hacker news with inline top comments    .. more ..    8 Sep 2016 News
home   ask   best   2 years ago   
Sophisticated OS X Backdoor Discovered securelist.com
113 points by cyphersanctus  1 ago   48 comments top 12
vemv 39 ago 3 replies      
Is 'backdoor' the correct term if the vulnerability does not originate from Apple?
drinchev 46 ago 1 reply      
Can someone explain how the vicim gets infected?

As far as I can read from the article they discuss what happens if you are infected.

Also, isn't running binary files on OS X from let's say "Finder" automatically triggers Security alert ( like App-vendor lock )?

commentzz 22 ago 1 reply      
I feel the use of 'backdoor' here is misleading.

The software described would usually be classified as an Advanced Persistent Threat [1] or Rootkit [2]Backdoor [3] usually refers to methods to sidestep authentication added by the vendor.

 1: https://en.wikipedia.org/wiki/Advanced_persistent_threat 2: https://en.wikipedia.org/wiki/Rootkit 3: https://en.wikipedia.org/wiki/Backdoor_(computing)

bink 22 ago 0 replies      
What is it that makes this malware sophisticated? I didn't see anything about rootkits or process hiding / obfuscation. Is it not just a simple daemon that can be configured to monitor audio/video/keyboard and send the results back via an encrypted connection?
epistasis 1 ago 1 reply      
Really interesting to see a cross-platform malware with audio and video support; a lot of non-malware has difficulty with that.
chadlavi 29 ago 2 replies      
Okay, but no information on what to do about it, or how to protect against it.
throwanem 4 ago 0 replies      
I like how the images all jump a centimeter to the left on mouseover! Makes the page feel exciting.
Mizza 1 ago 4 replies      
Are video captures actually possible? I could imagine video capture as part of a RAT, but what scares me is the idea of video capture that doesn't turn on the camera activity light. Are there any examples of that?
saosebastiao 24 ago 2 replies      
Is there any diagnostic tool out there to determine if you've been infected?
toyg 13 ago 1 reply      
That list of directories is really weird. On my machine, none of them exists, neither in ~/Library nor /Library. And I do run most of that software (Dropbox, Skype, Firefox, Chrome in the past...).

Either the malware targeted very old versions of such software and/or OSX, or somebody between the malware author and the blog writer f###ed up.

jesalg 41 ago 1 reply      
This sounds a lot like the zero-day exploit used in the show Mr.Robot. Life imitating art.
yuja_wang 52 ago 4 replies      
I thought MacOS was "Secure By Design". This is what Apple states in their official product descriptions.

In fact, it says it on this current page:


"Because OS X is secure by design, theres no need for IT to install additional tools or lock down functionality for employees. And with an automated zero-touch deployment process, they dont even have to open the box."

Introducing Ask a Female Engineer themacro.com
62 points by cbcowans  1 ago   34 comments top 10
houselouse 13 ago 4 replies      
> Invite women you work with for coffee

No chance of this being misinterpreted.

 Invite women you work with for coffee and ask what they like or dislike about their day-to-day. If they mention concerns or problems theyre having, ask if theres any way you could help make it better.

tomc1985 0 ago 0 replies      
The more attention you draw on diversity, the less diversity you receive. Diversity is supposed to be impartial tolerant, yet it seems the prescribed approach is to carve out separate "spaces" for different feelings and situations.

True diversity is complete and utter impartiality. Why are we focusing on all these useless, pretty, inspirational solutions (interviews, diversity name-and-shame, putting females in a zoo) when we really need to be attacking the mental characteristics that lead to sexist thought?

It's interesting she mentions voice so much. We men need to check our emotional responses to stupid inputs like "sound of voice" or "shape of body" or whatever. These things DO NOT MATTER. All that matters is ability. Nothing else!

wmeredith 6 ago 0 replies      
On attending a meeting as a female engineer..."I immediately figure out who is likely to hear me out based on our previous interactions. Then Ill purposefully sit somewhere near those allies. If Im feeling less confident when Im speaking, Ill look at them first. Im less likely to even speak up in meetings where I dont feel like I have supportive people. I dont often feel like Im not heard at meetings, but I think thats because Im careful about when I choose to speak."

What does this have to do with being a female? It sounds like every meeting I've ever attended.

bitchypat 24 ago 2 replies      
Do you think it's funny that you titled the interview as you did and chose the first question to be "how conscious are you of being a female engineer as opposed to just an engineer"?

I do.

redDictionary 12 ago 1 reply      
I would like to ask a female engineer some things.

1) do you think there are more men in engineering exclusively as a result of men being prejudiced against women?

2) do you think your male co-workers are less qualified to be engineers because they were hired for their gender?

3) one of the engineers in this article said she felt uncomfortable being aware of being the only female. Can anyone explain what causes the discomfort?

rcba 39 ago 7 replies      
How active should men be in actually helping to solve the gender diversity problem vs sitting on the sidelines and sharing the work of women who are solving the problem?

I've been working on an initiative to encourage more of my male peers to do more to make their organisations more diverse and was recently criticised by a female software engineer who told me that I shouldn't "come into a feminist space" where "women are already organising, telling stories and advocating for themselves".

All views appreciated!

minimaxir 1 ago 1 reply      
Can you add an introductory blurb (education, current company/role) for each respondant? It's hard to tie in experiences to just a first name.
pcsanwald 6 ago 0 replies      
My wife just tried to email to offer to participate, the email bounced.
benclarkwood 3 ago 0 replies      
It is good to see YC trying to use its platform to move this discussion forward, but I think that the title of the series is inherently troublesome. Referring to women software engineers as female software engineers is reductive and dehumanizing. Men are not usually referred to as males. Frankly, it sounds like a Ferenghi.
NTDF9 21 ago 1 reply      
Not trying to be sarcastic but how would the world respond if someone starts, "Ask a male engineer"?
How to Write a Spelling Corrector norvig.com
202 points by colobas  4 ago   84 comments top 25
ChicagoBoy11 1 ago 5 replies      
I couldn't help but read this and think about all the "coding" initiatives I've seen in K-12 and shake my head.

What Norvig is doing is what we should be teaching. He is tackling this seemingly REALLY hard problem by thinking about it methodically, translating some intuition into code, carefully constructing an argument about how to solve it, and ways that it could be extended. This is what actual engineers look like.

Everything I've seen around "coding" though has become a masochistic exercise in teaching kids random syntax details and then calling them Coders and Geniuses and Computer Scientists when they successfully copy what the teacher showed them.

When you read Norvig's code (big fan of his Sudoku one as well), you realize how the actual "code" is secondary in the sense that what it is really doing is expressing an idea. A very nunanced, elegant idea, but ultimately the product of doing some hard thinking and exploration on a problem domain.

If we taught kids to just think about problems in this way, ohh what a world it would be!

lb1lf 3 ago 10 replies      
Spell chequer

Martha Snow

Eye halve a spelling chequerIt came with my pea seaIt plainly marques four my revueMiss steaks eye kin knot sea.

Eye strike a quay and type a wordAnd weight four it two sayWeather eye am wrong oar writeIt shows me strait a weigh.

As soon as a mist ache is maidIt nose bee fore two longAnd eye can put the error riteIt's rare lea ever wrong.

Eye have run this poem threw itI am shore your pleased two noIt's letter perfect awl the weighMy chequer tolled me sew.

727374 4 ago 0 replies      
If people like this, also check out his course at Udacity - https://www.udacity.com/course/design-of-computer-programs--...
misiti3780 2 ago 3 replies      
His python code styling is really awesome. So concise. Probably inspired by all the LISP he wrote in the past.

Although he does seem to be using doc strings incorrectly

abecedarius 3 ago 0 replies      
The code's been updated to more modern Python and to not try to smooth the probabilities. (Also it computes probabilities instead of frequencies now, though that shouldn't affect the result.)
WalterBright 15 ago 0 replies      
The D language compiler consults a simple spell corrector when encountering an unknown identifier. The dictionary is the list of names currently in scope. It's a nice improvement to the error message about an unknown identifier.
1024core 3 ago 3 replies      
The last 9 times it was submitted: http://goo.gl/mVSi7W
bsenftner 2 ago 1 reply      
Although not a spell checker specifically, I wrote an offensive language filter for a chat system used by the National Hockey League for a period when they hosted communal chat rooms during televised games.

The architecture I used is completely different from what is described here, but the goals are very similar. I had to handle any curse word in any language, including curses from one language translated into another language, as well as offensive phrases, and their translated equals, as well as offensive slang, and mispelt offensive slang translated from other languages.

I ended up with an offense dictionary of about 700K words and phrases. This was back in '99, so my memory may not be 100% here, but I remember using Perfect Hash to generate a compiled hash table for the dictionary, and then a trie to organize the dictionary lookups. The entire system was about 150K of a downloaded exe to access the NHL simulcast chat, as all the offensive language filtering occurred on the client side. Chatting anything that could be offensive turned into a series of words with their interiors all asterisk '*', and it ran in something like 500 ms. Fun times. That company and project died with the dot com bust.

r-c-r 1 ago 0 replies      
I added a spelling corrector to an application a while back. I tried a couple of libraries that implement these ideas. Problem is it can be slow for big words.

I stumbled across this algorithm which is much faster if you allow some time to pre-process your dictionary. http://blog.faroo.com/2012/06/07/improved-edit-distance-base...

I implemented it here for fun in common lisp. Excuse the ugly code. https://github.com/RyanRiddle/lispell

vcool07 2 ago 4 replies      
Is there any C++ version of a decent spell checker ? Been looking for sometime (mainly out of curiosity), most are either amateur school projects or too academic/phd-ish....would love to go through a good open source C++ based spell checker that can be used in practise (with little modifications if required)
elchief 1 ago 0 replies      
I wrote one in PLV8 (Postgres) just for fun:


laxatives 25 ago 0 replies      
Norvig's code is beautiful.
tootie 53 ago 0 replies      
Is this how modern spell checkers actually work? I assumed they would use a heuristic trying to match common misspellings to their frequent corrections. That or a combination of heuristic and Bayes.
acdimalev 2 ago 0 replies      

 >>> import spell >>> spell.correction('ducking') 'fucking' >>>
Yup, it works.

jedberg 2 ago 2 replies      
The date on the top says February 2007 to August 2016.

Does anyone know which parts are new in August 2016? I've read this before and it isn't sticking out to me.

Animats 2 ago 0 replies      
That's not how Google does it. Try spelling errors with Google Search. Google does multi-word spelling correction.
yomritoyj 1 ago 0 replies      
Versions in C, C++, Java, Haskell and Racket https://github.com/jmoy/norvig-spell
vpanghal 2 ago 0 replies      
I wrote Rust version of spelling corrector sometime back to explore nitty gritty of language https://github.com/vpanghal/spellcorrector
WhitneyLand 2 ago 2 replies      
Any article like this for grammar correction?

I've been interested to know why grammar checking and corrections can't be more accurate.

evanjacobs 2 ago 0 replies      
"why should they know about something so far outisde their specialty"
Halienja 2 ago 0 replies      
Neat Code - expressing high-level concepts in such a concept manner.
amelius 2 ago 1 reply      
They don't seem to address keyboard layouts.
realworldview 1 ago 0 replies      
bpchaps 2 ago 0 replies      
I love it. Spell checking was pretty relevant to some of my work recently and I needed to correct heavily typo'd address text from Chicago parking ticket data. It used difflib to recursively find similarly typo'd address until it finds a matching address within a list of correct addresses. Definitely a lot more to polish, but I'm kinda proud of the naive approach.


 coumbia,columbia,0.933333333333 argy,argyle,0.8 menomee,menomonee,0.875 newladn,newland,0.857142857143 boulevard way,boulevard,0.818181818182 sherwn,sherwin,0.923076923077 lawrencec,lawrence,0.941176470588

nxzero 2 ago 1 reply      
Reverse of the logic presented could be used to inject typos into a document per distributed copy of it to help identify anyone sharing documents online; basically each copy is unique to allow for attribution. Hash of each document could even be given to a third party and archived to provide if needed independent verification of the claim that the document and the document itself could be encrypted, loaded to another third party to log the IP and finger print of the download provide another independent verification of the exchange.
VotePlz The Easiest Way to Vote voteplz.org
99 points by zachlatta  2 ago   118 comments top 15
woodhull 1 ago 6 replies      
How is this ethical: YC funds Vote.org as part of YC S16. Vote.org is a voter registration platform broadly similar to VotePlz, but with fewer emojis.

Sam Altman spends his summer advising vote.org in his role as a YC Partner.

Soon after demo day, Sam Altman decides to launch what amounts to a clone knock off of vote.org. Paul Graham tweets about VotePlz at launch calling it the most important thing to happen today, after never mentioning the YC funded vote.org on his twitter all summer as far as I can tell.

Shouldn't YC be as friendly to not-for-profit startup founders as they claim to be to for-profit founders?

I'm all for there being lots of voter-registration organizations. YC should fund lots of startups in this space.

