hacker news with inline top comments    .. more ..    19 Oct 2015 News
home   ask   best   4 years ago   
OpenSSH for Windows update msdn.com
114 points by ghurlman  1 hour ago   57 comments top 12
nailer 1 hour ago 3 replies      
> Leverage Windows crypto apis instead of OpenSSL/LibreSSL and run as Windows Service

Was wondering about that. I'm surprised the OpenBSD team is accepting the commits - something so fundamental and Windows specific doesn't seem like their kind of thing - but great!

PS. If you're coming from a Unix background and interested in learning posh: https://certsimple.com/rosetta-stone

kasabali 1 hour ago 4 replies      
> Address POSIX compatibility concerns

Best way to address POSIX compatibility concerns is implementing a proper POSIX layer in Windows (and not in a half-baked manner like the now deprecated SUA). I can't imagine how it would hurt anybody.

voltagex_ 5 minutes ago 0 replies      
Interesting, they're still using MinGW. I wonder if they'll ever get it to build under MSVC?
mavhc 1 hour ago 2 replies      
I suggest making Update update, ie lower case, I was confused as to why Windows Update was getting ssh
gionn 1 hour ago 3 replies      
I am waiting the moment when I can throw away WinRM and SSH to all the servers.
csours 1 hour ago 0 replies      
Very off topic - I thought that publically was a mis-spelling, but apparently it may be acceptable now!


alpb 1 hour ago 0 replies      
For those interested the source code is here: https://github.com/PowerShell/Win32-OpenSSH/
callesgg 28 minutes ago 0 replies      
That is great, i have tried some ssh servers for windows they have all been constantly crashing or not working with ssh keys.
cakes 43 minutes ago 1 reply      
I'm interested in how this is going to work in PowerShell with the way everything works now, if there happen to be any details about that (whether here, somewhere else, or a past link)?
phippsbrad 1 hour ago 2 replies      
I have had really good luck with this open source, native windows, ssh server. http://www.kpym.com/2/kpym/index.htmI have no affiliation with the project, i just thought i'd mention that it is a nice alternative i found.
switch007 43 minutes ago 0 replies      
The comment submit button doesn't even work in Safari. That must have taken some effort to break.
angersock 47 minutes ago 4 replies      
Out of curiosity...why run this as a service?

EDIT: I misread this and though it was only a client. Geez. If it's a server, then of course it should be a service.

The UK is replacing roundabouts with traffic lights; US is doing the opposite theguardian.com
31 points by jonathansizz  56 minutes ago   29 comments top 9
zb 30 minutes ago 5 replies      
I don't see roundabouts as a replacement for traffic lights in the US. Above a certain traffic volume, you'll almost always want to move to traffic lights anyway. They're actually a replacement for the 4-way Stop - a ridiculous type of intersection that ought not to exist.
mixmastamyk 32 minutes ago 3 replies      
The question should be, what is best for this particular intersection in the near future? The two designs have different characteristics.

My understanding is that roundabouts are best when traffic is low, when it gets heavy they become much less efficient. Lights, while a lot of overhead in low traffic, scale better. There's also the question of space required.

Since the UK may have too many roundabouts due to traffic growth, and the US virtually none, they could both be building the opposite and making the right choice.

rwmj 36 minutes ago 0 replies      
There seems to be no data supporting the article's assertion that roundabouts are being replaced by traffic lights across the UK as a whole. I'll add my own anecdata: many more roundabouts are being built in my area of the UK. There are also roundabouts with traffic lights.

As a driver, I much prefer roundabouts. When I'm cycling, I just prefer roads with fewer cars and can't wait for self-driving cars, since at least they won't be driven by idiots.

There are safer roundabout designs used in Holland: http://www.aviewfromthecyclepath.com/2014/05/the-best-rounda...

Sanddancer 27 minutes ago 0 replies      
The headline makes it sound like it's a wholesale thing, but from how the article describes it, traffic agencies in both countries are discovering that some intersections are more useful, safer, etc if they had a different kind of traffic control. As information disperses, it becomes easier for engineers from different countries to share ideas and knowledge to figure out what the best course of action is for a certain type of intersection.
Someone 13 minutes ago 0 replies      
"Cyclists have a demonstrably harder time with roundabouts."

As the text acknowledges, a lot depends on the design of the roundabout. Just last week, we got https://bicycledutch.wordpress.com/2015/10/13/explaining-the..., which explains the current thinking of the dutch on roundabout design.

Also, roundabouts have become more popular, but traffic deaths certainly haven't gone up in the Netherlands (https://www.swov.nl/rapport/Factsheets/UK/FS_Road_fatalities...).

chrismealy 9 minutes ago 0 replies      
Dutch roundabouts are the best. Lots of videos here:


vermontdevil 14 minutes ago 0 replies      
Wow I can't even. I live in Carmel, IN - basically the roundabout capital of USA. We just built our 100th roundabout and have several more near completion. Love them. Far better than traffic lights.

So weird to see the reason we have them is due to our Mayor visiting England many years ago. Now they are going the other way. Did their mayor or someone visit us and fell in love with traffic lights?

stormcrowsx 35 minutes ago 0 replies      
I could see roundabouts being an advantage on smaller one or two lane streets but beyond that it seems like it would get dangerous fast.
hugh4 34 minutes ago 1 reply      
It's possible they're both being sensible. Roundabouts are certainly under utilised in the US (unlike those awful four-way stop signs which are particularly hellish for law-abiding cyclists) so putting more in is a good move.

However, as traffic at any particular intersection increases it eventually may make sense to replace a roundabout with a traffic light. Roundabouts can handle large amounts of traffic, but only if they're large roundabouts -- if you can't expand the actual road space then the traffic light is the best move.

First chapter of Kernighan and Donovan's new Go book [pdf] gopl.io
251 points by rexignis  5 hours ago   150 comments top 22
nimrody 1 hour ago 1 reply      
"Typeset by the authors in Minion Pro, Lato, and Consolas, using Go, groff, ghostscript, and a host of other open-source Unix tools. Figures were created in Google Drawings."

groff still going strong... although it seems like Kernighan got tired of drawing using the 'pic' language...

realrocker 5 hours ago 5 replies      
From the book:

"But it has comparatively few features and is unlikely to addmore. For instance, it has no implicit numeric conversions, no constructors or destructors, nooperator overloading, no default parameter values, no inheritance, no generics, no exceptions,no macros, no function annotations, and no thread-local storage."

Omnipresent 5 hours ago 13 replies      
To those in the Go community:

- What is Go well suited for other than network programming? - Why might one decide to write the backend API of their web app in Go, compared to say Grails, Python etc.

Animats 2 hours ago 1 reply      
This is much better than the previous Go documentation, particularly in the concurrency area. The previous Go documentation introduced goroutines and channels, stated the mantra "share by communicating, not by sharing", and then gave examples with variables shared between goroutines.

It now seems to be recognized that, in Go, if you want to lock shared data, use the lock primitives. Don't try to construct locking primitives from channels; that's error-prone and hard to read. This new manual seems to recognize this. When they want a shared counter, they use a shared counter with traditional locks.

sinatra 2 hours ago 6 replies      
This is a good place to ask this (because Go posts attract a lot of commenters, even those who dislike Go and like some other language):

Which language/framework would you choose today for writing WebServices? Preferably with the following characteristics: static type (or at least static analysis), easy deployment (ex, generates a single binary like in Go), supports concurrency very well, is small/simple, has good tooling and debug support, and is fun to write. Go (except for good debug support)? Elixir (dunno how good it is with deployment and debugging)?

