hacker news with inline top comments    .. more ..    24 Nov 2016 News
home   ask   best   9 months ago   
1
Skyscanner acquired by Ctrip for $1.7B ctrip.com
54 points by muratmutlu  1 hour ago   9 comments top 7
1
stewhuk 42 minutes ago 0 replies      
Skyscanner is based in Edinburgh, with another large office in Glasgow. This is huge news for the Scottish tech scene, and will hopefully bring much needed cash to help it thrive. There's a lot of interesting stuff happening here in all types of tech.

Sadly Scotland's other unicorn, FanDuel, looks set to close its hq in Edinburgh after merging with draft kings. However, that will probably release a lot of talent to help smaller co's

2
garagemc2 48 minutes ago 1 reply      
This is great news for skyscanner. Unfortunately, the media in the UK will go all nativist and claim that Britain is being sold out to foreign countries, as they did with ARM.
3
jpatokal 13 minutes ago 1 reply      
Interesting -- this may be the largest foreign acquisition by a Chinese internet company to date? Largest I'm aware of was Riot Games by Tencent, which was on the order of $400 million.
4
kowdermeister 26 minutes ago 0 replies      
I had to double check the number. Never thought that Skyscanner was this profitable.
5
yomly 1 hour ago 0 replies      
Whoa huge news - great bit of business for a UK tech company.
6
dorianm 1 hour ago 0 replies      
Skyscanner is so good, even travel agencies use it (source: a french travel agency).
7
freddyc 1 hour ago 0 replies      
Loved using Skyscanner when I lived in the UK - great news for them!
2
A practical guide to securing macOS github.com
449 points by DemiGuru  9 hours ago   53 comments top 13
1
jamesgeck0 7 hours ago 1 reply      
Guide should probably mention automatically updated Chrome extensions. There have been multiple cases where the owner of a popular extension sold it to a 3rd party that pushed out malicious updates. Tab Manager is the most recent instance that comes to mind: http://security.stackexchange.com/a/130600

Chrome does disable extensions when an update requires new permissions, but that won't catch malicious updates to extensions that require extensive permissions for basic functionality.

2
ents 8 hours ago 0 replies      
Be careful. Some of these tools do not include any way to reverse their settings. A friend followed one of these guides and we had to reinstall the OS to get some wireless tech working again (Might have been AirDrop).
3
tptacek 6 hours ago 2 replies      
I like reading guides like this, and they're useful in a sort of encyclopedic sense, but the problem with them is that they're really a "practical guide to doing every conceivable security thing you could do" with macOS, which is in fact not the best way to secure your operating system. For instance: it's probably not the world's greatest idea to go out of your way to install Adium for secure messaging on a locked-down Mac.

The cryptographic advice in this particular guide is not especially great. You can, for instance, safely ignore what it says about randomness (and, in particular, about how it interacts with FileVault's XTS block crypto). Its advice about password management is needlessly complex (if you trust Keychain, use Keychain Assistant to generate passwords, not OpenSSL --- but most of the cool kids just use 1Password, and they're right to do that).

4
ysleepy 8 hours ago 2 replies      
Nice resource.

But what I miss most, is a deeper analysis of the different launchd services and agents. - Especially which ones can be disabled and what features will be impacted.

It is quite opaque, especially considering the verbose descriptions of Windows Services out of the box.

I want to disable all these, for me, useless features: handoff, geo, maps, icloud, push, commCenter, spotlight web, siri, social integration, diagnostics reporting, and many more.

It has been a very annoying experience of seemingly unrelated parts of the OS breaking when Disabling anything, - and log spamming of unsuccessful attempts of using it.

5
0xCMP 8 hours ago 1 reply      
I used to follow the changes a lot on this repo. Lots of great discussion in the issues of balancing practicality and security. Like @ents mentioned though, there are some un-reversible changes if you do everything they recommend. Although it'll make you more secure.

I don't do most of this. I'm waiting until I decide to wipe my Mac and have plenty of time to play with it. (which is going to be when exactly? Not sure.)

6
jdeibele 5 hours ago 0 replies      
Was curious what would happen if you set the firmware to only boot from the startup disk and it crashed ...

Seems like MacOS does the reasonable thing and prompts for the firmware password if you use a different disk.

https://support.apple.com/en-ca/HT204455

7
tolmasky 7 hours ago 2 replies      
Is there some way to have some faith from what you're getting from brew? In other words, can I verify installations from brew somehow?
8
tolmasky 7 hours ago 0 replies      
Any thoughts on doing work in virtual machines?
9
Theodores 4 hours ago 0 replies      
How often you find yourself locked out of your house obeys Murphy's Law, add lots of security and you will find yourself annoyingly locked out for silly reasons all the time. Have just the one simple lock on the door and you probably will not end up locked out, particularly given there is a key under the mat.

I had a laptop of mine retrieved by the police from a big rubbish bin. The screen was broken, it did boot up though. Another time I had the broken screen after being hit by a car. These things happen and I am always sure I can get in even if keyboard/screen/mouse isn't an option. It is more useful for me to be able to somehow access my machine even if broken, I imagine there will be circumstances of that.

When the police retrieved my laptop I wasn't exactly worried about my obvious login password or whether I had locked down that mysql port sufficiently. The thief wasn't even literate so those extreme security measures wouldn't have helped.

10
rasz_pl 4 hours ago 0 replies      
Wow, and people laughed at all the Windows 10 antispy tools/script packs. Turns out this is the state of personal computing in 2016, nothing is decent out of the box anymore :(
11
leetbulb 8 hours ago 0 replies      
Very nice. Thank you for this! :)
12
pttrsmrt 4 hours ago 1 reply      
Step one: Don't use macOS
13
gok 8 hours ago 0 replies      
3
Holoportation is now mobile microsoft.com
56 points by Qworg  3 hours ago   16 comments top 7
1
cbisnett 1 hour ago 1 reply      
> The greatest challenge was bandwidth, which we reduced by 97% using an innovative approach to compression.

Waiting for the Pied Piper partnership announcement.

2
neom 1 hour ago 0 replies      
I'm not one to be easily impressed by technology and I must say the hololens is incredibly incredibly impressive. We have a couple at the office and whenever I spend time with one I'm really taken aback at what this will become. I like VR, but the augmentation between the physical and the virtual is what I'm most excited about. I mean it when I say, at least for me, hololens really changed my frame of reality. I feel like I sound kinda fanboi and overly enthusiastic, but I encourage you to try and find a way to use one if you've not. (trying it for the first time: http://john.je/iDpX)
3
hossbeast 2 hours ago 1 reply      
"Holoportation is a new type of 3D capture technology that allows high-quality 3D models of people to be reconstructed, compressed and transmitted anywhere in the world in real time. When combined with mixed reality displays such as HoloLens, this technology allows users to see, hear, and interact with remote participants in 3D as if they are actually present in the same physical space."
4
onlyrealcuzzo 2 hours ago 1 reply      
So this "transports" you from inside a moving vehicle to a conference anywhere in the world, assuming the conference is happening with participants wearing Hololens.

It's crazy impressive, but it seems really far ahead of time for now. Crazy exciting, but does anyone know when things like this will be more practical, realistically?

5
jaxomlotus 1 hour ago 1 reply      
I think the real importance of this announcement is the reduction of needed bandwidth by 97% while still maintaining transmission quality - that's amazing!
6
doublerebel 1 hour ago 2 replies      
Nvidia and Microsoft continue to play friendly competitors in the AR space. Holoportation is quite similar to Nvidia's Virtual Eye tech, and MS is using some of Nvidia's optics tech in the Hololens. Could Nvidia get big enough that Microsoft wouldn't buy them?
7
ocdtrekkie 1 hour ago 1 reply      
This is the sort of thing that could spur on an interest in Windows as a mobile platform again. Imagine if someday you could "holoport" to meet and talk with people using your phone and a pair of glasses.

Of course, the article in question requires a setup in the car, which allows them to place cameras, and currently it still requires Wi-Fi grade signal for it to work.

4
Freelance Isn't Free Act Passes in NYC freelancersunion.org
150 points by Mz  6 hours ago   88 comments top 9
1
relics443 4 hours ago 9 replies      
My first freelance job was for a prestigious organization. They refused to pay, because (in their words) "no one will listen to you if you file anything anyways" and they had denied that I did the work.

I told them that they had 24 hours to pay me and acknowledge my work, or I'd put porn on their landing page. 24.5 hours later I got paid.

2
bluetwo 4 hours ago 1 reply      
Good to see, even if it doesn't impact me. I like the idea of penalties for non-payment.

I've never had a problem collecting $5,000, but people will regularly avoid paying small amounts ($500) because (I assume) they know you won't put as much effort into collecting.

3
tehwebguy 3 hours ago 0 replies      
FYI you can fill out a 2-3 page worksheet to file a breach of contract lawsuit in LA county.

It's not limited by small claims caps and is an inexpensive first step compared to hiring an attorney to send a scare letter.

Didn't end up needing to file the one I wrote up last year but it was liberating to know that there was a half-step measure.

Before doing it I called 12 attorneys in Los Angeles and everyone respectfully told me a $20k unpaid bill is not worth their time, but the last one told me about filing on my own.

4
Freestyler_3 5 hours ago 1 reply      
I think it's great they finally got some protection.Why wasn't it there before and what was the oppositions point of view on this?
5
misotaur 4 hours ago 1 reply      
An indication also that self-employment is growing everywhere.In a few decades it might even be the new normal.
6
sean_patel 2 hours ago 0 replies      
How do we get this for California? Is the Freelance job litigated on where the Freelancer is physically located, or where the client is located?
7
joatmon-snoo 3 hours ago 0 replies      
The site itself isn't too clear about the specific benefits of the legislation[1], but the most recent committee report on the legislation is much more enlightening (the tl;dr being that it introduces powerful remedies for freelancers who are denied their just desserts - I don't understand the emphasis on the contract stuff, but IANAL):

> Any action alleging a violation of section 20-929, unlawful payment practices, would have to be brought within six years after the acts alleged to violate the proposed chapter. A plaintiff who prevails on this cause of action would be awarded double damages, injunctive relief and other such remedies as appropriate. All awards of damages would also include attorneys fees and costs.

> Any action alleging a violation of section 20-930, retaliation, would have to be brought within six years after the acts alleged to violate the proposed chapter. A plaintiff who prevails on this cause of action would be awarded damages equal to the full value of the contract. All awards of damages would also include attorneys fees and costs.

> Section 20-934 of the chapter would provide for a civil action for a pattern or practice of violations. Where reasonable cause exists to believe that a hiring party has engaged in a pattern or practice of violations, the Corporation Counsel may commence legal action on behalf of the City in a court of competent jurisdiction. Such an action would be commenced by filing a complaint setting forth the facts relating to the alleged pattern or practice of violations and requesting relief, which could include injunctive relief, civil penalties and any other appropriate relief. The filing of a pattern or practice complaint by the City would not prohibit any complaint or civil action by a freelance worker. Upon a finding that a hiring party has engaged in a pattern or practice of violations, the trier of fact could impose a civil penalty of up to $25,000.

> Section 20-935 would provide additional details about how the proposed chapter would apply and how it would interact with other laws. Subdivision a would provide that, except as otherwise provided by law, any provision of a contract that purports to waive the rights granted by this chapter is void as against public policy. Subdivision b would provide that the provisions of this chapter would supplement and not diminish or replace any other basis of liability or other requirement established by statute or common law. Subdivision c would provide that failure to comply with the provisions of this chapter would not void or impair a contract between a hiring party and freelance worker. Finally, subdivision d would provide that nothing in this chapter shall be construed as providing a determination about the legal classification of any individual as an employee or independent contractor.

[1] http://legistar.council.nyc.gov/LegislationDetail.aspx?ID=25...

[2] (warning: DOC file) http://legistar.council.nyc.gov/View.ashx?M=F&ID=4746382&GUI...

8
unethical_ban 1 hour ago 2 replies      
Isn't this solving the problem of short-sighted freelancers, rather than non-payment?

I see posts here that reinforce my expectation: Have a contract, and it can be enforced by law. What does this bill enable a citizen to do, that they couldn't legally do on their own before?

9
zeveb 4 hours ago 7 replies      
> Passing with 51 votes, the Freelance Isnt Free Act requires written contracts for freelance gigs, allows freelancers to file complaints against non and late-paying clients with the Department of Labor Standards, and institutes penalties against clients found guilty of nonpayment in small claims court.

