hacker news with inline top comments    .. more ..    2 Mar 2016 News
home   ask   best   3 years ago   
Diffie and Hellman Win Turing Award nytimes.com
976 points by matt_d  13 hours ago   67 comments top 22
titzer 12 hours ago 1 reply      
For a couple years I had an office across the hall from Diffie at Sun Labs and spent many a Friday evening Sun Labs Bash chatting with him about various topics of all kinds. Diffie is a kind and gracious man, well versed on a broad range of topics, a lot of fun, and well, a better dresser than I. Congrats to him and Martin Hellman!
imglorp 12 hours ago 2 replies      
Interesting story about Diffie testifying at the Newegg trial.


Kinnard 12 hours ago 2 replies      
I think it's clear that this is very uncoincidentally an extremely timely award. The average person may have no idea, but we are in the middle of a cryptowar[1].

[1] http://reason.com/archives/2013/03/12/the-second-great-crypt...

bachback 11 hours ago 1 reply      
Both gave speeches about the history of their research:



Merkle had a huge influence also: https://en.wikipedia.org/wiki/Ralph_Merkle

dmbaggett 3 hours ago 0 replies      
I attended the panel today when this was announced, and regarding the omission of Ralph Merkle, both recipients explicitly acknowledged him by name. Diffie specifically said that they built upon his prior work.

It also occurred to me that Moxie Marlinspike was in the unusual position of being the only one on the panel of five not to have (yet!) received a Turing Award. (He came off very well nonetheless.)

(In addition to Diffie and Hellman, the other two Turing-awarded panelists were Ron Rivest and Adi Shamir.)

DenisM 12 hours ago 2 replies      
Any advice on what paper of theirs to read in celebration of the event? Something approachable.

When Lamport got his in 2013 I took the time to read "Time, Clocks, and the Ordering of Events in a Distributed System" [1]. Been sleeping under the rock since then.

[1] http://www.ics.uci.edu/~cs230/reading/time.pdf

fjarlq 12 hours ago 1 reply      
Martin Hellman explains what he plans to do with his share of the Turing Award money:


throwaway6497 12 hours ago 4 replies      
I used to wrongly think you need a PhD to be able to win a Turing. Diffe proved me wrong. He serves as an inspiration to anyone who mentally feels inferior to PhDs when it comes to making significant contributions to the field of Computer Science
nathan_long 10 hours ago 1 reply      
I just found these free-to-watch episodes on crypto, featuring interviews with Diffie and Hellman: http://simonsingh.net/media/online-videos/cryptography/the-s...

This is by Simon Singh, who wrote the excellent book "The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography", including a chapter on DiffieHellmanMerkle key exchange.

pklausler 12 hours ago 1 reply      
Poor Ralph Merkle. Diffie and Hellman always seem to have gone out of their way to acknowledge his contribution to public key encryption, but it looks like the ACM overlooked it.
drallison 12 hours ago 0 replies      
The ACM announcement: http://amturing.acm.org/award_winners/diffie_8371646.cfm

Marty and Whit deserve kudos for their important work in cryptography.

haberman 10 hours ago 0 replies      
It speaks to how exclusive an award this is that these guys hadn't won it already. It's hard to think of achievements in computing that are as important or influential as public-key cryptography.
akoster 6 hours ago 0 replies      
Since the article doesn't quote Martin Hellman here's sons of his words on cryptography (from an interview after receiving a different award): http://news.stanford.edu/news/2011/march/inventor-prize-hell...
anaphor 10 hours ago 0 replies      
Seems like a good place to link this awesome panel from Defcon 19 with Whitfield Diffie and Moxie Marlinspike on SSL/PKI/etc https://www.youtube.com/watch?v=lt7uW6vDk00

Some of the Q&A is pretty weird

redthrowaway 12 hours ago 3 replies      
Is it usual practice for a Turing Award to be awarded so long after the work in question?
lukeh 10 hours ago 0 replies      
This was on the BBC last night:


lkowalcz 9 hours ago 0 replies      
Surprising it took this long. (Especially since, for example, RS and A have had Turing awards for more than a decade)
wbsun 2 hours ago 1 reply      
tl;dr version of the 2016 ACM Turing Award:

((g^a) mod p)^b mod p = (g^ab) mod p = ((g^b) mod p)^a mod p

-- The beauty of math.

signa11 4 hours ago 0 replies      
just curious, is anyone wondering why ralph-merkle is not here as well ?
64bitbrain 11 hours ago 2 replies      
yayy!! This is just great! Congrats to Martin and Hellman.

Why it takes such long time for Computer Scientist to achieve such Award. DH Algo has been well known for long time. On the other hand Physicists(Theoretical, Astro, ...) dont have to wait too long to gain such recognition.

maaku 6 hours ago 0 replies      
Why was Merkle not included?
bkinman 9 hours ago 0 replies      
Finally, took long enough.
OCaml 4.03: Everything else janestreet.com
87 points by yminsky  5 hours ago   30 comments top 9
xvilka 2 hours ago 1 reply      
And here is the pending effort for better experience of OCaml on Windows: https://github.com/ocaml/opam/issues/2191
GreaterFool 35 minutes ago 0 replies      
I really hope modular implicits will make it to the language one day. While OCaml libraries are no stranger to monads they usually only include `bind` and `return`.

Since I'm coming from Haskell I'm used to a vast Applicative and Monad vocabulary and making do with just `bind` and `return` is rather painful. So having a generic library of Monad combinators that one could use with any Monad would be great. Also, being able to just write `show x` is so nice!

Edit: while I often see "modular implicits are being worked on" it is not very clear whether there is a concrete plan to add them to the language. Is there any place in the official OCaml repository / issue tracking system / wiki etc where one could check the status?

BWStearns 3 hours ago 4 replies      
If I were already sold on using Haskell or OCaml for a new project, what would be the big seller for OCaml being the choice? I haven't dug into SML or OCaml and I'm not expert with Haskell yet but from looking at them they don't look substantially distant from Haskell.
e_d_g_a_r 4 hours ago 0 replies      
For anyone looking for an OCaml quick start: http://hyegar.com/2015/10/20/so-youre-learning-ocaml/index.h...
doomrobo 1 hour ago 0 replies      
Could anyone explain ephemerons further, maybe with examples? It seems really interesting.
zerosign 2 hours ago 0 replies      
how about SMT support for ocaml(multicore) ? Could it catch up to the current implementation (HEAD) or it's still in the process of moving its implementation ?
melling 5 hours ago 0 replies      
I recently started to learn OCaml. This blog post convinced me that it was worth learning:


I'm putting my notes on github, in case anyone wants a head start.


catnaroek 3 hours ago 2 replies      
Still no support for threads running in parallel? I guess things didn't go well: https://news.ycombinator.com/item?id=9582980
3327 3 hours ago 0 replies      
Basically JaneStreet realized its a tough time maintaining the repo if they are the only ones using it.
Ten lessons I wish I had learned before teaching differential equations (1997) [pdf] toronto.edu
154 points by JMStewy  7 hours ago   58 comments top 18
mightybyte 2 hours ago 1 reply      
I couldn't agree with the last point more.

> A course taught as a bag of tricks is devoid of educational value. One year later, the students will forget the tricks, most of which are useless anyway. The bag of tricks mentality is, in my opinion, a defeatist mentality...In an elementary course in differential equations, students should learn a few basic concepts that they will remember for the rest of their lives...

I hated the DE cleass I took in college and it was largely because I felt like it was nothing but a bag of tricks. I very distinctly remember one problem that seemed unsolvable until the teacher showed that you had to substitute a "2" with "1/2 + 3/2". And then, to make matters worse, he put the exact same problem on the test. So we were being rewarded, not for really understanding the core basic concepts, but for memorizing the tricks needed to solve specific problems.

mynegation 3 hours ago 3 replies      
My major is computational math, from 15 years ago, from leading Russian university, so it is just anecdata, and by no means should be generalized.

I absolutely love mathematics, for me it is the embodiment of pure beauty. Still, I positively, absolutely hated the sophomore course of ODEs. The way it was taught was extremely abstract: here is the equation, this is integration, this is separation, this is your SLP, now go deal with it.