Armand_Grillet 2 hours ago 0 replies      
I'm currently reading it as I started to program in Golang only one month ago and I'd never heard of goimports, this is a nice tool! Mixing it with GoSublime and it does a really good job http://michaelwhatcott.com/gosublime-goimports/

The book is well written and it looks like it covers a lot of common topics, I think I'm gonna buy it.

middleclick 5 hours ago 6 replies      
Question for the Go experts out there: does it make sense to buy this book to learn Go or are there better tutorials/books?
vezzy-fnord 5 hours ago 2 replies      
Interesting to see that the direct lineage from Pike's prior languages and CSP experiments is reaffirmed. I wrote about this here earlier, with some notable disagreements in response: https://news.ycombinator.com/item?id=9711639
jasonjei 3 hours ago 1 reply      
Just as K&R introduced us to "Hello, World," I'm amused they adapted their first program to an Unicode world: "Hello, ." Seems like a great first chapter, covering computer graphics and web server/byte fetching to boot.
srtjstjsj 5 hours ago 0 replies      
Link is to Chapter 1 with no context about whole book/availaibility.

Book homepage is here: http://www.gopl.io/

mods, please fix

Several free full Go eBooks listed at http://hackershelf.com/topic/golang/

gjvc 2 hours ago 0 replies      
This is going to be the standard text for the language. The quality of writing is exceptionally good. It's high time the AW professional computing series had another hit.
jfb 4 hours ago 0 replies      
K&R is a great book. Even though I have no interest in Go, I'll read this, just to see if it's as good.
rmcpherson 2 hours ago 2 replies      
I noticed that the lissajous program in 1.4, as included, generates non-random lissajous figures since the random number generator is not seeded. I couldn't find any reference to this in the text and this could be confusing to beginning readers. Is there a recommended way to submit errata?
Artemis2 5 hours ago 1 reply      
The K&R for Go, sounds great!
fsloth 4 hours ago 2 replies      
Would Go provide a viable alternative to C++ for numeric and computer graphics 'kind of stuff'? I have no problem with C++ but the better-than-python proclamations got me intrigued.
rendambathu 3 hours ago 1 reply      
Hope this book is going to be another Epic and Great reference like this gem[1]

[1] http://t3.gstatic.com/images?q=tbn:ANd9GcTK3WbaQiO5mCmvRGtvc...

linuxfan 2 hours ago 0 replies      
Can people post their opinions on static linking of go binaries? Doesn't it result in increased size of runtime binaries when compared to those generated by C/C++?
tyrel 4 hours ago 0 replies      
One of my co-workers preordered this, I hope to skim through it if he brings it into the office.
oconnor663 1 hour ago 0 replies      
> ...its approach to data abstraction and object-oriented programming is unusually flexible.

I'm not sure I can get behind that without generics.

peter303 3 hours ago 1 reply      
I still prefer forced data abstraction, i.e. classes as a core construct. GO does not force that. Data abstraction, when properly done maps the code more closely into the problem domain to be solved. In the long run that makes the code more maintainable and extensible.
ape4 4 hours ago 2 replies      
er, they left a couple things out of the family tree (page xii). Like C++, Java, C#, ...
claystu 5 hours ago 1 reply      
I have no idea what they will specifically say regarding calling C from Go, but the table of contents says that part is only going to be about five pages.

I really wish they would beef up this portion of the book.

Beware mathiness: Algebra and data to reinforce ideological preconceptions johnkay.com
50 points by nkurz  2 hours ago   25 comments top 9
triplesec 1 hour ago 1 reply      
This is an interesting, if rather flawed, blog post. From what I can see, he says this (skip bullet points if you have read it):

- Mathiness is truthiness, but in the way that putting down any mathematical symbols lends an air of intelligence and truth to an argument, for many people, especially those who don't or can't take the time to understand the argument logic.

- Then he explains how economics data are not as easy to construct with universal agreement as with, say, physics (temperature). Agreement on practical action is hard when contrary frames and interpretations appear valid.

- He then mentions how this might be a problem for defining capital and other constructs for Piketty, but without any useful argument beyond this assertion.

- He then contrasts Feynman's integrity, trying to disprove his own work to make it better, to economist George Stigler's rhetorical style of conviction, ignoring contrary arguments, and playing the polemicist.

- He then mentions Isaiah Berlin's distinction between foxes who know little about something , and hedgehogs who know one big thing.

All these are interesting frames by which to compare and contrast various things. Yet his analysis, after bringing in all these ideas, is just to say that economics needs both careful analysis and effective rhetoric. Well, duh, but how does this tie into all the great setups he's made so far?

And mathy people are good at neither rhetoric nor polemic? But surely, if you're afraid of these people, they would be a mathy person who is using rhetoric to undermine the real philosophy and logic that should - pace Plato - be informing the argument.

It's a post full of story and setup, but as yet, signifying nothing.

bbq 1 hour ago 4 replies      
The author goes from

Every careful person equipped with a reliable thermometer will make the same reading of temperature. There are alternative scales, Fahrenheit and Celsius, but both record the same thing...


Economics is genuinely harder. National income is a more complicated concept than temperature, and there are plausible alternative sets of rules for calculating it. Serious minded statisticians have spent many years discussing these issues, and there is now a UN-sponsored standardised system of national accounts.

But it is easy to write a mathematical symbol without giving thought to what observable fact in the real world corresponds to that symbol, or whether there is such an observable fact at all.

But isn't that exactly how we settled on the truth of temperature? Years of debate about what the right constructs for defining temperature mathematically are?

Fede_V 41 minutes ago 0 replies      
I blogged about a very similar topic (in biology) over a year ago: http://federicov.github.io/Blog/deception-by-mathematics.htm...

People give a lot of authority to mathematics, because mathematics is immensely powerful to explain the natural world. This unfortunately leaves the opening for charlatans to do fake math and lend their garbage research a completely unwarranted air of legitimacy.

matt4077 1 hour ago 0 replies      
This seems to be closely related to Feynman's "Cargo Cult Science", the use of the form and mannerisms of hard science to lend legitimacy to research or opinions that actually lack evidence.


spikels 1 hour ago 0 replies      
This is a political argument in the economics profession. Beyond the obvious points that math/data can be used to obscure weak arguments and that idealogical binders are bad for clear thought, Romer is simply attacking his political opponents. Oddly going after George Stigler - a Nobel winner who died 25 years ago who Robert Solow said "was never an ideologue."
raincom 1 hour ago 1 reply      
What mathematical models do: provide ad-hoc support. It is better to call them out for what they are: ad hoc explanations do not contribute to sciences.
newyankee 1 hour ago 0 replies      
is there an objective alternative to more data and more assumptions ?
Mz 47 minutes ago 0 replies      
AKA "garbage in, garbage out." If you like this piece, you might also enjoy "How to lie with statistics." There appear to be free copies currently available online: http://www.bing.com/search?q=How+to+Lie+with+Statistics+PDF&...

I am having technical difficulties preventing me from directly checking specific links.

obrero 1 hour ago 4 replies      
> attention given to the work of Thomas Piketty, with serious questions raised about the relationship between his data, his theory and the political stance which motivates his work.

Yes, you see, there are ideologically-driven economists like Piketty, who have a political stance. Then there are are the fair, neutral, unbiased economists who disagree with Piketty, who are only motivated by the search for the truth.

Windchill Refrigerator: Cheap device to keep food cold without electricity cbc.ca
29 points by nkurz  1 hour ago   7 comments top 3
msandford 1 hour ago 0 replies      
It's cool that they're tackling problems in the developing world, but it's nothing revolutionary. Evaporative cooling only works in places with low humidity, and their design requires low ground temperatures and a substantial amount of installed infrastructure.

