 24 minutes ago 1 reply      
This makes me question Bellingcat's work somewhat: http://www.spiegel.de/international/world/expert-criticizes-...
panamafrank 1 hour ago 5 replies      
There's good on book on MH17 that was published a while ago: http://www.amazon.co.uk/MH17-story-shooting-Malaysian-airlin...

It came to a similar conclusion as the dutch report, the main issue with the dutch report is it's too little to late and the government had repeatedly delayed publishing it while they searched for a way to indirectly accuse Russia. The dutch report is quite weak in that it won't take the next logical step given the evidence available and accuse Russia of ordering the downing of MH17.

TeeWEE 1 hour ago 0 replies      
I"m from the netherlands, and i can say that the dutch report, didnt blame anybody, because the researchers didnt have the 'mandate'. Basically they didnt have the right the blame russia. Its clear from all the facts that this is from russian-sepepratist.
r721 1 hour ago 0 replies      
This all also shows how important (neutral) web-archiving services like archive.org or archive.is are - they work like a free equivalent of a notarized screenshot, as usual .png screenshots can be forged with simple browser tricks.
kitd 1 hour ago 2 replies      
One crucial point made in this article which had somehow passed me by is how devoid of credibility the West's intelligence agencies have become. I know it has been known for a while since Snowden, but the implications are far-reaching.

It has come to something when social media can point the same spotlight on whole armies doing things they would rather keep secret as it has done on politicians doing the same.

1stop 1 hour ago 0 replies      
... I'm confused about the implications of your statement. It would imply Detectives don't solve crimes, incompetent criminals do. That's a pretty big stretch of the meaning of words.
Higher Order Macros in C++ stuffwithstuff.com
14 points by ingve  1 hour ago   3 comments top 3
Rexxar 43 minutes ago 0 replies      
The technique used here is called "X Macro". There are article on wikipedia and wikibooks.



It's very useful in some situations. It offers, in a way, a mean to do a sort of compile-time introspection on some class/enum.

osullivj 31 minutes ago 0 replies      
Very powerful technique. However, one of my C++ coding rules of thumb these days is 'can I step through it in the debugger?'
recentdarkness 44 minutes ago 0 replies      
Funny, this is exactly what I am doing in such cases - I don't even have to look into any sources of others to make that up. Probably a long time experience that this is for me nothing I need to tell anyone about in a blog post.

I use this for dispatching, enum creation, method creation etc.

But probably a good resource for people trying to save their time by macro based code generation ;)

Murder in the Alps gq.com
77 points by dogecoinbase  6 hours ago   13 comments top 4
tommyd 3 hours ago 2 replies      
Wow that's a ridiculous amount of advertising on page load, can't actually see a word of content! http://s10.postimg.org/mwea5sruh/Screen_Shot_2015_10_15_at_1...

Can't really blame people for using ad blockers on pages like that. That said, I'm quite interested in the story so I'll give it a read regardless...

techterrier 3 minutes ago 0 replies      
tldr: We really have no idea.
andy_ppp 2 hours ago 1 reply      
Interesting and tangentially related... I can't recommend Serial podcast enough.


briandear 1 hour ago 2 replies      
What Iraqi engineer has a million dollars in a Swiss account? Even if it were legitimate, it certainly isn't the norm. Also to get that many head shots at a distance, obviously professional. Then one must ask, why did this man warrant the expenditure of a professional hit? Certainly not just some local random violence -- French hunters can barely hit the side of a barn let alone multiple head shots and common thugs are very rare in Annecy. Motive is the key here. If this were in Marseille, then I'd suggest drugs or smuggling, but this kind of hit on a person with that sort of background? The killers had to have intelligence, funding and logistical help. Perculiar.
Hackers Prove They Can Pwn the Lives of Those Not Hyperconnected bits.blogs.nytimes.com
74 points by pavornyoh  6 hours ago   42 comments top 12
a3n 4 minutes ago 0 replies      
So may people here are dismissing this as unsophisticated.

Burglars have always targeted items that are valuable to them. Easy to sell, gets a good price, etc.

Now we have digital assets in the home, and burglars are going to focus on those things too. For most of the population, and probably many of "us", physical access to those digital assets isn't particularly secure. And to have those assets "taken" today is much more far reaching than to have lost a stereo or checkbook.

Just because the attacker had to get off his couch and go somewhere shouldn't minimize this threat. "Physical access means's you're pwned" is a true statement.

One thing I do at home, for example, is to use full disk encryption on my laptop, and hibernate it when I leave. So that if someone steals it, it's just a plastic brick. For exactly the scenario described in the article.

downandout 3 hours ago 2 replies      
This is a silly article with an alarmist title. They look at a list of sites she likes on Facebook, then they phish her from one of them. Then she lets them into her house where they look for post-it notes with passwords on them. For a grand finale, they open her garage door. I guess the takeaway here is don't let people that identify themselves as "hackers" through your door and into your home office if you have passwords written on post-its, but I am fairly certain this is a rare occurrence.
sdoering 6 hours ago 1 reply      
Well actually, looking at the things my parents and parents in law did on their home networks, their Smart TVs and so on, having this in a understandable form for the lay person is really good.

To understand, that your door opener, your TV and other things can be "hacked" is important. The information to use different passwords for every service is important.

We as people in the know have to help our elders and peers to see how easy it is to use a pwd-mgr and have a little bit more basic security.

If nothing more, this piece goes a step in the right direction.

