hacker news with inline top comments    .. more ..    16 Jun 2017 Best
home   ask   best   5 months ago   
1
Please Make Google AMP Optional alexkras.com
1140 points by tambourine_man  5 days ago   431 comments top 60
1
epistasis 5 days ago 5 replies      
I'm trying to imagine the uproar if Apple had done AMP instead of Google. Somehow AMP has some staunch defenders, but everything, and I mean everything about how it's been approached has felt very anti-web and pro-Google. The overall concept may be sound, but the implementation, and the inability to escape it, has significantly hurt my opinion of Google. In fact, I no longer use Google's search because of it.
2
niftich 5 days ago 4 replies      
Google Search on Mobile is no longer a web search engine that hyperlinks to the resulting page, but rather an search-integrated newsreader that loads itself when you click on a result that's marked with AMP. This is understandably a big change from how things used to be, but it isn't going to get better anytime soon.

After all, most people on mobile spend their time inside apps, probably from some Google competitor like Facebook. Within these apps, they click on links, which increasingly load inside webviews; the framing app collects info on where people go, and uses this to sell targeted advertising. Facebook is a king in this space, and is now the second largest server of internet display ads, after Google.

Google's assault on Facebook's encroachment is twofold: drive people to Google's apps like the Google Now Launcher (now the default launcher on Android) or the Google app present in older versions of Android and available for iOS, and deploy the same content-framing techniques from their own search engine webpage on mobile user-agents, where the competition is most fierce, and they can also position it as legitimate UX improvement -- which, to their credit, is largely true, as bigpub content sites on mobile were usually usability nightmares and cesspits of ads.

I understand that the author and quite a few others are peeved at this behavior and that there's no way of turning it off. But it's really not in Google's best interest to even offer the option, because then many people will just turn it off, encouraged by articles like the author's own last year where he was caught off-guard and before he gained a more nuanced appreciation for what's really going on.

The bottom line is this: Google is inseparable from its ad-serving and adtech business -- it is after all how they make most of their money -- so if you are bothered by their attempts to safeguard their income stream from competitors who have a much easier time curating their own walled garden, you should cease using Google Search on Mobile. There are other alternatives, who may not be as thorough at search, but that's the cost of the tradeoff.

3
godot 5 days ago 4 replies      
There's a lot of complaint about Google AMP and Facebook Instant Articles, e.g. walled garden, anti-open-web and whatnot.

Here's something simpler from a non-developer, average-consumer point of view. I recently began taking BART to work daily (new job). For those who don't know, BART is Bay Area's subway system, and (at least on the east bay side) cell reception is notoriously spotty.

When I'm on the train, which includes 2 hours of my day everyday (unfortunately), I'd be browsing on say Facebook, and look at links that my friends post. Instant articles almost always load successfully (and quickly) and external links to actual sites almost always fails to load or loads insanely slowly.

Yes, when you're at home or in the city with good mobile reception, these things make no sense and you'd rather hit the original site directly. Give them their ad revenue, etc. to support them, right. But for the average consumers who actually have problems like slow internet (like the average joe who rides public transportation and wants to read on their phone), things like AMP and Instant Articles actually help. I can only imagine outside of silicon valley (where I live), how much more significant of a problem slow internet/slow mobile data actually is.

P.S. I don't work at Google or Facebook, and I know this sounds like propaganda, not to mention this is exactly what they would like to tell you as the "selling points" of these features, in order to continue building their walled garden empires. Fully aware of it, but I did want to bring up why they exist and why I even actually like them.

4
gub09 4 days ago 5 replies      
Please, web developers, as a minimum, set up your websites so that they do not depend on Google, Facebook, Microsoft, Amazon or Apple for their functionality. That means, for example, use DoubleClick or AdSense or GoogleAnalytics if you like, but please do not use jquery from Google's CDNs. If you do that, and the site is dependent on that functionality to work (i.e. for text to be displayed), those of us who don't allow Google CDNs will not be able to use the site. The same for WebAssembly: use it if you like, but please don't make your actual content unnecessarily dependent on the use of services from these multinationals. It makes the Web less free.
5
daveheq 4 days ago 4 replies      
Google AMP:

1. Obscures the web page's URL.

2. Makes manual zoom in/out impossible.

3. Sometimes hides content mentioned in the article, with no ability to scroll horizontally to see it.

4. Confuses Chrome on Amdroid into over-hiding its top address/menu bar (forcing two swipes down all the way to the top to show) or forces it to show (won't hide on scroll down).

This is just coming from a user's perspective, fortunately it doesn't impact my work, but may in future websites I build due to it being almost 100% of the news articles I read.

6
sintaxi 5 days ago 8 replies      
I suggest stop using google search altogether. https://duckduckgo.com/ is an excellent search engine and its trivial to make a google search via `!g` prefix when you are not finding what you are looking for.
7
matthberg 4 days ago 0 replies      
"What I realized today, however, is that while I dont so much mind AMP as a publisher, I really hate it as a user. I realized that EVERY TIME I would land on AMP page on my phone, I would click on the button to view the original URL, and would click again on the URL to be taken to the real website.

I dont know why I do it, but for some reason it just doesnt feel right to me to consume the content through the AMP. It feels slightly off, and I want the real deal even if it takes a few seconds extra to load."

I have subconsciously been doing the exact same thing for a while now, and I think this quote covers a good deal of public sentiment. It's weird to use AMP, yet slower without it.

Another main issue I have with AMP is that there is no speedy way to check the url, something I do quite frequently. Instead it's just Google's hosting for the site, with the source being only available by clicking on the link icon.

8
ciconia 5 days ago 7 replies      
At 43yo I probably belong to the older folks on HN, but those modern devices all of us carry in our pockets to me seem just absolutely incredible and magical. They probably can run around machines that took up whole rooms just a few decades ago.

At the risk of sounding like an old fart (I probably do), I fail to understand this frustration of normal mobile users with the so-called slowness of their mobile experience. To quote CK Lewis: "Give it a second! Its going to space! Can you give it a second to get back from space!??"

9
wmf 5 days ago 2 replies      
The author's argument against AMP comes down to "I dont know why I do it, but for some reason it just doesnt feel right to me to consume the content through the AMP. It feels slightly off". This is... not a strong argument.

The AMP saga has pretty clearly shown that users care about content while Web developers only care about URLs and what goes over the wire. This is a huge disconnect. It doesn't help that many Web developers show no empathy for the users' viewpoint.

Ultimately it probably is easier for Google to add an opt-out to appease a very small, very vocal minority than to educate them that the URL doesn't matter.

10
andy_ppp 4 days ago 2 replies      
What really gets me about the AMP Cache (AMP itself is fine by me) is that it doesn't actually make anything faster. If you time the difference in download speed between the real website AMPd page and AMP Cache URL the difference is almost nothing in 99% of cases. And neither page load gives you that magical instant hit you get on Google's SERPs.

The speed difference on SERPs is the background downloading and (possibly) pre rendering of AMP pages. This functionality could easily be added to browsers, keeping people on their own websites and Google not having control over the content.

We already have <link rel="preload/prefetch"> but how about adding <link rel="prerender" href="http://amp.newswebsite.com/article/etc." />.

This would absolutely give all of the benefits of AMP Cache without Google embracing and extending the web. It's also much simpler to integrate, every single site can choose to benefit from this (not just SERPs) and I don't end up accidentally sending AMP Cache urls to my friends on mobile.

11
sorenstoutner 5 days ago 3 replies      
My experience is that all the advantages of AMP can be had by disabling JavaScript while browsing. And this comes with none of the disadvantages of ceding even more control to companies like Google and Facebook.

In my opinion, JavaScript should be disabled by default and only enabled for specific tasks or websites. Not finding exactly what I was looking for in any other browser, I eventually created Privacy Browser on Android. https://www.stoutner.com/privacy-browser/

There are extensions like No Script that can give similar results for other browsers. https://noscript.net/

12
tangue 5 days ago 2 replies      
AMP has been created for product managers. Everybody in a project knows that slow and bloated pages hurt users, but business requirements are making it impossible to do otherwise. Google AMP solves this problem, in an authoritarian way (hence the outrage), by defining what's good and bad for the Internet.

Marketing has taken the lead in corporate websites projects to the detriment of the end-users, AMP puts the user in the center.

13
j1vms 5 days ago 0 replies      
What some may fail to see is that the Web's success in the smartphone/mobile era is not yet secure. Both Facebook and Apple, among others, have vested interest in treating the Web as competitive threat. I believe AMP was Google's response to Facebook's Instant Articles.

Although there is much to be concerned about Google's ever-expanding reach into the daily life of a good portion of the planet, I think web proponents have more to fear from the likes of FB, Apple, and others appearing on the horizon. These companies are mostly succeeding at meeting current UX expectations (performance, standardization, ease-of-use), and in doing so they are capturing eyeballs away from the web. It's possible some of those who have left for these walled gardens may not return.

14
b0rsuk 4 days ago 2 replies      
The article displays his autocomplete hints:

 google amp pages google amp annoying google amp sucks google amp conference
My equivalents in google.com are:

 test cache disable maps
Both bing.com and duckduckgo.com (which doesn't track) don't recognize "amp", even when I put both first words in quotes, and assume I made a typo in "maps".

This simple test is therefore inconclusive, but my hypothesis is that his search autocomplete hints are, ironically, colored by his search history. The only negative word I got (disabled) is much more neutral.

Now that I think about it, duckduckgo's "no tracking" isn't just valuable for privacy. It's also valuable for consistent search results across computers without yielding even more information (logging in etc). A few times I made a query and found something useful and surprising, and then I wasn't able to replicate the query on another computer to show someone else. In any case I'd hate to miss a rare interesting page because Google thought that extra 10 pages about Linux might interest me more.

15
naasking 4 days ago 1 reply      
I'm starting to hate AMP for one simple reason: it breaks the back button on my Android phone. Like, what the hell? Didn't we do this dance over 10 years ago? Do we really have to keep circling the same drain over and over and over again?
16
omot 5 days ago 12 replies      
I never really understood why google amp is bad. Can anyone explain the reason why people think its ethically bad?
17
drawkbox 4 days ago 0 replies      
Towards the end of AOL (early 2000s), they used to take all content that you visited through their browsers and re-compress and sometimes remove things from the sites. This sometimes really ruined image color, layouts, style etc.

The agency I worked at it was a huge problem because back then clients and business people still used AOL and would see the jacked up versions of their site. There was literally nothing you could do, they did it to small and large sites without abandon.

AMP reminds me a bit of that type of setup with AOL re-compressing and crunching down sites through their network. I agree with Google on doing this for email for security but not necessarily websites. AMP to me is quite annoying and in general a bad move.

18
801699 5 days ago 0 replies      
"... Google's AMP team even invited me to have lunch with them."

Reminds me of this:http://blackhat.com/media/bh-usa-97/blackhat-eetimes.html

As far as I can tell, in order to be "forced" on a user, AMP must rely on javascript, the browser used or maybe the OS (I trust they are not rewriting search results to point to AMP but that could be another one).

A no javascript command line tcp client will retrieve the page without automatically following the amphtml link. Users thus have a choice. And if choosing the amphtml link it is easy to filter out everything but the text of the page (the content). In that sense AMP is quite nice.

The "forced" nature of AMP should make users think about these points of control for advertisers and Google: javascript, browser, OS. Maybe website owners will think about them too the next time they "recommend" or "require" certain browsers. Web should be javascript, browser and OS neutral.

19
BinaryIdiot 4 days ago 0 replies      
Honestly AMP should have been a set of tools / a framework. Think about it.

Currently with AMP Google gets not only your traffic but they get your content on their own domains (which makes all content look like the same trustworthiness) and, at the same time, they mark sites that have AMP available in their search results thusly weighting those results differently because it can train users to click on those more.

Ultimately this is bad for everyone but Google.

However, if it was a framework / set of tools we could create our own AMP pages and simply put them on our own DNS. Google's cache is really the only unique thing going on here and we wouldn't have to worry about sharing trust.

20
cmac2992 5 days ago 1 reply      
I love AMP as a user. So many sites have brutal load time and jumpy pages, popups and sometimes crashes.

As a developer I'm not a fan. It's another thing to manage and maintain. And the last time I checked once you can't leave without some serious consequences.

As a marketer I like the increased CTR but dislike the higher bounce rate and limited features.

21
limeblack 5 days ago 0 replies      
So another article was posted a couple weeks ago about AMP. One advantage I have seen is that you can get around intranet blocking sites if they support AMP. Besides obviously speed this is the only advantage I have found.
22
alenros 4 days ago 1 reply      
Wrote down this Tampermonkey\Greasemonkey script that would do the job of automatically redirecting you to the original content. can also be obtained from [0]

// ==UserScript==// @name Un-AMP// @namespace http://tampermonkey.net/// @version 0.1// @description avoids google AMP links and navigates to the original content// @author Alenros// @match https://www.google.co.il/amp/*// @match https://www.google.com/amp/*// @grant none// ==/UserScript==

window.location.href=document.getElementsByClassName("amp-canurl")[0].textContent;

---------------

[0]https://github.com/alenros/Un-AMP

23
abrowne 5 days ago 2 replies      
I've never actually seen AMP "in the wild". Is it because my only mobile browsing is with Firefox on Android?
24
ender7 5 days ago 8 replies      
Users: I like AMP pages, they're fast!

HN: But the open Internet!

Users: What's that?

HN: Normal websites!

Users: Like...the really slow ones? With all the annoying popovers? And pages that take forever to load? And for some reason cause my fancy new phone to slow to a crawl?

HN: Well, those websites should rewrite their entire codebase to be faster.

Users: That doesn't help me, though.

HN: Trust in the free market! The problem is you, the user, who just needs to exert more pressure on website purveyors so they'll make performant web sites.

Users: You mean, like, preferring websites that offer faster experiences? Okay. Continues to use AMP.

25
frankydp 5 days ago 2 replies      
Isn't AMP just an RSS reader for the entire internet?

If they solved the URL issue somehow(even if faking the address bar), and had original and AMP links in search; it would probably reduce the antiAMP argument quite a bit. Which both seem to be just UI issues.

26
whyagaindavid 4 days ago 0 replies      
Here in 3rd world with flaky 2/3G and just 100-300mb data, AMP is welcome. We still use 1G ram phones!
27
tempodox 4 days ago 0 replies      
If we need Google to tell us to do something that could just as well be achieved by applying reason and sane engineering, without capitulation to a monopoly, then something is deeply wrong with our industry.
28
jbg_ 4 days ago 0 replies      
I started using a self-hosted searx[1] instance recently, and I highly recommend it if you'd prefer to not have to care about this nonsense.

It's the first time I've found an alternative to google.com that is actually usable (i.e. I find what I'm looking for near the top of the first results page every time I make a search).

You can use Google as one of the results providers, but you won't see any AMP results, and since searx can mix in results from Stack Overflow etc, you might find that a different search engine than Google still gets you good results.

I think Google would pull fewer of these monopolistic tricks if people would realise they have genuine alternatives.

[1] https://github.com/asciimoo/searx

29
johneke 3 days ago 0 replies      
Even if people are for/against AMP, I think it does make sense to have AMP optional. For instance Google searches will often show the "Ad"-ified link at the top, but with the regular link somewhere below in the search results. Google could just as easily have the AMP and non AMP links in the search results if they aren't really the evil corp everyone thinks they are :)
30
makecheck 5 days ago 2 replies      
Be sure to structure your Google searches as "g!" searches to DuckDuckGo and AMP effectively disappears with the same set of search results.
31
quadrangle 5 days ago 2 replies      
> this jeannie is firmly out of the bottle

It's "genie"

32
bsaul 4 days ago 0 replies      
This is crazy, i never noticed those amp links until i read this article. I never clicked on it because my brain somehow classified them as "weird google stuff looking like a new kind of ads". It looks so much like the "external content" ads you find on some website, plus it provides less room for the first sentences of the article, so it made it look even more like clickbait.

What did happen though, is that i found google results a lot worse on mobile, and ended up not searching for stuff on my mobile. Google results really look like a mess on mobile now...

They really went from minimalist zen to baroque indian arabesque over the year...

33
codazoda 5 days ago 0 replies      
So, funny thing. I have been ignoring amp results by accident. I didn't realize what they were and they look like sponsored ads, so I had complete "banner blindness" to them. Odd, now I'll try a few.
34
vultour 5 days ago 2 replies      
> AMP took off. Over two billion pages are using AMP

I don't think I've ever seen an AMP-enabled website, I certainly never noticed any buttons suggesting I visit the original website.

35
andy_ppp 5 days ago 1 reply      
I mean, if you take AMP to it's logical conclusion why should Google allow anyone to host their own webpages when Google can host them all better and faster.
36
cubano 4 days ago 0 replies      
> To be honest, I dont even know what Facebook Instant Articles are.

Amen, brother.

37
jeshwanth 4 days ago 0 replies      
AMP should be optional, I was getting irritated yesterday as many pages are not getting loaded.
38
reaperducer 5 days ago 0 replies      
As someone who used to make WAP web sites for mobile phones, I find AMP's limitations comforting and its goal laudable. Much better than the throw-another-javascript-framework-on-the-pile ethos that they teach kids coming out of school these days.
39
Artlav 4 days ago 1 reply      
As someone who just heard of AMP today, i still can't find any site where it's used, nor have i ever encountered it in the wild.

Is it an american thing, not enabled for other countries? Just what am i supposed to look for?

40
lokedhs 4 days ago 0 replies      
Honest question. How do I see an AMP page? Perhaps my use of a browser is different that most others (I don't use Facebook, for example) but I can only recall seeing an AMP link once or twice.

Do you only see them when doing a Google search?

41
JeremyBanks 5 days ago 1 reply      
Google search doesn't really have many options like this, and I'd be shocked if they added this one.

But given the URL format, it should be trivial for a browser extensions to rewrite links or requests from AMP pages to the original. I bet it already exists.

42
burgerdev 4 days ago 0 replies      
> My issue with AMP being used inside Google the Search engine

I'd suggest trying an alternative, maybe https://duckduckgo.com.

43
ccommsxx 4 days ago 2 replies      
I've been waiting for a comment on why re-hosting verbatim copies of the original content by google is not considered copyright infringement? How come there seems to be no discussion on this at all?
44
falcodream 4 days ago 1 reply      
If my regular page loads as fast as the AMP page, to within some margin, could Google drop the AMP version and link directly to me? It would make AMP a tool for improving the web rather than replacing it.
45
homero 4 days ago 0 replies      
At least they give you the link now, before was horrific
46
plasma 5 days ago 0 replies      
Like the article, I often dismiss AMP and visit the original, because I want the latest content - AMP is cached and so for sites like reddit the content is out of date.
47
geekme 4 days ago 0 replies      
The publishers should stop supporting AMP collectively. I own a couple of websites and I have not enabled AMP in either of them.
48
grizzles 5 days ago 0 replies      
I posted an alternative solution. https://github.com/electron/electron/issues/8534

The ticket was closed a few days ago. People dislike stuff like AMP, but we are probably stuck with it, there just isn't much interest in alternatives.

49
skmanish 4 days ago 0 replies      
Not able to view AMP pages in my Google chrome right now, neither on my friends' phones
50
learntofly 5 days ago 1 reply      
I use an older iPhone as my primary internet device when at home.

From google news, the top hits are served through amp and I lose about 1/10 of my screen area to a pointless blue "bar" underneath safari's address bar. This loss of screen space is the only reason I object to amp.

51
dabber 5 days ago 0 replies      
I haven't read through the comments here yet but my initial impression of the article is 'ha, I was literally thinking this today'; because I was. AMP is a little heavy handed for my tasteS. Another instance of HN being on the same wave length I guess.
52
tomphoolery 5 days ago 2 replies      
Why doesn't AMP change the URL bar itself? I don't see a reason why it can't utilize the browser history API and attribute the correct URL page view, considering Google is probably doing your analytics too.
53
radicaldreamer 4 days ago 0 replies      
I cant help but think that Google considers more and more posts like this a success metric for taking over this part of the web (like Facebook does with its walled garden).
54
tobyhinloopen 4 days ago 0 replies      
I must be stupid but I never seen an AMP page anywhere. Link?
55
0x0 5 days ago 8 replies      
AMP is bad and anyone who's invested in it should feel shameful for making the internet a worse place.
56
Shorel 4 days ago 0 replies      
Just make your blog in Jekyll instead of WordPress.

Much faster everywhere, in all browsers and platforms.

57
dreamcompiler 4 days ago 0 replies      
Maybe if we all start adding

Pragma: no-AMP

to our HTTP requests Google and publishers will start noticing we care.

58
wbc 5 days ago 1 reply      
anyone from the project? wanted to test out but it looks like the create link is dead: https://www.ampproject.org/docs/create/
59
zhuzhu 4 days ago 1 reply      
This guy earning with Google adsense
60
PaulHoule 5 days ago 1 reply      
Use bing?
2
Show HN: Get Paid to Build Your Next Side Project demandrush.com
1060 points by hackerews  1 day ago   434 comments top 68
1
sanbor 1 day ago 24 replies      
Photoshop license costs $348 a year. If 1000 people get together and put $400 each, you'll get $400000. That money could be used to leverage a Gimp to be more Photoshop-users friendly. Then you don't have to keep with the subscription model. You have a great piece of open source software available for everyone to use as long as they want. You can do another round to get more features added.

This solves the issue that you get with subscription based services, which is that if you stop paying every month/year you loose access to the tool to do your work.

Instead of building yet another SaaS wouldn't be smarter for users to gather and pay for a software libre solution?

2
avaer 1 day ago 5 replies      
> GET PAID TO BUILD YOUR NEXT PROJECT

> Choose a problem below to get started.

Get paid to build _my_ next project or _your_ next project?

This is clearly a two-sided platform, but the messaging seems conflated: the headline speaks to builders and the instructions speak to end customers.

3
pc86 1 day ago 5 replies      
> Industry-specific deep learning interviews and walkthroughs

> 1 customer paying $5/mo

Sounds about right.

4
baron816 1 day ago 2 replies      
I think this has the potential to introduce an interesting auction model. People might want to join in, but not at the initial price point. What if everyone proposed wanting in on project stated their maximum price point, and the winning application to solve would get the price they bid at for everyone above that level. In other words

customers_offering_prices = [1,1,4,15,30,30,40,80,100,150,175,10000]

winning_applicant_price = 40

winning_applicant_revenue = [40,40,40,40,40,40].sum

The last 6 customers receive the product and they all pay 40. Essentially a modified Vickrey auction. Everyone has an incentive to bid exactly what the product is worth to them.

Edit: >Everyone has an incentive to bid exactly what the product is worth to them.

Actually not true if applicants see the bids. In my example, the the best applicant would want to bid 10000 because that would maximize revenue, but exclude everyone before that. Customers would adjust their bidding as a result. But applicants should know much they can expect to receive if they win so they can bid correctly.

5
mgkimsal 1 day ago 0 replies      
Wish there was a way to ask people for clarification.

> https://www.demandrush.com/problems/fantasy-scifi-subscripti...

> I'd love a Netflix-style platform, website or app that, where I'd have a selection of high quality books to choose from.

Amazon has a 'unlimited book rental' subscription model (I know not all books are in there).

"What systems has this person already looked at, and why were they rejected?"

That probably needs to be a base question.

6
fomojola 1 day ago 0 replies      
Love it! I'd specifically highlighted this concept in the thread for Oppslist (https://news.ycombinator.com/item?id=14469317): maybe there's an opportunity here to handle both sides of the market, both soliciting ideas and driving work to the ideas?

Still not sure how you handle avoiding imposters: for things like the accounting solution that's on the top of the site I think there is huge potential for abuse in either direction (either devs phishing for data or companies refusing to pay for solutions). Good luck!

7
BoorishBears 1 day ago 8 replies      
This looks like such a cool idea, but already you see that the problems presented seem to be seriously underestimating how complicated what they're trying to do is. For example, detecting specific text in an image? 10 minutes in OpenCV. Detecting any text at all in any format in an image? I don't even know where to start. Maybe 10 minutes in OpenCV if they constrain the kind of text, otherwise ML? It feels like an unboundedly complicated problem.
8
TekMol 1 day ago 1 reply      
"Copyright 2017 DemandRush" - I'm always surprised when I see these types of statements on US based websites.

In Europe, this would make no sense. A website is not a legal entity, so it can not be a copyright holder.

Does the statement make more sense in the US, or is it just a common misconception among people who build websites?

The terms page says "Welcome to DemandRush, a website and online service of Grafly, Inc". So I would expect the real copyright holder is Grafly Inc?

9
pkamb 1 day ago 4 replies      
Does anything like this exist for putting bounties on small scripts / extensions?

I just posted these questions yesterday, in the hope of finding solutions to a couple common annoyances I have with Google search:

https://superuser.com/questions/1218986/keyboard-shortcut-to...

https://superuser.com/questions/1218989/how-to-maintain-orde...

I don't want the overhead of "hiring a freelancer" to do the work. But I'd definitely pay a bounty if someone came in with the answer / script / extension / app that solved the problem.

10
rdudek 1 day ago 8 replies      
"Subscribe to news without paying $30/month per website"

I don't think there is a legal way of actually doing this.

11
quadrangle 1 day ago 1 reply      
For reference, the site CoFundOS.org (which is now something TOTALLY unrelated) used to be a bounty service just like this where people all added their pledge to fund the start of some new project if someone came along and accepted the task. Not sure if there's any reference available anymore. They focused on Open Source, whereas DemandRush seems to focus on services, many of which could qualify as SaaSS even, see https://www.gnu.org/philosophy/who-does-that-server-really-s...

Anyway, the big issues here are those all bounty-type sites face (which seems, for some reason, to be the thing everyone keeps trying over and over and keeps thinking is a new idea). See for reference, https://wiki.snowdrift.coop/market-research/history/software...

12
iandanforth 1 day ago 2 replies      
I would strongly suggest that there be an option to list existing solutions. A sustainable model means identifying real needs, not duplicating products that people are merely ignorant of.
13
kirillzubovsky 1 day ago 5 replies      
I find it a little funny how unrealistic people can be when evaluating the cost of their problem. Take this one for example: "We have hundreds of images uploaded to our app each day. The issue is some of these images have text that we want cropped out." -- willing to pay? $75/month. Baller!

Chances are this is a problem for a data-mining / ai-training platform that wants to create a better image set. They are charging clients tens of thousands of dollars, and yet willing to pay $100/month to improve the data. lol

14
OzzyB 1 day ago 1 reply      
I love the idea and initiative!

My only concern is that this is a little "race to bottom"; most if not all the entries are along the lines of "I already have X but I'm paying too much!"

I guess this is great for solo entrepeneur/developers, hell, if I know for certain I had 100 people waiting to pay me $50/m for X, I would definately consider building it :)

15
sjbase 1 day ago 0 replies      
Super cool idea, but there's a ton of potential for misunderstanding. Example:

User: "I want {A}."

Winning developer: builds {a}

User: "This is useless to me. I wanted {A}, not {a}"

Developer: "But you never said you were case-sensitive!"

It can easily go the other way, with the user saying "Well i said {a}, but I meant {A}. {a} is useless to me." Who pays when nobody is clearly in the wrong about some ambiguity? The FAQ hints at an "initial 3 month subscription." Am I missing more info on the process?

16
tarr11 1 day ago 2 replies      
I actually need the first item listed there (InDinero replacement), but I signed up and am sort of confused?

I would very likely pay for this feature, but I'm not willing to commit to much unless it works. I would pay a nominal amount to "kickstart" it I guess, and have the option to sign up later.

But it's a fairly nasty problem - porting your books a proprietary platform to QuickBooks seems full of traps.

17
19eightyfour 1 day ago 0 replies      
This is such a great idea. And you nailed the marketing and message.

It's like a democratized efficient tender process driven by the market. Brilliant and beautiful! I really feel you shall be able to capture a lot of value and create alot of value from this. Well done!

18
gricardo99 1 day ago 5 replies      
>Monthly subscription for science fiction and fantasy books

Isn't that the public library?

19
nonconvergent 1 day ago 2 replies      
A few of these can be solved with a comment.

"Need to see revision history for View-Only Google Docs" - Don't use a shared Google Doc as the agent of record. Email it to each other as an agreed contract.

"Can't find good replacement for expensive accounting/bookkeeper service" Have you tried literally anything else? You're paying $500/month for this solution, have considered just getting an accountant and emailing him spreadsheets?

"Monthly subscription for science fiction and fantasy books""Subscribe to news without paying $30/month per website" - Existing solutions already exist and require a supply chain and distribution rights negotiation more than they do a developer to slap it into a webapp.

20
gremlinsinc 1 day ago 1 reply      
This reminds me of what assembly was doing where people would list startup / app ideas then teams would form and build the idea and I think a few businesses came out of that.
21
AndrewKemendo 1 day ago 0 replies      
This looks like an idea/market validator posing as a job listing market. Brilliant.
22
avip 1 day ago 0 replies      
First I absolutely love the idea, and even more the execution, of this site.

Several questions about where could this go post 1-day HN buzz:

1. How are existing solutions being presented to the ignorant "wannabuy"?

2. How is this list sorted?

3. How are duplicates managed?

4. Where is the "discussion" required to even minimally spec the ideas and bring them to a buildable form?

23
vlokshin 1 day ago 0 replies      
Interesting concept, if the balance can get figured out right (making sure customers or devs aren't getting screwed).

There should also be a discussion section.

For example, I see:>Can't find good replacement for expensive accounting/bookkeeper service

I'd love to recommend Bench.co (use it and love it) and avoid someone wasting their time. It's much more affordable than 500/mo.

I do love the concept though. @OP: I'll share this with the https://turtle.ai/ developer community and see if there is any interest.

24
intrasight 11 hours ago 0 replies      
The title is misleading. In none of the listed projects do you "get paid". I often do "glue things together with APIs" types of projects (you could argue that all software is basically that) using modern cloud services which make it relatively easy. But doing anything takes several days and therefore costs a couple thousand dollars - the activation energy for a project. I'll always do the projects where a client is willing to pay that activation energy before doing something which is "speculative".

Having said that, I think the idea of doing something like "Upwork" but with client aggregation and monthly pricing is a great idea - but still speculative, so a great idea for somebody else to pursue.

25
jmull 1 day ago 0 replies      
I guess I get it (maybe ?):

There are already many, many marketplaces for tech development of all shapes and forms.

For this one I guess it's:

Hey, people who want some tech developed: If you can formulate your problem as an interesting side project you will (1) be likely to find someone actually willing & able to do it cheaply; (2) you are likely to be able to aggregate your buying power with another buyer; (3) you pay a subscription so it isn't a large up-front cost.

and;

Hey, tech developers who like to do interesting side-projects: Here's a bunch of interesting side projects that you might have done them anyway, except here you will (might) get paid to do them!

One way to look at it is in comparison to kickstarter. In kickstarter, a producer runs the campaign by championing an idea and setting a funding model and the consumer can choose to buy in by providing dollars. Here, the consumer champions the idea and sets the price, the funding model is a subscription, and producers can choose to buy in by providing work... and also more consumers can buy in by subscribing with dollars.

I guess for this market to work, it has be be more efficient at satisfying the demand for X-aaS development than existing markets, though I don't know how it might be.

26
amelius 1 day ago 6 replies      
> Identify location of text in an image ...for... $75

This is what my doctor charges for a flu vaccination.

I guess I've chosen the wrong profession.

27
civilian 1 day ago 0 replies      
For "Automated time tracking from Google Apps/Slack":

Toggl is a great service, works in the web or as a desktop app, and has slack integration: https://toggl.com/slack-time-tracking

28
mabynogy 1 day ago 0 replies      
Same idea than Opps List with a different perspective: https://www.oppslist.com/

The idea is good but it's difficult to use because you can't reach the people.

29
goatherders 1 day ago 2 replies      
Isn't this exactly how Freelancer/odesk/whatever work now?
30
pascalxus 1 day ago 0 replies      
This is a great start! There is a huge demand for more opportunities like this. Entrepreneurs and businesses are so tired of building yet another useless app, out of sheer lack of problems to solve. But, with a site like this, you can find problems that are actually problems. The site just needs more customers and more problems.
31
jclardy 1 day ago 0 replies      
I like the idea, but I find the site a bit confusing. What is a "pre-subscription"? Are people paying their suggested monthly fee up front? It says that the site makes money from the first three months, so when you sign up are you already subscribing to a nonexistent service?

And as for "solving", what if they fail? Is it no commitment? Is any of the funding up front, or is it just built on the promise of possible future subscriptions?

I think the idea could work, but directing the balance between both sides is going to be the problem, a lot of the "buyers" are wanting to pay an amount that will work at scale (like $5/mo) but not really if someone is trying to bootstrap a solution.

32
grogenaut 1 day ago 0 replies      
A few of these can be solved other ways or need more deets. The Google doc one for instance really just should go to am esigner. Or if this is a more light weight internal thing then Google docs needs mutable git like tags.

To me this is almost begging for a s/o style comment section.

33
FollowSteph3 9 hours ago 0 replies      
The devil is in the details. The items are so open ended that they could just about anything...
34
greatNespresso 13 hours ago 1 reply      
Just thinking, but it could be cool to add a comment feature, in order to discuss publicly about implementation details, constraints and quick solutions.
35
Sindrome 1 day ago 1 reply      
Adblocker for podcasts - HEARTLESS
36
id122015 1 day ago 1 reply      
So this is similar to crowdfunding except that we can ask what we want to be built ?

What I'm willing to pay for but cant easily develop myself is to add features from OSX to linux. Not too many, I'd start with:

- a graphical browser like Finder where I could color tag files.

- UI/UX: do something about easier configuration of the trackpad. Even when I installed linux on Macbook the trackpad does not work the same or does not have all the tapping actions instead of clicking. I cant even drag files/links to file-browser-sidebar/dock or such things.

37
cylinder 1 day ago 0 replies      
For the top two requests, Bench exists for book keeping and Blendle for news
38
cphoover 1 day ago 0 replies      
Just not enough money...
39
adamb 1 day ago 0 replies      
Cool seed for a community! Seems to lack a place for discussion about submitted ideas, so I'll follow others' lead and discuss here.

The "industry specific deep learning" project is similar to something I'm working on right now. Though I'm not planning to charge for it.

To any folks here interested in this: Are you looking for a tool to get started in ML or for a resource to apply existing ML knowledge to a specific (possibly new) domain?

40
kuldeep_kap 1 day ago 1 reply      
It's interesting how there are more comments and votes here in HN post than the projects posted and voted on the app.
41
hmhrex 1 day ago 0 replies      
Surprisingly there's one in here that I'm already starting to work on. That at least confirms to me that I'm not THE sole person who wants this service. Applied. I'm interested to see how this process works.
42
lettergram 1 day ago 1 reply      
Damn, this was literally a project I started working on.

Although, I had a slightly different way of going about it and different way to charge, I love the idea!

Gratz to OP. I'll definitely be submitting, and maybe I'll still come out with mine at some point.

43
pvsukale3 1 day ago 0 replies      
shouldn't it be " Get paid to build someone else's project"?
44
conmarap 1 day ago 0 replies      
This is pretty cool! I found myself reading through all of the entries I can see and even cook up some solutions on the spot. However, how do you make a profit off of it? Do you take a cut of the end cost?
45
inputcoffee 1 day ago 1 reply      
Can only one person "apply" to solve it?

I'm thinking of the kickstarter problem: vaporware.

If, over 6 months, 5 people apply to solve a problem, who gets the subscribers?

The first one, I hope not.

Each subscriber chooses?

P.s. Very interesting idea. Something in this direction will be useful.

46
demarq 1 day ago 0 replies      
I think you might need to vet some of those customers for ethics. Some of the things being asked for are inherently illegal.

On the other hand, it seems there is a ton of money to be made on the site!

47
sqeaky 1 day ago 1 reply      
Blocked by my work's filter under the category "malware".
48
hashkb 1 day ago 1 reply      
These customers/RFPs are way below market rate for software development. Given the reality of working with clients, these proposals are likely to result in developers taking a bath.
49
0verc00ked 1 day ago 1 reply      
This is a great idea. I'm curious to see how it evolves.
50
hackerews 1 day ago 1 reply      
Awesome. Over $1k MRR of opportunities up in last few hours. Looking forward to see these products built!
51
MichaelMoser123 1 day ago 1 reply      
What about intellectual property? Can the kind sponsors of a side project get to claim the result?
52
enknamel 1 day ago 1 reply      
The site is down right now for me. Is this like Patreon but for open source projects? If so, I would love that.
53
darepublic 1 day ago 0 replies      
You're dangling 100 dollars for problems that is solved could be million dollar solutions. Come on.
54
jeremiahwv 1 day ago 0 replies      
Service that allows me to get paid for my next side project [451+ customers, each paying $XX per month]
55
RandyRanderson 1 day ago 0 replies      
This is a really good idea! You need to force ppl to upload some graphics, though.
56
rkeene2 1 day ago 1 reply      
Feature request: RSS feed, so I can see when new projects are added
57
bluetwo 1 day ago 0 replies      
I would be curious what the business plan for this site looked like.
58
DesiLurker 1 day ago 1 reply      
why is there no search feature on this site? perhaps they should start a bounty for that first before submitting to HN .. smh
59
Arqu 1 day ago 0 replies      
Love the idea, especially for quick and interesting side projects.
60
TomK32 1 day ago 1 reply      
You missed a great chance by not putting a newsletter onto it.
61
cdiamand 1 day ago 0 replies      
Very cool! Will be watching this to see how it evolves.
62
soared 1 day ago 0 replies      
I can't access the site.

https error: NET::ERR_CERT_AUTHORITY_INVALID

63
skdotdan 1 day ago 0 replies      
Awesome. Great idea, nice execution.
64
wellsjohnston 1 day ago 2 replies      
How is this different from Upwork?
65
dsacco 1 day ago 2 replies      
I wish these weren't all subscription-based, because this could work for the exact thing I want:

I will pay $100 - $500 for an Arq Backup[1] clone on Linux, with the same UI polish as Arq for macOS or Windows, optional encryption, deduplication and supporting all the same backup locations, including:

* AWS S3/Glacier

* GCP Nearline/Coldline

* Backblaze B2

* Dropbox

* SFTP

* NAS

* Google Drive

If you're absolutely going to force monthly subscription pricing down my throat, I guess I'll pay up to $20/month. I want this badly.

I know about rclone, Duplicity, Duplicati, that awesome rsync/cron workflow you have, etc. I want Arq (or something just like it). Arq works flawlessly - it is absolutely superlative when it comes to backups on Windows and macOS.

I use an Ubuntu workstation as my daily driver at home and I have a MacBook Pro. Through very careful configuration I have gradually made Ubuntu about as enjoyable to use as macOS (with the exception of 1Password, which has to run under Wine). But I don't want to use the command line, or handle an API myself, or keep track of cron. Duplicati was the closest thing to what I'm looking for, but it's cludgey and started not working for me recently.

I know polished UI isn't exactly the first thing that comes to mind when you think of Linux. But if you're the kind of person who makes "Ask HN: What is your pain point?" posts or who is looking for a problem to solve, this is a burning problem I am willing to throw money at.

EDIT: I'm adding a bunch of HN comments to demonstrate the interest I've seen for this.[2][3][4][5][6][7]

____________

1. https://www.arqbackup.com/

2. https://news.ycombinator.com/item?id=14403321

3. https://news.ycombinator.com/item?id=11742226

4. https://news.ycombinator.com/item?id=9185632

5. https://news.ycombinator.com/item?id=5718015

6. https://news.ycombinator.com/item?id=13360604

7. https://news.ycombinator.com/item?id=13011339

66
aub3bhat 1 day ago 0 replies      
>> Identify location of text in image. We have hundreds of images uploaded to our app each day. The issue is some of these images have text that we want cropped out.

There you go [1] originally from [2]

[1] https://github.com/AKSHAYUBHAT/CTPN/blob/master/demo.ipynb

[2] https://github.com/tianzhi0549/CTPN

67
s73ver 1 day ago 0 replies      
Cool idea, but it seems like some of these are beyond the realm of a "side project". Like the News Aggregator one (https://www.demandrush.com/problems/news-aggregator-paywall). That one you couldn't really do without getting a lot of license deals with content providers. That already puts it out of the league of what most are able to do as hobby projects.
68
haidrali 1 day ago 0 replies      
Love the concept, just submitted my side project now waiting for response Thumbs Up
3
Developers who use spaces make more money than those who use tabs stackoverflow.blog
829 points by edward  14 hours ago   617 comments top 154
1
austenallred 14 hours ago 5 replies      
Almost certainly a result of the spaces cabal and the (often unspoken of) prejudice against tab users. Don't think you make hiring decisions based on tabs vs spaces? Well you're part of the problem, then.

I'm building an app to help you easily email your congressperson and ask them to create legislation requiring space/tab equality. This has to stop. Please consider donating to my Patreon.

2
redm 13 hours ago 13 replies      
The reason I use tabs is pretty simple. It's faster to move around only using the keyboard. It's also faster if I'm changing code that requires reformatting. Finally, when another developer looks at the code, their IDE will render the tabs as whatever its set up for, 2 spaces, 4 spaces, etc. In other words, it adds flexibility.

Brace yourself: I use two spaces after the end of sentences too. [1] I am quite the rebel.

Modern IDE's (Sublime Text) let you easily convert spaces to tabs (or vice versa) and intention length of existing code. [2]

[1] http://www.slate.com/articles/technology/technology/2011/01/...