It was totally pointless and life-sucking. It was not until I got to the 3rd year and learned about specific applications in physics (like heat dissipation, strings, and springs), and later in finance (stochastic calculus) and biology (e.g. Lotka-Volterra) when I realized how many wonderful and extremely useful applications they have.

Have this course started with that, things would be completely different.

graycat 5 hours ago 0 replies      
In the OP, the author Gian-Carlo Rotastarted out with:

> One of many mistakes of my youth waswriting a textbook in ordinarydifferential equations. It set me backseveral years in my career in mathematics.However, it had a redeeming feature: itled me to realize that I had no idea whata differential equation is.

Wow! Good to see that he wrote this.Looking at his book,

Garrett Birkhoff and Gian-Carlo Rota,Ordinary Differential Equations, Ginnand Company, Boston, 1962.

I got the same impression! I couldn't seewhat the heck they were driving at.Instead, they seemed to flit around with alot of tiny topics of little or nointerest for little or no reason.

Want to understand ordinary differentialequations, read Coddington:

Earl A. Coddington, An Introduction toOrdinary Differential Equations,Prentice-Hall, Englewood Cliffs, NJ, 1961.

Then for more, to make such equations muchmore important, read some deterministicoptimal control theory, e.g., Athans andFalb

Michael Athans and Peter L. Falb, OptimalControl: An Introduction to the Theoryand Its Applications, McGraw-Hill BookCompany, New York,

that, BTW, also has some goodintroductory, but very useful, material onordinary differential equations.

More generally, want to know what to studyin a subject that will be useful? Okay,one approach is to go to more advancedmaterial that is an application of thatsubject and see what that materialemphasizes for prerequisites, e.g.,sometimes quite clear in an appendix.

E.g., Athans and Falb say quite clearlywhat is important in ordinary differentialequations for their work.

gajomi 11 minutes ago 1 reply      
I would be very curious to see if Gian Carlo Rota had anything to say about Stephen Strogatz's view on this. Strogatz's text (which was written three years before this article, right before he left MIT), is much beloved by many scientists and engineers, but most mathematician's will have complaints about it.
analog31 4 hours ago 3 replies      
I once told a math teacher at a Big Ten university, that I thought their undergrad math instruction for engineers was weak. As an example, I said that I didn't think students learned any engineering applications of differential equations. He looked at me with a straight face and said: "There are no engineering applications of differential equations."
p4wnc6 5 hours ago 1 reply      
I'm proud to report that at my undergrad institution, Rose-Hulman Institute of Technology, they very successfully adhered to these rules (and I was taking ODEs there way back in 2005).

They had a custom textbook created for their 2-course ODE sequence that several of the faculty collaborated on. Though it did contain content on uniqueness theorems and some proofs, far and away the biggest two items hammered in were (a) linear equations with constant coefficients, and (b) Laplace transform methods.

They also offered (at the time) a 3rd, optional course called Boundary Value Problems that was focused on several physics-motivated BVPs like with Laplace's equation, heat equation, wave equation, Young's modulus, and others, and that course heavily used Fourier and Laplace methods.

We did have word problems, but they were almost exclusively "salt tank" problems. Literally, every word problem described a tank of water or pre-mixed brine solution, with some description of either more salt or more water being added or removed, either gradually or in discrete injections.

The fact that every problem was an infamous "salt-tank problem" essentially made its status as a word problem irrelevant. This seems like it wouldn't be that helpful but actually it was really nice. You got so used to the different pieces that comprised the modeling problem that when you went off and did something in other courses, like circuit systems or conservation systems in mechanical engineering, you knew how to translate the problem to 'salt tank' form, which really covered a huge range of practical problems.

As a math major, one fault I noticed of this method was that it did not make the connections to linear algebra very clear. It took me another few semesters afterward to catch up on that part, but I can understand how engineering majors cared less about that.

I don't know what Rose-Hulman does for this curriculum now, but it would be cool to somehow take a "snapshot" of their methods for it and compare it with other experiences like this OP.

pkrumins 5 hours ago 5 replies      
One lesson academics should learn: pdf-naming-skills.pdf.

I've been collecting interesting scientific papers and publications since early 2000 (I've a collection of 10,000 or so) and I've not yet seen a single academic, not even a computer scientist, who understands how to name your documents right so that when I download them I could quickly find them. I've to rename every single pdf. It's infuriating.

Someone should teach academics an SEO course.

backprojection 5 hours ago 2 replies      
> Some thirty or so years ago, Bessel functions were included inthe syllabus, but in our day they are out of the question.> Teaching a subject of which no honest examples can be given is, in my opinion, demoralizing.

I don't get this. Differential equations theory is about proving existence and uniqueness of solutions. If you have to use numerical techniques to actually compute the solution, then that's perfectly fine. After all, even if the solution is explicit, like sin(x), or especially a special function, then we still need to use numerical techniques to actually evaluate that explicit solution.

vlasev 2 hours ago 0 replies      
He was the author of Indiscrete Thoughts[1], a great book on Mathematics.

[1] Review here: http://www.maa.org/publications/maa-reviews/indiscrete-thoug...

jonesb6 25 minutes ago 0 replies      
I 100% believe DE 1 and 2 are courses used to weed out computer science students who don't meet a certain criteria. Whether this is good or bad is highly debatable imo.
danidiaz 1 hour ago 0 replies      
Where can I find an expansion of the intuitive explanation given for integrating factors?

> It is of the utmost importance to explain the relation between the solutions of the differential equation and the solutions of the system. The solutions of the system are trajectories, they are parametric curves endowed with a velocity given by the vector field. The solutions of the corresponding differential equation are integral curves, and their graphs are the graphs of the trajectories deprived of velocity. Often, instead of solving the differential equation, it is more convenient to solve the corresponding autonomous system.

Kinnard 6 hours ago 1 reply      
"We are kidding ourselves if we believe that the purpose of undergraduate teaching is the transmissionof information. Information is an accidental feature of an elementary course in differentialequations"
swehner 5 hours ago 1 reply      
The last point may well be the best, "TEACH CONCEPTS, NOT TRICKS"
RickHull 1 hour ago 0 replies      
Wow. I managed to skip Diff-e-q in my C.S. curriculum, and I always wondered if was the worse for it. Perhaps I was prescient.
mathgenius 1 hour ago 0 replies      
Does anyone else get the urge to spend the next few hours (or days) trying to work out (at least the basics of) everything Rota is talking about here?

Mathematicians have so much fun..

seansmccullough 1 hour ago 1 reply      
I got an A- in my differential equations class in college. I still wasn't sure what a differential equations was at the end. My pattern matching skills got a good workout, though.
solipsism 2 hours ago 2 replies      
Could someone give some examples of applications of numerical methods for solving differential equations that are relevant to a HN crowd? Also, where might I find some introductory material that teaches it well, according to the the suggestions in the OP?
rafinha 4 hours ago 2 replies      
"FORGET ABOUT EXISTENCE AND UNIQUENESS OF SOLUTIONS" what? most important thing about differential equations.
Free React.js Fundamentals Course reactjsprogram.com
537 points by tm33  14 hours ago   85 comments top 23
tm33 11 hours ago 0 replies      
I don't know what to say. I'm deeply humbled by all the kind comments in here. Thank you all so much, truly.
noobie 12 hours ago 8 replies      
Honest noob question, what's with all the hype about React?

Edit: Awesome replies, thank you!

eecks 11 hours ago 12 replies      
Really can't decide to go ahead with an Angular approach (2.0) or use React. I know React is only for the view layer so what are people using with React to do stuff like api calls?
zbuttram 14 hours ago 2 replies      
Tyler's course on egghead.io was amazing, can't recommend his content enough.
sergiotapia 10 hours ago 1 reply      
"Why should I use React?"

Read this: http://reactfordesigners.com/labs/reactjs-introduction-for-p...

If this article does not convince you, React is not for you and that's OK.

bpesquet 13 hours ago 0 replies      
A nice example of what can be done with the Teachable platform (https://teachable.com).
imh 1 hour ago 0 replies      
I wish there was some way to speed up the videos.
brosky117 13 hours ago 1 reply      
I've watched both his React and React Native tutorials and loved both of them!

