hacker news with inline top comments    .. more ..    14 Jun 2017 News
home   ask   best   2 weeks ago   
1
How I Found a 20-Year-Old Linux Kernel Bug ocallahan.org
66 points by cesarb  1 hour ago   5 comments top 3
1
dom0 18 minutes ago 0 replies      
Linux ~4.7 or so fixed a bug in fadvise, specifically FADV_DONTNEED, that incorrectly rounded page boundaries to the effect of making some calls less effective. Found and fixed by a developer who wondered why his page cache was filling up, even though the backup software he used made use of DONTNEED :)

The bug was in from day 1.

2
hultner 1 hour ago 1 reply      
It's always nice to see fixes of problems found with improved testing. It would be nice to see something like Haskells QuickCheck rigorously applied on the majority of the kernel functions/interfaces.
3
metalliqaz 29 minutes ago 1 reply      
I have not ready anything about this bug, other than the very short description in the linked blog, however this seems like a bug that would have been flagged by a static analysis tool. I know they've been used on the kernel (e.g. Coverity) Very surprised it survived until now.
2
Show HN: Get Paid to Build Your Next Side Project demandrush.com
693 points by hackerews  8 hours ago   319 comments top 61
1
sanbor 6 hours ago 22 replies      
Photoshop license costs $348 a year. If 1000 people get together and put $400 each, you'll get $400000. That money could be used to leverage a Gimp to be more Photoshop-users friendly. Then you don't have to keep with the subscription model. You have a great piece of open source software available for everyone to use as long as they want. You can do another round to get more features added.

This solves the issue that you get with subscription based services, which is that if you stop paying every month/year you loose access to the tool to do your work.

Instead of building yet another SaaS wouldn't be smarter for users to gather and pay for a software libre solution?

2
avaer 7 hours ago 4 replies      
> GET PAID TO BUILD YOUR NEXT PROJECT

> Choose a problem below to get started.

Get paid to build _my_ next project or _your_ next project?

This is clearly a two-sided platform, but the messaging seems conflated: the headline speaks to builders and the instructions speak to end customers.

3
pc86 6 hours ago 4 replies      
> Industry-specific deep learning interviews and walkthroughs

> 1 customer paying $5/mo

Sounds about right.

4
baron816 6 hours ago 2 replies      
I think this has the potential to introduce an interesting auction model. People might want to join in, but not at the initial price point. What if everyone proposed wanting in on project stated their maximum price point, and the winning application to solve would get the price they bid at for everyone above that level. In other words

customers_offering_prices = [1,1,4,15,30,30,40,80,100,150,175,10000]

winning_applicant_price = 40

winning_applicant_revenue = [40,40,40,40,40,40].sum

The last 6 customers receive the product and they all pay 40. Essentially a modified Vickrey auction. Everyone has an incentive to bid exactly what the product is worth to them.

Edit: >Everyone has an incentive to bid exactly what the product is worth to them.

Actually not true if applicants see the bids. In my example, the the best applicant would want to bid 10000 because that would maximize revenue, but exclude everyone before that. Customers would adjust their bidding as a result. But applicants should know much they can expect to receive if they win so they can bid correctly.

5
TekMol 3 hours ago 1 reply      
"Copyright 2017 DemandRush" - I'm always surprised when I see these types of statements on US based websites.

In Europe, this would make no sense. A website is not a legal entity, so it can not be a copyright holder.

Does the statement make more sense in the US, or is it just a common misconception among people who build websites?

The terms page says "Welcome to DemandRush, a website and online service of Grafly, Inc". So I would expect the real copyright holder is Grafly Inc?

6
fomojola 7 hours ago 0 replies      
Love it! I'd specifically highlighted this concept in the thread for Oppslist (https://news.ycombinator.com/item?id=14469317): maybe there's an opportunity here to handle both sides of the market, both soliciting ideas and driving work to the ideas?

Still not sure how you handle avoiding imposters: for things like the accounting solution that's on the top of the site I think there is huge potential for abuse in either direction (either devs phishing for data or companies refusing to pay for solutions). Good luck!

7
BoorishBears 7 hours ago 8 replies      
This looks like such a cool idea, but already you see that the problems presented seem to be seriously underestimating how complicated what they're trying to do is. For example, detecting specific text in an image? 10 minutes in OpenCV. Detecting any text at all in any format in an image? I don't even know where to start. Maybe 10 minutes in OpenCV if they constrain the kind of text, otherwise ML? It feels like an unboundedly complicated problem.
8
kirillzubovsky 2 hours ago 5 replies      
I find it a little funny how unrealistic people can be when evaluating the cost of their problem. Take this one for example: "We have hundreds of images uploaded to our app each day. The issue is some of these images have text that we want cropped out." -- willing to pay? $75/month. Baller!

Chances are this is a problem for a data-mining / ai-training platform that wants to create a better image set. They are charging clients tens of thousands of dollars, and yet willing to pay $100/month to improve the data. lol

9
pkamb 4 hours ago 3 replies      
Does anything like this exist for putting bounties on small scripts / extensions?

I just posted these questions yesterday, in the hope of finding solutions to a couple common annoyances I have with Google search:

https://superuser.com/questions/1218986/keyboard-shortcut-to...

https://superuser.com/questions/1218989/how-to-maintain-orde...

I don't want the overhead of "hiring a freelancer" to do the work. But I'd definitely pay a bounty if someone came in with the answer / script / extension / app that solved the problem.

10
mgkimsal 2 hours ago 0 replies      
Wish there was a way to ask people for clarification.

> https://www.demandrush.com/problems/fantasy-scifi-subscripti...

> I'd love a Netflix-style platform, website or app that, where I'd have a selection of high quality books to choose from.

Amazon has a 'unlimited book rental' subscription model (I know not all books are in there).

"What systems has this person already looked at, and why were they rejected?"

That probably needs to be a base question.

11
enknamel 12 minutes ago 0 replies      
The site is down right now for me. Is this like Patreon but for open source projects? If so, I would love that.
12
rdudek 7 hours ago 8 replies      
"Subscribe to news without paying $30/month per website"

I don't think there is a legal way of actually doing this.

13
iandanforth 4 hours ago 2 replies      
I would strongly suggest that there be an option to list existing solutions. A sustainable model means identifying real needs, not duplicating products that people are merely ignorant of.
14
sjbase 53 minutes ago 0 replies      
Super cool idea, but there's a ton of potential for misunderstanding. Example:

User: "I want {A}."

Winning developer: builds {a}

User: "This is useless to me. I wanted {A}, not {a}"

Developer: "But you never said you were case-sensitive!"

It can easily go the other way, with the user saying "Well i said {a}, but I meant {A}. {a} is useless to me." Who pays when nobody is clearly in the wrong about some ambiguity? The FAQ hints at an "initial 3 month subscription." Am I missing more info on the process?

15
vlokshin 6 hours ago 0 replies      
Interesting concept, if the balance can get figured out right (making sure customers or devs aren't getting screwed).

There should also be a discussion section.

For example, I see:>Can't find good replacement for expensive accounting/bookkeeper service

I'd love to recommend Bench.co (use it and love it) and avoid someone wasting their time. It's much more affordable than 500/mo.

I do love the concept though. @OP: I'll share this with the https://turtle.ai/ developer community and see if there is any interest.

16
OzzyB 7 hours ago 1 reply      
I love the idea and initiative!

My only concern is that this is a little "race to bottom"; most if not all the entries are along the lines of "I already have X but I'm paying too much!"

I guess this is great for solo entrepeneur/developers, hell, if I know for certain I had 100 people waiting to pay me $50/m for X, I would definately consider building it :)

17
19eightyfour 7 hours ago 0 replies      
This is such a great idea. And you nailed the marketing and message.

It's like a democratized efficient tender process driven by the market. Brilliant and beautiful! I really feel you shall be able to capture a lot of value and create alot of value from this. Well done!

18
gremlinsinc 7 hours ago 1 reply      
This reminds me of what assembly was doing where people would list startup / app ideas then teams would form and build the idea and I think a few businesses came out of that.
19
tarr11 6 hours ago 2 replies      
I actually need the first item listed there (InDinero replacement), but I signed up and am sort of confused?

I would very likely pay for this feature, but I'm not willing to commit to much unless it works. I would pay a nominal amount to "kickstart" it I guess, and have the option to sign up later.

But it's a fairly nasty problem - porting your books a proprietary platform to QuickBooks seems full of traps.

20
jmull 4 hours ago 0 replies      
I guess I get it (maybe ?):

There are already many, many marketplaces for tech development of all shapes and forms.

For this one I guess it's:

Hey, people who want some tech developed: If you can formulate your problem as an interesting side project you will (1) be likely to find someone actually willing & able to do it cheaply; (2) you are likely to be able to aggregate your buying power with another buyer; (3) you pay a subscription so it isn't a large up-front cost.

and;

Hey, tech developers who like to do interesting side-projects: Here's a bunch of interesting side projects that you might have done them anyway, except here you will (might) get paid to do them!

One way to look at it is in comparison to kickstarter. In kickstarter, a producer runs the campaign by championing an idea and setting a funding model and the consumer can choose to buy in by providing dollars. Here, the consumer champions the idea and sets the price, the funding model is a subscription, and producers can choose to buy in by providing work... and also more consumers can buy in by subscribing with dollars.

I guess for this market to work, it has be be more efficient at satisfying the demand for X-aaS development than existing markets, though I don't know how it might be.

21
AndrewKemendo 7 hours ago 0 replies      
This looks like an idea/market validator posing as a job listing market. Brilliant.
22
nonconvergent 2 hours ago 2 replies      
A few of these can be solved with a comment.

"Need to see revision history for View-Only Google Docs" - Don't use a shared Google Doc as the agent of record. Email it to each other as an agreed contract.

"Can't find good replacement for expensive accounting/bookkeeper service" Have you tried literally anything else? You're paying $500/month for this solution, have considered just getting an accountant and emailing him spreadsheets?

"Monthly subscription for science fiction and fantasy books""Subscribe to news without paying $30/month per website" - Existing solutions already exist and require a supply chain and distribution rights negotiation more than they do a developer to slap it into a webapp.

23
avip 3 hours ago 0 replies      
First I absolutely love the idea, and even more the execution, of this site.

Several questions about where could this go post 1-day HN buzz:

1. How are existing solutions being presented to the ignorant "wannabuy"?

2. How is this list sorted?

3. How are duplicates managed?

4. Where is the "discussion" required to even minimally spec the ideas and bring them to a buildable form?

24
civilian 2 hours ago 0 replies      
For "Automated time tracking from Google Apps/Slack":

Toggl is a great service, works in the web or as a desktop app, and has slack integration: https://toggl.com/slack-time-tracking

25
amelius 6 hours ago 6 replies      
> Identify location of text in an image ...for... $75

This is what my doctor charges for a flu vaccination.

I guess I've chosen the wrong profession.

26
gricardo99 5 hours ago 4 replies      
>Monthly subscription for science fiction and fantasy books

Isn't that the public library?

27
mabynogy 5 hours ago 0 replies      
Same idea than Opps List with a different perspective: https://www.oppslist.com/

The idea is good but it's difficult to use because you can't reach the people.

28
jclardy 3 hours ago 0 replies      
I like the idea, but I find the site a bit confusing. What is a "pre-subscription"? Are people paying their suggested monthly fee up front? It says that the site makes money from the first three months, so when you sign up are you already subscribing to a nonexistent service?

And as for "solving", what if they fail? Is it no commitment? Is any of the funding up front, or is it just built on the promise of possible future subscriptions?

I think the idea could work, but directing the balance between both sides is going to be the problem, a lot of the "buyers" are wanting to pay an amount that will work at scale (like $5/mo) but not really if someone is trying to bootstrap a solution.

29
RandyRanderson 55 minutes ago 0 replies      
This is a really good idea! You need to force ppl to upload some graphics, though.
30
goatherders 7 hours ago 2 replies      
Isn't this exactly how Freelancer/odesk/whatever work now?
31
pascalxus 5 hours ago 0 replies      
This is a great start! There is a huge demand for more opportunities like this. Entrepreneurs and businesses are so tired of building yet another useless app, out of sheer lack of problems to solve. But, with a site like this, you can find problems that are actually problems. The site just needs more customers and more problems.
32
id122015 3 hours ago 1 reply      
So this is similar to crowdfunding except that we can ask what we want to be built ?

What I'm willing to pay for but cant easily develop myself is to add features from OSX to linux. Not too many, I'd start with:

- a graphical browser like Finder where I could color tag files.

- UI/UX: do something about easier configuration of the trackpad. Even when I installed linux on Macbook the trackpad does not work the same or does not have all the tapping actions instead of clicking. I cant even drag files/links to file-browser-sidebar/dock or such things.