TlDrBot 6 hours ago 3 replies      
Summary: Hackers send grandmother phishing mail. Grandmother enter her email address and password. Hackers go into house of Grandmother. Hackers change settings on router and and television of grandmother.
spyder 5 hours ago 1 reply      
"Critical points were that Mrs. Walsh needed a new garage door opener..."

I'm surprised they only care about the electronic locks and didn't show how easy it is to pick most of the mechanical locks. Especially when they are talking about the "not hyperconnected" hacks.

cxseven 5 hours ago 1 reply      
Fake virus warnings also sucker a lot of older people. Putting them on Chromebooks kills a lot of birds with one stone.
methou 4 hours ago 0 replies      
>> To spare Mrs. Walsh any actual harm, the hackers used a service called Phish5, which does not actually store passwords and is often used by employers to test employees ability to spot malicious phishing cons.

I'm signing up for Phish5. Looks like exactly what I need for my team.

jtchang 5 hours ago 0 replies      
It's easy to dismiss it as a phishing scam but these days some of them can be very convincing and elaborate. It's not hard to obscure URLs, obtain good looking SSL certs, and have a good story behind it. Social engineering will always work.
tefo-mohapi 3 hours ago 0 replies      
This is more about how hackers use phishing (old) to get passwords etc. Nothing new. Actually looks like phishing works best on those not hyperconnected or heavy internent users because they would most likely know the pitfalls.
axelfreeman 3 hours ago 0 replies      
Hackers can "pwn" you by not even hacking you. If someone can hack e.g. your phone provider or something you can get even worse problems and you did not anything wrong.
dalacv 1 hour ago 0 replies      
does anyone really say 'Pwn' anymore?
artjacob 5 hours ago 0 replies      
So cute :)
Jack Dorsey giving up 30% of his stake in Square to help underserved communities venturebeat.com
27 points by richiezc  6 hours ago   7 comments top 4
stpe 1 hour ago 0 replies      
Updated title on original source:"Jack Dorsey is giving up at least 50% of his stake in Square to help underserved communities"

Update: This post has been updated to correct that Dorsey will commit 10 percent of the entire company, not just his equity as previously stated. In addition, our calculations were off and I regret the error.

This is commendable. Actually intending to making the world a better place (in the non HBO-Silicon-Valley-Show-way).

humility 45 minutes ago 1 reply      
Does anyone else feel like it's the government's responsibility to help all the needy sections of the society, and billionaires intervening only abets and condones all the deliberate/unintentional mistakes of the former, and lets them escape it?
LunaSea 25 minutes ago 1 reply      
Are the "underserved communities" ex-Twitter employees ?
arbitrage314 1 hour ago 0 replies      
I no longer dislike Jack Dorsey! :)
How to Pick a Front End Web Framework fse.guru
3 points by g4k  23 minutes ago   1 comment top
andrew_wc_brown 2 minutes ago 0 replies      
I use MithrilJs with Coffescript. Small and Fast.
Default Alive or Default Dead? paulgraham.com
267 points by iamwil  12 hours ago   100 comments top 20
JshWright 11 hours ago 6 replies      
In the world of high angle rope rescue, we have a concept called the "whistle test". The idea is that if someone were to randomly blow a whistle at _any_ point, and everyone let go of whatever they were holding, that no one would be dropped.

It takes a lot of thought and planning to make sure you're 'default alive' in all circumstances. It slows you down, and it requires you to think through the implications of every decision, big and small.

This sounds like a fairly similar notion...

jacquesm 12 hours ago 1 reply      
> The startling thing is how often the founders themselves don't know. Half the founders I talk to don't know whether they're default alive or default dead.

This accurately reflects my own experience. Most common pitfall: converting VC capital to users at a rate that will not sustain the company once the VC capital runs out. So many companies fall into this particular trap that it should have a name of its own.

Bought growth is only worth it if the users remain long enough to make back the money you pumped into them at the time of acquisition in net profits otherwise you might as well do without them.

I'm not sure if the reference to airbnb helps, whatever they did, they're an outlier and simply doing what they did without carefully evaluating your reasons is going to work about as well as any other cargo-cult strategy to success, it would be (a lot) more useful to see this point expressed in an alternate form, start-ups funded by YC in cohorts of months from when they started hiring besides the founders compared to their survival rate.

numlocked 12 hours ago 1 reply      
It's amazing to me how deeply ingrained software profit margins are into the start-up world. That calculator...we're an ecommerce company that holds inventory...I spent 30 seconds searching for how to set gross margins on the revenue then realized it assumes all revenue is 100% gross margin. In most businesses (read: anything other than software and maybe pharma), manipulating margin is one of the biggest levers (maybe THE biggest) you have to affect profitability.

Not to mention other big levers like working capital (and potentially running a business with negative WC and generating cash, a la Amazon). It's funny to be running a start-up in SF and still feel a world apart from a lot of the ecosystem.

paulsutter 11 hours ago 3 replies      
> In practice there is surprisingly little connection between how much a startup spends and how fast it grows. When a startup grows fast it's usually because the product hits a nerve, in the sense of hitting some big need straight on.

Perhaps the most important underlying point in the article.

