hacker news with inline top comments    .. more ..    15 Dec 2016 News
home   ask   best   2 years ago
1
Yahoo discloses hack of 1B accounts yahoo.tumblr.com
326 points by QUFB  4 hours ago   308 comments top 51
1
Arubis 2 hours ago 3 replies
Fittingly, attempting to change my password to a 32-character random string generated by 1Password returns an error that the password "cannot contain my email or username", regardless of the contents of that random string (I tried several).

It does, however, _happily_ accept passwordpassword and cheerily move along to confirming that my recovery email account from 2003 is still valid.

2
niftich 3 hours ago 2 replies
> August 2013

> hashed passwords (using MD5)

I don't even know what to say.

> investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies

How is this possible? Aren't most auth cookies just a session ID that can be used to look up a server-side session? Did they not use random, unpredictable, non-sequential session IDs?

3
alyandon 3 hours ago 4 replies
"Separately, we previously disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies."

So that exactly explains how my Yahoo account was used to send spam despite having a password that can't be reasonably brute forced (despite them using MD5). :-/

4
kajecounterhack 2 hours ago 0 replies
Related: former Yahoo security engineer talks about a backdoor Yahoo installed for the NSA to read private emails...behind their security teams' backs...

https://diracdeltas.github.io/blog/surveillance

5
ilarum 3 hours ago 1 reply
In case you are looking for the important information, it seems to be MD5 hash without salt.
6
ausjke 3 hours ago 7 replies
I'm speechless.

More and more are migrating to cloud these days, I expect more and more epidemic leakage will come.

I host everything myself except for email, which is always a headache but contains more private info than all others I manage combined. Maybe it is time to run a small email server again but it is easily said than done, gosh please give me something like a working PGP or whatever for safe emails(PGP is dying from what I read)...

7
CiPHPerCoder 2 hours ago 0 replies
If anyone else has screwed up and used MD5 for passwords and doesn't know a good way to migrate towards something secure: https://paragonie.com/blog/2016/02/how-safely-store-password...
8
ponco 3 hours ago 2 replies
I almost hope the data is made somewhat public so Troy / https://haveibeenpwned.com/ can get a hold of it and provide the public with reassurance.
9
Well on the upside, if you changed your password as a result of the hack from a few months ago, you should theoretically be safe against this one which happened in 2013.

Those security questions, on the other hand, are still fair targets.

10
uptown 2 hours ago 2 replies
When credit cards are compromised, the responsible party is usually responsible for providing identity theft protection. Why not tech firms that seek to store sensitive personal information? Maybe it'd scale back the desire for every firm to collect as much personal info as you'll provide them.
11
zmmmmm 2 hours ago 1 reply
Sorry, there's no shielding Marrisa Mayer from this. Yes, she had only been there a year or so. But that's long enough she should have been on top of security. Yes, she's just killing time until she leaves now anyway. But, the symbolic statement is still important - she should resign.
12
phantom_oracle 3 hours ago 3 replies
there's a couple of things that these major providers getting pwned teaches you:

1) their security isn't good just because of their scale/size (that begins to seem more and more like a false-assumption nowadays)

2) migrating your email to a new provider is quite difficult (consider that the average person will have just 1 - or 2 - email accounts and they link EVERYTHING to it)

3) the price of ads/convenience is no longer worth it. I'm assuming at least a sizable minority of internet users are using ad-blockers these days. They can't get your eyeballs, so they package and sell your data. Granted, you can probably now get the same (raw) data on the black market by paying a fraction in bitcoin and you'll get to see those billions of emails telling people someone attacked their farm in farmville from 2009

Lastly (and I really hope this happens), Yahoo implodes/collapses (cause the average Joe won't migrate willingly) and leaves a vacuum for their 500+ million email users. Hopefully the smaller providers (Proton, Migadu, Posteo, Tuta, etc.) get at least 10% of these users and the email-cartel is broken (somewhat).

13
anigbrowl 1 hour ago 0 replies
It baffles me that Yahoo continues to live an independent existence. It's like a Terminator that never had a clear mission and now just wanders around randomly banging into things.
14
taurath 3 hours ago 0 replies
Its scary to think about the consequences if the only reason Yahoo knew they got hacked was that they are more, and not less competent at security. Do you think the security team {insert retailer, other nontech company with a login screen here} is somehow MORE competent?
15
dfar1 3 hours ago 0 replies
What a hot mess. I am glad I mostly ignored their services over the years.
16
tomc1985 1 hour ago 0 replies
For the longest time my yahoo account (which I had not checked on in many years) reported at least a dozen open sessions originating from IPs in Russia and Eastern Europe, and unlike my legit sessions I was unable to kill them in the control panel (the site would bug out)

So yeah, Yahoo's been hacked. Duh...

Finance and Flickr are about all Yahoo is good for any more, and I think my portfolio page loads (instead of 404'ing) maybe 1/2 the time I request it...

(God I really hope they dont mess with flickr though...)

17
harigov 3 hours ago 2 replies
I hope they stopped depending upon those security questions if that is part of the leak. On a side note, this seems like a great time to be an abuser. One can collect so much information about users - they may actually have more data than any govt in the world.
18
ben174 3 hours ago 2 replies
This is a time where a decent password manager comes in handy. I can look in my password history to see what my password was in August 2013, and see if that password is still in use anywhere else, then change the password on those sites.
19
myared 1 hour ago 0 replies
One day, this will be Google announcing they've had a breach of this size. Not looking forward to that day.
20
jlgaddis 1 hour ago 0 replies
I just attempted to log in to an old @yahoo.com account that I haven't used in probably five years or more.

On the login screen, there was a short notice about this breach (with a link to more details), and after logging in I was prompted to create a new password, and update recovery emails / phone numbers.

That doesn't negate any of this shit that happened, obviously, but maybe they're at least gonna try to make things better (we can hope, anyways).

21
dingbat 2 hours ago 0 replies
security is important, but lets not forget the strides theyve made in making meaningful connections with their audience via collaborative relationships with powerful leaders such as Katie Couric
22
icpmacdo 3 hours ago 2 replies
When are the mutlibillion dollar lawsuits that cause these idiots to get it together with security
23
hvo 3 hours ago 1 reply
MD5 in 2016?.I hope yahoo can save itself and tech community all this embarrassment by just going out of business one and for all.Folks at the helm of affairs at yahoo are incompetent. And it is about time government started to persecute incompetent CEO.
24
AndrewMock 1 hour ago 0 replies
Being a Fortune 500 CISO must be so easy. Corporate expectations are evidently low enough that you probably don't have to show up for work.
25
nsxwolf 2 hours ago 0 replies
What good is requiring you to change your password on the next login? How do they know it's not just being re-compromised? There are a lot of accounts that are orphaned, but the contents are exposed and still a threat to the original owners.

Why not just lock the accounts?

26
drelihan 37 minutes ago 0 replies
How does yahoo have a billion accounts???
27
nkkollaw 2 hours ago 0 replies
It's amazing that they're telling users to change their password/security questions 3 years after the hack.
28
mkhpalm 3 hours ago 6 replies
Guys... let's just delete our Yahoo accounts. That company can't go bankrupt fast enough. It will sell our data for quarters.
29
hacker_9 2 hours ago 0 replies
sigh this is really shitty news. In a time when governments are deciding more invasive surveillance is in everyone's best interest too, it's probably never been more profitable to be a hacker.
30
fname 3 hours ago 1 reply
Maybe that can get Verizon another $1B discount. 31 hbosch 3 hours ago 3 replies So, the scuttlebutt last time was that they disclosed the hack due to a potential Verizon buyout forcing their hand. Seems as though this could be the same thing, generally speaking. Can anyone enlighten me as to how Verizon compels Yahoo to disclose this information? Or rather, how does Verizon know about these intrusions, if they do? 32 anton_tarasenko 3 hours ago 1 reply 33 dom0 3 hours ago 0 replies By now it's probably easier if Yahoo just published the (short) list of services that weren't owned through-and-through right under their noses, and notify users unaffected by any breach (0 rows returned). 34 sciurus 3 hours ago 0 replies 35 LargeCompanies 2 hours ago 0 replies They can have 17 years of junk mail as that's all I ever used yahoo for 36 SixSigma 3 hours ago 0 replies Let's not forget that high ranking officials in the US govt. used Yahoo to send classified information to print at home. 37 swehner 1 hour ago 0 replies Easier to list who was not affected??!! 38 MarkMc 2 hours ago 1 reply So when did Yahoo stop using MD5 as the password hash? 2014? 39 reiichiroh 2 hours ago 0 replies This is the same Yahoo that wants us to switch to a LESS secure password-less Yahoo Key? 40 carbocation 3 hours ago 1 reply I cannot tell from this disclosure -- have they updated their algorithm beyond MD5 at this point? 41 cmurf 2 hours ago 8 replies OK so I'd like to invite the pure free market types to explain how this gets fixed without any government, including no lawsuits. Because I keep hearing from free market types that 100% of phishing victims are ignorant and basically deserve what happens to them, if they can't learn that they're being duped they deserve to be duped, they somehow think wholesale loss of trust ends up being focused only on specific companies rather than entire technologies. And so on. So how are these externalities dealt with where there is no such thing as insurance for this type of breach? There's no way to put the toothpaste (my private information in the form of answers to personal "security questions") back into the tube (only my brain or nearby sphere of influence). And this goes along with IoT devices that aren't having their known exploits patched by their manufacturers. Similar problem different details. So without broad laws that say this is wrong and here is a mechanism to attach a tangible cost to this information so a proper risk assessment is done, I imagine we keep seeing this happen with essentially no punishment beyond what Yahoo already is getting punished for. 42 camus2 3 hours ago 1 reply Notice that this is yet ANOTHER hack, not the one HN was talking about a few month ago. also notice they were still using MD5 passwords AND without salts ... None of these hacks have been disclosed directly to their users, I never got an email saying I may have been hacked and I should reset my password, irresponsible. 43 JustSomeNobody 3 hours ago 1 reply What value does Yahoo have for Verizon now, the brand is so tainted? 44 draw_down 3 hours ago 1 reply I thought "didn't they already announce this recently?" Nope, that was a different one. Boy oh boy. 45 platinumrad 3 hours ago 0 replies Plain md5 again. Nice. 46 GoodieBear 1 hour ago 0 replies This Yahoo company seems pretty cavalier. 47 DougN7 3 hours ago 0 replies This occurred in 2013. 48 netrap 3 hours ago 0 replies I guess this is the final nail in the coffin... 49 CodinM 2 hours ago 0 replies RIP 50 jwatte 2 hours ago 0 replies nelson_ha_ha.gif 51 jasonmp85 3 hours ago 1 reply Anyone up for trying to get a corporate death penalty law on the books? 52 points by soneca 1 hour ago 44 comments top 10 1 jonchang 41 minutes ago 1 reply It may be instructive to read the Editor in Chief's piece as well as the Retraction Watch commentary. Of interest is that the plagiarized piece fabricated wholesale a study population, making the published results incorrect and possibly dangerous. http://annals.org/aim/article/2592772/scientific-misconduct-... http://retractionwatch.com/2016/12/12/dear-peer-reviewer-sto... 2 cmontella 38 minutes ago 1 reply This actually happened to my advisor when I was in gradschool. He gave an assignment to review a paper that he had written several years before, but had never published. One of the students decided to search for the title, to find similar papers. Lo and behold, she found a paper with the same exact title published in some obscure journal... curious. Turns out it was the same exact paper. Well, almost. The plagiarizers made two changes: of course they made themselves authors, and they added several citations to papers they had written (or plgarized?). The saddest thing about all this is that each of the plagiarizers were themselves holders of doctorate degrees. These were not grad students who didn't know any better (although a grad student should know better), but full tenured professors! I can't think of a better example of how the reward system in academia skews scientific progress. 3 devin 17 minutes ago 1 reply What about the plagiarist's other contributions? Will there be any additional investigation into whether or not those papers were his own? I found it a bit puzzling that the plagiarist's name was not mentioned, although it is easy to find from the links provided in the article. Why the professional courtesy in light of such an egregious violation of same? Edit to add: The second link in the comment by jonchang answers my question. Though, I don't fully agree. It ought to serve as a warning to those would-be plagiarists that if they are caught, there will be real professional consequences. In addition, the verbosity of the retraction is a bit annoying. > As corresponding author I ask for retraction of our article Finelli et al. (2016[1]) with the consent of all co-authors, because of unauthorized reproduction of confidential content of another manuscript. The data in the retracted article actually are from a cohort of patients from the Boston, MA enrolled in a trial registered in ClinicalTrials.gov, NCT02454127. We deeply regret these circumstances and apologize to the scientific community. "unauthorized reproduction of confidential content of another manuscript" and "The data in the retracted article actually are from a cohort of patients from..." ought to read: "This manuscript was plagiarized, and the data falsified." 4 DanielleMolloy 37 minutes ago 2 replies Interesting. More context: http://annals.org/aim/article/2592772/scientific-misconduct-... Can anybody form an idea of the motivations behind such open misconduct? It is always very puzzling when people from the science community (which you usually don't enter without being intelligent and idealistic) get into such clearly wrong behaviour. Another case that left me very puzzled (and terrified, regarding how long he got a away with this without someone asking questions - he basically shaped a scientific field): https://en.wikipedia.org/wiki/Diederik_Stapel 5 dekhn 14 minutes ago 1 reply I've had R01 proposals turned down, then seen the same proposal, lightly reworded, submitted by a person who was on my study section, the next year, get funded. that's when I knew it was time to get out of academia. 6 type0 22 minutes ago 0 replies This is such a disturbing thing, it almost makes one to loose all the hopes on academia. 7 fred_is_fred 41 minutes ago 0 replies Here's a good explanation of the whole story: http://annals.org/aim/article/2592772/scientific-misconduct-... For some reason it didnt load without me going into incognito mode, probably adblock related. 8 p4bl0 27 minutes ago 0 replies This kind of situation would be avoided by open peer review or at least overlay journals. One more reason to go the open access route. 9 kkirsche 55 minutes ago 5 replies I don't have the context here to understand what's going on by I feel bad for the author that their work was plagiarized. With that said, why didn't the author have a signed legal NDA in regards to the document? 10 x1798DE 48 minutes ago 5 replies This is obviously an insane thing do (most fields are small enough that you will expect at least one person from the original paper to at least read the plagiarized paper), but this seems untrue: > As you must certainly know, stealing is wrong. It is especially problematic in scientific research. The peer-review process depends on the ethical behavior of reviewers. That people get proper credit is less important in scientific research than elsewhere, not more. It's obviously bad incentives, but with science it's most important that the information is accurate and gets out. Doesn't sound like the guy made it less accurate by republishing it with his own name on it. I also find the "open letter" tone here a bit annoying and petulant. If this guy admitted what he did, why publish this without mentioning his name, and with just general platitudes like this? No one is on the side of someone who does this. 3 One More Sign World Is Shrinking eBay Is for Suckers matthewsag.com 140 points by silverdrake11 2 hours ago 76 comments top 24 1 StanislavPetrov 12 minutes ago 0 replies Its sad to see how far Ebay has regressed. I was a seller of lots of random (and sometimes very expensive) things (mostly collectibles) on Ebay for many years. I had 100% feedback, often going out of my way (and taking a small loss) to deal with crazy and/or difficult people in order to keep my perfect feedback status. I would pinpoint the time Ebay went off the rails to many years ago, when they changed their feedback system. The whole beauty of Ebay was that it was based on reputation. If I was selling something for thousands of dollars, I would only allow buyers that had plenty of good feedback. This simple system allowed you to avoid 99% of scammers. The only scammers that got through were people who spent a long time acting legit and building up lots of positive feedback, then "going rogue" and using that built-up goodwill to pull off a scam. This risk was small and worth taking (happened to me twice after hundreds of sales). At some point, though, Ebay changed their feedback system so that sellers could not leave buyers negative feedback! You could only leave positive feedback, or refuse to leave feedback at all. Overnight, the entire reputation-based system of buyer/seller reputation was destroyed. Within three months of the change I was hit by three scammers, after selling less then ten total items. This was more scammers than I had to deal with in a decade of prior Ebay sales. There was simply no way for me to figure out which buyers were legit, and no way to warn other sellers which buyers were scammers. As evidenced in the article above, Ebay has absolutely no interest in blocking these scammers. Contacting Ebay inevitably results in a canned response that has nothing to do with your issue. Shortly after they changed their feedback system I stopped selling on Ebay all together. It just isn't worth dealing with the scammers, and Ebay seems to think that their current business model is fine. 2 noonespecial 1 hour ago 1 reply For what its worth, thats the "brick scam". As in "you can't sell apple stuff on ebay anymore because of the brick scam". Usually, they send you a return package with a rock or brick inside approximating the weight of the original package. Its famous enough at this point that its impossible that ebay is unaware. They are fully aware and are choosing to continue to profit off of this. So much so that the "shell game" the author faced is likely scripted by this point. Ebay consumes sellers as a raw material as part of the process. That's their business model. 3 manacit 18 minutes ago 0 replies As someone who casually sells their old computers/phones on the internet, eBay is completely useless for something like this. It's frustrating that they advertise it on TV as a place to sell old equipment, actually trying is futile. Their fee structure is pretty bad (10% of the the sale price?!) compared to just selling it locally on Craigslist if you are in a big metro. The eBay UI to figure all of this out is even less so, and I had to resort to Google to figure basic information. Less than 24 hours after listing an iPhone 6s for sale, it was 'bought' by someone who was an obvious scammer. They reached out and asked for my direct PayPal email, citing that eBay was broken. Of course, I told them to pay through eBay or I wouldn't ship the phone. Immediately after this, I reached out to customer support and reported the account. This did absolutely nothing - the sale was locked up for a week "pending payment" until the buyer 'reported their account stolen' and the sale was reversed. Nobody responded to my ticket, absolutely nothing happened. I ended up selling it in that time frame locally in less time than it took to deal with all of the eBay BS, and I was able to get something like$50 more.