It seems though that the role that YC Partners play as trusted strategic advisors is incompatible with those partners going on to start directly competitive organizations, whatever their tax status might be.

alexbecker 12 ago 2 replies      
I haven't seen a persuasive analysis of whether and how one should vote; most analyses I've seen ignore the electoral college and all the issues it brings. In brief:

My vote is statistically extremely unlikely to affect the outcome of the election. This is counter-balanced by the extremely large impact affecting the outcome would have. I'm inclined to believe that the two roughly cancel, so that a (say) one-in-several-million chance of affecting the outcome is worth the effort of voting. But I live in California, where my vote is roughly 100x less likely than the average vote to affect the outcome (FiveThirtyEight has done this analysis, though the precise number fluctuates and has considerable uncertainty).

So then what are the effects of my vote? It nudges the statistics a little. It increases turnout, which probably increases confidence in our democracy. It increases turnout among 18-29 year-olds, probably increasing their political clout and furthering causes they support. Do I agree with them on the whole, or in particular on issues where their political clout is likely to tip the scales? I don't know. Say I vote for Clinton, it also increases her popular vote total. If she wins, it slightly improves her electoral mandate. If she loses, it slightly deprives Trump's mandate. It also increases the chance that Trump wins the election but loses the popular vote--a potentially very unpleasant scenario.

How do I measure and balance these? How is a consequentialist to vote?

ptomato 23 ago 0 replies      
"Some information on our supporter lists, such as names, email addresses, and addresses, may be exchanged with named partners and other organizations with principles and/or missions that overlap with those of VotePlz." "We'll make sure people spam you with political bullshit to the end of time if you're dumb enough to give us your personal info."

Of course, on the signup form, they say "We'll never sell your data or spam you" and then point you to the privacy policy which says that.

kr7 44 ago 3 replies      
NoGravitas 4 ago 0 replies      
What a terribly designed website. I opened it with an ad blocker running, and it's continuously redrawing itself, and the validation error boxes are displayed with {{vm.errors.blahblah}} in them. I can understand things not working right if some resources don't get loaded, but this is an incredibly ungraceful way to fail.
minimaxir 1 ago 1 reply      
NB: VotePlz is partially funded by YC president Sam Altman, although I am not sure if it is a part of YC (see interview w/ cofounders + Altman: https://www.buzzfeed.com/nitashatiku/voteplz-silicon-valley-...)
32bitkid 1 ago 8 replies      
i _really_ wish that "No Vote" was a valid/acceptable option, and there were ramifications if "No Vote" got the majority support. I just don't buy into the "you are obligated to vote" choir, or see any value in the "vote against somebody else" vote.
rattray 30 ago 0 replies      
I don't see any indication as to which jurisdiction(s)/election(s) this pertains to. Is it USA-only? USA-federal-election-only?

These may be "stupid" questions, and the answers may be buried somewhere, but I'd imagine it would make sense to have this information on the home page.

bonoboTP 4 ago 0 replies      
Is it so difficult to vote in the US?
adocracy 1 ago 5 replies      
Voting should be the single required act to trigger your Universal Basic Income for the year.
Fej 1 ago 1 reply      
Is it wrong that I instantly think less of a website when I see gratuitous, unnecessary emoji?
HelloMcFly 18 ago 0 replies      
Observation: this site incorrectly identified me as not registered to vote. I verified my status on my county website.
kawfey 1 ago 1 reply      
I put in my address, which resulted in a popup saying "Uh oh! Looks like something went wrong with our codez..."

The rotating status icon beneath the address box proceeded to change the dimensions of the page, making an interesting cyclic pattern of lengthening and shortening my scroll bars.


b0p1x 1 ago 1 reply      
No mention of what city/state/country it is even applicable to. A star is pretty generic to think that means USA by itself.
ph0rque 1 ago 1 reply      
My address came into existence ~2 years ago. I'm still having trouble with address lookups validating my address as valid, including in this case.
Were in the Middle of a Data Engineering Talent Shortage stitchdata.com
56 points by hankmh  1 ago   40 comments top 12
jnordwick 59 ago 5 replies      
Whenever I see these posts I immediate translate them in my head to "we're in the middle of a talent shortage at a price I am willing to pay."

I've worked with very large amounts of data and high performance computing for most of my career; I mostly had finance related jobs in the last decade or so. I have most of the skill you want, including some you don't know you want. However when salary comes up, that is where we start to part ways. If you are really serious about a shortage, you should be really serious about making offers that can be competitive, but I keep seeing the same $150k offers. That isn't a "shortage" kind of offer.

mrharrison 29 ago 2 replies      
We should rename this job position to Data Sanity Engineers.

I have been thrown these projects at work before, where I'm the frontend engineer and I need to make some cool D3 visualization, but low behold the data is shit, and I have to help the backend team make the data useable. It's a mind-numbing job, that nobody wants, because it sounds like a one month task to get a good REST API up and working, but it usually takes three months, because you have to go back and forth making sure the data is right, and there is always 10 tricky edge cases that you have to work some magic on. Not only that but you need to have smart people cleaning the data, so that you don't make some big mistake down the line or your REST API is super slow, and you have to add another couple weeks or month to rework the data again. So that one month becomes three months, and most likely a year, because somebody will say that looks great but can we also add this, and it goes on and on. It's literally a mind-numbing job that most nobody wants. I have found that products like Tableau are the best for this, you still have to clean the data, but it helps speed up the process.

Data cleaning is a super golden problem to solve.

dmatthewson 49 ago 2 replies      
From the article: "Data engineers are the janitors who keep your data clean and flowing."

Hm, I wonder why he's having problems hiring janitors.

mattnewton 1 ago 6 replies      
I'm trying to switch careers into "Data Engineering" now, as a full stack developer who is more interested in ML, and I've found almost no traction internally at my company or externally. It looks like I may just accept a full stack position at a good company that does a lot of data science for now, but though I would ask - Where are all these jobs?
rch 56 ago 0 replies      
I've heard more than one CTO/Sr. Engineer refer to people in these roles as 'data grunts' or something similarly dismissive. Then they're mystified as to why solid engineers are so quick to move up or out, year after year.
GeneralMayhem 53 ago 0 replies      
There are 6600 jobs listed and 6500 individuals on LinkedIn with that particular title, and therefore there's a shortage? Seriously?

* How many aren't on LinkedIn?

* Since the whole article is about how the job title is poorly defined and growing in prevalence, why would you assume that people who don't already have such a job would use the term?

* The "growth" charts on the full study are just as bad - how much of that is just from renaming existing generic developer positions, since "data engineer" is clearly a relatively new term?

skynetv2 1 ago 1 reply      
anything and everything is marketed as "data science" and "data engineering" these days becasue this is the buzzword of the day.

I've been dealing with large data even before "big data" was a word but i dont call myself "data scientist" or "data engineer". I am still a software engineer working on what benefits my organization.

"Serial Entrepreneur" is the same these days, claimed by anyone who had a lemonade stand as a kid.

ThePhysicist 25 ago 0 replies      
Data engineering sounds much better than "data plumbing", but in my experience the latter is a more accurate description of the work of a data engineer: Building -and often unclogging- pipes that transport data from A to B, and putting in filters to clean it and extract the useful bits.

So why not change your LinkedIn job title to "data plumber", which is sure to get you some serious recruiter attention ;)

moandcompany 4 ago 0 replies      
I am a data engineer working on a machine learning team with models actively used as part of our product(s).

From my experiences working in various contexts (applied machine learning, analytics, policy research, academics, etc...), there are several of factors that contribute to this shortage: (1) "data engineering" often requires a lot of breadth and knowledge, (2) "data engineering" is often (derisively and naively) referred to as the "janitorial work" of data science, (3) the spectrum of roles and requirements within the "data engineering" domain, in terms of job descriptions, can range from database systems administration, to ETL, to data warehousing, curation of data services / APIs, business intelligence, to the design/deployment/operation of pipelines and distributed data processing and storage systems (these aren't mutually exclusive, but often job descriptions fall into one of these stovepipes).

Some of my quick thoughts and anecdata:

Companies have made large investments in creating 'data science' teams, and many of those companies have trouble realizing value from those investments.

A part of this stems from investments and teams with no tangible vision of how that team will generate value. And there are several other contributing factors

"Dirty work." People haven't learned how to, and more often don't want to do it. There's a vast number of tutorials and boot camps out there that teach newcomers how to "learn data science" with clean datasets -- this is ideal for learning those basics, but the real world usually does not have clean or ideal datasets, and the are a number of non-ideal constraints.

There are people that wish to call themselves data scientists that dont want to write code and would prefer to do the analysis and storytelling

Engineering as the application of science with real world constraints: there are a number of factors that we take into account, often acquired through painful experience, that arent part of these tutorials, bootcamps, or academic environments.

Many data scientists Ive met have a hard time adapting to and working with these constraints (e.g. we believe that the application of data science would solve/address __ problem, but: how do we know and show that it works and is useful? what are the dependencies, and costs of developing and applying that solution? is it a one-time solution, or is it going to be a recurring application? does the solution require people? who will use it? what are the assumptions or expectations of those operators and users? is it maintainable? is it sustainable? how long will it take? what are the risks involved and how do we manage them? is it re-usable, and can we amortize its costs over time? is it worth doing?)

Larger teams with more people/financial/political resources can specialize and take advantage of these divisions of labor, which helps recognize the process aspects of applying data science and address some of the above

Short story: if you view data engineering as "janitorial work" you're missing the big picture

otto_ortega 35 ago 0 replies      
Am I the only one who thinks there will be a ton of people changing their job title on LinkedIn to "Data Engineer" as a result of this article?
realworldview 1 ago 0 replies      
We surely need data mechanics.
untilHellbanned 1 ago 0 replies      
Ahh the ol' write a post about a not well understood distinction and then proceed to not explain the distinction.

Looks like we need more English engineers too.

500 Lines or Less A Python Interpreter Written in Python aosabook.org
38 points by gkst  1 ago   3 comments top 4
kazinator 5 ago 0 replies      
In the early 2000's, Teemu Kalvas created "Lisp 500": 500 lines of C (plus a .lisp file that provides a library and goes as far as featuring a compiler, which works by emitting C).

I can't find the sources for this.

Incomplete, no .lisp file: http://www.s2.org/~chery/projects/lisp500/

Doesn't connect: http://modeemi.cs.tut.fi/~chery/lisp500/

The most accessible source for this currently seems to be a "lisp5000" project in GitHub: https://github.com/jackpal/lisp5000

This is a derivative work whose C code has been blown up to 1600+ lines.

notsorandomname 4 ago 0 replies      
Shouldn't the title of the article be "500 lines or less - ceval.c written in Python" or "500 lines or less - a python bytecode interpreter written in python"The original one is just misleading.
makmanalp 23 ago 0 replies      
This is awesome. Also see her talk at Pycon here: https://www.youtube.com/watch?v=HVUTjQzESeo
sndean 29 ago 0 replies      
Previous discussion about the book: https://news.ycombinator.com/item?id=12170182
WaveNet: A Generative Model for Raw Audio deepmind.com
25 points by benanne  53 ago   5 comments top 3
fastoptimizer 13 ago 1 reply      
Do they say how much time is the generation taking?

Is this insanely slow to train but extremely fast to do generation?

JonnieCache 29 ago 0 replies      
Wow. I badly want to try this out with music, but I've taken little more than baby steps with neural networks in the past: am I stuck waiting for someone else to reimplement the stuff in the paper?

IIRC someone published an OSS implementation of the deep dreaming image synthesis paper fairly quickly...

imurray 40 ago 1 reply      
Would delete this post if I could. Was a request to fix a broken link. Now fixed.
Google to acquire Apigee googleblog.com
133 points by ctdean  5 ago   63 comments top 17
msoad 1 ago 1 reply      
Google didn't pay for the technology. Apigee has a good set of big enterprise customers that Google was missing on their cloud platform. As others mentioned, Google already have the tech: https://cloud.google.com/endpoints/
gizmodo59 3 ago 2 replies      
2018: Support is discontinued. Please use our forums where intelligent bots will reply you.

2020: We are now discontinuing Apigee.

nl 2 ago 0 replies      
Apigee is a pretty decent product if you are in the space. It's sort of kinda like a "CDN for APIs", if that make sense, which I've always thought is a great idea.

(Yes, I realize my analogy has limits. Don't get too hung up on it though)

I didn't realize they were a public company though.

pluma 3 ago 6 replies      
I misread that as "to acquire Apple". Then I misread that again as "to acquire Apogee" (as in, the name 3D Realms went by from 1987 to 1996).

Now I'm wondering behind the reasoning of the Apigee brand. Was it an intentional play on Apogee Software of the 80s/90s? If so, why? Something about "playing with APIs" I presume, but that seems confusing.

internal_tools 3 ago 2 replies      
I think this is an excellent acquisition by Google, specifically for their cloud platform. It provides an excellent solution to the problem of managing apis and a tight integration with cloud platform will really make it stand out.
doppenhe 2 ago 2 replies      
They announced this a couple of weeks ago... im confused: https://cloud.google.com/endpoints/
PaulHoule 2 ago 1 reply      
These various "API management" services have always struck me as value subtracting as much as value adding. Adding another moving part to a system doesn't make it more reliable.