It's easy to think that more people will make the company grow faster. Adding people actually makes it harder to tune a product's direction (and thus growth rate). Great to see another dense and on-point post from pg. Every sentence is worth several reads.

analog31 12 hours ago 3 replies      
My inability to comprehend the idea that 8 or 9 months is "old" is probably the surest sign that I'm the one who's old.
Animats 8 hours ago 0 replies      
For the first dot-com boom, I did Downside's Deathwatch[1], which did exactly that for public companies. (Companies IPOed earlier in that boom, often before profitability.) For a public company, SEC filings give anyone enough info to make that calculation.

For a private company, it's much harder to tell from the outside. Any CEO who doesn't know how many months (days?) of cash they have left is hopeless.

[1] http://www.downside.com/deathwatch.html

jaytaylor 11 hours ago 2 replies      
Why is there a shopping cart in the upper right hand corner of his website? What Is available for purchase from Paul?
DrNuke 4 hours ago 0 replies      
Bootstrapping attitude to the rescue: the more you do with little money, the more you can do when money is raised, and longer.
andrewstuart 2 hours ago 0 replies      
This is effectively saying that these businesses don't have cashflow projections. Business 101 - should be taught by whoever the investors are that are "adding value".
Multiplayer 12 hours ago 0 replies      
I love that calculator. Picture is worth 1,000,000 words here.
PhilipA 3 hours ago 0 replies      
It feels like this post is somewhat also addressing the very high burn rates which companies have, and that you should have control over your trajectory before you begin burning all your money.
AndrewKemendo 11 hours ago 0 replies      
I feel like having the mentality that you are always default dead is where your head should be as a founder.

That's how I run my company. Complacency kills, and prevents being able to be proactive in an ever changing market.

copsarebastards 8 hours ago 0 replies      
> Say "We're default dead, but we're counting on investors to save us." Maybe as you say that it will set off the same alarms in your head that it does in mine. And if you set off the alarms sufficiently early, you may be able to avoid the fatal pinch.

To make this alarm explicit: if you were that investor, would you save the company? I wouldn't.

kra34 11 hours ago 2 replies      
It's interesting to see the tone change from Paul Graham and Sam Altman in the last couple of months, its almost like somebody finally bought them a calculator.
caf 10 hours ago 0 replies      
But as a founder your incentives are different. You want above all to survive.

This is a bit like in the early stages of a poker tournament, where you might fold even quite strong starting hands to all-in bets where your expected value is positive - because you're not just betting the number of chips in your stack, you're betting the entire remainder of your tournament.

urs2102 8 hours ago 0 replies      
Despite this definitely being important for all businesses at some point, where does this come in when evaluating businesses like early Facebook and Google where prior to monetization, wouldn't they appear to be "default dead"?
vasilipupkin 10 hours ago 0 replies      
Aren't most startups except for very very few super start top ones, default dead by definition, maybe until B stage?
TrevorJ 9 hours ago 0 replies      
Reminds me of a great episode of Dirty Jobs: https://www.youtube.com/watch?v=Ap3peqZ0RlA&feature=youtu.be...
7Figures2Commas 12 hours ago 1 reply      
> Instead you'll be compelled to seek growth in other ways. For example, by doing things that don't scale, or by redesigning the product in the way only founders can. And for many if not most startups, these paths to growth will be the ones that actually work.

Or you could reconsider the size of your total addressable market (hint: it's probably a lot smaller than what's in your pitch deck) and give weight to building a smaller company that's sustainably profitable.

Note that I'm not suggesting growth isn't important. What I am suggesting is that a lot of founders seek "Silicon Valley growth" without considering the possibility that they have an opportunity to build a lasting business that doesn't need hundreds of employees, tens of millions of dollars in funding, hundreds of millions in revenue and billions in enterprise value to succeed.

codingdave 10 hours ago 1 reply      
I'm surprised it takes an interview with pg for this question to be raised. I would be asking it in an interview before I ever sign on as a new hire.
The tantalizing links between gut microbes and the brain nature.com
13 points by etiam  4 hours ago   discuss
Did three men actually survive the escape from Alcatraz? telegraph.co.uk
4 points by rickdale  59 minutes ago   discuss
MIT Invents Alterable Pin Surface That Lets Objects Assemble Themselves fastcodesign.com
45 points by metakermit  5 hours ago   1 comment top
chucknelson 1 hour ago 0 replies      
The video has me thinking this is foreshadowing some new type of warehouse. Maybe Amazon is going to make a "life size" version of this.

Now if this is efficient in any way - no idea.

Unit testing IO in Haskell pusher.com
14 points by fractalsea  4 hours ago   discuss
We Looked for Work as a Software Development Team chocolatetin.org
159 points by jpatokal  11 hours ago   37 comments top 12
ThePhysicist 5 hours ago 3 replies      
A German startup (Tandemploy - http://www.tandemploy.com/) is trying to establish something similar by allowing two people to "team up" together and apply for a single full-time position at a company. This sounds weird at first but the benefits for both sides are clear:

* The two "job sharers" can freely organize how they want to split their working time between each other, giving them a lot of flexibility and increased work-life balance.

* The company will have filled one full-time position with a team of two people, thereby greatly reducing the risk of sickness and one person leaving the company with all his/her knowledge.

So, basically it's RAID0 for people :)

gkoberger 9 hours ago 2 replies      
This is interesting. From a hiring perspective, I feel like I'd be a bit wary of this. It'd be great to have a team that works well together, but I'd be really afraid it would overwhelm existing company culture/process/etc and cause a clash.