4
walrus01 27 minutes ago 0 replies
I would never buy or sell consumer stuff like an iphone on eBay. On the other hand, I buy used/refurb network equipment all the time, from sellers that have like 8000+ positive feedback and 99.8% positive feedback ratings. Very rarely a problem, and no higher rate of problems/DOA items than with any other refurb equipment dealers. There are some amazing deals out there for things that are fresh off 3-year corporate leases, or have been decommissioned from telecom/ISP sites somewhere for whatever reason. Want a 48-port 802.3af PoE 1000BaseT switch for really cheap, with proper cisco IOS, to put in the wiring closet of your house? It's a good place to look. For consumer goods, not so much.

also: I confine my purchasing on ebay to and from US domestic vendors with verified accounts, and I never sell to consumer end users...

5
zeahfj 1 hour ago 4 replies
I used to work at eBay Trust and Safety. The place is a nightmare and will not improve. The culture was destroyed by Meg Whitman and never recovered.

This kind of fraud sticks out like a sore thumb in click stream. I had no trouble finding fraud and building algorithms to automatically detect it but I did find it impossible finding someone at eBay who cared enough to do anything about it. eBay still gets paid so no one wants to be in charge of a revenue hit. I doubt that's changed.

Mark Carges tried to turn it around in 2008 and failed.

I have high hopes Facebook can move into this space.

6
mperham 1 hour ago 4 replies
If you google the buyer's address, it's home to a package forwarding service. Do not ever do business with a buyer using such a service. 100% guarantee it's a scam.

7
jrs235 1 hour ago 5 replies
This is why I'm starting to consider taking video of me packing and placing goods in the shipping box (while at the shipping company), placing the shipping label on the package, and dropping them off directly with UPS/USPS/FEDEX (all in a non clipped video). Then also recording the opening of any packages received in returns. Problem is this probably still wouldn't be enough evidence and sufficient for eBay.
8
rickyc091 1 hour ago 0 replies
Ugh, sorry you had to go through this. I was in a similar case not too long ago. Basically the same start... the item arrived and a claim was filed stating that the phone wasn't working. I offered to help since it was perfectly fine before I shipped it, but I was ignored. I waited until the last date before accepting the return. As Matt mentioned, eBay basically forces you to accept the return or you lose the item.

The buyer never shipped it back so it finally timed out after another 30 days and I was able to file a claim and get my money back. Good to know I can unlink from PayPal since they pulled the funds directly from my account. I was in a negative balance.

Here's the kicker. If you decide to checkout on any site using PayPal, they'll actually authorize the full balance behind the scenes. I was definitely surprised when I saw a $400 charge for a$11 item I paid for.

eBay sucks for sellers, but you typically still get the best value aside from dealing with criagslist.

9
hackuser 10 minutes ago 0 replies
> eBay is an enormous company with over $8 billion in revenue a year, so naturally it's difficult to talk to anyone there who is not a computer It's not naturally difficult, it's just a decision by eBay. With that kind of money they could pay and train people to provide service to you. Larger companies than eBay operate tech support services, and my guess is that tech support is higher-skilled than the customer service eBay needs. 10 ensignavenger 14 minutes ago 1 reply I only sell on ebay rarely, but I buy stuff all the time, big, small, expensive, foreign and domestic, from big sellers (lots of feedback) and new ones. I have never had any problems, some times I am disappointed by the cheap junk I buy from China, but generally I am quite satisfied. I have had to request a refund once or twice because something was not as described, but I don't think I have ever had to escalate to ebay or PayPal on anything. All this being said, anecdotes aren't data, and I worry every time I read an article like this that I am going to get burned bad one day. 11 neutered_knot 50 minutes ago 0 replies This has been going on forever. Here is an example from 2007, almost identical to the one in the post. https://ask.metafilter.com/77638/Can-I-trust-PayPals-seller-... 12 ars 54 minutes ago 1 reply What I do to protect myself is record a video of me packaging and shipping the item. I record the video at the post office itself, and of course include a shot of the post office. Start the video showing a closeup of the item, then record yourself packaging and sealing the box, and putting on the address label - then very important record an image of the address label, and finally walk it over to the drop box, put it in, and pan wide to record the building. Make SURE never to have the item go off frame or people will say you pulled a trick. The post office where I am is open 24/7 and deserted at night, so it's easy. When I shipped UPS the guy looked at me funny and warned me he didn't want to be in the video, but other than that I was able to record (and I included the tracking receipt I got from them in the video). It's a lot easier if you have a second person holding the camera, but it's also possible with a tripod, or even just holding it if you prepare all the tape stuck on one side of the flap so you can work one-handed. Do a test shot to make sure your video camera is good enough that you can actually read the address label - and even better the serial number on the product. Keep the video for a long time, several months. I've never actually had to use any of the videos I've made, but I keep making them anyway. 13 jaimex2 11 minutes ago 0 replies Yeah, eBay is not a place to casually sell anymore. The 10% fee was bad enough but now you have to place a bond account even if your account has a long reputation of happy customers. Facebook marketplace is the way to go. You get way more exposure and can usually sell something in minutes. 14 pmorici 15 minutes ago 2 replies Your problem was checking the box that said you would ship world wide. You can eliminate 99% of fraudulent ebay buyers by only shipping within the US or your local region. also keep and eye out for package forwarding addresses those can be problematic as well but not as bad as a straight foreign shipping address. 15 morganvachon 15 minutes ago 0 replies I learned a while back to never, ever sell a phone or tablet on eBay. I only use Swappa for this service now, and I've bought and sold several devices on there with zero issues. Anecdotal, I know, but they give equal protection to buyers and sellers, and their employees are actively involved in each sale. 16 imgabe 1 hour ago 1 reply It sounds like they still have their money and eBay is "demanding payment". Is there any reason to give into this demand? Obviously the Ukrainian scammer is not going to sue. It seems unlikely that eBay is going to sue over$465. So, keep the money and don't use eBay anymore (which it seems like was the case anyway).
17
ignorantguy 1 hour ago 3 replies
I wouldn't recommend ebay to anyone at all. This article probably will help potential scammers to actually cheat more people.
18
Dowwie 48 minutes ago 1 reply
This is loosely related to the subject but I wanted to point out a scam that I was victim to and nearly lost more than a grand:. PayPal doesn't protect vacation rental by owner scams.

The reason that this was a close call rather than complete catastrophe was that I had the listing reviewed by the service's internal investigation team while I transacted. The team altered me of fraud, I responded immediately with PayPal to learn that hey guess what - their fraud claims policy excludes vacation rental services! They refused to help me. Further, the scammer knew this policy limitation, and even left me a troll voicemail as I was escalating the scam that was along the lines of "guess what? PayPal won't refund you!"

Fortunately, I used a credit card for payment. I managed to file a claim with the credit card company and reverse the fraudulent charge.

The reason I escalated this listing as a concern was that it had zero reviews and was new. The owner was also a bit too accommodative of my requests. I proceeded with caution.

I went to the authorities about this, including the secret service, who for whatever reason handles fraud like this. I never heard back from anyone.

19
Spooky23 38 minutes ago 0 replies
I'd never do business with eBay, ever. You can surf around there and spot obvious scams in 5 minutes that have been run for a decade.

I consider them a co-conspirator.

The best bet for selling was Amazon, but now is Facebook groups.

20
JumpCrisscross 27 minutes ago 0 replies
Contact your state banking regulator and report eBay and PayPal. New York State's Department of Financial Services is particularly strong and responsive [1].
21
em3rgent0rdr 1 hour ago 1 reply
eBay is centralized moderation. Maybe a distributed p2p market-based moderation with reputation scores for moderators in addition to sellers, like openbazaar, is the solution: https://blog.openbazaar.org/how-moderators-and-dispute-resol...
22
intrasight 50 minutes ago 0 replies
I've not used eBay in years as a seller - ever since they started withholding my funds pending approval/release by buyer. Now I just use Craig's List and Facebook and sell face-to-face. And as a bonus, I've met some pretty cool people.
23
andrewclunn 57 minutes ago 0 replies
Okay... So how is this evidence that the world is small?
24
djoldman 1 hour ago 2 replies
Why not just pick "no returns accepted" when selling?
4
Starting a real business stripe.com
141 points by hepha1979  3 hours ago   38 comments top 8
1
tvladeck 1 hour ago 3 replies
If you're just starting out, the worst decision you can make is to incorporate as a C-corp. An LLC makes vastly more sense, even for the tiny proportion of companies that want VC funding (and specifically institutional funding - funding from other sources would not matter as much - I'll explain why below). Stripe Atlas really ought to make the default an LLC.

The two major reasons why:

1. When you're a C-corp, you pay taxes twice. Once at the corporate level, and once at the individual level. This matters both for ongoing income but also for any liquidation event - as most liquidation events are asset, not stock, sales, you're getting taxed twice here too.

2. You can go from LLC -> C-corp easily but not the reverse. Why would you make the decision before you have to? Start as an LLC. In the very unlikely event you are taking institutional funding you can convert; in most cases, you'll happily stay as an LLC and keep the extra tax dollars you'd be giving the government.

Finally - all this business that VCs prefer to invest in Delaware C corps because of the legal knowledge there is - sorry - bullshit. They do it because they have to invest in taxed entities, because they themselves are partnerships so their interest in any flow-through entity will flow up to their investors, some of which are non-profits. Non-profits, like pensions, risk losing their non-profit status if they have unrelated business taxable income. There is a solution here, which is to have a special purpose blocker corp that sits in between the VC partnership and the LLC. This is done all the time in private equity but not in VC and there is no principled reason why not.

So there you have it. Don't do Stripe Atlas because you're forcing yourself to make a decision you don't need to make right now, that's irreversible, and that may end up costing you a lot of money.

IANAL, but I am a Wharton MBA

2
patio11 1 hour ago 4 replies
I wrote this (and the linked guide). Feel free to ask me if you have any questions or comments, in particular about things you'd like to see us cover in the future. If you'd rather do it over email, my address is my HN username @stripe.com
3
soared 2 hours ago 3 replies
> 80% of entrepreneurs are sole proprietors or partnerships

This seems interesting but makes complete sense. Most ideas likely won't pan out and incroporating usually isn't worth the time. I'm in Colorado and making a c-corp took all of 15 minutes, but I've been told in other states its a huge proccess. If it wasn't so simple and I didn't have free legal support, I definitley would not have done it.

https://stripe.com/atlas/guide#incorporation

4
hbcondo714 2 hours ago 0 replies
Lengthy and comprehensive guide[1] but no support for LLCs (yet) which cost less to incorporate
5
crispytx 34 minutes ago 0 replies
Seems like Stripe is trying to jack Clerky's business.
6
miles_matthias 1 hour ago 0 replies
Absolutely love this! There's no one better than Patrick to talk about starting a "real" business and being a solo entrepreneur. Really looking forward to learning as much as I can from his guides.

On a personal note, Patrick is an awesome guy. I'm still super thankful he took time out of his busy schedule to do our little podcast: http://startupcto.io/podcast/0-23-cross-training-with-sales-...

7
sillepl 3 hours ago 2 replies
Stripe Atlas would be a lot better if it would have more of the kind of payments that CoinPayments allows: ETH, DASH, Monero, Litecoin, ...

I believe that Stripe Atlas has only Bitcoin as a cryptocurrency, correct?

8
hkon 2 hours ago 1 reply
If you want to know if you are running a real business, answer this simple question.

Are you making money?

If you are, you run a business, if not, you run a liability.

5
Introducing the React VR Pre-Release oculus.com
55 points by majc2  2 hours ago   19 comments top 6
1
andybak 1 hour ago 1 reply
Compare and contrast: https://aframe.io/

A-frame has got a certain amount of traction, it's component based and declarative. It feels like an extensible "VR HTML" (or "VR Web components"). React is similarly component based - but one step removed from the markup.

2
ilaksh 21 minutes ago 1 reply
I really want WebVR to work but when I tested with a Chromium WebVR-capable build I ran into a bunch of aframe samples that claimed my browser was not VR capable, some that were really choppy in performance, and a handful thay worked correctly.

After that I started thinking I should just build in Unity because there was a much greater liklihood of people actually using it with a client they download that actually works rather than hoping they would have a working browser for WebVR.

I also would like to have browser windows available inside of VR for interfacing with remote desktops or any existing 2d interface. Which you can do that with Unity using a browser component from the Asset Store.

But I would prefer using JavaScript/A-Frame if it would actually work for most people.

It seems that Altspace maybe is some custom build of Chromium build because they support aframe.

3
cma 1 hour ago 0 replies
The future of the VR web: everyone who uses it gives patent indemnity across their whole portfolio to Facebook. Facebook only gives reciprocation across the narrow patents covered by React/ReactVR, not their full portfolio.

If you build a part of your business on this, they can pull the license if you sue them for infringement in some completely unrelated area and leave you screwed.

4
iamleppert 2 hours ago 5 replies
So, where is all the real work being done?

Oh, that's right, by THREE.js inside the normal WebGL API.

This is just a fancy way to execute a banal-ly simple 3D scene that takes a single parameter - what text to show. It doesn't do much and I don't see any useful abstractions for the usual 3D primitives and doesn't meet the requirements of 3D programming in general.

5
Pfhreak 2 hours ago 5 replies
I don't understand the intent here. What am I building that's a browser VR experience? That's as foreign to me as saying a browser cooking experience. Those are words, but I just don't understand how they'd operate together in a way that would be enjoyable and easy to use.
6
Yokohiii 32 minutes ago 1 reply
How do I say that this is total bullshit without being spotted as redditor?
6
Kickstarter open-sources their Android and iOS apps kickstarter.engineering
403 points by mecredis  8 hours ago   55 comments top 16
1
unsoundInput 7 hours ago 4 replies
Kudos to them. Compared to the web it's rather cumbersome to poke into packaged and released mobile apps, so I really appreciate access to the source of a real world app for learning and comparison.

The Android codebase looks very modern and well structured. I think it makes great use of many of the goodies (gradle, rxjava, retrofit, dagger, android support lib, ...) and learnings (bring your own MV*; use Fragments when you need them, stick to Activities if you can) that is state of the art in Android development.I think it's a great thing to skim through if you are interested in developing for Android or to compare it to you own app.

I can only assume that the same is true for I iOS. I'll certainly check it out should I start developing for that platform.

2
120bits 5 hours ago 1 reply
I'm not a mobile app developer by profession. But I always wanted to start learning and developing real world apps. The problem I always ran into the tutorials and demos, that they are mostly limited(i.e not close to solving real world problems). I think browsing their code, will give me a good start. And I would know how it's done right! Thank You!
3
tthbalazs 8 hours ago 0 replies
I had a chance to see Brandon from Kickstarter talk about their functional approach at the Functional Swift Conference in Budapest. I highly recommend watching it!

4
ohstopitu 6 hours ago 1 reply
Last year when I was working on a startup's mobile app for Android, it was almost impossible to find good quality code that was open sourced.

I am really happy that Kickstarter has released their android app as open source - would definitely be a great learning experience!

