hacker news with inline top comments    .. more ..    20 Feb 2016 News
home   ask   best   3 years ago   
Umberto Eco has died bbc.com
255 points by kawera  4 hours ago   57 comments top 18
zorpner 4 hours ago 1 reply      
Umberto Eco on operating systems and religion, in 1994:

The fact is that the world is divided between users of the Macintosh computer and users of MS-DOS compatible computers. I am firmly of the opinion that the Macintosh is Catholic and that DOS is Protestant. Indeed, the Macintosh is counterreformist and has been influenced by the "ratio studiorum" of the Jesuits. It is cheerful, friendly, conciliatory, it tells the faithful how they must proceed step by step to reach - if not the Kingdom of Heaven - the moment in which their document is printed. It is catechistic: the essence of revelation is dealt with via simple formulae and sumptuous icons. Everyone has a right to salvation.

DOS is Protestant, or even Calvinistic. It allows free interpretation of scripture, demands difficult personal decisions, imposes a subtle hermeneutics upon the user, and takes for granted the idea that not all can reach salvation. To make the system work you need to interpret the program yourself: a long way from the baroque community of revelers, the user is closed within the loneliness of his own inner torment.

You may object that, with the passage to Windows, the DOS universe has come to resemble more closely the counterreformist tolerance of the Macintosh. It's true: Windows represents an Anglican-style schism, big ceremonies in the cathedral, but there is always the possibility of a return to DOS to change things in accordance with bizarre decisions.....

And machine code, which lies beneath both systems (or environments, if you prefer)? Ah, that is to do with the Old Testament, and is Talmudic and cabalistic.

(from here: http://jowett.web.cern.ch/jowett/EcoMACDOS.htm )

schoen 4 hours ago 1 reply      
One remarkable thing about The Name of the Rose is that the characters in it don't think and talk like modern people who happen to have been transported into the Middle Ages. They seem to think differently -- about what's possible, what people can expect from life, how you know things, what counts as an argument...

Possibly my favorite part:

"What you say is very fine, Adso, and I thank you. The order that our mind imagines is like a net, or a ladder, built to attain something. But afterward you must throw the ladder away, because you discover that, even if it was useful, it was meaningless. Er muoz gelchesame die leiter abewerfen, s er an ir ufgestigen . . . . Is that how you say it?"

"That is how it is said in my language. Who told you that?"

"A mystic from your land. He wrote it somewhere, I forget where. And it is not necessary for somebody one day to find that manuscript again. The only truths that are useful are instruments to be thrown away."

The "mystic from your land" was Ludwig Wittgenstein, who said that in his Tractatus 591 years after that conversation was set, in modern rather than medieval German ("Er muss sozusagen die Leiter wegwerfen, nachdem er auf ihr hinaufgestiegen ist") - "he must, so to speak, throw away the ladder after he has climbed up on it".

nappy 2 minutes ago 0 replies      
It's sad to lose such a great thinker.

For those who haven't read anything by Eco but want something more digestible on a Friday evening than a novel, I highly recommend his essay Ur-Fascism. Eco was brilliant and had a clear-eyed view on the lasting impact of the Middle Ages into today... and it's pretty clear how growing up in a fascist society impacted his views.


His reflections on fascism remain as important as ever.

patkai 7 minutes ago 0 replies      
"The Antichrist can be born from piety itself, from excessive love of God or of the truth, as the heretic is born from the saint and the possesed from the seer. Fear prophets, Adso, and those prepared to die for the truth, for as a rule they make many others die with them, often before them, at times instead of them." Umberto Eco, The Name of the Rose, p. 491.
fenomas 4 hours ago 2 replies      
Foucault's Pendulum was maybe the most transformative book I've ever read - it changed how I think about literature (and of course the Knights Templar). Ah well, guess it's time to reread it. :(
officemonkey 4 hours ago 3 replies      
Harper Lee and Umberto Eco in the same day. It's like when Shakespeare and Cervantes died on the same day.
pklausler 4 hours ago 1 reply      
I'm going to re-read The Name of the Rose this weekend and raise a glass in thanks to all the pleasure that this wonderful writer has added to my life.
JoeDaDude 58 minutes ago 0 replies      
In addition to literary works, Umberto Eco also had a hand in designing a card game. The game used custom designed cards to represent characters and verbs which the players would use to tell a story.Some information (and photos) are available at Board Game Geek:


hodwik 3 hours ago 0 replies      
I started reading Numero Zero for the first time a few days ago, and decided to stop, because I had a feeling he might be dying soon. It's the last book of his I have left to read, and I wanted to make sure I had something to read of his after he passed. Sorry I don't have to wait.

RIP -- Mr. Eco. Your books instilled in me the love of reading when no one else could. I will always owe you one.

jplahn 2 hours ago 1 reply      
We read Name of the Rose in my 10th grade English class and it was a tome that challenged us all for the couple of weeks that we pored over it. I love that book. I've read it one other time since then and it's amazing the number of layers that continue to appear when you read it a second (and, presumably, a third) time. When you spend so much time dissecting somebody's work, you develop a sort of relationship with them, one that forms easily when you have a teacher that distills a deep appreciation for the work you're knee deep in trying to understand.

Mr. Eco you will be missed.

blackdev1l 4 hours ago 0 replies      
It's 1:45 am here in Italy and this news is a true shock.
ZephyrP 1 hour ago 0 replies      
Foucault's Pendulum is one of the most interesting books I've ever read. He'll be missed.
rcurry 3 hours ago 0 replies      
I can't believe how many legendary people have died in the last few months. I still remember reading Foucault's Pendulum when it came out in English - I was too young to really dig the story at the time, but I can recall struggling to get my head around some his prose because he was just on a whole different level from the other books I had been reading back then.

I read Baudolino some years ago, but didn't come away from it with the same sense of awe that I got from reading Name of the Rose, or Foucault's Pendulum.

vermontdevil 4 hours ago 0 replies      
I liked the book, The Name of the Rose. Got me hooked on historical fiction books after such as Sarum among others.

Not a bad film too with Sean Connery and Christian Slater.

zouhair 59 minutes ago 0 replies      
Frigging 2016. The hecatomb year.
PavlovsCat 1 hour ago 0 replies      
I didn't read any of his novels (yet), but this I consider one of the most important documents I'm aware of.


If we still think of the totalitarian governments that ruled Europe before the Second World War we can easily say that it would be difficult for them to reappear in the same form in different historical circumstances. If Mussolini's fascism was based upon the idea of a charismatic ruler, on corporatism, on the utopia of the Imperial Fate of Rome, on an imperialistic will to conquer new territories, on an exacerbated nationalism, on the ideal of an entire nation regimented in black shirts, on the rejection of parliamentary democracy, on anti-Semitism, then I have no difficulty in acknowledging that today the Italian Alleanza Nazionale, born from the postwar Fascist Party, MSI, and certainly a right-wing party, has by now very little to do with the old fascism. In the same vein, even though I am much concerned about the various Nazi-like movements that have arisen hereand there in Europe, including Russia, I do not think that Nazism, in its original form, is about to reappear as a nationwide movement.

Nevertheless, even though political regimes can be overthrown, and ideologies can be criticized and disowned, behind a regime and its ideology there is always a way of thinking and feeling, a group of cultural habits, of obscure instincts and unfathomable drives. Is there still another ghost stalking Europe (not to speak of other parts of the world)?

greenyoda 4 hours ago 3 replies      
- This story claims it's a hoax:


"On Friday (February 19) the author's reps officially confirmed that Umberto Eco is not dead. He joins the long list of celebrities who have been victimized by this hoax. He's still alive and well, stop believing what you see on the Internet, they said."

- Wikipedia reverted the notice of his death, saying it was a false rumor:


Edit: Now Wikipedia is saying that he's dead.

Edit2: Now the BBC is reporting his death: https://news.ycombinator.com/item?id=11137855

davidw 5 hours ago 1 reply      
I trust that dang et al will replace the link with one in English when it becomes available.

(Which he/they have, transporting/merging the comments with this story... that was kind of weird)

Snowden: FBI obscuring crucial details in Apple case twitter.com
132 points by Karunamon  3 hours ago   36 comments top 7
nostromo 1 hour ago 2 replies      
The intelligence community never lets a terrorist attack go to waste.

I'm convinced they have a wish list in wait for every tragedy. Next on the list was getting a back door on every cellphone.

mayneack 1 hour ago 2 replies      
Off topic, but this is exactly the scenario that Twitter wants to replace by expanding the tweet size limit. Instead of a picture of text, we could expand to real (presumably searchable) text.
trenchy12 1 hour ago 1 reply      
The phone in question is a government issued work phone? Hadn't heard that before. Pretty big detail that isn't mentioned often.
ayyghost 1 hour ago 4 replies      
I would like to see some clarification on point #5. The only other option I see for the FBI is to continue manually bruteforcing PINs, the arduousness of such a task being why they requested Apple's help in the first place. Is he talking about 0days?
nickysielicki 58 minutes ago 4 replies      
Maybe I'm too far-out there, but what do we really know about the NSA's quantum computing abilities?

Given their budget and their ability to keep things under wraps (eg: consider the scope of PRISM and how they ran that for close to a decade), is it that crazy to think this is a debate they don't care about winning?

Teams at universities made 16 qbit machines something like 5 years ago. D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them. D-wave employs "100+ people" according to Wikipedia. NSA is estimated to have upwards of 30,000.

It makes a lot of sense, then. NSA got caught with their pants down, naturally backlash from it is still happening today. So if your opponents are going to be winning some ground back, the best PR move is to have them win ground that doesn't matter. (Or that won't matter in a couple years.)

I think these debates about the necessity of key escrow and modified firmware are conversations they're having with the intention of losing, to prevent meaningful pushback but to still provide the illusion of it.

It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt or an iPhone passcode could make it all useless.

Edit: wording and some additional comments

notthegov 1 hour ago 0 replies      
He is suggesting that the FBI sees this as an opportunity to set a precedent and doesn't care about the data?

If so, in FBI logic, in the future there could be a more legitimate need for Apple to comply because a suspect could have a WMD. But so far no such threat exists.

However, let's distort the issue and exploit this opportunity now knowing few will go against law enforcement tactics against the San Bernardino killers?

Because they will need the power in the future but the public has to be scared into acting now to prevent the real hypothetical future attack?

jack9 13 minutes ago 0 replies      
I'm a fan of snowden, but this is wrong on so many levels it's hard to understand why anyone thinks his points are valid? This is about privacy and technology - depending on the specifics. I'm not sure what these points are speaking to, because it's none of the relevant issues...I guess it's just to contradict the FBI?

1. Can't prove all when there's data that hasn't been retrieved (encrypted data). What they do have is irrelevant.

2. What they do have is irrelevant...is this a pattern?

3. What they do have is irrelevant. Also, coworkers aren't what they are looking for...wtf

4. Irrelevant...wtf

5. Unsubstantiated and unlikely that Apple has a way to break it's own strong encryption. Apple probably can disable the bricking-by-attempts. If the FBI are so damn confident the 256-bit AES key can be bruteforced, they can damn well do it themselves.

A Technical Perspective on the Apple iPhone Case eff.org
85 points by blubg  2 hours ago   23 comments top 6
ysv2 1 hour ago 4 replies      
Am I missing something here, or is there no reason the FBI couldn't desolder the 5C's Toshiba NAND flash chip, read its encrypted contents, and perform the desired offline brute-force attack themselves?

The key derivation function is known, right?

tzs 1 hour ago 1 reply      
> This key is generated by combining the user's passcode with a key baked in to the hardware in a way that is designed to be difficult to extract.

Difficult doesn't necessarily mean impossible: https://www.technologyreview.com/s/519201/tamper-proof-chips...

Is it publicly known how the key is physically stored in the chip and if there is active tamper resistance?

It might be a lot of work to break out the tiny probes and the tunneling microscopes or whatever and get the key that way, but at the current level of terrorist attacks in the US the FBI should be afford the resources for that.

abalone 42 minutes ago 0 replies      
Would it be possible to physically "scan" the secure enclave chip to determine the secrets contained therein such as the burned-in unique device key and PIN?

Like, is there some kind of chip microscope or reverse engineering process that can not just look at circuitry, but also detect flash memory state?

UPDATE: answered earlier by tzs: https://www.technologyreview.com/s/519201/tamper-proof-chips... It's expensive, but seems well within reach of governments for targeted investigations.

empressplay 7 minutes ago 1 reply      
This article is silly. We're talking about making some changes to an existing codebase and dumping it on to a device. The remote code-entry thing yes is a little bit complicated I agree but disabling the "wipe on 10 bad tries" function is probably nothing more than commenting out a few lines of code. It would take them a few days to have someone type in 9999 passwords but they'd still get there.
d4rkph1b3r 1 hour ago 0 replies      
Does anyone know, would other agencies have different capabilities when it came to recovering data on the iPhone in question?
jordigh 1 hour ago 2 replies      
What times these are. The EFF is supporting a security-by-partial-obscurity company who loves to control what its customers can do with their own devices just so that the FBI can't set a terrible legal precedent, possibly worldwide. Enemy of our enemy is our friend this time, I suppose.
The Joy and Agony of Haskell in Production stephendiehl.com
12 points by stefans  38 minutes ago   1 comment top
jonnybgood 4 minutes ago 0 replies      
> If care isnt taken, projects can quickly devolve to become unmanageably slow to compile, usually the problem is avoidable with some care.

This is currently not the case. Build times are a real concern right now. A GHC maintainer has even confessed to it being a very significant issue.


A bot has successfully appealed $3M worth of parking tickets in the UK businessinsider.com
35 points by dpflan  2 hours ago   9 comments top 7
patio11 2 minutes ago 0 replies      
There used to be a few companies which did decision-tree style disposal of debts via the FDCPA and FCRA, which basically involve sending letters according to a flow chart and hoping one's counterparty is not as well-organized as oneself on the same flow chart. They worked. Very, very well.

The credit agencies, without any legal rationale for doing so as far as I am aware, started to simply ignore letters which they believed were being generated in an automatic fashion. The decision tree is still the same -- it's the law! -- but to be effective at using it you have to phrase your request in a way which doesn't suggest that you are an expert at writing that request (unless you are a lawyer).

The chief objection to decision-trees-as-a-business-model seems to be that the credit dispute industry was crooked-as-a-barrel-of-fishhooks (welcome to consumer credit, hope you enjoy your stay) and successful in getting people to accept terms like "Pay me $2,000 and I will successfully get you off the hook of $8,000 in debt. Although not particularly relevant to you, this will require writing three letters and waiting a bit."

TruthSHIFT 48 minutes ago 0 replies      
My first thought: Apple should buy this company and integrate legal advice into Siri. "Hey Siri, I've just been pulled over by the police." "OK. Here are your rights:"
Gratsby 40 minutes ago 1 reply      
We have one of these in San Francisco. I got an advertisement on my windshield along with my ticket, funny enough. Brilliant advertising. I signed up immediately.

Now I don't even need to scan my ticket in the app. It searches court records and auto-appeals for me.

jrockway 52 minutes ago 1 reply      
Sounds like a great idea, and the screenshot of the transcript looked very fluid. I'm interested in seeing how governments react once this goes live. I feel like parking tickets and that sort of thing are really a desire to tax driving, by not levying a real tax (unpopular!) and instead picking unlucky people to "win" the lottery and pay for the infrastructure. I don't drive so I could be wrong, though.
Namrog84 44 minutes ago 0 replies      
This is super cool. And even if the parking aspect may have an coming expiration with the rise of more autonomous vehicles. I hope he and others continue to expand this out to a lot more areas quickly.
rogerthatt 36 minutes ago 0 replies      
I wonder if you could do this as a business venture. At what point would you have to be a certified lawyer?
elaineo 43 minutes ago 0 replies      
Can self-driving cars use bots to automatically fight traffic/parking tickets?
How Googles Web Crawler Bypasses Paywalls elaineou.com
505 points by elaineo  11 hours ago   198 comments top 41
lloyddobbler 9 hours ago 4 replies      
"Remember: Any time you introduce an access point for a trusted third party, you inevitably end up allowing access to anybody."

See also: http://www.apple.com/customer-letter/


slig 10 hours ago 2 replies      
If they're now blocking clicks from Google, doesn't that mean that they're cloaking and violating the Google's Webmaster Guidelines [1]?