It might be cheap enough and practical enough for locals to install themselves in the places where the low humidity and cooler ground temperatures would allow it to work. But if you put this device anywhere between say 35 degrees north and 35 degrees south it probably won't work very well because the average ground temperature will be too high.

zdean 1 hour ago 2 replies      
Glad they're thinking of new ways of tackling this...though a much cheaper ($1/unit) and easier to make solution exists (invented in 1990s):


dools 32 minutes ago 0 replies      
Are the 2 statistics presented in any way related? They say a quarter to a half of the food in the world is wasted and 70% of rural Africa doesn't have electricity but is the food waste occuring in those regions due to a lack of electricity? There are plenty of food systems that don't rely on refrigeration. The food waste is occuring in places with adequate refrigeration, but because food is too cheap and people are lazy!
Wikipedia is significantly amplifying the impact of Open Access publications lse.ac.uk
28 points by lermontov  2 hours ago   1 comment top
striking 1 hour ago 0 replies      
Yet they seem to be promoting very closed publications as well. Interesting. http://arstechnica.com/science/2015/09/wikigate-raises-quest...
X-Ray Scans Expose Chip-And-Pin Card Hack wired.com
98 points by miralabs  4 hours ago   89 comments top 13
ajross 3 hours ago 9 replies      
FTA: A fraudulent chip can listen for that query and pre-empt the real chip with its own answer: a yes signal regardless of whatever random PIN the fraudster has entered. The attacker intercepts the PIN query and replies that its correct, whatever the code is,

Wait, what? How is that the protocol? There's no two way validation at all? The chip just says "yes"?!

Can anyone with knowledge of details confirm? This seems isomorphic to my ears with "the PIN is just security theater".

JimmaDaRustla 2 hours ago 2 replies      
This is technically old news - as the article states, it has since been resolved. Edit: I guess they're shedding new light on how they performed the hack.

Another thing, in context of USA, is that the authentication being done isn't much of a vulnerability as this only applies to offline chip transactions. In the USA (I believe) and here in Canada, all transactions are online, which means the pin will be rejected by your financial institute's back end systems in these scenarios.

These types of hacks have since been corrected using what is called CDA (Combined Data Authentication). Blurb on SDA/DDA/CDA here: http://www.cryptomathic.com/hubfs/docs/cryptomathic_white_pa...

Edit: Many Canadian financial institutes still use the weakest data authentication (SDA) because all transactions go online - spoofing a card PIN verification response doesn't fool the back-end system. Visa and Mastercard both have mandates to have newly issued cards be provisioned on chips with CDA (I believe, could be DDA which would still be susceptible to this attack).

Edit 2: When I say "offline", I mean at a point of sale machine - the POS does not reach out to the payment network to perform an "online" transaction where the PIN and card are validated by the back-end systems.

Edit 3: The article doesn't give EMVCo any credit for actually solving the issue before any real world hack was known to exist.

kbenson 3 hours ago 3 replies      
That's amazing. They were able to MITM the chip-and-pin chip by taking it out and attaching it to another hobbyist chip that's capable of spoofing the response, and the whole thing when put back in the card was only a slight bulge bigger than the original.

They say nearly 600k Euros were charged, but given the sophistication of the attack, I wouldn't be surprised if we hear later that it was in use at different locations as well, and we just aren't hearing about it because they haven't caught those people yet. They only caught these ones because they kept going back to the same locations.

Sleaker 3 hours ago 5 replies      
I'm dealing with development on some of this right now for US based POS customers and so far everything I've been told is that the US isn't even going to attempt to utilize the PIN entry capabilities, so we're still using signature validation in case of fraud. I'm not sure how this is any better than MSRs. The whole spoofing PIN validation thing doesn't even come into play because it's not even going to be checked.
ljk 15 minutes ago 0 replies      
So is the safest way just to use cash?
nathanb 1 hour ago 1 reply      
Let's not lose sight of one thing -- this doesn't make chip-and-pin less secure than swipe-and-sign, it just makes it no more secure, in the worst case.
893helios 3 hours ago 0 replies      
What's this (Chip and Pin) being crap already disclosed here?https://media.blackhat.com/bh-us-11/Laurie/BH_US_11_Laurie_C...
klagermkii 2 hours ago 1 reply      
Watched this a couple of days ago and found it quite interesting talking about C&P flaws https://www.youtube.com/watch?v=Ks0SOn8hjG8
bmsleight_ 3 hours ago 1 reply      
coleca 2 hours ago 0 replies      
> "They also note that other protections have been added to the system at the network level, which they decline to detail for fear of tipping off criminals."

Security by obscurity. That's always a good plan. I'm sure that folks who went through all this trouble to design this hack wouldn't ever be able to find that information. </sarcasm>

derekp7 3 hours ago 0 replies      
I was under the impression that the card created a cryptographic signature on the transaction, and the card had to receive the correct pin before it would sign it. Which is why you have to leave the card in the reader until the total is completed. Is this really not the case? Or does the card still cryptographically sign the transaction, but doesn't process the PIN first (other than answering valid/invalid)?
ck2 46 minutes ago 0 replies      
So those millions spent replacing everyone's card and all the vendors merchant machines was a waste.

Besides you can just use the chipped card online without the chip or pin?

jgalt212 2 hours ago 0 replies      
pretty lame if the card can just say "yes" no matter what PIN is entered.

Away from being a proprietary tech, I'm not sure why fingerprinting the magnetic stripe never took off. It seems so much simpler, and if you cannot rearrange iron at the molecular level impossible to replicate.


MariaDB 10.1 can do 1M queries per second mariadb.org
53 points by bratao  2 hours ago   25 comments top 6
bratao 2 hours ago 3 replies      
MariaDB recently released the version 10.1 as GA. https://blog.mariadb.org/mariadb-10-1-is-stable-ga/

We been using it for a large dataset, and has been fantastic. Compared to MySQL 5.7 and PostgreSQL, it have the advantage of supporting the TokuDB engine out of box. My data uncompressed is 3TB, with it , we can fit in 300GB with all indexes.Read Free Replication with TokuDB (https://github.com/percona/tokudb-engine/wiki/Read-Free-Repl...) also enable us to have a very cheap VPS as slave.

suneilp 1 hour ago 3 replies      
This is sorta misleading. A quote from the article, "The changes in the MariaDB source code leading to those impressive performance improvements are part of porting MariaDB to Power8."

Pretty frustrating. I was pretty excited since MariaDB is a drop in replacement for MySQL (more or less). But you have to use it on a totally different architecture which can't be justified without a lot of deliberation.

no1youknowz 1 hour ago 2 replies      
I see that fractal tree indexing was brought up back in 2003 for PG. http://www.postgresql.org/message-id/511B5F12.7060500@vmware...

But I don't see any patches. Would love to see something like this developed.

Also isn't there cstore_fdw for PG for compression? Although I know there are limitaitons with this, which has prevented me from using it. :(

claudiug 1 hour ago 0 replies      
I'm curious, does anybody know what are the advantages over PG?

Pg, have a lot of tractions this days, I use it for quite a while, but I never use mariaDB. So, I will be quite curious about features wise :)

programminggeek 26 minutes ago 0 replies      
How does this compare to the standard MySQL performance?
arthursilva 1 hour ago 0 replies      
Actually, yes.
Intelligent intelligence Just how good are government analysts? economist.com
56 points by kawera  4 hours ago   15 comments top 6
bcroesch 2 hours ago 1 reply      
For anyone who is interested in this topic, Dr. Tetlock just released a new book about it (http://www.amazon.com/Superforecasting-The-Art-Science-Predi...).

