hacker news with inline top comments    .. more ..    2 Jun 2017 News
home   ask   best   9 months ago   
Visualize data instantly with machine learning in Google Sheets blog.google
183 points by pmcpinto  2 hours ago   32 comments top 13
mbesto 36 minutes ago 2 replies      
When I worked for SAP back in 2007 (I was a fresh grad at the time), I was working in the business intelligence (reporting, analytics, and data warehousing) group and noticed how cumbersome it was for organizations to simply create and view reports (we're talking millions of dollars). I once said to my boss "you realize that in the future we'll simply just write 'show me a line graph for sales in the northeast'".

And so here we are now.

uberneo 1 hour ago 1 reply      
Well charts is a good addon but just wanted to understand how they are able to do this ... i mean Machine Learning part , for example if somebody asks "Show me sales of X product in last year" , from machine learning perspective how this gets interpreted in actual SQL query ..
pbreit 15 minutes ago 0 replies      
This is very neat.

But the best, still-mostly-hidden feature I've found recently is App Scripting and especially the ability to do a UrlFetch.

I use it as an "API Runner" to run various batch jobs against APIs.


wyck 9 minutes ago 0 replies      
Not really a contender for enterprise or even medium sized business's with Tableau, Sisense, Qlik, Power BI, and IBM in the mix.

They are solving a problem that doesn't really exist, the challenge is not the last step of a data report, it's the steps involved in the beginning, getting good data in, formatting, joining multiple sources, automation, dealing with junk data, procedures,etc.

froindt 2 hours ago 0 replies      
I wonder if we will see more software including query based input like their charts, and what sort of speed improvement we could see? At first I was not excited to type something where I could click a couple buttons, but then I recognized the other enhancements such as applying a filter right away.

I'm not convinced it's better just because it has machine learning on the back end, but if excel would learn how I want my graphs made from how I manually adjust the graphs (adding axis labels and a title, color preferences, never a 3d bar or pie chart), that'd be a nice enhancement. I'm sure there's a setting, but I haven't searched for it.

darwhy 29 minutes ago 1 reply      
I'm wondering how Microsoft is responding to this. Do they expect their current Excel dominance to continue despite competitors constantly catching up to feature parity and even extra goodies, like this one?
andrea_s 1 hour ago 1 reply      
Kind of goes in the direction of what Thoughtspot (https://www.thoughtspot.com/) is doing (https://www.youtube.com/watch?v=D-y_EjFsDuk)
zitterbewegung 2 hours ago 1 reply      
I thought Explore in google sheets has had this feature for awhile? I remember it suggesting visualizations in sheets a few months ago.
taylorwc 2 hours ago 2 replies      
Oh, wow. I love where this is headed. Spreadsheets are one of the most abused products in a normal business--used for everything, and then some poor excel jockey ends up being forced to create a semblance of order from the chaos.
sandGorgon 1 hour ago 1 reply      
does anyone know how this kind of stuff gets built ? I'm considering a spreadsheet-y internal admin dashboard for my startup. I was looking at https://github.com/JoshData/jot to be able to sync stuff on the client side to the server.

has anyone worked on something like this ? the big challenge is synchronization - between server and multiple clients - while being able to offload a lot of computations on to the client.

I wonder how is the security built ? if i maliciously change the formulas in my browser.. will the backend datastore still accept the data ?

2_listerine_pls 29 minutes ago 0 replies      
still no tables. How hard is it?
p90puma 1 hour ago 0 replies      
404 for me on the link.
mariogintili 2 hours ago 1 reply      
how many corporate secretes will be leaked into this?
Network Protocols destroyallsoftware.com
354 points by signa11  7 hours ago   38 comments top 8
have_faith 6 hours ago 12 replies      
As a front-end web developer with no formal computer science background or traditional programming experience I find these kinds of articles extremely valuable. I like to understand as much as possible, at least conceptually, what happens throughout the stack even if I don't touch it. Does anyone have any links to anything similar? perhaps for the Linux kernel or other lower level systems but with a top down overview like this? Especially anything that would build on this article. Effects and unexpected phenomena that manifest in networks like this also would be interesting.
andars 30 minutes ago 0 replies      
> In reality, our 5-volt CMOS system will consider anything above 1.67 volts to be a 1, and anything below 1.67 to be 0.

Worth noting that the region from 1.67 V to 3.33 V is undefined and systems in practice will not behave nicely for signals in this range. A CMOS logic 1 needs to be above 2/3 Vdd to be reliably recognized.

manigandham 1 hour ago 0 replies      
I always recommend the High Performance Browser Networking book by Ilya Grigorik for a fantastic overview of modern web protocols. It's also free to read online.


bogomipz 1 hour ago 0 replies      
His articles are always fantastic. I wish he would consider publishing a book however as $29/month to subscribe to a blog feels a bit steep.
Alex3917 2 hours ago 4 replies      
So does BGP consider the amount of time it takes to traverse each hop, or are routing tables built only based on the minimum number of hops it takes to reach each destination?
tyingq 2 hours ago 1 reply      
I assume it's not mentioned to keep the article brief, but most devices these days support MTU sizes greater than 1500 bytes. Jumbo Frames[1] allow for ethernet packets of up to 9216 bytes.

Since they have to be fragmented back down to 1500 for devices that don't support them, however, it's typically only used in closed internal networks, like a SAN. People typically see about a 5% to 10% bump in performance.


iajr39r4 1 hour ago 1 reply      
A bit off topic but, I noticed most of the titles on destroyallsoftware are rendered as SVGs.

Why is that a better idea than just normal text?

RubenSandwich 5 hours ago 2 replies      
I hate to be that guy. But I don't think this link was meant to be for the general public. Gary Bernhardt, the author of this piece, posted this link to this Twitter followers about 2 weeks ago to receive feedback. Remove the hash at the end of the URL, '/97d3ba4c24d21147', and you'll see you'll be redirected to purchase a subscription to Gary's screencasts and articles.

So if you are enjoying this article consider purchasing a subscription and supporting more work like this.

Oh My Gosh, Its Covered in Rule 30s stephenwolfram.com
533 points by seszett  11 hours ago   107 comments top 20
wallnuss 10 hours ago 5 replies      
The only sad part of this story is the design was meant to celebrate John Conway and his Game of Life [1] (Conway actually was a lecturer at Cambridge, when he introduced GoL).

[1] From 2014: http://www.railwaygazette.com/news/infrastructure/single-vie...

symmetricsaurus 10 hours ago 0 replies      
James Grime (of, perhaps, Numberphile fame) made a video about it [1].

He also talks about how it's supposed to be related to Conway's game of life but is actually not (Conway's game of life is a 2D cellular automaton, while rule 30 is 1D).

[1]: https://youtu.be/aeyhnrZvQBE

DonHopkins 5 hours ago 1 reply      
The walls along 101 through a stretch of Menlo Park have error diffusion dither patterns on them that I enjoy. Or at least it looks like an error diffusion dither and not a cellular automata to me, because it seems like a gradient, somewhat random, sparse, spread out, and not deterministic enough to be a cellular automata rule.


Here's a few layers of cellular automata (anneal, life and brian) combined with some error diffusion dithered heat flow, for your enjoyment (try clicking and dragging and spinning the mouse wheel):


kaundur 9 hours ago 0 replies      
If anyones interested I wrote some JS to view states 0 to 255 in canvas. http://www.kaundur.com/jekyll/update/2016/10/31/cellular-aut...
peeters 49 minutes ago 0 replies      
I'm pretty new to CA, so I found this really useful in giving some necessary background to the algorithm and what a "rule" is: http://natureofcode.com/book/chapter-7-cellular-automata/
ncw33 8 hours ago 0 replies      
Brilliant spot! I hadn't read that in the local papers - there was simply criticism of the 'boxy' design. I live right by that station, and used it for the first time this weekend (only a few days after it opened) and my wife and I commented on the attractive appearance of it.

Despite some controversies (are there enough ticket machines, enough toilets, enough train services, and so on...) Cambridge North is going to become a popular station.

GlennS 7 hours ago 0 replies      
Anyone know the origin of the 22,000 BC pattern? I had no idea anyone was making such impressively detailed masonry that far back.

The Sumerian columns with geometric mosaics are pretty cool too.

GuiA 10 hours ago 1 reply      
So... who're the architect(s) for the station? How did they go about laying the tiling on that facade, programming the CNC to cut the pattern in the aluminium, etc.? Sounds like there are probably some interesting people behind it all.
mturmon 9 hours ago 2 replies      
You can make some pretty fun tilings out of Penrose tiles as well. My wife and I made a ceramic-tile headboard out of the Penrose P2 tiling (an aperiodic tiling) that looks quite lovely - the tiles, being handmade, avoid sterility. Like the patterns in the OP, they have recurring themes, but don't fully repeat.
laszlokorte 3 hours ago 0 replies      
the fashion online shop asos.com also uses a pattern that looks like a cellular automaton for it's packaging:


jsat 8 hours ago 0 replies      
Fantastic post. Opened me up to some mathematics I didn't know about. But please Wolf, these pictures are tiny.
flavio81 10 hours ago 1 reply      
One of the most coolest posts i've seen lately.

I did not know such patterns were also present in antique art. I guess one learns a cool thing every day !

fjfaase 7 hours ago 0 replies      
Maybe, the should have used one of the many repeating Rule 30 patterns: http://www.iwriteiam.nl/Rule30.html
alkonaut 9 hours ago 1 reply      
We get it - cellular automata. This would have been an interesting article if he had tracked the artist/architects, interviewed them and asked them how they ended up with these patterns, what tools they used etc.

Instead it's the same endless blabber about the damn automata we have heard for the last 20 years.

mtgx 7 hours ago 0 replies      
A somewhat relevant "theory of everything" in a TED video from 8 years ago:


sova 9 hours ago 0 replies      
Uncanny and amazing
graycat 8 hours ago 0 replies      
Very nice!
Will_Parker 10 hours ago 9 replies      
I've long been a fan of Wolfram's ideas. But I wish he could write a single thing without most of it being about: how great he is, and how he has supposedly made the most progress in history with a cognitive step from already explored cellular automata. It's not even that I'm that bothered by the arrogance, it's just repetitive and boring.
eternalban 5 hours ago 0 replies      
This guy really thinks he invented cellular automata.
lanbanger 6 hours ago 1 reply      
Just a shame there are no direct trains to or from London to Cambridge North, eh?!
Maybe we shouldn't skip SHA-3 cryptologie.net
75 points by baby  5 hours ago   60 comments top 8
tptacek 2 hours ago 5 replies      
If you're going to pick a hash specifically to avoid length-extension attacks, pick SHA-2 512/256, which isn't vulnerable to length extension attacks. Or, for that matter, pick Blake2, which is a slightly less idiosyncratic choice than SHA-3. Everyone --- including the authors of SHA-3 --- is unhappy with the SHA-3 parameters and resulting performance.

SHA-2 512/256 is much faster than SHA-3 and supported by more libraries.

The notion that by recommending SHA-2 512/256 you're setting people up to use prefix MAC SHA-2 512 or SHA-2 256 is kind of silly. You could similarly argue that by telling people to use SHA-3, you're risking that they "fall back" to SHA-2. Either way, you're calling for a specific hash.

The reality is that some people like SHA-3 because it's interesting and because its primitives can be used for a variety of non-hashing applications. That's true! Nobody is saying SHA-3 shouldn't exist. They're just saying: there's no good reason to use it in a modern application.

(If you're not clear on length-extension attacks: they're the reason we use HMAC. HMAC-SHA2 isn't vulnerable to length extension attacks; neither is HMAC-SHA1 or HMAC-MD5 --- both of which, fun fact, can't currently be attacked, despite the weakness of their underlying hash. But if you use SHA-2 512/256, you don't have to use HMAC.)

niftich 5 minutes ago 0 replies      
It's unfortunate that the 'bar' in misuse-resistant crypto isn't always equally high, and different experts (as evidenced from this thread) argue that you get there in different ways. In that regard, I think the author makes a good point: despite the hard-to-implement-in-hardware aspect of GCM, the dangers of nonce reuse have always been well-documented, and it's only recently that that went from being a simple algorithmic contract to bad design worthy of correction.

I think the point the OP makes is that a suggestion like "use SHA-3" is a simple, succinct, and not-unacceptable answer to a question like "what cryptographic hash function should I use?", giving a safe albeit conservative, but instantly graspable answer without having to go into additional detail -- other than the obligatory mention to that general-purpose hash functions aren't by themselves appropriate for key derivation ("password hashing").

The alternative view -- that SHA-512/256 (which suffers from its naming), or the longer-but-less-truncated-state SHA-384 is faster, more studied, more widely supported -- is a more nuanced recommendation, but then you have to explain why you don't mean SHA-256 or SHA-512. The innovation of libraries like nacl and libsodium was to the user of crypto from having to be a crypto expert themselves, and once you have to explain which of the SHA-2 hashes specified in FIPS PUB 180-4 you should and shouldn't use, we're not really any better than in the footgun days.

tytso 35 minutes ago 0 replies      
I think the argument that people could misuse SHA-2 is bogus, because if people are rolling their own crypto, they can get themselves into a lot of trouble, not just with SHA-2(key || data). Indeed, that argument may cause people to assume that it's ok for application programmers to do cryptographic protocol engineering, which would be disastrous.

A much more general argument is that most people should be using cryptographic frameworks (e.g., which implement TLS), and Adam Langley's thoughts about whether or not SHA-2 should be skipped should be aimed at people who are creating those cryptographic frameworks.