Requiring written contracts seems like a handout to lawyers. Alternatively, it seems like a clever way to enable folks with only a verbal contract to refuse to pay, since a verbal contract is now illegal.

Contracts are already enforceable at law, so how does this actually improve things?

5
Statistical Mistakes and How to Avoid Them cornell.edu
80 points by ingve  5 hours ago   17 comments top 4
1
lisper 2 hours ago 1 reply      
This is the insight that made statistics "click" for me many years ago: a statistical test answers one central question: what are the odds that the results you observed could have arisen by chance? If those odds are low, then you are justified in concluding that the results probably did not arise by chance, and so there must be some other explanation (usually, but not always, the causal hypothesis you are advancing).

Once consequence of this is that it is crucial that you advance your hypothesis before you collect (or at least look at) the data because the odds of something arising by chance change depending on whether you predict or postdict the results. Also, the more data you have, the more likely you are to find something in there that looks like a signal but is in fact just a coincidence. Many a day-trading fortune has been lost to this one mistake.

2
amelius 2 hours ago 2 replies      
I don't like how the article tries to push statistics on the reader. If a CS paper compares a pair of averages, then that gives certain information. If statistics can add to that, and make the results a little more precise, then that is nice. But by no means is it absolutely necessary. And statistics will not give a conclusive result either.

I think that authors should use statistics when they see fit, and when it does not distract too much from the original subject of the paper.

3
ekianjo 1 hour ago 0 replies      
That's a good article but pretty short. There would be a lot more ground to cover.
4
frozenport 1 hour ago 1 reply      
The t-test assumes a normal distribution which, is rarely true, especially when the number of runs is under 100. A better test is the Mann-Whitney U test which is applicable for a wider category of distributions.
6
Python at StackOverflow (an Interview with Martijn Pieters) talkpython.fm
47 points by mikeckennedy  4 hours ago   1 comment top
1
nathancahill 1 hour ago 0 replies      
What a great guy. I know immediately when I see with his name on a Stackoverflow answer that it's authoritative and can be trusted (which is a lot for Stackoverflow, especially when you've exhausted the manual and the source code).
7
Humble Book Bundle: Unix humblebundle.com
271 points by bdz  6 hours ago   86 comments top 13
1
SwellJoe 5 hours ago 4 replies      
I think the best of these books (at least of the ones I've read) are in the $15 tier. Several of the books in the lower tiers are ones I'd recommend skipping and go to online resources, instead. It may not still be so, but when I last looked at the O'Reilly bash books, many years ago, the TLDP bash programming HOWTOs were more pragmatic and easy to follow (I think that's here: http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html and http://www.tldp.org/LDP/abs/html/ ). I guess UNIX in a Nutshell was good in its day, but is quite old now, even in its 4th edition.

DNS & BIND is one I recommend to anyone who ever has to touch anything related to networks, because so many problems I have seen in my 20 years of troubleshooting network problems have come down to someone not understanding DNS. It's well-written, covers the how and why, and covers everything from "I have one website" to "I run a dozen data centers with thousands of zones and thousands of queries per second" (and the authors have significant experience at all of those levels).

And Essential System Administration is a classic, though a bit dated the last time I looked at it (I mean, the core services and concepts it covers are relatively timeless, but it's missing a lot of modern cloud and service-based concepts).

That said, nearly all of these were first written (their first editions) when O'Reilly was publishing incredibly high quality books; well above anyone else in the industry, particularly for OSS and Free Software topics. So, probably a good value, if you haven't already read them and don't have a good foundation of knowledge of these topics.

2
xchaotic 1 hour ago 0 replies      
$15 is almost inconsequential if you're smart enough to have a programming or 'ops' job in the Western Hemisphere. What is far more scarce is the time to read and apply the knowledge from those books. So while I dutifully purchased the package, I doubt that I will spend enough time with the material, beyond some wicked awk recipes for parsing logs, which I suspect, you can also google for.
3
bathory 6 hours ago 10 replies      
My biggest gripe with this bundle is that they are all digital. I'd rather have less books but then in a printed format. I have noticed that I can't concentrate on reading books when they are presented to me on my computer screen. I do have a kindle (1st or 2nd generation) and that device doesn't support PDF well, furthermore it is rather slow. It works fine for regular books though, where I don't have to flip through chapters back and forth often.
4
macintux 6 hours ago 1 reply      
That's some serious nostalgia value. UNIX Power Tools came out before GNU had a dedicated website (was still hanging off MIT IIRC), pretty sure I used the CD that came with it to install some software.

Think I've owned 1/3rd of these at some point in time. O'Reilly used to be head and shoulders above everyone else in open source/UNIX books.

(I still remember the first time I ever saw a Linux book on a shelf at a bookstore. I feel old.)

5
_kst_ 3 hours ago 1 reply      
I just bought these. My only complaint is the same one I had last time I bought one of these bundles: I had to download each of the 51 files (17 books, 3 formats each) manually, one at a time. An option to download a zip file or tarball would have been very helpful.
6
freehunter 6 hours ago 2 replies      
The $1 tier is great for anyone just starting out with bash or Unix. The $8 is amazing value, that's beginner through intermediate Unix skills, basically as much as most anyone would need. The $15 tier, IMO, is completely optional unless you know that you need those books. And at that point, you probably already have them.

Good sale!

7
mrbill 5 hours ago 0 replies      
I've got most of these already (from owning the "CD Bookshelf" products ORA put out years ago) but $15 for everything is just too good a deal to pass up, especially since it has a copy of ESA in there (one of my well-worn dog-eared owned-multiple-copies titles).
8
orbitingpluto 1 hour ago 0 replies      
I upload Humbles to Google Play Books, not for primary reading but easy accessibility.

I just wish that downloading a 2MB pdf from Google Books wouldn't take 450MB of local storage.

I've also experienced issues with Humbles not uploading properly to Google. It usually takes Humble about four or five weeks to rectify the issue with the PDF.

9
jbmorgado 38 minutes ago 0 replies      
What I would appreciate from fellow HN commenters, is their opinion if these books are actually the best ones (or amongst the very best ones) in their particular areas.

That's something I always struggle when it comes to IT/programming. There are just so many written materials about a particular subject that it becomes very difficult to find which ones are those that I should actually read.

10
kingosticks 1 hour ago 0 replies      
Internal server error after the payment appeared to be accepted. I wonder if I was actually charged or not...
11
partycoder 3 hours ago 0 replies      
My favourite is "The Linux Programming Interface".It's a fantastic book... very thick too.
12
crimsonalucard 6 hours ago 5 replies      
"Pay what you want" is a false statement. When I wanted to pay 1 cent they demanded a minimum of one dollar.

I may be a cheap ass for wanting these things for a cent but that doesn't change the fact that "Pay what you want" is a total and utter lie.

13
marklawrutgers 6 hours ago 2 replies      
Does anyone know the legality of putting the DRM free pdf files into a public Dropbox folder? Not sure what copyrights or licenses still apply if I decide to buy these and share this with other people.
8
Subgraph OS: Adversary resistant computing platform subgraph.com
123 points by mboroi  9 hours ago   67 comments top 10
1
protomikron 6 hours ago 5 replies      
This is a step in the right direction (in the sense that we should sandbox applications harder), but in my opinion we have to change fundamental aspects of our stack (e.g. Proprietary Firmware <=> Linux <=> GNU-System-Libs <=> X <=> GTK <=> Evince), to gain more security.

In particular I think it is harmful that all applications share the same view on the FS and have in principal the possibility to use e.g. full unixoish capabilities. My bet is that the solution is via better type systems, e.g. an application that is a desktop game could have something like

 exec :: GameConfig -> WindowControl ()
where GameConfig is e.g. some CFG specific to the game and WindowControl is similar to IO () however limited to interacting with a drawing library (e.g. OpenGL) and input systems (keyboard and mouse local to the window).

At the moment every application just implements `main()` and is good to go and we separate between kernel- and user-space (and a VM on top e.g. Android and Apple), and maybe this is too coarse.

I think pledge (http://man.openbsd.org/pledge) is also a step in the right direction however I would prefer it to be the other way around: an application goes through a setup process where it gains the capabilities it needs (in pledge it's the other way around, you ask to drop them).

2
dlevi 3 hours ago 2 replies      
Does Subgraph isolate USB and network? The isolated serviceVMs for USB and network are in my opinion a very strong value proposition of Qubes.

Furthermore, is Subgraph supposed to be an OS for everyday use, like Qubes, or just for anonymous usage like Tails or Whonix? If its the former I don't understand why all traffic should be routed via Tor by default - it wouldn't make sense to route non-anonymous traffic (banking, personal mail, etc.) via Tor. It wouldn't be anonymous anyway and also because of the unnecessary risk of exposure to malicious exit nodes. In this sense I believe the Qubes approach with its optional WhonixVM is superior.

If Subgraph is supposed to be for anonymous usage I'd like to read more about what kind of threat model it is trying to address. I don't think there are any amnesic features like in Tails nor strong isolation between gateway and workstation to prevent IP leaks like in Whonix.

3
Animats 7 hours ago 4 replies      
They try to avoid saying it, but it's mostly a patched Linux.
4
stcredzero 2 hours ago 1 reply      
I rather like the graphic with this post. Is that based on pixel art, programmatically combined to resemble orthographic projection, or is it generated by WebGL? (Using one of the available blocks libraries in Javascript.)
5
rrggrr 1 hour ago 0 replies      
I need to know who/how they made the graphic image. I love it.
6
tscs37 6 hours ago 0 replies      
For a second I thought this was about a new linux-distro for servers that featured outage resilient services and such.

Oh well, this is good enough I 'spose.

7
runeks 5 hours ago 1 reply      
Looks interesting. I'm looking for a more secure minimal OS, for use with backend services. Would it make sense to use it as a server OS, or is it primarily for desktop use?

Also, is there a docker image that is ready to go? That would be immensely useful.

8
verandaguy 7 hours ago 1 reply      
"Adversary-resistant" is an extremely bold claim. While the architecture does look promising, and (at least intuitively) reasonably-designed, I think it's a bit too soon to make a call about adversary resistance.
9
tonyplee 6 hours ago 1 reply      
Care to put out a vm image, invite folks to hack it?

That is a lot more interesting.

10
formula1 6 hours ago 1 reply      
Ill give it a shot. Ive been feeling quite vulnerable on 16.04 due to the absurd amount of unfixed bugs. I have a couple of questions

- its mentioned that it does not have access to documents and downloads within the user folder. When it wants/needs read access, how am I told?

- if it doesnt have access to these folders, does it only write to its own subset?

- is it possible to make my home downloads folder an aggregate of the application downloads?

- when uninstalling/purging, since its sandboxed it deletes all of the content or keeps it? Can I force removal as well?

- how does subgraph deal with shared services/folders/info? Can I share a service with another user? Can I share the network setting modifications with other users?

- how can I prevent an application from using the network without my knowledge?

- are the tools like nethogs/top for subgraph that can take advantage of the compartments to show a more realistic view of whats going on?

I think this has a lot of potential!

9
The Manhattan Project Fallacy aelkus.github.io
96 points by raghava  8 hours ago   69 comments top 15
1
aftbit 4 hours ago 3 replies      
My fundamental hope for humanity is that someday, rather than having to confront social challenges around distribution of resources (who gets more water? who gets more land? who gets more oil? do we need to raise energy costs to capture the extrinsic costs of polluting the air?), we will just have enough and more of everything.

The Central Arizona Project and the Navajo Generating Station are my favorite examples of this. The Navajo Generating Station is a giant coal-fired power plant, which provides energy used primarily to pump water up into Arizona. The station substantially degrades air quality in the surrounding areas, and the water that is "stolen" from the Colorado is a part of the West's growing water concerns. Right now, there are two sides to the issue: those who think it is worth the cost to bring water to Arizona, and those who believe the environmental issues are too big. We could solve that like a social problem, using politics and ethics to try to make the decision... or we could just get on making energy cheap and clean, and suddenly a huge part of the cost disappears. If there was no fly ash issue, no NOx issue, no CO2 issue, then we're back to just worrying about the water flow. But if we have cheap energy, desalination suddenly looks a lot more palatable, which would reduce a lot of water pressures in the US. Los Angeles could switch to 100% desal water and the Colorado river would have a surplus of water again.

Cheap (and preferably clean) energy, solving climate change, and cheap access to space (this one is more dubious) would all broadly boost the quality of life for humanity.

2
grondilu 6 minutes ago 0 replies      
I have a pet theory that the level of concern towards social issues for an individual, as a function of wealth and well being, is convex[1].

