hacker news with inline top comments    .. more ..    10 Mar 2017 News
home   ask   best   2 years ago   
PolyConf Programming conference for polyglot and full stack programmers polyconf.com
54 points by zaiste  1 hour ago   9 comments top 6
sgrove 45 minutes ago 0 replies      
For me, PolyConf is a bit like the Strange Loop of Europe, which is one of the highest compliments possible for a conference.

* It was well organized

* Had quite a range of topics on interesting topics that poked you right in the intellectual curiosity

* Had an audience that was eager to talk about esoteric ideas, but still able to bring it back to a semi-pragmatic form - rare to be able to walk those lines

* Just a lot of fun

Usually I'm quite exhausted after conferences, but I came away from Polyconf feeling energized about programming, creating (and destroying), and exploring in a way I hadn't for quite awhile - highly recommended!

bradurani 6 minutes ago 0 replies      
I spoke and attended last year. It's the best conference I've ever been to (and I've been to at least 40). Here are a few of my favorites:





kleebeesh 28 minutes ago 1 reply      
Out of curiosity, is the move to Paris permanent?

I went to PolyConf 2016 in Poznan. I enjoyed how broad the range of topics was. Although it can be a double-edged sword. Having so many differing backgrounds can make it tough to strike up a meaningful conversation. For example, if someone is super passionate about OCaml, and I've never touched the language, then there's only so far we can take the conversation. I suggested at one point to have people's top interests printed on their name cards to narrow the search space a little.

d3ckard 34 minutes ago 0 replies      
Been to Polyconf while it was in Poznan. Could not recommend it enough! It's a really great conference which is about methods and ideas, not languages.

If you can go - go! Thank me later.

philnash 1 hour ago 1 reply      
I spoke at PolyConf in 2015 and had a great time. I'm excited that it's moving to Paris and I'll be putting a proposal in soon!
tomkuk 1 hour ago 0 replies      
Can't wait for Polyconf Morning Run in Paris! Hope you will not drop this idea...
Revisiting 64-bit-ness in Visual Studio and elsewhere (2015) microsoft.com
87 points by svenfaw  2 hours ago   83 comments top 18
codeflo 1 hour ago 2 replies      
At work, I have a fast machine with 32 GB of RAM, of which Visual Studio can only access about 3 GB. About once a month, Visual Studio crashes with some kind of out-of-memory error, and more often than that, it slows down to a crawl because it has to garbage collect every few seconds in an attempt to keep its memory usage below this magic limit. Even though the machine has 20 GB of free RAM that Visual Studio just can't use.

The author acknowledges that this can happen:

> So, youre now out of address space. There are two ways you could try to address this.

> a) Think carefully about your data representation and encode it in a more compact fashion

> b) Allow the program to just use more memory

> Im the performance guy so of course Im going to recommend that first option.

As a "performance guy", he should know that using a bit more RAM is essentially free, and much, much easier to code than doing the kind of bit-fiddling wizardry he suggests ("encode it in a more compact fashion"). In practice, that kind of low-level code will not get written anyway, at least not by modern Microsoft, and much less so by most extension authors. Which means that there's an arbitrary and very hard limit on how much you can customize/extend Visual Studio before you hit that 3 GB wall. And again, this is on modern workstation machines with gigabytes of unused RAM lying around.

In short, there may be very valid technical reasons why VS can't go 64-bit, but to claim that this doesn't hurt the product is in my opinion not justified.

BinaryIdiot 1 hour ago 1 reply      
I remember his original post back in 2009 and being very unsatisfied.

I wanted the 64-bit transition only so I could properly use my tools at work (used to work in a .Net shop). We had resharper and several other plugins that ran in the same Visual Studio process as everything else and it was fairly common to hit the memory limit of a 32-bit process and Visual Studio would essentially die until it was killed and restarted.

Sure, you can say "stop using those tools" or "they should have written them better". But at the time I was required to use most of them (it wasn't only Resharper though Resharper was pretty nice).

Today I don't have this problem anymore. But I think because of that type of issue it would still likely be worth it. Honestly I feel like they could optimize Visual Studio at the same time; it has a ton of capability but it's also incredibly large and, from my understanding, carries a TON of legacy code and resources throughout.

kabdib 29 minutes ago 1 reply      
This is a pretty myopic view of performance and 32-bit code.

- You really only get 3GB of RAM

- Actually, you get less than that, because of DLLs that get loaded into that space.

- Actually actually, fragmentation becomes a problem, and making very good use of the remaining memory gets awkward pretty quickly.

3GB is pretty crowded, especially when you're talking about (say) a game with tens of GB of footprint. You need to page stuff into that footprint, and be clever about the memory pressure not affecting the user experience.

On the server side of things, we regularly run processes with > 8GB footprints, including things like solr (at 32 to 160GB). Breaking this stuff up would involve a lot more disk and network chatter, as well as bugs involving OOM conditions, reducing global performance and reliability.

So while VS may be fine with 32-bit code+data (I am not convinced), real-world applications definitely need more. I'm guessing that making a 64-bit VS is hard for legacy reasons, and that the 32-bit space is actually holding the VS team back (and possibly plugin makers as well).

blauditore 26 minutes ago 3 replies      
Disclaimer: I don't know too much about this field

Can someone explain why exactly 64-bit is generally slower than 32-bit?

I understand that more RAM will be used and I/O to it slowed down due to double the bits pushed around since "chunks" have double the length, which ends up being a lot of empty padding (is that correct?).

But everything inside the CPU, like registers or ALUs, are 64 bits wide anyway (right?), so computing in 64-bit mode would just make use of resources that were unoccupied in 32-bit mode. Or am I missing something?

marktucker 2 hours ago 2 replies      
In my experience, Visual Studio performance has improved significantly since VS2010, but if you compare it to VC6, it's a joke. There's still an old PC at the office running it, and double clicking a project opens the IDE and loads the project in less than a second. It's beautiful.
oobey 2 hours ago 4 replies      
Would he have made those same comments to resist going from 16 to 32 bit?

Hell, why not stick with 8 bit? We can just optimize everything to work on that, right?

sherincall 2 hours ago 3 replies      
I really wish MSFT would support the x32 ABI[0]. While having a single amd64 ABI, compared to 6-7 active in the x86 days, has its advantages, MSFT already threw it away with vectorcall. And x32 is arguable more useful than vectorcall.

[0]: https://en.wikipedia.org/wiki/X32_ABI

davrosthedalek 2 hours ago 3 replies      
I might be wrong, but aren't there much more registers available in 64 bit mode on intel? That potentially outweighs any memory increase because it can reduce cache pressure. Or is this mostly alleviated by register renaming and other tricks?
sp332 1 hour ago 2 replies      
Security can improve with 64-bit as well. It's a lot harder to break ASLR in a 64-bit address space than a 32-bit one. Though again, that might not apply to VS where a user can get "arbitrary code execution" by design.
mtdewcmu 2 hours ago 1 reply      
I only have VS2010, but I always felt that VS stacked up pretty well against the competition, performance-wise. Eclipse always seemed painfully slow, and Xcode hasn't really impressed with its performance. That's no reason to rest on your laurels, surely. But at least VS shows some evidence of restraint in abusing resources.
aussie123 29 minutes ago 0 replies      
The author seems to be defensive, trying to justify the status quo. I would be interested what the real reasons are. Why have most other Microsoft products moved to 64bit but VS was hesitant from the beginning?
eb0la 1 hour ago 1 reply      
I remember people favoring the use of their 32bit JVM instead of the 64-bit one for performance reasons but didn't wondered why.

Makes sense if you're running Java with -Xmx1024m

snnn 1 hour ago 2 replies      
Right now, I'm fighting with: "fatal error LNK1248: image size (1004CB720) exceeds maximum allowable size (FFFFFFFF)" :-(
SadWebDeveloper 47 minutes ago 0 replies      
tl;dr... its humongous task and we are busy adding more "instant azure buying-options aka deployment tools", it will only benefit 1% of our users and we also want to keep milking this cow until the shit hit the fan.
taspeotis 2 hours ago 2 replies      
Run devenv /safemode to load the IDE without third party extensions (think ReSharper) and the thing flies. It's not Microsoft's code that's the problem.
nailer 2 hours ago 1 reply      
> In the immortal words of Sherman T. Potter: Horse hucky!


to3m 1 hour ago 1 reply      
"Any packages that really need that much memory could be built in their own 64-bit process and seamlessly integrated into VS"

Wait... did you just tell me to go fuck myself? ;)

draw_down 2 hours ago 0 replies      
Hmm. We must all be a bunch of rubes for running 64-bit code in so many places these days.
A History of Reverse Engineering Game Cartridges tedium.co
33 points by jamesbowman  1 hour ago   3 comments top 2
hammock 45 minutes ago 0 replies      
Not the same, but I still remember reverse engineering Game Genie hex codes for Battletoads to warp to different levels or get powerups.
voltagex_ 1 hour ago 1 reply      
Fantastic. Sachen are another "well known" bootlegger of cartridges. I first encountered their gameboy carts, but they did NES too (which are now $300+ on eBay!)

Edit: is the site broken, or is the author blocking archive.org?

I havent learned how to finish what I've started ewanvalentine.io
430 points by swah  5 hours ago   147 comments top 68
gerlv 4 hours ago 9 replies      
Ship daily

This is the advice I can give to anyone who has a side project. Get to the point where you can show something to the users and just start adding stuff.

Even if it's just two lines of code or changing the favicon - still worth it. In practice, it's harder to do than it sounds, but I've been doing it for some time and it's been going great.

In reality, you won't have millions of users on day 1 no matter how great your product is. If you start small and keep adding stuff you will have more success.

In fact, the biggest challenge for side projects is marketing and not the tech or infrastructure.

However, it also depends on the goal - if you want to build the project that makes money it's completely different story to experimenting with tech. In the end, you get the experience.

For example, a few years ago I managed to build an overengineered CDN product that compressed images on the fly (almost on the fly). I shipped the project and it even worked great for testers, but I didn't get to the point where it makes money, so I shut it down as with half unfinished features as it was taking too much time.

While building it I managed to learn Go, improve my AWS skills, plus some other tricks. Now it sounds like a great investment even though I feel that I haven't completed the project.

curun1r 6 minutes ago 0 replies      
I have this same problem. My finish rate is abysmal, but I've actually finished a few.

I've realized that finishing a project is roughly 10% exploration another 20% getting to working and at least 70% polish. The exploration phase is very enjoyable and it's what keeps me hopping from project to project. Occasionally, the enjoyment will phase will encourage me to keep plugging away at it until I get to working. This is the minority of my projects, but it happens naturally to some extent. But I rarely put in the time and work to do that other, much larger bit to get to a done state. Because that part is actually work and it's not fun.

But what I've discovered in looking at my projects that actually got to done is that there's one thing that, for me, leads me to finish...having a social pressure. The projects that I've discussed with friends and gotten them excited about are the ones that I finish. My attention will wane and I'll drop it for a bit, but then I'll have a conversation where someone asks what what the status is and I'll pick it up and work more. And if that repeats enough, I finish. The best case scenario is getting someone excited enough to actually code with me on a project. In those cases, we usually get to done pretty quickly.

I think this is why being a solo founder is so difficult. You're going to run into difficult stretches and you'll want to focus on something else. It's a very rare person that can continually return their focus to a single problem, even in the face of adversity. But if you've got someone else to steer your focus back, you can keep working long enough to succeed.

So here's my advice to a coder who's never finished. For your next side project, when you get the inspiration, instead of immediately sitting down at a keyboard, contact a friend, go out for drinks and tell them about your project. Better yet, get a group of friends and discuss it. Get them excited about it and let them know that you're excited about it. Only after that step should you start coding.

vinceguidry 4 hours ago 3 replies      
I can't imagine ever shipping a side project. That's not why I build them. If I ever got to the point in my life where I do want my own company, a side project is not the way I want to go about it. Companies take a lot of work, that work has to be understood, then delegated and shared.

The technology aspect is really only 10% of it. Sure, it's the essential 0-to-1 kicker that gets you going, but once that's done you still have to find product-market fit. That quickly assumes second-job status and can wreck your personal life. I've seen it happen.

A side project means you're taking all that on yourself without any help or real guidance. Not having that help means that when you finally do ship your side project, it's probably not going to achieve the kind of rapid growth you need to make scaling up possible.

And you really need rapid growth in order for working on a startup of your own creation to beat out having a reasonably-decent job. And if you don't have a reasonably-decent job, it's way easier to switch jobs / industries than it is to build out your own company.

What I want out of a side project is the kind of deliberate practice that is often lacking in my real job. Also to chase down random mind hares that seize my interest.

reledi 10 minutes ago 0 replies      
It's okay not to ship personal projects. No one's really holding you accountable for that. Look at it this way, unfinished personal projects still give you value because you might still be using it in its incomplete state, and you learned something when making it. As you become a more experienced engineer, it's common to have more unfinished personal projects because you have difficulty approaching it with a hacker mindset where you throw all best practices out the window and get it working as quickly as possible. Accept it and try not to lose sleep over it.

The problem is when this behaviour crosses over into your professional life, because you're not delivering value to your customers quickly enough and as a result you'll either get sacked or the company can go bust. Having someone else to keep you in line works great, it doesn't even need to be a Product Manager or Product Owner. And if you don't have someone else to keep you disciplined, then you better work hard on improving this area where you're lacking. Write down ideas on paper for example and ruthlessly prioritise and prune them every morning. Sayings like "work on what's highest priority", "do the least amount of effort that results in the greatest value", "keep it simple", "reduce scope", "you aren't gonna need it", "defer nice to haves", and so on are things we hear so often because it really is good advice that you should follow.

DizzyDoo 3 hours ago 2 replies      
I finished my side project a couple of years ago, released it, and then found I was able to quit my Python webdev job and go full time making video games.

The key difference is that my project was a video game (this one: https://www.youtube.com/watch?v=YwXl8lDrxn8) and that takes a lot of temptation to do what the OP is writing about, rewriting stuff in Haskell for example. The interesting bit when it comes to side projects (and now my full time projects) for me isn't actually the tools or the methodology or anything like that, but the end result. I spent my teenage years building games that I never finished, and it made me quite miserable, because I so just wanted to finish something. Anything.

I remember the first game I ever finished was a clone of Snake. There was nothing remotely interesting in the implementation or in the design, but I was so flipping pleased with myself, I had finished something! And that let me slowly build my projects up to more interesting endeavours, and eventually to one that could be sold. Starting small was the key for me, as I learned two things: 1 - what was 'too much' for me to try and tackle at the time and 2 - self-discipline, not chucking the project the moment I got bored, or had a 'better idea'.

nemacol 2 hours ago 2 replies      
As someone who is trying to learn to code on their own, I feel like I understand this. The first question of "which language/stack/etc should I learn first?" has haunted me for the years I have been trying and getting nowhere.

Not EXACTLY the same problem as the author, because I am not building out scalable infrastructure. I just spent a ton of time learning the fundamentals of angular and node, then try to understand express, then grunt, and mocha and bower and... now I have weeks into this pile of stuff... nothing working and I am frustrated, disappointed, and oh look Overwatch patch notes.. time to try out the new hero.

feyn 5 minutes ago 0 replies      
avenoir 1 hour ago 0 replies      
I share the pain. I'm incredibly productive at my day job architecting and tying together a plethora of microservices to deliver a platform of unified products. Outside of work i am absolutely freaking worthless. My problem is largely perfectionism. I've started working on seemingly great ideas and then took a turn to build a tool that would make task A less hack-ish. A few weeks later I'd open-source the tool/library and jump back on to the project only to find yet another thing to bothers me. My thinking here is that while I'm working on something in my spare time I should enjoy doing things the right way instead of cutting corners to meet deadlines. If i don't do this I cannot help but feel unbelievably dissatisfied and usually quit within a few days. Still don't know how to get over the hump. I'm almost thinking i have some kind of psychological disorder. On a side note, this same behavior helps me a lot in other areas, like working on a project car where attention to detail and just taking time makes the end result much better.
kilon 3 hours ago 0 replies      
Suffering with dysthymia taught me many things. One of the things is that I may be fine working under pressure but my brain is not.

Side projects tend to be small , fast and enjoyable. This is the way the human brain works and is actually much more efficient than taking big steps.

Also make sure that your main goal is fun, if it is not, it will only get worse. Fun is the fuel of the brain. You cannot fight fun, because you cannot fight the brain. The brain always win.

Make your brain your ally and success will come. You are not your brain , your brain is a lot more than you.

Let me say once more , brain.


Oh and if you think your code will never sell , remember that fortunes have been built selling rubber bands for hair. There is always a way.

" use the brain Luke "

drchiu 5 hours ago 0 replies      
It depends on your goal. Is your side project aiming to become a side business or an experimentation to learn new things? If it's a business, it's important to get things done. If it's for fun and to experiment, sometimes the end goal is not to actually complete it. The endeavour itself will be reward enough, perhaps.

It's true that a lot of programmers do jump from shiny new tech to the next shiny new tech. If it's to start a business, it's probably best to stick with boring stacks.

chatmasta 4 hours ago 0 replies      
Your problem is you have no momentum. You need to build momentum and get over your fear of shipping.

My advice: pick three "side projects": one that you can build in a day, one that you can build in a week, and one that you can build in a month.

Build the first one in a day and ship it. This will motivate you and build your confidence in your shipping abilities. Then build the second one in a week and ship it. Then build the third one in a month and ship it. You've now shipped three projects, good going!