I think this is why a lot of acquihires fail (like, acquihired employees leaving quickly). They way the acquired team works together doesn't mesh with the way the new company works.

periphery 8 hours ago 1 reply      
In the marketing / advertising circles its not uncommon to hire a creative team (two anyhow). With one one having stronger graphics skills and the other copywriting. I have often wondered why agencies will use this approach with "creatives" but not developers. To me it seems like a close knit front end / back end dev team would be a good match for banging out the campaign based sites that most agencies do.
dustingetz 9 hours ago 3 replies      
Did you consider contracting? You can bill as a team, you control the interview process, you can split and reunite at will, and the people who are booked can support the people who are benched are working on open source portfolio stuff to attract more clients.
FajitaNachos 9 hours ago 0 replies      
What an interesting concept. For developers, it's easy to see the value in hiring an established team. I'm glad the companies you spoke too also saw that. I wonder if this could be applied to even smaller groups, say 2 or 3 developers who have worked together well in the past.
fphhotchips 7 hours ago 0 replies      
Impressed that this happened in Melbourne as opposed to the Bay Area. ZenDesk has done a good job of publicising their ability to move comparatively quickly around here, but this goes over and above.
cdnsteve 1 hour ago 0 replies      
Brilliant thinking on your feet of taking a problem and turning it on its head, still as a team. When a good group of developers get together the things that can be achieved are incredible. Well done!
calcsam 9 hours ago 0 replies      
If a good team did this in the Bay Area with sufficiently strong internal agreements to ensure they all got hired together they could probably get ~$100K signing bonuses each, comparable to an acquihire.
49531 10 hours ago 1 reply      
Neat! It's always sad to have to disband a well oiled team.
lifeisstillgood 7 hours ago 2 replies      
Several comments leap out

1. To all intents and purposes this is a co-op model of an agency.

2. If the team could not break through to their employers that the employers were in the way and not letting a team of eight build something to help, then why do they think they can do this repeatably (is the value of an agency the ability to build valuable stuff or to persuade business to take the valuable stuff it needs?)

3. This should be the model for the future. Damn it, succeed damn it.

Sven7 8 hours ago 2 replies      
Time for team leaderboards/recommendation systems on LinkedIn, Stackoverflow etc
trengrj 5 hours ago 0 replies      
A bit of game theory here. As a company, do you offer the entire team a job or just the best?
GCHQ can monitor MPs' communications, court rules theguardian.com
60 points by quickfox  6 hours ago   47 comments top 11
andyjohnson0 4 hours ago 4 replies      
Then it seems that MPs might need to start deploying and using crypto in their everyday work - in a similar way to some mainstream journalists [1][2]. Which is a real shame and a serious distraction.

Also, the Prime Minister and most members of the cabinet are MPs. I wonder if this disclosure affects them too?

[1] http://www.tcij.org/resources/handbooks/infosec

[2] http://www.cjr.org/behind_the_news/hacks_hackers_security_fo...

maaarghk 52 minutes ago 1 reply      
This is a reversal of the Wilson doctrine. [0]

A few months ago there was a leak [1] which suggested GCHQ were spying on Scottish MSPs (Members of the Scottish Parliament) and MEPs.

Now, of course, they can continue to spy on Scottish elected officials without anyone being able to claim unfair treatment of MPs over others.

Edit: The other argument is of course that before this ruling, MPs were "above the law" so to speak. So in that sense it is a bit of a re-balancing.

[0] https://en.wikipedia.org/wiki/Wilson_Doctrine

[1] http://www.bbc.co.uk/news/uk-scotland-scotland-politics-3365...

verinus 2 hours ago 3 replies      
Always when it comes to privacy I like so cite Benjamin Franklin:

Those who surrender freedom for security will not have, nor do they deserve, either one.

Benjamin Franklin

mrmondo 5 hours ago 4 replies      
Maybe this could be a good thing? Maybe if the MPs feel that they're under surveillance like the rest of us they might not be so quick to support global spying.
orian 2 hours ago 1 reply      
It always feel to me quite ironic that countries which used to advocate freedom and free speech these days have most intense surveillance operations.
mikecb 1 hour ago 0 replies      
Eventually the UK may decide that no one should be monitored without probably cause, but suggesting that any portion of society, especially those with power, should be exempt from a regime the rest of society is subject to is a worse proposition than having pervasive monitoring applied equally.
petepete 1 hour ago 0 replies      
Hopefully someone will guide MPs in setting up an encrypted alternative.

Slightly ironic considering James H. Ellis worked for GCHQ


cm2187 5 hours ago 3 replies      
Because MPs are a bunch of dangerous terrorists!
nomercy400 1 hour ago 0 replies      
Wouldn't they be doing it regardless of the court ruling anyway?
togusa 6 hours ago 2 replies      
Well there goes democracy.
nbevans 5 hours ago 1 reply      
That'll nicely neutralise the security threat that Labour caused when they elected Corbyn.
Decentralized Reddit using a DHT to store content and a blockchain to rank it slideshare.net
10 points by sktrdie  4 hours ago   3 comments top 3
liamzebedee 1 minute ago 0 replies      
Re: the hosting of topics/subreddits in the DHT, I've done quite a lot of research [1] into a very innovative yet not well known P2P publish-subscribe network design [2] from some Norweigan computer scientists that removes the role of hosting for nodes not interested in a topic, even designing a decentralised microblogging platform on top of it [3].