One thing that has amazed me is that most of these services offer everything but the kitchen sink AND the one thing you need for a minimum viable product, which is the ability to charge for API calls.

antoncohen 2 ago 0 replies      
What a bizarre acquisition. They say:

> A good API needs to [...] give developers the freedom to work in the development environment of their choice [...] a good API includes testing support

Those are two of the main reasons not to use Apigee.

ajainy 3 ago 6 replies      
3Scale got acquired by IBM, and now APIGEE by google. Time to buy Layer7 shares?

API Gateways are big deal in API first initiatives.

aikah 3 ago 1 reply      
Never understood Apigee's core product. I like their whitebooks though. quite informative. So congratulations.
supergeek133 2 ago 1 reply      
Well. At first I thought this was crazy, but then I realized Google was the only major cloud provider that didn't offer an API Gateway service... Azure and AWS both have one.

So, makes sense. They got them cheap as well, only a really small premium of the stock price.

yueq 50 ago 0 replies      
Buying offer is 17.40. Right now Apigee's trading at 17.42, short selling opportunity?
olalonde 2 ago 0 replies      
> As always, we'll make sure that these capabilities are available in the public clouds and can also be used on-premises.

Does that mean there's a chance Apigee will get open sourced? (fingers crossed)

niftich 3 ago 2 replies      
So does this mean Apigee will be the captive API gateway for Google's extensive portfolio of APIs, or will the Apigee gateway still be offered as a product to put in front of a customer's custom API?
ctdean 5 ago 1 reply      
$625 million in cash
chatmasta 3 ago 1 reply      
Aw man I bought a bunch of these shares last year at $7 and sold for $7.90 after a few months. I was happy about it. Wish I held onto them, it's trading at $17 now!
kelvin0 1 ago 1 reply      
Is it just me, or should API management be done through GraphQL? It doesn't seem like Apigee even uses GraphQL (unless I missed something on their website). Been looking at GraphQL recently, and it looks like it could be a solution. Any experience on using GraphQL in a prod environment?

EDIT: I think Apigee has a great product, not wanting to put them down.

InfluxDB 1.0 GA Released: A Retrospective and Whats Next influxdata.com
100 points by pauldix  4 ago   49 comments top 12
linsomniac 3 ago 1 reply      
I've been using InfluxDB for almost a year now. At one point around 9 months ago I had given up on it because it was a bit crashy, and the database just was growing too fast. But the promise behind it was too compelling and I started experimenting with newer versions around 6 months ago and it has been just great! Much easier to deal with than Graphite/collectd/carbon, telegraf has not been eating our servers like collectd was, CPU usage is way down... Loving InfluxDB. Still need to implement annotations and SNMP polling in telegraf, but it is awesome. We are even pushing some application stats into it.
zenlot 3 ago 1 reply      
While talking about InfluxDB people should not forget about their beta release of clustering to attract more users and then making it just enterprise. And no, it's not an argument that this is the only way to get paid in open source. Users should be careful while adopting InfluxDB as Influxdata does not clearly elaborate their plans on the product.
scrollaway 3 ago 1 reply      
Influx is absolutely amazing. We're using it along with grafana to store and display our desktop and web apps' analytics (it completely replaced GA), store and display HTTP health analytics (piping custom uwsgi request logger into UDP input), and do continuous analysis of Hearthstone games.

It's incredibly fast and the grafana/influx/telegraf stack is really cool to play with. Highly recommended.

gorodetsky 3 ago 1 reply      
I still don't quite understand Chronograf: I know that you want to own the stack but are there any major advantages over Grafana?

Sorry if I'm being ignorant but I couldn't find anything that would've made me think one way or another.

LogicX 4 ago 1 reply      
We've been using influx since 0.9 in production. Had a few bumps with cardinality growing out of control, but now working around those limits, it's going well. Looking forward to that being something tackled with upcoming releases.
otoolep 4 ago 1 reply      
Great stuff. Congrats to everyone on the InfluxDB team on this big milestone.
fabian2k 3 ago 1 reply      
I played around with InfluxDB, Telegraf and Grafana a while ago, and it worked very nicely for the basic stuff I tried.

One thing in Telegraf where I didn't figure out a good solution was a way to parse arbitrary log files and generate data points and/or annotations from them.

There is a particularly annoying log file format from a proprietary application containing data I like to monitor which contains time series values in a multiline format as well as error messages. What I'd like to do is to have Telegraf tail the log file and pass it through a script that generates actual influxdb data from that. So something similar like the telegraf tail plugin, but with a data transformation in between.

hamax 4 ago 0 replies      
A very happy InfluxDB user here, but did you really had to title your release email "InfluxDB 1.0 GA is Here! Plus 27x Faster than MongoDB Benchmarks"?
aleksi 2 ago 1 reply      
> We had been grappling with what we should do for most of August 2013 and had another idea that I planned to debut at Monitorama in Berlin in late September. The conference was all about monitoring and I thought it would be a good place to find a receptive audience for a new monitoring product.

What was it?

joekrie 4 ago 0 replies      
Cool to see a database specializing in time series data.
tbarbugli 3 ago 1 reply      
We evaluated InfluxDB 6 months ago and did not move forward because cluster mode was still in beta. Is there anyone running a cluster in production with some decent traffic?
dozzie 4 ago 4 replies      
Airbnb Adopts Rules in Effort to Fight Discrimination by Its Hosts nytimes.com
65 points by brentm  4 ago   119 comments top 16
nicolas_t 38 ago 1 reply      
As an host, I'll never discriminate on the basis of religion, sex orientation, color of skin, national origin or gender identity.

When it comes to disability, I might refuse someone whose disability would cause risk in using the apartment and might have an accident because the apartment is not safe for someone who's disabled (the building is 300 years old, there's no elevator, the stair in the duplex apartment doesn't have handrails)... It's a risk if the person then has an accident...

Similarly in term of age, I would not rent to couples with young children because it's too risky.

So, it's discrimination but it's mostly because this is not an hotel, it's an apartment in which I live part of the year and it's not adapted for disabled people or couples with young children because I'm not in those categories.

That said, as someone whose wife is asian, I fully understand the problem. It's annoying and painful when people discriminate based on race.

In our case, we show both my face and wife face on our Airbnb profile photo because we prefer to have a host refuse on the basis of wife's nationality than to give money or stay at the house of a racist host. I've had a bad experience before that with a host who was nice to me when I met him and then wasn't as nice 5 minutes later once my wife arrived... The fact that he earned money from our stay galls me...

dilap 4 ago 8 replies      
I don't know if this is really a tractable problem.

At the end of the day, either airbnb lets hosts decide who stays or doesn't. If they don't let hosts decide, they'll likely lose a ton of hosts, since having someone stay in your home is a very personal thing and a huge risk. If they do, then they're going to have significant discrimination problems as long as people are discriminatory, i.e., basically forever.

jasode 4 ago 3 replies      
>Airbnb said it would also accelerate the use of instant bookings, which lets renters book places immediately without host approval.

Maybe I'm naive but it seems like that policy would be perceived by hosts as extremely hostile. Homeowners have both a financial and emotional vested interest in their homes so letting strangers book it without a cursory check isn't going to work. Having no checks would work for real estate holders who aren't emotionally attached to their homes but not homeowners who live in the same house they rent.

Even if it's irrational and discriminatory, homeowners want to maintain some semblance of control over who stays at their home. It's the homeowner who has to pay for damages/misbehavior -- whether directly or by home insurance deductibles and higher premiums. (As I understand it, AirBnb's coverage guarantee only kicks in after the homeowner exhausts his personal insurance.)

Does anyone know the bulk of AirBnb's business revenue? Is it homeowners renting out a spare bedroom? Or is it people renting out non-owner occupied beach houses and lofts?

EDIT ADD: Every time an AirBnb thread about racism comes up, many commenters are confused or ignorant about what the law actually says. To copypaste a previous comment:

Those anti-discrimination laws don't apply to hosts' private homes or bedrooms.[1] Paraphrase of law: "All persons shall be entitled ..., and accommodations of any place of public accommodation,..., without discrimination ... other than ... a building which contains not more than five rooms for rent ... which is actually occupied by the proprietor ... as his residence"

In other words, if a homeowner has a spare bedroom across the hall from her 13-year-old son's room, and doesn't want to rent to transgender, black, or 65-year-old guests, it is legal for her to discriminate on those attributes.

On the other hand, if the AirBnb host is renting out a non-owner-occupied beach house, the discrimination laws would apply.


bobjordan 4 ago 5 replies      
Yeah, well after having a multi-day house party thrown in my Houston home by a local guy that had the gall to write "God Bless you" several times before the rental, and Airbnb doing nothing about the damages (huge scratches on brand new $5K bedroom suite, a frigging water-logged kitchen ceiling, cabinet doors torn off hinges, etc.) we will no longer rent to any local, of any race. Anyone that rents my house is going to prove they are an out-of-town traveler. At the end of the day, the owner should have the final word on their house.
aikah 4 ago 3 replies      
well people should have figured out by now : Airbnb's aren't hotels. And people should be free to deny others staying at their place, for whatever reason. Airbnb can't have it both ways, they know it and this effort will be pure PR.
tedmiston 56 ago 1 reply      
I've always considered it a legitimate request when people want to live with others of the same gender for a shared room in their home.

For example, you especially see this on sites like Craigslist when people are seeking roommates. This policy seems to overturn the ability of hosts to do this. If I were a female in an all female home renting out one room, it would make me uncomfortable. Perhaps other do not see this as an issue in short-term renting, but I do.

gmarx 3 ago 1 reply      
Many other commenters imply that since people would flee the platform if they couldn't discriminate, that AirBnB shouldn't have to deal with the problem. It's the opposite. AirBnB is required to deal with the problem. Their challenge is to make it look like they are dealing with the problem (e.g. hire Eric Holder) while not actually dealing with it in any substantive way.

Lots of these new companies have as part of their secret sauce the hiding of racial discrimination and avoiding regulations and fees that their old style competitors can't. once/if the govt cracks down a lot of these valuations must be reimagined

draugadrotten 4 ago 1 reply      
Coming up next: AirBnB adopts rules in effort to fight discrimination OF its hosts.

Some guests may avoid to stay with hosts of certain life styles, gender, race or religion. This discrimination must be stopped.

southphillyman 3 ago 3 replies      
I'm confused by the responses in here so far. How does discriminating based on race, gender, age, etc guarantee that your property will not be damaged? If you want the access and business that using AirBnb's platform provides then you need to adhere to their rules. Pretty simple. If that's a problem use craigslist or some other service so you can use whatever prejudices you have to screen guests.
andykmaguire 13 ago 0 replies      
Where are the consequences for discriminating hosts? This feels like lip service.
barnassey 9 ago 0 replies      
Going to be honest, they can try but since these are private homes they wont get far.
mc32 3 ago 0 replies      
One thing I didn't see is AB&B promoting its business model to affected classes of people. Get more affected classes of people on your platform (i.e. as hosts) and have them lead the way.
kchoudhu 1 ago 0 replies      
I've historically had trouble getting people to respond to my lodging requests on AirBNB. I learned quickly to let my (white) wife do the bookings for our family. When I'm traveling on my own, it's just easier (and frequently cheaper) to just check into a traditional hotel.

It's an intractable problem, and I don't see a good way forward for AirBNB.

marknutter 4 ago 7 replies      
Doesn't discrimination end up hurting the hosts in the end? Having less demand drives the rental costs down.
marcoperaza 4 ago 0 replies      
Very tricky. Who you allow to stay in your home is a very personal and grave decision and people want as much information about the potential guests as possible. If they were to take this a step further and remove guest pictures altogether, I suspect that you'd see a mass flight to a competing platform.

For people who are renting out their primary home (and especially if they'll be there at the same time as the guest), I don't think it's ever right to challenge their decision to accept or deny a guest.

But someone running a number of units as full-time rentals should be held to anti-discrimination laws.

A bite of Python redhat.com
259 points by ashitlerferad  10 ago   132 comments top 18
michaelfeathers 8 ago 4 replies      
The behavior of 'assert' is not an anomaly. It comes from 'design by contract.' Assert is primarily meant to be documentation of constraints in code and secondarily a way of catching errors during development.

"Contract conditions should never be violated during execution of a bug-free program. Contracts are therefore typically only checked in debug mode during software development. Later at release, the contract checks are disabled to maximize performance." - https://en.wikipedia.org/wiki/Design_by_contract

pvdebbe 6 ago 2 replies      
One Python gotcha that has bitten people in my company a lot:

 fun_call('string1', 'string2' 'string3')
That is, missing commas and subsequent string concatenations can lead to nasty errors. I wish Python didn't nick this from C and would have just enforced the use of + to concat over-length strings, if they need to be split to multiple lines.

skywhopper 3 ago 5 replies      
I would never accuse Python of "language clarity and friendliness". Far from it. For someone who came up through C, Java, Perl, and Ruby, but who's wrangled with Python, Javascript, Go, and even Haskell in recent years, I still find Python mysterious, self-contradictory, and filled with implicit rules and assumptions that are entirely un-intuitive to me far more than other languages. And yet, people seem to like it. Certainly this article does. It's an interesting effect.
viraptor 8 ago 1 reply      
If you're interested in reviewing Python code for potential security issues, here's a related project: https://github.com/openstack/bandit (I'm one of the devs)

It will actually pick up a number of security issues listed in the post. It's useful in real world too - led to a number of CVEs being reported.

alex-yo 8 ago 4 replies      
I wouldn't call it 'traps'. I would call it 'read and understand documentation before writing code' like: what is 'is' operator, or how floats behave in EVERY programming language, or why you should sanitize EVERY user input.