[2] https://css-tricks.com/changing-spaces-tabs-sublime-text/

3
timhwang21 14 hours ago 11 replies      
Well, of course. Only companies with fuck-you money can afford the extra bytes spaces take up versus tabs, so it follows logically that they'd pay their developers more.
4
piker 14 hours ago 2 replies      
Could it be that a few large, well-compensating employers are shifting the result? (E.g., https://google.github.io/styleguide/cppguide.html#Spaces_vs....)
5
inanutshellus 12 hours ago 6 replies      
= Why Grown-Ups Don't Use Tabs =

* Joe likes 4-space tabs, I like 2-space tabs, and Jane is old-school with 8-space tabs.

* All goes well until someone aligns something visually, like so:

 void someNiceMethod(
[tab][tab][tab][tab][space][space]int myParam...);

* Now it aligns perfectly on my machine, looks mostly ok on Joe's machine, and is ON MARS on Jane's machine.

Thus one-or-more of three futures happens:

* Someone implements a code re-formatter into version control

* Someone re-aligns the code, starting the process over again.

* Someone calls a meeting and demands we all switch to spaces

6
GavinAnderegg 13 hours ago 6 replies      
I see a few arguments here which suggest people think tab-users might care less about their code and/or their fellow coder. As someone who slightly prefers tabs and abhors mixing of tabs/spaces, I find this frustrating.

I generally prefer tabs because I feel that they're more egalitarian: I like 4-space indentation, but don't want to force that on everyone encountering my code. Similarly, I find 2-space indentation very hard to parse in most languages, so I don't want that affecting me if I can get away with it. While this is possible with spaces and maybe a series of Git hooks, it's trivial with tabs.

On the other hand, I always use spaces in languages like Python or Ruby where there are well-codified style standards. I also always show invisible characters on any editor which allows it, and have cleanup scripts to ensure that whitespace is standardized across any non-vendor code in the project.

Maybe most tab users don't feel this way? Maybe most aren't as careful/picky as I am? Maybe tabs are more popular with younger devs? But I feel like tabs can offer more interoperability than spaces when many coders are working on the same project when the language/community doesn't strongly specify whitespace.

7
TekMol 14 hours ago 8 replies      
This does not mean that changing from tabs to spaces will increase ones income.

I would expect there simply is a confounding factor that the author did not look at. Maybe the info is not in the data.

I can imagine that the space/tab choice is related to the "upbringing" of the developer. Maybe which language or editor they used first in their life.

Or maybe it's related to culture. For example when using IRC, tabs are usually not used to communicate. Maybe that impacts the general choice of tabs/spaces.

Or maybe more sophisticated users tend to exchange the tab key for something else:

https://xkcd.com/1806

8
nottorp 14 hours ago 6 replies      
Pretty simple: you use spaces because you're aware that there is more than one IDE/editor in this world and who knows what your code will get opened with tomorrow.

This means you consider consequences beyond "but it works on my machine" so you're a better programmer. Ergo, higher salary.

9
lvoudour 14 hours ago 5 replies      
>Developers who use spaces make more money than those who use tabs

Sure, but how many spaces? grabs popcorn

10
andrewfong 11 hours ago 0 replies      
I blame whoever decided to make 8 spaces the default tab width on older systems. Yes, the beauty of tabs is that you can change the defaults and make one tab show up as whatever you want, but most people don't change the defaults. And 8 spaces is just too much more often than not.

From the Wikipedia article (https://en.wikipedia.org/wiki/Tab_key):

> A common horizontal tab size of eight characters evolved, despite five characters being half an inch and the typical paragraph indentation of the time, because as a power of two it was easier to calculate in binary for the limited digital electronics available.

Why someone decided to round up to 8 instead of down to a much more sensible 4 spaces is beyond me.

11
fcanas 14 hours ago 1 reply      
A possibility I haven't seen mentioned is that the style guide of their employer, together with a few employers who pay out-sized salaries (Google, Amazon, Facebook...) could account for the difference.
12
Aaargh20318 14 hours ago 2 replies      
Tabs vs. spaces. 2 vs. 4 spaces. It's an endless discussion.

We finally compromised and we're using 3 tabs.

13
delegate 13 hours ago 1 reply      
Might also be that the space people, being irritatingly pedantic also include bonuses and/or stock compensation , while the tab people, always lazy and all over the place, just barfed the first number that came to mind.

The answer, as always, is: lisp with parinfer - makes the whole debate irrelevant.

14
andrewla 13 hours ago 3 replies      
The most confusing thing about this result is that go shows a high level of space-preferential salary difference. Go programmers who use spaces make ~20k more (at the median) than developers who don't.

Only, in Go, you don't have a choice -- gofmt enforces tabs only (with spaces for alignment). So something seems odd there.

15
coldcode 14 hours ago 5 replies      
I needed a good laugh this morning. But of course this is pretty bogus relationship. People who drive Teslas make more money than those who drive Gremlins.
16
andrewSC 14 hours ago 3 replies      
Well that settles that! We finally have proof that spaces are superior to tabs... ;)
17
Androider 13 hours ago 0 replies      
If you're in the JS world check out https://github.com/prettier/prettier if you haven't. It's used by some big projects like React, Babel, webpack etc.

Unlike "traditional" formatters, it parses your code into a syntax tree completely disregarding any original formatting, meaning the output is entirely consistent. It's pretty liberating to devote zero time to manually formatting and can make code reviews more constructive and less superficial. It is what is is, and it's pretty opinionated based on Facebook's code style. Works great for us, enforced with a git hook.

18
Cerium 14 hours ago 2 replies      
Of course professionals get paid more, but I'm surprised there are so many tab users out there! Time to add a new interview question.
19
jmkni 14 hours ago 0 replies      
If I'm using an IDE that handles whitespace and indentation am I using spaces or tabs?

If a tree falls in the forest, etc

20
inanutshellus 12 hours ago 1 reply      
If you use tabs, you work for a small team (or by yourself),. If you use spaces, it's because you're in a "big enough to stop trusting everyone" environment.

Case closed! :)

21
ajnas 13 hours ago 0 replies      
The correct way to phrase this is "Developers who makes more money uses (or they are forced to use) spaces over tab".

Because bigger corps generally set company wide standards on the code indentation and that more often that not prescribes spaces.

22
mnarayan01 10 hours ago 0 replies      
"Indent with tabs, align with spaces" (e.g. [1]) would be my strong preference in a perfect world. In addition to its "ethereal" benefits, some languages which support HEREDOCs have nice "tab ignoring" versions (e.g. <<-).

That said, in the imperfect world we live in, I always use spaces. "Indent with tabs, align with spaces" is obviously not rocket science, but its just too opaque unless you have a strong code review process.

[1]: https://dmitryfrank.com/articles/indent_with_tabs_align_with...

23
tombert 14 hours ago 0 replies      
I use spaces because literally every single time I've tried to propose tabs I get yelled at by someone... I generally prefer tabs, but I prefer having coworkers that don't complain more.
24
drblast 13 hours ago 0 replies      
There's an obvious conclusion here we're all dancing around.

People who use spaces are just better than those who use tabs.

25
yAnonymous 13 hours ago 0 replies      
Tabs were the default for a long time, so it can be argued that developers who use spaces make a conscious decision and care about clean code more than tab users who just go along with the default. I'm not arguing tabs vs spaces here, but exploring systems and caring about good organization.

If you care about clean code, being orderly and organized probably extends to other areas, too, and that helps you make more money.

In my experience, developers who mostly use default settings are often unorganized and easily confused. They also know very little about the systems they are working with, because everything outside their IDE doesn't interest them.

I'd also bet that many tab users had to check what they use, because they didn't know or care.

tl;dr: Developers who change the settings are more dedicated to their job.

26
Sandman 7 hours ago 0 replies      
What I learned from the last chart is that Clojure devs earn the most money regardless of whether they use spaces or tabs.Being an Elixir programmer also pays off nicely but for heaven's sake don't use tabs unless you want to earn only half as much as you could if you used spaces.
27
pklausler 11 hours ago 0 replies      
Heh, you kids with your spaces and tabs. Real old-schoolers think in terms of columns 1-5 for the label, 6 for the continuation marker, 7-72 for the code, and 73-80 for the change number.
28
Tomis02 11 hours ago 0 replies      
I think people got it backwards. Brace yourselves. You don't earn less money because you use tabs, but instead you use spaces because you earn more money.

When I was working on my own small projects I was using tabs, or tabs combined with spaces, which yielded me not a lot of money.

Once I started working for a big corporation, the coding standards mandated by the company meant I could only use spaces, because people couldn't be trusted to use a nice space/tab combination.

29
_jal 12 hours ago 1 reply      
For more surprising correlations: http://tylervigen.com/spurious-correlations
30
YZF 7 hours ago 0 replies      
On IBM mainframe terminals (327X) tabs were used for moving between entry fields. So it is/was basically impossible to use tabs in text for formatting. I'm not even sure if EBCDIC has tabs?

I don't really care that much, Go says tabs so whatever. But spaces have the benefit (or drawback to some) of rendering exactly the same way for everyone (assuming fixed width fonts, does anyone code with proportional fonts?). Also I've always got two thumbs on the space bar. And it's much bigger than the tab key.

So settled then?

31
dingo_bat 13 hours ago 1 reply      
On a somewhat related note, if I had to ask a Genie for a wish, I'd ask him to magically convert all tabs in all codebases to spaces and make git forget the commit.
32
heisenbit 13 hours ago 0 replies      
We are suffering from space exhaustion. Experienced older programmers known earning more were able to gobble up spaces way back while they were still cheap and are now enjoying spreading them around. Younger coders on a budget have to be stingy with spaces and are forced to use the poor tab substitute. This leaves the less experience professionals at the mercy of tab expansion by greybeard hackers. Sad.
33
eloone 5 hours ago 0 replies      
34
mattpavelle 12 hours ago 0 replies      
PEP 8 specifically recommends using spaces for Python development. And the vast majority of software developers I know follow most of PEP 8 for Python development. https://www.python.org/dev/peps/pep-0008/#tabs-or-spaces

I'm not a PHP guy (so I'm not sure about this) but it looks like PHP-FIG suggests it too... http://www.php-fig.org/psr/psr-2/

So are we really saying software developers who follow style guides earn more? That doesn't surprise me. Adhering to guidelines is a good way to work well on teams and thus become a more valuable team member.

35
minimaxir 11 hours ago 0 replies      
The difference between the salaries of tab-users vs. space-users in David's report are too close to call, so I added bootstrapped 95% confidence intervals for the aggregate median salaries (which was easy to do since the code was open source): https://twitter.com/minimaxir/status/875386185350168577

If the 95% confidence intervals for tabs and the 95% confidence intervals for spaces intersect at a point, there is a possibility for failing to reject the hypothesis that the difference between the two is nonzero at the alpha = 0.05 level. Since there is little overlap in most cases, the original hypothesis holds.

36
_Codemonkeyism 13 hours ago 0 replies      
How much money do developers make who have no clue and do not care the least because they use the auto-layout of their IDE?
37
jayvanguard 13 hours ago 0 replies      
When you're working in a large company with many developers spaces make more sense. Large companies generally pay more.

In a perfect world you'd use tabs for semantic indentation and spaces for stylistic indentation but this is too hard to implement in 100+ person teams and also can't be automated via an IDE style sheet.

38
raquo 11 hours ago 2 replies      
I would like to see a similar analysis for gif vs jif pronounciation. We need to settle this.
39
Nomentatus 4 hours ago 0 replies      
I'm guessing developers with more relatives on the Autism spectrum prefer spaces to get exactly the look they like, and are better (more picayune) programmers.
40
tmsldd 9 hours ago 0 replies      
Well, in a team with a bunch of programmers each with their own preferences is kind of tedious to talk and enforce a single formatting standard...So, I just make sure a small script runs#astyle -A2SKnjfUHpk1cn -R .h .cppbefore their commits .. and it made my diff look much nicer.. I don't really discuss tabs or spaces anymore..

I never thought that such styling would really matter much ... I wonder how much a developer using a beautifier earns in average..

Anyhow, statistics sometimes brings up some weird conclusions.

41
om2 7 hours ago 0 replies      
It looks like they didn't correct for multiple comparisons. Given the number of questions on the survey, there was bound to be at least one surprising correlation that looks significant without correction.

(Am I wrong? I would hope a Data Scientist would know a basic thing like this, but I don't know R so I can't tell for sure from their code.)

42
drumttocs8 9 hours ago 0 replies      
Why didn't he test by age? Age is likely the variable most linked to salary. Older developers didn't use fancy IDEs- just a simple text editor is all you really need.
43
sroussey 14 hours ago 1 reply      
I'd rather see the results for those that don't participate in SO surveys: those making $200-500k.
44
oscarjd74 14 hours ago 0 replies      
Developers who use spaces are more likely to lie and boast about their salary.
45
jelder 14 hours ago 1 reply      
I've been using prettier.js in my JS projects for a few months and honestly I can't imagine going back to formatting my own code. It would be like making all of my own clothes or something. Who has time for that?

The Go community was on to something with gofmt (even if they did decide on tabs).

46
teddyh 13 hours ago 1 reply      
I see its time to once again present the once-and-for-all solution to this tabs/spaces mess: Elastic Tabstops!

http://nickgravgaard.com/elastic-tabstops/

47
oftenwrong 10 hours ago 0 replies      
I wish editors handled indentation preferences intelligently. I prefer my indentations to appear 2-columns wide. I want to be able to open my editor, have everything appear as if it is 2-column-tab-indented while I work on it, but have it automatically written back to use the original indentation scheme of the file. Obviously there would be some ambiguous cases, which is acceptable.

I use vim with vim-sleuth now. If anybody knows how I can achieve what I described above in vim, please tell me how.

48
RawData 13 hours ago 0 replies      
Come on, we've known this for years. Do we really need a study to tell us that? Hell, the only interview question I've asked new hirees since around 2003 is: "do you indent with spaces or tabs". Really cuts through the BS. It's foolproof!

:-p

49
tzury 7 hours ago 1 reply      
Software developer must come to a flexible mindset in order to succeed.

Use whatever's right for you! And, if you come to a workplace where there are "rules" about that, try to obey them.

Never take part in any of those wars of Tabs vs Spaces, VIM vs Emacs vs Sublime vs whatever.

Spend time on writing more tests instead!

50
kutkloon7 14 hours ago 1 reply      
"The model estimated that using spaces instead of tabs leads to a 8.6% higher salary".

So the model actually predicts causality, instead of correlation? That's amazing. I'll start using spaces instead of tabs today and I will ask for a 8.6% raise.

According to this model, I should get it!

51
midnitewarrior 14 hours ago 2 replies      
I use spaces.

Who do I contact for my check?

52
kazinator 13 hours ago 0 replies      
http://www.kylheku.com/cgit/c-snippets/tree/autotab.c

With this, I instantly conform to how the file is formatted. Is it 3 space indentation, made with a mixture of 8-tabs and spaces? Autotab will figure it out, spit out the Vim params, and you're modifying away without causing spurious diffs in version control.

You have to learn to use Ctrl-T for indent and Ctrl-D for deindent in Vim; those obey the shiftwidth and generate indentation according to the shiftwidth, tabsize and expandtab setting.

53
jpfed 14 hours ago 0 replies      
This by itself disproves the Just World hypothesis.
54
nailer 11 hours ago 0 replies      
As someone who switched preferences: i used to hate tabs

Then somebody asked me why. The answer was that Sun Solaris was a crappy operating system which would fail to boot if you used tabs in files like /etc/vfstab.

For some odd reason, I carried around a weird bias about tabs rather than regarding Sun as being shitty.

I worked somewhere where a bunch of folks preferred four spaces (because they came from Python), others two (because they came from JS). Use tabs, set your preferred tab size, boom, everyone gets along.

55
sqeaky 11 hours ago 0 replies      
In the past ten years I have had 7 different development positions (and a few IT positions), I have never been at a place that used tabs. Ruby, C, C++, php, C#, SQL were the languages used and there positions were scattered across medical, Retail/Wholesale, Government/DoD.

That someone with this many different types of experience can have accidentally avoided encountering whole class of people and their code, really puts into perspective how small the experience of any 1 person is.

56
greyfox 12 hours ago 1 reply      
Doesnt using spaces to indent code waste a lot of time? I mean sure if you're only indenting once, it takes a few extra key presses to make 1 tab worth of space bar clicks but if your code gets really deep, then you're talking about wasting a lot of time hitting the space bar key per indent PER line...each subsequent line of indented code doubles the amount of space bar clicks...

Am i missing something here? this sounds really dumb, as tabs make the most sense, and it appears use less memory as well.

57
rdeboo 14 hours ago 1 reply      
It's good that their data science team keeps tabs on these important matters.
58
TACIXAT 9 hours ago 0 replies      
I just like to force my preferences on other people, so I use spaces. You like 8 width tabs? Too bad, you get 4 spaces.
59
DonHopkins 14 hours ago 1 reply      
What if you control for the size of the space bar and the size of the tab key?
60
gthtjtkt 12 hours ago 2 replies      
I don't understand how people can work with spaces. I had to reformat a colleague's query the other day and it was infuriating because all the tabs had somehow been converted to spaces. I had to edit it line by line instead of being able to easily shift entire blocks in either direction.

Do Visual Studio and SSMS support the space equivalent of "Select X rows and tab them all at once"? I just tried now and all the code is wiped out, replaced by a single space.

61
srett 10 hours ago 0 replies      
It's 2017, that wage gap is outrageous and discriminating!

...but at least with tabs everyone can adjust the gap size to their liking. :>

62
paulsutter 14 hours ago 1 reply      
Is this about whether you set your editor to convert tabs to spaces? (which is obviously tidier due to inconsistent treatment of tabs)

Or do some people actually use the space bar to indent code? (which is obviously insane)

63
rcthompson 12 hours ago 0 replies      
In terms of potential explanatory covariates, I think preferred editor/IDE would be one of the most likely to explain the trend, since different editors will have different defaults. The survey has this information, so someone could test this. It would probably help to group the editors by their default setting. I think you might need a mixed model with editor as a random effect to include both default setting and preferred editor in the same model.
64
animex 13 hours ago 0 replies      
They can bill for that extra keypress time. Makes sense. Tab developers deliver projects on-time and under-budget. Space Developers over-charge, deliver late, but make more money. ;-)
65
aiyodev 7 hours ago 0 replies      
Alternative headline: Developers who use spaces more likely to lie about their income
66
aetherspawn 13 hours ago 1 reply      
And here I was, thinking the title meant browser tabs vs OSX Spaces.
67
Dove 10 hours ago 0 replies      
That doesn't seem like a mystery to me. The argument in favor of tabs boils down to "tab damage won't happen". The argument in favor of spaces boils down to "tab damage will happen". I know which of those two philosophies I would prefer to have in charge of important things.
68
iainmerrick 12 hours ago 0 replies      
In case people aren't aware of it (I only found it recently), check out EditorConfig: http://editorconfig.org

It lets you check in an .editorconfig file that specifies whether your project uses spaces or tabs. And a bunch of editors and IDEs already have built-in support for it!

Doesn't solve the holy wars, but it can sure help reduce the friction.

69
crpatino 10 hours ago 0 replies      
As long as we are sharing crazy theories...

Boring corporations like boring spaces, and have to pay big, boring salaries to get any talent at all.

On the other hand, cool code slingers may or may not prefer tabs out of personal idiosyncracies, but as long as all of them get shortchanged by the VCs and/or startup founders...

70
tracker1 5 hours ago 0 replies      
package.json

 ... "format": "prettier-eslint --write --trailing-comma es5 --single-quote true \"_src/**/*.js\"", "lint": "eslint \"_src/**/*.js\"", "precommit": "npm run format && npm run lint" ...
problem solved...

71
mcculley 7 hours ago 0 replies      
The tab character, ASCII code 9, should not appear in source code. What happens when you press the tab key to make the proper number of spaces appear is between you and your editor.
72
JepZ 12 hours ago 0 replies      
Well, pretty biased article. One example:

"There were 28,657 survey respondents who provided an answer to tabs versus spaces and who considered themselves a professional developer (as opposed to a student or former programmer). Within this group, 40.7% use tabs and 41.8% use spaces"

Without filtering to the 'professional developers', meaning overall, there are more tab users (32% vs. 28%).

73
willand31 7 hours ago 0 replies      
This is because people who use spaces have to use Stack Overflow more often, so there were more developers who use spaces when SO did their 2017 survey.
74
bdamm 9 hours ago 0 replies      
The number of respondents who included salary is almost half of the overall sample size. So it could just be that developers who use tabs make more and are less likely to hand out their salary.
75
ianai 11 hours ago 0 replies      
This sounds like self selection bias. Only 12k of 28k respondents included their income. If you decrease a sample artificially then the resulting statistics are all suspect. (I stopped reading once I saw the attrition rate)
76
rectang 14 hours ago 1 reply      
As a spaces user, I have to acknowledge that I get irritated when I open a document with tabs and the formatting is messed up thanks to tab setting mismatches.

Is it possible that tab-aversive people making hiring decisions act on their aversions (consciously or unconsciously), while tab-friendly hiring managers do not?

77
ceocoder 12 hours ago 0 replies      
That's it. I'm heading back home to get my bag of pitchforks, tar and feathers. See you back at the playground in an hour.

I mean how are we to achieve world peace when we still have people using and being awarded for wasting precious bytes.

78
lisper 12 hours ago 0 replies      
And developers who use curly braces make more money than the ones who use parens :-(
79
dlanouette 12 hours ago 0 replies      
I'm going to go reformat all the files in my companies repo and wait for the raise.
80
anonymousiam 12 hours ago 0 replies      
I believe the tool 'indent' was created in part to end this "holy war". I just checked my system (a relatively new LinuxMint install) and found that 'indent' is not installed by default, but it is in the repo.
81
weddpros 13 hours ago 0 replies      
Developers who use spaces cost more than those who use tabs...

Now that's a fact for your next job interview!

82
samblr 13 hours ago 0 replies      
In your editor, select option to convert tabs to spaces - you turn rich even using tab(key)!
83
pcunite 10 hours ago 0 replies      
This is the danger of statistical analysis, where you determine that drinking from lead laden dinnerware means you're a part of high society.

Indeed, it does means that.

84
gmarx 11 hours ago 0 replies      
Being honest, I don't know if I use tabs or spaces. My IDE mostly does it when I hit return and I reformat it every so often.

Are you guys all programming in vi or notepad or something?

85
idlemind 13 hours ago 1 reply      
What's going on with the salary disparity between US ($100k) and UK ($50k)?
86
minusSeven 11 hours ago 0 replies      
Correlation is not equal Causation. How in the hell are people taking this seriously? Also there is no reason given in the article to explain why it is so.
87
thatwebdude 13 hours ago 0 replies      
Oh boy. Editorconfig and I'm done. I sincerely don't care.
88
imron 12 hours ago 0 replies      
Ooh, ooh, now compare salaries of vi vs emacs users.
89
altern8tif 12 hours ago 0 replies      
I wonder how many man-hours (and by extension, wages) has been spent debating this potentially world-changing issue.

The internets giveth, and the internets taketh away.

90
Radle 13 hours ago 0 replies      
I'd assume that tabs vs spaces is a localized argument.Thus in an area/company area and company there's higher salary and spaces are the default.
91
vortico 10 hours ago 1 reply      
This topic is the most tired debate ever. I'd rather talk about politics than indentation styles.
92
jv22222 12 hours ago 0 replies      
That's the median. I'd be really interested to see if that rings true when only taking the top 10% of earners into account.
93
guilhas 11 hours ago 0 replies      
I prefer tabs, but use spaces. We use VisualStudio which has spaces by default, so the company just adopted as standard.
94
dkhenry 14 hours ago 2 replies      
Good thing things like YAML have now trained me to only use spaces. Also for those looking to make a quick buck, emacs has `c-x h m-x untabify` enjoy
95
solotronics 11 hours ago 0 replies      
I reconfigured my linux to insert 4 spaces when I press tab.. am I doing it wrong by using the tab key for spaces?
96
TallGuyShort 13 hours ago 0 replies      
And Silicon Valley becomes slightly less satirical.
97
winstonewert 13 hours ago 0 replies      
A simple explanation that occours to me:

Many of those who answered tabs are actually using an IDE which inserts spaces when they push tab. They believe they are using tabs, because they've never realized that this is going on. People under that misapprehrension are likely to be less skilled.

Additionally, if a coder, is in fact, deliberately choosing the use tabs, they are going against the majority opion of coders and almost all style guides. That attitude might be correlated with lesser income.

98
daveheq 11 hours ago 0 replies      
So how much per keypress are companies paying extra just for their developers to indent with spaces?
99
mattmanser 13 hours ago 0 replies      
What surprises me most about those graphs is that US developers are paid twice as much as Canadian, UK or German developers.
100
madiathomas 13 hours ago 0 replies      
Plot twist: Dev Managers tracks your productivity by number of kepresses you make per day. The more the better.
101
richardknop 13 hours ago 1 reply      
Golang uses tabs for indentation and Go developer jobs have good salaries but then again this might be an outlier.
102
rosstex 10 hours ago 0 replies      
Obviously, it's because programmers who use spaces work four times as hard.
103
exabrial 10 hours ago 0 replies      
Tabs are for people that use soft wrap.

Spaces are for people still using 80 column monitors.

104
BinaryIdiot 12 hours ago 0 replies      
If one uses an editor which replaces tab key presses with spaces, is one using tabs or spaces or both?
105
flipp3r 14 hours ago 1 reply      
Jetbrains product users make more money? ;^)
106
Pitarou 12 hours ago 0 replies      
My apologies to all you tab lovers, but I suspect that preferring spaces is a proxy for experience.
107
delinka 13 hours ago 0 replies      
I suppose, then, that this pre-commit hook I have for tabs <-> spaces conversion is borderline fraud.
108
11thEarlOfMar 11 hours ago 0 replies      
I so wanted to post an ad for a Blood Boy in this month's Who Is Hiring.
109
kalleboo 14 hours ago 2 replies      
Am I alone in not even knowing what I use? I use the formatting standard that my IDE enforces.
110
my_ghola 13 hours ago 1 reply      
I only use tabs in my Makefiles.
111
ajaimk 12 hours ago 0 replies      
Doesn't Go & gofmt pretty much not allow for the use of spaces?
112
gcb0 12 hours ago 0 replies      
the only right answer for "tabs vs space" question is "i put a modeline comment with the project accepted style on all files I touch. And that style guide better say tabs" :)
113
austincheney 12 hours ago 0 replies      
How is this even a thing when there are code beautifiers that do a great job?
114
vbezhenar 13 hours ago 0 replies      
But how many spaces for indentation yields more profit? That's the next question.
115
iLemming 11 hours ago 0 replies      
Devs who use Vim and Emacs make more money than those who use IDEs
116
kbenson 13 hours ago 0 replies      
Of course. That's why I vote spaces in every presidential election.
117
toast0 13 hours ago 0 replies      
Clearly, you have to pay people more to use spaces, free market at work.
118
maxsavin 13 hours ago 0 replies      
Perhaps programmers who use spaces also participate in satanic rituals
119
Wheaties466 12 hours ago 0 replies      
Maybe it just means python programmers are paid more /s
120
jasonkostempski 12 hours ago 0 replies      
I want all my characters to be the same width, except one.
121
Shorel 13 hours ago 0 replies      
As I put in another comment:

Use and respect .editorconfig files in your projects.

122
lotsoflumens 13 hours ago 0 replies      
OK - now that's out of the way.

Let's move on to ASCII vs Unicode ....

123
linkmotif 13 hours ago 0 replies      
Just asked myself, "It's not April 1st, is it?"
124
mcs_ 12 hours ago 0 replies      
I have to stop converting spaces with tab in sublime
125
josephagoss 13 hours ago 0 replies      
What about using tabs that render as spaces in the IDE?
126
rubayeet 11 hours ago 0 replies      
Some men just want to watch the world burn.
127
spongeb00b 11 hours ago 0 replies      
Yeah, but which programmers are happier.
128
valuearb 13 hours ago 0 replies      
Money isn't everything. Tabs live forever!
129
keymone 13 hours ago 1 reply      
wow, clojure is really well-paying language
130
watwut 14 hours ago 1 reply      
Possible explanation: Tab vs space is likely to be correlated with technology (C vs Java vs JavaScript) and different technologies pay differently.
131
fergie 12 hours ago 0 replies      
Vindication.
132
jmnicolas 14 hours ago 2 replies      
Maybe it's an age thing : older devs tend to prefer spaces and are usually more paid than young devs.
133
red2awn 13 hours ago 0 replies      
What about soft tabs?
134
emodendroket 13 hours ago 0 replies      
Well that settles it.
135
fahadkhan 12 hours ago 0 replies      
Oh no! Someone started the Tabs vs Spaces holy war on HN again.
136
pasbesoin 9 hours ago 0 replies      
Finally, a clear cut financial answer to this schism!

You tabbers are costing me money!

137
Clubber 14 hours ago 0 replies      
Developers who use the space bar aren't real automaters. :)
138
justforFranz 7 hours ago 0 replies      
WOW!THANKSDEEP LEARNING!
139
mmariani 11 hours ago 0 replies      
Aaa
140
kmicklas 11 hours ago 0 replies      
The real answer here is, text is a bad data structure.
141
bitwize 12 hours ago 0 replies      
Sexy languages, like Python or Node, encourage the use of spaces.

Tabs are more often used in languages like C and C++ which are more traditional and pay less despite being more technical.

142
panzer_wyrm 12 hours ago 0 replies      
But which write better code? If space guys are Baby Metal and tab users Meshuggah this would leave thing inconclusive
143
moomin 14 hours ago 1 reply      
Remind me what Facebook and Google use :)
144
Udik 13 hours ago 0 replies      
Somehow it doesn't surprise me that much. Software development is ridden with fads that fastidious, obsessive developers make a point of adopting enthusiastically (they used to call them "best practices" until somebody even more fussy came and suggested to call them just "good practices", because "no practice can be universally best").

These people have a particular gusto in constantly one-upping each other with the latest good practice; the one that adopts the highest number of good practices wins. Their constant talk of the latest fad and push for the "right ways" of doing things usually puts them in positions where they end up evaluating and hiring new developers (I got interviewed just the other day by somebody that didn't ask me to design or structure any code, but rather if I use == or ===).

Some of these are actually excellent developers nonetheless; others will drive entire teams into rewriting a perfectly working application into a completely useless mess of a thousand microservices. Endeavour that will end up in their CV anyway, helping them to find another excellently paid job once it's time to migrate.

145
known 13 hours ago 0 replies      
Python?
146
ebbv 14 hours ago 0 replies      
Of course they do because they are pig headed ignoramuses who are insist on getting their way in spite of all evidence that they're wrong. So of course they are good at getting raises. ;)
147
howscrewedami 14 hours ago 5 replies      
correlation != causation
148
mtgx 13 hours ago 0 replies      
Ugh, could it be because those who use tabs are from a younger/less experienced/less paid generation that have learned to program with tabs, as opposed to programming veterans who were used to spaces?

I don't think the fact that you use spaces automatically makes you a richer programmer.

149
Twirrim 11 hours ago 4 replies      
I used to work at a place where a huge argument occurred between staff, fighting over tabs vs spaces. It wasn't mentioned in the company code style.

Eventually leadership got annoyed at the amount of time developers were wasting punting code reviews back and forth over this silly nonsense, let alone the loud altercations around the office. Who ever could have guessed that developers would be such an opinionated bunch?

So they mandated spaces, and all was peaceful in the office.

For about a day.

Naively they put something along the lines of "spaces are to be used for indentation" in the code style document, but failed to specify howmany spaces.

So the new arguments started up amongst the office. 3 spaces or 4? Whoever could have guessed that a number of developers were actually belligerent types who would go out of their way to find something to argue about, and also stubborn? Such a rare trait in developers.

So the arguments raged again, and eventually management decided they'd had enough. After all the fuss and grumbling over making an arbitrary decision on the tabs vs spaces debate, they decided this time to be democratic.

They scheduled a big all-hands meeting for the developers, and tolerating no interruptions, outlined that a binding vote was going to be taken. The code style document would be updated to reflect the democratic consensus, and also warning that future arguments on any other points would result in verbal warnings, and potentially dismissal.

With the software development managers standing at the front each to independently do the count, they asked all developers in favour of 3 spaces to raise their right hand, and all developers in favour of 4 spaces to raise their left.

The count started, but soon the managers realised that with all the raised hands, they couldn't see the fours for the threes.

150
Scarbutt 13 hours ago 0 replies      
Developers who use spaces are more pragmatic, hence more money.
151
IanDrake 14 hours ago 2 replies      
Older people use spaces. Older people make more money because they are further along in their career. Thus it only appears spaces make more than tabs, when it's really about age.

Just a guess.

152
SurrealSoul 14 hours ago 0 replies      
File > Preferences > User Settings > Tabs place two spaces
153
jorgeleo 9 hours ago 0 replies      
Repeat after me:

Correlation does not imply causation

Correlation does not imply causation

Correlation does not imply causation

154
omginternets 14 hours ago 1 reply      
First thought: perhaps languages that officially recommend spaces (e.g. Python) predict higher salaries compared to those that recommend tabs (e.g. Go)?
4
Verizon closes $4.5B acquisition of Yahoo, Marissa Mayer resigns techcrunch.com
741 points by pyprism  2 days ago   439 comments top 39
1
khazhou 1 day ago 4 replies      
Her mega-salary, like that of other comparable executives, is decided by other mega-rich people. It's no hardship for them to hand her (one of their own) enough cash to buy a small town.

Let's ponder that $260M compared to every time an outgoing job offer was dialed down from $145K to $135K. Or when the yearly bonus for a rank and file is a healthy $25K (1/1000th her accumulated comp).

Sour grapes? Yes, and why not? We're all giving our lives to these same companies.

2
chollida1 2 days ago 10 replies      
A list of Marissa Mayer's/Yahoo's accomplisments with her at the helm....

https://marissamayr.tumblr.com/post/161775943139/nostalgia-g...

Even though all of these gains, plus more as core yahoo lost value was from Alibaba this does look impressive at a first glance.....

> We oversaw the creation $43B in market capitalization and shareholder value. Our market cap has gone from $18B to $51B (increasing our valuation by $33B), while we returned nearly $10B in cash to shareholders.

Sadly the list of employee gains seems very spartan compared to the shareholder gains.

For those of you wondering what the Yahoo/Altaba shell contains now...

- approximately 15 percent equity stake in Chinas Alibaba Group Holding Ltd.,

- about 36 percent in Yahoo Japan Corp.,

- cash and marketable debt securities,

- certain minority investments and Excalibur IP, which owns some patent assets.

3
brookside 2 days ago 2 replies      
I have disliked her ever since being influenced by this gawker screed some years back:

http://gawker.com/5162532/marissa-mayer-googles-biggest-fail....

Subsequent reporting has hardend my opinion: https://www.nytimes.com/2014/12/21/magazine/what-happened-wh...

I have tried to examine what role gender plays in my visceral dislike for Marissa Mayer. I hope it is a small one. I give myself some consolation that I recoil almost equally when reading any news coverage of Travis Kalanick.

4
chibg10 2 days ago 44 replies      
I find it interesting that the comments section of the WSJ (a pretty capitalist-friendly corner of the internet) is filled with complaints about Mayer's "overpay" as CEO and outrage over her "golden parachute," while HN (a much less capitalist-friendly corner of the internet) has gone through 40 comments and I've only seen a couple questioning her pay as CEO, and several comments praising her job in the role.

Take away Marissa Mayer from this story, and replace her with a generic CEO, and I'm not sure we'd see the same mood in either comment section.

Why is this? Is this because she's from Google? Because she's a former engineer? Because she's a female CEO? Is she just a politically polarizing topic ala Elon Musk?

Genuinely curious. Anyone have any ideas?

5
invincibles 2 days ago 2 replies      
Coming soon: All Verizon phones will contain tons of Yahoo crap and use Yahoo by default.
6
pram 2 days ago 1 reply      
I really wonder what the ultimate fate of Flickr and Tumblr will be, especially the latter since the acquisition was deemed "essentially worthless" lol
7
rb808 2 days ago 6 replies      
Congratulations to Marissa on a job well done. That boat was a sinking ship that no one wanted to captain, and she kept it alive long enough to a satisfactory outcome.
8
drzaiusapelord 2 days ago 3 replies      
Kind of a sad day for me. Yahoo was so instrumental in the early web where I cut my teeth. Seeing it now sold to some telecom giant at around what a handful of unprofitable mobile apps go for is a bit depressing. For Millenials, imagine if Google was sold to AT&T 5-10 years from now after beaten by hungrier competitors. I guess all these companies fold eventually but Yahoo had quite the terminal illness and it lasted far longer than I assumed and often with bouncebacks that made you think things were getting better.

Perhaps Verizon can do something useful with the brand, but the Yahoo I knew is dead and probably has been since Mayer took over. She was brought in as a hatchet-woman to get an acquisition and got the job done.

9
jellicle 2 days ago 0 replies      
When she took over, there were numerous articles about how Yahoo's core business had negative value (the business plus the Alibaba investment was worth less than the Alibaba investment).

Since then she's given a lot of cash to shareholders, raised the stock price, and is selling the "negative value" core business for $4.5 billion.

That's an astounding success.

10
signal11 2 days ago 5 replies      
If anyone knows what impact Verizon's ownership will have on Flickr, please could you share?

I've been on Flickr for a long time now and it works well for me, should I be worried?

11
justboxing 2 days ago 0 replies      
> As expected, Marissa Mayer, who had been the CEO of Yahoo and recently received a $23 million golden parachute for her work there.

Nice!

I dream of a day when the Engineers who make the Tech Company what it is, are also offered 'Golden Parachutes' as part of a Job Offer.

12
Simulacra 2 days ago 3 replies      
I give it about 3 years until Verizon unloads it onto someone else for half the price.
13
CodeSheikh 2 days ago 1 reply      
I am still waiting for Silicon Valley TV show to pick up this vast subject of Myer's tenure at Yahoo into one of its episodes.
14
dopamean 2 days ago 1 reply      
I thought the job of a CEO was to increase shareholder value. Yahoo stock is up roughly 230% since she was officially signed on as CEO. Sounds like she did her job to me.
15
troxwalt 2 days ago 0 replies      
They should probably just end all fantasy baseball leagues for this year too. I'd hate to have this year count.

In all seriousness, Yahoo! has done an amazing job with their fantasy sports.

16
zw123456 2 days ago 3 replies      
Verizon is combining the AOL and Yahoo operations and calling the new organization "Oath"
17
redm 2 days ago 1 reply      
I for one hope this works out well, more diversity is good for consumers. IMHO, anything that chips away at the dominance of Google and Facebook are positive too.
18
PayForPeenus 2 days ago 0 replies      
Marissa Mayer was already on the sinking ship - but I admire her ambition on trying to make that thing work. God speed on her future en-devours for sure.
19
redm 2 days ago 3 replies      
I can't help but think about the Microsoft buyout offer back in 2008. From a $44 billion dollar offer to an offer 1/10th the value 9 years later.

[1] https://techcrunch.com/2008/02/01/wow-microsoft-offers-446-b...

20
shawnee_ 2 days ago 1 reply      
> Those who are keeping jobs in the media division in the newly merged operation include Jared Grusd leading the News vertical (including yahoo.com, aol.com, HuffPost, and Yahoo News); Geoff Reiss leading the Sports vertical; David Karp leading the People and Community vertical (including Tumblr, Polyvore, Cabana, Yahoo Answers, Yahoo View, and Kanvas); Andy Serwer leading Finance media (including Yahoo Finance and Autoblog); Michael LaGuardia leading Finance product and utilities; Ned Desmond leading TechCrunch and Engadget; Alex Wallace leading OTT video production & distribution as well as lifestyle & entertainment (that includes BUILD, RYOT, Yahoo Celebrity, Yahoo Style, Yahoo BeuYahoo TV, Yahoo Movies, Yahoo Music, and Yahoo Entertainment); Dave Bottoms heading up distribution products (Newsroom and video OTT products) as well as growth, monetization, and syndication; Tim Tully leading all of engineering; Dave McDowell leading subscriptions, commerce, and customer care (including Yahoo Shopping and AOL Shopping); and Mary Bui-Pham leading our operations (including design, UXRA, analytics, and program management).

The problem with consolidations like this into bigger and bigger conglomerates is that it reduces editorial independence in favor of a false sense of corporate unification among all the "verticals". The heavy and overweight company has a "great" vision which involves being everything to everybody. But that never works. End result will likely end up providing a lukewarm mediocrity in them all.

What Yahoo probably should have done was divest; instead it allowed itself to be swallowed whole by an ISP whose sole goal (as evidenced with its malfeasance to destroy Net Neutrality) is be able to selectively prioritize traffic in the ways that are most profitable to them... Ergo, the objective of this kind of empire is not to track down the truth and inform people about what is really going on, but to entertain and distract.

21
smoyer 1 day ago 0 replies      
What if Mayer's actual role was determined by Google? could it have simply been "keep them alive so we're not viewed as a monopoly"? Or maybe "put them out of business but make it look good"?

I don't think that anything quite so evil went on but you have to wonder, given Mayer's investment in Google, whether there weren't sub-conscious components to her decision making. One advantage to hiring a successful CEO from another industry is the lack of this background (of course, one of the disadvantages is Scully).

22
rayalez 2 days ago 1 reply      
What do you think is going to happen to Tumblr?

Tumblr has a massive audience, but some of the worst tech among the social media, and now it seems like it might get abandoned completely. So people will eventually migrate to something else, right?

What can other platforms, like Medium, do about this? If you had a platofrm that might be valuable for a similar usecase(though, hopefully, much better), what would you be doing right now? Any ideas or advice?