That is, it is highest at the extremes : for the poorest and the wealthiest. The former are concerned because of the tacit idea that solving social problems would directly solve theirs. The latter are concerned because as people who don't have direct problems themselves, solving other people's ones would alleviate a repressed guilt feeling, satisfy their ego, or help with the minor annoyance of having to listen to people's whinning.

Then I'm guessing most people working in tech industry are right in the middle of this curve, and consequently give the least possible F.

1. https://en.wikipedia.org/wiki/Convex_function

3
ckozlowski 1 hour ago 0 replies      
I'd question how much of a necessity it is to refute the need for a "Manhattan Project" for various things is. But having heard the same call myself, I'll add my two cents to what I think is a rather good essay.

There's a perception among those calls I gather that the Manhattan Project was pulled together as this massive undertaking at the stroke of a pen. The reality however, was that it started off as overlooked, modest, and aimless at times. Overtime, as the goals and necessities became more clear, it grew and matured into the massive, focused effort we all know. But it was because of the direction and need that developed that resulted in the Project, not the other way around. And I think that's a very important distinction.

I think great projects tend to owe a good amount of their growth to organic factors. The reason why we haven't seen a "Manhattan Project" to solve a societal issue is because the conditions are not necessary right for one, and perhaps more importantly, the "project" needed to tackle one might not necessarily be recognizable to us as such.

4
sapphireblue 2 hours ago 3 replies      
DeepMind looks like a hilariously wrong project to criticize because it is a true moonshot, something very different from the majority of other SV projects.If hiring hundreds of PhDs to create a general purpose learning agent, all while publishing all the intermediate results in freely available papers isn't a moonshot with socially beneficial outcome, then I don't know what is.Also note that DeepMind went even further than that, there is DeepMind health division aiming at using this technology to help doctors and patients directly.

If I were the author I'd choose some social media unicorn or an ad network as an example of inherent misallocation of human talent.

5
Tossrock 5 hours ago 1 reply      
I think the author is strawmanning a bit here. The central premise they're attacking is that tech should not be called upon to solve social problems, and they assume this is what the pull quote at the top is implying. They then spend the body of the essay arguing that social problems are intractable to a top down approach, technological rationality is subject to the same problems as government bureaucracy, etc.

However, one could more charitably interpret the quote as saying there are lots of TECHNOLOGIES that would produce social good, which are underfunded - alternative energy, carbon capture, distributed social networking, etc. Ycombinator seems to agree, given their recent focus on nuclear.

6
Animats 6 hours ago 3 replies      
Is anybody seriously proposing heavy Government spending on any specific problem right now, other than a wall against Mexico?

Some engineering problems have yielded to heavy spending. The Polaris submarine program. The Apollo program. RCA's color TV effort. AIDS treatment. Extreme ultraviolet photolithography. The H-bomb. Sometimes this works. With a narrow goal, a general idea of how to get there, and heavy funding, impressive results are possible.

7
michaelmrose 1 hour ago 2 replies      
When someone bemoans the fact that a significant chunk of the our generations intellectual and monetary capital is invested in trivial matters it isn't necessarily that they wish google and Microsoft ought to save the world instead of make phone operating systems and ads.

If they have any sense what they want is for we as a species to put our money, our labor, our hearts and our lives into matters of importance to the human race.

8
blater 2 hours ago 0 replies      
I honestly couldn't finish this. Who exactly is comparing today's startups to the manhattan project? Yes many projects are aiming for more ad clicks, but so what? In the 30's movies and radio were doing the same thing and what? Why are they being compared to the manhattan project, or to apollo, or to the search for the Higgs boson, or world peace, or whatever?. Is there anything to this beyond the obvious strawmab cllckbait?
9
rl3 2 hours ago 0 replies      
>If the problem of producing the atomic bomb occupied the attention and resources of the scientific establishment during World War II, it is sadly unsurprising that this very same establishment immediately moved on to the problem of adapting to the political, military, and intelligence consequences of such an disruptive innovation. We live today with the legacy of those consequences, and cannot imagine a world without them.

Nuclear weapons may have been a positive development. The doctrine of mutually-assured destruction has a lot to do with why World War III hasn't happened yet.

10
jameslk 1 hour ago 0 replies      
"Change the world," they say. As if changing the world implies that change will be better for everyone. Some would love to change the world and bring slavery back. How about we focus on changing ourselves to adapt to the world we have? I'm glad this essay touches upon this since nobody else seems to be talking about it.
11
sandworm101 5 hours ago 1 reply      
>> First, the Manhattan Project itself was sui generis. There is very little reason to believe that this model does, in fact, generalize widely outside of the basic and applied sciences.

No. It was a basic question of practical physics. It was an effort to translate theoretical knowledge already proven in laboratories into a working product at scale. The innovations were definitely costly, but essentially rather incremental and straightforward. That was much of the reason it needed to be done in a hurry: eventually someone would do it.

Fusion power is in the same place. The theory works in the lab, we need to translate that into a working model at practical scales. Eventually someone will crack the problem. A Manhattan-style push would accelerate that date, hopefully to within our lifetimes.

12
jwatte 3 hours ago 2 replies      
Let's reframe the question:

Why does society today not attempt to maximize happiness among all citizens?

Resources are expended to make those with more resources marginally more happy, rather than someone with less resources comparatively much more happy.

Market economy says that this is the most "efficient" distribution of resources, but the assumption there is that the happiness of the rich is more important than the happiness of the poor.

Is this what we want our societal values to be?And if so, how much more important?And if not, is a domestic happy person more valuable than a foreign happy person?

The ethics and morals that come out of defining these answers are quite strikingly different.

13
davidgrenier 5 hours ago 0 replies      
Glad I had seen SlingShot, documentary on Dean Kamen, prior to reading this article.
14
gwbas1c 6 hours ago 4 replies      
Is there a tldr version?
15
thro32 5 hours ago 2 replies      
Go and Chess AI are SERIOUS and REAL problem. It is something which goes back for thousands years and will be remembered for another thousands years.

AIDS and other contemporary diseases will be soon forgotten after their extinction.

10
OK Go's New Video for 'The One Moment' Is Another Mind-Blower npr.org
8 points by breck  34 minutes ago   1 comment top
1
qwertyuiop924 5 minutes ago 0 replies      
...and in related news, water continues to flow downhill.
11
Supercapacitors Batteries charges in seconds without degrading ucf.edu
38 points by Ideabile  5 hours ago   31 comments top 6
1
gus_massa 2 hours ago 8 replies      
The size of the battery varies from phone to phone, but let's choose 3000mAh as a typical value so the battery is enough for a full day.

If you want to charge it in "seconds", let's use 60 seconds as an upper bound.

So if the charger has a 100% efficiency, then it has to provide 3000mAh/60sec = 3000mAh * 3600 sec/h / 60sec = 180000mA = 18A.

An USB can provide between 0.1A and 0.9A. For comparison, a typical plug in a home can provide 10A. So to charge the phone you will need some big connector, not a tiny microUSB like connector.

But it's worse. From the article:

> "If they were to replace the batteries with these supercapacitors, you could charge your mobile phone in a few seconds and you wouldn't need to charge it again for over a week," said Nitin Choudhary, a postdoctoral associate who conducted much of the research published recently in the academic journal ACS Nano.

To recharge the phone once a week, I guess you will need a 20000mAH battery, and a few seconds is something like 5, so the connector must survive to 1000A, that is a ridiculous current.

2
daveguy 3 hours ago 2 replies      
Apparently they are on par with energy density and power density. They are way ahead on cycle stability (30k charges). So that pretty much leaves two things:

1. Charge stability. Does it leak like a sieve even without a load after being charged?

2. Manufacturability. I expect this is the big problem. It's a chemical engineering problem to scale up a "nano" process. The article says it's not ready, but doesn't say what the biggest challenge is going forward.

Anyone know this particular supercapacity tech? Or supercaps in general?

3
kylehotchkiss 1 hour ago 1 reply      
The scary part is that touching the two connectors of a supercapacitor is an instant discharge. Which might prove pretty dangerous.
4
gravypod 3 hours ago 1 reply      
Coincidentally they also like to discharge in seconds!
5
sandworm101 18 minutes ago 0 replies      
>>> Anyone with a smartphone knows the problem: After 18 months or so, it holds a charge for less and less time as the battery begins to degrade.

Really? That's still a thing? These aren't nicads. I've found that my phone doesn't report full charge as often, but it still lasts for a similar amount of time. My 5+yo netbook's battery is still reporting 80% of its design capacity.

Imho, such apparently dramatic falls in capacity often have more to do with running apps rather than physical degradation of the battery. Talk to me after a reset to factory settings.

6
mrfusion 1 hour ago 1 reply      
If this is true it would be revolutionary right?
13
The Lua VM, on the Web daurnimator.github.io
68 points by vmorgulis  7 hours ago   14 comments top 5
1
scrame 5 hours ago 3 replies      
So, I understand that asm.js is a strict subset of JS that's made to run very efficiently. I understand emscripten can transpile C to asm.js, so C programs to run in a browser.

I guess what I don't understand is how the higher-level bindings work. Something like the neo-geo emulators running in asm.js can read controllers and output graphics. How much custom code is required going from system C to browser JS. Is it closer to a 'gimme' if it targets GL and can just use WebGL? Is there something like sdl.js? And if it has those external library dependencies, does the whole dependency tree have to be compiled to asm.js?

More specifically, if the lua VM can be put into the browser, and interpret lua code, then how much custom code would it take to make Love2D work?

Edit: Just re-reading this question I realized it'd most likely be like a static build, so it would pull in the dependency source, and then most likely something that would use the io/display stuff API, but with a browser back-end. I've dug around a couple times trying to find a basic overview of that, but to not much avail. I'd love any references though.

2
lopatin 4 hours ago 2 replies      
This is really cool. I know Lua is a commonly embedded language for plugins and stuff. So now that we can support Lua powered extensions for web apps, I'd like to add to the list of naive questions here, coming from someone who's never used the language. What benefits does Lua provide over other langs for such a purpose? Is it the ecosystem of libraries that makes it unique in that respect? Or the actual language lends itself better for user scripting over, say, running JS code through JS-interpreter or just eval-ing validated JS code directly.
4
qwertyuiop924 3 hours ago 0 replies      
Now I want to see how the performance compares to that of Moonshine.
5
scardine 5 hours ago 0 replies      
Lua and Elixir are among the few relevant contributions to the field coming from Brazil.
14
The XSS Game by Google xss-game.appspot.com
285 points by artf  14 hours ago   84 comments top 20
1
throwaway729 11 hours ago 5 replies      
Solutions: http://pastebin.com/hv0h73eC

I'm posting because I find that whenever I can't solve some security puzzle, it usually means I didn't foresee an attack and I've been writing insecure code :( So hopefully people who get stumped can take a look at the solutions and determine if that's the case for them.

It'd be cool if someone wrote up explanations for each of these w/ links to relevant portions of Google's documentation.

2
eridius 7 hours ago 1 reply      
Why does a <script> tag not work in level 2? I can see it ending up in the DOM.

Edit: Ah hah, HTML 5 spec explicitly says <script> tags inserted via innerHTML do not execute (https://www.w3.org/TR/2008/WD-html5-20080610/dom.html#innerh...).

3
xssfoofoo 12 hours ago 5 replies      
Level 3 seems to no longer be exploitable. Firefox 45.5 here automatically %-encodes the characters into the src attribute.
4
i336_ 2 hours ago 1 reply      
Got to the first one.

Okay, URL injection, that's easy: <script>alert('hi');</script>

Or not: that didn't work.

I had to remove the semicolon for it to notice my code. At that point I immediately closed the tab.

5
jaimehrubiks 11 hours ago 3 replies      
I'd like to see the game solutions, I'm new on this and can't pass lv 3.
6
giuscri 4 hours ago 1 reply      
These challenges are very easy. Anyone who knows something harder? To my knowledge, it's not easy to find material to study/exploit to get better at XSS'ing.
7
fgandiya 7 hours ago 0 replies      
Hey, I just used this a few weeks ago as I was doing this course on web app security by Troy Hunt[0]

I didn't get far with it because it turns out that some browsers prevent the exploit, like Firefox and Safari.

[0]https://www.pluralsight.com/courses/hack-yourself-first?gcli...

8
onion2k 10 hours ago 10 replies      
I'm quite surprised that these exploits aren't blocked at the browser level by default with developers having to write code to make the exploits work if they need to.

For example, if browsers flatly refused to load code from an external URL unless the address was whitelisted in the page's HTTP response headers then you'd make level 6's exploit impossible without much of an impact on web development.