So, basically, I can write such a list for every language I know.

santiagobasulto 4 ago 3 replies      
Completely out of context, sorry, but couldn't avoid to note this:

"Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments".

Why would you change the order of the subject in such an unreadable way? Isn't much easier to say:

"Python is becoming increasingly ubiquitous in computing environments, as it's easy to pick up and progress quickly towards developing larger and more complicated applications"

I'm not expert in writing, it just sounded weird. If anyone can explains what's going on there, really appreciated.

commenter23 7 ago 2 replies      
The point the article makes on comparing floating point values and the floating point type is true, but it's not because of any rounding error.

It's because the comparison operators are defined for every value. That is, "True < []" is valid in Python 2.7, along with any other 2 values, regardless of type. This is a surprising instance of weak typing in Python, which is otherwise strongly typed, which is why this was fixed in Python 3 (https://docs.python.org/3.0/whatsnew/3.0.html#ordering-compa...).

This is also not a case of Python doing something useful, like with '"foo"*2'. The result of the comparison is defined, but it's not useful. I suppose it was useful for making sure that you can always sort a list, but there are better ways to do that.

Pikago 7 ago 0 replies      
The documentation of most modules cited in the article start with a paragraph in red and bold warning the reader of the same danger explained by the author. So this is a nice compilation, but nothing new and nothing somebody looking at the documention of the module he's using will miss.

There are nonetheless good remarks about poor design choices of Python which can lead to misconceptions to newbies, such as naming `input` the function that does `eval(raw_input(prompt))` (as casually documented[0]), and the existence of such function in a first place.

[0] https://docs.python.org/2/library/functions.html?highlight=i...

mrswag 8 ago 1 reply      
Some points are valid, but come on, if an attacker has write access to your code, you can't recover from that, ever.
guyzmo 7 ago 4 replies      
The part of the article about an issue with name mangling of private fields is somehow misleading.

The feature is just some syntactic sugar.

When within a class, private fields such as:

 class Foo: def __init__(self): self.__bar
are accessible from within other methods of class Foo as `self.__bar`. But that's just syntactic sugar, the real name of `self.__bar` is `self._Foo__bar`.

So from the outside "world", including `hasattr()`, you can still access `self.__bar` as `Foo()._Foo__bar`.

 >>> class Foo(): ... def __init__(self): ... self.__bar = 'hello' ... def show(self): ... print(1, self.__bar) ... print(2, getattr(self, '__bar')) ... >>> foo = Foo() >>> foo._Foo__bar True >>> foo.show() 1 hello Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<stdin>", line 6, in show AttributeError: 'Foo' object has no attribute '__bar' >>> foo.__bar = 'world' >>> foo.show() 1 hello 2 world
In the end, when `x.__private` is setup outside of the class definition, obviously, it's a new member as its name differs from the internal name `__private` (which really is `_X__private`).

From within the code doing `getattr('X', '__private')` will return the `__private` setup from outside the class, and `getattr('X', '_X__private')` the one defined from within the class.

The whole point of that feature is to ensure that members defined within a class that are not part of the public API are left untouched when that class get subclassed, to avoid unexpected behaviours.

Here's an example of why this has been designed:

 >>> class A: ... def __init__(self): ... self.__internal = "this is a" ... def show(self): ... print(1, "A", self.__internal) ... >>> class B(A): ... def __init__(self): ... super(B, self).__init__() ... self.__internal = "this is b" ... def show(self): ... super(B, self).show() ... print(2, "B", self._A__internal) ... print(3, "B", self.__internal) ... >>> B().show() 1 A this is a 2 B this is a 3 B this is b >>> 
There's nothing that should be surprising or asymmetrical to anybody who've read the python documentation, and use that feature appropriately. It's maybe a weird feature, but it's still a coherent and homogeneous behaviour and actually adding more safety to codes.

Documentation references:

 * https://docs.python.org/3/faq/programming.html#i-try-to-use-spam-and-i-get-an-error-about-someclassname-spam * https://docs.python.org/3/reference/expressions.html#atom-identifiers

aikah 6 ago 0 replies      
the last one (script injection) isn't limited to python but any language that make use of template engine. escaping variables should be the default behavior.

Now I like python, it has many useful libraries, in fact it is one of the language that has the most libraries for any purpose. I wish, even as a dynamically typed language, it was stricter sometimes though.

wallunit 5 ago 0 replies      
I'm sorry but that whole article is just FUD...

> Input function

Yes, in Python 2, input() is a shortcut for eval(raw_input(...)), and documented as such. Obviously that is not a safe way to parse user input, and therefore it has been changed in Python 3. So this has been fixed, but if you don't read the documentation you probably will keep introducing security issues with whatever programming language.

> Assert statement

If you want to effectively protect against a certain condition, raise an exception! Asserts, on the other hand, exist to help debugging (and documenting) conditions that should never occur by proper API usage. Stripping debugging code when optimizing is common practice, not only with Python.

> Reusable integers

First of all, this behavior isn't part of the Python programming language, but an implementation detail, and a feature as it reduces memory footprint. But even when small integers wouldn't be cached, you would still have the same situation when using the is operator on variables holding the same int object. On the other hand, caching all integers could easily cause a notable memory leak, in particular considering that ints in Python 3 (like longs in Python 2) can be as large as memory available. But either way, there is no good reason to check for identify if you want to compare values, anyway.

> Floats comparison

floats in Python use essentially the native "double" type. Hence they have whatever precision, your CPU has for double precision floating point numbers, actually it is specified in IEEE 754. That way floating point numbers are reasonable fast, while as precise as in most other programming languages. However, if that still isn't enough for your use case, Python also comes with the decimal module (for fixed-point decimal numbers) and the fractions module (for infinite precision fractions).

And as for infinity, while one would expect float('infinity') to be larger than any numerical value, the result of comparing a numerical value with a non-numerical type is undefined. However, Python 3 is more strict and raises a TypeError.

> Private attributes

Class-private attributes (those starting with __) exist to avoid conflicts with class-private attributes of other classes in the class hierarchy, or similar accidents. From my experience that is a feature that is rarely needed, even more rarely in combination with getattr()/setattr()/delattr(). But if you need to dynamically lookup class-private attributes you can still do so like hastattr('_classname__attrname'). After all, self.__attrname is just syntactical sugar for self._classname__attrname.

Also note that private attributes aren't meant as a security mechanism, but merely to avoid accidents. That's not specific to Python; in most object-oriented languages it is possible to to access private attributes, one way or another. However, Python tries to be transparent about that fact, by keeping it simple.

> Module injection

Yes, Python looks in a few places for modules to be imported. That mechanism is quite useful for a couple of reasons, but most notably it's necessary to use modules without installing them system-wide. It can only become a security hole if a malicious user has write access to any location in sys.path, but not to the script, importing the modules, itself. I can hardly think about a scenario like that, and even then I'd rather blame the misconfiguration of the server.

> Code execution on import

Yes, just like every other script language, Python modules can execute arbitrary code on import. That is quite expected, necessary, and not limited to Python. Even if module injection is an issue, it doesn't make anything worse, as you you don't necessarily have to run malicious code on module import but could do it with whatever API is being called. But as outlined above, this is a rather theoretical scenario.

> Shell injection via subprocess

Yes, executing untrusted input, is insecure. That is why the functions in Python's subprocess module, by default, expect a sequence of arguments, rather than a string that is parsed by the system's shell. The documentation clearly explains the consequences of using shell=True. So introducing a shell injection vulnerability by accident, in Python, seems less likely than with most other programming languages.

> Temporary files

If anything, Python is as unsecure as the underlying system, and therefore as most other programming languages too. But CWE-377, the issue the author is talking about, isn't particular easy to exploit in a meaningful way, plus it requires the attacker to already have access to the local temporary directory. Moreover, Python's tempfile module encourages the use of high-level APIs that aren't effected.

> Templating engines

The reason jinja2 doesn't escape HTML markup by default is that it is not an HTML template engine, but a general purpose template engine, which is meant to generate any text-based format. Of course, it is highly recommended to turn on autoescaping when generating HTML/XML output. But enforcing autoescaping would break other formats.

tehwalrus 7 ago 1 reply      
Having written code in Python for a few years, I've come across most of these (some of the ways to hack builtins/modify the code on a function reference were new to me).

However, it had also never occurred to me to make anything I cared about the security of in python. Perhaps this article is aimed at people who are writing system utilities for linux distributions, and are considering Python? Presumably some such utilities are written that way already.

It comes down to doing a proper security analysis before you define the requirements of the software: Specifically what attack vectors you want to defend against. A valid conclusion for some types of software, given the list of "bugs" in the post, would be don't write it in Python. (Indeed, I have done exactly this before writing 200 lines of C instead of 20 lines of Python.)

sitkack 5 ago 0 replies      
So many people chiming in with their dismissive comments and superior Python knowledge. The article is excellent and should be required reading for Python devs. Having it in one place is valuable resource.
ViktorasM 4 ago 0 replies      
Not readable on a phone. How can any tech company afford this in 2016...
amyjess 5 ago 1 reply      
On the float behavior: I really wish Python 3 had the sense to do what Perl 6 did and interpret all literals with decimal points (except those that use scientific notation) as Fractions instead of floats. That would solve all these floating-point errors without requiring significant modification of code, plus Python 3 would be the perfect time to do it because they're already throwing out backwards compatibility because of the str/bytes thing.
dschiptsov 6 ago 2 replies      
"Reusable integers" is a real fail - it violates the principle of least surprise and introduces a nasty inconsistency - all integers should logically be (refer to) the same integer object, not just the first 100.

Assert is a statement, not an expression, so do not use it as an expression.

One should never compare floats. This is taught in any freshman CS course. The limitation is due to the standard encoding of floats - IEEE 754 - not Python's fault.

Everything else are features of a truly dynamic language, designed for a really quick prototyping. Python3.x got rid of many inconsistencies and caveats of 2.x

Shall we re-read the classic now?


swampthinker 7 ago 2 replies      
I love that the header and navbar is responsive, but the content itself is not.

Also input is truly baffling to me. Such a small mistake that could allow write access to your code.

Show HN: Share your Unix shell with people you trust github.com
44 points by old-gregg  2 ago   39 comments top 18
Moral_ 1 ago 1 reply      
You can do this with screen/tmux too...no need to connect to some server where you can't audit their code.
drinchev 1 ago 1 reply      
What's the benefit for that? Why can't you just give ssh key / pass to the other party and share a multiuser screen?

 $ echo 'multiuser on' > .screenrc $ screen
Another tty

 $ screen -x ID_OF_SCREEN

old-gregg 2 ago 1 reply      
Hello HN,

We've been using Teleconsole internally quite a bit as we have a distributed team of developers and ops folks. Now we hope you'll enjoy it too! :)

It has a web site too: https://www.teleconsole.com

natch 1 ago 3 replies      
>We made the session IDs sufficiently hard to guess...

We believe we made the session IDs sufficiently hard to guess...


kedean 29 ago 0 replies      
I'd imagine you could mitigate some of the risks of making it publicly available by integrating with Keybase and allowing users to specify what Keybase id's should be allowed to access it.
segmondy 1 ago 1 reply      
qwertyuiop924 39 ago 0 replies      
Nice for relatively low-security systems you want to share. Also, the Mr. Robot reference is adorable. But I wouldn't trust Darlene if I was Elliot. Even after [REDACTED].
alekratz 1 ago 0 replies      
You can share tmux sessions in this manner. The only limitation is screen size in that case - it will always use the smallest screen size that the session is being accessed from.
rkeene2 1 ago 0 replies      
See also "GoTTY", also hosted on GitHub.com for a similar project that is not associated with a service (i.e., you must host it yourself). It has write support and there is a separate "gotty-client"
peterkshultz 1 ago 1 reply      
Great work! I'm excited to see what people do with this.

The only thing that concerns me is the ease with which somebody can join a session maliciously. Have you considered adding an additional form of verification for joining sessions?

binarycrusader 1 ago 1 reply      
As an aside, Solaris can enforce a "two-man rule" for system access via its Role-Based Access Control system:


jsingleton 52 ago 0 replies      
Looks handy. Any chance of Windows support?

BTW typo on https://www.teleconsole.com - "on-premise infrastructue" near the bottom.

d33 1 ago 1 reply      
> curl https://www.teleconsole.com/get.sh | sh

I understand that the assumption is that the first person I trust is you ;)

devnull42 35 ago 1 reply      
Their quick install method makes me very sad.

Never ever, ever curl redirect to bash.

chatmasta 1 ago 0 replies      
This would be great when you need to hire a freelancer to help with a 40 minute configuration fix on a server.
aiNohY6g 1 ago 0 replies      
Nice tool.

