hacker news with inline top comments    .. more ..    4 Sep 2017 News
home   ask   best   2 years ago   
Writing a SQLite clone from scratch in C cstack.github.io
123 points by ingve  1 hour ago   10 comments top 4
stevoski 48 minutes ago 0 replies      
If you prefer Java to C, I recommend taking a look at the source for H2, a pure Java SQL database engine. It is surprisingly easy to follow.

I've contributed to the H2 source code a few times, and in the process I got to learn much about how a database engine is implemented.

H2 home: http://www.h2database.com/

H2 Github repo: https://github.com/h2database/h2database

somehnreader 1 hour ago 0 replies      
Hi, TUM has a lecture for this in which the students build a database in C and learning fundamentals along the way.

I attended a few years back and learnt an awful lot, this is the course page:


Haven't found the accompanying slides yet, but they must be somewhere on their website.

Luker88 39 minutes ago 0 replies      
This comes right at a time when I started attempting something similar (though I don't care that much about documenting it)

You might want to read some overviews on:

 * postgres atomicity: https://brandur.org/postgres-atomicity * postgres disk format: http://rachbelaid.com/introduction-to-postgres-physical-storage/
I have not read much on replication, though. Does anyone have any pointers?

flunhat 1 hour ago 2 replies      
Very nice! If you wanted it to save to disk instead of living wholly in memory, how would you do that in C?
Run your own OAuth2 server ory.am
117 points by machete143  2 hours ago   27 comments top 10
tinco 0 minutes ago 0 replies      
Is not running Postgres in Docker in production still a thing? What kind of problems are people running into? I love having everything managed using the same deployment techniques and I was on a team that ran Postgres in Docker in production for a couple of years and never ran into trouble. Of course that doesn't mean anything so I am curious.
StavrosK 1 hour ago 1 reply      
Isn't the "problem" with this that you can't get arbitrary websites to talk to your OAuth2 server? For example, even though, say, Gitlab, supports OAuth2 login with Github, I can't get it to authenticate with stavros.io.

This is the problem Portier (https://portier.github.io/) and OIDC aim to solve, ie to be able to auth on any website with an auth instance you run.

I love this idea because it's much easier to secure one thing whose sole purpose is authentication than to secure every thing you want to authenticate on.

andreareina 1 hour ago 2 replies      
> Please use more secure values in production. ;)

That's not going to stop people from using those exact values. How many breaches have we seen due to the lack of sane defaults? Tutorial code (especially when written by the people putting out the software) is a default, and it's likely to result in plenty of people running this exact code in production.

kennydude 5 minutes ago 0 replies      
If you're using Django, Python Social Auth tends to go a good job at this without any extra servers.
machete143 2 hours ago 0 replies      
If you're not into reading the article itself and want to check out the technology first, here's the link to github: https://github.com/ory/hydra

If you have any questions, feel free to ask ahead.

ourcat 1 hour ago 1 reply      
Worth adding to this that Wordpress have been working on an official OAuth1.0a server plugin for while alongside the development of the new REST API. It works well. I've built an iOS app on the back of it. (1.0a was chosen due to WP not wanting to enforce https.) https://en-gb.wordpress.org/plugins/rest-api-oauth1/

I've also seen discussion on an official OAuth2 server plugin, what with the rapid increase of https sites, thanks to the likes of LetsEncrypt.

There's a well supported OAuth2.0 server plugin here: https://en-gb.wordpress.org/plugins/oauth2-provider/

But you'd be wise to only run it via https.

EtienneK 49 minutes ago 1 reply      
Worth mentioning Keycloak as well: http://www.keycloak.org/

I've been playing around with it recently and it seems to be a very capable OIDC/Oauth2 provider indeed.

richardknop 1 hour ago 1 reply      
Interesting work. Especially for me as I have spend a lot of time delving into OAuth2 spec during my career and I have my own competing solution :)

See it here: https://github.com/RichardKnop/go-oauth2-server

Available as docker container. You can simply deploy it via docker-compose up.

Yours seem to be better maintained though :)

manigandham 1 hour ago 0 replies      
Also worth mentioning IdentityServer: https://identityserver.io/
gallerdude 1 hour ago 1 reply      
I already have a hard time with OAuth Client!
Watsi launches universal health coverage, funded by YC Research watsi.org
376 points by chaseadam17  13 hours ago   228 comments top 20
AndrewCHM 11 hours ago 1 reply      
sgpl 13 hours ago 1 reply      
This is awesome!

Is there something in the works that would make it possible for 'donors' to cover the annual enrollment costs for others? Or would that defeat the purpose?

And this is off-topic but that's brilliant photography - kudos to the photographer(s)!

moonka 12 hours ago 1 reply      
Incredible work. So many times you hear people working on this that will "Change the world", but these guys are actually doing it!
gault8121 9 hours ago 0 replies      
Congratulations Chase and the team, it's incredible to see such a complex product built in such a quick time period. How many folks from the dev team were in Uganda? And is this tool open source?
knivets 43 minutes ago 0 replies      
Does anyone know what is the model of the fingerprint scanner used in the article?
dalbasal 7 hours ago 0 replies      
A feel like I'm hearing the middle of a conversatoin

The language used to describe this program seems to land it in the US' medical system debate. EG enrolling in health coverage. A lot of the comments here are focusing on that debate.

I imagine the situation is different enough (industry, patients, funding, etc.) to make the comparison something of an analogy.

In any case, I'd like to hear a bit more about watsi's role and goals. Is this a medical insurance/bureaucracy infrastructure governments can adopt? An alternative way to raise/use donor aid, funding insurance instead of clinics? Are "crowdfunding" and "coverage" separate initiatives?

cheeze 12 hours ago 1 reply      
My universal fund donation is the best money I spend every month. I love Watsi!
Strom 12 hours ago 2 replies      
Fingerprint based system seems like an interesting choice. Don't these people do a lot of manual labor that scratches fingers? I sometimes have identifying trouble myself due to finger damage and I sit in an office.
aheilbut 13 hours ago 2 replies      
What exactly can be provided for $0.78 per month?
fillskills 13 hours ago 1 reply      
Wow thats cheap! That's awesome work Watsi team! What are some scaling issues you think you will face over the next few years?
rsingla92 13 hours ago 0 replies      
Watsi has been doing tremendous work in this area. Congratulations!
sriram_sun 10 hours ago 1 reply      
FTA:"193 of the world's governments share a goal to achieve universal health coverage by 2030." What does this mean? Aren't governments always paying lip service to some form of "universal coverage"? Isn't that one of the goals of any good government?
wslh 3 hours ago 0 replies      
Where do you apply to be funded by YC Research?
Noos 2 hours ago 1 reply      
This isn't going to work.

It looks like they are just appifying the missionariy/charity elements already going on in african nations, not providing universal healthcare. To have real universal health care would involve a lot of infrastructure building and education which would be way beyond what a small start up could do.

spike021 12 hours ago 0 replies      
This is awesome to hear! First saw/heard about you guys at the ELEO conference in San Jose a few years back.

Great work!

danreed07 8 hours ago 0 replies      
This is an incredible accomplishment. Congratz guys.
pchristensen 13 hours ago 0 replies      
This makes my heart happy to hear!
kbart 3 hours ago 4 replies      
What I don't get about USA mentality is that Americans collectively pay >600B/year to fund military[0], trillions worth of pointless wars[1] via taxes and are happy about that, but when it comes to paying some extra to fund their own and fellow citizens healthcare (which costs nearly twice less than military spending[2]), suddenly it's somehow against free market and "American spirit". Is it a paramount of government brainwashing, lobbying or something else?

0. https://www.cnbc.com/2017/05/02/how-us-defense-spending-stac...

1. https://www.reuters.com/article/us-iraq-usa-funding/u-s-cbo-...

2. https://en.wikipedia.org/wiki/Health_care_in_the_United_Stat...

jnardiello 10 hours ago 8 replies      
State-sponsored universal coverage: "that's for commies! Not acceptable!"

Silicon Valley VC-based universal coverage sponsored with crowdfunding: "wooooho that's super great! I love technology"

I would laugh if It wasn't for the milions not being able to afford basic healthcare.

peterwwillis 10 hours ago 2 replies      
Healthcare is complicated and expensive. This startup comes out with an app, a fingerprint scanner, and some compelling images, and now people are willing to hand over their money to some brand new company claiming they will bring universal healthcare to the masses.

Rather than develop a long-term set of healthcare provider alternatives, they're depending on selling a story and getting funding from people sensitive to heart-warming stories on the internet to "change the world". If any link in their public relations chain is broken, there goes the project.

I really like the idea. But copying a Sally Struthers late-80s TV commercial probably isn't going to solve healthcare.