23
adamonkey 2 days ago 1 reply      
She should become COO of Uber. Perfect!
24
nadim 2 days ago 0 replies      
25
ddebernardy 2 days ago 1 reply      
Didn't Microsoft extend a $40+B (however hostile) bid a decade ago or so? I'm still at a loss as to why Jang et al didn't sell then...
26
parantap2001 2 days ago 1 reply      
Question - Can someone explain the $4.5B valuation of Yahoo-Verizon deal versus the $49.46B Market cap of Yahoo! Inc. ticker on Nasdaq. Thanks.
27
EternalData 2 days ago 0 replies      
Yahoo thought the media they provided users was important, Google thought user data was important -- it's possible Mayer tried to bring some of Google to Yahoo. But I don't think it was enough to bring Yahoo anywhere close to competing.
28
joering2 2 days ago 0 replies      
For 2 weeks now I'm fighting an enormous amount of spam that start popping up from nowhere and I did trail-back in my memory to not find a single instance in last 3 months where I would give out my email address to anyone new.

Its insane how much of it goes to my direct mailbox right in front of my eyes! Some even have "viagra" word in subjects, they come from weird addresses like hJGabtmDwbaiaJUsgUNiepwwUzDUUdanBHFpiMEghzLKNsotQTbrhZdpDzCHFWatqQB@perico.hunmooth.com and open up with images and everything ready for my click.

I suspect Verizon is already working hard on break the remaining thing that worked fine until now - yahoo mailbox.

But I'm fine with that. I had it in my pipeline to move out of them for so long now another incentive to actually do so :)

29
fred256 2 days ago 1 reply      
I noticed the YHOO stock ticker is still active. Is that now the empty shell that still has the Alibaba stake, or something else entirely?
30
faragon 2 days ago 1 reply      
Does anyone know any significative achievement made by Mayer in Yahoo?
31
timdellinger 2 days ago 0 replies      
The whole Net Neutrality situation just got more interesting.
32
pvsukale3 2 days ago 0 replies      
"Ye to hona hi tha "

English : this was going to happen anyway

33
michaelfeng 1 day ago 0 replies      
Another empire fall down. Bless!
34
ianamartin 1 day ago 1 reply      
I've said it before, and I'll say it again.

Marissa Mayer took on a shit job to pull a losing company out of a hole. She knew what she was getting into, and she knew what was going to happen.

She deserves every penny for the reputation hit that she's taking over this. This entire thread is why she deserves the money. Most people in tech hate her for some reason. (Let's guess what that could be . . .)

Good for her for bargaining well and pulling a dream deal out of an assclown.

Yahoo was a joke when she took over, and now when she leaves it's a much more valuable joke. On paper, at least. But still a joke.

If you're going to leave google to run the laughing stock of the internet, you damn well better get paid the big bucks to get it sold for more than it has any right to be worth.

Good for her.

<shameless pandering>(Also, if you're reading, Marissa, hit me up. I know you're going to start something up soon. No way you are just going to sit still.)</shameless pandering>

35
Markoff 1 day ago 0 replies      
does this mean i should stop using Flickr as backup?
36
59bcc3ad677 2 days ago 0 replies      
Wow
37
joeblubaugh 2 days ago 3 replies      
Savvy PR move doing this on the same day the Uber report drops and Jeff Sessions testifies in the Senate
38
aerovistae 2 days ago 1 reply      
Whoa! The beginning of the end of the end.
39
myrandomcomment 1 day ago 1 reply      
I love how everyone here thinks they can do better. Yahoo was a deadman walking before she took over. Overall she did what she was suppose to do as a CEO of any company, return value to the shareholders. Now you can disagree with that being the goal, but it is the way it works today. By that measure it worked. Is it the right thing long term, most likely not. We have lost focus on long term planing in favor of quarterly reporting. It is the world we live in. Please go can change it, but don't sit here and say you could do better as I do not see any of you saying you have the job as a CEO of a multi-billion dollar company.

Oh, I expect this to get down voted to oblivion. Prove me wrong.

5
How is GNU `yes` so fast? reddit.com
862 points by ruleabidinguser  2 days ago   333 comments top 33
2
tzs 2 days ago 6 replies      
The /r/programming discussion of this is interesting [1].

Someone does a Go version and gets the same speed as GNU yes. Someone else tries several languages. This person got the same speed in luajit, and faster in m4 and php. Ruby and perl about 10% slower, python2 about 10% slower still, and python3 about half that. The code is given for all of these, and subsequent comments improved python3 about 50% from his results, but still not up to python2.

[1] https://www.reddit.com/r/programming/comments/6gxf02/how_is_...

3
pixelbeat__ 2 days ago 0 replies      
The recent commit that sped up GNU yes has a summary of the perf measurements

https://github.com/coreutils/coreutils/commit/3521722

4
mooktakim 2 days ago 4 replies      
If anyone, like me, is wondering what "yes" is used for. You can use to pipe "y" to commands that require interactivity, so if you just want to say "y" to all the inputs, you can use "yes" to do this:

 yes | rm -r large_directory yes | fsck /dev/foo

5
madeofpalk 2 days ago 2 replies      
Back when I worked at the Genius Bar at Apple Stores I saw a customer come in and talk to a 'Genius' about their MacBook being "slow". After a quick bit of troubleshooting, he just opened up 4 terminal windows an ran yes in all of them, and did some hand wavy explanation about diagnostics.
6
joosters 2 days ago 3 replies      
the limit isn't the processor, it's how fast memory is. With DDR3-1600, it should be 11.97 GiB/s (12.8 GB/s)

I don't understand this reasoning. Why is it being limited to main memory speed? Surely the yes program, the fragments of the OS being used, and the program reading the data, all fit within the L2 cache?

7
tobik 2 days ago 1 reply      
FreeBSD's yes has just been updated because of this.

https://github.com/freebsd/freebsd/commit/1d61762ca37c20ab6f...

It's about twice as fast as GNU yes now on my FreeBSD system here.

8
mkj 2 days ago 3 replies      
You could make "yes" faster with the tee() syscall. Keep duplicating data from the same fdin (doesn't actually copy) and it becomes entirely zero-copy.
9
luckydude 2 days ago 1 reply      
I was not going to post this because hacker news has this ethic (?) of down voting anything that seen as not positive. Perhaps we should have discussion about that, I'm not sure that's a good thing but I'm not in charge here.

The top comment is:

"It's a shame they didn't finish their kernel, but at least they got yes working at 10GiB/s."

which as an OS guy, someone who has been working on Unix for 30+ years, as a guy who was friends with one the QNX kernel guys (they had perhaps the only widely used microkernel that actually delivered), that's hugely amusing and spot on. The GNU guys never really stepped up to being kernel people. Bitch at me all you want, they didn't get there. It's a funny comment, especially coming from reddit.

10
akerro 2 days ago 0 replies      
Years ago I read a similar experiment about max. CPU data flow. Guy was testing how much data can his CPU pass in a second. He was writing it in C, using some Linux optimization, optimizing code for CPU caches, using some magical C vectors that are optimized for such purpose. He got some help from someone working at Google. I tried to find that post but never succeeded. Does anyone here know it?
11
sequoia 2 days ago 1 reply      
Let's not forget the most crossplatformest, purest `yes` of them all: https://www.npmjs.com/package/yes

 # /usr/local/bin/yes | pv > /dev/null 11.5MiB 0:00:09 [1.02MiB/s] [ <=>] # /usr/bin/yes | pv > /dev/null 1.07GiB 0:00:09 [ 142MiB/s] [ <=>]
JavaScript wins again!!

12
jvolkman 2 days ago 4 replies      
`yes` (with the backticks) is my favorite "bring the system to its knees right now" shell command.
13
raverbashing 2 days ago 3 replies      
And the question is, do we need yes to be so optimized?

Not complaining, I like this kind of analysis

But it seems you won't be limited, in a shell script, by the speed you can push y's

14
ww520 2 days ago 2 replies      
I would just pre-allocate a static array of "y\n" of size BUFSIZ, write it out in a loop, and call it for the day, skipping the whole malloc and filling loop business.

Make the static array BUFSIZ * 1024 to trim the syscalls by a factor of 1000.

15
likelynew 2 days ago 3 replies      
Why is it so slow(compared to the post) in the macbook air. Native yes runs at 26 MiB/s, and GNU yes at 620 MiB/s.
16
Someone 2 days ago 2 replies      
With that malloc overhead, I expect GNU yes to be slower when only a few bytes are read from it.

So, what's the distribution of #bytes read for runs of 'yes'? If we know that, is GNU 'yes' really faster than the simpler BSD versions?

Also, assuming this exercise still is somewhat worhtwhile, could startup time be decreased by creating a static buffer with a few thousand copies of "y\n"? What effect does that have on the size of the binary? I suspect it wouldn't get up much given that you can lose dynamic linking information (that may mean having to make a direct syscall, too).

17
ojn 2 days ago 1 reply      
Measurements are really noisy, but I seem to get significantly better numbers than that when I use fsplice() on a pre-generated few pages of file data instead.
18
souprock 1 day ago 0 replies      
I think we can do better.

How about a /proc/bin/yes for this? Like most /proc files, it would appear to be empty. Executing it would involve a fs/binfmt_proc.c file in the kernel source, which would be a handler for this sort of executable. That would get the job done entirely in the kernel.

19
metaphorm 2 days ago 1 reply      
I thought this was a fascinating read but it left a serious question lingering in my mind, which is a little out-of-scope for the article, but I hope someone here can address.

Why did the GNU developers go to such lengths to optimize the yes program? It's a tiny, simple shell utility that is mostly used for allowing developers to lazily "y" there way through confirm prompts thrown out by other shell scripts.

is this a case of optimization "horniness" (for lack of a better word) taken to its most absurd extreme, or is there some use case where making the yes program very fast is actually important?

20
kazinator 1 day ago 0 replies      
GNU yes is fast because it is coded with the assumption that it's not answering any real question, such as "can I combine this free code with a proprietary program?" or "Would you accept the following monstrous patch to GNU Coreutils /bin/true without a copyright assignment?"
21
ars 2 days ago 4 replies      
But doesn't this make the typical use case (just a few "yes"s needed) slower, since first it has to fill a buffer?

I would write() the buffer each time it gets enlarged, in order to improve startup speed.

Also: The reddit program has a bug if the size of the buffer is not a multiple of the input text size.

And it's increasing the buffer by incrementing one at a time, instead of copying the buffer to itself, reducing the number of loops needed (at cost of slightly more complicated math).

22
sytringy05 2 days ago 1 reply      
man, I just spent like 8 minutes today writing a python script to use up all the disk space on some servers (part of ops readiness testing) when I could have just used this trick.

`yes` will help me on the "see what happens when something uses all the CPU and memory" test case. Thanks Reddit/HN!

23
melicerte 2 days ago 4 replies      
Did you notice PHP outperforms any other scripting languages? Some report that it event beats the GNU yes implementation.

After reading here so many unfair critics and pedantic dislike over PHP[1][2][3][4][5][6], I just want to say: STFU.

[1] https://news.ycombinator.com/item?id=12706136

[2] https://news.ycombinator.com/item?id=3825227

[3] https://news.ycombinator.com/item?id=3824881

[4] https://news.ycombinator.com/item?id=1823022

[5] https://news.ycombinator.com/item?id=1819517

[6] https://news.ycombinator.com/item?id=1819413

... Just to name a few.

24
du_bing 2 days ago 2 replies      
I run the command `yes | pv > /dev/null` on my MacBook Pro, it's only 37m/s, is this normal? I am not familiar with the command.
25
peter_retief 2 days ago 0 replies      
Well now I know what `yes` does (And pv)
26
Tepix 2 days ago 1 reply      
Why is he using backticks to quote "yes" in the title?
27
dekhn 2 days ago 1 reply      
clearly, we just need /dev/yes
28
crb002 2 days ago 1 reply      
yes | write <USERNAME> "Don't you hate dialup connections?"
29
DonHopkins 2 days ago 0 replies      
The proprietary Oracle Solaris 11.2 yes really slowed down when they added DRM and Verified Boot support...
30
31
peterwwillis 2 days ago 0 replies      
tl;dr someone who doesn't understand how i/o works gets a small insight into how memory and a cpu work and decides "Buffering is the secret" and "You can't out-optimize your hardware"

Can we have a new flag for posts by people who don't know what they're doing so I can skip them? I am serious.

32
fredmorcos 2 days ago 2 replies      
33
fuckemem 2 days ago 3 replies      
6
Chess.com stopped working on 32bit iPads because 2^31 games have been played chess.com
754 points by NewGier  3 days ago   324 comments top 28
1
eponeponepon 3 days ago 11 replies      
It's fascinating... the Y2K problem never came to fruition because - arguably - of the immense effort put in behind the scenes by people who understood what might have happened if they hadn't. The end result has been that the entire class of problems is overlooked, because people see it as having been a fuss over nothing.

I sometimes think it would've been better if a few things had visibly failed in January 2000.

2
cm2187 3 days ago 8 replies      
Self-confidence as a programmer is when starting a new project, storing the transaction ID as a long rather than an int...
3
chesserik 3 days ago 5 replies      
Hey all. Thanks for noticing :P Obviously this is embarrassing and I'm sorry about it. As a non-developer I can't really explain how or why this happened, but I can say that we do our best and are sorry when that falls short.

- Erik, CEO, Chess.com

4
SomeHacker44 3 days ago 3 replies      
"This was obviously an unforeseen bug that was nearly impossible to anticipate..."

Snarky... Except that there were probably years of games to notice that you were approaching a "magic number" like 2^31.

5
pram 3 days ago 3 replies      
I recently experienced a nasty bug with BLOB in MySQL. The software vendor was storing a giant json which contained the entire config in a single cell. It ran fine for months, and then when it was restarted it totally broke. Reason was: the json had been truncated the entire time in the database, so it was gone forever. It was only working because it used the config stored in memory on the local system. Nasty!
6
russellbeattie 3 days ago 1 reply      
This problem is more related to a programming underestimation than the actual limitations of a 32bit CPU (which can happily process numbers or IDs that arbitrarily big if you have the memory for it and program it correctly).

That said, this is definitely indicative of what's going to happen in just 20 years, 6 months and 20 days from now. I mean, we're still cranking out 32bit CPUs in the billions, running more and more devices, and devs still aren't thinking beyond a few years out. I know of code that I wrote 12 years ago still happily cranking away in production, and there may be some I wrote even longer than that out there... and I guarantee I hadn't given two thoughts about the year 2038 problem back then, and I doubt many devs are giving it much thought today.

It's truly going to be chaos.

7
jakub_g 3 days ago 1 reply      
Long long time ago, I created a poll on a small website I was maintaining. I didn't expect much traffic and, so, not thinking too much about it, I put the ID column to be a TINYINT (i.e. max value = 255)...

That was a valuable lesson.

(I actually generated most entries myself while testing stuff - live in prod of course - and while there were probably fewer than 255 votes, the AUTO_INCREMENT did its job and produced an overflow).

8
throwaway2016a 3 days ago 1 reply      
Reminds me of the havoc that was caused when Twitter tweet IDs rolled over. Resulting in every third party developer to update their apps (and at the time there were a lot of those).

Twitter saw it coming and forced the issue. By saying that at a certain date and time they would manually jump the ID numbers rather than wait for it to happen at some unpredictable time.

9
ericfriday 3 days ago 1 reply      
This reminds me YouTube changed its view counter from 32-bit integers to 64-bit integers due to the popularity of 'Gangnam style' https://www.wired.com/2014/12/gangnam-style-youtube-math/
10
shurcooL 3 days ago 1 reply      
Do we know when chess.com launched? If so, we can calculate the average number of games being played per second.
11
chesserik 3 days ago 0 replies      
Fun to read some of other stories where this bit them too (PacMan, WoW, and eBay)! Anyway, new app has been approved by Apple and should be rolling out soooooooooon....

Thanks for all the comments! Always lots to learn from.

12
rasz 3 days ago 6 replies      
were they ever expecting negative number of games? why signed integer?
13
vxxzy 3 days ago 10 replies      
How many other examples like this have occurred throughout computing history?
14
abalone 3 days ago 1 reply      
So they probably just need to use longs instead of ints. But I'm curious, if you were really stuck with a 32-bit limit on data types, what's your preferred workaround? I'm thinking I'd add another field that represents a partition. Are there other "tricks"?
15
key8700 3 days ago 0 replies      
eBay (almost) had this problem and I cannot find any articles about it online. They were rapidly approaching 2^31-1 auctions. So they switched to a larger integer, the switchover went badly, and they were mostly down for 4 days, if my memory serves. This would be like 10+ years ago I think.
16
vitomd 2 days ago 0 replies      
A lot of comments but no one said the great time that we are living for chess. So many games online, ready to be analysed and learn from them. After deep blue people thought that it was the end of chess, but its only getting better. Computers helping players to improve.

Chess.com is a great site, also lichess.org and chessable.com if you like chess you should check them.

17
inieves 3 days ago 1 reply      
The title is probably wrong, off by one.

You probably mean 2^31 -1.

18
_pmf_ 3 days ago 0 replies      
That's the most successful reason for failure.
19
spullara 3 days ago 1 reply      
The other one to watch out for is the 53-bit javascript integer limit. That caused the twitpocalypse when Twitter tweet IDs hit it. They had to switch to strings in the JSON representation.
20
mtkd 3 days ago 0 replies      
These are always the best problems to have
21
cwfrank 2 days ago 0 replies      
Issues like this are not uncommon on Chess.com. I've been playing there since 2008 or 2009. If you read recent comments about issues as they pertain to the recent "v3" release ... as much is to be expected.
22
phonon 3 days ago 0 replies      
And I was just reading Heroku/Django discussing the same issue this morning!

https://groups.google.com/forum/m/#!topic/django-developers/...

23
callumjones 3 days ago 1 reply      
> For f sake how are we supposed to Anderstand that. I suppose your French fry maker is broken ?

Didn't expect Chess.com and YouTube to have a crossover of users? Surprised there isn't active moderation on a site this size.

24
yoz-y 2 days ago 1 reply      
What would be the best way to test for this kind of issues in advance. Testing at theoretical limits at all endpoints?
25
fsiefken 3 days ago 1 reply      
Will the Lichess app and platform have this issue? And if not, why not?
26
nicky0 2 days ago 0 replies      
> an unforeseen bug that was nearly impossible to anticipate

Hmmm... :)

27
prh8 3 days ago 3 replies      
Real world example of why Apple is killing 32 bit apps on iOS.
28
mattkenefick 3 days ago 1 reply      
"Obviously unforeseen.. impossible to predict." Really? You don't know how to properly store ID numbers?

IMPOSSIBLE to predict.

7
Reverse engineering guide for beginners: Methodology and tools 0x00sec.org
790 points by ingve  3 days ago   63 comments top 15
1
badosu 3 days ago 1 reply      
I highly recommend this guide on how Samba was written, describing the techniques involved on RE [0].

[0] - https://www.samba.org/ftp/tridge/misc/french_cafe.txt

2
strictnein 3 days ago 3 replies      
After brushing up on this, if you're looking for something "fun" to work through, the NSA's 2016 Codebreaker challenge is good, granted you have a .edu email address (only US .edu too, unfortunately).

https://codebreaker.ltsnet.net/challenge

I think they're going to be keeping the 2016 version up for a while longer. They generally start a new one in September each year.

3
nekitamo 3 days ago 2 replies      
An excellent introduction to Windows reverse engineering are lena151's video tutorials:https://tuts4you.com/download.php?list.17
4
tripzilch 2 days ago 1 reply      
Maybe fix the title to make it clear that this is about reversing binaries? Because RE is quite a broad term, even within the field of computing and/or generally "topics of HN interest". You can reverse engineer so many other things than just executable binaries. And not just other kinds of software (web), but hardware, communication protocols, even organisations and bureaucracies, or processes in the widest sense of the word.

It's not like this article teaches much about the general "reversing mindset" (similar to the "hacker mindset", but not quite exactly the same), or the "methodology" as promised in the title. Because yes there is some very interesting overlap in skill within the broad field of RE. Ask any pentester who also picks locks.

Not to discredit the article itself, btw, which is fine given what it actually covers. Which is about Linux binaries, and in particular with the object of solving a crackme puzzle.

Maybe "Reverse engineering a crackme for beginners" would be a bit more descriptive.

5
atemerev 3 days ago 2 replies      
Binary Ninja is a fine piece of software, but it is more ethical to advertise this article as "nice reversing tutorial included with said software", because not-so-hidden shameless advertisement for it is worse.
6
aidos 3 days ago 4 replies      
I'd love to know more about disassembly. I've recently had more and more reason to go deeper into applications I'm running as dependencies. A few issues I've found and fixed just by using strace to get an idea of the system calls.

There was one thing in particular where I knew there was a jump somewhere (if some_length < some_width) that caused bad outputs. I was playing around looking at registers etc in gdb while following along with a disassembled version of the code, but it was impossible to get any idea where to start.

I wanted something that could give me a few seconds worth of samples of where the instruction register was spending its time as a starting point, but couldn't find any such tool (linux).

Within my control:

 - giving input files to explicitly set unique numbers to watch out for - giving inputs that would generate bad output numbers only in the bad code path - giving inputs to force a load of jumps down the bad or good code paths
Does anyone have any advice on how you might approach such a situation?

7
doktrin 3 days ago 4 replies      
orthogonal :

I honestly wish CMU would release the lectures and full class materials for 15-213 (the course most typically associated with the bomb lab mentioned here). The lectures combined with the accompanying text and labs form a masterpiece, and it's a shame the community at large can't take better advantage of it. It's like SICP for systems : that effing good.

The tests, however, are just awful. Those can safely be dumpstered.

8
hackermailman 3 days ago 0 replies      
The bomblab is from CS:APP student labs section if anybody is interested https://news.ycombinator.com/item?id=14522391 specifically here http://csapp.cs.cmu.edu/3e/labs.html
9
ngneer 3 days ago 1 reply      
Upvote if you grew up on Fravia and tKC
10
sakawa 3 days ago 0 replies      
OpenSecurityTraining[1] videos are also a golden resource for beginning reverse engineers

[1] http://opensecuritytraining.info/Training.html

11
bor0 2 days ago 0 replies      
In around 2001 I started reverse-engineering games on the PC before having any programming skills (later moved to programming).

I remember MadWizard's assembly tutorial[0] being very helpful at the time.

[0] http://www.madwizard.org/programming/tutorials/

12
ngneer 3 days ago 1 reply      
Evan's debugger is nice for Olly fans
13
kclay 3 days ago 0 replies      
wow times have changed from using softice and ollydbg. When I used to RE for fun it was sad seeing how expensive programs could just be rigged by a simple NOP or JNZ/JMP change.

My best challenge was Brazil (3ds render engine). It had all types of checks that would only show up when rendering.. But that was no match.. Good times

14
tyingq 3 days ago 3 replies      
Where RE is reverse engineering, as opposed to say, regular expressions.
15
bwidlar 3 days ago 2 replies      
Blank page without javascript. Bye.
8
Telegram founder: US intelligence tried to bribe us to weaken encryption fastcompany.com
583 points by anjalik  14 hours ago   187 comments top 24
1
otalp 13 hours ago 8 replies      
>"It would be naive to think you can run an independent/secure cryptoapp based in the US."

This seems to be a shot at WhatsApp and Signal, implying that they have loopholes that allow the FBI to snoop in. I'm not sure how true that is. This might be an attempt to deflect from the fact that Telegram uses a home-baked encryption protocol which might be insecure, while WhatsApp uses the OWS protocol.

2
drawkbox 10 hours ago 4 replies      
I am not sure about the claim here but the FBI has always been all over cryptography companies and products and this was well before Snowden, Phil Zimmermann (PGP) knows about this.

In 2003-2006, we built a service that was a financial system to exchange financial data through various means including AS/2 EDI over HTTP with big companies and the government suppliers such as AAFES (Army and Air Force Exchange). Initially we had RSA, PGP and a custom encryption in there, the latter two for other features besides EDI. We got a letter from the FBI asking us to switch only to RSA, they wanted to know about our use of PGP and wanted to see our custom encryption if we continued to use it. Being a small/medium company we switched to just RSA to avoid any issues. It was an odd day, when I came into the office they told me I had an FBI letter on my desk and you can imagine what happens around an office when something like that happens. Very strange day indeed.

Moral of the story, if you create your own crypto or aren't using the ones you are supposed to use, in any capacity, expect some knocking.

3
angry_octet 12 hours ago 1 reply      
Read the replies from all the serious crypto security people on twitter and you will see the overwhelming consensus is that the FSB/Spetssviaz and FBI/NSA probably love Telegram for its roll-your-own-crypto and server mediated group chats.

One also has to wonder if the FBI consider the Telegram team to be essentially undeclared Russian agents, and hence fair game.

4
strictnein 12 hours ago 1 reply      
Cryptography experts like Matthew Green were having fun with some of his claims on Twitter a couple of days ago. I would read whatever Durov claims with a large amount of skepticism.

ex: https://twitter.com/matthew_d_green/status/87369621172278476...

5
tuna-piano 13 hours ago 4 replies      
Assuming this isn't just PR, in some ways this is scary and disheartening.

But my first reaction was "Cool, our government really cares, is creative and has the necessary power to get things done."

For those of you who've worked with government, you've seen how insanely difficult the procurement process is. Being as specific as needing to get competitive bids for toilet paper purchases, etc. So the fact that they could get potentially large amounts of bribe money means (a)This goes to high levels in the organization (b)They've probably done this before.

I wonder how much they offered?

And I wonder how many other pieces of software have backdoors. I would think the first things they would try and get access to is (a)Certificate issuers and (b) VPN software.

Do we know that Godaddy,LetsEncrypt, OpenVPN, Cisco VPN, Juniper, etc don't have backdoors?

6
19eightyfour 2 hours ago 0 replies      
But wouldn't it be in the interests of mass surveillance to herd people toward a chat option that isn't secure, or that the surveillants have a backdoor to? You get two benefits: 1) chat people think is secret you can read, 2) people self-identify as selectors / targets by choosing to try to hide their communications, which you can actually read

And if such PR herding worked, wouldn't the surveillants be prepared to pay for such efforts to make their job easier?

So, what seems readily apparent is: Telegram takes state money, to offer an insecure option, while dissimulating to the world that it's: a) secure and b) turning down state money all the time.

I know why this perspective isn't discussed in MSM. But I don't get why it's not discussed more here. It seems obvious to me. And personally IMHO, I think that's a good thing. Catch more criminals / terrorists.

7
loceng 13 hours ago 1 reply      
The ridiculousness of it all is it's unreasonable at its base to try to prevent encryption as a form of safety and security from violence.

Sure, you can lock up all communication for privacy reasons, and the government can spend all kinds of resources on trying to control to prevent or circumvent encryption - however it's a waste of resources as it's simply a bandaid.

If I wanted to do something violent or evil I/you can simply have regular meetings and use paper communication - the old spy-style stuff. Of course those networks can be infiltrated by governments with the resources, and they can maintain that presence by allowing certain acts within networks to occur vs. deciding which ones they should stop; it's how the war against Hitler was won once their encryption was broken - watch the very well-done The Imitation Game - http://www.imdb.com/title/tt2084970/ - for a reference.

The only real solution is dealing with the root causes. I heard an analyst on TV (a rare occasion for me) mention after Trump's Saudi visit and speech, that he didn't mention that the Saudis should look into the root causes of why there is terrorist activity growing in their countries; of course a lot of it is historical karma and rage from violent acts against their families, however a lot is because people's basic needs aren't being met which prevents the higher levels of Maslow's Hierarchy of Needs from being reached and maintained.

There's a solution and it requires building real community, locally, where you are now - and striving for people to become healthy so they don't develop bias and other coping mechanisms which prevent empathy and understanding and therefore compassion; preventing responsible ownership of weapons isn't useful either, not developing and supplying weapons on mass would be beneficial, however most attacks recently have been with vehicles or knives.

Universal Basic Income will also allow closer to a truly free work market and it can evolve from there, giving people the time to do what they feel is the most important in that moment for themselves, while not having to be forced to working in a shitty environment with shitty managers or co-workers; the health improvement and increased productivity here alone is worth it.

8
prawn 2 hours ago 0 replies      
Surely it's not just an issue of location but scale? Unless there is a huge team reviewing code, an individual or small team could be paid-off by an agency to provide a backdoor? For the right combination of large scale app by small team, there'd have to be a price at which many individuals capitulate? If the backdoor is somehow revealed, "doesn't matter, got my money".

I used to wonder whether some success of social media companies couldn't be explained by secret payments for backdoor access. You could be operating out of Europe or Africa and still get offered money, and other pressure carefully applied.

You might think you'd hold true to your plan of privacy-for-all, but if they offer $x00m or more?

9
jquast 13 hours ago 1 reply      
"a few months later i was offered an interview for a position at the fbi office for cyber-warfare in nyc who as well offered to fix my immigration status"

and, "before going to monterey and while exploring the beauty of san francisco i was contacted once by a us navy intelligence officer who seemingly unintentionally appeared next to me at the bar"

http://mickey.lucifier.net/b4ckd00r.html

10
custos 11 hours ago 2 replies      
Option 1: Could be Russian/Telegram propaganda.

Option 2: Could be true because seriously, who trusts the FBI/NSA not to violate our privacy anymore?

Really not sure what to believe about this one.

11
Callmenorm 14 hours ago 1 reply      
There aren't a lot of places that are embracing truly end-to-end encryption for the masses. I think it would be tough in the U.S. but it's not clear to me where the better place.
12
ricksharp 11 hours ago 5 replies      
Can someone correct me if I am wrong, but it seems relatively easy to make an encrypted peer-to-peer messaging system.

I mean, simply use a public/private encryption algorithm that has proven to be highly secure:

- Share your public key openly

- Anyone can send a message to you using your public key to encrypt the message

- You decrypt with your private key on device

Do all the encryption/decryption on device and viola, secure messaging. (This is basically how https works.)

Of course this only allows a single device the ability to decrypt the message.

However, if you want to allow multiple devices to share a private key, they can simple send each other their own private keys using the same encrypted protocol.

In addition, for super paranoid use, a master password could be used to salt the private key so that would be required with the private key to enable decryption. (Which is similar to how password keepers basically work.)

What am I missing?

13
known 50 minutes ago 0 replies      
How Telegram is making money?
14
known 51 minutes ago 0 replies      
"Never do anything against conscience even if the state demands it." --Einstein
15
pigeons 8 hours ago 0 replies      
There isn't even any need to weaken the homebrew encryption, good luck using it. I don't even have the option on the Linux desktop client at least. The "secret chat" feature isn't available.
16
retox 13 hours ago 1 reply      
Sounds like a reasonable exit if noone wants to buy your popular e2e encrypted chat app. Take the bribe, shutdown and move on to the next iteration.
17
robert_foss 13 hours ago 4 replies      
This is pretty alarming stuff.

Especially considering how that competitors like Signal are US based. Signal is owned by twitter which by no means is a small player, so it isn't likely to fly under anyones radar.

18
Asmod4n 13 hours ago 0 replies      
There is no need for the US intelligence do to that, looking at the choices Telegram made on its own.
19
EternalData 12 hours ago 1 reply      
The government has progressed from banning encryption to trying to subvert it :/
20
throw2016 12 hours ago 0 replies      
Governments never believed in privacy. Before they were opening envelopes and tapping phones. Now they are trying to keep up with technology and given the sheer scale of resources, manpower and power at hand operating 24/7 they will prevail.

A journalist like Poitras is on all sorts of lists and incessantly harassed. There are secret courts, secret laws and secret processes at play. And beyond this the power of harassment, intimidation, blackmail and bribery. Individuals and even organizations cannot prevail against the array of capabilities.

Its nice to think of democratic theory and the rights but these only exist when not exercised as talking points. The moment you start exercising them you end up on all sorts of lists, marked for harassment and basically have a target on your back. Dissent is squashed even before it can formulate.

21
lngnmn 4 hours ago 0 replies      
Good PR.
22
_RPM 11 hours ago 1 reply      
23
killjoywashere 13 hours ago 5 replies      
24
logicallee 13 hours ago 3 replies      
The problem I have as an end user is that I want the infrastructure protecting me to be invisible. Let's return to this after the following paragraphs. I will make some pretty far-reaching conclusions.

I think we can all agree that if some totally below-the-radar crypto anarchist who happens to have a few million dollars from bitcoins figured out that they actually have enough access via the dark web to bribe a few Russian generals and long story short detonate a nuclear bomb a few miles outside New York City, just for shits and giggles, then they should be stopped at some point along the way. This will seem like a made-up example to you but I purposefully don't want to confuse the issue with practical examples. We can all agree that at some point this should be stopped.

A reasonable time to stop it might be if intelligence agencies get a literal screenshot from a darkweb chatroom (from a concerned participant, where the participant thinks they're really going too far) where this is being planned in exacting detail but more information is needed to be precise. (For example, suppose the source of the nuclear bomb were not Russia but not enough information was given to identify it. There are actually quite a few nuclear states and many of them are quite corrupt. A short list includes India, North Korea, Pakistan.)

I would think that this kind of actionable urgent intelligence should unlock whatever privacy safeguards are in place, but the issue is that if there is a correct "technical" solution (if cryptography works 'correctly' and is not broken, in an academic sense), then there is no technical possibility to unlock anything. If Tor, crypto currencies, and encryption "work" (in a binary, yes it works, or no, it's broken sense) then following the receipt of such a screenshot there is no technical means of any further step.

Here I'm going to be philosophical for a second. The future of technology is nearly infinite human power. You can already in the next few seconds initiate a crypto currency transfer to anyone anywhere in the world, who can receive it without any banking infrastructure or oversight.

The arc of technology has been personal human enablement. When individuals become nearly God-like and all-powerful, it is dangerous to be in a position where, like the Muslims reporting the madman banned from his U.K. mosque for radical insanity, the status quo is that if you report your friend to the authorities saying, "My online friend, God-like in his powers, is planning to murder a million people just for shits and giggles, and he's kind of insane. Unfortunately, I don't know where he is or what he's doing, but I'm pretty concerned. He has a lot of money from a few ponzi schemes he ran. It's pretty credible for the following specific reasons (screenshots, quotes, etc)." And the only response from the authorities is, "Thanks for all this. We don't know where he is either, in the grand scheme of things a million deaths isn't that much and if it happens we will look at preventing another such case."

That's a pretty silly response, isn't it? That the only possible response is, sorry, nothing can be done.

Okay, now I've laid out why there should probably be some infrastructure on the back-end.

What I don't like is that this translates to humans literally reading people's private correspondence, web searches, etc. It's not very good.

What is a good middle ground?

Can't the NSA make things that run locally, so that no human is reading your correspondence or web traffic, but as you start researching nuclear weapons and making plans on how to murder a million people, and start making those transactions, all this starts adding up and, to quote the Constitution, its tools can receive instructions "particularly describing the place to be searched, and things to be seized", so that after such a report, its perpetrator can be found, or at least enough information can be collected to stop it if it is actually taking place?

I think that all of us here could be okay with being stopped at some point between purchasing a hundred million dollars in anonymous currency, and detonating a nuclear bomb. It's sensible. That can be part of the social contract.

It's difficult. Nobody wants to live with a judge, jury, and executioner in their home looking at everything they are doing in case they break some law.

I am glad that I personally don't have to answer these questions. But we can all agree on the need for privacy (no human looks at what you're doing), and also on the reasonableness, as each individual online progresses toward infinite personal power, for protecting the rest of society from credible and immediate, specific threats.

I agree with cryptographers who think of cryptography as a tool that is either working or broken. (If it has a back door, it's 'broken').

Perhaps if tools included a certain portion that runs locally they could increase the extent to which the tools are not actually 'broken' (i.e. they are actually working, and actually not backdoored), while also increasing the safety every single person has from other individuals being able to plan or pay for their specific death anonymously, and with impunity.

I realize that my suggestions here are not specific enough to be actionable, they are not clear recommendations. But I don't even see these possibilities being discussed (at least publicly), so I wanted to at least move the conversation a bit in this direction.

EDIT:

---

I'm getting downvoted pretty heavily. Let me ask point-blank: are you okay with someone being able to spend two weeks on the dark-web researching how to make and detonate a bomb using totally innocent chemical purchases, and then your spouse, parents, relatives, or you, being an innocent victim of my exploding the results, or would you want that person to be stopped at some point after they started doing that? The future of information is that it is ubiquitous and easy to access[I edited this paragraph edited from first to third person.]

Actually secure communications would mean that it is technically impossible to see if someone has started communicating with people at ISIS who have overseen and helped people explode themselves. I am not saying communication should be weak and insecure, but should I really practically be able to start doing that if I want?

This is not some kind of false example, either.

Also, for downvoters: I think it is easier for you to agree with the other half of my statement, that nobody should be looking at our web traffic and correspondence, and that it should be actually secure, and also actually private.

9
#c0ffee is the color surge.sh
777 points by pavel_lishin  3 days ago   120 comments top 37
1
vmarquet 3 days ago 1 reply      
I'm surprised no one yet has mentionned the famous stack overflow question: https://stackoverflow.com/questions/8318911/why-does-html-th....

TLDR; For legacy reasons, some words produce valid colors even if they don't respect the standard color formats. For example, "chucknorris" produces red.

2
lol768 3 days ago 7 replies      
Got to admit I was hoping it'd be a coffee-ish colour before I sorta parsed the colour in my head and realised it was mostly green.

With that said there are some pretty cool ones (e.g. 5afe57 = safest = a green) that do match up. Can't say I can think of many hugely practical uses for this, but it's kinda neat!

3
nailer 3 days ago 2 replies      
Oh neat:

#F0E71D

is the colour of asafoetida: https://www.google.co.uk/search?q=asafoetida&source=lnms&tbm...

And #C0C0A5 is cocoa.

For fitness studio folks who are into hex (of which there are obviously billions) #F17 (bright pink) would be popular too.

4
atemerev 3 days ago 2 replies      
#c0fefe, you wanted to say.
5
thebouv 3 days ago 3 replies      
Since #BADA55 keeps coming up:

http://bada55.io/

6
oxguy3 3 days ago 1 reply      
SAFEST is a decent green and ACIDIC is a decent red -- probably going to use these instead of #f00 and #0f0 next time I need success/failure color codes for some hastily-made web thing.
7
turkeywelder 3 days ago 1 reply      
It's missing Badass: #b4da55. Lovely green colour :)
8
mrspeaker 3 days ago 1 reply      
This is great, but I'm not a fan of the "7 looks like a T"... my brain can't make that work. I request an "Ice T" mode that does this:

 Array.from(document.querySelectorAll(".wrap > div")) .filter(n => n.getAttribute("name").includes("t")) .forEach(n => n.parentNode.removeChild(n));

9
madcaptenor 3 days ago 0 replies      
#B00B00 is the color of blood.
10
pavement 3 days ago 1 reply      
HN feature request: three character hex code support for topcolor.

Bonus points: named color support for valid CSS colors, such as dodgerblue.

11
forgot-my-pw 3 days ago 0 replies      
Isn't it just easier to memorize HTML color names? https://en.wikipedia.org/wiki/Web_colors#HTML_color_names
12
jaclaz 3 days ago 0 replies      
The idea is nice, but (as a suggestion) I would add a drop down to "strict" where you can tick whether to include 0 (zero) and 1 (one) as respectively O and I, which is what everyone would likely read as well as - maybe - 5=S while the 1 as L (as in 1337) and the 7=T are far less intuitive.To give anyone freedom of choice maybe adding a "selectively strict" button with ticks for each leet letter would be ideal (as an example I cannot read the 2 as R as it is used on http://bada55.io/ ).
13
adolph 3 days ago 0 replies      
The yellow fiesta is similar to the yellow tone of the dishes

https://en.m.wikipedia.org/wiki/Fiesta_(dinnerware)

14
Etheryte 3 days ago 1 reply      
It makes me both happy and uncomfortable that #dab and #dabbed are valid colors.
15
mxfh 3 days ago 1 reply      
I always paint my computer chassis' front panel in drab #facade.
16
boozelclark 3 days ago 0 replies      
I wonder if they intentionally left out FAECE5? A brownish color
17
JoshTriplett 3 days ago 1 reply      
Nice.

One oddity: for some reason, the site's CSS makes text selection highlights invisible. If you select text, the selection looks identical to unselected text, though copy/paste still works.

Also, the color boxes appear to be editable text areas: if you click on one, you can backspace or Ctrl-U and the text of the color vanishes, until you hover/unhover it again and the text gets reset (because of the 1337/LEET translation going on with hover/unhover).

18
waynecochran 3 days ago 0 replies      
You should allow for an alpha-channel then you have two more letters and can do the Java Class file magic number #CAFEBABE.
19
ajacksified 3 days ago 0 replies      
Nice - I built something similar a few years ago, mostly to mess around with CSS columns (http://thejacklawson.com/csswords/). I only used a regex over the system dictionary, so it doesn't include a lot of what it probably could.
20
merraksh 3 days ago 1 reply      
There's "tic", "toe", but not "tac". I guess we need a "even less strict" option.
21
oever 3 days ago 0 replies      

 aspell -d en dump master | aspell -l en expand|grep -e 
'^[abcdefABCDEFlLoOsStT]\{6\}$'

22
19eightyfour 3 days ago 0 replies      
This is brilliant. I am going to be using these colors exclusively from now on in all my designs.
23
jellyd0ts 3 days ago 0 replies      
Very cool! I found #c0ffee myself a while ago and it made me quite happy to immediately know which color the title meant.

I didn't think of the other possibilities(like #bada55), but instead opted to shorten it to 3 letter codes. The one I like most is #b00, a nice red.