I had the chance to talk with him after a local JS meetup and he was super nice. Can't recommend his stuff more.

yexponential 6 hours ago 2 replies      
Serious question, and sorry(?) for bringing this up. But is everyone here really okay with reacts licencing?

Apart from stubbornly refusing to accept embedding html in js directly is a good idea (although I see the pros), licencing is the main reason I avoid this ecosystem altogether. Even though it has an outstanding community.

perhaps I'm making a deal out of nothing.

In any case will definitely take the course, im sure it will be as excellent as the others. Many thanks for your efforts Tyler.

pmontra 10 hours ago 0 replies      
Login problems: at http://courses.reactjsprogram.com/courses/enrolled I'm logged in, then I click on the course and go to http://courses.reactjsprogram.com/courses/reactjsfundamental... and I'm logged in. Then I click any of the Start buttons and I'm not logged in anymore (Lecture contents locked - Enroll in Course to Unlock).

Opera on Android, cookies enabled; Adblock Plus enabled or disabled, no changes.

Edit: I checked with Firefox and Opera on Ubuntu and it works.

joshmanders 13 hours ago 1 reply      
Great work Tyler! You're one of the reasons I even am remotely interested in React. You're a very good teacher.
ausjke 11 hours ago 4 replies      
Just started learning js etc. Was told Angularjs has everything loaded so it's easy for beginners, while React is better for the more experienced who knows how to pull various things together? is this true? if so is there a "React-stack" for me to start with?
christopher_ 14 hours ago 0 replies      
Hi Tyler! I'm a big fan of your blog and I really enjoyed your egghead course. Thanks for making this. Just signed up.
halayli 12 hours ago 1 reply      
Thanks Tyler! It might be helpful to also add redux + async to it.
mgadams3 14 hours ago 0 replies      
Ive been following your blog for a while. Just signed up. Thanks!
evo_9 10 hours ago 2 replies      
Is anyone using React with .Net (http://reactjs.net)? If so how has your experience been? This would seem to fit well with a MVC WebApi backend.
sotojuan 12 hours ago 1 reply      
I think I'm going to go through this this coming weekend, even if I am comfortable with React. Tyler is a great teacher and I could use help with the router and webpack.

Thanks for making this free!

artf 10 hours ago 0 replies      
Truly convincing!!!Hope to master soon this so acclaimed React (is that so productive?!?) Thank you so much for posting this resource
troncheadle 14 hours ago 0 replies      
Thanks for posting this! I've been dragging my feet about learning react for a week or so now and I think this will push me over the edge. Much appreciated.
enraged_camel 9 hours ago 1 reply      
Here's a potentially dumb question about React: can it be used inside a client-side application that was written using Angular?

Part of my job involves customizing a commercial, closed-source web application that lets you build web forms. The application's front-end was written using Angular, but it lets you add your own custom JavaScript to add more functionality to forms, such as character counts, hiding/showing relevant fields based on conditions and auto-capitalization of user input. Basically, each form has its own JSFiddle-like section that gets published alongside the form.

We currently use native JS and JQuery for these customizations, usually within a monolithic document.ready block. The problem is that our code can get pretty complex, especially when hooking up multiple event handlers to the same elements. I've been thinking that React may be able to solve this problem, but I'm uncertain about using it alongside Angular, especially since I have no control over the latter.

Based on this description, would there be any advantages to trying to shoehorn React into our projects, or should we stick with native JS and JQuery?

mgrpowers 11 hours ago 0 replies      
This is awesome! Thank you!
idibidiart 6 hours ago 0 replies      
When you're ready for it, improve your React game with GraphQL/Relay! :)


adakkak 6 hours ago 0 replies      
hi, I am wondering if the website is built on top of existing elearning systems.


FBIs Comey Concedes Mistake Was Made Over iPhone in San Bernardino Case wsj.com
243 points by gist  11 hours ago   157 comments top 20
Zizzle 9 hours ago 7 replies      
"During his testimony today, Comey dismissed the notion that Apples assistance in the San Bernardino case would impact other phones, reiterating his belief that any code Apple created to help in this case would only work on Farooks phone."

And that belief is based on what exactly?

Apple has being saying the opposite. Apple doesn't know it's own code? FBI knows it better.

alblue 8 hours ago 1 reply      
I sat through the YouTube presentation (which is available at https://www.youtube.com/watch?v=g1GgnbN9oNw if you have four hours to spare). In general the discussions were quite well presented, apart from a couple of rabid questioners suggesting that public security trumped any one individuals' right to personal security.

I've written up a summary of the hearings at InfoQ here: http://www.infoq.com/news/2016/03/apple-fbi-congress

The general responses from Apple were that it wouldn't be possible to write this just for one phone; that once the FBiOS was available for one it would be available for any phone. Dr Landon also highlighted the fact that most people now use their phones as part of a two-factor authentication, and that the easiest way to break into a system (such as the IRS leak) is to compromise login credentials. The fear is, therefore, that once pandora's box is opened that the operating system would be installable on any device and thus potentially give access to any state actor to any account simply through device compromise.

The entire hearing was very well laid out, though in a few cases Apple's witnesses weren't quite as fluid as the FBI's.

The congress members have five days to ask additional questions, after which presumably a report will be made. More information is available at the House page here:


studentrob 2 hours ago 3 replies      
Manhattan District Attorney Cyrus Vance sums up the DOJ's position quite succinctly. Emphasis added

> "Apple has created a technology which is default disk encryption. It didn't exist before. It exists now. Apple is now claiming a right of privacy about a technology that it just created. That right of privacy didn't exist before Apple created the technology." [1]

Wrong. The first and fourth amendments grant rights to privacy. The exact transcripts of what we say in the privacy of our homes, prior to a warranted wiretap or without witness testimony, are not the subject of law enforcement's investigation. Our entire history of digital communications should not be open for government surveillance. It would be overreach to try to implement, and anyway it is impossible to guarantee without destroying the US tech industry and turning us into a big brother state.

[1] https://youtu.be/g1GgnbN9oNw?t=4h46m22s

matt_wulfeck 10 hours ago 3 replies      
> If I didnt do that, I ought to be fired, honestly,

There is a serious problem here. If you ask me any government official who forces a backdoor down the throat of a private company ought to be fired, yet he believes he should be fired if he DOESN'T do it.

There's a very big divide happening right now in the US. This is going to be a rough time.

criddell 9 hours ago 4 replies      
> During his testimony today, Comey dismissed the notion that Apples assistance in the San Bernardino case would impact other phones, reiterating his belief that any code Apple created to help in this case would only work on Farooks phone.

I hate this kind of willful ignorance. That update, if properly signed, will work on similar phones. The software is distinct from the signing and it's the software that Apple doesn't want to create.

Or maybe Comey believes that every time his phone is updated, an engineer in Cupertino lovingly arranged the bits for him.

lowpro 8 minutes ago 0 replies      
If anyone watched the entire hearing today, Personally I was astounded by the misunderstandings of both the director and everyone asking the questions, it seemed that only one or two of them understood what Apple was trying to say in a technical sense.
bsirkia 10 hours ago 1 reply      
"Oh wait, our attempt create a backdoor to every private citizen's iPhone, using a single terrorism case as a trojan horse, has been discovered? Oops sorry but we still need those backdoors."

It also amazes me he thought it was a helpful metaphor to say that the FBI doesn't want a backdoor, just for Apple to take the vicious guard dog away and let us pick the lock. I think every American would prefer having a guard dog protecting their personal property and data than just let these liars pick the lock.

jonlucc 7 hours ago 1 reply      
Does anyone know what happens if Apple loses engineers over this? Not that it's likely, but I could see someone saying "I came here to build secure systems, not break them". Does the government bear costs to replace or retrain? If enough quit, can the government compel them to stay to complete the task?
Cheezmeister 4 hours ago 0 replies      
TL;DR: "Yadda yadda terrorists something something guns kill people blah blah blah think of the children yadda AMERICA."

Truly, I'm getting weary of all the nearly-identical news of Uncle Sam's assault on digital privacy. If the strategy is to desensitize and wear down the US populace, it's working.

eganist 10 hours ago 0 replies      
"We made a mistake, but you must still help us!"