Miscellaneous Arduino bits and pieces vwlowen.co.uk
114 points by Jerry2  9 hours ago   43 comments top 3
sleavey 5 hours ago 2 replies      
I love this kind of stuff. I recently built a slow cooker controller to make yogurt that essentially consisted of an Atmel ATmega328 (same as the Arduino Uno) controlling a relay using a DS18B20 digital thermometer. Then, when I was building it, I thought it'd be cool to have a touch screen display to set the desired temperature. Then, I figured that I might as well power the Arduino using the mains supply instead of having a separate 5V input on the box.

In the end, I learned about mains filtering, switch mode power supplies, safety clearances, fail-safety, microcontrollers and programming touch screens all at the same time. Despite there being cheaper, off-the-shelf solutions available, I preferred this approach.

amelius 5 hours ago 4 replies      
I have a nice project idea: build a replacement for HP's iLO (integrated lights out) system. Basically, all it needs to do is provide remote power and reset buttons for a server. An advanced version could also provide a remote keyboard, mouse, video, and port for an USB stick. The main reason why I'd want this is because HP's support system is a mess, iLO is expensive, and restricted to HP servers.

I think it could be done with a Raspberry Pi, and hopefully with minimal soldering inside the server itself.

retSava 7 hours ago 4 replies      
meta: I really like these kind of blogs which are more or less a braindump with heart to it. I'm sure there are many nice nuggets of wisdom and experience if you go through the posts.

To take an example, http://vwlowen.co.uk/arduino/spectrum-analyser/spectrum-anal... about taking a simple 2.4 GHz module and building a spectrum analyzer, is a nice post. You can tell he enjoyed doing it.

Switching Your Site to HTTPS on a Shoestring Budget css-tricks.com
23 points by robin_reala  1 hour ago   16 comments top 6
vog 49 minutes ago 1 reply      
Is this meant to be camouflaged advertising for Cloudflare?

Why don't they mention Let's Encrypt? It is free and easy to setup.

zemnl 20 minutes ago 1 reply      
FYI there is an alternative to Github Pages + Cloudflare if you want to use Let's Encrypt using the same features of Github Pages: Gitlab Pages. It allows you to add your own certificates with the only downside that there is no good option to enforce HTTPS (only workarounds, at least for now; there is a discussion on the matter [1]), if this is a problem for you the solution is (Github|Gitlab|Bitbucket)+Netlify, which, personally, I find to be perfect.

[1] https://gitlab.com/gitlab-org/gitlab-ce/issues/28857

manishsharan 25 minutes ago 0 replies      
Until last year I had been using an SSL certificate purchased from SSLSecurity . However,I switched to AWS provided free SSL certificate for my domain, which is free and usable with my Elasatic Beanstalk applications . I have a static website hosted on AWS S3+ Cloudfront and AWS SSL certificate worked there as well.

edit : I also use letsencrypt certificates on my Linodes.

bluetooth 52 minutes ago 2 replies      
Cloudflare is a valid suggestion, albeit (IMO) inferior to letsencrypt in many cases. Surprised to not see it mentioned here, given that it also costs nothing, for arguably more security.
dijit 1 hour ago 2 replies      
Get SSL from using a thirdparty MITM?

Not only do they control your DNS they also control all traffic going to your site, also the connection between you and them is not encrypted.

I figured this would be a tutorial for letsencrypt. Cloudflare certainly is an option but it's not one I would recommend for -most- people unless I know why they're opting for SSL. If it's static content then sure- but I don't support cloudflare for dynamic content. I'm responsible for things like passwords and I can't keep that responsibility if I actually choose to MITM my own site with an external company.

Trust doesn't enter into it. I don't trust myself with your password so why would I trust anyone else?

davidgerard 50 minutes ago 0 replies      
Here's how I did this on a WordPress on Apache, terminated at the Apache:


It took ten minutes. I boggled at how easy it was.

Claude Shannon: Mathematician, Engineer, Genius and Juggler? juggle.org
4 points by wallflower  1 hour ago   1 comment top
ColinWright 50 minutes ago 0 replies      
I used to think people were "odd" for saying that a particular font was hard to read, or that there were significant differences in the typeface used, but this is nearly impossible for me to read. I copied the text out into an editor and read it there.

It's a great read, and there were quite a few snippets I didn't know - for example, I didn't know that it was Arthur Lewbel who tried to juggle upside down.

Thank you for this.

Introduction to HTML Components mecheye.net
241 points by Jasper_  13 hours ago   107 comments top 16
coldtea 17 minutes ago 0 replies      
I think Web Components will have/already had the same fate.

To paraphrase the meme: "Stop trying to get Web Components/Polymer to happen. They aren't gonna happen".

At least not in this version of them. It's like XHTML that went about for years before it was taken out of its misery.

We needed something like Web Components for a long time -- but the current implementation is exactly how it should not have been done.

React/JSX got the good parts of it, and added even more useful things. If we could add the missing parts on top of that (like encapsulation from the external DOM), it would be perfect, and the rest of their horrible API/design can vanish.

shadowmint 11 hours ago 14 replies      
Personally, I think there's an important lesson here, and its the same lesson that polymer is learning as it stumbles around trying to convince people to use it.

Most people don't actually derive much benefit from writing custom UI widget primitives.

Certainly, that's a useful thing for a UI toolkit builder to be able to do, but tangibly, for most people, it's not actually useful.

I don't have time to invest hours implementing `ImageDropDownSpinner` as a custom element. <select> is good enough for me, and heck, maybe I'll use some 3rd party widget if I need something special.

That's not why react, vue, angular, etc. are winning the mind share of 'how to build web apps'; building UI widget is far less interesting than the ability to decompose your UI into a custom hierarchy of re-usable self contained units of functionality, that only at the lowest level actually involve UI components, is extremely powerful.

They might look like custom widgets, but <PageFoo> isn't a UI widget, it's your entire application; that's the difference.

It's easy to say this was a revolutionary idea, before its time, and it would have flown today instead of vanished into obscurity... but I think it missed the mark; it didn't solve problems people were actually having.

...but to be fair, it's easy to look at 'Web Component' efforts (like Polymer...) and go... yeah, this seems very familiar...

bradneuberg 10 hours ago 0 replies      
Nice; I used these "back in the day" while at Google to implement the illusion of native SVG support in Internet Explorer 6-8; I used hidden Flash for the rendering and Microsoft Behaviors wrapping it all so that the fake SVG would look like it was part of the DOM for full JS scripting. Fun times. Check it out here: https://github.com/BradNeuberg/svgweb
fergie 7 hours ago 0 replies      
"Why did IE5s HTML Components never quite catch on? Despite what you might think, its not because of a lack of open standards"

Actually thats precisely why it never caught on. Source: I was front end developer at one of the big dotcoms ca 2000.

Also, its remarkable how many people skimmed this article, and didn't understand that the first part was from 1999. That really says a lot about people's expectations when it comes to Microsoft and web technology.

ab8 10 hours ago 1 reply      
I am not sure it is not a coincidence that the same idea keeps resurfacing. I remember reading pretty early on that HTML/XML/XHTML would eventually lead to a world where "chemists would have their own tags to represent chemical formulas" and similarly each discipline would develop their own tag language. Browsers would just know how to render them!

People have tried to materialize this idea in multiple ways over time - HTC, microformats, web components etc. It should not be surprising that the solutions are similar. This isn't to say the first implementation was the best, and the others have just forgotten history. I am sure there are some pretty senior web developers around who remember their history, and were even part of it. If anything we should be optimistic that the new implementations have learned from the mistakes of the past.

ausjke 33 minutes ago 0 replies      
Polymer will ditch 'html-import'(which is similar to the HTML component) as it is not widely implemented on browsers and such.

Polymer 3 will switch to ES6-loader and npm, probably one year away?

I spent quite some hours with Polymer, but finally give up for now, one reason is that I want Polymer 3 today, but it is not there yet, also big companies tends to make its stack for big players(look at Angular2).

I will use Vue.js for new projects at the moment, I read somewhere saying, Vue.js could be the next modern jQuery, and I kind of agree.

stupidcar 8 hours ago 0 replies      
I remember discovering these in the mid-2000s, and thinking along the same lines as the author: why hadn't they caught on and been standardised like XMLHttpRequest, etc. had been?

I think the reality is, Microsoft introduced these technologies at the tail-end of initial "dot com boom". Shortly afterward, most of the companies who might have built ambitious web apps using them went bust. Microsoft stopped investing in IE, and for quite a while afterwards, web development regressed to people building document and brochure-style sites. People were too busy trying to figure out complex CSS, and what `hasLayout` meant in IE to build component-based apps.

A few years later, web development crept out of the doldrums: JavaScript's reputation began to be rehabilitated, the term "AJAX" was coined, and companies like Google began building more ambitious web apps. But by now Firefox was the browser of choice for most developers, and had gained enough market share that you couldn't build IE-specific sites.