But if we are giving advice to random application programmers, they shouldn't be trying to pick cryptographic algorithms to begin with, and the question of whether you should be using SHA-2(key || data) is the sort of thing where the Zen master would be hitting the student with a cluestick for asking the wrong question to begin with.

nilved 2 hours ago 2 replies      
> The reality is that you should use SHA-3. I'm making this as a broad recommendation for people who do not know much about cryptography. You can't go wrong with the NIST's standard.


remcob 30 minutes ago 0 replies      
In which use cases is the asymptotic cycles per byte relevant compared to the small case performance?

I mostly use hashes as part of signing/verifying small messages, say an 80 byte JWT, a Blockchain transaction, a certificate, an TLS/SSH packet, etc. Besides hashing large files (which I rarely do), I don't see where I would reach asymptotic performance, or even use tree-hashing.

SHA3's block size is 200 bytes, KangarooTwelve's is, if I'm not mistaken, 8192? I'm more worried about not even filling the first block :)

super-io 22 minutes ago 0 replies      
In hash function competitions, are the authors of the function allowed to vote for their own entry?
cryptonector 37 minutes ago 0 replies      
So, AGL was speaking specifically about TLS. He wasn't suggesting other protocols / formats not use SHA-3 / SHAKE. But this blog post talks about misuse of hash functions as a reason to switch to SHA-3 as if AGL had not referred only to TLS.

That's a strawman. It's NOT useful.

johnhenry 1 hour ago 0 replies      
We can look at technologies from two different points of view -- a engineers or as scientists.As engineers, we look at sha-3 as a practical means to an end -- just a secure hashing algorithm. From that point of view, its un-necessary as we already have sha-2.As scientists, it's an experiment and we're still waiting to see the results. The hypothesis is that its existence will strengthen our existing pool of hashing algorithms. We should note that this is a poor hypothesis; given that we don't see any flaws in our [only?] other algorithm, it's currently impossible to test. However; as with many other important experiments, we are seeing other un-expected results and applications.As an engineer, I acknowledge that it's probably best to skip it in most production applications. But as a scientist, let's not skip if anything cool happens down the line?
Google could face a $9bn EU fine for rigging search results in its favour independent.co.uk
39 points by Jerry2  1 hour ago   35 comments top 6
gthtjtkt 8 minutes ago 0 replies      
How about a similar fine for rigging search results during the US election?


ticklemyelmo 13 minutes ago 2 replies      
How is it that Google search results are considered a public service that must run in any particular way other than their own whim?

Is it simply a matter of scale?

pulse7 8 minutes ago 1 reply      
Just write "translate" and you will get 1) Google's translate service inlined 2) Google Translate Website and then everything else...
strictnein 23 minutes ago 8 replies      
At some point it seems like the US government needs to step in and somehow mediate these things. I'm sure it's incredibly popular to fine US companies huge sums of money in Europe, but this is starting to get out of hand.
tschellenbach 22 minutes ago 2 replies      
As a European I think it's sad how we spend our efforts fining startups instead of creating an ecosystem that fosters the creation of break out companies.
idibidiartists 20 minutes ago 0 replies      
Do they have proof of that?
An anti-ageing startup is offering transfusions of blood from young people vanityfair.com
29 points by robzyb  1 hour ago   24 comments top 10
sp332 36 minutes ago 3 replies      
They buy the blood from blood banks, so people donating blood don't know it's going to paranoid rich people instead of sick people, and they don't get any of the money!

Edit: I thought it was illegal in the USA to pay for body parts, but there is an exception for plasma (and maybe the rest of the blood?). But it's already predatory http://www.nytimes.com/2009/12/06/business/06plasma.html and this new business only makes it look worse.

yincrash 0 minutes ago 0 replies      
I dont want to say the word panacea, but heres something about teenagers, whatever is in young blood is causing changes that appear to make the aging process reverse.

Sounds like the most stereotypical trope of snake oil.

simplicio 32 minutes ago 1 reply      
Putting aside the ookiness factor, the science here seems pretty tenuous. "Self-reported improvements that scientists have been unable to replicate in clinical trials" are what's behind every questionable medical practice from homepathy to crystal healing.

Especially given the time and money involved in having to get regular transfusions, I'd think the practitioners would be better off using the time to spend an extra hour in the gym.

bighi 13 minutes ago 0 replies      
The title should be "a scam startup is stealing money from fool people".
kyriakos 47 minutes ago 3 replies      
Thought Silicon Valley TV show was a comedy.
cavanasm 39 minutes ago 0 replies      
Without knowing how reputable any of this is, I'm somehow not shocked to hear Peter Thiel is interested in medically unnecessary blood transfusions. This could be totally fake, but just based on what I know about him from news, this seems like a perfectly plausible and normal for Peter Thiel interest.
AdmiralAsshat 12 minutes ago 0 replies      
Who knew that Countess Bathory was a visionary entrepreneur?
emersonrsantos 12 minutes ago 0 replies      
This remembers the death of Gianbattista Cibo in 1492, or Pope Inmocent VIII, and an attempt from a foreign doctor to revive him on his deathbed by blood transfusions from three young male children (who died as well in the process).
korzun 23 minutes ago 0 replies      
Start-ups in the health care field have difficulty managing their HIPAA / HITECH compliance. You would have to be a special kind of idiot to allow them anywhere near your blood.
taf2 27 minutes ago 1 reply      
Mathematics for Physics (2009) [pdf] gatech.edu
157 points by lainon  11 hours ago   25 comments top 7
ice109 9 minutes ago 0 replies      
ulucs 9 hours ago 6 replies      
On the other side of the spectrum, I would recommend Spivak's Physics for Mathematicians [1] strongly. I don't think anything else could come close for a mathematician who wants to learn physics.

[] https://www.amazon.com/Physics-Mathematicians-Mechanics-Mich...

BeetleB 1 hour ago 0 replies      
I've used this textbook, and frankly, it's good only for people who already know the material and want a fresh look at it. The chapters on group theory and complex analysis are good. Most of the rest are not.
fpoling 7 hours ago 0 replies      
This feels like newer version of "Elements Of Applied Mathematics" by YA. B. Zeldovich, A. D. Myskis [1]. That book title is somewhat misleading as it is not about Applied Mathematics in modern sense, but is rather about how to apply math to solve various problems in physics.

And this is exactly what Michael Stone and Paul Goldbart did in their book as well, albeit their book is more dense/stricter and cover more advanced topics like differential geometry.

[1] - https://archive.org/details/ZeldovichMyskisElementsOfApplied...

simooooo 5 hours ago 0 replies      
Is there a similar thing for total novices?
tmoot 4 hours ago 0 replies      
Hahahaha, funny seeing this here. I took this course at UIUC about 6 years ago taught by Stone.
relyks 8 hours ago 1 reply      
Is there anything covered in the text besides Linear Algebra that may be relevant for Software Engineering and Computer Science?
Show HN: Statements and State, the next chapter of my book on interpreters craftinginterpreters.com
98 points by munificent  11 hours ago   26 comments top 9
bhrgunatha 12 hours ago 0 replies      
I like this book a lot - especially making it available to read free in HTML. It's good to see practical information about parsing and grammar rather than plainly theoretical - although there's room and a for need both.

Another similar read is Vidar Hokstad's blog series - Writing a compiler in Ruby [1] which was first submitted here 9 years ago! [2]

[1] http://hokstad.com/compiler

[2] https://news.ycombinator.com/item?id=319337

jnbiche 1 hour ago 1 reply      
I'll add my usual comment in discussions about interpreter/compiler books: I'd really love to read a modern book or in-depth tutorial on creating a statically-typed functional language, with discussions on pattern matching, type inference, tail call elimination, ADTs, etc.

There are so many great books out there on how to create a lisp, or a typical mutable object-oriented language, but with one notable exception (that's unfinished), there are no approachable online tutorials/books out there that I've found on building compilers or interpreters for functional languages. Only academic papers, a textbook, and one or two books from 20-30 years ago.

Pierce's Types and Programming Languages is a great textbook that covers all of this material, but from an extremely detailed and formal academic perspective. It would be great to see more approachable tutorials or short books online to complement Pierce's text.

I've started writing my own in-depth tutorial on this subject using Scala as the implementation language, but would love to see other tutorials/books as well.

ChuckMcM 13 hours ago 2 replies      
I vividly remember learning about recursive descent parsing in my compilers class and thinking, "Wow, I can use this everywhere!"

Of course in addition to executing an AST you can also generate CODE for it...

mrmondo 4 hours ago 1 reply      
Thanks for taking your time to commit to this, I was wondering if you had an RSS feed rather than the email subscription option? I tried a few feed readers and couldn't discover RSS or ATOM feeds present. (Although I may have missed it as on my phone at present)
pravj 7 hours ago 1 reply      
I am loving this book so far, always wanted a resource with such details and a 1:1 session like feeling.

Also, to enforce an extra layer of learning, I am writing the interpreter in Go. (book uses Java and C)

The "satisfactory" part is, I've started applying the learning to other problems (writing a transpiler, completely different from the book's context), despite being in the middle of the book.

ljw1001 11 hours ago 0 replies      
This is really a wonderful book. Nystrom's writing is clear and entertaining. I look forward to every new chapter.
panic 9 hours ago 2 replies      
This is great writing: very clear and easy to understand!

I feel that dynamic variable lookup is a mistake, though -- it's just so painful to have to wait until runtime to discover you've made a typo. Is supporting mutual recursion really important enough to offset this pain?

erikb 7 hours ago 1 reply      
I thought this would be a book in political statement interpretation. Would be really interested in that! Any suggestions?
flavio81 11 hours ago 3 replies      
"In less than two thousand lines of clean Java code, well build a complete interpreter for Lox..."

2000 lines of Java code? I guess 400 of the lines of are just getFoo() setFoo() getBar() setBar() and so on and so on...

At the beginning i thought "Why is this tutorial written in Java? Yuck!". Then, in a flash of enlightenment i saw this was a perfect choice: The author, bless him, is showing us how to write an interpreter in Java, so after one is finished, one can stop using Java and start using this brand new language.

Jokes aside, i am VERY MUCH looking forward and EXCITED to see that the next chapter is on implementing a bytecode virtual machine. So let's hope the author completes the book soon!!

Then I will finally create my ambitious project for an object oriented COBOL, which will be called "ADD 1 TO COBOL GIVING COBOL" (drum fill please...)

OneLogin: Breach Exposed Ability to Decrypt Data krebsonsecurity.com
124 points by johannsg  13 hours ago   32 comments top 9
manigandham 1 hour ago 3 replies      
Lots of confusion in all the posts about OneLogin - they are not a password manager like lastpass, they are a Single Sign-On (SSO) and Identity Provider, meaning they integrate with other services, maintain a master directory of all users, and provide a single login UI for all connected apps.

Companies use OneLogin so employees have 1 service to enter their credentials and can then use federated access to apps like Google, Office 365, Salesforce, etc without signing in again, most often connected via SAML which uses public/private keys. The identity provider can also be external, so for example users can sign-in via the OneLogin UI but the username/password are actually authenticated against Office 365 Active Directory instead.

willow9886 1 hour ago 0 replies      
This is my primary concern with SaaS identity providers--yes, they are easy to setup and administrate, but they are huge honey pots.

In addition, customers are unable to do any forensic analysis to determine how their data was affected.

> OneLogins blog post includes no other details, aside from a reference to the companys compliance page.

The only option is to hope they provide customers with relevant information in a "timely manner", but that could be months for an organization with thousands of customers.

graystevens 11 hours ago 2 replies      
The recent update from Krebs gives some interesting details into how the attack took place, something we don't get to hear very often:

Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. Evidence shows the attack started on May 31, 2017 around 2 am PST. Through the AWS API, the actor created several instances in our infrastructure to do reconnaissance. OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it.

Credit where credit is due, that's a pretty quick response time for data breaches, which are normally quoted as being discovered in an average of 30 or so days.

However the fact people's information can be decrypted from this breach is awful. Sounds a lot like the private key to decrypt this information was stored alongside the data in the database... whoops! That's like storing the clear text password. Let's hope the decrypted information contains strongly hashed passwords, but I'm not holding my breath.

EternalData 1 hour ago 0 replies      
I'm thinking of splitting my logins into a set of essential information in a paper journal -- while keeping some transactional passwords on 1password. 1password was one of those times where I decided to trade off convenience for absolute security -- which I'm realizing is a mistake.
mirimir 10 hours ago 2 replies      
> After OneLogin customers sign into their account, the service takes care of remembering and supplying the customers usernames and passwords for all of their other applications.

Isn't that at least somewhat analogous to using the same username and password on every site?

jupp0r 8 hours ago 3 replies      
I'm not a user of OneLogin, but if they store encrypted passwords and encryption keys, their security model is fundamentally broken imho and I'd never give them my passwords.

Better services (1password for example) are specifically designed to never know your master password/key to avoid this very situation.

perseusprime11 1 hour ago 0 replies      
I use onelogin. Should I change my password?
dukedougal 5 hours ago 3 replies      
How was a central password store ever a good idea?
qrbLPHiKpiux 5 hours ago 0 replies      
Come down to this: your most sensitive data is in danger of one misplaced character or one wrong click.
New research indicates Unicorns are overvalued stanford.edu
191 points by good_vibes  9 hours ago   44 comments top 20
gjem97 3 hours ago 3 replies      
> The average unicorn, the researchers note, has eight stock classes for different types of investors, including founders, employees, venture capitalists, mutual funds, and others.