33
kuldeep_kap 3 hours ago 1 reply      
It's interesting how there are more comments and votes here in HN post than the projects posted and voted on the app.
34
rkeene2 1 hour ago 1 reply      
Feature request: RSS feed, so I can see when new projects are added
35
cylinder 6 hours ago 0 replies      
For the top two requests, Bench exists for book keeping and Blendle for news
36
0verc00ked 3 hours ago 1 reply      
This is a great idea. I'm curious to see how it evolves.
37
cphoover 6 hours ago 0 replies      
Just not enough money...
38
adamb 6 hours ago 0 replies      
Cool seed for a community! Seems to lack a place for discussion about submitted ideas, so I'll follow others' lead and discuss here.

The "industry specific deep learning" project is similar to something I'm working on right now. Though I'm not planning to charge for it.

To any folks here interested in this: Are you looking for a tool to get started in ML or for a resource to apply existing ML knowledge to a specific (possibly new) domain?

39
grogenaut 4 hours ago 0 replies      
A few of these can be solved other ways or need more deets. The Google doc one for instance really just should go to am esigner. Or if this is a more light weight internal thing then Google docs needs mutable git like tags.

To me this is almost begging for a s/o style comment section.

40
hmhrex 4 hours ago 0 replies      
Surprisingly there's one in here that I'm already starting to work on. That at least confirms to me that I'm not THE sole person who wants this service. Applied. I'm interested to see how this process works.
41
conmarap 4 hours ago 0 replies      
This is pretty cool! I found myself reading through all of the entries I can see and even cook up some solutions on the spot. However, how do you make a profit off of it? Do you take a cut of the end cost?
42
darepublic 2 hours ago 0 replies      
You're dangling 100 dollars for problems that is solved could be million dollar solutions. Come on.
43
pvsukale3 5 hours ago 0 replies      
shouldn't it be " Get paid to build someone else's project"?
44
demarq 4 hours ago 0 replies      
I think you might need to vet some of those customers for ethics. Some of the things being asked for are inherently illegal.

On the other hand, it seems there is a ton of money to be made on the site!

45
jeremiahwv 3 hours ago 0 replies      
Service that allows me to get paid for my next side project [451+ customers, each paying $XX per month]
46
lettergram 6 hours ago 1 reply      
Damn, this was literally a project I started working on.

Although, I had a slightly different way of going about it and different way to charge, I love the idea!

Gratz to OP. I'll definitely be submitting, and maybe I'll still come out with mine at some point.

47
inputcoffee 7 hours ago 1 reply      
Can only one person "apply" to solve it?

I'm thinking of the kickstarter problem: vaporware.

If, over 6 months, 5 people apply to solve a problem, who gets the subscribers?

The first one, I hope not.

Each subscriber chooses?

P.s. Very interesting idea. Something in this direction will be useful.

48
sqeaky 6 hours ago 1 reply      
Blocked by my work's filter under the category "malware".
49
hashkb 7 hours ago 1 reply      
These customers/RFPs are way below market rate for software development. Given the reality of working with clients, these proposals are likely to result in developers taking a bath.
50
bluetwo 5 hours ago 0 replies      
I would be curious what the business plan for this site looked like.
51
TomK32 5 hours ago 1 reply      
You missed a great chance by not putting a newsletter onto it.
52
cdiamand 5 hours ago 0 replies      
Very cool! Will be watching this to see how it evolves.
53
soared 6 hours ago 0 replies      
I can't access the site.

https error: NET::ERR_CERT_AUTHORITY_INVALID

54
Arqu 7 hours ago 0 replies      
Love the idea, especially for quick and interesting side projects.
55
skdotdan 5 hours ago 0 replies      
Awesome. Great idea, nice execution.
56
wellsjohnston 6 hours ago 2 replies      
How is this different from Upwork?
57
dsacco 3 hours ago 2 replies      
I wish these weren't all subscription-based, because this could work for the exact thing I want:

I will pay $100 - $500 for an Arq Backup[1] clone on Linux, with the same UI polish as Arq for macOS or Windows, optional encryption, deduplication and supporting all the same backup locations, including:

* AWS S3/Glacier

* GCP Nearline/Coldline

* Backblaze B2

* Dropbox

* SFTP

* NAS

* Google Drive

If you're absolutely going to force monthly subscription pricing down my throat, I guess I'll pay up to $20/month. I want this badly.

I know about rclone, Duplicity, Duplicati, that awesome rsync/cron workflow you have, etc. I want Arq (or something just like it). Arq works flawlessly - it is absolutely superlative when it comes to backups on Windows and macOS.

I use an Ubuntu workstation as my daily driver at home and I have a MacBook Pro. Through very careful configuration I have gradually made Ubuntu about as enjoyable to use as macOS (with the exception of 1Password, which has to run under Wine). But I don't want to use the command line, or handle an API myself, or keep track of cron. Duplicati was the closest thing to what I'm looking for, but it's cludgey and started not working for me recently.

I know polished UI isn't exactly the first thing that comes to mind when you think of Linux. But if you're the kind of person who makes "Ask HN: What is your pain point?" posts or who is looking for a problem to solve, this is a burning problem I am willing to throw money at.

EDIT: I'm adding a bunch of HN comments to demonstrate the interest I've seen for this.[2][3][4][5][6][7]

____________

1. https://www.arqbackup.com/

2. https://news.ycombinator.com/item?id=14403321

3. https://news.ycombinator.com/item?id=11742226

4. https://news.ycombinator.com/item?id=9185632

5. https://news.ycombinator.com/item?id=5718015

6. https://news.ycombinator.com/item?id=13360604

7. https://news.ycombinator.com/item?id=13011339

58
aub3bhat 6 hours ago 0 replies      
>> Identify location of text in image. We have hundreds of images uploaded to our app each day. The issue is some of these images have text that we want cropped out.

There you go [1] originally from [2]

[1] https://github.com/AKSHAYUBHAT/CTPN/blob/master/demo.ipynb

[2] https://github.com/tianzhi0549/CTPN

59
s73ver 5 hours ago 0 replies      
Cool idea, but it seems like some of these are beyond the realm of a "side project". Like the News Aggregator one (https://www.demandrush.com/problems/news-aggregator-paywall). That one you couldn't really do without getting a lot of license deals with content providers. That already puts it out of the league of what most are able to do as hobby projects.
60
haidrali 6 hours ago 0 replies      
Love the concept, just submitted my side project now waiting for response Thumbs Up
61
subhsandhu1 4 hours ago 0 replies      
<a href="http://www.desilyrics.in/2017/06/main-agar-lyrics-tubelight-... Agar Lyrics Tubelight</a>: A new recently released Hindi Songs sung by Atif Aslam and composed by Pritam, while Main Agar lyrics penned by Kausar Munir. Featuring Salman Khan and Sohail Khan.
3
Beginner's Guide to Linkers (2010) lurklurk.org
91 points by antognini  4 hours ago   7 comments top 4
1
briansteffens 2 hours ago 1 reply      
One thing I found really interesting while playing around with gdb on a program with dynamic linking is that functions are linked lazily when they're first called. So rather than hooking up calls to printf/fopen when the program starts, those calls instead get hooked up through an intermediate table to jump into the dynamic linker's resolution code. The first time each dynamically-linked function is called, it goes through a process of looking up the symbol. Once it finds the actual address of the called function, it writes a jump to that resolved address over the spot in the intermediate table so subsequent calls won't repeat the lookup logic.

Pretty cool to watch it happen. The call lookup code in the dynamic linker involves a bunch of strcmp calls, which makes sense, but I still found surprising for some reason.

You can set the environment variable LD_BIND_NOW to make it do all these lookups at startup time.

2
dugmartin 1 hour ago 0 replies      
One of the most fun work projects I had early in my career was writing a linker for PE files for an embedded PLC. Another team was writing some gcc compiler extensions and an emulator for the PLC that ran on Window's PCs with all the emulator code stored in DLLs.

The idea was pretty cool - you could write and test ladder logic in a Window's GUI and then click a button to generate an .exe file and upload it to the PLC. The PLC's RTOS would then call my linker code which would link up the symbol tables for the DLLs with the embedded code in the PLC and do some other minor relocations. By putting all the ladder logic code in the loaded .exe they were able to optimize for size/speed (using gcc and heuristics of the ladder logic diagram) instead of running a ladder logic interpreter in the PLC.

If you ever get a change to play around with a linker I'd suggest you do. It's one of those "aha" moments in CS about the userland/OS boundary.

3
pjmlp 2 hours ago 1 reply      
The "Turbo Pascal Compiler Internals", is also a nice source for it, for an alternative view not C based.

Beware that the content is not related to the original Turbo Pascal.

http://turbopascal.org/linker

Or Oberon's dynamic linker based on strong typed packages, chapter 6 on http://www.inf.ethz.ch/personal/wirth/ProjectOberon/PO.Syste...

4
gbrown_ 2 hours ago 0 replies      
Was going to throw the obligatory mention of John Levine's Linkers and Loaders but I see the author lists it as an additional reference along with some other interesting nuggets.
4
Bugs You'll Probably Only Have in Rust gankro.github.io
256 points by Gankro  6 hours ago   38 comments top 6
1
erickt 6 hours ago 0 replies      
One of the most important tools when writing unsafe rust is compiletest [1]. It's a tool extracted from the compiler project that lets you write tests that are supposed to fail compilation. Since safe abstractions rely on the type system to make unsafe code safe, it's critical to make sure the compiler is properly rejecting code. I wrote a post about this years ago when I got hit by one of the bugs Gankro wrote about [2].

[1]: https://github.com/laumann/compiletest-rs

[2]: http://erickt.github.io/blog/2015/09/22/if-you-use-unsafe/

2
wyldfire 6 hours ago 5 replies      
> Making unsafe a big scary "all bets are off" button is only compelling if most of our users don't need to use that button. Rust is trying to be a language for writing concurrent applications, so sharing your type between threads requiring unsafe would be really bad.

It would be neat if we could decompose unsafe like so "unsafe[this_feature,that_feature] {}". The unqualified "unsafe" could still refer to a global "free reign", but you could opt-in to "only let me violate these specific rules." It would be a hint to maintainers and might help make the std lib and other core libraries be/remain defect-free.

Another interesting "oh shoot" w/unsafe that I'm curious about: when I intentionally/unintentionally alias two variables in my unsafe block, this will invalidate assumptions made elsewhere in safe code. This is my unsafe block's bug, but it seems like something that could take a good while debugging to attribute back to my unsafe block. I don't think there's a good resolution to this one other than perhaps documentation/best practices.

3
kibwen 6 hours ago 0 replies      
So happy that Gankro is back writing things about Rust, and especially delighted to hear that the Rustonomicon is going to be fleshed out more. :)
4
bluejekyll 3 hours ago 0 replies      
I have to say, these RCA's of the various bugs are great for getting a better understanding of the internals of the language.

In a lot of ways it makes me trust Rust even more, because there is a deeper understanding of exactly how these guarantees are made.

5
halestock 4 hours ago 6 replies      
Question for the rust folks - are there any features that wouldn't have been possible without "unsafe"? That is, if rust never had unsafe, would it have been fundamentally limited in any way? Or is it required for e.g. interoperability with C?
6
tonydanza 6 hours ago 1 reply      
5
We analyzed thousands of interviews on everything from language to code style interviewing.io
127 points by emilong  4 hours ago   63 comments top 12
1
Jemaclus 3 hours ago 9 replies      
> Furthermore, no matter what, poor technical ability seems highly correlated with poor communication ability regardless of language, its relatively rare for candidates to perform well technically but not effectively communicate what theyre doing (or vice versa), largely (and fortunately) debunking the myth of the incoherent, fast-talking, awkward engineer.

My interpretation of this is that interviewees who can communicate clearly about code (whether they wrote it or not) correlate with high technical ability. Does this suggest that rather than having the interviewee write code on the spot, one could give them some new code they've never seen before and ask them to reason about it aloud for 30 minutes, then gauge their technical ability based on their ability to communicate clearly about the code?

In other words, could you replace live-coding with "here's some code, tell me about it"?

2
thenanyu 5 minutes ago 0 replies      
Judging by this graph in the article, and somewhat counter to the claim in the article: https://plot.ly/~aline_interviewingio/952.png?share_key=Htks...

Looks to me that interview length is correlated with success rate. If your interviewer stops before 60 minutes, there's a bias towards successful interviews. It seems like the interviews that end up being "no"s tend to get hard-stopped right at the 1-hour mark.

3
skylark 3 hours ago 1 reply      
Overall, the data lines up with my own intuition, but I thought I might throw my own interpretation into the ring.

One of the biggest keys to doing well on technical interviews is to completely separate the problem solving from the coding. The strongest interviewers will discuss the problem and solve it at an abstract level using diagrams. Once satisfied with the solution, they'll code the entire thing making few mistakes.

I think this is what drives most of those metrics. Strong interviewers submit code later, and have a higher chance of it being correct because they take the time to problem solve upfront. Their thought process seems more clear because there isn't the iteration of "this should work, let me code it, oh no wait, that's wrong, let me erase this now..."

4
NumberCruncher 2 hours ago 2 replies      
>> An average, successful candidates interviewing in Python define 3.29 functions, whereas unsuccessful candidates define 2.71 functions. This finding is statistically significant.