You know, the sad part about this (paraphrased) quote is that it'll probably be used as justification by the California court system to rule on this case specifically rather than on the circumstance more broadly. I wonder if that's Comey's strategy in admitting the error.

thecosas 10 hours ago 0 replies      
The Congressional hearing is happening now: http://www.c-span.org/networks/?channel=c-span-3
ibejoeb 7 hours ago 0 replies      
Lots of interesting stuff in this session.

"We are a rule-of-law country. The FBI is not cracking into your phone or listening to your communications except under the rule of law," says Comey (1:37). I suppose that's the NSA's job...


nightpool 9 hours ago 2 replies      
I feel like all of this talking about a "hard drive" that transports the tool around is a little speciousaren't Apples firmware updates signed? And the update itself would be IMEI locked?

The issue here isn't the reusability of the technologythe issue is the reusability of the legal precedent. And this is certainly a very scary precedent to set!

studentrob 4 hours ago 0 replies      
I'd love to see a transcript [2], or list of participants [4] and find out which representatives present lean towards Apple or towards the FBI.

I skipped around the video. I mostly saw support for Apple, with a few exceptions, one being Mr. Sensenbrenner.

Mr. Sensenbrenner, a House republican of Wisconsin, asked Apple what legislation they would support, and Mr. Sewell, Apple's general counsel, said they support debate on the subject [1]

The congressman was clearly bullying Mr. Sewell here and using his position as congressman to make it appear as though Apple is not being agreeable. Well, encouraging debate before writing one-sided legislation sounds like great teamwork to me.

The congressman should have been reminded that not supporting new legislation is a valid position, and that every problem we face need not be solved with new laws.

Perhaps Mr. Sewell is trying to be respectful to the congressman. But I think he should not shy from responding in kind. Treat others as they treat you. No one will judge you for it. I think Apple missed an opportunity here to say they do not feel new legislation is needed, since guaranteeing back doors into devices would be an abridgement of consumers' right to privacy, and Apple's right to create safe products for consumers as it sees fit.

Overall though this seemed like a productive session.

Mr. Gowdy, a House republican of South Carolina, also bullies Sewell in the same manner [3], literally asking Apple to lobby for legislation.

In other words he is saying, get some lobbyists, do my work for me, pay for my next election campaign and solve your own problem. I don't know how you could be more blatantly obvious about being a corrupt, useless politician.

[1] https://youtu.be/g1GgnbN9oNw?t=3h59m30s

EDIT transcript here, though no speaker names are given and quotes are cut short

[2] http://www.c-span.org/video/?405442-1/hearing-encryption-fed...

[3] https://youtu.be/g1GgnbN9oNw?t=4h36m35s

EDIT list of participants:

[4] http://pastebin.com/raw/rHqYpv3g

chatmasta 5 hours ago 0 replies      
I appreciate that Professor Landau emphasized the "arms race" between companies securing their systems, and adversaries breaking them. Companies push software with bugs, adversaries exploit the bugs (and hopefully responsibly disclose them), then the company patches the bug and pushes a new update.

Any iPhone <5 running iOS <8 is comically exploitable. This should drive home the point that as time progresses, older vulnerabilities become easier to exploit, so that leaving them unpatched becomes irresponsible.

If the FBI asks Apple to create new software to grant the FBI the ability to unlock the phone, they are effectively asking Apple to exploit a vulnerability in their software. By definition, Apple will know that vulnerability exists. In the "arms race," when Apple identifies a vulnerability, they fix it. In this case, when Apple identifies the vulnerability, will the FBI allow them to fix it? Or would the FBI prefer that Apple have a responsibility to "maintain" the vulnerability and ensure it remains exploitable?

draw_down 9 hours ago 0 replies      
This seems a bit more complicated than simply saying they made a mistake, though. If they didn't do this, someone who knew the password could have wiped the backups or changed other info, and then everyone would be yelling at the FBI for not having the employer change the password. So it's a choice between potentially leaving the device/backups open to tampering, and whatever the hell the situation is now.
eridius 10 hours ago 2 replies      
Anyone have a non-paywalled version? Going through Google isn't bypassing the paywall.
cdellin 3 hours ago 0 replies      
I'm as strong a supporter of a citizen's right to encryption as anyone, but I actually think that Mr. Comey's testimony was accurate and forthright, and his framing of the issue of encryption as it relates to the capabilities of law enforcement was appropriate and well-reasoned.
How to Deploy Software zachholman.com
375 points by jmduke  13 hours ago   115 comments top 16
lucaspiller 12 hours ago 11 replies      
One thing this glances over is that you should have something monitoring your production systems to make sure that they are running correctly.

To start with get something to monitor errors/exceptions and email you. To name a few services:



https://github.com/errbit/errbit can be hosted on Heroku for free)

Also make sure that you have accessible logs that log useful information (timestamps, the user making the request, unique request ID). Then use syslog or a SaaS service to aggregate logs from all servers in one place, and keep them for as long as you can.

paulstovell 5 hours ago 1 reply      
I really enjoyed this article. As an industry, when it comes to something essential like source control, we seem to have converged to a common set of practices and workflows. Deployment is arguably just as important, but I think the practices are very different on different teams. This article is like a more practical version of Continuous Delivery.

Three areas that I think would have been worth including:

1. Pre-production.

You deploy to test & other pre-prod environments more often than prod. They should use the same scripts/tools/processes as production deployments, only with different permissions.

2. Configuration.

Test and production environments will always have different config settings, so no team will ever be able to deploy to more than one environment without encountering this problem. I think there's still an open question around whether those configuration settings should live in the same source control as the code, in a different source control repository, or a dedicated system. Source control systems and sensitive values (passwords, API keys, etc.) don't always mix.

3. Build your binaries once.

The article is more focussed on dynamic languages, but for compiled languages, I think this is important. If you branch, compile, deploy to test, test it, get the all clear, then compile again and deploy to production, there's a lot of opportunity for differences between what you tested and what goes to production to sneak in.

In fact even for dynamic languages, this might be a valuable practice. What if the JS minifier on one build server is different to another, and the deployed script ends up being different in production to what was tested.

Disclaimer: I'm the founder of Octopus Deploy, and these practices might be biased towards enterprisey .NET/on-premises deployments rather than cloud hosted, dynamic language projects.

kelvin0 10 hours ago 6 replies      
In theory, feature flags seem like a good idea. Until you reach a point where too many flags become difficult to test in an exponential tree of combinations. Also, it demands tight discipline to make sure each new flag properly isolates some new feature ... Has someone had success with this idea, and be able to 'tame' an explosion of flags in their codebase? really curious
blowski 12 hours ago 8 replies      
> Deploying major new features to production should be as easy as starting a flamewar on Hacker News about spaces versus tabs

Great writing. Spaces all the way.

rb808 11 hours ago 3 replies      
Does anyone else work on systems that take 3 hours to back up the DB, an hour to deploy, 1 hour to start up and a few hours for users to check out functionality before business opens on Monday? No to mention the federal regulations about what paperwork is required and who can even access production. Maybe I'm in the wrong site.
ngrilly 12 hours ago 3 replies      
The post is interesting, but it doesn't mention two major difficulties: zero downtime deploys and database migrations.
UK-AL 10 hours ago 1 reply      
We have something similar. But I don't like branches, I prefer single trunk development(generally agree with Martin fowler) + feature switches to isolate wip features. We store all binaries built. so we just roll back to the previous binary, which is a single button click for us.
doublerebel 6 hours ago 2 replies      
I wish native Nodejs deployment was a solved problem, but there really is no comprehensive and universally used tool for deploying Nodejs using Nodejs. ShipIt mentioned in the article is barely a year old, it has a short featurelist and short list of users. PM2 (Keymetrics) is not bad but is buggy, also they seem a bit overwhelmed at the moment. Flightplan is decent but the syntax is more awkward than ShipIt. Every other common language has a stable deployment tool besides Nodejs.