Mozilla teamed up with Opera and Apple, and later Google, to create what became HTML5, and that included reverse engineering and standardising a number of proprietary IE APIs. However, they chose to ignore element behaviours. Presumably because they had their own component technology, XBL, and wanted to make that the basis of web apps. And, since element behaviours never made it into Firefox, developers never started using them.

My guess is, had Firefox adopted them, they'd now be a standard part of the web platform, and we wouldn't have web components as they currently stand. There are a lot of similar "what ifs" in the history of the web. For example, what if Microsoft had adopted XBL? What if flexbox and grid had been implemented in early 2000s when they were originally designed, instead of fifteen years later? What if ES4 had been accepted and implemented? What if Cassowary had been built into CSS when it was proposed, instead of being ignored (and later used by Apple as the basis for auto layout)?

finchisko 9 hours ago 2 replies      
As far I remember that time, I would say IE Components didn't succeeded, because at that time server side rendering was far more popular. I personally was doing sites in PHP and tried to avoid JS at all costs. Strange that today I'm doing exactly opposite.
drawkbox 7 hours ago 0 replies      
A great early site back in the DHTML/component days where IE4 was really pushing things was WebFX [1]. This was back when IE was actually a good browser as Netscape was fading due to DHTML/early AJAX (which was the XMLHttpRequest object originally from Exchange Server). DHTML at the time was mostly easier in IE because it didn't draw a new DOM for each layer i.e. document.layers (Netscape) each layer was a new full DOM and document.all (IE) was one DOM.

[1] http://webfx.eae.net/

lucaspottersky 4 hours ago 0 replies      
> "Why did IE5s HTML Components never quite catch on?"

because technology per se is just one of the variables that matter. For example, you are missing things like "timing", "marketing strategy" and a whole lot of other things. =)

MatmaRex 3 hours ago 0 replies      
These were widely used for at least one thing in practice: adding support for :hover pseudoclass on arbitrary elements (not just <a>) in IE6. https://peterned.home.xs4all.nl/csshover.html
JepZ 5 hours ago 1 reply      
I think the main problem with IE technology was the way Microsoft pushed it down our throats. The tech wasn't necessarily bad, but when the giant corporation pushes new features while not respecting/implementing the existing standards very few people support their efforts.

So as a result 96% hated the IE and the other 4% were using other browsers. No wonder nobody wanted to use the newest Microsoft only features.

jflowers45 12 hours ago 2 replies      
I'm slightly confused by the combination of "introduced in Internet Explorer 5.5" and "offers a powerful new way" being written in an article posted on August 28, 2017
urvader 11 hours ago 1 reply      
I used HTC a lot and waited for the other browsers to implement it. XBL came around but waited many years until it became web components. Great post!
jlebrech 10 hours ago 1 reply      
creating apps in html is like creating a spreadsheet in word.

why didn't we stick to xml and use a language to transform it into ui.

fish_fan 9 hours ago 0 replies      
Wow, reading this is like a blast from 2004. DHTML? JScript, the propriety IE javascript dialect?

All without the marketshare of the time, thankfully.

With Android Oreo, Google is introducing Linux kernel requirements betanews.com
63 points by rbanffy  3 hours ago   27 comments top 6
swiley 2 hours ago 1 reply      
This appears to be the source: https://source.android.com/devices/architecture/kernel/modul...

Device tree is mandatory and vendors are encouraged to upstream the code. It sounds like Google has an eventual goal of building a single kernel that can boot on most devices which is a great thing for everyone.

MattSteelblade 1 hour ago 6 replies      
Describing Linux as "horrendously difficult to use" is disingenuous at best. There are so many different variations between distros and what people mean when they say "Linux" that to categorize them all in this tone is hardly professional. I'm not familiar with betanews.com, but it does claim to be a tech site.
TazeTSchnitzel 1 hour ago 1 reply      
AIUI, the situation until now has been that essentially, every Android device released has its own fork of Android. Which is absurd, and explains why the Android security update situation is such a mess. Glad Google are trying to fix this.
fithisux 54 minutes ago 1 reply      
The only kernel requirement that they should mandate is that the kernel should remain blob free. Checkout/build/boot.
coretx 1 hour ago 0 replies      
Why and what kernel requirements does Treble have ? What's wrong with kexec or similar non proprietary solutions ? I'm not a kernel hacker but human enough to turn suspicious when something receives nothing but good news. Can anyone please shed some light ?
bitwize 1 hour ago 0 replies      
Looks like they want to have certain security features enabled so Android can maybe catch up to where iOS was a year ago.
Pliny the Elder May Have Been Found 2,000 Years Later haaretz.com
144 points by Cozumel  14 hours ago   27 comments top 9
bambax 8 hours ago 0 replies      
I visited Pompei just last week! What an amazing place.

Most of the paintings and mosaics and other findings have been removed from the houses and are in a museum in Naples, but still, it's extraordinary.

There had been a big earthquake in 62 AD that had shaken the whole region, and Pompei was still under active reconstruction in 79 AD when the eruption buried it.

(It is said that during the 62 earthquake, Nero was singing in Naples in front of 5000 people he had forced to come listen to him, and that when the earth trembled he explained it was because it was touched by his singing. Spectators were not allowed to leave the theater until he finished. The theater is no more, but the houses later built on top of it clearly follow its path https://goo.gl/maps/AsMRjEm9sj82).

In Pompei there were small houses, big houses (some over 3000 sq. m. with an entrance in the town, and a terrasse with a view of the sea); there was, at Herculanum, a nearby town, a huge villa (Villa of the Papyri: https://en.wikipedia.org/wiki/Villa_of_the_Papyri) overlooking the bay of Naples.

None of that mattered. The eruption destroyed everything.

PaulRobinson 3 hours ago 4 replies      
This article is now basically an excuse for a ton of pop-overs and pop-unders that make the site unusable. It seems that the publisher has decided to maximise their revenue from the HN hug.


seibelj 9 hours ago 1 reply      
They need $10,000 to do the test and are looking for donors. C'mon one of you HN tech millionaires - pick up the phone and cut them a check.
santaclaus 8 hours ago 2 replies      
I can't be the only one who immediately thought what, they had IPAs 2000 years ago?
SubiculumCode 33 minutes ago 1 reply      
I admit that I thought this was about beer. A very very fine beer that I have not yet had the pleasure of enjoying. Pliny the Younger is still quite a nice beer that I've had on multiple occasions from the tap, and is generally more available if you are at the right establishment on the right night.
eponeponepon 8 hours ago 1 reply      
I was under the impression his body was recovered a couple of days after the eruption - have I got that wrong?
megafounder 5 hours ago 0 replies      
Link to donate? Can't find it
zinckiwi 2 hours ago 0 replies      
Alan Davies will be thrilled.
eecc 5 hours ago 0 replies      
Pathetic that the Italian State cannot cough up 10k to get to the bottom of this. 10k is less than the monthly benefit of an Italian member of Parliament...

What a failed state, what a shame on us!

HSBC is killing my business, piece by piece medium.com
304 points by larsiusprime  1 hour ago   93 comments top 30
woodylondon 1 hour ago 2 replies      
I think this is a huge problem and one that is going to continue and get worse. How is it the banks were the ones at fault, but the customers are paying for it. They just hide behind AML / Knowing your customer and say talk to your MP.

I was locked out of internet banking for my business account with Lloyds for over 3 months due to a technical fault in the way it was setup. Was paid compensation in the end, but already had moved to another bank. They could not have cared less.

Some people will say no smoke without fire, but if you read on moneysavingexpert about people being locked out of their personal accounts for the same reason. Any transfer that is slightly different from your day to day will be flagged and risk having your account locked for weeks / months on end.

It happens more than we realise. A bit like winning the lottery, it could be you :(

The further we go down the road of electronic payments, and a cashless society it could get really messy.

The only way to solve in the short term is to spread the risk across many banks, and never keep your money in one place. Keep hold of some cash!

bradleyankrom 1 hour ago 5 replies      
> Dont bank with HSBC.

After having similarly-frustrating things happen with my HSBC personal accounts over the years, I fully support this suggestion. They are awful. They take extreme steps (suspending accounts, rejecting payments, etc.) without contacting the customer; when you reach out to them, it's hours of being passed around before you reach the right person. If you reach a person at all.

butler14 13 minutes ago 0 replies      
I think the chap has been incredibly calm about the whole thing. I'd be in my local branch every day refusing to leave until they take the necessary steps to re-open the account.

This really struck a nerve with me, as I've had similarly infuriating experiences with Natwest (though never to the point of my account being suspended).

Passed from one team to another -- and even witnessing colleagues from different teams argue with each other, not realising that I wasn't properly on mute... I wish I had it recorded.

Opening and administrating a simple small business bank account has been the single most unnecessarily difficult and frustrating thing about starting my own business.