As an aside, this is why I think that any effort of a prospective employee to divine the value of a stock option package is likely in vain. Without a detailed accounting of the ins and outs of the preferred stock that is senior to your common shares, it is nigh impossible to tell how much the common shares (and options thereon) are worth.

cjlars 8 hours ago 3 replies      
The key issue is that a lot of startups use various contractual terms -- things like options on exit, liquidation preferences and others -- to take money into into the business at high nominal valuations, while still offering downside protection (optionality) to investors. The public at large usually just quotes the nominal valuation and goes from there. However, the optionality of those terms has substantial financial value, so the nominal valuation is often far from the truth.

These authors have developed a system to tease out the optionality using standard financial methods (using methods like Black-Scholes, for example), which can give us all a better understanding of the true worth of these companies. Far overdue in my opinion.

arjie 7 hours ago 1 reply      
I think when a model is presented like this, it should also show the examples where it fails. In the article, they show Square (Series E valuation at 6 B, pre-IPO 2.66 B) where the "fair valuation" correctly models closer to pre-IPO at 2.2 B.

However, let's look at another example. Take Nutanix (Series E valuation at 2 B, pre-IPO at 2.1 B). This model values it at 0.8 B on their table, almost a third of the IPO price.

There is no explanation forthcoming in this article as to why that's the case. This makes it seem like the Square example was cherry-picked.

I picked NTNX at random, so I don't know if it's the one exception. I'm not going to exhaustively check every result, however. I expect them to do that for me and not sell me a story without pointing out the terrible exceptions.

neom 2 hours ago 0 replies      
I was fundraising last year for the company I work at and one of the investors asked me if I'd consider doing XYZ. I said, well that would put our share price to such that you would create a massive valuation on the business, so no. They seemed confused and said but wouldn't you want to make the company that valuable. I smiled and ended the meeting. What they wanted would introduce an enormous amount of risk to the business because Valuation != valuable. I would imagine this type of conversation is how founders end up on that list. I think our business is great, but I'm not delusional.
sebleon 7 hours ago 2 replies      
The deal terms for unicorn investment rounds are less about company fundamentals, and more about the scarcity of great startups.

There's more money than there are good deals in Silicon Valley, so later stage investors are forced to offer more money for less equity in order to beat other term sheets. This ends up looking like sky-high valuations, since investors that offer fair-market-valuations are unlikely to get picked. Founders naturally gravitate towards minimizing dilution.

WestCoastJustin 8 hours ago 0 replies      
If you are looking for the table of companies, like I was, then download the report via https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2955455 and skip to page 48.
artellectual 7 hours ago 0 replies      
The key thing here isn't about the fact that they are overvalued. It's more important to discuss the repercussions and what anyone is doing about it. It's not just Sillicon Valley, it's the startup scene all over the world.

How much is something really worth. Well how much is the next person willing to pay, that's really what this is all about. I've been down the road of VCs, exits etc... before and to be honest most of it is just fluff people make up, loop holes in the way things are valued, forget basic business and accounting they literally are making this up as they go.

Most VCs I feel have a detrimental effect on startups, the only thing a lot of them provide is money, which isn't always what a startup needs. It doesn't matter to the VCs that they are mostly wrong, they just have to be right once.

The question we need to ask here is what happens when it all crumbles down, due to the fact that all this is going on. How valuable something is ultimately depends on how many lives it improves. Whether something is valuable or not is measured by the amount of pain inflicted on society if the startup didn't exist, and ultimately if something is not needed, it wont survive anyway. The market is cruel like that, and having VC money shields entrepreneurs away from that crucial factor. All this fluffed up valuation has nothing to do with the survival of a business anyway.

TrickyRick 4 hours ago 1 reply      
Perhaps this is the beginning of the end of what is essentially a new IT bubble? After all, it bears all the traits of the last bubble so all that's missing is a trigger.
singaraja 4 hours ago 0 replies      
Square is valued at 8.69B in https://beta.finance.yahoo.com/quote/sq

So if this article is to be trusted it is overvalued by 4.4 B $. that is another square.

surrealize 7 hours ago 0 replies      
If you've been an employee at a unicorn and have common shares/options, check out table 8 (page 48) that lists common share valuations according to their model.

AIUI, the common share FMV they list should be comparable to the 409A common share valuations you may have gotten. Roughly speaking, assuming the funding round in the table is close in time to the 409A valuation.

hectorr 2 hours ago 0 replies      
Maybe all asset classes are undervalued relative to the currencies they are priced in.
skdotdan 8 hours ago 0 replies      
You don't say?
tomblomfield 7 hours ago 0 replies      
TL;DR it is not fair to take the per-share valuation at the last round of funding and apply it to all stock if the newly issued stock has preferential rights.

10 apples are worth $100. 90 oranges are not therefore worth $900.

JackPoach 7 hours ago 1 reply      
No shit, Sherlock
fs111 5 hours ago 0 replies      
news at 11
maxehmookau 7 hours ago 0 replies      
Bears shit in woods.Pope catholic.
romanovcode 3 hours ago 0 replies      
Wow, in other news - sky is blue!
EGreg 7 hours ago 0 replies      
This is what Edgser Dijklmnopqstra was saying back before these unicorns existed.

We have drifted far from the vision of people building up computing.

charred_toast 54 minutes ago 0 replies      
Yeah, when fucking websites are worth more than real estate it takes a genius to figure out there is something amiss. /s
Google Contributor: Buy an ad removal pass for the web contributor.google.com
205 points by sohkamyung  10 hours ago   183 comments top 54
cptskippy 2 hours ago 4 replies      
I've been participating in Google Contributor since it's inception, this is like the 3rd relaunch of the service. I have no doubt it will fail just like the past iterations because the fundamental flaw is that Google is the heart of the system and they're unwilling to extricate themselves from it. I don't think this type of service is the way forward and the solution will not come from Google or any other ad provider for a number of reasons. The first is that Google is not the only ad network and no one wants to be cut out. The second is that this does nothing to address the privacy or security issues people have today that drive them to ad blockers.

There aren't just a handful of Ad networks, there are thousands if not millions out there. On top of that, they utilize each other to push out ads in a horrid rat king like incestuous jumble. Any payments to avoid ads served by these companies would require compensating all of these companies, the end result predictably would be movie studio accounting that leaves the content provider with nothing in the end.

This setup does nothing to address the privacy issues people have with companies like Google tracking their comings and goings. Google is still at the heart of this system and still knows everything about you. To get any benefit from this system actually requires you to embrace Google. People want to maintain their privacy, they don't want to login to Google to get rid of ads.

It's easy to envision a system utilizing a crypto currency and a digital wallet held by your browser that you fill occasionally and that prompts you to pay a site similar to the manner in which Location Services work simply based on a meta tag a site provider puts in their page head containing their wallet and request pay amount and schedule. It's impossible to imagine Google, Apple, Facebook, or anyone who wants in your pants to allow themselves to be cut out of a revenue stream by such a system. Companies like this are double dipping by charging everyone else to be the broker and also by being the service provider being paid.

I honestly don't know if an ad free web is allowable. It's technically possible but everyone who isn't the content creator is going to do everything they can to stop it form happening.

kemonocode 1 hour ago 1 reply      
Then naturally, as soon as I try to sign up for it, I get told "Contributor is not yet available in your country" as it seems to be US-only at the moment.

That's okay, uBlock Origin with its whitelist I compiled with sites I know won't violate my browser with ads is still available in my country.

BoiledCabbage 8 hours ago 5 replies      
Whether it comes from Google, or someone else I believe this is the only way the web survives.

Content creators need to be able to charge different amounts for different quality content.

In depth, well researched reporting needs to be able to earn more than a buzzfeed article. That's not possible with a flat "per-eyeball" cost, where the revenue to the content creator is uncorrelated with the cost to create or the value/quality of the content.

I wish it weren't google (who also already owns advertising), but someone large is the only one who can make it happen.

A model like this is necessary to support quality content online.

catskull 48 minutes ago 1 reply      
Wait so it only works on those 4 websites? I've only heard of Popular Mechanics, but I rarely (if ever) visit their site.

If this was more like Youtube Red, I'd be all over this. I would love to pay to remove all google ads. I get that uBlock exists, but I want to support the sites I use.

Unrelated: the sidenav thing is empty? WTF?

r3bl 7 hours ago 4 replies      
Maybe if Google went with "Pay us $10 per month for us not to show you any AdSense anywhere on the web", this would be successful. In this form, I highly doubt it.
spiderfarmer 6 hours ago 1 reply      
Cancelled already:


Google Contributor was a program run by Google that allowed users in the Google Network of content sites to view the websites without any advertisements that are administered, sorted, and maintained by Google.

The program started with prominent websites, like The Onion and Mashable among others, to test this service. After November 2015, the program opened up to any publisher who displayed ads on their websites through Google AdSense without requiring any sign-on from publishers.

Since November 2015, the program was available for everyone in the United States. Google Contributor stopped accepting new registrations after December 2016 in preparation for a new version launch in early 2017.[1] On January 17th, Google Contributor was shut down. As of January 17, 2017 8:40 AM no replacement had been announced.

Leynos 7 hours ago 6 replies      
This doesn't seem that useful to me as only a small number of sites (none of which I visit) support it.

Hypothetical question: If I were allowed to bid on my own ad impressions - and if I won an auction, no ad would be shown - how much would it cost a month for me to see no adverts? (I realize this is heavily dependent upon the type of sites that are involved, so I guess take the average HN user as an example).

chr4004 8 hours ago 2 replies      
Don't know, feels a bit like ransom when coming from Google, not the publisher.
nrjames 1 hour ago 0 replies      
Somebody should do this for mobile game advertising. A player buys a $5 card with allows them to skip ads in all participating mobile games until such time as the $ is depleted. If that card worked across lots of games, it would be a great convenience. Considering ARPDAU from ads for mobile games isn't often more than $0.01, it would be a win-win for gamers who hate ads and want to play free mobile games.
time4tea 8 hours ago 2 replies      
You can use pihole or pyhole to just block them for your home, then vpn from your phone. No more ads.

Then buy subscription to sites you like.

Dont give google a percentage of everything.

andy_ppp 7 hours ago 1 reply      
A little concerned, I'm bootstrapping my own version of what they have built, but with a clearer charging model and no need to block Ads IMO. If you care about blocking ads you are already doing it.

It'll be launching in literally a week or two... it's very simple to integrate and comes with it's own Wordpress plugin (and instructions to integrate your own CMS).

What advice do people have about this per article payment space; I have a load of ideas I want to try so maybe while Google concentrate on ads I'll be able to look at various optional payment models.

Initially I want to just charge a flat 5% + whatever Stripe fees you use to top up your wallet, but I'm concerned I'll get a lot of noise/scaling issues if I don't charge a monthly fee? Thoughts?

Fiahil 8 hours ago 4 replies      
I already have an ad removal pass, it's called uBlock origin.
waterflame 6 hours ago 0 replies      
Everyone is forgetting that Google can provide such tool because of Chrome (60% market share); they don't need to track you. They already are.Google it's tightening it's grip on the web. Yesterday the announced that they will apply the Better Ad Standard by 2018. They said they'll ban intrusive ads that block the user from the content, ads that play sound automatically, and flashy ads... Now "flashy" is so vague.
comm1 7 hours ago 0 replies      
One has to mention the Brave browser for comparison: https://brave.com/ -- similar concept but using Bitcoin. The accounting at https://brave.com/publishers.html looks like you as the reader can DECIDE whether you want to issue micropayments to a particular site or not, and publishers don't have to explicitly opt-in beforehand (thereby instantly including all of the web). A publisher won't be able to charge different prices, but a publisher with goodwill (hence users opting on their own to pay that publisher) will make money. This seems like a better execution.
omarforgotpwd 8 hours ago 1 reply      
Good idea, extremely poor execution. Nobody is going to want to use it if different sites are charging you different amounts per page. People want predictable bills.
ISL 2 hours ago 0 replies      
How is this better than the old Contributor?

I've always wanted a way to simply specify the minimum bid (by bidding myself) for my attention into the ad exchange. This peer-reviewed pricing seems like it adds lots of cognitive overhead for me?

xchaotic 3 hours ago 0 replies      
With 12 websites out of which I visited 1, once, I suspect another Google abandoned project in 18 months.
draw_down 7 minutes ago 0 replies      
Problem is you have to be logged in to use this, same problem as with Youtube red. As soon as you open something in an incognito window.... who are you??
chx 7 hours ago 2 replies      
justinjlynn 7 hours ago 1 reply      
Wow, how much does this have to do with their announcement to add ad blocking to Chrome (only for other networks ads, I'm sure)? How have they not attracted regulator action yet? You'd think the EU would be all over that kind of behaviour.
technological 2 hours ago 0 replies      
In simple terms , is this a moral way rather than using ad blocker ? Rather than using ad blocker I get this pass , where I won't be seeing ads and at same time feel I am letting publisher earn some money ?
awinter-py 2 hours ago 0 replies      
Almost. I would pay money to NOT be tracked everywhere by a big company. It's easy to misunderstand.

Thanks, as always, for understanding privacy big G.

ghostbunnies 8 hours ago 2 replies      
Hmmm - the service sounds a little bit like Flattr, the logo looks quite a bit like Flattr - now what?
nextlevelwizard 7 hours ago 1 reply      
I like how Google doesn't remove ads from it's own sites
ff_ 7 hours ago 1 reply      
How is this different from paying for an adblocker? There is lots of good free ones.

I pay publishers I like for their content (buying newspapers, subscriptions, etc) and I don't get why Google should be the middleman in this.

bikamonki 3 hours ago 1 reply      
Isn't this how the mob works? Pay us to protect you from us.
intoverflow2 6 hours ago 1 reply      
>a small portion is kept by Google to cover the cost of running the service

This is incredibly cheeky.