The "average" is too sensitive to outliers and should not be used for such a comparison...

[Edit] Being bored I calculated the Kolmogorov-Smirnov statistic based on the chart. It is between 10%-10.5%. The number of defined funtions seems to be a significant but weak indicator.

5
janwillemb 2 hours ago 0 replies      
The title is quite clickbaity: "We analyzed thousands of technical interviews on everything from language to code style. Heres what we found."

What's wrong with this, I think, is that a (journalistic) title should give an ultra-condensed summary of the main point of the article. This title suggests that the authors gathered a lot of data but didn't find much.

(I find myself quite intrigued by clickbaity titles somehow, sorry for that.)

6
crobertsbmw 3 hours ago 2 replies      
None of the graphs are loading for me. It says "If the problem persists, open an issue at support.plot.ly" Unfortunately, I have to pay money to file reports...
7
javabean22 16 minutes ago 0 replies      
Here is a hint. If you aren't a fresh graduate avoid companies making you code in a browser under a time pressure.
8
pklausler 2 hours ago 0 replies      
I like to ask one question that probes basic analytic ability and a second question that probes programming aptitude. Generally, the first question either takes 3-5 minutes or the whole 45-50. It's usually a problem of the form "write a predicate (Boolean-valued) expression that is true when..." applied to something simple, and it's a basic test of being able to use relations and logical operations to characterize a situation. It's depressing how many great-looking candidates with awesome degrees, resumes, and phone-screen performances get stuck trying to describe how to tell whether two calendar entries (just start/end times) conflict with each other.
9
FLUX-YOU 38 minutes ago 0 replies      
If you filter the interviews to only interviewees who:

- liked the person

- rated the questions 3 or 4 stars

- gave the interviewer 3 or 4 stars for being helpful

Do the trends still hold?

How are those trends compared to only looking at interviews with:

- disliked the person

- rated the questions 1 or 2 stars

- gave the interviewer 1 or 2 stars for being helpful

10
leeny 3 hours ago 2 replies      
Graphs have been fixed! Sorry about that, HNers.
11
bovermyer 2 hours ago 0 replies      
There's just one problem: this assumes that code challenges are present in all (engineering) interviews.
12
snissn 2 hours ago 1 reply      
What is the blue bar on top of the page?
6
Creating a Computer Science Canon (2003) [pdf] colorado.edu
31 points by lainon  1 hour ago   16 comments top 3
1
justin66 35 minutes ago 0 replies      
It is ironic that a paper calling for a CS canon does not follow any of the ACM or IEEE formatting guidelines for submitting a paper, such that a reader could tell when it was published.

So this paper came out at some point in the last... fifteen years?

edit: thanks for updating this with the date

2
llimllib 1 hour ago 11 replies      
Can we put together all the listed papers here? Reply with one if you know where it is. One paper per reply please.
3
Upvoter33 23 minutes ago 1 reply      
Came to see the CS Cannon. Left learning how to differentiate Canon and Cannon.
7
ACME v2 API Endpoint Coming January 2018 letsencrypt.org
22 points by okket  1 hour ago   7 comments top 4
1
circlingthesun 8 minutes ago 0 replies      
Do we get wildcard certs?
2
diafygi 25 minutes ago 2 replies      
I will update acme-tiny, letsencrypt-nosudo, and gethttpsforfree.com to support ACME v2 when it is released.
3
atonse 13 minutes ago 0 replies      
This would be great especially for paid alternate CAs, so we can automate renewals, etc easily.

You could also bring functionality similar to Caddy, for other CAs.

4
yRetsyM 26 minutes ago 1 reply      
The blog post was a little vague on what the changes are to the standard.

Found the repo were development is being managed: https://github.com/ietf-wg-acme/acme

8
Another Case of Obscure CPU Nondeterminism ocallahan.org
48 points by gbrown_  2 hours ago   2 comments top
1
dom0 1 hour ago 1 reply      
rr := https://github.com/mozilla/rr

rr is a lightweight tool for recording and replaying execution of applications (trees of processes and threads).

9
Show HN: Password-protect a static HTML page robinmoisson.github.io
196 points by yoble  6 hours ago   102 comments top 25
1
roywiggins 4 hours ago 4 replies      
In highschool I realized that my school's grading system was using a javascript scheme to control access to grades online:

1. Concatenate the username and password, hash the combination

2. Name the HTML file with the grades using that hash

3. When the user logs in, calculate the hash in Javascript and redirect to that HTML page.

In theory, you can only work out the URL of the page if you have the username and password in hand. I'm sure it was pretty trivially bruteforcable, but aside from that it seemed sort of okay.

Until I realized that directory listings were turned on, and the directory that had all the HTML files sometimes had no index.html, thereby rendering the entire obfuscation scheme moot.

(n.b. I was too ethical to use this to peek at anyone's grades! I did try to report it but it was never clear to whom to report it to, and since every teacher generated these files using their own copy of the program, there was no obvious central place to report this to. A couple of years later online grades were centralized into a different system)

2
fredsted 4 hours ago 5 replies      
Encrypted page includes javascript from 2 CDNs, one for jQuery and one for "crypto-js". The jQuery one has an integrity hash, but "crypto-js" does not. Granted, they both use HTTPS...

Doesn't seem very secure to include external JS on an encrypted page.

Why not include those things inline?

And why does it need jQuery for a simple 1-input form field that decrypts a string?!

3
jszymborski 3 hours ago 0 replies      
I remember in ~2005-2009 while I was in high school, javascript password-protection was my main interest, since I only had access to free hosts that hosted static files.

Most of them just focused on obfuscating the password in the source (most by encoding, the fancy ones through some opaque evals), but I came across one during that time that claimed to use AES and even had a not-insignificant cash prize for defeating it.

I really wish I could find that site... would be fun to give a shot at cracking it given what I know now.

Anywho, in my search for that site, I found a pretty good tutorial considering it's age (1997!) on implementing DES in javascript to achieve something similar[0].

[0] https://www.javacrypt.com/Course/

4
syphilis2 2 hours ago 4 replies      
It does not seem to work for me on multiple machines. I just get an incomplete HTML file that ends abruptly after the "border-top" CSS line. There is no closing semicolon to the line, the file just ends in the middle of the style element.

My input doesn't seem to matter, but I used:

<html><body>Hello</body></html>

Password: abcdefg

5
shams93 2 hours ago 1 reply      
Back in the day we used to use Apache basic authentication for this, that was before single page apps. Not you do have jwt that is explicitly designed to handle things like offline progressive web app logins.
6
devy 5 hours ago 1 reply      
I remember 3-4 years ago when I was working with a major wall street financial company to integrate with their credit card processing gateway, some of the private and sensitive information (contracts, testing reports etc.) had already been communicated with a similar but proprietary AES 256 based encryption on a static HTML page via email attachments as a way of secure communication. The intended recipients would get an invite to their site to register/login to get the passphrase to unlock the encrypted static HTML doc. This could have been the standard practices in many financial firms theses days (when they are not using PGP/GPG encrypted emails)

Edit: redacted the name of company.

7
Steeeve 38 minutes ago 0 replies      
That is awesome!

I would love to see it worked out in a way that it would output different content depending on password.

8
Animats 53 minutes ago 0 replies      
There's basic authentication for protecting static web pages. It's no better or worse than any other password scheme.
9
nealrs 2 hours ago 0 replies      
Pretty pretty neat. I built [something pretty similar](https://devpost.com/software/cryptopostal) to give my address to family & friends during the holidays. Includes a node generator to make your own. Enjoy :)

[video demo](https://youtu.be/zevMEiR2CZY)

10
examancer 3 hours ago 0 replies      
Simple and useful. The perfect "Show HN".
11
jopsen 1 hour ago 1 reply      
That's a fun toy.. and a great example of how easy it is to get crypto wrong. I'm just guessing here, but you are probably missing some key derivation like PBKDF2.

Edit: For this something like tweetnacl is probably more foolproof, checkout:https://github.com/dchest/tweetnacl-js

Or libsodium which can also be compiled to pure js:https://github.com/jedisct1/libsodium.js

12
johnhenry 3 hours ago 0 replies      
Reminds me of this: https://news.ycombinator.com/item?id=10901745

Similar, but uses files instead of HTML text.

13
alexbecker 2 hours ago 0 replies      
I did something similar to this for redacting HTML pages a while back, although I never fully polished it: https://github.com/alexbecker/redact-js

It's not something I'd use for serious security applications, but fun for interactive fiction.

14
StavrosK 4 hours ago 1 reply      
Oooh, this is pretty cool. All that it needs is a cli utility so I can plug it in my scripts, and I can just tell my static site generator to encrypt specific pages while building.
15
calebm 3 hours ago 1 reply      
I wrote a little web app very similar to this last year: https://hypervault.github.io/. The difference is mine was mostly focused on file encryption.
16
bluetidepro 5 hours ago 3 replies      
This would be neat if you could build a wrapper of this around GitHub pages. Then you could finally use GitHub pages sites for private content!

Also, as a non-security person, just how secure is this? Like is it used more for "eh, I don't really want something to see this, but it's not the end of the world if they do" or more like "yeah, use this for extremely secure content, it's safe."

17
snakeanus 2 hours ago 0 replies      
From the source code I was unable to deduce what KDF and Block mode is used with it. Does anybody know what does it use? crypto-js seems to support multiple different KDFs and Block modes.
18
conmarap 4 hours ago 0 replies      
It's pretty cool. I entertain the idea of doing this and hadn't thought of it ever, but how do you see it being used if I can't use it with a python/node.js API to deploy pages on the fly?
19
skdotdan 2 hours ago 1 reply      
Seems very cool, but I don't see the use-case. Anyone can help me?
20
tspike 4 hours ago 6 replies      
Interesting. What is the use case for this versus HTTP basic auth?
21
sleepychu 5 hours ago 1 reply      
Rubber hose encryption would be a neat add here!
22
romanovcode 3 hours ago 1 reply      
For some reason it doesn't work with password 123
23
ezekg 5 hours ago 1 reply      
Now make a WP plugin and you're set!
24
viggity 4 hours ago 1 reply      
I remember very distinctly about 15 years ago there was a site that had a "members only" page that had some reports that I really wanted (names/addresses/emails of the members of the org - I wanted a quick and easy lead list for a product I wanted to sell to them). I could see through a simple view source (remember, no chrome dev tools back then) that it wasn't some server side check of the password (the members knew it, there was no associated username).

They had found some library that would take a password and a desired output and would generate some super crazy javascript looping/shifting/replacement algorithm that would generate the name of the html page that had the desired content. The report was available openly to the internet, but there were no links to it, just through this algorithm.

I spent about 4-5 hours slowly but surely reverse engineering the algorithm so I could figure out what the page name was. There was an immense sense of satisfaction that came with being able to look at those reports.

25
cdevs 5 hours ago 0 replies      
I could see some other nifty concept coming alive because of this.
11
Show HN: Your Own Task Queue for Python github.com
18 points by omegote  1 hour ago   8 comments top 3
1
Mister_Snuggles 12 minutes ago 2 replies      
As a proof of concept, this is pretty neat!

This bit of code in worker.py makes me uncomfortable though:

 # Deserialize the task d_fun, d_args = dill.loads(data) # Run the task d_fun(*d_args)
Basically the function (as in the Python object that holds the function's code, etc) to run gets pulled out of redis along with its arguments, then it gets executed.

If the entire system is trusted, this is a really cool way to let workers run code without needing to deploy it to them. Likewise, you wouldn't even need to restart the workers for a new version of the function to run - just start feeding the new code into the queue and the workers will run it. The more I think about this, the cooler it seems.

On the other hand, from the worker's perspective, this is basically a wide-open "feed me any code and I'll run it" thing.

2
Steeeve 27 minutes ago 2 replies      
I'm curious as to what was so difficult with picking up Celery? I found it very straightforward, not appreciably more complex than what you've laid out.

Not that Celery is the only way to go. This is good work - I'm just interested in the why.

3
philfreo 17 minutes ago 0 replies      
12
Show HN: Vexlio Create precise, beautiful diagrams vexlio.com
130 points by ttd  6 hours ago   62 comments top 17
1
didgeoridoo 3 hours ago 1 reply      
"We, like many others, have developed subscription fatigue when it comes to buying software. A single Vexlio license is available to purchase for a one-time payment of $25.99 USD. No subscription and no recurring payments are required."

I almost want to give you money just to encourage this kind of behavior.

2
otikik 11 minutes ago 0 replies      
This is funnily aligned to my interests.

Some time ago I did a relatively popular slideshow(https://www.slideshare.net/otikik/how-to-make-awesome-diagra...) about making diagrams. This software seems to enforce a lot of the guidelines I proposed there out-of-the-box, which is nice.

I also happen to know some Lua. I delved a bit on sandboxing it. Maybe the author'll find it useful: https://github.com/kikito/sandbox.lua

3
sratner 2 hours ago 0 replies      
You may wish to sign your installer binary.

