hacker news with inline top comments    .. more ..    12 Jun 2017 News
home   ask   best   2 years ago   
Inkscape Moves to GitLab inkscape.org
213 points by dabber  7 hours ago   81 comments top 8
lucideer 5 hours ago 6 replies      
I used to use Inkscape constantly on Windows & Linux, and really like it. I found the UI intuitive and it did absolutely everything I asked of it.

Which is why the XQuartz/&c. user experience on macOS really really surprised me. It's absolutely unusable. Inkscape for macOS basically may was well not exist as far as my experience with it goes.

Are there other comparable GTK+ apps that work well under macOS or is this a common story?

luord 3 hours ago 1 reply      
Every time a project moves to GitLab or GitHub it is great news; I find them much easier to contribute to. It's specially goo news when it's gitlab, it's just an all-around awesome service.
benwilber0 6 hours ago 4 replies      
> During the decision about which platform would host our git repositories, we discounted staying on Launchpad itself as its git support was very weak compared to other platforms and the project doesn't appear to be actively developed.

How in the heck did Canonical squander such an incredible opportunity to be the de facto standard for Ubuntu/FOSS code hosting by letting Launchpad stale so badly?

They freaking built it into their distribution of apt with PPA shortcuts, etc.


mintplant 6 hours ago 1 reply      
I can't find a link to their GitLab instance/repositories. Where is it?
codebam 4 hours ago 0 replies      
I really hope other FOSS projects take the same initiative
riffic 5 hours ago 1 reply      
Self-hosted GitLab, or gitlab.com? Would a link in the article to the repo be too hard?
rishidevkota 5 hours ago 0 replies      
na85 6 hours ago 13 replies      
I really want to learn to use inkscape well, but just can't grok the interface. It's a sad symptom shared by many open-source projects.

They seem to want to differentiate themselves as (e.g. "not photoshop" in gimp's case) but seem to equate that with "ignoring good ui/ux design".

Hackers Are Hijacking Phone Numbers and Breaking into Email, Bank Accounts forbes.com
395 points by CarolineW  12 hours ago   189 comments top 46
TaylorSwift 8 hours ago 4 replies      
This happened to me.

1. I believe it began with the hacker getting DOB/SSN.2. Called wireless provider, and hacker forward all calls and texts to a burn phone. Eventually, the hacker ported my wireless phone to another provider/number (not sure which), and the phone registered to my provider did not work anymore. The landline phone was also forwarding calls to another number.*3. Hacker gained access to email (as that email was also within the telco's site). At the beginning, the hacker did not reset the password. After I changed the email's password, hacker was still gaining access to our emails and he/she eventually reset the email blocking my access. (reason was all the text and calls was forwarding to his/her burn phone so he/she can reset the pass anytime)5. Requested 2FA from bank.6. Gained access to bank account.

This was over a course of 3 months. It was a nightmare to resolve and paranoia still remained. The hacker later on went opening several bank accounts. Fortunately, this was discovered early. The entire situation was communicated to the FBI, local police, and bank institutions, but I do not think anyone cared.

*I saw two numbers that were being used within my wireless account site to forward the calls.

49531 8 hours ago 3 replies      
A few months ago I took 3 of my 4 kids to a birthday party at a minigolf course. I played some holes with my youngest I had taken with me, and then left the two older ones at the birthday party with the understanding that their mother would pick them up (as we had discussed earlier)

After leaving the party with my youngest, I went to the grocery store, and then on home. When I got home my wife was gone, which I expected since she was picking up the older kids from the party.

Throughout this afternoon I had not been checking my phone in an attempt to be a bit less connected on the weekends.

About half an hour later my wife comes home totally freaked out and frazzled.

Apparently after I had left, someone went into a T-Mobile store and somehow convinced the associate that my number was theirs. I had received a couple of texts from T-Mobile with a pin number where the store associate had attempted to do something, but I was not aware of them until later.

Once this person had my number, they called my bank, reset my online password, and transferred all of our money from various accounts into one of my checking accounts. The bank then put a hold on everything (thank god).

My wife happened to have been paying bills online while this was happening, and saw it all go down. Her first thought was to call me, then when I didn't answer to call the mom throwing the birthday party.

Birthday party mom told my wife I had left, so my wife assumed that myself and our 3 year old were being mugged or something. The police were involved and she spent a good amount of time freaking out trying to find me.

All in all I had a pretty good afternoon :P

For real tho, it was a freaking mess. Took weeks to get our accounts safe, and we try to avoid using phone numbers for 2fa now.

ghouse 9 hours ago 0 replies      
While SMS for 2fa is _a_ problem, it's not _this_ problem. Using SMS for _account recovery_ circumvents 2fa and circumvents strong passwords.
pascalxus 4 hours ago 1 reply      
So, I've read the article a couple of times, It's pretty long. For those of you looking to get the most bang for your buck, I think the following advice is Golden:

1. Do NOT secure your sensitive accounts (facebook, primary email, bank accounts, twitter, etc) with your telco phone #. Telco Phone number is NOT secure!

"Create a brand new Gmail email account. Do not connect it to any of your existing email accounts. (When signing up for a new Gmail, you dont need to enter a phone number or current email, although there are fields for you to do so. Leave them blank.) Once youve created the new island-unto-itself email address, create a new Google Voice number." Use this Google Voice # to secure your primary accounts, and don't have your telco # listed in any of those accounts.

But, make sure your New Gmail account is super secure, with a security key, as mentioned in the article.

2. Check the password recovery methods for all your sensitive accounts and make sure the answers aren't duplicated from any other site. Actually, it's best to remove them, if you can.

If any security experts want to chime in, please do.

noobermin 10 hours ago 5 replies      
NIST has already been discouraging the use of SMS for 2fa[0], but that apparently won't stop the subset of incompetent IPSec consultants who still recomment SMS based 2fa.

[0] www.slate.com/blogs/future_tense/2016/07/26/nist_proposes_moving_away_from_sms_based_two_factor_authentication.html

devuo 7 hours ago 2 replies      
Last year when I upgraded my phone I was amused but mostly horrified by how easily one could get a SIM card for my own phone number with less than a modicum of information on me.

As I required to upgrade my Micro SIM to a Nano SIM, I went to one of my provider's shops and asked for a Nano SIM for phone number X. I was then asked to verbally confirm my name and address and that's it. No ID card confirmation, no nothing. "Here you go sir, your new SIM card will be active within a few minutes. Can I help you with anything else?". What. the.

Keverw 5 hours ago 1 reply      
It's insane how much easier it is to transfer a phone number than a domain name.

I also find it odd Facebook, and other sites will let you signup solely with a phone number. There's prepaid cell phone providers that recycle phone numbers, etc. Just seems so stupid to rely on a phone number for authentication alone, but two factor I'm okay with since you still need to know the password. Twitter has a developer product where you can be texted a code to login using only a phone number, which to me just seems wrong to do.

It'd be nice if trying to port a number, change important info, etc if they had to actually call you or text you first to confirm. But one of the problems is people will lose their phones, and need a new sim or phone... That I think I'd have a requirement to actually visit the store - but that doesn't work to well with prepaid phone providers without physical stores selling via other stores like Walmart, Target, etc. Maybe in that case without nearby stores, partner with your retailers to verify ID or fax a ID in.

dheera 8 hours ago 2 replies      
I wish we could kill phone numbers once and for all. It's insecure, device-dependent, carrier-dependent, country-dependent, subject to snooping and censorship, and all of these are recipes for disaster as an authentication scheme, especially in the event that a device gets stolen. Phone calls and text messages should emphatically NEVER be used to verify anything.

Conversation with one of my banks the other day:

Them: Can we please verify a code sent to your phone number?

Me: Umm, sure, although that won't verify anything. Use something else to verify that it's me.

Them: Can you please verify your phone number?

Me: Umm, I don't know what phone number I used with you? Try XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, and XXX-XXX-XXXX? They all belong to me depending on where I am.

Them: Can we use XXX-XXX-XXXX? Do you have this phone with you right now so we can we send a text message with a verification code?

Me: Send your insecure SMS to any of my numbers. They all go to my e-mail inbox. [I don't need to have my "phone" with me -- my "phones" are virtual.]

ww520 2 hours ago 0 replies      
5 or 6 years ago, my phone number got ported by someone else without my knowing. My phone suddenly didn't work anymore. I called into AT&T right the way to ask what's going on and they said someone has "took over billing" from my account and AT&T transferred the number over. WTF? I was adamant to get the number back since that's the number I give it out to people. They won't bungle saying it's out of their hand. Finally they said they could place the number into the free pool for re-allocation which would freeze it for 3 months before it could be used again. I was concerned it could be used as a vector against my bank accounts. It was a nightmare.
godzillabrennus 10 hours ago 3 replies      
I owned a hosted PBX company from 2007-2011 and was amazed with how antiquated the port request system truly is.

