hacker news with inline top comments    .. more ..    2 Sep 2015 News
home   ask   best   3 years ago   
Regretting the Golden Handcuffs: Beware the Costs of Burnout lyonheart.us
38 points by micahalles  51 minutes ago   1 comment top
1
x0x0 11 minutes ago 0 replies      
Random thoughts:

It's nice to hear about a situation closer to most startup outcomes. When Matthew notes that someone sent him the acquisition terms and the founders made out well while line level / low level managers basically got nice severances, it's something everyone here should keep in mind. It's great if founders make out well as long as everyone else does too; it's when those outcomes diverge that it rankles.

If a potential employer tries to put nonsense like a 2-year noncompete -- during which of course they don't pay you -- plus ownership of side projects into your contract, it's a sign you're dealing with assholes. If you can, you should just walk away. Many of us live in CA, so some of this can't happen, but a startup here tried something similar: their 16 page (!!!) employment contract specified that if I used my personal media device or laptop for any business purpose, they had the unlimited right to inspect/search them on demand. By my reading, even something as tenuously related as two factor auth on work gmail being sent to my personal cell, or taking a business call on my cell would have counted. The founder tried to blame it on boilerplate their lawyers inserted; he couldn't even take responsibility for what was, after all, the contract he was asking me to sign. I walked away. Read those contracts.

A Case That Has Microsoft, Apple and Amazon Agreeing bloomberg.com
163 points by andore_jr  5 hours ago   111 comments top 12
1
soylentcola 3 hours ago 8 replies      
"Theres irony in any tech company confronting the government on privacy matters, considering how much heat many take for mining their own customer information and using it for advertising and other profitable purposes."

See, I don't find this very ironic. In fact, my only real issue with data mining and analysis by these sorts of companies is the way governments can demand this info without my approval.

If Microsoft or Google or Apple or Amazon offer me a service and state that "hey, we'll provide this service for no cash outlay but data you submit to our servers will be analyzed to tailor search results, advertising, and other behavior to your usage" I can opt into that knowing that I'm trading targeted ads for free email or hosting or whatever. If I don't think that's a good deal, I don't use the service. If I think "OK, ads are a fair price for this stuff" then again, I'm cool with that.

But just because I agree to let Google read my location to send me traffic warnings before heading out to work doesn't mean I want the FBI to grab that data without my knowledge so they can determine if I might be a troublemaker. Just because I agree to let Amazon use my Amazon searches to suggest other products I might want doesn't mean I want the DEA demanding that info to decide if the gardening gear I purchased was for tomatoes or growing cannabis.

I'm perfectly aware that you pay for the things you get, whether it's directly with cash or indirectly from advertisers who pay for access to your eyeballs. Those are things I can consent to or decline. But when people with guns and the ability to throw me in jail can demand access to that info without my knowledge, I'm no longer agreeing to the same thing.

It's like signing a contract where someone else has the ability to change the fine print after I've signed it.

2
harrumph 3 hours ago 2 replies      
Agreeing "for once"?

Hardly. Apple and Microsoft are already on record as agreeing to fix wages, creating a cartel affecting a million tech workers.

https://pando.com/2014/03/22/revealed-apple-and-googles-wage...

3
kgilpin 4 hours ago 10 replies      
If companies stored customer data encrypted by keys that are held by the customer, they wouldn't have this problem.

Furthermore, they wouldn't have to worry about deleting customer data either. The customer would have the power to simply deny access to the keys.

4
throwaway7767 3 hours ago 1 reply      
Microsoft has shown that they are quite willing to access induviduals private data if they have a financial stake in it [0]. Yes, they eventually backtracked under public pressure (after trying very hard to justify how it's totally okay because they were going to pay a lawyer to rubber-stamp things in the future), but it's rather hard to listen to their general council talking about how they value privacy on principle given their history. It's quite obvious they only care about privacy insofar as it affects their bottom line.

The article also conflates (intentionally?) this issue with the mass-surveillance issue, bringing Snowden into it and insinuating that this ruling would have an effect on that, which is just silly [1].

The whole "Company F" section is interesting (hadn't heard before that microsoft is challenging the statement that they were willingly providing user data to the NSA), but it's a bit hard to square with the leaked documents which list microsoft as the first participating partner in the PRISM program [2]

[0] http://www.geekwire.com/2014/microsoft-defends-hotmail-snoop...[1] http://www.cbsnews.com/news/patriot-act-can-obtain-data-in-e...[2] http://www.motherjones.com/politics/2013/09/nsa-timeline-sur...

5
zeveb 4 hours ago 4 replies      
I am not a lawyer, but it seems to me that an American court has the power to demand that an American citizen produce an item or information under his control, even if it happens to be in another country (e.g., a man getting divorced can't drive his car and all his gold and jewelry into Canada to shield them from his ex-wife). I imagine that most other countries would behave similarly: being within their borders and subject to their jurisdiction, they can compel someone to do something.

If that's indeed the case, then it seems that an American corporationa legal person with a presence in the United Statesmay be compelled by a court to produce items or data it controls outside of our borders.