24
zem 3 days ago 0 replies      
needs a medium-strict mode with a-f, 1 as I and 0 as O only. those two digits seem a lot less of a stretch than the rest of the leet spectrum
25
piyush_soni 2 days ago 0 replies      
Now that I know it, I'm going to be forever sad that #c0ffee color is not the same as the color of coffee :(
26
brianzelip 3 days ago 1 reply      
Love the Roy Ayers!
27
narrowtux 2 days ago 0 replies      
I found it easier to view after I added `border: 10px solid #111;` to the `.flexer` class
28
vegbrasil 3 days ago 1 reply      
Maybe this could be open source? I wish to generate HEX colors using my non-english language.
29
ubertaco 3 days ago 0 replies      
Seems appropriate that #D15C05 (DISCOS) is an ugly, 70s orange-brown.
30
Scirra_Tom 3 days ago 0 replies      
The only time purple testes are not a cause for concern perhaps
31
asmosoinio 3 days ago 0 replies      
5AFE57 = safest is cool.
32
ynniv 3 days ago 1 reply      
My topbar color is #badfoo, which is a somewhat sickly green.
33
mikeycgto 3 days ago 0 replies      
My fav is #baebae
34
pklausler 3 days ago 0 replies      
#efface makes a nice background color.
35
_eric 3 days ago 1 reply      
> ctrl + f

> BADA55

> not found

> closes tab

36
kyledrake 3 days ago 1 reply      
This isn't related to the post content (which was great), but I noticed that HN lists the domain as "surge.sh", which doesn't make a lot of sense because surge.sh is just the web hosting service this site is on.

With the web, the convention right now is to treat the subdomain as a different security origin (with the exception of www). So the link should show c0ffee.surge.sh, not surge.sh.

If this is a manual setting, it probably also needs to be set for neocities.org. I noticed that wordpress.com domains were being subdomained properly.

It really shouldn't be manual, it should just always show the correct origin domain.

37
zyxzevn 3 days ago 1 reply      
What is your favorite color, IDIOTS?
10
Hackers Are Hijacking Phone Numbers and Breaking into Email, Bank Accounts forbes.com
648 points by CarolineW  4 days ago   361 comments top 67
1
TaylorSwift 4 days ago 5 replies      
This happened to me.

1. I believe it began with the hacker getting DOB/SSN.2. Called wireless provider, and hacker forward all calls and texts to a burn phone. Eventually, the hacker ported my wireless phone to another provider/number (not sure which), and the phone registered to my provider did not work anymore. The landline phone was also forwarding calls to another number.*3. Hacker gained access to email (as that email was also within the telco's site). At the beginning, the hacker did not reset the password. After I changed the email's password, hacker was still gaining access to our emails and he/she eventually reset the email blocking my access. (reason was all the text and calls was forwarding to his/her burn phone so he/she can reset the pass anytime)5. Requested 2FA from bank.6. Gained access to bank account.

This was over a course of 3 months. It was a nightmare to resolve and paranoia still remained. The hacker later on went opening several bank accounts. Fortunately, this was discovered early. The entire situation was communicated to the FBI, local police, and bank institutions, but I do not think anyone cared.

*I saw two numbers that were being used within my wireless account site to forward the calls.

2
49531 4 days ago 5 replies      
A few months ago I took 3 of my 4 kids to a birthday party at a minigolf course. I played some holes with my youngest I had taken with me, and then left the two older ones at the birthday party with the understanding that their mother would pick them up (as we had discussed earlier)

After leaving the party with my youngest, I went to the grocery store, and then on home. When I got home my wife was gone, which I expected since she was picking up the older kids from the party.

Throughout this afternoon I had not been checking my phone in an attempt to be a bit less connected on the weekends.

About half an hour later my wife comes home totally freaked out and frazzled.

Apparently after I had left, someone went into a T-Mobile store and somehow convinced the associate that my number was theirs. I had received a couple of texts from T-Mobile with a pin number where the store associate had attempted to do something, but I was not aware of them until later.

Once this person had my number, they called my bank, reset my online password, and transferred all of our money from various accounts into one of my checking accounts. The bank then put a hold on everything (thank god).

My wife happened to have been paying bills online while this was happening, and saw it all go down. Her first thought was to call me, then when I didn't answer to call the mom throwing the birthday party.

Birthday party mom told my wife I had left, so my wife assumed that myself and our 3 year old were being mugged or something. The police were involved and she spent a good amount of time freaking out trying to find me.

All in all I had a pretty good afternoon :P

For real tho, it was a freaking mess. Took weeks to get our accounts safe, and we try to avoid using phone numbers for 2fa now.

3
pascalxus 4 days ago 4 replies      
So, I've read the article a couple of times, It's pretty long. For those of you looking to get the most bang for your buck, I think the following advice is Golden:

1. Do NOT secure your sensitive accounts (facebook, primary email, bank accounts, twitter, etc) with your telco phone #. Telco Phone number is NOT secure!

"Create a brand new Gmail email account. Do not connect it to any of your existing email accounts. (When signing up for a new Gmail, you dont need to enter a phone number or current email, although there are fields for you to do so. Leave them blank.) Once youve created the new island-unto-itself email address, create a new Google Voice number." Use this Google Voice # to secure your primary accounts, and don't have your telco # listed in any of those accounts.

But, make sure your New Gmail account is super secure, with a security key, as mentioned in the article.

2. Check the password recovery methods for all your sensitive accounts and make sure the answers aren't duplicated from any other site. Actually, it's best to remove them, if you can.

If any security experts want to chime in, please do.

4
ghouse 4 days ago 0 replies      
While SMS for 2fa is _a_ problem, it's not _this_ problem. Using SMS for _account recovery_ circumvents 2fa and circumvents strong passwords.
5
devuo 4 days ago 3 replies      
Last year when I upgraded my phone I was amused but mostly horrified by how easily one could get a SIM card for my own phone number with less than a modicum of information on me.

As I required to upgrade my Micro SIM to a Nano SIM, I went to one of my provider's shops and asked for a Nano SIM for phone number X. I was then asked to verbally confirm my name and address and that's it. No ID card confirmation, no nothing. "Here you go sir, your new SIM card will be active within a few minutes. Can I help you with anything else?". What. the.

6
noobermin 4 days ago 6 replies      
NIST has already been discouraging the use of SMS for 2fa[0], but that apparently won't stop the subset of incompetent IPSec consultants who still recomment SMS based 2fa.

[0] www.slate.com/blogs/future_tense/2016/07/26/nist_proposes_moving_away_from_sms_based_two_factor_authentication.html

7
yladiz 3 days ago 5 replies      
Can anyone recommend a US based bank (or a bank that accepts US customers) that 1) has either a 2FA token for phone e.g. with Google Authenticator, a hardware token, or some kind of other token based factor; and 2) has strong security when calling? I generally don't need a physical presence.

My current two banks don't have direct 2FA enabled. As far as I remember, the questions available to one of my banks (credit union) are simple enough that you could probably find out by doing a public info search somewhere, and the other bank (Chase) has SMS 2fa, but outside of that it's just public database questions (I know this because I had my card number stolen recently, I currently don't have access to my phone as I'm out of the country, and they asked me a few different questions from a public database, like if I had ever lived at ABC Dr., do you know this person, and what is the full name, etc.). I'd much rather be able to give the banks some kind of information that they are required to verify before they can access my account, like a verbal passphrase, but I don't think that's possible (as in, I wouldn't be able to access my account over the phone without the passphrase).

8
Keverw 4 days ago 2 replies      
It's insane how much easier it is to transfer a phone number than a domain name.

I also find it odd Facebook, and other sites will let you signup solely with a phone number. There's prepaid cell phone providers that recycle phone numbers, etc. Just seems so stupid to rely on a phone number for authentication alone, but two factor I'm okay with since you still need to know the password. Twitter has a developer product where you can be texted a code to login using only a phone number, which to me just seems wrong to do.

It'd be nice if trying to port a number, change important info, etc if they had to actually call you or text you first to confirm. But one of the problems is people will lose their phones, and need a new sim or phone... That I think I'd have a requirement to actually visit the store - but that doesn't work to well with prepaid phone providers without physical stores selling via other stores like Walmart, Target, etc. Maybe in that case without nearby stores, partner with your retailers to verify ID or fax a ID in.

9
dheera 4 days ago 2 replies      
I wish we could kill phone numbers once and for all. It's insecure, device-dependent, carrier-dependent, country-dependent, subject to snooping and censorship, and all of these are recipes for disaster as an authentication scheme, especially in the event that a device gets stolen. Phone calls and text messages should emphatically NEVER be used to verify anything.

Conversation with one of my banks the other day:

Them: Can we please verify a code sent to your phone number?

Me: Umm, sure, although that won't verify anything. Use something else to verify that it's me.

Them: Can you please verify your phone number?

Me: Umm, I don't know what phone number I used with you? Try XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, and XXX-XXX-XXXX? They all belong to me depending on where I am.

Them: Can we use XXX-XXX-XXXX? Do you have this phone with you right now so we can we send a text message with a verification code?

Me: Send your insecure SMS to any of my numbers. They all go to my e-mail inbox. [I don't need to have my "phone" with me -- my "phones" are virtual.]

10
flurdy 4 days ago 4 replies      
So 2FA reset via SMS is bad, which I agree but what are the alternatives to prevent a meltdown when your 2FA device dies?

I have had two phones die on me that was my 2FA device, plus OS upgrades, so I have gone through resetting 10-20 2FA accounts a few times. Though with upgrades usually I foresaw that and downgraded my 2FA before hand.

All I wish for was that resetting 2FA would be a very very slow step by step process and spammingly broadcasted to all emails, sms, postal etc associated with the account. But I know for cost cutting customer services departments that wont happen.

11
godzillabrennus 4 days ago 3 replies      
I owned a hosted PBX company from 2007-2011 and was amazed with how antiquated the port request system truly is.

The problem is that the phone company owns your phone number and you just get access as part of a service. Unlike a domain name where you own it.

If we change the law we'd bring more accountability.

12
awinter-py 4 days ago 6 replies      
Not answering security questions truthfully is tricky.

Yes, it's a problem that security questions turn hacking into a simple public records search.

BUT most terms of service have a line like 'you warrant that you've been entirely truthful with us' or something. If you give the wrong security question to your bank, they potentially have grounds to freeze your money or screw you later.

Why isn't the answer 'consumers have the power -- punish services that don't support FIDO by not using them'.

At best this article is saying 'don't connect anything to anything'.

13
willow9886 4 days ago 1 reply      
This recently happened to a friend of mine. It was devastating. As mentioned, U2F is very scarcely supported today.

The best way he came up with to secure services that insist on using SMS for 2FA (or credential reset) was to register the number of a pre-paid phone for those services.

Inconvenient? YES. But a pre-paid phone number can not be ported by a negligent (or willfully criminal!) operator.

14
fabian2k 4 days ago 8 replies      
What settings exactly do I have to change to get GMail to never unlock my account by SMS alone?

I have enabled proper 2FA on my Google account with U2F, but I haven't disabled everything else yet because I only have one token, and I still need something like TOTP for stuff that uses Google accounts, but doesn't support U2F.

As a closely related remark, I wish U2F would just get popular enough, it's pretty convenient, isn't vulnerable against the kind of attack SMS-based 2FA is, and protects against phishing. But almost nobody outside Google supports it, and OS/Application support is rather incomplete or requires additional setup.

15
occamrazor 4 days ago 2 replies      
Would this attack be neutralized by a mandatory waiting period of a few weeks for number porting?I recently ported my number to another operator (in a European country), I had to wait for a month and received at least two warning SMS.
16
exratione 4 days ago 0 replies      
Many phone companies will allow you to (a) add an annotation to your account to declare the number you are using should never be ported to another company, and (b) add a password to the account that you will have to provide to customer service representatives when making changes. This helps to minimize the chance that an attacker can use social engineering to redirect your number to a system under his or her control. If these are not options for your phone company, find a better phone company.

Even given that, since it relies upon human choice and behavior, and does nothing versus attackers with assets within the phone company, it seems a bad idea to have 2FA via SMS.

17
maherbeg 3 days ago 0 replies      
Someone should write a comprehensive guide on how to protect your accounts while preventing yourself from being locked out of said accounts.

Seems like some combination of the following:

* using Google Voice for all account recovery situations that require a phone number

* Calling your cell phone provider to have a note that states do not allow for number porting

* Use hardware 2fa tokens. Have two setup, one as a backup in case you lose one.

* Keep a copy of your recovery codes somewhere accessible

* Probably have a safety deposit box with your backup 2fa token and recovery codes stored.

* Primary email provider should use a hardware token and not have sms recovery

* Use unique passwords everywhere and use a password manager

18
ww520 3 days ago 1 reply      
5 or 6 years ago, my phone number got ported by someone else without my knowing. My phone suddenly didn't work anymore. I called into AT&T right the way to ask what's going on and they said someone has "took over billing" from my account and AT&T transferred the number over. WTF? I was adamant to get the number back since that's the number I give it out to people. They won't bungle saying it's out of their hand. Finally they said they could place the number into the free pool for re-allocation which would freeze it for 3 months before it could be used again. I was concerned it could be used as a vector against my bank accounts. It was a nightmare.
19
mathrawka 4 days ago 1 reply      
I highly suggest having at least 2 phone numbers, one that is your main number that you use and give out. The others are kept private and never for calls or texts, but only for 2FA.
20
drdaeman 4 days ago 2 replies      
2FA (including U2F and whatever else) has one big problem that this article fails to mention. And when 2FA is suggested, this really should be said explicitly.

Users aren't warned enough about the fact that everything fails, and they will have to go through 2FA deactivation/account recovery process sooner or later. They must be really reminded to DO BACK UP the recovery code(s). With "back up" as in "keep not just somewhere, but where you can actually find it, when you'll need it". (But not in your password manager)

This is true for SMS 2FA as well, but completely losing the number (as long as one's a paying customer) must be significantly less common than losing a device.

21
tbrock 3 days ago 3 replies      
Great. Now that we've succeeded in compiling a list of personal sad stories to one up one another, why not not discuss how we could encourage the banks / phone companies to make this situation impossible.

1) Ban SMS as a second factor for high risk targets like banks.

2) Telecom companies should require social security number or uniquely identifying information to provide account access.

3) ???

22
kraig911 4 days ago 1 reply      
Security while we all say is super important will never be important until people doing the customer service actually care. When my identity was stolen 20 years ago it was a nightmare involving writing letters to a postbox and getting form letters in return... doing to the police, the banks, and the utilities and being treated like an idiot because I filled out a rental application that someone used to get credit cards is a nightmare that still follows me to this day. It's as if all forms of customer service needs to go through a third party.
23
exabrial 3 days ago 0 replies      
Companies are calling it "two factor authentication", which it is not. Please, hn, don't promote sms 'authentication' at your jobs. TOTP is easy to implement and not never difficult for users to understand.
24
santzeshn 3 days ago 0 replies      
A few months back I lost my phone, so I went to my operator with passport to get new sim with my old number (in Thailand) . She said the sim isn't actually in my name but my ex-girlfriend's, and I told I remember I took the sim with her id as I didn't carry my passport with me, so I guess there's nothing I can do.

She just replied well we could change the sim to your name, didn't even check with the original owner and 5 minutes later I was on my way with new sim.

25
dhruvrrp 4 days ago 0 replies      
A couple of years ago i got a new phone which used mini sim instead of the micro sim that my older phone used. So i went to an AT&T store to get it and the rep asks for my name and my phone number and 5 minutes later comes back with a new sim saying it'll activate my noon the next day.

There was no authentication at all. Literally anyone could have walked in gave my name and phone no and would have gained access to my phone. I stopped using my phone for 2FA since then.

26
CWuestefeld 3 days ago 2 replies      
A few weeks ago I was vacationing in Big Bend National Park, which is in a remote corner of Texas. When trying to pay for our breakfast, my credit card was declined.

On the phone with them, they said the card had been flagged as being used in fraud because we were off in the middle of nowhere, away from our normal spending patterns. The ONLY way to reactivate the card is for the CC company to SMS text us with a code, which we have to read back to them. The thing is, the very reason they flagged us - that we were way off in the middle of nowhere - also meant that we had no cell phone service, and couldn't receive the SMS. And given the vast size of Big Bend (getting out of the park from the hotel is a 45 minute drive), it was questionable if I'd be able to drive to a location with cell service if I couldn't fill my gas tank first.

The hotel manager overheard me arguing on the payphone with the credit card company, and he drew me a map of some pockets of cell service within the park, so in the end I was able to get it taken care of.

One ironic part of this was that the card is in my wife's name. When they wouldn't listen to her, she gave them verbal authorization to talk to me in her stead. They were willing to believe her identity for this, but not for the re-activation of the card, which doesn't make sense.

I also asked their CSR why they flagged the card. They said that I should always notify them if I'm going away. I asked them what the criteria is for that, since this was an in-state trip (I live in Austin, and Big Bend is also in Texas). The CSR said that's odd, and he doesn't know why that would happen.

So good for them that they watch for fraud, but the failure mode for their heuristic is the most catastrophic possible. If the very reason they flag me also prevents me from fixing the problem, then it's a rather badly-designed system.

27
EZ-E 4 days ago 2 replies      
This kind of attacks could lead to total disasters in China where the standard is to login and register solely on a phone number using a confirmation text.

In China your phone number is pretty much as valuable as all your password combined, all services are solely linked to it.

Even though phone companies ask for id before issuing a SIM card, I'm pretty sure a tiny bribe is enough to get past most store clerks

28
cloudkj 4 days ago 0 replies      
Does this hack work on Google accounts? I just tried the "forgot password" feature there and as far as I can tell there's no way to actually complete a password reset with only a compromised phone number.
29
chrisper 4 days ago 2 replies      
The issue I have with 2FA without sms is that I need to also take care of recovery codes. Basically, it's like erasing all the benefits of going digital, since now I have to store (and take care of) paper copies of recovery codes.

If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready. If I were to use my phone number, I kind of don't need that since I just get a new sim and a new phone. But at the same time that is not safe now.

So what is the solution here? I liked the idea of something like DUO but not enough places use it.

30
ziikutv 3 days ago 0 replies      
What's funny is... my Bank does not allow me to use any special characters and for the investor accounts numerical only. They do not have 2FA either.

CIBC Canada

Addendum also several of my purchases were flagged as hacked purchases by them and I had to call them three times so far this year. All purchases from same Amazon account, same IP too. So I do not think they have a good services team.

31
zkms 4 days ago 0 replies      
Years ago, when SMS 2FA first became a thing, I remember people familiar with telecom stuff pointing out SS7 vulnerabilities and porting/SIM takeover issues. People shouted them down and claimed that they were being too paranoid and exaggerating the risk, or that most people aren't attractive-enough targets for someone to dedicate so much effort for hacking their accounts (and that SMS 2FA was thus good enough for most people).
32
e79 4 days ago 1 reply      
You should also make sure providers like Google don't fall back to less secure account recovery methods. I blogged about this here, after I realized that I was still vulnerable even while using real 2FA:

https://ericrafaloff.com/google-account-security-and-number-...

33
konceptz 3 days ago 0 replies      
Take a modified attackers point of view.

Could you convince a cell phone store rep that you are who you say you are without your drivers license?

Or, for a million bucks, could you make a cell phone store rep think you were someone else?

The answer is why SMS 2fa isn't such a great idea. Because your security checkpoint is owned by a (underpaid) store representative.

34
hobarrera 2 days ago 0 replies      
If I want to change my number to a new SIM, my telco requires me to log in, and fill in a form. If I forgot my password their email it to me.

They don't have any offices open to the public, nor any hotline, and are really the cheapest alternative where I live, but it seems that their attempts to save money have resulted in them ending up with a securer infrastructure than some notorious ones from very advanced countries.

35
sr2 3 days ago 0 replies      
Seems pretty silly putting any form of security apparatus into a technology which could possibly have been engineered from the ground up to be SIGINT-enabled. It's as if GSM was deliberately designed by the intelligence community to be available for eavesdropping. They build the protocol with just enough good security that Johhny can't intercept his wife's calls to check for cheating, but with enough bad security that intelligence services (and sophisticated criminals) can play Mallory[0]

[0]: https://en.wikipedia.org/wiki/Alice_and_Bob#Cast_of_characte...

36
adventured 3 days ago 0 replies      
Anyone here happen to know how hard it is to steal a Twilio number as compared to a number issued by eg T-Mobile or Verizon? Is the only way to do so, by accessing the Twilio account that controls the number (whether directly or by API)?
37
theoracle101 3 days ago 0 replies      
"If you follow several of the steps I outline in this story (unless you go with Google Voice), youll end up with at least three email addresses: your current primary one, one just for your mobile carrier, and one that you use for other sensitive accounts such as online banking or Facebook or Dropbox."

Why not just have all sites that require SMS 2FA (there are a lot, including tele co.s) be directed to a personal google voice number? And also remove the any SMS 2FA from this google and your personal? Wouldn't that solve the issue they are suggesting? Why do you need a third account?

38
seanieb 4 days ago 0 replies      
Has anyone tried suing a Telco that's given away access to their phone account?
39
z29LiTp5qUC30n 3 days ago 1 reply      
I am surprised no one here mentioned mooltipasshttps://www.themooltipass.com/
40
Osiris 3 days ago 1 reply      
For 2FA I like how Microsoft does it. You have an app on your phone. When they need to authorize you, they push to the all and it automatically pops up with approve and decline buttons. You verify the code is the same on the phone and screen and hit approve. It's an easier workflow than having to open Google authenticator, find the code, and enter it.
41
legohead 4 days ago 2 replies      
I read a blog where someone got hacked through a simcard clone, and they went into the details of how easy it was to do. This prompted me to enable 2fa on everything I could, but the funny thing is, a lot of the backup options for 2fa is -- you guessed it -- your cell phone number. Some of them don't even allow you not to use your cell phone as a backup. I think Github and Slack are like this, but I may be wrong, it has been a while since I turned them on.
42
ossguy 3 days ago 0 replies      
I've noticed a number of people using https://jmp.chat/ to get a second number for 2FA. It supports most of the short codes companies use for 2FA, but it doesn't require you have a Google account (or even an existing phone number).
43
mtgx 4 days ago 1 reply      
Remember this the next time you may tend to agree with governments' push for backdoors. If they get their way even Google Authenticator won't be safe, just as SMS isn't anymore for 2FA, all because the surveillance agencies preferred to keep the SS7 vulnerability and others like it so they can exploit it (outside of the "rule of law", as otherwise they wouldn't need it).
44
SkyMarshal 3 days ago 0 replies      
Worth reposting Kraken's mobile phone security advisory:

http://blog.kraken.com/post/153209105847/security-advisory-m...

45
ganwar 4 days ago 0 replies      
This sort of attacks have been happening for over 5 months in crypto.

Kraken published a highly useful blog post on it. Do give it a read.http://blog.kraken.com/post/153209105847/security-advisory-m...

46
bit_logic 3 days ago 1 reply      
It seems a simple solution would be for the phone company to send a confirmation SMS or automated voice call to confirm number porting or any other major action. Is there a reason they don't do this? It seems like a good balance between convenience and security.
47
itslennysfault 4 days ago 1 reply      
I'm SHOCKED this wasn't a thing earlier. Spoofing a phone number is insanely easy. When I was in High School we figured out how to do it and used to prank call people from other peoples numbers. Eventually, we realized that if you call someone's cell from their own number it takes you directly into the voicemail admin menu. Fun times.
48
leke 3 days ago 0 replies      
Articles like this ramp up my paranoia, especially since I got a phone call from the UK three days ago. Nobody on the other end. Hung up after saying hello three times. Never heard back since. It has me worried, especially since I just came back from my holidays (not in the UK).
49
buyx 4 days ago 0 replies      
These attacks have been going on for at least a decade in South Africa. The fact that it's still going on, and if the coverage is to be believed, spreading globally, is a pretty shocking indictment of the industry.

I wonder what other scams are being incubated in lesser-known parts of the world, that are waiting to be unleashed.

50
pseud0r 3 days ago 1 reply      
Where I live you need a copy of your passport to port a number, in addition the new sim can only be sent to your government registered address, I think that would be quite hard to game.

Even so, hackers can still use SS7 to hijack phone numbers.

51
leighmon 3 days ago 0 replies      
Take a look at the article by Cody Brown regarding his coinbase account being drained of ETH and BTC due to the same fundamental problem: way too easy to steal someone's phone number.
52
TimMurnaghan 3 days ago 0 replies      
Too many Forbes articles. They're months behind on this story and have an aggressive anti-adblock so I'd rather not see stories from them.
53
addcn 4 days ago 1 reply      
Wouldn't the easiest solution be to use a landline and use the call options for 2f? Physical access to my home is root access
54
galfarragem 4 days ago 0 replies      
Resuming: what's the simplest solution to at least reduce risk? Is it to get a second phone number just for banking?
55
homakov 2 days ago 0 replies      
Or just ask them all to implement decentralized SecureLogin.
56
avenoir 4 days ago 0 replies      
What is a good way to make these attacks more difficult? Would something like Yubikey work if it had more adoption?
57
theprop 4 days ago 0 replies      
Wow! What's the easiest way to stop this kind of attack? Stop all two-factor authentication?
58
sna1l 4 days ago 1 reply      
Does anyone know if Project Fi provides any extra layers of security? I haven't seen anything
59
microwavecamera 4 days ago 0 replies      
With helpful picture of a "hacker" so you can recognize one.
60
tracked24x7 3 days ago 0 replies      
"Locksmiths Are Breaking into Bank Safes"
61
simooooo 4 days ago 2 replies      
This has been the vector for Twitter hacks for many years.

Get the 2nd factor

62
rxdemon 4 days ago 0 replies      
Old article ?
63
rxdemon 4 days ago 0 replies      
isn't it old article ?
64
KGIII 4 days ago 0 replies      
Test
65
dustinmoris 3 days ago 1 reply      
66
lerie 4 days ago 4 replies      
67
droithomme 4 days ago 4 replies      
Two factor authentication is nothing more than a massive vulnerability. We've seen people somehow change our listed contact numbers through unknown exploits, then hijack ownership of properties using the new number to prove they are us. This wouldn't be possible if not for 2nd factor authorization schemes.
11
SQLite small blob storage: 35% Faster Than the Filesystem sqlite.org
590 points by i_feel_great  2 days ago   198 comments top 24
1
rusanu 1 day ago 9 replies      
I must point out Jim Gray's paper To Blob or Not To Blob[0]. His team considered NTFS vs. SQL Server, but most rationale applies to any filesystem vs. database decision.

The summary was "The study indicates that if objects are larger than one megabyte on average, NTFS has a clear advantage over SQL Server. If the objects are under 256 kilobytes, the database has a clear advantage. Inside this range, it depends on how write intensive theworkload is," but keep in mind this is spinning media from 2006. Modern SSDs change the equation quite a bit, as they are much more friendly to random IO and benefit less from database write-ahead log and buffer pool behavior.

Also, when deciding between blob vs. filesystem, blobs bring transactional and recovery consistency. The DB is self contained, and all blobs are contained in it. A restore of the DB on a different system yields a consistent system, it won't have links to missing files, and there won't be orphaned files left over (files not referenced by records in DB).

Despite all this, my practical experience is that filesystem is better than blobs for things like uploaded content, images, pngs and jps etc. Blobs bring additional overhead, require bigger DB storage (more expensive usually, think AWS RDS) and the increased size cascades in operational overhead (bigger backups, slower restore etc).

[0] https://www.microsoft.com/en-us/research/publication/to-blob...

2
craigds 2 days ago 4 replies      
For web map tiles (millions of tiny PNGs), everyone who's anyone stores their tiles in sqlite rather than on disk: https://www.mapbox.com/help/an-open-platform/#mbtiles
3
tarasglek 2 days ago 7 replies      
This is weird benchmarketing. They are comparing reading/writing 100,000 individual files vs writing 100,000 entries into a single file(sqlite database). For comparison one could concatenate the same data into a single big file even faster than into sqlite.

They then do not offer logical analysis as to why things are faster.

My understanding is that reads are probably faster due to operating system readahead being able to predict reads better when they are within a single file. Writes are faster because they do one bulk COMMIT instead of many individual fsyncs.

4
dsacco 2 days ago 2 replies      
> So let your take-away be this: read/write latency for SQLite is competitive with read/write latency of individual files on disk. Often SQLite is faster. Sometimes SQLite is almost as fast. Either way, this article disproves the common assumption that a relational database must be slower than direct filesystem I/O.

This is under the 1.1 Caveats heading, which makes me feel the title is a little misleading (but only in the way most benchmark headings probably are, I guess).

Incidentally, can someone more experienced with filesystem and database I/O confirm or contest the assertion here? Specifically, I'm not sure it's fair to generalize these results (even if valid) to categorical relational databases. But this is not a special area of expertise for me.

5
rusanu 1 day ago 2 replies      
From OP: "SQLite is much faster than direct writes to disk on Windows when anti-virus protection is turned on. Since anti-virus software is and should be on by default in Windows, that means that SQLite is generally much faster than direct disk writes on Windows."

I don't get this. If scanning the content is important (as acknowledged by the author), then bypassing the scan via blob storage is a security issue and the application should go through some extra hoops to scan the content before saving it to blob, and this should be measured and part of the comparison.

Also, if the SQLite files are exempt from AV scan, then the level field should also exempt the uploaded files folder in test. I mean, knowing the dice are loaded and then claiming it as an advantage does not seem professional.

6
cyberferret 2 days ago 0 replies      
Interesting. We built a couple of systems many years ago using SQLite as the storage engine for binary files - one was a kind of mini version control utility for storing report files for a legacy ERP system.

I always thought that the SQLite system was far quicker to search and retrieve files from the dataset than it was doing so in our previous version, using hierarchical file folders.

Interestingly, we canned the project because the ERP vendor themselves release a similar tool using - wait for it - individual files in a folder system... (Addendum - much later on they switched to - wait for it - CVS for version control.... in 2010!!)

7
Const-me 1 day ago 2 replies      
SQLite is good when youre mostly reading.

For writing, the major drawback of SQLite is it doesnt support concurrent writes.

All filesystems do (at least when writing different files), all full-fledged RDBMS-es do, even some embedded databases do (like ESENT). Yet, in SQLite only a single thread can write.

Even embedded chips are multicore these days

8
WaxProlix 2 days ago 0 replies      
Consistently happy with SQLite, just a lovely little database. Performance is basically a cherry on top of the simplicity it provides.
9
flohofwoe 1 day ago 2 replies      
Storing many small files into few (compressed) bundle files is common since at least the 90's for storing game assets, but usually not with SQLite, but some sort of compressed format (simple zip archives are quite common but there are faster alternatives now). The bundling gives you better overall compression, and faster read performance compared to individual files (at least on Windows) as long as you open the file only once, and from then on only seek and read.

SQLite is a big code base, using a simple archive file format instead gives you most of the advantages, but without the bloat.

PS: This is mostly for read-only situations though. Using SQLite probably starts to make sense when the applications needs to write to and create new files in the archive.

10
mpweiher 1 day ago 1 reply      
Not surprised by the results, very surprised by the explanation given, the overhead of open/close calls.

As far as I know (from many measurements and talking to kernel people and researching the mechanism involved), the difference is due to the fact that buffers are shared between all pages of a single file, and not between files.

So for reads, the filesystem will do read-ahead of significantly more data than requested and keep that in buffers, and future reads will profit. Similar for buffers shared when writing.

The same effect will be reproducible with any format storing multiple objects in a single file, it has virtually nothing to do with "SQLite" or "Databases".

One tradeoff is the greater potential for inconsistencies, which despite all the measures taken is much greater when you modify a file rather than writing only completely new files. Another is the inconvenience and duplication of effort, because all your default file-system management tools aren't available.

It would be interesting to see if a pseudo-filesystem that is mapped to a single underlying file would show the same effects (preferably implemented in user space to avoid overheads of multiple kernel round trips).

11
cassandra1024 1 day ago 0 replies      
"To blob or not to blob" - a paper by Microsoft Research from 2006. https://www.microsoft.com/en-us/research/publication/to-blob...
12
Johnny555 1 day ago 0 replies      
SQLite is much faster than direct writes to disk on Windows when anti-virus protection is turned on. Since anti-virus software is and should be on by default in Windows, that means that SQLite is generally much faster than direct disk writes on Windows.

Isn't this because writing to a SQLite database file bypasses most (or all) of the antivirus file scanning since it's can't see a complete file, and can only look at raw blocks of data?

So if you find value in having your antivirus scan all of your files, that's a disadvantage for using SQLite to store them?

13
TekMol 1 day ago 3 replies      
The reason I still use files rather then SQLite is that I don't know how SQLite handles concurrency.

For example I have a PHP app that is used by 10k users a day and it happily handles 100k tmp files in a single directory. On each request, it checks the file age via filemtime() and if new enough, includes the tmp file with a simple include(). (I write PHP arrays into the tmp files). If too old, it recalculates the data and writes it via fopen(), fputs() and fclose().

This migh be archaic but it has been working fine for years and never gave me any problems.

Somehow I would expect that if I simply replaced it with SQLite, I would run into concurrency problems.

14
codewiz 1 day ago 0 replies      
35% faster than the same blobs can be read from or written to individual files on disk using fread() or fwrite().

How about reading efficiently with unbuffered I/O directly on the file descriptor?

15
wyc 1 day ago 5 replies      
I know that SQLite performs exceptionally on embedded devices including most phones, IoT devices, and more. However, for better or worse, it's a flat file. Does anyone know of a TCP/IP-speaking SQL database that would work well on an embedded device? PostgreSQL/MariaDB seem kinda heavy, and the net couplers for SQLite look pretty unsupported.
16
YZF 1 day ago 1 reply      
What about mixed delete/write/read workloads? How well does SQLite deal with fragmentation?
17
ComodoHacker 1 day ago 1 reply      
Can we draw a side conclusion from these measurements that open()/close() overhead on Win10 is significantly higher than on Win7? This seems doubtful.
18
_pmf_ 1 day ago 0 replies      
> All filesystems do (at least when writing different files)

The article is about writing 100000 files, which will not scale well (since there will be massive contention at the directory inode).

19
JepZ 1 day ago 0 replies      
So anybody knows where I can get this blazing fast SQLiteFS? ;-)
20
bedros 1 day ago 1 reply      
it's basically storing in memory vs storing on a disk

it's not sqlite vs filesystem it's memory storage vs disk storage

21
jstimpfle 2 days ago 1 reply      
This page does not live up to the standards of the other high quality technical articles on sqlite.org. I couldn't even find a reference to the file system used for comparison. But the whole setup is a farce anyway.
22
copenja 1 day ago 2 replies      
I mean, is SQLite not also using the filesystem? Maybe I'm confused here. Seems like saying using C is 15% faster than ASM. But that includes user error, right?
23
meritt 2 days ago 3 replies      
If I asserted: "It's faster to put 10,000 rows of csv data in single file instead of 10,000 individual files" even the most junior programmer would likely say "Well, duh, it's 1 file instead of 10,000".

Yet this benchmark is at the top of HN for some reason.

24
songzme 1 day ago 2 replies      
During my first week at American Express I did not have the credentials to install any applications. My manager wanted me to build a prototype and I couldn't install a database. Firebase and other third party was impossible because I had to work on an internal server. I thought SQLite would save my day, but I remembered it being really hard to install and set up. So I had to write my own DB that I called 'stupid-db'. It literally just reads/writes data into a file: https://github.com/songz/stupid-db

The demo went well.

12
Chuck Thacker has died acm.org
558 points by mpweiher  2 days ago   32 comments top 11
1
iqster 2 days ago 1 reply      
I have fond memories of Chuck at MSR-SVC. I was a lowly post-doc who sat close to him for a time. He was very generous with his time and I can only recall his door being open. I was struck by the breadth of his expertise (e.g. he knew about HCI matters even though I considered him a low-level systems guy). I've heard him being called the engineer's engineer and that is an apt title. He inspired me and will be missed. RIP.
2
Aloha 2 days ago 1 reply      
If you dont know who Chuck Thacker is (and why his contribution is important) - read Dealers of Lightning (https://www.amazon.com/Dealers-Lightning-Xerox-PARC-Computer...)
3
smmnyc 2 days ago 1 reply      
Sadly I didn't know who he was: "...Known for his pioneering design of the Xerox Alto, the first modern PC. He also is credited as a co-inventor of the Ethernet family of computer networking technologies."
4
jszymborski 2 days ago 4 replies      
> After returning to the U.S., Thacker designed the hardware for Microsoft's Tablet PC

Tablet PCs were way ahead of their time and suffered as a result imho. It was hard to find one that wasn't under-powered, and I suspect that it was a way to make them affordable, but hot-damn those things were cool.

Frankly I'd argue we've still to perfect that idea. We've got those "transformer" laptops now-a-days, but finding something with a decent digitizer has still been elusive; or at least it is to me.

Regardless, thanks for the fish Mr. Thacker, hope you enjoy your seat at the pantheon of computer gods.

5
turingbook 1 day ago 0 replies      
I talked with Chuck when he visited China in 2010 just months after he was awarded Turing. He was a really nice guy. It is funny to talk with him.

He joked that he was an unfortunate guy because he always invented something decades of years ahead of mainstream era.

And the secret of so many original inventions? Read the original papers, the very old ones in various fields and learn how people initially thought, and why they failed.

6
7
musha68k 15 hours ago 0 replies      
Very cool, from 1986 - Chuck Thacker on "Personal Distributed ComputingThe Alto and Ethernet Hardware"

"Presentation given by Chuck Thacker (introduced by Ed McCreight) at the ACM Conference on the History of Personal Workstations, held at Rickeys Hyatt House in Palo Alto, California, on January 9 and 10, 1986. The conference was sponsored by the Association for Computing Machinery (ACM) and hosted by the Xerox Palo Alto Research Center (PARC)."

https://www.youtube.com/watch?v=A9n2J24Jg2Y

8
denzil_correa 1 day ago 0 replies      
If anyone is looking for advice, follow this diligently.

> "Choose your colleagues carefully to the extent that they help you and you will be more successful and the extent that you can help them and they will be more successful. Value simplicity and elegance. Pick your problems carefully."

9
Aloha 2 days ago 0 replies      
One by one the people who built the technologies that rule our world will go - their everlasting monument is the change they wrought.
10
sctb 2 days ago 0 replies      
The Archive has a copy of the article if folks are having trouble accessing the site: https://web.archive.org/web/20170613200242/https://cacm.acm.....
11
factorialboy 2 days ago 2 replies      
The dreaded black bar on HN .. :( RIP
13
Be Careful with UUID or GUID as Primary Keys tomharrisonjr.com
587 points by bkudria  6 days ago   291 comments top 54
1
bdarnell 6 days ago 9 replies      
One of the post's points is that UUIDs will scatter your writes across the database, and that for this reason you want a (more or less) sequential key as your primary key. This crucially depends on both your database technology and your query patterns.

In a single-node database or even a manually-sharded one, this post's advice is good (For Friendfeed, we used a variation of the "Integers Internal, UUIDs External" strategy on sharded mysql: https://backchannel.org/blog/friendfeed-schemaless-mysql).

But in a distributed database like CockroachDB (Disclosure: I'm the co-founder and CTO of Cockroach Labs) or Google Cloud Spanner, it's usually better to get the random scattering of a UUID primary key, because that spreads the workload across all the nodes in the cluster. Sometimes query patterns benefit enough from an ordered PK to overcome this advantage, but usually it's better to use randomly-distributed PKs by default.

For CockroachDB, my general recommendation for schema design would be to use UUIDs as the primary keys of tables that make up the top level of an interleaved table hierarchy, and SERIAL keys for tables that are interleaved into another. (Google's recommendations for Spanner are similar: https://cloud.google.com/spanner/docs/schema-design#choosing...)

2
platz 6 days ago 3 replies      
> secondary primary key

This is called a "candidate key" in existing literature. much has been written about such things.

Both UUID's and auto ID's are "surrogate keys" because they are arbitrary with respect to the data.

lastly, "natural keys" are combinations of columns that consist of the business data.

3
problems 6 days ago 2 replies      
> Botnets will just keep guessing until they find one.

Why does your security rely on primary key obscurity? This seems like you're doing something horribly wrong, put some authentication on that or something.

And no, no they won't. Hitting a collision is very hard if you're using cryptographic strength random UUIDs, you wouldn't even be able to bruteforce 64 bits over the internet in a reasonable timeframe.

Go ahead, try the math on that, the only reason small keys are vulnerable to local attack is because you can perform an enormous number of attempts per second, often in thousands of millions of attempts per second and they can keep at it for as long as they want. The database server won't let you query anywhere near that fast. You will never get anything like that for network based attacks as you're limited by bandwidth, latency and of course, the other side who will notice if you even try to do this for any significant period of time and likely block your attempts or limit them greatly.

4
Pxtl 5 days ago 2 replies      
This is why I'm starting to loathe SQL. The theory is great, but when the theory meets the practice and everything falls apart, the perfect kernel of relational beauty turns into a trash fire and I just want to get my freaking graph of objects out of the database. If I use numbers for keys, I deal with disaster when I try to merge from disparate sources. If I use guids as keys, I get terrible performance. Or I can just use a goddamned document store of Json or XML and have related objects get stored right next to their parents and tell the beautiful mathematics of relational algebra to shove it.

I'm tired of hearing "you don't have to say how to get the data, you have to tell the database what you want and it will get that in the most efficient manner" and then deal with an encyclopedia of byzantine rules to get it to do the aforementioned "efficient manner" with anything approaching decent performance. I can see the art, but the practicality mars it beyond recognition. It's like Venus de Milo sculpted out of duct-tape and bubble gum.

Sorry for the rant, I'm just getting frustrated with performance problems in small data sets. I've taken the courses, I've read Date and Darwen, and I'm just starting to get terribly disillusioned.