I ended up going with Distelli, it's a SaaS but it's fantastic. These days deploys often involve more than just one app or language, and I really prefer a tool that can ship anything. Also, having a GUI to see deployment statuses is invaluable. With those requirements none of the Nodejs tools can stand up to the other, more mature utilities. And rather than have to write all my deploy logic in another language, I just purchase the service.

platz 5 hours ago 2 replies      
Why worry about what is on master, if you save your build artifacts. so that if you need to go back to a the previous behavior, just redeploy the previous productuon build output
oebs 10 hours ago 0 replies      
Thanks for the writeup - very helpful. It's always good to get a view of how others are solving the same problems oneself has.

That said, the article does come off a bit as trying to be authoritative, but at the same time it doesn't leave enough room for possibilities where alternative approaches may have merit as well (i.e. "this is how to do it" vs. "what worked well for us, ymmv").Newbies that read this article will think that the principles described are the canonical way and even try and apply them in scenarios where alternatives may prove superior.

Other than that, a lot of good advice, well done!

richardwhiuk 6 hours ago 0 replies      
The title of the article was "How to Deploy Software", but almost all of the advice only works for server side software where you have total control over the deployment environment.

I'd be much more interested to learn about how people develop mobile and web apps, where feature flags are far less useful as you need to push the entire app to the AppStore, so your iteration time is much slower.

datr 10 hours ago 3 replies      
I'd be interested in hearing people's thoughts on deploying feature branches to production before merging them. I've generally followed more of a git-flow approach [1]. This seems to have the advantage that multiple feature branches can be grouped and deployed together - thus, avoiding the problem in the article of the deploy queue becoming a bottle neck.

[1] http://nvie.com/posts/a-successful-git-branching-model/#crea...

pippy 6 hours ago 0 replies      
I use deploynaut as my deploying tool, and I have to say it's made the process much smoother. Previously I'd simply use git to update a code base or sql workbench/pgadmin to update a database.
microcolonel 1 hour ago 0 replies      
The body text in this article is illegibly thin, please consider moving to weight 600 so that people can read your text. You've worked hard to write it, now it is time for people to read it. :-
gandhineil 4 hours ago 0 replies      
shoutout to sublime for development
my5thaccount 11 hours ago 0 replies      
I just double-click a command file on my desktop and I'm done.
The collective insanity of the publishing industry genedoucette.me
127 points by suraj  7 hours ago   49 comments top 12
kevinr 5 hours ago 6 replies      
I have a small pile of friends in publishing, so I'll take this from the other side. The reasons for the publishers' apparent insanity are:

* Contrary to popular belief, physical production is NOT the single largest part of a book's cost. In fact, even before ebooks, the cost of paper and ink and shipping was actually a pretty negligible part of the final cost.

Most of the cost of a book is the highly-skilled labor involved (writing, editing, copyediting, proofreading, designing, typesetting, marketing, selling) and these critically don't go away or even get much cheaper in an electronic world. Even ebooks need specialized design and typesetting, and I have some examples which did not get that love which will make your eyes bleed if you don't believe me.

Salaries in publishing have for decades been nosing around the minimum the market will bear---as just one example, freelance proofreaders get paid a penny per word; the good ones get two. Many freelance proofreaders are also editors, copyeditors, and authors in their own right, and hustle their asses off to make incomes that, coming from tech, we wouldn't consider starvation wages.

* Price is an important signalling mechanism, and so---given the costs of book production---it's important to the publishers not to drive the perceived fair cost of books down below, no matter whether Amazon is currently subsidizing that or not.

dcw303 5 hours ago 3 replies      
> The sales that would go to that $15.99 book are going to lower-priced books from indie authors and self-published authors, like me.

> They actually proved the consumer will buy the cheaper option, but okay

I find it alarming that an indie author does not seem to be concerned with cheap product flooding the market. Amazon's attempts to lower barriers to entry means more aspiring authors competing for a piece of the pie. Look at how the race to the bottom in the App Store is destroying indie iPhone developers.

Booktrope 5 hours ago 0 replies      
The comments to this post are really interesting - one comment claims that (according to an agent) agency pricing was Amazon's idea, not the big 5, even though, the big 5 very publicly insisted on agency pricing. It's really absurd. Of course, agency pricing for ebooks was first pushed by Apple, part of what got them and the big publishers in trouble for antitrust conspiracy (when the publishers agreed to withhold books from Amazon if Amazon kept discounting)

The the comments about Amazon and publishing, Amazon has a very major publishing operation (called, suprise!, Amazon Publishing). It's grabbing market share very quickly. If you want information about this check authorearnings.com (which provides industry sales estimates that include self-publishing) Of course the big story in the publishing business is that self-publishing is rapidly eclipsing traditional publishers in the ebook space.

Amazon is not only doing Netflix for books. It's doing Netflix for film and TV. The big competitor to Netflix is not any network or studio -- it's Amazon.

kitsune_ 47 minutes ago 0 replies      
Hachette isn't stupid. Amazon has a publishing arm, and of course, more importantly, has the Kindle. By lowering the prices Amazon gets people to buy into their eco-system . As a publisher you don't want a single distrubutor controlling your market.
jay_kyburz 2 hours ago 2 replies      
I'm often laughed at when I suggest it, but I think the publishing world needs to look at what's happening with free to play games.

You remove the barrier to entry so that as many people as possible will try your product (free).

You identify those people who really enjoy your book and want to consume more of the same.

You provide them with so much content that they can spend as must as they like.

It's not unreasonable for people to spend 100's of dollars a month enjoying their favorite pastimes.

Why put a $15 cap on it per book.

deegles 1 hour ago 0 replies      
If Amazon really wanted to twist the knife, they would look into making the first-sale doctrine apply to ebooks. They might have to limit it to Kindle-to-Kindle sales at first, but Amazon would be able to take a cut of every book transfer in perpetuity.

My guess is that it would drive authors into services like Kindle Unlimited, since they would be able to create a long-term income stream unlike physical books or non-transferrable ebooks.

chrisseaton 5 hours ago 1 reply      
> Often, the prices were higher than the price of the print edition, which is just fundamentally insane.

Why is this insane? An ebook has more value to me than the print one as it's more convenient. Since it has more value to me I'm prepared to pay more.

The physical copy could be free and I'd still pay to get the ebook instead in most cases.

Pxtl 6 hours ago 3 replies      
I'm surprised Amazon hasnt gone into publishing. Get some big name authors on board, pick up some classics, etc. Do Netflix.
lenepp 6 hours ago 0 replies      
What a great piece. The point about how the big publishers have more control over printed books gets to the heart of the matter.
muddi900 3 hours ago 0 replies      
The publishing industry did this before by colluding with Apple. Had to settle out of court with DoJ over it.
petra 5 hours ago 0 replies      
If the ebooks many want to read are expensive electronically, maybe many won't buy a kindle, but still buy the printed books ? And without a kindle, they won't buy cheaper books from the competition ?

And maybe this will slow Amazon's success for a few profitable years, more profitable than current loses ? And maybe by that time the publishers will find an ebook strategy that will work(hard to believe, but maybe).

Also,let's look on the other side - what happens if ebooks fully kill print ? can publishing even make money in such state of affairs ?

officialchicken 5 hours ago 0 replies      
> Guess who saw an uptick in print sales in 2015?


".ist" domain extension nic.ist
17 points by ecil  1 hour ago   21 comments top 9
factorfractal 13 minutes ago 1 reply      
pilif 48 minutes ago 2 replies      
"ist" also is the third person singular conjugation of the german verb equivalent to the english "to be", allowing you to spell stuff like


knwr 20 minutes ago 0 replies      
http://todoist.com must quickly snap up http://todo.ist (which I'm sure they will).
djhn 1 hour ago 3 replies      
This is an extension ripe for phonetic use - does this document say anything regarding limitations to registration outside of Istanbul or Turkey?
Pirate-of-SV 9 minutes ago 0 replies      
My first reaction was [I]slamic [St]ate? Guess that would have been too controversial.
Djnaut 59 minutes ago 1 reply      
edent 1 hour ago 1 reply      
1st? Ist? lst?
frandroid 1 hour ago 0 replies      
Ive Had a Cyberstalker Since I Was 12 backchannel.com
135 points by nols  6 hours ago   98 comments top 15
shalmanese 4 hours ago 4 replies      
There's a moment in the pilot of The Unbreakable Kimmy Schmidt where the women are rescued from the bunker and put on a daytime talk show and Matt Lauer asks one of the women how she ended up in the bunker:

"I had waited on Reverend Richard at a York Steak House I worked at, and one night he invited me out to his car to see some baby rabbits, and I didnt want to be rude, so here we are."