We're also hosting a public forecasting tournament for him and his team that focuses on geo-political forecasting: https://www.gjopen.com/

AndrewKemendo 1 hour ago 0 replies      
For what it's worth, there is no method that goes untested for forecasting. The CIA's Sherman Kent school is a treasure trove of analytical methods, techniques and processes that have been studied and implemented over the decades. A lot of the research has been put online for free [1].

As the article states, nobody outside of the business will ever hear about 99.9% of successful intelligence work done, and 90% of the people inside won't hear about it either. So unless you are directly involved in analysis, colletions or operations, it's impossible to get a good feel for efficacy.


presidentender 2 hours ago 1 reply      
The more famous an analyst is, the more likely he is to be confident in his abilities, and the less likely to second-guess himself, to analyze his analysis. Those analysts who must defend their work to superiors do a better job.

The same thing seems to happen in other lines of work - when an engineer is accountable to code review, he might do better. When an author is subject to the will of an editor, his work is ultimately achieved faster, and with better quality; witness George RR Martin's speed on the first three books in A Song of Ice and Fire versus the glacial pace of the last two.

lnlyplnt 2 hours ago 4 replies      
Very Interesting, though I still wonder if intelligence agencies can out perform betting markets (at least on questions with enough interest to be able to generate a liquid price).
MichaelGG 2 hours ago 0 replies      
> they were underselling themselves, tending to err more than necessary on the side of uncertainty

That's not how it works. If you consistently misreport your calibration, you're still miscalibrated. Consumers of the intelligence would (should) notice the miscalibration and correct for it, regardless of direction.

jessaustin 2 hours ago 1 reply      
Intelligence "works" in the same sense that torture does: to further the unstated private interest of whoever hired the intelligence and torture agencies. If we're interested in the truth rather than The Truth, we can't trust non-public sources that have repeatedly failed in public ways.
The Little Gear That Could Reshape the Jet Engine bloomberg.com
42 points by nether  2 hours ago   24 comments top 6
knodi123 1 hour ago 1 reply      
> what may be most remarkable about the engines is that they took almost 30 years to develop. Thats about 15 times as long as the gestation period of an elephant

Who the hell is running their analogy department?!?

"Thirty years! That's a big number! We need some kind of comparison that will instantly give the reader perspective. Of course, in this, as in so many other things, the answer lies in pachydermian pregnancy patterns."

Animats 45 minutes ago 0 replies      
There's a long negative history of high-speed gearing. Jet engines have one big rotating unit, and that basic simplicity is good for reliability. Turboprops have a gearbox, and fragile, high-maintenance gearboxes are a long-standing problem with turboprops. Adding a gearbox without reducing reliability is a major achievement.
mhandley 50 minutes ago 3 replies      
I wonder if instead of gearing a single large fan, you could just remove the fan from the turbine altogether, add a much larger alternator, and power several large electric external fans from each turbine? That would give you more fan area than you can get with a geared turbofan, optimal fan speed for efficiency, redundancy in case one of the fans suffered damage, allow cross-routing of power between turbines if one turbine failed, and not require quite such large fans so they'd fit under the wings more easily.
JSeymourATL 2 hours ago 2 replies      
The Silicon Valley guys seem to have the attention span of 3-year-olds.
dognotdog 55 minutes ago 1 reply      
It'd be interesting to know what exactly they are doing in the gearbox, apart from the flexible mount to absorb excess torque. New materials? Surface treatments? Special lubrication?
callesgg 1 hour ago 2 replies      
30 years. I do wonder if that is true. Did they actually developed it under a time period of 30 years.or do they mean it more in a way that it is a continuation of previous models.
Parkinson's patients 'walk and talk again' after receiving cancer drug in trial independent.co.uk
68 points by AndrewDucker  7 hours ago   15 comments top 4
kosievdmerwe 2 hours ago 0 replies      
It reminds me of using Zolpidem to wake up vegetative people: http://www.nytimes.com/2011/12/04/magazine/can-ambien-wake-m...
rsync 1 hour ago 9 replies      
Propecia was "designed" as a prostate drug, but didn't do so well ... but mystery unexpected side effect! Kind-of-sort-of baldness cure! So yeah, that's what that drug is for.

Nilotinib was "designed" as a leukemia treatment, but ... didn't go so well.[1] Oops, just kidding - it's a parkinsons/dementia treatment!

(also, one of the erectile dysfunction drugs, I forget which one, was also "designed" for something similarly unrelated...)

The real headline here is that these people have no fucking idea what they are doing. They are throwing shit at the wall to see what sticks and then informing the marketing department as to which side effects were the most interesting.

This dovetails nicely with their other favorite activity: finding efficacious natural compounds and then tweaking them just enough into a synthetic compound that can be patented.

[1] "Interim results showed Tasigna is unlikely to demonstrate superiority compared to Novartis's Glivec (imatinib)*, the current standard of care in this setting." (wikipedia)

msie 1 hour ago 0 replies      
This is great news!

But despite the apparent striking effects, doctors have cautioned against great expectations for the drug at this stage as there was no control group or placebo used in the study for comparison.

Heh, of course. But right now it could be used as an off-label treatment?

jjudge 2 hours ago 0 replies      
This was covered on NPR's Morning Edition too http://www.npr.org/sections/health-shots/2015/10/17/44832391...
Prohibition was primarily the work of one pressure group vox.com
51 points by jsnider3  4 hours ago   65 comments top 9
mschuster91 2 hours ago 1 reply      
Just look at the millions of dollars pot alone creates in tax revenue.

In a decade we will look back and think "how could we be so stupid for decades".

And I'm looking forward when "harder" drugs like cocaine, meth and heroin are legalized or at least tolerated - no more drug turf wars, no more shadow states in Latin America, and especially far fewer deaths and medical issues from contaminated drugs.

Drugs are actually pretty safe, what makes them so incredibly dangerous is the contamination happening in the supply chain, from unclean manufacturing over normal degradation due to improper handling to stretching at the dealer level.

oldmanjay 2 hours ago 0 replies      
There is no shortage of people who know exactly how you are supposed to live. Some of them get organized enough to convince the power structures to force you.

I oppose these efforts wholeheartedly even when I agree with the aims. Unintended consequences are the order of the day when you dabble in saving people.

AlwaysBCoding 2 hours ago 1 reply      
Also, Prohibition was enacted via a constitutional amendment, yet a large portion of people simply ignored it. It always gets understated what a massive crisis this ended up being for the integrity of the US Constitution. If one amendment was seen as optional by an increasingly larger group of people, maybe the others would be as well. It was important for the integrity of the government that they repeal the amendment. I have a feeling if prohibition were enacted via a complicated loophole like the one that keeps the horrible 21 drinking age afloat it would have been much harder to repeal in full.
forgingahead 2 hours ago 2 replies      
But one thing many don't know is that Prohibition did, in fact, reduce alcohol consumption: As Okrent told me, tax stamps from before and after Prohibition's passage suggest there was, indeed, a decline in drinking one that was sustained for several years.

What? If there is a large illegal markets for alcohol sales, how can tax stamps be considered an indication of alcohol sales?

brandonmenc 3 hours ago 6 replies      
> The campaign behind Prohibition was hugely successful and may have inspired the NRA's modern tactics

I see the NRA adopting something more akin to pro-choice advocacy - a zero compromise scorched earth policy, where any attempt to discuss banning the most extreme products (late term abortions, unlicensed fully automatic weapons) results in arguing uphill against a slippery slope.