HXFIVE 6 hours ago 0 replies      
I like the technology and pricing model, but I don't think that it is being put to its best use. I think a better use would be for news sites that require a login to view articles. At present I usually just go without viewing many as I can't afford to sign up to 10 different sites where I might view a couple of articles each week. If I could make a one off payment per article then I'd be all over it.
ptr_void 1 hour ago 0 replies      
Google at it again to kill the web, now making commodization of web contents mainstream.

You WON'T BELIEVE YOUR EYE what GOOGLE will do NEXT! - $0.5

cyphar 6 hours ago 1 reply      
I really think a much better system would be for websites to adopt GNU Taler, and allow people to conduct micropayments using digital cash. The system is about as seamless as Flattr, except that the website can actually charge an amount rather than a fraction.

But, most importantly, Flattr guarantees the anonymity of consumers' transactions. So the big G won't have a log of what websites you paid to access.

ktta 8 hours ago 0 replies      
I feel like I'm going to remember visiting this website for years to come. Either because this is will be future, or this is one of the biggest bets Google has made and failed.
yellowsir 9 hours ago 2 replies      
the question is do i want to get tracked by google contributor or google ads?
geraltofrivia 8 hours ago 0 replies      
So, this is kinda like Blendle, but for the open web. I'm not too sure if this'll fly. Personally, there's a certain flinch, a certain decision before opening any article in Blendle as I evaluate if it's worth the price mentioned. I'm sure the same will manifest itself, perhaps in uglier forms if I set out to use Contributor. Do you guys think so?
skinnyTotonyo 2 hours ago 0 replies      
This is terrible. This is where Google is trying to control the web even more than they do already. If this sticks around, if this actually happens, then this will destroy what so many have worked to achieve.

Let's actually sit down and think about this. If this happened, there would be some big changes to the web. (Note- this is a quick response. I should write a real paper about this)

First of all, now that people would be paying for no ads, websites will overload their sites with ads, because Google will have the solution that "everyone is choosing anyway". It would make it "OK" to have tons of ads on your site, because there's a solution.

Then, your web experience becomes terrible. For a "small fee", you can keep a "nice" experience- one that used to, and always should, be free. However, if you don't give Google your money, then your web experience is going to be so filled with ads that content will take forever to load. And even if it does load, it'll take 30 minutes to read an article, because every 30 seconds you'll have your regular add popups. Then, you'll have the sidebar ads that follow you. Or the mobile ones that get in your way as you scroll. You won't be able to view content, because ads will have taken over even more than they already have.

Now, in this terrible future, what about those that can't afford Google's "small fee"? They'll be condemned to the ad version of the entire web- one that doesn't load properly, that people have started to discard. The true "web" will be the one where you pay to view. These people won't have access. And, if they aren't able to pay the small fee, then most likely they're accessing the internet from a slow connection. Maybe it's a library that can't afford the fee either. Or maybe it's in the home, and they can only afford small internet speeds and second hand computers. Not everyone has the money to buy a brand spanking new macbook /pro/air from Apple.

So now, 5 years down the road, there's two versions of the web. The one that Google controls and tracks 100% (oh yeah, we didn't even get to that yet), and the one that is so ruined with ads, that the people make a decision. A big one. Let's just get rid of the ad version of the web. You can't use it anyway, so there's no use. The only way to go- is to give your monthly payment to Google, so that you can access the web. Now, you gotta pay to view the web at all. The free web is gone. Google took it away.

There's also Google, sitting on their even exponential growth pile of money, tracking every web user. Sure, there may be other competing services that let you "into" the web, but they're also gunna track you. No doubt about that.

There's so much more that I haven't even said. How will websites determine how much a "view" is? What about requests that are half loaded? How will you know how much it costs to view a webpage? Not all web content is created equal. Definitely not.

There's so many more things. So many more.

We can't let this happen.

gabrielgoh 8 hours ago 2 replies      
im not sure this is a good idea (as a consumer) anything which injects extra buying decisions in my life seems like a bad idea. Imagine having to wonder if I really wanted to spend that 0.01 cents on the next page of popular mechanics or not. I'd rather pay more for say, unlimited monthly access
nottorp 4 hours ago 0 replies      
Is it me, or the pricing per page view isn't displayed anywhere in the overview?

Of course, if i click on the links to the actual enrolled sites i get 'this service is not available in your country' so it may be there.

JustSomeNobody 34 minutes ago 0 replies      
Google: Nice internet ya got there. It'd be terrible if something were to happen to it like, say, ads everywhere. But if you just give me a few dollars I'll protect ya from 'em.


>How it worksYou load your pass with $5. Each time you visit a page without ads, a per-page fee is deducted from your pass to pay the creators of the website, after a small portion is kept by Google to cover the cost of running the service. The price per page is set by the creator of the site. You will be informed in advance if a site creator changes their price per page. Contributor is easy to update: change settings and add sites or remove them from your pass at any time.

I love the sound of this, I just do not like the idea that it is Google doing it. It feels ... dirty somehow. A third party doing this I have no problem with.

jerianasmith 4 hours ago 0 replies      
Good content will always find it's audience. Readers are far more likely to come back, if the content is engaging enough.
JetSpiegel 8 hours ago 0 replies      
Remember when we were sold that ads payed for content so that could be free? Now you can pay extra to get ads anyway, the non Google networks don't care. The web is turning into cable, and it only took a few years.
sbergot 6 hours ago 0 replies      
"sorry, contributor is not available in your country" (france)
obeleh 4 hours ago 0 replies      
I've got a new productname for this: Google Paywall
mtgx 1 hour ago 1 reply      
It's U.S.-only? Are you kidding me? So this will actually restrict who can visit a website, as opposed to the ad-version?

Whoever came up with that bright idea?

themihai 4 hours ago 0 replies      
I guess you also need a google account...how does it work with "do not track"?
sdrothrock 8 hours ago 0 replies      
I wonder what kind of reaction site owners will have to this; I can think of a lot of smaller sites or forums that rely on Google ads + premium access with no ads for revenue.
a_imho 6 hours ago 0 replies      
I'm sure there will be people taking this seriously because it is Google, but they are getting a bit desperate.
peteretep 8 hours ago 0 replies      
I love the idea, but go to some lengths to try and stop Google sucking in my web history, and I don't think this will help.
stephen123 3 hours ago 0 replies      
Is this spotify premium for web pages ?
GabrielBerlin 4 hours ago 0 replies      
We also thought about this at Steady (www.steadyHQ.com). We built a system for recurring payments to independent creators and some of our publishers allow users to pay for not bugging them with their adblocker detectors. This generates additional turnover from users that normally do not get served any ads b/c they use adblockers, but I believe such an offering should encompass all ads, not just Google AdSense (why would you pay just to reduce the amount ofads), and it should include removing paywalls (e.g. at a higher price point, to monetize "superfans").
davb 7 hours ago 0 replies      
I'm not sure how much value I derive from ad-funded websites, besides maybe Google Search. There was a time most websites were free and run for the good of the community, not for profit and not as a full-time job. I could buy my high-quality content in the form of magazines and newspapers. Maybe that's the paradigm worth investigating - community generated, ad-free content on the web but paid-for, bundled (magazine-style) high quality content for sale. Delivered not through the browser but through some other, open platform (think zines, PDFs, epub/mobi).

For me, this is what an ideal web would look like. My ad-blocker would barely get a workout, and I'd happily pay for bundled (not pay-walled, bundled, downloadable) content as I did for many years with magazines.

No-one wants high quality content to disappear, but advertising and web paywalls are not the only options.

ctz 7 hours ago 1 reply      
So, does this work with YouTube and all the other google properties?
bunnymancer 1 hour ago 0 replies      
So it's Flattr but run by the same company that also serves ads..


tannerwj 7 hours ago 1 reply      
This comes just after the BAT ICO? Interesting
whyagaindavid 5 hours ago 0 replies      
Interesting choice of background image with a macbook air!
youdontknowtho 4 hours ago 0 replies      
Wow. I'm really (sounds strange saying this to myself) excited about this Google project.

I really hope this works out. As much as I dislike advertising...and Google...something has to happen. The "ad blocker" - "ad blocker blocker" arms race is patently stupid. There has to be a way to get money to content providers so they can opt out of the madness. Google will still be able to provide them with all the sweet sweet surveillance data that they thrive on.

One problem at a time, I guess.

Bitcoin mining companies face shutdown in southwest China people.cn
133 points by petethomas  13 hours ago   75 comments top 11
pmorici 12 hours ago 1 reply      
A little context for this. China cracked down on Bitcoin exchanges earlier this year and stopped all withdrawals of Bitcoin from exchanges. Reports just in the past few days are that they have finally re-enabled Bitcoin withdrawals at the major exchanges in China. Some mining operations are closely linked to exchanges so perhaps these shutdowns are related to the scrutiny of the exchanges.

Also shutting down one miner just makes the remaining miners more profitable in the long term. In the short term though ~1 week it has the effect of reducing the rate at which Bitcoins are generated until the difficulty re-target is reached.

chenster 11 hours ago 1 reply      
Uberphallus 1 hour ago 2 replies      
I'm surprised this comes out now, right in the middle of the noise about the UASF (User Activated Soft Fork) and Segregated Witness controversies.

The community is pushing to enable larger blocks among other functionalities that would cult down on the fees that miners (read: Chinese miners) collect.

Obviously the miners won't agree on that, but the network agreement depends on what the Bitcoin processing power decides, not on what the majority of the users do. At some point either the miners join, the users give up, or the chain forks in two (obviously with wildly different valuations).

I'm not familiar with People.cn, but my first reaction with the headline is that the piece of news has second intentions.

perlpimp 4 hours ago 0 replies      
ok heres my take on this, they do these random shut downs to keep miners on their toes. in some article it has been explained this is how china has implemented firewall policy. if they detect unknown traffic they constrict your flow gradually until you can't do anything. this might be one of those moves, not a clear restriction but rest of miners should be aware of impeding wave of problems caused by PRC oligarchs.
andy_ppp 12 hours ago 3 replies      
Won't the bitcoin miners just move to Vietnam or Thailand or Taiwan or Macau or some other place? It's not like these bitcoin miners have no money to relocate...
neom 10 hours ago 4 replies      
Is there anywhere to read about the probabilities of and implications of sweeping multinational policy around cryptocurrency/bitcoin? Also, could a country make it's own crypto currency somehow pegged to it's national currency? A lot of my friends are really deep in bitcoin now, I can't tell if I should worry or not.
known 3 hours ago 0 replies      
Bitcoin mining is a trap; Better late than never;
timwaagh 4 hours ago 3 replies      
i say it is about time government cracks down on this tax-avoidance ponzi scheme. bitcoin is a great achievement technically but it has only negative consequences for soceity at large.
_pmf_ 10 hours ago 0 replies      
Intervention from China will stabilize Bitcoin.
chenster 12 hours ago 2 replies      
> Mining Bitcoins is a global effort, so even if mining is banned somewhere, the total amount of Bitcoins does not change, and so the global price will not fluctuate, an industry insider said.

This is not true. Bitcoin price swings like crazy.

howscrewedami 13 hours ago 7 replies      
China banning bitcoin would have a huge negative impact on cryptocurrencies worldwide. But what if... that's exactly what the chinese government wants? What if this is all a scheme to short sell bitcoin?
Show HN: StockNerd A community for index fund investors stocknerd.com
59 points by snerdapp  3 hours ago   61 comments top 13
baccredited 2 hours ago 7 replies      
Warren Buffet tells his heirs to go 90% SP500 and 10% Bonds. So just buy VOO and BND, rebalance yearly and you are done.

OR do a 3 fund portfolio like: https://www.bogleheads.org/wiki/Three-fund_portfolio

OR buy a target retirement fund from Vanguard: https://investor.vanguard.com/search/?query=Vanguard%20targe...

OR fill out a risk profile on Wealthfront/Betterment and invest there.

Bottom line is pick an approach and don't ever touch a damn thing.

I believe this advice can fit on a single web page and doesn't need an app, a community or otherwise.

jonathanjaeger 2 hours ago 1 reply      
If this is about index funds specifically, that is definitely not clear. If anything I think this is NOT about index funds, but individual stocks. Index funds are basically set it and forget it, so why would I want to continuously use this app? Just buy some $SCHB, $SPY, $VTI, or whatever combo of index funds you want and that's it. Daytraders, swing traders, and people buying individual stocks would want to use an app on the regular.
Uroboric 1 hour ago 2 replies      
Something that's never made sense to me about stocks:

Unless you're extremely wealthy, any money you are able to save (outside of retirement money) is probably money you are going to want to use for something to improve your life in the semi-near future. Buying a house or car (or just a better one) for example.

With that assumption in place, under what circumstances does investing in index funds make any sense whatsoever? The entire market crashes on occasion due to herd mentality, and yet even given that level of risk index funds still take many years to appreciate in value significantly. It seems like an absolutely terrible place to put money that isn't specifically intended for retirement or something like a 529 plan.

bluesign 27 minutes ago 0 replies      
This looks more like a fantasy stock league, especially with leaderboard.

Also it is good to point out leaderboard means nothing, it is totally pointless.

This is like playing poker with infinite fantasy stack.