And Matt Lauer responds: "Im always amazed by what women will do because theyre afraid of being rude"

It's often hard for men to understand the societal pressure placed on women to be accommodating and not be rude and how this can be manipulated to constrain female agency in the world.

btilly 3 hours ago 1 reply      
Yeah, it sucks, but no surprise. Stalking is an old, old problem. And the police won't do anything until it turns violent. You can stalk normal people, movie stars, business people - pretty much anyone other than a psychiatrist. (It turns out that psychiatrists have a really easy time getting their stalkers committed to insane asylums.)

I know a woman who owns nothing in her own name, changes her phone number frequently, and whose own family often does not know how to reach her. All to make it harder for her stalker to keep tracking her down. When she acquired the stalker she was high profile so the FBI actually did send someone to give her advice. The advice was basically that she was screwed, how to best hide, and to get trained guard dogs.

I wish I was joking.

nowarninglabel 5 hours ago 3 replies      
"When I got a Facebook account in 2006 he found me again and, not wanting to be rude, I accepted his friend request."

It's hard to understand why, having previously already blocked this person elsewhere, they would accept a friend request from them. I suppose now, 10 years later, one can hope that people exact greater control over their online social networks.

Mithaldu 5 hours ago 3 replies      
End result: The thing resolved itself, likely because someone else sued her stalker.

I have to wonder though: If her local police was ignorant of actual laws applying to her case, as she indicated, couldn't she just tell the officers under which exact laws she is making a complaint?

Further, if the local police is generally ignorant and incompetent, what would her chances for success be in using a lawyer to try and identify appropiate channels and contacting them?

rl3 1 hour ago 1 reply      
>I was never physically afraid of Danny and never will be.

I would be. Danny clearly has more than a few screws loose.

meowface 4 hours ago 2 replies      
While this must have no doubt been a horrid experience, I can see why the cops would not have considered it worthy of launching a criminal investigation.

This is a perfect case for civil law: causing emotional distress, harassment, defamation, etc. You should attempt to sue him and get a no-contact order if you can.

cplease 4 hours ago 1 reply      
Okay, so this creep's behavior pretty clearly rises to the level of harassment at a minimum.

But legally the FIRST thing to do with a stalker or harasser is to TELL them unequivocally that you want NO further contact. Preferably document in writing; in New York, you can record conversations that you are party to. At this point further unwanted contact becomes more clearly a criminal matter.

Too often, those on the receiving end ignore or laugh off bad behavior. This is natural enough, but unless someone is clearly threatening, if they haven't been told unequivocally to stop all further contact, then they can always argue, sincerely or not, that they didn't know their contact was unwelcome. Or that in any event they were free to continue their advances.

The closest the author explicitly posts is "I caved and sent him a message asking him to please stop messaging me so much or Id block him." That is unlikely enough to suffice as "clearly informed to cease that conduct." All it would take is a message saying "never contact me again." Period, full stop. Better yet, add "or I will report you to police." At that point, further contact is actionable, criminal harassment.

That being said, much of this cyberstalker's behavior is independently harassing, e.g. forged emails to friends etc. But putting someone on notice is a first step to protecting yourself. It is premature to go to police to say, "X is bothering me, I'm not afraid of him and I haven't told him firmly to go away, but I really want him to go away." If someone isn't in any way actually putting you in fear, and all that is involved is unwanted communications/nonphysical contact, then it's on you to first tell him to go away before involving police. Then if he won't, you have an unambiguous complaint.

Edit: The author does also describe some poor policing. Good community-oriented policing centers around mediation. Ideally the police in this situation would not simply say "it's not a crime" and make the complainant feel helpless and ignored, but would try to solve help solve the problem. Specifically by taking a report and offering to communicate to the person that all further contact is unwelcome and may lead to a criminal complaint, and documenting this. This type of approach is likely to help bring an end to the behavior, or in the alternative lay a foundation for a future, actionable criminal complaint. In the best case, behavior improves, complainant can move on with her life, police don't have to deal with future complaints, everybody wins. Sadly many departments just don't want to get involved or have the resources to deal with community mediation, even if it pays for itself over time.

fiatmoney 5 hours ago 4 replies      
Most of these amount to libel, at worst. File suit.

There are excellent reasons for police to be uninvolved in what amounts to people saying mean things, even if those mean things are directed at your employer or friends.

arbre 5 hours ago 1 reply      
There should be laws against this. A judge should be able to tell when a behavior is harassment, and forbid the harasser from contacting the person again with more severe charges if he does again.
DanielDent 1 hour ago 0 replies      
Is it weird that when I saw the article title, I thought it was going to be about the NSA?
chris_wot 3 hours ago 0 replies      
I know this is entirely inadequate, but what about suing for defamation?

The police, I fear, want to start getting a bit more proactive. When someone is able to get away with sabotaging someone else's life with complete impunity from authorities, a lot of people take actions in their own hands.

st3v3r 4 hours ago 2 replies      
Honestly, this guy needs to be thrown away in a cell and forgotten about. He clearly is not willing to stop on his own, and, quite frankly, I can't see him stopping for anything other than being locked away.
brandonmenc 5 hours ago 4 replies      
Seems like a great opportunity for a company that "bounty hunts" cyberstalkers - tracks them down then physically intimidates them for you.
dsfyu404ed 2 hours ago 0 replies      
So this woman is unlucky enough to both be the target of a persistent stalker and persistent stalker who manages to stay withing the letter of the law while being incredibly annoying. Big deal, people get struck with lightening and bitten by sharks from time to time too. She just happens to be able to write about her bad luck in a particular corner of the internet that gets more than nil for traffic.

Sure it probably freaks her out a lot (and rightfully so) but did she really expect any authority to be able to take action on that basis. Think of the kinds of shit that would hit the fan if "distasteful behavior that freaks others out" was enough to get someone arrested (and all the life ruining things that go with it).

sandworm101 4 hours ago 0 replies      
Am I the only one who thinks this sounds a little too perfect? A totally sympathetic female victim, the evil older male, the dismissive male police force ... it reads like a movie. I'm probably too jaded by such stories on the internet, but if she was in my office I would probably have a few questions. Of course if she was in my office then it would be far more than a story I read on the internet.
Slack will soon start testing voice and video chat techcrunch.com
121 points by coloneltcb  9 hours ago   65 comments top 18
my5thaccount 1 hour ago 2 replies      
I wish slack would concentrate on making the app more productive for teams to work together remotely. We can type fast enough, in fact, hackernews tells me I'm typing too fast.

The problem is organizing and collecting the information and ensuring it is useful later, rather than just during the 5 minutes. Let users break a chat message out into a threaded discussion for example. We already have plenty of voice and video chat options, we can just pick up a phone. Those things are ephemeral. Text is forever. Let's keep more of that so we can use it to further the business objectives.

Ensorceled 6 hours ago 7 replies      
We abandoned hipchat because the latest app was horrible; constant signouts, lost configurations, sso issues.

Skype is also a mess right now; with chat application bugs, UX issues (why does the freakin' mute button move around) calls that can't be joined or start cyloning, participants are suddenly dropped mid call. Throw in the spying allegations ...

Hangouts is great for video but is a really clunky experience otherwise.

With everbody dropping the ball, there certainly is room for Slack to come in and take control of this space.

fensterblick 15 minutes ago 0 replies      
If they can do this right, they will get a lot more customers.

Right now we use Lync/Skype for communication, which I loathe almost as much as Lotus Notes. This sentiment is shared by many. Slack usage has organically grown (as a reaction to the failings of Lync) and I can envision Slack displacing Lync in many companies.

hans 4 hours ago 2 replies      
Slack for us just turns into meaningless giphy stream of consciousness for every channel, crazy town.
rocky1138 6 hours ago 2 replies      
Am I the only one who feels like they should stick with what they're good at? Don't add too many features, bells, and whistles. Just keep building the core product.
Mandatum 8 hours ago 1 reply      
This has been in the pipeline since they bought Screenhero. I think they're just fully integrating it now.
spearo77 7 hours ago 1 reply      
Are the "dips" in the chart[0] where corporate customers are on vacation?