[1]: https://support.google.com/webmasters/answer/66355?hl=en

anewhnaccount2 10 hours ago 1 reply      
If this is true, what WSJ is doing is called "cloaking" and should cause it to get de-indexed: https://support.google.com/webmasters/answer/66355?hl=en
eps 9 hours ago 1 reply      
Correct me if I'm wrong, but wasn't there a long standing Google's policy that the version of the page served to their crawler must also be publicly accessible. That would then be the reason why WSJ articles were accessible through the paste-into-google trick, rather than because WSJ was incompetent and failed to "fix" the bypass.

So does it mean that Google will no longer index full WSJ articles or does it mean a change in the Google's policy?

brbsix 4 minutes ago 0 replies      
Did WSJ update their site in response to this? The paywall seems to be up, despite "forged" Googlebot headers.
zaroth 9 hours ago 10 replies      
And congratulations, you have likely just "exceeded authorized access" and committed a felony violation of the CFAA punishable by a fine or imprisonment for not more than 5 years under 18 U.S.C. 1030(c)(2)(B)(i).

From the ABA: "Exceeds authorized access is defined in the Computer Fraud and Abuse Act (CFAA) to mean "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter."

To prove you have committed this terrible felony, the FBI will now demand that Apple assist in disabling the secure enclave of your device in order to access your browser history. But remember, they only need to do this because they aren't allow to MITM all TLS and "acquire" -- not "collect" -- every HTTP request your machine ever makes. </s>

mbroshi 10 hours ago 6 replies      
Am I alone in feeling like this is akin to a tutorial on how you can shoplift without getting caught? WSJ, for better or worse, does not want to give you content without your paying for it. If you take that content without paying, you are stealing. Just because you have figured out how to get past their security does not mean it's not stealing.

(See the second precept here: https://en.wikipedia.org/wiki/Five_Precepts)

mikemikemike 7 hours ago 1 reply      
This is an odd debate. Let's say a restaurant declares "veterans eat free." This blog post is like a friend telling you "Hey if you tell this restaurant you're a vet they'll give you a free meal." No one said it's legal or ethical. It's lying to trick someone into giving you something at their expense.

I think the relevant point, underscored by the author's last sentence, is it doesn't matter who you open a back door for - it opens the possibility for anyone to barge through.

kenshaw 3 hours ago 0 replies      
Basically, the article is stating to change the User-Agent to GoogleBot or Bing or whatever other crawler UA you'd prefer. While that's doable, that's something that is easily detectable and prevented, as all of the big crawlers can be validated against DNS.

Additionally, I would like to point out that I wrote a Varnish extension for the express purpose of validating User-Agent strings through DNS lookups, and is available here: https://github.com/knq/libvmod-dns

It was built because we had specifically a problem with bad bots crawling a large site (multiply.com) and this was one of the easiest ways to filter out the bad bots from the good, and to enforce robots.txt policies on a per bot basis. It works very well, as you can do any kind of DNS caching internally and prevent this kind of behavior, if that's your goal.

metafunctor 9 hours ago 3 replies      
I'm pretty sure Google will soon stop indexing WSJ. Why index something if the vast majority of users cannot access the pages behind the links?

EDIT: The "paste a headline into Google" trick still works for me, though. If this continues to be the case, they will keep indexing, of course.

sylvinus 10 hours ago 1 reply      
Well, that trick won't last long either. It's trivial to verify that an IP indeed belongs to Google:


jrochkind1 8 hours ago 0 replies      
I thought Google specifically disallowed returning different pages based on User-Agent targetting googlebot, and this included paywalls.

Are they running afoul of Google policies and going to get pinged by Google?

I can't find the text from Google now (when can you ever find any docs at google?), but I am very certain I remember reading from them that you may not return different content to GoogleBot based on User-Agent.

matt_wulfeck 10 hours ago 1 reply      
I like wsj but I only read maybe 1 article every other day. They need a more reasonable price point, especially since the market will almost bear no price at all.

That being said I do enjoy their content, save for maybe the op-eds.

mangeletti 7 hours ago 3 replies      
This is not meant to be purely controversial, but I thought long and hard about WSJ back a few months ago when HN mod (always forget his name) said to stop complaining about HN links being posted because paywalls were ok. I agree paywalls are ok. But some things are not ok.

Take a look, for instance, at the WSJ.com home page with an ad blocker turned on (note all the missing letters and scrambled up titles). They want me to pay, and they want me to see ads, and they want to track my behavior? Should I send them my DNA also?

Organizations like WSJ are exactly the disease that causes ad blockers to proliferate and ruin the web for all the decent publishers. They're at war with my privacy (by breaking their site intentionally when I visit with a blocker on). They want it all, ads, tracking, your private data, and subscription revenue, not to mention...

# Agenda-Driven Content

I mean, we're basically talking about NBC or Fox here, just on the web. Imagine every morning when you woke up you turned on the television and tune to some "news" show. After talking about the weather, they start talking about a lost pickle that is thought to be potentially alive and moving about with free will. Over the next two years, talk about the same pickle extends to every other TV show. Before you know it, everybody in the nation is talking about the same pickle. Years go by, and that pickle has become a part of our society, and that's not because people are born with an innate care the well-being of pickles, but because "news" shows taught them to be.

That's not a good position to be in. I have to believe I'm not the only one in here that doesn't watch any TV. So, why do we all treat the same media giants differently on the web? We crave their content so much that we build browser add-ons to get to their content, etc.

Gratsby 7 hours ago 0 replies      
If you hit a paywall or a "sign up to access this content" message from a google search result, report it. Google will remove them from the search results, they will lose their largest traffic source, and they will address the issue. Or they won't because they have enough paying customers.
crazysim 10 hours ago 2 replies      
Doesn't this kind of also hurt SEO? I'm would guess Google has some automated system to detect and apply a negative signal to sites that provide different content to a Googlebot user agent than a non-Googlebot user agent. I guess these sites are counting that the other signals outweigh that negative hit.

Otherwise, why would expertsexchange be obligated to provide the answers at the very bottom? Did something change?

jdunck 8 hours ago 1 reply      
If Google (or any other crawler) wanted to play nice with paywalls, they could issue a public key for their bot, and put a signature in their User Agent string that the domain could then verify.

Those signatures could obviously leak, but on a per-domain basis. Perhaps the domains could have a secure way of bumping the valid key generation if they had a leak.

zem 9 hours ago 1 reply      
i thought of doing that when the "search google" trick stopped working, but i decided it crossed the point where i would feel like i was unfairly circumventing their clear desire not to serve me the content. i've just added wsj to my mental ignore list and count it as a few more minutes gained to do something else.
hueving 8 hours ago 1 reply      
Based on the comments here, am I to understand that constantly browsing the web with my user agent string set to a googlebot string, I am committing a felony? How would I even know which sites I'm gaining unauthorized access to?

That is completely idiotic if there is a string you can put in a Mozilla browser config that is literally illegal to browse the web with.

mchahn 10 hours ago 1 reply      
Bypassing the paywall is more unethical that blocking ads. It is one thing to have control over your own browser but another to steal something from another site.

Also, isn't it illegal to bypass computer security?

chrishn 8 hours ago 0 replies      
> Remember: Any time you introduce an access point for a trusted third party, you inevitably end up allowing access to anybody.


obelisk_ 2 hours ago 0 replies      
1. Google's Web Crawlers are not "bypassing" paywall. It's the paywall that let's crawlers through. I.e. exactly the reverse of what the author implies with their headline.

2. The idea that this is somehow new is wrong. The way for a server to identify crawlers have "always" been to look at the user-agent, and, when done right, IP, verified either by net block owner or by doing PTR lookup and then checking that the A or AAA record for the claimed host points back at the same IPv4 or IPv6 address. Meanwhile, I do agree that paywalling is a more recent phenomenon, at least with regards to the extend it is popular among sites today, but the concept of presenting different data to crawlers and visitors arose much earlier and is something Google have been aware of and has made sure to delist such sites when found, whereas in fact Google has since then moved abit in the direction of allowing it in that they do so for Google News if declared as explained by others ITT.

So in my view, it seems that the author is jumping to incorrect conclusions based on an incomplete understanding of what's actually going on here. What then about the HN readership, how come this article became so highly voted and I don't see these issues raised by anyone else? Or maybe I'm just crazy?

ikeboy 9 hours ago 2 replies      
New workaround: paste the article title into archive.is. I don't know what they're doing but they have a workaround of some sort.
tete 7 hours ago 0 replies      
Doesn't Google usually try to punish websites that show users something different and even mentions that somewhere?

Not an SEO Expert here, but wonder how and whether Google will end up handling that. I mean making an exception could also be considered abuse of power in some countries of the world. Don't have any strong opinion yet on that, just saying that because of how the EU exercised certain laws in recent years.

GigabyteCoin 7 hours ago 1 reply      
I was under the impression that the "hack" whereby you searched for the article on Google and clicked through to that article (effectively skipping over the paywall) was a demand of Google's and not an oversight by the paywalled website.

I thought that google deemed providing search results which were behind paywalls as a "bad experience" for their search users, and would penalize websites for doing so.

Is this no longer the case?

throwaway21816 9 hours ago 0 replies      
>Archaic news source does something to hurt their market penetration to internet

Great idea here guys

jgh 10 hours ago 4 replies      
I just tried clicking on "Harper Lee, Author of To Kill a Mockingbird, Dies at Age 89" from wsj.com's homepage and got the paywall.

I then pasted the headline into google and clicked on it from Google results and did not get hit by the paywall.

Illniyar 8 hours ago 0 replies      
Aren't you supposed to verify if a visitor is a googlebot by reverse lookup of the IP address? I.E.:https://support.google.com/webmasters/answer/80553?hl=en

User-agents are notoriously unreliable.

philip1209 8 hours ago 0 replies      
I wonder how many Google Cloud customers use the servers to run spoofed Googlebot crawlers from the Google IP range in order to bypass paywalls and scrape large sites (like LinkedIn) without hinderance.
0xCMP 8 hours ago 0 replies      
It's broken already. Tried to access an article about new china rules for online news and it pay-walled me. They're probably looking for clients coming from googlebot.com now.
amelius 2 hours ago 0 replies      
Fix: replace the user agent string by a cryptographic challenge/response scheme.
mikestew 8 hours ago 1 reply      
So does HN now choose to not post articles from the WSJ? I was comfortable with the "google it" trick, and frankly was a little annoyed with constant "paywall, wah!" comments when what should be by now a well-known workaround was available. But that workaround no longer works.
coverband 9 hours ago 1 reply      
My Windows anti-virus deletes the linked sample code automatically upon download, marking it as "Trojan:Win32/Spursint.A". Did anyone have the same experience? (I was actually more interested in using it as a template for writing a simple Chrome extension.)
pmontra 5 hours ago 0 replies      
They'll start allowing only some IP addresses search engines agreed with them.
jupp0r 8 hours ago 0 replies      
It's not bypassing at all. Googles crawlers are deliberately let in because a paywall that nobody runs into is useless.
warrenmar 9 hours ago 1 reply      
You can also access WSJ for free at the library.
jasonwilk 9 hours ago 0 replies      
I've noticed that this has stopped working on WSJ if you've already hit the paywall and try to google the article to bypass.
spitfire 4 hours ago 0 replies      
Is there a version of this available for Safari?
systemz 8 hours ago 1 reply      
So their next move is check if IP is from Google
chinathrow 9 hours ago 0 replies      
So soon they have to block anyone with a fake Google UA and whitelist the well known 66.249 IP range. Trivial.
dude_abides 10 hours ago 1 reply      
Or simply use incognito mode and click on Google search result.
Harper Lee has died nytimes.com
414 points by lolptdr  13 hours ago   152 comments top 17
haberman 12 hours ago 12 replies      
I loved "To Kill a Mockingbird" so much when I read it as a kid. The moral of the story seemed really obvious. In the last few years I came across this article which blew my mind and changed my perspective about the book's meaning a lot:


616c 10 hours ago 1 reply      
Nothing blew my mind in the last few years like discovering how close Harper Lee and Truman Capote were, as they were both authors I idolized at different stages of my life.


And that Dill was partially based on her childhod friendship with Capote.


This seems to be well established now in pop culture and art, but I was completely unaware when I first heard.

The fact the world has such inspired people, despite their stressful surroundings was a blessing to us all in the form of great art.

Goodbye, Harper.

rm_-rf_slash 12 hours ago 0 replies      
They say an artist is never appreciated until they die, but I believe Harper Lee was one of the most rightfully appreciated authors of our time. Most of us have read To Kill a Mockingbird, at least, and for those of us who did, it was a powerful indictment of America's eternal and original sin of race and exploitation. A book or a death changes little in a broad cultural context, but it serves to remind us how we can and should all be better to each other. Rest in peace.
ldd 11 hours ago 3 replies      
Real courage is when you know you're licked before you begin, but you begin anyway and see it through no matter what.

That is one of my favorite quotes of all times, specifically taking into account the setting of the book.

newscracker 12 hours ago 0 replies      
> Until last year, Lee had been something of a one-book literary wonder. To Kill a Mockingbird, her 1961 epic narrative about small-town lawyer Atticus Finchs battle to save the life of a black resident threatened by a racist mob, sold more than 40 million copies around the world and earned her a Pulitzer prize.

That book by the "one-book literary wonder" was unforgettable for many things, including the fact that it was one of the first books I read twice. I'd say that that one work that stood strong for decades across generations should probably not be used to diminish the author using terms like "one-book wonder".

libeclipse 12 hours ago 0 replies      
"Shoot all the bluejays you want, if you can hit 'em, but remember it's a sin to kill a mockingbird."

This is sad news indeed.

orbitingpluto 10 hours ago 0 replies      
It is some small comfort that her legacy cannot be further tarnished under the fiction of her consent.
seeing 11 hours ago 0 replies      
Harper Lee's words: all I want to be is the Jane Austen of South Alabama.
padobson 10 hours ago 1 reply      
Atticus Finch is maybe the greatest character in American literature.

His courage in standing against racial injustice is notable, but the true depth of the character comes from his quiet strength and his unabashed dedication to his family and his fellow man.

He's always there for his children, tucking them in at night and encouraging them to be good to each other and their neighbors. He's always ready to impart wisdom and morality upon them in the most gentle manner.

But still there's that quiet strength, as in the scene when he shoots the rabid dog. Watching the scene through Scout's eyes, a powerful figure comes alive in the person of Atticus for the first time - showing us that a strong man is prepared to stand up both against moral and physical oppression.

As role models go, you could do a lot worse than Atticus Finch.

grecy 12 hours ago 4 replies      
To Kill A Mockingbird is still one of my all time favorite books and movies. Sad news.

Has anyone read the newly released book? Thoughts?

fbernier 12 hours ago 3 replies      
Sad news, but on a totally unrelated note: Why is the date in the URL set to tomorrow?
bfrancom01 10 hours ago 2 replies      
I couldn't stand most of the books I had to read in high school, especially To Kill a Mockingbird. Others included The Great Gatsby, & Lord of the Flies. All awful books IMO, & still dreadfully awful. I can't believe American culture thought (still thinks?) those books were good. Luckily I read books that I liked on the side to make up for it.
guylepage3 9 hours ago 0 replies      
Harper Lee was one of my favorite authors when I was a child. A true legend.
CaiGengYang 9 hours ago 0 replies      
Great book by a legendary author ---- I still remember I had to read the book during my secondary school days for my literature classes and we were tested on the material in the book during our finals. I really enjoyed the book (very poignant ending) and I would read the book multiple again and again during my free time.

A timeless storybook about bravery and courage in the face of blatant racism and discrimination. As a society, we should work towards ending racism and discrimination in all spheres and this book will surely play a part towards this goal ...

mignev 11 hours ago 0 replies      
sad news :(
ck2 11 hours ago 1 reply      
Author ONLY of "to kill a mockingbird" (seriously, she only ever wrote one book, weirdness)
huntleydavis 11 hours ago 2 replies      
While this is tragic news, this really doesn't feel at all correlated to HackerNews.
Secondary shops flooded with unicorn sellers techcrunch.com
134 points by ap3  8 hours ago   111 comments top 16
danjayh 6 hours ago 10 replies      
I think that this is just the beginning. In my opinion, we're heading for a tech bust that's going to spread to the rest of the economy, and deflate additional bubbles (housing, for one). The government has been pushing cheap money for the better part of a decade in the name of creating the appearance of a 'recovery', but what they've really done is build a new house of cards. Make no mistake: the 'free' money that's been gushing into major institutions under the current administration is just as distortive and will be just as disastrous as the 'free' money that the last administration encouraged banks to put into the hands of sub-prime individuals.