5
dblock 7 hours ago 0 replies
For anyone reading their post, we're so humbled by Kickstarter mentioning the tiny Artsy for having inspired some of this work. If you're interested in the open-source by default conversation and need some ammo to bring this to your team, start at http://code.dblock.org/2015/02/09/becoming-open-source-by-de...
6
krschultz 5 hours ago 0 replies
This is very exciting. There simply aren't a lot of open source "full scale" Android apps. Most of what you find are quick sample apps which simply don't show the complexity inherent in most professional apps. The largest other ones I'm aware of are Github, Google I/O, and some of the AOSP apps.
7
rezashirazian 6 hours ago 0 replies
The iOS app looks like a treasure trove, I can't wait to download it and dissect it. It'll be interesting to see how they integrated playgrounds into their development cycle.

I just wish they had upgraded to Swift 3.0

8
john_gaucho 6 hours ago 0 replies
This is great. I hope they also provided good documentation / commenting. This can be a fantastic learning tool for programmers at all stages.

Kudos to kickstarter.

9
perfmode 5 hours ago 1 reply
What's the purpose of Android's ApplicationGraph interface?

https://github.com/kickstarter/android-oss/blob/888a37468358...

10
shmerl 7 hours ago 0 replies
Good! I try to avoid closed applications on my mobile devices if possible.
11
mwcampbell 6 hours ago 0 replies
I wonder if they've considered using something like React Native or Xamarin so they can share some of that functional-style code between the two platforms.
12
afro88 6 hours ago 0 replies
This is a really great example of how to do it right when it comes to Swift, MVVM, Reactive Cocoa, Testing, CI etc. Lovely code and architecture!
13
ocdtrekkie 8 hours ago 3 replies
This is pretty awesome. Just because an app connects to a single website/service doesn't mean there isn't a benefit to being open! It's good to be able to trust (and verify) the software running on our devices.
14
melling 6 hours ago 1 reply
They use Swift Playgrounds to do a lot of development:

"Swift Playgrounds for iterative development and styling. Most major screens in the app get a corresponding playground where we can see a wide variety of devices, languages, and data in real time."

https://github.com/kickstarter/ios-oss/tree/master/Kickstart...

I've recently bought into this development method too. It's not quite what Bret Victor dreamed up, but it's a big step in the right direction.

15
SimonSelg 6 hours ago 0 replies
This is awesome! Open source production apps are always useful.
16
stirner 3 hours ago 0 replies
Open sourcing a client is pretty useless when the bulk of the logic happens inside a company's server somewhere.
7
Webpack 2.2: The Release Candidate medium.com
96 points by thelarkinn  3 hours ago   41 comments top 7
1
scrollaway 3 hours ago 12 replies
Looking at the list of changes (https://webpack.js.org/guides/migrating/), it seems like a lot of "magic" has been removed.

That's good. It's kinda funny how this is a very frequent pattern: Build something full of magic and, as you grow more mature and hit pain points, end up removing the magic.

I've had a very similar experience in my career so far as a dev. My code used to be full of magic, auto-guessing things based on how methods are named, etc. I've moved away from that, it wastes more time than it saves.

Anyone else with the same experience?

2
tonyhb 2 hours ago 1 reply
Recently moved to this from webpack 1 for both personal projects and work. Webpack 2 combined with Yarn running inside of Docker to automate builds is the nicest (and fastest) frontend build pipeline I've had yet.

The experience with Webpack2 is so much better:

 - Cleaner documentation - Saner configuration files: - It errors out if you add incorrect flags! - This means that postcss et. al. use config files - Saner module definitions (now called rules): - No query flags! - Actual object support!
Plus tree shaking, code splitting etc. It's way better. Now looking forward to integrating babili within webpack to remove uglify.

If you're thinking of upgrading it's not that much effort given the new documentation, too. Definitely worthwhile, and there seems to be less occasional build bugs using this with newer babel plugins (originally switched because of a crazy stackoverflow parsing a two-deep object).

3
fiatjaf 2 hours ago 4 replies
This thing is so complicated and so full of magic and options and the documentation is so shallow, I can't find examples, can't get a tutorial that isn't uselessly superficial.

I've tried using Webpack in its begginings, because React people only talked in Webpack terms, but then switched back to Browserify, which is simple, not magical and straightforward. I tried using Webpack again lately, with the bizarre Gatsby static site generator, and the failures are enourmous. I can't even understand how exactly does a loader work. Gatsby makes forced use of something called webpack-config or something like that, which is just a useless abstraction on top of the already confusing Webpack config.

Please, someone explain to me what does this thing do that Browserify can't.

4
ctulek 3 hours ago 1 reply
It is hard to find well maintained JS libraries in these days. Thanks a lot for the mature work done here, especially in terms of documentation. So many OS projects launch their new shiny versions in such a rush, they leave their users in darkness for a very long time.
5
mstijak 2 hours ago 1 reply
webpack is great. HMR and code-splitting are killer features. Only thing that I'm worried about is tree shaking. There are a couple of long standing issues about problems with classes and export all statements. Rollup is missing code-spliting, webpack doesn't do tree shaking well and complains about bundle sizes. Not sure what to do. If somehow rollup could be integrated, that would be perfect.
6
sotojuan 56 minutes ago 0 replies
We have an ejected CRA web pack confit that I wanna update to 2 eventually. What's a good migration guide?
7
te_chris 2 hours ago 0 replies
Quick, time for Laravel Elixir to find another beta version to bundle before an actual release happens...
105 points by j_s  5 hours ago   3 comments top 2
1
NateyJay 2 hours ago 1 reply
The link for deciding whether to be nasty or nice when enforcing open source licences is fascinating: https://lists.linuxfoundation.org/pipermail/ksummit-discuss/...

Linus talks about the loss of trust, community, and developers that plagued Busybox after their GPL enforcement lawsuit. I hadn't realized the consequences were so dire. That lawsuit is still sometimes held up as the GPL working as intended.

2
hkon 2 hours ago 0 replies
Wow, this article reminds of the early days of browsing the web. Interesting content written by someone with knowledge.

A rare thing these days.

9
Does It Make Sense for Programmers to Move to the Bay Area? triplebyte.com
219 points by runesoerensen  7 hours ago   343 comments top 52
1
josh_carterPDX 5 hours ago 8 replies
As someone who grew up in the Bay Area, but moved to Portland about three years ago, I can tell you there is a stark difference in ecosystems. However, if you are a young up-and-coming programmer coming out of school, it makes complete sense to move to the Bay Area. If you're an Actor you move to L.A. to get your big break. If you're a programmer, you go to the Bay Area to work for a big firm that will help build your reputation and resume. For people later in their careers who have "been there/done that" it's less about what you can do for a company and more about what you can do for yourself. People later in their career tend to think more about their quality of life after spending years grinding it out in markets like the Bay Area. I know it's the big reason I moved to Portland. I love the tech community here. It's much more collaborative. The salaries may not match what you get in the Bay Area, but what I lose in salary I gain in not being stressed all the time.
2
harterrt 6 hours ago 4 replies
It looks like the salary differential of $33k listed in the article is gross earnings. After taxes this would just barely cover the rent differential of$1.5k/mo ($18k/year). Note that this is the best case scenario according to their estimates. What troubles me is the use of median rent to compare housing costs. As rent increases, renters are likely to downsize offsetting some of the rent increase. I'd be willing to bet Seattle renters are able to get more space for the area's median rental. Accordingly, the salary increase probably doesn't cover the rent increase for a similar sized home. 3 tom_b 6 hours ago 6 replies Interesting that Bay Area hackers make more than local hackers when they relocate outside the Bay Area. FTA:  A 2015 report by Hired found that when engineers from the Bay Area relocate to other areas, they out-earn engineers on the local market. Experience in the Bay Area seems to advance careers. Engineers moving from San Francisco to Seattle make an average of$9,000 more than others who get offers in Seattle. This Bay Area premium is even higher in other cities: $16,000 in Boston,$17,000 in Chicago, and $19,000 in San Diego. [found slide at http://get.hired.com/rs/348-IPO-044/images/Hired-State-of-Sa...] Bay Area hackers are more valued in different markets than local hackers. I would love to see the raw data for the "relocating" hackers and local hackers. Is it a question of applied experience opportunities in the Bay Area hackers? Is just startup afterglow? Are relocating hackers better than average pre-Bay Area experience to begin with and this shows up when they migrate away from the Bay Area? 4 ammon 7 hours ago 8 replies When people compare salaries / the cost of living in different cities, they often fail to account for the fact that many people don't spend their entire salary in the local economy. If you are trying to save money (or pay for college, donate to a cause, or buy a Ferrari) this costs the same no matter where you live. You should only apply the cost of living adjustment to housing (and maybe food). When you do this, living in the Bay Area starts to make more financial sense. 5 dustinmoris 5 hours ago 2 replies So a recruiting agency who makes money from placing applicants in the Bay area, a place with a shortage of developers, writes an article to convince more developers to move to the Bay area ? Yeah, totally trust their data and the data they selected for this article! 6 Henchilada 5 hours ago 2 replies This whole dialogue shows a very laborer-centric view of the world. What is missing from this entire conversation is the concept of being an employer/founder or independent consultant. If you want to bootstrap a startup, the Bay Area cost basis is going to destroy your nest egg until you can raise capital. Also, this conversation implies that you are employed 100% of the time, ignoring any cases where you quit, are fired, or the "rocketship" startup you joined doesn't work out. 7 danwalmsley 5 hours ago 2 replies I did the math on this about 1.5 years ago and came to the conclusion that it wasn't worth it. I was, at the time, in a CTO-level position at a VC-funded startup and so had plenty of opportunities in the Bay, but in the end opted to live in a quiet country town about 2.5 hrs drive away and work from home in a lower-key role. I have a 3yo kid and another on the way, and I do not regret my decision for one second, particularly when I hear horror stories from my stressed-out friends in SF/SJ. Also we can easily pay the mortgage on one salary and my wife is able to finish her PhD without us going into debt. For us, it wasn't just about salary vs cost of living, but also about the stresses of big city life, competing for limited places in overtaxed childcare, sitting in traffic for hours every day, and being surrounded by other parents enduring the same tortures. No thanks. 8 michaelchisari 7 hours ago 3 replies I ended up in Los Angeles because, despite being an expensive city, rents were cheaper than the Bay Area, and the salaries being offered were equivalent. I have a great place in LA that would easily be 50% to double the price in the Bay. This wasn't the only reason but it was one of the biggest. Another reason being that I wanted to work in tech as it relates to media and content, and there were many more options to choose from here. 9 uiri 4 hours ago 1 reply The salaries here do cover the higher cost of living, and if you are able to capitalize on the additional opportunities that are uniquely available here, you could end up doing much more than covering costs. This conclusion is patently false. The article mentioned but failed to calculate California state income tax. That$15k-33k salary differential is going to be eaten by at least $12k in California income taxes. That leaves$3-21k to cover the additional rent expenses which is $250 -$1750 per month. The difference in median rent is almost $1500 per month. The article itself already admits that Seattle is better if you wish to own rather than rent housing. EDIT: The salaries at Microsoft (Redmond) are comparable to the salary figure for Google, Facebook, Twitter, Airbnb, and Uber. The salaries at Amazon are$5-10k lower but make up for the difference in stock.

I'm estimating stock and cash bonus to be 40% of salary (which is conservative for Google and Facebook, I think). California state income tax on $160k is$12k.

10
alex- 4 hours ago 0 replies
I moved (internationally) to the bay area. In my specific circumstances I would not say that it was financially clearly a good thing to do, due to the MUCH higher costs of living.

However as a place to live it is quite nice. Technology is everywhere. You can go to a free meet up and literally see the creator of the language doing a talk (e.g. Guido tomorrow with the baypiggies). It has A LOT of opportunities to pursue the career that interests you. It's warm, close to the coast and a manageable drive to skiing in Tahoe.

Some times it is not all about the profit loss.

11
plandis 6 hours ago 2 replies
This doesn't factor in stock compensation AFAIK. For instance, I started at Amazon at around $90k in salary plus signing bonus of$20k so like $110,000 my first year out of college back in 2013. I made about the same in 2014. In 2015 I got promoted to SDE2 and my salary is closer to$118,000. But additionally I also got like $60k in 2015 in stock and this year my stock compensation is just about$100,000.

I'd imagine this is the case for a lot of tech companies so comparing salary alone probably isn't going to make a good argument one way or another.

Also taxes. WA has no state income tax so add an additional 10% income buying power

12
jeroen94704 6 hours ago 4 replies
This article seems to assume you're single and not in a hurry to start a family. I'd be interested to read an article "Does it make sense for a programmer with a wife and kids to move to the bay area". I secretly suspect the answer will be "no", since no matter how you slice it, a 4-bedroom house in the Bay Area won't be reachable until you are well on your way to, say, 40 or so.
13
rememberlenny 7 hours ago 6 replies
This point is interesting:

 [3] We find that engineers often under-value startup success (growth rate, revenue) when looking for jobs, and instead place an emphasis on brand-recognition, or whether they find the subject area exciting. Now, I don't mean to judge anyone for this working in an areas of passion may be great choice. But if your goal is to maximize your financial outcome, looking at startups more like an investor and picking a company in a big market on a promising trajectory is likely a winning strategy. The Bay Area, with a large number of startups, is probably the best place to do this.

14
tedmiston 6 hours ago 0 replies
Counterpoint: Globalization is real. Top tier accelerators accept companies from outside of the Bay Area and tech hubs these days. You can work for a tier 1 early to mid stage startup in a tier 34 startup ecosystem if you look hard enough (I do).

(The Triplebyte recruiter didn't seem super enthused with that being my response to why I didn't do their process.)

15
pfarnsworth 4 hours ago 0 replies
If you are young, single and in tech, then it makes sense. You don't care if you share an apartment or even a room, you'll make good money and you'll acclimatize to how ridiculous the prices are over a few years.

If you are older, and you have a spouse and/or kids, then it makes less sense. It actually makes no sense if you're coming from a low cost area, and more sense if you're moving from NYC to Bay Area. If you're coming from a low cost area, you will suffer, because even if you owned your house outright, if you sell it it may be a decent downpayment, and then you'll have to spend a lot of money on mortgage. Plus school, commute, etc. I wouldn't recommend it in that situation.