That said, I want to echo what @vinceguidry said. Side project != business. If you want to build a business, the same logic applies... just get something out the door. But you need to be serious about ongoing support and maintenance. Whereas a side project could be anything, like a fun open source project, a personal website, experimenting with new frameworks, etc.

p.s. Don't be so hard on yourself. You just shipped a blog post to the top of HN. And you've got a long history of blog posts on there. Maybe you should ask yourself why you can ship blog posts but not side projects?

dahart 2 hours ago 1 reply      
You could think of building a scalable back end you don't actually need as a form of premature optimization, and I think the way around that is to evaluate & measure what you actually need - problems you have now, not problems you might have later (no matter how sure you are). @gerlv's suggestion to "Ship daily" is great because it not only forces you to ship often, so you feel like you're getting something done, it also forces to you evaluate what you need, and forces you to quickly get feedback from users that should be the true driver of what you need. (Assuming you want users, rather than a finished side project just for you.)

Michael Abrash has some books on optimizing code in assembly language, and he takes special care to talk about why & when to optimize that would also apply here. The point he makes repeatedly is to optimize from the user's point of view - don't do something the user won't notice.


We all do it though, this is a human trait, but we programmers and computer scientists often amplify the problem. We love obsessing over what's "best", without regard to whether we actually need the best. We are taught during our Computer Science degrees to generalize and abstract at every opportunity, to plan for future problems we might have, and for future problems others have had that we might never have. We discuss incessantly how important it is for software to be scalable, and how to use the "best" everything, best language, best database, best algorithm, etc.

Strive to solve only the problems you're already personally experiencing, wait to solve problems until you are already experiencing pain, and ignore the problems that only "might" happen, then it will be easier to finish things.

garysieling 4 hours ago 0 replies      
I built a search engine for lectures (https://www.findlectures.com), partly so I have something I can show people (e.g. my family otherwise has no idea what I do).

Trying to build something in your free time forces you to think about dividing work up into very small pieces (what can I do with a free hour, etc). I've found this very beneficial in a work environment.

If you get to the point where you can show people, showing people changes how you think about the project - some invisible social pressure to do better, similar to code reviews.

You also have to think through the structure of the entire project on your own - often in a work environment, you're joining something in progress.

This is also a great way to research new tools. Instead of thinking how cool they are, you evaluate how they fit into a "real" project, but without the pressure to actually make it work.

rglover 3 hours ago 0 replies      
Obligatory, but important:

Do the Work - https://www.amazon.com/Do-Work-Overcome-Resistance-Your/dp/1...

The War of Art - https://www.amazon.com/War-Art-Through-Creative-Battles/dp/1...

You have to build a muscle for this stuff. It's hard.

srvlsct 33 minutes ago 0 replies      
I can relate to this. I created several products that I never launched. Now that I look back, I wish I hadn't been so reluctant to publishing them. Granted, I learned a lot but I wish I launched early and often to get over the psychological hurdle. Most people don't really care about your project anyway.

I finally bit the bullet and launched http://www.survivalscout.com in January. It's a definitely whole new set of challenges going from coding to trying to market and sell your project.

spython 2 hours ago 1 reply      
The same thing happens in many other creative endeavors, such as photography. If you don't have a client that needs pictures soon, you can spend months and years reading on the best lenses and techniques and buying new gear.

Acquiring all that knowledge leads to a feeling that you _potentially_ can do more. You are _potentially_ more powerful. It is a good feeling. You can never be disappointed in yourself if you don't finish anything.

superasn 3 hours ago 3 replies      
I struggled through the same thing once I started with TDD. I've never had problems completing and shipping new products (a solo founder i launched 20 saas sites last year) but after reading dozens of documents about why TDD is an absolute must for any serious programmer my hubris got the best of me and I decided that I too will join the bandwagon. Boy, was i wrong.. Maybe for big teams it is a must but for solopreneurs and 2 people teams I wasted nearly 8 months before i realized that not only my productivity had rock bottomed but I started hating something that I once passionately loved. Since that day I went back to php and angular js.

I do get occasional this feature not working mails but at least I'm creating new sites again and making more money. If there is anything you want to take from this rant is don't waste your time doing things that other people are telling you to (how ironic). Do what you love and you will get shit done.

robbfitzsimmons 2 hours ago 1 reply      
> If you're using AdBlocker, fair play, I don't blame you. But please consider chucking me a couple of quid: https://monzo.me/ewanvalentine

Am I missing something? It's a nice set of thoughts, but I can't imagine paying to have read somebody's personal blog, and would have been vaguely weirded-out at him having ads on it.

alexandersingh 1 hour ago 0 replies      
One technique that has helped me is what I call "atomic actions". What is the smallest action you can undertake, that you can build upon, which will help you realize your goal?

I've wanted to write for years but thought I had to pen esoteric essays composed of thousands of words. Recently I just started writing short, simple posts that are helping me establish a habit, develop fluency and enjoy the process of writing.

My first post was on this idea of atomic actions: https://alexsingh.svbtle.com/atomic-actions

Maybe it'll be of help to someone else :)

ideonexus 2 hours ago 0 replies      
There's a Garrison Keillor quote I love that I think relates to programming as well, "A written work is never finished, it's simply taken away from you at some point."

I think the author's intent is a good one and it overcomes the "perfect is the enemy of the good" trap we can all fall into at times. As the technical lead on a multi-team project last year, I had to beg my developers to just check in anything at one meeting because they were terrified of having the other teams see their imperfect code. When I assured them their code couldn't be any worse than mine, which I had checked it several times and actually had rejected by the version manager, that they were able to laugh and agree to start committing their work to the repository.

Your code is going to get criticized no matter how much you polish and engineer it. If you can accept that, then I think you will find yourself free to be more productive.

doc_holliday 5 hours ago 1 reply      
The number one thing to remember is almost no one cares what tech you used. Just get it shipped.

People have built million dollar business that had it's first iteration in MS Excel, if it is useful to someone and kind of serves the purpose then that is enough for a start.

liquidise 59 minutes ago 0 replies      
At the highest level, the trick is to actively do things to increase momentum while avoiding things that reduce momentum. Pick a stack you know, build a way to collect money, release before you've even written code, etc.

I wrote a post titled Side Projects: Avoiding Failures to Launch[1] a few months ago that touches on these same ideas in more detail.

1: https://blog.benroux.me/avoiding-failures-to-launch/

samirillian 42 minutes ago 0 replies      
Maybe part of it is coming up with a project that you consider too inherently important/interesting to experiment on. I feel like there are projects that are essentially excuses to learn a new skill, and then there are projects where you perceive a real need and simply want that product to exist.
claar 1 hour ago 0 replies      
Consider the psychological angle. ADHD, stress, depression and the like can contribute to these feelings of underachievement and frustration, and a professional can help explore these possibilities.

Perhaps you simply "haven't learned to finish what [you've] started", but sometimes there are deeper issues at play.

asimjalis 5 hours ago 1 reply      
I feel youve been on the right track all along. Instead of doing the opposite on the programming side you might need to do the opposite on the product and selling side. Instead of building something you have no passion for look for ways to sell what you have already created. In other words see if you can productize your "auto-scaling, multi-zone, cloud infrastructure". Theres definitely other people who would like to use that.

Or teach people how to use the new shiny thing.

Or help them decide the pros and cons of new technologies by talking about the subtle distinctions you have noticed between them through your experimentation.

nanospeck 1 hour ago 1 reply      
Recently, I found some things that works for me and put it out as a book. Interestingly, I finished the book also using the same techniques. A key trick to keep you motivated is to reward yourself handsomely and IMMEDIATELY if you achieve the goal on the PLANNED DATE. For eg. I rewarded myself an iPhone 7 plus ( which is currently the hottest phone in the market) for finishing the book in 30 days. This helps you overcome the fear of loss that, what if no one buys your product and your effort goes in vain. However I still find marketing is harder! (My book here:http://amzn.to/2iUYaOH )
Touche 2 hours ago 0 replies      
Keeping things simple is so key. For anyone working on a SaaS startup I would strongly encourage you to do the boring CRUD method using Ruby on Rails or Django or whatever the default framework is in your preferred backend language. Don't get into the JS SPA world, that's a rabbit hole of decision making you'll never escape from.

You can put that off until you have a successful startup and I bet by then you'll realize you don't need it anyways.

Personally, my problem is that I just have too many side-projects. I have one startup side project, but I probably have a half dozen of other OS side projects that I'm either working on here-and-there or I'm at least thinking about when I should be thinking about my startup.

I think this is one of the disadvantages of doing a startup as a side project while still working full time. Even though I allocate 1 hour and a 1/2 to 2 hours a day to work on my startup I still find myself working on other hobby stuff nearly half the time :( A lot of those hobby OS projects come out of some problem I'm experiencing at my day job but don't have the time to solve in the elegant OS way I would prefer to.

I'm super happy to have read this article and plan to take the advise. No more side-projects, just get my startup shipped.

tomseldon 4 hours ago 0 replies      
Infrastructure wise, I'm absolutely guilty of this as well. I have found that there's a middle ground...

You (probably) don't need the microservices and the complexity that comes with it, upfront. A monolith (and the simplicity in terms of deployment, logging, monitoring, etc. etc.) will probably do early on.

However, you don't want to shoot yourself in the foot for when it turns out you do need those things.

I try to write code in self-contained modules, with well defined boundaries, and glue it together in a monolith. If/when it needs to be split out into separate services, it becomes much easier.

So, application/business logic code: keep the standards high, do shit properly. Glue code to keep it all together? Less important. You can rip that out later and move to different infrastructure with the same code.

That's very generic advice, and I seem to always break my own rule on this at some point... but I find it's a better mentality for when shit just needs to get done.

Doesn't help with tech choice in general though (and I'm often guilty of this as well...).

marban 4 hours ago 0 replies      
Bonus reminder: If you're reading this, you'd better go work on your side-project like totally now.
jondubois 3 hours ago 1 reply      
I've finished at least 3 major multi-year side projects. One of my open source projects was pretty successful but none of my side projects went anywhere business-wise.

Usually some well-funded competitor comes up later with the same idea and takes all the market.

My advice: Don't bother starting a side project unless it's really niche, easy to implement and you just want to make enough money to replace your own income (the market has to be small).

Unless you personally know people who have tons of money to invest in your side project, then it's a complete waste of time. It has to be people first.

9 out of 10 businesses fail and it has nothing to do with abilities, drive or persistence; it's only about luck.

I've met a 17 year old who built a wordpress website that generated $10K per month after just 6 months (though it already had tons of traffic in the first month) and couldn't write a single line of code. I've heard of hundreds of similar stories.

Some random person somewhere on planet earth randomly puts together an app because they think it's cool without any thought whatsoever; it blows up in popularity out of nowhere; then some smart engineers/people who actually understand the potential find out about it early enough and join up in exchange for a stake in the project; that's how actual smart people do business.

thehardsphere 4 hours ago 1 reply      
I'm on the verge of completing one of my side projects. The most useful thing that I've found that helps me stay focused is to already have users who you know will want it. By staying focused on you users and what they want, you can stop a lot of this shiny chasing before it starts.
wukerplank 4 hours ago 0 replies      
My side projects usually aren't meant to get completed. I specifically use them to try new things. If it works out, I might use the new stuff in my job. If not, I gained some knowledge.

Some of my stuff is good enough to use (as in early alpha), but doing the final 20% won't pay off anyway.

nathan_f77 4 hours ago 0 replies      
This is pretty familiar! I've been going through this now with a little game I'm working on. It's been a way to learn React Native. I thought I would be done in a week, but I'm still working on it 6 weeks later, and I keep having to add new features.

It's crazy how the little things add up, like sounds, icons, animations, hosting, advertising, analytics, websites, landing pages, facebook pages, codepush, in-app purchases, etc. etc.

Hopefully I'll launch soon though, and be able to share it on HN.

fazkan 4 hours ago 1 reply      
You are one of the 2/3rd kids who were part of the marshmallow experiment. You cant control your desire for immediate gratification. I feel that with the level that you are in, you need a bigger problem to solve, rather than start a new startup(whatever that is). I know your type, I was like you, most of my friends are like you.

Also did I mention that you are an introvert by nature (read susain cain). You are easily distracted by shiny things.

P.S. I am no expert, those are just the things that I realized about myself....

P.P.S Shit. I think I am still like you, because otherwise I would have worked on the code review that I was supposed to do....

overcast 2 hours ago 0 replies      
Get to the point where you have something that barely functions, and put it on the web, then constantly iterate it. This is how you "finish" what you've started. I'm totally addicted to learning, and seeing how people use my stuff, so that's what motivates me to get the concept out there as quickly as possible. My only real issue now is having the time to be able to put ALL of my ideas out there. I must have a hundred domains of "ideas" that I want to get shipped.
js8 3 hours ago 0 replies      
Reminds me of this comics that I just sent to coworker: http://www.commitstrip.com/en/2014/11/25/west-side-project-s...
SNBasti 4 hours ago 1 reply      
Well, learning is the fun part for me. As long as I do not have to finish I probably would not.
tmsldd 1 hour ago 0 replies      
Make smaller projects, divide things in manageable pieces and define a clear end.. before starting it.A project never gets finished just because we never stop adding to it..
pfortuny 5 hours ago 0 replies      
Superstructure is only useful if you have something to support. Otherwise, it just scaffolding without building.

I guess all of us learn something similar to this at some point in our lives.

EdSharkey 4 hours ago 0 replies      
What's the scope of your side project(s)? Do you have a business plan? Who are your target users? Is your code quality all over the map, why and in which modules?

In the quiet times, I ask myself these questions and get sheepish, embarrassed answers. When you can give reasoned, confident answers on hard, painful questions about your future business rather than current tech demo, then your project has a shot at life.

I have an amazeballs tech demo for my side project. It is scoped way too huge. Heroics and not knowing what I was signing up for got it to where it is today.

Honestly, if I were to do it again, my first features would have been user management and payment processing. I wish I could take users and have them pay me as soon as they saw value in my growing hobby project. But I can't because I didn't prioritize getting users and using their subscriptions to fund my work. I have a ton of neat features and no users, argh!!

stuaxo 1 hour ago 0 replies      
The downside to taking "get shit done" is incurring technical debt.

This can be a good thing, if it helps you move forward, as long as you pay it off + don't let too much build up.

wruza 5 hours ago 0 replies      
You simply watch how js-required blog shows you neverending progress, instead of working on it. That's how.
mdpopescu 5 hours ago 1 reply      
I disagree. Experimentation is an important part of learning and yes, initially there's a lot of "wooo, shiny!" going on. It doesn't matter - you are STILL learning.

It also helps to remember that software projects are never finished - only abandoned.

drsopp 2 hours ago 0 replies      
The brilliant lecture by John Cleese on Creativity is apt: https://www.youtube.com/watch?v=9EMj_CFPHYc
verroq 4 hours ago 0 replies      
I often find that when I'm working on a really good side project I severely underestimate the time to finish.Of the few times I've forced myself to actually finish it ended up completing in the wee hours of the morning.

So I've became more picky about the side projects and if I'm unwilling to commit to finishing it in the wee hours of the morning then it probably isn't worth doing at all.

mezod 3 hours ago 1 reply      
I keep finishing things. I do MVPs, but they are so simple that noone really cares, and after all the effort I put into them. motivation is gone. So while I'd completely agree with this, every day that goes by I disagree more.
OliverJones 3 hours ago 0 replies      
Methinks our author is too hard on himself. Tinkering is a slow process that can seem undirected, for decades even.

Tinkering with stuff to figure out how it fits together is good. When the right project presents itself, the persistent tinkerer will be ready. She or he will have the advantage of knowing how to do the project.

gressquel 2 hours ago 0 replies      
Only thing you need is https://www.youtube.com/watch?v=1n9ykP5NJ2s

(if its a bad joke, dont vote me down :) )

zMiller 2 hours ago 0 replies      
"I'm challenging myself now to do the opposite, keep things extremely simple, unglamorous, dumb, sometimes ugly. But done."

Here here my friend.

fourseventy 1 hour ago 0 replies      
Have a grandson, name him Kylo, he will finish what you started.
stuaxo 1 hour ago 0 replies      
An update after 3 months of this might be good, to see if it worked ?
yakshaving_jgt 1 hour ago 0 replies      
FWIW, the only side projects I have actually shipped were written in Haskell.
JonoBB 4 hours ago 0 replies      
Many side projects are not shipped because writing code is only a small fraction of actually launching a side project. There are a myriad of other things that need to happen to launch, most of which have little or no relation to writing code.
a_imho 4 hours ago 0 replies      
The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming.
smonff 4 hours ago 1 reply      
It sounds like an alcoholic after a major hangover saying "never again".
NicoJuicy 3 hours ago 0 replies      
Weird, I developed so many side projects. But my most successfull one is a webshop which I configured in woocommerce with 1 product in it
rev_null 2 hours ago 0 replies      
What's with the cheap shot at haskell at the end? I've shipped a couple of side projects in haskell.
trentnix 2 hours ago 0 replies      
And I haven't learned to start what I can finish. Maybe one of these days...
duke360 2 hours ago 0 replies      
same problem here but slightly different solutioni impose myself to not start another thing until the previous is done.doesn't matter how long it takes but i cannot do another thing until the previous is not readyi know this will bring me to 10-year-long side projects...
rafinha 2 hours ago 0 replies      
Guess I'm so far gone couldn't even finish the article...
bachmeier 3 hours ago 0 replies      
My side projects are tools I use for work. I don't necessarily finish them, but I use them all the time.
twfarland 1 hour ago 0 replies      
Write meta blog posts
ronreiter 5 hours ago 0 replies      
The real motivation behind acquiring technical debt is that 80 percent of your development work will be dumped eventually. Remember this.
dustingetz 4 hours ago 0 replies      
Do what makes you happy
igorgue 4 hours ago 0 replies      
Here's the thing, there's a lot of social pressure in our industry to start a startup.