It's called PolderCast, and the way it works is that it models subscribers of a topic as a ring, and then uses 3 different overlay networking modules to efficiently constructing the network (a basic gossip one, one that finds nodes with intersecting interests, and then a final one which constructs the neighbours for a node in the topic ring). Thus, only subscribers of a topic are responsible for hosting, in contrast to a DHT where every node would be (even for questionable content that they may not agree with).

[1] http://liamz.co/wp-content/uploads/2015/03/Computer-Science-...

[2] http://acropolis.cs.vu.nl/~spyros/www/papers/PolderCast.pdf

[3] BitWeav http://liamz.co/wp-content/uploads/2015/03/whitepaper.pdf

cbeach 27 minutes ago 0 replies      
Sounds like a great idea, although I fear people may stockpile points in order to promote their own material later.
The Drone Papers theintercept.com
13 points by yuvadam  49 minutes ago   discuss
Mathematicians find 'magic key' to drive Ramanujan's taxi-cab number esciencecommons.blogspot.ca
38 points by ghosh  7 hours ago   13 comments top 4
osullivj 2 hours ago 2 replies      
Whenever I need an arbitrary const int I use 1729. I've left a trail of 1729s in the codebases I've touched over the years, and I like the thought of other hackers recognising the number when they have to fix the bugs I've left behind.
chx 2 hours ago 1 reply      
Ramanujan was an extraordinary mathematician who was able to intuit (and then prove) many really surprising formulas. I have no idea how a movie is going to work since most of these results are far too heavy for a movie screen and without it how can you understand the man ?
Tinyyy 3 hours ago 1 reply      
So, whats the deal with K3 surfaces?
dang 6 hours ago 1 reply      
Url changed from http://phys.org/news/2015-10-mathematicians-magic-key-ramanu..., which copies this without linking to it.
Theranos Has Struggled with Blood Tests wsj.com
76 points by OopsCriticality  8 hours ago   45 comments top 17
danso 6 hours ago 1 reply      
Here's a nice profile from the New Yorker in late 2014:


I mean "nice" as in, a good read...it's a flattering profile of Holmes -- she comes off well, as a genuinely passionate person, and even if she had stayed in school, it sounds like she would've still made a great impact.

But the article also raises concerns that seem to be corroborated by the OP:

> Clarke argues that finger-stick blood tests arent reliable for clinical diagnostic tests; because the blood isnt drawn from a vein, the sample can be contaminated by lanced capillaries or damaged tissue. Holmes strongly disagrees: We have data that show you can get a perfect correlation between a finger stick and a venipuncture for every test that we run. When I asked for evidence, I was sent a document by Daniel P. Edlin, Theranoss senior product manager, titled Select Data. It purported to show favorable results from numerous comparison tests. I asked Edlin if the tests had been conducted by an independent third party. He replied by e-mail: The clinical tests were conducted by a combination of Theranos and external labs, but he wouldnt say which ones.

Um, OK. I don't know much about this testing process...but...what trade secrets are being protected by hiding the methodology and source of the comparative test results?

Pyxl101 6 hours ago 1 reply      
> Mr. Balwani replied the next day, copying in Ms. Holmes. I am extremely irritated and frustrated by folks with no legal background taking legal positions and interpretations on these matters, he wrote. This must stop.

Wow. What a terrible response to get from company leadership. It should be completely appropriate for an employee to bring a concern to the attention of leadership based on a plain-English reading of a statute or regulation. Obviously, I don't know what kind of email the person sent, but if it was something like, "A plain English interpretation suggests that we are required to ... " then the right response is to thank them for bringing it to attention, and then engage people for an appropriate review. Every time I've dealt with a legal situation in a corporate environment, the plain English reading was ballpark a correct way to understand it, with occasionally some detailed nuances for which it was important to have legal input, but which did not radically change the situation. I've never run into a case where the required action was opposite than it seemed, or anything like that, although I'm sure surprising things come up from time to time.

I understand why they might ask people to stop discussing it, on a big company email list or something like that, but bringing it to the attention of the appropriate company leader, is exactly the right thing to do. Thank them and look into it.

dbcooper 7 hours ago 1 reply      
A critical opinion piece on Theranos from the journal Clinical Chemistry and Laboratory Medicine:


frozenport 7 hours ago 4 replies      
>>Theranos claims that the usual delay of testing in centralized laboratories is approximately 3 days and that they will generate and deliver their data much faster (e.g., within 4 h). The 3-day delay claim is not accurate. The bulk of laboratory testing in centralized laboratories is completed within an hour or two (calculated from time of sample collection to time of results posting for physician review). For example, in our laboratory, more than 90% of creatinine and troponin requests from all wards are completed in <1 h and more than 97% in <2 h. It is thus questionable that Theranoss technology will be able to deliver faster results than the ones mentioned... Consequently, faster analysis will not have a major impact on patient outcomes.


This is the same kind of bullshit I see in academia, where a new technology is promised to replace an old technology that works fine, but now they have a 9 billion dollar valuation!

nrao123 7 hours ago 4 replies      
I am genuinely confused by the overall thrust of the article.

1st Theme says: Theranos doesn't use Edison (thier in house testing device) & instead use regular equipment from companies like Siemens. This is a marketing problem because the company is saying its using one device but is actually using another one.

2nd theme: lab tests from Theranos differ from generally accepted standards. How do they differ if in fact they are using the same tests as everybody else? Is it just the general variability of lab results and similar variability could be find in quest diagnostics as well?