5
evadne 6 days ago 1 reply      
I recall reading something about this in the PostgreSQL mailing list, message written in 2016 but may still be relevant

https://www.postgresql.org/message-id/20151222124018.bee10b6...

There's no substance to these claims. Chasing the links around we finallyfind this article:http://www.sqlskills.com/blogs/kimberly/guids-as-primary-key...which makes the reasonable argument that random primary keys can causeperformance robbing fragmentation on clustered indexes.

But Postgres doesn't _have_ clustered indexes, so that article doesn'tapply at all. The other authors appear to have missed this importantpoint.

One could make the argument that the index itself becomming fragmentedcould cause some performance degredation, but I've yet to see anyconvincing evidence that index fragmentation produces any measurableperformance issues (my own experiments have been inconclusive).

6
sp332 6 days ago 2 replies      
"Things got really bad in one company where they had decided to use Latin-1 character set. When we converted to UTF-8 several of the compound-key indexes were not big enough to contain the larger strings."

This shouldn't be right. UTF-8 encoding uses the same 8 bits for each valid UUID character that Latin-1 would. Unless someone put invalid characters in the UUID field, I would guess that the new encoding was actually UTF-16 or something.

7
foolfoolz 6 days ago 7 replies      
sounds like the author thinks "uuids are a pain" and wants the benefits of them but with a smaller representation. but doesn't provide any reasonings why uuids are a pain other than not being able to remember them or say them out loud. these are not things anyone does with primary keys!

you'll never say this out loud : 7383929. you may be able to remember it, maybe. in a uuid you'll match the last few and first few letters just as fast in your head

uuids are fine. sorting is an issue but at scale (the entire point of this article) how often do you need to sort your entire space of objects by primary key? you'll have another column to sort on

hiding primary keys and having 2 keys seems like a great way to make all queries and debugging 2x as complicated

8
drawkbox 6 days ago 1 reply      
Maintaining UUIDs is much easier than maintaining id/int lookups that may be autonumbered (mssql, mysql, pg) or sequenced (oracle), even if using them internally and UUIDs externally. This especially comes into play when syncing across dev, staging and production environments and when clustering and servicing out parts of your app.

The moment any db starts to grow to these areas, UUIDs lead to far less issues than incrementing ids everytime.

Most RDBMS now have optimizations and native types (uniqueid) for UUIDs/GUIDs and this is really a moot point at this point, most UUIDs are no longer strings in DBs unless legacy from the time before native UUID types.

UUIDs are right for most projects but not all and as typical in any system, the environment and needs of your project will dictate whether it makes sense to use them.

UUIDs eliminating the round trip and negating dealing with autonumbering/sequencing is a massive benefit, the only real con of UUIDs is the extra 8 bytes but make up for it in less need to lookup during runtime when creating new or associating data with them.

9
MithrilTuxedo 6 days ago 0 replies      
Can confirm: using MySQL and for reasons... everything in the DB gets a primary key set by taking a random UUID, stripping the dashes, and then doing an `UNHEX(id)` in the stored procedures. Those IDs are both the primary keys and the keys used in the service's APIs.

One of our Ops guys did an experiment where they put a uniqueness constraint on the ID column and added an auto-incrementing primary key column that's never exposed to the code driving the thing. It apparently sped up our DB performance by orders of magnitude.

It also turns out that MySQL would perform faster just by leaving those values as strings instead of converting them to binary values. We've got some outside pressure to use Oracle instead of MySQL, and apparently it performs much better than MySQL with our current schema so we apparently aren't going to do anything to improve the MySQL performance or change any of this behaviour.

10
sudhirj 5 days ago 0 replies      
Shameless plug: Anyone bothered about the wasted space in UUID string representation (and using Ruby) can check out https://github.com/sudhirj/shortuuid - it re-encodes your UUID into any alphabet you choose, with a Base62 default (I find that to be a sweet spot that gives both URL safety and efficiency).

Let me know if you want ports in any other languages - the the algorithm is to really just treat the UUID as a hexadecimal number (that's actually what it is) and re-encode it into any other alphabet of choice.

That said, always use native UUID types in datastores - they'll convert to bytes / numbers internally and will always be the most efficient. For other situations, remember that they're just numbers, so you can write them in binary, ternary, octal, decimal, hexadecimal, vowels, baseXX or really any other alphabet you want. The bigger your alphabet (as long encoding remains efficient, like ASCII under UTF-8), the better your gains will be.

11
makmanalp 6 days ago 2 replies      
Yep, glad to see this posted. In the python world, this is why we have UUID.int (https://docs.python.org/3/library/uuid.html#uuid.UUID.int), though the native postgres UUID type with uuid-ossp works well too if you need them auto-generated in the DB rather than in application code.
12
zimbatm 5 days ago 0 replies      
Little rant on UUIDs:

Notice how the author assumes UUID v4[1] in the conversation. There are very few reasons to use the other versions but we are still paying for their price in code complexity all the time.

Look at this UUID parsing code: https://github.com/sporkmonger/uuidtools/blob/master/lib/uui...

What it really should be is `[uuid_string.gsub('-', '')].pack('H*')` (for non-rubyists: remove the dashes, decode the hex back to binary).

Their representation is also not that good since hex encoding is not very compact.

I guess what I'm trying to say is that UUIDs are often used as a default unique identifiers but they are actually not that good.

[1]: https://en.wikipedia.org/wiki/Universally_unique_identifier#...

13
rikkus 5 days ago 0 replies      
Lots of talk about performance, but no numbers cited. I did my own benchmarks before using sequential ("COMB") GUIDs as 'PRIMARY KEY' (yes, they're surrogate keys) and found no material performance difference. I didn't keep the results, but someone else has made their numbers public here: https://blogs.msdn.microsoft.com/sqlserverfaq/2010/05/27/gui...
14
dimgl 6 days ago 9 replies      
This article is so poorly written it's hard to take it serious. The entire paragraph about the size of a UUID takes reading it three or four times before you can actually understand what the author means...

In what context would a primary key change, even when sharding? In my entire career I have yet to see it. Also any sane person would never sort random values. If you need sorting in your table, provide some kind of indexed timestamp.

15
wvh 6 days ago 0 replies      
Postgresql has a UUID type which should store them as a 16-byte number. If you use time-based UUIDs for instance based on the unix time stamp in hex, like CouchDB then you also get sortable primary keys, which conceptually might or might not be useful to your application, but it probably speeds up indexes. I've done exactly this for two different projects, and it works well.

On top of that you get IDs that are impractical to guess, which while wouldn't replace other security measures, would still give you some collision resistance and probably avoid some bugs because of the unlikeliness of accidentally picking the same key for two different entities.

I'm sure there are pathological cases for UUIDs as primary keys in certain scenarios, like perhaps a very high number of small records, but I've not come across them myself. You obviously have to know your own data and database if you have some very specific requirements.

16
caleblloyd 6 days ago 0 replies      
I work on an Entity Framework Core Implementation for MySQL and we recently added sequential GUID generation for primary keys that are of type Guid. The first 8 bytes of the GUID are the current UTC timestamp in ticks and the last 8 bytes are cryptographically random.

One interesting thing we ran into when implementing is that C#'s binary format and string format must be different to be sequential. So we have to detect whether the GUID is stored as a string or binary and put the timestamp in the correct place to ensure it is actually sequential.

Here's the PR for the feature for anyone interested: https://github.com/PomeloFoundation/Pomelo.EntityFrameworkCo...

17
vkrm 5 days ago 0 replies      
Datomic [0] uses SQUUIDs [1] (Semi sequential UUIDs) to work around this:

 Many UUID generators produce data that is particularly difficult to index, which can cause performance issues creating indexes. To address this, Datomic includes a semi-sequential UUID generator, Peer.squuid. Squuids are valid UUIDs, but unlike purely random UUIDs, they include both a random component and a time component.
[0] http://www.datomic.com/

[1] http://docs.datomic.com/identity.html#sec-6

edit: formatting

18
mark242 6 days ago 2 replies      
The reason I don't like the internal-int-external-UUID strategy is that all of your queries now require an extra join. It's no longer "select microblog.* where userid = ?" now it's "select microblog.*,user.id from microblog,user where microblog.userid = user.id and user.uuid = ?".

This may be practical from a storage standpoint but string-based indexes on an SSD are pretty damned efficient.

19
michaelcampbell 6 days ago 2 replies      
> Aside from the 9x cost in size, strings dont sort as fast as numbers because they rely on collation rules.

Why would you sort these to begin with; what ordering of essentially randomness (part of the point) makes sense?

20
mirekrusin 6 days ago 1 reply      
"UUIDs do not reveal information about your data" - this is false statement; in sensitive environments you need to be aware that some UUID versions can leak MAC addresses, timestamps, hashes of your data etc. - sometimes just enough to abuse this information.
21
emodendroket 6 days ago 1 reply      
Why should it matter if you can guess IDs? Presumably records are locked in such a way that simply knowing a URL doesn't allow you to bypass security.
22
ivan_gammel 6 days ago 2 replies      
The strategy "internal int-external uuid" can be simplified if you use encryption and hypermedia API. It's possible to encrypt int and some additional information and format it as uuid v4 (random). For external users that know natural keys of some objects it's possible then to discover the rest of objects by navigation via API, where UUIDs are just some pseudo-random parts of the URIs.
23
harel 6 days ago 0 replies      
PostgreSql has a dedicated UUID column type. Those are fast and the storage difference is insignificant.
24
d0m 6 days ago 1 reply      
One huge benefit of UUID is how you can safely create them while being offline, and then sync them at a later stage without conflicts.
25
eranation 5 days ago 0 replies      
Excellent post, write ups like this are the reason I keep coming here.

What about the hi/lo algorithm as a middle ground?

https://vladmihalcea.com/2014/06/23/the-hilo-algorithm/

In short, and I hope I don't oversimplify, each "shard" or "cluster" in the database gets a "block" of ids it can then go and assign on their own, the sequential "atomic" increase happens only once per hi "block", lowering the contention.

This gives you nice integers, incremental-ish most of the time.

I like the notion of integers internally and UIID (as integers of course! I would have never saved one as a varchar, I swear! ok, I was a noob... I deserve to be shamed)

Great post all in all!

26
mreftel 6 days ago 2 replies      
"Then add a column populated with a UUID (perhaps as a trigger on insert). Within the scope of the database itself, relationships can be managed using the real PKs and FKs."That would mean doing lookups by UUID, which is /really/ bad for performance. UUIDs are evenly distributed, so index caches are rendered nearly useless.With sequential keys, and access patterns that touch mostly new data, all you need to find the row is likely to already be in RAM, no matter how many rows you have. With UUIDs, you'd end up doing random I/O. Might not sound like that big deal to some, but we got a 3x overall throughput increase in one of our apps by switching from UUIDs to sequential ints.
27
flatline 6 days ago 1 reply      
Another alternative to avoid guessing is to use randomized 64-bit integer keys. You still risk collisions over sharding/replication, but only if you truly have a lot of data. You potentially lose some index performance but it shouldn't be any worse than with guids. If you really need the full size of a guid, just use them for the key. I don't get the rest of his argument for hiding internal surrogate keys.
28
krisdol 6 days ago 0 replies      
In a time-series datastore, you may have to replace a set of invalid/corrupt events within an index. Having IDs that are in some way deterministic from the source data, you are able to replace the invalid documents by ID by simply re-indexing that time period with your patch applied. This is the most simple and least risky solution, with minimal downtime

If the IDs are UUID, then the easiest way to fix the values is to drop the index and re-create it, making all of the other data in the index unavailable as it's being recreated.

The less-easy way with UUIDs is to select just the broken events, create new patched events, delete the old events, and insert the new ones in the right index. But you'd have to branch off of your regular indexing logic to do this, probably writing a separate script. Of course if you make a mistake, you may end up with either duplicate documents or loss of data, compounding the original problem.

So I agree, have IDs that are deterministic (that they can be recreated using some known formula and source data, for example: documenttype_externalid_timestamp).

29
stollercyrus 5 days ago 0 replies      
I found this post super helpful. For anyone doing rails development, I wrote a gem to make this really simple. I'd love feedback.

https://github.com/cyrusstoller/public_primary_key

30
paragarora 6 days ago 0 replies      
This is just opinion and looks like UUID is bad for a particular case author is working on.

We have multiple components over different stacks and id could be generated anywhere in the components. We had to live with either building unique id per table separate infrastructure or UUID. UUID works perfectly and with POSTGreSQL, it's just awesome.

31
njharman 6 days ago 0 replies      
Using UUID for external means you've just forced all the problems with UUIDs on your users.

I'm dealing with that from several vendors atm.

32
dpark 6 days ago 2 replies      
> A naive use of a UUID, which might look like 70E2E8DE-500E-4630-B3CB-166131D35C21, would be to treat as a string, e.g. varchar(36)dont do that!!Oh, pshaw, you say, no one would ever do such a thing.

> Think twicein two cases of very large databases I have inherited at relatively large companies, this was exactly the implementation. Aside from the 9x cost in size, strings dont sort as fast as numbers because they rely on collation rules.

Eh, I've done that before because it made some interaction with Entity Framework easier (don't recall what now). Hasn't really mattered. The space for storing GUIDs has never been a meaningful constraint for anything I've ever worked on (9x is also nuts and assumes that your database uses 4 bytes per character). Sorting UUIDs is also generally uninteresting since they aren't meaningful by themselves. Maybe if you're doing lots of joins you might care about this.

33
masklinn 6 days ago 1 reply      
> Another problem is fragmentationbecause UUIDs are random

UUID-4, UUID-3 and UUID-5 are random (3 and 5 are hashes).

UUID-1 is time-based with the time leading, and you can often control the sequence (14 bits) and nodeid (48 bits) fields to be used as whatever you want to avoid collisions.

34
tsechin 5 days ago 0 replies      
At a previous company, we got burned using UUIDs as MySQL PKs. Turns out MySQL keeps data on disk sorted in PK order, so even a moderate INSERT workload would lead to lots IO and disk thrashing as pages kept needing to be rewritten.

Fun times...

35
manigandham 4 days ago 0 replies      
Use the hi/lo mechanism to generate IDs on the client. You can use a simple transaction to reliable reserve a range of numbers and then easily have incrementing numbers. Use longs and you can reserve a billion IDs per second and never run out.

This solves basically all the problems and we use it in production to number several tables with billions of events per day.

36
einrealist 6 days ago 0 replies      
My advice (and daily practice): If IDs are exposed, expose them as strings. If that ID is a compound key of a database, serialize it into a single string. If the ID is exposed via webservice, use URIs. In a entity provided by a webservice (e.g. a JSON-LD document via HTTP), use URLs or URNs. If possible, provide both and a translation service that translates URNs to URLs. URNs should be used for long term storage, URLs for transient use.

If I follow my advice, the type of an ID is an implementation detail of the persistence layer and/or service endpoint.

37
jondubois 5 days ago 1 reply      
The reason given for not exposing UUIDs publicly (migration) doesn't apply to most NoSQL databases because they let you set the ID yourself so you can just copy each document as-is. Maybe the author was referring to databases which automatically (and forcefully) generate the ID on insertion... Even in this case, isn't there a way to tweak this temporarily just for the migration?
38
scandox 6 days ago 0 replies      
I use the internal int and external uuid strategy mentioned at the end. It does make for somewhat confusing code for newcomers. I still don't love it.
39
phamilton 5 days ago 0 replies      
I'm surprised the author calls out that knowing the pk before insertion is useful, but doesn't once mention idempotence as a key benefit.

If you are building mobile apps that sync state, UUIDs make your life so much easier. Optimistically perform writes locally, then perform writes remotely and retry on exponential backoff in case of a network error.

40
iask 5 days ago 1 reply      
I was at a new client the other day and notice that for all their tables in SQL SERVER, they use an IDENTITY column for primary keys, obviously seeded by SQL SERVER. What I found strange is that they allow deletes of records, allowing gaps in the sequence.

Is that normal practice? Their DBA was insisting that its normal.

41
tehlike 6 days ago 2 replies      
When I was a developer on NHibernate, one of my favorite ID generators was something called HiLo.

Each of the clients reserve a chunk of Lo numbers, and increment the Hi number. Basically, they would pre-allocate a chunk of id ranges, and this allowed good distributed id allocation performance, while somewhat keeping local ordering.

Client generated ids are very useful to do.

42
JTenerife 5 days ago 0 replies      
I don't agree with many points.

1. Store uuids in a uuid field. Why starting the article with such a trivial finding that a text field is not optimal.

2. Use sequential uuids.

3. Several benchmarks have shown that the performace hit is minimal.

4. The only way to communicate with ids is to copy and paste them. Never try to memorize, talk about them or type them.

43
clairity 6 days ago 0 replies      
for ruby on rails, acts_as_having_string_id [0] is a nice gem for not exposing sequential int primary keys:

it's nicer than using UUIDs because the strings are much shorter.

[0]: https://github.com/hult/acts_as_having_string_id

44
wcummings 6 days ago 6 replies      
>The original issue with simple auto-incrementing values is that they are easily guessable as I noted above.

I don't think this is a real problem. If you're relying on your ID's being "unguessable" (and introducing engineering complexity to that end) for security you've already failed.

45
sfeng 6 days ago 0 replies      
Using a better encoding than hex for the GUID would fix many of the storage and memory issues he cites: http://eager.io/blog/how-long-does-an-id-need-to-be/
46
russdpale 5 days ago 0 replies      
This is what hash keys are great for. After getting the hash, convert to a BIGINT. Works great for me. You still get everything you do with UUID, but as a bigint so the numbers are much quicker, and its 8b.
47
scotty79 5 days ago 0 replies      
In my current project, in ms sql server, I have guid PK with unclustered index and clustered index on another field filled with current time stamp on insert.

What do you think about such setup?

48
rickmode 6 days ago 1 reply      
I've yet to see anyone mention storing UUIDs in a BINARY(16) column. Use exactly 128 bits to store 128 bits. We'd still have the random sort problem though.
49
org3432 6 days ago 0 replies      
He missed one of the biggest issues, in most implementations they are slow to generate due to the complexity and requiring a PRNG.
50
brlewis 6 days ago 0 replies      
Shouldn't the title be appended with (2015)?
51
kazinator 5 days ago 0 replies      
> Best of Both: Integers Internal, UUIDs External

Database coder reinvents interned atoms.

52
tuxt 5 days ago 0 replies      
We use unixtime + server number + random as pk.

Works fine.

(10 million new rows everyday)

53
arrty88 6 days ago 1 reply      
How big a deal is this on Postgres?
54
cynoclast 6 days ago 1 reply      
This article sort of assumes you're using a relational database.

Most of the drawbacks discussed don't exist if you're using a key value store.

14
$80k/month App Store Scam medium.com
706 points by amima  5 days ago   193 comments top 26
1
blhack 5 days ago 7 replies      
This is particularly annoying while my beta is "waiting for review" so I can have the privilege of giving it to a few beta testers.

How does apple not expect that annoying developers with their app store process (so much so that things like this exist: https://fastlane.tools/), AND charging them 30% AND apparently not actually reviewing anything about the apps making it into their store isn't going to eventually drive people away from it?

(Why yes, I am cranky over the amount of hoops I had to jump through to get to the point of asking apple for permission to put my beta on my co-founder's iPhone)

2
blunte 5 days ago 5 replies      
#1 - Apple has a quarter of a trillion dollars in cash. You would think they could afford intelligent, reasonable app review teams. Clearly they don't bother, based on the complaints from honest developers and evidence of pure scams like this.

#2 - Average computer/phone users are willfully ignorant. I would say stupid, but that's a judgement call (even though I think it's true). Someone with knowledge can advise them, but they cannot be bothered with all that fuss. They'd rather ignore sound advice and push buttons. After all, look at the who runs the country and the complacence of many of its people.

Have you ever had a friend who was a lawyer? Did you ever get some traffic ticket and think, "Hey, I'll ask Bob if he can help me handle this!"? I'm guilty of this once in a while. But "average users" are guilty of doing this to technical people all the fucking time. And when we advise them of behaviors to change to avoid future incidents, they nod and agree, but then repeat the stupid behavior later.

Sorry for the rant, but perhaps it's time to just start replying to scammed/screwed users with, "Oh wow, that's really unfortunate. I guess you'll have to go buy a new phone/computer." Maybe that will jar them into actually using their brains.

* Edit for wine-related typos.

3
notadoc 5 days ago 9 replies      
How does garbage like this get through the App Store? I thought Apple was notoriously strict on approvals?

Also, do people still use the App Store? I don't think I have casually browsed for apps in 5 years or more.

4
chatmasta 5 days ago 5 replies      
These App Store ads are the Wild West right now. I've seen multiple cases where I search an exact app name, and that app's competitor has the top "spot" due to buying an ad. It's like if you searched for Uber and saw an ad for Lyft above it.

How long will apple allow this? At the very least it should be impossible to bid on trademarked terms, and no ad should ever outrank an exact match result.

5
downandout 4 days ago 4 replies      
There has got to be more to this story. People would refute accidental purchases of $400/mo. Perhaps these guys are using tech support scams etc to drive traffic to this thing, or they're simply using stolen credit card numbers to setup Apple App Store accounts. Perhaps that's why the spelling and layout is so bad...it's possible that they don't intend anybody outside of themselves to actually use it.
6
_pmf_ 5 days ago 3 replies      
One thing of note: the spelling errors are deliberate to let only the most gullible people through to the last step (improving the odds that the person in question will not know how to report this as a scam or initiate a chargeback). The same tactics are used by ads on porn sites[0].

[0] Or so I have heard ... from a friend

7
kennydude 5 days ago 3 replies      
Some keywords need to return help topics instead. If you search "virus scanner", Apple should tell users their device really doesn't need one
8
htormey 5 days ago 0 replies      
wow, I'm pretty pissed off by this. One of my clients is a medical marijuana startup and we have had to jump through so many hoops to stay compliant with Apple's random app store rules. We have been rejected on several occasions and pulled from the app store.

I also had another app that was accepted into the app store then when I pushed an update release I was informed that my logo had to change because it used Apple's camera emoji. I only did this because another popular app did the same thing (down for lunch). In order to stay compliant, I had to change my logo.

I'm fine with said rules existing as in theory they are meant to protect lay customers from junk like this. How on earth did this thing make it through a review process that's so hard on some apps?

I wish Apple would apply it's rules and vetting with more consistency.

9
prodmerc 5 days ago 4 replies      
> Ive also never clicked on a Google Ad.

I've never done it, either. I clearly remember the only few times I clicked on AdSense ads - once by mistake, and was extremely annoyed at the results (it was a sort of list like search results), and 2-3 times to test my own AdSense ads (yeah, against ToS).

Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

10
tyingq 5 days ago 1 reply      
I was under the impression that the approval process for the app store was somewhat rigorous.

How did this app get through that?

11
microcolonel 5 days ago 1 reply      
You know, it's sad that people are eager to pay Apple nearly a thousand dollars for a phone, buy an iCloud subscription to go with it, and maybe buy a MacBook (Pro?); and then content that after all of that money changes hands, Apple still wants to fill 80% of your screen with an advertisement. Then, if it wasn't bad enough, they don't vet the advertised applications for basic legitimacy (meanwhile legitimate apps frequently get caught up in endless nitpicking at submission).

I get why people do it, but it's sad that they do.

12
kuon 5 days ago 3 replies      
This kind of things make me wonder why I am honest and poor (I mean not rich to the millions, I am not actually "poor"). I could do scams like this and be rich by the minute...
13
akcreek 5 days ago 3 replies      
How are chargebacks handled on the App store? I would assume a scam like this will receive a relatively enormous number of chargebacks.
14
tinus_hn 5 days ago 3 replies      
I don't understand why such an obvious scam works; Apple keeps the money for a while so they should be able to cancel the developer account and refund all users.
15
endgame 5 days ago 2 replies      
At what point do you say "no, the app store experiment has failed" and give users control of their own devices?

Never, I guess.

16
lordvon 4 days ago 0 replies      
I get the feeling that companies like Amazon and Apple purposefully try to hide as much as possible/tolerable the fact that you are subscribed to something (specifically, Apple apps and Amazon's Audible). I've spent tens if not hundreds of dollars towards subscriptions I didn't even know I had, and I'm afraid this might account for a shocking amount of revenue, as this article suggests. Microsoft on the other hand seems to let you know when you are going to charged again (I've experienced this with my office license subscription).
17
draw_down 4 days ago 0 replies      
There's no way that a huge portion of the blame for this is not Apple's. Some of the ways they run the App Store were pretty silly starting out, and now just outright ridiculous.

Little distinction between ads and search results? No filtering or approval for ads? Scammy $100/week subscriptions for nothing? Meanwhile you're not allowed to make fun of the presidents elbows or whatever. Come on.

18
meric 5 days ago 1 reply      
Looks like many of the keywords you can buy Ads for are underpriced. To advertise for a keyword you need to build can "relevant" to that keyword. It takes time for legitimate app developers to build apps to take advantage of those keywords. Until then, the underpricing of ads is taken advantage of by these "scammers" who build costly non-functional apps and recycle the earnings into buying ads for them.
19
balladeer 5 days ago 0 replies      
And I thought Apple vets the apps (and from what I heard even betas and upgrades/updates too?) before letting it go live on the App Store.

As a long time Android user (and no I wans't happy for most parts; and I wanted to taste the iOS waters both as an user and a mobile dev) who recently moved to an iPhone SE I feel really disappointed.

20
ge96 5 days ago 1 reply      
Haha I thought this was a how to guide initially as a "good entrepreneur" mind you good to me is subjective, or is it personal. Money is money right? I can't ask my clients to pay me so I obvs don't support that.

Nice into the rabbit hole though, should see how bad it gets with VMs.

21
fright 5 days ago 0 replies      
While it's frustrating if taken at face value, Sensor Tower's numbers aren't totally valid. They get the number for a few of my apps really wrong. The download stats are more or less true, but the revenue can be way off.
22
hellofunk 5 days ago 1 reply      
When I read stuff like this I really lose faith in the human race.
23
whyagaindavid 4 days ago 0 replies      
Does nobody from apple read hn? How does one recommend iPhone to NGOs, privacy activists, other vulnerable people?
24
LoSboccacc 5 days ago 1 reply      
yeah app store quality has dropped to google play levels to the point that one of ios last, actual, concrete advantage for non technical users is becoming moot.
25
kuroguro 5 days ago 0 replies      
Brilliant! Wish I would have thought of that xD
26
timwaagh 5 days ago 0 replies      
finally i can be rich too! too bad i am not an ios dev. these apps are made by people from 'nam. i doubt you could do this in a civilized country without getting sued into the ground though.
15
NumPy receives first ever funding, thanks to Moore Foundation numfocus.org
543 points by happy-go-lucky  2 days ago   82 comments top 17
1
chollida1 2 days ago 5 replies      
Wow, I'm surprised that this is the first funding they've ever got.

It wouldn't be a big stretch to say that 90% of quantitative hedge funds use Numpy in some fashion, whether its directly, or via a library that sits on top of it like pandas or tensorflow.

I can't think of a more ubiquitous library in the financial space, maybe QuicFix (http://www.quickfixengine.org/)...

Maybe numpy's problem is visibility?

Possibly it does its job so well that people don't know they are using it when they use library libraries like scikit learn and Pandas?

2
csaid81 2 days ago 10 replies      
It's great that the Moore Foundation provided funding for open source data science tools in Python. Good for them!

That being said, I do wonder if numpy is the most appropriate recipient. In my experience with data science, the tool that would benefit the most is not numpy, but pandas. While data scientists rarely use numpy directly, every data scientist I know who uses pandas says they are constantly having to google how to do things due to a somewhat confusing and inconsistent API. I use pandas at work every day and I'm always looking stuff up, particularly when it comes to confusing multi-indexes. In contrast, I rarely use R's dplyr at work, but the API is so natural that I hardly ever need to look things up. I would love if pandas could make a full-throated commitment to a more dplyr-like API.

Nothing against pandas -- I know the devs are selflessly working very hard hard. It's just that it seems there is more bang for the buck there.

3
carreau 2 days ago 0 replies      
Just to note that if you know of anyone who is interested in working on NumPy and potentially to move to UC Berkeley then tell them they probably should contact Nathaniel if NumPy got funding they'll likely hire developers/community manager/technical writer ... etc . UC BIDS is a fantastic place to work at, and Nathaniel is an extraordinary person to work with. I'm going to assume there is also some opportunity for remote work.
4
rectangletangle 2 days ago 0 replies      
Really surprised there wasn't already funding for this.

Numpy is an amazing library, and it's basically Python's "killer app." The fact that you can seamlessly blend numerical/data science computing with more general web applications is what makes Python great.

5
gigatexal 2 days ago 1 reply      
Imagine if .1% of wall street profits from shops that use numpy were donated to the project. Or some similar scheme for the other OSS projects used for profit by large firms.
6
ykler 2 days ago 3 replies      
I wonder what they plan to use it for. Numpy kind of seems finished already.
7
thearn4 2 days ago 1 reply      
I could have sworn that Continuum had gov't funding for numpy development, but maybe that was just for Blaze?
8
visarga 2 days ago 1 reply      
Are they going to make Numpy work on GPU? There is a library called Cupy (from Chainer) that does that but not quite well enough. In fact on my attempt to swap Numpy with Cupy, my program ran slower.

https://github.com/cupy/cupy

9
metalliqaz 2 days ago 0 replies      
They've come a long way without funding. Good for them. Mathworks taking notice, I'm sure.
11
marmaduke 1 day ago 0 replies      
Slightly off topic but you can use most of the Python stack from MATLAB since version 2014b. The syntax is a little funny but it works well outside of ABI mismatches in shared libs.
12
santaclaus 2 days ago 1 reply      
Wasn't Google funding the lead dev on NumPy for a while?
13
theprop 2 days ago 0 replies      
Congratulations!! Nice work...looking for lots more math libraries :-D!
14
digitsman 2 days ago 0 replies      
Does anyone have a link to the text of the proposal?
15
ahmedfromtunis 2 days ago 1 reply      
I really wish I could help!
16
gregjw 2 days ago 0 replies      
About time.
17
in9 2 days ago 5 replies      
$645020 is good for what? 4 jr developers or 3 slightly experienced developers, working full time on numpy for 2 years?
16
Inkscape Moves to GitLab inkscape.org
522 points by dabber  4 days ago   205 comments top 11
1
lucideer 4 days ago 12 replies      
I used to use Inkscape constantly on Windows & Linux, and really like it. I found the UI intuitive and it did absolutely everything I asked of it.

Which is why the XQuartz/&c. user experience on macOS really really surprised me. It's absolutely unusable. Inkscape for macOS basically may was well not exist as far as my experience with it goes.

Are there other comparable GTK+ apps that work well under macOS or is this a common story?

2
luord 4 days ago 1 reply      
Every time a project moves to GitLab or GitHub it is great news; I find them much easier to contribute to. It's specially goo news when it's gitlab, it's just an all-around awesome service.
3
benwilber0 4 days ago 4 replies      
> During the decision about which platform would host our git repositories, we discounted staying on Launchpad itself as its git support was very weak compared to other platforms and the project doesn't appear to be actively developed.

How in the heck did Canonical squander such an incredible opportunity to be the de facto standard for Ubuntu/FOSS code hosting by letting Launchpad stale so badly?

They freaking built it into their distribution of apt with PPA shortcuts, etc.

Unbelievable.

4
mintplant 4 days ago 2 replies      
I can't find a link to their GitLab instance/repositories. Where is it?
5
riffic 4 days ago 1 reply      
Self-hosted GitLab, or gitlab.com? Would a link in the article to the repo be too hard?
6
rejschaap 3 days ago 0 replies      
I am very curious how many devs will stop and how many will start contributing because of this move.
7
codebam 4 days ago 0 replies      
I really hope other FOSS projects take the same initiative
8
akerro 3 days ago 0 replies      
Now just please make use of https://hosted.weblate.org/ for translations
9
bburger71 3 days ago 1 reply      
10
rishidevkota 4 days ago 0 replies      
:)
11
na85 4 days ago 14 replies      
I really want to learn to use inkscape well, but just can't grok the interface. It's a sad symptom shared by many open-source projects.

They seem to want to differentiate themselves as (e.g. "not photoshop" in gimp's case) but seem to equate that with "ignoring good ui/ux design".

17
Automattic is closing its San Francisco office as most employees work remotely qz.com
529 points by nkjoep  3 days ago   299 comments top 24
1
marcuskaz 3 days ago 4 replies      
We didn't switch to allowing remote work but started remote and always been remote. We had an office space at Pier 38 that was closed by the city in 2011[1], so had to scramble to find space. At that time we thought we would expand more in Bay Area and found a good deal that also could support other employees visiting the Bay Area. For example, in 2013 we held our whole company meetup, but have outgrown it. The main US WordCamp used to be held in SF but now as cost goes up we are moving them around last two in Philly, next in Nashville so another use of the space wasn't needed.

We found it easier to grow and expand all over the world and didn't grow as much in the Bay Area as thought. Currently only 20-30 people of our 550+ live in Bay Area

Also as far as space goes, that is just one photo of the downstairs area of the space. You can see more at https://automattic.com/lounge/ and some early shots here https://customspaces.com/photo/uklO4BLxis/

P.S. I'm the guy in the green shirt in the photo, woo hoo!

[1] https://techcrunch.com/2011/09/06/pier-38-shut-down/

2
alaskamiller 3 days ago 9 replies      
Had a party at the WordPress office a few years back and it's a great space. There's a lounge, kitchen, the bathrooms are nice, some room for bikes, and the rest of the space is setup to be multi-use. There's a big stage area and the corners are furnished to be pretty cozy.

Of my past work places--death star cube farms in old silicon valley to tiny rooms in sweltering Berkeley summers to shiny live/work lofts to giant sprawling disneyland like campus to noisy hipster coffee shops--that WordPress office would be up there in terms of a good place to work at.

The real story is the upward trend that if you give an inch, your employees will take a foot. If you offer telecommute, workers will not show up.

I've been freelancing and telecommuting the past five years. I've built my workstyle around chat bubbles, slack channels, video calls, and emails whether 2PM or 2AM.

I've built my lifestyle around that. As in I work around my life. Things just... get done without a direct measure of productivity anymore.

Sitting somewhere from 9 to 5 is like watching TV from the 2000's, ordering Netflix DVDs when we live in the 2010's with streaming Netflix.

And as one disappear, so does another and another. When you look around and realize no one else is there anymore it just becomes a ghost town while the virtual water cooler becomes more and more vibrant.

No ones goes to the office anymore, it's too lonely.

3
Androider 3 days ago 3 replies      
If you ask anyone inside IBM or Yahoo, going from remote to in-office was all about significantly reducing the headcount. The moves also coincided with reducing the number of sites, so many people would have to move far away or resign.

I think the benefits of working remotely are still poorly understood, and long-term the companies that are being built remote-first are going to have a significant engineering advantage over those that bolt remote working on after the fact.

4
ldp01 3 days ago 1 reply      
It sounds like the crux of the issue is connectivity is now fast, reliable, and cheap. Employees don't need to waste time commuting anymore, so they don't.

Now spare a thought for those of us sweating in the digital wasteland that is Australia.

Every so often I have to walk over to my fridge and nudge my 4G modem to improve the signal strength. I have a script running 'round the clock to reset the darn thing if the connection drops completely (this somehow it fixes it). I need the 4G connection because the copper wire to my house is so broken it can no longer support an ADSL signal.

Fibre is apparently coming in like... 2019? It is expected to run at a maximum of 25Mbps.

Needless to say, remote work is not exactly on the cards.

5
mrweasel 3 days ago 5 replies      
If you look at the pictures I can't say I'm surprised. It doesn't look like a nice place to work. Two long desk, concrete floor, it looks very temporary.
6
westoque 3 days ago 4 replies      
As a remote developer myself. I still value having an office.

I think being remote with an office setup is the best you can get. I can go in at any time I want, and still have the nice environment to work from of.

Being remote doesn't necessarily mean no offices.

7
nfriedly 3 days ago 1 reply      
I feel like I have the best of both worlds. I work remote, at least from my employer's prospective, but I recently leased an office in town.

I now have a quiet, private space to work, and a nice 5-6 minute bicycle commute :D

It costs a little bit (~$300/mo for the space & utilities - yay for small-town-Ohio pricing), but it's totally worth it.

8
syshum 3 days ago 3 replies      
>The goal is to make the companys workforce more nimble

No the goal is to reduce head count with out laying people off. Companies that go from Remote to Non-Remote do it because it is an easy way to reduce head count with out having to Lay people off, it is a methodology to force people to look for work elsewhere.

People that can not relocate or have built their life around working from home can not or will not make the transition back to working in an office easily. As such they will seek out employment that better fits their needs which is ultimately these companies goal because they want to avoid that "XX Company is laying off X,XXX people in the next quarter" headlines

9
TokenDiversity 3 days ago 2 replies      
I'm sick of working in open spaces. If you cannot give me a cubicle, let me work at home.

There are countless researches clearly saying that open spaces are bad for productivity yet for some reason they always win. And it's easy to see why, you only have to throw buzzwords like collaboration, team-work, open ... and done.

10
Mozai 3 days ago 3 replies      
So they bought an oversized office space, provisioned it like a warehouse, in a location that is horribly expensive to live near or get to. Are they surprised employees would rather not go there?
11
CapnCrunchie 3 days ago 0 replies      
Working remotely has been a great experience for me. My wife and I started traveling around the US since I am fully remote and her company offered to let her work remote for a while so we could do this.

We either work out of the Airbnb we rent or a cafe. In some cities we were close to a reasonably priced co-working space and would work out of there.

The big draw for me has been the flexibility. We try as hard as possible to do asynchronous work, so some days I will take a few hour break in the middle of the day and go do something, and then work later into the evening.

12
sgt 3 days ago 4 replies      
I find this quite funny: "And if theyd rather work at Starbucks, Automattic will pay for their coffee"

I can understand occasionally working out of a coffee shop. But who does this all the time and remains productive? And is it really fair to the coffee shop?

13
spikels 3 days ago 0 replies      
Shame that such awesome space was barely being used right in the middle of SF. There is a pretty severe shortage of office space in the area. Automattic should both make a pretty good profit by subleasing at current much higher market rents and help alleviate the shortage.

Even better would be if this low density land could be incorporated into the huge 667 Folsom office/residential project planned next door. You could build 50,000+ sqft on that large lot and help both the office and housing shoartage. Unfortunately SF's planning process is so slow and uncertain it is probably too late even if the owner and tenants agreed.

14
tuna-piano 3 days ago 5 replies      
Humans desire to be a part of a community. For the last several decades, that community (in the US) has been in large part the workplace.

Is anything replacing the workplace as the form of community for people or is that something that is just being lost?

15
kyriakos 3 days ago 2 replies      
doesn't strike me like a nice office. looks like a co-working space for startups. add more people and it will look like a hackathon than a company workspace.
16
redm 3 days ago 0 replies      
It's gotten far easier to telecommute in recent years and that keeps the productivity much higher than it used to be. My partners and I tried remote work back in 2007, even spending 10k to video conference with Marratech [1] (Google-owned). Today it's trivial to have good fast communication while working remotely.

[1] http://www.marratech.com/

17
raimue 3 days ago 0 replies      
The article claims they had 5 people visiting the office regularly. That does not sound much compared to 550 employees. However, according to their map [1], there are only about 10 employees in SF itself, a few more in the surroundings.

Maintaining a 15,000 square feet office in that area for the amount of employees seems oversized in any case.

[1] https://automattic.com/map/

18
daemonk 3 days ago 0 replies      
I've just started working remotely. I think one of the major benefit for me is actually that we mostly communicate via e-mail/messaging services.

Of course there are plenty of situations where talking face to face is more informative, but I often find that to be rare.

Communicating via text has the added benefit of documentation and allows you to think about what you are actually writing. I find describing what I plan to do with a client via text helps me organize my thinking.

I work in data analysis though. So maybe this doesn't apply to other fields.

19
KIFulgore 3 days ago 0 replies      
Judging just from the photo, I'd work from home too if my workspace was a warehouse with a bunch of picnic tables.
20
pyb 3 days ago 0 replies      
Funny how fast the 'remote' tide has turned in the last year or two. These days, most prospective employers/contracts I find would prefer me to work remotely. Although personally, I'd rather work onsite ! This is for London and the South East of England.
21
aresant 3 days ago 0 replies      
What does a remote team do to enterprise value assuming a long term acquisition?
22
cygned 3 days ago 0 replies      
I am wondering how a globally distributed team is set up from a law perspective.How can I employ someone from another company? Create a subsidiary in their country?
23
winteriscoming 3 days ago 0 replies      
Looking at that picture, it looks like some kind of backroom place in some store where employees gather to have lunch.
24
carroccio 3 days ago 6 replies      
What type of work can one do without double monitors and a mechanical keyboard?
18
Apples Guidelines Now Allow Executable Code in Educational Apps and Dev Tools macstories.net
407 points by tempodox  3 days ago   252 comments top 25
1
interpol_p 3 days ago 3 replies      
I've just submitted an update to Codea[1] that allows for the importing of user projects[2]

It has been "In Review" for a suspiciously long time now. So I think it might be testing the application of these updated policies.

I have often submitted updates to App Review which include the ability to download and install executable code (along with review notes detailing my reasoning) with the knowledge that they would be rejected. I have also appealed Apple's rejections in order to effect a change in policy for the App Store. At some point during phone calls with the reviewers they told me they were "advocating for policy change internally on my behalf" even if they couldn't approve my app right now. I'm so glad policy has changed now.