Maintaining a near-zero interest rate creates artificial demand, and encourages investment of capital in inefficient enterprises. The thought process is "hey, I lose value with money in the bank. I'd be better off if I found something -- anything -- else to do with it!"

I think that once things take a turn, housing will also turn again, because in many areas the median house now costs enough that it's beyond the reach of the median person. That environment is unsustainable over a large time scale. Ultimately, we'll need a correction that sticks if we want to avoid repeating these events, and for that to happen we'd need a government willing to tolerate a politically unpalatable permanent reduction in asset prices.

(edit/note: I do find it odd that under a Democratic president, the major flows of borrowed cash (debt) have been directed to the big guys, while under a Republican president, they were directed to the little guys. Both were a terrible idea, but it seems backwards for what one would expect.)

dpflan 7 hours ago 3 replies      
Has any HNer participated in such a secondary sale? I think it could be informative to describe the experience, whom you dealt with, how a price was agreed upon, how your company discussed secondary sales, etc.
JavaScriptrr 7 hours ago 2 replies      
The last couple of years, everytime someone would ask the clich 'is there a bubble?' Question to a VC, they all waved it away. The questions were legit because of the insane valuations that have been thrown around. How often in History have companies like MagicLeap for example, got to billion+ valuation before ever launching a product. Evernote is a legit business, yes but same story. Blown up by investors. The bubble is cracking.
GeoffreySteven 5 hours ago 0 replies      
I have done a dozen or so private share sales or purchases.

The model I have really come to like is EquityZen's. (https://www.equityzen.com)

Using a crowd sourced approach, a group of accredited investors (buyers) can participate in purchasing a block of shares as a fund. A win for the smaller individual investor who could not normally participate due to various constraints (ie buying power, transaction costs).

Likewise, its also a win for sellers and it applies to the Unicorn's of the world. It gives these shareholders access to a market they wouldn't normally access.

It seems that selling shares privately is becoming more common, any model that connects a larger group of accredited buyers to accredited sellers is good - IMHO.

bcg1 4 hours ago 1 reply      
I've been in the "its probably a unicorn bubble" camp and I think this is evidence of that, but does this really make a difference outside of those companies and their VCs?

What kind of situation could turn this into a systemic risk? Institutional investors getting involved? Is there any evidence of that happening? "Unicorn derivatives"? Is there any indication such a thing might exist?

Seems like it is possible that a unicorn crash could just leave a bunch of rich guys in Cali somewhat less rich than when they started.

And of course employees might be hurt by this I guess... especially the young ones who traded work for worthless stock. But you know what... I signed up for the army after 9/11 so I know what its like to get bamboozled in your 20's... it sucks but you get over it. If I was in their shoes though I would probably looking to cut my losses and liquidate too.

mmanfrin 7 hours ago 4 replies      
Semi related question: One has to be an accredited (i.e. wealthy) investor to invest in startups, but this does not apply to employees exercising options. Does that mean that employees who do not meet the wealth requirements to be accredited are only ever able to sell ownership, and only to accredited investors?
ryguytilidie 4 hours ago 1 reply      
I worked for a company about 18 months ago and the CEO sent an email to everyone "prohibiting" selling your shares on the secondary market because he was worried about a hostile takeover.

None of this made sense to me. You're going to restrict your early employees from making money? No one owns more than .5% so why would one be worried at all? To me it just seemed like another example of a CEO believing their employees are second class citizens and that they don't deserve any money until the CEO is RICH.

roymurdock 6 hours ago 0 replies      
> Secondary sales totaled $47 billion in 2014, up 80 percent from the previous year, according to investment bank Evercore.

Still a relatively small volume of sales we are talking about here. Does anyone have any information on the structure of the secondary market - big players, regulation, etc. The article was light on details.

jonesb6 5 hours ago 0 replies      
I predict in the future more people will declare bubbles until there is an actual bubble. Then, even after the bubble is fully deflated, those people will tell everybody about how they predicted this bubble ahead of everybody else. Then time will pass. People will then continue declaring bubbles, until one day they too they can become a true oracle of the bubble world. Then time will pass..
sjg007 20 minutes ago 0 replies      
Yep and it sucks.
nathanwdavis 4 hours ago 0 replies      
I was quite disappointed to find the article is not about actual unicorns :-( Where have all the great journalists gone...
sixQuarks 7 hours ago 0 replies      
Sell while you still can. I don't know who would be buying these shares right now.
sharkweek 6 hours ago 5 replies      
>In tech, when times are good, its about potential. When they arent, investors focus much more on fundamentals.

That second part... why that isn't ALWAYS the focus is beyond me.

Edit: Adding a clarifying statement as my point wasn't specific enough. I'm very aware that early stage investments are VERY speculative, but when we're talking about a company moving into 1BN+ valuation territory, fundamentals should be in focus.

grandalf 7 hours ago 1 reply      
I use Evernote (paid plan), but it's been my impression that the level of intuitiveness of the UX has steadily declined, to the point where I have no idea what to click to make it do what I want.

Like Yahoo, some companies are very challenged when it comes to building intuitive UI/UX. It's too bad the market focuses on financial performance and market share rather than more fundamental aspects of competence.

dookahku 4 hours ago 0 replies      
I wonder if this will increase or decrease my chances of getting hired.
rdxm 5 hours ago 0 replies      
this is where we find out how badly the SEC f-ed up in allowing these markets to exists...
Why Our Intuition About Sea-Level Rise Is Wrong nautil.us
25 points by dnetesn  3 hours ago   7 comments top 2
jessaustin 1 hour ago 2 replies      
Apparently the "Ice Age Effect", which has caused rotation to quicken by making the planet more spherical, dominated over the last 20k yrs. More recently, "polar ice sheet/glacier melting" has moved water mass from the poles to the ocean, causing rotation to slow. It isn't clear from TFA how these phenomena can be differentiated: in both cases ice is melting in polar regions. However they seem to have opposite effects? I'm sure Mitrovica has a way to tease out these opposite effects, and I'm sure they're not exactly offsetting, but without those details TFA is just confusing.
jordanb 15 minutes ago 1 reply      
No, the earth is oblate because of angular momentum.

What he's saying is that the ocean's surface is lumpy because of local gravitational affects (one reason why we talk about mean sea level). The Greenland ice cap is a great mass and so it exerts a gravitational pull on the ocean around it, causing the ocean to bulge up around Greenland. If the ice were to melt away the bulge due to the icecap's mass would go away.

The IPv6 Numeric IP Format Is a Usability Problem zerotier.com
181 points by LukeLambert  7 hours ago   141 comments top 33
mrb 5 hours ago 2 replies      
The author suggests using deadbeef.1 instead of dead:beef::1. But his scheme cannot work. If you see deadbeef.ad there is no way to tell if it refers to his IPv6 notation, or to a domain under the .ad TLD (many other ccTLDs are valid hexadecimal numbers). And you can't replace the dot with a colon (because many of his other complaints were caused by colons). You can't use a character other than dot or colon (because so much network software is written assuming IPs/hostnames can only contains alphanumeric, dash, period, or colon chars that it would be too painful to introduce a new character).

So get over it. IPv6 is not meant to be usually exposed to endusers. Use hosnames. Use DNS, or mDNS or LLMNR on small networks without a resolver. Etc.

teddyh 5 hours ago 7 replies      
What is the rational reason, if any, for gripes like these?The time to have this discussion would have been in like 1993 or so. Now, IPv6 is what we have, and the standards are what they are, flaws and all.

The only reason I can think of is psychological: People dont want to learn new things, so they find reasons to dislike the new thing to be able to pretend they dont need to learn it.

Also, the double-click argument is crap for two reasons: Firstly, it can be fixed by configuring your local software, and secondly, IPv4 addresses also had this so-called problem.

> IPv6 is still in the early stages of adoption

It really, really isnt. It might look that way to you, in the US, at your home endpoint, but move to the backbone or outside the US and you get a very different picture. ARIN in the US just happened to be the last of the RIRs (except AFRINIC in Africa) to run out of IPv4 addresses, so the US was able to put off switching for longer than most, and the whole of the US is now consequently behind the curve.

elcritch 4 hours ago 5 replies      
If you're really adventurous, you could just use Braille which has 255 Unicode symbols. Ahem

ip6emoji("fe8000000000000003ceecdfffe30c27",Char(0x2800)) => ""


 deadbeef000000000000000000000001 2607f2f8a36800000000000000000002 fe8000000000000003ceecdfffe30c27 fe800000000000000000000000000001 2607f8b040078090000000000000200e 

At first I was just playing around, but after a bit it begins to resemble one of those binary clocks. It even becomes somewhat natural to read. Might actually use this for myself... something nice about the 2x4 bit block patterns. 64bit pointer addresses?

__david__ 8 minutes ago 0 replies      
Better not tell this guy about abbreviating ipv4 addresses. http://127.1/ or http://2130706433/ might blow his mind.
victorhugo31337 7 hours ago 0 replies      
Finally, someone said it! I've always felt that the biggest hurdle in IPv6 adoption is the complicated address notation.
imoverclocked 21 minutes ago 0 replies      
"Yes, this is very likely a pointless bunch of gripes."

The article should have started with this. Could have saved me countless seconds of skimming the article while summarizing in my head "boo hoo, I haven't figured out how to make my workflow any better after 2 years."

jrockway 1 hour ago 0 replies      
If the colons make you sad, don't worry, the addresses are represented with dots in some places. For example, DNS:

 $ dig -x 2600:3c03::f03c:91ff:fe93:50b0 ; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> -x 2600:3c03::f03c:91ff:fe93:50b0 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40052 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;0.b. IN PTR ;; ANSWER SECTION: 0.b. 18272 IN PTR itchy.jrock.us. ;; Query time: 0 msec ;; SERVER: ;; WHEN: Fri Feb 19 22:34:49 EST 2016 ;; MSG SIZE rcvd: 118

exxo_ 22 minutes ago 0 replies      
You can already have dots in IPv6 addresses if it's an IPv4-mapped/compatible address (e.g. ::FFFF:
Piskvorrr 6 hours ago 3 replies      
Aaand that's why we have DNS. Solved decades ago, next.
makecheck 7 hours ago 5 replies      
Another potential problem with the sometimes-length-varies aspect to IPv6 addresses is that serious software bugs can be hidden. An array allocated to an insufficient size may work for quite a long time with the vast majority of addresses that take advantage of shortening tricks like "abcd::::", and fail only when presented with an address string that uses the maximum possible IPv6 address length.

I think this article has a lot of really practical ideas that would help a lot.

I suppose the only other thing Id want to allow in an IPv6 address is a Perl-like underscore anywhere for visual separation that acts like a comment; e.g. Perl lets you say things like 1_000_000 to mean 1000000. The article suggests a single dot but I think that could still be combined with visual underscores for things like "dead_beef_._0001".

runjake 3 hours ago 0 replies      
I deal with IPv6 day in and day out and I don't share the same confusion and annoyances the author does. Sure, there's a learning hurdle, but once you're over it, it's fairly smooth.
jsz0 4 hours ago 0 replies      
Most of these issues mentioned are created by trying to treat IPv6 like IPv4 instead of adopting modern techniques for IP address management, automation, named objects in network device configs, etc. I've only been using IPv6 in production for about a year and it's already second nature to me.
vidoc 6 hours ago 0 replies      
the double-click thingy can be remedied on xorg by adding 58:48 to the X resources, e.g:

XTerm*VT100.charClass: 33:48,35:48,37:48,42:48,45-47:48,64:48,95:48,126:48,43:48,58:48

mintplant 5 hours ago 0 replies      
> Then theres how the :s are used. For a full-length un-shortened IPv6 address, they are supposed to appear every 16 bits like:

> dead:beef:0000:0000:0000:0000:0000:0001

> Im sure there was a reason for this choice, but to us after using IPv6 for years it still seems utterly arbitrary.*

If I had to guess, I would say they're there to chunk things up for reading aloud.

"Read me that address off the console."

"Okay, d-e-a-d..."

"Got it."



"...a bunch of zeroes, then 1."

They also make it harder to lose your place when reading it back.

digi_owl 4 hours ago 0 replies      
Sheesh. Best i recall, they chose this pattern because it matched the notation used for MAC addresses. And a IPv6 network can in essence self-assemble by using said MAC as a basis for the IPv6 address.


BTW, don't most home routers etc take a hostname and add it to a .local DNS domain stored on the router?

killface 4 hours ago 0 replies      
I've mostly avoided IPv6 because AWS uses IPv4 and it works fine.

but yeah, whenever I see an ipv6 format address, it takes way too long to parse it out. unless you were a network engineer at some point, it's not going to become second nature any time soon.

tyingq 5 hours ago 0 replies      
I don't see any of it as an issue.

String representations of IPV4's aren't all of equal string length either.

IPV6 can't be shortened into, for example, dead.beef.de, because it's ambiguous as to whether that would be a domain name, or an IPV6 address. Likewise, other suggestions make it ambiguous with an IPV4, or even if not technically ambiguous, likely to break some existing code.

Raw IP's aren't exposed to the masses often anyway, so the bulk of the downsides of the current compromise should be constrained to just technical people. They will just have to figure it out.

x0 5 hours ago 0 replies      
Thank you! Finally, someone else is saying what I've been thinking.
lamontcg 4 hours ago 0 replies      
"Last but not least, nearly all graphical terminals refuse to highlight IPv6 addresses with a simple double-click. This issue might not have existed in the mid-late 1990s"

Yes, we'd barely introduced fire then, we certainly didn't have the technology to double click to highlight a word...

paulannesley 4 hours ago 0 replies      
Interesting; Mac OS double-click highlighting doesn't actually handle all the examples given in the article. e.g. deadbeef00000000.1 works, but deadbeef.1 doesn't. I guess the first segment needs to contain a digit, which perhaps triggers a mode where the period is interpreted as a decimal point.
acscott 3 hours ago 0 replies      
Upper estimation of human population is 7.4 billion. With average number of devices at 5, that is 37 billion. In decimal that is 11 digits. In HEX (89D5F3200) that is 9 digits.
pmarreck 3 hours ago 1 reply      
The FIRST problem is that IPv6 wasn't designed to be backwards-compatible with IPv4.

That is the MAIN reason why its deployment and adoption rate has been a long clusterfuck.

castratikron 4 hours ago 0 replies      
As I understand it a lot of work went into making SLAAC in order to overcome the hassle of having to manually handle these IPv6 addresses. The idea is that you shouldn't usually have to type in a full IPv6 address by hand.
kaydo_com_au 4 hours ago 0 replies      
I don't see any problems with the current IPv6 apart from backward incompatibility with IPv4. If IPv6 is difficult to start with, I would recommend to look at MAC address, Wi-Fi address, Bluetooth address first and then you will understand more about IPv6
csours 4 hours ago 1 reply      
Imagine reading IPv4 addresses over a crummy radio on a loud manufacturing plant floor while troubleshooting connectivity issues. Now imagine reading an IPv6 address in the same conditions.
emmelaich 4 hours ago 0 replies      
How about base32 with semicolons for separators?