The problem is that the phone company owns your phone number and you just get access as part of a service. Unlike a domain name where you own it.

If we change the law we'd bring more accountability.

kraig911 3 hours ago 0 replies      
Security while we all say is super important will never be important until people doing the customer service actually care. When my identity was stolen 20 years ago it was a nightmare involving writing letters to a postbox and getting form letters in return... doing to the police, the banks, and the utilities and being treated like an idiot because I filled out a rental application that someone used to get credit cards is a nightmare that still follows me to this day. It's as if all forms of customer service needs to go through a third party.
tbrock 2 hours ago 2 replies      
Great. Now that we've succeeded in compiling a list of personal sad stories to one up one another, why not not discuss how we could encourage the banks / phone companies to make this situation impossible.

1) Ban SMS as a second factor for high risk targets like banks.

2) Telecom companies should require social security number or uniquely identifying information to provide account access.

3) ???

awinter-py 9 hours ago 5 replies      
Not answering security questions truthfully is tricky.

Yes, it's a problem that security questions turn hacking into a simple public records search.

BUT most terms of service have a line like 'you warrant that you've been entirely truthful with us' or something. If you give the wrong security question to your bank, they potentially have grounds to freeze your money or screw you later.

Why isn't the answer 'consumers have the power -- punish services that don't support FIDO by not using them'.

At best this article is saying 'don't connect anything to anything'.

willow9886 9 hours ago 1 reply      
This recently happened to a friend of mine. It was devastating. As mentioned, U2F is very scarcely supported today.

The best way he came up with to secure services that insist on using SMS for 2FA (or credential reset) was to register the number of a pre-paid phone for those services.

Inconvenient? YES. But a pre-paid phone number can not be ported by a negligent (or willfully criminal!) operator.

flurdy 7 hours ago 4 replies      
So 2FA reset via SMS is bad, which I agree but what are the alternatives to prevent a meltdown when your 2FA device dies?

I have had two phones die on me that was my 2FA device, plus OS upgrades, so I have gone through resetting 10-20 2FA accounts a few times. Though with upgrades usually I foresaw that and downgraded my 2FA before hand.

All I wish for was that resetting 2FA would be a very very slow step by step process and spammingly broadcasted to all emails, sms, postal etc associated with the account. But I know for cost cutting customer services departments that wont happen.

fabian2k 10 hours ago 7 replies      
What settings exactly do I have to change to get GMail to never unlock my account by SMS alone?

I have enabled proper 2FA on my Google account with U2F, but I haven't disabled everything else yet because I only have one token, and I still need something like TOTP for stuff that uses Google accounts, but doesn't support U2F.

As a closely related remark, I wish U2F would just get popular enough, it's pretty convenient, isn't vulnerable against the kind of attack SMS-based 2FA is, and protects against phishing. But almost nobody outside Google supports it, and OS/Application support is rather incomplete or requires additional setup.

mathrawka 5 hours ago 1 reply      
I highly suggest having at least 2 phone numbers, one that is your main number that you use and give out. The others are kept private and never for calls or texts, but only for 2FA.
occamrazor 9 hours ago 2 replies      
Would this attack be neutralized by a mandatory waiting period of a few weeks for number porting?I recently ported my number to another operator (in a European country), I had to wait for a month and received at least two warning SMS.
drdaeman 8 hours ago 2 replies      
2FA (including U2F and whatever else) has one big problem that this article fails to mention. And when 2FA is suggested, this really should be said explicitly.

Users aren't warned enough about the fact that everything fails, and they will have to go through 2FA deactivation/account recovery process sooner or later. They must be really reminded to DO BACK UP the recovery code(s). With "back up" as in "keep not just somewhere, but where you can actually find it, when you'll need it". (But not in your password manager)

This is true for SMS 2FA as well, but completely losing the number (as long as one's a paying customer) must be significantly less common than losing a device.

zkms 7 hours ago 0 replies      
Years ago, when SMS 2FA first became a thing, I remember people familiar with telecom stuff pointing out SS7 vulnerabilities and porting/SIM takeover issues. People shouted them down and claimed that they were being too paranoid and exaggerating the risk, or that most people aren't attractive-enough targets for someone to dedicate so much effort for hacking their accounts (and that SMS 2FA was thus good enough for most people).
santzeshn 1 hour ago 0 replies      
A few months back I lost my phone, so I went to my operator with passport to get new sim with my old number (in Thailand) . She said the sim isn't actually in my name but my ex-girlfriend's, and I told I remember I took the sim with her id as I didn't carry my passport with me, so I guess there's nothing I can do.

She just replied well we could change the sim to your name, didn't even check with the original owner and 5 minutes later I was on my way with new sim.

dhruvrrp 3 hours ago 0 replies      
A couple of years ago i got a new phone which used mini sim instead of the micro sim that my older phone used. So i went to an AT&T store to get it and the rep asks for my name and my phone number and 5 minutes later comes back with a new sim saying it'll activate my noon the next day.

There was no authentication at all. Literally anyone could have walked in gave my name and phone no and would have gained access to my phone. I stopped using my phone for 2FA since then.

EZ-E 3 hours ago 2 replies      
This kind of attacks could lead to total disasters in China where the standard is to login and register solely on a phone number using a confirmation text.

In China your phone number is pretty much as valuable as all your password combined, all services are solely linked to it.

Even though phone companies ask for id before issuing a SIM card, I'm pretty sure a tiny bribe is enough to get past most store clerks

e79 7 hours ago 1 reply      
You should also make sure providers like Google don't fall back to less secure account recovery methods. I blogged about this here, after I realized that I was still vulnerable even while using real 2FA:


ganwar 3 hours ago 0 replies      
This sort of attacks have been happening for over 5 months in crypto.

Kraken published a highly useful blog post on it. Do give it a read.http://blog.kraken.com/post/153209105847/security-advisory-m...

buyx 3 hours ago 0 replies      
These attacks have been going on for at least a decade in South Africa. The fact that it's still going on, and if the coverage is to be believed, spreading globally, is a pretty shocking indictment of the industry.

I wonder what other scams are being incubated in lesser-known parts of the world, that are waiting to be unleashed.

cloudkj 6 hours ago 0 replies      
Does this hack work on Google accounts? I just tried the "forgot password" feature there and as far as I can tell there's no way to actually complete a password reset with only a compromised phone number.
chrisper 7 hours ago 2 replies      
The issue I have with 2FA without sms is that I need to also take care of recovery codes. Basically, it's like erasing all the benefits of going digital, since now I have to store (and take care of) paper copies of recovery codes.

If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready. If I were to use my phone number, I kind of don't need that since I just get a new sim and a new phone. But at the same time that is not safe now.

So what is the solution here? I liked the idea of something like DUO but not enough places use it.

legohead 7 hours ago 2 replies      
I read a blog where someone got hacked through a simcard clone, and they went into the details of how easy it was to do. This prompted me to enable 2fa on everything I could, but the funny thing is, a lot of the backup options for 2fa is -- you guessed it -- your cell phone number. Some of them don't even allow you not to use your cell phone as a backup. I think Github and Slack are like this, but I may be wrong, it has been a while since I turned them on.
seanieb 5 hours ago 0 replies      
Has anyone tried suing a Telco that's given away access to their phone account?
galfarragem 3 hours ago 0 replies      
Resuming: what's the simplest solution to at least reduce risk? Is it to get a second phone number just for banking?
theprop 3 hours ago 0 replies      
Wow! What's the easiest way to stop this kind of attack? Stop all two-factor authentication?
itslennysfault 7 hours ago 0 replies      
I'm SHOCKED this wasn't a thing earlier. Spoofing a phone number is insanely easy. When I was in High School we figured out how to do it and used to prank call people from other peoples numbers. Eventually, we realized that if you call someone's cell from their own number it takes you directly into the voicemail admin menu. Fun times.
addcn 4 hours ago 1 reply      
Wouldn't the easiest solution be to use a landline and use the call options for 2f? Physical access to my home is root access
avenoir 5 hours ago 0 replies      
What is a good way to make these attacks more difficult? Would something like Yubikey work if it had more adoption?
sna1l 7 hours ago 1 reply      
Does anyone know if Project Fi provides any extra layers of security? I haven't seen anything
adventured 1 hour ago 0 replies      
Anyone here happen to know how hard it is to steal a Twilio number as compared to a number issued by eg T-Mobile or Verizon? Is the only way to do so, by accessing the Twilio account that controls the number (whether directly or by API)?
microwavecamera 8 hours ago 0 replies      
With helpful picture of a "hacker" so you can recognize one.
exratione 10 hours ago 0 replies      
Many phone companies will allow you to (a) add an annotation to your account to declare the number you are using should never be ported to another company, and (b) add a password to the account that you will have to provide to customer service representatives when making changes. This helps to minimize the chance that an attacker can use social engineering to redirect your number to a system under his or her control. If these are not options for your phone company, find a better phone company.