(disclaimer: I am an NRA member)

forrestthewoods 1 hour ago 0 replies      
Comparing a group that wants to take things away to a group that wants things to not be taken away is questionable.
anigbrowl 35 minutes ago 0 replies      
There's a lightly fictionalized account of how this was engineered in Richard (Manchurian Candidate) Condon's largely-forgotten novel Mile High.
microcolonel 2 hours ago 4 replies      
I can't really tell what they're trying to say here.

The repression involved in the implementation of alcohol prohibition had an effect of pushing a common and integral part of society into the black market.

The NRA is promoting the right to bear arms, and actually it would seem that the effect they're seeking should be the exact opposite.

Effectively, as prohibition pushed a polite leisure into the black market. The NRA's goal appears to be the exact opposite: that is, to keep a polite leisure out of the black market.

I don't think German understands the irony of this, because I get the impression that they want to compare the moral status of the prohibition movement to the moral status of the NRA.

vaadu 2 hours ago 0 replies      
"There was the incredible advocacy campaign from the Anti-Saloon League, whose anti-alcohol messaging looks like a more fervent version of the National Rifle Association's gun rights messaging today."

You it it right there.

The Donut Hustle theplayerstribune.com
108 points by zavulon  4 hours ago   10 comments top 4
timbrah 2 hours ago 0 replies      
The song "Black Boy Fly" on Kendrick's Good Kid Maad City talks about how he was jealous of Afflalo.


bluedino 1 hour ago 0 replies      
I paid for my first PowerBook G4 this way. I didn't buy the built-in SuperDrive because I knew I'd burn it out in a few months, so I got a Sony FireWire DVD writer.

I had my PC setup with all the file sharing programs, hammering my cable modem 24/7, downloading movies and music. DVD's were $10 and audio CD's were $5.

My main competition was bootleg movies on regular CD's that you could buy at flea markets, gas stations and party store but they had terrible quality. Not just because they had to fit on a CD but many of them were shot in the theater with a handheld video camera, not rips from IRC channels. They were only $5, though.

It was way too much work driving around dropping discs off and I couldn't use my laptop for learning Cocoa, so I stopped doing it after a few months.

wmeredith 53 minutes ago 0 replies      
This is an engaging story, but that's one of the worst, most distracting websites for reading I've ever seen. Random page animations? Fuck off.
webwanderings 4 hours ago 6 replies      
It's a good read, but I don't know what it is teaching. Ethics anyone?
Design and Punish: A Review of Prison Architect killscreendaily.com
20 points by prismatic  3 hours ago   2 comments top
searine 12 minutes ago 1 reply      
That was the most pretentious review I've ever read.

Someone needs to beat this guy over the head with a copy of The Elements of Style, or at the very least confiscate his thesaurus.

Ogo, a new take on personal transportation ogotechnology.com
547 points by prawn  11 hours ago   173 comments top 39
DavidSJ 10 hours ago 4 replies      
Looks very cool.

One thing I noticed about the video introduction is the speaker is explicitly talking to the viewer as if he or she is not the target audience, e.g. "while you and I may take this for granted ..." and "the disabled are exactly the same as you and me ..."

paulsutter 10 hours ago 4 replies      
This looks like a huge improvement over a wheelchair (have you ever tried the joystick control on an electric wheelchair?). Way better mobility.

And it looks cool. Completely the opposite feeling of watching someone on a Segway, which could make even the coolest person look like a mall cop.

ThomPete 9 hours ago 2 replies      
It's very easy to get tied up in valuations, unicorns, growth metrics and living the life as a startups with a great idea but no way to monetize it until you get 500millioner users.

But at the end of the day they most optimal recipe for success still is

1) Find a real problem2) Build a solution3) Start selling

There are alternatives to growth-hacking and content marketing and what other tricks are out there.

Just look around you there are real problem everywhere where the solution doesn't need a marketing budget. It just needs to make itself known. And it's revenue from day one.

Love every single second of this.

nsxwolf 6 hours ago 2 replies      
Is "personal transportation" a new euphemism for "wheelchair"? I've never heard that before.
BillShakespeare 1 hour ago 0 replies      
Saw an article with a little backstory about this on Reddit today - http://www.infoblizzard.com/the-blog-smog/engineer-invents-a...
netcan 9 hours ago 1 reply      
Looks cool, but I don't know anything about this market so I can't really comment directly on utility or prospects. But, to take a tangent:

I think there's a shift that hardware oriented entrepreneurs might mine for some ideas.

Around web 2.0 time there was a shift where people got more comfortable with the internet. They used real names, and pictures without expecting this would inevitably lead to serial killers at the door. Facebook worked because people agreed to tell the internet their name. Online dating went mainstream. Twitter, Linkedin, all sorts of sharing become common. The interesting part is that the technological trends like were only part of the picture. Cultural shifts were just as important.

Tech is cool now, that's the new trend. Where a calculator watch in the 90s would get an 8 year old beat up, todays equivalents are status symbols. Interestingly, glasses became cool in recent years.

So, ideas might be found by looking over old technology that is uncool and seeing if it can be re-imagined as 2015 tech. A regular electric wheelchair is uncool. This segway thing is cool.

One real obvious device to think about Apple-ising is hearing aides. Hearing aids are so uncool 80 year olds don't want to be seen with one. They are all about being small, flesh colored and "invisible." I think there's a decent chance a bright green large ear piece might be cool.

And speaking of hearing aids Can hearing aids improve the hearing of non impaired people. Can you get better than normal hearing from a hearing aid?

rco8786 7 hours ago 1 reply      
Super cool. However I can't look at this thing and not think Wall-E
dfan 10 hours ago 1 reply      
Judging by all the comments here from people who evidently didn't watch the video, they could really use a bit more explanatory text on the home page.
JulianMorrison 10 hours ago 1 reply      
So basically a SegWheelchair then?

That will work for people whose core muscles work, and don't flop or twitch. Which is not everybody. But still a nifty thing.

tajen 10 hours ago 1 reply      
Little marketing point: Shouldn't he put the subscription box on the main page instead of redirecting to another page?

Excellent speech, excellent copy, short presentation. Is it legal not to write one's address and privacy policy?

On the other hand, being European, I... applause him for not displaying the (mandatory) cookie header.

visarga 4 hours ago 0 replies      
Looks great! What if they added spatial navigation by video camera and voice control to cover people who have trouble controlling the chair with their body position.

At least for simple navigation I think the tech is mature enough to make it today. Just make sure to avoid obstacles and people and find your way from A to B.

Couple that with the Google car fitted with an automatic docking station and you have an almost complete system of transport.

JulianMorrison 9 hours ago 7 replies      
One downside I can see for this: it looks like, if the user had a seizure, it would be extremely dangerous. It would keep them in the seat but interpret their movements as erratic hard accelerations and sharp turns.
notahacker 5 hours ago 0 replies      
For those people looking at the guy moving around by shifting in his seat and thinking "I want one!", it looks like this Segway modification is the closest thing you can actually order:http://suigenerisseat.com
london888 3 hours ago 1 reply      
Great idea but I would worry about stability - I'd like to see what happens if people bump into you - can the user get pushed off the seat?
halflings 6 hours ago 1 reply      
> I am not sure I see the appeal of these things.

The example use-case on the video is a paraplegic man. I don't think this is meant for people too lazy to walk on the sidewalk.

agentgt 7 hours ago 1 reply      
I wonder if they have any plans on dealing with stairs. Honestly I think the arm freedom is a big deal so I think they could come up with some novel ideas for stairs or other terrain. Bipedal movement (or I guess any number of legs) is impressive in that it can handle a variety of terrain.