If you are good investor you will never be on this leaderboard :)

DrSayre 23 minutes ago 0 replies      
Anybody having issues trying to login using Twitter? It says "Creating Profile" and does nothing.
che_shirecat 2 hours ago 1 reply      
so... stocktwits? I don't see the value here. what would I possibly gain from following the portfolios of random shmucks who are more likely than not losing money?
swalsh 3 hours ago 1 reply      
I like the idea.... why should I trust you for financial advice? How are you licensed? How do I know you're not using my data for trading, How do I know you're not feeding me false data you've already traded on?
colinbartlett 1 hour ago 0 replies      
I'm sad to see there's no signup via email. I don't have Facebook or Twitter and, although I do have a Google account, I prefer not to use it to authenticate services.
snerdapp 3 hours ago 5 replies      
We made the app after having friends and family members get ripped off by financial advisors. The purpose of the app is to teach others about low fee index fund investing. Thanks!
homarp 3 hours ago 1 reply      
it's an app, not a community.
astannard 2 hours ago 1 reply      
I will check it out. I have been reading Tony Robbins - 'Master The Game' which talks about index funds as a better alternative to high fee managed funds. This sounds like it could be a good source of info for picking them
mvexel 2 hours ago 1 reply      
Fails when trying to create a profile. Nothing happens. Either after 1/2 second or a few seconds.
r3pl4y 2 hours ago 1 reply      
iOS only... Not useful to me
J one-page interpreter fragment (1992) jsoftware.com
57 points by Tomte  9 hours ago   17 comments top 4
stiff 5 hours ago 0 replies      
Once you get past the formatting and cryptic variable names it's actually a pretty straightforward program, have a look at one of the older threads if you are interested in understanding it:


klibertp 7 hours ago 4 replies      
I'd like to be awed and amazed, but the frightening thought of encountering such a thing in production and under tight deadline kind of doesn't let me :)

EDIT: I've edited the code a bit so that it doesn't look like PERL or J itself https://gist.github.com/piotrklibert/4d32c8cc6fcf20643a257a2...

messe 5 hours ago 1 reply      
That's actually about as readable as the full J interpreter source code.


eternalban 5 hours ago 0 replies      
/aside: Reminded me of "6 instances of SHA-3 and SHAKE" in 9 tweets:



Bleecker Streets Swerve from Luxe Shops to Vacant Stores nytimes.com
59 points by smacktoward  12 hours ago   57 comments top 10
bogomipz 46 minutes ago 1 reply      
From the article:

>"Indeed, over the past year, Mr. Sietsema, the senior critic at Eater NY, has watched with mild schadenfreude but greater alarm as his neighborhood has undergone yet another transformation from a famed retail corridor whose commercial rents and exclusivity rivaled Rodeo Drive in Beverly Hills, Calif"

I'm not fan of what happened to Bleecker Street but I find it amusing that an employee of Eater which promotes conspicuous consumption in the food arena(celebrity chefs, "where to eat now", etc) has "schadenfreude" for conspicuous consumption in the high-end retail fashion world. There's a slight bit of hypocrisy in that. Trendy restaurants and trendy fashion boutiques seem to come to neighborhoods in lockstep. Bridge and tunnel crowds usually come into the neighborhood to both shop and eat. The metamorphosis of Bleecker Street seemed to begin with Magnolia Bakery and cupcakes in the early 2000s as mentioned in the article. And Eater has certainly done its part over the years in promoting the cult of Magnolia Bakery including pieces by Mr. Sietsema himself.[1]

For some reason foodie culture seems to view its version of rampant consumerism as being a more noble pursuit.

Also see the following from Eater:




[1] https://ny.eater.com/2016/7/14/12189132/magnolia-and-me

deathhand 4 hours ago 4 replies      
What this truly shows is that landlords have too much money. They are able to sit on their non performing asset keeping prices inflated. Call me a socialist but I think this shows that the effective real estate tax rate is too low for some commercial properties.
somberi 5 hours ago 3 replies      
I own an apartment in the same few blocks that is featured in the article. And I have lived in NYC for many years (In fact I know the stores from 1990s that are written with forlorn). Yes that stretch of Bleecker had gone fancy and now empty. But there are stores around Bleecker that are from Bob Dylan days that still thrive. Mamoun's Falafel, Bleecker Street Pizza, Porto Rico Coffee etc. Even the newer food stalls are very affordable and you can get a meal for $8 (Turkiss, Thelawala, etc). Some of the leather shops from early 80s are still around. If someone from 1980s were teleported to today's Bleecker Street, they still have stores they used to go to. An d if I were to bet, they would acknowledge that Bleecker was in a state of flux even then. Old anchoring, but making way for the new, but largely still remaining "Bleecker".
mxuribe 2 hours ago 1 reply      
I recently took a staycation in NYC, and immediately saw what this article referenced.

Living so close to NYC all my life, growing up I'd often visit the Village; and Bleecker street was always on the list of destinations without hesitation. Admittedly, this was decades ago. But, when i visited the Village earlier this year, it was quite sad. Bleecker and other (normally more active) streets were so desolate, and their buzzy mixture of bohemia and eccentric stylishness was lacking. I felt like i was visiting a Disney-ified version of some way-past-its-prime neighborhood. Sometimes it feels like things have too much shine, and not enough real, earthy truth.

gorkemyurt 10 hours ago 2 replies      
San Francisco commercial corridors do not allow chain retailers as a measure to preserve neigboorhood character. As a side effect this somewhat keeps the rent down. One of the few examples where over regulating a market kind of works well..
L_Rahman 10 hours ago 1 reply      
New York has always been expensive, but retailers over indexing on physical locations both on Bleecker and uptown on Madison and Fifth Avenues took prices to truly unsustainable levels.

I'm looking forward to a cool off in the CRE space and a slightly smaller one in the residential space.

abandonliberty 9 hours ago 2 replies      
Some lucky landlords are likely trapped.

When the rent went up 6-10 fold, they could refinance and borrow against the new inflated equity to secure more investments. Renting out at a substantially lower value would negatively impact this financing.

It's a better deal for them to sit empty at a potential rent of 35K/mo than it is to lower the rent and have to repay/refinance loans.

isubkhankulov 10 hours ago 2 replies      
this phenonomen is not limited to bleecker st. CRE prices are pretty high right now, especially in most parts of manhattan.

landlords are happy to let leases expire, jack up the rent and look for the next 10 yr tenant. usually a 2-3 % annual escalation is added to the lease.

nstj 9 hours ago 3 replies      
Call it the Amazon effect - who wants to go to SOHO to buy clothes when you can do it online! :)

Edit: adding quote from the original article -

> At a time when shoppers are buying online and fashion brands across the industry are hurting, the challenging business environment makes it less interesting to do vanity locations,

Same phenomena seems to be happening to prime retail locations globally - take a drive down Oxford St in Sydney for example. Interested in what the solution is to clear the market on all this CRE, you can see a lot of startup/coworking spaces taking advantage of the vacancies in these initial stages.

minikites 5 hours ago 1 reply      
Some municipalities have enacted a "blight tax" as an incentive to keep property owners from letting their buildings physically decay, maybe something similar regarding vacant property could be enacted to discourage the "waiting game" described in the article?
Flipped Iceberg alexcornell.com
162 points by pif  6 hours ago   35 comments top 12
tgb 4 hours ago 4 replies      
Can I complain about popular iceberg imagery? Most of the depictions of icebergs (1) that show them underwater are completely fake and like the "dead butterfly" post here recently aren't even remotely plausible. They're always shown as tall and skinny, but that's ridiculous, they'd be unstable. I've read that the classic picture is actually composited from two above-water shots, one flipped upside down and blue tinted to look underwater. Some of the images in that Google search I link are ludicrously unrealistic.

(1) https://www.google.com/search?q=glacier+underwater

jermy 5 hours ago 1 reply      
Jkulsrln lagoon in southern Iceland is a fascinating place for this - large blocks of ice break from the glacier at the top end and slowly float towards the outlet of the lagoon to the sea.

Near the outlet the iceburgs catch on the bed of the lagoon and tumble as they melt. There's a glorious variety of colours as the ice as the freshly exposed dark glacier ice is exposed - like in the attached article - before the ice surface melts and it returns to a white colour.

mml 1 hour ago 0 replies      
I humbly submit this magnificent calving:


Mind boggling. A chunk of ice the size of Manhattan rolling over.

mipapage 5 hours ago 1 reply      
Something for scale in those images would have been nice. Perhaps the video does the size justice.
amelius 5 hours ago 0 replies      
A pity that the photos are of such low resolution.

Also, there is no reference, so you can't tell how big the structure really is.

big_spammer 4 hours ago 0 replies      
The flipped iceberg is beautiful to see. The Antarctic iceberg crack that developed a fork isn't.


bernardlunn 4 hours ago 1 reply      
Why did iceberg flip over? Is this related to warming?
rwmj 5 hours ago 4 replies      
A better link is: http://www.alexcornell.com/antarctica/ His background video is also worth a look: https://www.youtube.com/watch?v=srO3IWVmVus
notmarkus 4 hours ago 3 replies      
Their terrible popovers (namely the Dunkin Donuts one) break scrolling on the page and make viewing the content impossible. Well done.
imaginenore 4 hours ago 1 reply      

Why are we allowing pics now?

charlysisto 4 hours ago 0 replies      
Did that Iceberg rollover when it heard the news today ?
tylerjharden 2 hours ago 0 replies      
The underside of an iceberg is known as the "covfefe"
TLDR Stock Options tldroptions.io
730 points by ingve  21 hours ago   188 comments top 35
eries 20 hours ago 3 replies      
Our goal with building this was not to be comprehensive, but to give founders and employees a way to have a more productive conversation about options and what they are worth. Too many startup employees I meet don't properly value the options they have, and too many potential hires don't negotiate for the right things, and wind up disappointed.

We hope this will take a small step towards correcting this problem.

benmathes 20 minutes ago 0 replies      
Hi Eric, Tiho, Marcus, etc.

This is a fantastic start. Yes, angel.co/clear was complicated. I hope you have better luck driving adoption.

What you are charting at the top is the company exit value. But the UI controls enter info tied to the employee. You should chart the employee's exit value.

You should also put the "or not*" controls as totally optional toggles as an exploratory UI. I.e. the user can toggle "preference" and see what it does to their value.

temp246810 17 hours ago 1 reply      
Shit could always hit the fan though.

I joined Zenefits when everyone had dollar signs in their eyes. It felt like the roaring 20s (or at least the accounts I've heard of them).

How are they doing nowadays?

I always say don't compromise on salary for equity. Compromise for the experience, for an entrance into the field, because the chick at the counter was digging you, but not because of some payout you think you'll get in the future.

bumbledraven 19 hours ago 1 reply      
From a purely monetary and risk-based viewpoint, whether to join a start-up depends on how much money you already have.

Suppose you regard tldroptions.io's probability distributions and outcomes as correct, and the only thing you care about is maximizing the long-term rate of goal of your capital. Then the Kelly Criterion (https://en.wikipedia.org/wiki/Kelly_criterion , a.k.a. Fortune's Formula) says that you should try to maximize the geometric mean of your capital, which amounts to maximizing the expected logarithm of your capital.

To make this concrete, suppose you are choosing between two options:

- (Startup): Working at series C+ start-up for three years, where you receive 1% equity and $100k/yr salary, and have a 20% chance of getting ~$60 million in 3 years (according to tldroptions.io)

- (AmaGooFaceSoft): Working at AmaGooFaceSoft for three years, where you receive $300k/yr total comp (according to patio11)

For simplicity, I will ignore taxes and the time value of money. All monetary amounts below are in millions of dollars. If you have no money in the bank to start with, the geometric means of your alternatives after 3 years are:

- (Startup): exp(.2 log[60+0.3 ] + .8 log[0.3]) = $0.86 million

- (AmaGooFaceSoft) = $0.9 million

In this case, AmaGooFaceSoft is slightly better.

On the other hand, suppose you already have $1 million. After 3 years you will still have the $1 million, plus your salary and whatever money you get from your equity. Here the geometric means are:

- (Startup) exp(0.2 log[6+1+0.3] + .8 log[1 + 0.3]) = $2.8 million

- (AmaGooFaceSoft): 1+0.9 = $1.9 million

In this case, it's better to join the start-up.

The base salary matters a lot. If you have no money in the bank, but you get $150k year at the startup instead of $100k, then the geometric mean of the Startup option after 3 years is better than that of AmaGooFaceSoft:

- (Startup): exp(.2 log[60+0.45 ] + .8 log[0.45]) = $1.2 million

johnny99 20 hours ago 5 replies      
This is fantastically useful both as a side-of-the-barn estimator, and a teaching tool. Thanks!

Two things a lot of startup employees are unaware of that are worth highlighting: they actually have to buy their options, which eats into returns, and that if they leave the company they have a limited window (30 days, typically) in which to do so. In would behoove them to save/plan for this fact.

Midaber 19 hours ago 0 replies      
There's also another result: negative!

You could owe taxes on money you never saw. Under the AMT rules, if you exercise options at a discounted price, you have to consider the discount as "income". If several years later, when you're ready to sell and the stock is below what you paid for it, you'll still owe the taxes on your discounted price.

Ask your tax person for the details before engaging in any stock option purchase.

calcsam 18 hours ago 1 reply      
It's easy to point all the details that matter in valuing your stock options -- liquidity preferences, strike price, options vs RSUs. The genius stroke here is to focus on the two big details that matter (% ownership and exit value) and focused on that.

Caveat: this doesn't work in a "down exit" less than the previous round's value.

As @bethcodes says, this is not a calculator, because while these two numbers will get you within a factor of 2, knowing the details will help you get even closer.

(Disclosure: I built a calculator to help you do that: http://www.optionvalue.io/calculator/)

Yizahi 7 hours ago 0 replies      
This was linked on HN previously - "What I Wish I'd Known About Equity Before Joining A Unicorn"

tl;dr in one word: "Beware"


duderific 19 hours ago 6 replies      
I have a bunch of options in my company, but I don't know what the total number outstanding are, so I have no idea what percentage of the company I own.1) Is this a common scenario?2) Is there a way I can find out what the total number outstanding are?
gesman 19 hours ago 1 reply      
+ Most new sparkly eyed employees who sacrificed cash pay for options are blissfully unaware of preferred shared.