Even given that, since it relies upon human choice and behavior, and does nothing versus attackers with assets within the phone company, it seems a bad idea to have 2FA via SMS.

simooooo 10 hours ago 2 replies      
This has been the vector for Twitter hacks for many years.

Get the 2nd factor

rxdemon 7 hours ago 0 replies      
Old article ?
rxdemon 7 hours ago 0 replies      
isn't it old article ?
mtgx 8 hours ago 1 reply      
Remember this the next time you may tend to agree with governments' push for backdoors. If they get their way even Google Authenticator won't be safe, just as SMS isn't anymore for 2FA, all because the surveillance agencies preferred to keep the SS7 vulnerability and others like it so they can exploit it (outside of the "rule of law", as otherwise they wouldn't need it).
KGIII 5 hours ago 0 replies      
lerie 11 hours ago 4 replies      
droithomme 10 hours ago 4 replies      
Two factor authentication is nothing more than a massive vulnerability. We've seen people somehow change our listed contact numbers through unknown exploits, then hijack ownership of properties using the new number to prove they are us. This wouldn't be possible if not for 2nd factor authorization schemes.
Reid Hoffman and Brian Chesky on Handcrafting and Scaling Airbnb [pdf] mastersofscale.com
58 points by paladin314159  4 hours ago   5 comments top 3
janvdberg 1 hour ago 2 replies      
This is a tremendous podcast. The guests and subjects are A+. It is a the best new podcast around (for me anyway). (Only point of criticism would be, there are too many little jingles and maybe one too many commercials).
jhh 2 hours ago 0 replies      
If it isn't clear, this is the transcript of the first episode of a podcast called "Masters of Scale". https://mastersofscale.com/
simonebrunozzi 1 hour ago 0 replies      
As much as I like/respect/admire both Reid Hoffman and Brian Chesky, I find this podcast... terrible. So much that I had to stop listening to it after a few minutes.

I really hate the weird sounds and interruptions. It feels like a podcast designed to appeal to the masses, and to "overdo" every aspect of what a podcast should be.

I hope this is read as "constructive feedback", because that's the intention.

I listed to 10-12 podcasts a week, and I have never experienced this "repellence" to a single podcast, like this one. I believe this is the style of other podcasts of this series, if I recall correctly.

Am I the only one, or is there anybody else that shares the same feelings about it?

Random Generation of English Sentences (1961) [pdf] mt-archive.info
17 points by polm23  2 hours ago   2 comments top
flyGuyOnTheSly 1 hour ago 1 reply      
Can you imagine waking up one day in the near future and realizing that 96% of the tweets you have been reading for the past year have been generated by a computer?

The sheer thought of that just blew my mind a little.

It could drive the whole world mad.

Babies On Display: When a Hospital Couldn't Save Them, a Sideshow Did (2015) npr.org
51 points by raldi  5 hours ago   8 comments top 4
kristopolous 1 minute ago 0 replies      
I think about this story every time I hear "Goodbye My Coney Island Baby" and imagine someone serenading an infant in an incubator in 1920.
Cyphase 2 hours ago 3 replies      
I hope I wasn't the only one who thought for a moment that this was talking about a startup incubator. Even though that wouldn't have made a whole lot of sense.
dang 13 minutes ago 0 replies      
We changed the URL from http://www.npr.org/sections/thetwo-way/2017/02/25/517221933/... by the submitter's request. The two articles are closely related.
omegaworks 2 hours ago 1 reply      
Couney used Coney to incubate his incubators!
The relationship between mindset and getting old nautil.us
255 points by dnetesn  14 hours ago   119 comments top 15
robteix 12 hours ago 11 replies      
I wonder how much the effects vary between different professions.

I'm in my 40s. Incredibly old for HN standards. And yet, I feel no nostalgia for the "good ol' times." I mean, don't get me wrong I'm sure there's a lot of things that set me apart from newer generations -- I don't get Snapchat at all ;) -- but I don't see me being happier by being put in a house set up to look and feel like the 90s/80s.

Is it maybe because we as programmers tend to be less prone to be stuck to the past? Just wondering

dheera 1 hour ago 1 reply      
It would be interesting to see how much of this is truly biological and how much of it is due to societal and situational conditioning.

There were lots of things I could do in my 20s (e.g. refuse to use gasoline-powered city transportation, refuse to patronize places that used disposable cutlery, refuse to use non-free software, etc.) that I can't do when I'm in my 30s because people around me would think I'm a stubborn idiot, jeopardizing my career at a point where I have not yet established myself. It's very easy to tell a colleague, advisor, anyone at school that you're going to bike to the destination or take electric-powered transit [because you don't believe in a fossil fuel future]. It's very difficult to say the same thing to an investor, co-founder, employee, customer, or whoever is offering you a ride in their car, without feeling like an ass. I'm basically forced to be "normal" during work times and fit into the mould of society. I can only be myself on evenings and weekends.

I can only imagine how much more "being normal" I need to do if I had kids, pets, tenants, or whatever. I don't have any of those at the moment. The other night I was pondering over potential improvements to our music and mathematical notation systems while staring at the Milky Way. (I didn't come to anything conclusive, but I love thinking outside the boxes that society defines for us.)

10 years ago, I could truly be myself 24 hours a day. I was basically learning all kinds of things about the world by doing that. Now, I only get about 5 hours a day to be myself. The rest of the time, I need to conform. The lack of "me" time itself may be contribute to some degree of mental rot/aging, apart from the biological component.

michalu 11 hours ago 2 replies      
I suspect the reason they felt better and more vital is that the change of mindset and environment altered their biochemistry.

How we feel and what we think of ourselves affects our levels of Testosterone, Cortisol, Serotonin, etc. Even a 5 minute conversation can give you a T boost of 30%+ ... or believing that you're perceived as high status alters your Serotonin. Those hormones in turn make you more vital.

So who knows what was the reason... maybe more social interaction with strangers? Or simply putting their mind into a different, better place?



sdenton4 10 hours ago 0 replies      
It's an effect probably at least as real as ESP:https://slate.com/health-and-science/2017/06/daryl-bem-prove...

Which is to say, I'm dubious as hell of this result: For something this click-baity, at this point in the history of psychology research, I'mma need some serious replication before I give itan ounce of belief.

TheOtherHobbes 7 hours ago 1 reply      
In my 50s. Not exactly pickled in nostalgia.

I think the computing party is just getting started. Non-trivial domestic AI will be here within a couple of years, personal robotics 5-10 years after that.

The current ad mania sucks, but it's going to have to evolve or die.

I don't miss much of the past. Pocket phone computers, tablets, GPS, video calling, massive data storage, and the potential of renewables and distributed energy grids are all awesome. Like.

Even social has its moments.

The real problems are cultural and political. There's been some movement there, but not nearly enough. The system has nearly enough energy to go through a phase change soon, and that's when things will get really interesting.

myth_drannon 13 hours ago 0 replies      
I wonder if nostalgia is a human mind's hack to slow down aging.
afpx 11 hours ago 2 replies      
I look forward to living to 100. But, 80 would be even better if only I could regain a 12-year-old's sense of the passage of time.
theprop 3 hours ago 0 replies      
Age may mean certain things about DNA methylation, but it doesn't mean you can't continue inventing, challenging yourself taking chances e.g. 94 year-old co-inventor of lithium batteries co-invents a solid state (solid-glass electrolytes) battery.


chiefalchemist 11 hours ago 0 replies      
Kinda like a placebo effect, yes. It would be interesting to take a group of slightly younger test subjects and see what happens to them when they live with older people in the present.

Moi? The body and mind are both subject to: Use it or lose it. We also, as humans, tend to assimulate into the norm around us, be it smoking, obesity, and now I guess perhaps youth.