[0]: https://tctechcrunch2011.files.wordpress.com/2016/03/slack-g...

kdkooo 5 hours ago 1 reply      
I'm surprised there hasn't been more of an emphasis on creating better dashboard. One of the biggest hang-ups I experience as a user is it's too difficult to find and keep windows open for every team that I'm on that has it's own slack address. If I could sign in once and see all of the teams I'm on in one place I would be much more inclined to keep a slack tab open in my browser all the time.
bmh_ca 5 hours ago 1 reply      
We've had good luck with appear.in.

The command `/appear` is even built-in to slack.

That makes me curious about what their relationship is.

shmerl 4 hours ago 0 replies      
It's a sad feeling that no one is working on open standard for this. XMPP/Jingle has hard time getting traction.
richerlariviere 2 hours ago 0 replies      
Communication is not productivity. That's it. It can helps but it is not the same scope.
atom_enger 6 hours ago 1 reply      
I'm still convinced that Hipchat was bought by Slack and the Hipchat horribleness lately is the Slack migration plan. The new client is just terrible. I asked a coworker to zip up their HipChat.app so I could revert back to a state of somewhat stability. Hopefully someone who works at Atlassian is reading this and will read: We just need to chat. I miss whatever happened to the HipChat of 2013/2014.
sniuff 7 hours ago 0 replies      
What they also really need is being able to manage all slack servers you are in. Something like what discord has.
soupbowl 6 hours ago 0 replies      
I replaced irc and slack for my group with a self hosted http://matrix.org

Our only complaint is no desktop client, but the web and phone clients make up for it.

macspoofing 5 hours ago 0 replies      
They should. Makes a ton of sense.
Laaw 1 hour ago 0 replies      
Slack has (had) some very serious security problems.

So does Skype though, so whatever.

api 7 hours ago 1 reply      
I wonder if they will do p2p video chat... since Skype abandoned p2p the quality is notably awful.
zootam 8 hours ago 0 replies      
i'm not surprised
The Sign Up with Google Mistake You Can't Fix maltheborch.com
275 points by mborch  13 hours ago   132 comments top 20
Johnie 12 hours ago 10 replies      
OAuth (Google Sign In / Facebook Login) is a pretty good technology in order to manage and share your information. What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed.

What is truly scary is that the banks and financial institutions have not implemented OAuth. Currently, financial data is provided to third party apps via aggregators, like Plaid and Yodlee.

Unlike OAuth, once you log into your bank with a third party app, they get an access token that allows access to your account indefinitely. There is no mechanism to monitor which apps have access to your account and ability to revoke the access to individual apps.

I posted about this a while back: https://medium.com/@johnie/let-my-financial-data-free-74f3b7...

fixermark 12 hours ago 7 replies      
"Fleep would like to:"

- View and manage your mail

(click the "info" icon)

More info


View, manage, and permanently delete your mail in Gmail

Create, update, and delete labels

Compose and send new email

View your settings (e.g., filters and labels)

- - -

Okay. So the author is saying that the user cannot be trusted to read dialog boxes or click "more info" on a process they don't understand. Which, if that's the case, I guess the user can't be trusted to connect Gmail to anything. That's an unfortunately wide swath of usability that would have to be categorically disallowed if the problem is that Google allows this "At all."

smarx007 12 hours ago 0 replies      
Fleep is a European (Estonian) company. Just mail them (https://fleep.io/privacy, 9) and they should be decent enough to terminate your account altogether. I had quite a good experience with them, their CEO responded to my Fleep messages (nice example of dogfooding), though haven't used it for a while now.
calcsam 13 hours ago 3 replies      
If you realize it immediately after, you can cancel the OAuth authorization you granted, before they grab your data:


xenophonf 13 hours ago 1 reply      
I build federated IAM infrastructure at work, and one of the hardest problems we have is informed consent around attribute release. Users don't necessarily understand what they're releasing, developers don't necessarily understand what they're asking for, and there isn't a way to fake attribute release under the user's control (for those cases where you might still want to use a web app but not give it the carte blanche access it's asking for). It gets even more complicated when using social networks as identity providers of last resort. I---along with my employer---am very privacy conscious, so I really, really don't want to ask for any information I don't absolutely have to have.

I try to mitigate this personally by creating multiple Google Accounts, but it isn't foolproof---plus, not every social network lets you do that.

Someone1234 11 hours ago 1 reply      
> the bigger problem here lies with how Google makes this possible: At all

Sorry but it is MY information and I should be able to do with it as I please. If Google removes the ability to extract it all to a third party then you're locked into Google forever. Removing the ability because some people aren't responsible isn't a good argument.

taurath 10 hours ago 0 replies      
This is truly a big deal, and also effects Android. The system of "privacy checking" doesn't work when the consumer has almost zero information about how they will actually use the information. Its a binary "give access to everything" or "you can't use this app" which creates an arms race. App updates can then ask for more and more permissions. More importantly, even a misclick can easily give access rights away to your entire email inbox, phone contacts, call history or any other information you might consider private.
tobyjsullivan 10 hours ago 1 reply      
I can't agree with this author - at least their argument that "the bigger problem here lies with how Google makes this possible: 1) At all..."

If this wasn't possible at all, this product couldn't exist in it's current form. And clearly, at some point, the author saw value in this product enough to give it a shot.

Do I agree Google should make it extra clear when you are signing over permission for unusually liberal access to your data? Absolutely.

Gratsby 12 hours ago 1 reply      
Taking advantage of end user provided permissions seems to be the norm instead of the exception.

A few scandals have risen because of it. I remember a popular "free" calculator app that was sending GPS data.

Oddly, most people don't seem to care. They'd rather give up their entire picture collection than spend $2 on a permissions restricted app.

Having more fine-grained restrictions than we already do won't solve the problem. Most people will simply accept the default "give this application permissions to do everything" right out of the gate. I'd be surprised if even close to 5% of the people on facebook have reviewed the applications they've given permission to in the last 12 months.

dredmorbius 8 hours ago 0 replies      
The mistake was not "all yours", and Fleep (and Google) are failing to disclose how, when, where, and most importantly, why data are being used.

Quite arguably, Fleep gained access to data you held which was not yours to provide -- email content and contact information for those with whom you've corresponded.

This is among the reasons I'm increasingly limiting my use of electronic communications at all. The risks, reality, frequency, control, and disclosure of such cases is simply too high a negative to utilise them.

Yes, this means that I not only don't carry a smartphone, but by and large don't carry a mobile phone at all -- a regression to pre-2000 states of comms.

This is a case of race-to-the-bottom behavior, and bad (or simply grossly incompetent) actor behavior poisoning the well for all.

It's an exceptionally strong argument to replace, as rapidly as possible, the present set of hosted online services with privately provisioned ones. Sandstorm.io, FreedomBox, and similar concepts can't hit prime time too soon.

If Google knows what's good for it, it should support this as well. Its choices are having some access to user time and committment, or none.

(Google's previous behaviors mean I've largely left it behind for its namesake service. I interact with it principally through pseudonymous accounts, though I'm aware these offer fairly thin protections against a determined actor.)

As Cory Doctorow has said, data are the radioactive waste of the current age. My formulation is that data are liability.

Overreaching privacy-invading tools are bad news waiting to happen.

rmetzler 12 hours ago 0 replies      
Reading the title I thought it was about the GMail address which you can't change afterwards. I regret not getting my real name in my early twenties.
Chefkoochooloo 13 hours ago 1 reply      
Wow, information is coming at an insane cost. Why do companies have to be so incredibly sneaky when trying to gather your digital information? There really needs to be laws put in place. Technology is growing at too fast a pace and we need laws in place to protect our privacy.
codeulike 9 hours ago 1 reply      
Google Mistake is such a good name for a product. Not sure what it would do, but it's a good name.
wdr1 11 hours ago 1 reply      
When he says Google shouldn't make this possible at all, I'm not sure what he's asking for?