I wonder if OP has ever question why he wants to create these startups.

I found a while ago, that I like kids, I like playing with them, I would never have one though, I see Startups as the same way, it's something you'd be stuck forever, like my JQuery Mobile based product of my own startup, I can tell you now that I get to fuck around in my free time, now I'm happier.

You need to question yourself more, are you a programmer or an entrepreneur?

mattbgates 4 hours ago 0 replies      
I pretty much go to work and code. Then I come home and code until I cannot code anymore and pass out from exhaustion. Good article. Started off with me thinking I actually wrote it. But I think you lack motivation to finish because you are content with the way your life is.

I first started creating a project or two that were completely free. These projects helped me learn what people like and if people were even interested in using anything I created. Turns out.. I've got good ideas that people actually find useful. I'm not after creating the next Facebook, Twitter, or LinkedIn. Rather, I'm after creating things on a much smaller scale that help with everyday life. Once I got that concept down and accepted that I would not be creating something huge like a social media network, but other useful things on a much smaller scale, more specialized and to the point -- many programs start off great -- then the developers add too many things to it and it becomes bloated and no longer focused on what it was originally meant to do.

So whenever I start a project: I write out all the things it should do; its function and purpose. I do my best never to deter from what I had intended it to do. This keeps me focused and helps me complete projects much faster. I did more research in how to charge for the things I made. I would love to give away everything for free, but I need to eat and pay my mortgage too. I'm certainly not looking to charge anyone an arm and a leg, but if I charge a fair price for the products I create, taking the time and consideration, and how some of it does actually make life easier, than why not ask my users to pay a small fee to use the product that helps them in their everyday life?

If everyone pays a small fee to me, than I can continue supporting my products and creating more. I've certainly lost motivation and interest too many times to count, but money is certainly a motivating factor. To help stay motivated, I originally calculated how much potential income I could make from X amount of people signing up and paying the monthly or yearly recurring fee from any project I start. Anytime I lose motivation, I look at those numbers as the potential revenue that I could be making and it instantly puts me back in the mood to continue my side projects.

I was so serious about my side projects that I registered an LLC in my state, opened a business bank account in order to collect money via Stripe, and I talk about and act like I am already a business owner creating products for my business. I have a few "solid products" out there, but the ones I'm charging for are still in beta and testing phases. My journey into understanding how to design products for people began at the end of 2015 and it is now the beginning of 2017. So I'm about a year in so far. I will eventually get to where I want to be.

The other thing that keeps me motivated: I'm tired of working for someone. I've done it for almost 20 years... I have dealt with my fair share of arrogant asshole bosses, backstabbing co-workers, or just being under-appreciated or under-paid. It is exhausting to have to show up to a place for 8 to 9 hours a day, only to be treated like you are just a means to an end for a company. I get it: they need to make their money too, but to treat you as a human being and show respect and help you to keep your dignity and sanity goes a long way.

I get to watch other departments who are all eligible for things like "CEO's Club" or "Honored Vacations" or "Gold Member Status" while my department is "not eligible" and completely ignored and treated as if we don't matter, despite the fact that we bring in millions of dollars every year for our company. We design the products for the entire business and control how things are distributed and what they look like. We literally influence how web design looks on the Internet. I'm tired of watching my co-workers make mistakes and not get in trouble for it, while I make a single mistake, far less worse than theirs, and I am singled out, and a whole meeting is called to address the issue. Sure, I'm probably held to a higher stand because I have been there much longer than my co-workers, but everyone should be held to that high standard. I've worked on projects that have brought the company in tens of thousands of dollars in a single shift. I'm also tired of being the developer who can complete 4 or 5 projects in a single shift, while my co-workers can hardly complete one or two projects, yet there is no bonus to me for doing that, yet it is expected that I am the one to be the sort of "sweeper" who ensures that all projects meet their deadlines, no matter what, while it is okay for my co-workers to leave me those projects to do because they know I will do them -- and I have no choice.

I'm certainly not complaining about my job or the money. I love both! I love web developing. I love web designing. My paycheck isn't the greatest (because most of us.. could always stand to make a little bit more -- and more never seems to be enough), but it allows me to pay my mortgage and other bills and feed myself and my family and enjoy life a bit. I also live about 10 minutes from my job which is awesome. Imagine all that money saved in gas and car repairs. On the warmer days, I ride my bike to work. It is such a relief to be so close to work! But giving 8 or 9 hours of your life every single day, 5 days a week, 52 weeks out of the year... it is very draining. It is like I am paying for my house to sit there all day and be empty.

So this is why when I go home.. and I am working on my side projects, I feel I am working for a better life: Designing products for others to use, hopefully products that don't have too many bugs in them, and my hope is to create that recurring income, so that I can work 20 hours a week and not 40 or 50 hours a week.

Sure, this is totally "first world problems" -- I'm happy that I'm not working in fast food. I'm happy I'm not in construction or that my job is not backbreaking work or intensive labor. I'm happy I'm not working for minimum wage. I probably have a better life than most people do. Again: I am not complaining about my job or the money. I'm not even really complaining about my company. The issue lies in not being treated with more dignity and respect and appreciation, which I think is completely lost in much larger corporations, where you are just one among thousands of employees.

So to never complete a side project means you are content with your life as it is. The only way to get ahead in life is to create things that other people like, want to use, enjoy using, and would actually pay you for it (or win the lottery or manage to successfully sue some corporation or whatever).

You could try to create something like Facebook, though Google Plus showed us it is not possible to even contend with that type of influence and stronghold. To not charge any money at all, you have to basically get to the point where you are receiving so many visitors that advertisers love you. Therefore, your only option is to charge a small fee for the usage of your product. You may not become the next Mark Zuckerberg, and that is okay. But if you can generate enough income to actually quit your day job, than I'd say that is success right there.. at least, it is success for me and certainly keeps me motivated to complete those side projects!

scandox 4 hours ago 1 reply      
Offtopic: I got quite a NSFW Ad when I clicked through to this. Well depending on the workplace. But yeah not something I'd love a colleague to see over my shoulder.
quirkot 4 hours ago 1 reply      
Show HN: A virtual phone number for your company based on Twilio thisnumber.rocks
97 points by hme  5 hours ago   47 comments top 13
tallanvor 5 hours ago 1 reply      
Why is there no information on the costs or requirements? It seems the only possible way to find out is to sign up, which requires providing an email address...
beejiu 4 hours ago 1 reply      
If you don't need the opening hour logic, you can already achieve this will Twilio's Twimlets.
aatishnn 5 hours ago 2 replies      
Some things that need fixing:

- I could just create an account with nothing entered on the password field and could also login to that account that way.

- https://thisnumber.rocks/ is not being pointed to this same app.

koolba 3 hours ago 1 reply      
Isn't this exactly what Google Voice does?
zhte415 1 hour ago 1 reply      
Is this like DNS for a Twilio number? That's what I get. If I misunderstand could you fill out more, as if so this could be useful for contingency planning.
onassar 1 hour ago 0 replies      
Awesome well done @hme Big fan of services that plug into your own billing system (rather than acting as a proxy).
napoleond 2 hours ago 0 replies      
This looks neat! BTW (shameless plug), for anyone using a Twilio number for voice and wishing to easily add SMS functionality, I created https://www.smsinbox.net last year.
yogeshgirdhar 3 hours ago 3 replies      
How is this different from the hundreds of VOIP services out there?
JustSomeNobody 1 hour ago 2 replies      
What is your strategy for when Twilio goes away?
robojamison 5 hours ago 2 replies      
How is this any different from Google Voice?
dbg31415 2 hours ago 1 reply      
Years ago one of my clients had an internal system like this... it tried numbers in sequence... but the problem was for the person who dialed in this meant very long wait times if the first person or two weren't responsive. Also we hit issues where the message would end up in someone's personal voicemail box.

Then we switched to more of a "ring all the lines at once and the first one who picked up got the call" -- much better for the person dialing in... but meant every one of our support people got distracted every time the phone rang... they hated it.

Eventually we just went back to something like ZenDesk for customers to write in to create tickets, and then expanded it to something more like what Apple does... where the user creates a request to be called back at a certain time. This is what the client still uses. It's a better system for everyone than trying to sort out incoming calls in real-time.

grigoryvp 3 hours ago 3 replies      
Such thing can be created in a few lines of JavaScript code via Voximplant

BTW, anyone interested in a tutorial? I can create one.

Fast Radio Bursts from Extragalactic Light Sails arxiv.org
39 points by DeusExMachina  4 hours ago   11 comments top 3
kangnkodos 52 minutes ago 2 replies      
If we are receiving the FRBs, the focused beam must be pointed towards earth. So the spaceships with light sails must be headed in the direction of earth. Get ready for the invasion!
kator 34 minutes ago 1 reply      
Maybe I'm just crazy but there are a list of things I hope we figure out in my lifetime, and extraterrestrial intelligence is right up there in the top ten.
throwaway7645 50 minutes ago 3 replies      
Didn't read the article, but it's always fun following these lines of thought. We have no evidence of life outside earth, but darn it...we can't be the only ones here...I mean we can, but that just doesn't sit well with me. I wonder if almost any civilization would end up using lightsails powered by beams or if many skip it in favor of some other technology.
Password Rules Are Bullshit codinghorror.com
379 points by ingve  5 hours ago   153 comments top 49
simias 3 hours ago 13 replies      
I agree with almost everything but the he loses me towards the end:

> I had a bit of a sad when I realized that we were perfectly fine with users selecting a 10 character password that was literally "aaaaaaaaaa". In my opinion, the simplest way to do this is to ensure that there are at least (x) unique characters out of (y) total characters.

Isn't that exactly what you're complaining about with your arbitrary password restrictions to begin with?

I mean, I can imagine that a clueless user might have the illusion of safety if they're using something like "1q2w3e4r5t" but if I use "aaaaaaaaa" as a password on a website I know full well what I'm doing. So why even bother?

I think there are two possible ways to look at this problem from a service provider perspective:

- if the user getting their password stolen is a bad thing for you (i.e., you're a bank or something like that, and getting an account compromised will put you in trouble), then IMO the only satisfactory solution is to impose a password to the user. In effect these ridiculous password requirements are exactly that, except less convenient and secure. Cut to the chase and say "your bank password is Axei5aoc0i, write it down somewhere safe".

- if the user getting their password stolen is not a problem for you because it's not your responsibility to handle these issues (like a hacker news account for instance) then just let the user pick whatever they want and deal with the consequences. If they care enough about it they'll care enough to pick a decent password. At most if you really want to be friendly give an indication that a password might be weak, but please don't disallow it.

nerdponx 4 hours ago 11 replies      
Here's another problem that isn't discussed very much: error messaging and failure modes.

I use a command line tool to generate passwords, and I use a password database to store them. It has happened to me before that the maximum password length is something disconcertingly small, like 20 characters. I would copy and paste my password, submit, and then failed to be able to login. Why? Because my password in the "create" page was silently truncated on the front end, but the same truncation does not occur in all places, so I would type a longer password on the login page then what was registered in the system and it would fail.

Other times a password that was too long or contained whitespace would fail with a cryptic error message, or would tell me I failed to meet some other password rule that I know I did not fail to meet.

I don't understand how something with so many widely-recognized best practices associated with it can be implemented badly.

criddell 3 hours ago 0 replies      
Somebody got into my bank account and attempted to steal some money. Luckily, we were able to stop it quickly and the bank had the money back in our account the same day. It was pretty upsetting so I sent a letter to them with a lot of questions about their system and eventually somebody from the inside called me.

One of the questions I asked was why they limit password length. The (low) limit suggests that they were storing the password rather than a hash of it. They wouldn't confirm that was what they were doing, but their ultimate answer to me was stop worrying - you aren't responsible for fraud.

I also asked for a list of all the external IPs that had accessed my account and I couldn't get that for privacy reasons. I'm not sure whose privacy they were worried about, but I guess it wasn't mine. In the end, it was an incredibly unsatisfying exercise.

jondubois 3 hours ago 5 replies      
I'm surprised that this article didn't mention the most important point about password rules:

They force you to come up with a new password that you probably haven't used before and so you will probably forget it.

There are websites that I don't use often where I literally have to reset the password (and go through all the i-forgot-my-password steps) every time I want to log in because they forced me to come up with an overly creative password.

I think most people have two or three passwords for all their apps/services; one very secure one, one medium security one and one low security one (where you literally don't care if you get hacked). It's not the company's business to tell you which of those classes of passwords it deserves for its website.

Tostino 2 hours ago 0 replies      
I totally agree that arbitrary password rules are not a good thing, they frustrate users to no end, and can make things less secure.

I really liked the zxcvbn library from Dropbox, as it allows you to catch those really egregiously bad passwords before it's too late, but is much smarter than any list of arbitrary rules could be. I actually wrote a similar library (nbvcxz - https://github.com/GoSimpleLLC/nbvcxz) for my company which implements all of the functionality of zxcvbn (and extends it as well) so I could use it on the server side.

paulddraper 4 hours ago 1 reply      
It should be mentioned that the NIST reference Jeff sites is only a draft, started last year. https://pages.nist.gov/800-63-3/sp800-63b.html

It's a great one. Not only does i recommend against composition rules, but

> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)

Oh, if there is a sin against passwords it is forcing quickly memoizable (i.e. simpler) passwords.

lloeki 3 hours ago 0 replies      
Travel to some other side of the world and France's CNIL recommends[0] the following password rules as of 27 Jan 2017 (abridged):

- if the system uses a login + password scheme: 12 chars min and mandatory mix of all among non-caps/caps/digit/special

- if the system uses a login + password + time-based exponential backoff rate limiting with a baseline of 1 min after 5 tries maxxing at 25 per 24h or lockout after 10 tries or a bot detector such as captcha: 8 chars min and mandatory mix of 3 among non-caps/caps/digit/special

- if the system uses login + password + environmental information (such as IP or MAC addr, etc...) + time-based exponential backoff rate limiting with a baseline of 1 min after 5 tries maxxing at 25 per 24h or lockout after 5 tries or a bot detector such as captcha: 5 chars

- if the system uses login + password + hardware second factor (SIM, U2F, YubiKey...) + lock out after 3 tries: 4 chars

To fend off in-transit and offline attacks, the document suggests that auth should transit sufficiently encrypted (using a cipher or method currently recognised as strong and non-vulnerable) and passwords should be stored obfuscated using a secure (similarly defined as strong and non-vulnerable) one-way cryptographic function with salt (and possibly pepper since they mention a "key", which makes no sense for one-way crypto functions).

[0]: https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=DCF...

rcar 42 minutes ago 0 replies      
The most recent post in one of the Tumblrs linked through the article goes through some of Facebook's password allowances: http://password-shaming.tumblr.com/post/157913813567/not-ent...

Essentially, Facebook accepts 4 forms of the password as correct: 1) the correct password, 2) the caps-lock inverted version, 3) the correct password but with the first letter capitalized, and 4) the correct password + 1 character of any type. Each of #2-4 seems to be designed to prevent a failed login for the real user under common error cases, particularly when logging in on a phone.

Since each of those options can be easily stored as hashes (with #4 being done by also testing the entered password with the last character omitted against the correct password hash), the only weakness I can see this introducing is that if hashes were leaked, there's 3 valid passwords that could be found by an attacker rather than just 1, but with good hashing practices, that doesn't seem like a big deal since the search space will still be quite large.

With that in mind, that seems like a user-friendly addition that doesn't introduce any major weaknesses. Anything I'm missing that would make this a crazy scheme to have implemented?

sontek 2 hours ago 1 reply      
I agree 100% with these complaints about some of us don't have a choice. For example, PCI requires:

- Contain both numeric and alphabetic characters.

- Users to change passwords at least every 90 days.

- Password parameters are set to require that new passwords cannot be the same as the four previously used passwords.

Which go against the NIST guidelines. So how do you do things that are considered "best practices" when people like PCI require you to do them wrong?

johnlbevan2 3 hours ago 1 reply      
Not mentioned:

Password reuse across sites. Have some check as to whether the same password can be used for the same username / email across other sites. I discovered this one early; back in 2000 I was an admin for a student portal at uni created by Virgin. As an admin I could manage people's accounts; including reset their passwords. The field for me to change their password had their current password; it was hidden by asterisks so I couldn't see it... until I clicked view source on the site :/. So now I had everyone's passwords & their email addresses; my guess is I could have taken advantage of this for at least 80% of those accounts.

Password change frequency. Changing your password can be annoying; but there is some benefit (so long as you're not changing too often).

Password reset rules. If you click "forgot password", many sites still use the memorable question with questions which are often publicly available (e.g. to get someone's mother's maiden name, this information's on the public record, and can often be found through someone's social media too by looking through their contacts, then the contacts of those sharing their surname; as their mother's maiden name will match their uncle's surname, and most people with their surname will be friends with both their mother and their uncle). Emailing a reset link is great; but relies on email which isn't (and some people's mail's very unsecure; e.g. company mail can often be legitimately viewed by the company's IT team; and that's the non-hacky scenario).

andrewguenther 54 minutes ago 0 replies      
This article starts by using an example of 8 "bad" password rules, but by the end of the post, Jeff ends up suggesting 5 of the 8 anyway. This post really should have been called "special character requirements are bullshit."