Finally, I have to wonder about the effects of essentially being on holiday. In addition, perhaps the group discussions energized them? That is instead of waiting to die, they had more reason to live? In any case, interesting.

ilaksh 12 hours ago 0 replies      
http://www.sens.org -- after reading the article, still by far the most scientific and fully developed approach that I have seen.
DrNuke 11 hours ago 1 reply      
Whatever your past, it is irrelevant now and future the only way forward, so smile and enjoy your ride together with the people you love (mid 40s here and still pushing, ehehe).
robertlagrant 12 hours ago 3 replies      
Some of the article was okay (although you can cherry-pick a lot to achieve a conclusion) but Langer's study in particular seemed very dubious. They "looked younger"? Stop - that's just way too objective for me!
reasonattlm 12 hours ago 1 reply      
Physical activity is the likely mediating mechanism between acting younger and gaining modest benefits by some measures. Since the development of lightweight accelerometers, studies of physical activity have demonstrated strong correlations between even modest activity of the housework/gardening variety and health in old age. There is a mountain of further research demonstrating the benefits of increased moderate exercise and lesser forms of activity in older people.

But ultimately the end is the same. You can't reliably exercise your way to 90, even. The majority of people who are exceptionally fit die before reaching that milepost in the environment of the last 90 years of medical technology. The future of health and longevity in later life will be increasingly determined by medical technology, and nothing else. Aging is damage, and that damage can be repaired given suitable biotechnologies to do so.

DNA methylation patterns correlating strongly with age are a very promising tool when it comes to assessing treatments for the processes of aging. Companies offer various implementations now - see Osiris Green for a cheaper example, to pick one. In the SENS view of aging as accumulated molecular damage, epigenetic changes are a reaction to that damage; a secondary or later process in aging. We'll find out over the next few years how the rejuvenation therapy of senescent cell clearance does against this measure, now that things are moving along there.

But you shouldn't think it impossible to construct useful metrics of biological age more simply. There are a number of excellent papers from the past few years in which researchers assemble weighted algorithms using bloodwork, grip strength, and other simple tests as a basis into something that nears the level of discrimination of the epigenetic clock.

When it comes to a biomarker of aging, there are lots of promising candidates. Researchers will spend a lot of time arguing before they come to any sort of pseudo-standard for that task. Industry (today meaning the companies developing senolytic therapies for the clinic) will overtake them and, I'd wager, adopt one of the epigenetic clocks because it basically works well enough to get along with, and can be cheap in some forms.

jldugger 12 hours ago 2 replies      
> getting old

'aging' is the word you are searching for

ianai 13 hours ago 1 reply      
Constant change does harm. That's my takeaway.
Forecasting at Uber with RNNs uber.com
94 points by paladin314159  7 hours ago   10 comments top 3
eggie5 2 hours ago 3 replies      
I wish the diagrams were bigger, they are hard to read and a bit blurry.

One of the interesting points, that is often overlooked in ML is model deployment. They mention tensorflow, which has a model export feature that you can use as long as your client can run the tensorflow runtime. But they don't seem to be using that b/c they said they just exported the weights and are using it go which would seem to imply you did some type of agnostic export of raw weight values. The nice part of the TF export feature is that it can be used to recreate your architecture on the client. Bu they did mention Keras too which allows you to export your architecture in a more agnostic way as it can work on many platform such as Apples new CoreML which can run Keras models.

siliconc0w 3 hours ago 1 reply      
I wonder how much they could enlist others to solve this by creating something like an 'Uber Auction House' to basically buy and sell the right to reap Uber's cut for a ride. They could clean up on exchange fees while everyone solves this problem for them.
ozankabak 4 hours ago 0 replies      
I don't understand if they use windowing as a fixed computational step that is active both in training and scoring time, or, if they use sliding windows only to chop up the training data.

Also, I wonder if they checked how a feed-forward NN that operates on the contents of a sliding window (e.g. as in the first approach above) compares with their RNN results. I am curious about this, as it would give us a hint whether the RNN's internal state encodes something that is not a simple transformation of the window contents. If this turns out to be the case, I'd then be interested in figuring out what the internal state "means"; i.e. whether there is anything there that we humans can recognize.

[edited to increase clarity]

GUN 0.7.9 15M read/sec, 15K write/sec, 2K sync/sec MIT Licensed Graph Database github.com
87 points by marknadal  8 hours ago   24 comments top 10
falcolas 6 hours ago 1 reply      
That collision resolution algorithm looks like a doozie from a "malicious peer" point of view.

Updates in the past are "recorded and discarded", updates in the future queue up. First, let's see if we can run our peers out of memory with a few (billion) quick future updates. Funny thing, gzip; it's so easy to compress highly repetitive patterns. Could also just try and spam the historical log too, could we fill the disk as well as working memory?

If we don't run everything out of memory, let's just write out a few billion updates for every state interval, and make sure it evaluates as "greater than" (yay, JavaScript) any real value. Those updates should preemptively overwrite every other update that comes in.

Do you have an operating window of less than, say, 300ms? Heaven help the poor client from Sidney who keeps trying to update a master in London. Their updates will always be discarded (I'm not certain, but the docs read as if this occurs even when updating a value which hasn't been overwritten by a future state). Darn you, speed of light; why can't you be just a little faster?

I guess you can only hope that your clients all decide to be honest and never change your code. Or get their state counter (or clock) too far out of sync.

marknadal 6 hours ago 1 reply      
Some people asked why this release is so important:

- It fixes several critical bugs that happened during the performance rewrite. Example: If a server crashed and had its data wiped, there wound up being some sync issues. But this release fixes those.

- First time for us to hit 2K table inserts/second synced end-to-end across a federated (browser <-> server <-> server <-> browser) network topology. This load test was running on low end hardware, so expect better results on better hardware.

- These tests are now available for anyone to run, using our distributed testing framework called PANIC, which simulates failure cases (inspired by Aphyr's Jepsen.io tests). Code and docs for it at https://github.com/gundb/panic-server .

- - If you want to run (or write your own) please read through this well-commented 300LOC test: https://github.com/amark/gun/blob/master/test/panic/load.js .

- - The test that was added in this release simulates what happens to GUN in a split brain network partition during a server loss. We expect the data to converge once the network heals (it previously was not, but now does). The PANIC test for this is here: https://github.com/amark/gun/blob/master/test/panic/holy-gra... (Warning: not commented, please see the previous test to understand what is going on)

Happy to answer any other questions. For anybody using GUN, this is one of the most important releases and upgrading is strongly recommended.

mwpmaybe 5 hours ago 0 replies      
For god's sake, man, run a linter on this thing. The mixing of spaces and tabs alone makes the code embarrassingly difficult to read.


ccommsxx 5 hours ago 2 replies      

 We're getting even better numbers on other devices: Android phone, ~5M ops/sec. Macbook Air, Chrome, ~30M ops/sec. Macbook Pro, Chrome Canary, ~80M ops/sec. Lenovo netbook, IE6, ~100K ops/sec [...] These numbers represent a breakthrough in performance not possible with other databases. 
Care to share some details on this benchmark? What kind of operations were these? Your results don't really sound likely for any kind of non-trivial operation - is it possible that you were testing a routine that was optimized out (to a static return/noop) by the JIT?

from https://github.com/amark/gun/wiki/100000-ops-sec-in-IE6-on-2...

ddorian43 6 hours ago 0 replies      
Come on man, do we have to do this everytime ?

Next time post on a weekday so you'll get maximum criticism.

They should've implemented scylladb on top gundb, not amateur-designed-by-kernel-hackers seastar-framework.

Do reavaluate your time, seriously & sincerly.

mosselman 6 hours ago 1 reply      
I checked GUN out a while back and it looked cool, but I wanted something to use with react-native.

Now there seems to be a package to do this (https://github.com/staltz/gun-asyncstorage), but I am still unsure about how production ready this is. Any thoughts in general or experiences with Gun and react-native?

lacampbell 4 hours ago 2 replies      
This looks really cool. I'm no database expert, but a decentralised graph database is an intriguing idea. Has it been tried before? (decentralised databases I mean, not graph databases)
maxdemarzi 3 hours ago 1 reply      
The docs seem to indicate you do not store properties on relationships? Is that right? Then why call it a graph database when it is really an RDF store?
akanet 5 hours ago 1 reply      
Do you plan to add presence to GUN? One of the key features that we require from Firebase is the ability to tell the server to delete a key in the event the client disconnects.


avodonosov 5 hours ago 1 reply      
> ... and then when the network comes back online GUN will automatically synchronize all the changes and handle any conflicts for you.

Any conflicts? How?

Don't publicly expose .git (2015) internetwache.org
78 points by g4k  8 hours ago   43 comments top 15
Hamcha 7 hours ago 4 replies      
I don't like the advice he gives on just denying access to .git. I think the idea of cloning the repo in the htdocs folder is just wrong.