No case issues, semicolons don't appear in dns or ipv4, no shift key required.

cm2187 6 hours ago 3 replies      
What's the point of using non standard ports with IPv6? If a machine can have a million different IPv6, why would one even bother using a non standard port?
epx 5 hours ago 0 replies      
People complain too much about anything...
nemith 4 hours ago 0 replies      
Good points, just 25 years too late. This shouldn't be a post in 2016.
ck2 5 hours ago 1 reply      
To make things worse are vanity ipv6 addresses

 2001:4b10:bbc::1 2a03:2880:2110:df07:face:b00c:0:1

emansom 5 hours ago 1 reply      
This is satire, right?
jacksonsabey 3 hours ago 1 reply      
> To fix the ambiguity, brackets were introduced

literals were introduced because the order of parsing for an email host is first "Domain" for any non literal, then literal which defaults to IPv4 [], then a literal prefix was added for IPv6 and any future registered protocol "[IPv6:::]"

the order for parsing for a URI is:

// host = IP-literal / IPv4address / reg-name

// IP-literal = "[" ( IPv6address / IPvFuture ) "]"

ipv6 just happens to use a colon which conflicts with the port delimiter from authority in a URI so it's a literal and not a registered name

// [ userinfo "@" ] host [ ":" port ]

> why not re-use the dot from IPv4 notation

because you have conflicts from "0.0 ->" to "255.16777215 ->"

0-9 conflicts with an IPv4 decimal

a-f conflicts with GTLDs

the only reason your blobs don't have a conflict with an IPv4 Historic is because hexadecimal notation starts with 0x

> try double clicking on those

try double clicking on any of these valid characters from "reg-name"

// unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

// sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "" / "+" / "," / ";" / "="

or these from IPvFuture

// IPvFuture = "v" 1HEXDIG "." 1( unreserved / sub-delims / ":" )

// unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

// sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "" / "+" / "," / ";" / "="

if you want to develop your own "standard" either use the literal IPvFuture, or use a Registered Name

non literals IPv4, IPv4Historic, and Domain names are valid registered names, but domain names aren't even part of the URI standard

the only reason you would have conflicts with domain names is because they're de facto parsed after an IP, so a double dot would probably be discarded as invalid, which is why punycode exists for unicode

if at that point you didn't have any conflicts it would be a registered name, but you wouldn't have any way to resolve them

lastly, if you want to fix the nonissue of double clicking use a registered name, if you chose to use underscore you may have conflicts with dns

edit trying to figure out newline parsing

Beijing is banning all foreign media from publishing online in China qz.com
440 points by vincvinc  14 hours ago   213 comments top 31
rdlecler1 8 hours ago 3 replies      
Any non-Chinese company that insists on tying its fortune to the Chinese market is taking on tremendous risk. The goal posts are always changing , you need to constantly worry about IP theft, you can easily get on the wrong side of the government, and they strongly protect local interests. Investment is welcome, but as soon as you actually start making a lot of money and recouping your investment some barrier of sorts is bound to appear and you'll be phased out in favor of a local player. This is going to come back to haunt China at a time when growth is slowing and when they are going to need investment the most.
dageshi 13 hours ago 9 replies      
Sounds like the normal thing in China. Make something illegal, don't enforce it, if someone's saying something you don't like then enforce it specifically against them, keeps everyone else in line.
11thEarlOfMar 14 hours ago 4 replies      
This is pure insanity: "Quartz contacted the Ministry of Industry and Information Technology from Hong Kong asking for further clarification on how the rules would work, but the ministry said it could only reply to faxed questions that came from a reporter with a mainland press card."
SCAQTony 12 hours ago 8 replies      
I am not a sociologist, political scientist, or an economist. It appears that China is too big to govern and has become a diseconomy of scale. China has 160 cities with over 1-million people in them (US has 10 cities) and I think it's a miracle that the lights still work and they have running water.

When you double the size of a plane it it becomes 4-times heavier (Observe what it takes to fly a B-52).

The PRC seems to be circling the wagons to protect from some unknown enemy that the free flow of information will allow the arrows to strike.

chrischen 3 hours ago 2 replies      
Any move China takes that blocks foreign competition can be seen as an extreme version of an import tariff. Instead of protecting low level industries like corn producers either subsidizing domestic production or taxing foreign imports, China focuses on higher level industries like technology companies, culture companies, etc.

While China doesn't have the benefit of Google in the short term, by blocking them it gives it a chance for local companies to develop the technology and catch up.

Also take the example of TOMs shoes giving away free shoes replacing local markets and producers. These poor countries of weak governments, and even a small foreign company can impact the local the economy in uncertain ways. http://www.economist.com/blogs/freeexchange/2014/10/economic...

If you can understand this you can understand the viewpoint of Chinese officials. We come in with the viewpoint of "how can I have my fair and equal opportunity to extract wealth from China" while the capitalists in China are thinking "how can I extract wealth from China and prevent the foreigners from doing so." In reality the playing field isn't level. Our counterparts in China don't have the same education, quality of life, and financial status. Therefore a foreign company with foreign talent would already enter the market with an upper hand. By the time local companies are ready, they'd be fighting an uphill battle against foreign incumbents, or worse yet, not develop at all.

If you're familiar with Star Trek, there's the concept of the Prime Directive. It's principle is that the developed races must never contact or interfere with an undeveloped race because doing so would alter their natural development.

Foreign companies don't have an inherent right to the Chinese market. If they feel they do, or want to enter, it's because they feel there is profit in it. The profit comes from exploiting the opportunity in the local market, and in an underdeveloped market such opportunities are ripe. This isn't exactly fair if mature companies are allowed unfettered access.

sharetea 13 hours ago 3 replies      
And so it starts. Economic collapse will prompt the dictatorship in China to

- Increase anti-foreign rhetorics in media. Don't like it, Microsoft? tough

- Ban Foreign services. Don't like it, Uber? tough

- Devalue Yuan by 50%. Don't like it, Apple? tough

- Nationalize foreign assets. Don't like it, Ford? tough

Animats 11 hours ago 7 replies      
China's leadership seems to be becoming more paranoid. Yet China has no serious external enemies other than the ones they make for themselves, the economy is stressed a bit but production is in great shape, and the standard of living has been rising for years. Why?
song 13 hours ago 1 reply      
Well, ever since the change of government China has been closing back on itself again and censorship has been stronger and stronger. It's not surprising and tells me I made the right choice to leave the country in 2013...
SeanDav 11 hours ago 0 replies      
From the Chinese government point of view they have several good reasons (for them) for doing this, chief among them (in my opinion) saving face and controlling mass opinion.

When China was the huge success story it was, until recently, they were far more tolerant of criticism. Even then, the Chinese Government would clamp down very quickly on criticism. Right now their tolerance is pretty much zero. They do not want to admit or even hear that they have done anything wrong or that China has significant problems.

They also greatly fear any kind of mass action. During the boom years, with high employment and everyone happy, there was little chance of mass action. Now with entire industrial areas becoming ghost towns, high unemployment, no pensions and growing poverty, mass action becomes a real threat.

qihqi 8 hours ago 0 replies      
It looks like China will change the 'blacklist' model of the Great Fire Wall to a 'whitelist' model. That is the only way they can enforce this law.

Maybe they got tired of having banned content mirrored by un-blocked IP ranges and constantly having to hunt them down.

outside1234 12 hours ago 0 replies      
How is this not a World Trade Organization treaty violation? Serious question.
superbatfish 14 hours ago 2 replies      
This seems like a huge deal. How does this not have 100's of upvotes on HN? Am I missing something?
xjp250 11 hours ago 1 reply      
Xi Jin Ping is worse than King jong un. He is a stupid and arrogant leader. He want people in China to call him "(xi big big)", but actually we like to call him "(xi bao zi)"
MrKristopher 10 hours ago 0 replies      
To me this looks like a big win for companies based in China. The social media companies for the billion people in China will be employing local people, and the advertising revenue will stay within China.Not that this is the main goal of the ban though..
longcheng 1 hour ago 0 replies      
Chairman Mao once said, "our enemy would attack us with pen & gun". Looks like Beijing is taking the pen away from its enemy. :-)
est 13 hours ago 1 reply      
please note this also includes online gaming. Blizzard, Valve and Steam would be in some trouble
paulddraper 9 hours ago 1 reply      
"banning all foreign media from publishing online in China"

Seems like a contradiction. Are you publishing online, or in China?

natch 10 hours ago 1 reply      
There are some qualifiers around this alarming headline.

According to this story [http://www.independent.co.uk/news/world/asia/china-set-to-ba...]:

'This ban covers words, pictures, maps, games, animation and sound of an "informational and thoughtful nature" -- unless they have approval from the State Administration of Press, Publication, Radio, Film and Television.'

Still it's very onerous but not a complete shutdown.

vpalan2 10 hours ago 1 reply      
If I wanted to do massive, irreparable harm to China, this is the law I would pass. And yet, they have done this willingly to themselves, without hesitation or incident.
nvk 13 hours ago 0 replies      
They have to handle the devaluation of the Renminbi and a slumping economy somehow /s
smegel 9 hours ago 1 reply      
I would say bad China, but given how polarised and politicised the Western media is, I find it hard to fault them.

Unbiased journalism seems such a quaint concept these days, and as the divisions between right and left take on an almost war like characteristic, everything becomes propaganda.

Hell, I might even move to China to get away from it all.

ajeet_dhaliwal 10 hours ago 1 reply      
Seems absurdly broad, if this article is correct. Doesn't this basically mean Chinese would be unable to read or view anything we can? Including this site? With the exception of Chinese published/created information.
pbkhrv 9 hours ago 0 replies      
This might be one of the things they are doing to prepare for a wave of negative news about the state of their economy.
invaliddata 6 hours ago 1 reply      
Does anyone know to what extent this affects news organizations in Hong Kong?
davesque 12 hours ago 0 replies      
And people wonder why their stock market is tanking...
lukasb 9 hours ago 0 replies      
does that mean no Stack Exchange?
_snydly 10 hours ago 1 reply      
Will Hacker News be blocked? It looks like it's currently available: http://www.blockedinchina.net/?siteurl=news.ycombinator.com
a3n 10 hours ago 0 replies      
And this is the country that we're looking to, to bring North Korea back into the fold.
restalis 14 hours ago 0 replies      
"acquisition of an online publishing license"!?

"How do you license media in an age when everyone could become a writer and publisher?" As far as I can imagine - you don't, that's the thing! Maybe they won't do you anything for now, but if they don't like what you're publishing they will have a ready-available "legal" reason for detaining you for publishing without a publishing license (which of course could be claimed to be totally unrelated to your published content)!

curt15 13 hours ago 0 replies      
The govt is just aiming to completely rewrite history. Tiananmen square? Never happened!
venomsnake 13 hours ago 0 replies      
I think that China's openness (or lack of) in internet affairs is strongly correlated with the health of their economy. It could be a nice proxy.
An introduction to IPFS medium.com
211 points by bergie  11 hours ago   41 comments top 9
joepie91_ 10 hours ago 10 replies      
So, the same question and point of criticism that I've brought up in past discussions about IPFS, and that so far has not yet been sufficiently answered by anybody:

The claim is that IPFS could replace HTTP, the web, and so on. The only thing I see, however, is a distributed filesystem, which is only one part of the puzzle. Real-world applications require backend systems with access control, mutable data, certain information being kept secret, and so on - something that seems fundamentally at odds with the design of IPFS.

How would IPFS cover all of these cases? As it stands, it essentially looks to me like a Tahoe-LAFS variant that's more tailored towards large networks - but for it to "replace HTTP", it will have to not only cover every existing HTTP usecase, but also do so without introducing significant complexity for developers.

Seriously, I'd like to see an answer to this, regardless of whether it's a practical solution or a remark along the lines of "this isn't possible". I'm getting fairly tired of the hype around IPFS, with seemingly none of its users understanding the limitations or how it fits (or doesn't fit) into existing workflows. I can't really take it seriously until I see technical arguments.

matthewbauer 6 hours ago 3 replies      
I really like that IPFS is trying to change the way we think about the internet and HTTP. That being said, I'm very skeptical of a lot of the design choices. It seems like it's just trying to incorporate a lot of the latest buzzword technologies without any real consideration why. I get that blockchain, Git, BitTorrent are all powerful but that doesn't mean that mixing them all together into IPFS is going to be useful. Most likely it will end in a sort of internet Frankenstein's monster: overly complicated and lacking real benefits over traditional HTTP, FTP, and the rest.

My biggest concern is that in the end IPFS isn't even really "permanent" in the way I understand it. Objects added to IPFS still need someone to in a sense "seed" them for that content to be available. What advantages does that give over just hosting the internet over static torrents?

kodablah 4 hours ago 0 replies      
One of the things I am most looking forward to is the abstraction into libp2p[1]. I am wanting to try out my own ideas but I don't want to hassle w/ building my own Kademlia DHT or NAT traversal.

1 - https://github.com/ipfs/specs/tree/master/libp2p

filearts 9 hours ago 2 replies      
What I didn't see answered in the article was how content is discovered.

The only way we are able to productively use git is because there is a convention to have some state in a non content-addressable location (.git/refs, .git/HEAD, etc...).

Saying that IPFS could replace the web means either: 1) Introducing shared mutable state; or 2) full knowledge of everything on the network.

I'm guessing that the existing web is what provides that layer right now. Is there any work going on for novel IPFS-based content discovery mechanisms?

Another thought: Given the content-addressable, immutable nature of this graph, how does one discover that a new version of something is available without a central authority? How could we discover the tip of a blockchain with IPFS alone?

ThrustVectoring 9 hours ago 2 replies      
>It is left as an exercise to the reader to think about why its impossible to have cycles in this graph.

This was funny. Suppose you wanted to build a node that linked to itself. You'd have to find a fixed point in the combination of functions that adds other data to the link and hashes it. Finding a fixed point of a hashing function is hard.

symlinkk 9 hours ago 1 reply      
Probably a dumb question but how does this compare to http://storj.io/?
beagle3 8 hours ago 0 replies      
"Private", as opposed to the "public" IPFS , but essentially the same ideas: https://camlistore.org/ from Brad Fitzpatrick of livejournal fame
_prometheus 6 hours ago 0 replies      
Thanks very much to Christian and John for writing a much needed detailed article :)

Some more links for people to check out:

## (upcoming) IPLD "merkleized JSON" format:

- improves upon our basic format to make it much more pleasant to build things on top of ipfs.

- JSON meets CBOR meets Merkle-linking

- mini-spec: https://github.com/ipfs/specs/blob/master/merkledag/ipld.md

## answers to some common questions i've read on this page:

- content model / replication: https://github.com/ipfs/faq/issues/47

- how resolution works: https://github.com/ipfs/faq/issues/48#issuecomment-152917088

- how IPNS / mutable linking works: https://github.com/ipfs/faq/issues/16

- this is a very poor answer, sorry, i'll write up a post or paper on it.

- for now if interested, see the QConf slides below, specifically slides ~110 to ~130 -- the DNS, IPRS, SFS/Mazieres linking, IPNS parts.

## These repos have interesting "lab notebook" style discussions:

- https://github.com/ipfs/notes/issues

- https://github.com/ipfs/apps/issues

## deep dive talk at stanford:

- video: https://www.youtube.com/watch?v=HUVmypx9HGI

- slides: lmk if you want them, i'll pdf them up

## talk at ethereum's devcon1 covering blockchain uses

- video: https://www.youtube.com/watch?v=ewpIi1y_KDc

- slides (interesting bits start at slide ~70): https://ipfs.io/ipfs/QmUgRq7QfmRbPw5kXqwSs1TRtPDBXMoDNiYwJQg...

## talk at qconf sf (similar to above)

- in this talk i discuss a bunch of datastructure stuff, including using IPFS for PKI, for arbitrary dns-like records, for name systems, for CRDTs, and so on.

- unfort video will be released in march: https://qconsf.com/video-schedule

- slides (intersting bits starts at slide 80): https://ipfs.io/ipfs/QmPpYmdSEKspjgXxVyGK9UMHV54fKZS8MwJjppg...

nickysielicki 2 hours ago 0 replies      
The graph to describe the directory is a misprint, right?

"testing 123\n" isn't anywhere, and "Hello World" (and its hash) is pictured twice. I'm sure that the testing.txt arrow should just be pointing to a node with a different hash and content.

New Versioning Scheme for React facebook.github.io
135 points by spicyj  9 hours ago   65 comments top 16
tolmasky 7 hours ago 1 reply      
This is a great move and hopefully inspires people to take a different look at what versioning is. Right now it serves two masters: marketing and engineering. If everyone just used semver as almost build numbers with meaning, and completely put aside the 'hidden meanings' of 1.x.y or 2.z.w, we'd be in a much better place.

The main issue with getting hung up on "what is a 1.0" or "when is this 2.0?" is that even if you finally make sense of it for YOURSELF, everyone outside has such a different interpretation that its meaningless no matter what. However, semver for engineering changes has meaning no matter what. Why hurt your users by introducing a breaking API change in the minor category just because "it doesn't feel like a major change"?