3rd Theme: almost all people say Theranos is dramatically cheaper than competitors. How is that possible when they are using the same equipment as everybody else for most of the tests? Is it a process innovation in operations rather than from Edison/better equipment tech? Or are they just subsidizing these costs and being cheaper and possible have bad unit economics?

The are two plausible storylines that can seem to reconcile these three themes is:

Storyline 1 (Negative)-Theranos seem to be doing a process innovation rather than an underlying equipment innovation. That process innovation perhaps includes diluting blood samples 1) to meet thier marketing promise of taking less blood 2) somehow taking less blood and diluting the samples to meet the standard for traditional equipments AND still lead to cheaper operational costs that lead to lower prices. But - somehow these diluted blood samples show more than normal variability.

Storyline 2 (not so negative)Traditional lab companies are ridiculously inefficient from an operations perspective. Theranos is able to take the same equipment as everybody else but because of thier operational efficiency make the end service dramatically cheaper. The variability in tests results is kind of standard in the lab testing market.

Am I thinking about this the right way or missing any big parts?

downandout 2 hours ago 0 replies      
Like many of us, Elizabeth Holmes is smart and had a good idea to change a large industry. Unlike many of us, she has managed to convince several billionaires to make her one too, based almost solely on the strength of her idea. I don't know how much money she has personally taken off the table during her funding rounds, but for her sake I hope it's enough to last her for the rest of her life.

I don't doubt that she is sincere in wanting to build this business and take over the blood testing industry. But Theranos is looking more and more like a cautionary tale about why VC's and angels shouldn't give any Stanford dropout with little more than an idea and a dream a multi-billion dollar fictional valuation and tens or hundreds of millions of dollars in real cash to burn in the streets.

qq66 6 hours ago 0 replies      
It's not necessarily bad business or bad practice to launch a company before the technology is ready, and to use a more conventional, cheaper substitute in the interim. I remember reading about a company that offered automated translation, but started out with human translators to validate the increased market size at the lowered price point. They used the validation to raise enough money to continue growing a user base at a per-unit-loss as well as develop the machine translation software to the point of marketability.
ogezi 2 hours ago 0 replies      
Getting blood from someone's finger will lead to incorrect results in many tests because other things diffuse into the blood. The things can lead to very inaccurate results. This is a BIG problem for Theranos.
Pyxl101 6 hours ago 0 replies      
Sounds like the accuracy testing should be blind but isn't. Why not?

It seems like disclosing that a sample is a test is more likely to negatively affect the accuracy of the test than improve it. The need for double blind trials is normally well understood. This is not an experiment, but as a test it seems like it would benefit from at least single blind: lab is unaware - accuracy tests are mixed randomly into the genuine population of testing requests. Kind of like how the TSA is occasionally tested by inspectors who bring all sorts of weapons through.

dannylandau 6 hours ago 0 replies      
Interesting article. While the article paints a bleak picture of company operations, one item that sticks out in favor of the Company is that "Walgreens says its partnership with Theranos has gone smoothly overall."

Seems like there would a lot more complaints considering the number of tests conducted, and that the relationship would have been soured/severed if the results were not living up to Walgreen's satisfaction.

nikolay 7 hours ago 0 replies      
Too bad if they are undergoing troubles as I'm really hopeful they become more widely available in California. I'm using WellnessFX [0] and InsideTracker [1], but they are expensive and draw too much blood (which could be a good thing, actually).

[0] https://wwws.wellnessfx.com/

[1] https://www.insidetracker.com/

auggierose 2 hours ago 0 replies      
Is Theranos pulling a Volkswagen?
kitkatz 6 hours ago 0 replies      
I believe parts are a scam and parts are goodThe pathology diagnostics field is ripe for disruption with easy access and visible pricing and even if they do this well they will probably disrupt the big players. In terms of new technology I very much doubt they have anything substantial.
ccvannorman 7 hours ago 5 replies      
In startup-world, this is known as "faking it until you make it." Well done Theranos, keep at it!
danso 8 hours ago 1 reply      
Obligatory click-through-Google URL:



I had known about Theranos mostly for being a highly valued startup by a young college dropout involving something in the medical field...I assumed it was more related to the scientific research side...but in the article it says it's been offering tests to the public since 2013 (and that that appears to be the main potential source of revenue)...has anyone's doctor suggested the tests to them? It looks like they have a couple testing centers in Palo Alto but my general physician has never mentioned the option to me.

drugsAreBad0001 7 hours ago 4 replies      
Side note: Did anyone else find the writing for this article absolutely horrendous?

 They were never able to produce them, she says. Ms. King says the company did show detailed testing-accuracy data to the nurse.
I would have flunked freshman-english if I wrote papers like this. There was zero effort to link thoughts together all-throughout the piece. I thought the point of a pay-wall was to promote and support good content?

rajacombinator 5 hours ago 0 replies      
No fan of this bizarre Illuminati-backed startup, but this article reads like a well funded hedge fund hit piece. Maybe some players shorting OTC contracts on their stock? The biotech industry is heavily manipulated so if they're facing this kind of opposition, maybe it really does make sense to have guys like Henry Kissinger on the board ...
Programma 101, the first commercial desktop computer wikipedia.org
19 points by tilt  6 hours ago   4 comments top 2
antirez 1 hour ago 1 reply      
It's terrible that modern Italians no longer understand that our "design" culture can be applied to computers as much it is applied to shoes, food, clothes. It's the same process as the Programma 101 shows, and the engineering background is still here.
tr352 2 hours ago 1 reply      
"It is usually called a printing programmable calculator or desktop calculator [...] in order to be able to overcome the fears of computers."