16
anigbrowl 5 hours ago 0 replies
Not if rent/property prices are a major economic factor for you. Obviously you can find deals if you know someone or get lucky, but housing prices have gone back to pre-recessionary craziness. As a homeowner I regularly get mail from real estate agents offering to get the best price if I want to sell; over the last 5 years prices in my neighborhood have increased 300%. Yes, three hundred per cent. A small one bedroom apartment in this nice-but-not-fancy North Oakland neighborhood typically starts around $2000/mo. There's just too much money chasing too few housing units, and while I am seeing a fair amount of new residential construction in the last few years it's only a fraction of the amount demanded. 17 framebit 7 hours ago 2 replies State and local taxes are a big concern that didn't get any mention in the article. 18 Mz 5 hours ago 0 replies My favorite line from the article: (Perhaps you have heard about...) ...the guy on Reddit who calculated that it would be cheaper to commute daily to the Bay Area from Las Vegas by plane than to rent an apartment in San Francisco? However, I am going to nitpick the title: Does It Make Sense for Programmers to Move to the Bay Area? This question really ought to be: Does It Make Financial Sense for Programmers to Move to the Bay Area? I will also suggest that there are facets to this question that really are not covered by the article. I am keenly aware of this because I returned to California as soon as I could for health reasons. My health is simply better here ("here" being California -- I am not in the Bay Area currently). My condition can be very expensive and very debilitating when it is not well controlled. So, while I am horrified by real estate prices out here, for me it makes more financial sense to be here than to be someplace that keeps me too sick to work while running up medical expenses. There are many reasons to want to live in a particular place. While criticism of the insane cost of living and insane pace of inflation is totally valid, I think it is problematic to boil down a decision about which job to take or where to live to these (specific) financial metrics (of salary and rent). Life is multifaceted. Such decisions do not hinge entirely on money. 19 _lex 2 hours ago 1 reply This analysis is very low quality. Engineers move to the bay area not for salaries, but for equity and RSUs. It's not unusual to make your salary again in RSUs, which are usually not that risky. Equity is a mixed ball, however. But these two factors are the unique element in the Bay area, and why you should move there. If you are an engineer in the bay area without loads of equity or RSUs, you're getting ripped off. 20 brilliantcode 2 hours ago 0 replies I'm just not sure if the cost of living is worth the pay increase both from a service provider and business owner perspective.... Arguments like network effect, "being in the ecosystem" or near physical vicinity of other SV startups seem to be the face value but these are only superficial items. I almost feel like with the connected world, as long as you are in a fairly crowded North American city, it shouldn't matter....unless your customers were all focused in SV area. I'm not a city slicker or a instagram traveler so please feel free to offer any alternative view. Maybe being in SF is important but I'm too biased (haven't left Vancouver for 20+ years)... 21 linkregister 6 hours ago 0 replies Mixing median rent and average (mean) salary is confusing. Why not go with median salary? 22 hrshtr 2 hours ago 0 replies I have been in Bay Area for little over 3 years with a fairly stable company. The opportunities are many in all technical fields(pro) but again it comes with the cut throat competition(con). One has to compete with people from FB/Google or new grads who have mugged all DS questions. My interest to stay in Bay Area is with the hope I could be able to join one of the companies which will be Uber/Airbnb of tomorrow and gain great experience and $$. 23 WhitneyLand 4 hours ago 1 reply Does this article have anything insightful? It's easier to compare against Seattle: The housing is still very expensive, and you get only half as many sunny days. Why not compare to someplace like Austin? Most people can afford a real house, it's very sunny, great grad school, great culture, great startup scene. The SV big company advantage is not true. Most of the same big tech companies have a presence in Texas. And guess what. If you work for Microsoft, Amazon, etc, you get all the same stock compensation, same retirement matches, and your resume sparkles just as brightly. The biggest advantage for SV that they don't even mention is making deals. VCs/Funding, partnerships, contacts, etc. All of these exist elsewhere just on a smaller scale. However this stuff is mostly an advantage if you start a company. TripleByte's case is pretty weak. 24 pdimitar 3 hours ago 2 replies > Its easy to hear data and stories like these and conclude that programmers moving to the Bay Area are suckers. After all, salaries have not risen by 70% in the past four years. But what this analysis misses is the extent to which this place and time is exceptional. The author lost me right there, even though I did make an honest effort to read the article to the end. (1) There are plenty of "brain centers" in the world. The fact that they don't tout it day and night makes them no worse than the Bay Area. In fact, as an European, I am more likely to move to Gothenburg, Oslo or even Reykjavik than the Bay Area -- on this basis alone. Most of us Europeans strongly dislike touting. In fact it says a lot to me and many others how the Bay Area gets the most press coverage of being the "tech innovation center of the world". Center of what? The 99% of failed startups that want to disrupt markets that didn't exist yesterday? Center of "work 16 hours a day for the measly promise of 1% equity if we ever take off"? (2) "Amazing place and era to live in" is a good inspirational motto... and it only works until you get your first burnout and wish to just make good money and be at peace, and have time for your other hobbies, significant other or whatever else. I feel sorry for all the tryhard after-teens who are about to find that out the hard way. (3) Company valuations in billions rarely mean anything. I am too lazy to dig around but I clearly remember there were cases of several companies being valued close to 1 billion, only to be sold for ~30 millions several months later. This is hype, it's produced by the investors and VCs themselves, they profit from it, and it has almost zero real-world credibility. I might be oversimplifying this; but I am convinced I am not that far off. (4) The historical flashbacks only make the author want to desperately justify how cool is it to live in the Bay Arean. No, sorry; I'd honestly prefer 14th century Venice compared to San Francisco. There were tangible things to see there, for example Michelangelo's art. What can SF show you? Zombified devs hurrying for their commute, hellbent on zombifying themselves even more in the name of a cause that's 99% likely to fail? 25 kin 4 hours ago 0 replies It depends. If you're just starting out, it could make sense to move to the Bay Area to work for a big name company that will teach you a lot and make you look better on paper. You'll even get a higher salary to use as slight leverage when you decide to work in a different city. Yes, rent in the bay is expensive. But, at least a lot of things will cost the same. An Apple product will cost the same whether you live in the midwest or the bay. A vacation will also cost the same no matter where you live. Just a different perspective of looking at this argument. 26 makecheck 4 hours ago 1 reply When I started my career I ended up in Austin, Texas. At the time, I didnt know much about the place (and it was much smaller than now) but it really is a serious tech hub. Even at its current absurd rate of growth and increasing cost of living, it is more affordable than the Bay Area and has enough else going on that it isnt an exclusively tech climate. Politically, Austin is like a blue bubble in a red state so it is more California-like in that sense too. 27 platita 4 hours ago 0 replies Doing some goal factoring and trying to really understand what reasons would keep you in Bay Area is a good excercise. I'm guilty of noticing being stuck in this artificial prison quite late myself. :) https://medium.com/teleport-stories/another-kind-of-silicon-... 28 JKCalhoun 6 hours ago 1 reply If you plan on buying a home it is worth considering the future when you decide to (semi?) retire from Corporate and sell the kid-raising home. Cashing out in Arkansas means you can move to ... a cheaper part of Arkansas. Cashing out in Silicon Valley means you can go about anywhere. 29 wlk 6 hours ago 2 replies I use this website to compare costs of living between countries and cities: https://www.numbeo.com/cost-of-living/compare_cities.jsp Here's example for Seattle and SF: https://www.numbeo.com/cost-of-living/compare_cities.jsp?cou... I'm wondering if anyone could comment if those numbers look accurate for those cities. 30 bandrami 5 hours ago 2 replies DC/NoVa is hurting for programmers. Particularly if you can get a clearance, there's no shortage of work out here, at a (somewhat) cheaper cost of living. 31 dongslol 5 hours ago 2 replies As a college dropout, I have nowhere to go but the Bay Area, where many startups don't care much about credentials. Everywhere else does. 32 robrenaud 6 hours ago 0 replies It's kinda bad that the article fails to mention the possibility of working at Google or Facebook in Seattle. You can get nearly as high comp without the taxes and high housing costs. 33 aecorredor 6 hours ago 1 reply "drone programming in Clojure" this...hahaha 34 gregatragenet3 5 hours ago 1 reply Go to the bay area, spend a few years becoming ridiculously skilled and invaluable to your organization. Then tell employer you'll be moving to X and telecommuting. X being somewhere with a lower cost of living, and someplace you love (nice beaches, near family, etc). 35 thinkpad20 6 hours ago 2 replies > At Triplebyte, we help engineers around the country (and world) get jobs at top Bay Area companies I admit that I stopped reading at this point. Maybe I read that wrong and they meant "in addition to other areas", but from the way it's written it sounds like a conflict of interest. It's going to be difficult to make an objective assessment of the pros and cons of living in the Bay Area if your business depends on people wanting to live in the Bay Area. 36 nsxwolf 5 hours ago 2 replies I'm married with 4 kids. We like living in roughly 3,000 square feet of housing with on roughly a quarter acre of land, so I'm going to guess in absolutely no universe could it ever make sense for us to move to the Bay Area. 37 joshlittle 5 hours ago 2 replies I always feel like these articles are one sided - jobs and money. Those things make life easier but ultimately are not the things that make life worth living. This article hits on none of the reasons I moved here after several prior extended stays in the City. For what I want out of life, it absolutely made sense for me to move here - even with only 2K in cash, no job, and no place to live at first. I came here for the things you can't easily put a price on - like the weather, local arts, music, and culture. Also driving into the mountains, or down the coast of California. Chicago is no slouch for fun but cold days like this make me glad I'm not waiting for the 'L' outside anymore. SF weather is generally magical. Being in a top US city still gets me direct, reasonably priced, and frequently scheduled nonstop flights to family/friends in places like Chicago, Cincinnati, Los Angeles, Seattle - not always attainable in some of these smaller tech hubs (like Portland, or Austin.) When people move here, there is a constant worry about how much money they will make or what company they work for - I didn't sweat it. Within a month after arriving, I landed a great career. I spent the last two years exploring other hobbies and interests, and nurturing healthy new friendships. Biggest tip I can give - It's nice to get to know people who've been around here for a while, they've seen it all before. Show an interest in your local community. Volunteer your time but branch out of tech. Get to know people here in all walks of life; show compassion You just may be liked enough by some old school San Franciscans that refer you to one of their friends; who rent you their old place (with parking and views on Twin Peaks) for 1200. It worked for me. San Francisco is not an expensive city because of tech alone, it's always been a bit on the expensive side; as there's no place in America like it. Of course this is my experience. I merely bring it up just as a reminder that there's so many things to focus on when decide whether or not moving here is worth it. The questions that guided me in my decision to move here were: What are my goals long-term? What made me decide to move here? What is my contribution to the local community and society - outside of working in tech? Will I ultimately grow as a person; both personally and professionally?Is there enough other activities around that will keep me from being bored that I'll enjoy? My .02. 38 bkbridge 2 hours ago 0 replies As a New Yorker, all we're hearing here is LA, LA, LA. Just a heads-up. Smoke a joint in NYC, spend a night in jail. Smoke a joint in LA, change the world. How I look at it all. We got Brooklyn, and that's about it. 39 bcheung 6 hours ago 1 reply One thing the article is missing and not factoring in is home ownership. It can be a tremendous form of "compensation" as well provided you can weather out any downturns (10 years will probably be sufficient). With high salaries you have high tax brackets. Probably 40-50% total marginal tax rate with state, federal, and all the misc taxes. Being able to subtract your mortgage interest and the fact that your "rent" is going to pay down equity, on paper at least, your living costs are actually lower. Even more so if you have roommates. Factor in 4-10% appreciation with leverage (10% down = 1000% leverage) so that becomes a 40-100% annual ROI. Work in the bay area for about 10 years when you are young and then sell your house. You can buy another house somewhere cheaper for cash and then retire. Might also be possible to just rent out the house in the bay area. The rent should cover rent some place cheaper and have plenty of additional cash flow to live on each month. 40 blazespin 4 hours ago 0 replies Living in the bay area is not necessarily expensive. I pay like very little in rent. It all depends on how you want to live. 41 ww520 3 hours ago 0 replies Move to area of high cost of living for work. Retire to low cost area. 42 tatterdemalion 6 hours ago 1 reply Bay Area tech is a gold rush, and Triplebyte sells shovels. Of course you'll strike it rich. 43 x0x0 6 hours ago 1 reply The article is poorly argued. Paragraph 2 -- if you pick a winning startup (uber, etc) then the bay area is great! Well, yes. The problem is picking that winning startup, and really, if you're good at that, stop wasting your life as an engineer and go invest money for a living. We shouldn't expect eng to be able to pick better than vcs, and their hit rate isn't great. It also uses pre-tax salaries, not after tax salaries, where Seattle has a large advantage; even at 120k, you get 5k more in cash in Washington state. Which may not sound like much, but you should view it not as 5/120 but as 5/80 (roughly your take-home pay). The discussion of housing (where exactly is that sub 800k housing in sfbay) ignores commute times and costs. Sure, if you want to live in outer sunset or east bay and deal with horrid commutes, there's cheap housing. If you want to live within 30 minutes of work, housing will likely be much more expensive. The author also pays no attention to the effects of having to reset your social network / family to exploit moving to sfbay, banking the higher salary, then moving away. That's a large price to pay if your plan is to get to your mid 30s then move elsewhere. And hard to achieve buy-in from significant others who may similarly not be stoked about losing all his/her friends. And finally, it finishes with a discussion of the two most generous employers, google and fb. Who, yes, are generous but also not representative. 44 timothycrosley 6 hours ago 3 replies The smartest thing would be to start in Bay Area, and then transfer to Seattle at the same pay rate. 45 khana 4 hours ago 0 replies Pretend you live in the bay area and use Skype. 46 DoodleBuggy 5 hours ago 0 replies Yes absolutely. For career opportunities alone, yes. 47 jasonjei 6 hours ago 6 replies I do not understand the obsession the software industry has for locality. Wouldn't it make sense for people to work anywhere? Haven't Bay Area companies heard of something called the Internet? If you have to have people in the office to make sure they're working, you already have a fundamental hiring problem. 48 tn13 6 hours ago 0 replies For the following reason: 1. Bay area is extremely tolerant of immigrants and of different people. 2. Bay area is an excellent place for raising kids. The opportunities for your kids to learn are simply endless. There are excellent colleges near by and some of USA's best high schools. 3. Your experience as a programmer in bay area will always be valued more than your experience in Denver other things being same. 4. Job hopping is easier, finding another job when fired is even easier. 5. Skewed gender ratio means women might get more attention. 6. Networking opportunities are unparalleled in the world. Disadvantages: 1. If you don't like racial, ethnic diversity then you might be uncomfortable in bay area. 2. If you are a single male finding a girl would be harder in bay area. 3. Competition is cut throat and sometimes it is stressful. 4. Job security is less as there are more people out there who can replace you. 5. California's tax policies and other government policies are very tyrannical and sometimes pure nonsensical. The Liberal state is far too liberal with your money. 6. Housing is bad. 7. Everything is expensive. 49 hiram112 6 hours ago 1 reply It all depends on your own situation. I, myself, moved from the Midwest to a very high COL East Coast city 7 or 8 years ago. My salary has pretty much doubled, though I imagine at this point it is about 40K more than I could get back home. But I live very frugally, and I have saved a lot of money. The plan is to soon get out of here and buy a nice place somewhere cheaper (South or Midwest) with cash and not worry about making the same salary. OTOH, I think many people end up losing out financially in places like NYC and SF. If your salary is only 40K more than it would be in Omaha, after taxes, you're probably looking at only 30K. If you rent a typical corporate apartment, you're probably now underwater. I think we're going to start seeing more and more people refusing to move to SF, NYC, and DC if salaries don't allow similar lifestyles as 20K less in middle America. 50 imagist 6 hours ago 1 reply Headline follows Betteridge's Law. 51 sealthedeal 4 hours ago 0 replies "The Bay Area in the early 21st century has produced an astounding number of successful tech companies. Uber was valued at 60 million in 2011 and at around 68 billion in late 2015 [1]; Stripe at around 500 million in 2012 and 9 billion during its most recent funding round; and Twitch at just under 99 million in September 2013, before Amazon acquired it for 970 million less than a year later." ^^^ Is not a selling point. Those are anomalies. How about the hundreds of other companies that are going under consistently everyday in the bay area. If I want to work for startups why would I not move to some where like Austin Tx? Get good experience, have a reduced cost of living, and have no state income tax? 52 jjtheblunt 6 hours ago 0 replies No. 10 Running as the Thinking Persons Sport nytimes.com 22 points by Dowwie 1 hour ago 12 comments top 7 1 gragas 21 minutes ago 1 reply I hate how much the authors of this article imply causality. >There also, interestingly, was less activity among the runners in a part of the brain that tends to indicate lack of focus and mind wandering. Could it not be that people who have the willpower to run regularly also have the willpower to stay focused? >In essence, the runners seemed to have brains in which certain cognitive skills, including multitasking and concentration, were more finely honed than among the inactive men. "Honed" definitely implies that running hones those skills, when in fact having those very skills could be a confounding factor. All of that said, I have yet to see a compelling argument against running regularly. 2 jkingsbery 8 minutes ago 0 replies As this described by the NYT (maybe the original paper describes it better?), there's all sorts of problems with this conclusion: - A very small sample size - Confounding factors: one group consists of collegiate runners (i.e., college students), and another consists of "young men" i.e., presumably men who didn't necessarily go to college. Even if both groups consisted entirely of college students, there might be other confounding factors that could explain the differences rather than running itself (eg: runners spend more time outside; runners' days are more structured; college runners probably drink fewer nights a week than average) - The control group "said that they had not exercised in the past year" - could it just be that exercise in some form improves brain functioning? I was a mediocre Division 3 cross country and track runner, so I feel like I'm qualified to say that while there are many benefits of running, improved brain function is not one of them. 3 justinator 15 minutes ago 0 replies Related, How Neuroscientists Explain the Mind-Clearing Magic of Running http://nymag.com/scienceofus/2016/04/how-neuroscientists-exp... 4 huac 54 minutes ago 0 replies It'd be better if they started with control groups of people who don't exercise, and then measured the impact of participating in a running regimen. Pretty cool findings anyways. 5 cylinder 29 minutes ago 0 replies Man, NYT seems to run a piece about exercise and health, especially mental health, and especially running, almost daily. We get it. Personally, I hate running. I like thinking. 6 trentmb 58 minutes ago 1 reply I miss running. 7 russellbeattie 6 minutes ago 1 reply "There also, interestingly, was less activity among the runners in a part of the brain that tends to indicate lack of focus and mind wandering." That's also called "thinking". An unfocused, wandering mind is a creative mind. This article completely reinforces my general opinion of runners tending to be mindless automatons, obsessively rehashing their to-do list and daily schedule while out on their morning jog, before having their extra-foam soy half-caff latte with cinnamon and organic raw agave sweetener and heading out early to 'beat the traffic'. Einstein wasn't a jogger. 12 LLVM's New Versioning Scheme llvm.org 51 points by zmodem 4 hours ago 37 comments top 4 1 static_noise 3 hours ago 4 replies I, for one, cannot keep track of which version we're currently at. It used to be that a major version was introduced with fanfare and broke things. The holy 1.0 or versions such as Python 3 and or Gnome 3. I will always remember if I'm running 2.x or 3.x. Some time after the major version hits 3, the madness seems to begin. Am I running Firefox 73 or 85 or was that last years version? I honestly don't know anymore. Are the stable versions even, odd, Fibonacci or prime? Why not be brave about it and use date-based numberings such as 16.12! 