A trite and cheesy observation... it seems we are trying to make machines learn to walk and humans learn to roll :)

All in all I think the product/idea are great.

bluedino 7 hours ago 0 replies      
The market for devices like these is a joke. You fall into two categories, expensive and not that well designed, and inexpensive and very cheaply made overseas.

The problem you need to solve is getting the insurance companies and Medicare to pay for your device. You need lobbying and certifications and all that bureaucracy. No matter how mediocre your product is, you can then sell it like hotcakes.

t0mk 10 hours ago 4 replies      
The site could show a bit more info, e.g. the technical parameters of the thing. It would be interested to see even for the prototype.

Also, is this how New Zealand accent sounds like?

swayvil 5 hours ago 1 reply      
It's the end of man, obviously


erlend_sh 5 hours ago 1 reply      
It suddenly dawned on me that I'll most likely live to experience certain categories of disability that'll grant you access to technology which will make you altogether more able-bodied than the average "non-disabled" person.
AliAdams 10 hours ago 2 replies      
I worry that there might be difficulties leaning over and picking things up without the chair moving.

Imagine dropping something and instinctively leaning over to catch / retrieve it.

bborud 6 hours ago 1 reply      
Unfortunate name.


(I'm probably going to get downvoted for this, but hey, I like to live a little)

makenova 2 hours ago 0 replies      
How long till Segway decides to get litigious?
sspross 8 hours ago 1 reply      
wheelchair from scalevo (ETH zurich), similar "segway tech." including stairclimbing https://www.youtube.com/watch?v=3lb_8nmy90c
wgx 9 hours ago 0 replies      
It's what the Sinclair C5 could have been, if only battery/motor technology had allowed... https://en.wikipedia.org/wiki/Sinclair_C5
simonhughes22 4 hours ago 0 replies      
Wow that's brilliant. Why didn't I think of that!
mirimir 5 hours ago 1 reply      
What I want is a human-sized quad copter :)

Maybe they'll exist by the time I need one.

rotten 11 hours ago 0 replies      
This is right out of Wall-E.
jfmercer 9 hours ago 0 replies      
This is a remarkable innovation. I wish Ogo Tech the best of success.
rasur 11 hours ago 4 replies      
So, this isn't mainly for disabled people, I take it?
sigmonsays 3 hours ago 0 replies      
Looks like a wheel chair for the disabled.
nitin_flanker 11 hours ago 0 replies      
Well the handicapped will feel awesome. This makes them super agile.
yoz-y 10 hours ago 2 replies      
At least for disabled people this is way more useful than a bicycle. The video seems convincing to me.
dalacv 8 hours ago 0 replies      
If we all ride these, do you think that the handicapped will feel less alienated?
BtM909 10 hours ago 3 replies      
I actually saw a disabled guy driving some sort of Segway but with a chair. That seemed more practical and useful compared to this.

This was in Rome which isn't known for its nicely paved streets.

andy_ppp 10 hours ago 2 replies      
Oh god, reminds me of the Wall-E hover chairs used by the humans who have basically ceased moving...


ThinkBeat 11 hours ago 1 reply      
That is a with some pictures of a beefed up wheelchair and almost no information whatsoever.
piyushpr134 10 hours ago 1 reply      
It has come to this that able bodied men and women need a automated wheelchair to roam around! Wow. That shitty future that movies has shown is really here!
Investment in Spanish startups to surpass $500M in 2015 for the first time novobrief.com
43 points by lleims  4 hours ago   17 comments top 5
joeyspn 1 hour ago 1 reply      
This just scratches the surface of what could really be. Spain still is in general a hostile country for entrepreneurs with an anti-innovation government famous for awful decisions like:

- Regulating heavily crowdfunding rendering it unusable

- Eliminating stock options' fiscal incentives [0]

- Taxing the sun in order to protect energy lobbies from solar energy. [1]

- Trying to get a cut from Google News because they're worth it, pass a law for it, and then trying to retract in only few weeks once they saw the page views metrics go south...


Hopefully things will get better once the current ruling party leaves the government in the upcoming December elections. Hopefully...

[0] http://novobrief.com/stock-options-in-spain-startups/

[1] http://www.forbes.com/sites/kellyphillipserb/2013/08/19/out-...

jusben1369 2 hours ago 2 replies      
It's very anecdotal but at Spreedly (my company) we are integrated to around 90 different payment gateways globally and are payments infrastructure. So we have a lot of startup interest. In Europe Spain is second only to the UK in terms of prospects and customers. Sadly I've been told this is may partially because youth unemployment is so high that you might as well start something vs wait around. But either way a headline like this doesn't surprise me as we've clearly seen a large amount of entrepreneurial activity out of Spain.
lleims 1 hour ago 0 replies      
For those interested, here's another article with average salary for engineering jobs in Barcelona: http://novobrief.com/tech-developer-jobs-salaries-barcelona/
scalesolved 1 hour ago 3 replies      
I think the startup scene is growing quite rapidly here (Barcelona) however from my perspective it seems that a lot of founders are from abroad and it saddens me a little as there is a great wealth of talented people here that could be founders or technical founders they just don't seem to realise it!
shostack 1 hour ago 1 reply      
Can anybody comment on the impact the abysmal economy over there has had on the startup scene?

My hypothesis is that the absolute lack of jobs for young people would lead to more startups as necessity is the mother of invention, but it could be that the more immediate day-to-day of putting food on the table might distract from that.

Heroku is no longer the hobbyist's friend jalada.co.uk
92 points by jalada  2 hours ago   46 comments top 13
holografix 0 minutes ago 0 replies      
I for one think it's a good thing Heroku is not joining the herd in a race to the bottom.

$7 dollars a month to run a little app? That's less than I spend on coffee each day and I'm glad that money is going towards differentiated and valuable service.

I have a couple of toy apps, a personal blog and a "not such a toy" app on Heroku and I have used their services for free for AGES - more than fair enough that they make some money.

PascalW 54 minutes ago 2 replies      
Heroku indeed used to be very generous. I totally get why they are making these changes, it's hard to sustain this in the long run.

That said; for hobby stuff I've switched to a cheap VPS plus Dokku [0] and haven't looked back. Works with Heroku buildpacks and even runs custom Dockerfiles if you need anything fancy. Hardly requires any maintenance.

There's a couple of alternatives like Deis [1] and Flynn [2] that offer more advanced features, but they're much more complex and way overkill for my pet projects.

[0] http://progrium.viewdocs.io/dokku/[1] http://deis.io/[2] https://flynn.io/

glogla 43 minutes ago 2 replies      
The author writes about spinning virtual machine from Linode.

There's one cool alternative I found: Hetzner Online[1] leases dedicated hardware that their other customers stopped using or ordered but didn't use, etc. It is in form of reverse auction - unused hardware gets cheaper until someone rents it.

You can get i7-3770 server with 2x3 TB disks and 16 GB RAM for 32 EUR per month. That's not much more money than linode, but it is much beefier and just your (but no SSD). If you pay more you can get something like i7-3770 with 32 GB RAM, 2x3 TB disks and 2x240 GB SSD for 65 EUR a month.

The servers are in Germany, which might be interesting for Europeans who are wary of US cloud companies.

I'm not affiliated with them in any way, I just find their offer cool.

[1]: https://robot.your-server.de/order/market/

savant 54 minutes ago 1 reply      
A reasonable option for hobbyists is Dokku[1], a single-server heroku clone. I'm also pretty excited about Convox[2], and would definitely recommend that early adopters check it out.