I'd be willing to bet that a future version of Discourse will also disallow using your previous password as well. Then we'll get another password blog post talking about how hard passwords are and how we need more rules for passwords. Experience is a funny thing.

prairiedock 2 hours ago 3 replies      
Can anyone explain why all authentication systems don't enforce a (say) 2-second delay on repeated password attempts? Wouldn't this solve nearly all insufficient entropy problems?

Even a 5-character password should suffice in this situation, and a human user would never even notice the 2-second delay. How would malevolent password-crackers get around this?

amelius 4 hours ago 0 replies      
baron816 3 hours ago 1 reply      
Why not get rid of passwords completely and just send a link to log in to the user's email address?
Spooky23 3 hours ago 0 replies      
Excess in password complexity policy is bullshit. I'm surprised Atwood would write knee jerk nonsense like this.

If you follow the NIST guidance, it's not a problem at all. The bullshit happens when you allow infosec people who lack applied skills and go overboard in their analysis of policy and standards documents. Those infosec people wrongly see increasing entropy as equating to high assurance -- in reality increased complexity leads to ad hoc "something you have" tokens (i.e. My complex password is written on a post it note).

You need length and complexity standards because users don't know how to measure risk, don't understand what a good enough password is and don't really care. So people do stupid shit like make their password "qwerty". It puts their data and the integrity of your system at risk.

Disregarding the navelgazing about cultural insensitivity re: character sets, a 10 character length + 3/4 of upper/lower/numeric/symbol, combined with lockout controls ensures a reasonably high level of assurance. Again, per the NIST guidance, if you need more trust, you need multiple factors.

ajmurmann 1 hour ago 0 replies      
I've been intrigued by trying to circumvent passwords completely. On the vast majority of websites your password already is only as secure as your associated email account. You control the email you can reset the password. So maybe we can build on that? Instead of entering a password I entered a code that gets emailed to me either manually out via link. For important things we can airways supplement with another token from a TFA app or better TFA device. I'd argue that this would be more secure for the average user and more convenient for at least some users and use cases. I personally would find this mildly annoying on my laptop where I'm already logged in to a password manager, but convenient on my phone where logging in to a password manager is a major pain. Cheapshark.com does something similar and as a user I find it a great experience. It's more of an obvious fit for something like this where your account isn't very valuable and you use infrequently, but it's really no less secure.
oleksiyp 30 minutes ago 0 replies      
I use a "GetTh1ngsDone" password with my goal in it and thus type every time a thing that I want to achieve. Isn't it a great idea?
drewg123 3 hours ago 1 reply      
I just yesterday had to sign up for some bullshit "secure email" service to read some email from my late uncle's bank. They had all the rules described in the article, and I could not use highly secure generated passwords. I finally settled on some super weak password with one of each requirement (char, case, symbol) tacked on to the end. Sigh.

To make matters worse, the email looked just like a phishing attempt. Right down to having you download some html attachment, which, after it opens, directs you to click on something which finally takes you to the "secure email". The whole process felt like something a scammer would come up with, and is really not how banks should condition their customers.

nkrisc 2 hours ago 0 replies      
Serious question: given those rules, are there more invalid or valid passwords within those constraints?

At first I thought the answer would be obvious but the more I thought about it and did some scribbling I couldn't come up with a good answer. Math is not my strongest skill.

Let's assume you had hashes of passwords following these rules and knew the hashing algorithm, could the rules be so restrictive they narrow the search space and actually make it easier to crack them than no rules at all?

woliveirajr 3 hours ago 0 replies      
I wonder it who designs those rules, in general, notices that when you require "at least one Uppercase" people will just press shift for the first letter, and when you require "one number" people will suffix or prefix the password with the number "1" [0]. And I don't know how that would increase security.

[0] for example: http://www.the-interweb.com/serendipity/index.php?/archives/...

Wonderdonkey 1 hour ago 0 replies      
Side topic: As an end user, the worst for me software that only tells you what's wrong with your password AFTER you've done it wrong, and then only tells you one thing at a time even when you've made multiple errors (dictionary word, password too short, needs one capital letter, needs one number...). Just tell me the damn rules and let me get on with my life!
snarfy 3 hours ago 0 replies      
"What technical reasons are there to have low maximum password lengths?"


chrismorgan 4 hours ago 0 replies      
zxcvbn is a library by Dropbox that makes a fairly realistic sort of password strength estimate.

[1]: https://github.com/dropbox/zxcvbn

rkcr 3 hours ago 0 replies      
I have to use Dashlane for work and it horrifies me that their password requirements are so outdated. A password manager ought to know that it's more important to have a longer password than a password with a number in it.

(See rules here: https://csdashlane.zendesk.com/hc/en-us/articles/202698981-I...)

agentgt 3 hours ago 0 replies      
I find it interesting he mentions Emojis as I actually just recently wrote a deterministic password generator that uses the Emoji annotations (for word selection) for generating deterministic passwords from a master password: https://github.com/agentgt/ezpwdgen

Of course you could use the EFF word database but after trial and error I actually like the Emoji annotations [1] better (I obviously remove short words and non ascii stuff).

I plan on having the script show the words along with the corresponding emoji (iterm supports emojis) to help remember. The idea being not to copy and paste (I need practice on remembering stuff anyway... the joy of getting older).

[1]: http://unicode.org/emoji/charts/emoji-annotations.html

dahart 1 hour ago 0 replies      
Password rules are especially bullshit on mobile devices where the pain of caps (requiring shift key) and the pain of special characters (often requiring a change of keyboard) are extra severe punishments.

A long all-lowercase pass phrase that's pronounceable is both safe and easy to remember and easy to type on mobile devices. When I hit sign ups that require other characters while on a tablet, I frequently decide I don't need it and bail out.

woliveirajr 3 hours ago 0 replies      
Thou shall take care of the password manager, as it is a single point of failure. Because users (=not people who read and understand news from hnews, but the layman):

1 - won't make backup of the password manager (PM) database

2 - will forget sometimes the main password of the PM

3 - will loose the cellphone where the PM is installed

4 - will not update the PM

5 - will tell somebody else the PM password

And there will be many PM, some will have flaws, bugs or backdoors. Some will work on iOs but not on Android. Some will mess up in same point and make users lose trust.

And there will be sites with bad interface that won't accept copy-and-paste of the passwords. That will require things that your random-generated password doesn't contain. Will complain about something that it contains. Will do good on the password but will have those stupid questions (maiden name? grandfather name? pet name?) that you'll be able to find in any Facebook. Than the weak point becomes the password recovery.

I just found one type of requirement that was good enough to people take real care with the password: when the password is the one that allows anyone to withdraw cash from their account. When there is real money in the game, people take care.

Edit: misspelling, thanks for the warning!

raesene6 2 hours ago 0 replies      
On the password front, I like the new NIST guidelines (summary here https://nakedsecurity.sophos.com/2016/08/18/nists-new-passwo... with links to the detail) and the UK NCSC guidelines https://www.ncsc.gov.uk/guidance/password-guidance-simplifyi... which favour far more realistic guidelines rather than the arbitrary nonsense of hard complexity rules and forced regular password resets.
yAnonymous 1 hour ago 0 replies      
"When the DB with clear text passwords is stolen from our server, because we haven't installed updates in three years, at least your other logins won't be affected."

There's no better way to communicate this to your customers than complex password requirements.

jimktrains2 3 hours ago 0 replies      
I wish we could just avoid all of this by using methods like SRP[1] where the site wouldn't even need to know the plain-text password in the first place. Why am I giving a "secret" to someone else?

[1] https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

sverige 3 hours ago 0 replies      
I gave up on this long ago. I login to various accounts from different machines often enough that a password manager doesn't always work for me. I keep a printed paper copy of some 60 different passwords in my laptop bag in case I need to remember one for a new machine. That printed copy gets handwritten notes on it from time to time, which I then use to update the text file on a thumb drive when I'm not connected to the Internet. I print a new copy about every two months, I guess.

To add to the bullshit, it is so common that a site will have some idiotic rule (like "must include a number," "must have at least one lower (or upper) case letter," "must include a special character," "must not include any of these special characters," "must change password every 30 / 45 / 60 / 90 days"), that I don't even get mad about it anymore. I can't even spend the mental energy to send them an email.

Whew, thanks. I feel better now.

rb808 2 hours ago 0 replies      
I resisted for a while but now always use Google or Facebook account for sites that let me. Makes the password problems much simpler.

Special brickbat for American Express who doesn't let you use special characters in passwords - screwing up my system.

jasonkostempski 2 hours ago 0 replies      
The biggest issue with passwords is using the same one with the same username everywhere. I knew this, still did it with accounts I didn't really care about (Netflix, Hulu, Skype, etc) and, of course, after 10 years of using the same one, just about every place I used it was getting accessed by someone else over the last few month. Writing down passwords and keeping them in plain site in your house is probably safer than using a username/password combo that you use a lot, on a system any script kiddie can get at.
m0nty 3 hours ago 0 replies      
I was trying to sign up to an online gaming site recently, and my initial password was shown as being "strong" but was rejected not enough "special" characters. It was 24 chars long and straight out of Keepass, but whatever.

I asked Keepass for another password; it included special characters, was 24 chars long and "very strong", according to the website. Rejected.

I then noticed that the message was telling me I could not have more than 16 characters, so I trimmed the password to something rated as "medium". Accepted.

So yes, password rules are bullshit.

noja 4 hours ago 4 replies      
Rule 1 is that password rules are bullshit, but all of the other rules lead to needing Rule 1: how are you going to explain to a user that their password cannot be their username, or that their password needs more entropy or complexity?
spython 3 hours ago 0 replies      
I made a simple passphrase generator to educate the less technical folks about the issue: https://passphrasen.de/en/

Edit: and if you speak German, there is a short film about passphrases: https://passphrasen.de/

voidmain0001 3 hours ago 0 replies      
Who cares about remembering passwords? Like my burner mobile phones, I use burner passwords. I use a one time password and the next time I need to log in to the website, I request my password to be reset and use the link that is emailed to me...
thinkMOAR 4 hours ago 0 replies      
"The first rule of Fight Club is: you do not talk about Fight Club"

The first rule for passwords, you don't talk about your password rules.

ComodoHacker 3 hours ago 1 reply      
So after explaining why [existing] password rules ere bullshit, author introduces his own ones.
jlebrech 3 hours ago 0 replies      
i'd prefer no password validation other than having to type it twice. but have a password strength gauge, and give hints on how to bump up the strength (have you tried using a non-alphanumeric character)
danvoell 3 hours ago 0 replies      
As a side note, if you are a website with arbitrary rules, as a general UI recommendation, please state your rules if a user inputs an incorrect password. I'm looking at you yahoo.
empath75 3 hours ago 1 reply      
Why don't we dispense with the pretense that passwords should be human readable strings of characters at all, and just make them a sequence of randomly generated bits.
adamweb 2 hours ago 0 replies      
d_theorist 4 hours ago 2 replies      
Why don't we just stop allowing users to choose their passwords?
jlebrech 3 hours ago 0 replies      
sites that prevent pasting: apple cough
moron4hire 4 hours ago 0 replies      
We hit "peak password" somewhere around 10 years ago. Passwords are both bad security and bad UX. Cryptographic secure keys are better security, but at the cost of a much worse UX.

Bad UX is a defect. We need to stop giving a pass to crypto programmers who make such shitty software. Software that is not easy to use won't be used, and should therefore be considered as insecure as any other defective software.

at-fates-hands 2 hours ago 0 replies      
I think its interesting that passwords have been undergoing a transformation as of late.

Is password hacking really still that big of a deal? I mean, most big hacks into retail places like Target, Best Buy and others are done by getting into their POS (point of sale) systems, or hacking their networks to get at the customer data.

I just don't see a lot of one off doxxing to get into a persons email or financial records. Most groups are going after the big scores, not small potatoes stuff like a few hundred cracked password protected accounts.

I could be wrong, but it just seems like even when you protect your accounts with a strong password and triple layer redundancy and six-step protection, all it takes is one SQL injection or an Adobe Flash flaw and all that work is useless because the company holding your information was lax with their own security.

andrewclunn 3 hours ago 0 replies      
mysecretpassword > Ae2!_jT7

from a security standpoint. I hate the required special characters BS, especially since other sites will explicitly restrict you from using those same characters. Seriously, without a password manager of some kind I don't know how people can function online.

HTTPS is hurting users far away from your servers, and what to do about it finkelstein.fr
84 points by antoinefink  3 hours ago   72 comments top 12
hedora 1 hour ago 2 replies      
Presumably, cloudflare is up to its ears in NSL's, illegal wiretaps, etc. If you care at all about mass surveillance, censorship, oppressive governments (in the US, or the location of the cloudflare proxy) you probably should look elsewhere.

It's probably controversial, but I'd love to see a yellow security icon in browsers when sites are using well known https relays that can see plaintext (or are doing other obviously bad things, like running software with known zero day exploits, etc)

jacquesm 1 hour ago 1 reply      
The biggest impact you can have on your users experience is to trim down the number of connections and the size of your pages. Long after that you can start worrying about round-trip-times to the server.

This blog post is a nice example: 30 requests (ublock origin blocked another 12, with those enabled the time to load increases to a whopping 28 seconds), 2.5M transferred, 7 seconds load time. And all that for 4K payload + some images.

alvil 2 hours ago 4 replies      
There is also another problem on how much and how often is Googlebot indexing your site because your site speed is one of the factors of so called Google index budget. My users are in Germany so my VPS is also in Germany to be fast for local user (~130ms for http reply), but for US Googlebot is my site slow (~420ms for http reply). So you are penalized also for this.
mfontani 1 hour ago 0 replies      
Yup, and that's why for thereg we started using Cloudflare's Railgun with it, the connection to the servers (hosted in the UK) is "bearable" without, it's abysmal:

From a VPS in Sydney, with a Good Enough bandwidth:

 root@sydney:~# speedtest-cli 2>&1 | grep -e Download: -e Upload: Download: 721.20 Mbits/s Upload: 117.89 Mbits/s
doing the request through Railgun is "quite bearable":

 root@sydney:~# ./rg-diag -json https://www.theregister.co.uk/ | grep -e elapsed_time -e cloudflare_time -e origin_response_time "elapsed_time": "0.539365s", "origin_response_time": "0.045138s", "cloudflare_time": "0.494227s",
Despite our "origin" server being quick enough, the main chunk of time is really "bytes having to travel half the world".

Why does railgun help? Because this is what a user would get otherwise; the "whitepapers" site is hosted in the UK, and doesn't use Cloudflare or Railgun it only uses Cloudflare for DNS:

 ./rg-diag -json http://whitepapers.theregister.co.uk/ | grep elapsed_time "elapsed_time": "0.706277s",
so that's ~200ms more, and _on http_.

How much would https add, if it were done without Cloudflare's https and Railgun? That's easy to check, as our the whitepapers site has TLS (although admittedly not http/2):

 root@sydney:~# ./rg-diag -json https://whitepapers.theregister.co.uk/ | grep elapsed_time "elapsed_time": "1.559860s",
that's quite a huge chunk of time that Cloudfalre HTTPS + Railgun just saves/shaves for us. Recommend it highly!

hannob 2 hours ago 0 replies      
There are a couple of other things you can do with existing TLS technology that can improve your latency, e.g. using OCSP stapling, use modern crypto so browsers may use TLS false start, avoid too many ciphers or unnecessary certs in the chain to make the handshake smaller.

It's a bit older, but here's some info, much of it is still valid:https://istlsfastyet.com/

c0nfused 1 hour ago 3 replies      
It seems to me that it is worth considering that HTTPS is not always a panacea of goodness. We should think about two things.

First that almost every firewall out there right now supports https snooping via MITM. Example: https://www.paloaltonetworks.com/features/decryption

Second, I just got back from rural China where most unblocked american webpages take between 5-15 seconds to load on my mobile phone many of them take upwards of a minute to load fully. This seems to be a fun combo of network latency, smaller than expected bandwidth, and pages using javascript with a series of different load events to display content. That dompageloaded->xmlhttprequest -> onreadystatechanged chain can ad some serious time on a 500ms round trip, and that's without talking about the css, the images, and the javascript.

I forgot to pay me electric bill before I flew out and it took me nearly an hour to login, push pay my bill, accept the terms, and confirm payment. I was not a happy camper.

It seems to me that while https is a very good thing, in some cases http and low bandwidth solutions might be worth implementing. It seems to me that one might actually want to tailor this to your audience, no one in their right mind is going to waste 5 minutes loading your web page. If they are so desperate they need to wait, they are going to hate you every minute they do it.

sp332 2 hours ago 1 reply      
If you're worried about a proprietary solution, you could host your own cache server in Australia or wherever your customers are having trouble.
Kiro 2 hours ago 7 replies      
I don't understand why I need to use https on a static marketing webpage. No login stuff, no JavaScript, nothing. Just straight up HTML and CSS. Right now I need to pay about $150 every year for something that's only used to satisfy Google PageRank (I can't use LetsEncrypt with my hosting provider). Why?
andreareina 2 hours ago 0 replies      
One round trip over the course of the time that the user is using the same OS/browser installation isn't much.