This could keep slider at $0.00 for a longer (further on the right side).

wtvanhest 19 hours ago 1 reply      
This is an area that YC has the oppotunity to step up and lead founders to be transparent but chooses not to. I wish i understood why.
peternicky 1 hour ago 0 replies      
Thank you to LTSE and everyone participating in this discussion. It is filled with GEMS of wisdom that a junior like myself is absorbing like a sponge.
godelski 18 hours ago 2 replies      
I find a more important question is "What percent should I ask for?"

The company I work for is about to get major investment and they are transitioning from an LLC. Only the 3 founders have equity currently. As engineers we have no idea how much to ask for. Because we have already been working without equity. How do we account for the years we've worked? Or that our salaries aren't that great right now.

dsr_ 20 hours ago 2 replies      
A QA engineer loads up a webpage and orders 0.1 percent of a company. Then 1%. Then back to 0.1%. Then clicks the down arrow -- ah, zero percent.

Then clicks the down arrow again. Negative numbers ensue.

True story, except I'm not usually a QA engineer.

capoDanger 20 hours ago 1 reply      
Nice app! I have to admit this made me chuckle:

> Instead of trying to get the right answer, we set out to build a tool that could get an answer.

I'm curious though, from where did you get the numbers about the likelihood of an exit? I thought it was pretty interesting that a Series C is statistically less likely to make you money than a Series A, according to this.

tlrobinson 18 hours ago 1 reply      
Are these numbers accurate for "% of companies will never exit"?

Seed 74%

Series A 65%

Series B 68%

Series C+ 71%

If so I'm a little surprised that seed and series C+ companies have approximately the same chances never exiting.

ndonnellan 20 hours ago 0 replies      
Needs an NPV field and equivalent effective average salary difference per year. :-)
orthoganol 19 hours ago 8 replies      
Yep, IMO unless you are a founder, if your company isn't one of the top companies of the decade your 4-6 years of pay-cut toil as an early employee will likely just not be worth it, at all.

The expected value of working at an early startup gets overestimated, by a lot. If you're optimizing your career, either make the most you can at an established company, or start a startup.

Or... work at an enlightened startup, that understands the state of affairs, and offers really generous lifestyle advantages - i.e. go work remotely for a couple months if you want, otherwise they are just exploiting misinformed young people and their founders likely have some ego issues.

anovikov 20 hours ago 3 replies      
Why probability of exit of series B company lower than series A? That sounds, at least, counterintuitive.
i_live_ther3 20 hours ago 4 replies      
Correct me if I'm wrong. But from what I tested you get $0 unless the IPO/sell is over $40M. No matter if Seed or Series C or how much of the company you own.
mericsson 20 hours ago 1 reply      
Links don't appear to be working to https://captable.io or https://angel.co/clear/how_much
chrisballinger 20 hours ago 2 replies      
Shouldn't a TLDR about stock options include critical information like 83(b) election, etc?
flavor8 17 hours ago 1 reply      
"This simulation doesn't estimate taxation at all."

Well, then it's misleading.

Between AMT, capital gains / income tax, there's potential for a huge chunk of what you might earn to be removed.

scosman 17 hours ago 2 replies      
Correct me if I'm wrong, but this seems to be assuming a seed round valuation of $40 million (it's returning $0 unless the exit is > $40m). That's absurd.

Edit: the assumption of 0.01% is also absurd.

A simplified calculator should include reasonable defaults. This is like a mortgage calculator called tldrCanYouAffordAHouse.com that assumes 25% interest rates and doesn't disclose that.

pcmaffey 12 hours ago 0 replies      
Fyi to the site developer: I highly recommend giving the links at the bottom of the page their own routes, as clicking on one makes it impossible to use the browser back button and return to the main page.
rebuilder 20 hours ago 0 replies      
So taking the numbers at face value, we should be able to calculate the max acceptable cost you should be willing to incur to get those stock options. If you get, e.g. a 20% chance at a payout of 500 000 USD, not allowing for interest you might earn if applicable, or opportunity cost, whatever you need to do to get the options should not be worth more than 100 000 usd.

Reality is probably a little fuzzier than that, though.

siliconc0w 18 hours ago 0 replies      
Maybe add a field for salary difference vs 'expected market rate' and compute the amount of money you'd be looking at over six years investing the difference in something like a vanguard fund.

As an example - say you traded around 60k a year in cash in return for higher equity. In six years you're looking at around half a mil which means with, say .2 in a Series A, you're looking at a pretty big exit (i.e 700M) before you even have a chance of breaking even. This is obviously a terrible choice (i.e care for 20 dollars or a chance at 20 dollars)

To make it 'worth it', from an 'expected value' POV you'd need to make 2-3 million on around a 3.5B exit which are, of course, exceedingly rare.

You also have to be careful about things like options windows on exit, tricky term sheets with liquidation preferences for preferred shares, etc.

I'm going through this process now and it's shocking how most people really have no idea how this stuff works. Even with recruiters/HR/CTOs/etc who deal with this stuff day to day.

jredburn 20 hours ago 2 replies      
Something feels off with the data here. 65% of Series A companies will never exit, but 71% of Series C+ companies will never exit?

Edit: Thought about this a little deeper and it is possible with a lot of companies exiting prior to the Series C, but suspect the data set of Series C+ companies may just be too small?

tsm 16 hours ago 2 replies      
I'll never forget when a startup tried to poach me to be Employee #2 or 3 and refused to even match my previous salary and suggested that I really wasn't taking their equity (.15%, I think?) seriously enough. I told them that if they had a billion dollar exit in five years it still wouldn't bring me up to what I wanted, and then they said, "Well, all the tech guys we talked to said $YOUR_COMPANY overpays by 20%. We also think that we're spending too much time talking about money here and are worried you have the wrong priorities".
otto_ortega 17 hours ago 1 reply      
It doesn't matter what percentage of a "seed company" I put, if it has a "low exit" (<$25M) I get $0... How is that possible?
tnt128 17 hours ago 0 replies      
Sorry if I missed something obvious, is the number averaged out per year or total over 6ish years? (nowhere mentioned on website or help link)
sjg007 15 hours ago 0 replies      
The answer is to start a startup. Before that, work at a startup. See if you like it. Specifically, work at a YC startup then apply to YC.
kmonsen 19 hours ago 1 reply      
Does this include dilution?
hvmonk 20 hours ago 0 replies      
hijinks 18 hours ago 0 replies      

Answer is $0

The Origin of Mass (2003) [pdf] mit.edu
58 points by lainon  10 hours ago   13 comments top 4
kqr 2 hours ago 0 replies      
> it derives m=E/c, not E=mc. Einstein was thinking about fundamental physics, not bombs.

Although I know the E=mc formulation makes more sense from an "E=(pc)+(mc)" point of view, the author had a kind of striking way to put their point. It's as if the war managed to intertwine itself in culture so strongly it twisted the perception of the entire general public on issues of fundamental physics!

amelius 6 hours ago 2 replies      
> Finally, the most basic feature of mass in classical mechanics is that it is conserved. For example, when you bring together two bodies, the total mass is justthe sum of the individual masses. This assumption is so deeply ingrained that it was not even explicitly formulated as a law. (Though I teach it as Newtons Zeroth Law.)

The author may wish to check [1] for historical reference.

[1] https://en.wikipedia.org/wiki/Conservation_of_mass

zentiggr 3 hours ago 0 replies      
That was a very understandable outline of the basic concepts... well written and almost convinces me that I could step off the end of the Theoretical Minimum math and into further QM.

Oh my.

lisper 9 hours ago 0 replies      
Should add [2003] to the title.
Poll Finds 70% of Bitcoin Users Prefer Segwit for Scaling coinjournal.net
18 points by imissmyjuno  47 minutes ago   3 comments top
out_of_protocol 30 minutes ago 1 reply      
Actually 30%, see https://coin.dance/blocks

And 40% for Bitcoin Unlimited (Emergent Consensus)

Hacker, Hack Thyself codinghorror.com
136 points by darwhy  7 hours ago   39 comments top 9
g_sch 4 hours ago 6 replies      
I saw a very interesting talk last year from someone who, as part of a company's security team, had set up a system that continually attacked the hashes of every employee's Active Directory passwords. If one was cracked, the employee would receive an automated email with a note containing the last few characters of their password and a suggestion to change it.

I recall they also spoke on some security aspects of the system's design, like how the cracked passwords never touched disk and had to be destroyed as soon as possible, etc.

I wish I could find a recording or a writeup on this somewhere, as I thought it was a pretty cool (and effective) approach.

mwcampbell 4 hours ago 0 replies      
I wonder if Jeff and his team know about Dropbox's password strength estimator: https://github.com/dropbox/zxcvbn
dzdt 3 hours ago 3 replies      
What this shows is that even with best practices passwords are a fairly weak security control. We need a standardised second factor id.

The FCC or corresponding body elsewhere should mandate that phone networks and phones support a secure messenging protocol which could guarantee that a message could be sent to a phone number and only be received by that device.

Password-only authentication is like locks on luggage, even with best practices.

orng 3 hours ago 0 replies      
Is my math failing me or wouldn't 8 digits result in 10^8 possibilities rather than 8^10?
dukedougal 5 hours ago 2 replies      
I built my latest application using Amazon Cognito for user management. My application and database don't ever know anything about the passwords. Amazon's problem.
Qub3d 3 hours ago 1 reply      
Suuuper nitpicky, but in the paragraph directly below Dark Helmet, Jeff calls his Graphics Card a 1080 GTX Ti. The GTX goes in front of 1080, since GTX is the general product line.
peterclary 3 hours ago 0 replies      
Encrypting the hashes in the database would make it safer. That way the password hashes can't be attacked in this way unless they can decrypt them first.
git_SHA 5 hours ago 1 reply      
Would it be a bad security practice to keep a database of the SHA hashes of maybe the 10 000 most common passwords then alert users who try to use them? Obviously you would do the comparison before applying your actual bcrypt/PBKDF2 function with salt.
peterwwillis 3 hours ago 1 reply      
I'm comfortable using passwords <20 characters distributed among a range of sites because I have a realistic view: if one gets compromised, not every account does, and most accounts are not critical. Some are luggage keys, some are Medeco.

But those are bad comparisons. A key and lock is an asynchronous single use authentication+authorization mechanism. Passwords are just the authentication part, so trying to replace these just requires we have a secure way to authenticate ourselves.

We have the benefit that we are using digital systems, so our authentication can be digital, too. We can also rely on multiple factors to improve how authentic this process is. Biometrics, digital files, access to other accounts and networks, offline code generators, and personal information all provide lots of authentication data and multiply the effort needed to defeat the system. By combining all these factors, we can create a new digital key that is far more difficult to defeat than old methods by themselves, and ultimately is more flexible because it can be made up of any of these things.

The problem mainly seems to be that we live in a world of different locks, and most locks don't accept this particular kind of digital key. We've hacked around this problem and made some attempts at more compatible solutions, but they really fall short of their true potential.

In the future, you should simply be able to use any system and know that it will authenticate you in a way that can't be copied or cracked. Today that just isn't the case. So for now, maybe we should move the goal posts. We can keep making our keys more unwieldy, but we can also get more guard dogs.

The guard dogs need to exist not only to protect the locks, but the keys, too. If you go to unlock a door, a thief can knock you out and steal your key. Each aspect of our digital access needs guard dogs. We can no longer accept insecure communication methods, nor insecure computing platforms, to exchange our authentication. I think the real challenge going forward is rethinking how we process data altogether.

On the Unhappiness of Software Developers arxiv.org
171 points by lainon  11 hours ago   94 comments top 11
ThomaszKrueger 2 hours ago 5 replies      
I achieved some level of happiness when I managed to go up the earnings ladder (move frequently, move fast) and stop behaving if it was my own business. It is someone else's business, and I am there to do what they ask me. Which may or may not match to what they need, but that's not for me to decide.

When things go wrong, you either move on or start fixing things, and that perpetuates your job (hopefully). If things take more time, it is their time. I come in at 8am, leave at 4pm. I don't take my laptop home. I don't work from home. I see their inefficiencies as opportunities for me to spend time on things like learning and experimenting.

But that's me. I get paid enough, I don't need or want to go up the "career ladder". Others may have loftier goals.

dvt 9 hours ago 11 replies      
For those just skimming, here are the top 10 reasons for software developer unhappiness, according to the paper:

 1. Being stuck in problem solving 2. Time pressure 3. Bad code quality and coding practice 4. Under-performing colleague 5. Feel inadequate with work 6. Mundane or repetitive task 7. Unexplained broken code 8. Bad decision making 9. Imposed limitation on development 10. Personal issues not work related
I've dealt with most of these, and I think they betray the mantra of the "modern" software engineer: push features fast. Code quality, adequate explanations, proper planning, and lenient time tables are an afterthought.

matt_s 3 hours ago 0 replies      
A couple things to combat some of these:

- When interviewing for a new role, interview the people you will work with and ask questions about the company. Interview them. Discovering during interviews that an employer or co-workers aren't a good match for you is the best place to figure that out.

- Realize and accept that most software doesn't need to be perfect. There is an acceptable level of quality and then after that it doesn't matter to the business. Sure its likely someone else's money but that contributes to unhappiness. When production bugs happen, tackle them like a professional and save the "I told you so's".