Isn't the alternative basically vendor lock-in?

Or that this would mean disabling things like IMAP & POP?

Fleep sounds like a shitty service from the description, but at some point user's need to take responsibility for their actions, no?

CrystalGamma 12 hours ago 0 replies      
only applies to GMail users. And here I thought this was relevant for me. I was almost shocked on reading the title.
ishener 10 hours ago 0 replies      
It's an app to manage your emails. What did you expect for christ's sake?
pinkunicorn 12 hours ago 1 reply      
This is exactly why I change email addresses every 1/2 years. I've forwarding setup from 3 of my old addresses to my current address and for all financial transactions I only use my current email address.
boto3 13 hours ago 1 reply      
This is insane. I have Google/FB test accounts that I use to try out new products. I am now inclined to set up offline mail to make sure that my emails are not readily available to anyone but me. Of course Google still archives my removed emails but I think their policy is to remove them after a certain period. Can someone at Google confirm?
mattbgates 10 hours ago 0 replies      
Zigurd 11 hours ago 1 reply      
The only way to really fix it is either...

1. Don't allow 3rd party mail apps

2. Encrypt mail and provide open, verifiable clients and open server protocols.

Google make only a little money from my GMail account. I'd gladly pay them twice that for a strongly encrypted email system that provides infrastructure for key exchange with a web of trust.

Mozilla's Connected Devices Innovation Process: Four Projects Move Forward mozilla.org
43 points by cpeterso  5 hours ago   5 comments top 2
Animats 2 hours ago 1 reply      
Huh? They just dropped Firefox OS and Persona, their authentication system, and now they want to get into the "Internet of Things"? It would have made more sense if they'd used their authentication technology to allow devices to link up in a mutually mistrustful way.
kibwen 3 hours ago 2 replies      
I'm excited to see Mozilla's experiments in the IoT space, but I'm a bit unclear on the exact nature of the projects being undertaken here. For example, is the software here intended to act as a proxy between connected devices and your access point, possibly via flashing your router?

I'm also curious if Mozilla is building in automatic updates in all of this software from the ground-up, seeing as how that appears to be the fundamental weakness of everything related to the IoT.

Golang dev.ssa branch merged into tip github.com
23 points by signa11  3 hours ago   7 comments top
goldfire 2 hours ago 2 replies      
So... not been closely following development on Go. What does this mean?
SurveyMonkey to Lay Off 100 and Retool Business Product recode.net
91 points by coloneltcb  9 hours ago   53 comments top 13
courtf 8 hours ago 3 replies      
Worked there from 2007-2010, through the sale etc. I had no idea they were up to 750 employees, and can't guess why they've gotten so big. There were 10-15 employees, 2 engineers in 2008 and that company was printing its own money, lots of it. I'm sure revenue is much higher today, but that profit amount isn't a big jump from where the company was headed pre-buyout, on momentum alone. Really have to wonder what they are spending it all on (besides payroll tax).
jzymbaluk 8 hours ago 1 reply      
I'm honestly kind of surprised SurveyMonkey had over 100 employees to begin with. I always thought of SurveyMonkey as a more fully featured version of something like http://strawpoll.me/ with more analytical features and such. I never would have expected them to be a company of nearly 1000 employees.
zbuf 7 hours ago 2 replies      
Not calling it "SurveyMonkey" would be a good start for a business product.

For me, and when I try to put myself in others' shoes, I find it hard to see how a professional organisation linking to "SurveyMonkey" can do anything but create a negative impression. The product seems good, I'm just surprised the name has lasted this long.

Does the name stick because the brand recognition is stronger than the features -- when compared to competitors? What happens when a name like this has "stuck"?

petercooper 9 hours ago 2 replies      
Founded in 1999, SurveyMonkey is valued at $2 billion

Given the stated revenue of $200M and the recent atmosphere around SaaS multiples, is a 10x valuation realistic here? (I'm not throwing shade - genuine semi-nave question.)

malz 3 hours ago 0 replies      
Recently signed a deal for 210,000 square feet of office space, 4x the size of their University Ave space just a year after they moved in with a $6.6 mil/year lease.


AlexWest 9 hours ago 0 replies      
"The cuts amount to about 13 percent of SurveyMonkeys workforce of about 750. The cuts were made primarily among the sales team devoted to SurveyMonkey for Business."
carleverett 8 hours ago 2 replies      
I was surprised to see that Google Capital is an investor in SurveyMonkey - Google Consumer Surveys is a direct competitor:

March 2012 - Google launches GCS

January 2013 - Google invests in SurveyMonkey

Is it common for Google to invest in competitors? Why would they do this?

halite 7 hours ago 0 replies      
Actually not too surprised. The customer service of SurveyMonkey (and Fluid Survey that they acquired recently) is of D grade now. Getting some rudimentary information about service and internals took years. Now we are looking for other tools as my work publishes few surveys everyday. Their product has not changed in years and seems likes company is confused about the future direction.
1123581321 8 hours ago 0 replies      
Does anyone know if this is something Dave Goldberg opposed and has finally gone through?
meshko 3 hours ago 1 reply      
How can that company have more than 100 employees i don't understand.
throwaway_xx9 7 hours ago 1 reply      
They've discussed moving from Palo Alto to Menlo Park, so the layoff may be related to that.
DrFunke 6 hours ago 0 replies      
Oh, god. My sister was literally hired last week...
capitan_picard 6 hours ago 0 replies      
i've heard there is a lot of "(re)invented here" syndrome in engineering at surveymonkey. if so, that's a shame
UK government pushing ahead with surveillance powers bill techcrunch.com
87 points by stanislavb  11 hours ago   24 comments top 6
tanv_nadkarni 7 hours ago 0 replies      
One of the dubious Indian journalist (who is above 70 years old) was caught (and on camera) soliciting sex for a minor and luring her into meeting him. It made a big news and I almost assumed the guy would be done for good. Turn out not only the guy got out quietly but continues to write in newspapers preaching morality to others. I tried a lot of figure out how he might have escaped the law but I cant.

I am giving this example only to show that when the British government cant enforce existing laws using available evidence, you cant expect them to dig up anything new with more powers.

It is something Mahatma Gandhi pointed out years ago about the British. In one of this Satyagrahas related to Champaran farmers, Gandhiji's modest and only demand was that the British must only acknowledge that there is a problem which needs to be solved. According to Gandhiji's colonial power's unwillingness to even show empathy to people means they are essentially uninterested in the helping people with their problems.

Law of Karma I guess.

[1] http://timesofindia.indiatimes.com/nri/other-news/Indian-ori...[2] http://www.tribuneindia.com/news/comment/death-of-liberalism...

sandworm101 4 hours ago 0 replies      
Part of me wants to say 'bring it on'. I once said to a copyright lobbyist that I think applies here: "Don't try to out-internet kids". Allowing police to hack into computers will start a war between law abiding citizens and police hackers. The cops cannot win that fight. Everyone will mobilize against them. Their malware will be studied and published across the planet. And it will certainly help push people away from proprietary systems in favour of f/oss.
infodroid 8 hours ago 1 reply      
Gotta love the BBC Headline currently on the home page: "Surveillance law: Revised bill adds privacy safeguards".
ianopolous 8 hours ago 1 reply      
They're endurance predators, they just don't give up.
id122015 9 hours ago 0 replies      
As I've read today in The Telegraph, when a man is assaulted on the street UK police seek our help to identify the gang members who commited the crime. When travelling by Underground we are reminded constantly to report suspicious behavior. We are aware that today a handful of minority men police over the majority, as Noam Chomsky has put it.But we know that policing is a costly activity, and can observe how the animals around us distribute the cost of policing to the whole swarm. One day we will study Chomsky at history class and admit that we, all the other men, are part of the police without requiring to wear a suit. And will stop this game of minority ruling over the majority. Because its us the other men that you the Government seek help from when the actual police shows their weaknesses in solving problems.
JupiterMoon 9 hours ago 2 replies      
I've given up fighting this. I'm at a stage now where I think that things need to get worse before British people understand how dangerous these powers are.
       cached 2 March 2016 08:02:01 GMT