The Cloudflare Railgun is an interesting solution, and one that could be implemented in the context of an SPA over a websockets connection. Or conceivably some other consumer of an API.

filleokus 2 hours ago 0 replies      
A related interesting topic is the possibility of secure cache servers that don't break the secure channel with "blind caches". Currently just a RFC draft and probably a long time from mass adoption, but nevertheless interesting.

https://tools.ietf.org/html/draft-thomson-http-bc-00, and Ericsson's article on it https://www.ericsson.com/thecompany/our_publications/ericsso...

nprescott 2 hours ago 0 replies      
I really enjoyed the coverage of the same topic in High Performance Browser Networking[0]. It effectively explains the key performance influencers across various networks without being boring.

[0]: https://hpbn.co/

chatmasta 2 hours ago 2 replies      
What's wrong with the cloudflare free plan? You can host a static site on github pages with a custom domain and use the free cloudflare SSL cert.
Data structures and algorithms problems in C++ using STL techiedelight.com
159 points by coder007  10 hours ago   51 comments top 13
cousin_it 5 hours ago 2 replies      
A really cool algorithmic problem I've been obsessed with lately is stable sorting in O(n log n) time and O(1) extra space. It's possible (Trabb Pardo 1977, Katajainen and Pasanen, Huang and Langston, etc.) but all known algorithms are very complicated. As far as I understand now, there seems to be a "wall" at sqrt(n) extra space. If we have that much, it's not too hard to write a stable mergesort or quicksort with the right time complexity. But if we are restricted to O(1) or O(log n) space, the algorithms become much more involved, using a sqrt(n) buffer inside the array to encode information about the rest. There are working implementations on GitHub (GrailSort and WikiSort), both are over 500 lines.

Here's a couple innocent-looking special cases that are still surprisingly hard:

1) Given an array [a1, a2, ..., an, b1, b2, ..., bn], rearrange it into [a1, b1, a2, b2, ..., an, bn] using O(n) time and O(1) extra space.

2) Given an array of zeroes and ones, sort it stably using O(n) time and O(1) extra space.

I'd be very interested to hear about any advances in this area.

whytaka 1 hour ago 0 replies      
Does anyone know of a website that teaches you data structures and algorithms, preferably in C, in an interactive way? I've always found that's the best way for me to learn.
bogomipz 2 hours ago 0 replies      
I've spent the last hour browsing www.techiedelight.com and I would like to say this is a great resource for coding problems. I like that the methodology for solving them is discussed for each posting.

I would be interested in hearing recommendations for other such sites that specifically discuss the methodology for approaching these problems.

Geeksforgeeks.com is another such resource for learning the approaches as well but I would be curious to hear any other suggestions as well.

askee 8 hours ago 2 replies      
The k'th largest element in an array can also be found by the nth_element() algorithm already included in the STL. It has linear complexity as opposed to the O(n log k) and O(k log n) variants proposed here.
a_t48 9 hours ago 2 replies      
Thought this was going to be "problems in STL data structures" not "solving problems using with STL". A better title might be "Solving algorithm problems in C++" as STL isn't really important to the solutions.
thealistra 8 hours ago 1 reply      
It claimed that recursive binary search has a space complexity of O(1) - it has O(log n) as the stack frames are your used memory
skdotdan 2 hours ago 2 replies      
I'm very used with this kind of stuff with C++.

Which modern language should I try if the first thing I miss in a language is the STL and the C-like syntax?

coldcode 3 hours ago 0 replies      
Funny how I focused on "problems" and "using STL" when I read the headline the first time. I remember C++ fondly but only because my mind has now forgotten all the "fun" of debugging STL.
anilshanbhag 3 hours ago 0 replies      
Just looked at the kth largest algorithm and author claims max heap method is k log n ! His method is actually n log n. The min heap is n log k and the right way to do it.
partycoder 2 hours ago 0 replies      
Thanks for sharing this. I was looking into http://www.geeksforgeeks.org/top-10-algorithms-in-interview-... but it's not very idiomatic.

Then, make sure you use std::make_unique or std::make_shared rather than operator new if you are going for a C++ job.

D3lt4 9 hours ago 3 replies      
Is there something similar that's language agnostic or in Python?
dmitrygr 9 hours ago 1 reply      
Website is unusable on mobile. Text falls off right side, horizontal scrolling disabled. How is this still a thing?
HugoDaniel 8 hours ago 3 replies      
It doesn't state what standard it is using. Is it with:

 C++98 or C++03 or C++11 or C++14 or C++11 or C++17 or C++20 ?

Porting Ruby to Crystal squarism.com
71 points by schiller-silvio  8 hours ago   13 comments top 8
dopamean 2 hours ago 0 replies      
Mike Perham ported some of Sidekiq to Crystal and did brief writeup about it [0]. It'll be interesting to see if this thing really goes somewhere.

[0] http://www.mikeperham.com/2016/05/25/sidekiq-for-crystal/

wiremine 36 minutes ago 0 replies      
If you're a Ruby dev, it's worth your time checking out Crystal. As others have pointed out, it isn't a one-to-one replacement for Ruby, but if you enjoy the Ruby syntax and general way of approaching problems, Crystal is a handy tool.

I've been playing around with it for a a while, and really enjoy it.

That said, if you hate Ruby, keep walking...

pkd 3 hours ago 1 reply      
I agree that compile to binary languages are better for distribution, and has always been a pain point with interpreted languages like Ruby. Ruby actually does this better with its ecosystem (RubyGems, Bundler) than a lot of other mainstream languages.

Just to nitpick, capturing STDOUT is not that hard in Ruby at all. Definitely not as easy as Stdio.capture, but Ruby gives you a variable called $stdout, which you can assign to local variable and treat it like a file. If you would rather not print messages out during the test, then you can just temporarily assign $stdout to nil.

raesene6 1 hour ago 1 reply      
There are some other options for this like Travelling Ruby


tomc1985 20 minutes ago 0 replies      
Doesn't homebrew require git?
andrew_wc_brown 3 hours ago 1 reply      
Won't have to learn GoLang or Elxir. Crystal on Rails!
kkirsche 3 hours ago 0 replies      
Thanks! I'm so excited for Crystal to hit 1.0 and be production ready. May need to try it out now though. Thanks again
hashkb 1 hour ago 0 replies      
> Using rubygems to distribute ruby code is sometimes done but then sometimes its frowned upon

Wat? Rails?

Always Free Usage Limits cloud.google.com
263 points by kiyanwang  9 hours ago   104 comments top 24
ploggingdev 9 hours ago 4 replies      
Since it's not mentioned in the linked page, it's worth mentioning that the free trial in GCP is now $300 for 12 months [1]. Previously it was $300 for 60 days. IMO this is a major change since GCP is much better positioned to attract developers just getting started who used to gravitate towards the AWS free trial mainly because of the longer trial period of 12 months.

The new non expiring free tier in GCP (aka Always Free Usage Limits) also offers a f1-micro instance while AWS does not offer a VM as part of their non expiring free tier.

[1] https://cloud.google.com/free/docs/frequently-asked-question...

shthed 41 minutes ago 0 replies      
I thought it was strange that the free network egress excluded Australia. I can understand why they might charge more for China, but Australia?

Then I found this article (written 3 years ago):


Bandwidth to Australia cost 20x that of EU or US because of Telstra :(

Good news though, Google are planning a Compute Engine zone in Sydney this year :)

koolba 1 hour ago 1 reply      
Wait so does this last forever v.s. only the first year like AWS does?

If so, does that mean I can have a personal server running in the cloud, for free, forever? There's a hell of a lot you can do with a tiny server these days.

atkbro 7 hours ago 2 replies      
Mentioned in the thread that was on the front page yesterday: In European Union the only available account type is Business https://support.google.com/cloud/answer/6090602 which means many users won't be able to take advantage of the offer ($300 trial or free tier usage).

I guess I'll just have to keep using AWS/Azure/$competitorX :(

modeless 7 hours ago 0 replies      
Wow, you can run an instance 24/7 for free, and there's no end to the free period? That seems pretty great! Like having a free always-on Raspberry Pi in the cloud.
djhworld 7 hours ago 4 replies      
Has anyone from the UK/Europe been able to successfully sign up to GCP?

I can't seem to select "Individual" when I sign up, it permanently selects "Business" and asks for a VAT number. I don't want to lie and get in trouble with the tax authorities or whatever.

I only plan to use it for tinkering at home!

AWS doesn't do this, why Google?

planetjones 8 hours ago 2 replies      
What's the deal with getting SSL on your custom domain name now? I moved away from app engine for small projects previously as I think they wanted $60 a month for this.

I did look on the website but I couldn't find the information. I have to say on a mobile device the GCP pages are very poor IMO. Too big a font, too much spacing, intrusive sticky header and too many scrolling effects where content magically appears or disappears. And even worse - when I click the pricing calculator it doesn't fit on the iOS safari screen so it is unusable. It does feel that some CSS and JS wizard got given far too much free reign.

sapphire_tomb 8 hours ago 1 reply      
For some probably very good reasons I can't figure out - you can't sign up for the free trial as an individual from the UK - only as a business. So I guess I won't be trying this.
hashkb 1 hour ago 3 replies      
Dear Google: add managed Postgres and I'm leaving AWS for you.
roryisok 6 hours ago 0 replies      
Have these limits increased or decreased? What were they before?
ionwake 3 hours ago 0 replies      
Just remember guys when my startup hit the front page and I clicked on the pay to upgrade from free to paid the system automatically took the whole site offline for 24 hours.

Make sure they changed / fixed this before trusting GAE

If anyone could confirm this is still the case please say

Edit - is GAE usage == GCP ? If not I will remove this comment immediately sorry

Omnipresent 3 hours ago 0 replies      
In addition to making GCP cheaper and easier to try out than AWS, they need developer advocates and available resources using which developers can switch their apps from AWS to GCP. After being a leader in this space for a long time, the main advantage AWS has is the perception of "how easy it is to use"
WaxProlix 8 hours ago 1 reply      
Has GCP found a way to integrate with Google Domains yet? I had to transfer a domain that I'd bought on GD to Route53 because I couldn't figure out how to get redirects with domain masking. Super frustrating, whereas the AWS equivalent was just Route53 -> S3 bucket for my little static site. $.53/month, not bad.
option_greek 7 hours ago 0 replies      
Their console is really slow. Go to any section (eg compute) and spinner will be your best friend for a long time. What the heck are they doing in there anyway. In comparison, AWS console loads much faster (anecdotal of course).
joshgel 7 hours ago 3 replies      
This is great. Lets you run a full time server for free. Display a hobby website or a development site or whatever. Thats amazing! No one else offers this "always", right?
Perceptes 8 hours ago 0 replies      
Tempting to run an Algo VPN on the free tier of GCE, but these days I'm trying to use Google products less rather than more.
ubercow 8 hours ago 0 replies      
I want to move some project I have running on AWS to Google Cloud Functions, but they currently only have a hack for triggering them on a schedule.

From what I understand based on the docs, you have to run an AppEngine instance just for the cron functionality.

kyledrake 7 hours ago 6 replies      
Is this the 3rd or 4th post about some random Google Cloud thing today? I'm losing track.

No news here, just the usual business model of the "cloud": cheap in, expensive out. They rope you in with a fee tier then charge you 9-18x more for egress than you pay for it running your own hardware with IP transit (or going with a VPS provider like Vultr that charges you the correct prices for it).

Have fun scaling your company economically, hope you don't need to send any data to your customers.

joeyspn 6 hours ago 0 replies      
So, the flexible GAE environment has finally a free starter quota?
homero 8 hours ago 2 replies      
That's cool, I can get .2 cores free. No one else offers this. Do we get an ip? That can be expensive for Google.
homero 8 hours ago 1 reply      
No cloud sql?
rdslw 9 hours ago 7 replies      
Welcome to the USA, where marketing lies are everywhere and product owner writing quoted below sentences does not find anything wrong with it.

Quoting the page:"Always Free Usage Limits. Included products and usage limits are subject to change."

Why they don't write a truth: "Current Free Usage Limits, which are subject to change." ?

This used to be fine print (which is still wrong). These days I call it bullshit print.

alberth 4 hours ago 0 replies      
Off topic: does google.com run on GCP?

I ask because since 2010, Amazon.com has been running on AWS.


(Around 7m30s into video)

thesoonerdev 8 hours ago 3 replies      
By far, the most common complaints I have heard when researching about GCP online are the following:1) You cannot use SQL in the same way other platforms allow you2) Only a subset of language features are supported for Java and Python and it is a little hard to know when you will run into that issue3) As a combination of 1 and 2, it is not easy to migrate out of GCP and this makes it a kind of vendor lock in.

While many people seem to agree that the platform itself works very well, if you are developing on GCP, free credits or not, doesn't this mean you are knowingly getting into a platform that will be hard to leave?

Can someone who has worked with GCP address if these concerns are still ongoing? Also, are there some positives which are not easy to see from the outside which might have helped you choose them/stick with them?

Deep Learning enables hearing aid wearers to pick out a voice in a crowded room ieee.org
149 points by WheelsAtLarge  13 hours ago   37 comments top 9
tobtoh 10 hours ago 6 replies      
> The greatest frustration among potential users is that a hearing aid cannot distinguish between, for example, a voice and the sound of a passing car if those sounds occur at the same time. The device cranks up the volume on both, creating an incoherent din.

It may be a simplification of the article that I'm misinterpreting, but as someone who got a hearing aid in early 2016, that's not how (modern) hearing aids work.

I got my hearing tested which enabled a frequency response of my hearing loss to be plotted (my hearing at low frequencies is fine, at higher freq I have moderate loss). My hearing aid is then tuned to match the inverse of that freq plot (ie boost volume of high frequencies, leave low freq alone).

You don't actually want a HA that arbitrarily boosts 'speech' since that won't be matched to your needs and has unintended side effects (like music can sound overly harsh/bright) because un-needed frequencies are being boosted or supressed).

--On a tangent, after I got my new HAs, I complained to the audiologist that they didn't sound very good. Everything sounded far too crisp. She pointed out that having lived with hearing loss for 5-6 years, I actually had almost no idea what something should sound like since my brain had got used to a world with muted high frequency sounds.

That blows my mind ... a bit like how do you know the color green is green. Maybe it's purple, but you have been told by someone else that it's green.

After a few weeks, my brain re-learnt what sound should sound like and now it sounds 'normal' with HA in. Without HA, everything is a little more muffled (as you would expect) and I really notice how much I used to struggle understanding people (I believe my untreated hearing loss contributed to me losing my job a couple of years ago).

Hearing aids have changed my quality of life (at age 40).

chas 10 hours ago 3 replies      
This approach surprised me. Why are they doing feature extraction and then feeding that into a DNN? It seems much more straightforward to have the input of the network be noisy samples and the output be clean samples a la super resolution[0] in images. They probably wouldn't want to use fully-connected layers in that instance, but I don't see any fundamental barriers if they have enough computational power to run a neural network already. Am I missing something?

[0] https://arxiv.org/pdf/1603.08155.pdf

nabla9 1 hour ago 1 reply      
How is this method better compared to independent component analysis?
nilsb 9 hours ago 0 replies      
This sounds like something that could have a potential use for non-hearing-impaired people who have sensory overload issues (e.g. autism).
petra 6 hours ago 0 replies      
Is deep learning useful for noise-cancellation headphones/earphones? It's extremely hard to design great noise cancelling, only a very few do it, and hence the prices are very high. If deep learning can reduce costs and increase competition here, i think this sector could really grow.
rini17 5 hours ago 0 replies      
Good read! Is it possible to know which hearing aids brand has this? Pity that the HA manufacturers are so secretive what their buzzwords mean. It's impossible to get good comparison between offered features.
csours 12 hours ago 2 replies      
Tech starts 1/3 the way down the article (ctrl+f "clean speech")

> My lab was the first, in 2001, to design such a filter, which labels sound streams as dominated by either speech or noise. With this filter, we would later develop a machine-learning program that separates speech from other sounds based on a few distinguishing features, such as amplitude (loudness), harmonic structure (the particular arrangement of tones), and onset (when a particular sound begins relative to others).

> Next, we trained the deep neural network to use these 85 attributes to distinguish speech from noise.

> One important refinement along the way was to build a second deep neural network that would be fed by the first one and fine-tune its results. While that first network had focused on labeling attributes within each individual time-frequency unit, the second network would examine the attributes of several units near a particular one

> Even people with normal hearing were able to better understand noisy sentences, which means our program could someday help far more people than we originally anticipated

> There are, of course, limits to the programs abilities. For example, in our samples, the type of noise that obscured speech was still quite similar to the type of noise the program had been trained to classify. To function in real life, a program will need to quickly learn to filter out many types of noise, including types different from the ones it has already encountered


imron 2 hours ago 0 replies      
Reinvents is such an awful term.

They didn't 'reinvent' anything, they improved upon an existing shortcoming.

dwighttk 3 hours ago 0 replies      
I was thinking they were on their way to making a Photoshop for audio until I heard the before and after samples
Windows 10 Tip: Turn Off File Explorer Advertising thurrott.com
404 points by happy-go-lucky  14 hours ago   334 comments top 42
muraiki 14 hours ago 17 replies      
I'm so frustrated with Microsoft. I want to like them -- I'm using (and loving) C# and Visual Studio, I've used Visual Studio Code with Go and Typescript, I'm using whatever they call their cloud version control system, and I'm really enjoying these things... but then they pull moves like this and make me question as to whether I really want to invest my skills and money in their tech. Say what you will about Google's data mining, but I think that putting ads right in the OS is in a whole other league. And as many of us geeks know, this is inevitably going to lead to calls from friends and family trying to figure out what the heck this thing popping up is, and if it's a virus. "Nope, it's just Microsoft."