I wish we could just rename version to build, have it be semver and be done with it. Then version can be whatever you want and is completely ignored by computers and engineers. Call it version 1.0, version dog, version whatever "feels" right, while we start moving to a world where we can start maker safer decisions.

alexatkeplar 8 hours ago 7 replies      
The fundamental problem with Semver is that the jump from a 0.x.x series to a 1.0.0 is incredibly difficult to call, and often gets delayed almost indefinitely.

0.9.9 -> 1.0.0 means the opposite of 1.9.9 -> 2.0.0 - the former is an observation of stability ("things are so stable we can leave the 0.x.x series"), the latter is an active statement of a breaking change ("we can't honour the 1.x.x API any longer"). Lots of projects miss the window somewhere around the 0.3.0-0.7.0 versions.

We badly need a Semver', which is identical to Semver but starts from 1.0.0 and removes the 0.x.x rule. React is basically retro-fitting Semver' into their project.

simula67 17 minutes ago 0 replies      
> some breaking changes are important to avoid stagnating

Interesting choice of words given the fickleness of Javascript community. Are they saying that breaking changes are needed because there maybe some problems that can only be solved with those type of changes ? Or are they saying they will do it to bring shiny new features simply to keep everyone excited ?

Todd 37 minutes ago 0 replies      
I don't know why they didn't just take this opportunity to call it version 1. It seems like the right time. The React Router folks just went through this, with a significant struggle in moving quickly from version 1 to version 2. But it turned out OK.

It seems like there's a fear in making the call. Version 1 should be celebrated.

Hovertruck 8 hours ago 2 replies      
Surprised they didn't start at 1.0. I understand what they're saying with the reasoning, but I don't think I agree with it.

Not that it really matters, I guess.

tzs 2 hours ago 0 replies      
I see many comments on the pros and cons of various version numbering schemes, and I recall many similar discussions going back decades.

I have no idea why it has never occurred to me to ask the following question [1]: how is version numbering done in disciplines other than software?

Software is young compared to most engineering disciplines. Surely this problem was solved long ago in non-software disciplines and their solutions have been tested by decades, or in some fields even centuries, of practice.

[1] idiocy is a plausible theory

FlailFast 8 hours ago 1 reply      
0.14 to 15.0 changelog:

- Version numbers are now little-endian

bpicolo 8 hours ago 1 reply      
The biggest issue in upgrading is that all these libraries tend to change their APIs in totally negligible but backwards incompatible ways frequently. Subpar documentation for upgrade paths is plentiful.

I wish many of these libs could stick to an api instead of needing every piece of new Javascript hotness every version. =/

fuzionmonkey 8 hours ago 0 replies      
Folks have been using React in production since way before version 0.12, which is when Facebook should have released version 1.0. Releasing 1.0 doesn't in any way limit your ability to make changes in the future. It does, however, allow for more nuanced semantic versioning with the full range of major, minor, and patch versions. This extremely is useful for both library authors and consumers.

Better late than never, I suppose, but I just don't understand the pointless sentiment that results in waiting to release a fabled "1.0" release.

rafael-rinaldi 1 hour ago 0 replies      
I dont get the _fear_ of releasing the 1st version of a library at `1.0.0` and then doing major bumps whenever needed. Thats why semver exists in the 1st place.

There seems to be a lot of FUD around this subject.

xjay 5 hours ago 1 reply      
So.. What's wrong with using datestamps?

Use ISO 8601, and add whatever flags you need, and establish some minimum standard vocabulary the AI can search for. :>

 Development #D: "2016-02-16T15:17:32+00#D#API" Release #R: "2016-02-19T17:37:21+00#R#API"
Now anything can look for dates to figure out the age of whatever it is that's running on the system, and maybe even warn about it, disable it, exploit it, etc.

(AmigaOS encouraged a $VER: prefix you could scan for, IIRC.)

If you still want a custom numbering scheme, just append it to the version string somewhere:

 "2016-02-19T17:37:21+00#R#API#(1.4.2 Loopy Leopard)"
#API could mean there was a change to the API. Review your dependencies.

#+API could mean a function was added, but the existing API is stable. (Unless #API was also added separately, in which case a review of the change log is needed.)

#-API could mean a function was removed. Review your dependencies.

..or whatever the syntax would be.

conradk 8 hours ago 1 reply      
Everytime I read something about SemVer, breaking changes, etc, I can't help but think about how well Symfony (the PHP framework) handles this.

With Symfony, major version changes are not there to break things or bring in tons of new stuff. Instead, it just removes BC layers for stuff that has previously been working but deprecated (with appropriate deprecation warnings).

This makes it easy to switch to a new major version: simply fix all deprecated calls and upgrade, done. At least that's what I experienced moving a project from Symfony 2.x to Symfony 3.x.

davnicwil 7 hours ago 0 replies      
On Avoiding The Major Cliff:

The reasoning for the strategy is sound, but does anyone know the rough cost of leaving in the deprecated apis from the previous version, in terms of additional gzipped file size percentage? Say from 13 to 14 as an example?

Further to that, anyone know how effective various dead code elimination tools are at stripping out those unused deprecated apis, for bundled apps that don't have any dependencies requiring anything less than the latest react version?

mlangenberg 8 hours ago 1 reply      
Going a great length, just to introduce semver.
sdegutis 9 hours ago 1 reply      
I am really looking forward to the day we get an industry-wide standardized versioning system. I don't care whether it's semver or not, I don't care if it's 98% perfect and 2% pure evil. I don't care. I just really want to see a universal versioning system. Unfortunately though, I don't think that day will ever come. At least not in my lifetime.
sergiotapia 8 hours ago 3 replies      
So they're going the Google Chrome route, already at v14. Doesn't really matter of course, but it's off-putting. I would have preferred them to use 1.0, clearly indicating it's production ready.
Show HN: Locent Mailchimp for SMS locent.com
22 points by mattjoseph  2 hours ago   12 comments top 6
wanda 1 hour ago 1 reply      
Cool product, bookmarked for future use. There are some weird bugs in your landing page though.

Firstly, since you're using a responsive front-end framework (Bootstrap), you should configure the viewport meta tag:

 <meta name="viewport" content="width=device-width, initial-scale=1">
should work nicely. Add 'minimum-scale=1' to the meta tag's content to enable rasterization (better FPS when scrolling etc.)

You also have a bug in your markup which causes content to overflow outside of the viewport, resulting horizontal scrolling being possible at 1x scale when it shouldn't be.

This is because the #benefits row should be wrapped by a containing element with 15px left and right padding to balance out the Bootstrap row element's negative margins.

This issue is actually present on other pages as well. You'll want to add 15px left/right padding to the #support element, the #login element, and the .register element on their respective pages.

Typically, rows in Bootstrap are intended to be wrapped by a div with either the 'container' or 'container-fluid' class, which add the aforementioned padding.

The beauty of the Bootstrap grid is that the rows' negative margins allow grids to be nested without squashing columns with ever increasing gutters. This negative margin comes at a price: it adds to the containing element's width, meaning that padding must be added to eat this inflation.

Finally, the mixpanel link is clickable just beneath the clients image, when the button is actually at the bottom of the page. This is because the image is positioned relatively and offset by 250px, yet the containing anchor is not, and appears in its normal place.

To fix this last issue, replace this:

 #home #mix { position: relative; top: 240px; }
and with this:

 .featured a { position: relative; top: 240px; }

qopp 17 minutes ago 1 reply      
Is this service ethical?

I hope users who would like to see bulk messages on their phone chose to opt-in (manually, not auto-opt-in). Your terms of use do not demand this.

In the US: "FCC rules ban text messages sent to a mobile phone using an autodialer unless you previously gave consent to receive the message"

I would wonder deeply about opt-in rates as well. How are you keeping track of how much users enjoy receiving these messages? (Not just click rates because people might click something they hate to receive)

Also, confusingly, your terms of use state:

> You agree that You will not use the Service to send.. "promotional materials"...

But that's what's shown as an example on the front page?

nikolay 1 hour ago 1 reply      
I started to write something like this for my non-profit projects using Twilio, but it's crazy feeling to have to reinvent the wheel and do something so rudimentary. Will definitely try to use your service, Matt, but here are my suggestions:

- having a single opt-in code is not enough;

- it would be nice to offer lower prices for non-profits;

- any plans for an API?

mattjoseph 2 hours ago 0 replies      
Hey guys,

Thanks for reviewing our product! We built Locent to help you reach customers more effectively using SMS (text messaging). Think of us as Mailchimp for SMS. We help you build a full text marketing program in minutes. All the ordinary email use cases apply with text messaging, we just have higher read rates and conversion rates particularly on smartphones. Really appreciate your feedback!

cishida 2 hours ago 1 reply      
Is this entirely automated?
mlee277 2 hours ago 1 reply      
This is amazing!
Terrorists Apple ID Password Changed In Government Custody, Blocking Access buzzfeed.com
59 points by hanapbuhay  5 hours ago   14 comments top 4
jessaustin 1 hour ago 0 replies      
More confirmation, as if anyone needed it, that this case is not about the months-old data on one particular phone, but rather about breaking the security of all phones.
ctdonath 39 minutes ago 1 reply      
So who changed the password? And why hasn't the FBI asked for the new password?
mattnewton 4 hours ago 1 reply      
Footnote 7, Page 18 of the governments brief to the courthttp://www.politico.com/f/?id=00000152-fae6-d7cd-af53-fafe53...
abc_lisper 5 hours ago 1 reply      
Mind blown, if this is true!
Colma, Calif., Is a Town of 2.2 Square Miles, Most of It 6 Feet Deep (2006) nytimes.com
4 points by apsec112  1 hour ago   discuss
GitHub lock-in? agateau.com
39 points by g1n016399  3 hours ago   23 comments top 5
typeformer 2 hours ago 4 replies      
There is absolutely no denying that GitHub has done a lot of good for the world, but at the same time I feel that because of their true open source foundation GitLab really listens to their community much better. On a related note, many devs are just now discovering that with GitLab you can have unlimited private or public repos hosted at GitLab.com for free. Already a number of prominent projects have made the jump for this reason alone. You can find the nascent but growing list of publicly listed projects here: https://gitlab.com/explore

In the end, strong competition is good for users and projects and the Git ecosystem will only continue to grow and benefit from it; may the friendly rivalry continue.

sytse 2 hours ago 1 reply      
"A competitor willing to make it easy for GitHub project maintainers to migrate to their services could actually make use of GitHub APIs and provide an automated migration system."

This is what we did at GitLab, you can import multiple projects with repos, wikis, issues and pull requests in one go.

cburgmer 2 hours ago 2 replies      
"github-backup [...] backs up everything GitHub publishes about the repository, including branches, tags, other forks, issues, comments, wikis, milestones, pull requests, watchers, and stars."


taspeotis 1 hour ago 0 replies      
I've started hosting some really small projects with Microsoft's Visual Studio Online ("Team Services" now). It's surprising what you get for free.


Work's blessed me with an MSDN Enterprise subscription, so I get some extra bells and whistles. Discounting the extras, it's a hosted version of TFS for free (for five developers + unlimited "stakeholders"). Which is great if you have bug bears about GitHub's issue tracking.


It's not going to replace GitHub for me, yet. I think Microsoft said it themselves when they started hosting projects on GitHub instead of Codeplex: "GitHub is where the community is."

EDIT: I should say, VSO/VSTS is really focused towards .NET development. It has some special Java support, too, and beyond that it's general purpose enough to work with other languages.

rogerthatt 28 minutes ago 0 replies      
Happy to be locked in to github. There is a tipping point where value gained exceeds the risk of vendor lockin, and in my case there is no question the benefits outweight the risk.
PlatformIO: Next-generation IDE for IoT platformio.org
36 points by ikravets  5 hours ago   14 comments top 5
melted 3 hours ago 0 replies      
I've been using the command line version of PlatformIO for the past 9 months or so, and compared to the garbage you usually have to deal with when developing for embedded, it's a night and day difference. A nice bonus is you can target several boards at the same time very easily.

Speaking of donations, folks, if you want donations, you have to hook up PayPal. I'm not going to provide my credit card information to a foreign entity just to donate.

aikah 4 hours ago 3 replies      
I see all these brands at the bottom of the page. Does that mean that these brands use this product? or this product integrates with these brands hardware? Did you get (if you're the product's author) the authorization from each brand to reproduce their logo on your homepage or is it legal to do so without the logo owner's authorization ?

Finally what is the value in an new IDE when a lot of them are available already ? Can't you just develop plugins for the most famous of them ? which means less maintenance (build the CLI tools once, and just maintain the plugins).

jeiting 4 hours ago 1 reply      
I've been using this for a couple of weeks now on an AVR based project of mine. The added tooling for abstracting away the build specifics is really nice and it is integrated fairly well into atom. Not all the features are fully fleshed out, the documentation is lacking a bit, and there are bugs but it is a pretty impressive project.
thawkins 4 hours ago 1 reply      
This is way cool, I use both atom and platformio, but this makes the install and setup a breeze. This has the potential to displace the existing arduino tool set. If I was the arduino folks, I would be looking to produce a branded version for use with their boards and dump the processing based IDE, which has always been limited.
rhodysurf 4 hours ago 1 reply      
What is this using for linting and autocompletion? I would guess something clang based?
Kuhn's Paradox ebb.org
13 points by g1n016399  1 hour ago   2 comments top 2
gamegod 50 minutes ago 0 replies      
It feels like open core is the new "embrace, extend, extinguish". ( https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish )

On the other hand, the economy just doesn't incentivize open source communities to build the very best software for average users, compared to say, making a billion bucks with by building my new shiny walled garden social network. Anecdotal examples and lots of great FOSS project aside, cash is king and capitalism doesn't favour open source.

chei0aiV 1 hour ago 0 replies      
It is a horrible shame that Kuhn's Paradox is true.

I wonder how we can stop this from happening?

Wizard of the Coast asking fans to scan old books dmsguild.com
96 points by thenipper  9 hours ago   53 comments top 12
cptskippy 7 hours ago 2 replies      
This doesn't sound like it's coming from the perspective of someone looking to archive or preserve these books, but rather someone who is looking to exploit other people to produce something they can monetize with no regard for quality.

They're accepting a container format (PDF) that's just a wrapper around a JPEG, PNG, TIFF or other rasters. Or they'd like a lossy format (JPEG) with no suggested compression settings.

They'd like you to use the enhancement features/filters of your scanner software which is like Instagramming your photos. Presumably because they don't have a processing workflow in place to perform this themselves.

They want you to convert what will natively be captured as RGB to CMYK, something you generally don't leave up to amateurs if you have any interest in maintaining an accurate conversion.

That all tells me they don't care to have quality master scans they can go back to, they just want something passable they can sell to others.

6stringmerc 7 hours ago 1 reply      
This superficially reminds me of Metallica's recent request for fans to send in old materials, which have been compiled into large box sets for the reissues of Kill 'Em All and Ride the Lightenting which were, in their heydey, bolstered by fan passion and tape trading. Now that the material has been curated / massaged / etc, fans can get ahold of the box sets for the one-time fee of $149.99. Each.
mikestew 7 hours ago 2 replies      
Sure. I'll scan 'em in and then send the magnet link to which they can point their torrent client. No? You want me to be a digital sharecropper where I do the work, send the results only to you, and you reap the profits? Mmm, gonna have to pass on that one.
JDazzle 8 hours ago 4 replies      
I have a bunch of the books they want and I am definitely willing to scan them in even with the knowledge that it would be a lot of hard work.

Unfortunately, they recommend that the books be stripped and scanned page by page for "acceptable" results. That's where I lose all interest. :(

FroshKiller 9 hours ago 1 reply      
This isn't Wizards asking, right? It's DriveThruRPG. Remember when Wizards forced DriveThruRPG to pull all the PDFs of classic D&D books they had for sale a few years ago? Good times. The worm has turned.
blazespin 4 hours ago 1 reply      
Uhhh.. for those people yelling "rip off", you have no idea of the demand or lack of for these titles. This may be the only economical way to get these titles preserved.

The reality might just be that it just isn't worth it to do it any other way.

As someone who loves old D&D modules (and has actually bought from DriveThru), I think it's really great.