A much better approach (or at least, what I use) would be to set up the repo somewhere private with --bare and set a receive hook to checkout HEAD to the htdocs folder, this way the htdocs only has the content and you get the extra feature that you can sneak extra commands on the checked out source (such as building/minifying) without changing the original source

gehaxelt 4 minutes ago 0 replies      
Hello HN,

here's one of the blogpost's authors. Although it has been a while since we published the blogpost, I'll try to answer any questions or listen to any suggestions.

andersonmvd 56 minutes ago 0 replies      
".git" is only one of many checks performed by Nikto (an open source security scanner - https://cirt.net/Nikto2), but there are other checks and many other scanners.

shameless plug: I've developed a service that you run to check against vulnerabilities in your apps/servers and it has a free plan (https://my.gauntlet.io/registration.html) in case you're interested (https://gauntlet.io).

kleinsch 7 hours ago 2 replies      
I feel like whenever possible, the answer is to stop storing sensitive information in source control. That solves a whole class of problems, including this one.

If your history has sensitive info, see about rewriting the history. If that's not possible, maybe fork the repo, remove the sensitive info, and get the team to switch to the fork. If that's not possible either, make the sensitive info meaningless (reset your DB passwork, revoke the API tokens, etc).

gonyea 1 hour ago 0 replies      
No, you need to delete the .git folder from your server entirely. Ideally, delete it before you deploy. In fact, don't even put a github deploy key on the server. Deploy binaries.

And don't just stop with .git: Delete any folder/file that's not required to operate the app in production.

concede_pluto 6 hours ago 2 replies      
> When deploying a web application, some administrators simply clone the repository.

Step one: stop randomly smearing crap around. Prod should only have files that came from a .deb or .rpm signed by the legit build process, because that's how you know your system is reproducible and has everything it should and nothing else.

mercora 4 hours ago 0 replies      
It is possible to separate the work tree from the git repository files with the "--separate-git-dir" flag. .git is then a file whose contents point to the directory where the repository files reside. Any other command works as usual without specifying the directory, so it is just needed for clone or init.
auscompgeek 1 hour ago 1 reply      
> A tool to discover, one to download and one to extract git repositories.

Hasn't dvcs-ripper [1] been around for longer? It supports other VCSes as well.

Also, the article fails to mention that a simple `git clone` would usually work as well, although that tends to be blocked in similar CTF challenges.

[1] https://github.com/kost/dvcs-ripper

mioelnir 6 hours ago 0 replies      
If I remember my Apache config right, the two examples are switched. The 2.4 config should be 'Require all denied' and the 'Order deny,allow' the old 2.2 syntax.
cyphar 7 hours ago 1 reply      
An interesting thing to note is that .pack files give you some safety against this sort of disclosure. Bare git objects are very easy to access even with indexes disabled because their name is their hash (and so if you have access to the index or the current HEAD you can recreate the history). Pack files contain multiple objects, but their name is computed from a hash of the packed objects. This makes it quite difficult to figure out the path to the pack file (you have to brute force the entire history and how it was packed in order to get a single .pack file's worth of data).

Not that you should have .git exposed on your public webserver anyway. I do remember participating in a CTF that had a problem like this a few years ago, it's possible that it was the same one the author mentioned.

libeclipse 6 hours ago 1 reply      
The author fails to acknowledge a scenario where you wouldn't care, or where you'd even actively want your source code to be public.

For example, static websites for open source projects, et al.

Kenji 30 minutes ago 0 replies      
If someone being able to download your source code repository is opening yourself up to attacks, you're doing something wrong. Either you are relying on security through obscurity, or you checked keys into git. Both horrible practices.
jldugger 7 hours ago 4 replies      
> Bad people can use tools to download/restore the repository to gain access to your websites sourcecode.

So if I post my website's sourcecode on github, I'm equally vulnerable? I could see problems if said checkout contained a credential cache, but that doesn't seem to be mentioned.

eliq 7 hours ago 2 replies      
Isn't this a non issue (don't need to change any config to block .git) with a properly configured firewall and nginx proxy passing to localhost when the code does not live in a publicly visible location? Eg- https://www.digitalocean.com/community/tutorials/how-to-set-...
partycoder 7 hours ago 1 reply      
If the .git folder is exposed, you can download it, then do "git checkout" in that folder and get the full working copy.
Cyril Connolly and the literature of depression the-tls.co.uk
10 points by lermontov  3 hours ago   4 comments top 2
narrator 1 hour ago 2 replies      
It seems to me that before Prozac and such there was a more robust "depression" culture. People tried to make meaning out of their persistent sorrow and anxiety. Maybe that's for the better that that's somewhat of a relic of the past, but I would like to be convinced otherwise.
Animats 50 minutes ago 0 replies      
This is what the slush pile from the New Yorker must read like.
Mapping the Shadows of New York City nytimes.com
45 points by baron816  7 hours ago   2 comments top 2
pavement 3 hours ago 0 replies      
It'd be interesting to see a composite of reflected sunlight included around the builings with highly reflective exteriors.
amichal 2 hours ago 0 replies      
Very cool. The explaination of "shadow accumulation" would have been a bit closer to reality if they had used hours in their example. shadows don't move anywhere near that far in 1 minute.
How 'OK' took over the world (2011) bbc.com
48 points by mercer  7 hours ago   32 comments top 9
hamandcheese 3 hours ago 3 replies      
I much prefer and almost always write "okay" vs "ok", and I feel like most of my friends do the same. I wonder if it's a generational thing. I and most of my friends are early-mid 20s.
sciolizer 5 hours ago 0 replies      
The Boston Morning Post theory is well supported, but so are a few other alternative theories.


spodek 3 hours ago 8 replies      
> OK allows us to view a situation in simplest terms, just OK or not.

I disagree. I find that OK implies some consent or agreement.

In Chinese there's a word I don't know how to write but sounds something like "uh" that means more "I acknowledge" without implying agreement. Actually, I don't know if it's a word, but I hear it a lot.

Whether it exists in Chinese or not, I wish English had a word more neutral than OK or uh-huh. "I acknowledge what you said" is too clunky.

kylehotchkiss 2 hours ago 0 replies      
I'm learning hindi (slowly) and there it's "teek hai", which to me always sounds like T-K, and always makes me want to laugh a little.
triangleman 2 hours ago 0 replies      
Not at all used in Brazil from what I can tell. I told a fruit vendor after tasting his wares "it's ok" and he though I said "shocking" which apparently has a portuguese cognate.

Thankfully the thumbs up gesture is pretty pervasive there.

drewmol 1 hour ago 0 replies      
My experience both in US high school and college English classes was that 'okey/okay' is taught as a proper American English word, universally accepted as synonymous with 'alright', 'OK' being a contraction/slang. Interesting to read this may not be the case.
peterquest 1 hour ago 0 replies      
I'm curious as to how it was adopted by countries for which English is not the primary language. I remember being surprised when I heard Parisians using it regularly in their speech.
520794 3 hours ago 0 replies      
I always liked

as a prompt, e.g., on a bootloader.

stolk 3 hours ago 1 reply      
In French, "au quai" means "in the harbour."

Cargo in the harbour, is not lost at sea, or in transit.

Instead it is safe and sound, or O.K.

Low End Means Good Enough lowendmac.com
64 points by protomyth  9 hours ago   42 comments top 10
crowell 4 hours ago 4 replies      
It's pretty hard to take this article seriously.

The author writes

"I dont consider Windows good enough. Historically there have been to many ways to compromise a Windows-based computer, and new techniques keep showing up with alarming regularity."

And then later

"I am writing this on my newest computer, a Late 2008 Aluminum MacBook running OS X 10.11 El Capitan"

If you're going to knock Windows on a lack of security, at the very least do as much as you can do to protect yourself on a Mac. Note the long list of security fixes in the latest version of MacOS https://support.apple.com/en-us/HT201222

twblalock 4 hours ago 2 replies      
One of the interesting developments over the past decade is that computers remain usable for much longer than they used to, unless you are a gamer or need to do heavy programming work.

My 2011 Macbook Pro is still perfectly usable for everything a normal person would want to do with a computer. So is my parents' 2012(?) Mac Mini. I just bumped the RAM up to 8GB on both of those computers and they are just fine for web browsing, word processing, and HD video playback.