2 nemothekid 40 minutes ago 0 replies I'm glad that semver is being widely adopted outside of the npm/rails world. It's incredibly useful to understand how much work will go into upgrading a package. I think the attachment around "saving" major releases are really just attachments to marketing messages of yesteryear. It still feels good to announce "Library Version 3!", but from a technical perspective, semver is far more consumable and sensible. I'd rather be confident Lib v27.3.0 -> v27.4.3 won't break my build than having v2.9.0 -> v2.10.11 break my build, but look nicer. 3 satysin 1 hour ago 1 reply Why can't they just go with a year based version number like Ubuntu and Windows? year.month-patch so LLVM 5.0 would be LLVM 17.09 (September 2017). 4 wuxb 55 minutes ago 0 replies So stupid. The old scheme is easy to read if you just remove the dot in your mind: 3.8 -> 38, 3.9 -> 39. Now They make it complex by 38.0 -> 38, 39.0 -> 39. Removing a dot and a zero. Not helpful and So stupid. 115 points by pradeepchhetri 7 hours ago 23 comments top 6 1 philips 5 hours ago 0 replies If you want to just try the integration today try minikube https://github.com/kubernetes/minikube#using-rkt-container-e... This integration is about 90% complete and will completed going into 2017. 2 bkeroack 6 hours ago 1 reply It's a shame AppC is going away[0]. OCI is pretty much just a formalization of what Docker already does, so we're stuck with (IMO) implementation details like layers as part of the core image spec. 3 djsumdog 4 hours ago 2 replies I'm stating to really get into containers. They make sense and can keep sane environments; keeping you away from dependency hell (at the expense of potential security issues if you don't have tools that regularly scan and tell you when packages within containers have security issues). Unfortunately, the orchestration formats are all over the place. Kubernetes, DC/OS and Docker-compose all have their own json schema. DC/OS doesn't even support docker container volumes. Rancher can take docker-compose, and it looks like it can deploy those apps on K8s/DCOS, however I haven't messed with it enough to see if that actually works. Rkt just adds even another container format. What once seemed like a nice one-stop isolated application that you could run anywhere is becoming more complicated and more tightly coupled to the underlying container engine and orchestration system you chose to use. 4 markbnj 4 hours ago 1 reply It's really cool to see this stuff emerging, and the CoreOS folks put out some good info at kubecon. We're currently running k8s on the docker engine like probably just about everyone, but for the same reasons as just about everyone we're interested in seeing the development of standard runtimes for containers and orchestration. Having said that, I'm not sure I'm all in on this idea of "pod sandboxes" as the environment in which application components are grouped. I may just need to wrap my head around it, but after getting comfortable with the cluster as the sandbox for applications composed of pods I guess I haven't grasped the utility of the additional abstraction. 5 zwischenzug 6 hours ago 4 replies Does anyone use rkt? 6 bogomipz 2 hours ago 1 reply The article states: "In parallel to the image format, OCI is developing the so-called runtime-spec for describing the runtime execution environment that container engines should provide." I thought the run-time spec was formalized and that we were waiting on the OCI image format to be standardized. Is that not the case? This was from a recent conversation I had with someone at CoreOS. 15 CHVote: Open-source e-voting system from Switzerland republique-et-canton-de-geneve.github.io 382 points by porker 13 hours ago 177 comments top 22 1 yason 11 hours ago 7 replies For giving a guiding vote from the citizens to assist in parliamentary or local decisions, yes. For electing state officials, no. A voting scheme needs to be designed for the worst possible circumstances which practically means a bordering civil war, and where trust between voters is zero at best. Voting allows revolution to take place peacefully. Therefore the method of voting needs to be understood, carried over, and be verifiable by the common (wo)man. No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only, and that word is likely to mean nothing when half the population is already collecting arms. 2 StreakyCobra 12 hours ago 0 replies While I appreciate the effort of putting it open-source, and even more to do it on GitHub, I hope they will hire someone who knows how to use Git/GitHub, like using tags for versioning instead of repository name [0], or using meaningful commit messages [1]. For the future let's see how they will manage external contributions. Opening the code for transparency is a good point (even if this still doesn't ensure you that the same version of the code is running in production on trusted hardware), but doing this on GitHub will certainly bring some contributions. Will they refuse everything? Or accept external contributions? Will they use GitHub as the central development process? If not how are they going to handle the development in intern in regards with external contributions? Also are they going to do all commits with this dedicated state-account? Who will be part and what would be the process for reviewing and accepting external contributions, to be sure they are not adding backdors purposely desguised as mistakes? Having a state starting to work on open-sourcing such a sensitive software in Switzerland opens a wide range of interesting questions. Maybe, and probably, this has already been discussed in other countries or even other part of Switzerland, but in the state of Valais (Switzerland) this is at least not the case. It's not the first project under state control in Switzerland that is on GitHub. I'm also aware of geo-admin [2] who have their sources there. As far as I saw, they are handling GitHub much more professionally. 3 PaulRobinson 12 hours ago 1 reply The system overview is in the github repo here: https://github.com/republique-et-canton-de-geneve/chvote-1-0... For me, they haven't fixed the problem GUN.FREE highlighted when they decided to shut down (https://www.gnu.org/software/free/), but they have highlighted the risks and made them harder to exploit. I need to sit down and think about attack vectors properly, as the process is quite convoluted, but it seems to me there are multiple opportunities for key personnel to change votes and to identify whom voted for each outcome - the scope is limited, and within a very small step due to ballot shuffling, but it definitely is there on a first read-through. 4 tauntz 10 hours ago 1 reply Estonia's E-Voting systems backend code is also on GitHub (for already quite some years): https://github.com/vvk-ehk/evalimine 5 ElijahLynn 8 hours ago 0 replies I have been very interested in Open Voting Systems for quite some time now and have been following Open Voting Consortium, Alan Dechert and more for many years now. It is a problem that I think could have better solutions. There are many good ideas out there for this, and many include paper and open source software. I have compiled a list of reading materials here for those who are interested. https://github.com/ElijahLynn/open-source-voting-systems 6 splike 13 hours ago 4 replies But how does a voter verify that this is really the software running in the background? 7 pedrocr 12 hours ago 1 reply Besides the usual comment that e-voting is a really bad idea[1] this sentence in their copy is delicious: "CHVote, entirely developed, hosted and exploited by the Geneva Canton" 8 homarp 13 hours ago 0 replies java8 based. AGPL.currently used by 4 cantons in Switzerland: Basel-City, Bern, Geneva and Luzern, either for votations or elections. 9 xiphias 11 hours ago 0 replies Shouldn't it be using cryptographic proofs for voting? Ring signatures are good for it for example: https://en.wikipedia.org/wiki/Ring_signature#cite_note-FS07-... 10 specialist 9 hours ago 0 replies These fix all, cure all novel voting systems are like recurring announcements of perpetual motion. Catnip for nerds. Please, study how election administration (in the USA) works to better assess these new technologies, techniques, systems. TLDR: Electronic (mediated) voting schemes cannot guarantee both the secret ballot and public count. Tech which may do one, or perhaps even both, hasn't even been conceived, must less invented. 11 sandGorgon 8 hours ago 1 reply The world's largest elections in india are all electronic.. including voting boxes shipped on elephant, camel, horses and canoe. is there a comparison of this voting system versus the others that exist? 12 triangleman 8 hours ago 0 replies The electronic voting system in Brazil is pretty well thought-out, IMO: https://en.wikipedia.org/wiki/Electronic_voting_in_Brazil Still, I would not trust an electronic system unless it printed a paper receipt behind a glass window, and dropped it into a box when I hit the submit button. 13 bikamonki 12 hours ago 4 replies A successful challenge to the results of an election will most likely end up in a civil war. In other words, whoever is officially announced as winner will remain so, even if proof of fraud is found; accepting fraud would question the capabilities/transparency/independene of the electoral authorities. This situation is aggravated by electronic voting, not because of the possibilities of hacking the system, but because the results come to damn fast: victims of fraud do not have a chance to react. While they are barely starting the legal paper work to ask for a recount, the winner is already giving his/her triumphant speech! 14 coldcode 9 hours ago 0 replies Why build an open source voting system, why not go all the way and build an open source election system? That way no one can complain about voting or not voting. Assuming you could find a bunch of people eligible who are willing to do the work, building some kind of AI system would at least eliminate the hassle, though I imagine not the complaining. 15 Synaesthesia 12 hours ago 4 replies I would like to say I think e-voting is a very good thing and could be transformative to society, given the political will. We have a very weak form of democracy in which we elect representatives and then entrust them to make decisions for us (yes I know we can lobby and petition govt). However this could allow a form of government where the population actually ratifies decisions made by government - a direct form of democracy. 16 rvdm 8 hours ago 0 replies I've always been intrigued by Swiss software. I'd love to know what the Swiss themselves think about this system. To any Swiss people on HN : Do you feel this had a positive impact on society? Maybe more important, would you recommend this to other governments? 17 ljk 9 hours ago 0 replies relevant Tom Scott video on E-voting https://www.youtube.com/watch?v=w3_0x6oaDmI 18 lo-enterprise 11 hours ago 0 replies Most interesting document of CHVote documentation is this one https://github.com/republique-et-canton-de-geneve/chvote-1-0... At the moment, the open sourced part is the "offline administration application" in the green box at the top right. https://github.com/republique-et-canton-de-geneve/chvote-1-0... 19 pksadiq 11 hours ago 0 replies I don't know how are they going to make a Java based application to be AGPLv3 compliant. And I don't know if the source code be provided to every voter on request, as voting is the service provided by the machine. Edit: Yeah, there are exemptions for voting machines in [A]GPLv3. 20 dttrgrr 8 hours ago 2 replies There are necessary requirements in a voting system: 1. Authenticity - One vote per citizen. 2. Secrecy - no one, not even the government, should know who voted for who. 3. Verifiability - I know my vote counts. So if you have a login/password, #2 (logs are too easy) and #3 are out. With a Blockchain, #1 is out (how do you verify that a private key is owned by a citizen)? 21 grondilu 8 hours ago 0 replies What proves that the published code is the one that is actually running? 22 brazzledazzle 12 hours ago 2 replies Off-topic: This one is kind of a curve ball for the temporary ban on political posts. 16 Visual Studio Code 1.8 visualstudio.com 226 points by kentor 5 hours ago 103 comments top 28 1 wwalser 3 hours ago 3 replies I recently moved from EMACS (after using it for ~10 years & ~6 languages) to VSCode. There are loads of things that I miss but overall it's been a fairly smooth transition. I'm moving because I spend most of my time writing javascript and felt that no combination of emacs modes allowed me to keep up with a proper IDE. Emacs is a tool to learn once and use for a lifetime (and I will continue to use it for other editing tasks) but I found that I was increasingly having to learn outside tools in order to gain the benefit that IDEs could hand me for "free" (free like a puppy, retraining your fingers takes months). Things I love: - Intellisense is immediately superior to anything I've used in EMACS. - Debugging from my editor. This was available in emacs for C, PHP & Java using GDB or similar but it never made it's way to javascript as far as I can tell. - Goto definition. - Good typescript and Flow integration Things I miss: - IDO Mode (FML I hate Finder for moving through directories) - Creating files with just the keyboard (probably possible but I haven't figured it out yet). - Kill ring - Moving around the code with just a keyboard (ctrl-v and the sort). - Non-intellisense completion. When your caret is at the end of a word, Command-\ in EMACS completes to another word from the same buffer that has the same prefix and continue to swap through words on subsequent presses. Very useful in a dynamic language. 2 mmanfrin 4 hours ago 2 replies VS Code is, along with Typescript and Vue, one of my favorite things to have entered my world in the past 6 months. They have been rapidly improving VSC and I am exceptionally happy with it. 3 torgoguys 3 hours ago 2 replies Anybody know how many people are on the VSCode team? They're moving so fast in adding useful stuff with very few hiccups...I'm lovin' it. 4 hackcrafter 3 hours ago 0 replies The Just my Code debugger support, where stepping through callbacks can just skip all the in-between functions handled by third party libs looks fantastic. Especially with await / yield-promise type stuff, I could imagine this will make debugging much nicer. 5 americanjetset 4 hours ago 0 replies > Terminal copy and paste key bindings on Windows have changed to Ctrl+C (when text is selected) and Ctrl+V respectively. So happy. 6 angelofm 3 hours ago 1 reply It looks pretty good congratulations to the team. There is an issue though that I find so annoying and I just hope they fix it. I set up the external terminal to git bash on windows and sometimes when I'm deleting commands with the backspace it doesn't really delete the full word, hard to explain but as an example if I type "nani" and then press backspace "nani" stays but I know it has been deleted because it kinda flicks so I type "o" now I have in the terminal "nanio" and sure enough if I now type the name of the file it edits it. Hope this makes sense, I put up with it because I'm really enjoying the product and the speed of development. Big congratulations to the team. 7 earthnail 4 hours ago 1 reply I know they're working on styling, but now that the titlebar is black, too (on Mac), I really, really would appreciate if the status bar would blend in, too. 8 SwellJoe 2 hours ago 0 replies Being able to hide the activity bar puts VSCode into a class of editors I could imagine myself using. I tried it a couple of times in the past, and that damned big ass bar of useless icons bugged me too much (I work on a laptop screen 95% of the time, so giving up that much real estate for something I'd rather do with hotkeys is just painful). It sounds silly to dismiss it over such a small UI thing, but well...my screen is small, my eyes are getting older (so even though I have a 4k display, I can't shrink everything down without eye strain), and vim and Atom don't eat up the screen in the same way. So, I use vim and Atom (mostly vim, as old habits die hard). But, will give VSCode another try. 9 ggregoire 3 hours ago 1 reply > JavaScript improvements: IntelliSense for paths in import Does that mean we don't need those extensions anymore? - Path Intellisense: https://marketplace.visualstudio.com/items?itemName=christia... - NPM Intellisense: https://marketplace.visualstudio.com/items?itemName=christia... (I have not updated yet) 10 rl3 3 hours ago 3 replies Anyone using Visual Studio Code for Rust development? If so, how is it? https://areweideyet.com/ Going by feature set alone (plugins included) it appears like a good choice, though I've yet to try it myself. 11 geostyx 4 hours ago 0 replies I really like the improvements to the settings system. It's a lot easier to use now while still keeping it a simple json file! Also, I did not know how much I needed Zen mode in my life. 12 gremlinsinc 4 hours ago 1 reply Still waiting on docblock support or plugin for PHP, then I'm going to give it a shot. Till then I'll stick w/ sublime. Though I've been trying vim again, maybe I'll finally jump into it.. I mean I jumped into Arch linux + i3wm(tiled window manager), moving into the console for everything seems next logical transition toward becoming part computer. 13 augb 4 hours ago 5 replies Finally, we get hot exit. :) 14 WhitneyLand 3 hours ago 7 replies Why are people using this instead of WebStorm? It seems like: - It a little faster for Typescript (but no better TS features from what I can see). - A lot of people are trying it because it's new, or because they like MS tools. - It's free On the other hand WebStorm still has more functionality overall, a few less rough edges, and a more standard UI (some people don't like how MS Code doesn't have a tabbed doc UI). My personal calculus is that WebStorm is so cheap, I would not allow my primary tool to be even 1% worse to save money. Also I like those crazy guys - they have been pushing out features very fast for years now. 15 azmenak 2 hours ago 0 replies I do almost 100% js dev these days, and I've been switching back and forth between Sublime and VSCode for the past few months. The one major issue I have with VSCode is lack of completions for strings and words which Intellisense doesn't understand. Sublime's CodeIntel dose an excellent job of picking up all the "words" I've used in open files and saves me a lot of typing and typos. Maybe there's some config I'm unaware of, since VSCode's site does mention "words" as a type of completion, but I've never seen it work for js files. 16 RUG3Y 42 minutes ago 0 replies I never thought that I'd like a Microsoft product again, but VSCode is really neat and has become my editor of choice. 17 bopcrane 3 hours ago 1 reply The pace of development on VS code is impressive! I'm really looking forward to the JS improvements 18 tarr11 2 hours ago 0 replies How do VSCode features get ported to the Monaco Code Editor[1]? I was interested in using it but noticed the last commit for Monaco was in October. 19 hkon 3 hours ago 0 replies But I just downloaded the previous version. I am really impressed about the speed of deliveries. 20 hannibalhorn 2 hours ago 0 replies  JavaScript Intellisense in HTML This is awesome - I was just this week looking at using Vuejs for a new project instead of React, but the lack of Intellisense in "Single File Components" with VSCode was a deal breaker for me, better to stay with JSX. I've used all kinds of things before the associated tooling is really up to par, and it's one of those things I often regret later. At least it's still not too late to revisit the decision! 21 itaysk 3 hours ago 0 replies Amazing pace and progress between each minor version 22 hprotagonist 4 hours ago 1 reply Excellent. I have high hopes for a sublime-style "whole document" scroll bar in future releases. 23 jensvdh 4 hours ago 0 replies Fantastic update. The node debugging tools are some of the best out there. 24 protomyth 3 hours ago 1 reply Is there anyway to get user-defined macros? Sublime and JEdit handle them well and was wondering if there is something coming or a preferred extension? 25 aivosha 1 hour ago 1 reply is this any good for python ? 26 azinman2 4 hours ago 0 replies Loving the work done.. now we just need a more complete VIM mode implementation! 27 jongar_xyz 2 hours ago 0 replies I actually find Atom more pleasant to look at. 28 nkg 2 hours ago 0 replies I want to love you, VS. Your name would look so good on my resume.I'm going to try one more time. 17 I've been writing ring buffers wrong all these years snellman.net 290 points by b3h3moth 12 hours ago 143 comments top 25 1 jgrahamc 11 hours ago 6 replies This is of course not a new invention. The earliest instance I could find with a bit of searching was from 2004, with Andrew Morton mentioning in it a code review so casually that it seems to have been a well established trick. But the vast majority of implementations I looked at do not do this. I was doing this in 1992 so it's at least 12 years older than the 2004 implementation. I suspect it was being done long before that. Back then the read and write indexes were being updated by separate processors (even more fun, processors with different endianness) with no locking. The only assumption being made was that updates to the read/write pointers were atomic (in this case 'atomic' meant that the two bytes that made up a word, counters were 16 bits, were written in atomically). Comically, on one piece of hardware this was not the case and I spent many hours inside the old Apollo works outside Boston with an ICE and a bunch of logic analyzers figuring out what the hell was happening on some weird EISA bus add on to some HP workstation. It's unclear to me why the focus on a 2^n sized buffer just so you can use & for the mask. Edit: having had this discussion I've realized that Juho's implementation is different from the 1992 implementation I was using because he doesn't ever reset the read/write indexes. Oops. 2 phaemon 11 hours ago 9 replies > Join me next week for the exciting sequel to this post, "I've been tying my shoelaces wrong all these years". Probably. Use the Ian Knot: http://www.fieggen.com/shoelace/ianknot.htm Seriously, spend 20 mins practising this, and you'll never go back to the clumsy old way again. 3 cannam 5 hours ago 0 replies I love the way this discussion has divided neatly into thirds: history of ringbuffers; digression on shoelaces; fragmentary, widely ignored, replies about everything else (this one included, I'm sure). I like this kind of article and enjoyed this particular one, but the long discussion above about the "right" way to do it goes some way to justifying why so many people are happy to do it the "wrong" way. I've implemented and used ring buffers the "wrong" way many times (with the modulus operator as well!) and the limitations of this method have never been a problem or bottleneck for me, while its simplicity means that it's easier to write and understand than almost any other data structure. In most practical applications, it's memory barriers that you really have to worry about. 