The CORS header Access-Control-Allow-Origin can be used to force a browser to work that way, but only if a site sets it. I'm suggesting we're at the point now where browsers should be secure by default, even if it breaks some old sites.

9
prezjordan 11 hours ago 1 reply      
I made it past level 2 but I am curious why the second hint is true. Can anyone provide some insights?
10
Keloo 5 hours ago 0 replies      
on level 4 try: https://xss-game.appspot.com/level4/frame?timer=%99and you get: 500 internal server error LOL
11
samfisher83 8 hours ago 1 reply      
Some of these exploits won't work on firefox or I am not sure how to do it. For example I can't get firefox to execute code on images.
12
bl0bgate4 10 hours ago 0 replies      
13
EJTH 8 hours ago 0 replies      
It was fun the few minutes it lasted. :)
14
daliwali 10 hours ago 0 replies      
Yahoo has been offering a similar game for over 10 years now. It's too easy though, the bugs are everywhere!
15
splitdisk 12 hours ago 0 replies      
I'll always love stuff like this, such a fun way to practice without the pressure of finding something to report on.
16
elcapitan 6 hours ago 0 replies      
That was fun, but a bit too easy ;)
17
Kenji 12 hours ago 1 reply      
There will be cake at the end of the test.

The cake is a lie.

18
freecodyx 9 hours ago 2 replies      
I just call alert('dada') from the console, and it tells me congratulation the site is buggy as well
19
jamesmp98 7 hours ago 0 replies      
Well that was fun
20
jkulak 9 hours ago 1 reply      
I don't know, not being able to pass lvl1 with "<script>alert();" made me not want to continue...
15
Israeli firm can steal phone data in seconds phys.org
176 points by chang2301  12 hours ago   77 comments top 20
1
turc1656 10 hours ago 3 replies      
"But privacy and rights activists worry such powerful technology can wind up in the wrong hands, leading to abuses."

Am I to believe that this firm is the right hands? Or government? Please...all hands are the wrong hands. These vulnerabilities need to be closed. I wouldn't be surprised if the NSA or some other government tentacle was paying them not to make whatever they found known.

Gee, I sound paranoid. What am I thinking, our government would never do that. Oh wait...http://www.reuters.com/article/us-usa-security-rsa-idUSBRE9B...

2
1024core 9 hours ago 5 replies      
"Could you do anything to deprive them from throwing a stone at someone or from driving a car and running over people?

"You can't blame the car manufacturer at that point for delivering a car that was utilised to commit that kind of crime," he said.

This is specious reasoning. The point of a car is not to run over people; it's to go from point A to point B. This technology, on the other hand, has only one purpose: to break into cellphones.

3
brianpan 4 hours ago 0 replies      
This is completely off-topic, but can we take a moment and recognize how fantastic it is that the article has a picture of a hacker's desk with an assortment of mobile devices like: a calculator, 3 bluetooth mice, and a stapler?!
4
deutronium 9 hours ago 0 replies      
Regarding the iPhone 5c, the attack from Sergei Skorobogatov is very interesting.

"The bumpy road towards iPhone 5c NAND mirroring" - https://arxiv.org/abs/1609.04327

And the video:

https://www.youtube.com/watch?v=tM66GWrwbsY

5
module0000 10 hours ago 2 replies      
It goes without saying - don't make this easy for them(or anyone). Use a strong alphanumeric password on your mobile devices. It's annoying and inconvenient until it saves your ass - there is still no "fast" way to crack a password like "My 42nd spaceship had 4 hearts of gold.", but it's not that difficult for your brain to remember.

Fingerprint unlock can save you some of the PITA of typing it - just be sure you power off your device when you have even the slightest chance of encountering an actor that could seize your mobile device - that way the passphrase will be required.

6
Adverblessly 7 hours ago 1 reply      
I wonder, if Ben-Peretz and his checks 250 researcher team can crack checks 150 phones a month what is stopping the <scary US government agency>/<Chinese equivalent>/<Russian equivalent> from forming a 2,500 researcher team and doing the same?

It's not like there's a shortage of relevant skills in the US (supposedly responsible for stuxnet) or Russia.

Or is it just that <scary government agency> doesn't want to share its toys with <local police>?

7
45h34jh53k4j 10 hours ago 1 reply      
It will be interesting if Apple went after Cellebrite under the DMCA anti-circumvention clauses. I would laugh if their product became illegal in the United States.
8
45h34jh53k4j 10 hours ago 1 reply      
So we have learned that some phone vendors give Cellebrite their phones before they reach market in order for them to discover and exploit vulnerabilities.Apple refuses to do business with these 'forensic' criminals.

Do not purchase a phone from a vendor that engages in this unethical practise.

9
r00fus 8 hours ago 2 replies      
You'd think if they could crack the latest iPhone/iOS they'd crow about it.

The article seems to paint it as a "we're confident we could" - which seems bizarrely vague. Why would they do that when they claim they can crack an LG G4 wide open?

10
sqeaky 8 hours ago 2 replies      
Does encryption defeat this? If not how are they getting the key from memory?

Does encryption defeat this when the device is off? If not what flaws exist in the encryption schemes?

11
SG- 9 hours ago 1 reply      
Confused why they didn't demo it breaking a modern iPhone instead of a random Android device.
12
ka4eli 7 hours ago 1 reply      
Sounds like an Apple advertisment.
13
wyldfire 10 hours ago 0 replies      
> Among the data the firm claims to be able to access are text messages deleted years previously.

Among all the claims this one seems like it might be one that holds up with very recent iOS/Android releases. It would be interesting to find out whether they rely solely on the encryption to protect the deleted messages and whether overwriting the data would be thwarted by flash device wear-leveling indirection.

14
jwildeboer 1 hour ago 0 replies      
PR based self-marketing article is just that. "Be Very Afraid" hyperbole AFAICS.
15
JumpCrisscross 7 hours ago 1 reply      
Does anyone track the quantity of U.S. tax dollars which go to such firms?
16
alimbada 9 hours ago 1 reply      
They [the government] ask people to login to their email accounts and unlock their phones at the border. They really don't even need any technology to steal data. Intimidation works for them already.
17
amelius 8 hours ago 3 replies      
Sounds like a risky business to be in. If Apple decides to change their encryption technology, you could be out of business some time soon after a new release.
18
libeclipse 9 hours ago 1 reply      
I wonder if they can crack devices that haven't been booted. Many of the newer smartphones encrypt data and require a password on boot.
19
Ftuuky 8 hours ago 0 replies      
Aren't they owned by a Japanese pachinko company?
20
st3v3r 5 hours ago 1 reply      
I mean, with Trump's administration banning cybersecurity and encryption, this company should go out of business soon, right?
16
Show HN: Functional programming for modern Fortran github.com
63 points by milancurcic  7 hours ago   19 comments top 4
1
photon-torpedo 13 minutes ago 0 replies      
Nice work. But as far as I can see this only works for the intrinsic Fortran datatypes, i.e. the various kinds of integers and reals. Any chance for extending this to user-defined types? Looking at the code, all functionality has been repetitively implemented for each datatype -- I hope this has not been done manually, but with a code generator? If so, could the generator be extended to process user-defined datatypes?

It's really unfortunate that modern Fortran has no facilities for generic programming. That's why I'm personally moving more and more to Julia...

2
nv-vn 5 hours ago 4 replies      
Any information about the performance implications of this library? This looks quite nice to use, but I imagine it has some performance cost versus more traditional ways of writing Fortran code, which could (sadly) mean this won't ever get much use in real-world code. Nonetheless, it's awesome that a language that's been around for 60 some-odd years is still evolving and making use of modern programming techniques. It's something to think about for people making languages now.
3
peter303 3 hours ago 0 replies      
The creater of FORTRAN John Backus became a big promoter of functional programming in his later years
4
fdgdasfadsf 2 hours ago 1 reply      
Looking at this makes me wonder if there is IDE support for handling the way that Fortran does generic functions? So much boilerplate and repetition required...
17
Bruce Schneier: 'The Internet Era of Fun and Games Is Over' dailydot.com
82 points by mpweiher  3 hours ago   37 comments top 10
1
nixos 10 minutes ago 0 replies      
The problem is that software engineering is hard.

Immensely so.

On a scale of engineering "hardness" (meaning, we can predict all side affects of action), software engineering is closer to medicine than to, say, civil engineering.

We know stresses, materials, and how they interact. We can predict what will happen, and how to avoid edge cases.

Software? Is there any commonly used secure software? Forget about Windows and Linux. What about OpenBSD?

Did it ever have a security hole?

And that's just the OS. What about software?

There are just too many variables.

So what will happen?

There will become "best practices" enshrined by law. Most will be security theater. Most will remove our rights, and most will actually make things less safe.

Right now, the number one problem of IoT security is fragmentation. Samsung puts out an S6, three years later stops updating it, a hole is found, too bad. Game over.

The problem is that "locking firmware" is common "security theater", which, if there'll ever be a legal security requirement on IoT, it'll require locked bootloader and firmware.

And you can't make a requirement to "keep code secure", because then the question will be for "how long"? Five years? 10 years?

2
wwwigham 1 hour ago 5 replies      
> When it didnt matterwhen it was Facebook, when it was Twitter, when it was emailit was OK to let programmers, to give them the special right to code the world as they saw fit. We were able to do that. But now that its the world of dangerous thingsand its cars and planes and medical devices and everything elsemaybe we cant do that anymore.

Mark this mindset as the beginning of the end of the open, inclusive programming world as we know it.

Schnier visited RIT (my alma mater) last spring, and his presentation revolved around the threat presented by IoT and the growing need for national legislation to encumber it. I asked him a pointed question about how this scaled to the _international_ level, which he decided mostly not to answer (focus on domestic policy first, and such). Because the answer is simple: _it doesn't_. Without global collaboration, this philosophy is the beginning of national internet feifdoms - moreso than what exists today - and the beginning of the end of the global collaboration we freely enjoy today. I value this freedom a lot.

I respect Mr. Schneier for his poignant responses to popular security issues and his ability to be a public face for computer security, but I strongly disagree with where he's lobbying we take the future to. Maybe I just can't accept the hard reality that "security isn't easy" and that government regulation is the only way to force security on people.

3
eveningcoffee 1 hour ago 5 replies      
I can propose a quite straightforward solution for this mess: do not connect things into the Internet.

Your thermostat maybe wants to talk with your alarm clock. I can get that. But it does not have to happen over the Internet. Let them talk locally.

4
zzzcpan 3 minutes ago 0 replies      
It feels like they are using dyn ddos incident as a 9/11 of the internet. So much fear mongering and push for government involvement, disgusting. Next thing you know you'll need a license to write software for appliances and mandated to put a surveillance API into everything.
5
Futurebot 1 hour ago 1 reply      
I'd love to see what a detailed version of security policies and infrastructure look like in a world of backdoor-less strong encryption from Schneier, the EFF, the Hopkins crew, etc. Something that can be used to persuade, or at least influence policymakers by allowing them to see that another way is possible, one that allows security services to do their job in a way that allows them to feel that their work isn't futile, while simultaneously respecting privacy rights.I think the need for strong encryption and no backdoors (which as Schneier himself has explained in the past, are always a double-edged sword) are very important and I support them, but that those on the side of it who also have in-depth knowledge about the finer details don't deign to articulate just what exactly the policy looks like without resorting to just a list of what we shouldn't do and vague allusions to "just go old-school" or "utilize human assets more."

A coherently articulated, normative counterfactual security platform would be a better place to argue from.

It's a cousin to the negative liberty arguments: they only list what not to do to in order to avoid hurting people, rather than what we can do to help them (positive liberty.)Maybe we could frame the question as "If we let the EFF and Bruce Schneier redesign the United States security apparatus from scratch, what would it look like?"

We already have excellent critiques, and are good at articulating "what's bad," but far too little on "what would a good system look like that strikes the 'right' balance?"

6
phantom_oracle 36 minutes ago 2 replies      
I think I live in a bubble...

But...

Who buys these products? Why does a toaster need to be connected to the internet and synced with your "smart"phone? What exactly can you achieve having this feature?

7
patcheudor 1 hour ago 0 replies      
"Any sufficiently advanced technology controlled by a miscreant is indistinguishable from a possessed object in a Stephen King Novel."

http://thefutureisastephenkingnovel.com/assets/player/Keynot...