[1] https://codea.io

[2] https://twitter.com/twolivesleft/status/873692454947442688

2
paultopia 3 days ago 8 replies      
Honestly, I try to write code on iOS all the time, and it's not really the absence of tools that can execute that code that really stands in the way. Instead, it's:

- The absence of a really good typing story. The 12.9 iPad Pro with smart keyboard is nice for typing text but terrible for moving the cursor around. It's agonizingly slow to do it with keyboard (highlighting is worse, for some reason) and inaccurate to do it with finger/fiddly to do it with Pencil.

The only text editor with vim keybindings (an absolute must in an environment where it's hard to move the cursor normally...) of which I'm aware is Buffer, while the only text editor with both good syntax highlighting and good github integration (via Working Copy) is Textastic. Honestly, I really wish one of those two would just buy the other so that I could have both.

- The absence of a really good ssh story. Prompt is nice, but for some reason, whenever I try to SSH into anything, there's so much latency that it is really painful to actually do anything. Maybe I just have slow network connections? But anyway, so much for just coding on a linode or something in vim.

3
JesseWright 3 days ago 0 replies      
I actually appreciate that Apple stipulated "apps must make the source code... editable by the user". I personally think this helps with the educational spin to this currently, as it assures users are able to see source code but also tinker with it and learn. This is something I wish I would have had when I was in school - there were some editors at the time, but none of them could run any at that time to my knowledge.

I think this could really help a lot of students for what it is, and I hope it does well in that regard.

4
nolok 3 days ago 6 replies      
Let me give a courtesy remainder that it is "... until Apple change their mind".

Whatever the provider, I really hate those walled gardens where what you can deliver or not is at the whims of a company whose interest is not always aligned with yours. I understand being on them is necessary due to how large their market are, but this is really not where I hoped we would be fifteen years ago.

I guess I'm merely venting, and daydreaming about what could have been, "if only"...

5
ferdterguson 3 days ago 4 replies      
I feel like we are inching closer to being able to write code on iOS. Swift storyboards on the iPad kind of opened the door and I hope we can keep chipping away at this.

The day I can run and write Python natively on iOS is the day I buy an iPad Pro. Right now there are some good ssh clients and I can write code from a terminal, but pros of the device are not worth that tradeoff right now IMO.

6
mark_l_watson 3 days ago 0 replies      
One of my favorite apps is Raskell, basically Haskell 98 ported to iOS. It uses Dropbox for storage so it is possible to move small Haskell applications in and out of iOS. Pythonista is also very cool.

I like the safety of the iOS walled garden but I also see real value in complex IDEs like IntelliJ running on iPad Pros.

7
barrkel 3 days ago 1 reply      
Technically any program which loads a file is executing loaded code - the file is interpreted as a set of instructions about what data structures to create. This is more explicit for things like vector formats, and reaches its logical conclusion with things like postscript files.
8
sudhirj 3 days ago 3 replies      
Anyone know how Swift Playgrounds work? Do they interpret the Swift code or compile it against a set of mock APIs?
9
jacquesm 3 days ago 8 replies      
What I find absolutely incredible is that this is accepted at all. You really have to wonder how we went from a computer with a bunch of slots and open schematics to one that is so closed you need permission from the manufacturer to run whatever code you desire.

The degree of paternalism is astounding.

10
Jyaif 3 days ago 1 reply      
Ah, but now we need to be able to spawn processes (at least one extra), otherwise we app developers can't secure the user's data in our own app...
11
klinquist 3 days ago 0 replies      
Dear VSCode team... now is the time for VSCode for the iPad!
12
sigjuice 3 days ago 2 replies      
Apple should just do a Darwin/macOS ARM VM on the iPad so developers can have ARM Homebrew and other Unix tools they are used to.
13
laughingman2 3 days ago 1 reply      
The irony of people defending apple because its "safe" and doesn't let you "shoot yourself in the foot" in a forumn named Hacker news.

What is happening to hacker culture? I think as influx of new programmers increase, awareness on the culture's ethos of freedom, liberty, anti-authoritarianism, anti corporatism has to be increased.

Or we will have people loving to be jailed by their benevolent overlords in "apple/google/facebook/etc"

14
d08ble 3 days ago 0 replies      
Amazing! I've been waiting for this.

Animation CPU Studio will be published soon.

https://twitter.com/AcpuStudio

15
brians 3 days ago 0 replies      
One step closer to Emacs on iPad.
16
eecc 3 days ago 0 replies      
17
Aaron1011 3 days ago 0 replies      
> Apples Guidelines Now Allow Executable Code in Educational Apps and Dev Tools

This title is somewhat confusing - it makes it sound as though educational apps and dev tools somehow weren't allowed to execute code before, which doesn't make any sense.

18
noblethrasher 3 days ago 0 replies      
Funny coincidence: I just downloaded Scratch Jr. for my nephew this past weekend, only to be disappointed that we couldn't view the other projects from within the app, nor could he share his.

I hope that we can now expect to get this feature, soon.

19
jonknee 3 days ago 1 reply      
Silly question, but how does WeChat get around this? Does custom code for Official Accounts just work on Tencent's server and basically work in a WebView?
20
83457 3 days ago 0 replies      
yay, pico-8 should be allowed now
21
fgandiya 3 days ago 2 replies      
I hope this mean I can easily load scripts onto Pythonista. It's a real pain right now.
22
adm2life 2 days ago 0 replies      
Good step in right way !
23
jlebrech 3 days ago 1 reply      
so something like xcode on ipad is now possible, as they won't build it themselves.
24
dalacv 3 days ago 0 replies      
Just an FYI, I use a cheap Android device with a Bluetooth keyboard and mouse and use Termux which is a Linux emulator with support for many packages including vim, python, jupyter, task warrior and much more
25
pmarreck 3 days ago 1 reply      
Did they ever consider that any number of web browsers can already execute javascript?
19
Lessons Ive Learned from Three Million App Downloads jordansmith.io
483 points by jordansmithnz  3 days ago   111 comments top 20
1
firasd 3 days ago 8 replies      
Love this bit: Sometimes youre stuck on a problem, and there just dont seem to be any great solutions: maybe its related to a piece of code youre writing, or decisions around how youre going to market your app. Then, you start thinking about the problem from a wider perspective. You realize that you wont need to even write the tricky piece of code if you architect it the right way, and that the marketing decision is one your friend (who has a knack for that sort of problem) would know how to tackle. You could sum it up as taking a step back from the problem.

Taking a literal step away tends to help. I've often realized new approaches or epiphanies when mulling a problem while walking or in the subway.

2
srinathrajaram 2 days ago 1 reply      
"What Ive learned (aside from sucking it up, and sending a kind, helpful response) is: design your product as if it was going to be used by people that are a software literacy step below the target user."

Completely with you on the 'sucking up and sending a kind helpful response'. Snark does not pay. It makes no sense to snap at a user.

Regarding the other point about first-time users. I have a slightly related theory.

When you design something, design it for someone who has the attention span of a two-year-old. Not because your app is going to be used by a two-year-old. But because that is how much mental bandwidth a user is going to give you. Your user is probably busy or just likes to multi-task.

Working that much harder on the UI pays off, or at least prevents a disaster.

3
sidlls 3 days ago 3 replies      
"So, dont be stingy: a product with no paying users is (usually) better than a paid product with no users. Its much easier to upsell to an existing customer than it is to find an entirely new paying customer."

This is generally true, but it seems a bit like applying an Enterprise view of sales to a market of minnow sized budgets. It reinforces app consumers' view that apps should only charge for marginal value, not core value or the biggest value. This sort of "freemium" model leads to basically a market of pure crap with extremely rare gems.

Edit: I'm not dumping on the author, here. Were I to "do mobile" I'd probably take a similar approach because it clearly works.

4
jansho 2 days ago 1 reply      
It's particularly encouraging to read the many hours of work and back-stepping he's done, to get the quality really, really high. Startups are often associated with speed, but less so on flexibility, even if lean philosophy purports it. Ship fast. Get the bare-bones MVP done. Aim for viral growth. This is probably why we have millions of apps, but only a few dozens last and actually taken up by the mass. Different types of products mean different processes after all, give or take amount of resources.

In this app's case, it's about re-imagining an existing function - timetables. The designer knows that user experience is everything, and because of this he's willing to scrap everything if need to. And even when this happens, it isn't exactly waste as you understand the problem deeper and come to the design of an even better solution.

Sure you can argue that an MVP can bring about those design iterations. Keeps your focus on the users too. But arguably the market for this type of product is very active - though not necessarily competitive. So rather than get buried with the hundred others, it needs to shine right from the beginning.

5
ensiferum 2 days ago 0 replies      
Regarding just trying again and again... "Winners never quit,quitters never win but those who never win and never quit are idiots".

I'm reality most of us don't really have more than a few shots except in those rare cases of the most trivial apps.

6
scarface74 3 days ago 5 replies      
What's sad is because of App Store economics. He can never depend on his paying customers to ever pay for an upgrade. He will always have to chase new customers.
7
sriram_iyengar 3 days ago 0 replies      
Very impressive Jordan. Pls do consider releasing TimeTable in India - an Android version if possible. Millions of parents of primary kids (more than the students) will be happy.
8
ramshanker 3 days ago 1 reply      
TLDR: App design is equally important as coding. Design everything around first time user and simplicity.
9
djsumdog 2 days ago 1 reply      
A lot of apps are like this. I know dev who were like "They made that all that money off Angry Birds." Didn't Rovio have a bunch of terrible ideas that failed and Angry Birds was one of their last ditch projects?
10
lettersdigits 2 days ago 0 replies      
"Instead, my moderate success story is closer to one of hard work, and slow, steady progress"
11
abraae 3 days ago 1 reply      
I'd be intrigued to know what caused those spikes in your download volumes.
12
minademian 2 days ago 0 replies      
really great article. It's a breath of fresh air in the sea of churnalism suffering from Mediumitis - "I did this in 3 hours and now I have self-worth".
13
FollowSteph3 2 days ago 1 reply      
It's sad that people aren't willing to pay $1 for an app but are willing to purchase in app features. I feel mobile software is moving in this direction and that it will only get worse with time. The sad part is it makes software more complex and hence more expensive overall, and you probably end up spending more over the lifetime of the product...
14
guard0g 3 days ago 0 replies      
Some profound product management wisdom there, Jordan. Wish enterprises understood it as well as you've laid out. Thanks for the post and here's to your continued mojo.
15
jaclaz 2 days ago 0 replies      
>Sure, three million downloads is a lot, but thats happened over more than six years.

It still remains "a lot", US$ 500,000 per year, not exactly peanuts IMHO.

EDIT:Ah, no wait, I misread the article, he got a handful of downlads when the app was US$1, the 3 million downloads are since it was made free/freeware.

16
6stringmerc 2 days ago 0 replies      
Personal essay strikes again in business context - I like it very much and glad to see it here. Looks like a useful read and educational.
17
therealmarv 2 days ago 1 reply      
Does somebody know which blog engine and theme was used here?
18
tarr11 3 days ago 1 reply      
Would love to see revenue data!
19
michaelevensen 2 days ago 0 replies      
Thanks for sharing Jordan!
20
syngrog66 2 days ago 4 replies      
agreed

unless -- based on personal experience -- if it's treated as suspicious by the local police/neighbors, even if its a skinny, geeky-looking, white male who goes out walking alone late at night.

if I had a nickel for every time I've been harassed by police or local do-gooders, I'd have a lot of those nickels. and I'm not even of the demographic that PC-ness says should be oppressed. (ostensibly: black+male, or male+gay, or non-white, or female, or mean-faced, or weapon-carrying, etc. in reality: straight white male, innocent, no weapons, not in a gang, no drugs, etc.) "why are you walking alone at this time? why are you looking at things? implied: are you a terrorist? a pedophile? explain immediately!"

We do not (always) live in an intellectual-friendly culture. At least not in the USA, 2017. We (might, often) live in a small-minded, hyper-stereotyped, very ignorant local culture. Obviously it depends on precisely where you live. SF on Friday at 8pm? very different than Kansas, small town, Wednesday, etc.

not even joking. (And I submit this knowing it's not a HN-hivemind/PC-aligned viewpoint, and thus will be downvoted. I do not care anymore.)

20
Pirate Joes, Maverick Distributor of Trader Joes Products, Shuts Down nytimes.com
374 points by artsandsci  6 days ago   266 comments top 37
1
captainmuon 6 days ago 15 replies      
I don't understand with what right trader Joe's can prohibit somebody from reselling their products. If he clearly states where he bought them from, and that he is not affiliated, and doesn't misuse their trademarks (impersonate them), it should be absolutely legal.

A side remark, people often say how great the US / north America is for entrepreneurs, compared to (continental) Europe where there is a lot of red tape and regulations. But in my opinion, if I were to do this in Germany there is no way ALDI (whom trader Joe's belongs to iirc) could sue me out of business. Not even with the old frivolous "we are wrong but you can't afford the defense" trick. There is just so much legal uncertainty in NA that it would give me nightmares doing business there.

2
lsiebert 6 days ago 2 replies      
I am not a lawyer, so I don't know that I am qualified to comment on the legal issues.

I can say that this does make me upset at Trader Joe's, and I will be considering where else I can spend my money.

They could have worked with this guy, eventually set up a Trader Joe's in Canada, and then offered to let this guy run it. That would have been better for their brand, in my view.

I care about what companies do. Costco hires employees and treats them well. It pays above average, and it hires and keeps on people with disabilities and injuries, even if they can't do everything someone else can do. It makes me feel good to shop there. And it's employees are loyal, hard working, happy and friendly, and they have less pilferage then other stores.

This idea that a company has a duty to be a dick is silly. Companies should care about their brand, and about being a good corporate citizen.

3
chx 6 days ago 5 replies      
Let's review one of the court documents because it has a very important detail. https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/26/1...

> Defendant Michael Norman Hallatt purchased TraderJoes-branded goods in Washington State, transported themto Canada, and resold them there in a store he designed tomimic a Trader Joes store. Trader Joes sued under theLanham Act and Washington law.

Repeated later:

> It is uncontestedthat Defendant Michael Norman Hallatt purchases TraderJoes-branded goods in Washington state, transports them toCanada, and resells them there in a store he designed tomimic a Trader Joes store.

Emphasis mine and it's a big deal. Trader Joe's would have had a hell of a time bringing a suit if it would be called Hallat's Little Shack and would look like any random grocery store.

4
Noos 6 days ago 1 reply      
Problem is it sounds like he was trying to rely on association to the Trader Joe's brand to make money, kind of a shadow franchise. That opens up the problem of brand dilution, and even the most ethical companies have to be ruthless about that, or they can lose their own brand and all the benefits they worked to build with it.

He should have realized the need, and done things like match their product mix with his own brands, work on making the store's own feel, and dampened direct association to Trader Joe's. He didn't and it bit him in the ass. No sympathy here.

5
thefalcon 6 days ago 2 replies      
There's protecting your brand, and then there's whatever the heck it is Trader Joe's did here, which seems senseless and malevolent.
6
rfdub 6 days ago 2 replies      
Trader Joes doesn't have a goddamn peg-leg to stand on in this dispute. If Trader Joes had made any indication whatsoever they were seeking to satisfy the clearly substantial demand for their products in Vancouver I might better be able to see their side of the story, but they have done absolutely nothing to expand into what would be ludicrously lucrative market. I know multiple people who have sent bloody hand-written letters to Trader Joes begging them to open a store in Vancouver and yet they would rather spend hundreds of thousands of dollars fighting a local small-business owner than satisfy the demand themselves. Regardless of the legality of this situation Trader Joes has not won the moral high ground.
7
settsu 6 days ago 0 replies      
While this was arguably a legally heavy-handed act on Trader Joe's part, it also seems like Mr. Hallatt became increasingly bold and antagonistic as his revenue increased.

I mean, he did change his store name to Pirate Joes (from the far more ambiguous Transilvania Trading) and his actions seem to betray less charitable motivations than his words would lead you to believe ("This is not a business I should be doing from a personal profitability standpoint - https://www.theguardian.com/world/2014/nov/21/pirate-joes-tr...)

That said, seems like Trader Joe's missed an opportunity for a win-win partnership with someone who had already developed rudimentary logistics to meet a demonstrated demand. But then it doesn't surprise me based on my 30+ years shopping at Trader Joe's: I would never describe them as innovative, instead I'd say they are very focused on what they've been doing well for decades.

8
SeeDave 6 days ago 2 replies      
Pardon my ignorance, but... why would Trader Joe's have a problem with their products being resold in Canada if they don't have a presence there? Does their parent company have a competing brand that sales are being cannibalized from?

From my perspective: every product sold in Canada was purchased in the U.S. so... if anything, this Pirate Joe fellow has provided additional sales for Trader Joes and proved that there is demand for Trader Joe's products in Canada at an incredible 40% markup!

If they're not interested in servicing Canada, would it not be to Trader Joe's advantage to enter a formal franchising or wholesaling agreement with Pirate Joe?

There must be more to this story in terms of Trader Joes objectives as opposed to Pirate Joe's methods or the legal proceedings.

9
tryitnow 6 days ago 2 replies      
As much as I like to side with the little guy, I think it's pretty fair for an establishment to restrict whom they sell to (as long as it's not based on a protected class like race, gender, orientation, etc). Despite being banned from the store this guy still sought out ways to shop there, so I can't defend him too enthusiastically.

Then again it kind of annoys me that TJ's just didn't open a damn store in Canada. And if they don't want to do that then why not just look the other way while someone else took on the risk of importing their products into another country?

10
heynk 6 days ago 3 replies      
I live in Bellingham, WA, which has (I think) the closes TJ's to Vancouver. The parking lot is already about 50% British Columbia plates, and maybe now it'll be even more. I certainly welcome more friendly neighbors shopping in town, but it's a bummer they have to shut down.
11
mazameli 6 days ago 1 reply      
12
kefka 6 days ago 4 replies      
Gotta love capitalism, eh? Just like votes, more money = more protection.

This certainly wasn't a trademark issue. Trader vs Pirate. There was no question this store wasn't run by Trader Joes/Aldi North. They were buying in bulk to stock a store where they couldn't normally get the goods. Reselling should be 100% A-OK. Any trademarks go along with the products. And as far as I would guess, the grocer certainly wasn't tampering with anything - if (s)he was, they'd go out of business quick.

This is just normal SLAPP-style punitive legal actions that a large monied corporation can do to stop the little guy from doing legal behaviors that they don't like.

13
bbarn 6 days ago 0 replies      
Trader Joe's is a masterclass example in branding.

The only reason anyone's surprised or outrage is that the store feels like a small, homey, good natured place full of organic this and that that's lower priced than you'd expect. That might have been true, 40 years ago. For a store that had the same name, but was a different entity entirely.

Trader Joe's now is just a giant marketing and packaging front for 70 billion dollar a year Aldi, a multinational chain. It's a corporation. None of this behavior surprises me at all.

14
joncp 6 days ago 2 replies      
I'm not clear on how US courts were allowed to hear a case about events in Canada. Is that a thing?
15
echlebek 6 days ago 0 replies      
That's really too bad. Pirate Joe's fit nicely into our cultural tradition of thumbing our noses at the Americans.
16
hallalex831 6 days ago 1 reply      
I'm surprised Trader Joe's hasn't gone to Amazon yet to have all of these listings removed yet... https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3...
17
sailfast 6 days ago 0 replies      
Assuming that taking care of customs duties and other food quality issues legally would not be that expensive, all I'm seeing is missed revenue.

If the person wants to order 10,000 palettes of cookies at retail price, why wouldn't you sell the cookies to the person? He's not stealing from the back of the store, he's paying full price. I'm very confused why Trader Joe's would not have created a direct connection with the guy.

This reminds me of major services cutting off API access because they thought they could do it better in-house. Just HIRE the person doing your own service better in a different way.

18
chaostheory 6 days ago 9 replies      
Is Trader Joe's that much better than anything else Canada has to offer?
19
Simulacra 6 days ago 0 replies      
This story has always baffled me and I've never really understood where Trader Joe's comes from on this. It seems like business opportunity exists, but they're either really full of themselves, or have some other tacit reason for avoiding the Canadian market. I just don't get it, and I don't like how Trader Joe's has behaved here. Right or wrong, as a consumer, I disagree, and I'm putting this down as another reason to never go to a Trader Joe's again.
20
Mankhool 1 day ago 0 replies      
I live in Pirate Joe's neighbourhood. He's not running a Costco sized operation. It's a tiny little store. I wish I had 50K to fund his defense.
21
pthreads 6 days ago 0 replies      
"At one point, Mr. Hallatt dropped the P from his store sign so it read Irate Joes a signal of his determination to fight the grocery chain."

Hilarious!!!

22
nfriedly 6 days ago 0 replies      
That's too bad. I loved it when they took the "P" out of their sine after Trader Joe's sued them! ("Irate Joe's")
23
debacle 6 days ago 0 replies      
Makes sense. If it was called Pirate Pete's I would understand. The same thing happened with South Butt, which was a weaker case in my opinion.
24
halfnibble 5 days ago 1 reply      
Trader Joe's doesn't want customers who spend a ton of money buying in bulk at full retail price. Furthermore, they clearly have no intention of expanding into a large market that desperately wants them. What kind of business is this?
25
dawnerd 6 days ago 0 replies      
So if Trader Joes is so concerned why don't they just open up shop in Canada? I've heard the podcast about it and original articles way back and it's amazing they're shutting out a market that seems to be very welcoming.

Maybe they see Target Canada failure and are scared away by that?

26
rdl 5 days ago 0 replies      
I generally load up a few Amazon Fresh disposable coolers with TJ products as gifts for friends in Vancouver whenever I drive up -- Kerrygold butter is really hard to get in Canada, and has much better omega 3 ratio than grain fed butter.
27
stevewillows 6 days ago 0 replies      
It's sad to see Pirate Joes go away. I don't know anyone who shopped there on a regular basis, but I do think TJ would do well in that neighborhood.

The main draw to Trader Joe's is that its part of the journey across the line. This week I'll be doing this same old routine -- pick up some packages at the mail place ($2 per package), hit up a few grocery stores for different hot sauces and staples (including condensed milk in a squeeze tube), have lunch in Bellingham, go for a walk around Fairhaven, then return home.

Trader Joe's is part of that journey, much like Target (who had a massive, depressing attempt to break into Canada). Strip away that special-trip aspect, and all you really have is another grocery store with a few exceptional items.

28
CodeWriter23 6 days ago 0 replies      
Well, that's one way to deal with a guy who has spent the money proving the market for your product line. I think a better move would have been to take a page from Dave Thomas' (Wendy's) play book and open a Trader Joe's down the street.
29
valuearb 5 days ago 0 replies      
He spent so much time and effort creating and running the store and fighting this. I mean, paying $20/hour for people to shop Trader Joes to get him goods at retail? That's so incredibly inefficient.

Why didn't he just create his own store with his own brand and mimic the Trader Joes products and aesthetic? He could buy goods in bulk at much lower prices. He doesn't have to worry (much) about legal issues or spend money on them.

Clearly demand was so high he could still get away with charging very high prices.

30
20150327ASG 6 days ago 0 replies      
I have just lost my appetite for Trader Joe's products.
31
beatpanda 6 days ago 1 reply      
>>For one trip, he hired a couple who he said did not look like conventional Trader Joes shoppers. They had dreadlocks, tattoos and piercings. They looked like they just walked off the set of a Burning Man documentary, he said.

I'm sorry? Trader Joes, in at least 4 locations I've seen in California, does special signs and displays the week before Burning Man to market to Burners. Where is this writer from?

32
grizzles 6 days ago 1 reply      
If I lived in Vancouver I would have an irresistible urge to start a Swashbuckler Joe's right now. If only for the mischief of it.
33
ryanSrich 6 days ago 0 replies      
Does anyone else feel like he didn't raise the money because he didn't use a sensible crowd funding site like GoFundMe?
34
miiiiiike 6 days ago 0 replies      
The StartUp Podcast tagged along with him a few years ago: https://gimletmedia.com/episode/pirate-needs-pirate-season-3...
35
Shorel 6 days ago 0 replies      
He could have started to make his own products in this time, and slowly replacing the Trader Joe's ones with his own.

Right now he would simply stop buying the other products while having his own brand.

36
jliptzin 5 days ago 0 replies      
Lawsuit aside, what was this guy thinking. What an awful business model.
37
massung 6 days ago 2 replies      
I'm looking at this as though Trader Joe's was a different company... say Disney. Disney goes to great lengths to work out how its products are used, packaged and distributed to not only maximize profits, but also to maintain a certain image.

If I go to DisneyWorld, purchase a Mickey Mouse doll, an take it home. I have the right to do with that doll whatever I want: burn it, give it to my daughter, or resell it at whatever price I see fit.

However, I don't believe I have to right to go - as an agent of another (presumed competitor), purchase that same doll, and then resell it in my own store. I have no resell agreement with Disney to do so. In a typical reseller arrangement, wouldn't a store (e.g. Target) have an agreement with Disney to purchase bulk product for resell, presumably at a reduced price, but also under strict guidelines as to how it could do so? For example: cannot be sold above a certain price, cannot be sold next to adult content, etc.

On a side note: I have to believe that (while not a TJ problem or related to the lawsuit) there were other issues with what Pirate Joe's was doing related to imports, possible tariffs not being adhered to, etc.

/IANAL

21
Windows93 SP2 windows93.net
511 points by ivank  4 days ago   120 comments top 52
1
ninjakeyboard 4 days ago 5 replies      
I've been staring at the half life 3 loading screen for the last 6 hours. I don't think it's going to start.
2
vxxzy 4 days ago 4 replies      
Just a suggestion... Open up the calculator and do 0/0.
3
vocatus_gate 4 days ago 1 reply      
This site is my favorite page to put full-screen on coworkers' computers when they forget to lock their screens.
4
graeham 3 days ago 1 reply      
I was going to protest the full Lena image without a NSFW warning, but hadn't realised the full story of its history[1]...

The site in general is a beautiful work of art, a great blend of attention to detail with comedy of computing in that era.

[1]https://en.wikipedia.org/wiki/Lenna - tl;dr is this iconic test picture for computer imaging was a cropped Playboy centerfold from 1972. I've just finished a PhD which included a fair bit of image processing, but I was unaware of the story behind this iconic image.

5
laumars 3 days ago 0 replies      
The part that impressed me the most is you can drag and drop files from your own desktop onto this. It even opens those files in it's own editors when you double click the icon.
6
marxdeveloper 4 days ago 0 replies      
Woah shameless plug, my game is "Windows93 SP2" compatible it seems - right click on desktop - Create shortcut.Command: iframe https://data.mo.ee/index2.html?inapp=steam&node-webkit=1 --width=1280 --height=720

Title: RPG MO

(Don't leave a space before iframe in the command)

7
krrrh 4 days ago 2 replies      
This is a work of art. The ProgressQuest game loading screen is one of the funniest things I've seen in a while. Like all well-told jokes, it's in the timing.
8
shimon_e 4 days ago 1 reply      
Back button goes back to previous app. If this can get the back button to work correctly why can't Google AMP?
9
ahacker15 4 days ago 3 replies      
Awesome that this even work well on mobile browsers!

Is this open source? So we could see how it was made?

10
flavio81 4 days ago 0 replies      
Finally, an operating system for my Android phone that will let me do useful stuff, like playing Wolfenstallman 3D!!
11
tambourine_man 4 days ago 3 replies      
"Safari is the new Internet Explorer"

Accidental "works best in browser X" 90s reference right there.

I find Safari superior to every other browser on any platform in every possible metric except for dev tools, which took a nose dive when they ditched the open source WebKit one for this calamity.

12
abluecloud 3 days ago 0 replies      
> /c/files/documents/private/SUPER TOP PRIVATE/THIS IS PRIVATE STOP/WHAT ARE YOU DOING/WHAT STOP PLEASE/I DID NOT GIVE YOU PERMISSION/PRIVATE GET THE HELL OUT/YOUR HURTING ME STOP/HOW HAVE I WRONGED YOU/I WILL PUNCH YOU IN THE FACE/PLEASE STOP ITS PRIVATE/I HATE YOU/

fair enough.

13
TeMPOraL 4 days ago 0 replies      
Took a cursory look for now; few things I love:

- Half Life 3

- Defrag <3.

- Running Windows93 inside Windows93 inside Windows93 inside Windows93...

A work of art, indeed. Kudos!

14
elipsey 4 days ago 4 replies      
bug report: i broke it by making a folder on the desktop, opening the folder, and putting the folder in itself.

now it's crashed and won't reload.

is there a work around for my workflow?

15
strin 4 days ago 1 reply      
At first, I thought this is a VNC connecting to a Win93 in a virtual machine.

Then I realized everything is written with web technology.

16
runnr_az 4 days ago 0 replies      
That's clearly a labor of love. Nice job!
17
koyote 4 days ago 2 replies      
This is awesome!

It's also quite buggy (chrome/linux) which adds to the whole Windows 9x feeling. Not sure if intentional but well done anyhow!

18
std_throwaway 4 days ago 1 reply      
You can actually win the game in the solitaire clone; the minesweeper clone not so much.
19
gallerdude 4 days ago 0 replies      
Best ratio of Comedy:Operating System that I could have ever imagined.
20
Paul_S 4 days ago 1 reply      
Inspired. Microsoft should learn from this and include the "Reinstall" button in the start menu of windows 11.
21
chrisb 4 days ago 1 reply      
Making Arena93 full-screen (within Windows93) hard-crashed my Mac!(MacOS 10.12.4, using Chrome 58)
22
yellowapple 3 days ago 0 replies      
So apparently Symantec Endpoint Protection thinks that the Virtual PC app is some kind of "Fake App Attack", and thus cuts off network communication for 600 seconds.

Curious.

23
akira2501 4 days ago 0 replies      
I saw that RSS icon and my first instinct was to check and see if Java needed an update.
24
TheWoodsy 4 days ago 1 reply      
Take a look at A:\system32.dll

I wonder how many hours I could waste looking for more Easter eggs ;]

25
sengork 4 days ago 0 replies      
There is one thing missing for a complete experience: https://en.wikipedia.org/wiki/BonziBuddy
26
josteink 3 days ago 0 replies      
This site has a uncanny attention to detail: The C-drive inside "Virtual PC" differs from the C-drive in the "host OS"!

Given that kind of zealotry, it irks me that you can launch an infinite amount of nested "Virtual PCs". Obviously it makes for some fun screenshots and is technically impressive in itself, but Windows early on never allowed you to run Virtual PC inside Virtual PC. So this is clearly wrong!

In short, not considering OCD, where do I file the bug-report? :)

27
akoster 3 days ago 1 reply      
Just curious, is anyone else hearing popping sounds when they click on various things? Unsure if its intentional, and if so, trying to emulate an old hard disk seeking or speakers popping from interference.

Otherwise, kudos to the devs for creating this amazing work of art!

28
laurent123456 3 days ago 0 replies      
Pity the Run dialog doesn't work, I wanted to try "c:\nul\nul" [0]

[0] http://windowsitpro.com/security/device-names-crash-win9598

29
jancsika 4 days ago 0 replies      
Where is the project hosted?

I'd like to throw some event handlers on "Puke Data" to allow changes to the dsp graph.

30
mabynogy 4 days ago 2 replies      
Take a look at GAFA3D (near Defrag icon). There is an interesting level called "Operation Stallman" ;-)
31
emidln 4 days ago 0 replies      
Just need an IRC gateway for trollbox
32
chenster 4 days ago 0 replies      
This is the OS of the future!
33
partycoder 4 days ago 1 reply      
I am impressed they went to the extents of making Wolfenstein 3D levels.
34
mataug 3 days ago 0 replies      
Virtual PC inceptionhttp://imgur.com/XRWSiHe
35
huxflux 3 days ago 0 replies      
I can't get my HL3 to work, anyone has a fix? I took three days of from work, and now this.
36
vocatus_gate 4 days ago 0 replies      
You can actually right-click on the files in the "file explorer" and download them to your desktop IRL.
37
Anarch157a 3 days ago 0 replies      
I loved the "Troll mode" in Mine Sweeper :-D

Serious hard work went into this site.

38
edward_rolf 3 days ago 0 replies      
I came here to use my fav browser, IE 3. You could add bookmarks and it supported CSS I believe.

:(

39
Filligree 3 days ago 0 replies      
This allowed me to make a folder named CON. Literally unplayable.
40
sajithdilshan 3 days ago 0 replies      
If only Windows 9X had these kind of slick animations...
41
tcbawo 4 days ago 0 replies      
ByteBeat plays a familiar tune, it's pretty catchy.
42
sbarre 4 days ago 1 reply      
Half-Life 3 confirmed!
43
devniel 4 days ago 0 replies      
bananamp playlist please, I googled it without success.
44
xg15 3 days ago 0 replies      
Can I type Google into Google somewhere?
45
Jemm 3 days ago 0 replies      
I really miss Defrag. It is zen to watch.
46
seoseokho 4 days ago 0 replies      
In castle gafa, what does the amazon computer do?
47
edgarvm 4 days ago 0 replies      
Solitude does not accept drag and drop on android
48
pavement 3 days ago 0 replies      
Is there a code repo for this?
49
andrius4669 4 days ago 1 reply      
Would webasm port make this actually real?
50
eof 3 days ago 0 replies      
>~/desktop ls

MANIFESTO.lnk42

3d.lnk42

Arena 93.lnk42

...snip...

>~/desktop dir

dir is not defined

interesting

51
devuo 4 days ago 0 replies      
Brilliant! Kudos to the authors
52
nnfy 4 days ago 0 replies      
This was (intentionally?) painful on my Nexus 5. Interesting nonetheless. I suppose it wouldn't be windows93 without some degree of discomfort.
22
Bugs You'll Probably Only Have in Rust gankro.github.io
355 points by Gankro  1 day ago   82 comments top 10
1
erickt 1 day ago 0 replies      
One of the most important tools when writing unsafe rust is compiletest [1]. It's a tool extracted from the compiler project that lets you write tests that are supposed to fail compilation. Since safe abstractions rely on the type system to make unsafe code safe, it's critical to make sure the compiler is properly rejecting code. I wrote a post about this years ago when I got hit by one of the bugs Gankro wrote about [2].

[1]: https://github.com/laumann/compiletest-rs

[2]: http://erickt.github.io/blog/2015/09/22/if-you-use-unsafe/

2
wyldfire 1 day ago 6 replies      
> Making unsafe a big scary "all bets are off" button is only compelling if most of our users don't need to use that button. Rust is trying to be a language for writing concurrent applications, so sharing your type between threads requiring unsafe would be really bad.

It would be neat if we could decompose unsafe like so "unsafe[this_feature,that_feature] {}". The unqualified "unsafe" could still refer to a global "free reign", but you could opt-in to "only let me violate these specific rules." It would be a hint to maintainers and might help make the std lib and other core libraries be/remain defect-free.

Another interesting "oh shoot" w/unsafe that I'm curious about: when I intentionally/unintentionally alias two variables in my unsafe block, this will invalidate assumptions made elsewhere in safe code. This is my unsafe block's bug, but it seems like something that could take a good while debugging to attribute back to my unsafe block. I don't think there's a good resolution to this one other than perhaps documentation/best practices.

3
kibwen 1 day ago 0 replies      
So happy that Gankro is back writing things about Rust, and especially delighted to hear that the Rustonomicon is going to be fleshed out more. :)
4
barsonme 1 day ago 2 replies      
If youlike mewere interested in Diesel ORM's zero sized types thing, here's a pretty decent explanation: https://np.reddit.com/r/rust/comments/3ur9co/announcing_dies...

edit: Go also has zero-sized types (struct{}), so I wonder if this is also possible? Probably not, I don't think, since the compiler doesn't see through interfaces.

5
bluejekyll 1 day ago 0 replies      
I have to say, these RCA's of the various bugs are great for getting a better understanding of the internals of the language.

In a lot of ways it makes me trust Rust even more, because there is a deeper understanding of exactly how these guarantees are made.

6
halestock 1 day ago 6 replies      
Question for the rust folks - are there any features that wouldn't have been possible without "unsafe"? That is, if rust never had unsafe, would it have been fundamentally limited in any way? Or is it required for e.g. interoperability with C?
7
mcguire 1 day ago 3 replies      
"The bug was a missing annotation, and the result was that users of Rust's stdlib could compile some incorrect programs that violated memory safety."

IIUC, technically, the bug was a missing implementation of a trait and the result was a data race (which I (weirdly, maybe) don't think of as memory safety).

In other words, TL;DR: magic is neat, except that sometimes it really sucks.

I may have misunderstood Ralf's bug. Is it really the case that MutexGuard<T> was seen as Sync if T was Send, rather that Sync? Wouldn't that be a bigger problem than just the case of MutexGuard?

8
mcguire 1 day ago 1 reply      
Wait just a minute. Ralf Jung writes,

"This means that the compiler considers a type like MutexGuard<T> to be Sync if all its fields are Sync."

Is that true in general? Is a type thread safe if all its fields are thread safe individually?

9
tonydanza 1 day ago 1 reply      
10
lightedman 15 hours ago 1 reply      
And this is why I stick with ASM - I don't have to rely upon everyone else not screwing the pooch when it comes to them developing a language - I just talk straight to the computer, nothing gets lost in translation, my programs are 200x smaller and 400x faster than anything written in Rust.

2D Second Life clone, with full programming capability with built-in database - 2 megabytes. Solid ASM. Rust can't even come close, and never will.

23
IISc Bangalore scientists are doing seed bombing with drones to plant a forest factordaily.com
424 points by ston3r  1 day ago   126 comments top 19
1
caio1982 1 day ago 5 replies      
Just a small anecdote: in southern Brazil there area bunch of protected tree species and there used to be people collectives which dropped mud seed bombs around city gardens (I don't know if they were the same kind of manure/soil India is using, but I am pretty sure they were actually semi dry mud balls to resist winters). The trick here is that protected trees cannot be cut down, never, no matter where they grow. The fee you pay if you chop one down is abdurdly high. Wherever the bombs germinate you will have permanent reforestation. I wish/hope there is something similar in India :-)
2
overcast 1 day ago 6 replies      
Just a little anecdote for the US. Obviously for other countries, like India, this is more of an issue. But it looks like we've made it sustainable here for a long time.

https://www.mnn.com/earth-matters/wilderness-resources/stori...

In the United States, which contains 8 percent of the world's forests, there are more trees than there were 100 years ago. According to the Food and Agriculture Organization (FAO), "Forest growth nationally has exceeded harvest since the 1940s. By 1997, forest growth exceeded harvest by 42 percent and the volume of forest growth was 380 percent greater than it had been in 1920." The greatest gains have been seen on the East Coast (with average volumes of wood per acre almost doubling since the '50s) which was the area most heavily logged by European settlers beginning in the 1600s, soon after their arrival.

3
happy-go-lucky 1 day ago 0 replies      
According to the wiki at https://en.wikipedia.org/wiki/Seed_ball, the earliest records of aerial reforestation date back from 1930. In this period, planes were used to distribute seeds over certain inaccessible mountains in Honolulu after forest fires.

This article quotes the lead professor as saying doing it with big aircraft is expensive and poses logistic problems. So the only way to do it is through drones. I respect people trying to achieve maximum output with minimal resources.

> Dropping seeds instead of bombs seems like a plan that John Lennon would approve of.

That sounds like a bold statement, but Im certainly willing to approve of it :)

Good job.

4
vermontdevil 1 day ago 0 replies      
New England made a dramatic recovery in forest. I saw pics of old New England (Vermont) and it was basically barren. That shocked me as if you visit now, it's basically covered with trees.

https://www.bostonglobe.com/metro/2013/08/31/new-england-see...

5
shivaas 1 day ago 2 replies      
https://www.droneseed.co/ based out of Seattle is building drones and seed cartridges specifically for reforestation.
6
GrumpyNl 1 day ago 2 replies      
We do the same in Holland ( illegal) with weed seeds.
7
kumarvvr 1 day ago 0 replies      
During long train journeys in our childhood, we had people telling us to drop seeds along railway tracks after eating fruits and other stuff.

Guess we have gone hi-tech now.

Seems like a good way to automatically forest large swathes of un-populated land.

8
Mz 1 day ago 0 replies      
Its a dry area, so our interest is to bring back the rains.

http://permaculture-and-sanity.com/pcarticles/trees-and-the-...

It isn't inevitable that more people equals more destruction. We can act as stewards responsible for the environment.

9
chheplo 1 day ago 1 reply      
Just a small anecdote: Coming from generations of farmer family and gardener myself, this experiment feels like a "Cloudy with a chance of seeds" for rodents and squirrels.
10
Pxtl 1 day ago 5 replies      
I'm kind of surprised, actually. I mean, if there's one country with access to cheap labour, it's India.
11
ctack 1 day ago 1 reply      
The goat herders are going to have a field day if they sprout.
12
HarryHirsch 1 day ago 0 replies      
This is probably the thread where you mention the beaver re-introduction program in Idaho:

http://time.com/4084997/-/

13
nanospeck 1 day ago 2 replies      
Very surprising, I just got my drone delivered from hobbyking today and was planning to develop the exact same idea but on more dryland where the drone can water the plants until they mature.
14
24gttghh 1 day ago 2 replies      
> Its a dry area, so our interest is to bring back the rains.

That seems...very optimistic.

15
anotheryou 1 day ago 1 reply      
where do birds fail to drop seeds?

Does it need to be a denser patch of spreoutlings?

16
problems 1 day ago 1 reply      
What's with the fake Apple-style message talking about allowing notifications? Seems sketchy.
17
type-2 1 day ago 2 replies      
But flying drones is illegal in India.
18
fivestar 1 day ago 0 replies      
Is there anything drones can't do? All mine seems to do is get stuck in trees.
19
ktta 1 day ago 3 replies      
@dang why was the post title edited?