Another poor (paranoid) man solution is 1/ to rely on Tor to expose your local SSH server through NAT/firewalls, 2/ to use ephemeral classic SSH keys to allow the guest to login on the host 3/ to share the session with screen -x.

Much more secure IMHO, but probably slower and also a bit more complex to setup as the host and the guest must have Tor installed.

tokenizerrr 1 ago 1 reply      
Is the server software available?
There Are No Truffles in Truffle Oil (2014) priceonomics.com
123 points by obi1kenobi  4 ago   123 comments top 26
gabemart 4 ago 15 replies      
If this is true, I am genuinely surprised that it is legal to sell "Truffle oil".

Take the truffle oil offered by 3 big UK supermarkets [1][2][3]. All three stores describe it as having:

 > Ingredients: > Extra Virgin Olive Oil, Truffle Extract
What else are we to interpret "truffle extract" as, other than an extract made from truffles?

Sainsbury's describes it as "Truffle flavour" [3] which I guess I could see as not actually stating it contains truffles (aside from the previously mentioned ingredients list). But Tesco describes it as "Truffle Flavoured" [1], which seems to me to more strongly imply it actually contains some truffle, and Asda describes it as "Flavoured with White Truffle" [2] which to me sounds like an unambiguous statement that it contains at least some white truffle.

If this article is accurate, it seems like a complete and utter con.

[1] http://www.tesco.com/groceries/product/details/?id=292974500

[2] https://groceries.asda.com/product/seed-nut-oil/la-espanola-...

[3] http://www.sainsburys.co.uk/webapp/wcs/stores/servlet/gb/gro...

nommm-nommm 3 ago 2 replies      
There was an episode of Cutthroat Kitchen where a contestant used truffle oil on a dish.

Jet Tela (judge): truffle oil, man, there's just no place for it in the kitchen.

Alton Brown (host): yes there is. throws the bottle in the garbage.


(I do agree that using truffle oil is a sign of an amateur chef)

koliber 1 ago 0 replies      
There are many things that are flavored like something, but don't actually contain any extract from the actual thing. I don't think you should focus on truffle oil. This sort of thing is all around you, with many types of food.

Often times, the molecules used to flavor these foods are a major component of a flavor of a given fruit, vegetable, nuts, or fungus. However, it is sometimes cheaper to produce them synthetically rather than extract them. In many cases the stuff used to flavor the food was never in the thing whose flavor is being imitated.

- https://en.wikipedia.org/wiki/Isoamyl_acetate is used to imbue a banana flavor.

- https://en.wikipedia.org/wiki/Benzaldehyde gives you an almond flavor

- https://en.wikipedia.org/wiki/Vanillin is pretty much what you get in most vanilla-flavored things

- https://en.wikipedia.org/wiki/2,4-Dithiapentane is used to make truffle-flavored oil

The list goes on and on.

It's great to be aware that there is an industry in making things that taste like other things. If you walk down your supermarket isle and pay attention, you will notice that many things are not what they seem. You will first feel surprised, maybe cheated, and perhaps angry.

Is truffle oil with truffles a scam? I don't know. I was certainly fooled once.

I now try to pay attention to these types of things more. Things flavored with actual extracts tend to cost more and are harder to find. However, with many things, once you taste the real thing, you will notice that the fake stuff is off. Often times, the synthetically flavored food taste flat, sometimes chemically, and fake.

Don't get angry. Get educated, spread the knowledge, and pay attention to what you eat!

mmanfrin 20 ago 0 replies      
Truffle oil is just the less-scary-sounding version of adding msg to a dish. 'Truffle flavoring' is plain msg, most likely.

MSG is great for cooking, it is the taste of "Umami". Umami/Truffle/Parmesan are all just means of adding this msg taste to things without triggering the anti-MSG rhetoric.

The Family Seasoning for Steak: Lowry's Garlic Salt, black pepper, msg. Delicious.

adlpz 4 ago 2 replies      
I'm always amazed that this sort of blatant false advertisement is just allowed anywhere in the world.

In other news:

> Historically, there is at least some mention of Italians infusing olive oils with real truffles, and Urbani Truffles sells truffle oil that it says is made from real truffles

I actually do that myself. Get a truffle, cut it in a couple of pieces and leave it soaking for a month or two in good olive oil. Not that hard, not even that expensive either if you live remotely close to where they grow. It's a bit funny how they try to make this look like if it was some arcane secret.

kazinator 40 ago 0 replies      
Cannot parse: "it is olive oil mixed with 2,4-dithiapentane, a compound that makes up part of the smell of truffles and is as associated with a laboratory as Californian food is associated with local and organic ingredients."

Synthetic 2,4-dithiapentane is associated with some laboratory somewhere, whereas "Californian food", whatever that is, isn't necessarily "local and organic". It's not local if I'm enjoying it in New York rather than in California, and it's not organic if it didn't come from an organic farm.

hdlothia 3 ago 2 replies      
Meh. The truffle fries at my local burger spot still taste good. As long as it doesn't kill me I'm not overly concerned.
baby 3 ago 1 reply      
Here's on bottle I bought in Marianno's, a supermarket in the US. The bottle was around 10-15$ I think.


I does say olive oil, flavored, but also has a dehydrated truffle in it. Does the dehydrated truffle not contribute anything to the taste?

Also, it tastes pretty good.

codezero 3 ago 1 reply      
And if you want to get meta angry, most olive oil isn't olive oil!


aidenn0 20 ago 0 replies      
> 2,4-dithiapentane

Now I know what to blame when my roommate pours a couple tablespoons of truffle-oil on whatever it is she is cooking.

merraksh 4 ago 1 reply      
It is just a coincidence, obviously, but the Italian for "scam" is "truffa". Truffle itself is "tartufo".
slr555 3 ago 0 replies      
What I find interesting is that truffle oil is often denigrated for not containing actual truffle based solely on this lack of authenticity. I have eaten white truffles in Italy, black truffles and dishes with truffle oil. From an anecdotal perspective, white truffles are damn good, black truffles are pretty damn good and truffle oil can be a nice addition. As long as you're not being defrauded, I say no harm, no foul.

Sometimes one wants to go whole hog and buy organic this and prime that and create all components of a dish from scratch. And there are many time when one simply wants an easy dish that tastes great and doesn't cost a mint.

To me the real confusion in truffedom is caused by truffles being funghi and there also being chocolate truffles. That's just wrong.

Posibyte 3 ago 2 replies      
I read in the article that truffles are outside of the domain of human ability to control its growth.

 > Truffles are the worlds most expensive food because they resist all our efforts to control them. They cannot be mass produced or meaningfully eaten out of season.
Have there been any efforts to create some controlled version of truffles to meet demand or make it more available? To me, the idea of a GMO truffle that's available year round seems pleasing.

dragonwriter 3 ago 1 reply      
> it is olive oil mixed with 2,4-dithiapentane, a compound that makes up part of the smell of truffles and is as associated with a laboratory as Californian food is associated with local and organic ingredients.

So, what this is saying is 2,4-dithiapentane has little more to do with a laboratory than any other randomly selected ingredient, despite being linked to it in popular culture? (Or, more likely, that this is an extremely poorly chosen analogy...)

danielhooper 3 ago 1 reply      
The truffle oil you buy from the grocer has a deserving reputation, it's just scented oil, but I've eaten in restaurants where their truffle oil was literally sliced black truffles in olive oil, so at least on a restaurant menu you shouldn't dismiss "truffle oil" immediately.
AdmiralAsshat 4 ago 1 reply      
Commercially available truffle oil sold in US markets tastes absolutely horrid. It has a pungent, chemical aroma, and its taste completely overpowers whatever you put it on.

Do yourself a favor and just buy some high quality olive oil if you want a better finishing oil for your food. Oilve-oil and vinegar taprooms seem to have exploded in popularity in the US over the past few years.

mmcclellan 2 ago 0 replies      
If this is true of Truffle salt, then I have definitely fell for it before. At least Wikipedia suggests truffle salt is not usually of synthetic origin (https://en.wikipedia.org/wiki/Truffle_salt)
cmurf 2 ago 2 replies      
Truffles, like most mushrooms, contain basically 0% fat. 0.2g of fat in a 28g truffle is basically fat free. No fat, no oil to extract.
nicolas_t 3 ago 0 replies      
It's still quite possible to buy truffle oil with real truffles but of course, it's not going to be 2.5 pounds for 250ml but instead 12 pounds for 250ml...

I usually buy this one http://www.edelices.co.uk/olive-oil-flavored-black-truffles.... which is quite good...

veridies 3 ago 2 replies      
Related question: where can I buy real truffles? I've had them in the past, but I have no idea where I can buy them from, online or in person, that I can trust the quality of. Anyone have any leads?
anexprogrammer 3 ago 3 replies      
TL;DR Why don't US consumers give a toss about consumer protection?

This comes up time and again on HN. Most recently Apple not recognising the iPhone 6 faults. US consumer protections appear to be none existant. I've long known things were more "relaxed" over there, but it seems relaxed to point of no longer even basically functional.

What the hell happened since the start of the 20th C when there were efforts both sides of the Atlantic to ensure that the food you buy is what it claims to be, unadulterated and safe? That stemmed from widespread adulteration, short measures, and often horrific safety.

Why are American consumers (Republicans included) not picketing and email bombing the Whitehouse or Congress? Do you not want to buy what you expect you're buying? Do you like paying expensive restaurants for Artisan food when they apparently buy the lot from the nearest discount wholesaler?

UK has the Tory party, who also love the market as the solution to everything, even what it patently cannot solve. Every now and then they suggest some industry voluntary agreement, or to relax some aspect of labelling. These ideas rarely hit statute, as the Tory voters are consumers too and don't want safety to be simply handed to multinationals. It's going to lose them voters, so we usually end up with something fairly acceptable. EU legislation helps greatly on this too.

We had the piece about restaurants in the US recently. That gave the impression restaurants able to lie to such an extent that the expensive "organic locally sourced salmon" you order from the menu might be none of those things.

If it were the UK, and you sold Truffle Oil containing no truffle, the retailer has broken the law and would be liable to fines and recalls(usually used for safety issues, or discovering beef isn;t). The retailer can then claim against the supplier or manufacturer.

There are legally mandated amounts where you can name something Chocolate Spread (min % choc), reduce it below and you end up in the band where you have to call it Chocolate Flavoured Spread (As found in cheaper ranges). Keep going to the point of no chocolate and you have to switch to "flavour" which can be artificial flavourings (bottom of the heap discounters). Those wordings correlate to whatever percentages or weights have been mandated.

Large retailers therefore test products for safety, legality, labelling before first sale, and they'll periodically randomly check. When this comes up, Americans often claim this isn't possible, there's simply too much stuff. Walmart (Asda) do it here, and if you look at supplier guidlines for any large UK retailers they'll all have details of the testing process you as a supplier are expected to meet.

We then have Trading Standards who randomly check products on sale for safety, especially food, and including restaurants. Breach those rules and you can go to prison, or have the business closed. They can, and do, test for the foods being what are claimed, the presence of allergens, labelling and even whether it's organic or not.

All is not perfect here, of course. The Conservatives reduced the number of Trading Standards such that the public are at higher risk (not enough to go around), and some labelling has minor loopholes such as get outs for country of origin, and the assorted terms "farm fresh", "free range" and the like. They sometimes don't legally mean what common sense and the public think they do.

So if I buy a bottle of Truffle Oil here and it has none, I can sue Tesco (not for very much I expect). Realistically I'd take it back for a refund, or more sensibly send it to Trading Standard who can send a letter with legislative force.

shanev 1 ago 0 replies      
Not surprised. There are many products like this. Most commercial maple syrup for example contain no actual maple syrup, just flavored corn syrup.
dredmorbius 1 ago 0 replies      
For related topics, see: fraud, signalling, Veblen goods, status, status signalling, and aspirational goods.

Something rare and expensive is used to give the appearance of quality, undercut by not only the lack of the underlying element within the good (a chemical imposter is substituted), but with either an implication or outright false representation that the aspirationally desired quality is in fact present.

There's a tremendous amount of criticism of the concept of market function in this story.

trufflexpert 3 ago 1 reply      
Ok. They can grow truffles on a farm. In fact it was really big before the world war. However it killed the price and after the war everyone had a gentleman a agreement not to do it again.
randrews 2 ago 1 reply      
Also, duck sauce contains no duck.
MaxGabriel 4 ago 2 replies      
The author's claim that truffle oil is just olive oil and and added scent doesn't match up with my experiences. Truffle oil tastes totally different from olive oil, and I don't like the flavor.

The oil being artificially flavored is much less of a con than not being any different from olive oil.

Show HN: EmbedBox, an Open-Source UI to Get Your Embed Code Installed embedbox.io
37 points by zackbloom  3 ago   6 comments top 3
simple10 1 ago 1 reply      
Looks like it's easy to extend with new sites. Well organized code.


neurotixz 58 ago 1 reply      
Wow, this is extremely useful and really addresses a major pain point.