8
kordless 16 minutes ago 0 replies      
We're going to need to integrate cryptocurrencies with APIs. Encrypted pay to play is the only way.
9
qwertyuiop924 1 hour ago 1 reply      
Yep. Keep IoT on the LAN, or give it the same respect you would any other networked computer.

However, the day the the Internet Era of Fun And Games is over is the day that the internet keels over dead. The Internet was (almost literally) built on fun and games.

10
pessimizer 1 hour ago 1 reply      
This site's ssl is broken.
18
Microsoft Solitaire Collection apple.com
93 points by tammer  4 hours ago   78 comments top 20
1
bsharitt 3 hours ago 3 replies      
My last hurdle to switch to Mac is finally gone.

EDIT: I guess this is for iOS, so the joke is ruined.

2
qwertyuiop924 3 hours ago 2 replies      
Come on MS! Nobody cares about Solitaire!

Just hurry up and release minesweeper already, and stop teasing us!

3
satysin 3 hours ago 2 replies      
BTW it is not actually free. It will cost $1.99/month for the ad-free version but it is ad-free until the end of the year.
4
sehugg 2 hours ago 0 replies      
I bought Card Shark Collection for $2.99 (like, 5 years ago?) and have gotten my money's worth: https://itunes.apple.com/us/app/card-shark-collection-deluxe...
5
orlybach 2 hours ago 1 reply      
I searched "Solitaire" and "Microsoft Solitaire" and it didn't come up. I had to type "Microsoft Solitaire Collection" before I could find it in the App Store. Not to mention it's not even featured under Categories>Games>Cards..
7
q3r3qr3q 3 hours ago 1 reply      
Space Cadet pinball would be a lot nicer.
8
eps 3 hours ago 1 reply      
"Free Premium for one month"
9
ape4 1 hour ago 0 replies      
Firefox says "part of this page are not secure (such as images)". You'd think Apple could make it all https.
10
pinewurst 4 hours ago 0 replies      
I'm still waiting for iOS Bob.
11
freeslugs 3 hours ago 7 replies      
166 MB! :O
12
julingks 2 hours ago 0 replies      
Try Solitaire Decked Out. https://goo.gl/oeixIi No ads.
13
mmanfrin 1 hour ago 0 replies      
In college I tried to see how many games of Freecell I could win without marking a loss. I got up to 1100 before I played a game that someone sent me (seed) that was unbeatable.
14
Yhippa 2 hours ago 0 replies      
Sigh...I've been hesitant to download solitaire (Klondike) to my phone until Microsoft ported it. There, I said it.
15
miguelrochefort 3 hours ago 1 reply      
SkiFree please.
16
partycoder 2 hours ago 1 reply      
I have to confess that I never learned how to play FreeCell.
17
joering2 1 hour ago 0 replies      
somewhat related, saw this today at bed bath and beyond (wtf, truly beyond!) for $39... with wireless controllers. 101 built in games!

https://www.bedbathandbeyond.com/store/product/atari-reg-fla...

18
B1FF_PSUVM 3 hours ago 2 replies      
Waiting for the Windows Phone release.

(crickets)

(Dammit, even the 'MS Studios' games get pointless ads. Class act there.)

19
Hydraulix989 3 hours ago 5 replies      
I don't understand how Microsoft decides that building a solitaire app this is the most efficient allocation of people's time and resources.
20
countryqt30 3 hours ago 1 reply      
166 MB?! WTF?!

Microsoft's mission statement: We strive to balance all hardware performance increases with bad software, such that the overall performance continuously decreases!

19
GuriVR Describe your VR experience and the editor will do the rest gurivr.com
102 points by bpierre  9 hours ago   47 comments top 9
1
danzajdband 8 hours ago 3 replies      
Hi, GuriVR author here. Let me know if you have any questions :)
2
xkcd-sucks 7 hours ago 0 replies      
You can use this link to log in without signing up an email address

https://gurivr.com/stories/?token=PUraxsVQKdPcmD3wKd9uNC&uid...

3
bhouston 8 hours ago 1 reply      
Neat. Built on a-frame, which is built on ThreeJS which uses WebGL/WebVR.
4
strgrd 8 hours ago 1 reply      
VR version of WordsEye? http://www.wordseye.com/
5
eridius 7 hours ago 4 replies      
Clever idea. But scrolling the little VR scene on the right with my mouse is backwards. When I click and drag to the right, the camera pans to the right. But since I'm clicking on the content and dragging, it feels like the content should pan to the right, meaning the camera should pan to the left.
6
rvanniekerk 7 hours ago 1 reply      
Super creative use of A-frame, nice job. I spent the last month or so building a VR project and I found A-frame itself is still very early on and has a number of quirks, any particular issues you ran into?
7
partycoder 2 hours ago 0 replies      
I did not know of WebVR. Reminds me a bit of VRML. I really hope to see this having a higher adoption. e.g: a product like Google Street View moving to it.
8
amelius 8 hours ago 2 replies      
No Pokemon option?
9
zajdband 8 hours ago 0 replies      
excellent!
20
Talking to users defstartup.org
97 points by Plugawy  12 hours ago   22 comments top 5
1
gk1 11 hours ago 4 replies      
Here's an easy way to start a conversation with new trial users:

Send a simple, one-line email that asks them what they hope to achieve with your product/service.

"Hi, saw you signed up for Acme, welcome! What are you hoping to get out of your trial?"

(I've written about this before: http://www.gkogan.co/blog/question-for-saas-trial-users/)

2
Kinnard 11 hours ago 2 replies      
I'm inclined to disagree with the author's thesis. I agree that talking to users is essential, but I think his heurstic is arbitrary: "Youre doing it right if you can get a third of potential users to pay you money within a month of initial contact."

The real number you should be targeting is the number of users you need to pay in order to build a sustainable business, that could be above 80%, it could be below 5%, it could be 0 . . .

This is something that varies widely by business and I don't think it's good advice for a company that falls outside the scope I imagine the author is thinking of.

3
chuckus 6 hours ago 1 reply      
From my experience, I disagree with the heuristic of money paid within the first month for knowing if you are really talking to users, because it doesn't apply especially for enterprise SaaS, where you likely to have a direct sales model, and as a co-founder with no sales experience at the beginning, as you continue to sell subscriptions, let's say the same functionality within a product, you will improve as a salesperson, closing deals earlier and by that heuristic, you know what your customers want.

Consistent user engagement with the product is a better metric to build such a heuristic, because user engagement is direct correlated to value IMO. That's why I am a fan of even charging $1 per month for a product, because it easier (relative to having given it away for free) to increase pricing based on the value you deliver to your customer, which can be measured through user engagement with the product.

4
nxc18 10 hours ago 2 replies      
I'm not sure about the magic number here, but as a user, I do know that I appreciate hearing from the company.

Years ago I signed up for Todoist and I was so impressed by the emails and communication that I got (on top of it being a fantastic product) that I subscribed to premium and have been ever since.

5
smaddali 10 hours ago 0 replies      
Overall I agree with the spirit of the article but 30% could be too high based on the vertical you are in. Collecting feedback when you dont have direct connection to your users ( like you don't have email address ) is hard. Progressively engaging with users and asking/helping them what they want to accomplish will yield lot of insights.
21
Shopifys Frenzy Sell to the most loyal customers in a new way getfrenzy.co
126 points by umedzacharia  11 hours ago   39 comments top 12
1
shmatt 4 hours ago 0 replies      
you guys need to read up on QA

The only way to use it between launches is to delete app and re-download from the app store

And the only way to figure that out was to follow them on twitter, 4 minutes before the launch. Anyone else just couldn't open the app

Awesome work guys, how about testing on "normal" products before asking companies to give you their most important launches of the season

2
tuckerschreiber 8 hours ago 4 replies      
Hello! I'm Tucker, Product Manager on Frenzy.

Frenzy came to be from one of Shopify's quarterly hackdays projects, with the goal of changing flash sales for both merchants and consumers forever.

Frenzy is the best way to buy from brands you love. Whether youre looking to buy rare products, discover new ones, or learn about new brands, Frenzy is the place to do it. Rather than waiting in line at a retail store, missing out online, or simply forgetting about a sale Frenzy puts the hype of the best product releases in your pocket. When you buy from a seller on Frenzy, its just like buying from them in person but you can do it anywhere in the world.

Frenzy will be launching this week with merchants Kith, Love Your Melon, Raised by Wolves, Off the Hook, and more, who will be selling products exclusively on the app.

Happy to answer any questions!

3
thebestagency 10 hours ago 3 replies      
This looks cool. Shopify seems to be one of / the most competent players in the eComm space. Wonder if it will pan out successfully.
4
brianbreslin 10 hours ago 1 reply      
I think this is a brilliant move. I've seen people lining up around the block at the sneaker shop near my house for a new release, so I'm sure there is the online equivalent.
5
mywacaday 9 hours ago 0 replies      
Seems to be like ibood.com but as a service.Really like the ibood concept as its European based, a lot of the deals you see online are exclusive to the US, hope that won't be the case with getfrenzy
7
Awk34 11 hours ago 1 reply      
I see that it's iPhone only. Does anyone know if they are making an Android app?
8
camwest 9 hours ago 1 reply      
I wish Amazon used this for their sale of the Classic NES (https://techcrunch.com/2016/11/11/nintendowned-amazon-sells-...) flash sale.
9
ybrah 8 hours ago 0 replies      
Ottawa tech :)
10
neutronicus 9 hours ago 1 reply      
This sounds exciting specifically for selling tickets to anticipated events. The amount of servers crashing under load is too damn much in my experience.
11
joenot443 11 hours ago 2 replies      
Damn. Wonder if we'll see any merchants using this on Black Friday.
12
rhizome 7 hours ago 3 replies      
This seems oddly worded:

"With Frenzy, theres no limit to your sales volume, the number of products you can sell, or the bandwidth you need." [emphasis added]

22
Show HN: A DigitalOcean-like support community for your website in 3 minutes haash.io
141 points by maliman  13 hours ago   86 comments top 29
1
samsolomon 12 hours ago 3 replies      
I'd suggest allowing people to signup via email.

Many people don't want to attach their social accounts to business functions.

2
maliman 6 hours ago 0 replies      
For those frustrated that there's no email signup, please fill in this form https://haaash.typeform.com/to/IOrUUI . We'll notify you once we add it very soon.Thank you!
3
neom 11 hours ago 2 replies      
This is epic. As a former-digitaloceaner I know how much work went into building the community (the community director at DigitalOcean is incredibly good at her job) and how well it as served the business. If you have the ability and time to build a community around your product, I highly recommend it, brand evangelists are something you simply cannot buy.
4
iuguy 12 hours ago 1 reply      
I like it. In fact I have a project in mind for which I might use it next year.

I think your pricing model might need a bit of work though. I think you're offering too much in the free tier (particularly given that I can run a free community with unlimited entries but have to pay $94/month for 50000 on the other plan), and pricing per registered community user might be worth looking into.

Other than that I'll definitely come back in the new year when I'm ready to give it a try.

5
maliman 13 hours ago 3 replies      
A DigitalOcean like support community for your website in 3 minutesHi, Soufian from Haash here, i've always found DigitalOcean support community https://www.digitalocean.com/community/questions smart and fascinating. A clever way to deliver support and manage knowledge. One of the reasons they came from nothing and became rapidly popular.

Haash is basically getting the same community support hosted space in few seconds. Just signup, create, tweak it to match your website feel and start using it.

Would be happy to answer any questions

6
marktangotango 8 hours ago 1 reply      
Is there a 'whitelabel' capability with this service? Ie, could I point community.mysite.com at your servers with a cname record? Does anyone else care about this?
7
abreu 8 hours ago 1 reply      
Always start with email signup first. Not the other way around. You just lost a ton of potential beta-testers and users on your HN moment.
8
martinald 12 hours ago 4 replies      
Nice idea, I like it. Not sure about the name at all. Sounds like marijuana distribution as as service :).
9
kowdermeister 4 hours ago 1 reply      
I don't get this. Is this different than installing a modern OS forum engine?
10
_puk 11 hours ago 1 reply      
Tried to read the terms and conditions.. got an error [0]

Whilst you are there, the terms and conditions aren't obviously clickable.

Also, would love to be able to sign up with email, but only get Facebook / Twitter auth options. Ironically the tab is titled "Log in with email | Haash"

That aside, I can see this being useful, really like the setup.

0: https://s12.postimg.org/z1cuq8lzh/Screenshot_2016_11_23_14_3...

11
akuji1993 12 hours ago 1 reply      
The UI of your site needs to be a little reworked. I don't want to click on every single FAQ question and get taken to another site, for example. Also, being able to only login with FB or Twitter is not acceptable. There absolutely need to be free accounts, as well as Google Account Logins.