 Windows protected your PC Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk. App: vexlio-setup-1.0.0.exe Publisher: Unknown publisher [ Don't run ]

4
ttd 6 hours ago 7 replies      
Hey HN,

Creator here. I thought this would be of interest to the HN crowd for things like the LaTeX equation integration and Lua live-edit mode. Happy to answer any questions!

5
sushisource 2 hours ago 2 replies      
Wow, this looks great and the pricing is awesome. Any plans for a Linux version?
6
theveloped 28 minutes ago 0 replies      
This is absolutely amazing! Just wish I had seen it a year ago or so. You have no idea how many hours I've spent drawing in tikz while writing my thesis.. Best of luck!
7
lklklkj2342487 33 minutes ago 0 replies      
It's so refreshing to see something other than Electron-based garbage on HN.
8
tgb 2 hours ago 1 reply      
This might be worth it for my thesis alone. BTW, your logo displays as a pixelated image when viewed on my phone (looks like it's magnified a couple times). Slightly ironic considering the product on offer! I think the problem is the extra-wide gif demoing the "program mode."
9
turdnagel 2 hours ago 2 replies      
Pardon me for being a pedant, but what is the meaning of the word "instantly" in the headline? As in very easy to get started? I was sort of hoping Vexilo had invented a brain-PC interface.
10
asp2insp 3 hours ago 1 reply      
I love this idea. I can't try it out because I run OSX, but I've signed up for your waitlist. Seems very competitively priced for something that looks like it competes with some features of Microsoft Visio (which starts at $300) for similar diagramming/snapping functionality.
11
ShaneOG 2 hours ago 1 reply      
Looks great. Signed up for the waitlist (macOS).

Do you plan to offer template support? I would love to use this to create network diagrams.

12
GoToRO 2 hours ago 0 replies      
One can draw 30 objects in Trial mode. Pretty nice. I might have it on my computer for years and never have a use for it. But if I have it I might learn it and find a use for it.
13
dom0 2 hours ago 2 replies      
PDF export: can it create automatically cropped PDFs, e.g. for inclusion as bare figures in LaTeX?

Can it render PNGs at high qualities?

14
chrismealy 2 hours ago 2 replies      
A lot of people don't know this, but before Steve Jobs's keynotes become famous not every software application was described as "beautiful."
15
Ginguin 3 hours ago 1 reply      
Hopefully it's just me, but nothing outside of the main page is loading. I am getting a "This site can't be reached" when attempting to see features, the about page, pricing, the download, etc.
16
_pmf_ 2 hours ago 0 replies      
Very nice; love the pricing. Reminds me of an older editor I used http://ipe.otfried.org/ that also allowed programmatic interaction (yours being much more polished, of course).
17
rcdwealth 1 hour ago 0 replies      
That is proprietary software. I am now touching it.
13
Scientists make plastic from a sugar and carbon dioxide bath.ac.uk
81 points by phr4ts  6 hours ago   29 comments top 5
1
derefr 27 minutes ago 0 replies      
Fun fact: cellulose (in wood) and chitin (in insect exoskeletons, fish scales, fungus cell-walls, etc.) are also polymers of glucose-derived sugars. Both are biodegradable, although humans can only digest the latter of the two.

Other fun fact: before the invention of entirely-synthetic plastics, we had phenolic sheets: layers of plain cellulose laminated together, originally using natural resin (tree sap), then later using synthetic resins, like Bakelite. These didn't have all the properties of synthetic plasticsyou couldn't bend them, for examplebut you could form them into shapes and introduce pigments, etc., while manufacturing. The earliest Printed Circuit Boards were Bakelite phenolic boards. (And even today, PCB insulator material is effectively a "synthetic phenolic board": it's fibre-reinforced plastic, which uses plastic itself in place of resinand various synthetic fibres in place of celluloseto achieve the same properties phenolic sheets have.)

2
fokinsean 5 hours ago 2 replies      
> This new type of polycarbonate can be biodegraded back into carbon dioxide and sugar using enzymes from soil bacteria

This sounds amazing, but reading about various awesome breakthroughs has made me a bit cynical since there always is some sort of catch.

Does anyone know any limitations to this method which would make it difficult to scale?

3
mchannon 4 hours ago 6 replies      
The title of the article's pretty misleading. "sugar" means to most people either sucrose or glucose. Fructose, lactose, etc. could also qualify.

No, this uses a very obscure and expensive chemical called thymidine (most cost-effectively harvested from herring sperm, and primary precursor for anti-AIDS drug AZT). It may be "a sugar", but this article's playing fast and loose, akin to calling any pharmaceutical that ends with citrate or chloride "salt".

4
collyw 4 hours ago 2 replies      
I read the headline and though "just what we need more plastic". I was pleasantly surprised to see that its biodegradable
5
yellowapple 4 hours ago 0 replies      
Any details available on the processes involved?
14
Launch HN: Py (YC S17) Learn to Code on the Go
78 points by derektlo  5 hours ago   39 comments top 12
1
soneca 4 hours ago 1 reply      
Congrats! Great ratings at App Store, seems promising. Although, you are not exactly on Android already, are you?

We also believe that interactivity is super important

I agree with this premisse and I can't learn through videos. But I am glad with codecademy/freeCodeCamp style (lesson on the left, browse coding on the right). And after the initial steps, following tutorials online to build my own things on a real dev environment.

But I am willing to try another approach that favors interactivity.

We think personalizing content is key

I also agree in theory, but never saw it in practice. I couldn't understand from your landing page how Py solves this either. Would you care to further explain how the content is personalized and what exactly is this game-like?

If you think it's relevant, some context: I am 37 years old, on a career change from marketing to software development. I am learning web development from scratch, studying fulltime since last November. Basically 2 months to complete the first certificate of freeCodeCamp, then, building my own projects following tutorials and documentation. I start next Monday at my first dev job as front end developer. I mostly interested in learning Javascript, maybe dig deeper in CSS and general CS concepts.

2
tijs 2 hours ago 1 reply      
Just finished the swift course and it leaves me wanting more. I mostly like that I can do a few excercises while waiting for the train to arrive and then just pick it up the next day for a few minutes. Feels a bit like duolingo for learning. Unnoticed some humanities subjects in the store screenshots? Would be cool to do the same treatment for history or more high level concepts in programming like algorithms. Kudos so far!
3
Dangeranger 2 hours ago 0 replies      
Have you considered employing a cognitive dissonance learning model similar to the techniques that Derek Muller wrote about in his thesis 'Designing Effective Multimedia for Physics Education'? [0]

Lorena Barba of George Washington University also discusses techniques related to effectively teaching complex topics through exercise rather than passive learning that you may find interesting. [1]

[0] http://sydney.edu.au/science/physics/pdfs/research/super/PhD...

[1] https://www.class-central.com/report/why-my-mooc-is-not-buil...

4
Allvitende 1 hour ago 0 replies      
Just signed up. I really love this idea. Keep up the great work! UX is very good. Feels like Duolingo for programming languages.
5
vlokshin 4 hours ago 1 reply      
Congrats and love what you're doing.

Do you mind if we start sharing this with the customer side at http://turtle.ai/? We have many non-tech customers and we teach them best practices for product management and working with developers -- a lot of your course content would be really useful for them as well.

> We think personalizing content is key. We customize the content that users see and make it game-like to encourage people to spend more time on concepts theyre struggling with.

Would it ever be possible for organizations to pre-define some content / content suggestions for their users? For example, we would want non-tech customers to get certain content and more technical customers to get different content. For freelancers, we'd want the content to be more product management / project management / communications focused.

Let me know if you have any plans to partner with companies who want to outsource some of the education of their customers. We think education is critical to our success or the success of any companies in our space (freelancer marketplace). If we can outsource the education component to a trusted partner, we would love to (and would pay for custom content or to supply our own content).

6
inputcoffee 2 hours ago 1 reply      
I am very curious how you teach coding on a mobile platform. I mean there is so much typing in coding, and then you need to track a bunch of variables, see the output, and see the code, so that is a lot of screen real estate you need.
7
y4mi 2 hours ago 1 reply      
You should really mention that your android version doesnt exist yet. There is not even an ETA available, just an email signup for 'updates'.
8
staticautomatic 1 hour ago 1 reply      
Installed on Android 7. Sorta kinda worked once. Crashed. Cannot restart after force stop.
9
kevinmannix 4 hours ago 1 reply      
What are your competitors, and how do you differ? I find small screens like iOS and Android (assuming most users use a mobile phone-like device) are hard to do any significant work on - how does this influence your instruction flow & corresponding UX?
10
thebiglebrewski 4 hours ago 1 reply      
Hey, are you worried about being regulated as a school at all in the state you're operating in?
11
cmrhode 3 hours ago 0 replies      
Cool on Android. Look forward to using this.
12
zitterbewegung 4 hours ago 3 replies      
I really don't like the name. Since you expanded on your languages that you are going to teach it doesn't really make sense to use Py since nearly every Python project uses the phrase to say its in Python. Also, you are going to have people that are looking for PyPy and finding your App and getting confused.
16
Syberia Make R a production-ready language for deployable machine learning syberia.io
37 points by michaelsbradley  4 hours ago   5 comments top 3
1
gaius 41 minutes ago 1 reply      
What does this do that R on Azure Machine Learning doesn't? Not snark, genuine question.
2
zitterbewegung 2 hours ago 0 replies      
This looks like it solves a big pain point in R. I hope that more tools like this crop up. R has a nice set of libraries but it lacks in data engineering at this point.
3
zebrafish 2 hours ago 1 reply      
How is this different from the caret package? Using if(interactive()) {} as the main function and including the extremely well documented caret package seems to accomplish much of the same thing that Syberia does unless I'm missing something.
17
The blockchain paradox: Why DLTs may do little to transform the economy ox.ac.uk
152 points by jboynyc  10 hours ago   239 comments top 31
1
anothercomment 49 minutes ago 2 replies      
You can begin to see the beauty of Bitcoin when you want to accept payments. All you need to do is download a wallet, generate an address and put it online. You don't need anybody's permission, as would be the case with PayPal or the likes. The risk of somebody deciding on a whim to freeze your funds is also greatly diminished (again, very different from PayPal and the likes).

"Governance" and "Accountability" seem to be the antithesis to that. No, Bitcoin doesn't need that and doesn't want that.

Yes, it is a bit scary, it is a system that develops on its own, depending on the way it is being used (network effects and so on). I guess economists freak out because they are unsure about the rules, and they can't have that.

But it is also not true that it would be a huge problem if there were forks. Why would it be? People will simply use what works best for them, controlled by market forces (they need other people to use the same fork).

Who decides how Bitcoin develops? Ultimately the users do, by using it or not. Developers and miners merely provide proposals.

And why does a system need 100% agreement on everything? Such a system may well never exist.

2
rockmeamedee 6 hours ago 6 replies      
I agree with this article.

Proponents of blockchain tech argue its revolutionary quality is its ability to act as a decentralized and trustless database. But I don't ever hear them sort through the issue of how to agree on the schema for this trustless database.

For a group of people to use a decentralized DB, they have to agree as to what to store in it, and how to store it. They need to form consensus about how the system will work, and how the data will flow.

For example I've seen people on here mention applications such as a decentralized stock exchange, and a decentralized hotel rooms marketplace.

For either of these, it's necessary to get all the users of the system in a room and agree what is in scope and what is not, and in general what can be done with the system and how. At this point they already have a consensus, they trust each other, they might as well just set up a centralized database run by a 3rd party that manages the system, keeps it up to date and adds upgrades, instead of building it on the blockchain and hoping there are no major bugs in the cloud code and that it will live off gas.

For the stock exchange, that's exactly what we already have. We have institutions that are dedicated to running exchanges, which act as neutral arbiters. They use regular old centralised databases. When they have bugs in their code or the system makes a mistake they can even roll back trades, which they couldn't do on the blockchain.

Essentially this is the same argument as OP. The 3rd party's act of ironing out issues, deciding what the rules are and how they interact is synonymous with OP's term "governance". We agree that using/running the system is different than defining/implementing the system and the latter can't be done trustlessly.

And also governance gets a lot easier when you also run the system centralized ;)

3
nemo44x 5 hours ago 7 replies      
If I had a Bitcoin for every skeptic that posts a blog on why it can't work...

This may just be my general observation but I feel like Silicon Valley hegemony has a grudge against crypto currencies and I'm not sure why. For an industry that has constantly tried new things and saw potential where no one else did, I just don't see the love for the potential of smart contracts, DApps, etc. And how this is just the beginning of what is possible and of course it's isn't perfect but it's fascinating to the curious.

I do see a lot of enthusiasm from Eastern Europeans and all across Asia and they seem to be leading the charge on what could be the next major technical revolution.

My working hypothesis right now is Silicon Valley has been getting fat on the virtually unlimited venture capital power structure and sees this as a threat they've missed out on to their power.

Maybe the disrupters are being disrupted?