I love it!

ecaroth 2 ago 1 reply      
Very cool idea, and something that would have been useful on many projects in the past. A little light on # of listed sights, but certainly something I could see myself using for future projects.
Microsoft .NET Core and ASP.NET Core Bug Bounty microsoft.com
60 points by gokhan  3 ago   22 comments top 3
ohitsdom 1 ago 0 replies      
Are bug bounty programs common in open source? All the big ones off the top of my head are for production systems. Granted the bug may be in an open source piece of a deployed system.

Seems a very bold move to offer this for source code that's freely available. I like it.

minionslave 2 ago 6 replies      
If I'm learning ASP.NET for the first time. Should I start with Classic ASP.NET or should I learn CORE?
heinrich5991 2 ago 2 replies      
The domain dot.net must've been expensive...
Moving Towards a More Secure Web chromium.org
80 points by kungfudoi  3 ago   47 comments top 14
cpeterso 2 ago 1 reply      
Firefox 46+ adds a red "no lock" icon for http:// pages with a password field. Chrome's explicitly saying "Not secure" is a big step beyond. I hope it sticks!


azureel 3 ago 5 replies      
Every HTTP site is insecure, that's OK and we all agree on that.

But using HTTPS doesn't make a website magically secure, that is not enough. Thus there might be a false sense of security via this option.

> My mom opens browser

> Goes to http://www.example.com

> Sees "insecure" flag, ok moves on.

> Than goes to https://shady.example.com

> Oh nice padlock icon you got there

> It's secure, I can give my credit card info.

Maybe I'm exaggerating. Anyway, it's a good start. HTTPS everywhere, let's encrypt!

rocky1138 41 ago 0 replies      
"more than half of Chrome desktop page loads now served over HTTPS"

This makes me happy to read.

bugmen0t 1 ago 0 replies      
Btw, this web page has a nice overview of what security indicators look like on different web browsers: http://lock-museum.herokuapp.com/
mkagenius 1 ago 1 reply      
Nice. Mobile apps world should also move quickly. I had written about it earlier here: https://medium.com/@mkagenius/where-is-my-https-for-mobile-a...
gooseserbus 1 ago 0 replies      
The irony of posting this link as http when https is available
bobajeff 1 ago 2 replies      
Doesn't moving everything to https make the Web even more centralized? In order to use it looks like site's have to submit to a certificate authority now.
diegorbaquero 3 ago 2 replies      
There's no excuse now that we have LetsEncrypt.

Thank you!

StavrosK 2 ago 0 replies      
This is a great move towards more security. I can't believe I remember a time when Facebook's login form was over plain HTTP.
amelius 2 ago 4 replies      
Shouldn't encryption be part of TCP/IP, rather than have every application including web browsers reinvent the wheel?
Cortez 2 ago 2 replies      
But saying something is insecure doesn't make it secure.
toomim 3 ago 1 reply      
A page can be http, but what matters is if the fork submits to a https url. Does chrome care about how the page was loaded, or what the form submits as?
webwanderings 2 ago 1 reply      
This latest upgrade of Chrome uses a lot more memory on my Win7. I run 5 tabs and I see 10 chrome.exe running processes. WTF and why?

EDIT: I take the above comment back. The chrome.exe processes match with the process running in the Chrome's Task Manager. I stand corrected.

However, I think there's something new about the latest upgrade. The interface looks heavy and different. This is the same upgrade which has removed the green colored SSL identifier in the URL bar.

frik 1 ago 3 replies      
HTTP is fine for most websites. HTTPS makes sense for certain parts of websites like e-commerce. Even Amazon website (beside .com) is HTTP with only the login page and checkout page on a HTTPS sub-domain. It's fine since 1995, and no one complains or has problems with that.

Labeling HTTP as insecure is just plain wrong. I would beg to differ, sometimes HTPS is more insecure than HTTP: think of Hearthbleed bug that made servers with HTTPS vulnerable or certs that shouldn't be trusted, or the day when all LetsCrypt users were vulnerable, etc. Also you will loose a lot of ad-money. Of course Google with their search monopoly wants HTTPS because they profit from it. It's sad that Mozilla is influenced by some lobbyist. Well hopefully the popular forks on Linux distros remove that stupid warning label.

Show HN: Omnihash, a multi-hashing utility github.com
9 points by Mizza  1 ago   2 comments top
niftich 25 ago 1 reply      
Similar to 'rhash' [1], but in python. I like it!

Some feedback:

- What is the algorithm called 'SHA'? Is it the algorithm now commonly called 'SHA-0' [2], specified in NIST's FIPS PUB 180 (without revisions), published in 1993, and later withdrawn in FIPS PUB 180-1 in 1996 where SHA-1 was offered in its stead?

- I like your thorough coverage of all the myriad varieties of CRCs. In many casual usages, the differences between CRCs are glossed over, and I like that you chose the rigorous approach.

- I'm happy that you included SHA-3 and BLAKE2.

- Consider including support for all of the FIPS 180-4 algorithms. The ones missing from this implementation are 'SHA-512/224' and 'SHA-512/256'.

[1] http://rhash.anz.ru/ [2] https://tools.ietf.org/html/rfc6194

Open-Sourcing Yahoo's Pulsar, Pub-Sub Messaging at Scale yahooeng.tumblr.com
50 points by yarapavan  4 ago   10 comments top 4
yarapavan 4 ago 0 replies      
Github page: https://github.com/yahoo/pulsar

Pulsar backs major Yahoo applications like Mail, Finance, Sports, Gemini Ads, and Sherpa, Yahoos distributed key-value service.

On the scale front:

- Deployed globally, in 10+ data-centers, with full mesh replication capability

- Greater than 100 billion messages/day published

- More than 1.4 million topics

- Average publish latency across the service of less than 5 ms

perryh2 3 ago 2 replies      
I worked at Yahoo but have never heard of "Pulsar" before. Was this known as "CMS" internally?
jaytaylor 2 ago 1 reply      
I wonder how this compares to Kafka and what tradeoffs were made.
NikolaeVarius 2 ago 2 replies      
Before Obligatory "What is so different about this from Kafka?"

Edit- Got wrong product.

from the looks of it, it just seems to be a slightly different take on Kafka. From what I gather, looks like Pulsar allows for scaling of producers/brokers independently?

Its Tough Being Over 40 in Silicon Valley bloomberg.com
129 points by mudil  2 ago   153 comments top 29
albertop 29 ago 5 replies      
I find it fascinating that when there is a discussion about age discrimination, most commenters have "advice" for the old farts how to stay current, learn current hip tech, be willing to work longer hours etc. However, we we talk about women in computing, it is always sexism and the discussion is about how the corporations need to change to attract more women. Pretty asymmetrical, don't you think?
JeremyMorgan 1 ago 7 replies      
I don't know about the Silicon Valley, but I'm in the Silicon Forest (Hillsboro/Portland Oregon) and this market seems to be very merit driven. You can be 80 years old and get a job if you can do work. Maybe you can't get a job at fart.IO building an API for some craft beer BS but at many mid to large companies 40 is still an average.

The last 4-5 companies I've been at value bullet points over anything else (for what that's worth). If you're 40+ and coming in showing off your PHP skills, JQuery or WinForms experience you'll get dumped, but the same goes for the 23 year old with that skill set.

My advice is always the same for developers my age: Keep with the times! If you aren't passionate enough about this work to continue learning and advancing on your own time get out. Go do something slower paced. Don't expect the industry to change.

rb808 23 ago 1 reply      
I come from a family with a few generations of engineers of all types.

Mechanical/chemical/electrical engineers have a similar problem that 30 years experience isn't much more useful than 10, wages tend to top out early and you're vulnerable to being laid off and never hired again in your 40s/50s. One advantage over software is that the skills change perhaps less frequently but that is offset by lower overall demand.

While you're in your 20's think about what you're going to do at the end of your 20 year window. Are you moving up to management? Have extensive business knowledge to add to tech skills? Have a second career planned? Or saved enough money to retire or semi-retire? Of course you can actively stay up to date with latest technology but that is much tougher than it sounds. You need to have thought a lot about this before you hit 40.

For all the young guys out there. Don't think it wont happen to you. If you just follow day by day one day you'll wake up with a big mortgage, a couple of expensive kids, maybe a divorce and a bunch of recruiters that never return your phone calls. You need to avoid that place.

anexprogrammer 1 ago 1 reply      
Its Tough Being Over 40 in tech, anywhere.

I understand only some of why ageism is more rife in tech than other fields. But even in young app companies, with young founders, some experience of software engineering or complementary fields gained through experience can be useful.

Personally I prefer a relatively young environment - I don't like large company formality and I enjoy the atmosphere of startups and app companies. But I have increasingly few contacts in the right places for an in...

It's not like we're all "old" like our parents, grandparents were from 45 onwards, or that we're all increasingly irrelevant mainframe COBOL programmers. We aren't all set in our ways like was more common in previous generations - but we're not in a job for life so that's expected, surely. We're not expecting to be dead at 70 either. I hope I haven't "grown up" even then!

oxryly1 52 ago 5 replies      
Is this perhaps because older workers gravitate towards sane hours? Maybe because they develop interests, lives, families, etc outside of work that they commit to (moreso than most 20-somethings)?

As a side note: I'm over 40 now, but I do recall being 27 and interviewing someone in their early 40s who was qualified and enthusiastic. I passed on them in part because I felt guilty hiring them; to work on my team the person would have to move their family to a new city, and I didn't want the karma of bringing that many people into a world where the team/project I was on was staffed and led by 20-somethings -- and therefore chaotic and unlikely to survive long in any particular form.

DonCarlitos 47 ago 3 replies      
Try being over 60 & gettind cred. "How could you possibly understand bleeding edge tech and emerging trends?" Well...I've lived there for four decades, you?
oldmanjay 1 ago 5 replies      
I'm over 40 and I've been continuing to get more work than I can handle by staying up to date on my tech skills. Maybe that professional headshot I never got would help, though.
kragen 41 ago 0 replies      
"Michael Peredo, a 55-year-old auto engineer dismissed from Mercedes-Benz in February 2015, says he had trouble giving up his bow ties for T-shirts, as some he met at ProMatch suggested. I feel like myself wearing them, he says."

Yeah, you're going to have a really hard time getting a programming job in Silicon Valley if you show up in looking like a security guard in a tie, let alone looking like a waiter in a bowtie. It's the same story as showing up for an interview for an enterprise sales job in ripped jeans and a T-shirtit undermines your credibility. It shouldn'tour meritocratic hacker values place no value on surface appearances, and we fail them when we are influenced by what people are wearing or their gender or skin color or agebut it absolutely does. Raymond Chen can get away with wearing a suit and tie all the time, but you probably can't.

The good news is that Peredo got a job immediately when he stopped wearing the bowtie to interviews. It's not gonna be as easy if you're black.

vvanders 1 ago 2 replies      
The best explanation I've seen for this is when you're a young engineer with little experience showing knowledge of a framework or technique is a huge plus. For someone with a ton of experience not knowing something is shown as a minus.

For interview processes trying to avoid false positives a negative mark will hurt you much more in the final sum.

So the bar is set differently for two candidates applying to the same position. I'm sure it doesn't account for every aspect but certainly seemed to explain some of it.

gtrubetskoy 44 ago 0 replies      
My observation (as someone over 40) is that some of us who started early on in the trade decided to throw in the towel and declared themselves "management", and (most importantly) stopped being hands-on. And it's these people who are most at risk of ending up behind. Those of us who kept on programming, networking, never quit learning and stayed current with all the latest stuff are actually extremely sought after and valuable - experience is hugely important, critical, even, especially where scale and reliability matter.
DiffEq 46 ago 0 replies      
I think it may be tough if you have not continued to improve yourself. There are some maxims to always follow to prevent yourself from "expiring": Keep learning.1. Always learn some new hard thing; a language, more math, or go deeper into your subject (programming languages, etc.)2. Stay in top physical shape and learn some new physical skill.

Learning should be multifaceted and a lifestyle; intellectual and physical. If you think you can just coast after college then you will be passed up.

sjclemmy 54 ago 0 replies      
It might be like that in SV. It doesn't feel that way where I live.I'm 44 and do Front end dev, which I taught myself after being a project manager / Business analyst for a good 10 years. I do live in what might be considered a backwater in England, but I get enquirers almost daily about my availability.

Also - I read about Shel Kaphan the other day - employee #1 at Amazon - he must have been in his 40s when he started there if he was studying in 1975. Obviously his age didn't deter Jeff Bezos.

I've worked in places where older employees become irrelevant to the business because they get stuck in their ways and don't want to / can't change.If you're not prepared to re-skill, or you think your job is safe - you're in for a rough time if someone else controls your destiny. That's not to say people don't get badly treated by organisations - they do, and that's wrong. But still, working life is a struggle and a balancing act.

kchoudhu 1 ago 0 replies      
Take the cash and run. Do you really want to be herding man-children when you are 40?
erjjones 8 ago 0 replies      
Come to the Midwest ... I really enjoy the perspective of the older developers.

Perspective is what the Valley needs if ageism is an issue, because we aren't getting younger.

gentleteblor 26 ago 0 replies      
I think it's extremely important for folks over 40 to track their accomplishments.