My guess is that there was someone who works for these guys who also loves old D&D modules that couldn't convince anyone to make this happen unless they did it this way.

theresistor 4 hours ago 0 replies      
To add a little more fuel to the "this is a rip-off" fire, many of the books they're looking for in 3.5e, 3e, and 2e are not hard to come by, either in physical form on auction sites or in digital form. They don't need fans to do the leg work of finding these books for them. The only reason to do it this way is to avoid paying fair compensation for the time required to scan them.
scelerat 6 hours ago 2 replies      
I was all ready to help out because I have a stash of most of their missing 1st edition adventures (e.g. S1 Tomb of Horrors, etc.), well-preserved and in plastic... until I saw this:

> You will get best results by cutting the spine off the book and by using a sheet-fed scanner for interiors and a flatbed scanner for covers.

Ack. no way, sorry.

thenipper 9 hours ago 0 replies      
It's great to see that they're taking such an active role in preserving this aspect of 'nerd heritage'.
mschuster91 8 hours ago 2 replies      
Stuff like this is why public libraries are important and not a "relic of the past".
mrkidd 5 hours ago 0 replies      
Wow, the two adventure modules I have are on the list. They were hella fun to play and would love to share so others can enjoy. They are stapled bindings though, and I really don't want to cut the pages to put them through my Doxie. Any tips on scanning them without having to cut them?
PhasmaFelis 9 hours ago 1 reply      
I'm not sure how to interpret this. "WotC has given us permission to republish their old books, but absolutely will not lift a finger to give us access to any of them, so we've got to fall back on begging fans to scan their old stuff" is my best guess.

And then they're telling people to cut the spine off their 30-year-old collector's item for best scanning results. In exchange for $50. Good luck with that.

No comic sans in httpd status pages marc.info
167 points by elchief  11 hours ago   77 comments top 17
gpvos 10 hours ago 4 replies      

 > "sans-serif; }\n
Note the incorrect, "smart" quote at the end of the line. I'm not sure if that's intentional, but this is going to be interesting.

TazeTSchnitzel 8 hours ago 4 replies      

> This page scientifically designed to annoy web hipsters. Donate now to stop the Comic Sans and Blink Tags

All the OpenBSD presentations I've read have been in Comic Sans. They really like that font :)

Sidnicious 10 hours ago 0 replies      
Text of the message (since the site seems to be down):

- - -

 List: openbsd-tech Subject: [PATCH] No comic sans in httpd status pages From: Peter Krantz <peter () peterkrantz ! se> Date: 2016-02-19 16:40:33 Message-ID: AAE82534-AF27-4CC9-B780-38F05596FE38 () peterkrantz ! se [Download message RAW]

For some reason the httpd status pages (e.g. 404) use the Comic Sans typeface. This patch removes comic sans and sets the typeface to the default sans-serif typeface of the client.

This lowers the number of people contacting website maintainers with typeface complaints bordering on harassment.



 ? no_comic_sans_in_404.patch Index: server_http.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.105 diff -r1.105 server_http.c 811c811 < "'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }\n" --- > "sans-serif; }\n

kyledrake 8 hours ago 0 replies      
As I understand it, there's no Comic Sans (MS Web Fonts) in OpenBSD, so it basically just trolls everybody else.

I thoroughly approve of it.

DominikD 6 hours ago 1 reply      
This patch is a prime example of why I understand OpenBSD devs' frustration with newcomers. It takes several hours of lurking to get the general idea of what OpenBSD culture[1] is. And yet about once or twice a week there's someone new coming with some demand, backward idea or GPL evangelism, who gets aggressive when challenged. I'd flip the table every single time if I were one of the contributors.

[1] as long as you're not devoid of sense of humor, I guess, in which case there's no hoping

vezzy-fnord 10 hours ago 1 reply      
An elegant example of a troll trolling other trolls (and few more masterful than the OpenBSD developers), I'd reckon.
ams6110 19 minutes ago 0 replies      
samlinkl 10 hours ago 4 replies      
The hate for Comic Sans seemingly knows no bounds.
logicrook 10 hours ago 3 replies      
I have a script that do most installations and configurations that I run after each Linux install. It contains the following lines:

### fix font issues

sudo rm /usr/share/fonts/truetype/msttcorefonts/comic*

sudo rm /usr/share/fonts/truetype/msttcorefonts/Comic*

So no comic sans cancer for me (except when people are perverse enough to put it into images, or worse, meatspace...)

scrollaway 10 hours ago 2 replies      
Be nice with the poor server. Text mirror (pastebin):


alanh 10 hours ago 2 replies      
How long had Comic Sans been used on httpd status pages? (The mind reels)
h1fra 10 hours ago 0 replies      
The message does not specify why they got complaints.

But it's fair to assume that it was a bad choice, considering the font is not on most plateform

DonHopkins 9 hours ago 0 replies      
The typefascists have won.
snorkel 6 hours ago 0 replies      
Mojah 8 hours ago 1 reply      
If you prefer a clean/readable version, it's available here: https://marc.ttias.be/openbsd-tech/2016-02/msg00313.php
SFjulie1 9 hours ago 1 reply      
I guess the idea of putting comic sans MS as a way to force companies into putting relevant customised status error messages for users has failed.

EDIT see here: https://news.ycombinator.com/item?id=9240906

For 500 a ticketing or a contact info to report the problemFor a 404 whatever can help the user finds it way For congestion status a link to a status page? For stuff 40? that requires payment a link with a link for legitimately acquiring it ...The webmasters email in case there is something to report could be nice too ...

It really is business meaningful to customize them, I fully support shaming irresponsible webmasters that keep default status pages with comic sans MS.

xylon 6 hours ago 0 replies      
thank god
How a Reporter Pierced the Hype Behind Theranos propublica.org
71 points by danso  8 hours ago   20 comments top 5
arcticfox 7 hours ago 4 replies      
The point about needing a doctor's order to get a blood test seems pretty irrelevant to the rest of the situation. I don't know why they included it.

I'd love to get a simple blood test without needing to talk to my doctor (plenty of people would). I would not love to get a blood test misrepresenting its accuracy (nobody would).

goodcjw2 4 hours ago 2 replies      
Lab test, or medical practice in general, is a well protected industry here in States. The public wasn't educated well enough to understand lab tests at all so that professional opinion IS REQUIRED to understand your own health.

I might be over cynical here, but I blame that both medical education and health care industry are restricted and protected to cause a very inefficient public health system in US. Thus normal people without a MD has no clue to judge good product vs bad product. In the case of Theranos, I don't think most of understand what's going on with the test. How the test works, how to judge whether it's effective, how to compare pros and cons between different products. We have no idea. I doubt whether the report himself understands the real deal behind the scene, or even investors of Theranos understands it.

alanh 5 hours ago 0 replies      
Hmm. Is there a transcript?
vonklaus 3 hours ago 0 replies      
> ...Theranos also played a role in the passage of an Arizona law that allows people to get blood tests without a doctors order. Carreyrou: That was controversial, because there are many in the medical profession [...] who say, "Well, how is that progress?" [...] more likely than not, they're going to need a doctor's opinion to decipher them.

This is a good point. Diabetics usually go to the doctor 1-3 times a day to have bloodwork done. Surprisingly, despite how open the medical field is from a regulatory, technological and informational standpoint we have done almost nothing to combat the complexity of tests taken regularly by most of the population. I would have overlooked this and I am glad the author brought this up, maybe it would be possible for users to be trained on some of the newer technology being rolled out in the medical field like the Facsimile Machine (often called FAX or sometimes by the synecdoche XeroX) to communicate with highly skilled professionals, to interpret the data. It is likely that every person would fall outside of a standard bell curve so it would be impossible to teach anyone how to interpret the test, but we could set our sites on leveraging FAX in the future.

> How a Reporter Pierced the Hype ...

This is great reporting and a perfectionist usecase for new media. The journalist was able to quickly go on wikipedia to create a paragraph of color, and then link to the interview so that readers would be able to immeadiately hear how this reporter had broken the hype machine over a 20 minute interview at an offsite location. Maybe, unlike everyone else, you actualy don't have 20 minutes to listen to this interview, perfect contingency here 3 bullet points.

Much like the author, I skipped around through the clip pulling random qoutes, the reporter is asked:

A number of reports got tips and yoiu were the one to purse this. Other reporters got tips as well but you pursued this?

Not knowing much about how the Peer review system, I called my colleague G. oog LeSearch Barr who confirmed peer review is basically the only important thing about conducting science, and the system is renowned for it's perfection.

The reporter did say 2 people in the community had spoken out, which to be fair, is quite reasonable. He was pragmatic about waiting to fully engage with the story until, and I am paraphrasing but editorializing much less than one would think:

The 9 Billion in 2014 is a big valuation.

How did this unicorn get money?

What people saw other than Holme's pitch isn't clear. I have heard the company didn't offer anything about how the technology worked.

After a lot of reporting, I talked to a lot of employees who were in a position to know, I determined that 350 blood samples 15 were run on their machine.


Now it is important to realize, Theranos didn't use the AMA standard bootstrap medical breakthrough CDN and while not much is known about the internals of the company, it is believed they didn't spin up a AWS Full Scale Research Labratory, they may have not even considered using GO.

Now, all that can be forgiven, right? But it is such a shame they didn't just roll this out overnight. It is fucking trivial to build this, you can just use Crimson on Beaker for the front arm and then persist your regularatory data to the USFDADEAFBI?SOMESENATOR.gov/api and get approval.

750 million dollars to basically build a crud app seems like a lot of investment. Obviously Holmes, much like her predecessor Alexander the great, had to hire Michael R. Taylor the Head of the FDA to follow her around saying "You are just a human, only a mortal". Notably, this actually should have helped Theranos as Taylor is a renowned scientist who has won a nobel peace prize. He graduated with a degree in political science doing pretty serious research as a staff attorney at the FDA, and working with the private firm that represents the worlds biggest provider of open source seeds, Monsanto.

As an aside, Taylor is a New York Times best selling author for his riveting 1988 article entitled "The De Minimis Interpretation of the Delaney Clause: Legal and Policy Rationale", where his interpretation of a 1958 law about the ppm of chemicals, is considered truly breathtaking when read.


She may not succeed, she may (we DO NOT KNOW) have cheated, but what fucking world do we live in if we can preach "Fail Fast" to the 40th uberPetBNBPariscopeAOLtimewarnerTwitterBlockchain-#NOBACKDOOR-google-earth-for-mars-but-with-instagram-filters

and tell the people who are fucking trying to push forward the most highly regulated industry forward, which requires not only innovation but capex, and a strong board (Kissinger/etc are there to lobby because you CAN"T EVEN COMPETE without someone connected, much less succeed).

So you can question her ethics, her strategy, etc, and if she committed fraud I certainly wouldn't defend that, but if it ends up she took a shot at something big and missed, I vote we let the next guy or girl take a similar shot.

lingben 4 hours ago 0 replies      
Dear Cryptocat Users crypto.cat
87 points by sdevlin  10 hours ago   50 comments top 11
sbierwagen 9 hours ago 0 replies      
Some context, if you don't know what cryptocat is, or why the lead dev is shutting it down:

Cryptocat Considered Harmful (2013) https://datavibe.net/~sneak/20130717/cryptocat-considered-ha...

 Except: Today, Cryptocat is not for everyone. Cryptocat is under active development, and is suitable only for debugging and software experimentation. It is not suitable for those who desire communications privacy. (This may change 2-5 years in the future, following sufficient peer review.) Cryptocat has had myriad errors in implementation, spanning the entire time it has been under active development. Note well that this is not a criticism: cryptosystems are notoriously difficult to get right, and it takes a very long time, significant experience, much peer review (on top of that significant experience), and lots of sweat and iteration to build systems that are safe to use.
(HN thread on that post: https://news.ycombinator.com/item?id=6990602 )

Schneier post on the adoring media coverage of cryptocat (2012) https://www.schneier.com/blog/archives/2012/08/cryptocat.htm...

tptacek 10 hours ago 1 reply      
This is a good thing, though I think it should have happened more than 19 months earlier. Cryptocat wasn't just unmaintained, but also gravely flawed and insecure.

Despite looking like this yesterday: https://web.archive.org/web/20160205030908/http://crypto.cat...

chuckgreenman 3 hours ago 1 reply      
"There is a design decision that is not open for negotiation: it will be desktop-only. This is due to the my belief that the mobile space has been elegantly solved by other well-written open source software, while the desktop/laptop space could still use an alternative for usable, fun and secure messaging software, developed in the spirit of general purpose computing."

By this logic, why even compete in the web/desktop space? Telegram has mobile, desktop and web clients.

bunkydoo 1 hour ago 0 replies      
Ahh I remember using cryptocat long ago. Almost 3 years ago. Thanks for providing the service man! Hope to see more updates in the future
tootie 5 hours ago 2 replies      
Is end-to-end encrypted messaging really that hard? Assuming you simply forgo all the features that require a server and just send messages peer-to-peer using TLS, isn't this pretty straightforward to do?
uobytx 6 hours ago 0 replies      
Any word on the status of minilock? It also hasn't seen public activity on github for some time.
rosalinekarr 9 hours ago 0 replies      
Cryptocat is one of those awesome projects I'd love to support, but I just don't have the time or expertise to help. I hope Kobeissi finds some good devs to help him keep the project going.
sarciszewski 9 hours ago 1 reply      
Cryptocat was a good concept (i.e. it was USABLE!), but the execution was flawed. It grew a lot of criticism and Nadim made mistakes in handling some of his critics, creating a schism between him and the cryptographers who might have been able to help him. (Not all of this was his fault, of course.)

I hope that not only will this new product of his be developed with "A pure vision of democratized, pleasant secure messaging", but also that he has matured significantly. I hope that Cryptocat v3 will come out after it has been thoroughly audited by several reputable third parties.

Most importantly, I hope their crypto is boring.



samstave 6 hours ago 1 reply      
This is not the same as the cryptocat scanner from ~2004?
isolusgraboski 2 hours ago 1 reply      
Good day! People on Cryptoca/Cryptodog will probably recognize me, but I would like to say. I think Cryptocat, no matter how good or bad it is, it is still a very good tool. Cryptodog is just an extension to that, and a good one, too. That is all I have to say.
Thanatos26FF 3 hours ago 1 reply      
Hey guys,I am an avid user of Cryptocat and have been using it for over a year. I am sad to see Cryptocat will be down for the foreseeable future, but I have found an alternative which is even better. Cryptodog is looking to take off where Cryptocat left off and is constantly being worked on. It's still a work in progress, but I highly recommend it for everyone who wants to have private conversations
Why Don't People Manage Debt Better? scientificamerican.com
185 points by sergeant3  14 hours ago   341 comments top 36
imgabe 13 hours ago 20 replies      
Anyone at a point where they are making monthly payments on multiple credit cards has already lost the debt game. People don't manage debt better because they have been marketed to and taught to use debt completely inappropriately.

Debt should be used to purchase an asset that will appreciate or otherwise provide an income in excess of the interest payment on the debt. Full stop. That is how businesses use debt and that is the only sensible strategy. As a consumer, a house may be a sensible use of debt. A reliable car needed to get to work may be a sensible use of debt. A student loan might as well. Carrying a balance on a credit card is almost never an appropriate use of debt.

Unfortunately, marketers have instead convinced consumers that debt is an easy way to buy things they can't afford and pay for it later. This is almost always a losing proposition for the consumer, who invariably ends up paying much more than they would have if they had just saved up and bought the thing in full up front. The way to sensibly manage this is to not fall into the trap in the first place.

kdamken 13 hours ago 8 replies      
Better question: why do people buy things they can't afford and most often don't need, putting themselves in this position?

So many of my peers don't make a lot of money, but then still go out and buy a new or newish/used car and put themselves on a multiyear payment plan. "Oh but it's only 200 a month, I can swing that". Repeat for like 3-4 other things and suddenly they're always complaining they have no money and don't know why.

I highly recommend to anyone who's looking to take their financial situation more seriously do two things:

1. Read up on Mr. Money Mustache, a guy who managed to retire at 30. Even if you don't plan to retire early, it's eye opening to realize you don't have to spend your entire paycheck every month: http://www.mrmoneymustache.com/2013/02/22/getting-rich-from-...

2. Check out YNAB (You Need a Budget): https://www.youneedabudget.com/. Takes a little work to start using, but once you do, you'll understand your money in a way you never thought possible.

clarkevans 14 hours ago 4 replies      
When a late payment is $39.99 and a mark on your credit record, even the smallest, lowest-interest debts become high-risk. Reducing the number of risks (and mental energy managing them) easily outweighs the interest differences.