A nice idea, needs some remodel and some smoothing out edges.

12
smoyer 11 hours ago 1 reply      
To create an account, you have to agree to the terms of service:

"By signing up you indicate that you have read and agree to the Terms of the service"

Being a conscientious user, I click through to read what I'm agreeing to and find:

"You do not have permission to perform this operation"

IANAL but I'm pretty sure this won't be legally binding.

13
scosman 11 hours ago 0 replies      
$5 a month for the FAQ product? Charge waaaaay more for a product targeted at businesses.
14
i__believe 10 hours ago 1 reply      
One thing you may consider is having private or invite only communities. Almost all the offerings out there are for public communities, which leaves in house self help an untapped market.
16
adim86 11 hours ago 1 reply      
I love the branding on this product, very light and fun, also friendly and catchy. It reminds me of dropbox. Great work, maybe when you make some money you can get a good logo to go with it. Good stuff!
17
dutchbrit 9 hours ago 0 replies      
Looks really nice!

Searching is a tad slow but I have seen slower. Maybe implementing ElasticSearch might be a nice idea. Would also result in better search results.

18
lai 12 hours ago 1 reply      
Cool idea but I would highly suggest that you fix all the misspelled words.
19
onion2k 13 hours ago 2 replies      
Isn't the good thing about community support the people who help rather than the tool that's used to run it? You can't build a community of helpful, interested people in 3 minutes.
20
poorman 12 hours ago 1 reply      
Not sure what's up with the A/B testing though. Plus pricing seems to change between a slider starting at $29/mo and a flat $5/mo fee.
21
mrwebmaster 12 hours ago 1 reply      
I'm using http://www.question2answer.org/ , how does it compares to it?

Q2A doesn't have:- instant search - Intercom integration- Single Sign-on

22
sakopov 8 hours ago 1 reply      
Not a DigitalOcean user here but this looks like StackExhange clone for small online businesses. Is this correct? Very nice and clean.
23
willow9886 6 hours ago 1 reply      
Typo in the "A built-in Q&A engine for community support" section..

publicaly -> publicly.

24
brilliantcode 9 hours ago 0 replies      
YES! I was looking for exactly this last year. I'm so glad somebody found the time to make a product out of it.
25
ricardobeat 12 hours ago 1 reply      
Communities don't seem to work on mobile at all.
26
estrabd 7 hours ago 0 replies      
You had me until I had to use pedo twitter or Fakebook. No thanks.
27
poorman 12 hours ago 1 reply      
This is actually nicely done.
28
fiatjaf 12 hours ago 2 replies      
I don't like DigitalOcean community.
29
sideproject 4 hours ago 0 replies      
For those who are interested in creating a more full featured online community, I run HelloBox

https://www.hellobox.co

Haash.io looks simple and nice. HelloBox would be for those looking for other bells and whistles.

23
Procedural Dungeon Generation: Cellular Automata jrheard.com
117 points by tosh  12 hours ago   13 comments top 8
1
contingencies 5 hours ago 1 reply      
I recently injured my ankle while traveling in Vietnam and decided to learn some Lua by writing a roguelike.

I discovered that the 'best' (most complex/featuresome/interesting/interactive/playable) dungeons available today are apparently almost universally accepted by the roguelike community to be those in the game Brogue, which I was so impressed with that I tried to share here twice but it never got upvoted. It's really impressive, check it out: https://sites.google.com/site/broguegame/

Why is it impressive? As it turns out, modern dungeon generation does not simply produce a map, but rather iteratively improves upon a map given assumptions around playability (minimum connectivity / maximum dead-ends), density (don't put all the interesting stuff in a corner), proximity (some things must occur near other things), etc.

2
shakna 10 hours ago 0 replies      
Using automata can be slow, but it does tend to generate some of the best dungeon-crawling caves in my (limited) expirience.

However, the Future Work [0] section sort of points out the hardest part of all this. Avoiding back tracking.

Last time I attempted something like this, the only solution I could come up with was running a second automata, designed to generate small dead links between large groups of dead cells.

I was terribly impressed with the results.

Kyzrati's guided generation seems interesting, but my immediate thought is how linear it makes the caves - almost too much, which was the complaint against Skyrim's caves by more experienced players. But by the same token, it was precisely what more casual players liked about Skyrim's cave systems.

[0] http://blog.jrheard.com/procedural-dungeon-generation-cellul...

3
jtolmar 6 hours ago 0 replies      
This is one of the classic procedural algorithms. I wrote my first version fifteen years ago; it's quite nostalgic :)

The other classic algorithm that I've gotten the most mileage out of is: http://www.roguebasin.com/index.php?title=Basic_BSP_Dungeon_... . Using rooms the size of entire subdivisions (instead of the smaller ones on that page) makes a nice contrast with the cellular cave algorithm.

The only algorithm I've come up with that's nearly as nice as these two is competitive flood fill. First you randomly pick center points for rooms, create a priority queue of [distance to room center -> room + tile], and add the room centers to the queue. Then you repeatedly pop tiles, add them to the corresponding room, and add their neighbors to the queue, until all tiles are in rooms. This is basically a discrete version of a voronoi diagram, but the trick is that implementing it this way allows you to safely mix different ways to measure distances, and you get wild shapes when some rooms use manhattan distance and others use euclidiean distance. (Some day I'll do a proper writeup of this, but not today.)

4
cestith 7 hours ago 1 reply      
Thanks to the interactive nature of it I noticed that for my taste I can get satisfactory, fairly open cave output in fewer iterations (4 to 6 rather than 9 to 12) if I start with .3 fill chance, 4 birth threshold, and 3 birth threshold rather than .45, 5, and 4. In fact, it seems almost as if at those values more iterations have the cave seeming to fill in with muddy sediment around the edges.

A non-interactive page about the same topic I'd have either had to set up my own environment for this or I'd have moved on without really toying with the values. Instead I've already found a way to get results that would satisfy me with fewer cycles spent.

5
mysterydip 8 hours ago 1 reply      
As a hobbyist gamedev and world builder, I love stuff like this. Kudos for making everything interactive. It really helps the learning/"aha!" process to be able to change things on the fly as you're reading about it, rather than having to roll your own to follow along.

In the more organic portions of my current project, I'm definitely using something like this :)

6
jimsmart 7 hours ago 1 reply      
Related:-

There's a great set of Unity3D tutorials by Sebastian Lague [0] that use cellular automata (and a few other tricks) to create a procedural cave system.

The initial cave creation technique is nigh identical to this article (purely because both use cellular automata).

Lague then joins orphaned spaces to the main space via shortest paths, using a rough Bresenham line-draw through the in-between cells (plotted with a 'brush' that is wider than one cell, so the path is traversable).

He then creates a smoother polygonised 2d/3d mesh from this grid of cells using marching cubes/squares.

The end result is quite pleasing, and fairly tweak-able :)

Both Lague's approach and his code are quite clean, so I expect the process could easily be ported to other languages / frameworks.

[0] https://www.youtube.com/playlist?list=PLFt_AvWsXl0eZgMK_DT5_...

7
mrfusion 1 hour ago 0 replies      
It wild be so cool to get this to work with VR.
8
yoz-y 9 hours ago 1 reply      
Heads up, passing 0 as first parameter to generate-grid makes the javascript on the page to freeze, at least on Safari (maybe an endless loop).
24
Elm for the Front End, Right Now bendyworks.com
59 points by listrophy  4 hours ago   51 comments top 6
1
kcarnold 1 hour ago 1 reply      
I really want to like Elm. When I'm writing JS/React code, I sometimes think "this would be so much nicer in Elm!" - especially for architectural issues. But the few times Ive actually tried doing something in it, I find that the parts of what I want to do that fit cleanly within Elms walls are really nice, but the parts that dont quite fit get hard quickly. Suppose I want to do something with the DOM that doesnt quite fit into virtual-doms model -- I suddenly have to make a complicated JS interop and work around things to get at the raw DOM node... whereas with React I can just hack something together, try it with users, and learn that I should actually be doing something completely different anyway. Or maybe I dont actually know yet what I want to have happen in every possible condition? Maybe I feel this way because I just dont have enough experience, but it may be a fundamental trade-off involved in how Elm makes it hard to do things wrong.

Has anyone had some positive experiences with prototyping / rapid design iteration with Elm and can share some tips / encouragement?

2
kinkdr 4 hours ago 3 replies      
I wish they would stop making changes just for the shake of change. E.g. Up until 0.17 most code examples where using the prime ' character.

With 0.18, Evan decided that using prime is bad taste, so he decided to break any code that uses it.

Sure, it is not a big change, but it means they are not respecting user's time and it is a sign of things to come.

Sorry for the rant.

Edit: I hope my reply doesn't get misunderstood. I love Elm and use it in all my side projects. I think it made wonders for introducing new people to the ML world.

Edit2: Sorry, didn't meant to make so much fuss about it. It is indeed a small thing.

3
ggregoire 4 hours ago 9 replies      
From what languages is Elm inspired? I've a Java/C#/PHP/JS background and I feel really uncomfortable with Elm syntax.
4
rdtsc 3 hours ago 0 replies      
Speaking of Elm I liked this video from Erlang Factory about using Phoenix and Elm together. They both have a functional flavors so I think it might appeal to same people:

https://www.youtube.com/watch?v=XJ9ckqCMiKk

The first half is about Phoenix, the second about Elm. I don't know much about front-end stuff but I did like the Elm bit as an intro, especially the debugging and nice error messages part.

5
leeoniya 3 hours ago 0 replies      
in case anyone's wondering, it performs about the same as 0.17:

https://rawgit.com/krausest/js-framework-benchmark/master/we...

6
botexpert 3 hours ago 2 replies      
why not flowtype/typescript+js es6+react+redux/mobx?

currently a pretty nice reactive mobx-state-tree is on the frontpage of hn.

26
Tech firms seek to frustrate internet history log law bbc.co.uk
197 points by jsingleton  14 hours ago   150 comments top 25
1
zmmmmm 12 hours ago 9 replies      
The logical end point, if you think it through, is scary for technology. There will be a battle for a time where legislators play cat and mouse with technology and privacy companies. But as each new hole appears, they'll invent new laws to close them off. This wouldn't be so bad except for the problem that encryption is math and short of making math illegal there will always be a hole. Factor in steganography and it just gets worse.

But this doesn't mean that technology wins. Rather, it makes the loss even worse, because it means the laws will ultimately have to be defined in reverse - rather than outlawing encryption, they will have to outlaw inability to decrypt. That is, it will be the end user's responsibility to ensure that authorities can decode data you transmit. Transmission of undecryptable data will be a crime, in and of itself.

Apart from the obvious dystopian consequences, this will impact progress in technology tremendously - suddenly it won't be possible to just invent a new data format or protocol any more. Doing so will put you at extreme risk of being interpreted as sending unauthorised encrypted data. So data formats will have to be registered - to send data in a new format you will first have to register a codec with the government and probably yourself have to be licensed. This will have a severe chilling effect on innovation. Software development, already dominated by tech behemoths, will become completely out of reach of small development teams simply because the regulatory burden is so high.

It's a depressing picture but given the trends of late I don't really see it going any other way. Only some extreme swing back towards individual rights over rights of the state will change its direction. But terrorism seems to have set in as a permanent tool for governments to grind away at individual rights.

2
stevetrewick 12 hours ago 3 replies      
"To ensure they do not succeed, we do not comment publicly on the methods or capabilities available to the security and intelligence agencies."

Oh but you don't need to, because it's obvious. All my encrypted traffic to my overseas based VPN will be logged (legal). Then you'll demand my keys so that you can decrypt it. If I don't or can't comply then I will be - by definition - a criminal and potentially a terror suspect.

Which is why 'just use a VPN' is not really a satisfactory response to this kind of legislative landscape. Just doing so paints a target on you.

Which is not to say I don't appreciate the VPN providers stepping up, the more VPN users there are the more expensive it is to persecute them individually.

3
anexprogrammer 11 hours ago 2 replies      
Is it too late to return 2016? It's clearly defective.

How long until...

"Anexprogrammer was clearly a suspect individual. He used A&A, a UK ISP, widely considered sympathetic to terrorism under the thin guise of blogging about preserving privacy. The ISP has even provided information on how their users may circumvent the law and expressed the opinion it was a bad idea!

It gets steadily worse, Anexprogrammer often used a VPN, from an overseas company who made a feature of logging nothing, another technique widely used by terrorists to evade our beloved leader's protections. He even admitted to viewing online pornography, illegal in the UK, where performers appeared to be actually enjoying themselves.