4 planckscnst 10 hours ago 5 replies This is another interesting ring buffer implementation that uses mmap. https://github.com/willemt/cbuffer 5 ChuckMcM 10 hours ago 1 reply I have always considered these "double ring" buffers. Along the same lines as how you figure out which race car is in the race is in lead by their position and lap count. You run your indexes in the range 0 .. (2 * SIZE) and then empty is  EMPTY -> (read == write) FULL -> (read == (write + SIZE) % (2 * SIZE)) Basically you're full if you're at the same relative index and your on different laps, you are empty if you at the same relative index on the same lap. If you do this with power of 2 size then the 'lap' is just the bit 2 << SIZE. 6 ams6110 11 hours ago 4 replies Why do people use the version that's inferior and more complicated? Because it's easier to understand at first glance, has no performance penalty, and for most busy programmers that often wins. 7 tveita 7 hours ago 0 replies The Linux kernel seems to leave one element free, which surprised me, but it does have this interesting note about it: https://www.kernel.org/doc/Documentation/circular-buffers.tx...  Note that wake_up() does not guarantee any sort of barrier unless something is actually awakened. We therefore cannot rely on it for ordering. However, there is always one element of the array left empty. Therefore, the producer must produce two elements before it could possibly corrupt the element currently being read by the consumer. Therefore, the unlock-lock pair between consecutive invocations of the consumer provides the necessary ordering between the read of the index indicating that the consumer has vacated a given element and the write by the producer to that same element. 8 dom0 11 hours ago 1 reply 9 falcolas 11 hours ago 3 replies Usually when I'm writing a ring buffer, it's for tasks where the loss of an item is acceptable (even desirable - a destructive ring buffer for debugging messages is a fantastic tool). As such, I simply push the read indicator when I get to the r=1, w=1 case. Using the mask method is slick (I'd cache that mask with the array to reduce runtime calculations), but it's definitely going to add cognitive overhead and get messy if you want to make it lockless with CAS semantics. 10 RossBencina 10 hours ago 0 replies From what I understand, this is the way you'd do it with hardware registers (maintain the read and write indices each with one extra MSB to detect the difference between full/empty). We've been using similar code in PortAudio since the late 90s[0]. I'm pretty sure Phil Burk got the idea from his hardware work. 11 phkahler 3 hours ago 0 replies I find the headline very interesting. It's very inviting because of the way it expresses a sort of epiphany about doing it wrong on a mundane programming task. One is tempted to read it in order to see if there is some great insight to this problem. just maybe it's applicable outside this one problem. It begs the question: if he's been doing it wrong on a fairly mundane thing, maybe I am too. I need to see what this is about. 12 tankfeeder 9 hours ago 0 replies PicoLisp: last function here as circular buffer taskhttps://bitbucket.org/mihailp/tankfeeder/src/3258edaded514ef... build in dynamic fifo functionhttp://software-lab.de/doc/refF.html#fifo 13 noiv 3 hours ago 0 replies Just in case, StackOverflow has some variations for JavaScript, although not that much optimized ;) http://stackoverflow.com/questions/1583123/circular-buffer-i... 14 ared38 3 hours ago 0 replies Dumb question: why use power of two sized rings? If I know the reader won't be more than 100 behind the writer, isn't it better to waste one element of a 101 sized rings instead of 28 of a 128 sized ring? 15 pawadu 10 hours ago 0 replies > This is of course not a new invention No, this is a well known construct in digital design. Basically, for a 2^N deep queue you only need two N+1 bit variables: http://www.sunburst-design.com/papers/CummingsSNUG2002SJ_FIF... 16 kazinator 9 hours ago 0 replies > don't squash the indices into the correct range when they are incremented, but when they are used to index into the array. Great! Just don't use it if the indices are N bits wide and the array has 2N elements. :) Not unheard of. E.g. tiny embedded system. 8 bit variables, 256 element buffer. 17 hzhou321 10 hours ago 2 replies He keeps stating the case of one-element ring buffer. Is that a real concern ever? 18 jstanley 11 hours ago 0 replies I had to pause for a second to convince myself that the version relying on integer wrap-around is actually correct. I guess that's the reason most people don't do it: they'd rather waste O(1) space than waste mental effort on trying to save it. 19 ansible 10 hours ago 0 replies Hmm..., interesting. I've always been doing it the "wrong" way, mostly on embedded systems. My classic application is a ring buffer for the received characters over a serial port. What's nice is that this sort of data structure doesn't need a mutex or such to protect access. Only the ISR changes the head, and only the main routine changes the tail. 20 falcolas 9 hours ago 2 replies My C is rusty, but won't this act... oddly... on integer overflow?  size() { return write - read; } 0 - UINT_MAX -1 = ? [EDIT] Changed constant to reflect use of unsigned integers, which I forgot to specify initially. 21 geophile 7 hours ago 1 reply His favored solution introduces subtlety and complexity. Remember that 20-year old binary search bug in the JDK a few years ago? That is the sort of bug that could be lurking in this solution. I understand not wanting to waste one slot. A third variable (first, last, count) isn't too bad. But if you really hate that third variable, why not just use first and count variables? You can then compute last from first and count, and the two boundary cases show up as count = 0 and count = capacity. 22 ts330 11 hours ago 0 replies i love that he has 20 different shoelace knots! life was too simple before now. 23 blauditore 7 hours ago 0 replies > I've must have written a dozen ring buffers over the years Why would someone do this instead of re-using previous (or third-party) implementations? Of course unless it's all in different languages, but I don't think that's the case here. 24 zimpenfish 11 hours ago 1 reply If you use modulus instead of bitmasking, it doesn't have to be power-of-2 size, does it? 25 doktrin 8 hours ago 1 reply > So there I was, implementing a one element ring buffer. Which, I'm sure you'll agree, is a perfectly reasonable data structure. I didn't even know what a ring buffer was where do I dispose of my programmer membership card? edit : lol, what a hostile reaction... 90 points by thebent 7 hours ago 53 comments top 11 1 rm_-rf_slash 6 hours ago 5 replies Writing from brain gain #4 - Ithaca NY - I can attest to the many reasons educated people would choose to live here, but one thing that cannot be left unsaid is that our economy is dominated by Cornell and Ithaca College, and most of the rest is the service industry for employees of the two. Our success didn't just appear out of nowhere. Aside from that, however, Ithaca has all the makings of a great place for professionals to live. There are more restaurants per person here than NYC; the traffic is never bad except during 30-minute rush hour intervals; there is enough middle/upper-middle income here to support high-end retail and services (ex: even if there is only one very good spa and steakhouse, it is still a very good spa and steakhouse); the cost of living is...well it's ok. Housing is expensive in the City and the surrounding Town, but if you go a mere 5 minutes out of the Town of Ithaca in any direction you practically pay peanuts. Still, food and other necessities are Upstate-cheap if you don't shop at Wegmans. But most importantly, Ithaca is a pleasant place filled with pleasant people. The average person on the street is friendly and helpful. Nobody is "too important." Maybe it's because we have a top public high school where rich and poor alike receive a quality education, but there isn't an economic "us vs them" one often finds in decrepit Rust Belt cities with wealthy suburbs or revitalized metro areas that sag professionals with "gentrifier guilt." The point I'm trying to make is that if you want professionals (and thereby, businesses) to come and stay, you have to make your city a nice place to live. Tax breaks don't fix a lousy commute. Fancy new mixed-use high-rises don't diminish the sneers you get from service workers who see you as a disruptive yuppie who is destroying their hometown without even realizing it. I know it's not terribly helpful to suggest "if you want to make your city attractive to professionals, it just has to have that spark," but I see it as akin to a doctor recommending the extremely difficult tasks of regular exercise and a healthy diet instead solving every problem with a pill. 2 cowardlydragon 1 hour ago 0 replies I have parents in Bloomington, Indiana. It's a surprisingly vibrant town with restaurants and culture, arguably on equal footing with the more populous Indianapolis, and much much greater than surrounding communitites. Oh, right, and it has a Big Ten university in it noncoincidentally. I'm surprised these shitty / declining areas don't take advantage of the incredibly expensive college in other areas by setting up new colleges in their areas and subsidizing the tuition, and investing in them to make them great. Granted that takes a while to accomplish, but the positive feedback of major schools is undeniable... and it ain't just the football team. 3 Bjorkbat 3 hours ago 1 reply In case anyone is curious, that blue county in New Mexico is Santa Fe county, which just happens to be adjacent to Los Alamos county. Besides the Los Alamos connection, there is a research institute that studies complexity in the county itself, and three private liberal arts colleges. People also like to move here for the culture alone. Last I checked the arts economy is somewhere in the top 5 in the country. Combined with the well-forested mountains, cooler weather, and a history that predates European exploration of the Americas (roughly where the central plaza currently stands was an old Pueblo village built in 900 AD), it makes for an interesting place. Not that I'm particularly trying to convince anyone to move there. Downside of its long history is that the awkward road network is less a result of smart urban planning and more the fact that they were old stagecoach routes that became legitimized by sheer virtue of being old. Also, you likely won't have any choice but to live in a house made out of adobe (dried mud), because tourism, which might be why the housing market there is relatively crazy compared to the rest of poor old New Mexico. In case you're wondering, I live 50 miles south in Albuquerque and once briefly lived in Santa Fe before the high rent got to me. 4 niftich 6 hours ago 1 reply Data is nice, but this makes sense. There's objectively not much in Cumberland, Goldsboro, Valdosta... meanwhile, large metro areas that aren't too far are attracting educated workers. Their definition seems a bit strange, however. I understand "brain drain" as a different phenomenon from the lack of a highly-educated workforce, and their study does not account for movement of people, which analyses of brain drain typically do. This just seems like certain metros are lacking highly educated workers, which should be expected as particular employers decline or relocate. 5 vxxzy 4 hours ago 0 replies Hey! I actually live in Cumberland! It is as bad as written. Extreme loss of white-collar opportunities. We do have a navy-sea command base where IBM has a data-center. They've had the same jobs advertised for over 2 years now. Very hard to attract white-collar workers. The cost of living isn't so bad though, and the nature is wonderful! 6 rmason 6 hours ago 6 replies I totally understand why Ann Arbor is on the list. But more than a little surprised not to see Detroit. Lots of my younger engineering friends from out state Michigan are finding jobs and settling into the downtown area. Just heard yesterday that Snapchat is opening an office downtown. 7 akshayB 6 hours ago 3 replies Data visualization is nice but I feel compensation also plays a major role in this. Pay-scale of an engineer in silicon valley is much higher compared any other state. Another important factor is also due to globalization lot of jobs disappeared out of the rust belt states and that is why you see lot of brain drain on Eastern facing US states. 8 keithpeter 5 hours ago 1 reply "Even with this dedication, the citys population dropped 3.4 percent to 20,130 from April 1, 2010, to July 1, 2015, according to the Census Bureau." UK: Twenty thousand people isn't even a town here, let alone a city. Am I being harsh in suggesting that this is basically rounding error? Isn't the dynamic towards urban (N*10^6 people with 1 < N < 10) concentration? 9 glup 5 hours ago 1 reply Note the strong correlation between gain areas and the strongly blue counties from the election: http://www.nytimes.com/elections/results/president. Interesting that economic and social force bring the educated together into dense communities, where they are then under-represented given the way political power is currently apportioned. 10 spitfire 4 hours ago 0 replies Is this data available somewhere public? I'd like to do some of my own research and don't have access to a Bloomberg. 11 aylmao 6 hours ago 0 replies shout out to Ithaca in #4 in Brain Concentration Index 262 points by SonicSoul 12 hours ago 181 comments top 25 1 jfindley 11 hours ago 26 replies I'm not certain this has been thought through sufficiently. If an organization is in a position to confiscate the camera from a journalist, they're almost certainly ALSO in a position to extract the encryption password from the journalist. It would be far better if the cameras automatically uploaded these photos[0], and could be configured to upload them somewhere outside of hostile reach, such as servers owned by the magazine/paper they work for. A side issue is that being able to prove authenticity would be valuable, as the issue of faked news/images becomes more visible in the eyes of the general public. Having some sort of GPG signing of (image + gps time + gps position) would be valuable, although establishing the trust chain in practice would be quite difficult and requires some serious thought. 0: Yes, there's a question of how you get internet access in places such as the middle of a warzone, but something generic like wifi would allow individual papers to provide something like a satellite wifi bridge to enable uploads regardless of location (although the cost would obviously be large). 2 jdfellow 10 hours ago 2 replies How about an SD card in to which SmartCard, the size of a micro SIM card, can be inserted. The SmartCard holds a public key, and any files written to the SD card are signed and encrypted using that public key. Decrypting the files would be accomplished with the corresponding private key which is kept separate on a different hardware device and using a PC. 3 devb 12 hours ago 4 replies Could this be accomplished at the storage level instead of at the camera level? Could an SD card have an onboard encryption engine? We have cards with built-in wifi already. 4 peterbonney 10 hours ago 4 replies This is a great idea for the public good, but unfortunately there just isn't much economic imperative for the camera companies to invest in it. Security-sensitive filmmakers and journalists represent a vanishingly small niche, not a meaningful market. For the rest of users, photos taken on stand-alone cameras are generally meant to be shared, not strongly protected, meaning encryption is at best a "nice to have" not a "need to have" or perhaps even a "want to have". And that means that if it comes at the price of even a tiny degree of inconvenience, consumers will refuse it. Having said that, it's not inconceivable that camera makers can solve this problem (a) cheaply and (b) in a way that is "off by default" for most consumers but available if needed. But I'm not holding my breath. I think it's far more likely that we'll see the quality of phone photo/video quality become "good enough" for security-sensitive users to abandon standalone cameras entirely than that we'll see camera encryption catch up in the other direction. 5 kfreds 6 hours ago 1 reply I'm developing a solution to this problem. Longer version:Since I last posted about this on HN (check my comment history), I put the project on ice, and then started it again a year ago. Follow @ZifraTech on Twitter for more information. Our website (zifra.tech) is not up yet. 6 mobitar 6 hours ago 1 reply If you're starting a new startup, it's now honestly unacceptable to not have encryption come standard. I'm building an open standard for encryption and ownership of notes. Would love any feedback/help. See https://standardnotes.org for the full spec. Or follow along @standardnotes on Twitter. If you'd like to contribute, ping me. 7 tombrossman 10 hours ago 0 replies Interesting discussion of this idea on the Stack Exchange photo site (from 2013): https://photo.stackexchange.com/questions/33902/do-any-dslrs... 8 chaz6 11 hours ago 0 replies This is already possible on Samsung NX series cameras https://sites.google.com/site/nxcryptophotography/ 9 chris_overseas 6 hours ago 1 reply Magic Lantern has had some support for this for a while now: http://www.magiclantern.fm/forum/index.php?topic=10279.0 10 mahyarm 3 hours ago 0 replies If you want to circumvent the adblock blocker, just disable js for their webpage. uMatrix is a useful extension for that. 11 rlpb 12 hours ago 2 replies Free Software extensions for cameras such as Magic Lantern http://www.magiclantern.fm/ exist. I wonder if it's possible to add encryption support there, before images are written to the SD card? 12 ARothfusz 7 hours ago 1 reply I wonder if, while they're adding encryption, they could also add user-controllable DRM. That way when you post a photo or video, you can specify the rights of (and prices for) those who download it. One of the things that's always felt evil about DRM to me is that it currently only protects the big guys. What if DRM could protect (and pay) everyone who creates content? So we have no more of this: https://www.theguardian.com/media/2009/jun/11/smith-family-p... 13 attilak 11 hours ago 0 replies Well with many cameras people usually record 4k video to an external device, connected to the video output of the camera anyway (like Atomos Shogun). Adding an encryption to this external device might be a better approach. And also as mentioned before, just recording to an encrypted macbook or any other laptop might also work already, just the size might be a problem. 14 alabamamike 5 hours ago 0 replies I've seen self encrypting SSDs, and I'm wondering why SD Cards with hardware encryption aren't already available. Is there a technical limitation that would render it impossible to build a storage card that has the ability to encrypt/decrypt data transparently to the device it is installed in? 15 alrs 6 hours ago 0 replies Canon cameras already have ethernet ports. I'd much rather the camera support iSCSI so that I can mount a network block device and save to that. I wouldn't trust any consumer electronics crypto support. The form factor of an embedded Linux box with an Ethernet port, an SSD, and a hardware power switch would be pretty tiny. It could be done in the shape of an autowinder. 16 bluesign 9 hours ago 0 replies I think with custom firmware on camera[1] it can be possible, although would be hard. Also there is an option for custom firmware on SD card [2] but probably kills the speed too much. 17 pjc50 9 hours ago 0 replies Next week: NSA Demands Back Door To Encrypted Cameras. Ironically I think the best way of getting this actually built would be to sell it as in-camera DRM. The requirement - no viewing without authorization - is almost identical. This kind of thing is a very tricky use case, because suddenly the camera is a safety-critical device. That is, if people are relying on their software to encrypt images, they may take photos that if revealed to the wrong people at the wrong time may get them killed. 18 wtk 11 hours ago 2 replies To piggyback this topic - I think cameras should feature an equivalent of iCloud lock. These are things worth thousands of dollars, and are dead easy to sell on once stolen. I would sign a petition that would convince camera makers to add a theft protection like above. Am I missing something here? The same should go for expensive lenses that should have a coded list of bodies they are permitted to work with. 19 zczc 5 hours ago 0 replies The solution already exists: there are Android-based cameras like Samsung Galaxy NX which can use encrypted camera apps for Android with nice sensor and lenses. 20 zdw 11 hours ago 4 replies What's the point of encrypting a video data stream if it's going to local storage that could be destroyed or taken by someone else, effectively depriving whoever shot the video of the footage? Making encryption happen in the camera seems like solving the wrong problem - you really want to exfiltrate to secondary, offsite storage at high speed in a secure manner. 21 rbcgerard 11 hours ago 1 reply Seems like it would also make it really hard to view your photos - i.e. What happens to that little screen on the camera? 22 iansowinski 10 hours ago 0 replies I think some kind of hidden, backup card slot would be also great feature for a number of photojournalists 23 cbhl 7 hours ago 2 replies Why don't these filmmakers just use an iPhone to shoot their documentaries instead? 24 jijji 6 hours ago 1 reply most of the android/ios devices that are out there have had this capability for many years. Typical resolutions of 16 - 41 megapixel are common today. Why not use these cameras? 25 tn13 5 hours ago 0 replies Sounds like a bad bad idea to me. When authorities realize that you have outwitted them they are going to beat you up, torture you or simply kill you. In countries like Pakistan, Turkey, India or China you body might later be found floating in some gutter somewhere. A better idea would be to simply hand over the camera to cops and save your skin. There are two strategies of surrender when a defeat in imminent. Political surrender: You fight till your last breath and make it difficult for the other party to win. Military surrender: When defeat is imminent it makes sense to surrender without a fight and cut need-less losses. I think journalists when confronted with a certain defeat must embrace second type of surrender instead of first. 20 2017 Solar Eclipse Path of Totality nasa.gov 7 points by rootbear 1 hour ago 2 comments top 2 1 credit_guy 8 minutes ago 0 replies If anyone is wondering about the somewhat polygonal shape of the lunar umbra, apparently it's not a rendering error, it really is a bit polygonal. The edges correspond to some lunar valleys, as this nasa link explains: http://svs.gsfc.nasa.gov/cgi-bin/details.cgi?aid=4517&button... The Earth relief has quite an impact on the umbra shape too, in some cases I would say it can change the diameter of the umbra by a few percent (check 00:26 in the nasa animation) 2 rootbear 1 hour ago 0 replies The NASA Scientific Visualization Studio, where I used to work, has published the most accurate map ever produced of a solar eclipse totality track. This animation combines Lunar geographic data from the LRO spacecraft with Earth geographic data to correctly model the edges of totality. I'm in luck, the path of totality basically runs over my sister's house in East Tennessee! I hope the Great Smoky Mountains aren't so smoky on that day, August 21, 2017. 