I get that people are frustrated with heroku's pricing, but at the end of the day I think that if your side project isn't worth the money you spend on it's hosting, maybe you should look into other side projects? If it's truly not a money-making project, not needing to scale it or have it up 24/7 seems like a reasonable trade-off to not paying for it's hosting.

The number of tools and resources Heroku provides is quite significant, and developing/deploying/maintaining similar solutions is certainly not cheap or easy. Especially at scale.

Disclaimer: I'm one of the Dokku maintainers.

 - [1] http://progrium.viewdocs.io/dokku/ - [2] http://convox.com/

ufmace 26 minutes ago 0 replies      
I can certainly see the point where Heroku comes out wildly overpriced for certain types of hobby-scale apps. I've seen several people recommend dedicated servers via Linode or DigitalOcean instead, which has it's own pluses and minuses - gotta maintain the server, but for a pretty low price, you get something powerful enough to run a 24/7 server + database + whatever other odds and ends your app needs, as long as the demands aren't too high.

I'm wondering how AWS compares, though - running a dedicated, manually managed EC2 instance or ElasticBeanstalk. Seems like you could get your own server, and still have little barrier to scaling as high as anybody could ever need at the touch of a button. Anybody have much insight on that?

brandur 57 minutes ago 0 replies      
Regarding the fifth point on SSL, I agree, but I'd recommend investigating a combined Heroku and Cloudflare stack as I've described here:


You can stay on the free tier of Cloudflare and the hobby tier of Heroku and get full encryption on your custom domain (and without worrying about getting certs issued). This is how I run my more important hobby apps.

And regarding the lack of novelty of `git push heroku master` I'd argue that it's still surprisingly valuable even in modern times. Sure you can do it yourself using a dozen different techniques these days, but as a hobbyist I want to be building apps and not maintaining personal infrastructure.

(Disclaimer: I used to work at Heroku.)

shostack 1 hour ago 4 replies      
While my instinctive reaction to Heroku's shift was "ugh, that sucks, how dare they," I have to say I get it. It is hard to build a successful business with that model given their offering.

However to the comment about "git push heroku master," someone that is an "early" programmer like myself finds that level of simplification helpful when I'm focusing on things like learning all the other things that could go wrong with my Rails Tutorial app.

That said, as I now am at the point of starting to work on projects that I hope to one day be public facing, I'm wondering if there are any recommendations for "Heroku-like" providers with a free tier that stays up 24/7 for super simple Rails and Sinatra apps, perhaps with a DB.

lolsal 52 minutes ago 0 replies      
I think it's still pretty friendly to hobbyists (throw up a quick Flask app for a demo, etc), but it's probably no longer very friendly to 'get everything for free'ists (like 24/7 compute, >512MB ram, etc).

The benefit to me of using something like Heroku is not because I get more CPU/RAM than an equivalently priced Linode instance - the value is in not having to manage a Linode instance at all.

I'd also argue that git-pushing to Heroku is still a lot less friction than dealing with docker images or chef/puppet scripts.

rubyn00bie 40 minutes ago 1 reply      
Not to be rude, but these complaints, minus the "increase" are standard Heroku practice. I see no changes-- in fact, what has changed there, anything?

They're finally too expensive for you, or you outgrew them? They aren't cheap, and never have been, especially for hobbyists.

If you have a hobby, you most likely have more time than money to complete your hobby, so why, why use something like Heroku? The very nature of your activity is to spend your time, not your money, Heroku is only giving you the feeling of savings until you outgrow their nearly worthless free offering. Now you have to spend your time, moving, configuring, and learning an "entirely new" system. Had you done this the first time, you'd have saved money/time.

Yeah... "git push" to deploy is easy[1]-- and if you're new to application development it can be nice, but! It also means you have no idea how to configure or run your app (i.e. deploy). It means you're more vulnerable to your vendors quarterly earnings needs (price hikes), it means you're more vulnerable to vendor technology changes (lock-in), it also means if it ever hits the fan-- you're gonna have oodles of downtime while you learn how to do it "right" the first (nth) time.

FWIW, it's actually really easy to run a VPS that's stable once you learn how to do it properly. Don't fear it, mate. I've always found it nice since none of my projects ever get substantial traffic, I can usually run some auxiliary service I need (like Gitlab) on it too. A two for one, eh?

... One last thing, if you're running a business Heroku might be the right choice (it's up to you to evaluate the risk/reward).

[1] I personally think deploying with Capistrano is a cinch (cap deploy) but it'll take you a lil' bit of effort to set up the first time.

toomuchtodo 1 hour ago 1 reply      
Hobbyists rarely pay the bills. Go upmarket or suffer in perpetual purgatory.
TheMagicHorsey 1 hour ago 2 replies      
Google AppEngine is a good alternative for Python, Go, Java, or PHP web apps.
mesozoic 51 minutes ago 1 reply      
Salesforce gotta pay for the tallest building in San Francisco somehow.
smt88 54 minutes ago 0 replies      
The good news is that, as others have mentioned, there are options for hobbyists that are inexpensive, sometimes free, and sometimes better than Heroku itself.
An Asynchronous Shell Prompt anishathalye.com
42 points by gabamnml  4 hours ago   12 comments top 6
daveloyall 54 minutes ago 1 reply      
If you're like me, none of this made sense at first.

What I was missing: these users have complicated code in their $PS1 or other 'prompt variables', which makes the shell do things every time they change directories.

Indeed, the the title contains the word 'prompt'.

This is apparently a solution for a problem I don't have. (There's no way I'd ever tolerate a slow cd command, async or not!)

jerf 1 hour ago 0 replies      
You know, you could probably build a whole new shell around this whole concept. Solve a couple of the fundamental UI issues (i.e., I don't really want my insertion point or the text I'm editing to be bouncing around as things chunk in) and I wouldn't be surprised you could take this concept further than you might initially think. For instance, one issue I often find I have is stale information as I flip around my shells; if my source plugin was updating in realtime everywhere, that would be useful. And I mean that as just one example of the sort of thing that could be useful if this was taken in deep in a new shell.
micampe 1 hour ago 0 replies      
jacobolus 1 hour ago 1 reply      
One thing that would be nice would be to put the output of shell commands into a separate column from the prompt, with an ability to collapse or expand the output, outliner style. Modern computer displays have lots of extra real estate, theres no reason to require everything to fit into a window 60 or 80 characters wide.
2ton_jeff 1 hour ago 0 replies      
Mosh has this fully sorted too IMO: https://mosh.mit.edu
zobzu 1 hour ago 0 replies      
you could also just type '&' at the end of each command ;-)

What i'd like instead, is based on the same issue/idea, which would be a real "linemode" where your prompt is "locally updated" and anything sent to "the shell" is asynchronous.

This would not fork processes in the background (i want to be able to be selective on that obviously! so it would queue up processes if i dont specify '&' for example) but ensure that you can always get back to the prompt.

This also makes it so that the prompt would be instant over the network as well.