It's why I'm so passionate about someone FINALLY disrupting the circle jerk of the mainstream banking industry and the organisational, bureaucratic and regulatory clusterfuck that it has become.

jacquesm 1 hour ago 2 replies      
So, immediately get on the horn with your lawyer and have your lawyer on his letterhead send them a letter and if the response is not to your liking sue the bastards.

In the meantime set up another account with another bank and make sure all invoices that are pending but not yet paid are paid into that account and not into the HSBC account.

Then shift over all the monthly payments to the new account as funds appear.

zwetan 1 minute ago 0 replies      
> The only way to solve in the short term is to spread the risk across many banks, and never keep your money in one place.

not only banks, you also have paypal, prepaid cards, etc.

and not only "short term"

eg. always avoid the "single point of failure"

the real infuriating part here is that those problems occur on a business account (not a personal account), if you pay extra for business you should get extra/faster service/resolution.

weirdstuff 1 hour ago 0 replies      
Reminds me of "Operation Chokepoint" where the U.S. federal government was able to persuade (not force) banks to cut off firearms dealers from their accounts in an effort to affect "unsavory businesses".

Another reason why I want to avoid a cashless society, at least in the way we're heading right now. Scary how quickly banks will cave in to pressure from the feds before any legal process even begins (if ever).


Spearchucker 1 hour ago 0 replies      
I second not dealing with HSBC. They've been fined as mentioned in the article. They've also lost enormous amounts of data through mismanagement and to hackers, so have gone to the other extreme of "safeguarding" their data.

I put safeguarding in quotes because a couple years ago I was responsible for the technical aspects of the acquisition of a small fin. book from HSBC. They did a lot of absolute dictation of governance hurdles which they "enforced" - again the quotes, because they came to our offices and nodded wisely when I rattled through our list of safeguards. But very clearly didn't understand a thing about the controls we said we were using. They also didn't ask for any evidence of the controls. That really surprised me, after all the noise they'd made leading up to that meeting.

I don't rate them technically at all, so have to wonder what their business capability is like...

maxehmookau 54 minutes ago 2 replies      
UK banks are ridiculous and they're hastening their own demise to challenger banks with attitudes likes this.My bank (Barclays) suspended my account and blocked my cards after attempting to make a large payment.

It was 2000 to the Student Loans Company.My account was a graduate account.

All of the clever machine learning anti-fraud algorithms in the world couldn't figure that one out.

Go figure.

rwmj 1 hour ago 1 reply      
I would say (a) open a bank account with someone else and (b) contact someone from the BBC (eg https://ssl.bbc.co.uk/programmes/b006qjnv/contact) and make a noise.
forcer 1 hour ago 0 replies      
The story is very similar to what we experienced with HSBC exactly year ago. Its wrong on so many levels, in our case they sent us money via cheque so we got access to it in about 2 months. There is no point discussing anything with them, you are a small fish and have a business to run, not suing a bank or losing your focus on your main business.

Since HSBC kicked us out we have multiple banks and if things go wrong we just move to another one.

richardknop 19 minutes ago 0 replies      
What a horror story. I also have a business bank account in UK and after reading this article I immediately went and paid myself a hefty dividend just in case something like this happened. I will try to keep balance in the business bank account low, just enough to pay corporation tax, VAT and salary.
atemerev 32 minutes ago 0 replies      
Ironically, I know use Bitcoin and Bitcoin-linked debit cards to pay for Github, Amazon and the rest. Much easier than having all these calls from banks, and for less than 2000 /month, KYC is very relaxed.
koolba 1 hour ago 1 reply      
> Then Apple failed. This was a strange oneit appears you actually need a valid payment card associated with your Apple account or you cannot download free apps or update existing ones. Every time you try it just asks you to re-enter payment details. Not a show-stopper, but frustrating all the same.

Not true. They have a lot of dark patterns to make you think that but you don't actually need a payment account associated with your Apple ID. It's possible they've changed this since the last time I tried doing setting one up but you may need to go through the desktop interface rather than doing it directly on a iOS device.

edshiro 40 minutes ago 0 replies      
This sucks. I've recently started contracting in the UK and opened a business bank account with HSBC. I was initially tempted by Tide (https://www.tide.co/), a new entrant with an attractive business banking product, but unfortunately they are not covered by the Financial Services Compensation Scheme, so I thought twice...Maybe I should still open an account with them just in case... Wonder if anyone here has tried Tide here?
matheweis 1 hour ago 3 replies      
When people tell me they don't "get" Bitcoin, this is exactly the sort of thing I have been looking for to try to explain it. Yes, it has problems and is still maturing, but no one can inexplicably just off your bank account like this.
webbrahmin 1 hour ago 0 replies      
I am from India. A startup I was part of also had a bad experience with the bank. I can't go into the details but the bottom line is that the bank branch where we had our account was absolutely uncooperative. The problem was resolved after many days of mail writing, talking to phone banking and running after the branch people.
tweedledee 54 minutes ago 1 reply      
This is an intentional strategy to increase the 'cost of regulation' so they can lobby against it and go back to accepting shoeboxes of cash through deposit windows.
ig1 37 minutes ago 0 replies      
You'll get the same treatment with the anti-fraud/kyc team at any bank. It's standard procedure to not disclose reasoning because it essentially helps fraudsters/criminals avoid checks.

There can also be legal restrictions on what they can tell you. For example if they think you're committing money laundering it can be a criminal offence ("tipping off") for them to tell you that why they're investigating you.

It might also not even be directly about your business, if for example one of your counter-parties (customer/supplier) is subject to criminal investigation it could result in you getting flagged up as a related party.

It sucks when it happens but unfortunately it's a reality at every bank.

namelost 1 hour ago 2 replies      
Presumably HSBC objects to a for-profit business running a patreon & donations. I can see how from a bank's perspective that could look like something illegal is going on.
javiramos 36 minutes ago 3 replies      
Does the UK have the equivalent of credit unions? I moved to a credit union about 5 years ago and it turned out to be a great decision (if you have simple banking needs). I know all the tellers at my local branch and if I have a serious issue, I can just talk directly to the CEO.
neom 56 minutes ago 0 replies      
HSBC has been an awful bank. My biggest startup regret.
benmmurphy 43 minutes ago 0 replies      
this is the problem with these regulations. i think know your customer is a good idea and the banks should be collecting this information but they shouldn't be responsible for making the decision. this should be a legal process run by the state.

what you are seeing is what happens when due process is bypassed. if every bank follows the rules in a similar way and there is a good chance they do because they are acting in a way that is mandated by law then you can be effectively locked out of the banking system. you are being punished even though you have not been convicted of any crime by a court of law.

i don't know what the solution is because the current implementation is quite efficient. but it does mean more innocent people are going to get burned.

_Codemonkeyism 46 minutes ago 0 replies      
Hear, hear

"PayPal, thank you. Your support was fantastic. I only wish HSBC were more like you."

erikb 46 minutes ago 0 replies      
If you interact with such a bigger company than your own it is normal that things can take 6-12 months. It's a good opportunity to harden your business against it. Nobody likes to do that, but if you want to survive you have to.
ajmurmann 52 minutes ago 0 replies      
More hidden cost from the war on drugs. What does it take to finally try to find another solution or arrangement?! I guess value voters in the US will never give up on this and we will live with this silly bootleggers and Baptists problem forever...
jlebrech 1 hour ago 2 replies      
don't bank with someone who's been caught money laundering, as they'll treat all their customers like criminals.
Arathorn 57 minutes ago 1 reply      
Does anyone have a datapoint on whether Barclays ever misbehaves like this for small business banking accounts?
golemotron 37 minutes ago 0 replies      
The horrible thing is that if you do maintain several business accounts and aren't careful about how you handle transfers between them you could be accused of structuring.
scandox 31 minutes ago 1 reply      
> Then Apple failed. This was a strange oneit appears you actually need a valid payment card associated with your Apple account or you cannot download free apps or update existing ones.

I've always found this to be an issue that makes using a MAC a non-starter for me. I observed when I first got one (cast off) and it really puts me off.

lushn 1 hour ago 6 replies      
I'm not entirely clear why the author felt it was a productive use of his time to write several thousand words on this. HSBC aren't likely to be swayed by such an article. They've been fined billions, they're probably not worried about being "called out".

First of all:

Why are you depending on only one bank account to run your business? It's very easy to set up two or more business bank accounts and use them both. Just like you have back-ups for your data (right?), it makes a lot of sense to also have financial back-ups for your business.

Same with the debit/credit card - is that all you've got for business payments? Why don't you have more than one card? Why don't you move things over to a personal card while you open a second business card?

It's too late for that now as the author didn't set that all up ahead of time, but instead of complaining on the internet, why don't they start moving things ASAP. I've found Santander incredibly easy to get up and running with (same day almost), compared to Barclays...etc.

Look, you're running a business, and your job running a business is to keep it running. If you haven't thought ahead to such possible events, you're doing your business a disservice.

So my advice - call Santander, start switching things over, stop broadcasting things online, and focus on keeping your business running. You can always do a recap later once things have died down.