4
jasode 8 hours ago 7 replies      
I agree with Vili Lehdonvirta's analysis about governance and wrote a similar conclusion previously.[1]

Yes, the concept of "money" existed before governments and therefore doesn't require government. That said, today's modern money is very much an instrument of government power. This is why alt-coins will not overthrow fiat currencies like some enthusiasts believe because Bitcoin does not come with its own Bitcoin-police-force and Bitcoin-law-courts.

The distributed block chain may eventually prove useful for other recordkeeping such as real estate property transactions (e.g. no need to pay $300 fee for title searches in the future), or maybe buy/sell internet domain names (e.g. don't need Verisign as middleman to buy dot com domains). Those scenarios are more realistic than Bitcoin/Ethereum replacing government approved fiat currencies. DLTs may still transform the economy -- but not in the ways people expect.

There's definitely some interesting applications of distributed consensus ledger but the idea of bypassing government money is overhyping its potential.

[1] https://news.ycombinator.com/item?id=11934120

5
jcoffland 3 hours ago 1 reply      
There are plenty of examples where one party or a collation of parties set up the rules for a decentralized system that then goes on to operate successfully with little to no further enforcement. Email or TCP/IP are examples of such decentralized systems.

The fact that someone must make the rules and future actors may attempt to change those rules are problems but they do not invalidate the idea of decentralized systems.

I believe the author is reacting to his colleges misunderstanding of crypto technologies. He has bought in to their argument that what cryptocurrency needs to solve it's current problems is centralized control or governance. This, of course leads to the logical conclusion that if you must have centralized control then why use a blockchain at all.

The fallacy is in accepting that after the initial rules are set, that you must continue to have governance to solve the inevitable disagreements. On the contrary, continued governance is the problem faced by cryptocurrencies and other blockchain technologies. Their stability depends on adherence to the original agreement. Any change to that agreement is an existential threat.

It would however be a mistake to think that this problem completely invalidates such decentralized systems. They can and do continue to provide utility even in the face of attempts at continued governance. It's not about these systems working for eternity. It's about them working for long enough for life to happen.

6
cayblood 5 hours ago 1 reply      
One aspect of his argument that seems insufficiently explored is an apparent assumption that governance is primarily a binary state, either present or absent.

It's important to recognize that different approaches to governance have different levels of effectiveness and efficiency, and one of the most important aspects of blockchain is how it presents the first real improvement on the present state of the art in governance, or the first real competition to our current forms of government. It can help consensus to be achieved more quickly and efficiently and can make corrupt government more difficult. There are further improvements to blockchains being made to make amendable blockchains where changes to blockchain protocols and contracts can be tested in sandbox environments, essentially systems in which laws and contracts can be tested to see if they produce the desired results before implementing them. The Tezos blockchain is the most notable emerging example of this.

All of these improvements present much more powerful tools for aiding just governance than our forebears had when they created the constitutional democracies that presently govern the world. Governance is not some Platonic binary that is either absent or present, but it is an ideal towards which we're always striving and taking pragmatic steps to implement. Blockchains afford us new tools with which to achieve better governance. They are not an end in themselves or a replacement for traditional governance so much as a means to implement it more efficiently.

7
wildbunny 8 hours ago 6 replies      
He misses the point that the developers do not control bitcoin; the miners control bitcoin. The developers suggest improvements which will only be adopted if the miners support those improvements.

The miner's interests are purely profit based, so they will not adopt changes which reduce their chance of profit.

8
jeffnappi 6 hours ago 4 replies      
DLTs are inefficient by design. The energy consumption is unsustainable with the technology as it stands. For example Bitcoin consumed an estimated 40 million KWh in the past 24 hours - 137KWh per transaction. Enough to power ~1.3M American homes. Many of the alt-coins are even worse.

Source: http://digiconomist.net/bitcoin-energy-consumption

9
erikpukinskis 1 hour ago 0 replies      
The most disruptive thing cryptocurrencies will do is undermine the legal distinctions between currencies, commodities, and stocks. There's no real difference between any of them, but they are treated legally quite differently. Cryptocurrencies will flood the gaps in between these categories with so many examples that it will DoS the legal system with questions it can't answer, social adoption will outstrip courtroom resolution, and there will have to be a post-hoc reckoning with a new legal framework.
10
kbuchanan 59 minutes ago 0 replies      
I pose this as a question as much as a statement: Bitcoin does not have to solve the governance problem. It need merely perform some functions better than a fiat currency.

Consider economists' Taylor Rule. It represents an effort to impost constraints on a bureaucratic institution and how people manage the dollar. Cool, we pass a law called the Taylor Rule. Now just don't enforce it. People who want stuff are hard to constrain.

In other words, the Bitcoin community doesn't have to be uncompromising and immutable, like its technology, for the currency to succeedit just has to do better than its alternative (even in narrow applications).

Thoughts?

11
quinndupont 5 hours ago 0 replies      
If there's a new argument to be had here (I'm doubtful, it sounds like a re-hashing of governance issues that have played out over the last year), it's this claim:

"This rule-making is what we refer to as governance."

This conception of governance is the premise for the conclusion, what Lehdonvirta calls a "paradox":

"And this leads me to my final point, a provocation: once you address the problem of governance, you no longer need blockchain; you can just as well use conventional technology that assumes a trusted central party to enforce the rules, because youre already trusting somebody (or some organization/process) to make the rules. I call this blockchains governance paradox: once you master it, you no longer need it."

My own analysis draws on a more expansive definition (from Introna; Saurwein et al.): http://iqdupont.com/assets/documents/DUPONT-2017-Preprint-Al...

This expansiveness is necessary, as Lehdonvirta recognizes. Contracts are not just enforcement, they also encapsulate the processes of making ("rule-making"), or better, negotiating contracts.

So, are we authorized to go from a rule-making notion of governance to the conclusion that once this is addressed blockchain technologies will be redundant? Lehdonvirta doesn't give us any analysis of this move, but I don't think so. Rather, we need to recognize the contested forms, which are the essence of governance, and then create a socio-technical structure around them. Consider: double-entry bookkeeping is just as much a technology for governance as blockchain technology (and, of course, they share a historical lineage). Does double-entry bookkeeping go away because we "address the problem"? Hardly. Rather, we need to recognize the ways that it has developed, and by whom, and for what use. Just like blockchain technologies.

12
qznc 7 hours ago 1 reply      
I don't understand why "competition" should not work? Switching currencies is easier than switching citizenship. There are plenty of alternative cryptocurrencies with different rules. User can switch to different ones (and Ethereum is quite a challenger at the moment).

The network effects are great, because otherwise everything would explode into a million different currencies.

13
drcode 7 hours ago 0 replies      
What this article is missing is the word "decouple". Cryptocurrencies decouple the many roles that are involved in maintaining and using a currency. It doesn't "solve" governance issues, it breaks them into smaller issues that can be (and should be) tackled in isolation.

Anyone who doesn't see this and argues "we should just go back to the way we were doing things before" is missing the point.

14
delegate 6 hours ago 0 replies      
Interestingly, the way things are right now, when it comes to governance model on a global scale, the Big Bad Banks are more decentralized than Bitcoin or any other crypto currency.

Even if it weren't so, I still don't get why total decentralization is an absolute good thing.

Nature seems to be a symbiosis between centralized and decentralized systems - at every level; extremes (too much or too little centralization) will lead to isolation/extinction or explosion/implosion - think biological systems or stars in galaxies.

I disagree with my crypto anarchist friends who believe that changing the money system will change society (eg. society is a function of money) and I tend to think that the relationship is more symbiotic - society has to change in order for the money to take other roles.

Even so, given human nature, it is not clear if a totally decentralized monetary system is a good thing for society as a whole.

People trust 'authorities' more than they trust math written by a bunch of 'core' devs and that's because the former can easily apply brute force and coerce the latter. Yes, we're still primates and the bigger/stronger argument is still valid.

So I don't think Bitcoin will dramatically change society, but some form of symbiosis between the current banking system and the crypto currencies will emerge eventually - and then we can talk about centralization at a whole different level. Either way, there's no escaping it.

15
redm 8 hours ago 0 replies      
I was having a similar conversation with a colleague given about 3-rd party enforcement. The news that a Jaxx wallet user had $400,000 in Bitcoin stolen just came out. [1] Who do you turn to reverse that? There's no one really. I'm not sure DLT's are mature enough for serious global investment yet.

https://www.cryptocoinsnews.com/users-report-losing-400000-d...

16
randomThoughts9 1 hour ago 0 replies      
There are currencies with governance built in: PIVX and DASH are the two main exampled I know of.

Basically the nodes that have a stake in the system are allowed to vote on the direction the project is going.

My personal impression is that currently this model is still very rudimentary, but in the future I could still an almost autonomous system taking off.

17
coverband 4 hours ago 1 reply      
This is an excellent analysis: insightful and to the point. I'd love to read a counter-analysis that can objectively argue against what I see as the central point here: "Blockchains still need good governance, but once you have good governance in place, you don't need a blockchain."
18
crb002 8 hours ago 0 replies      
The economic benefit of mostly automating governance is huge. Large financial institutions push so much through COBOL/DB2 on mainframes. The cost of updates to the contracts is horrid and mostly manual taking months if not years. The biggest loser is IBM and it's largest z/OS clients.
19
everybodyknows 5 hours ago 0 replies      
Takeaway conclusion is existence of a sort of upper bound on the economic potential of blockchains:

>Perhaps blockchain technologies can still deliver better technical performance, like better availability and data integrity

The supporting argument is so tight that it never even invokes the repeated failures of Bitcoin at the exchange/storage level: Mt Gox, wallets et al.

20
empath75 9 hours ago 2 replies      
I agree with this in as much as I don't think cryptocurrencies are ever going to replace 'fiat' currency. That doesn't mean that they don't provide economic value or are worthless, however.
21
yoz-y 8 hours ago 2 replies      
I always thought of bitcoin as a commodity, not a currency. It seems to solve the same problems and follow the same rules. E.g.: a commodity (such as gold) can not be created, but it is an important feature for a currency. Without inflation it will never be a good choice for currency anyways because it will always be a more interesting to hold on it rather than use it.
22
dnautics 3 hours ago 0 replies      
this is a really great article, because it highlight a very important dialectic that many blockchain enthusiasts, developers, entrepreneurs, and speculators don't acknoweldge. I would however, suggest that the issue of governance is not an "all-or-nothing" choice. Probably some of the blockchain technologies that try to do things like "link to a central bank", will suffer from a difficulty in establishing product differentiation from traditional currencies and transaction schemes; but the blockchain technologies that live on the more distant side of the spectrum (providing an, if imperfect, implementation of distributed trust) like the original bitcoin, will survive.
23
isubkhankulov 8 hours ago 2 replies      
the article is spot on when it comes to Distributed Ledger Technology (DLT) but misses the point of Bitcoin. Many in the community cite the lack of governance as a strength of Bitcoin. It's resilience is a virture because it becomes difficult to corrupt, unlike centralized governance of traditional payment methods.
24
sharemywin 9 hours ago 1 reply      
A while back I wondered if networks like facebook, electrical grids should have more direct user decision making.

https://news.ycombinator.com/item?id=14293114

I think eventually networks need to figure out distributed decision making.

25
jankotek 8 hours ago 4 replies      
Blockchain already transformed economy; it brought fast international payments with small fees.
26
wyc 8 hours ago 2 replies      
I think that the core value crypocurrencies and blockchains provide is a distributed system of trust. I also think that we people in developed nations have been spoiled by our trustworthy institutions, relatively speaking. I don't know too many people in US/UK/AUS/JP hesitant to put money away in the consumer banks, take out mortgages, or file disputes in the state courts. Those systems work well enough, with acceptable speeds for most use cases.

While crypto technologies are improving, they have some glaring drawbacks:

- The recent BTC confirmation time (transaction processing duration) was in days[1].

- The consumer loses significant protections because transactions are final.

- On a broader note, no centralized controls or responsible entities means no one to point fingers at when something goes wrong.

- There are very steep learning curves for all participating parties.

These are all being worked on through technology improvements and new blockchains, but they're still issues that prevent blockchains from displacing existing systems. I think they could one day change everything in an Innovator's Dilemma fashion, but not anytime soon (5-20 years). There is already staunch opposition to using clearly superior technologies due to cultural factors, for example:

- Americans won't use chip readers partly because the magnetic strip was already widespread[2].

- Developed nations don't use mobile chat operating systems such as WeChat partly because they already had laptops[3].

So in the case of blockchains, not only is there an overwhelming opposing cultural force, but also they happen to make inroads in sensitive industries such as finance/contracts, and the technology is not superior on many levels. This would make adoption very difficult.

Where it will work

However, some people don't have such great institutions. Look at how successful BTC has been in turmoil-ridden South American nations such as Venezuela and Argentina[3]. The inflation is out of control, and consumers don't trust any of the banks or institutions. In this environment, the blockchain is leaps and bounds better than anything else that these consumers have access to, so it's immensely valuable. You'd be willing to wait several days for transaction clearance. You wouldn't care that the transfer is final. You'll do whatever awkward dance it takes to operate and secure a Bitcoin wallet. There's no better alternative, and financial asset security is important.