The thing we need to do is to limit the power of the subpoena generally.

6
walterbell 2 hours ago 0 replies      
The pending TISA trade treaty may limit data sovereignty, http://www.zdnet.com/article/wikileaks-leak-shows-data-sover...

"50 countries including Australia and the US may be signing away rights to ensure sensitive customer data remains in its country of origin ... the draft document reveals that the United States and the European Union are pushing to prevent signatory countries from preventing the transfer of data across nation borders."

7
ewzimm 4 hours ago 0 replies      
It's good to know there are people like Brad Smith standing up to government demands for full access to people's data. It brings up an interesting privacy contradiction. While storing data locally seems best for privacy, if it's on a networked computer, there are still ways for people to get it, and unless you have really good lawyers, nobody is going to challenge governments across the world if they want to access it. By moving data to the cloud, we are creating incentives for companies like Microsoft to fight against government intrusion.
8
jheriko 1 hour ago 0 replies      
this is sad. for all the misguided hate against the US there is a lot of very justified hate that comes from these sorts of attitudes coming from its government and enforcement agencies. they should have more respect for the laws of other countries, especially somewhere like Ireland which could, not unreasonably, be called a crime free paradise compared to the US.

its terrifying when law enforcement doesn't understand the difference between right and wrong...

9
bitmapbrother 3 hours ago 0 replies      
It's important to remember that this is the same company that snooped through the emails and files of one of their users while looking for evidence of piracy. They came clean about their snooping moments before court documents were publicly released that detailed what they did.
10
amgine 4 hours ago 2 replies      
It's great this article about Microsoft fighting for our privacy came put in the midst of the upset over Windows 10 phoning home.
11
snarfy 3 hours ago 2 replies      
If they lose, the solution is of course to re-incorporate outside of the US.
12
doguozkan 1 hour ago 0 replies      
The origins of chroot() utoronto.ca
46 points by jsnell  2 hours ago   2 comments top
1
xg15 1 hour ago 1 reply      
That's an interesting tidbit. Though, with the last paragraph, I wonder how canonical paths worked when you have directories "above" the root.
Biggest image in the smallest space bamsoftware.com
287 points by fekberg  7 hours ago   78 comments top 26
1
michaelmior 7 hours ago 4 replies      
Actually, it decompresses to a 5.8MB PNG. However, many graphics programs may choose to use three bytes per pixel when rendering the image and because it has incredibly large dimensions, this representation would take up 141GB of RAM.
2
DanBC 6 hours ago 5 replies      
That's impressive. Here are some other compression curiosities.

http://www.maximumcompression.com/compression_fun.php

A 24 byte file that uncompresses to 5 MB; another file with good compression under RAR but almost no compression under ZIP; and a compressed file that decompresses to itself.

3
TurplePurtle 4 minutes ago 0 replies      
I wonder what the ratio would look like if the equivalent was done with a JPEG instead of a PNG.
4
__mp 4 hours ago 2 replies      
Photoshop was able to show it: http://i.imgur.com/7EdBySv.png Macbook Pro, 16GB RAM
5
0x0 6 hours ago 1 reply      
That's neat, but I still think the self-reproducing r.zip from "zip files all the way down" is the best compression trick I've seen:

http://research.swtch.com/zip

6
semi-extrinsic 5 hours ago 4 replies      
If you follow the "related reading" link on the bottom of TFA, you come to a page by Glenn Randers-Pehrson discussing how libpng deals with decompression bombs. On the bottom of that page you find the following curious note; anyone know what to make of it?

"""[Note for any DHS people who have stumbled upon this site, be aware that this is a cybersecurity issue, not a physical security issue. Feel free to contact me at <glennrp at users.sourceforge.net> to discuss it.]"""

7
wiredfool 7 hours ago 0 replies      
PNGs also have optional compressed text metadata chunks, and it's possible to sneak a decompression bomb into one of those as well. You can get about a factor of 1000 in the compression -- 1MB of 'a' winds up being about 1040 bytes. You can have multiple itxt chunks, and it appears that the chunk size is only limited to 2^31-1.

See https://github.com/python-pillow/Pillow/blob/master/Tests/ch... for a quick way to generate some of these.

8
andersthue 6 hours ago 1 reply      
Reminds me of how you could crash a fido node by sending them some big empty files, so when they got automatically unzipped the filled of the harddrive :)
9
inglor 6 hours ago 2 replies      
This does wonders when used in favicons :D
11
raffomania 6 hours ago 0 replies      
Fun fact: When trying to upload this as a profile picture (on a site I host myself), chromium crashes.
12
tetrep 4 hours ago 0 replies      
Neat. I needed to make very large PNG bombs recently and toyed with the idea of doing it "manually." In the end I decided to take the lazy route and use libpng[1].

[1]: https://bitbucket.org/tetrep/pngbomb/src/03dfc95065d78562c15...