Their resumes are longer, their skills can be older, some of the companies they've worked for might not even exist anymore. It's even more important to be able to search/narrow down/focus your decades of experience/accomplishments to those that matter in this new ageist landscape.

And the truth is, you've probably done whatever SV recruiters/managers say you require. You've been the self-starting, chaos riding, new tech stack conquering machine. You've lived at the cutting edge. It's just not on your resume, and you don't bring it up in interviews because you haven't been that person in a while and all your (maybe) recent job search experience is in displaying the breadth and length of your career.

It's tough.

BlackjackCF 50 ago 0 replies      
I think age bias is a thing, but the best software engineers (and the most productive) I've worked with are over 40. They're sharp, kept up with current technology, and they actually can build things in a way that's adaptable.
6dqh5yapl3 1 ago 1 reply      
I'm 24. Guess I should buy a shitty condo in Hayward with a 15 year mortgage so I'm paid off when the age discrimination kicks in. 40+ year old engineers with prop 13 equity or rent control - I'm jealous.
ThomPete 46 ago 0 replies      
Here is the thing though. A person who is 40 knows and understands a lot of the problems of their industry and they are often much more experienced at making sure they don't waste their time.

This is why I would propose that the strongest cocktail is pairing young people with older people.


rdiddly 2 ago 0 replies      
"Young people are just smarter."

Ha! I love it! What ZUCKERGUY means is that young people are smart in a way that he, another young person, can recognize and understand.

Whereas older people are smart in ways that young people don't yet recognize or understand. It's just one great big Dunning-Krueger Effect. Young people don't know how much they don't know.

Fortunately for them, old people are a totally different species from young people. It's not like young people turn into old people or anything. Can you imagine the horrors? Like what if life were one big continuum where you start out young and slowly turn old? Scary stuff!

shams93 45 ago 1 reply      
Engineering is a dead end job, especially outside of silicon valley. There is 0 respect for experience in the industry, we have more respect for someone who has coded for 2 weeks than someone who continually improves over 25 years. Unless you become a celebrity coder you find that your best choice going forward is suicide. The industry won't let you have a social life or a family once you hit 45 no one cares about you and suicide becomes your most positive life option, or you can keep working 18-20 hours a day 7 days a week until you get sick and die if you're lucky.
coleifer 26 ago 0 replies      
My parents and my friends' parents are all nearing retirement age, and I've been surprised by the profound differences in their responses to the realization that they are becoming old.

It seems clear to me that age is just a state of mind. Some people act old and are cautious fucks that recoil from change. Others try very hard to appear as if they "get it", though they obviously don't, and the fact that they're trying so hard ends up looking pathetic to me.

Then there are the ones who don't give a fuck, and they are the best. I think they're the ones who are truly the wisest, and their vitality is infectious, they don't "seem" old.

My point is this: if you're 40 years old and are all butthurt that no Silicon Valley company wants to hire you, your butthurt only proves that the company was right not to hire you in the first place.

erobbins 39 ago 0 replies      
I'm over 40 and haven't experienced any problems. I don't know if I'm lucky, good, both, or just average and only the outliers are the ones having difficulty.
jwr 1 ago 5 replies      
This is idiotic. People over 40 trade one set of skills for another (source: I'm over 40). You lose short-term memory, can't juggle too many things simultaneously, and aren't always up to date on every latest fad. But what you gain is fantastically valuable: intuition, abstract thinking, systems thinking, ability to detect patterns in large systems, ability to notice that certain problems have been solved in a different field, and lots more.

As I grow older, I notice these changes, and while I do regret not being able to remember IP addresses after switching to a different window (get a larger monitor, or just copy&paste), I am very happy with the overall shift.

new_hackers 55 ago 4 replies      
Skills pay the bills.

Many of the over-40 crowd I've worked with just plain don't want to learn anything new. They have settled, and are passive in their learning. This is the #1 reason they won't be relevant.

karjaluoto 17 ago 0 replies      
I have a tough time with these stories. Although I dont dispute that this bias exists, I feel like the subject matter is also damaging.

First of all, these articles are sensational and divisive. Folks over (or nearing) middle age are sensitive. They worry about being outmoded and removed/downsized. My hunch is that they read these articles out of fear. For younger folks, I suspect its reassuring to know that you have something to offer that older folks might not. So, for the publisher, these produce clicks/views.

However, when you get past the personal examples of exclusion, and some of the reductive arguments (e.g. Younger people are just smarter.) little of this is as simple as it first seems.

Fact is, for a long time, older workers were less technically competent than their younger counterparts. That said, for a generation that grew up with technology, this isnt so much the case any longer. This became painfully obvious to me, while sitting with an Apple Genius one day. He was very hip; however, I needed to explain to him how to use the Find function in his browser. (Seriously.)

Young and older people both have something to contribute. Young ones often bring new ideas and perspectives because theyve grown up differently. They lend enthusiasm and energy that older staff sometimes dont. Frankly, older ones often dont want to work marathon hours (this isnt always the case, but tends to be). That said, older workers typically bring more knowledge and experience to the table.

I suspect that part of the bias in favor of younger workers comes from younger business owners (common in startups). I ran into this when we started our design studio. I was 26. At the time, it was scary to hire a 50-year-old to come in, because I didnt feel comfortable directing someone that much older than me (I probably wouldnt have admitted this at the time).

Additionally, those people typically wanted to earn moreand we didnt think we could afford them. So, we hired younger folks who worked at a lower hourly rate, but often needed an inordinate amount of training and support.

Were I to start that company all over again, Id do the opposite. Id hire more skilled people and pay more than market rate. Id then gauge their performance, and retain/dismiss solely based on that. In my experience, a skilled person at a higher rate of pay was always more valuable/profitable for our company than a less-skilled worker at a lower rate of pay.

My point is that the companies which use age as a barometer of value are approaching HR in a flawed way. The contribution of a staff member is more important than the date on his/her birth certificate. Meanwhile, the garment choices and pop-culture references one uses shouldnt have any bearing on the value of the individual (unless were talking about a company who traffics in such matter).

That said, I think the real problem is the employee mindset. So long as your livelihood depends on one single organization, you put yourself at risk.

This is doubly-so for those who remain loyal to a company for a decade or more. HR departments are notoriously short-sighted when it comes to assessing skills. They like seeing candidates who fulfill the specific requirements of a job. Meanwhile, they often dont understand which skills are transferrable (because they typically dont actually understand the work/technology).

So, if youve worked in print publishing for the past 20 years, an HR person might not hire you to work in a digital content shop. However, web technologies arent that hard to master. Knowing a good story, understanding what attracts an audience, and having strong people skills are all much more valuable (and difficult to learn skills). But, still, those hiring often wont see thiswhich puts such a person at a disadvantage.

There are many reasons why running your own startup, studio, consultancy are difficult. That said, all of these pursuits force you to be nimble. Most of them also allow you to distribute your income sources among multiple groupswhich builds resilience.

And, after youve done any of these things, you tend to be more employablebecause you have a stronger sense of what companies need. (Additionally, those whove done it on their own often exhibit characteristics that are attractive to managementespecially those whose current staff is comprised primarily of box fillers.)

My point here (and I know Ive carried on) is that the age discussion is a red herring. The real matter is how one remains relevant/valuableregardless of age. Continual learning is a part of that. Another is ones ability to adapt to less familiar roles (e.g., planning, sales, management, guidance). More importantly, though, no one should treat their employer as the gatekeeper to their future.

Were all free agents. Some of us are mostly independent. Others play for teams. Those who play for teams should always knowand buildtheir value, so they dont end up marooned.

tn13 1 ago 4 replies      
Well it might change a lot as suddenly number of coders in their 40s goes up.
beatpanda 1 ago 3 replies      
We should all be embarrassed by the working conditions and biases in our industry. It doesn't have to be this way, but we all keep playing along.
tapmap 51 ago 1 reply      
This is such bullshit. There are no limits on entrepreneurship and the age at which you can start a business, which is what drives real growth and value in Silicon Valley. Sure, if you want to be a wage slave to some other company, and help someone else achieve their dreams, go ahead and work for another company, and get discriminated against because of your grey hair.
6stringmerc 1 ago 3 replies      
"I had it good and now I don't have it good and I don't know what to do about it" is a fairly formulaic structure for a human interest story, and while I really loathe human suffering, it's also hard for me to sympathise with the subjects in stories such as this one.

>If youve worked at a large company for 10 years and get laid off, chances are your skills are six generations behind, says Jonathan Nelson, chief executive officer of the Valley social network Hackers/Founders, which organizes meetups for startup developers.

10 years? To quote the character Samir from the film Office Space "It would be nice to have that kind of job security." I've grown up in a US workforce where staying in the same job for more than 2 years is essentially taking a pay-cut because raises / bonuses don't keep up with real-world inflation (milk & brisket, for instance). To further belabor my point, I joined the work force during a Recession, and statistics indicate my lifetime take-home (salary, benefits, etc) will be significantly lower than...well, what these folks enjoyed during their prime earning years. I won't even have a decent interest rate environment for my savings to grow without joining in the equities casino.

For the life of me I have a lot of trouble feeling sorry for their plight, and wish them all the best of luck packing up their possessions, their savings, and moving to a place they can afford, like Mississippi or Indiana. As Sick Boy might say, "You had it, you lost it, and it's gone forever." Such is one theory of life.

A collection of links that cover what happened during ElixirConf 2016 github.com
102 points by brightball  4 ago   13 comments top 5
zqfm 2 ago 4 replies      
The wording made me think that there had been some kind of tragedy. Glad to see that it went well!
brightball 3 ago 0 replies      
Not my repo, but the author says to feel free to submit PR's for any new additions as they come up / get published.

The conference was excellent. Thanks to all involved. Haven't experienced that much energy around any segment of the programming community in a very long time.

JohnKacz 3 ago 1 reply      
Brilliant! I was just following Jim Freeze on twitter to see if/when the videos of the talks are uploaded.

I also found this little review from a first-timer nice.[0]

[0] http://supernullset.com/posts/2016-09-03-elixirconf-wrap.htm...

davidw 2 ago 1 reply      
A nice report with some highlights would be much appreciated. Slides, taken out of context, may not mean much.

Even videos are s-l-o-w compared to reading.

jeanlucas 2 ago 0 replies      
Like always, very good content :-)
Tasmanian tiger: The enduring belief in an extinct animal bbc.co.uk
51 points by jackgavigan  8 ago   25 comments top 8
Joeboy 4 ago 1 reply      
Benjamin, the last thylacine in captivity, died of exposure because his keepers omitted to unlock his sleeping quarters overnight. Even for an extinction event, that is pretty sad.
exodust 4 ago 0 replies      
This rehashed clickbait appears occasionally in slightly different form. Blurry photos followed by half-baked claims resurface as lazy copy and paste "news".

It's no surprise that BBC and ABC have jumped on this rubbish and push it with the obligatory wink-wink "isn't this fun" journalism plaguing these media outlets.

There is no widespread belief in the existence of this animal. Human activity has sent many a creature packing its bags from this world. The thylacine is just one on a long list.

mfairbank 2 ago 1 reply      
There's an indie film I quite enjoyed called The Hunter, starring Willem Dafoe, that fictionalizes the demise of the last remaining tiger. I recommend it highly for the outdoor landscapes and non-traditional plot alone.
knz 1 ago 1 reply      
The Tasmanian tiger always reminds me a little of the efforts to introduce Moose into New Zealand (https://en.wikipedia.org/wiki/Moose#New_Zealand).

"In 1900, an attempt to introduce moose into the Hokitika area failed; then in 1910 ten moose (four bulls and six cows) were introduced into Fiordland. This area is considered a less than suitable habitat, and subsequent low numbers of sightings and kills have led to some presumption of this population's failure. The last proven sighting of a moose in New Zealand was in 1952."

Fiordland is a wild and remote part of the country...

ajeet_dhaliwal 6 ago 1 reply      
It's sad this animal is extinct, it's such a great example of convergent evolution and comparisons with the wolf (mammal) originally got me interested in thylacine when I was a child.
bruxa 3 ago 3 replies      
I mean, sure... there might be a couple of these left in the world because ( I believe ) that no one can be absolutely certain there aren't... but that picture/video is an insult to human intelligence.

Come on... we're past those crappy photos of the Loch Ness monster, Big Foot, etc. Like Dr. Karl Kruszelnicki commented - "It's remarkable that it is out of focus in a time that we have autofocus cameras."

davegardner 4 ago 1 reply      
AFter spending some time in Tasmania I can see how it would be easy to imagine there could still be Thylacines living in the bush. The island contains some very large national parks and reserves, and the Thylacine was fairly well camouflaged for that environment.
trhway 3 ago 0 replies      
>The species was deliberately hunted to extinction by farmers incensed at the number of sheep killed by the carnivores.

like in other similar situations, for example with wolves in Montana, i wonder why just not use the shepherd dogs, i mean this is how it worked for thousands years before.

Nintendo Soars as Super Mario Mobile Game Comes to the iPhone bloomberg.com
166 points by adventured  11 ago   127 comments top 20
Kronopath 4 ago 7 replies      
There's a common fallacy that happens frequently when Silicon Valley technologists start talking about Nintendo, and that is the idea that "their hardware can never compete with the ubiquity of mobile platforms, they should just become a software company and port their games to iOS and Android!"