And I agree, HSBC are a complete PITA. It's far too much trouble even getting a personal account with them, so a business account would be far more effort than I would be looking for.

Even Barclays wanted an in-person meeting (even though I've banked with them for decades) to open a business bank account. And the only date they had available was a month in the future. Yup, I cancelled that appointment.

So, build redundancy into your business. At the very least a second bank account. It's easy, but as you can see, so very important. Just IMHO.

Scaling Your Org with Microservices [slides] bridgetkromhout.com
35 points by kiyanwang  9 hours ago   27 comments top 4
staticelf 3 hours ago 8 replies      
I have yet to see a good technical implementation of microservices. It always seem to get messy, inefficient and hard to organize.

Everything seems so hard. To follow and debug requests for example. How do you do that in a good way? Running a local microservice application is another.

Maybe microservices is good for very large corporations, but even then I am not really convinced since it seems easier just to learn one bigger codebase that is structured well rather than digging in to many different ones that may be writter in different languages etc.

The hype is so big and the benefits are very unclear. At least to me it seems like there are only negative aspects of doing microservices.

joaodlf 1 hour ago 1 reply      
If anything is trendier than microservices, that is bashing microservices.

Before this comment pool spirals into that, I'll just leave this: It all depends on your project.

Did you have a bad time with microservices? Maybe the implementation was wrong. Maybe the project doesn't fit the model. Heck, maybe the project would STILL be screwed under a monolithic approach. There are so many variables to what classifies a success/failure in the microservice world (like most other things in software development, actually).

What's important is to not have a polarising opinion: "microservices suck", "microservices should be used for everything". Analyse your requirements. Imagine your professional project a few years down the line. Educate yourself on the subject (there are books on the subject!). Make. Sure. It. Fits.

I've personally had successes and losses with microservices, just like I had successes and losses with other architectural styles.

aaimnr 5 hours ago 0 replies      
From TFA: "I don't think anyone should approach management as a thing they move in to permanently. It's psychologically disfiguring."

Such a great quote. The longer I only do management-only work, the more anxiety creeps in silently about not being able to do these things on my own, not being competent enough, being a fake etc. The moment I decide to solve some problem for myself all is cool again - and I'm more trustworthy for the team as well. The problem is that such an approach tends to create conflict of interest - as a manager you shouldn't interfere too much and allow the team to solve the problems.Maybe the notion of manager is a problem in itself. It's a tempting perspective, but as far as I remember Google thought so as well and at some point they had to step back and reintroduce classic managers again ( https://hbr.org/2013/12/how-google-sold-its-engineers-on-man... ).

flavio81 46 minutes ago 0 replies      
Scaling your org with <hyped architecture>!!

From all the recent trends that software juniors take as gospel (cargo cult programming), i think both Microservices and the use of MongoDB for relational data are the most damaging to a project.

Ask HN: What's the worst Oracle can do to OpenJDK?
127 points by yaanoncoward  8 hours ago   55 comments top 19
danarmak 1 hour ago 2 replies      
Oracle controls the "Java" trademark. They can prevent OpenJDK (and any other implementations) from being able to call future major versions Java (or indeed JVM/JRE/JDK), simply by not publishing or not licensing future versions of the TCK. (Licensing terms for the Java trademark require an implementation to pass the TCK to be able to call itself Java.)

Just removing the word Java from the OpenJDK sources and documentation would be a huge endeavor. All the standard tools ("java", "javac" etc) would have to be renamed. It might also require completely breaking backward compatibility, because APIs are now copyrighted and the Java standard library packages are named java.* (and probably there are class and method names mentioning "java" too).

ETA: even ignoring copyrights on API, the trademark itself might stop you from publishing the not-Java standard library under the package java.*.

ETA #2: other commenters say it's allowed to use a trademarked word as long as it's necessary for compatibility. But it's not allowed to actually say you're compatible. Apparently. I don't claim to understand this, but law is not require to make sense, so this could be true.

jerven 5 hours ago 0 replies      
The worst Oracle can do is to stop investing resources in improving it. There are wide range of other sources that you can get a JVM from. Ranging from big IBM, to smaller players like Azul (zing or zulu), RedHat, Excelsior, JamaicaVM from aicas and many more... Who would all be happy to take your money and the mindshare away from Oracle.

OracleJDK might be the no brainer install today for servers. But given any drop in commitment the community is large enough to continue by itself. It will slow down because Oracle puts a lot of money in JVM development so that would be a pity...

Oracle likes to use its lawyers, but only if they can actually win money. If someone can imagine how Oracle could make money out of stopping OpenJDK then I would be worried but I just don't see it. I sooner see them sueing Intel for using some patented trick in ICC to make their SpecCPU results look worse than not continuing to support OpenJDK as they have done today.

Their model is support JVM's for cash. Improve it internally ahead of the curve for making Oracle Cloud better than the other clouds and just get a foot in the door in Marketing materials and good will.

In any case the Java community is so deep and all encompassing that one does not see the giant jungle anymore.The hardcore VM community is much larger than those of Python, Bash or Ruby. With only JavaScript coming close in VM developer head count.

talkingtab 2 hours ago 1 reply      
Imagine Oracle's current business model goes downhill. Imagine Oracle has plenty of money remaining and asks "How can we monetize Java?" They will not ask Hacker News, they will spend potentially millions of dollars asking lawyers.

Given Oracle's past behavior with respect to Java, their general competitive model and their financial resources the answer is "Worse than you you or HN can imagine".

If you already have a significant investment in using OpenJDK, you may not have a choice, but otherwise there are other good technologies and you should avoid any JVM, JDK and other Java/JVM based technologies or languages. IMHO.

stonemetal 27 minutes ago 0 replies      
Probably the worst I can think of is taking the Google Android playbook open with closed extensions then deprecate the open. You already see this a little bit with things like JavaFx in the Oracle distribution but not the OpenJDK. Sure you can build it yourself, but how long till we see extensions that are in the Oracle distribution that can't be built for the OpenJDK? Eventually it looks like Android where what is open and what people actually use are two different things.
bitcharmer 5 hours ago 0 replies      
I don't think they can do much to harm OpenJDK as it's GPL and developed by various parties and individuals.

What they definitely can do is start charging for Hotspot which would have a disruptive effect on the whole ecosystem. From my experience around 9 i 10 shops use Hotspot before any other JVM implementation.

They may also withdraw access to the TCK which would render alternative JVMs not suitable for organizations that heavily rely on standards and have strict policies in that respect.

Should this happen, I am absolutely positive companies like Azul, IBM or RedHat will step in and build a new (friendlier) open Java platform based on OpenJDK. Heck, maybe that would even mean resurrecting Apache Harmony.

I wouldn't be too much concerned about that in genereal. Oracle does not have absolute control over Java.

tzs 1 hour ago 1 reply      
> I understand that OpenJDK is GPLed with class path exception, but is that enough?

GPL v2 does not say that it is irrevocable. Oracle could throw a huge monkey wrench into OpenJDK by announcing that they are revoking the current license on all of the code in OpenJKD that they own and either no longer licensing it or licensing it on terms incompatible with the current license, and start suing people who continue using it as if it is still under GPL.

This would put us into legally uncertain territory.

Generally, non-exclusive copyright licenses that do not specify a definite duration and do not say they are revocable are revocable at will. They may be irrevocable if supported by consideration.

The key question here would be whether defendants can find an argument that there was consideration (unlikely) or a substitute for consideration (much more likely).

Another approach Oracle could take is not to try to revoke the license, but rather simply announce that they are no longer issuing new licenses. People who have OpenJDK licenses now can keep on using it, but anyone who comes to Oracle for a new license is told no.

Unfortunately, GPL v2 explicitly says that you cannot sublicense and when a licensee distributes copies their recipients do not receive their licenses from the distributor but rather from the original licensor.

If Oracle succeeded with this approach the consequences would be murky. Existing licensees would probably be able to continue distributing copies and derivative works, and their recipients would be able to use them, but those recipients might not be able to further distribute copies.

For those drafting future open source licenses who want to keep these things from happening with software under your license: (1) explicitly say in the license that it is irrevocable, and (2) explicitly say that licensees can sublicense under the same terms.

Of the major free/open source licenses, the only one I know offhand that does this right is Apache.

mike_hearn 5 hours ago 0 replies      
Oracle uses Java in its own products extensively: in fact the Oracle DB has the JVM integrated into it as a component, so they need Java to develop regardless of the details of how they do it.

Oracle can't really sabotage OpenJDK specifically. What they could do is take all development back in house. Oracle is the main contributor to OpenJDK so that'd effectively make future versions of Java closed source. However they aren't the only contributor by any means and presumably doing that would lead to a fork of the project. Red Hat contributes quite significantly already (ports, an entirely new GC engine) and I guess they'd become a rallying point. Probably a lot of Java engineers would quit and go join companies supporting OpenJDK. It'd cause a lot of disruption.