I suspect that Apple's problem selling iPads is related to this -- my iPad Air 2 is never noticeably slow doing any task, and I know people with pre-Air iPads who are perfectly happy with them. These are people who have plenty of money to buy a new iPad and would do so if theirs felt slow; they just don't notice any drawbacks to using an older one.

bluedino 6 hours ago 2 replies      
>> From a practicality standpoint, the top choice would be that last generation 2011 17 MacBook Pro

This is actually a bad idea - the 2011 15/17" MacBook Pros have dying graphics chips, that Apple stoppped repairing at the end of last year.

sfled 6 hours ago 3 replies      
I use a 1998 "Wallstreet" PowerBook G3 running OS 9.2 and MS Office 98 for word processing, some email, and spreadsheets. No Wi-Fi, so I tether it to another laptop via Ethernet.
mechagodzilla 5 hours ago 1 reply      
My SO is still using a 13" early-2011 MBP, recently upgraded with an SSD and 16GB of RAM, and running the latest OSX release. With only it's original 4GB of ram it was constantly swapping on more recent releases of OSX, which was pretty painful, but it operates just fine now. A brand new 13" MBP would have longer battery life, weigh less, and have a High-DPI display, but wouldn't really be any faster in day-to-day use (and it wouldn't even support more RAM!). I was pretty surprised by how little computers had improved in the last six years.
lucidguppy 6 hours ago 3 replies      
I wonder what would have been if Apple kept pushing the AppleII line in a much more gradual tech road map.


In my opinion - computers should still have a boot to basic with a simple interface to vga graphics and passable sound. Something like pico-8 but a better editor with VI bindings. :-)

It's a good thing we have the raspberry pi.

kraig911 3 hours ago 0 replies      
I thought the nostalgia of the cult of mac from the early 00's was long and dead... but I guess old habits die hard. I wonder what it will be like when the next generation talks about browser versions because to me that's basically the future. Most of the applications I use vary a tiny bit from mac to windows. Gmail, Sublime, Adobe Illustrator, Dropbox... the applications seem to match closer in parity whilst the OS's that host them get more different.

Also his mention of Windows security is a little tired.

triangleman 2 hours ago 0 replies      
Still running my late 2006 aluminum Core 2 Duo Macbook pro, upgraded, with 10.6.8 snow leopard. Unfortunately it occupies an awkward space between homebrew and the "tigerbrew" fork... Everything tries to compile and often fails because of out of date compilers.

I think I'm trying to run too much locally, so these days I am still getting a lot done using cloud VM's.

A computer like that really helps you write efficient javascript.

imwally 4 hours ago 0 replies      
>> I cant get too excited about the 2016 13 MacBook Pro with 2 Thunderbolt ports. It has a Retina Display, but its 2560 x 1600 pixel display shows no more than my current MacBooks 1280 x 800 display.

Huh? Out of the box resolution is 1440x900 and maxes out at 1680x1050 (without using a 3rd party application like SwitchResX). Apple used to set the default to 1280x800 but this is no longer the case.

i336_ 6 hours ago 3 replies      
Question. There are several mentions of $gigantic_resolution either providing the same or less display area than $smaller_resolution.

Are there any hacks that can convince macOS (or the older versions of OS X described in this article) not to treat the display as HiDPI? Yeah, I realize the machine will abruptly feel like it needs a magnifying glass to use, but in a pinch (laptop on lap <2ft from eyes) it might work for some (insert standard disclaimers here about eyes being non-replaceable and needing to last the distance).


The late-2015 21 iMac is ~$1.5k+, and "has a multi-core Geekbench score of 5623."

Then the late-2011 17 MacBook Pro which is ~$1.3k checks in with a "9240 Geekbench score".

Is there some datapoint I'm missing here?

Show HN: Sultan Pythonic interface to your shell readthedocs.io
97 points by aeroxis  11 hours ago   31 comments top 16
hultner 11 hours ago 1 reply      
Very nice!I've been using somewhat similar sh[1] for the same purpose. It's nice seeing more alternatives.


onyb 8 hours ago 1 reply      
This seems to be a simple wrapper around subprocess, but I'm afraid it is not changing things dramatically. Overall, I don't agree that Sultan's syntax is any more Pythonic than subprocess itself.

+1 for https://sultan.readthedocs.io/en/latest/sultan-examples.html...

I think it would be interesting if you could iterate on the results of "ls -l", where each row is represented by an object.

rekwah 6 hours ago 0 replies      
I wrote a pretty significant process wrapper in python at $PREVIOUS_JOB. The problem I have with these loose wrappers around subprocess is that they're, imho, solving the wrong problem. Or, maybe better put, not solving _enough_ of the problem.

Imagine writing a wrapper for "grep". It may work in one environment, but if you need portability, you're going to quickly realize that there are nuances in implementation and the actual calling interface. Now you're handling branching logic in your application code based on platform, version, etc.

Interfacing with a command line tool shouldn't be thought of much different than a remote HTTP/ReST API talking text/plain instead of application/json. You're looking for your "client wrapper" to handle argument validation, parsing, versioning, etc.

Cynddl 10 hours ago 0 replies      
There is also pyinfra [1], which provides the same sort of features for both local and remote devices, yet designed for consistent deployments and state diffing.

[1] https://github.com/Fizzadar/pyinfra

rntksi 1 hour ago 0 replies      
Trying very hard to ignore it, but to be honest... The logo looks like a smiling phallus.
asdfgadsfgasfdg 8 hours ago 1 reply      
How does

compare with


 subprocess.call(command_from_potentially_unsafe_source, shell=True)
securitywise? I'm assuming all three are equally bad?

fermigier 9 hours ago 1 reply      
I've been using 'tentakel' for remote server admin for years, 'fabric' for lightweight deployment, and more recently 'invoke' for local invocations (all are Python projects).

This project looks interesting too, will give it a try.

BTW: Has anyone news on Fabric 2 ?

gerdesj 9 hours ago 1 reply      
When I dabble with Python to get a job done, I invariably end up using subprocess at some stage and going through some contortions. I like the look of Sultan, it seems well thought out and has loads of well written docs.

Anyone know how the name came about?

Eridrus 8 hours ago 0 replies      
Since we're throwing out random shell related tools, I found pexpect recently: https://pexpect.readthedocs.io/en/stable/api/replwrap.html

Which was super useful for controlling some utilities that wanted to be run in an interactive bash shell.

llccbb 7 hours ago 2 replies      
Seems like there is lots of talk here about how this is thin wrapper over `subprocess`, but I like the idea. What I don't like is that the logo looks like a penis with a mustache.
brett40324 9 hours ago 0 replies      
Ive written numerous python wrappers around shell commands for all sorts of one off utils, but this is nice and flexible and generic. Sultan looks well thought out. Open to contributors?
santiagobasulto 7 hours ago 0 replies      
How's this different from sh or fabric?
pknerd 6 hours ago 0 replies      
how is it different from Fabric?

Nice stuff though

falsedan 9 hours ago 1 reply      
Why not plumbum?

(I know why not to use plumbum)

fnj 10 hours ago 1 reply      
Xonsh is how to do this.
kvajjha 45 minutes ago 0 replies      
>Bash, while it seems arcaine, actually is quiet powerful!

This line triggered me.

An introduction to Wayland drewdevault.com
128 points by Sir_Cmpwn  13 hours ago   36 comments top 9
the_common_man 5 hours ago 1 reply      
> Wayland is the new hotness on the Linux graphics stack

Use wayland (with gnome) everyday myself but wanted to point out that wayland started almost 10 years ago :) The adoption has taken forever though partly because of the infinite legacy of X11 and lack of support from big players like nvidia.

AdmiralAsshat 3 hours ago 0 replies      
Fun fact: Wayland is supported on ChromeOS versions 50 and above for the supported Android applications.[0][1] Consequently, you can run Fedora with Wayland on a supported Chromebook using crouton.[2]




lol768 10 hours ago 2 replies      
Interesting article, nice to see some more practical examples.

For those unaware, SirCmpwn is responsible for sway - https://github.com/SirCmpwn/sway - which aims to be an i3 compatible compositor for Wayland. In my experience it's not production ready yet, but it's definitely a pretty cool project to keep an eye on if you do use i3.

makomk 8 hours ago 1 reply      
If I recall correctly, one major catch is that wl_shell has been feature-frozen since 2012 and lacks newfangled features like the ability to minimize windows. For newer functionality you need to use xdg-shell instead, which regularly changes in backwards-incompatible ways and there's no guarantee the version your application implements (or any version of it) will actually be available.
moomin 9 hours ago 1 reply      
A question that may only be of interest to me: is anyone looking at getting Wayland running on Windows? In particular, interacting with the new WSL stuff?
amelius 10 hours ago 0 replies      
I was hoping for a somewhat broader and more abstract discussion of the concepts used in Wayland (and not C structures).
Animats 11 hours ago 1 reply      
Why does this remind me of CORBA?
pmoriarty 8 hours ago 1 reply      
Is something like VNC or some other way to remotely view a desktop or an app going to be possible in Wayland?
sanbor 6 hours ago 3 replies      
I'm surprised to see XML. Wouldn't JSON or some other format be a better choice?
It's Now Possible to Boot Android on I.MX6 Platforms Without Proprietary Blobs softpedia.com
88 points by mmastrac  13 hours ago   32 comments top 4
grizzles 10 hours ago 1 reply      
What are the other of the "very few" embedded SOCs that need no proprietary blobs to run? Mediatek?