Note that some protocols do support linemode, just not SSH, or obviously not the native common shells either, at least, not without building a forked version

What makes great kids picture books great? medium.com
3 points by choosenick  18 minutes ago   discuss
How MindGeek transformed the economics of porn fusion.net
19 points by fraqed  2 hours ago   1 comment top
Mahn 55 minutes ago 0 replies      
That's a pretty impressive monopoly, for some reason I always thought those "YouTube-like" sites were competing against each other. MindGeek may well turn out to be the Google of porn.
A planning page for asteroids 2009 FD and 2015 TB145 nasa.gov
34 points by intrasight  3 hours ago   13 comments top
intrasight 3 hours ago 3 replies      
Don't know about you, but "2015 TB145" scares the shit out of me. What if the projected trajectory was an earth strike. There'd be no time to react. Humanity really needs to get together to address these existential threats.
Social Skills Are Last Line of Defense for Humans Seeking Work bloomberg.com
28 points by spking  4 hours ago   11 comments top
blumkvist 1 hour ago 2 replies      
Saying robots will replace humans' jobs is like saying in 1999 google will replace teachers.
Advanced x86: Introduction to BiOS and SMM opensecuritytraining.info
24 points by adamnemecek  3 hours ago   discuss
What's New in Go Crypto slideshare.net
7 points by SuperKlaus  1 hour ago   discuss
All Your Modem Are Belong to Us rowetel.com
123 points by zdw  7 hours ago   29 comments top 3
chrissnell 4 hours ago 3 replies      
I've been working on open-source balloon control software [1] for my own balloon project that I've been building on/off for about six years. I am hoping to use a software modem to bridge between the RF and my AX.25 packet reader/writer [2] because I wanted to save weight. Payload weight is the name of the game in the balloon hobby--the lighter your payload, the less you have to inflate your balloon and the higher it will fly before it bursts. Even an ounce matters and the competitive altitude record balloons are invariably tiny, single-board, all-in-one payloads that are built around a single low-power microcontroller.

There are a couple of good open source options for software-based AFSK APRS modem/TNCs:

Dire Wolf: https://github.com/wb2osz/direwolfminimodem: https://github.com/kamalmostafa/minimodem

You'll still need a USB sound card though, which adds weight and cabling. I would love to see some open-source SBC hardware a la Beaglebone Black or RasPi that had a high-quality sound card built onto the board and wired through a Molex-type plug that was suitable to the bumps and bounces of flying.

[1] https://github.com/chrissnell/GoBalloon -- This was my first project in Go and while it works well, it now looks pretty ugly to me with a year and a half of Go experience under my belt.

[2] https://github.com/chrissnell/GoBalloon/blob/master/ax25/dec...

jws 4 hours ago 1 reply      
It's nice living in 2015 when you can code your modem in Octave, an interpreted numerical computation language, and not put an appreciable dent in your available CPU.

He approaches the problem at a higher level than a typical modem, for instance, he uses predictable data in the packets as framing instead of the deficient framing provided by the bit level protocol. When confronted with a corrupted packet he also tries to guess the true content by doing a "what if" analysis on the marginal bits to see if flipping them the other way fixes it.

nikanj 5 hours ago 4 replies      
Lost me at the Windows bit. I thought we were more adult than that by now.
iOS Apps Using Private APIs sourcedna.com
179 points by tptacek  9 hours ago   75 comments top 10
NateLawson 5 hours ago 2 replies      
Hey all, I'm the founder of SourceDNA and happy to answer any questions about how we found this or about binary code search in general.

We take a different approach to understanding code than the traditional antivirus world. Rather than try to hunt for a needle in a haystack, we've created a system for finding anomalies in code that's already published. For example, you can build a set of signatures for "bad apps" and then repeatedly search for them (AV model) or you can profile what makes an app "good" and then look for clusters of apps that deviate from it (SourceDNA).

Consider an ad SDK like Youmi here. They weren't always scraping this private data from your phone. There are some apps that have this library but that version is a typical, only sorta intrusive, ad network.

But, over time, they began adding in these private API calls and obfuscating them. This change sticks out when you track the history of this code and compare to other libraries. There was more and more usage of dlopen/dlsym with string prep functions beforehand. This is quite different from other libraries, where they stick to more common syscalls.

By looking for anomalies, we can be alerted to new trends, whatever the underlying cause. Then we dig into the code to try to figure out what it means, which is still often the hardest part. Still, being able to test our ideas against this huge collection of indexed apps makes it much easier to figure out what's really going on.

makecheck 9 hours ago 8 replies      
I'm actually very surprised this hasn't happened years ago. The power of Objective-C's runtime has always made this pretty straightforward.

Apple can defend against unauthorized calls to even runtime-composed method names though. I can think of a few ways.

They could move as much "private" functionality as possible outside of Objective-C objects entirely, which requires that you know the C function name and makes it obvious when you've linked to it. This should probably be done for at least the really big things like obtaining a device ID or listing processes.

Even if they stick with Objective-C, they could have an obfuscation process internal to Apple that generates names for private methods. Their own developers could use something stable and sane to refer to the methods but each minor iOS update could aggressively change the names. If the methods are regularly breaking with each release and they're much harder to find in the first place, that may be a sufficient deterrent to other developers.

They could make it so that the methods are not even callable outside of certain framework binaries, or they could examine the call stack to require certain parent APIs. At least that way, if you want to call a private API, you have to somehow trick a public API into doing it for you.

And, I think Apple does say somewhere that developers shouldn't use leading underscores for their own APIs. They could hack NSSelectorFromString(), etc. to refuse to return selectors that match certain Apple-reserved patterns in all circumstances.

viraptor 25 minutes ago 0 replies      
Blog about 2 groups discovering the bad apps and reporting it to Apple, but then: "Apple has issued the following statement.Weve identified a group of apps that..." Stay classy Apple - great attribution.
kinofcain 7 hours ago 1 reply      
Seems like a lot of the things they're putting behind private APIs should instead/also be behind a user permission. Getting the list of installed apps, device serial number, and the users email address shouldn't be protected simply with obfuscation.
BinaryIdiot 7 hours ago 2 replies      
I'm not an iOS developer (well, not really; I don't know what I'm doing) but this seems like it would be a really easy thing for Apple to detect. Does Apple simply not care about access to these to the degree of adding in better checking or is there something fundamental about their platform that makes checking for Apple seriously difficult?
a3n 9 hours ago 1 reply      
> Since we also identify SDKs by their binary signatures, we noticed that these functions were all part of a common codebase, the Youmi advertising SDK from China.

> We believe the developers of these apps arent aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmis server, not the apps.

Know your binaries?

peterclary 6 hours ago 1 reply      
"The apps using Youmis SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected." I'll be interested to see what happens to Youmi now that they're blocked from iOS.SDK developers: Consider yourselves warned.
pradn 1 hour ago 1 reply      
How did SourceDNA have access to millions of iOS app binaries? Can anyone just download all the apps in the App Store?
musesum 7 hours ago 1 reply      
This is not new. Check out "Microsoft AARD code" -- an inverted example of surreptitious analytics, in 1992. TL;DR: the beta version of Windows 3.1 showed a warning if user was using DR-DOS, a competing OS. The payload was encrypted and could be triggered in the production version of Win 3.1 by changing a flag.
anonymousDan 6 hours ago 1 reply      
Is it just me or are they totally ripping off the research done by the Iris team and making it sound like they came up with these vulnerabilities themselves? I know they give the researchers a cursory mention, but it's buried at the bottom of the article.
Show HN: Guy Needs Gift Side Project guyneedsgift.com
7 points by easymode  1 hour ago   1 comment top
gknoy 7 minutes ago 0 replies      
Very nice! I looked at them from several perspectives, and saw some neat things. I like that you have curated commentary on each item, and included (I think) referrer links to Amazon. I was pleasantly surprised to be asked if I wanted to be reminded about something -- not sure what triggered that, but it was cool. I'm going to try using this for my amazon wishlist-creation. ;)

It looks very nice. Would you be willing to write about the tech stack you used for this?

Big Data Is Saving This Little Bird fivethirtyeight.com
3 points by kleinsound  1 hour ago   discuss
Mix-And-match Markov Chain Monte Carlo Samplers in Haskell medium.com
6 points by wcbeard10  1 hour ago   discuss
       cached 19 October 2015 22:02:03 GMT