- Same can be said for large waterfall driven software processes. They tend (not all but many in my experience) to have a lot of feature bloat of things people want but never actually use. This could be borne out of politics or appeasing people, misrepresented requirements or the business changes faster than software delivery. Recognize if you work in a shop that does this and come to terms with it or suggest gathering metrics on usage of your system as part of your requirements process.

- A lot of the reasons stem from existing software and issues it has. You might think to steer clear of old code and work at a startup or greenfield project where everything is new. There is a certain satisfaction, maybe enlightenment is a closer word, when you figure out unexplained/broken software and fix it. Have you felt that? You'd be amazed what little fixes to do quality of life for the people using the software. "I am one with the code and the code is one with me".

Afforess 9 hours ago 2 replies      
At the risk of confirmation bias, this seems to back fairly common beliefs in developer communities... namely that developers are individually optimistic and problems are largely the fault of mismanagement or other externalities.

> software developers are a slightly happy population

> the vast majority of the causes of unhappiness are of external type. Since external causes may be easier to influencethan internal causes, and since influencing them will impact several developers rather than only one at a time, this suggests that there are plenty of opportunities to improve conditions for developers in practice.

Also noteworthy: this study skewed highly male (94% v 5%). This may be a source of uncertainty.

arximboldi 4 hours ago 0 replies      
I found the abstract extremely dystopian. Happiness reduced to a function of productivity and a checklist item for cost-efficient management processes. Oh boy... this made me unhappy.
shaydoc 8 hours ago 0 replies      
Mindfulness is something that should be practiced.It's perspective that helps me. After all nothing really matters that much at all....We are all just passing through.Maybe I got a little too Zen there... But hey keep busy being happy, move away from negative influences
dasmoth 7 hours ago 2 replies      
Interesting. And there was I thinking "problem solving" was what made this gig interesting!

I guess this puts the emphasis on talking about problems over hiding in a corner and working through them into some perspective. But personally, I find programming under circumstances where I don't get to "spin my wheels" from time to time pretty frustrating.

tetraodonpuffer 2 hours ago 0 replies      
I am surprised management issues are not making the list as a separate category (unless they are under (9)?) because things like your managers never having read the mythical man month, treating team members like replaceable cogs, or politics in general in my experience can be huge unhappiness generators...
ssijak 8 hours ago 2 replies      
The real question is why does the top 3 problems on the list appear?

1. Being stuck in problem solving2. Time pressure3. Bad code quality and coding practice

You won`t be stuck (often) in problem solving if you have good management and "no question is dumb" atmosphere in the team.You won`t have (often) time pressure if the project is managed correctly.You won`t have bad code quality if the management choose to pay for several very good devs/architects and did not impose constant time pressure. Etc, etc.

My number one reason to losing motivation on work (and subsequently quitting if that does not improve) is a lack of good leadership. I can sustain anything else (if it is not constant) if managers are true leaders. Sadly, they are in a very small minority from my experience so far :(

riazrizvi 8 hours ago 2 replies      
If the goal is to increase productivity by reducing unhappiness, then I think the so called 'causes' would be more correctly described as 'situations'. For example 'Bad code quality and coding', which is explained as a situation where a developer essentially has to clean up another's poor code, is described as a cause of unhappiness. But I like cleaning up other's shit code. The activity helps me feel good about myself in lots of ways. So I believe the way people handle these situations is the 'cause' of unhappiness. However people who do become unhappy in these situations tend to interpret them as causes, because they don't yet understand what the actual cause/solution to their process problem truly is.
anovikov 5 hours ago 1 reply      
That is a big win for freelancers vs staff developers. Because most of these (time pressure, bad quality, bad colleagues, poor decision making etc.) strongly correlates with better paid projects, and freelancers like money and work for it. So we are very rarely unhappy :)
U.S. now can ask travelers for Facebook, Twitter handles usatoday.com
16 points by sr2  2 hours ago   13 comments top 4
tritium 0 minutes ago 0 replies      
And travelers can now promptly regret Facebook's Real Name Policy.
mikeash 35 minutes ago 0 replies      
Headline is a bit misleading. This was possible before, it's just a bit more official now. "Visa applicants might have faced requests for their social media handles in the past, but the practice is now explicit...."
anotheryou 1 hour ago 3 replies      
More important: what happens when someone refuses to tell or claim not to have one?
xaviex 25 minutes ago 3 replies      
Do people who travel to other countries REALLY have the gall to post something threatening to the country they are traveling too?
SQRL Secure Quick Reliable Login grc.com
152 points by sr2  10 hours ago   95 comments top 20
cm2187 8 hours ago 1 reply      
I am unfortunately not bullish that this will pick up but there are strong arguments for this way to authenticate.

- you would typically store the private key on a disk-encrypted app-whitelisted iphone, so that the computer you are browsing with, whether yours or a public machine, is never involved in the authentication. Effectively this achieves 2FA. And you don't care if the machine you browse with is compromised.

- this does not rely on a third party, it is purely an authentication mechanism. So it removes the risk of that third party tracking you, selling or leaking your data.

- it should be fairly practical and easy to use, does not rely on installing anything on the machine you browse with

- the website you authenticate to can be hacked, it stores no useful information that can be used by another domain

I am not sure Gibson has the audience in the sillicon valley required for this to become mainstream. But the principle makes a lot of sense to me. Of course your are still exposed to the password protecting your private key being stolen, which gives the attacker access to everything, but this is no different from a password manager. Except that unlike a password manager, you do not need to enter that master password on the machine you are browsing with, which considerably reduces the risk.

nickik 6 hours ago 5 replies      
I think this is great, but its time has come and mostly passed in my opinion. The future belongs to FIDO UAF and U2F.

They are building a hole ecosystem with all kinds of capability and additional security that SQRL simply can not provide. Most important being anti-phishing protection. They are working on mechanism that would allow you to use the phone as a authenticator even when working on your desktop, this is part of the upcoming version of the standard.

They are already very popular and in a lot of hardware, they are working with w3c to standardize, part of the Web Authentication group.

Some people wrongly assume that UAF is only about but it could also be somebody entering a password or pin. The main attraction is that it allows for independent evolution of authenticaters without the server having to know or care (he can care if he likes). This will be a game changer.

eugene_pirogov 4 hours ago 5 replies      
This is actually implemented in the biggest bank of Ukraine, PrivatBank.

1. Open login page https://www.privat24.ua on the computer, you'll see a QR code,

2. Take your phone, open bank's official Privat24 app,

3. Within the app select "Scan QR code",

4. Upon scanning, the page on the computer is reloaded and you are presented with the dashboard.

Very convenient. I wish more services across the internet would provide the same means to log in (although, of course not every one service can afford having a dedicated mobile app).

nkkollaw 8 hours ago 1 reply      
This is awesome.

I just hope that people secure their phones. I recently got a new Android phone and it has no password and no encryption by default, so I assume most people leave it like that.

If you get access to my phone you can access 10+ years of pictures, email, bank account, and all the services I use.

Besides this, I love it. Can it be implemented in a website, already, or is it just an idea..?

rs232 5 hours ago 2 replies      
My bank has been using this for a few years now, and it quickly became my preferred method of logging in. Open the bank app, scan the code, punch in a PIN on the phone and the browser bank opens almost like magic. Very easy to set up for non techies as well.


midnitewarrior 57 minutes ago 0 replies      
This was posted about 4 years ago, and it was half baked and fully attacked by wherever I saw it posted.

I was quite annoyed by it because I had a similar idea that addressed some of this scheme's weaknesses that I was developing before this was released (half baked!), and the negative attention this brought wasn't going to create a warm welcome for my concept, so I dropped it.

chuckdries 6 hours ago 2 replies      
So it says SQRL is "stateless", but I'm still confused. You'd still use cookies or JWTs to implement sessions, right? How do I actually identify the client that I just authenticated? In other words, when the user clicks 'login,' what is actually sent to me, the nonce? Is the url in (this graphic)[https://www.grc.com/sqrl/sign-algo.png] the login page URL? If so, do I have to use an intermediary cookie to remember which client I sent a given URL to?
homakov 6 hours ago 0 replies      
Check this out - it actually has implementations - https://securelogin.pw/
tdeck 8 hours ago 1 reply      
Reminds me of a startup called clef. When I went to link to them, I found they're shutting down:


4e1a 7 hours ago 0 replies      
I have a backup of my SQRL keys for when this goes mainstream. I really like the idea, but am not hopeful it will become widely adopted.
falsedan 8 hours ago 3 replies      
Why does this need an app? Looks like it would work just as well with a browser extension reading the QR code.
Numberwang 4 hours ago 1 reply      
For those in Sweden(and maybe elsewhere), is this similar in any way to the method BankID uses?
sametmax 4 hours ago 1 reply      
But if somebody steals your unlocked phone the person can connect to your bank ?
jelv 8 hours ago 1 reply      
No more username, passwords and your are in control. Seems like a perfect protocol for login and authentication.

How will it work on mobile only world? Can this also work on iOS and Chrome OS?

ConfucianNardin 6 hours ago 1 reply      
Note: This was first published in 2013 (or maybe even earlier).

It hasn't gained traction since, so it seems unlikely it ever will.

chaz6 8 hours ago 1 reply      
Does this have the facility to choose an identity when logging in since you may have more than 1 account on a site?
shardullavekar 8 hours ago 1 reply      
Have a look at https://authme.io - we have both app and SDK for a push notification based authentication.

Do have a look at https://medium.com/@shardul.citrus/passwords-bad-ux-security...

P.s. I work for AuthMe.

HurrdurrHodor 6 hours ago 1 reply      
A more viable competitor: https://www.n-auth.com/
daveio 5 hours ago 2 replies      
This can be instantly disregarded because Steve Gibson is a charlatan. He's got a history of getting things wrong as loudly as possible in order to generate reputation. http://attrition.org/errata/charlatan/steve_gibson/
What if the Bitcoin bubble bursts? economist.com
43 points by antouank  2 hours ago   49 comments top 8
frgtpsswrdlame 1 hour ago 0 replies      
A bunch of people will learn a very good lesson on gambling. One thing I do enjoy about bitcoin is that it's complicated/technological enough that traditional media doesn't have good language to speak about it. With stocks, there's this huge vocabulary which is used to obscur the fact that most people have no clue why it's moving, they just throw out some jargon. Seeing that stripped bare for altcoins is really refreshing.
smitherfield 2 hours ago 2 replies      
But hasn't it at least 3 times already?
midnitewarrior 50 minutes ago 1 reply      
I've heard rumblings of this from some big players who are trying to sell some of their bitcoin, but network transactions are so backlogged that it's an illiquid market for them at the volumes they are looking to trade.

They are worried that they won't be able to move in time if the market drops because they are sitting on such huge sums. Any market panic is only going to compound the transaction volume problem, leading to greater panic like people experience when there's a bank run.

It's kind of a self-fulfilling prophecy until the block size / transaction volume issue is resolved, but the community's inability to address this problem could be the death of it.

IanDrake 2 hours ago 6 replies      
The article states that bitcoin transactions take hours. Is that true?
jlebrech 2 hours ago 0 replies      
when credible finance media start warning of a bubble, causes a bubble to burst. buy afterwards.
jlebrech 2 hours ago 5 replies      
invest when it does. it's gonna keep going up and down.
sgspace 2 hours ago 0 replies      
TLDR: "If there is such a thing as a healthy bubble, this is it. To be sure, regulators should watch out that cryptocurrencies do not become even more of a conduit for criminal activity, such as drug dealing. But they should think twice before coming down hard, particularly on ICOs. Being too spiky would not just prick a bubble, but also prevent a lot of the useful innovation that is likely to come about at the same time."
0x4f3759df 2 hours ago 5 replies      
Won't Bitcoin go to zero when quantum computers can break elliptic curve cryptography?
Python For Finance: Algorithmic Trading medium.com
38 points by pastefka  3 hours ago   4 comments top 2
SirLJ 39 minutes ago 1 reply      
It is a great article, but why on earth someone will use a service like Quantopian or similar service?

They are your competitor and who will prevent a disgruntle employee or a hacker to steel your successful trading strategy?

Just buy some data from eBay, you can get 20 years of historical stock market data for less than $100 and you can test any trading strategy or idea imaginable, including trend following, buy and hold ETFs, etc...

The barrier of entry is pretty low and you can develop a great lifestyle business with no customers, employees and investors around that...

ncyclopediae 33 minutes ago 0 replies      
Here's a dataset on Kaggle that can be used in this process https://www.kaggle.com/biomimic/periodic-table-of-elements-m...
The Swiss leaks and Panama papers open a window on the tax-dodgers world economist.com
274 points by JumpCrisscross  20 hours ago   209 comments top 16
leot 19 hours ago 1 reply      
Globalization of wealth is a result of treaties between sovereign nations.

But if so much wealth is hidden and not tied to each nation's fate, those with the most power and influence lose the connection to their compatriots.

This has led to the brittleness of the current international order. Since the fall of the USSR, national treaties no longer bottom out at the self-interest of each countries' residents. We are trusting a legal framework that has had its foundation severely degraded over the past 30 years.

ChuckMcM 20 hours ago 2 replies      
It is an interesting data point. If it is consistent then increasing tax compliance on the 1% would be sufficent to boost overall tax revenues by close to 4%. (caveat they just decide to become Canadians :-)
MarkMc 11 hours ago 3 replies      
Part of the problem is unbalanced incentives between tax inspectors and crooked accountants.

If an accountant helps a billionaire dodge taxes he can earn millions of dollars in fees. If a tax inspector exposes the scam he might get a salary bonus worth a few thousand dollars.