He was also suspected of being a believer in climate change and is known to have signed a petition against fracking. The 20 year maximum security sentence for illegal circumvention of logging is considered lenient."

May the "one bad actor" that goes in there and gets the entire database please dump the histories of the politicians asap?

4
oliverjudge 14 hours ago 5 replies      
The scariest line was this:

"Terrorists and serious criminals will always seek to avoid detection."

The fact that in the public eye they're going to be claiming they are doing this under terrorism, will give a lot of weight with non-technical people.

5
wotstowaway 12 hours ago 3 replies      
In fact, it's already possibly (and easy) to obtain the un-anonymized browsing history of millions of people. I was part of a (journalistic) team that got their hands on a free sample from a company that offers "website traffic analytics", and which uses browser extensions as well as mobile apps as their main surveillance tools.

The data set contained the complete browsing history of almost 3 million German Internet users, and except for a few popular sites (like Facebook), no URL cleaning/anonymization was performed at all.

So here we have a single provider that is able to capture the browser traffic of 5 % of the population already, and is ready to disseminate this data to anyone who can pay the price (even giving out months of data for free). As there are dozens more companies that collect data using a variety of ways, it wouldn't be surprising to me if you could stitch these individual data sets together to get the traffic of > 50 % of all Internet users, without having any central point of data collection.

So although the government is a real threat to citizens privacy, unregulated private actors are much more dangerous in my opinion.

6
verytrivial 13 hours ago 3 replies      
The problem with these systems is regardless of the efficacy, they are incredibly difficult to dismantle and easy to re-purpose with the stroke of a pen.

And these "tech-savvy" people are dreaming if they think that access to VPN services from the UK will remain legal in the UK, esp. after a naughty person or two is shown to have used one to commission a crime. It won't happen quickly, but #include frog_boiling.h.

7
shp0ngle 13 hours ago 2 replies      
The most scary thing for me is that both political left and political right is nowadays for increasing surveillance - and there is no one in opposition.

Except probably for Pirate parties, which are mostly irrelevant.

8
Sean1708 11 hours ago 0 replies      

 > "Terrorists and serious criminals will always seek to avoid detection. 
You mean like by using completely unencrypted SMS to plan terror attacks[0].

Also, "world-leading" my arse.

[0]: https://www.techdirt.com/articles/20151118/08474732854/after...

9
typeiierror 12 hours ago 1 reply      
Brian K. Vaughan's comic Private Eye [1] foreshadows what might happen if this dataset is breached. The premise is the digital cloud "bursts" - all private data is suddenly dumped and searchable - forcing people to completely abandon their identities and assume new ones - changing their name, appearance, re-starting their careers, etc.

When you consider this in the context of technologies like Voco [2] and Face2Face [3] that can fabricate a speech or make a fake "hot mic" video from a public figure, it makes you wonder if we'll ever be able to prove things are __true__ in the future, and what the value of our identity is if it can be shattered beyond repair due to negligence from a third party. What do we do then? How do you cryptographically sign yourself?

[1] http://panelsyndicate.com/comics/tpeye[2] http://www.bbc.com/news/technology-37899902[3] http://www.graphics.stanford.edu/~niessner/thies2016face.htm...

10
Terr_ 13 hours ago 0 replies      
Can they amend their ToS so that anybody in the legislature or their immediate families has their account activity published publicly? :P
11
balabaster 11 hours ago 2 replies      
Pardon my extreme language but Fuck! How on earth do bills like this come to pass without uproar widespread enough to quash it.

Shit like this seriously makes me want to give up on the internet and walk away from it despite it having been my lifeline and the foundation of my income since I was in my teens almost 30 years ago.

12
coldcode 9 hours ago 1 reply      
Assuming you can't block a VPN connection since business use them, how would this work? I assume at some point you simply ban HTTPS or non-public connections, or require government certs to be the only ones used (I think Turkey or some similar country is looking at this) so MITM can be done. Of course once you stick your foot into security, all the bad folks out there will take advantage, and their goes your financial industry and more. It's a stupid idea all around but the dolts in charge seem to either not care or don't understand. Also calling all of your citizens terrorists is a nice touch.
13
theandrewbailey 11 hours ago 2 replies      
How is this surveillance system supposed to work? Logging DNS requests? How feasible would it be to get everyone to look up every domain on the Internet and DDOS this surveillance system?
14
elcct 12 hours ago 0 replies      
Apart from VPNs I can see the rise of plugins like this:

https://cs.nyu.edu/trackmenot/

Purpose of such tools is to add noise and obfuscate the traffic.

15
semi-extrinsic 13 hours ago 2 replies      
The thing I don't get about the UK is that they have very pervasive surveillance set up both online and in the real world, yet anyone can buy a mobile phone and a prepaid SIM at some random Tesco's and pay with cash without giving their name or ID.

Why do they keep allowing this? Other countries have always required presenting ID to buy a SIM. It's a surveillance measure that's presumably quite effective, but also far less invasive than this law and others.

16
0xCMP 4 hours ago 0 replies      
"Terrorists and serious criminals will always seek to avoid detection."

And normal people too, assholes.

17
MWil 13 hours ago 3 replies      
One option is to hide your internet history, the other is to automate it (including signing up for and logging in to sites you don't necessarily visit) so that your machine is logging 24/7 and your small portion gets lost in the haystack
18
matchagaucho 10 hours ago 0 replies      
Features like "You are currently logged in from 5 different devices" are event log-driven.

Unfortunately, this level of security and consumer protection is only found in top-tier online services.

Service providers can spin this "compliance" measure into a "benefit" for their customers/users. The net result, more users will disable or report rogue sessions.

19
a3n 8 hours ago 1 reply      
> "Terrorists and serious criminals will always seek to avoid detection."

So, if you don't want the government to see your thoughts, you're a criminal.

20
Razengan 14 hours ago 0 replies      
Won't these attempts to "frustrate" just result in even more draconian laws?
21
chinathrow 12 hours ago 0 replies      
The storage vendors must have a hell of a party these days.
22
throwaway1974 13 hours ago 0 replies      
A majority wont care since it has nothing to do with Britain got Talent or Goglebox

A minority will be pushed to use proxies and vpn's which will flag them for closer examination

Everything is going according to plan so...

23
tn13 5 hours ago 1 reply      
Bullies are cowards. That lesson from school is generally true for bullies in real world too.

Government is just that coward bully. True that US government's tyranny has been rise year on year under leadership of presidents of all political stripes and yet it has meant zilch for either their political goals states good objectives.

All the recent wars by US government have been massive and spectacular failures, fight against terrorism has only created far more threats, people's approval of drug legalization is all time high, gays are safest they have ever been and it is easiest to get almost any kind of gun illegally than in past.

Politicians are very eager to control you life but they are so incompetent with that power that eventually it would not matter. The only problem I see that increasing government spending which will slow down US economy.

24
arca_vorago 6 hours ago 1 reply      
Having visited England recently, despite the surveillance engine being prepped in the US, the contrast of the extent and the lack of rights and legal means in the UK to protect the people from bad laws like this was palpable. So look at it this way, at least you don't live there.

If we keep headed in the same direction though it won't be long before we forget all the reasons for the American Revolution and let the globalists convince us to rejoin the empire cough the commonwealth again.

Of course, any American who advocates for such a thing is traitorous, and should have the full weight of the law brought down on them.

I don't know, maybe I'm crazy and I'm the only one who thinks oaths mean anything these days.

I will say this though, beware the Rhodesians and their round tables.

25
elcct 12 hours ago 0 replies      
> The Investigatory Powers Bill provides law enforcement and the security and intelligence agencies with the powers they need to protect the UK and its citizens from terrorists and serious criminals.

But how it is going to protect the UK from funny criminals?

27
Reddit CEO admits to altering user comments that were critical of him reddit.com
158 points by marcoperaza  1 hour ago   122 comments top 20
1
JorgeGT 57 minutes ago 4 replies      
And without an "edited" mark, which means that any comment of any user can be covertly modified by an admin. Very concerning since Reddit comments have provoked even Congress hearings: http://thehill.com/policy/national-security/296680-house-pan...
2
qwertyuiop924 39 minutes ago 2 replies      
I was surprised. This was wrong of me.

Reddit (the company) is a wretched hive of scum an villany, where this sort of stuff seems almost regular. Perhaps it wasn't always so: I don't know.

But I can't think of any other forum that would put up with this. If an owner or mod did this on the *chans, the chan in question would be abandoned within the week.

As for HN, dang does as he sees fit, as do the admins: they'll split your thread, redact your post (and if they doesn't, the software will if it gets flagged enough, IIRC), and (or so I heard) even shadowban you of you're bad enough. However, they're mostly right, and not corrupt. And they wouldn't pull crap like this. Blocking a comment that talks about how HN is just a massive circlejerk is one thing: actually altering it to say something else is quite another.

I suppose it might be common on forums run by egotistical gits, but come on, you're heading a company running a large forum/news aggregator. You can do better than an egomaniac with a website.

3
seanalltogether 37 minutes ago 3 replies      
The tension that The_Donald and many alt-right subreddits place on reddit in general seems to be reaching a boiling point. I get the feeling the admins are just waiting for a credible reason to present itself that lets them cleanly wipe out all of them.
4
ww520 43 minutes ago 1 reply      
This is pretty bad. That pretty much destroys the credibility of Reddit's commenting system in a single act. No one can look at the integrity of the comments written others the same any more.
5
pavanky 37 minutes ago 1 reply      
While I strongly disagree with what he did, the level of fake news and conspiracy theories hitting the front page has been toxic and out of control this year.

Everyone has been accusing of Facebook and twitter for spreading fake news while reddit has also been absolute shit at it.

6
Gargoyle 45 minutes ago 1 reply      
Wow. And he knew it was stupid when he did it. There's been a lot of talk about having the right temperament for leadership lately, and this is an excellent example of lacking it.
7
kennysmoothx 37 minutes ago 1 reply      
Politics and the ethics of what spez did aside, /r/The_Donald seems to be one the most nightmarish communities one can think of, and it's a huge.

Very toxic.

8
soup10 34 minutes ago 2 replies      
Reddit has large radical left and radical right communities that are constantly fighting and overwhelm the site with political drama and propaganda. If they don't do something about it they are going to lose the users that come there to look at cats.
9
arkadiyt 10 minutes ago 1 reply      
This post is decaying off of the front page of HN very quickly (every few refreshes it drops a position or more), despite have more upvotes and being posted more recently. Reddit is a YC company as well. Is this post being artificially pushed down?
10
jelder 25 minutes ago 0 replies      
Gas lighting is some pretty advanced abuse. I wonder how often this has occurred before now.
11
tsneed290 42 minutes ago 3 replies      
Could this hurt Reddit's credibility? Seems like it's kind of a big deal.
12
yarrel 38 minutes ago 2 replies      
Plugin to add crypto signatures to comments and validate them? :-)
13
Mao_Zedang 7 minutes ago 0 replies      
Reddit has been on the road to becoming trash website like digg for some time now, the only thing propping them up is the lack of a decent alternative.
14
return0 37 minutes ago 1 reply      
was he drunk or in urgent need of a break? OTOH , good of him to take the responsibility immediately. OTOH, maybe he even wanted to send a message to those who rely too much in reddit's freedom.
15
idbehold 36 minutes ago 1 reply      
Why didn't he simply delete them? Editing their comments seems so odd.
16
necessity 50 minutes ago 1 reply      
Not surprising at all.
17
perseusprime11 5 minutes ago 0 replies      
Shit some people do to stay relevant. That's all I have to say.
18
philfrasty 41 minutes ago 4 replies      
...getting called a pedophile constantly... Why?
19
intopieces 42 minutes ago 1 reply      
Usernames on Reddit do not require even an email address. For that reason, I find it hard to muster up even a modicum of concern for the sanctity of 'authorship' and 'attribution' for individual users. For all I know, every comment on Reddit but my own are generated by a very clever computer.

That congress sees fit to investigate Reddit comments and news websites find credibility in re-posting them are separate issues that absolutely deserve discussion. But the editing of "Fuck [username]" posts...

20
sweetsweetpie 7 minutes ago 0 replies      
People seem to be treating their comments with some kind of sanctity. These changes are most copy-and-replace for humorous effect (message boards in the past have done it). Surely it is obvious that the Reddit staff has the ability to edit or delete comments.

Users might think this is a breach of trust, but I really cant make that jump.