We still do the same, but now we call it a smartphone.

COZ: Finding Code That Counts with Causal Profiling [pdf] sigops.org
22 points by epsylon  7 hours ago   1 comment top
drewm1980 36 minutes ago 0 replies      
Man, I love the idea, even though a lot of the code I want to test is tied to hardware that can't be just slowed down.

They show several examples where speeding up a line is predicted to slow down execution, but ~actually optimizing it had the opposite effect, so kudos to them for including bizarre results too. I hope they take this farther; seems promising.

Content-addressable storage: where object placement is defined by its contents yurichev.com
9 points by nkurz  8 hours ago   discuss
Declassified documents offer a new perspective on Yuri Gagarins flight thespacereview.com
81 points by ColinWright  14 hours ago   15 comments top 5
sandworm101 10 hours ago 2 replies      
This doesn't seem all that different than the Mercury program. There were two side to the race. Look closely at either and you will find safety being pushed.

It is also a little disingenuous to characterize the russian effort as "military" and the american effort as not. It wasn't Mr. John Glen first american in orbit. He remained an military officer while at Nasa and was awarded military honors for his flight (DFC). Smack whatever label you want, both programs had heavy military involvement.

sandworm101 7 hours ago 1 reply      
I don't like double posting, but I read this again and ran accross this statement towards the end of the OP:

>But the frantic pace of the space race ensured that you had to sacrifice thorough ground testing in favor of debugging the technology in space. This means that you automatically increase the risk to human subjects on board spaceships.

By my memory, the US lost most astros to ground testing than to flight, the Apollo fire being top of the list. Training and testing are safer than flight, but are not absolutely safe. There is a balance point where the risks presented by ever more training outweigh any further reduction in risk during flight.

avmich 7 hours ago 0 replies      
A common idea was "any single system fault shouldn't make catastrophe by itself". Nowadays it's "any single fault shouldn't jeopardize the mission and any two faults should still allow for safe return of the crew". The redundancies are designed in accordance to this.

From this perspective Gagarin would die if both accelerating stage worked longer and retrorockets failed. Only one of this two systems malfunctioned - so, barely, he managed to return unscathed.

rdtsc 7 hours ago 1 reply      
Just like a software project, it will just not be perfect on first release. If they had waited to fix the comms module, to test the strap on the survival pack, and so on, they'd still be working on it today and other country (probably US) would have beat them into space.

Overal their program probably killed about the same number of cosmonauts as US killed astronauts, or maybe even less.

You can play some games with numbers maybe if you want to include unmanned rockets exploding on launchpads or not -- China killed maybe around 500 people with an a satelite launch in the 90's. Russians killed 50 launchpad personnel during a failed Vostok lunch in the 60's.

veidr 10 hours ago 2 replies      
TL;DR "Gagarin was an incredibly lucky man to have come out of this unhurt and alive. In rushing to accomplish a human spaceflight in the race with the US, Soviet engineers pushed the boundary of acceptable risk to its limits. "


The Art of the Propagator (2009) [pdf] mit.edu
13 points by joubert  7 hours ago   discuss
More Than You Ever Wanted to Know about Synchronization [pdf] sydney.edu.au
29 points by nkurz  8 hours ago   discuss
How Facebook knows who you might be dating online bbc.co.uk
80 points by iamben  12 hours ago   55 comments top 18
grovulent 7 hours ago 0 replies      
I think this is far less mysterious than people suppose.

Hypothesis - if someone on facebook views your profile then facebook is more likely to suggest them as a friend. Increase the probability if the person is a low degree of separation from you.

Obviously people on dating apps are often going to be searching each other out on facebook to see more info.

I guessed this was how facebook did it because I saw an ex of mine once on the street (I don't have the fb app on my phone or anything like that - so I doubt it was using location data). We never spoke - but made eye contact. Later that day she appeared as a friend suggestion for the first time. My guess is that she viewed my profile out of curiosity.

wongarsu 11 hours ago 2 replies      
The thing that I find most interesting about this article is the displayed approach towards privacy management. People quoted in this article reveal little about themselves in a dating network, and don't want to give enough information to make it possible to guess their real identity. Facebook destroys this concept by suggesting dating matches as potential facebook friends, making it possible for their dating matches to discover all about them in their public profiles and timeline.

That's a straightforward conflict, but it makes me wonder why people are comfortable with revealing "all [their] information" publicly on facebook, when their dating network behaviour shows they don't want total strangers to know all this? Facebook provides lots of privacy controlls, allowing you to finely tune who sees what. If you don't want strangers to know your last name, or which area you're from, why make it publicly viewable on facebook?

Is the problem with facebook making it not simple enough to hide things from total strangers (i.e. people you have not friended)? Is it a problem with people never bothering to change default settings? Or is it something about the way people use facebook that makes this apparent inconsistency actually completely rational?

flashman 9 hours ago 0 replies      
Here's my theory on how Facebook can be telling the truth here:

Your Tinder/Grindr matches are people in your local area. Your Facebook social graph contains people in your local area, even ones you don't know, through your local friends. The chances of one or several Tinder matches eventually intersecting with your Facebook graph are significant. When this happens, people interpret it as a deliberate act, not just a coincidence.