I feel bad for the MS employees who are making awesome products but then have to deal with all the ridiculous fallout of Windows 10 decisions. Sorry for the rant, but these actions are honestly making me think about discontinuing my use and support of Microsoft's products, and I hope that someone somewhere is listening to us geeks.

DrTung 5 minutes ago 0 replies      
There's also a huge, ever increasing, technical debt that's dragging down the quality of Windows.

For example, switching from Windows\System to Windows\System32 for Chicago made 100% sense, but how did we end up with 32-bit software stashed in \Windows\SysWOW64 and 64-bit software in \Windows\System32?

It's like that movie The Day After Tomorrow where they discuss how big a part of US they have to abandon, a few releases back Linux tossed out a lot of 90's assembler code, such purging has never occurred in Windows source tree.

Neliquat 14 hours ago 9 replies      
That you need to do this, is frankly disturbing.

Maybe I am a linux hermit, but you guys really abide this shit? I can't fathom a tech savvy person giving this kind of software a pass anymore. I know, lock in, standards, etc. But damn.

makecheck 13 hours ago 3 replies      
The problem I think is the same one that ISPs face: some products really should be boring but companies hate that. Just like ISPs hate being dumb pipes that do a good job and stay out of your way, Microsoft just cant resist being in your face when it really has no business doing so.

The ideal OS, much like the ideal ISP, stays the hell out of the way and does an excellent, efficient job, doing only what you need it to do.

captainmuon 9 hours ago 0 replies      
I'm a bit conflicted about this. I don't want ads in my OS either. But I don't think this occasion is such a big problem. Microsoft offers a paid OneDrive plan, and they have to let people know how to subscribe. The UI of OneDrive happens to be File Explorer. Granted, I would prefer the banner to be shown only in the OneDrive "Folder" and not in Quick Access.

I find other things much more annoying:

- I really like the random lockscreen pictures. But sometimes, I get ads for Xbox Games or movies from the Windows Store. It seems inappropriate at work, and people think I'm a fan of game XY although I've never heard about it before.

- On one PC, I get the infamous "Try edge, it is 20% faster than Firefox" every time I start Firefox. I assume (strongly hope) that this is a glitch...

- A OneDrive ad that really annoys me is a popup window, telling me to login to OneDrive (and possibly purchase something, IDK). It opens at startup, and at random times when using office. I think when an application tries to open a file that doesn't exist on a network drive triggers it also (!?). I can deactivate it, but it comes back after some time.

I have no need for OneDrive (as I already use Dropbox and Nextcloud). It's fine that you offer it to me once, but please let me opt out and never be bothered again.


On the positive side, maybe this means that there will be finally a proper common integration of sync providers? Every service places their icons in different places. Dropbox, Nextcloud, OneDrive, Google Drive, CERNBox (proprietary service at work). It would be really funny, because then this would mean the linked tip is another one of those frequently repeated tips that actually make you experience worse (as you can't see when a future Dropbox is trying to tell you there was a sync failure...).

BinaryIdiot 14 hours ago 2 replies      
While I still think Windows 10 is essentially the best version of Windows Microsoft has released (I think it in some ways more than Windows 7 and other ways less) moves like ads and the forced updates / restarts just really bring down the quality. I don't understand why they would shoot themselves in the foot so badly.
nkrisc 2 hours ago 0 replies      
To me this is as dumb as my kitchen table having ads laminated on it. Windows is the table on which I do my work. I don't want to see it or notice it, I just want it to support me and my stuff and be a damn good table.
criley2 52 minutes ago 0 replies      
Quick question: how isn't this just more monopoly abuse a la Internet Explorer?

They have a monopoly sized market share of desktop computers, which they are using to unfairly boost their Dropbox competitor.

This seems very similar to the very behavior that earned them an anti-trust smackdown.

Then again, I don't blame them, with the current administration you could probably murder children and not face any real push back from the DoJ.

xelxebar 6 hours ago 0 replies      
Now I'm imagining the horror of CLI tools that spit out ads to stderr every few invocations:

 $ git clone git.kernel.org/linux.git ***** TRY SUBVERSION ENTERPRISE FOR $49.99/MO ****

intoverflow2 6 hours ago 1 reply      
As a Mac user I don't really see how this is any different from when you fill up the paltry iCloud Drive space on OS X and it shows a message every time you boot where both options of the dialog box take you to the iCloud pref pane to buy more storage.

It's sucky but definitely not just an MS thing.

bajsejohannes 14 hours ago 0 replies      
It's baffling how many ad spaces they have in this paid for operating system. By default, there's not only this, but also "notifications" that are ads and lock screen ads. I would understand it if it was free, but my employer probably paid $100 or more for it.
hota_mazi 12 hours ago 0 replies      
"Show sync provider notifications"... Talk about obfuscating the preference so nobody can tell this is actually connected to advertising.

Disappointed in you, Microsoft.

And I say this as someone who's been really enjoying Windows 10 and Microsoft's recent opening to the world at large.

thr0waway1239 12 hours ago 0 replies      
With all the tech giants now engaged in a veritable race to the bottom, it is a good time to point out that people who work at these places seriously reconsider opening their mouths (or typing the words their brain thinks) when there are arguments around ethical practices in business.

Somehow I am reminded of this essay by PG:

"The other big force leading people astray is money. Money by itself is not that dangerous. When something pays well but is regarded with contempt, like telemarketing, or prostitution, or personal injury litigation, ambitious people aren't tempted by it. That kind of work ends up being done by people who are "just trying to make a living." (Tip: avoid any field whose practitioners say this.)"


Have you noticed how close to telemarketing the entire Windows 10 upgrade process was, especially to Windows 7 customers who were very happy with their OS?

pweissbrod 5 hours ago 3 replies      
Oh hell no.

Does any know an alternative version of windows 10 costing extra $$ for which is guaranteed without "telemetry" "forced updates" and other hostility? 3rd party add-ons to disable this behavior are just temporary hacks.

If there isnt a 'windows-10-guaranteed-isolated-edition' kicking around windows 7 will be the last microsoft OS I ever install on bare metal.

hackeradam17 2 hours ago 0 replies      
Thanks for sharing this. I'm getting beyond fed up with Microsoft's crap, but unfortunately it's either them or Apple (which isn't much better) for a number of the tools I need access to. If only Linux could get competitive in the video editing space :(
PleaseHelpMe 13 hours ago 0 replies      
At somepoint I think windows 10 would be my best desktop ever since the interface is good, hardware compatability is good and the release of things like Linux Subsystem and new Powershell is awesome. But now it left me with great discouragement to use it. Beside the general privacy concern with it for a long time, now it got these ads and more. Common Microsoft, you are better than this.
Esau 4 hours ago 0 replies      
That fact that you would need to turn off advertising, inside of the operating system itself, is disgusting.
wodencafe 2 hours ago 1 reply      
When I dared to question publicly Micro$oft's motives in releasing and open sourcing .net core, I was downvoted and swarmed by the community, who are probably just grateful for a little good will from a long time enemy.

But I am convinced this good will was a ruse, a charade, to excuse their questionable business practices at the the expense of the consumer. Advertising directly inside the O.S. is a good example.

And we, who reaped the benefits of this goodwill, are more likely to turn the other cheek when they are out of line - especially if (god forbid) our product relies on Windows.

"Oh, that's just Micro$oft being Micro$oft again."

"But what about all the good things they've done lately?"

jug 2 hours ago 0 replies      
The cultural rift in MS between their recent OSS efforts and ads in their own OS is astounding. Why are they trying to acknowledge the use cases for other operating systems and reduce the appeal for their own?
masklinn 1 hour ago 0 replies      
The one that gets my goat right now is the Office spam in the notification bar.
yAnonymous 7 hours ago 4 replies      
Are there any good alternatives to Windows Explorer? Preferably with tab support.

Making the ancient file explorer that already has a shitty usability even worse is almost like asking us to stop using it.

ouid 12 hours ago 5 replies      
Why does it otherwise seem to be the consensus that windows 10 is a "good thing" in the comments on this thread?
hackuser 13 hours ago 2 replies      
There must be a solution for corporate IT that doesn't involve endless settings. Does the Enterprise edition (or whatever it's called now) exclude these features?
tmsldd 1 hour ago 0 replies      
Windows is a lost case. Sadly, seems like MS walks backwards... Win10<=Win8<Win7<WinXP...
ape4 1 hour ago 0 replies      
Oh so that's why Windows 10 was "free"
zvrba 10 hours ago 0 replies      
Haven't they learned anything from Sun's/Oracle's bundling of Ask toolbar with Java?
inertial 12 hours ago 1 reply      
Is there a tool / script to "fix" Windows 10 related privacy issues. I want to create a new user on my laptop but I dread going through tonnes of obscure settings to make Windows 10 usable.
nightski 13 hours ago 2 replies      
So reading TFA, it's simply ads for OneDrive/Office 365 (MS File Sync Products Only). Not general 3rd party ads like it makes it sounds. I still don't like the change but it's not nearly as bad as full blown ads.
DanBC 8 hours ago 0 replies      
> How can you tell this is an ad? The dollar sign is one clue.

It'll be interesting to see if this is compatible with UK regulation of advertising, which says that any adverts must be clearly identified as ads.

laxentasken 3 hours ago 0 replies      
I get somewhat similar "ads advising me to use onedrive just to be able to access my files everywhere. Running win10 enterprise. How about that...
ams6110 14 hours ago 5 replies      
I disabled Cortana and a bunch of other stuff in Windows 10. There a number of guides about what to turn off to protect privacy and enhance security.
bitmapbrother 13 hours ago 1 reply      
I could forgive them if this was a free OS, but embedding ads into an OS you paid for is despicable.
notfed 13 hours ago 0 replies      
Also see:

 Set-Privacy.ps1: PowerShell script to batch-change privacy settings in Windows 10 https://github.com/hahndorf/Set-Privacy

Traubenfuchs 8 hours ago 4 replies      
A small price to pay for an operating system that perfectly works out of the box and is free as in "there is a little watermark at the bottom of my screen".
porker 8 hours ago 2 replies      
Where's the Apple marketing campaign saying "We don't insert ads into your computer"? Steve, can you hear me from beyond the grave?
skc 8 hours ago 0 replies      
Somewhat ironic, as I was reading that article a huge AWS ad suddenly popped up on the site obscuring my view.
yaegers 8 hours ago 0 replies      
My Win7 Ultimate installation is looking better and better. At least three more years of peace of mind while being entertained by stories like this.

One can only imagine the state of this mess in three years. Let's not forget that win10 is basically just one year old. And they already have it in such a ridiculous state.

flukus 14 hours ago 2 replies      
Is this just enabling the behavior?
duncan_bayne 6 hours ago 0 replies      
I don't understand why anyone is surprised by this. When I think of Microsoft, I think of the Halloween Documents:


I've not seen anything to suggest they've fundamentally changed since then. The Microsoft that wrote the following in 2002:

"Messages that criticize OSS, Linux, & the GPL are NOT effective. Messaging that discusses possible Linux patent violations, pings the OSS development process for lacking accountability, attempts to call out the 'viral' aspect of the GPL, and the like are only marginally effective in driving unfavorable opinions around OSS, Linux, and the GPL, and in some cases backfire. On the other hand positive OSS, Linux, and GPL messages are very effective - both across geographies and audiences."

... is still with us today, and their current strategy is merely a reflection of their assessment of their marketing.

The 'nice' Microsoft you see today is a PR exercise based on their discoveries, 15 years ago, about the (in)effectiveness of FUD tactics against open source software.

ouid 13 hours ago 0 replies      
was it not simply obvious that this was going to happen? free pseudoforced upgrades to a new platform can have exactly one agenda driving it.
api 12 hours ago 1 reply      
This is absolutely unforgivable IMHO. They seen determined to keep themselves out of the high end of the market.
bitmapbrother 12 hours ago 2 replies      
For people who are outraged by this I recommend you buy the Windows Signature Edition OS.
CRISPR used to genetically modify viable human embryos for the first time qz.com
23 points by artsandsci  1 hour ago   8 comments top 4
baldfat 11 minutes ago 1 reply      
We ethically shouldn't do this. We should not edit human embryos. I can't write 5 pages of why we shouldn't but the fact that we could make the difference between the have and have nots will only get bigger and bigger.

Doctor: So do you want the $500 edit to ensure your child won't have diabetes. How about the $2,000 Autism edit? Then the gender change edit is to late to perform. We could do artificial semination and guarantee the gender of your child.

Here is a decent general article on the pros and cons.


0xbadf00d 7 minutes ago 1 reply      
I would agree that this is a significant milestone - however I would have thought that there's still a large amount of randomness in protein expression meaning you would still be painting in "broad strokes" as opposed to granular detail of traits.
tombert 26 minutes ago 1 reply      
These things fascinate me, and it makes me wonder how close we are to the Gattaca-esque ethical debate.

All the same, the fact that we're close to gene editing feels like something our of a SciFi book, and I think that's pretty cool.

creaghpatr 17 minutes ago 0 replies      
Strikes me as equal parts awesome and terrifying.
NASA finds lunar spacecraft that vanished 8 years ago cnn.com
104 points by giis  4 hours ago   13 comments top 7
drake01 3 hours ago 0 replies      
From the cnn article: "Chandrayaan-1 spacecraft is small -- about half the size of a smart car -- making its detection even more noteworthy."

Thank you NASA!

phyller 3 hours ago 1 reply      
It said one spacecraft was active, one was not, but it didn't explicitly say which was active? I was curious if they'll be able to reconnect with the Indian spacecraft.

I assume that the LRO is active, since they mentioned people that were still on the team, so they must have just been using it for target practice.

ajeet_dhaliwal 3 hours ago 0 replies      
This is really cool. Sorry I don't have anything more substantive to add but space related news like this is uplifting on so many levels.
strictnein 1 hour ago 0 replies      
Unfortunately it's now out past Neptune and it's broadcasting "liberate tutame ex inferis"
jlebrech 2 hours ago 0 replies      
don't bring it back
chinathrow 3 hours ago 3 replies      
I am in awe.

We can track objects in space like these - yet we failed to track down MH 370.

ChefDenominator 1 hour ago 1 reply      
Did it actually"vanish"? I mean, if they just weren't able to detect it, then it was still there, just undetected.

"Vanish" suggests to me it was portaled to an alternate universe, engaged its cloaking device, put on its ring of invisibility or something.

Show HN: Sleeping Beauty, a 7-day roguelike game ondras.github.io
65 points by ondras  2 hours ago   29 comments top 14
baldfat 23 minutes ago 0 replies      
FYI: A Seven-Day Roguelike (7DRL) is a roguelike created in seven days. That is, the author stopped writing code 168 hours after they started writing code. A 7DRL can be created at any time during the year. However, general agreement was reached that it would be fun to schedule a specific week for a 7DRL Challenge.


P.S. I found Haxe by following some of the 7drl entries. But I think I would like to use Racket to make one one day.

passivepinetree 11 minutes ago 1 reply      
This is incredible.

As someone who's wanted to try making something like this for a while but just doesn't know where to begin, can anybody recommend useful resources or suggestions on how to get started?

If it helps, I work mainly in C# and so would prefer that if possible, but this could be a good way to get familiar with a new language.

jameskilton 1 hour ago 1 reply      
This is really well done! And I particularly like the combat. Filling the field with your attacks and enemy attacks really forces you to decide if you want to risk getting more of your attacks or be forced to take a really big hit yourself. I love the strategy and risk-reward that you provide with this setup.
d--b 10 minutes ago 1 reply      
Damn, I didn't figure out how to get to that P that's obstructed by pilars and other adventurers, and I've tried kissing everyone many times!
juice13 7 minutes ago 0 replies      
Very nice. I wish it had a save game feature.
ideonexus 43 minutes ago 0 replies      
Checked out odras's other github projects and found this Star Wars one really neat too:


Great work!

juice_bus 1 hour ago 0 replies      
Really well done! The combat is really unique and brings something fresh to otherwise walking-into-enemies to kill them.
chente 43 minutes ago 0 replies      
I'm colorblind and am having a hard time with the "you attack" vs "enemy attacks (magic)" color choice.

Outside of that, I'm digging this.

tibbon 1 hour ago 1 reply      
The first tower/game I started into had a room with no exit. At first I thought it was just a very nihilist game with no progress. I started a new game and that was better
brianzelip 1 hour ago 0 replies      
Game play and environment are really well executed!
baldeagle 1 hour ago 1 reply      
This is delightful.I've got a flight coming up, does anyone know if there is a keyboard overlay that could be used to play it on a mobile?
fakir72 59 minutes ago 1 reply      
It looks possible to have rooms generated that are impossible to exit. For example, I'm up to L3, and can't get out of the room with the stairwell. And on L2 part of the map is cut off from a similar map defect. Is that intentional?
calebm 1 hour ago 0 replies      
I like the MUD feel :)
meseguer1998 1 hour ago 0 replies      
Love it! :D
Why the bounce rate of AMP pages is so high christianoliveira.com
58 points by jgalt212  2 hours ago   60 comments top 13
pwthornton 1 hour ago 7 replies      
AMP pages are designed explicitly to benefit Google over the site in question. They rob the ability to use design to make a site stickier (which would of course make the bounce rate high for AMP pages).

I also in general find AMP pages to be a bit of a UX nightmare.