However, are they going to do that? Well, probably not. They've owned Java for years. In that time they've increased funding significantly and open sourced large new components that were not open sourced when they bought Sun. They've also sorted out Sun's management issues with the result that the project started moving again.

There's a lot of Oracle hate around due to their aggressive sales tactics and the Google lawsuit. But if you restrict your view to just the technical side of Java, they've not done a bad job. They got the project back on track, open sourced a lot of new code, they've got a solid long term technical roadmap with experienced engineers doing very professional work entirely out in the open. The design process isn't just open, it's done through the community process, so other firms have their say (see the recent Jigsaw hooha for an example). You can go take part in the design process of major new changes. Oracle's proprietary bits on top of OpenJDK are really pretty thin, I'd be surprised if they make much money from that.

Ultimately the question is, can you have something like Java without being worried about the owners? I think the answer is no. If you look at the alternative companies that might have bought Sun and continued funding Java, there'd have been maybe IBM, maybe Google, maybe Red Hat but probably not. Red Hat would have been the best but are they big and rich enough to have boosted funding to the level Oracle has? Even if Google had acquired Java, well Google has a shit ton of languages and frameworks all competing for internal attention. Whilst Google has a lot of code written in Java, it's not clear to me that Java would have won out for funding and executive attention in the battle of internal politics against Go, Dart, whatever. And of course there are lots of people who are worried about Google and the direction it's taking as well.

snarfy 5 hours ago 2 replies      
If it ever did happen the whole industry would immediately develop a migration strategy. I wouldn't worry about it.

Are you so sure your project will be successful? The odds are much higher that your project will not be successful and so the choice of technology doesn't really matter. If it is massively successful, you'll have the resources to work around any shenanigans. You could even do the unthinkable and buy a license.

wolco 2 hours ago 0 replies      
If those are your concerns get back to your project and get it finished. These issues shouldn't affect you
exabrial 1 hour ago 1 reply      
Correct me if I'm wrong, but I don't believe Oracle fired anyone related to openjdk... they fired some people related to Solaris.
awinder 58 minutes ago 0 replies      
Not to retread on what you laid out but, why is java the one true choice for all of this projects code? If this project is just not that massive Id say that it shouldnt make much difference. But youve kinda specified a larger problem which is vendor lock in. Id spend a little time thinking about what locks you in to that ecosystem. At least to have it on your radar, but that might inform design a bit if youre really worried.
gaius 2 hours ago 1 reply      
The worst thing they can do is keep on maintaining it so people still have to use it.
0x0 4 hours ago 1 reply      
Well, they already have the "-XX:+UnlockCommercialFeatures" command line switch which apparently costs money to use. They might move more stuff behind that flag?
bigleagueposter 6 hours ago 1 reply      
Wouldn't they shoot themselves in the foot by sabotaging the JVM? They seem to be taking a serious push at taking over the dynamic language space atm?
kol 1 hour ago 0 replies      
Is OpenJDK Linux only? What is the legal background of the Windows and Mac version of the JDK?
twelve40 5 hours ago 1 reply      
I apologize for not answering your immediate question (I think it might be quite difficult to predict what dirty legal tricks someone "might" pull in some uncertain future), but is your project really all that dependent specifically on OpenJDK? Or (if not) are you concerned that there might be some event in the future that will make running your code on any JVM (OpenJDK, IBM JVM, Oracle JVM, etc) impossible?
romanovcode 5 hours ago 1 reply      
The worst thing Oracle can do to OpenJDK is kill it completely like Microsoft killed Mono by open-sourcing .NET coreclr and C#.
atemerev 5 hours ago 2 replies      
They can abandon OpenJDK and stop contributing any further updates to it, focusing on closed-source Oracle JDK. This will be enough to kill the project. This is exactly what has happened with OpenSolaris.

And, of course, Google or IBM can't take the flag and continue working on OpenJDK on their own, because patents.

agumonkey 5 hours ago 1 reply      
If Java goes its spot will be filled in less time than it takes to think about it. The JVM used ideas from Self, and other "old" languages, its designers are still working on things, there are other people with knowledge and ideas, I'd bet a few dollars that the Steele pack could come up with a leaner and meaner VM right away.
The Sucker, the Sucker: On the octopus lrb.co.uk
5 points by benbreen  3 hours ago   1 comment top
Pica_soO 37 minutes ago 0 replies      
Do young octopuses play ? How long does childhood last?Do they die after mating?
Learning Python Without Library Overload chrisconlan.com
107 points by happy-go-lucky  14 hours ago   55 comments top 15
bsmithers 7 hours ago 0 replies      
I see quite a few people disagreeing with the author but I think there's a key difference between:

a.) Learning python when you are also a beginner to programming

b.) Learning python when you're comfortable in another language

If, like the student in the story, you are in category a.) then I think the author is definitely right. The distractions of myriad libraries isn't helpful.

However, for category b.) it depends a lot more. I think there is value in understanding the core of a language but - depending on experience, familiarity with similar languages, end goal etc - I think we're talking between a few hours and a first sketch at a project before you're hindering yourself by ignoring the rest of the ecosystem.

ameliaquining 12 hours ago 0 replies      
I notice that the article says not to use urllib, but doesn't say what to use instead if you need an HTTP client. The correct answer, of course, is requests...which isn't in the standard library. So there's a tradeoff between a good API that you have to figure out how to install, and a lousy API that's universally available. (This tradeoff isn't as bad as it once wasthe Python package management experience has improved a whole lot over the past decadebut getting packages installed is still a barrier for new users, especially on Windows.) It's not just a matter of saying "use the stdlib"; the stdlib is imperfect and its flaws are not limited to the concerns of power users.

Also, it's worth separating the issue "this library has an overcomplicated API surface" from the issue "this library uses Python magic in ways that make its semantics different from the default expectations for a Python API". For instance, there's nothing remotely magical about urllib; it's just unwieldy to use. Most of the other listed packages, like pandas, have the opposite problem.

the_duke 12 hours ago 3 replies      
While I understand the argument, I also have a big counter-point to offer.

Python is one of the top beginner languages for people new to programming, and rightfully so.

But beginners often want to build something "cool" and tangible, and need that to stay engaged.

Printing out the first 100 prime numbers after implementing a sieve of eratosthenes or a command line calculator do not fall into this category for most.

Building a website or a GUI application is way more exciting, and you need libraries for those.

nlawalker 12 hours ago 3 replies      
As I read this, I originally disagreed with the author - for me the challenge of a new language is not the language itself but becoming familiar with the libraries that everyone uses and understanding how to get things done with them - but then I saw this:

>> packages that alter its syntax and behavior

Is this kind of thing common with Python? I'm used to C#, where libraries are just libraries. Sure, you still have to learn your way around them, but they don't change the language out from under you. Even in big frameworks that completely dictate the overarching organization of your code, it's still C# you're writing.

iammyIP 5 hours ago 3 replies      
Python itself is already too much abstraction.Everyone interested in programming should learn the basics all the other stuff is built out of:

Hardware, binary, assembly, C

That doesn't mean to get full on embedded hacking, it means to get some basic grasp of how C maps to the hardware.

Then it doesn't matter how to continue learning, everyone individually has to find out what kind of further abstraction suits best.

Too much programming is taught from the top abstraction layer just to make awful soft more quickly.

lucideer 7 hours ago 0 replies      
A lot of people here are disagreeing on the basis that new language learners want to make something cool quickly. I agree, I've certainly taken the path of trying to teach fundamentals to people who very quickly lose interest.

However, while absolute beginners do need a hook, there's a transition phase that isn't filled: it comes between being able to copy paste SO answers together effectively enough to build a functional product, and actually understanding how that application works.

Coming from a JS background, I'd say a close equivalent in the past was frontend devs (gainfully employed as such) who didn't know any javascript; they just knew jQuery. I'm not sure how that's changed today, but I'm guessing the node package ecosystem breeds similar results.