I think characteristics of an ideal market for blockchain technology today could be:

- Very low trust among participants.

- No trusted central authority.

- Expensive, long, or nonexistent arbitration cycles.

- High transaction costs.

Its most compelling value is the provision of trust where there is none. An example where this might work well is in the specification and mediation of international contracts for small businesses. There is currently little accountability after getting burned in an international transaction with a small entity, as a small entity. If there were a standard trusted registry of company reputation, transaction histories, and contracts, then it could go a long way to building systems of trust that enable more fluid trade afar.

[1] https://blockchain.info/charts/avg-confirmation-time?timespa...

[2] http://www.digitalcheck.com/emv-will-usa-be-ready/

[3] https://techcrunch.com/2016/06/01/it-might-be-time-to-stop-l...

[4] https://reason.com/archives/2016/11/28/the-secret-dangerous-...

27
leitasat 8 hours ago 1 reply      
Well, there are some improvements over existing systems (e.g. fiat money):

1. Less costs to switch to a competitor comparing to banks and states which leads to2. The governance body and all influential members are really in need of public approval of their actions since that is exactly what makes a coin worthy. If they change protocol in a drastic way, the price will immediately plummet leaving them in tatters 3. Same mechanism prevents conflicts within the community

In general I would like to see more about the role of law in economics and possible tech implementations of it (meta-protocols?)

28
Rabei 8 hours ago 2 replies      
Because bottom line, the only thing it improves is that there is no longer need to move the money around in armored cars, and that is not high impact in the bottomline of the economy

You lose the following: 1 - Ability control monetary policy 2 - Reduction in theft via cost in effort (same thing as with e-voting and rigging elections)

Because of that you have seen that blockchain stuff works on countries where 1 is badly handled. everywhere else nobody really cares except for the hype.

29
thechut 8 hours ago 1 reply      
Interesting points about enforcement.

But I think the real barrier to adoption is that most people don't mind using centralized systems. If their Visa card works when they swipe it, they don't think beyond that. If it's easier for the end user when systems are centralized, breaking people out of this mindset will be very difficult.

30
DrNuke 8 hours ago 0 replies      
Black and grey uses, the financial sector is pretty happy with this tool and cyber-criminals too, I suppose.
31
pravinva 8 hours ago 1 reply      
So the worry is that you need govt courts and police to enforce rules? That's not a great argument. The number of private police today is far greater than govt employed ones. Most international trade disputes are settled by private arbitration and not the govt courts. What's the real worry?
18
TLS 1.3 at Apple ietf.org
66 points by okket  3 hours ago   12 comments top
1
netheril96 3 hours ago 5 replies      
> Note, we currently do not have 0-RTT data support.

That is like the most exiting feature of TLS 1.3.

19
The Largest Virtual Universe Ever Simulated sciencealert.com
86 points by jonbaer  8 hours ago   33 comments top 3
1
swashbuck1r 6 hours ago 5 replies      
I predict the following quantum bug: Due to optimizations to prevent the need to simulate every single particle in this universe...the people who evolved in this universe are now perplexed that physics works so intuitively at the large scale, but at the small scale, it seems to become bizarre and "not calculated until you look".
2
strainer 4 hours ago 2 replies      
I was surprised to find the 'stringy' texture of intergalactic structure which these intense simulations seem to concisely capture , was also generated -roughly, by a very naive simulation which I applied to a few thousand points:

http://imgur.com/a/hu1On

The process which changed homogenously random points in a cube into those stringy messes, didnt even include gravitation. It pulsated the points and diddled random neighbours ever-so-slightly closer to each other over a few million iterations.

I realise that academic universe simulations like this examine with great insight, more subtle features but i found it interesting that the basic stringy texture does not require precise forces to self arrange.

3
erikpukinskis 12 minutes ago 0 replies      
This is the highest resolution image of the data that I can find: http://www.dailygalaxy.com/.a/6a00d8341bf7f753ef01bb09a3f2d2...
20
Dr. Bronner's Soap Is Investing Millions into MDMA Research inverse.com
43 points by nikse  2 hours ago   16 comments top 3
1
arikr 1 hour ago 0 replies      
To the extent that anyone on HN knows an active philanthropist looking for potentially highly impactful but severely underfunded causes - send them this article.

I believe there's a case that funding MDMA research has very high dollar/impact returns - or at least that it's likely enough that it's worth a thorough exploration.

It sounds like they still need to raise about $10-15 million, which is shockingly small compared to the ~$1.5bn/yr NIMH budget - and all of it will come from private philanthropists, as governments aren't yet willing to fund the work and for-profit companies don't see much profit yet due to the lack of patentability.

If you're on HN and this is the first you're hearing about this research, some resources:

- A short video excerpt from a documentary on MDMA therapy - https://www.youtube.com/watch?v=W9iKx2MKS70

- NY Times article - https://www.nytimes.com/2016/11/29/us/ptsd-mdma-ecstasy.html

2
pmoriarty 1 hour ago 1 reply      
"People are starting to understand that when a certain drug is used correctly, then its not a big deal. They dont need to be afraid of it."

This is the big takeaway that most of the world still doesn't understand. They think that if a currently illegal drug is used, it is by necessity abused. There is no room in their world view for illegal drug use that's not also illegal drug abuse. It's going to take a lot to change this mindset.

3
celticninja 1 hour ago 1 reply      
MDMA is ecstasy, sure it might not be what you get in pills these days, but it started out as MDMA and it even came from therapists, then it turned into the party drug, got mixed up with other things, similar compounds such as MDA and MDEA were sold as ecstasy and then it became Molly. But ecstasy is and always will be MDMA.
21
Deal or no deal? Training AI bots to negotiate facebook.com
33 points by runesoerensen  4 hours ago   4 comments top 3
1
wlamond 15 minutes ago 0 replies      
It'd be interesting if the agents developed their own language during the reinforcement learning stage that is unintelligible to humans but allows them to quickly navigate the negotiation. They use the model trained in a supervised way during the reinforcement learning stage to avoid this, but I'm curious to see what the agent learns when paired against another reinforcement learning agent.

Edit: Indeed, the paper says that not using the fixed agent trained on human negotiation leads to unintelligible language from the agents.

2
paskster 55 minutes ago 1 reply      
Interesting that the chatbots learned to show "fake" interest in an item, just to conceide it later in the negotiation process.

But I think what is missing, is the time component when negotiating with humans. A negotiation process is usually better for humans if the negotiation is quick and not dragging on too long.

And more importantly the chatbots never seemed to "walk away" from a deal. But in real life, you sometimes have to walk away to show the other party, that you are not a pushover. It would be interesting to enhance the model so that chatbots negotiate repeatedly with each other and "remember" how the other party behaves and how far you can push the other party to concede. Because some negotiations really are zero sum games.

3
phreeza 1 hour ago 0 replies      
The most interesting thing to me is not the negotiation tactics that the agents learn but the idea of coming up with a more easily quantifiable (and therefore differentiable) quality metric for dialogue tasks.
22
How Propagandists Abuse the Internet and Manipulate the Public [pdf] trendmicro.com
69 points by pmcpinto  3 hours ago   65 comments top 12
1
civilian 3 hours ago 6 replies      
> News management and opinion manipulation by itself is not necessary evil. Corporate communications and public relations departments often use certain propaganda techniques as a crisis management measure to prevent panic, additional financial and reputation damage, etc.

Ehhh.... I'll refer you to George Carlin's [edit: it's Bill Hick's] "If you're in marketing or advertising" bit.

> Fake news is the promotion and propagation of news articles via social media. These articles are promoted in such a way that they appear to be spread by other users, as opposed to being paid-for advertising. The news stories distributed are designed to influence or manipulate users opinions on a certain topic towards certain objectives.

Good definition. But by that method... NYTimes is fake news when it comes to GMOs and their consistent bias against it. I see journalists trying to push an ideology all the time.

We've lost trust in news institutions. Capital-F Fake news is especially egregious, but this definition of fake news, which is just about manipulating opinion, is _everywhere_.

2
uses 2 hours ago 3 replies      
There will be comments about how some information from actual news organizations contains opinions or incorrect facts...and therefore it's in the same universe with fake news. This is like, the definition of throwing the baby out with the bathwater...

And it's the actual final goal of the most evil forms of propaganda. Overwhelm the audience with false information > make it harder to determine true vs false > maybe no source can really be trusted > all sources of information have some kind of agenda > all sources of information are roughly equal in quality. Now in the mind of the individual in question, the playing field has been leveled between propaganda and the work of trained journalists. And at that point it's not a real contest.

3
oceanplexian 2 hours ago 7 replies      
There is no such thing as fake news. There's only news, otherwise you're insinuating that some speech is 'fake', and conversely, some speech is 'genuine'.

News can be false, misleading, disproven, untrustworthy, and many shades in between. In fact there are a lot more angles to information than a False/True boolean. Some things can be true in a certain context, but not others. Sometimes untested or fringe news outlets have real stories (Drudge Report, was, for example, was the first news outlet to break the Monica Lewinsky scandal). Sometimes trustworthy news outlets deliver a misleading stories, as in the case of Iraq WMDs or Y2K.

A better way to phrase things would be to use more nuance to describe the state of reporting on current events. But since skepticism and logic don't increase readership or viewership, unfortunately those qualities aren't encouraged among the discourse going around these days.

4
superobserver 3 hours ago 2 replies      
A security company commenting on these matters suggests undue interest in manipulating the infosec community. I would be interested to learn who paid/funded for this slanted whitepaper. The absence of commentary on left-wing disinfo actors (Media Matters, Correct the Record, Shareblue, etc.) and principally those that operate according to yesterday's mainstream media methods is most telling.
5
jacquesm 3 hours ago 0 replies      
> Governments are starting to recognize that fake news is something that must be actively fought.

That can be read in two very different ways. Sometimes the governments are the ones that are the problem.

7
ygaf 2 hours ago 0 replies      
5MB pdf file. Just had to see if there was any more context to this:

>News management and opinion manipulation by itself is not necessary(sic) evil.

It's either evil every time or none of the time.

8
trendia 3 hours ago 2 replies      
Consider the following contradiction: Supposedly, fake Facebook accounts (which appear real) engage with "fake news" in order to fool real Facebook users. Then, the engagement of such articles is measured. That is, these articles are spread by bots so that it appears like the articles are being read by a wide swath of the population. Then, analyzers like Buzzfeed measure the activity of the fake news articles and count the total number of "engagement" activities, which includes both the fake and real engagement. They claim that this is evidence that people are spreading fake news -- but how can we know how many real people actually read (or believed) the content?

Next, they mention that fake news results in a change in people's perceptions. They say:

> It can be considered a form of cognitive hacking12except that the modification of a users perception is the goal of the operation, not a means for gaining access to a network.

Serious? They think that people reading an article are going to immediately believe it? This idea sounds a lot like the beliefs in the 1920's that media could "inject" false beliefs into humans:

> Hypodermic needle model, or magic bullet theory: Considers the audience to be targets of an injection or bullet of information fired from the pistol of mass media. The audience are unable to avoid or resist the injection or bullets.

However, we now know that people are not passive consumers of media: they are often very critical. If we were to categorize the engagement of fake news in order of proportion of observed engagement acts:

1. bots (not real people, not influenced, largest proportion)

2. curious but critical people (real people, but not influenced)

3. people whose beliefs are changed (real people, real influence, smallest proportion)

Finally, to prove that fake news can be damaging, they use examples where Spirit Airlines and American Airlines were damaged by real news:

> For example, shares in the American ultra-low-cost carrier (ULCC) Spirit Airlines fell 5% the day after videos of passenger fist fights due to cancelled flights15 made the rounds on social media. When United Airlines forcibly removed16 a passenger from a flight in April 2017, its stock price fell17 as well.

If you're going to claim that 1) fake news is a huge problem, 2) that fake news affects people's perceptions, and 3) that fake news affects the organizations targeted, then why do you:

1. not show concrete examples of fake news?

2. not show that people's beliefs are affected by that fake news?

3. and show that targeted organizations are affected by people's beliefs?

Sorry, but this paper isn't really rooted in fact. I'd go so far as to say that it's more or less fake news.

9
orionblastar 2 hours ago 0 replies      
Actually most fake news sites are someone who set up a Wordpress blog that reports on news items that cannot be verified. These sites can be set up quickly on any VPS service.

Most of them use donain names that look like a real news site like cbsnews45.com instead of cbs.com etc. So when they in this example claim to be CBS news, it is a fake news site.

Steve Wozniak would use The Department of Defiance on T shirts and badges because people would mistake it for the department of defence.

10
nawre 3 hours ago 4 replies      
This conveniently left out the efforts of Shareblue, CorrectTheRecord and various government agencies to control and subvert the narratives on places like 4Chan.
11
algesten 3 hours ago 0 replies      
title should say PDF
12
carsongross 3 hours ago 1 reply      
This is quite concerning indeed.

I'm glad that no one who I agree with politically would use such underhanded techniques.