Also, how great a name is Robert Foss for someone who writes open source code for a living...

robert_foss 10 hours ago 8 replies      
Author here, feel free to ask me things.
lawl 3 hours ago 0 replies      
An interesting target for postmarketOS: https://ollieparanoid.github.io/post/postmarketOS/
throwaway-1209 10 hours ago 1 reply      
I'd love to see Ubuntu or Yocto support for this, with accelerated Wayland. Is that a possibility?
Random access memory (2016) rlfbckr.org
76 points by bryanrasmussen  11 hours ago   16 comments top 7
hengheng 9 hours ago 2 replies      
This is not random access; the latency depends on the position of the read/write head over the spinning platter. Other analogies may be more apt.

Also I guess they could have just as well built that with a Pick and Place machine out of an electronics manufacturing company, but I guess UdK has an emphasis on things being hand-made and looking artsy.

peter_d_sherman 11 hours ago 2 replies      
Utterly brilliant! Anyone studying computer engineering should understand that Turing Machines exist outside of electricity, silicon and logic gates. This should be the first lesson of the first class of any computer engineering course.
dingo_bat 2 hours ago 0 replies      
Isn't this what Greg Egan talks about when he explains his "dust theory"?


Ecco 10 hours ago 0 replies      
I'd be curious to know how many bits this fun memory stores :-)
cosinetau 11 hours ago 0 replies      
I love how soothing that sound is. I would love to have it going while working in a library study hall or something.
elvinyung 8 hours ago 0 replies      
Relevant xkcd: https://xkcd.com/505/
s-berwick 6 hours ago 0 replies      
Have just looked at some of his other work. Would love to buy a print!
Word Embeddings: Past, Present, and Future w4nderlu.st
33 points by tim_sw  8 hours ago   7 comments top 3
paradite 38 minutes ago 1 reply      
Side note: You may not want to open this on mobile data. It was downloading at 1mb/sec and I had to force close the browser immediately.

Edit: Not sure how big is it in total though. Maybe someone not on mobile can share.

visarga 2 hours ago 1 reply      
Great slideshow. Word embeddings are already indispensable in NLP, but I'm wondering if it is right to assign just a unique vector per word. Instead, each word should have a vector based on context, for disambiguation and nuance.

I see word meaning as an action similar to object recognition in vision - we have to infer meaning because the actual word itself is a family of meanings. Most of the time it's used one word - one embedding, even in word2vec which is the standard method used in papers.

Of course word sense disambiguation is an old topic of research and there are many methods. The translation task is probably the ultimate word-disambiguation application - it shows how much work is still to do after word embedding, in order to understand the meaning of words. If words had unique meanings, we could have done translation with simple dictionary substitutions.

Individual behavior in clonal fish despite near-identical rearing conditions nature.com
53 points by r721  10 hours ago   23 comments top 5
ajkjk 8 hours ago 5 replies      
It seems possible to me that it would be advantageous for there to be randomness baked into personality, to avoid things like 'decision making deadlock'.

For instance, suppose a tribe of headstrong individuals who would never back down in an argument, and would resort to violence before losing face. It might be beneficial for random personality variation to exist to allow them to settle such a debate nonviolently. Maybe one individual randomly becomes able to laugh off conflict, or becomes more meek, or is more easy going.

It's kinda like how four cars that pull up to a four way stop at the same instant decide who goes: some randomness in the timing of their reactions leads to one pulling out a little before the others, and they're allowed to go, gracefully resolving the deadlock. Four naively designed AIs might get stuck in that situation (of course, simultaneity is implausible, but there are similar cases that might be more realistic).

nolemurs 6 hours ago 4 replies      
This study's result should really not be surprising to anyone. The idea that somehow genetics + big picture environmental conditions are determinative of outcome seems so superficially unlikely to be true to me that I'm kind of baffled that anyone thought otherwise.

I'm sure many aspects of an individuals development are largely determined by genetics and big picture environment (anything else would be non-adaptive). But it kind of seems obvious that within the range of reasonably adaptive differences, the outcome is likely often chaotic. That should be the default presumption, and absent some clear reason to expect otherwise, is what they should have expected.

stevesearer 9 hours ago 1 reply      
Worth pointing out the movie The Boys From Brazil which explores the same concept in humans: https://en.m.wikipedia.org/wiki/The_Boys_from_Brazil_(film)
eveningcoffee 7 hours ago 1 reply      
I am not biologist (that is the following is pure speculation based on ignorance) but it feels to me that the method of their cloning leaves in opportunity of minute changes in the offspring DNA.

This then still leaves open possibility that different behaviour is cause by genetic mutations but this variation it much more amplified that presumed previously.

I would be happy if somebody with more knowledge finds time to comment on this.

robbrown451 8 hours ago 0 replies      
Free will has been proven!
How MutexGuard Was Sync When It Should Not Have Been ralfj.de
56 points by Rusky  11 hours ago   3 comments top 2
andrewflnr 7 hours ago 0 replies      
ishitatsuyuki 8 hours ago 1 reply      
Such things can become a vulnerability when Rust becomes popular enough ;)
The largest confirmed waterfall in Earth's history bbc.com
50 points by Tomte  10 hours ago   17 comments top 8
candiodari 31 minutes ago 0 replies      
I don't know if this was the largest. Both the mediterranean and the Black sea, each a lot larger than any water body in America.

Anyway, both of those were dry at one point and the water of the oceans broke through. The Black sea went from low lying valley (akin to the dead sea valley, but much bigger) to open sea in less than a week.

I don't know, but that even seems to me must have been pretty spectacular (to watch from a SAFE distance).

xrd 3 hours ago 0 replies      
This flood carried the Willamette meteorite, a 15 ton space rock, embedded in a chunk of a glacier, from Montana to just south of Portland. It is the largest meteorite found in North America.


wallflower 5 hours ago 0 replies      
This immediately reminded me of the Lake Peigneur disaster.


theprop 4 hours ago 0 replies      
Niagara Falls is at something like half its potential power. There are talks to open the floodgates so to speak once a year and let Niagara Falls be really gigantic (bigger than Iguaza) one day a year.
curun1r 5 hours ago 0 replies      
> It was twice as high and three times as wide as Niagara Falls

Having seen both, I'm not sure that doubling and tripling Niagara would make it larger than Iguazu Falls...probably taller, but Iguazu is really, really wide.

hourislate 2 hours ago 0 replies      
Randall Carlson along with Graham Hancock speak of this in quite some detail on Joe Rogans podcast. They speculate that some sort of meteor or comet shower melted the icecaps 12k years ago and caused a flood of biblical proportions. It is a fascinating podcast.


dredmorbius 4 hours ago 1 reply      
A simulation of the Lake Missoula flooding and ice-dam collapse:


Eastern Washington's Scablands are pretty impressive relics.

gerdesj 7 hours ago 5 replies      
"We're sorry but this site is not accessible from the UK as it is part of our international service and is not funded by the licence fee. It is run commercially by BBC Worldwide, a wholly-owned subsidiary of the BBC, the profits made from it go back to BBC programme-makers to help fund great new BBC programmes. You can find out more about BBC Worldwide and its digital activities at www.bbcworldwide.com."


The Day I Played Bill Gates and Satya at Ping-Pong capitalandgrowth.org
61 points by yinso  7 hours ago   13 comments top 4
uiri 4 hours ago 0 replies      
Satya was also more accessible than his predecessor and would meet with anyone in his division for 10 minutes on Fridays.