The important thing is that the_donald followers need a controversy to latch onto and will do so.

28
An ancient Chinese bird kept its feathers, and colors, for 130M years washingtonpost.com
51 points by Jaruzel  11 hours ago   7 comments top 2
1
nullnilvoid 8 hours ago 1 reply      
130M years is a long time. What kept the protein for such a long time?
2
T-zex 3 hours ago 2 replies      
Why is this bird Chinese? Humans did not exist back then.
29
Vue.js 2.1 Released github.com
202 points by sadiqmmm  11 hours ago   114 comments top 24
1
CharlesW 8 hours ago 4 replies      
For folks who haven't tried Vue yet, I just completed my first project with it and I'm really excited about using it more.

Specifically, I used learning Vue as an opportunity to upgrade a simple jQuery-based SPA (with a PHP backend) to ES6, JS modules and Vue. It was a little hairy to bite off all of that stuff at once, but the Vue community was really helpful. In contrast to more monolithic frameworks I didn't have to port everything at once, and the re-implementation of the bits I did port are sooo much cleaner.

FWIW, there's a highly-rated Vue.js 2/Vuex Udemy course on sale for an impulse price of $14 (normally $190) as I type this. With the caveat that I just bought the course myself, at that price it seems like a useful resource even if you only have a cursory interest in Vue.

https://www.udemy.com/vuejs-2-the-complete-guide/

2
w0utert 11 hours ago 3 replies      
So far my Vue.js experience has been great. Even though I don't particularly enjoy front-end development and the tools and techniques I'm supposed to use for them, Vue.js has been a breath of fresh air between my frustrations with HTML, Javascript, npm, CSS, HTTP and all the other things that are needed to stitch everything together. It really is a great framework.

The one thing that does still bug me these days is that even now that Vue 2.1 is out, many components I'd like to use are still not compatible with Vue 2.x, and almost all the Vue tutorials, questions, solutions, etc. I find are about Vue 1.x, which is mostly incompatible with Vue 2.x. But that should improve over time, of course.

3
myf01d 10 hours ago 10 replies      
I am sorry if this sounds too ignorant, are frameworks like Vue.js (I actually read the guide and understood some wonderful things about its philosophy since I am actually developing backend mainly) or React, etc.. reasonable to use in websites in general (instead of jquery or taking some tasks from it) or they actually only reasonable for mobile web applications and SPAs?

What about the SEO and search engine rendering to custom HTML elements like in Vue.js components? is it okay or affects SEO?

4
vitomd 6 hours ago 1 reply      
I dont know why Riot.js (another js framework) don't attract more people. I used it and its awesome. Today they launched the 3.0.0 version http://riotjs.com/release-notes/ . Here is a quick introduction http://vitomd.com/blog/coding/hello-riot-js-quick-tutorial-a... I highly recommend it.
5
buckbova 3 hours ago 0 replies      
> http://mithril.js.org/comparison.html

> Vue's implementation cleverly hijacks array methods, but it should be noted that Javascript Arrays cannot be truly subclassed and as such, Vue suffers from abstraction leaks.

Can anyone who knows how vue is implemented explain this statement?

6
woogley 2 hours ago 0 replies      
I'm currently using (and enjoying) my first Vue project. I have to say the camelcase support for JSX events feels like a step backwards. The `on-` prefix had a nice semantic way of telling you that thing is an event (either DOM or $emit from component). Now there's just this implicit `onFoo` which could be an event, or could be a prop, maybe component will invoke it directly like in React, maybe it will $emit, who knows?
7
dpnewman 2 hours ago 1 reply      
I am always looking for the fastest way to build a complete app. Brought me to Rails. Then to Meteor/React (which was mixed). Then some Rails/React which is ok.

Vue looks really appealing on the simplicity and completeness side.

I would like to know from people using Vue what backends you're using. In order to complete the loop - the simplest stack overall Vue+???.

8
aikah 10 hours ago 1 reply      
Nice, I love Vue.js it is light weight yet fulfill 90% of the needs of a large SPA without a third party language, some bureaucratic dependency injection and without getting in the developer's way by mandating this or that build tool. But competition is good so I'm glad there is a front end framework for everyone out there.
9
sync 11 hours ago 7 replies      
Is this looking a lot like Angular 1.x to anyone else? I've heard it's actually more similar to React but I'm not seeing it... ?
10
butu5 5 hours ago 0 replies      
Pleasure to work in Vue.js framework. Very easy learning curve. Simplicity is the biggest strength of this framework.

I have created few tutorials on Vue.js.

https://m.youtube.com/playlist?list=PLJ6Y8JfXAV-8_2lHNgP1DhC...

11
shams93 9 hours ago 1 reply      
I'm going to build a vuejs markdown site editor similar to Gatsby I just don't like Facebook it's refreshing that an independent project is gaining popularity the server side rendering is a big deal when you want to support mobile well.
12
AtticusTheGreat 10 hours ago 0 replies      
I've been using Vue.js for a new project and it is a breath of fresh air after using React. It has all the benefits of Knockoutjs (which was my gateway into these types of frameworks), but much nicer in-code organization (I'm looking at you ko.observable).
13
bedros 3 hours ago 0 replies      
I found this guy creating a todo app using all popular js frameworks

https://github.com/tastejs/todomvc/tree/master/examples

including vue.js riot.js react, meteor, angular 1,2 dojo, duel, ember, jquery ....

it's a great way to compare frameworks

14
overcast 11 hours ago 0 replies      
So glad this project is gaining more and more traction. Been using it since very early releases, when I was sick of dealing with overly complex front end libraries.
15
seanwilson 9 hours ago 5 replies      
I'm looking to move a few projects from Angular 1. What do developers think of migrating to Angular 2 vs Vue for this? I've played with Angular 2 but can't shake the feeling that it's overly complex.
16
nkg 7 hours ago 1 reply      
I still wonder why they moved the events from the constructor to the instance...

Before 2.0:

new Vue({el: "#el",data: someData,events: { myevent: function(){}}});

after 2.0 :

vm.$on('myevent', function () {})

17
od14 5 hours ago 0 replies      
I'm really excited about the scoped slots feature. Finally it's really easy to create components that can be customized by the user from the outside. For example, it's now really easy to create a data table (with features like filters and sort), and with each row showing not only the data text, but also any other feature you might want to embed in it (like attach click listeners to each row, or popup some menu on hover).

I believe there was a way (probably a complicated hacky way) to achieve this previously too, but I never investigated it too much. Now it's really easy.

Kudos to the Vue team for this release!

18
M4v3R 10 hours ago 0 replies      
In case someone user Meteor - Vue plays very nice with Meteor and there exists a great integration package [1], which means if you're familiar with Meteor you can write full stack applications with it very easily and quickly with it. The package supports hot module replacement out-of-the-box. It's also dead simple to start using it, if you already have Meteor installed it's a matter of running "npm install" and "meteor".

[1] https://github.com/Akryum/meteor-vue-component

19
jaequery 6 hours ago 1 reply      
I really miss 1.0's inline way of writing javascript anywhere inside the dom (attributes) via {{ execute_raw_js_code() }} as well as the ability to run filters on it. Is there anyway to get them back on Vue 2? I have to admit, this was a major step back for me when upgrading to Vue 2 from Vue 1.

I also really loved the Vue 1's way of handling transitions. Now having them inside it's own wrapper really diminishes the elegance I felt from Vue 1.

Wish there was some ways to get them back instead of having to downgrade.

20
revskill 7 hours ago 1 reply      
I've been a long time React and Angular user, but is still sick to implement correctly enough SSR for my projects. And VueJS just did it elegantly ! I must say, thank all React + Angular folks as the pioneer for better CHANGES. This is THE time for us to change. Really.
21
tiv 10 hours ago 0 replies      
I've been waiting for scoped slots for so long. I've implemented several workarounds since I started using Vue a year ago. Creating a directive to pre-compile a slot template in the child scope in Vue 1, and then once Vue 2 rolled around, making lots of functional components and passing them around. So glad they finally added this.
22
sergiotapia 9 hours ago 2 replies      
I tried to use Vue 2 for a pet project but couldn't get the routing to work. It seems the router was lagging behind in versions and there were no guides on "router 2.0".

Does this version have a routing guide and production ready routing solution? That's pretty important.

23
vbit 7 hours ago 1 reply      
I have some projects in Mithril - is it worth it port to Vue?
24
chinathrow 4 hours ago 0 replies      
Are there any migration guides from jQuery to Vue which are noteworthy?
30
Jolt JSON to JSON transformation bazaarvoice.github.io
97 points by bencevans  14 hours ago   67 comments top 15
1
fiatjaf 12 hours ago 3 replies      
I see this is a Java library, but if you're in the command line (or even if you are able to call an external process for the job) jq[1] is great.

[1]: https://stedolan.github.io/jq/manual/

2
JayOtter 11 hours ago 1 reply      
The idea of supplying a spec to transform arbitrary data is interesting to me. I did one in JavaScript called Reshaper[1], and then hooked it up to a library wrapper called Smolder[2].

The result was a sort of system whereby data going into a function would be automatically 'reshaped'. It worked well as a proof-of-concept, but obviously was too fragile for most uses (though it's used in the automatic graphs in Kajero[3]). The difference here seems to be that the spec defines the actual transformations, rather than just the desired final structure.

[1] https://github.com/joelotter/reshaper [2] https://github.com/joelotter/smolder [3] https://github.com/joelotter/kajero

3
lolive 10 hours ago 4 replies      
Some food for thought:

JSON format+JSON.parse() make you loose the graph structure of the data you have on your server and that you send to the client. Because it is basically a tree structure.

The Semantic Web defines a graph description langage called N3. If your server can serialize and send the data in such a format, and if you use the function N3.parse() on your client, you eventually retrieve, on the client, a graph of in-memory objects that corresponds to the data graph on your server. You can then traverse that graph in any direction you want.

So basically, with N3, you never lose the graph structure of your data.

And you do not need to restructure your JSON.

4
pluma 13 hours ago 1 reply      
This seems like something that would lend itself to not tying itself to any specific implementation, yet it seems to be entirely based on a particular Java implementation.

It would probably be more useful if it more explicitly tied itself to the Java implementation (i.e. stop pretending to be its own thing) or were more abstract to be worth implementing in other languages.

In the latter case it'd be helpful if the operations were part of the actual unified DSL instead of having a DSL for each transformation (with the implication that each transformation is applied individually?).

EDIT: But if you abstract this away from Java, why not just use JSON Patch: https://tools.ietf.org/html/rfc6902

5
mozey 13 hours ago 0 replies      
I've used template libs to do this in the past, e.g. mustache.js, handlebars.js, Jinja2, etc. Then generating JSON as output instead of HTML. Usually quick to learn the template libraries DSL, and I find templates easier to read than transforms.
6
intrasight 11 hours ago 1 reply      
In .Net-land, I've switched to doing this type of thing in Linq. But if you like XSLT (I still do), you can do it in three lines of code.1. Convert JSON to XML2. Run XSLT3. Convert XML to JSON
7
dr3s 14 hours ago 1 reply      
Interesting but with no mention of json patch in the alternatives. I'm not sure why this project would be better.
8
jonaf 10 hours ago 0 replies      
The readme is more up-to-date than GitHub pages. It answers some of the questions in the comments. https://github.com/bazaarvoice/jolt
9
anilgulecha 14 hours ago 0 replies      
This is an interesting take on schemas in json. Is the big advantage that this provides additional data validation (on top of type validation?) Can there be custom transforms written in javascript?
10
zeveb 9 hours ago 0 replies      
sigh, can we please just stop re-implementing S-expressions and Lisp, and instead just use S-expressions and Lisp?

It's like I'm the only one using electric lighting while all the hipsters are upgrading their wax-dipped hemp brands to artisan whale oil

11
otabdeveloper1 13 hours ago 6 replies      
Are we _really_ going to reinvent all the spectacularly bad ideas of XML, except this time in JSON?
12
fiatjaf 14 hours ago 1 reply      
Seems enormously complicated. Is this "cool" in Java-land?
13
oweiler 13 hours ago 2 replies      
This is much easier to do with Groovy.
14
legulere 13 hours ago 0 replies      
The website stutters here with safari when scrolling, making reading the site a bad experience.
15
Vinkekatten 13 hours ago 0 replies      
Well wy not go all the way there? It's just a matter of time. Here's the manual.

http://www.wrox.com/WileyCDA/WroxTitle/XSLT-2-0-and-XPath-2-...

       cached 24 November 2016 02:02:01 GMT