23
Its Probably Not Okay to Send Naked Pictures on LinkedIn bloomberg.com
40 points by p17b  2 hours ago   38 comments top 8
1
bluetidepro 1 hour ago 4 replies      
I completely agree that it was not right for the sexual misconduct to happen in the first place. Not debating that at all. That is wrong on all levels. But...

>LinkedIn is an extension of the workplace, similar to going into the office or attending a corporate networking event, the theory of the case goes.

I don't get how that could ever be legally enforced? Wouldn't a lawsuit like this would forever change LinkedIn if they won? Not even related to this sexual misconduct that started this, I could easily see so many people bailing from LinkedIn if it was somehow considered an extension of your workplace directly. This will be really interesting to see what happens next with this.

2
vmarsy 47 minutes ago 0 replies      
Most important part of the article is that the offender is a recruiter:

> Jane Doe alleged that a recruitment conversation on LinkedIn took a turn for the inappropriate when she received sexual messages from a bankerusing his corporate accountwho had been trying to recruit her. One of the messages included a photograph of his genitals.

So "Its Probably Not Okay to Send Naked Pictures if you're a recruiter representing the company" would be a more accurate title, but it wouldn't be as interesting of an headline.

Similarly that if you're a recruiter calling someone or having a dinner with, you shouldn't attempt to seduce* the maybe-future-employee since that's clearly an abuse of power. Lawsuit or not, that recruiter should be fired.

I don't think the medium (phone company, restaurant you're at, or Linkedin) should be held responsible and Nowhere on this article it says the plaintiff is suing Linkedin, she's suing the company that recruiter works for.

* For some people apparently, sending a photograph of their genitals seem to be a "seduction" technique, but even if this was more tactful flirting, this is already not ok.

3
diziet 56 minutes ago 0 replies      
Unlike email accounts (firstname.lastname@company.com) or accounts at various services and vendors tied to those emails (such as Photoshop, Jira, etc), many, if not most Linkedin accounts stay with people across jobs. In case of Sales Teams or Recruiters, companies might pay or reimburse for the premium services that Linkedin monetizes, and the employees might use Linkedin in the day-to-day work, but they're also likely to look for other jobs, build non-work related professional connections, etc.
4
stcredzero 1 hour ago 1 reply      
TIL: There's a niche opportunity for a LinkedIn for the adult entertainment industry.
5
wand3r 1 hour ago 1 reply      
The article also states, a few other anecdotes.

A recruiter who uses LinkedIn to send unsolicited messages on the platform for professional gain was upset she received unsolicited social messages. She was unable to recognize the irony.

Another businesswoman was actually a reality TV star from Trump's the apprentice. She left the platform because the lines blurred from social/entertainment/career and she was getting harassed.

IDK, I feel for this woman but I am not convinced seeing dick pick entitles her to millions from a company she isn't affiliated with. Coming from the Susan Fowler thread, I really feel for her. This seems like a money grab

6
rcdwealth 1 hour ago 0 replies      
When anybody pretends to be authorized by a company, and employee is in conversation with authorized person, than both the company and individual shall be held liable for sexual harassment
7
asadlambdatest 1 hour ago 0 replies      
Linkedin is failing big time to control spam and impersonation. Keeping these social media clean is next big challenge for the tech world.
8
microcolonel 1 hour ago 2 replies      
Every place where people can communicate is a place where they can proposition. If you're thinking of changing this, give up now while you have your sanity.

LinkedIn is a social network which prominently displays professional credentials. I have dated women I've met on LinkedIn and it's gone just fine (granted, nobody I was doing business with, that is unwise even if not illegal).

The question of the case, in my estimation, is Is it unlawful to send a picture of your genitals to a person who works with your company over a channel you might also use for business communications. This gets into all sorts of complicated matters; for example, is it unlawful to MMS a picture of your genitals to somebody who does business with your company?

Is there a precedent for a similar case but with a different medium? If the precedent did not penalize the defendant, is there something about LinkedIn or another detail of the case which distinguishes it?

24
The Machine of Tomorrow Today: Quantum Computing on the Verge bloomberg.com
110 points by jonbaer  11 hours ago   59 comments top 9
1
gregfjohnson 2 minutes ago 0 replies      
Is it possible that protecting superposition and entanglement will be a fundamental problem for scaling quantum computing? I could imagine that beyond some point, each time you add an extra qubit the cost of shielding the computation goes up by a multiplicative factor.

Say the observable universe has something like 10^100 subatomic particles total. I believe that by current estimates, this is an upper bound.

A quantum computer with 350 qubits would have 2^350 states, or more states than the total number of subatomic particles in the universe. A single "NOT" operation on one of those qubits would, in constant time, change half of those states. I.e., the quantum computer would do way more work than there are particles in the observable universe. For every single one of its operations.

I just don't see how the universe will let nerds on some tiny little out-of-the-way planet get away with that.

QC demonstrably works for small numbers of qubits. I just wonder if it will ever scale to the point that large problems can be tackled with QC in a cost-effective manner.

2
Asdfbla 8 hours ago 3 replies      
Since questions about crypto came up, here's a summary paper by Daniel Bernstein about it:

https://eprint.iacr.org/2017/314.pdf

Symmetric cryptography would be safe even with quantum computers (they just half the effective bit length of the cypher with Grover's algorithm, which can be compensated for by increasing the key length). Classical asymmetric cryptography would be in danger, but there are alternative systems for which no quantum based attacks are known. They can be a bit unwieldy to use and have much larger key sizes than what we currently use - but methods that are hopefully quantum-proof may exist. The Lamport signature scheme is probably one of the methods that is the easiest to understand.

Not all hope is lost for cryptography even with quantum computers.

3
nerflad 6 hours ago 4 replies      
Every article I read focusses on how quantum computing differ from classical at a high level. I know these are probably asinine questions, but how are these computers actually used? How are these experiments instructed to the machine? Do these machines have I/O? Does the state of the qubits have to be measured with separate equipment?
4
mrhektor 7 hours ago 2 replies      
Does anybody know of any good links / blog posts that explain the actual inner workings of a quantum computer in more detail?
5
virgil_disgr4ce 6 hours ago 2 replies      
"Quantum Computing Might Be Here Sooner Than You Think"

Haven't these stories had this same headline for at least 10 years now?

6
davedx 9 hours ago 1 reply      
It's going to be fun working in cryptography soon.
7
MichaelBurge 9 hours ago 6 replies      
Besides scientists, I don't really see quantum computers as being useful computationally. There's breaking cryptography, but then you're spending billions to inconvenience people into moving to a different quantum-resistant algorithm.

What about creating cryptography? Wikipedia has a few interesting applications:

https://en.wikipedia.org/wiki/Quantum_cryptography

I'm not a cryptographer - are security people excited about building all sorts of weird quantum protocols?

> Then you let the computer check all possible solutions essentiallyor a very large combination of themand come back with an answer, he says. In a quantum computer, theres no mathematician cracking the problem, he says. The laws of physics crack the problem for you.

That sounds more like an NTM than a quantum computer. An NTM would turn its owner into a God.

> Superposition is the mind-bending observation that a particle can be in two states at the same time. Bring out your ruler to get a measurement, however, and the particle will collapse into one state or the other. And you wont know which until you try, except in terms of probabilities.

It's not probabilities because people think of those as real numbers. The coefficients are complex numbers. There's a probability monad, for example, but no quantum monad:

http://twistedoakstudios.com/blog/Post5485_what-isnt-a-monad

The article sort of mentions it later on when they quote Scott Aaronson, but I suspect the author didn't understand and mentally reverted back to a probability model.

8
kwelstr 9 hours ago 3 replies      
I wonder if and when we have working quantum computers bitcoin and crypto will be able to adapt or die. I mean, breaking secret keys with quantum should be easy.
9
basicplus2 6 hours ago 2 replies      
I'll believe in a quantum computer when I see one.
25
Ask HN: My company has been acquired and I'm kicked out. What should I do now?
7 points by throwaway487  1 hour ago   4 comments top 4
1
existencebox 46 minutes ago 0 replies      
"Failure".

I'm about your same age. I have a carreer which, arrogantly, everyone I know considers "pretty damn good"

I've shipped a fraction of what you have in terms of end to end solutions, let alone piloting the ship as a founder would have to. I've learned skill sets deep in narrow areas, but this has left me wanting for broad exposure and heterogenous understanding.

Your experiences and _successes_ (you SHIPPED, even if it failed after N years, and that's not even including a fucking _sale_; how many engineers get even close to that far?) give you skill sets that I couldn't easily replicate from my entire peer network. Do not sell yourself short. Even if you HAD failed, and spectacularly (and both times!) that's still a remarkable amount of firsthand experience that, outside of any pathological decisions on your part I don't know about, may not say anything negative at all about your choices and decisions. (and even if it did, experience is experience, you make mistakes and learn from them, and are so much more valuable after. Did you see the HN lashback to the eng. getting punished for deleting prod? and that's a pretty damn overt failure.)

I can ramble on as the above well demonstrates, largely because I have a deep wellspring of reasons why you're being silly. Please don't take this to be a statement meant in insult, I'm sitting here amazed at your accomplishments as I'm reading, get to your conclusion, and go "wait what why huge failure no stop that".

Actionably, maybe go work for a bigCo/midstage/something more grounded for a few years. Keep yourself stable and sane, see what exists in the world and what other people have done. I hope it will help you see the perspective I have, which paints your accomplishments in a very favorable light. (more importantly, don't take my advice literally, I'm saying broadly, do something to keep yourself afloat, employable, and to give yourself time to unwind and just _do shit_ as you want. Some amount of stability and freedom has done volumes in my own life for regaining mental strength in periods of conflict.) And do this in the knowledge and confidence that this engineer would consider himself lucky to work with and learn from someone who has "failed" as much as you have :)

2
plehoux 57 minutes ago 0 replies      
Experiment, create and take on fun/small projects just for the fun of it. You like music, experiment with music. You like games, code small demos/prototypes. You like science/data visualization, do that. Find the joy, don't be too serious.

In 2010 I barely knew how to code, was a bit depressed. I started doing small JS/C experiments/art projects for a few months... changed me forever.

3
SirLJ 29 minutes ago 0 replies      
Take a look into the stock market and try to develop trading systems... if it works out, you'll be set for life... good luck
4
AnimalMuppet 50 minutes ago 0 replies      
Take time to mourn. If you haven't been doing that in the last three months, do it now.

Take time to rest. If you haven't been doing that in the last three months, (try to) do it now. This means stopping worrying about your future for a bit. Give yourself a month to have fun and be lazy, without feeling guilty about it. (That is, try to do so. If you find that you can't, well, you can't.)

And then it's time to figure out the next step.

By the way, something like 90% of startups fail. You had two out of two startups fail. This shouldn't surprise you. It's the most likely outcome.

26
New features you can't use unless you are in Python 3 asmeurer.com
208 points by bkudria  8 hours ago   175 comments top 22
1
KerrickStaley 2 hours ago 0 replies      
One big thing that's missing from this list is the __traceback__ on exceptions, which pretty much does what you think it does. In Python 2, there's no way to access the traceback for an exception once you've left the `except:` block. This matters when you're using things like gevent; if one of your gevent greenlets throws an exception and you inspect the .exception attribute on it, you'll be able to get the exception message but won't know what line it came from.

N.B. This is absent from Python 2 due to concerns with creating self-referential loops. The garbage collector got better in the meantime and the feature was never backported to Python 2.

2
dlbucci 4 hours ago 4 replies      
I did not know you could append to a Path via "/", but that's really awesome! I also really love working with generators when I write Python. They are just such a simple idea that's very powerful and I miss them so much when I go back to javascript (I know javascript has them now, but I haven't written them, and they don't look as fluent as Python 3, where the large parts of the language design is based around them).
3
signet 4 hours ago 1 reply      
My personal favorite is native support for IP addresses, introduced in python 3.3[0]. Makes IP math and address validation so much easier.

[0] https://docs.python.org/3/library/ipaddress.html

4
morinted 3 hours ago 1 reply      
I really like the format strings in Python 3.6: https://docs.python.org/3/whatsnew/3.6.html#whatsnew36-pep49...

Seems that this set of slides (which were very informative!) is for up to 3.5

5
NuSkooler 4 hours ago 4 replies      
How old is Python 3 now? I've always used Python for a "miscellaneous task" language, and still do... and even I find "...because you refuse to upgrade" a bit insulting. If I used it for something serious, even more so.

The way 2.x -> 3.x was handled is/was/will is an absolute disaster. Upgrading simple scripts is a non-issue. Larger projects seem to always be a horrible pain.

6
flavio81 3 hours ago 1 reply      
TL;DR:

The important stuff that makes a good case for Python 3:

- Adittion of "yield from" allows easier programming with async I/O "a la " Node.js (using 'await')

- Standarized annotations of function arguments and return values can help in the future for type checking, optimization, etc.

Even more important stuff

- Unicode can be used in symbols. You can now use Kanji characters in your function names, to annoy your coworkers and win the International Obfuscated Python Code Contest.

Other stuff

- Minor unimportant stuff that is definitely no reason alone for switching for Python 3.