It said 'IISc Bangalore Scientists experimenting with drone seed-bombing to plant a forest'. I see no problem with it, other than IISc not being as well known as say MIT. But it is still a very good institution and I think they deserve to be known. The name of the institution should be celebrated for their research, not just put behind a large banner of 'Indian Scientists' which gives no recognition to the institution.

Just like MIT/Stanford scientists aren't called American scientists every time some article about research comes out from that University. If someone doesn't know what IISc is, we know they can just google it.

24
No correlation between headphone frequency response and retail price scitation.org
294 points by robmiller  12 hours ago   304 comments top 36
1
beat 10 hours ago 18 replies      
"Log sine sweeps rather than linear sine sweeps were employed to allow verification that non-linear distortion components were virtually absent."

And with that, this study is bullshit.

Human beings don't listen to linear sine sweeps. We listen to music. Recorded music has 8+ octaves of frequency range (the bottom octave plus a little extra is almost always rolled off in real-world recordings, to ease stress on downstream components that can't reproduce such low frequencies anyway), and 20-50db of useable dynamic range.

Sine wave measurements of audio gear ignore impulse response, intermodulation distortion, phase shift, and a host of other real-world physical device responses to real-world musical signals. Scientific, reductionist thinking is inadequate to get an accurate picture of the factors that matter to human listeners.

Frequency response and total harmonic distortion aren't measured in these cases because they're useful or relevant. They're measured because they're easy to measure. It's like looking in the wrong place, because the light is better there. And the results? It's like measuring a car's performance by how well it can drive in a straight line at 60mph. Acceleration, braking, and turning are too hard to measure, so we ignore them...

I'm a musician and record producer. I've engineered and produced numerous albums, and rely on multiple different types of headphones for different purposes. The article's claim that one headphone can be easily morphed into another through mere equalization is, frankly, bullshit. The two headphones I rely on the most (Beyerdynamic DT880 and AKG K240) sound wildly different. Neither is "accurate". Neither are the Tannoy System 12 DMT midfield studio monitors I use for mixing, or the stock Subaru car speakers I use for reference to check the mixes from the Tannoys.

Audio reproduction is incredibly complex and difficult stuff. Trying to isolate one factor and saying "That explains everything!" is bad thinking.

2
mmaunder 11 hours ago 12 replies      
I've spent some time on frequency correction for headphones and reference monitors in my home studio. If you'd like awesome headphones that have a truly flat frequency response, that you can then adjust with EQ to your taste, one option is to get Sony MDR 7506's and run the audio output through a VST plugin (Using soundflower, ableton, etc) which corrects the EQ. You can either buy precalibrated headphones from sonarworks or use a generic but headphones specific calibration profile for the plugin.

It's really cool hearing what they heard in the studio control room for the final mix. And often surprising.

You can get a range of other precalibrated pro audio headphones or correction profiles from sonarworks.

Consumer headphones are just silly IMHO. Artificially boosted frequencies with prices up to $400. A set of precalibrated MDR7506's is around $220.

If you don't care about truly flat response with correction, you can get a set of AKG K240's for $100 bucks and they're super comfy, amazing sound and loved universally by audio pros.

3
stcredzero 7 hours ago 2 replies      
Of course not! For one thing, as one's earning power increases, one's high frequency hearing deteriorates. So market forces could well be emphasizing features and capabilities other than frequency response. Fashion, build quality, social signals...these are all very significant factors in something you wear, the practical priorities of audiophiles and enthusiasts notwithstanding. In fact, those are probably stronger factors for that set of people! (Of which, I am a member.)

Headphones also have a serious empiricism issue. You can probably pass off one high end Sennheiser for another in an A/B test. But you couldn't pass off an Audeze for one and have a valid A/B test. Also, you will often read or hear an expert say, if the measurements say something is bad, but it sounds good, or vice versa, then it means we're measuring the wrong things. I'm not saying that the Harman response curve isn't valid. It's just not the whole story.

tl;dr -- Buy the cheapest headphones that you really like, and ignore whatever your coworkers say. ( Hell, there are actually Beats that are good headphones! https://www.innerfidelity.com/content/time-rethink-beats-sol... )

Things are going to change in significant ways in the future as the price of signal processing, compensation, and active correction drops, however. Combining those with advances in the cheaper manufacturing of better drivers will result in the headphones of 10 years from now making the high end headphones of today seem "meh" and today's typical headphones seem trashy.

4
fizixer 9 hours ago 3 replies      
Related:

- Someone with online alias NwAvGuy put the whole AV industry (ok maybe not the whole, but some big players) in a loop by showing in online forums that a totally inexpensive DIY DAC (with a free design he/she shared) could be built with quality rivaling elite products worth thousands of dollars. [1] (well a hazy version of the story goes that he/she exposed various audiophile review sites and forums as being full of sponsored reviews, and that eventually lead to his/her ban from head-fi.org I think)

- As for capsule mics (commonly known as condenser mic), market is flooded with DIY designs and DIY kits which let you build/buy one for $200-$400 (the dominant cost being that of the capsule itself) that will rival the quality of multi-thousand dollar mics. They go by the names Neumann clones, etc. [2] (no affiliation), [3].

In retrospect, and given the shady things AV sellers do, like trying to sell you a USB or HDMI with gold-plated pins, claiming it to be superior, it should come as no surprise.

Though, no offense, but audiophile consumer base is filled to the brim with hipsters who judge the quality of a product by its price (and some of the "experts" were busted after they failed blind tests; I think opus vs flac, I'm mixing a lot of things now).

[1] http://spectrum.ieee.org/geek-life/profiles/nwavguy-the-audi...

[2] https://microphone-parts.com/

[3] https://www.youtube.com/watch?v=DtNH46jpwJo

5
arnaudsm 11 hours ago 10 replies      
DSLRs got the same problem : just compare the Canon 70D ($900) with a Nikon D3300 ($400) on DxOMark.The Nikon has better image quality despite its low price and bad reviews.

We need objective benchmarks for everything. Especially when marketing is growing bigger each year. Even "Tech websites" are biased and not objective anymore.

6
AdmiralAsshat 11 hours ago 7 replies      
It would be nice if we knew which headphones they tested. Since so much of a headphone's reputation these days relies on largely anecdotal evidence from self-professed audiophiles, some kind of objective rating on frequency response for major brands or well-known cans would be highly welcomed in the audio world.

It's very easy to say, "I can hear so much more of the song out of my ATH-M50's than I can a pair of Beats", and you may be right. But something objective to back it up would be great, too.

7
calichoochoo 11 hours ago 3 replies      
I predict a lot of wrong conclusions will be drawn from this. This paper does not preclude the possibility that there exist high-priced headphones with better-than-average or even spectacularly good frequency response. It only says that if you bin together all of the high priced items, their aggregate quality is no better than any other price bin.
8
flavio81 7 hours ago 1 reply      
Audio nerd here

Study says:

"Nevertheless, assuming that the perceived audio quality is largely determined by the spectral magnitude response of headphones..."

This is a very wrong assumption.

Audio component designers have more or less a hard time picking up which measurements can correlate with audio quality. And frequency response measurements using sine sweeps, like in the cited study, are almost of no value for discriminating between two transducers (headphones, speakers) with regarding to 'audio quality'.

Also, the fact that one headphone can extend beyond 20KHz or that it can go below 20Hz will give zero guarantee of better audio quality.

Frequency response measurements using white/pink noise can give a slightly better hint because they can take a look at resonant peaks that might be annoying to the listener, but even this is not a law set in stone*

* Impulse measurements (and waterfall plots) can give you a clearer idea of how clear is the sound going to be; but then you can have a transducer with a fairly good impulse response but a slight resonant peak somewhere --- OR you can have sometimes a transducer which shows pretty flat frequency response but bad impulse response.

A good test for intermodulation distortion (the big white elephant in the audio room) will REALLY give you a hint of which headphone will be least annoying to the ear when listening to loud complex music like classical music, vocal music, etc.

It seems that the article has been written by experts in acoustics, but not really in "audio".

TL;DR: Freq response measured with sine sweeps can't really tell you anything helpful to discriminate headphones with regard to sound quality.

9
skywhopper 9 hours ago 0 replies      
"Interestingly, sound quality does not seem to be a major attribute for purchase decisions."

This is a silly assumption, and easily explained.

1. Most headphone purchases aren't and cannot be made by comparing sound quality. Reviews of sound quality are so universally understood to be subjective that most consumers probably ignore those details.

2. There is no one subjective or objective standard that is meaningful for all listening material. Podcasts, modern pop music, older pop music, classical recordings, television shows, and movies all have wildly varying acoustic profiles between and among each genre.

3. The vast majority of headphones have Good Enough sound quality for the vast majority of consumers. Sound quality is highly unlikely to be the primary reason most consumers buy a set of headphones, and it's unlikely to be the reason they are dissatisfied with certain headphones.

4. Headphone design, form factor, build quality, fit, feature-set, and even color are all much more important factors in terms of consumer satisfaction with headphones. They are, after all, a highly noticeable part of your ensemble. They are intimately in contact with your body. And you want them to work without thinking about it too hard. In addition to being more important, most of these factors are far easier for consumers to judge between headphones than sound quality, so again it's no surprise that an arbitrary single standard of sound quality would fail to correlate with perceived value.

In other words, this is silly for reasons that have nothing to do with technical arguments about actual sound quality, whatever that means.

10
FfejL 11 hours ago 4 replies      
Price has never been correlated with quality, for any product, ever.

Price is correlated with perceived value, which includes quality, brand recognition, brand opinion, current style, and a long list of other factors.

(And, yes, this is a horrible use of the word 'correlated.' 'Derived from' or 'based on' would be much better.)

11
svantana 11 hours ago 0 replies      
This makes for a cute soundbite, but it doesn't mean what it implies. You could, for example, have a bunch of expensive headphones with frequency response that varies randomly in the [-1,+1] dB range, and a bunch of cheap headphones that are in the [-10,+10] dB range -- that would also show up as uncorrelated.

Indeed, they did find a significant difference in magnitude response _error_, although the effect was quite small.

12
rb808 11 hours ago 3 replies      
Many expensive headphones are overpriced, but there is a very obvious difference in sound quality between very cheap headphones and medium priced ones. Either they're measuring the wrong thing or their headphone sample isn't what I'd expect.
13
jmileham 11 hours ago 0 replies      
I wonder if there's any effect that in-ear headphones are cheaper to produce but have advantages in accurate low frequency response?

Of course all this is confounded by the fact that music will tend to sound best on speakers/headphones with a response curve most like the speakers/headphones that the mastering engineer used (or more accurately, the set of speakers/headphones that the engineer compromised among). You will probably tend to have the best experience listening to music with the popular devices within a given musical subculture, because mastering engineers will be targeting those devices.

14
pdkl95 9 hours ago 4 replies      
I don't care about the accuracy of their response curve (I know it isn't flat) after I found Grado[1] headphones. They are the only headphones I've found that don't add a "headphone" quality to the sound. It's hard to describe what I mean - it's that most headphones don't sound like a proper set of (quality) speakers. I've speculated it's something to do with most headphones not being able to move enough air. Grado uses very large drivers (voice coil is about 4cm in diameter) in a supra-aural (open back) design, which may move more air? Whatever the reason, Grado Labs has discovered a design that I consider categorically better[2] than everything else.

[1] http://www.gradolabs.com/headphones/prestige-series/item/1-s...

[2] In terms of music quality. Other use cases may prefer designs that focus on other features.

15
dep_b 10 hours ago 0 replies      
I always buy studio oriented gear for listening to music. If it's good enough to mix the record on, then probably I'll hear enough detail as well. Speakers, headphones, amps. Still there's a difference between regularly priced headphones and the really expensive ones. They tend to be a bit too "honest" for some people, more tiring to listen to. They also might hurt your fashion senses.
16
mamon 11 hours ago 4 replies      
What's funny is that people tend to buy headphones with insane top frequencies (20-22 kHz), even if most humans cannot really hear sound of such frequency. When you are a teenager and have right genetics then there's a chance that you might hear 19kHz tone. If you are over 30 years old you are probably limited to 17 kHz already. Of course it gets even worse with age.
17
untangle 9 hours ago 0 replies      
> The target function suggested by Olive and Welti (2015) is fairly similar to the average headphone response found in this study, with the exception of a deviation of up to about 5dB for frequencies between 50Hz and 2 kHz.

I find little fault with the arguments laid out supporting the paper's thesis.

For those commenters making the jump to "sound quality" (which is not the topic of this paper), the quoted observation above conclusively proves that these headphones have differing tonal qualities. Even a casual listener will be able to hear a difference of 5dB in the critical freq range of human speech.

18
fffernan 11 hours ago 1 reply      
How about correlation between the amount of marketing dollars spent compared to the price.
19
kev009 11 hours ago 0 replies      
It's annoying that they provide the mfg of the acoustic model and DAC, but not the headphones which would be required to reproduce or filter the experiment.

Most consumer audio equipment is a scam. I'd be interested in the subset of equipment from Shure, AKG, Sennheiser, Sony, Beyerdynamic where the design was actually intended to produce a broad frequency range correctly.

20
kazinator 10 hours ago 1 reply      
The mere frequency response range doesn't correlate with how flat is the frequency response, or with other measures like sensitivity, distortion and whatnot.

What's better: speakers that go to 40 kHz, but have a big dip at 4 kHz, versus ones that go flat to 15 kHz and roll off after that?

21
acd 6 hours ago 0 replies      
The frequency response of the apple earpods are totally ok.https://www.innerfidelity.com/images/AppleEarPods.pdf

What industry convinces you to buy things you do not need? Advertising

22
goodroot 10 hours ago 0 replies      
Nifty! A few years ago, a friend and I created an application that allowed users to import their own MP3s. We scraped the frequency data from the mp3. Once imported, you could then pick two different headphones; for each headphone, we scraped frequency data from headphone.com.

The application allowed you to benchmark headphones in real-time, revealing "how accurately" your music was being recreated; you'd pit two headphones against one another: clash of cans!

Ultimately, yeah, there's the uber-uber high-end, the really clear low-end, and a +-$900 muddle of everything else.

23
Johnny555 8 hours ago 0 replies      
It is however unclear whether this improved consistency with a higher retail price is the result of better headphones or better repeatability of measurements with more expensive models.

Isn't consistency an important characteristic of a headphone? Perhaps even more important than some ideal frequency response. You want the same sound every time you listen to a song, you don't want it to vary.

24
sh87 6 hours ago 0 replies      
Is there a good place or study explaining what accounts for "good" headphone audio quality ? I mean how do you quantify good and bad audio quality ? I can feel and get it, just not sure if there's a way to measure it.
25
dharma1 9 hours ago 0 replies      
I own a bunch of headphones and generally the good headphones aren't cheap - not because it's expensive to make headphones but mostly because of R&D. It's not rocket science though, so you can also pick up very good headphones quite cheaply.

I like my Sennheiser HD600's (and MDR-1000x for the office) which are $300 headphones, but equally happy to use Superlux HD-681 EVO or Soundmagic E-10 which cost around $30

26
o_nate 11 hours ago 2 replies      
I thought it was weird that they found that inner-ear had better bass response than over-the-ear headphones, but they did mention that could be an anomaly because the artificial head they use for testing forms a tighter seal with inner-ear headphones than most people's real heads would do.
27
eecc 8 hours ago 0 replies      
The most cherished earphones I've ever had - a pair of relatively cheap Audiotechnica - feel better than the triple price model I decided to treat myself with some years later.
28
xupybd 5 hours ago 0 replies      
It's missing the data on the best cheap models to buy :(
29
low_key 6 hours ago 0 replies      
I think the correlation is between advertising spend and retail price.
30
swayvil 11 hours ago 5 replies      
My first though when I buy headphones is, "will these fall apart after a week?"
31
jlnazario 10 hours ago 0 replies      
Over 1110^9 units sold per year? This number seems unreal to me.
32
frostirosti 11 hours ago 0 replies      
Is anyone surprised here? Clothes must have the same trend (or lack there of)
33
ebbv 8 hours ago 0 replies      
This is like saying that there's no correlation between displacement and vehicle price. Of course there isn't because that is, while an important criteria on an individual car, and it has SOME correlation to the cost to produce a vehicle, it doesn't tell the full story. Nor does it tell the full story of why someone might pay more for it.
34
ue_ 10 hours ago 0 replies      
I don't understand this. Sometimes people don't want a perfectly flat frequency response. Sometimes other qualities matter more, especially things like noise isolation.

The idea that a particular frequency response is the thing that separates good headphones from bad is ridiculous.

35
DanBC 9 hours ago 0 replies      
Is there a correlation between weight and price?

I know some low end headphones add weights to increase "luxury feel". It'd be interesting to see some research about when adding weights stops.

36
logicallee 11 hours ago 4 replies      
Didn't read the link, but could a mod please change this title, which is obviously false?

No correlation would mean that if I bought a random headphone that cost $2 (they exist, you can go to ali express right now and put in a maximum of $2 in a headphone search), and a random headphone that cost $500, then if you had to make a bet about which one would come closer to reproducing the bass of a song with a heavy bass, you would be betting even money. It would be a toss-up whether the $2 or the $500 came closer to producing that bass. Because there is no correlation.

Here is an example of correct usage of "no correlation": there is no correlation between a headphone's price and the md5 checksum of its SKU.

EDIT:

I skimmed the paper. A better title (for HN) would be "No correlation between frequency response and price quartile in 283 headphones".

25
Intel fires warning shots at Microsoft, says x86 emulation is a patent minefield arstechnica.com
327 points by Analemma_  5 days ago   229 comments top 33
1
rayiner 5 days ago 3 replies      
This marks a distinct shift for Intel. Historically, Intel's IP approach has focused on trade secrets, because they had a huge advantage in manufacturing and implementation techniques that are not easily reverse-engineered. Patent-protecting x86 didn't make much sense during the long period where nobody could make a general-purpose CPU as fast as Intel running native code, much less while emulating x86. As Moore's law has run its course, Intel's lead on that front has been shrinking. Apple's A10 is shockingly close to matching Kaby Lake on performance within a similar power envelope. And Ryzen is within spitting distance of Broadwell at the high end. All on non-Intel foundry processes. That was unimaginable 10 years ago.
2
amorphid 5 days ago 2 replies      
Attorneys on both sides must be excited on some level about the potential number of billable hours it'd take to litigate a case like this. Reminds me of a something an entrepreneurship professor told me...

If there's one lawyer in town, they drive a Chevrolet. If there are two lawyers in town, they both drive Cadillacs.

3
Deinos 5 days ago 2 replies      
The article mentions Cyrix as a "victim" of Intel patent defense; however, Cyrix not only won their lawsuits, but they also went after Intel for patent violations in the Pentium Pro and Pentium II processors.

https://en.wikipedia.org/wiki/Cyrix

http://law.justia.com/cases/federal/district-courts/FSupp/84...

4
amalcon 5 days ago 5 replies      
Years ago, I spoke with an attorney with a CS background. He had once worked on a case like this. Sharp guy. He didn't tell me the parties involved, and I didn't ask, though I assume he wouldn't speak openly about it while it was ongoing. I therefore don't know how it turned out. It was many years ago, so I might be remembering wrong. I'm not a lawyer, this is not legal advice (neither mine nor his).

Basically, there are two approaches the plaintiff might take here. The simplest is to cite the doctrine of equivalents[1]. This is basically the notion that if you do the same thing in the same way for the same purpose, then it's the same process, even though you are using digital instructions instead of logic gates. The legal theory here is pretty well settled. The problem is that you'd need to justify that digital instructions are obviously equivalent to logic gates, and a skilled professional would have equated them at the time of the patent's filing.

The other approach is to argue that an emulator actually is a processor, and therefore fits the literal claims of the patent. The explanation for this is pretty well-established: it's literally the Church-Turing Thesis[2]. However, the viability of this argument depends on the language of the patent claims. Also, it's hard enough to explain the C-T Thesis to CS students. My undergrad had an entire 1-credit-equivalent course that basically just covered this and the decidability problem. Explaining it to a judge, who (while likely highly intelligent) probably has no CS background, over the course of litigation is likely to be really hard.

Now, Intel certainly has enough resources to do both of these things (and they may also have precedent to cite, that didn't exist back then or that wasn't relevant to that case). Don't take this as an opinion on any possible result, it's just information such as I remember it.

[1]- https://en.wikipedia.org/wiki/Doctrine_of_equivalents[2]- https://en.wikipedia.org/wiki/Church%E2%80%93Turing_thesis

5
natch 5 days ago 3 replies      
Patents expire after 17 years and x86 is 39 years old, so any of the original patents must have expired twice over already.

They no doubt have been filing additional patents over the years. But I'm sure MS and Qualcomm have plenty of their own patents to bargain with.

Also their warning could backfire if it gives Microsoft one more reason to finally walk away from x86 compatibility... not that this is likely to happen anytime soon.

6
wfunction 5 days ago 1 reply      
Can someone explain this:

> AMD made SSE2 a mandatory part of its 64-bit AMD64 extension, which means that virtually every chip that's been sold over the last decade or more will include SSE2 support. [...] That's a problem, because the SSE family is also new enoughthe various SSE extensions were introduced between 1999 and 2007that any patents covering it will still be in force.

AMD64 requires SSE2 which was introduced in 2001, right? So isn't it just 1 year until Microsoft can put in what's required for the AMD64 architecture?

7
faragon 5 days ago 0 replies      
Intel will not threat Microsoft, not even indirectly, in my opinion. Rationale: once Apple starts shipping desktops and laptops with ARM chips, the only safe port for the expensive x86 chips would be Microsoft (desktop and server market) and big iron on Linux/Unix/Hypervisors.
8
AstralStorm 5 days ago 2 replies      
So they will ban all virtual machines which sometimes have to go for emulation, e.g. to handle XSAVE?

Scorched earth policy will likely not be defensible under fair use law. Reverse engineering for compatibility has a few precedents.

9
nerpderp83 5 days ago 4 replies      
Well, since x86 is a monopoly ... Intel oughta go easy on this one.
10
tyingq 5 days ago 1 reply      
An earlier discussion here had most people guessing it was Apple, not Microsoft, that Intel was lobbing the threat at.https://news.ycombinator.com/item?id=14518189
11
ikeboy 5 days ago 1 reply      
> And Intel's business health continues to have a strong dependence on Microsoft's business, which has to make the chip firm a little wary of taking the software company (or its customers) to court.

I mean, Apple and Samsung had a billion dollar lawsuit while Samsung chips were still in iPhones. It's certainly precedented to sue a corporation you're actively doing business with.

12
pmarreck 5 days ago 0 replies      
I would personally be pleased if the millstone of the x86 instruction set sank both Intel AND microsoft's hegemony.
13
orionblastar 5 days ago 1 reply      
I remember IBM having a contract with Intel to allow other chip companies to make x86 chips in case Intel could not keep up with demand.

QEMU emulates X86 chips as does other emulators. I wonder how those are effected?

14
jonstokes 5 days ago 3 replies      
Alright, I'll come out of retirement to hit this dead horse another lick.

"if WinARM can run Wintel software but still offer lower prices, better battery life, lower weight, or similar, Intel's dominance of the laptop space is no longer assured."

Peter. My man. I laughed. I cried.

For the millionth time, the ARM ISA does not magically confer any sort of performance or efficiency advantage, at least not that matters in the billion+ transistor SoC regime. (I will include some relevant links to ancient articles of mine about magical ARM performance elves later.) ARM processors are more power efficient because they do less work per unit time. Once they're as performant as x86, they'll be operating in roughly the same power envelope. (Spare the Geekbench scores... I can't even. I have ancient published rants about that, too).

Anyway, given that all of this is the case, it is preposterous to imagine that an ARM processor that's running emulated(!!!) x86 code will be at anything but a serious performance/watt disadvantage over a comparable x86 part.

This brings me to another point: Transmeta didn't die because of patents. Transmeta died because "let's run x86 in emulation" is not a long-term business plan, for anybody. It sucks. I have ancient published rants on this topic, too, but the nutshell is that when you run code in emulation, you have to take up a bunch of cache space and bus bandwidth with the translated code, and those two things are extremely important for performance. You just can't be translating code and then stashing it in valuable close-to-the-decoder memory and/or shuffling it around the memory hierarchy without taking a major hit.

So to recap, x86 emulation on ARM is not a threat to Intel's performance/watt proposition -- not even a little teensy bit in any universe where the present laws of physics apply. To think otherwise is to believe untrue and magical things about ISAs.

HOWEVER, x86-on-ARM via emulation could still be a threat to Intel in a world where, despite its disadvantages, it's still Good Enough to be worth doing for systems integrators who would love to stop propping up Intel's fat fat fat margins and jump over to the much cheaper (i.e. non-monopoly) ARM world. Microsoft, Apple, and pretty much anybody who's sick of paying Intel's markup on CPUs (by which I mean, they'd rather charge the same price and pocket that money themselves) would like to be able to say sayonara to x86.

The ARM smart device world looks mighty good, because there are a bunch of places where you can buy ARM parts, and prices (and ARM vendor margins) are low. It's paradise compared to x86 land, from a unit cost perspective.

Finally, I'll end on a political note. It has been an eternity since there was a real anti-trust action taken against a major industry. Look at the amount of consolidation across various industries that has gone totally uncontested in the past 20 years. In our present political environment, an anti-trust action over x86 lock-in just isn't a realistic possibility, no matter how egregious the situation gets.

So Intel is very much in a position to fight as dirty as they need to in order to prevent systems integrators from moving to ARM and using emulation as a bridge. I read this blog post of theirs in that light -- they're putting everyone on notice that the old days of antitrust fears are long gone (for airlines, pharma, telecom... everybody, really), so they're going to move to protect their business accordingly.

Edit: forgot the links. In previous comments on exactly this issue I've included multiple, but here's a good one and I'll leave it at that: https://arstechnica.com/business/2011/02/nvidia-30-and-the-r...

15
clouddrover 5 days ago 0 replies      
For anyone interested, here's a Microsoft Channel 9 video in which they talk about some of the x86 emulation layer internals:

https://channel9.msdn.com/Events/Build/2017/P4171

16
payne92 4 days ago 0 replies      
It will be interesting to see how this strategy fares in the US, given the Alice ruling which made it much harder to patent methods that were purely software.

Intel's strategy of going after other hardware companies may not translate neatly to emulators.

17
dboreham 5 days ago 1 reply      
Logically this implies that I can't execute some i386 binary that I possess without infringing Intel patents.

I think this theory of infringement has to run into various thought-experiment problems such as : can I auto-translate that binary into some other instruction set, then execute the translated binary, without infringing Intel patents? (yes, surely) Is the translator now infringing Intel patents because it has to understand their ISA? (no, surely).

Now, can I incorporate that translator into my OS such that it can now execute i386 binaries by translating them to my new instruction set which I can execute either directly or by emulation? If so then I am now not infringing. Or did infringement suddenly manifest because I combined two non-infringing things (translator + emulator for my own translated ISA)?

18
make3 5 days ago 3 replies      
How did I not already know Microsoft had a working x86 emulator.. this is a massive game changer for the laptop space if it's fast and reliable enough, as afaik ARM chips are so much more power efficient for similar perf
20
sliken 4 days ago 1 reply      
Keep in mind the most relevant instruction set is the X86-64 instruction set (32 bit code is not very relevant these days). The x86-64 ISA was created by AMD, not Intel. Intel was busy trying to milk the enterprise market with the Itanium, trying to reserve 64 bit as an enterprise feature.
21
narrator 5 days ago 0 replies      
Another component of Microsoft getting off Intel is that the antitrust settlement only applied to x86 hardware, so MS getting off x86 would let them lock down the platform and do all their dirty tricks all over again.
22
someSven 5 days ago 3 replies      
May someone please elaborate on the difference between what MS does and emulators on Linux like Quemu and ExaGear?
23
kev009 5 days ago 1 reply      
IBM sold an x86 translation for a while https://en.wikipedia.org/wiki/PowerVM_Lx86. Would be interesting to know why it was discontinued.
24
mtgx 5 days ago 1 reply      
So Intel is so scared of little ol' ARM (compare their revenues) that it's willing to use patents to take it out of the PC market, rather than compete on technical grounds?

Okay, got it. I'll make sure to account for that in my next CPU/device purchase.

25
mental_ 5 days ago 3 replies      
If AMD can implement x86 in hardware, why can't Microsoft implement it in software?
26
chris_wot 5 days ago 1 reply      
Windows still has a HAL, makes me wonder why Microsoft don't just cut a new HAL for the ARM.

It's quite possible I'm missing something vital here, of course.

27
julian_1 5 days ago 0 replies      
Anyone know if it is an emulator, or an on-demand isa translator that operates at runtime? I wonder what the implications are for infringement.
28
asveikau 5 days ago 0 replies      
Another reason Microsoft should be telling ISVs to recompile for Win32 on ARM instead of binary emulation.
29
zekevermillion 5 days ago 1 reply      
I'll just sit hear eating my popcorn and waiting for a lowRISC computer I can buy.
30
ksec 5 days ago 0 replies      
Everything Intel have said and put forth are Hardware companies. I can't believe anyone can be sued for software emulation of x86.

And unless Qualcomm and Microsoft are working on a Hardware assisteed X86 emulation, this warning shot may be directed at somebody else.

My guess: Apple.

31
nickpsecurity 5 days ago 0 replies      
I was just watning about fhis on anothet thread. It's not competition if it requires compatibility with patdnt-protected ISA or microarchitectures. It's coercion.
32
dis-sys 5 days ago 1 reply      
best outcome I can think of:

AMD licenses x86 patents to Qualcomm/MS to make x86 emulator better patent troll proof. In return, Qualcomm and AMD team up for better ARM server based processors. MS can sell more Windows/Windows Sever (sad).

33
syshum 5 days ago 0 replies      
Microsoft should Partner with AMD to pressure the big desktop and laptop OEM's to stop using Intel CPU;s

I would love to see Dell, Lenovo and HP to switch exclusivly to Ryzen processors,

And switch to the new Naples CPU in all their Server/Storage systems

26
Europe mostly ends mobile roaming fees from today techcrunch.com
345 points by janober  17 hours ago   323 comments top 25
1
endijs 16 hours ago 21 replies      
This idea was good. But in reality what happened in Latvia was very simple and expected move by telcos - all three of them raised prices for all subscriptions by about 3-4 monthly (which is ~30% increase). Yes, now you can feel better while traveling, however everyone now pays extra every single month. For some situation now is better, while others pay for it even if they do not need such freedom. Those who are in first category are happy, others not so much.

Edited: It's interesting to see how comment which states facts, can get upvoted and downvoted this much. Sometimes voting in HN does not make any sense (to me). I understand that upvote is "thanks for letting us know those facts". What are downvotes representing? That I should not write at all, that price increase for all 3 telcos is fine, that everyone should be happy? Rhetorical question.

2
rekshaw 14 hours ago 2 replies      
A lot of people complaining here. I am based in Luxembourg currently, and went to London last week. The peace of mind of landing in a foreign city and being able to use your phone as if at home truly is incredible. I could really feel the barriers to traveling fading. (Ironic that it was London, I know). BTW, my Luxembourghish telco actually aligned with the EU directive ahead of time (June 1st).
3
eXpl0it3r 14 hours ago 3 replies      
Here in Switzerland we have some of the highest mobile prices ($30+) [1], yet our mobile providers will not remove the fee like the rest or Europe. Our politician try to enforce every single new EU-law, but when there's once something that would benefit the people, they come up with many excuses why this couldn't be applied and how Switzerland isn't part of the EU and doesn't have to follow through...

[1] https://www.swisscom.ch/en/residential/mobile/subscription-t...

4
Shalle135 11 hours ago 2 replies      
Moving more freely in EU why are people against that? Sure LT, LV, Poland, Romania etc probably got a slight raise. At the same time these countries are heavily subsidized by the rest of the countries already. What they also have is alot of people working abroad so then they are allowed to surf with their cheap plans in not so cheap countries.

I can also note that this law has resulted in alot more unlimited plans. I myself have just gotten one which includes 30gb of roaming. Is it cheaper than before? Hell no. Do I have to care about how much I surf, when or where? Not anymore - and freedom is worth the extra 20.

5
_miroz 16 hours ago 23 replies      
I'm wondering why the regulation was necessary and why the free market forces didn't bring the prices or roaming down?What are the forces in telecom industry that kept the prices so high (assuming that the prices were higher then necessary)?
6
mstade 14 hours ago 4 replies      
This is great, now I can ditch my UK Three SIM that I've had for years simply because they implemented a "feel at home" kind of policy long ago, where roaming within the EU is free. There was always a data limit, and you can't tether your phone to your laptop which was annoying, but it's been great for me who's been travelling in the EU frequently. Now I can drop that extra 30/month cost and don't have to carry extra SIMs. I love it.
7
Markoff 9 hours ago 0 replies      
this is all nice and dandy but it's still only half job, since this doesn't mean there are no charges for international calls

so yes receiving calls or using internet will be same as home, you still have to watch what number you are calling, if it's from country of your carrier or different

please correct me if I am wrong

EDIT: so I was right, now it's even more insane than before:

For example: If you have a Belgian card and you travel to France and call either a hotel in France, back home to Belgium, or to any other country in the EU and the EEA, you are roaming (refer to legal text on the regulation on roaming) , and you will pay Belgian internal domestic prices (refer to legal text).

However, if a Belgian SIM card holder calls from Belgium to Spain, she/he will pay the international tariff. Calls from home to another EU country are not roaming and are not regulated.

source: https://ec.europa.eu/digital-single-market/en/faq/frequently...

TLDR: there are no fees for international calls while you are in roaming, but when you return back home enjoy fees for international calls, using your SIM in foreign network is cheaper than using it in your own network at home

8
unsigner 14 hours ago 1 reply      
Result around here: roaming disappeared from all mobile plans except for the most expensive ones, which got nudged a few euros up.

The frequent travellers (presumably wealthier) get subsidized by the infrequent travellers (presumably less wealthier).

9
danmaz74 16 hours ago 0 replies      
It was about time; it will also help a lot with short-term mobility around the EU.
10
simion314 14 hours ago 1 reply      
I am wondering how much extra cost the operators for a roaming call, in both case A where both phones are on same operator and in second case where second person is on a second operator.
11
billpg 16 hours ago 2 replies      
Cool, just as Brexit looks to be falling apart under its own incompetence.
12
timwaagh 15 hours ago 0 replies      
well that's nice. at least i can call from belgium now when i will be there on saturaday. however if it is true that all the phone bills go up now then it is just a policy that lets poor workers subsidize rich travellers. that is an ethical problem. however we need to move on with european integration. the current system allows far too many loopholes for rich tax avoiders (who mostly move their money where tax is low) so any integration is a good one.
13
WillyOnWheels 14 hours ago 1 reply      
Prepaid wireless plans in America are marketed as being cheaper than long term contracts.San Francisco tacks on a 23 percent fee to prepaid wireless plans.

http://www.prepaidphonenews.com/2016/03/california-boe-relea...

14
k-mcgrady 15 hours ago 0 replies      
From reading this thread it seems that telecoms companies and the EU need to make it much more clear what is actually happening. Half the people commenting here have one experience and the other half have the complete opposite. It's probably difficult to know how this will all shake out for a couple of years considering most of us are locked into multi-year contracts.
15
bajsejohannes 10 hours ago 0 replies      
The article lists the 28 EU countries, but note that this is true for the countries of the European Economic Area too: Iceland, Liechtenstein and Norway.
16
rdl 16 hours ago 3 replies      
What is the correct European SIM to buy for data/voice/etc. (prepaid)? Presumably best to get one from a country you don't actually visit much, so you're always roaming, and thus don't pay the home to foreign number charges?
17
bane 15 hours ago 0 replies      
Does anybody know what this might mean for Phi users?
18
WillyOnWheels 11 hours ago 0 replies      
for people like me who don't understand how the fees work

http://prepaid-data-sim-card.wikia.com/wiki/European_Union

19
matteuan 16 hours ago 3 replies      
Unfortunately, there is still one important limitation: we will keep the fees for the traffic from our home countries.
20
codecamper 8 hours ago 0 replies      
I wonder if prepay will work with same rates while roaming. I'm in Italy now with 20GB of data from TIM... I'd like to continue using it in Slovenia, but somehow I'm doubting this will work.
21
halloij 16 hours ago 11 replies      
So the cost incurred will be passed on to everyone in higher fees.

eg people who never "roam" are going to be subsidising those people that do.

A negative move spun as a positive... clever EU, clever.

22
throwaway-1209 9 hours ago 0 replies      
As a TMobile customer in the US, tongue in cheek question: what's a "roaming fee"? It's kinda cool when your phone just works worldwide. That's the way it ought to be, imo.
23
Radim 13 hours ago 2 replies      
Ah! Central regulations brought us inefficient telco monopolies and cartels.

Surely some more central regulations will remedy the situation! "To each according to his needs." What could possibly go wrong?

24
mrweasel 16 hours ago 10 replies      
Yeah, the telcos have already found a way out. They simply remove EU roaming from their standard subscriptions and it now becomes an add-on.

So if you want to use your phone in a different country during the holidays, you'll need an EU roaming subscription.

The politicians once again failed to be sufficient precise in formulating a law that would produce the decided result. They should have added a clause that state that all subscriptions are to cover the entire EU.

25
blibble 16 hours ago 8 replies      
I never saw why this interference in the free market was needed when it was making progress, and in some circumstances already provided solutions to the problem

on Three I've had free roaming for years, at no additional cost, across the EU and a good chunk of the rest of the world

http://www.three.co.uk/feel-at-home

27
New features you can't use unless you are in Python 3 asmeurer.com
324 points by bkudria  1 day ago   249 comments top 26
1
KerrickStaley 1 day ago 2 replies      
One big thing that's missing from this list is the __traceback__ on exceptions, which pretty much does what you think it does. In Python 2, there's no way to access the traceback for an exception once you've left the `except:` block. This matters when you're using things like gevent; if one of your gevent greenlets throws an exception and you inspect the .exception attribute on it, you'll be able to get the exception message but won't know what line it came from.

N.B. This is absent from Python 2 due to concerns with creating self-referential loops. The garbage collector got better in the meantime and the feature was never backported to Python 2.

2
dlbucci 1 day ago 5 replies      
I did not know you could append to a Path via "/", but that's really awesome! I also really love working with generators when I write Python. They are just such a simple idea that's very powerful and I miss them so much when I go back to javascript (I know javascript has them now, but I haven't written them, and they don't look as fluent as Python 3, where the large parts of the language design is based around them).
3
morinted 1 day ago 1 reply      
I really like the format strings in Python 3.6: https://docs.python.org/3/whatsnew/3.6.html#whatsnew36-pep49...

Seems that this set of slides (which were very informative!) is for up to 3.5

4
signet 1 day ago 3 replies      
My personal favorite is native support for IP addresses, introduced in python 3.3[0]. Makes IP math and address validation so much easier.

[0] https://docs.python.org/3/library/ipaddress.html

5
NuSkooler 1 day ago 5 replies      
How old is Python 3 now? I've always used Python for a "miscellaneous task" language, and still do... and even I find "...because you refuse to upgrade" a bit insulting. If I used it for something serious, even more so.

The way 2.x -> 3.x was handled is/was/will is an absolute disaster. Upgrading simple scripts is a non-issue. Larger projects seem to always be a horrible pain.

6
Fej 1 day ago 8 replies      
Does anyone use 2.x by choice? I've only seen it required as to not break legacy code.
7
flavio81 1 day ago 1 reply      
TL;DR:

The important stuff that makes a good case for Python 3:

- Adittion of "yield from" allows easier programming with async I/O "a la " Node.js (using 'await')

- Standarized annotations of function arguments and return values can help in the future for type checking, optimization, etc.

Even more important stuff

- Unicode can be used in symbols. You can now use Kanji characters in your function names, to annoy your coworkers and win the International Obfuscated Python Code Contest.

Other stuff

- Minor unimportant stuff that is definitely no reason alone for switching for Python 3.

8
AndyMcConachie 1 day ago 0 replies      
Read this and then realized a bug I was chasing in some Python 2.7 code was actually because I was comparing a Long with a String :)

Thanks for helping me solve my bug dude!

9
gshulegaard 1 day ago 1 reply      
Quite a nice presentation!

But I just wanted to point out that the title is a bit presumptuous. I don't refuse to upgrade to Python 3, it's that the default Python for most distributions is 2 (sometimes as far back as 2.6). If you want to write a user-space tool with Python you can either require additional dependency setup, bundle a full interpreter with your package, or just write Python 2.7/6 code that is forward compatible with Python 3...in which case I still can't use the new features of 3.

At the end of the day, the continued slow adoption of Python 3 today is because ecosystems move slowly. Not to mention the original releases of Python 3 were really rough around the edges (such as being slower than Python 2.7 until ~3.4) which definitely contributed to the slow adoption in the early years.

10
maerF0x0 1 day ago 0 replies      
@OP tag this 2014 https://github.com/asmeurer/python3-presentation/blob/gh-pag...

Feature 0: Matrix Multiplication

Feature 1: Advanced unpacking

Feature 2: Keyword only arguments

Feature 3: Chained exceptions

Feature 4: Fine grained OSError subclasses

Feature 5: Everything is an iterator

Feature 6: No more comparison of everything to everything

Feature 7: yield from

Feature 8: asyncio

Feature 9: Standard library additions

Feature 10: Fun (Unicode variable names etc...)