I'm no beginner when it comes to programming, but my exposure to Python has been relatively limited up until recently, and as I'm now quite suddenly running some django installs, and trying to work backwards from learning django initially to properly grokking actual python, these are the kind of dedicated resources I can see being of value.

u801e 12 hours ago 1 reply      
I'm not sure if it was just me, but the contrast of the article text was so low that it was pretty difficult to read.
reacweb 6 hours ago 0 replies      
I wanted to learn python by myself, a few years ago, it was not easy (difficult to justify to use it at work when you know perl enough to do the job in 1/10th of the time). To keep motivation, I have followed https://www.coursera.org/learn/interactive-python-1. IMHO, it is very good for beginners. It avoids the library problem and allows to have funny results.
ManlyBread 2 hours ago 0 replies      
The color of the text in this article makes it really hard to read, light gray on a white background is not a great idea.
SeanDav 4 hours ago 0 replies      
I like the list of potential projects to attempt, in order to learn a language. I would add a Battleships program to that list as I find that provides an interesting challenge to learn to program without being too complex in terms of data structures/algorithms.
systems 12 hours ago 0 replies      
one of the better advice i read on this topic

is to focus on creating something (in this case) using python, rather on learning python, and then find something to do with what you learned

another personal point for me, was the focus of learning on the logical modeling for a programming and treating the physical modeling as an after thought

most book and tutorial focus on creating functions, classes and module (programming in the small), but spend a lot less time teaching how to group those in file and how to compile, package, distribute and deploy the program (programming in the large)

for those reasons i have to disagree with this article, since it seems to promote learning by focusing on programming in the small

BerislavLopac 6 hours ago 0 replies      
IMO, the Empire of Code is one of the best, and definitely the most fun, way to learn Python: https://empireofcode.com/
maweki 12 hours ago 0 replies      
The author suggests that while learning python one should stick to using the standard library instead of using additional libraries that sometimes come with archaic baggage or domain specific constructs that hinder learning.

I think the author could have done with calling the standard library by name instead of just calling out specific packages. And of course missing are functools and itertools and collections which I find essential in writing concise and pythonic code. Instead they single out json and csv which are special purpose

_pmf_ 6 hours ago 0 replies      
Python is one of the languages that are heavily used by people who do not want to do software development, but want to get stuff done. It's patronizing intellectual pedantry to tell those people to actually learn programming when they can just use the few numpy commands required for their immediate work. Sure, give a man a fish etc.; but sometimes, people just want the fish already and don't want to mine the ore required for building a fishing rod from scratch.
nether 12 hours ago 1 reply      
All of the modules he suggests avoiding are the ones that make up the standard data science tech stack. So, IOW, learn Python before doing data science. Your usual beginner Python tuts don't mention Pandas or matplotlib, so this seems like a non-issue.
The Economics of Garbage Collection (2011) [pdf] gla.ac.uk
60 points by kuwze  13 hours ago   2 comments top 2
abecedarius 10 hours ago 0 replies      
This would make a good addition to the related-work section: http://e-drexler.com/d/09/00/AgoricsPapers/agoricpapers/ie/i... from 1988.
userbinator 9 hours ago 0 replies      
Spyware Dolls and Intel's VPro danielpocock.com
36 points by robin_reala  9 hours ago   7 comments top 3
acoye 0 minutes ago 0 replies      
I guess ARM is safe for now Is it not?
madez 2 hours ago 1 reply      
I hope for european authorities to force Intel and AMD to offer chips without ME and consorts and providing guaranteed complete documentation and control to the users. Food is regularly sampled and controlled. I think the same for electronics is necessary. EU, why do you sleep?

1. Is there a justification for it?Yes, Intel and AMD have together a monopoly for fundamental parts of consumer and business computers. They do not leave the choice to avoid ME and equivalents. The products are fundamental and the functionality can be provenly malicious. That allows anti-trust measures.

1.1 But aren't OpenPOWER, RISC-V, ARM, ..., alternatives?No, because the products either don't exist, are not suitable for the needs, or have similar issues with lack of documentation and guaranteed control for users. Please correct me if I'm wrong. I expect hardware level reverse engineering to check for backdoors.

2. Can authorities force them to change their offering?Not directly, but they can do it indirectly and effectively by forbidding selling their products without change. Or by charging them huge fees for every CPU sold while not offering an alternative.

2.1 Can the authorities check the hardware? Yes, but it is time-consuming and needs experts. Since it could be done for the whole of Europe, the load can be shared. Food controls also need experts, are time-intensive and don't work perfectly. Still, it is working generally good.

3. Is this likely to happen?The authority needs to be willing to face huge and important companies and be able to withstand political pressure. German authorities are hopelessly incompetent when it comes to digitalization and computers. Maybe EU's organisations wake up. They have shown to be willing to face huge corporations and speak clear and understandable words with them.

reacweb 2 hours ago 1 reply      
If an Intel employee go broke and sell privates cryptography keys and IME documentation to a hackers group, how many computer have to be replaced in the world ? Security by obscurity has never worked in long term.
China's Central Bank Bans ICOs techcrunch.com
258 points by hgdsraj  7 hours ago   263 comments top 31
rothbardrand 4 hours ago 13 replies      
Why don't rich people need protection? Here's the answer: this is their protection. It reduces their competition.

Seriously, these securities rules keep people like me from investing in AirBnB and Uber (two that I caught very early and wanted into)... but we can all go to Vegas and lose $100k in a single weekend. But putting $10k into Uber's seed round is somehow a crime I need to be protected from? Truth of the matter is this is the essence of capitalism-- it is my right to invest in Uber's seed round and Uber's right to have me as an investor (if they consent), whether I am "accredited" or not. This is basic "Freedom of association" which underpins everything from gay marriage to the right to refuse service to barefoot people.

Also, of course, I've lost my own $10k on more than one occasions starting companies. (And I've made much more as well.) Why do I need protection from myself? Especially when the terms of that protection are written by people who don't know what SHA256 is.

No, these regulations mainly keep the middle class and the not-quite-wealthy-enough from investing in the highest upside opportunities. I know it's better to put $10k into 10 different seed rounds than $100k into one seed round. I don't need to be accredited to know that.

And I've certainly lost a lot more than that (and made even more) in the stock market using complicated options strategies involving multiple legs and expirations-- I'm the very definition of a sophisticated investor....

.... but I can't be trusted to give a startup $10k?

This is what regulation tends to do, which people don't seem to get -- it raises the bar keeping the little guy out.

Once again, the rich get richer and the poor and middle class have less opportunity.

PS-- To those responding: Yes, I have heard "but what about the grandmas? won't anyone think of the grandmas???" before. I'm acutely aware of the history of this type of regulation in the USA. Ultimately this stuff keeps grandmas poor.

You should all read G. Edward Griffens "The Creature from Jekyll Island". It's a history book about money, but it's not in the least dry.

Government always has an excuse, usually a claim to be helping or protecting people, when it violates our rights.

Keeping me out of Uber's seed round is a violation of my rights.

richardknop 6 hours ago 2 replies      
Does this spell trouble for Ethereum? Without ICOs (one of it's major features if not the most important one) what else will drive the price speculation?

I believe prices are inflated because of ICOs. People are buying tokens counting on ICO hype to increase their value so they can flip their initial invested principal with 2x/3x/4x return.

Without ICOs this speculative technique will not be possible so we will see how many people are actually interested in buying these worthless tokens because they believe in their "features", rather than speculate on their price.

I wonder though if the speculation will just move from China to other countries though and the bubble will continue until there is more action by regulators around the world against this.

ig1 6 hours ago 1 reply      
It's important to note that ICOs are a mechanism rather than a financial instrument and it's the nature of the underlying financial instrument that generally influences the legality.

For example if it's used as pre-sale (i.e. currency that will be used in product for a future product) then that's likely legal in most places, if it's used as a proxy for equity then it's likely illegal in most countries (most countries prohibit unregulated share offerings to non-sophisticated consumers).

Although in some cases ICOs might get considered as gambling if the purpose is primarily considered to be for speculation rather than whatever the underlying product is.

jcrei 7 hours ago 1 reply      
meanwhile in Estonia... they are considering issuing their very own ICO https://thenextweb.com/eu/2017/08/23/estonia-could-be-the-fi...
billpg 7 hours ago 1 reply      
Yes! We should use PNG files for icons rather than Microsoft's proprietary format.


nickserv 6 hours ago 3 replies      
Had to dig around 3 sites before finding a definition for ICO:

ICO (Initial Crypto-Token Offering) refers to financing through the issuance of encrypted tokens (Crypto-Token).

richardknop 6 hours ago 6 replies      
Finally somebody in position of power stepped in to stop this mad online casino. I was not expecting this sensible move from China, was hoping EU or US would lead the way on regulating this crypto fraud. I hope Fed/ECB follow the Chinese Central Bank and ban ICOs too and start regulating crypto and enforcing some basic rules.
Tepix 5 hours ago 1 reply      
Is this truly a ban on all ICOs, i.e. the technology? Is there a decent translation of the report at http://www.pbc.gov.cn/goutongjiaoliu/113456/113469/3374222/ ?

I don't see why projects such as "useless etherum token" https://uetoken.com/ should be banned.

You may want to ban trading the token to prevent money laundering but that would apply to all crypto coins.

oskarth 6 hours ago 0 replies      
Lots of people dislike ICOs, some for good reasons. But ICOs is a general mechanism and the specifics differ. Are some ICOs ponzi schemes? Sure. But this move is about capital controls, little else. I am surprised so many people are defending this as a good thing. Do you want to outlaw all VC money too?
tudorconstantin 4 hours ago 12 replies      
I assume most of the HN readers are from USA and I can't believe my eyes what I'm reading here. People cheering a government's ban on what its citizens can do with their lawfully earned money.