21 Investigating 65c816 Interrupts 6502.org 25 points by ingve 4 hours ago 1 comment top 1 cmrdporcupine 4 hours ago 0 replies Something that really shines about the 65xx CPUs is their excellent interrupt responsiveness. 22 How to run a meeting (1976) hbr.org 89 points by trendoid 8 hours ago 21 comments top 9 1 cgio 2 hours ago 0 replies My take:0) invite the right people1) send all relevant reading material 2 days before meeting2) have an agenda for the meeting - in the invitation3) agree who runs the meeting4) follow the agenda, keep a log of issues that hijack the discussion but leave it at that and keep on with the subject5) document decisions6) send email with decisions/actions Not that complex. I run meetings quite often, and they always work fine. Now workshops are a different think... 2 ThomPete 23 minutes ago 0 replies I avoid meetings like the plague. Even when I was running a company with 80 people I would ask if I was necessary or my input was necessary. If not I wouldn't accept. Meetings are like teamwork trips. They are the illusion of progress. There are situations where they are necessary but nothing beat ongoing discussions around actual work. 3 hkon 2 hours ago 1 reply How meetings are run: 1) Wait 5 to 10 minutes for everyone to join 2) Spend additional 5 minutes getting your computer hooked into the projector and shared with remote participants 3) Read through your powerpoint 4) Ask for feedback. Receive comments about your choice of font for the powerpoint. 5) Thank everyone for the meeting and head to the next one. 4 dammitcoetzee 6 hours ago 3 replies There are sections of this that overlap with how I treat meetings, but overall it seems like a bunch of verbal fluff that's the opposite of what a meeting should be. Exceedingly clear, short, and purposeful. I learned a more pragmatic, even meeting-hostile approach to meetings: http://hackaday.com/2016/10/06/life-on-contract-how-to-have-... 5 phailhaus 4 hours ago 1 reply Wow, what an obnoxious page header. It takes up a quarter of the screen on my laptop! 6 scrabble 6 hours ago 0 replies This is helpful for me. I serve on a local board and this very much describes the type of discourse that occurs there. For reference, we run the meetings according to Bourinot's rules of order: https://www.amazon.com/Bourinots-Rules-Order-Assemblies-Shar... By the same token, this is not terrible useful for me in terms of work meetings which are extremely informal in comparison. They are also intended to achieve a different goal. I'd say that both types of meetings are appropriate for their goals, but I've also been surprised at just how effective the more formal meetings have been in achieving progress and consensus. 7 john_gaucho 6 hours ago 0 replies Just a couple of days ago I was thinking about this topic exactly. Considering that I spend upwards of 2 hours per day in meetings it is amazing how little time I have dedicated into thinking about how to make meetings more efficient. I don't think I'm the only one to make this mistake. Just because you have 5 people sitting in a room talking does not mean we are going anywhere or we are making any decisions. Does anybody have a book recommendation where I can read more about how to maximize productivity of meetings? 8 edoceo 4 hours ago 1 reply There was an old book on the topic. Roberts Rules of Order 9 majc2 5 hours ago 0 replies A related classic take on how to run meetings: https://www.youtube.com/watch?v=46BFYo4drLc 22 points by lainon 4 hours ago 15 comments top 4 1 chipperyman573 3 hours ago 3 replies Doesn't this just mean that IQ Scores don't measure what they're supposed to? My understanding is that IQ scores measure how smart you COULD be, all things considered. But if you can increase this with schooling, isn't it just how smart you are right now? 2 ivan_ah 1 hour ago 0 replies It would be interesting to see some sample tests. From the data section: The measure of IQ used in the analysis was obtained from tests of cognitive ability administered by the Norwegian military to all draft-eligible men at approximately the age of 19 y as part of the universal military draft in Norway. The data from these tests have been widely used and interpreted as IQ scores for research purposes. Also interesting, the historical summary of the "distributed" nature of the Norway educational system: The reform [...] required that all municipalities provide their youths with an additional 2 y of standardized education in the eighth and ninth grades. [...] The reform was introduced at the municipality level, the lowest of three administrative levels in Norway, with the other two levels being the national level, which has responsibility for higher (tertiary) education, and the county level, which has responsibility for secondary education. [...] Following the reform, the new type of middle school was administered by the municipalities. Each separate municipality was able to introduce the full compulsory schooling reform after local officials submitted a reform plan to a national committee, provided national funds [...] It sounds like they used a bottom-up approach rather than a plan forced from on top, which seems like a good thing. This makes me want to learn more about how school systems / school boards work. It seems to be a city-level organizational structure, but there are provincial/state, and federal rules too. This is a lot of APIs: you pay federal, provincial, municipal, and school taxes, and then some portion of your taxes comes to the schools. Surely there's room for simplification... 3 hkon 3 hours ago 0 replies What really raises the score is practising on IQ test type of riddles and questions. 4 partycoder 40 minutes ago 1 reply IQ scores have to do with a lot of things. IQ can lower due to: - not meeting basic nutrition requirements during gestation and early life - not consuming enough iodine. iodine gets added to salt to ensure people consume it. - exposure to lead and other toxic substances. ...and mental stimuli. Some people (notably alt-right Twitter accounts), promote that idea that certain races have significantly lower IQ, spreading maps of average IQ per country. It is my duty to call out that as wrong. Having the aforementioned factors in consideration quickly refutes that idea. Some people point out that there are genetic markers associated with higher IQ. To be honest, we haven't listed all of them yet. So I would stay quiet before pointing out that certain population doesn't have certain SNP. 24 Project Springfield: A Cloud Service Built Entirely in F# microsoft.com 69 points by edgyswingset 7 hours ago 11 comments top 3 1 KirinDave 3 hours ago 0 replies It feels like Microsoft is starting to get more vocal about pushing F#. Worth noting that Visual Studio/Xamarin for Mac is prominently offering F# for Android and iOS out of the box now as well. 2 hkon 3 hours ago 1 reply If I just wait a bit longer, more features from F# will be available in C#. Still not making the jump. So close. 3 pluglus 6 hours ago 2 replies I signed up a while back. Still waiting for my credentials... 25 RFC 7764 Guidance on Markdown ietf.org 143 points by arthur2e5 10 hours ago 92 comments top 12 1 Freak_NL 8 hours ago 5 replies What I would really like is to end up in a situation where email clients all support text/markdown. It really hits the sweet spot between plain text and HTML. It has enough structure to show a nice outline, and the triple back-tick syntax is great for marking bits of text as code. All without specifying how everything should look. You can read it as unformatted text, or let the mail client format everything in a style you like. This is sort-of like HTML without CSS (using the client's default stylesheet), but also very well readable as unformatted text, and free from the abuse of HTML email. Alas. More and more companies are giving up on plain text email (even though this is required by the standard), and simply send you a hyperlink to click if you have plain text as your viewing preference for email. 2 verandaguy 9 hours ago 4 replies I'm actually kind of excited about this! A text/markdown MIME type could (maybe? hopefully?) pave the way for native content authoring in Markdown without having to use an HTML-targeting compiler between the author and the browser. I might be being optimistic, but if that ever happens, it could be the start of a new era in internet content authorship! 3 jalfresi 8 hours ago 1 reply Don't markdown files already have a MIME type of text/plain? Isn't that the point of markdown? 4 inlineint 4 hours ago 0 replies I'm not sure wouldn't someone say that it is bloating of such simple format as Markdown, but I really want to see embedding of TeX math formulas in Markdown RFC/standard. I'm talking about \frac 3 4 and$$\int x dx$$notation. It is already implemented in some Markdown parsers, such as Pandoc and Jupyter Notebook, but because it is not standardized there are also a lot of parsers that don't support it. I think that adding it to the RFC/standard would reduce friction in math communications and make them more accessible, especially if Markdown format become widely used for email communications. 5 nicky0 7 hours ago 1 reply > 1. Dive into Markdown Is that an obscure Mark Pilgrim reference or just a coincidence? 6 smartmic 5 hours ago 0 replies I am still struggling with Markdown. In my opinion, the lack of a common, standardized specification thwarts its practicability as universal internet standard. I still wonder why not more powerful markup languages like asciidoc spread more. 7 austincheney 9 hours ago 0 replies https://github.com/prettydiff/biddle Can parse markdown to formatted stdout (ANSI colors, wordwrap, and so forth) on the console in both posix and Windows. 8 glaberficken 9 hours ago 2 replies Amateur question: Why cant browsers just fetch a markdown file and render its html representation? (is this what the article implies?) 9 xer0x 8 hours ago 0 replies OMG wow! This could be really helpful! 10 slezyr 9 hours ago 0 replies   function test() { return "notice this feature?"); }  Ummm... 11 MBCook 10 hours ago 5 replies Did anyone ask Gruber for his help in this? Or is this like the stupid attempt at 'common markdown' a year or so ago to wrest 'control' out of his hands because he was 'a terrible steward' (or whatever the quote was). If a single guy invented the standard, and you're not involving him (or at least getting his blessing), then this seems hostile. I haven't seen him mention this on Twitter, which is what makes me wonder. 12 mrottenkolber 3 hours ago 0 replies The best decision would be to drop Markdown from everything and pretend it never existed. Then design a similar format with a formal grammar, and use that. The sad thing is this won't happen. Given the traction I suspect there will be broken, incompatible Markdown implementations 100 years from now. Markdown really has the potential to become the worst universally popular standard in computing history. What bothers me is that its not one guy (Gruber) who made a mistake and designed a language without a formal grammar (hey, mistakes happen), its that armies of developers wrote broken parsers for a language without a formal grammar. This is an impossible task, why did they not refuse to create something fundamentally broken, by definition. Now there are apparently people who want to standardize Markdown, without a formal grammar. How can they not realize that it will be impossible to ever implement the standard? How do they not see that what they are doing is professionally unethical? 151 points by e-sushi 10 hours ago 33 comments top 8 1 thockingoog 8 hours ago 4 replies To my eyes, this signals that Docker hears the complaints from systems like Kubernetes that want to build on top of docker, but don't want all the Docker platform stuff. Layering matters, and Docker seems to be offering a solution that is Docker compatible but more usable by layered systems. Devil's in the details, of course, but this seems like what our customers want - docker but not Docker. Disclosure: Kubernetes dev 2 andrewguenther 8 hours ago 2 replies Docker has been running on top of containerd since 1.11. This isn't really news. Previous discussions: https://news.ycombinator.com/item?id=11492736 https://news.ycombinator.com/item?id=10754316 https://news.ycombinator.com/item?id=13176895 3 ainiriand 9 hours ago 2 replies I love how amazingly this name ends in nerd. Ok, I'll show my way out... 4 binocarlos 7 hours ago 0 replies I think this is a smart move by Docker. The experience of docker-compose for local development is sublime. The option to deploy that local stack to any number of schedulers but with the same core container runtime feels like the right kind of prod-dev parity. Choice being the main point I'm making. 5 asb 8 hours ago 0 replies Can anyone contrast this new (rebooted?) containerd to rkt? 6 nunez 9 hours ago 3 replies If I'm reading this right, this seems like a really interesting and possibly lighter-weight alternative to Packer + Kubernetes. I like this and will give it a whirl. 7 jwildeboer 6 hours ago 0 replies A "new" sytemd for containers? #sarcasm Disclosure: Red Hat Evangelist. 8 jwildeboer 6 hours ago 0 replies Totally unrelated. Totally. Pure coincidence. Really. ;-) https://github.com/kubernetes-incubator/cri-o 83 points by coloneltcb 2 hours ago 102 comments top 15 1 dsl 1 hour ago 2 replies Uber is a company built on ignoring laws. Everything they did in the beginning was against some form of taxi or car hire regulation, in the name of disruption. (Regardless of what you think of the laws in question, they were still being broken in the eyes of most regulators) I don't know how I feel about that type of corporate philosophy (or Facebook's "move fast break things") in light of projects where people can actually get killed. 2 stuckagain 1 hour ago 7 replies Self-driving Uber car blows red signal at crosswalk in SF: https://www.youtube.com/watch?v=_CdJ4oae8f4 3 knorby 24 minutes ago 0 replies Uber has the garages for both Otto and these cars on Harrison, between 3rd and 4th streets, on the side of the lanes headed to I-80W/101S. When they need to park either, particularly the semi-trucks, they get people in vests to come out, stop traffic for pretty much all lanes of traffic, and slowly park their delicate vehicles.... Glad to see this story. 4 JamilD 1 hour ago 3 replies I want self-driving cars to happen as quickly as possible, but Uber seems like they were extremely reckless and negligent here. Why not apply for a permit and stay on the safe side? And with at least two reported incidents of these cars running red lights, it seems like driver training and attentiveness was lacking. If the software wasn't ready, fine, but you have to be aware of that and train your drivers to be 100% attentive to their surroundings, especially since it's the first day of real, commercial trials. 5 brilliantcode 1 hour ago 3 replies This is really worrying for Uber. It's supposedly burning 2 billion dollars a year. It doesn't own any fleet of vehicles or it's drivers. Neither is there a sustainable cost savings that doesn't involve lighting pile of cash on fire. It desperately needs driverless cars before Tesla and Google kills their business off. Now Uber has finally hit a regulatory wall which it won't be able to pay off. It's likely to hit more such obstacles until it realizes it's not really in the business of taxi but a business of acquiring market share with low interest rate capital. We won't see an Uber IPO anytime soon. 6 snowmaker 1 hour ago 1 reply I recommend reading the actual letter from the DMV. It's impressively well-written, balanced, and thoughtful about autonomous technology. I was not expecting a response like that from the government. 7 scarmig 1 hour ago 0 replies The only thing that might surpass Google's inability to execute on their autonomous cars is Uber's congenital need to break the law for no reason at all. 8 symlinkk 1 hour ago 0 replies Uber tries to break the law to get a competitive advantage yet again. Innovation at its finest. 9 emp_zealoth 1 hour ago 0 replies >"Safety is our top priority" Do they want me to die from laughing? 10 nodesocket 33 minutes ago 1 reply Does Tesla have this DMV permit for their autopilot feature? 11 hkon 1 hour ago 0 replies Can't disrupt these days without breaking some laws. 12 Crito 43 minutes ago 0 replies If these people actually gave a damn about the environment they would embrace self-driving cars. One-car-per-person is ludicrously wasteful. 13 serge2k 1 hour ago 1 reply Uber just doesn't get the whole concept of regulations do they? I understand violating ones that are "dumb" and hurt your business (e.g. taxi medallions) or those that it's easier to just do it and figure out hte results later (e.g. insurance) but this is literally "get the permit first". They should process this nice and sloooooooooooow. 14 czep 1 hour ago 0 replies The pedestrian was at fault for not installing Uber's app. This gives new meaning to the term "god mode"... "Install our app, or DIE!" 15 Overtonwindow 1 hour ago 5 replies I really hope California isn't overreacting, possibly due to industry pressure from taxis etc. The state should be doing all it can to support, grow, and encourage this innovation. 73 points by evilsimon 8 hours ago 30 comments top 6 1 Animats 5 hours ago 3 replies EMachineShop [1] has been doing this for over ten years.[1] The guy behind eMachineShop, Jim Lewis, thought he was going to change manufacturing, but ended up just being a very convenient job shop. eMachineShop, which is in New Jersey, had a writeup in Wired in 2005.[2] The 2005 hype reads like the 2016 hype for Plethora: "Designing stuff used to be just for experts. We're bringing it to the masses." Like Plethora, eMachineShop has a CAD system which can tell you what's manufacturable and how much it will cost. The main difference is that Plethora uses a plug-in to Inventor or Solidworks, so they're aimed at pros who have those expensive packages. eMachineShop has a free downloadable CAD program, which understands what their processes can do and will calculate pricing. It's an impressive program, one which will prevent you from designing unbuildable parts and warn you if you're forcing an unnecessarily expensive operation. Plethora has the San Francisco location, the cool web site with no pricing info, the guy with the neckbeard, the funding to lose money on the first order, and the emphasis on onboarding potential customers for marketing purposes. Maybe that will help them scale. 2 micaksica 4 hours ago 2 replies > For example, theres one machine where you typically need to wait five to 10 years in machining before touching that piece of equipment. But we let our entry-level people work with it after 1 1/2 months. Theres this guild mentality in the manufacturing industry, that this person needs to prove themselves. I do think in certain ways that you should let people document their skills and earn certifications. But we need a more lightweight system. You dont need five years to become a machinist. The guild/apprenticeship model in the 20-21st century has always felt to me like a thin veil over a seniority-based structure that places strong barriers of entry on newcomers to protect the jobs of the senior staff. Want to do that job? Sorry, you can't, kid, until you "pay your dues". Want more money? That's based on how old you are. It's pretty backward and broken for a capitalist system that should pay market rates for providing value regardless of age or guild-proven experience. These types of things irked me as a child. How much innovation would we have in technology if you had to spend five years on a starter Internet, or were forced to just use phones from the start? What if you were only allowed to program in certain languages and weren't admitted to download a specific compiler? 3 msvan 4 hours ago 5 replies Interesting quote: > By the way, I actually think that computer programmers are not going to be a white collar job in the long run. Machinists were the programmers of 100 years ago. It was a highly paid job, and can still be one even today. My grandfather had a great job. He was almost a petty bourgeois guy after being a prototype machinist. Thats not true for that job anymore. I actually think software programming will go the same way. 4 Animats 2 hours ago 0 replies Jim Lewis of eMachineShop also tried to do the same thing for printed circuit board design and assembly. The result was Pad2Pad, which would make blank boards and put the parts on them. The assembly part didn't work out commercially, and the board-marking service became one of many such services. Making PC boards is a well-organized industry - you send in files and get boards back without much difficulty. One-off boards are no problem. Seeed Studio in Shentzen finally got the assembly thing working. They make blank boards and will put parts on them if you pick the parts entirely from their Common Parts Library. You can make most simple digital electronics projects using that library - analog and power, not so much. Seeed Studio has good prices but requires you to release the rights to your design, so others can copy it. Sort of like Github for hardware. 5 keithpeter 4 hours ago 1 reply "These automation integrators are going to adapt to do the on-boarding and training. I think well see more of thiskind of a blue collar programmeras more of the industry digitizes." UK: HPGL and a bit of autocad. The lads (and ladesses) with the utility trousers and steel toecapped boots round here (motor vehicle supply chain) all know that. What else can you show us? 6 steveklabnik 7 hours ago 2 replies Nick is a very smart guy, and has been doing stuff in this area for a really long time. Long ago, we co-founded CloudFab, which is mentioned in the article. It was a bit too early for its time. Plethora looks very interesting! 68 points by daddy_drank 8 hours ago 19 comments top 8 1 roymurdock 6 hours ago 2 replies Uncle Sam pays Clover a monthly fee for each Medicare Advantage customer the startup enrolls. The amount varies depending on where the person lives, but it averages$850 before adjusting for chronic conditions or healthy habits, the Medicare Rights Center says. Clover uses the money to pay members bills and generates almost all its revenue from whatever is left over after reimbursing doctors, hospitals, labs, pharmacies and other points of care. The company offers plans with no monthly premiums or ones that go as high as $225. Clover says the amount it gets from those payments and copays isnt significant. So it sounds like the company's biz model is to send nurses out in the field to get senior citizens to enroll in Medicare, check up on them and collect data, and sell them healthy lifestyle products (gym memberships, cooking classes, etc.). As a 23 year old I'm not sure if this is any different than what big insurance co's do for their Medicare enrollees. The actual tech part seems to be the web portal/CMS (Django) and the storage and management of this tangential customer data that is generated with each visit: Clover uses Python for all of our backend coding so using a pipeline orchestration tool that is itself written in Python is valuable for us. Airflow meets that requirement and its the tool weve chosen to manage all of our pipelines. Here's the actual coverage sheet if you want to compare with your/your parent's plans: https://cdn.cloverhealth.com/filer_public/c4/a8/c4a894d0-000... Deductibles (excluding prescription drugs) are$6,700 annually. Someone maxing out prescription charges would spend an additional \$5,000 per year. I'm not sure how that compares to a traditional provider.