When you have to spend a 1/2 day to refinance a credit-card to an unsecured personal loan, it's not always a clear win: you might not get the loan, or the loan offered might have significantly higher interest rate than advertised, etc.

pilom 13 hours ago 9 replies      
This is showing that the Dave Ramsey "debt snowball" (pay off smallest debts first to get a psychological win and some breathing room by having fewer minimum payments) is a more effective way to get people to pay off many separate debts than paying off "highest interest rate first" even if it is less optimal for a rational actor. Just another case of people aren't 100% rational that many people have known for a while.
breischl 12 hours ago 1 reply      
The article ignored the completely rational reason to pay off small debts first - increased liquidity.

By paying off small debts first you can reduce the amount of money you have to come up with each month. If you have any uncertainty around income or other expenses, there is real value in that.

Doubly so for debts that could be foreclosed on - if you prepay your mortgage a bunch and then fall behind and get foreclosed on, all that prepayment is just cash down the drain. If you had completely paid down some smaller debts instead, you would be in a better position.

Basically, paying down higher-interest debt first is optimal only if you're certain that you'll never default on anything.

danjayh 8 hours ago 0 replies      
I find myself a bit bemused that the article specifically mentions student debt as an example of something that people can refinance but don't. I hadn't ever had any student debt until marriage, but since then (and until recently) my wife and I have been working through a great deal of it together.

As someone who has worked through paying down a large amount of student debt, I can tell you that student debt is very difficult to refinance. Our student debt balance was much higher than the median, but I believe that our experience with refinancing was very typical: we couldn't refinance our student debt at an interest rate that was even remotely attractive.

We reacted to the dearth of refinancing options by deciding to eliminate our debt as quickly as possible, and when we first got married we dumped about $35k into debt reduction. We chose to go after the high interest rate first, which was also the largest loan. Had we gone after the smallest loans first we could have paid off several of them instead of merely making a (significant) dent in the higher rate loans, and this is where the psychology comes in.

Dumping a ton of money into a debt without changing anything but your principle balance is discouraging. It was for us, and it is for nearly everyone else too. Personal finance counselors like Dave Ramsey actually instruct people to intentionally pursue the smallest debts first because the feeling of momentum helps most people to maintain dedication to getting out of debt, which in many cases will more than offset the difference in interest rates (paying down faster due to more resolve = less interest overall). We sold stuff and skimped like crazy people and we killed our debt, but it's a very common thing for people to run out of determination before they run out of debt. Since that's such a common problem, I'd say that it's not necessarily a bad thing that people pay debt in a financially non-optimal way if the method is at least psychologically optimized.

Spooky23 13 hours ago 0 replies      
If all things were equal, and your repayment terms were a fixed artifact, the strategy assumed to be optimal in the article would be correct -- it would make more sense to focus on the higher interest rate to avoid accruing interest. But they aren't.

Credit cards in particular are tough -- if you have alot of debt and credit lines and don't make significant impact on principal, they start cutting credit limits, which incurs fees. Interest on fees and fees have payment precedence over regular interest and principal, so it starts a vicious cycle. You end up in a situation where the banks assume you will default, so to compel you to pay more to them, the credit card will drop your limits to trail your balance.

So you really have two priorities: paying down debt and maintaining credit lines to avoid capricious changes in your payment terms.

When you have lots of credit lines, minimum payments start to matter alot, as they sap your re-payment power. If you focus on closing the smaller accounts and walk your payment focus up the stack, you'll be able to make more significant payments and stay afloat. When you make alot of progress, you have a higher likelihood of refinancing the bigger debts, which is ultimately where you save on the high-interest accounts.

bcheung 7 hours ago 0 replies      
There's an important factor that is ignored by the article and it is a fundamental principle in finance. That principle is risk.

Any time anyone asks a question in finance the correct answer is always, "It depends".

Absolute answers like always pay highest interest card make sense mathematically in certain cases but they are not the whole story and don't take into account other factors that are equally if not more important than paying the least amount of interest.

Another factor to consider is cash flow.

If you are someone that lives paycheck to paycheck and can pay off a card or loan sooner to create some additional cash flow that has major benefits for increasing cash flow, peace of mind, and providing a buffer for unexpected expenses.

It lowers the risk of default and late payment fees / increased rates if you have more cash flow. Ultimately leading to paying less in interest and fees.

If there are unexpected expenses you will be glad to have the available cash. That's worth paying a little more interest in the long run.

There's also the fact that it may not make sense to pay down low interest rates like a 4% fixed mortgage when you can invest at rates higher that. In that case you want to pay it off as little as possible and maybe even take out equity to put into investments.

rconti 4 hours ago 0 replies      
The more time a person spends analyzing their debts and trying to find the optimal repayment or refinancing strategy also brings the unpleasant debt to the foreground. I think people prefer to pretend that it's not even there. It hurts them financially in the long run, but avoids confronting a painful reality.

When I got out of college, I had some debts to repay (car loan, credit cards, student loans). Someone who I thought was a friend ended up bringing her manager with her to hard sell me on starting a retirement account with them.

Partially because I was stubborn and annoyed at being tricked into the sales call, I simply stonewalled for 3 painful hours. I tried to be nice (I suppose I am too nice), so I didn't kick them out. I simply kept insisting that I was better off putting $0 into investments until my higher interest debts were paid off. They pulled out a bunch of lines about "starting a pattern of saving" and so on, that are definitely correct on some level, but I stood by the math.

Eventually they got the memo, and left. Once my debts were paid off, I started putting money towards my 401k and short term savings. Every time I've gotten a raise or a big bump from switching jobs over the past 10 years, virtually every additional dime has gone into savings.

Have good principles. Then stick by your principles.

carsongross 14 hours ago 4 replies      
I used to think that the medieval western distrust of usury was backwards and foolish.

Then I read about the roman experience with debt, and now I am far less sure of that.

lithander 3 hours ago 0 replies      
Wow, this is mind blowing. 10% interest rates are really, really high in the current state of economy - they don't become a great deal just because there are credit cards with even worse conditions. I don't have a problem with borrowing money when I need it. I'm indebted for the years to come because I needed a 200k loan to buy a house. But that's okay because I'm paying 1.2% APR on it. This is far less money than I would have to pay to rent a house so it's a great deal. I've not even used all the cash I have when buying it because some of it yields higher (guaranteed) interests then what I pay for the loan. So there's still a lot of wiggle room for emergencies. And this is the first time that I hear that you need to have a history of loans to get large loans. What a devious system... I have a VISA credit card too, because it's convenient to pay with, but I don't pay any interest on it. I just pay a flat fee per year for the service and they settle the balance each month by direct debit authorization. (Sorry for the bad english)
mark_l_watson 13 hours ago 1 reply      
I have so many friends, and some family members, who act as though the optimum life strategy is to buy as much material stuff as they can without getting into a default situation. Given a lifetime exposure to marketing I don't much blaim their attitude.

The thing is: the idea of maximizing material success is so very wrong. A good life is about experiences, not material stuff. Having savings and flexibility that entails makes life more relaxing and pleasure full.

alexashka 10 hours ago 0 replies      
We all know why people don't manage debt, health, relationships and everything else better.

Because they're dumb :)

Debt is just another tool the folks in power have to exploit the poor.

When you have 100 mil, you can hire a smart person to take advantage of debt.

When you have 100 dollars and you live around other people who have 100 dollars, you know what happens, you're the one being taken advantage of.

Everything else is talk.

ps. I am just starting to not be dumb and I'm almost 30 and I've had a ton of support and luck go my way. Most people will hopelessly get exploited and spend their days coping. Just have a look around - don't believe the 'hi how are you' smiling faces, they're pretending and you know it ;)

jakub_g 13 hours ago 1 reply      
A big part of Daniel Kahneman's "Thinking. Fast and Slow" is devoted to economic behavior and in general, people are not rational when it comes to money - in some cases risk averse, in other risk seeking. He explains a lot of studies on the topic. If you have some spare time, I recommend the book (though it's not an easy read, as it's very information-dense).
k__ 13 hours ago 0 replies      
I had a single mother and she had 3 bank accounts, all about 500-1000 in the red for most of my childhood. This made me rather adverse to taking credits.

I only took one, for paying study fees. And it was "only" about 4000 which I paid back one year after getting my first job.

After that I always tried to have enough savings to live from for a year.

melted 9 hours ago 0 replies      
Easy: there's a saying, you borrow somebody else's money for a time, but pay back your own and for good. So paying off debts is inherently a much less pleasant activity, which people want to avoid thinking about. Combine that with the complexity a typical financial arrangement entails, and peoples inability to comprehend basic math, and you can see why they don't manage their debt better.
mixmastamyk 6 hours ago 0 replies      
I've never needed or carried any debt my whole life, unless trying to build some credit on purpose when I was younger. But, "unfortunately" my car is in great condition and over 10 years old. I have zero need for a new car as I work remotely and live in a walkable neighborhood with metro and uber, et al.

But beware: Credit expires after 10 years! I didn't know that. You wouldn't believe the hell we had to go thru last time we moved. Trying to get a landlord to accept a tenant with "no credit" was like pulling teeth.

gspetr 13 hours ago 2 replies      
"The greatest shortcoming of the human race is our inability to understand the exponential function." --Albert Allen Bartlett

Considering that 97% of the survey participants allocated their debt payments in financially suboptimal ways, perhaps the second greatest shortcoming of the human race is our inability to understand the compound interest.

"Put God in your debt. Every stroke shall be repaid. The longer the payment is withholden, the better for you; for compound interest on compound interest is the rate and usage of this exchequer."

--Ralph Waldo Emerson, Compensation,' Essays, First Series (1841)

CPLX 13 hours ago 0 replies      
This article makes much of rationality, but the concept of a rational actor in economic terms is really way more complicated and sophisticated than these sorts of analyses. So much so that it's possible to argue that there is no such thing as an objectively defined rational actor at all.

To do my best to shorthand the issue, assume that a rational actor is defined as someone who takes the course of action presumed to have the greatest likelihood of a positive (or the most positive) outcome. In order to evaluate their current strategy for rationality you have to have forward looking prescience to determine if the strategy is in fact the most probable to lead to the desired outcome.

This runs headlong into the issue of uncertainty, familiar stuff like sensitive dependence on initial conditions or just simple complexity.

For a thought experiment, consider a game such as chess. The game is completely discrete, all possible game states can be easily defined, the rules are known, and there is no element of random chance or rules changing during the game.

Nonetheless, the idea that you can put an average person in front of a chess board and say "OK, play rationally" and expect everyone to cheerfully plot out the exact same sequence of moves is obviously ludicrous. There are too many possible outcomes and threads to reason about fully, there are competing priorities in any strategy, etc.

Then when confronting an economic system that is certainly as or more complex than a simple game of chess, we expect rational economic decisions to be an objective truth?

Wonderdonkey 12 hours ago 1 reply      
Paying off small debts first isn't just a "natural tendency." Consumer advice sites actually encourage this as a motivational strategy. Every single one of them.

Having read this, now I question the objectivity of those types of advice pieces.

For example, here's a story on US News that covers three strategies for paying off credit card debt. The first tip is to pay off higher interest cards. But the second is to pay off the smallest debts first and pay the minimum on the other cards. What?!?


This "3 strategies" thing is very widespread, and all of the sites are the same, from bank sites to credit recovery sites to financial reporting in magazines and newspapers. The first that's presented always sounds complicated (calculate bla bla bla). The second strategy is always "pay smallest debt first." Nice and simple. If both are presented as good strategies, which do you choose? The one that requires work, or the one that seems simple?

I used to read these types of advice pieces when I had high debt following a layoff in 2002. I've recovered since then (paid off $65k in debt all at once with a cash out on my house, thus avoiding bankruptcy). And now the No. 1 rule is do not use credit cards to pay for things you can't afford. Use them only as a tool to stay on the grid so that you have a good credit rating so that you get better deals on everything that involves looking up your credit rating. (You'll get a lower price on a car, for example, if you have a better credit rating.) So take out a couple cards; make small purchases; auto-pay on a regular schedule. (Do not change you payment schedule or make extra payments. Some credit reporting agencies lower your score when you do this.)

m1n1 5 hours ago 0 replies      
Here's another debt choice: given a mortgage with over 20 years left on the term and a sudden cash windfall of, say, 20% of the remaining principal, and assuming there's nothing better to do with the money than applying it to the mortgage would you rather (1) pay off some principal now thus effectively shortening the term but allowing the monthly bill to stay constant or (2) re-cast the loan by paying off some principal, still have 20 years left of payments, but each monthly bill is now smaller? ... Personally I'd opt for (2) because it immediately gives more breathing room especially if something bad were to happen. Going with (1) may save more money ultimately, but doesn't reduce the financial risk until the final payment is made.
spdionis 5 hours ago 0 replies      
It's interesting to think that somehow I am better off than most americans living in a third qorld country even if most have at least 5x my income just because I don't have any debt.

We don't have credit cards with higher than 0 credit limit here. Those credit lines sound very generous to me.

JustSomeNobody 12 hours ago 1 reply      
He how goes out owing the most wins. He's lived like a king and didn't pay for anything.

But seriously, every article I read on personal debt talks about how to get out of it after the fact. I think we need to do a better job of educating people on this subject BEFORE they get into debt.

mdorazio 13 hours ago 0 replies      
Good article and interesting study with multiple psychological inputs. I think debt in general is difficult to process mentally because "negative" money is quite different than "positive" money. Money that you have can be visualized - you can spend it or even pull it all out in cash and see exactly how much it is and how it grows or shrinks. Debt is purely a number on piece of paper or a screen. You can't "run out" of debt or go to the bank and get your debt in negative dollars. So without paying careful attention to financial rules like compound interest, dealing with debt is something that humans just aren't inherently very good at.
dpierce9 13 hours ago 1 reply      
One wrinkle here is that some debts have variable rates. For instance, if you have a balance with a 3% variable rate and one with a 5% fixed rate, but you are in a rising interest rate environment, the 5% fixed rate loan is effectively a hedge on the 3% loan. It drags up your effective loan rate while interest rates are lower than 5% but it lowers your effective rate if rates rise above 5%. You can determine whether this is a valuable hedge by estimating the likelihood of rates exceeding 5% long enough to make exceed the cost of the hedge.
swehner 13 hours ago 0 replies      
Even professional economists struggle to understand the exponential function.
PaulHoule 9 hours ago 0 replies      
What is scary is that "how to manage money" is secondary to "how to manage debt". For the most part I have thought about my bank balance first and figured that my credit score would take care of itself and that has generally been the case.
larryla 6 hours ago 0 replies      
Same reason people don't manage their weight better; the bad behavior is instantaneous and easy, the good decisions are extremely lengthy and difficult.
blahdeeblah 5 hours ago 0 replies      
Color me shocked that most MBA students don't have enough math skills to intuitively choose an optimal payoff strategy.
jonesb6 10 hours ago 1 reply      
We have an entire generation growing up with the idea that large debt is natural and acceptable. I've had countless friends go down $10,000 in debt and say "what's $20,000 in debt really?" and it's a vicious cycle from there.
hcmag 13 hours ago 6 replies      
Could someone well-versed with bankruptcy please explain the pros/cons of going that route? I have heard that credit card debt is essentially free money because filing for bankruptcy will wipe out all the debt.

If you already own a home/car, and have no intention of getting a loan in the next 10 years, what is wrong with this strategy?

brightball 13 hours ago 0 replies      
There are a number of factors in the way that people manage debt payments that the article seems to question as illogical.

Just take a standard setup of a mortgage where we'll give a generous 7% interest rate, along with a couple of credit cards with a 15% rate and let's put some decent sized balances here for sake of comparison:

$300,000 mortgage @ 7% over 30 years$10,000 credit card @ 15%$20,000 credit card @ 15%

This is a random hypothetical with numbers made up out of thin air and without factoring in tax deductions. From a sheer cash flow perspective, say you have $4,000 to apply to your payments and the minimum payments are something like:

$2,500 for the mortgage$300 for the first credit card$500 for the second credit card

So you've got a total of $3,300 in payments with an extra $700 to use to accelerate payments that you've got to decide how to allocate between them.