Outside of raw speed, I have nothing good to say about AMP pages, and the speed is nowhere near good enough to justify using them. They make the Web a worse place for the sole benefit of Google. They are abusing their monopoly position in search by forcing AMP pages down people's throats.

pjc50 2 hours ago 2 replies      
Isn't this almost the "point" of AMP - keeping users on the Google home page and enabling them to get the info quickly, while discouraging the usual clutter of links and ads that try to keep users on a particular site?

(Edit: not that this is necessarily great for publishers or the ecosystem!)

cramforce 2 hours ago 2 replies      
This effect is similar to what is measured when transferring from a WebView (such a Facebook's) to a real browser, since sessions do not transfer. Means the first pageview is considered as a bounce and the second as another unique visitor.

The AMP team is working with analytics vendors to display data as realistic as possible.

At AMPConf on Tuesday eBay gave a great talk how to deal with this phenomenon. Video will be out soon.

wiremine 39 minutes ago 1 reply      
I worked on a real-time analytics product based on Snowplow, and I came to the conclusion that bounce rate is fairly meaningless metric (at least, in and of itself). When you are able to track actual engagement based on active time on page, the bounce rate becomes almost worthless as an indicator of success.

We measured "active time on page" based on how engaged the user was on the page: were they scrolling, clicking, moving the mouse on a focused page, etc. It wasn't perfect, but it was much more helpful to publishers than Google Analytics' page-level metrics.

[1] http://snowplowanalytics.com/

johnhenry 29 minutes ago 0 replies      
I wonder if this suggests that we might need to change our definition "bounce rate". Let's say I just want to see the first paragraph or so of an article. Often, I wait seconds before a page loads fully and this contributes to me having "not bounced". But if the first page loads quickly, I may be finished with everything I need before this occurs.
ssharp 28 minutes ago 0 replies      
The top data table, comparing AMP vs. non-AMP traffic, that makes up the reason for this investigation seems flawed. They did correctly isolate organic traffic to blog posts, however the "Trafico NO AMP" group might contain desktop traffic which, in my experience, has a lower bounce rate.
odammit 45 minutes ago 0 replies      
Technically speaking, it's due to the shitty experience.
iainmerrick 1 hour ago 1 reply      
I still don't fully understand AMP. Why is it any different/better than a normal CDN? It seems like Google could do the same kind of caching with existing CDNs.

Is it just that you're not allowed to use third-party plugins for ads and tracking, and instead have to use a single standard Google plugin?

discreditable 1 hour ago 0 replies      
I got a 500 error the first few times trying to hit the site. Here's a mirror: https://archive.fo/1spsM
omouse 23 minutes ago 0 replies      
because it takes over my browser and I want to use Pocket or Firefox's mobile view -_-'
wfh 2 hours ago 1 reply      
Not familiar with tracking metrics but what is "bounce rate"?
UnoriginalGuy 1 hour ago 1 reply      
Some of that is users (myself included) closing AMP pages, hitting back, and trying to figure out how to load the page I actually requested.

I'm still hopeful that publishers will bring a class action lawsuit against Google and force AMP's closure. Sooner the better.

jgalt212 2 hours ago 1 reply      
There may be 3.5B humans with access to the internet, but if you sum up all the publishers there are probably 12B MAUs.


W3 Total Cache Nginx Root Escalation tarq.io
7 points by intheclouddan  1 hour ago   discuss
Buffy the Vampire Slayer at 20: the thrilling, brilliant birth of TV as art theguardian.com
23 points by ohjeez  1 hour ago   5 comments top 3
brighteyes 21 minutes ago 0 replies      
I've been a fan of Buffy since it aired. It certainly was amazing.

At the same time, I feel the article goes a bit overboard with "birth of TV as art". You can go back even earlier to Twin Peaks, for example, as raising the bar for TV to the level of art. Other shows have gotten similar acclaim.

Not to diminish Buffy, it's a classic and it certainly transcended the "teen entertainment" genre.

babesh 8 minutes ago 1 reply      
Bunch of horny teenagers and older people thinking their coming of age tv show is art. Hello! There were great tv shows before that!
sevensor 1 hour ago 1 reply      
Well said. Everybody has demons. The conceit of Buffy is that the demons exist, physically, and can be punched in the face. But they're still metaphorical demons. It's brilliant.
Children prefer to read books on paper rather than screens theconversation.com
10 points by GuiA  22 minutes ago   2 comments top 2
Johnny555 0 minutes ago 0 replies      
Until I got a Kindle Voyage, I found the Kindle reading experience to be subpar to books (but still more convenient in most cases). But with the higher resolution of the Voyage (300ppi), better backlight, and most importantly, buttons to move forward/back instead of swiping, I now prefer the Voyage over paper books.

Much easier to read one-handed on the train, and having a good backlight makes for convenient reading at night (with the screen brightness turned down enough that it doesn't bother my partner). I've pretty much stopped buying paper books now, while with my old kindle, I'd alternate between paper and digital books.

koolba 6 minutes ago 0 replies      
It's anecdata, but I know I much prefer a physical book to a digital one. Even more so for documents (not source code) that I'm reviewing.
YC will hold interviews in Vancouver for founders who cant get US visas ycombinator.com
1068 points by dwaxe  1 day ago   740 comments top 60
curiousfiddler 20 hours ago 12 replies      
If you don't provide opportunity and a good civil environment to brilliant/enterprising people, they will find a way elsewhere. And once Vancouver or any other city starts working for them, Silicon Valley will lose its exclusivity. The thing to note here is that this response from YC is not a political one, but a response that came out of market demand; it is pretty significant if it works out.
clamprecht 23 hours ago 11 replies      
Wow. We often wonder how the Bay Area would be unseated as startup capital of the world. Maybe it'll be the US's immigration problem.
joeguilmette 21 hours ago 1 reply      
A friend of mine runs a large, well known webdev agency in India and is attending a conference in Arizona in April. His friend was planning to come as well - he owns a US based business, has a US bank account, pays US taxes, has purchased airfare, hotel, and conference tickets.

He was denied a US visa because "attending a conference is not a good enough reason".

My friend with the agency who has a visa is concerned he won't get thru immigration. He was planning on expanding to the US, but is has shelved those plans.

JamilD 23 hours ago 3 replies      
This is great news for both Canadian and international founders.

Is the next step having an additional Canadian office for those that can't get US visas? Canada has a generous startup visa for founders coming from other countries [0].

[0] http://www.cic.gc.ca/english/immigrate/business/start-up/

ddebernardy 23 hours ago 7 replies      
In light of recent events [0], there's a non-zero chance that some founders out there would rather avoid going to the US at all - if only to protest with their wallet.

It might be more sensible to open a second incubator in the EU. Berlin, Amsterdam, Dublin, Barcelona, there are plenty of options. (London is a good choice on paper too but pray tell what'll happen after Brexit.)

[0]: https://www.washingtonpost.com/news/worldviews/wp/2017/02/26...

cperciva 21 hours ago 1 reply      
I'm a couple hours late to this thread, but speaking as a long-time member of the HN community and Vancouverite: Welcome!

I'm happy to assist YC and/or founders with anything requiring local experience or a local presence. Send me an email.

OoTheNigerian 23 hours ago 3 replies      
Great intent.

I'd like to know the reasoning behind choosing Canada as an alternative interview location because from experience, it easier to get a US visitor visa than that of Canada.

Nigerians cannot even transit the Canadian airport without a visa which takes upward of 8 weeks to get AFTER approval vs days for the US. Requirements for Canada are more onerous.

2 suggestions.

1. A country of interview per continent. For instance, Dubai will cover Africans + Middle East + Europe

2. Shortlist some countries and let people select 2 options to interview at.

On paper, the passport index [1] looks like a good way to do it but doesn't take into account spread of countries that can visit

[1] www.passportindex.org/byWelcomingRank.php

neptunespear 21 hours ago 0 replies      
Combined with Expa Labs opening an office in Vancouver, it seems that President Trump is the best thing that could ever happen to Vancouver's tech scene. Our anchors historically have been companies like IBM, HSBC, Nokia, and Ericsson, which are all shells of their former selves and have long since closed down their presences in Vancouver. The few existing long-term anchors include MDA and Vision Critical, and SAP's BI division (SAP BusinessObjects and BusinessObjects Cloud, which originated from a local startup called Crystal Decisions which was purchased by SAP in 2008 by way of some Seagate M&As), along with gamedev and film/TV VFX studios which are all feast-or-famine. Just look at the fate of Radical, Roadhouse Interactive, United Front Games, Pixar's office in Vancouver. Sony Imageworks, A Thinking Ape and Animal Logic might go the same way if the loonie increases in value. HootSuite is set to go under eventually as CRM suites integrate social media management; they waited too late to IPO. So this might be the kick in the ass the Vancouver tech scene needs in the eventual post-HootSuite landscape.

So, I say, with all sincerity, "thanks, Trump."

sremani 23 hours ago 12 replies      
May be this is a dumb question, I will ask it anyway, Tijuana Mexico is about 500 miles from Bay Area, where as Vancouver Canada is 1000 miles.

Que Canada?

EternalData 22 hours ago 11 replies      
It's oddly ominous reading about America's rise on the back of textile patents taken from England and Europe, then poaching of German physics talent and scientific talent from across the world. Germany was, by far, the pre-eminent power in theoretical physics at the turn of the 20th century, with Einstein, Heisenberg, Planck & Born about to be at the peak of their powers. Then the country decided to turn on intellectuals, immigrants, and minorities and turned its scientific prowess to war rather than peace.

There's an old saying out there that history is merely a set of cycles. I suppose we'll see if that is true in the upcoming years.

*one note I would add is that with recent policy uncertainty (i.e healthcare) the advantages of hiring around the world have come into starker relief. That's even more dangerous. Sure, the United States may become less competitive in the war for talent because of walls and tighter borders -- but it'll become less competitive, period, for companies relying on high-skill workers who by definition will be close to or at the peak of their physical and/or mental health.

dmode 23 hours ago 2 replies      
As someone who is tired of the decades long wait and uncertainty in the US immigration system, it would be amazing if tech companies were to open a Vancouver outpost and offer transfers to people in visas. I would take that in a heartbeat. May be YC can consider another incubator in Vancouver
mck- 23 hours ago 0 replies      
It would be awesome if they set up a remote office here in Vancouver :)
exabrial 23 hours ago 8 replies      
Who is having trouble getting a Visa exactly? Just curious, trying to separate fact from hysteria
IndianAstronaut 23 hours ago 1 reply      
Mexico could capitalize on this as well. Guadalajara is a mini tech hub.
raverbashing 23 hours ago 1 reply      
As much as the tech world wants to "disrupt" they want to stay "cozy" in their California corner with their known business environment and English speaking places and their way of doing things.

To which I can assume there is cultural shock even when they go to the East Coast

But the world is big and not everything that happens appears on HN (or even on English speaking media).

aarontyree 20 hours ago 0 replies      
This is just the opportunity Vancouver needs. They have been laying infrastructure to attract startups, and have been working on plans for a highspeed train between Vancouver and Seattle which are only 2.5 hours apart...
chuhnk 23 hours ago 2 replies      
What if it's because I oppose the muslim ban and refuse to enter the US? That's a serious question. Actually I feel like the response to that will be, "It's your choice" but hey solidarity man!
startupdiscuss 23 hours ago 3 replies      
Perhaps a startup founder could exploit "ease-of-travel arbitrage" and offer a service: Remote working from several countries that are easy to get to, accept a wide range of passports, and have enormous bandwidth.

Canada is a lot more open than the US at this point in time, but it's not all roses for people even to get to Vancouver.

What if there were a hub in, say Dubai? And a few other spots around the world?

I imagine Ycombinator would be one of many potential clients. Universities whose students have to delay a semester might use it. Other institutions would use it.

brilliantcode 21 hours ago 0 replies      
I'm not part of YC but if you are in downtown Vancouver around Robson Square, give me a shout (email is in profile) and let's get a coffee!

Welcome to Vancouver.

gamache 16 hours ago 0 replies      
This is a positive thing for YC. Great.

I mean, YC's still onboard with Peter Thiel: YC Partner, one of Trump's most significant individual donors, and founder of Palantir, the analytics services company that's powering the Trump administration's purge of immigrants (http://www.cnbc.com/2017/03/07/peter-thiel-palantir-trump-im...).

But good for YC. Helping several foreign entrepreneurs break into the Valley scene. Moving the needle.

elchief 20 hours ago 0 replies      
/r/vancouver "Visiting Vancouver" page:


jonny_eh 16 hours ago 1 reply      
Why not Toronto? It has a much more vibrant tech scene.
no1youknowz 23 hours ago 0 replies      
If there was an interview day in London, UK. I would actually apply in a heartbeat.
anovikov 23 hours ago 0 replies      
Why not just open a EU branch?Participate remotely - bad idea :(
CJKinni 23 hours ago 0 replies      
As someone who went through quite the arduous process to end up working in the US legally, this is great news. Many friends I've had over the years have been unable to access many great resources due to their inability to lawfully work in a different location. I'm happy to see YC making progress towards offering quality opportunities to exceptional individuals in different locations.
rocky1138 23 hours ago 0 replies      
This is the business equivalent of a code smell.
rusht 10 hours ago 0 replies      
Great founders and technologists are an amazing asset to US, we'd be lucky to have them.
ganfortran 23 hours ago 0 replies      
Well, it is a very assuring and comforting move for internationals in this tempest. Thanks for doing this.
kieranr 10 hours ago 0 replies      
Sorry, are they just conducting interviews in Van or actually running a cohort there?
svsjc 11 hours ago 0 replies      
We need technologies which will make location unimportant.

With virtual reality, 4k HD conferencing and network bandwidth which can support both.

California taxes and real estate prices in SV will make more businesses move to Texas and other states where there is little or no income taxes.

dvdhnt 23 hours ago 2 replies      
That's cool. Good for folks in that situation.

What about people with families or dependents that can't afford to uproot their life and relocate to SV?

Don't get me wrong, this is great, but it would be even better if it expanded to include additional circumstances.

baristaGeek 19 hours ago 0 replies      
Isn't this going against the recently approved International Entrepreneur Rule?

EDIT: It'll work pretty well for people coming from countries which have the Muslim ban.

mynegation 22 hours ago 0 replies      
Maybe they will take it further and set up shop in Vancouver or Toronto.
fixxer 20 hours ago 0 replies      
I'm really interested in hearing how many interviews take place in Vancouver for the intended reason (as opposed to, for example, personal protest).
jaypaulynice 21 hours ago 0 replies      
Why even go to that length when you can interview on video?
jtl999 18 hours ago 0 replies      
Vancouver is a nice place. Love it here :)
elmar 22 hours ago 1 reply      
Why not do it also in London for European founders?
arihant 22 hours ago 1 reply      
If ease of attracting international founders is a concern, my recommendation would be Dubai. Unbelievable facilities which are turn key in their own business hub, a tax free environment to incorporate in, if it goes there. Foreigners can own property, which just makes sense for a future hub.

One of the easiest tourist visas to obtain for vast majority of nationalities, with cheap flights. Near EU, other Asian countries, and Africa. Thailand and Singapore could be other options, but they are far from EU.

rebootthesystem 16 hours ago 0 replies      
There are a number of questions that have not been asked:

How many applicants does YC have from countries with visa issues?

Has any YC applicant been denied entry into the US? If so, what were the circumstances?

In looking though YC historical records, how many people, on average, would typically apply from affected regions?

How many of those people were accepted into the program?

How many of those people succeeded?

In the age of Skype, why can't interviews be conducted without the need to travel?

Yes, I understand speaking to someone in person delivers a lot more information than possible through online meetings. An initial online meeting could function well as a 1 to 3 pass filter leading up to an in-person meeting, thereby providing a lot more time to deal with visa issues.

I am taking a wait-and-see attitude with regards to visa restriction issues. As is the case with any startup or new venture, mistakes are made, non-ideal rules are implemented, some confusion seeps in, etc. So long as the process is one where the right solution is evolved and the ability to pivot is retained things eventually improve. These rules should not behave differently.

What gives me hope? Take a look at who sits in Trump's business advisory council (not sure this is a current list):


It would be inconceivable that this topic isn't discussed with frequency in these meetings.

If I were to presume to be able to give YC advice it would be this:

Use your connections to gain a seat in this council.

Being part of the dialog is the best way to affect positive change. That doesn't mean agreeing with all policies, it does mean you'd be heard at the highest levels rather than not.

And, if you do gain a seat in this council I would further ask that you work hard to convince the administration to take the SBA and convert it into a YC-style program where, in every city of this country, entrepreneurs can have access to not just funding but a real support infrastructure to chase after their ideas.

The SBA has never been of real use to the myriad of startups that have revolutionized the world. If you want to borrow $100K from the SBA you better have $100K in the bank, or more. And the "advisers" they offer-up are often so far behind the times they are only good to help open a doughnut shop or more traditional non-scale-able businesses.

Yeah, do that and the immigration thing and you'll change this country. But you have to be on the inside to do it.

nojvek 16 hours ago 0 replies      
I would love to see YC funding Vancouver companies and working with them.
unixhero 8 hours ago 0 replies      
How about Oslo & Berlin?
hal9000xp 20 hours ago 0 replies      
I'm curious does Canada require bachelor degree for this type of visa or not?
mediocrejoker 19 hours ago 0 replies      
What happens if you get accepted and still can't get a visa?
jensv 23 hours ago 1 reply      
What is the visa situation right now? What exactly has changed?
dadrian 17 hours ago 0 replies      
Thank you, sama, for doing this.
homakov 23 hours ago 4 replies      
Weird choice of country for this purpose. I wonder who needs visa to the US and doesn't need one to Canada, and I'm pretty sure the number is small.
known 8 hours ago 0 replies      
Administration may unleash FATCA on YC
h4nkoslo 22 hours ago 1 reply      
Good. The entire premise of the internet is that it allows coordination at low latency over distance.