Tangentially: I think we've almost stretched the definition of the word "startup" into oblivion at this point. It doesn't mean anything to me anymore.

2
gmarx 7 hours ago 0 replies
Poor article. The first example they give (trying to reduce the risk of developing diabetes in an 83 yo by switching her to brown rice) is stupid, wishful thinking. Then several paragraphs which could be shortened to "they use data to improve patient outcomes". Finally towards the middle they mention some good examples of data driven interventions. Looks like a promising company if you skip most of the article :)
3
dr_ 6 hours ago 0 replies
Interesting but they are not the only ones doing this. United and aetna are collecting data as well, and also employ nurses that follow patients into their homes or other settings. The data operation is what is emphasized in this article, but it really remains to be seen how much the data can have an impact on people's overall health - preventing hospitalizations, making sure patients take their medications etc. maybe it can guide clover and let them determine where to allocate manpower - but in the end it's still the manpower that matters.

from my experience, a lot of it depends on having the right family, and perhaps community, support structure in place.

4
bkudria 7 hours ago 1 reply
Our Tech blog has some more in-depth dives into what we do and how: https://technology.cloverhealth.com/
5
john_gaucho 6 hours ago 0 replies
I'm very interested / concerned about what is going to happen to the insurance industry as companies get more and more data about their clients.

I'm a fairly healthy person (at least right now), and I'm not sure how I feel about it.

6
tcbawo 6 hours ago 0 replies
I hope that we see technology and analysis used to improve outcomes rather than to screen or filter the customer pool. I worry that this will happen without protections in place.
7
yourapostasy 3 hours ago 3 replies
This orientation towards data is admirable, but likely is an impossibly uphill climb without a corresponding emphasis upon expanding collected types of data. Which is expensive. And is why US insurance companies---who pay for this kind of data out of tests---won't be leading the charge towards a data-centric or Big-Data-centric health outcomes evolution in the medical field. The mainstream medical field has not yet recognized the possibilities, either.

Let's take the Type 2 diabetes example given in the article.

No mention is made of putting a Continuous Glucose Monitor on the 83-year old patient, to graphically show in real time the impact white rice has upon her blood sugar.

No mention is made of five additional antibodies tests to identify Latent Autoimmune Diabetes in Adults (LADA), which looks a lot like Type 2 in its early stages, but likely needs to be treated as Type 1 as early as feasible according to some very recent research.

No mention is made of regular tracking of her HbA1c, fructosamine (gives a 14-day instead of ~115 day window into long-term blood sugar management), and 1,5-anhydroglucitol (indicates time spent with hyperglycemia).

Not to speak of doing those three areas on a regular, monthly/quarterly basis. It is very rare in the US to do all of that even on an annual basis; at best, the common practice is HbA1c once a year. While metabolic syndrome leading to diabetes is a huge drain on US insurers, aggressive data-led syndrome reversion is de facto not recognized by either the mainstream medical field nor insurance industry.

There is lots more data they could gather than what I mentioned here, but all they did instead was suggest "try to eat brown instead of white rice". She should try not eat rice (and other carb-heavy food) at all for a month, and see if that improves her blood sugar numbers. While the fitness community has already empirically identified that diet is 90% of success unless you are a genetic anomaly, the food, medical and insurance industries still push the idea upon patients they need to go out and exercise more, and only tinker around the edges of their diets (unless you are fasting/caloric-restricting, going very low-carb, going vegetarian, going raw food, etc., most Americans idea of a diet change by adding a couple salads a week, picking "low fat" packaged food and so on is just tinkering).

This doesn't even get into monitoring controlled changes in habits, measuring the impact upon the data, and using those results to guide further changes. Nor have we even touched upon the lack of incentives in the US for companies seeking to "disrupt" medicine through holistic, integrated process changes instead of "product" like pharma or medical devices: if company X can provably intake Y number of customers with say, metabolic syndrome or even Type 2 diabetes, and achieve a reversion rate of Z% with negligible (<5%) backsliding 5+ years out from date of reversion, monetizing that proprietary process is limited to either being a provider (in which case you're squeezed by the insurance companies with take-it-or-leave-it negotiations) or an insurer (in which case you're too spread out covering other ailments to really capitalize upon the proprietary knowledge). I suspect the lack of incentive structures is similar in nations with national health plans.

8
foolinaround 5 hours ago 1 reply
What we need to see is the ability for the patients to be able to own and transfer that data ( like a Google takeout ).
72 points by Meerax  9 hours ago   20 comments top 4
1
shakna 8 hours ago 2 replies
I had a secondary spleen, nestled right up against my main one that I tore completely in half in primary school.

Subsequent testing over the next five years showed it, sadly, failed to become active.

For people like me, getting your inoculations is imperative. Annual gp visits help keep it in check.

As for the rest, depending on herd immunity is the answer.

2
pacaro 7 hours ago 1 reply
Shame that the article doesn't mention how we know so much about long term survival rates of people with no spleen. IIRC During the Second World War (aka WWII) large numbers of injured soldiers had their spleens removed in passing, this gave a large population to follow
3
justinator 7 hours ago 1 reply
Any research done to nudge these spleen cells into making other types of cells (stem)?
4
stcredzero 7 hours ago 1 reply
A housemate of mine used to call herself "The spleenless wonder." It was removed after a car accident.
cached 15 December 2016 02:02:01 GMT