If I apply it to the mortgage, this would be how the payment structure pans out over time (using Debt Repayment calculator)

$300,000 at 7% with payment $2,500 = 208 months or 11.4 years to payoff with $212,241.36 in interest (total paid $512,241.36)

$10,000 at 15% with payment $300= 44 months or 3.5 years to payoff with $2,983.59 in interest (total paid $12,983.59)

$20,000 at 15% with payment $500= 57 months or 4.75 years to payoff with $7,802.46 in interest (total paid $27,802.46)

Now, let's look at two strategies to applying the extra $700 cash with the mortgage vs the small debts.

First the mortgage way:

$300,000 at $3,200= 137 months or 11.4 years to payoff with $184,138.98 in interest (total paid $484,138.98)$10,000 at $300 = 44 months or 3.5 years to payoff with $2,983.59 in interest (total paid $12,983.59)$20,000 at $500= 57 months or 4.75 years to payoff with $7,802.46 in interest (total paid $27,802.46)

Now the smallest debt way:

$10,000 at $1000 = 12 months years to payoff with $1,354.08 in interest (total paid $11,354.08)

But now our formula changes because after 12 months, I now have $1,000 to apply to the next smallest:

$20,000 at $500 for 1 year (total interest $1,642.62, principle paid $4,357.38)$15,642.62 remaining principle then at $1,500 after one year= 12 more months to payoff (24 months total) with $2,091.00 in interest (total paid $23,733.62)

And now after 24 months I have $1,500 to apply to the mortgage.

$300,000 at $2,500 for 24 months (total interest $24,489.39, principle paid $35,510.61)and then at $4,000 after that on the remaining $264489.39= 86 more months to payoff with $107,086.21 in interest (total paid $442,597)

When you factor in cash flow into a total debt payment allowance you end up with an increase in applied payment if you payoff the small stuff first. The result here is a total net payment of $477,684.70 and no debt after 110 months or 9.16 years vs a total net payment of $524,925.03 and continual debt payments for 11.4 years.

EDIT: I need to go back in and adjust the mortgage way to accelerate payments more when the 2 credit cards are paid off. My bad.

kamaal 9 hours ago 0 replies      
Debt is basically an illusion that you owe money in the future. And people commit things for the future without thinking about the consequences. Its always easier to commit to eat healthy food next week, or planning to go to gym next year- But doing them in the present is what is difficult. For the very same reasons people are bad at saving and investments. They think they have a lot of time in the future, so they might as well splurge a little today.

From that perspective, you always feel you have time to buy a home, or start saving for a personal retirement fund. Or time to pay off your credit card bills, or the illusion that you borrow money for luxury today and defer it for the future.

As time passes and you become more cognizant of the fact that your energy levels and motivation to commit to large financial slogs like a house or a retirement fund are wearing thin, you just think you should've started being a little disciplined long back.

Mz 9 hours ago 0 replies      
"Managing debt" is an oxymoron. You have to manage your life better in order to reduce debt. Most things that talk about debt or money management or budgeting talk about it like it is a math problem. It isn't. It runs a lot deeper than that.
orionblastar 10 hours ago 0 replies      
I used to manage debt and save money until I got too sick to work and ended up on disability. NO my wife and son and I live paycheck to paycheck and had to file bankruptcy chapter 13 due to medical debt. If I didn't get sick I'd be managing my debt better. Even with health insurance you can still rack up a lot of debt and go over your head.

I worry that one day we might lose the house and end up homeless. I am not medically cleared to work, and trying to find work as a freelancer when you are disabled is really hard to do. Can't get a 9 to 5 job either. I have a mental illness and medicine that threats it that makes me drowsy and hard to focus and concentrate. I can't even drive a car anymore.

anon4 13 hours ago 1 reply      
Don't fall into debt. If you must fall into debt, then do so to a friend at no interest. If you still have to fall into debt, do so to a reputable bank and pay it off as quick as you can - sell whatever assets you have if you must.

This of course applies to private individuals, not companies, banks or other institutions.

8088 microprocessor IP core fits in 308 LUTs, runs at 180MHz on a Kintex-7 FPGA xilinx.com
107 points by ingve  11 hours ago   51 comments top 13
mutagen 10 hours ago 4 replies      
Note that this core runs at ~100 MHz to get equivalent performance (cycle accurate timings) to the original 4.77 MHz 8088. The big deal is the relatively small number of LUTs used, leaving plenty of room for more stuff.

There's more from the creator at http://www.eetimes.com/author.asp?section_id=216&doc_id=1328... including this nice tidbit:

The result is the MCL86, which is basically a 7-instruction, 32-bit micro-sequencer. Some of the micro-sequencer's instructions are specialized so as to allow it to rapidly decode instructions as well as nest function calls. With these seven instructions, I was able to microcode all of the 8086 opcodes in a relatively small number of micro-sequencer clocks.

A video of this running 8088mph would be awesome, they already have a number of videos of this running other stuff on a PC: https://www.youtube.com/channel/UC9B3TaEUon-araO2j7tp9jg EDIT: There is a video of it runnin 8088 mph that polpo linked!

tzs 8 hours ago 3 replies      
> Just how many LUTs is 308? The smallest Kintex-7 FPGA is the K70T with 65,600 logic cells (the logic equivalent of a classic 4-input LUT and a flip-flop according to User Guide UG474), so were talking about a resource consumption of much less than 1% of that very small programmable device.

So...you could put 100 8088 work-alikes on one FPGA?

At the risk of inducing /. nostalgia in the old timers here...can you imagine a Beowulf cluster of these?

ChuckMcM 9 hours ago 3 replies      
That is so freaking awesome. CPLDs are approaching 308 logic blocks :-). And given the small footprint of the core it suggests you could probably build the entire IBM PC architecture on a single FPGA with CGA or Hercules Mono framebuffer support. Then boot Microsoft Flight Simulator and chortle at how much imagination you needed to use to believe you were flying a plane.
huangc10 9 hours ago 0 replies      
This is sweet. Been a while since I worked in HW after switching to full time SW but this kind of news just makes me chuckle.

Say a modern day FPGA has 10 million gates. 6 gates/LUT. That gives 1.6 million LUTS. Let's say half are used up by other IPs and IOs within the chip. 800k/308 = ~2500.

You could have 2500 of the 8088 running at 180MHz simultaneously. Why? For science.

danjayh 9 hours ago 1 reply      
I haven't done any VHDL in about 9 years. Anyone know of a good site/tutorial to run through that starts out relatively basic and goes through to advanced topics? (bonus points if it has step-by-step instructions for a low cost / free for noncommercial dev environment).
david-given 9 hours ago 0 replies      
I wonder how much extra space it would take to emulate all the weird-ass IBM XT peripherals and end up with a true 8088 embeddable-system-on-a-chip? Plug that into a cheapo SD card (or even a serial EEPROM) and you'd have a standalone machine that would run DOS.

That could actually be useful.

bitwize 10 hours ago 1 reply      
Let's see 8088mph run on that baby.
fpgaminer 10 hours ago 1 reply      
I'm curious why it only runs at 180MHz on a Kintex-7. The Kintex-7 can do 32-bit additions at 400-500MHz, so it's odd to see an 8088 running at less than half that. The article mentions that removing the cycle accurate constraint would allow it to run faster, so perhaps that's why.
muterad_murilax 10 hours ago 4 replies      
I'm sorry... IP? LUT?

EDIT: Thanks for the explanations, guys!

bifrost 10 hours ago 2 replies      
This is pretty cool, and should remind everyone that the 8088 and even the Zilog80 CPUs are still relevant and used to this day.
atemerev 8 hours ago 0 replies      
Incidentally, the smallest model organism with a nervous system, C. elegans, has 302 neurons.

Coincidence? Don't think so.

chriscappuccio 11 hours ago 1 reply      
Sweet Jesus
Gratsby 6 hours ago 0 replies      
I know at least a dozen of these words.
Half the world to be short-sighted by 2050 sciencedaily.com
43 points by elorant  8 hours ago   60 comments top 13
krapht 7 hours ago 3 replies      
Afaik research shows this is the result of increasingly less time spent outdoors in the presence of intense light.

Going forward I think more intense indoor lighting is probably the solution, since the burden of study and education is only going to increase going forward.

Or, biomedical engineers make a major breakthrough in the performance of synthetic eyeballs, which I actually think is probably pretty likely by 2050. I'm totally ready for eagle-vision and being able to see more colors of light.

fpoling 6 hours ago 1 reply      
We simply do not know what caused the current increase in myopia. Hypothesis range from diet changes to too much time indoor where the light is either not intense in general or lacks intense blue component (indoor lighting is too warm in spectrum).

So projecting into 2050 is just a wild game as any of the factors can change in 35 years.

hanniabu 5 hours ago 0 replies      
This year I've spent more time on a computer than one should. Previously I wasn't much on the computer and was out and about but this year I've spent probably about 14 hours a day on the computer (working at home). I can attest that in this year my eye sight has worsened almost 100% due to this. I hadn't noticed until about a month ago when I went on a long drive (normally didn't get out much b/c I worked from home) and I realized I was having a real difficult time driving because I couldn't really focus. It's like starring at a screen ask day with constant depth weakened my eyes ability to focus on different depths. The whole time I was driving, it felt like I was starring blankly even though I was actually trying to concentrate on certain things, like going from looking at the car in front of me to the traffic ahead. The whole time felt like I was just starring at a flat surface even though I wasn't.
magoghm 6 hours ago 1 reply      
I've spent most of my life indoors, looking at objects very close to my eyes (books and computer screens), in low light conditions. Everybody kept telling me I would become nearsighted if I kept on doing it.

I'm now 55 years old, and I don't think I will ever be nearsighted. Actually, for the last 5 years I've been using reading glasses when I need to read books with small print as I can't focus anymore on objects which are very close to my eyes (that's presbyopia which comes from my age and is like the opposite of nearsightedness).

brandonmenc 52 minutes ago 0 replies      
By 2050 everyone will have implantable lenses, so it won't matter.
amelius 7 hours ago 2 replies      
If we all started wearing VR goggles with the focal point at infinity, could this trend be reversed?

Anyway, it would be a good reason to use a virtual desktop at infinity instead of a real one at 1ft distance.

andrewclunn 1 hour ago 0 replies      
Couldn't this just be the result of people living longer? I mean the trend likely won't be extrapolated out.
yogthos 4 hours ago 0 replies      
If there are are still humans around by then. :)
fideloper 5 hours ago 0 replies      
Who's got the startup selling to this growing market?
janzer 7 hours ago 4 replies      
Short sighted? Clicking on this article I thought it was going to be some half in jest article about not adopting long term sustainable policies. I've worn glasses for myopia since I was 9, have been at a number of ophthalmologist conferences, and have otherwise been somewhat more exposed to the field of optical medicine than average. I'm pretty sure this is the first time I've seen the term short sighted used instead of near sighted for myopia.

The original article seems not to use either term but sticks with myopia as would be expected. I'm guessing this is a reporter mistranslation of the medical term?

The original paper is "Global Prevalence of Myopia and High Myopia and Temporal Trends from 2000 through 2050" and can be found at http://www.aaojournal.org/article/S0161-6420%2816%2900025-7/...

kazinator 6 hours ago 1 reply      
More succinct:

50% 20/50 by 2050

kaspm 5 hours ago 0 replies      
The world is already short-sighted (e.g. Climate Change)
product50 6 hours ago 3 replies      
Hopefully evolution takes care of this eventually?!
What Is the Secure Enclave? mikeash.com
134 points by ingve  12 hours ago   48 comments top 11
stcredzero 8 hours ago 2 replies      
In a more ideal world, all devices would have something like the Secure Enclave, but with the hardware and software open sourced. There would be a public process for vetting and verifying the design, as well as for verifying embodied instances. Ideally, it would be implemented in such a way that the security could be mathematically provable. This would let the public have the benefits of trusted execution, which they could then use to protect their information in the hands of corporations and governments.

This is the exact same asymmetry embodied in openness/privacy/surveillance. When governments and corporations have unfettered access to people's private information, this is very bad for human rights and an open democratic society. On the other hand, when individuals have open access to information from government organizations and corporations, this is generally good for human rights and an open democratic society.

Organizations using trusted execution technologies against individuals has been a disaster for individual rights. However, empowering individuals to use such technologies to protect them against corporations would have tremendous benefits for individuals.

equalarrow 1 hour ago 0 replies      
I think one thing that needs to be said is Mike Ash is just one of those super humans where Apple & code are concerned.

I've been reading Friday Q&A for years and the posts never cease to amaze. He doesn't politicize or whine about anything. It's always thoughts from a teacher, a master.

I wish there was more in the tech world like him. Thanks Mike!

awqrre 3 hours ago 1 reply      
If "secure enclaves" are actually secure, companies manufacturing those "secure enclaves" could just log the encryption key(s) at fabrication time to render them useless?
gh02t 8 hours ago 1 reply      
So one thing this article kind of takes granted/doesn't describe is physical security of the Secure Enclave. What exactly is done (physically) to make it tamper proof? How is the UUID stored in such a way that the Secure Enclave can still read it, but somebody with access to unlimited resources can't dissect the processor die to read it out? I understand that there have to be some sort of countermeasures, but I haven't ever really seen anybody describe what they are.
thrownaway2424 9 hours ago 5 replies      
I take it these suspects didn't have any backups of their phone? It clearly cannot be the case that the backup can only be decrypted by the original device, since the entire point of the backup is to be able to restore it to a different device.
CGamesPlay 7 hours ago 0 replies      
> Given the goal of protecting the user's data, it would make a lot of sense for the Secure Enclave to refuse to apply any software update unless the device has already been unlocked with the user's passcode.

This is also speculation, but perhaps this is why you have to enter the passcode on device reboot. This may be simply a software protection (see talk about being compelled to provide a fingerprint), but it may actually be a necessary step for the secure enclave to boot as well.

I also suspect that Tim Cook's announcement doesn't mean to imply that such a theoretical attack currently exists, but rather than one may exist in the future that Apple could be compelled to comply with.

cromwellian 9 hours ago 1 reply      
Trusted computing modules have been broken before. Someone presented a working attack a few years ago at BlackHat using an electron Microscope to figure out how to crack the TPM in the Xbox.
pcora 8 hours ago 0 replies      
Couldn't we find more about this by searching for patents around the Secure Enclave submitted by Apple Inc?
rwmj 9 hours ago 2 replies      
On my Android phone, I have to unlock the screensaver and approve updates. Is it the same on the iPhone? If so, it seems as if the FBI are wasting their time asking Apple to update the phone, since they'd have to unlock it first.
numlocked 7 hours ago 1 reply      
Is it possible that the enclave is in fact an ASIC with the crypto logic and udid burned into the silicon? That would ensure that it couldn't be updated or compromised, by Apple or anyone else.

This is pretty far outside my area of expertise, so that may be a very dumb question.

wrong_variable 9 hours ago 1 reply      
You have to hand it to apple - they are awesome at naming.
Terrain Generation with Midpoint Displacement stevelosh.com
47 points by stevelosh  9 hours ago   7 comments top 5
munificent 5 hours ago 1 reply      
I remember learning about midpoint displacement as a teen and having its recursive implementation blow my mind. At the time, I don't think I could ever implement it correctly because, like Steve notes here, most explanations really elide about bunch of details around how you do it. In particular, they aren't clear how you do two "stages" of midpoints: corners to sides, then sides to center.

Much later, I got it working, but I was disappointed with the visible seams it tends to lead to. After some trial and error, I came up with an algorithm I liked better for the game I was trying to write at the time.

I thought it was cool enough that I wrote a little tutorial. It's the very first piece of writing I ever put on the web, I think. It's still online (though, alas, I lost my old robot-frog.com domain ages ago):


kazinator 6 hours ago 1 reply      

 (defn safe-average [a b c d] (let [total 0 count 0] (when a (add! total a) (inc! count)) (when b (add! total b) (inc! count)) (when c (add! total c) (inc! count)) (when d (add! total d) (inc! count)) (/ total count)))
Doesn't appear so safe against division by zero!

jchung 8 hours ago 0 replies      
Live demos were definitely helpful. Nicely done tutorial!
teddyh 7 hours ago 0 replies      

 $ man triangle NAME triangle - random mountains using iterative subdivision of triangles.

 $ /usr/lib/xscreensaver/triangle

smrtinsert 6 hours ago 0 replies      
This reminds me, does wisp work on Windows yet?
Papers of the Father of GIS Come to the Library of Congress loc.gov
21 points by Oatseller  6 hours ago   discuss
       cached 20 February 2016 05:02:02 GMT