It's also probably not fantastic for the United States to be strip mining the entire >130 IQ population of eg Sudan and packing them into SF/NY/DC to work on ad optimization when they're desperately needed by their own people; setting up infrastructure to work remotely is a great first step to eliminating the brain drain problem period.

desireco42 23 hours ago 0 replies      
For those who thing this will unseat SV, no, quite the contrary, showing this flexibility will just make people want to work more with Ycombinator and here.
billions 22 hours ago 1 reply      
Why not Tijuana?
seesomesense 19 hours ago 0 replies      
Kudos to ycombinator !
minikites 23 hours ago 1 reply      

> Trump is the Silicon Valley candidate in every way except that the ideology is flipped, said Sam Altman, a prominent technology leader, chief executive of Y Combinator.

So now that the government has been "disrupted", YC has decided to avoid the issue by fleeing the country? Maybe instead of avoiding the issue, YC could organize Silicon Valley and spend some of it's political power actually addressing the issue (lobbying, funding local candidates, etc). Silicon Valley is home to many fantastically powerful corporations and individuals, it's time they took a stand for justice.

GuiA 23 hours ago 9 replies      
The lead the US has had in science/engineering/technology over the past 70+ years is in no small part due to the massive brain drain from Europe, and the rest of the world, due to fascist regimes.

If the US's new shiny fascist regime keeps progressing at this pace, you can bet that things will reverse quickly. Good bye, world leading startups, nobel prizes, top universities, etc. These things can happen faster than one tends to think.

The best thing countries like China could do right now is heavily open up to English, and fund things such as foreign PhD students. Everyone is fighting to get into Harvard and MIT right now, but a half decade of Trump policies could have drastic consequences a few decades down the line and give us a very different world.


Edit: some followup to this comment further below https://news.ycombinator.com/item?id=13831085

People also seem to get stuck on "China" in my comment. If that makes you unhappy, replace that word with Brazil, Japan, Singapore, Estonia, whatever you want... the point is, viewed under the "startup lens", this new administration makes the dominance of the US in STEM/entrepreneurship ripe for disruption by a more nimble, flexible entity.

ben0x539 23 hours ago 2 replies      
Submissions of articles from YC/by YC people always have the least descriptive titles. :(

Edit: Thanks!

davidw 23 hours ago 5 replies      
"Move fast and break things" indeed :-/


muninn_ 23 hours ago 5 replies      
Dubai? So are you not interested in attracting women to startups?
lhnz 23 hours ago 1 reply      
a2m 23 hours ago 1 reply      
27hours 15 hours ago 1 reply      
I'm new to the site. Seems you are controlling things around here (moderator to say). Why are my comments only visible when I'm logged in? as soon as I logout and look at the comments on this article as unregistered user, I do not see any of my comments. That gives false sense that everyone is looking at my comments but in reality they are being hidden. That makes me think other users even when they are logged in the website will not see my comments because they are censored Probably as comments are not in line with rhetoric of those in charge of this site, maybe? Is it a way to censor what YC does not agree with? I never knew this existed.

Please explain if otherwise.

throwawaysed 23 hours ago 1 reply      
I like how HN will change any clickbait titles you post but regularly does clickbait titles of its own.

This entire article could, and should, be a single sentence title. "YCombinator holding Canada interviews for founders without US Visa".

Hot chillies might be good for us bbc.co.uk
39 points by sjcsjc  5 hours ago   45 comments top 8
ianai 59 minutes ago 0 replies      
Might be? I know they are. For one, they make healthy but boring food taste great without adding fat, sodium, or simple sugars.
mason240 23 minutes ago 0 replies      
The study this entire puff peice is written around:

>The Association of Hot Red Chili Pepper Consumption and Mortality: A Large Population-Based Cohort Study


>In this large prospective study, we observed an inverse relationship between hot red chili pepper consumption and all-cause mortality, after adjusting for potential confounders. Adults who consumed hot red chili peppers had a 13% lower hazard of death, compared to those who did not.

725686 1 hour ago 3 replies      
There are chillies (chiles in spanish), that are hot as hell but tasteless. There are others that are less hot but with great flavor. I personally recommend you try Chipotle and Pasilla. You can buy canned chipotles, put them in the blender and you've got yourself a fantastic salsa for your quesadillas that will last forever in the fridge.

By the way, a great way to relieve the "pain" is by eating bread (use your tongue to move the bread around before swallowing).

rajesht 3 minutes ago 0 replies      
Correlation is not causation! the only data it has is group of people who ate chilliest died 13%
dominotw 2 hours ago 9 replies      
Why do cultures from hot climates like India and mexico eat spicy food? I've heard vague explanations like it 'cools body down', would be interesting to see any research done on this.
jlebrech 2 hours ago 1 reply      
"From an evolutionary perspective the plant would much rather have its seeds dispersed far and wide by birds." I hate this logic concerning evolution, the change happened and it was of benefit to the plant so the gene stayed.
foobarge 2 hours ago 0 replies      
"So why might eating chillies be good for you?The researchers speculate that it could be that capsaicin is helping increase blood flow, or even altering the mix of your gut bacteria in a helpful direction."
Neliquat 2 hours ago 4 replies      
Correlation (people who ate peppers died less), in no way implies their stated causation ( eating peppers makes you live longer ). Consider how many old people vs young people like spicy food and I think you get my point. I really just wanted some damned confirmation bias, not shitty reporting.
Google Cloud SQL for Postgres cloud.google.com
712 points by wwilson  23 hours ago   218 comments top 40
mastazi 15 hours ago 3 replies      
Your turn, Azure




PS: managed MySQL is currently the most requested additional service on Azure:


.. and managed Postgres + MySQL are currently the third most requested feature in relation to their managed DB offering


dhd415 22 hours ago 4 replies      
Very exciting, but high availability, instance cloning, and read replicas are listed as "This functionality is not yet supported for PostgreSQL instances" in the docs. Seems like those need to be available before it's a realistic option for production workloads.
laixer 22 hours ago 9 replies      
Cloud SQL for Postgres is launching today and will be available for all users early next week.

Source: Work on Cloud SQL.

cridenour 22 hours ago 3 replies      
Has anyone seen documentation that it supports PostGIS?

Edit: Nevermind, it does! https://cloud.google.com/sql/docs/postgres/extensions

dvnguyen 16 hours ago 4 replies      
One thing is really strange in this thread is that almost every opinion against Google's customer support are down voted heavily. Google advocates always say that GCP support is better. Of course they have to be better because they are the underdog in the cloud war. I can't buy the logic that GCP is Google but not that Google. What would happen if they could dominate?

Don't get me wrong. GCP as a product is really awesome. I've been using GCE and Datastore for a project and they just work. I just can't trust Google enough to bring all my works to their cloud.

leesalminen 22 hours ago 2 replies      
I'm really excited about the future of GCP and that there is now a serious AWS competitor.
jarym 22 hours ago 4 replies      
This is excellent news - am currently evaluating options for cloud Postgres. Only wish they'd support a few more extensions - https://cloud.google.com/sql/docs/postgres/extensions - e.g. plv8 would be great https://github.com/plv8/plv8
scardine 21 hours ago 4 replies      
The killer for me is PITR (point in time recover). A few years ago a colleague triggered and UPDATE without WHERE and PITR saved our sorry asses (on MS SQLServer, a fair product despite my antipathy MS).

Postgres has it, but it is kind of a pain to setup correctly and I love RDS because I don't have to deal with the setup anymore.

laughfactory 22 hours ago 3 replies      
Excited to see this, but holy shit is it unclear what expected costs could be. It seems like it might be on the cheap/affordable side of things, but it's not obvious. I almost prefer to just use Compose.io because at least the pricing is clear.
JohnnyConatus 21 hours ago 2 replies      
Is there a reason Google is so slow to compete with AWS? This seems like another example of where they're playing catch-up. Meanwhile, I'm blown away that Node is still just in Beta (with no SLA / deprecation guarantees) when Heroku and AWS have supported it for years.
saosebastiao 22 hours ago 1 reply      
The last piece of the puzzle for me to have a full stack alternative to AWS. Thanks Google!

Edit: not a complete end of the world, but it would be really nice (and completely easy/safe) to have the uuid-ossp extension available.

hvo 22 hours ago 1 reply      
Yep.I now believe Google is serious about cloud.It is beyond me why it takes Google too long to do this.
mvitorino 22 hours ago 0 replies      
Yes! We have been asking for this for a while now when asked for feedback about what we would value. Managed ElasticSearch is next on our wishlist.
caleblloyd 17 hours ago 1 reply      
Will it be available in the same private network as the rest of our GCE VMs? Last I checked, Google Cloud MySQL runs over the public network, which is a big pain in the ass for access control.
crudbug 21 hours ago 2 replies      

Is Google contributing anything back into Postgres codebase ?

They could have named something different for the product - Cloud SQL ? seriously.

meddlepal 22 hours ago 1 reply      
Huge news! This + GKE + the new improved GCE billing setup is killer for most shops.
sandGorgon 22 hours ago 0 replies      
this is huge! I take my words back - RDS finally has a competitor.
cvburgess 20 hours ago 3 replies      
Does anyone have a good comparison between this, RDS, Aurora, Citus, Heroku PG and some of the other Postgres (and "Postgres-compatible") services?

With so many DBaaS tools available, I'd like to know the best options for things like pricing, availability, features, tooling, monitoring, etc...

NatW 22 hours ago 1 reply      
What is the maximum disk space for this offering? Amazon's RDS peaks out at just 6TB currently.
knz 21 hours ago 1 reply      
Does anyone know if it supports PostGIS? I'm not seeing much on the page (on mobile).
nodesocket 22 hours ago 2 replies      
Wait did this leak before the keynote announcement? :-) (I'm at Google Cloud NEXT right now).
brightball 22 hours ago 0 replies      
Well, I guess I can try out Google Cloud finally
tarr11 22 hours ago 2 replies      
This makes me seriously consider switching from heroku for my rails postgres app. Probably could cut my costs significantly.

Anyone have any comments or experiences with the Google app engine flex environment for ruby?

clhodapp 22 hours ago 0 replies      
This is definitely going to be very useful when it's fully fleshed out but be warned that this initial beta doesn't support Google-managed replication or HA (to say nothing of an SLA, of course).
rattray 19 hours ago 0 replies      
Because my first question was "What are the deviations from standard Postgres?":


It looks like there aren't many you can't use SUPERUSER, and they enable extensions, options, and parameters one by one at request.

no1youknowz 18 hours ago 0 replies      
Any chance of seeing pipelinedb being supported?
Fiahil 22 hours ago 0 replies      
Awesome. Now, can you do the same for Elasticsearch ?
hizanberg 21 hours ago 0 replies      
Awesome, was the main service needed before being able to consider moving from AWS - let the cloud wars begin!
JoshGlazebrook 22 hours ago 2 replies      
Hopefully this pushes Microsoft to expand their offering. I'd love managed Postgres in Azure.
chacham15 17 hours ago 1 reply      
Does this use Vitess? Are those two competing products?
tomaskafka 19 hours ago 3 replies      
5 GB database with 2 GB RAM for $132/month (tier D4)?

Seriously, who is this for? I have no idea - SSD VPS like this is about $10/mo ...

fortytw2 22 hours ago 0 replies      
Extremely exciting, been waiting for this for a while
nhumrich 21 hours ago 0 replies      
I've been looking forward to this forever
executive 15 hours ago 1 reply      
The day before I was about to migrate to RDS. Change of plans!
rebelidealist 15 hours ago 1 reply      
Does this support hstore and Json store?
ww520 20 hours ago 0 replies      
Good news. More competition the better.
softinio 22 hours ago 0 replies      
This is great news! Finally!
timc3 22 hours ago 0 replies      
Fantastic news.
qaq 22 hours ago 1 reply      
is there IOPS info somewhere?
DonkeyChan 22 hours ago 6 replies      
I'm not building anything on top of google unless they give EOL time lines and stop pulling the rug out from under services.
Testing is a separate skill and thats why it can be frustrating medium.com
72 points by kiyanwang  5 hours ago   43 comments top 12
koonsolo 2 hours ago 8 replies      
The best testers that I know really enjoy breaking stuff. They have this special mission to break anything they get their hands on. They take great pride in finding the stuff that the developer probably didn't think of. They smile when it behaves weird, they laugh when it crashes. Their ego rises when they tell the developer that they were smarter.

And therefore, the one who built is, is not the person who makes it his lives mission to break it. Breaking it means more work, more searching for bugs, and then testing again. And nobody likes doing that. Except for awesome testers. They love looking at the face of a desperate developer getting frustrated by a nasty bug.

TheAceOfHearts 2 hours ago 1 reply      
As it relates to the topic of testing, I'd invite readers to check out "An introduction to property based testing" [0]. It's available in both video format with slides, and in the form of two blog posts. I found it insightful when I first stumbled on it.

I'm not frustrated with testing in the slightest. I consider it a fundamental requirement for any serious production application.

I get the impression that people tend to be far too dogmatic about testing methodologies. Write lots of unit tests, as long as they add value or help improve stability. Not everything needs unit tests. It depends on what the module does, and how it relates to the application.

[0] https://fsharpforfunandprofit.com/pbt/

svantana 4 hours ago 1 reply      
No doubt testing is a skill, and a very useful one, though I doubt this is the main frustration. Most people (at least myself) got into coding because they enjoy creating something from nothing. Maintaining and testing code is boring because it doesn't really do anything new, it's mostly fixing edge cases. Personally I try to make testing more creative by making ambitious testing tools (fuzzing, self-testing base classes, etc), which makes it more fun and therefore more likely to get done.
msimpson 1 hour ago 0 replies      
For me, the frustration regarding testing comes not from it necessarily being a separate skill set but that writing tests can be daunting considering the tools at hand. Consider, for instance, that only recently has JSDOM even gained a way to log issues inside its own runtime environment, making all usage of it previous to this fix amazingly difficult to debug:


Now this is only one in a myriad of nuanced struggles which I can potentially face as a developer when deciding what and how to test. When these tools facilitate this need without creating such an undue burden then I, and I'd bet many others, will naturally gravitate toward automated testing.

michaelfeathers 3 hours ago 1 reply      
I don't think this is a good way of framing things. In fact int can be counter-productive.

Automated testing is the process of writing code to understand your code. We already have to understand our code. Testing is being deliberate about that understanding and writing it down. The same design/testing thoughts that lead us to edge cases can lead us their elimination without testing at all. It's an integrated process, not something separate.

ntrepid8 3 hours ago 0 replies      
I'm not so sure they are separate skills. It's possible to write functions that are easy to test and functions that are hard to test.

I find that the two tasks of writing functions and tests for those functions are closely intertwined. I like for developers to write their own unit tests, and then for Q/A to develop the functional/integration tests from the perspective of the client (machine or human).

It's very difficult to come in after the fact and write unit tests for someone else's code, especially if they weren't thinking about writing testable code.

Glyptodon 2 hours ago 0 replies      
The thing that frustrates me is running into situations where creating the infrastructure and code to set up and run a test is orders of magnitude more complicated than actually building the application. This is typically not at the unit test level (which mostly isn't that bad), but rather at the "wow, I basically need to implement a local version of this 3rd party API that doesn't have a test environment" sort of level. And that's not even getting into the times I've had to work with "APIs" that are so bad they aren't even testable (wishing wells).
PaulHoule 3 hours ago 0 replies      
One problem with testing is that you're not just testing your code, but you are testing your assumptions. If you make a mistake in your code, you might make the same mistake while testing.
jlebrech 1 hour ago 0 replies      
I don't understand how as a developer I have to write code to test my code, surely there should be a non-coding solution, especially end-to-end.

and if you leave end-to-end to a tester they'll have to learn to code.

rb808 3 hours ago 2 replies      
Is this about testing or unit testing? Personally one of the problems is that unit testing has such a hype train it leads to people using it always when it isn't always necessary. With unit testing brings all the baggage: the DI, IoC containers, factories, mocks & all the stale test cases that were written a few years ago and no-one ever looks at but take 10 minutes to run.

My current project has objects that are only ever used once in one place but still have abstract interfaces, lots of injected parts & test cases. Its only a simple class, it doesn't need all this extra complexity. For me its frustrating that lots of people think its "good design". Sure - you need to be able to test your application but unit testing everything is rarely the right way.

psyc 2 hours ago 0 replies      
Separate skill from what? Programming is already an agglomeration of many different skills.
draw_down 2 hours ago 0 replies      
I mostly agree with the truism that good code is highly testable, so in a way it's not separate. If you have lots of trouble testing your code you maybe just don't design things very well yet. Tests have a way of immediately highlighting structural issues with what you're building.
New in Chrome 57 developers.google.com
35 points by markdog12  1 hour ago   7 comments top 2
johnhattan 31 minutes ago 1 reply      
There's a Unity demo on the WebAssembly site if you want to see if it's enabled in your browser. Just tried it on Chrome beta and it worked. MS Edge 13 did the asm.js fallback.


Note : The demo is pretty slow to initialize

subie 1 hour ago 3 replies      
I don't see any mention of WebAssembly in this post besides one comment.
       cached 10 March 2017 17:02:01 GMT