The success of Pokmon Go, and this new Mario game as well, is showing that Nintendo is taking a different strategy: they're creating custom-made mobile games for the purposes of driving attention and vigor to the main games on their hardware platforms. You can see this with Pokmon: the success of Pokmon Go has been driving sales of the 3DS and the currently-released Pokmon games, and will surely help bolster the hype for the next-generation games that are due out later this year. As far as strategy goes, these mobile games are more similar to the TV shows and movies Nintendo makes than the DS games they came from.

I think this is a good strategy for them. An iPhone or Android will never be as tailor-made for gaming as the Gameboy or DS were, so it's good to see Nintendo sticking to their principles.

Fraterkes 10 ago 3 replies      
I've seen a lot of people saying that Nintendo were kinda dumb for taking so long to capitalize on the incredible brand recognition of mario and pokemon, and looking at the money pokemon go is making, I don't disagree. But I think that the reason a lot of non-nerds cared so much about pokemon go is that pokemon still meant the same thing to them as it did 10 years ago. So the reason that those brands are still such a big deal to people may be because Nintendo has used them relatively conservatively.
dcw303 11 ago 2 replies      
It's important to highlight that Nintendo have stayed true to one of their core principles: that the game should reflect the characteristics of the hardware it is played on. They've done this to great success before - think of Super Mario 64 pioneering 3d control with the analog stick, or the wiimote gestures used in Wii Sports.

They've correctly identified that mobile gaming is done with one hand, and even if this is not the first runner game on an iPhone, it's the right choice for a Mario game.

It would have been easy for them to whack up a virtual d-pad in a traditional 2d platform scroller, but I'm glad they've attempted something new.

Mahn 8 ago 10 replies      
Call me cynical, but I still don't believe that you can clone a endless runner game, slap Mario on it, and expect it to be successful on mobile. I get that it's a big deal that Nintendo and Super Mario are coming to mobile, but as soon as the novelty of the news is off I think they'll face a pretty major reality check.
IBM 11 ago 0 replies      
Good interview with Shigeru Miyamoto about this.


archagon 9 ago 1 reply      
Nintendo has a proven track record of making amazing one-button games, so I really can't bemoan the lack of buttons too much. WarioWare (especially Twisted) and Rhythm Tengoku/Heaven are among my favorite series and would be a perfect fit for mobile!
nstj 7 ago 3 replies      
No disrespect to Nintendo, as I think the game looks pretty cool, but it's awesome how the average human's investment memory is now down to 45 days (remember when Nintendo stock ripped after Pokemon Go?)[0]

> Shares in Nintendo Co tumbled as much as 18 percent on Monday after the company said Pokemon GO would have a limited impact on its earnings - their biggest setback so far after a huge run-up on the smash-hit game.

[0]: http://www.reuters.com/article/us-nintendo-pokemon-stocks-id...

codyb 4 ago 0 replies      
I for one am rooting for releases of their old games on iOS. I've been playing tons of the Final Fantasy games (Tactics, V, now VII, and earlier I as well) and I really don't mind paying 10 or 15 bucks for tens of hours of game play even if I already owned them on the PS1 at one point. If they could release some of the Nintendo and Super Nintendo games, I'd probably pick some up. Especially for a nice price point like seven or eight dollars.
ChuckMcM 1 ago 0 replies      
I really hope it has virtual bricks that hang in the air over certain spots and you have to jump up to "hit" them and pop out a coin. The thought of seeing a crowded square of people essentially doing jumping jacks is really amusing.
wnevets 1 ago 0 replies      
Nintendo didn't create pokemon go. Pokemon go is really just a skin on top of Niantic's previous game.
CM30 4 ago 0 replies      
As someone said to me recently, if you said this was a thing ten years ago, people would have thought you were insane. Nintendo releasing a Mario platformer for smartphones? What is this sorcery?

They even mentioned not putting Mario on smartphones in 2014:


But hey, here we have a Mario platformer on smartphones which basically acts exactly as people would expect it to. How times change!

dpcan 5 ago 1 reply      
Pokemon Go was a start. Mario runner - everyone expected it, of course.

BUT, I personally believe, should they decide to make it, a Nintendo Universe game will be the biggest thing to ever hit mobile. If I can create my own massive Nintendo land, with Mario and Luigi's house, tubes, Koopa Castles, goombas running around, and then there are mini games to earn "coins", etc.... I think I'd finally play a game on my phone again, the nostalgia-pull would just be too intense to resist.

splatcollision 9 ago 0 replies      
This looks cute, but now this means that we can look forward to waiting until they announce Mario Kart for iOS. Would pay like 20 USD for a good implementation of it - especially with online racing!
hendry 9 ago 1 reply      
Funnily was playing a "running game" https://itunes.apple.com/us/app/fun-run-2-multiplayer-runnin... with my colleagues for the first time a couple of days ago. The Genre is fun and works on mobile.

And now it's announced Super Mario Run will be a Nintendo game on IOS.

jordache 2 ago 0 replies      
damn how weak must nintendo be to have its market value change so much on a single game that has yet to be released.
hudell 6 ago 1 reply      
I'm not a fan of endless runners (or any smartphone game for that matter) but one of the few games I enjoyed on mobile was Rayman's endless runner games, so I may give this one a chance.
partycoder 2 ago 0 replies      
Nintendo's biggest asset is their intellectual property portfolio with very strong franchises (Mario, Zelda, Donkey Kong, Star Fox, etc). In theory, any of their games could run on a PC, or a rival console. But they leverage their IP to sell their subpar hardware. This business model worked great for decades, but as new strong players like Sony and Microsoft joined, now their influence and revenue is not enough to keep them afloat.

Nintendo needs a share of the mobile gaming market, beyond handheld consoles. This is why they invested in DeNA (and DeNA invested in Nintendo).

pearjuice 7 ago 1 reply      
Call me skeptical, but it's sad to see how hard the stock market responds to online buzz of a product not yet in stores and not yet available without even knowing whether Nintendo will receive any long-term value from it. The current price is being driven purely on speculation, bang for buck bubble expansion. As soon as any "real world" effect is revealed regarding the value of Nintendo, market price will adjust accordingly.

People aren't interested in investing in Nintendo, they just want short term profit.

tracymorgan8520 11 ago 4 replies      
Pokemon Go is perfect for mobile gaming but 3D games are impossible to be playable in the long run on mobile platforms. But, Nintendo is still new in this area. They made a revolution with Pokemon go and I expect them to push forward.
ungzd 6 ago 1 reply      
Who needs this except of those who has nostalgia? It's the same as releasing pong or space invaders for iOS. Fun to play for 5 minutes and delete from phone. Nintendo stuck in 80s in technologies and it's only trademark-holder now. It's already myspace of gamedev.
Home Is Where the Parking Lot Is [video] nytimes.com
65 points by wdr1  9 ago   23 comments top 7
et-al 1 ago 0 replies      
Thanks for sharing this video. I was worried it'd be about another employee who's taking advantage of their company perks (lifehacking..), instead it's an insightful video of people who are living in unconventional arrangements probably due to things outside their control.

While everyone interviewed seems to speak of freedom, I feel like their body language and state of their living quarters say otherwise. You have one person who breaks down when he mentions he's been there for 11 years. Why? The workers seem like they're making the best of their situation, dealing with it, but not necessarily reveling in it the way #vanlife Instagrammers would have us believe.

digi_owl 4 ago 2 replies      
I find myself reminded of a theater comedy where a guy is dating multiple flight attendants. The comedy comes from none of the ladies knowing about each other, and his carefully laid out schedule being disrupted by canceled flights.
atourgates 1 ago 0 replies      
I wonder about the practicality of essentially "boondocking", on a permanent basis. You'd need to run a generator for electricity (solar power would work, but I didn't see any panels), and you'd need to go somewhere occasionally to fill up your water tanks, and dump your sewage.

But I suppose, if you're only home a couple nights a week, you're not using tons of electricity, water or sewage capacity in any case.

I wonder how laundry works? Maybe they take care of that at hotels when they're overnighting on the road?

EDIT: From reading responses here[1], it looks like the average is about 4-weeks for a single person, obviously reduced by half for every person you add.

If you're just a single person, only there 20% of the time, it seems like you might really only be dumping and filling your tanks every 4-5 months.

[1] http://www.irv2.com/forums/f93/how-long-can-a-class-a-boondo...

Lio 4 ago 1 reply      
Makes me think of Hero Protagonist from Snow Crash living in a storage lockup on the edge of LAX.
mstrem 1 ago 0 replies      
With my dad being an airline pilot and having grown up in the "pilot community" I must say that this style of living is probably by far the exception rather than the norm.

My family, and all my parent's friends (most of which were pilots or air attendants), all had what you could call normal a house with normal lives etc. etc.

By most means life was pretty much the same as anyone else.

galfarragem 4 ago 3 replies      
Being able to walk to your job will provide you more happiness than a lawn and a very long commute.

Time and peace of mind are often underrated.

nxzero 5 ago 1 reply      
It's not uncommon for airline employees to have non-standard living arrangements, though seems more common to use apartments with 4+ people to a room with beds filled based on first come, first serve; basically time-share like low cost version of AirBnb.

Using trailers and employee parking lots sounds expensive for the employees and airlines too. Beyond that, guessing it's noisy and that theirs not much of use close to the parking lot.

Why is printing B dramatically slower than printing #? (2014) stackoverflow.com
288 points by retox  7 ago   49 comments top 14
retro64 3 ago 0 replies      
This reminds me of a bug I had back in 98 or so. I was using a Parallax BASIC stamp and could not understand why when I put it to sleep it would sometimes using only 30 uA, and other times 300uA. I kept narrowing down my code until it was utter nonsense, and finally I made it to where if I removed or added a byte of code it would toggle between the two.

I got on the phone with the engineer responsible for the firmware and sent him my code, but I never did find out what the problem was (sorry for the letdown, maybe someone at Parallax remembers and reads Hacker News?). They acknowledged it as a bug, and made a fix. Unfortunately the fix made was to always draw 300uA at sleep!

Fast forward 18 years (!) and from their website it looks like their latest modal draws 50uA, so it was a happy ending after all. The end.

nsxwolf 5 ago 0 replies      
Best comment:

"The real answer is clearly because hashes are faster than b trees."

anjc 6 ago 4 replies      
I love it when somebody immediately knows the answer to something seemingly obscure.
atdt 4 ago 0 replies      
Heh, reminds me of a bug I ran into a couple of weeks ago. Users on Wikipedia were complaining that typing into the editor <textarea> on certain pages was sluggish. I eventually narrowed it down to the presence or absence of an invisible left-to-right or right-to-left mark control characters elsewhere in the page. See https://bugzilla.mozilla.org/show_bug.cgi?id=1296050 for the gory details.
stygiansonic 4 ago 1 reply      
So, in effect, with word-wrapping on in the terminal, this scenario effectively produces a "Shlemiel the painter's algorithm" [0] in that for every character output on the same line (when it exceeds the line length), you have go backtracking in vain to find a place to break - where this is none - so outputting N characters on a line is basically an O(N^2) operation.

0. http://www.joelonsoftware.com/articles/fog0000000319.html

rwmj 6 ago 0 replies      
My guess was going to be Unicode, the reason why 'sort' on Linux can be so slow if you're in certain locales.


nkrisc 6 ago 0 replies      
Maybe it's just not reflected in the question, but did the asker not immediately try other characters to see if there's a pattern? Given the answer, other letters would probably have had the same result and other characters would not. They could have at least narrowed the problem down to letters.
agumonkey 5 ago 1 reply      
So printing B isn't slower: terminal rendering of lines of text is just less obvious than thought.
pedrow 6 ago 1 reply      
For what it's worth, the difference still exists when printing with Netbeans 8.1 - 41 seconds for 'B' and 2 seconds for '#'
giomasce 5 ago 2 replies      
My first guess was that for most fonts the glyph "B" has splines, while "#" does not (only segments) and in line of principle rendering splines is more expensive than rendering segments. But probably this is nowhere that relevant.
baristaGeek 4 ago 1 reply      
Let's talk about any potential application this could have.

The first thing I can think of is that if you're writing a flood-filling algorithm (finding connected components) you should fill with #s instaed of Bs, even if filling with Bs is more conventional. Specially if you're doing competitive programming and need to overkill the optimization process in order to pass the run time.

As for production coding, I can't think of anything. Any ideas?

BTW, this is probably speculation, but it's still worth discussing in my humble opinion.

JohnStrange 3 ago 0 replies      
While we're talking about obscure speed differences, I recently needed to traverse large directories and collect files with a certain suffix and found out that using "find" as a subprocess and parsing its output line-by-line was orders of magnitudes faster than any direct directory traversal I wrote and any other method I've tried, including other Unix utilities.

I don't know how it works but it's insanely fast.

acqq 6 ago 0 replies      
A lot of comments previously on HN here:


Myrmornis 4 ago 0 replies      
A good first step for investigating this would have been to redirect output to a file.
       cached 8 September 2016 19:02:02 GMT