11
cpburns2009 1 day ago 2 replies      
This presentation could use some navigation buttons.
12
iandanforth 1 day ago 2 replies      
Asyncio is the most important feature of 3.5+ imo. I'm not sure why this is buried at #8.
13
ericfrederich 1 day ago 3 replies      
From: http://www.asmeurer.com/python3-presentation/slides.html#55

... why is this good:

 def dup(n): for i in range(n): yield i yield i
... but this one better?

 def dup(n): for i in range(n): yield from [i, i]
... it would seem you're needlessly creating (1): another level of generators, and (2) creating a real list

14
xutopia 1 day ago 7 replies      
I'm impressed how much Python seems stuck on older versions. What went wrong?
15
ptx 1 day ago 0 replies      
The slides on chained exceptions (feature 3) are missing one thing, I think. The "raise from" example is not really a way to "do this manually", but rather a way make explicit the relation between the two chained exceptions (as can be seen in the traceback messages), which is quite helpful.

The first example says that one error occurred, we tried to handle it, but then another error occurred in the handling. E.g. "Failed to find eggs in refrigerator. Tried to buy eggs, but tripped and broke leg."

The syntax in second example should be used when the exception in turn causes a larger process to fail, e.g. "Failed to make pancakes due to a failure to find eggs in refrigerator."

16
jxramos 1 day ago 0 replies      
Glad to see the Enum class made the list. We've put them to good use in our codebase, especially the Flags enum variant which gives as a powerful summary feature to annotated data samples with all the sorts of flagging information we want to tack around it.
17
alanfranzoni 1 day ago 2 replies      
I still don't think that any of those new functions justifies the need of a total compatibility breakdown, like the one that was artificially induced from python2.7 to python3.

Python3 is good, but should have happened as a smooth transition from python2.7. The way it was handled was just a mess, and still keeps polluting the Python world.

Next time somebody asks what Java has over Python... here it is: nothing like the python 2 vs 3 mess.

18
iainmerrick 1 day ago 1 reply      
The new keyword-only arguments look great, but it looks like it relies on adding a " * " parameter that allows any number of arguments. What if I want the safety of keyword-only arguments, but I don't want varargs? Is there a way to do that?
19
matthewmacleod 1 day ago 3 replies      
Ruby's 1.8 to 1.9 transition seemed to go much smoother - I'm curious what the difference is. Just down to what is essentially better source comparability I guess.
20
jtchang 1 day ago 3 replies      
Just wondering but what should you do if you decide to go with Python 3 and find a library you want to use that isn't compatible and you are short on time?
21
mahyarm 1 day ago 1 reply      
It's funny how the differences between python 2.7 & 3.x is less than swift 2 to 3, yet python stays in 2.7 land forever.
22
flavio81 1 day ago 0 replies      
It seems i also can't scroll to the next page on this slide "because i refuse to upgrade to Python 3"...
23
KaiserPro 1 day ago 0 replies      
thus, python did jump the shark.

The biggest thing that python _needs_ is proper multithreading.

The rest is nice noise.

24
JupiterMoon 1 day ago 5 replies      
Open page. Nothing works. Enable their scripts. First slide shows but nothing works - except the link to the pdf version.

Why not give a link to the pdf version in a <noscript> element?

25
assafmo 21 hours ago 1 reply      
I'm not touching python like it was fire since it threw YouHaveAMissingTabSomewhereException at me 6 years ago.

And it always pisses me off to see a python source code all lower case. Someone would think upper case letters cost money and underscores are a must like a lemon in a corona.

Am I the only one?

26
SeanDav 1 day ago 1 reply      
Alternative view titles:

Zero - The Number of Applications that Can only be Developed in Python 3

or

7456324 - The number of companies that only use Python 2.x

Although these made up titles are slightly tongue-in-cheek, they do server to illustrate that for me at least, I do not have a compelling reason to switch to Python 3.

28
Pistol sights yarchive.net
368 points by luu  2 days ago   319 comments top 19
1
seibelj 2 days ago 16 replies      
Anyone who is diehard anti-gun for personal use, I recommend taking a pistol class from a reputable organization, and keep an open mind. No one is telling you to get a license or buy a gun, just go take a class. They will teach you all about safety, how to shoot, gun cleaning and maintenance, and all of the basic skills needed to properly own a gun. Then if you are still diehard anti-gun, great! But if you have no experience, then taking a day to learn more might help you understand how the other side thinks.
2
electrograv 2 days ago 6 replies      
If you're interested in the science behind this, you may be even more interested in learning how peephole style rear iron sights almost eliminate the dual sight alignment problem of goal-post style rear sights (as commonly found on pistols).

The rear peep sight on rifles take advantage of actual "optical effects", without any glass -- much like a pinhole camera can actually magnify images without any lenses or mirrors at all.

By simply providing an arbitrarily small "aperature" you're looking through in the rear, the front-rear sight alignment problem is not only capped at an upper bound of error (defined by the peephole size and sight radius), but the actual error from front-rear sight misalignment is visually magnified and centered through a fixed viewing point, making it vastly easier to keep the actual error near zero.

So generally, to achieve precision within the (small) upper bound of error with a peephole sight, all you need to do is place the front sight post on the target when looking through the rear peep sight. Even better precision is made much easier via a sort of "peephole camera" effect through the aperature of the rear sight.

3
chrissnell 2 days ago 6 replies      
Going target shooting is incredibly relaxing and a great break from the workday. The focus required to sight in a target and control one's breathing, arm, and finger movement is a very powerful relaxant to me and melts stress away.

I work from home and I live in the burbs so pistol or rifle shooting is not possible. However, I've gotten really hooked on shooting (of all things) my Red Ryder BB gun. It doesn't make a loud noise, it costs almost nothing to shoot, and it's surprisingly accurate for how inexpensive it is. These little BB guns have iron sights like the article discusses.

My favorite thing to shoot is little plastic bottles--particularly the ones that over-the-counter medication comes in. They're durable and make a nice popping noise when you hit them. I put them on little stakes in the back yard at about 10-15 yards and shoot at them from my deck. As I got better, I made up little games, like shooting them in a sequence and trying to get 100% accuracy. I find it easy to get back to writing code after doing this for five or ten minutes.

4
binarytransform 2 days ago 6 replies      
Former JSOC dude here. Circumstances requiring engaging with pistols == bad day for everyone, so only a few things matter. Front sight focus (which implies maintaining equidistance from the rear sight posts), both eyes open, fast presentation, parallel grip, smooth trigger pull, reacquire, repeat as necessary. And optical sights = more things that can break / run out of batteries / fall off and make noise / etc etc.
5
danielvf 2 days ago 0 replies      
I lucked into learning to shoot with a small weekly local group that included a future many time US National Champion, and another person who was in the top five nationwide.

Competitive pistol shooters actually use several different sight picture styles.

In the speed styles of competitive shooting, the goal is to hit targets as fast as possible, so you want to make each shot in the "worst" way that will give you about a 95% chance of a hit. So for a close, low risk target, a shooter may look only at the target and ignore the sights, for a tiniest fraction more speed.

For most targets, the looking at the front sight is correct. Shooters tend to lock their upper body into one shape, then pivot it from target to target while shooting a string. This locks the rear sight in just the right place behind the front one. When the front sight is put on target, the rear sight is automatically in the right place. It's true that the target does become blurred a little when you do this.

Then for really far targets, you do have to bring your focus back a little farther, and see and care about both sights.

The sight picture is not the only thing that changes from target to target. You usually budget the amount of time spent for each shot.

Surprisingly, many pros know where their round will hit before it reaches the target. The time penalty for missing a shot is so high that it's almost always better to take a second shot in case of a miss. However, it takes a while for a pistol shot to reach the target, and for your eyes to see where it landed (plus you'd have to change your focus to look for it, then back again to your sights). To get around that, with practice, you can know in the moment you pull the trigger where the round went, and follow it up in about a twentieth of a second with another round.

In most competitive pistol matches, the sequence of targets to be shot on a given stage is not rigidly defined. There are often plenty of constraints (this group must be shot before these) or timing related constraints in some sports (shooting this target will cause a pair of targets to pop up in 1.2 seconds). Given this, there's a surprising amount of planning that goes into discovering the optimum run. The details of each shot are then worked out and mentally rehearsed.

6
bawana 2 days ago 1 reply      
Gun safety should be taught in school. Just like driver's ed. Why do we give no attention to these weapons which are real, commonly available and impossible to eliminate from our world? Showing teenagers 3 months of ballistic videos of various projectiles going through gelatin will give them a better appreciation for reality, rather than relying on games like call of duty to 'mis-educate' them. What can possibly be learned by an 18 year old in a single hour safety course prior to getting an FID ?

And knowing when a gun is being handled safely will prevent many of the accidents that occur when the naive start handling a gun like they've seen done on television and film.

7
leroy_masochist 2 days ago 1 reply      
It's also important to note for broader context that pistols, despite the number of people who take pistol accuracy seriously, are not really designed for precision marksmanship.

For the use cases that really matter, you won't be taking well-aimed shots, you'll be trying to get rounds out of the weapon in the general direction of the threat as quickly as possible, in order to buy yourself some time and/or space.

The front sight rule is not just the best aiming mechanism for the reasons of geometry described in the article, it's also the quickest way to acquire a basic sight picture under stressful conditions.

8
c517402 2 days ago 1 reply      
Instead of using convolution to produce the imagery, I think it should be produced using fractional Fourier transforms. IIRC fractional Fourier transforms are mathematically equivalent to Fraunhofer and Fresnel diffraction integrals. Although, the convolutions look good.
9
xtreme 2 days ago 1 reply      
I wonder if this is related to [Hyperfocal Distance](https://en.wikipedia.org/wiki/Hyperfocal_distance), a concept familiar to many photographers. Roughly, if you focus on the background (infinity), the foreground would be blurry; and vice-versa. If you focus about ~1/3rd into the scene, you'd have everything in reasonably sharp focus.

Unlike camera lenses, our eyes can't easily focus on an arbitrary distance without an object being present there. Perhaps the front sight is working as an approximation of the hyperfocal distance.

10
euroclydon 2 days ago 1 reply      
I have this little drill I do, with a iron sighted handgun or rifle. I give myself no more than 2 seconds to bring the weapon up, acquire the target a shoot. I can pay attention to the rear sights, but then I never hit anything. In this drill, I've found that maintaining a consistent body position, and only paying attention to the front sight yields the best results. I just put the front sight on the target and pull the trigger. Distance about 10-15 yards. Target is soda can.
11
tahabi 2 days ago 0 replies      
What are the rates of gun ownership among hackers? Conversations with old alumni from school indicate that back in the day, a lot of them were firearms enthusiasts, but it seems that trend died out near the turn of the century. I know MIT still has a rifle and pistol range, however.
12
exabrial 2 days ago 0 replies      
I prefer shooting iron sights under 150yds, but I use peep sites, which don't suffer as many problems.

Fascinating analysis!

13
OliverJones 2 days ago 1 reply      
Interesting that the author didn't mention ambient light levels explicitly.

A constricted pupil (from daylight) has a much greater depth of field than a dilated one (from darkness). So everything will appear sharper in the light of day.

Do at least some practice in low light conditions.

14
ajmarsh 2 days ago 2 replies      
There are improvements to be had in pistol sites that don't involve battery powered gimmicks. The trapezoid sights on Steyr M pistols for example. I rented one from my local range and it works well for new shooters.
15
RUG3Y 2 days ago 1 reply      
Near the end of the article, he mentions that some people say that it's more difficult to aim a weapon that has a shorter sight radius. Actually, I think it's more accurate to say that having your sights out of alignment with shorter sight radius will have a more dramatic effect on your accuracy.
16
csours 2 days ago 1 reply      
> "But optical sights small and robust enough to be mounted on a pistol slide are a recent development, and are costly; very few handguns have one mounted."

This is still true, but pistol red dot sights are becoming more prevalent.

17
cynicalbastard 2 days ago 2 replies      
> I was told once by a proficient pistol shooter that he ignored where the front sight was on the target, and paid attention only to the alignment of the two sights relative to each other. Since he did in fact hit the target,

is the "two sights" here the rear sight which has two posts, or the two sites as in front sight + rear sight?

several pages of reading and then .. an ambiguously worded conclusion.

18
plazmatic 2 days ago 2 replies      
Isn't this supposed to be a HACKERS NEWS blog? What in the hell does some article about pistol sights have to do with this?

I literally only made an account to post about how absurd and out of place this article is. If I wanted some second amendment lovers blog (and I don't), I'd simply find one.

Strike one, "hacker news". Strike one.

19
baby 2 days ago 3 replies      
Kind of off-topic. But I had a thought the other day: without the US we wouldn't have action movies like James Bond or FPS and other shooters video games. It's interesting to see that guns are rare in other countries' movies/discussions. Maybe FPS would all be like Nintendo's octopus thing.
29
If you cant explain something in simple terms, you dont understand it kottke.org
334 points by daschaefer  7 hours ago   192 comments top 59
1
freddref 6 hours ago 11 replies      
Feynman also said:

"Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize." [1]

Showing a limitation of the maxim or Feynman's hubris?

[1] https://en.wikiquote.org/wiki/Richard_Feynman

2
jancsika 33 minutes ago 0 replies      
This Feynman quote from the article is put in the wrong context:

> I really cant do a good job, any job, of explaining magnetic force in terms of something else youre more familiar with, because I dont understand it in terms of anything else youre more familiar with.

The article implies this is a case of the scientist expressing that he didn't understand a thing. But watching the video in full[1], one realizes he is saying something different:

"It's a force which is present all the time and very common and is a basic force.

[...]

I can't explain that attraction in terms of anything else that's familiar to you. For example if we say that magnets attract like as if they are connected by rubber bands I would be cheating you because they're not connected by rubber bands-- I should be in trouble if you soon ask me about the nature of the band. And secondly, if you were curious enough you would ask me why rubber bands tend to pull back together again, and I would end up explaining that in terms of electrical forces which are the very things that I'm trying to use the rubber bands to explain. So I have cheated very badly, you see."

In other words, for some phenomena the only simple examples are themselves instances of that same phenomena. So the only possible analogies are themselves merely tautologies.

I've noticed something less sweeping though similarly absurd with the internet. As more and more of people's daily lives depend on internet technologies, it becomes more difficult to find modern, simple examples for analogies that don't rely on similar internet technologies. So someone who wants to explain the wonders of packet switching compares it to long-distance telephone calls, but they then spend the bulk of that time explaining long-distance phone calls to people who have never used a wired phone.

1: https://www.youtube.com/watch?v=wMFPe-DwULM

3
ivanbakel 6 hours ago 9 replies      
The problem I find with this outlook is that it takes technical terms being jargon at face value. If you can't fall back on progress in language which allows you to express more complex ideas, you're not going to reach the same depth of understanding in simpler words without it taking a lot longer anyways - with most of your time spent reestablishing what you just threw out the window.

If you rehash it in smaller words, just by information density alone, aren't you guaranteed to be losing some detail?

4
killjoywashere 10 minutes ago 0 replies      
The author is not a student of physics and didn't go through Feynman's lectures. Some of the stuff Feynman said may sound like the droll wisdom of an ancient wizard to laymen, but if you've studied physics, it sounds more like a fun introductory confection. The layman hears genius, a journeyman hears the chef's description of this evening's specials.
5
jknoepfler 6 hours ago 18 replies      
This strikes me as raw arrogance. Complexity is intrinsic to many systems that are subject of expert study. To tell someone who has devoted their career to understanding a complex topic that they don't understand their subject because they can't express it in layman's terms without doing terrible violence to the underlying phenomenon is ludicrous.

This is the sort of thing you'd believe if you were an arrogant 20-something who thought they could learn any subject in a few hours, cushioned thoroughly by the illusion of understanding.

"Oh yeah, I understand the mechanisms of human vision. It's just rods and cones."

"I understand the causes of the American revolution. It was just people protecting their property."

"I understand Joyce's Ulysses. It's just follows three people from Dublin over a single day. I read the Cliffs notes."

"I understand why coffee makes me alert. It's just blocking some brain things that make you sleepy."

Now, I will agree that if you don't know how to break interactions down into teachable parts, you will probably have trouble as an engineer or scientist both advancing your own knowledge and introducing people to the field. But to suggest that your understanding of a subject hinges on being able to deliver an explanation in simple terms is just silly.

6
ChuckMcM 5 hours ago 1 reply      
"What I cannot create, I do not understand."

This actually came up for me at the office. I was asking a bunch of questions about the Z transform and the Fast Fourier Transform. The person I was talking to said, "Hey, just call the function in MATLAB, it doesn't matter how it works, just that you understand what it is saying."

All of my life I have rebelled at this notion. My earliest recollection of running into it was when I was in grade school and took apart three wind up alarm clocks, each more carefully than the one previously. My Mom was curious what I was looking for and I told her, "How does a clock know how long one second is?" She didn't know, and I didn't know, and while I had mastered using a clock and accepting that it would go off when I set it to go off, I didn't really "know" how a clock worked until I had taken apart and identified, (and modified to validate the identification :), the escapement.

7
NumberSix 6 hours ago 2 replies      
This is Feynman from the introduction to his Feynman Lectures on Physics:

The question, of course, is how well this experiment has succeeded. My own point of view which, however, does not seem to be shared by most of the people who worked with the students is pessimistic. I dont think I did very well by the students. When I look at the way the majority of the students handled the problems on the examinations, I think the system is a failure. Of course, my friends point out to me that there were one or two dozen students who very surprisingly understood almost everything in all of the lectures, and who were quite active in working with the material and worrying about the many points in an excited and interested way. These people have now, I believe, a first rate background in physics and they are, after all, the ones I was trying to get at. But then, The power of instruction is seldom of much efficacy except in those happy dispositions where it is almost superfluous. (Gibbon)

Richard P. Feynman, 1963

http://feynmanlectures.caltech.edu/I_91.html

Note that by his own account, most of his students did not do well. James Gleick's biography of Feynman, Genius, has a longer discussion of the disappointing results of his lectures to undergraduates at Caltech, many of whom reportedly stopped attending the lectures as they were not getting anything useful out of them.

That Feynman in fact had difficulty explaining freshman physics to the highly qualified students at Caltech surely does not indicate he did not understand freshman physics.

Some topics are simply very complex. It is not clear that they can always be conveyed in simple terms. In some cases, a "big picture" explanation may be possible but the details remain complicated. In some cases, a hand-waving analogy to some everyday phenomenon may create the illusion of understanding but be misleading or wrong.

To give a specific modern example, a state of the art video codec such as H.264 is extremely complex, built of many complicated components and sub-algorithms. While it may be possible to explain the big picture in relatively simple terms, the detailed implementation and operation is not simple. The inability of someone who creates or implements a video codec to explain it in simple terms to a layman is not an indication that they do not understand it.

8
startupdiscuss 6 hours ago 2 replies      
This is generally true but I will add one wrinkle.

And there are three kinds of explanation:

1. visual

2. mathematical

3. linguistic

So sometimes, you understand something visually, or mathematically, but you are forced to put it into verbal terms (say, over a text only channel, or voice), and then you may seem not to be able to explain it even though you understand it.

9
SiVal 5 hours ago 1 reply      
Understanding something is having a good working model stored the way brains store models, which is quite a complex network. Explaining it requires finding a way to serialize it that makes it as easy as possible for a listener to reconstruct the model in his own mind.

I think the effort involved in trying to come up with a serialization causes us to more carefully examine our models, which usually improves them.

But I don't think the lack of a good serialization implies the lack of a good model.

10
aeturnum 6 hours ago 0 replies      
I think this is broadly true, but not in the way a lot of other commentators mean.

Explaining something in simple terms does not mean you _fully_ explain it. You explain the essence (or what you see as the essence) of the thing. Google search is: you type a question into a box and Google shows you the best answer. Google search is a lot more than that, of course, but if you can't "boil it down" you don't understand it.

This is the top line of a git commit v.s. the comments you leave in the source code. You can spend months working on thousands of lines of code, bur if you can't describe it in a single sentence (while leaving a lot out!) it's a bad sign.

11
scandox 6 hours ago 1 reply      
In job interviews I always zone in on the most complicated thing someone has worked on and then ask them to explain it to me. Often a thesis or a project or a large system or something low level to do with OS features etc...

It is amazing how rarely people can get it across to me in basic terms. In fact even the idea of breaking it down into non technical concepts seems to be surprising and alien to many people.

I really admire those who can.

12
mikebenfield 6 hours ago 3 replies      
I think this idea is basically nonsense. Some things are complicated. To "explain" them in simple terms you necessarily leave out a lot of information. If all that information isn't crucial to the core idea, maybe that's worthwhile. But sometimes that information is crucial.

Some people look at advanced mathematics or physics and wonder why it has to be so complicated and so full of jargon. It's complicated because it is. The jargon, believe it or not, is mostly an attempt to make it easier to communicate. It would be very, very difficult to wade through these ideas without introducing new words with precise definitions.

Then again, John von Neumann said, "In mathematics you don't understand things. You just get used to them." So maybe the title is true for trivial reasons after all.

13
octref 6 hours ago 2 replies      
Or to quote PG's Write Like You Talk[0]:

And in my experience, the harder the subject, the more informally experts speak. Partly, I think, because they have less to prove, and partly because the harder the ideas you're talking about, the less you can afford to let language get in the way.

Informal language is the athletic clothing of ideas.

[0]: http://www.paulgraham.com/talk.html

14
makecheck 6 hours ago 1 reply      
It's not realistic to expect this. If everything could be simplified to this degree, you would never need experts.

It is also dangerous to assume this, because that is exactly how we reached the "my uninformed opinion is as valid as your years of experience" aspect of the current political climate. NO, things are NOT as simple as you think they are just because you saw it in the space of a tweet!

On the other hand, it is important to recognize expertise over bullshit. The easiest defense is having several experts, since at a certain point they would need to do an awful lot of collusion to just make things up between them (i.e. if enough of them agree then what they say is apparently correct).

15
rdlecler1 6 hours ago 0 replies      
Nassim Taleb makes a convincing argument that you first understand something implicitly and then later it becomes formalized. I'm not sure I buy into the idea that people with great communication skills have privileged understanding. The underlying assumption here is that understanding is verbal. I reject that hypothesis.
16
timoth3y 1 hour ago 0 replies      
There is no reason to believe this statement is true, and the article doesnt even try to make a case for it. It feels like it should be true, but the discussion is really just asserting the statement.

Skeptic: I understand X. Ive spent years working on it, and Im recognized as an expert in the field. but I cant explain X in simple terms.

Believer: Well, then you obviously dont really understand it. Can you prove to me that you do"

Being able to explain things in simple terms is a skill in and of itself. Many people do not possess this particular skill, but that does not mean they are unable to understand any subject.

17
imjustsaying 46 minutes ago 1 reply      
So people who can't teach their own language to foreigners in simple terms don't understand their own language?

I've witnessed dozen of people try and spectacularly fail at teaching their own language.

18
mabbo 6 hours ago 2 replies      
Edit: apparently, I have been misinformed for a very long time. These are still excellent lectures to watch though!

The Feynman Lectures are now on Youtube[0], and I like to watch them (all of them) every few years. I highly recommend that if you've never seen them, you take some time and watch them- really watch them. Close the other windows, turn your phone to do not disturb, and really watch these masterpieces of education.

[0] https://www.youtube.com/watch?v=j3mhkYbznBk

19
Animats 6 hours ago 2 replies      
That works for physics, which seems to be parsimonious with its base concepts. The equations which define most of physics fit on one sheet of paper.

It doesn't work for biology, which is complicated at the bottom. Evolution doesn't have the parsimony of physics. Nor does it have to be understandable by humans.

Whether it works for software is a design issue. It's certainly possible to create software which cannot be explained simply.

20
arto 6 hours ago 0 replies      
Counterpoint from Feynman himself:

https://www.youtube.com/watch?v=MO0r930Sn_8

21
pwaivers 6 hours ago 1 reply      
Being able to explain something in simple terms is actually REALLY difficult to do. It is a skill in itself. Someone can intuitively understand math very well, but lack the skill to explain it to someone else at all.
22
CatMtKing 5 hours ago 0 replies      
I practice taijiquan, a martial art. My teacher often describes concepts that I can relate to basic mechanics. When I do, it feels like I understand, but as my teacher says -- until you can actually express it with your body, you don't really understand.

For example, a lever seems conceptually simple, but to create a lever in the body is extraordinarily hard. The joints have to be solidly connected and free to open or close. The direction must be precise and rotation must not wobble. There are so many things that can err and lots of places for force to leak out.

23
zerr 6 hours ago 0 replies      
No. The teaching ability is a completely different dimension, orthogonal to other skills/knowledge you have.
24
taurath 6 hours ago 0 replies      
My favorite corollary (attribution unknown) -

"But if you can ONLY explain something in simple terms, you still don't understand it"

25
jjguy 4 hours ago 0 replies      
Einstein said it first:

If you can't explain it to a six year old, you don't understand it yourself.

https://www.goodreads.com/quotes/19421-if-you-can-t-explain-...

26
sh87 6 hours ago 1 reply      
This is an interesting logic fallacy here. Consider this example.

Monkey eat => Monkey live.

Monkey live => Monkey eat.

Monkey not eat => Monkey not live.

Monkey not live => Monkey not eat.

Here "=>" is used as in "implies"/"because". The last statement is weird. There are more ways for monkey to "not live" than to "not eat".

Not being able to explain does not imply not being able to understand. Not understanding surely implies not being able to explain.

Correlation, Causation, get it ?

27
leepowers 5 hours ago 0 replies      
Feynman is an outlier, a very rare talent that could handle very complex maths and also communicate these concepts in an approachable, charming, and laid-back style. This is an in-born talent and also a skill that can be taught. But communicating complex systems is a separate proficiency from understanding those systems.

The main issue when explaining concepts (especially maths concepts) is switching from one formal context to another, deciding what details to omit, and determining what rules in both contexts should be treated as analogous.

Think of a translator. He/she/it needs proficiency in two languages to do a proper translation. Lacking a second language precludes translation. But it doesn't affect mastery of your native tongue.

28
CalChris 4 hours ago 0 replies      
I interviewed a woman once who'd graduated from Caltech. She was massively overqualified and a fine fit. So about 10 minutes into the interview I started just having a nice conversation.

She'd gone to Caltech. That was on her resume. So I asked her if she'd ever taken a class from Feynmann. That was actually unlikely but she had sat in on a seminar with Feynmann once. She said he could explain the most difficult material and that you would understand it. You would understand it walking away and this would last about 15 minutes during which time you confuse yourself.

29
simlevesque 6 hours ago 1 reply      
In french we have a saying which translates to: whatever is well conceived is clearly said... and the words to say it flow with ease
30
keithnz 5 hours ago 0 replies      
I think you can't explain something in simple terms if you don't understand it, is true, but the other way around isn't entirely true, or at least it's a bit more fuzzy.

Often, it takes a lot of awareness of what are the common mental models / mental blocks other people have when learning the concept you are trying to communicate. You have to structure things as a series of strategic progressions before tackling the most complicated form of something, all of that is more the art of teaching ( which of course requires good understanding )

Of course, if someone can do that, it's a brilliant proof they do understand something.

If they can't do it, then it can leave you with doubt what someone else understands. Which in Apples case may be considered entirely unacceptable.

31
nebulous1 6 hours ago 0 replies      
I think some people (even lots of people) are pretty bad at explaining things, even things they understand.
32
olegkikin 4 hours ago 0 replies      
That's just not true, it's confusing explanation and oversimplification. Many complex things require years of study just to understand that thing even in the most simple terms. Try and explain string theory to someone who has no idea of particle physics, colliders, quantum theory. At best you can make up some abstraction which doesn't explain anything.
33
jasonthevillain 3 hours ago 0 replies      
Likewise, just because you can explain something in simple terms, doesn't mean you understand it.
34
moarrgan 5 hours ago 0 replies      
I feel like a lot of the commenters here are making a false assumption, arguing "just because you can explain something in simple terms doesn't mean you understand it - look how much nuance and complexity gets lost!" That statement makes the assumption that you must explain the subject to another individual to the point where they understand that subject as well as you do. Well, obviously you are going to lose complexity, just on the basis of explaining something in simple terms. The point is that if you cannot distill something to its core ideas to the point where someone else will gain a basic understanding of that concept, then you do not understand what its core ideas are, and therefore do not understand the concept itself. No one is arguing that what took you 10 years and a PhD to understand is something you can explain "simply" to someone and they will emerge with the same level of understanding as you have. No, they will emerge with a basic understanding of that concept if you have explained it well.
35
nroach 6 hours ago 0 replies      
I like the sentiment behind this article, but simplification (like lossy compression) omits information for the cause of simplicity, leading to an incomplete understanding.

Take for example legal concepts like securities law or environmental regulation. Yes, you can "simplify" an explanation of the Securities Act or the Paris Accord enough to fit them into a tweet, but you lose information necessary to formulating a full understanding.

If you're trying to have an informed debate about policy adoption, the details matter.

36
jpmattia 5 hours ago 0 replies      
If curious: This Feynman quote was more specifically about the spin-statistics theorem.

https://en.wikipedia.org/wiki/Spin%E2%80%93statistics_theore...

And to be fair, it's pretty rough sledding even when you understand the operators involved.

37
zobzu 5 hours ago 0 replies      
"or you just don't have good communication skills"It's a classic fallacy. While it has some truth to it it's not the only single reason to decide if you understand the subject or not.

In fact, "if you make this fallacy, you're a terrible human being" (which is sarcasm here since this very statement includes the exact same fallacy)

38
wolco 6 hours ago 0 replies      
If you can explain something in simple terms you may not understand the complex details.

If you hold a complex idea in your head translating that into English can be difficult because part of the process is removing/altering information to fit into existing notions. That is why buzzwords are popular they can take an idea and put it in a relatable concepts for the masses.

39
littlestymaar 5 hours ago 0 replies      
IMHO, this statement never hold for Maths : since all math reasoning is just the construction of a logical and symbolic proof based on a set of existing theorems and the underlying axioms, it requires the student to :

1. be familiar to the logical reasoning : what implies or even for any x means. 2. know the relevant set of theorem and axioms used in the demonstration.

You could probably illustrate what a mathematical result implies in some real-life example, but you won't be explaining it.

Quantum physics is a really good example of this, because it's not that difficult to understand if you look at it with the mathematical PoV : it's basically linear algebra in infinite dimension, you have vectors (in the space of functions of |R) and linear applications on these vectors (with all properties of such applications, like eigenvalues and eigenvectors), etc. But if you try to explain it in simple terms, you're going to distort the reality to fit in the macroscopic-scaled human representation of the world and you'll probably say things that won't be true.

40
bryanrasmussen 6 hours ago 1 reply      
Or maybe you are just a really bad communicator.
41
elnygren 4 hours ago 0 replies      
"had I more time, I would've written a shorter letter".

Remember that "in simple terms" does not mean easy or over simplifying something. To me it means making a to-the-point and jargon-free explanation.

42
naikrovek 6 hours ago 1 reply      
This is so untrue. If true, beings that can't speak or write can never understand anything.

I understood very early in life that if I cried I would be hit. I couldn't talk, write, or communicate my understanding in any way, but I understood clearly.

43
matthberg 3 hours ago 0 replies      
I think this is part of the beauty of simple.wikipedia.org. It is not only a way for laymen to understand complicated things, yet proof of the research being an actual understanding of the concept.

In the words of the xkcd on the subject, (check the title text):

"Actually, I think if all higher math professors had to write for the Simple English Wikipedia for a year, we'd be in much better shape academically."https://xkcd.com/547/

44
blakesterz 6 hours ago 0 replies      
Kottke's one of the very few blogs I've been reading for what seems like forever. He's still doing good work. Recently he's been trying membership, which I've not seen on a site like his anywhere else.
45
flavio81 6 hours ago 0 replies      
In science and engineering, there are some things that can't just be explained in a small amount of simple words to laymen.

Sadly it's 2017 and the popularity of TEDTalks make the laymen think otherwise.

46
known 50 minutes ago 0 replies      
If you can't explain it to a six year old, you don't understand it yourself Albert Einstein
47
Tomminn 2 hours ago 0 replies      
Corollary: All ideas worth understanding are simple.
48
tutufan 5 hours ago 2 replies      
Linear time suffix tree construction. You have 90 seconds. Go!

:-P

49
barce 5 hours ago 0 replies      
Another way of putting this is: If you can't use lego blocks to build something, then you don't understand it. But why would anyone want to recreate Shakespeare using lego blocks, or recreate a motorcycle using lego blocks? I'm sure a 5 year old would love it to pieces. I would rather make a reproduction of a motorcycle with real metal.
50
std_throwaway 5 hours ago 0 replies      
Keep it as simple as possible but don't try to make it more simple than it actually is.
51
marknadal 6 hours ago 0 replies      
Ah, I love Feynman. I see some other people in this thread arguing against even bothering to do this, which is sad.

We've started doing Explorable Explanations / Animated Explainers, here are some we've done and some that others have done:

- Explaining how GIT works: http://gun.js.org/explainers/school/class.html

- How neurons work: http://ncase.me/neurons/

- How end-to-end cryptography works: http://gun.js.org/explainers/data/security.html

- How gerrymandering works: http://polytrope.com/district/ (by a friend of mine!)

- How sorting on partial data / data streams works: http://gun.js.org/explainers/basketball/basketball.html

And more! It is possible, it can be done. But it is hard. That is no excuse for not trying though. Big shout out to Bret Victor's work for starting a lot of this, and thanks to Feynman for encouraging and practicing what he teaches.

52
cryptozeus 5 hours ago 0 replies      
"What I cannot create, I do not understand"
53
williamle8300 4 hours ago 0 replies      
Person A: Trump is colluding with Russia...

Person B: How?

Person A: You're a dummy! There's mountains of evidence!

Person B: Like...

Person A: You're killing the vibe brah.

54
chrisallick 5 hours ago 1 reply      
Someone explain cryptocurrency!
55
throw2016 5 hours ago 0 replies      
This is eternal. The expert paves the way to understanding. Its only because of their expertise that they can simplify and explain it in a way that others can understand. They have a firm grasp of the concept. Understanding is not equal to expertise, just the first step.

I think there are too many times when people affect a tone of authority and expertise and hide their lack of understanding in verbiage and complexity while making excuses for their inability to explain it to the layman.

56
juandazapata 5 hours ago 1 reply      
What is a monad?
57
lngnmn 4 hours ago 0 replies      
This is how to distinguish a cosplay of intelligence from true intelligence, among other things.

The Buddha and the Upanishadic seers were exceptionally good with explaining complex phenomena in simple terms.

Apparent sophistication is a sign of a confusion. Clarity is an evidence [of deep understanding].

Nature is vastly complex but not complicated (a few fundamental laws at work). Only simple things work.

58
draw_down 5 hours ago 0 replies      
I think I've about gotten my fill of this piece of, uh, wisdom. It strikes me as one of those things that sounds good but is less relevant than we'd like to think.
59
peterwwillis 6 hours ago 2 replies      
I can simplify how a car engine works, but that doesn't mean I understand how the air to fuel ratio is obtained.

Opposite example: Simplify how walking works, and make sure to include the critical systems such as major muscle groups, stabilizers, vision, inner ear, thigh/knee/pelvis/hip construction, the curved spine and its connection to the head, and blood pressure flow/regulation.

30
New analysis reveals significant ROI in open source technologies worldbank.org
280 points by johnmark  10 hours ago   33 comments top 8
1
Animats 9 hours ago 2 replies      
Three blogs deep, there's a link to the actual paper.[1] It's a study of one project, a geospatial database:

"Starting in 2009, the Global Facility for Disaster Reduction and Recovery (GFDRR) and its partners developed GeoNode: web-based, open source software that enables organizations to easily create catalogs of geospatial data, and that allows users to access, share, and visualize that data. Today, GeoNode is a public good relied on by hundreds of organizations around the world ... GFDRRs direct and in-kind investment in GeoNode over the past six and a half years has been in the range of $1.0$1.5 million USD. Partners have also made significant investments in GeoNode; a conservative estimate of these partner investments comes to approximately $2 million USD over the same time period. GFDRRs investment in GeoNode would be a reasonable amount even viewed strictly as a software development cost: the GeoNode software today represents an approximately 200% return on investment in terms of code written, since thh current GeoNode project would most likely have cost $2.0 3.0 million USD if GFDRR had produced it alone as proprietary software, without building an open source community around the codebase."

This is an unusual situation; many people need geospatial databases, and contributing their local data is useful to them. The value here is in the data, not the code. This is more like Open Street Map than a software package.

[1] https://opendri.org/wp-content/uploads/2017/03/OpenDRI-and-G...

2
TallGuyShort 10 hours ago 4 replies      
On the other hand, what's the average ROI on investing in proprietary software development? It's rarely a question of spending the resources on software development, it's do we spend the resources in an open, or closed way? Nice to see a positive ROI, though - there's definitely a fear that it's just "giving stuff away" and clearly it's not that simple.

I'm all about open-source, but I wish people wouldn't focus on how companies should do it because it's good for them financially (although granted that's probably more effective with the intended audience than what I would say). I wish a bigger deal was made about how it's just a douche bag move to sell software and proactively prevent users from having freedom to understand, fix or modify it for their needs - that applies to more than just the source availability and license.

3
Top19 9 hours ago 1 reply      
A good example of the ROI of Open Source is the OpenEMR project. That free system replaces multi-hundred thousand dollar hospital systems from companies like Cerner. I used to work at Oracle, and when I found out about OpenEMR I remember thinking "this makes the price difference between Oracle Enterprise Edition and MySQL Community look trivial".

A lot of times I hear the implementation cost is where all the money is so it doesn't matter what the software costs. That is sort of true, but large companies are not incentivized to make it any easier to implement, less they put their System Integrators out of business and/or push them to other vendors. The Open Source community does not have this incentive obviously.

EDIT: https://en.m.wikipedia.org/wiki/OpenEMR

4
roymurdock 9 hours ago 2 replies      
Good case study on one successful open source project. Shouldn't be used to draw any broader conclusions about impact of open source on any company's biz model. Some portions of typical software stacks are amenable to open source biz models (such as general purpose server OS), while many others are not.

Note that the study does not actually measure ROI from a revenue perspective, but estimates based on theoretical saved costs: The company invested $1M in open source infrastructure and potentially saved $2M in direct development costs (given that the code base is current worth $3M). [1]

Most interesting takeaway for me is the implications of open source for government funded projects, and a ratification of the idea that contributions of code for some public tool can save the general public tax money. A forward thinking org could try to broker some sort of tax cut based on SLOC contributed to public, government-sponsored projects? Maybe that already exists.

Would suggest studying Red Hat's rise to $2B in yearly revenue to understand how a company takes open source and turns it into revenue.

[1] GFDRRs direct and in-kind investment in GeoNode over the past six and a half years has been in the range of $1.0$1.5 million USD...GFDRRs investment in GeoNode would be a reasonable amount even viewed strictly as a software development cost: the GeoNode software today represents an approximately 200% return on investment in terms of code written, since the current GeoNode project would most likely have cost $2.03.0 million USD if GFDRR had produced it alone as proprietary software, without building an open source community around the codebase.

5
mikekchar 9 hours ago 1 reply      
I haven't had time to read the report in detail, but it appears that the 200% ROI figure is simply derived from the ratio of externally written software to internally written software. So, by writing an open source tool instead of keeping it closed, they got contributions of code that exceeded their own investment. However, this is not actually the main point of the paper, and neither is it the whole picture. For example they discuss sponsoring in-person events and I don't think that kind of cost is accounted for in their ROI figure. Indeed, the paper goes to some effort to explain that the benefit they received goes far beyond the outside contributions of code. I know nothing of the project, but from their description it seems that it was very well run. I'm not sure that we can reasonably assume that they wouldn't get similar results from a well run consortium, for example.

Anyway, it looks like an interesting report and I look forward to reading it in more detail, but I think the headline in the blog-pointer is unwarranted.

6
makecheck 5 hours ago 0 replies      
Most people receive infinite return because they invest nothing.

A more meaningful measure is how quickly you can resolve a problem with open-source for X amount of investment, versus other options. With that, if a package doesn't do what you want then investing nothing appropriately yields NO return; whereas, investing certain amounts of time (asking questions, filing bugs, etc.) may yield more return, and fixing it yourself may yield the most.

7
btown 9 hours ago 0 replies      
Mods, can we change the title to that of the source report? "OpenDRI & GeoNode: A Case Study for Institutional Investments in Open Source."

The current title, "World Bank-Sponsored Report Shows 200% ROI on Open Source Participation," the contents of this link, and even the World Bank's own blog's title, strongly suggest that this was a World Bank-commissioned study across multiple open-source projects/communities. Note the plural in OP: "to quantify the benefit of contributing to and participating in open source communities." And the World Bank's blog title: "Leveraging Open Source as a Public Institution New analysis reveals significant returns on investment in open source technologies."

But that's not the case at all. As noted in other comments, this is a single community, a single project. Granted, it's a successful one. But we shouldn't get our hopes up about "oh s*, this is an article I can forward to the C-suite to get us to invest in open source!" What we have here is technically accurate clickbait that relies on the brand of the World Bank's analysis. And, in being disappointingly vague, it tarnishes that brand.

8
pavement 9 hours ago 1 reply      
Link references link:

https://blogs.worldbank.org/opendata/leveraging-open-source-...

Which references link:

https://opendri.org/resource/opendri-geonode-a-case-study-fo...

Which references PDF:

https://opendri.org/wp-content/uploads/2017/03/OpenDRI-and-G...

Titled:

 OPEN DATA FOR RESILIENCE INITIATIVE & GEONODE A CASE STUDY ON INSTITUTIONAL INVESTMENTS IN OPEN SOURCE

       cached 16 June 2017 04:11:01 GMT