I worked for my money, I paid huge amounts of taxes on them. Why is it ok for somebody to come and tell me what I can and can't do with them, and then telling me it's in my best interest to not be allowed to invest them.

tankenmate 7 hours ago 0 replies      
I think it is safe to say that this is because it is something the party can't control (in the somewhat more overt sense rather than the regulatory sense).
DigitalSea 3 hours ago 2 replies      
This was a needed move. Too many scamcoins are appearing and selling their overpriced offerings. It's like Kickstarter, but for larger sums of money and less accountability if things don't materialise. We are heading for a pretty serious ICO bubble if ICO's can continue to operate like they are and I can only hope that the USA follows suit next.

The crypto markets right now are in a free fall as a result of the panic. This is a ban on ICO's, not a ban on cryptocurrency. People don't realise how instrumental China is in the crypto world, quite crazy. I am taking this opportunity to buy up promising alt coins like TenX ($pay) which are all incredibly unvervalued right now as a result of the drop.

As we learned with Bitcoin, panic is temporary and eventually things will bounce back. We are entering a brave new world with cryptocoins as they reach the mainstream.

PaulMest 7 hours ago 1 reply      
I hold many assets in this space including ETH and NEO. There are tons of scams and money grabs with ICOs. While this announcement has been pretty brutal for me, I think it is ultimately a good thing for the industry as a whole.

I think ICOs can be extremely beneficial for teams to raise money. But a lot of people buying these tokens do not understand what they're getting in return. I'd like to see it become easier to actually own equity or a % of a company's revenue by holding tokens. Hopefully these future regulations will build trust in the ecosystem by minimizing scams and providing clarity. More trust yields more people converting fiat -> crypto... which should yield a healthier less volatile ecosystem.

bertil 7 hours ago 1 reply      
It probably has a lot more to do with the country regulating its own fiat currency, foreign change and savings quite aggressively. That made any previously unregulated (because new) alternative the _de facto_ change mechanism.
chvid 7 hours ago 0 replies      
As far as I understand financial regulation ICOs are illegal in most countries. It is just a matter of enforcing the existing rules.
Nursie 6 hours ago 1 reply      

To a relative outsider, a lot of the current movement in the crypto-currency space seems to be about amplifying the holdings of those who already hold. The BCC fork, for instance, effectively gave current bitcoin holders an overnight boost in the 15-20% range.

ICOs appear to be a way to finance things in a kickstartetr type way, only with instantly trade-able coins in the form of a new crypto-currency, with buy-in conducted in ether. These provide a new speculation vehicle, often/usually totally divorced from the underlying activity of the company.

Both of these things neatly skip any sort of bootstrapping phase that might be inherent to a new crypto-currency, and serve insiders and the already crypto-wealthy rather than newcomers or those outside the existing bubble. The whole thing seems very tenuous, and speaks very much of an "in-crowd".

crypt1d 5 hours ago 4 replies      
A lot of people seem to suggest that some kind of regulation, or even outright ban, of ICOs is necessary. Apparently in order to prevent people from loosing their money on risky investments?

I don't really understand why it is appropriate for someone else to tell me how to spend my hard earned money? Isn't that what freedom of choice is about? Even if I'm being manipulated into a scam, it is still MY choice.

Let people spend their ICO money the way they spend their votes. Its basically the same form of manipulation anyway.

decentralised 6 hours ago 1 reply      
Authoritarian governments will always act to protect their own monopoly of the economy. That's why we need cryptos in the first place!
mehh 2 hours ago 0 replies      
I'm not surprised, even some basic analysis on the ICOs such as Civic raise a lot of alarm bells.

Will be very interested to see in the next couple of years how many of these projects still exist.

BlueZeniX 3 hours ago 0 replies      
But wait, central banking is itself a scam! It's the only entity that doesn't have to balance its books.
casualwasher 7 hours ago 0 replies      
It's an necessary move to take, given there are just so many scams under the cover of ICO. So few innovations, so many ponzi schemes.
xHopen 3 hours ago 0 replies      
Keep trying and trying, It wont work. By that's none of my business
vit05 6 hours ago 1 reply      
A lot of people already knew about that and was able to profit in the weekend. Some coins just jumped nowhere and now will crash. Hshare has passed 1 billion market cap and will be probably be evaluated less than 10 million at the end of the day. Walton, Loopring, NAV...
MrBlue 7 hours ago 0 replies      
Buy the dip! :)
encryptThrow32 7 hours ago 3 replies      
About time. 'the big crash of 2017'.Some stability and sanity will return to this space.
Focalise 3 hours ago 0 replies      
Clearly a very bad move for China.
TomK32 6 hours ago 0 replies      
And every coin (except for 5) is in the red on coinmarketcap.
rsynnott 5 hours ago 1 reply      
I'm amazed it's even a case of banning them; I'd just automatically assumed they were illegal basically everywhere. It's an unregulated securities market, surely?
davidgerard 4 hours ago 0 replies      
> The SEC hasnt made a firm move in the U.S. yet despite making announcements

What they've done is very gentle soft-touch stuff. They've been calling ICO promoters and strongly suggesting they get their legal ducks in a row.


Protostarr - who hadn't consulted a lawyer at all - shut down and returned the money; BenjaCoin went "actually we're good" and has argued such to the SEC.

The SEC's approach is considerably softer-touch than most people expected - but despite the rantings of crypto paranoiacs, the government is not in fact there to harsh your mellow. Point 3 of the SECs mission statement is "facilitate capital formation" - they explicitly see their job as helping you get rich! But of course, point 2 is "maintain fair, orderly, and efficient markets," and point 1 is "protect investors".

chinathrow 7 hours ago 2 replies      
Other countries must follow. If you see what kind of ICO scams are running out there, you can't look away any longer.

A lot of folks will lose their investment/money.


logicallee 3 hours ago 1 reply      
What about all those legitimate startups that raised money from ICO's???

Here on Hacker News we had a staunch defender of ICO's, who was saying "ICO's of some form are unquestionably the future of raising capital for most tech companies up to a certain size".

In response to that wide claim, I asked the following question which I'll quote part of: https://news.ycombinator.com/item?id=15121111

>May I ask what the largest/most successful "traditional" tech company that used an ICO is? By "traditional" I mean that their tech has nothing to do with blockchains and they could have also just raised money on angellist, and today are just a normal tech company shipping some kind of a product, like a hoverboard.

Here was their response which I'll quote: https://news.ycombinator.com/item?id=15121451

>This is early days, very early days. Give it a few years, and people won't bat an eye at raising capital via the blockchain. It's just more efficient and easier. I mean, if you like having to travel around, having tons of meetings and discussions, hoping your lead investor doesn't pull out and fuck up the whole round, by all means keep supporting the current system. It just is going to change, massively, in the coming years. There will be some sort of place for traditional capital but blockchain capital raising will hit every industry.

If you think about it, that response to my question really says it all.

(Upon my folowup, they did name two software companies.)

Six year old PDF loop bug affects most major implementations fuzzing-project.org
78 points by hannob  5 hours ago   11 comments top 7
Semaphor 2 hours ago 1 reply      
FWIW, I have no problems with the file in Sumatra.


plicense 3 hours ago 0 replies      
PDFium used by Chrome internally uses Foxit PDF library to read and extract information from the PDF.

Google basically bought Foxit's library and open sourced it - but looks like the open source version isn't keeping up with the upstream commercial version of Foxit because the latest Foxit reader doesn't seem to have this bug.

timendum 1 hour ago 0 replies      
Firefox 57 will contains the pdf.js version with this bug fixed https://bugzilla.mozilla.org/show_bug.cgi?id=1393476

Also Chromium changes have been merged https://pdfium-review.googlesource.com/c/pdfium/+/12391

walterbell 2 hours ago 0 replies      
What's the best way to check a few thousand PDFs for potential malware? Would a Linux VM with SE Linux + minimal whitelisted operations on the PDF reader be sufficient? Is there a sandbox equivalent for Windows or Mac, which could detect attempts to break out of the sandbox?
nathan_f77 1 hour ago 0 replies      
That's good to know. I'm working on a service that processes PDFs, so I was concerned that someone could bring down my server by uploading one of these.

The pdf-reader gem throws a "stack level too deep" exception after about a second. There's also a ton of other issues on pdf-reader: https://github.com/yob/pdf-reader/issues

Good reminder that any kind of file processing needs to be heavily sandboxed.

_pmf_ 1 hour ago 0 replies      
Is is an actual bug does the exploit rely on certain legal PDF parameters that cause quasi-infinite behavior when actually rendering it (i.e. the PDF equivalent of a ZIP bomb)?
amelius 3 hours ago 3 replies      
> This isn't a major security issue, the impact is a denial of service.

Probably just denial of your own service, not everybody else's.

       cached 4 September 2017 16:02:01 GMT