I would like to see tax inspectors get paid by commission. If the tax inspector exposes a scam and the government collects $50 million, the inspector gets $2 million. (And to avoid overzealous inspectors, if a tax audit finds no impropriety the inspector forfeits $20,000)

bpodgursky 11 hours ago 4 replies      
It's worth pointing out that the US model of taxation (US citizens pay taxes on income earned anywhere in the world), as much as people complain about it, completely negates the value in offshore income a la Panama papers.

Sure, until recently you could hide your income in Switzerland, but it was a clear crime -- there wasn't legal grey area.

And yes yes, there are other ways to try to avoid taxation (deductions etc) but this is a really big one that the US doesn't have to worry about.

atemerev 19 hours ago 3 replies      
Scandinavian countries have one of the most progressive (meaning, increasing with total assets) tax scales in the world.

Astrid Lindgren, who you might now as the author of Karlsson-on-the-Roof and Pippi Longstocking children books, once was unlucky enough that she had to pay 102% of her income in taxes (yes, paying more than she had earned this year). Things got better since then, but I would totally understand the desire to evade arbitrarily-imposed taxes.

Animats 19 hours ago 5 replies      
Get tough on crime! Put a few billionaires in prison and compliance will improve sharply.
Fifer82 8 hours ago 3 replies      
Why can't every payment being sent to someone, simply be digitally taxed?

Why do I get paid and automatically get taxed during this process, but a footballer doesn't?

It is bullshit

cgb223 14 hours ago 1 reply      
> Globalisation has disproportionately benefited the rich in part by rewarding capital more handsomely than labour

How would one define "Capital" in this case? What does this mean?

gadders 7 hours ago 0 replies      
In other news, Laffer Cuver still applies: https://en.wikipedia.org/wiki/Laffer_curve
vixen99 5 hours ago 0 replies      
This is about tax-evasion. While it's often difficult to disentangle the two activities, continually referring to tax dodging (or tax avoidance) is unhelpful and simply wrong. Every single sensible law-abiding taxpayer seeks to avoid and dodges taxes such that they arrange their affairs to minimize their tax bill. Revenue authorities work within the appropriate legal framework to maximize the tax they extract from individuals and organizations.
blazespin 15 hours ago 0 replies      
Demonetize, tax on consumption, provide rebates to the impoverished. so many problems will be solved. Consumption based economy will go away (destroying the planet, so that's good) and industry will focus on basic necessities that aren't taxed as much - food, shelter, clothing, medicine.
lacampbell 20 hours ago 2 replies      
People need to read this and get it through their head - progressive tax rates don't work because the truly wealthy can afford to hire accountants to avoid tax to a huge degree. It disproportionately effects the middle class.
9f7 18 hours ago 0 replies      
Ah the weekly net-contributors vs net-gainers. Time to fill TIL sack.
someSven 18 hours ago 0 replies      
Let's not forget that a lot of the tax fueled gouvernmental spending goes back to the middle and low income classes. And we are voting for it.
typednothing 20 hours ago 4 replies      
If paying taxes were part of morality, it would require to fix the tax rate once and for all. Otherwise, such moral rule would simply hand out a blank cheque to the ruling class, which could ask for whatever taxation amounts. No society could survive like that. Hence, as it stands, in the context of man-made law, taxes cannot be part of morality, and tax dodgers are not doing anything immoral.
oldandtired 11 hours ago 1 reply      
In the last 20 years or so, I have come across a couple of ideas that are not politically palatable.

The first was a universal transaction tax. Every transaction that passes through the banking system has an associated transaction tax rated at 1 cent per 100 dollars collected by the banks, remitted directly to the government and taken out of the transaction. All monies transferred out of a country would have the originating country collect and retain the tax.

The interesting aspect of this is that all funds that end up in the banking system, irrespective of legality of source would participate in the transaction tax. And based on the figures of over 20 years ago of only 1 in every 1000 dollars passing through the banking system was from legal enterprises, that's a lot of additional taxed wealth.

The other aspect of that discussion was that all other taxes, government charges (duties etc) would be dispensed with. It was unpalatable because it treated all as equal and various interest groups don't like that.

The second one was charging a flat tax (income) on every entity with the only allowable deduction being salaries and wages. This is based on gross income not net income. One aspect would be to force companies to run much more efficiently than they would otherwise do so. Again treating every entity equally would not be politically palatable.

Of course, there will those who would still try to game the system, them you cannot get rid of.

Convincing C programmers to switch to C++; A look at human behavior (2016) kareldonk.com
34 points by kareldonk  1 hour ago   40 comments top 20
_yosefk 40 minutes ago 3 replies      
A good example of human behavior in TFA as well as the talk it cites is how deeply convinced they are that C++ is objectively always better than C; they don't even try to suggest that there could be a tradeoff and sometimes C would be better. Of course the guy in the talk makes a living from C++ consulting; another part of human behavior is it's hard to convince someone of a truth which threatens their paycheck.

And I'm not here to argue how terrible C++ is (I've done enough of that elsewhere), but only that "behavioral" arguments cut both ways, and are usually little more than an ad hominem attack and/or some good old marketing tricks rebranded as "behavioral science."

thehardsphere 39 minutes ago 1 reply      
In a lengthy piece about rational arguments, you would expect somewhere in there someone would actually present a rational argument for switching beyond "it's modern."

I mean, maybe the actual details of the case for switching are slightly beyond the scope the author intended to write about, but simply starting with an assertion that "modern = better, therefore people should have already switched if they were rational" and treating that as self-evident strikes me as highly arrogant and logically fallacious.

loeg 29 minutes ago 0 replies      
> The C++ language is an improved version of the older C language (its a superset of C),

The first statement is arguable and the parenthetical statement is false. C99/C11 have language features that C++ hasn't adopted, which makes it somewhat obnoxious to support C++ from C codebases that use them. One example is the "static" keyword used in array parameters.

fusiongyro 36 minutes ago 1 reply      
If we were discussing two languages Strawberry and Kiwi, and I had a large, established codebase in Strawberry and a bunch of programmers who are experts in Strawberry, it would be a hard sell to get me to switch to Kiwi even if Kiwi were better than Strawberry in every conceivable way and backwards compatible with it to boot:

- Learning to use a new system effectively takes time and energy. Are you 100% sure that the benefit of the new system is great enough to offset these costs?

- Hybrid codebases have higher maintenance costs than homogeneous ones. If Kiwi mixes with Strawberry seamlessly, maybe that burden is lowerbut the more true that is, the harder it is to believe that moving to Kiwi confers a large advantage.

In this specific case, I could believe that C++ by seasoned C++ users leads to demonstrable net gains. But it's easier for me to believe that switching to Rust or Haskell would confer higher gains, corresponding to the higher risk and higher cost of switching. So I think it's not that people are irrational about avoiding C++. I think that C++ is in an awkward place on the hill between C and things better than C++. If you need something better, you will go to something with better tradeoffs than C++; if you don't need something better, you just live with your existing C codebase.

bumbledraven 43 minutes ago 4 replies      
In C++, "return (x);" isn't equivalent to "return x;" [0].

But according to OP, it's not C++ that's irrational, it's the programmers who don't want to use C++.

[0] https://twitter.com/sigfpe/status/857753251189411840

raverbashing 14 minutes ago 1 reply      
How to convince them:

- Show them how classes makes things easier (automatic object management, some operator overloading, etc)

- Show how the STL makes most things easier (arrays, maps, etc)

How not to convince them:

- Show uses of excessive/pathological inheritance

- Use of templating beyond the basics

- Insist they use C++ functions for every single thing

- Insist they OOify every interface in their code

- Creating giant classes (structs) with a getter and setter for every field with no control or validation

- Going crazy with operator overloading

strictfp 45 minutes ago 2 replies      
People aren't rational actors for a reason: Sometimes things are easy to argue for but aren't that great in practice. And so by following your heart instead of your head, you sometimes make seemingly illogical but objectively better decisions. And I think that there is a case to be made about how C++ is efficient in theory, while C is effective in practice.
bumbledraven 11 minutes ago 0 replies      
Scott Meyers points out that one of the simplest possible refactorings is "rename method". To rename f(), you need to know what f() is, and in C++, f() can be any of 7+ different things! [0] It's extremely complicated to determine which thing it is.

But according to TFA, people who prefer C are just being emotional and irrational.

[0] Scott Meyers. Things that Matter - DConf2017 [@27:51] (https://youtu.be/RT46MpK39rQ?t=27m51s)

sporkenfang 18 minutes ago 0 replies      
C++ offers too many options for how to do things. C is a nicely restrained subset. The end.
empath75 5 minutes ago 0 replies      
I've noticed that the best way to get programmers to use a different language is to build something they want to use in that language.

I could talk to my perl programming colleagues for days about the advantages of python over perl, but what got them to switch was boto, since we were moving to aws.

fredastaire 33 minutes ago 1 reply      
In the sense that OOP is often used in very stupid ways (dunno about C++ but in other languages, have a look at PHPUnit it is the best example of misunderstood OOP) I can understand C programmers. Golang is also very simple for a reason
coldtea 18 minutes ago 0 replies      
>* Based on research by Kahan et. al., Saks mentions that otherwise intelligent people will likely misunderstand data if understanding it challenges their preexisting beliefs.*

While this happens, it's also an empty argument that can be applied to everything.

How about the author there misunderstands his own data on C++ because it challenges his preexisting beliefs (that C++ is "de facto" better)?

It goes downhill from there fast, to argue that those pesky people who dare to not want to use C++ are irattional, conditioned from childhood, etc (those willing to use C++ are not, because of course C++ is the only reasonable choice a programmer can ever make between C and C++).

>In fact, Saks found that quite often logic, facts and the truth were simply not sufficient enough to convince people. Instead, people reacted in a very irrational and emotional way, and kept sticking to and defending their beliefs. Peoples basic reaction was show me all the data you want, C++ is still undesirable.

The problem in the paper is that some BS arguments and numerical data in favor of C++ (which I'm assuming they have -- they fail to mention any of them in this article) are conflated for "THE truth".

Sorry, author, but you are not showing people "THE reality", you're showing them some arguments and some numbers.

The programmers you are talking to (those that have tried both C and C++) are the ones that have actual empirical experience from actual reality on what C++ gets them -- and whether its worth the tradeoffs they've seen.

For one, there's an ergonomic factor in language and API design (it's usability) which can be highly subjective -- and syntax/api usability is one of the big reasons people dislike C++. This issue cannot be shot down with any "objective" argument or numbers table....

deorder 27 minutes ago 0 replies      
If youre arguing, youre losing.. That is a quick way to stop any discussion. The reason I am not using C++ is because C already does everything I need:

- Easier to write code generators for: I use libclang to read in annotations that will generate new code according to where the annotations are being used. If I have to take care of every edge case and new features added to the latest C++ standard it would make the code generator more complex.

- Using plain old data structures: My code generator generates new code to be able to work with the plain old data structures which data can be interleaved or non-interleaved using data-oriented design. Classes will not add that much value.

- C compilers are easier to write: I integrated the tiny C compiler inside my program to be able to compile C code on demand. The C code can then use the code I've already written.

- No name mangling by default: I dynamically load a lot of plugins and do not want to bother with binary incompatibilities all the time (if compiled by different compilers like the tiny C compiler for ex.).

- I mostly use libraries written in C

- Low-level access

If I need concepts or meta-programming etc.I can already use Nim or write my own code generator,else I would rather choose something different than C++.

Update: added some explanations

iRobbery 16 minutes ago 0 replies      
At a cultural level, when you have to convince somebody of something, isnt that generally a bad approach if you want somebody to change their view?

Though, Keeping thIngs Simply Stupid, is really the only lesson one has to know/learn. When C++ has a specific function go with C++, when C is sufficient use C. If a bash script is sufficient use that.

If people could just show why something is cool in what situation, instead of why something should be used over something else. And this includes guides 'how to switch desktop OS' too.

coding123 12 minutes ago 0 replies      
Perhaps we need an article called "Convincing people to stop using C++ already."
faragon 46 minutes ago 1 reply      
yehohanan7 22 minutes ago 0 replies      
This reminds me of Godel's proof - A formal system (axiomatic system) cannot be complete and consistent at the same time!

Each side of the argument have their own set of premises/axioms to come to certain conclusions but there are always unknown truths which people tend to ignore. if there are no unknown truths then the argument should be contradictory

lloydjatkinson 16 minutes ago 1 reply      
I like to think of C# as what C++ should have been.
kensai 41 minutes ago 1 reply      
But in the table I see, pair-compared, C is faster than C++. Am I interpreting this wrong?
microcolonel 11 minutes ago 0 replies      
> In fact, Saks found that quite often logic, facts and the truth were simply not sufficient enough to convince people. Instead, people reacted in a very irrational and emotional way, and kept sticking to and defending their beliefs.

You start criticizing people for not believing you when you have one example comparing two different programs implementing an unspecified task on an unspecified compiler. This is ridiculous.

I mean, for crying out loud, your headlining video is a talk by a person who admits that he hasn't done the thing he's trying to convince people to do.

He says things like this:

"You don't want to wait for the market to take care of this, you would like to take some proactive steps to be able to make more of the people who should be using C++ willing to use it."

in the context of aerospace, which clearly he has no authority to speak on, since he misses one of the fundamental reasons why C++ is not popular or even acceptable in much of aerospace: implicit allocation. Implicit allocation is incredibly dangerous for high assurance systems. You really need to know exactly how much memory can be allocated, when, and what state the exact allocations will put the allocator in. C++ has some facilities to manage this, but man, it is easy to drop a plane from the sky by assuming that your allocation did what you wanted instead of verifying it.

       cached 2 June 2017 16:02:02 GMT