I imagine Satya no longer has this policy as CEO. Are there any division head level or higher execs in Microsoft which copied this policy? I imagine it works best as a mid-level manager where there are at least 50-100 people below you but not 10's of thousands.

the_common_man 6 hours ago 2 replies      
I am a ping-pong enthusiast myself and spend endless time playing it. So, I loved reading this article. Was this competition for entire MS or just some small division. I am wondering where the chinese players are :-) We have some in our office who love to show off their pen-hold. Curiously, the best player in my office is a dutch...
saghm 6 hours ago 5 replies      
> We were cautioned beforehand not to embarrass him

I would hope Bill Gates doesn't have such a delicate ego that he couldn't handle losing a game a ping pong

terminado 6 hours ago 1 reply      
The actual Microsoft corporate subculture is bizarre to behold, when contrasted with the perceived subculture of the Microsoft user, operator, systems administrator, penetration tester, et c.
Solving systems of linear equations with quantum mechanics phys.org
53 points by jonbaer  13 hours ago   10 comments top 4
lostmsu 11 hours ago 3 replies      
Wait, aren't linear equation systems solvable in N^3 where N is number of equations/variables? Why do they claim exponential improvement?
deepnotderp 3 hours ago 0 replies      
Well this is cool. And it certainly increases the practical applicability of a quantum computer.
solotronics 3 hours ago 0 replies      
forgive my ignorance but doesn't this have applications for cryptography? if so this is potentially a huge deal.
dkarapetyan 11 hours ago 2 replies      
It takes 1 second to solve a 2x2 system? I don't see how any speed-up is going to make it faster than just using a regular computer.
Bagpipe enables verification of BGP router configuration policies konne.me
9 points by tjalfi  6 hours ago   1 comment top
phlo 7 minutes ago 0 replies      
I couldn't quite tell what 'Bagpipe' refers to from the headline. That's a minor complaint as the site loads quickly and is very readable. As a suggestion: 'Bagpipe: a DSL enabling verification [...]' would have cleared things up for me.

For others who might have the same issue:

 Bagpipe enables ISP administrators to express BGP policies in a domain-specific specification language and verify that he ISPs router configurations implement these policies.

Group theoretical methods in machine learning (2008) [pdf] uchicago.edu
66 points by adamnemecek  11 hours ago   5 comments top 4
sdenton4 9 hours ago 0 replies      
I'm familiar with Risi's work on using Fourier transform on groups for object tracking. Basic idea is that the usual Fourier transform is a construction on Z_n, which generalizes to antsy finite groups. Important examples are binary vectors (Z_2n) and permutations. The twin hypotheses are that learning on Fourier space is easier, and that learning on these other specialized groups for which we understand the transform is a useful pursuit.

For the permutation group, you get matrices instead of numbers for the Fourier coefficients. The matrices themselves have nice interpretations (eg, interactions of unordered pairs or ordered triples of elements in the permutation), but the actual entries of the matrices are all but impossible to motivate, imho. (Much like how it's easier to understand the magnitude of a regular Fourier coefficient than the phase.)

ssivark 3 hours ago 0 replies      
A related article that some might find interesting:

Why does Deep Learning work? - A perspective from Group Theory -- https://arxiv.org/abs/1412.6621

crb002 6 hours ago 0 replies      
groupMembership :: Perm -> Bool

semigroupMembership :: Endo -> Bool

The latter is much more interesting.

eachro 9 hours ago 1 reply      
Would love to hear people's thoughts on this. I don't have the mathematical background to understand this work.
George Church ascribes his visionary ideas to narcolepsy statnews.com
43 points by sndean  15 hours ago   22 comments top 4
dnautics 9 hours ago 3 replies      
I think the general reputation among the, say, postdocs (generally intelligent and creative but cynical and past the naivete of the grad student) in synthetic biology whenever Professor Church makes an announcement, is that yes, that was something we had mused about but we know already culled it as a bad idea or an idea not worth pursuing at the moment ("I can't believe he actually had the audacity to propose doing that"), and a generally feeling of pity for the grad students and postdocs who are obligated to work on it. Of course that limits the pity to the seen; think of all the poor souls tirelessly working on the project that either totally failed or were a just a cog in the machine on a giant effort that would probably have taken less time and less effort if only the community had waited for the tools to become marginally more sophisticated.

Of course when you are as politically connected and as well known as Professor Church, you can afford to burn people on these impractical efforts, which of course cements your reputation as being successful at doing the marginally possible (or unuseful but with a wowworthy headline), which attracts grad students and postdocs who either blindly or cynically chase working for someone who will improve their reputation, and also makes it possible to further secure funding for crazy projects that anyone else would be laughed at for pursuing (if they were unsensible enough to do in the first place).

Mz 8 hours ago 1 reply      
I have two 2xe sons. One of the metaphors we came up with is that they aren't legless lizards who need a bunch of prostheses to replace their missing limbs. They are snakes and they need to be allowed to travel by slithering, as they were intended to. Adding prostheses would be an active hindrance to their ability to be themselves.

Hopefully, the neurodiversity movement will come up with better ways to convince people that they are different rather than broken and with better framings for how to help them interact effectively with the rest of society without trying to force fit them to some mold of "normal."

jaggederest 9 hours ago 2 replies      
Unfortunately as far as I am aware the studies of various mental disorders and neurological issues all seem to indicate that, comparing two identical people with or without the disorder, the disorder is purely a handicap.

If you could eliminate the disorder while leaving the remainder of the brain untouched, they'd be better off, full stop.

Of course you can't, we all have to work more or less with the neurology and physiology we've got, and given that, it's good to build in flexibility and understanding and the accommodations that we see in modern society.

I think there's huge value in being compassionate for every kind of person - imagine if Mr. Church were kept from his work by the disorder?

mythrwy 8 hours ago 0 replies      
Sleeping whenever you want is a good idea IMOP.

I do it (not narcoleptic, just like to sleep whenever the mood strikes). Sometimes 2 naps during the working day, almost always at least one. 10-15 minutes tops usually, just barely fall asleep then back awake.

This should be tolerated at work I think.

Culture Clash at a Chinese-Owned Plant in Ohio nytimes.com
77 points by vthallam  7 hours ago   60 comments top 11
bduerst 6 hours ago 3 replies      
Glass is heavy and brittle, making it both expensive and difficult to ship.

Many glass mills need to be within a certain mile radius of the factories they supply because of this. NYT missed this in the article.

analyst74 4 hours ago 2 replies      
Out of curiosity, is it a common practice to require foreign companies opening American branches to have a "predominantly American management corps"?

I always assumed that multi-national companies tend to send executives from their headquarters for strategic decision making, and only hire local managers for execution.

grapeshot 5 hours ago 0 replies      
Reminds me of what happened in the 1980s with Japanese buyouts of American TV manufacturers.


I don't know if history offers any good solutions here though.

arthur_trudeau 6 hours ago 2 replies      
It's somewhat surprising for the NYT to put forward the proposition that ethnocentrism and disregard for worker safety is a part of Chinese culture, but I guess I'll take their new wokeness as a sign of progress.
nfriedly 6 hours ago 0 replies      
I drive past this plant on occasion, and I think it's been a generally positive impact on the area. It was kind of sad when the old GM plant shut down and sat empty for several years.
tuna-piano 5 hours ago 3 replies      
China is a gigantic investor in the USA. Whenever you hear the term "trade deficit" that the US has to China, there is an identical amount in "investment surplus" that the US gets from China.

That investment is everywhere - in our stock market, in our government debt, in our real estate and in our Ohio Windshield plants.

Every time you buy an iPhone, you're handing China hundreds of dollars which they then invest in America.

We very literally gave them a Windshield plant in exchange for consumer goods.


nodesocket 6 hours ago 1 reply      
Makes absolute sense for Fuyao to move where their customers are. I also applaud the US growth and job creation they are creating in the process.
omegaworks 4 hours ago 2 replies      
>Such lapses are common in the brutally competitive auto parts industry... but they can easily lead to amputation or even death.

This is exactly why these regulations need to exist and be enforced as strictly and evenhandedly as possible. If they didn't exist, your competitors will implement any measure, including ones that compromise worker safety, to undercut your prices. Market forces will attempt to shape this industry to be the leanest it can possibly be.

Capitalism can grind fungible labor into a literal pulp if it is allowed.

lacampbell 5 hours ago 1 reply      
I am glad that in some countries there is still an ethos of standing up for your own citizens. I couldn't imagine any action being taken against a Chinese company for discriminatory hiring practices in New Zealand or Australia, where such discrimination is rampant, not only in employment but also in real estate.
jbscpa 4 hours ago 0 replies      
"Take This Job and Shove It"

A corporate executive is assigned to help improve the efficiency of a small-town brewery in this comedy inspired by the Johnny Paycheck song. When the small town turns out to be his old hometown, however, the executive finds himself torn between his loyalties to his company and his old friends.

MachinShinn- 2 hours ago 1 reply      
Do you know why manufacturing left America? It has nothing to do with costs. It has everything to do with regulations and attitudes.

If you want a manufacturing industry, workers WILL get killed on site. Workers WILL get cancer from dangerous chemicals. There's no free lunch. Everyone knows this, but somehow we care more about a high school dropout getting exposed to fumes in a factory than one that ODs on heroin because he has zero job prospects.

Either blue collar workers die at 65-70 after a lifetime of work related exposure, or they die at 30 due to drug overdose. Those are your 2 and only 2 choices.

       cached 12 June 2017 07:02:02 GMT