If you use Tinder in an area which does not contain any of your friends, and people from that area subsequently show up, and have no connection to any of your friends, that would be a lot more suspicious.

emilsedgh 12 hours ago 6 replies      
Something similar happened to me on Facebook.

There was someone I was meeting in real life but we had absolutely no FB connections. No mutual friends. And I didn't even know she was on Facebook.

Suddenly I saw her on my 'Suggested friends' list.

The only reasonable explanation is that she found me on Facebook and viewed my profile.Facebook saved the incident and suggested her to me as a friend.

Facebook forgets nothing. Nothing.

werber 24 minutes ago 0 replies      
I've had this happen to me several times with guys I met on Scruff. It be nice if there was an across the web ghosting tool for bad dates.
unfortunateface 27 minutes ago 1 reply      
Facebook App copies your phone book.

Facebook App copies your matches phone book.

Facebook finds that your phone book contains your matches number and vice-versa.

Facebook suggests your match as a friend and vice-versa.

Nice and simple.

drugsAreBad0001 8 hours ago 2 replies      
> He says this whole issue is mainly down to your phone number.

> Facebook goes through your phone book ... you give it permission to do this when you install the app.

This is 100% demonstrably false. It literally comes down to advertising/tracking.

Because tinder is ad-supported for the free app, they're sending data directly to advertising networks (of which Facebook is one), and that's being used to track you. Period.

On iPhones an app specifically has to ask for permission to read your contacts beforehand. There's nothing "implicit" about that, you literally have to agree it explicitly.

I really wish the COO at a Security research company wouldn't spew nonsense. And people wonder why the general public is misinformed as to the harm of advertisers/tracking.

amelius 1 hour ago 0 replies      
This is why I want the ability to "sandbox" my apps, so even though they might want to have access to e.g. my telephone numbers, they can't because the sandbox will hide them.
breatheoften 11 hours ago 1 reply      
This article doesn't make anything clear - though it attempts to make the suggestion that the different social networks are communicating information about your activities across networks. In reality it seems as tho many of these social networks are actually just using very similar inputs to their people suggestion algorithms (on Facebook to suggest people you might want to be friends with, on dating networks to suggest people you might want to date). Since many of these suggestions are made to you based on your phone number or device location, you are likely to see the same people suggested to you by these different networks even tho they are not sharing data about your activities.
Systemic33 11 hours ago 0 replies      
Most likely this is because someone on the dating profile saw the persons profile, thought it was interesting enough to 'dox' the person.

If people knew how little information is needed to get started they would be either terrified or amazed.

First name + Location + Instagram profile and you are already off to a good start. And maybe there's a picture from some marathon you participated in, and they might have an online list of participants, narrow down to matching first names, then look them up on facebook.

What facebook then sees mimics person A trying to find his new friend person B, which makes it natural to include this person on the other "do you know list"

wodenokoto 4 hours ago 0 replies      
I'm getting tired of how aggressive Facebook is at suggesting new friends.

Facebook sends me phone notifications telling me they've found someone I might know. I get it if it was a new profile and they want the ball rolling, but I have over 900 friends on Facebook already, many I can barely remember where I've met. Why do I need more people I barely know?

What is it that makes Facebook think their app is more engaging if my friend list if full of people I barely know and never interact with?

monochromatic 9 hours ago 1 reply      
The Facebook app on iOS isn't listed as having requested access to my contacts. Is this just an Android thing? Or does the app have some way of sneakily getting access?
Krizzly 6 hours ago 1 reply      
My husband told me that his customers show up as suggested friends on Facebook. We always thought it had something to do with Whatsapp and Facebook. Now I guess it's just because he uses the Facebook app on his work phone. Crazy stuff!
newman314 11 hours ago 1 reply      
I think this goes well beyond that. I've had FB suggest neighbors to me even though we have never exchanged emails or friends etc.
siliconc0w 11 hours ago 0 replies      
The article has lots of words and stupid pictures so here is a summary: if you give someone your number (via any app or medium) and they have the FB app installed, it will recognize it as the number of a user and trigger the friend suggestion.

The best way to handle the advent of this information is to treat your public facebook profile as public information and assume even the creepiest stalkeriest guy on the internet has access to it. Cause they do.

Idontagree 9 hours ago 0 replies      
Sounds like someone's lying.
multinglets 11 hours ago 2 replies      
Yeah, I haven't actually used facebook for anything in years, so now I'm deleting my account and I will use a temporary phone for any future situation where I need it.

I will also be going out of my way to spread as much FUD among my less tech savvy friends as I possibly can.

Go Zuck yourself, Mark.

Animats 7 hours ago 0 replies      
Facebook is fighting back. The drag queens didn't like Facebook's "real names" policy. So Facebook is showing that it can infer the connections anyway.
Banknotes for a Japanese-occupied Hawaii atlasobscura.com
47 points by Thorondor  12 hours ago   2 comments top
strictnein 7 hours ago 1 reply      
Considering the problems people occasionally have spending $2 bills, I could only imagine the reaction you'd get trying to use one of these.
Experimental smartphone app for touchless map control via accelerometer github.com
14 points by matell  7 hours ago   3 comments top
tylerpachal 4 hours ago 1 reply      
I always thought it would be a neat HCI (or similar) experiment to create an app without any buttons. It would probably end up being a UX nightmare but the point would be to challenge the long held monopoly of the button/radio-button/checkbox/menu/etc gui elements that are present in every app.
       cached 15 October 2015 13:02:05 GMT