7
Fej 5 hours ago 7 replies      
Does anyone use 2.x by choice? I've only seen it required as to not break legacy code.
8
AndyMcConachie 3 hours ago 0 replies      
Read this and then realized a bug I was chasing in some Python 2.7 code was actually because I was comparing a Long with a String :)

Thanks for helping me solve my bug dude!

9
alanfranzoni 1 hour ago 2 replies      
I still don't think that any of those new functions justifies the need of a total compatibility breakdown, like the one that was artificially induced from python2.7 to python3.

Python3 is good, but should have happened as a smooth transition from python2.7. The way it was handled was just a mess, and still keeps polluting the Python world.

Next time somebody asks what Java has over Python... here it is: nothing like the python 2 vs 3 mess.

10
ericfrederich 3 hours ago 3 replies      
From: http://www.asmeurer.com/python3-presentation/slides.html#55

... why is this good:

 def dup(n): for i in range(n): yield i yield i
... but this one better?

 def dup(n): for i in range(n): yield from [i, i]
... it would seem you're needlessly creating (1): another level of generators, and (2) creating a real list

11
cpburns2009 5 hours ago 2 replies      
This presentation could use some navigation buttons.
12
gshulegaard 5 hours ago 1 reply      
Quite a nice presentation!

But I just wanted to point out that the title is a bit presumptuous. I don't refuse to upgrade to Python 3, it's that the default Python for most distributions is 2 (sometimes as far back as 2.6). If you want to write a user-space tool with Python you can either require additional dependency setup, bundle a full interpreter with your package, or just write Python 2.7/6 code that is forward compatible with Python 3...in which case I still can't use the new features of 3.

At the end of the day, the continued slow adoption of Python 3 today is because ecosystems move slowly. Not to mention the original releases of Python 3 were really rough around the edges (such as being slower than Python 2.7 until ~3.4) which definitely contributed to the slow adoption in the early years.

13
iandanforth 4 hours ago 2 replies      
Asyncio is the most important feature of 3.5+ imo. I'm not sure why this is buried at #8.
14
xutopia 5 hours ago 7 replies      
I'm impressed how much Python seems stuck on older versions. What went wrong?
15
mahyarm 1 hour ago 1 reply      
It's funny how the differences between python 2.7 & 3.x is less than swift 2 to 3, yet python stays in 2.7 land forever.
16
iainmerrick 5 hours ago 1 reply      
The new keyword-only arguments look great, but it looks like it relies on adding a " * " parameter that allows any number of arguments. What if I want the safety of keyword-only arguments, but I don't want varargs? Is there a way to do that?
17
jtchang 4 hours ago 3 replies      
Just wondering but what should you do if you decide to go with Python 3 and find a library you want to use that isn't compatible and you are short on time?
18
JupiterMoon 4 hours ago 4 replies      
Open page. Nothing works. Enable their scripts. First slide shows but nothing works - except the link to the pdf version.

Why not give a link to the pdf version in a <noscript> element?

19
flavio81 3 hours ago 0 replies      
It seems i also can't scroll to the next page on this slide "because i refuse to upgrade to Python 3"...
20
matthewmacleod 5 hours ago 3 replies      
Ruby's 1.8 to 1.9 transition seemed to go much smoother - I'm curious what the difference is. Just down to what is essentially better source comparability I guess.
21
KaiserPro 2 hours ago 0 replies      
thus, python did jump the shark.

The biggest thing that python _needs_ is proper multithreading.

The rest is nice noise.

22
SeanDav 5 hours ago 1 reply      
Alternative view titles:

Zero - The Number of Applications that Can only be Developed in Python 3

or

7456324 - The number of companies that only use Python 2.x

Although these made up titles are slightly tongue-in-cheek, they do server to illustrate that for me at least, I do not have a compelling reason to switch to Python 3.

27
The Workings of an Ancient Nuclear Reactor (2009) scientificamerican.com
72 points by Hooke  11 hours ago   8 comments top 3
1
shaqbert 2 hours ago 1 reply      
TL'DR - some Uranium deposits have unnaturally low concentrations of Uranium U-235. There is proof in the footprint of the occurrence of fission products that this must be due to natural fission having taken place way in the past.
2
cossatot 7 hours ago 1 reply      
In geology, there is a general tendency to think that, given sufficient time (which we have had), anything that could possibly happen has already happened at least once. This is a prime example of that.
3
cmurf 1 hour ago 0 replies      
This is my take away quote:In this regard, it was extremely effective, allowing not a single meltdown or explosion during hundreds of thousands of years.

And runner up: The more important lessons may be about how to handle nuclear waste.

28
Susan Fowler's Uber Expose Should Win a Pulitzer forbes.com
171 points by GCA10  5 hours ago   44 comments top 8
1
wand3r 2 hours ago 6 replies      
If a journalist with no experience learned to code on the side and built something interesting we would applaud. We wouldn't make them an SRE at Google or Uber. Fowler did something great and it was powerful despite not being her life's focus. There are journalists who are as good as Fowler is at technology. I dont think a Pulitzer is the venue to recognize Susan's work, nor do I think she would win. I do think we should recognize her writing, and believe she has already had a meaningful impact
2
logandavis 2 hours ago 2 replies      
An interesting idea. Fowler certainly deserves credit for her work. As the author correctly notes, it was not only a courageous thing to publish, but also an impressive piece of writing.

On an unrelated note, the experience of reading this article for me was absolutely destroyed by the Forbes ad-block-blocker and the ad-first design of their article view. There were a couple of autoplaying video ads and one particularly pernicious scroll-locking ad on the sidebar to the right. Forbes is one of the very worst offenders in web monetization, as they demand you turn off AdBlock and then serve you a garbage reading experience (usually of a poorly written article by an unpaid or low-paid "contributor"). Every time I visit their website, I feel a sudden urge to start espousing Ev William's gospel that Something Must Be Done about content monetization on the internet, before Futurama becomes reality:

https://www.youtube.com/watch?v=YlGklt4BSQ8

3
danial 1 hour ago 1 reply      
The Forbes article references the article with this useless link: http://www.linkedin.com/today/

Here is the correct link: https://www.susanjfowler.com/blog/2017/2/19/reflecting-on-on...

4
redm 3 hours ago 2 replies      
I only associated Pulitzers with journalists, reporters, writers, and other professionals in that vein. It's a fascinating new era where anyone (not just professionals) could be eligible because of the Web and its ability to connect people.
5
6stringmerc 1 hour ago 0 replies      
Great example of a Personal Essay struggling with Truth and Context in ways that resonate with others. It's quite easy to dismiss a Person / Former Employee Complaints with "Oh that's just your experience, it's not a real problem" but it's not Honest[1]. There's merit in sharing personal truths by way of anecdote. Change can follow.

[1] Hysterical delivery, too much emotion, swearing, or just bad writing can ruin a piece's impact before it gets to its message, but when done with great craft, it's a sight to behold.

6
tptacek 1 hour ago 0 replies      
Jack Schafer's piece on the superficiality of the Pulitzers comes to mind[1]. Awarding one to Fowler might be a decent corrective.

[1]: http://www.slate.com/articles/news_and_politics/recycled/200...

7
supercanuck 4 hours ago 1 reply      
If Silicon Valley technologists were on the case, we'd still be waiting on "tangible" data indicating there was a problem to begin with.
8
mohamedattahri 3 hours ago 2 replies      
With all due respect to Susan Fowler and her courage, I think this would be an insult to investigative journalism.
29
The Cornell professor who invented the chicken nugget atlasobscura.com
89 points by samclemens  12 hours ago   30 comments top 12
1
crummy 9 hours ago 1 reply      
Interesting article. Couldn't help be reminded of this scene in The Wire: https://www.youtube.com/watch?v=xyg_v7Vxo4A
2
jasongill 9 hours ago 3 replies      
Interesting article, but I was disappointed that the article didn't talk about chicken nuggets at all!
3
dkhenry 8 hours ago 3 replies      
When you make this yourself you have to be careful not to let the sauce break. Add in the egg and oil and beat vigorously then slowly add the vinegar while mixing. You want a nice emulsified mixture. Also make sure you base every 5-10 minutes, thats a lot more frequent then you might do when normally cooking chicken, but you really need to build up the layers of sauce on the outside. Finally I have never gotten a good result off propane, so give it a try on coal if its not turning out right
4
iaw 4 hours ago 0 replies      
Cornell is such an odd university, thousands of little contributions over the decades to every field that touch the lives of everyone in the world.

I always get a kick when I learn about another little thing that was invented there.

5
mediaright 6 hours ago 1 reply      
Sometimes the best things are memorialized in song:https://youtu.be/OEa8wqv4QM0
6
cpfohl 9 hours ago 2 replies      
Didn't even realize Cornell chicken was regional... We've eaten it that way my whole life. I suppose the "Cornell" should have tipped me off.
7
gbromios 7 hours ago 0 replies      
>prototype chicken nugget

for some reason, this phrase resonates deeply with me.

8
Rhinobird 4 hours ago 0 replies      
So, nuggets are made from the Cornell of the chicken. That also explains Cornell Sanders.
9
alistairSH 5 hours ago 0 replies      
Is there another name for "Cornell Chicken"? I swear I've had it (or something very similar) down here in DC metro, but never heard the name.
10
wcummings 6 hours ago 0 replies      
This guy also invented the McRib, which I think is really his true legacy.
11
johansch 1 hour ago 0 replies      
I have noticed that vinegar plays a key role in a surprisingly large amount of the dishes that I enjoy making over and over again...
12
uberchet 7 hours ago 0 replies      
30
Someone was typing in a URL and WhatsApp was fetching it off my server twitter.com
115 points by sr2  2 hours ago   42 comments top 13
1
thebiglebrewski 1 hour ago 2 replies      
Did you all know that chrome does this too? May sound obvious but I always had assumed that nothing is sent until you press enter for some reason (yeah I know, search prediction would be impossible without that). But one day I was type in a path on a test URL and noticing my server getting hit on - every single letter.
2
emilfihlman 1 hour ago 3 replies      
E: Disregard. Whatsapp is doing exactly what they should be doing. Telegram seems to proxy the requests.

Why is no one saying anything about end to end crypto?

Whatsapp shouldn't be able to see my messages, isn't that what they say themselves?

3
code_duck 2 hours ago 1 reply      
In order to produce the link preview, probably. As far as why it's character by character, I don't know, but that doesn't seem very sinister to me. Checking URLs letter by letter is sloppy, especially if you're not even trying to do auto completion, but it doesn't reveal any more information than a complete url could. Anyway, I would think they are expecting people to paste URLs in, not type them.

I've written code to fetch sites and give a preview, for a bookmarking bookmarklet. This involves analyzing the html for title and to select best image to represent the page. That of course necessitates retrieving the page, either through the client or server.

4
twiss 1 hour ago 0 replies      
This makes me think of another potential privacy risk: if you paste a URL in WhatsApp, or click Android's share button and select WhatsApp, it doesn't add a space after the url. Most users are probably aware that they have to add a space, but if they forget, WhatsApp will probably send the first word of the rest of the message to the server. (Similarly if you paste a URL at the start of an already-written message, but maybe that's even more contrived.)
5
Hoshea 2 hours ago 0 replies      
Apparently several other messaging apps behave similarly, from the replies in that tweet there were mentions of Facebook Messenger[0] and Telegram[1].

[0]https://pbs.twimg.com/media/DCRsz7mXUAAEbKK.jpg[1]https://pbs.twimg.com/media/DCSyWs0XcAAQb2N.jpg

6
philippz 2 hours ago 1 reply      
On the one hand it provides a greater user-experience if Whatsapp can figure out the URL and preview information about the posted URL (like any social network does today, even we do it at STOMT when you attach an URL to your feedback).

On the other hand i do not get why they send it after every character. Makes it even faster but creates a bunch of unnecessary requests. Not very user friendly. They could do it after they recognize a finished URL (as soon as there is a space). And as pointed out in the tweets it COULD harms the users privacy.

7
sliken 1 hour ago 0 replies      
Skype scans messages for URLs and downloads them. Microsoft claims is that they are checking for malware, still creepy.
8
kawera 11 minutes ago 0 replies      
Prefetching a webpage to generate it's preview should at least be optional, controlled through user settings.
9
adad95 29 minutes ago 0 replies      
I believe this Behavior is for information gathering about odata.
10
hakcermani 1 hour ago 2 replies      
One aspect is the lack of debounce, but also revealing the endusers ip and user agent. They could proxy external link requests via whatsapp servers without breaking end to end encryption. wonder what iMessage does ?!
11
luisrudge 2 hours ago 0 replies      
probably whatsapp web version? it adds some kind of description if you send an url: https://i.imgur.com/Rkl2cZJ.png
12
ythn 2 hours ago 1 reply      
Seems like they need debounce? Most JS utility libraries (lodash, etc) have a debounce function...
13
out_of_protocol 2 hours ago 2 replies      
Plain creepy. Also, does it produce a lot of traffic?
       cached 14 June 2017 22:02:02 GMT