13
dahart 5 hours ago 1 reply      
Having dealt with and printed a lot of very large images, e.g., 60k x 60k pixels, I have been on the lookout for image processing software that never decompresses the entire image into ram, but instead works on blocks or scan lines or blocks of scan lines, but stays in constant memory and streams to and from disk. For example, the ImageMagick fork GraphicsMagick does a much better job of this than ImageMagick. What other software is out there that can handle these kinds of images?
14
AndrewStephens 5 hours ago 0 replies      
I used to work on a scanning SMTP/HTTP proxy and even back then it wasn't unknown for people to send crafted decompression bombs to attempt to crash the services. We handled it by estimating the total uncompressed size upfront (including sub archives) and throwing out anything with a suspiciously large compression ratio.

I imagine that .pdf files are another avenue for mischief. They contain lots of chunks which may be compressed in varying ways.

15
mridulmalpani 56 minutes ago 0 replies      
does anybody tried to upload it on facebook as profile picture?
16
JosephRedfern 7 hours ago 2 replies      
That's cool. Presumably the same "attack" could be applied to any file format that uses DEFLATE.

From a legal stand-point, I'd be wary about following through with the authors suggestion of "Upload as your profile picture to some online service, try to crash their image processing scripts" without permission. Sounds like a good way of getting into trouble.

17
atom_enger 4 hours ago 0 replies      
Trying to run the program and create my own image, however a few questions, what did you use for secret.png? Any old png?

Are you using PIL or pillow?

18
hnpc123 3 hours ago 0 replies      
The title was changed and is now more opaque and less descriptive.
19
pvdebbe 5 hours ago 0 replies      
Cool, but most web sites wouldn't allow to upload a 5-MB picture as a profile picture. Or do they, these days?
20
ctdonath 7 hours ago 0 replies      
Looks handy for large image processing tests, thanks.
21
andrewstuart 6 hours ago 5 replies      
Is there a way to check for decompression bombs? I'd like my software to be able to unzip zip files safely.
22
ak2196 4 hours ago 0 replies      
It's probably using middle-out.
23
javajosh 2 hours ago 0 replies      
Everyone's focusing on this being a PNG problem but actually if my server unzips a 420 byte file into a 5M file of any kind, I'd say that's the first red flag. Assuming some sort of streaming decompression, you could write an output filter that shuts off the decompressor when it's seen a factor of X bytes. A reasonable factor would be 10 - which in this case would have halted bzip decompression at 4kB.

This would probably be a trivial patch to bzip2. But I like the idea in general of passing an "max input/output ratio" to any process or function that might yield far more output than input.

24
logicallee 5 hours ago 1 reply      
>The image is almost entirely zeroes, with a secret message in the center.

too pressed for time, did anyone look? What is it?

25
hadeharian 5 hours ago 0 replies      
26
_hhff 6 hours ago 0 replies      
Will there be a Distributed HTTP? mnot.net
52 points by prostoalex  3 hours ago   12 comments top 8
1
pkinsky 1 hour ago 0 replies      
This is actually a pretty cool idea (although perhaps badly explained, given the other comments here).

Here's how it could work: IPFS ("In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository") is a globally distributed hash-addressed versioned filesystem. (see: http://ipfs.io/)

They have a mirror of their homepage hosted on IPFS, here: http://gateway.ipfs.io/ipfs/QmeYYwD4y4DgVVdAzhT7wW5vrvmbKPQj...

To answer the question: distributed GET and HEAD are absolutely possible.

2
kragen 57 minutes ago 1 reply      
This is one of the most crucial things we need to make free software viable again. In 2006, I wrote that the only solution to the problem of proprietary services was to "build these services as decentralized free-software peer-to-peer applications, pieces of which run on the computers of each user": https://www.mail-archive.com/kragen-tol@canonical.org/msg001...

And, in particular, I wrote a few months later that replacing HTTP URLs for naming content is necessary and nearly sufficient: https://www.mail-archive.com/kragen-tol@canonical.org/msg001...

We still have a long way to go, but it's heartening to see so much work toward solving the problem! Perhaps one of the systems mnot links to will evolve to solve the problem; perhaps it will be something that we haven't started to build yet.

This is crucial to the future of civilization and to the longevity of your personal work. Nearly all the effort that went into proprietary software in the 1980s and 1990s has been lost rather than becoming part of the cultural heritage of humanity, in the way that Emacs and GCC have. Similarly, everything you invest today into proprietary web services is ultimately destined for the dumpster, whether it's code you write to build them or data you store in them. We need an alternative that has a chance of lasting.

3
sktrdie 34 minutes ago 0 replies      
There's already a quite large distributed "HTTP" being used everyday: BitTorrent's DHT network. URIs are just the keys of the distributed hash table. Keys are also mutable so one can change the content stored at specific keys. Right now it's being used to serve very large files and not HTML/CSS/JS files. Things like Project Maelstrom are a step in the right direction.

Problem is that it's hard to find things, just like it was hard when the Web started. There are opportunities for the next "google" of this new DHT space.

4
Kalium 1 hour ago 1 reply      
A more fundamental question, I think, is "Will there be effective distributed authority?". So far, this is problematic at best.
5
ilaksh 4 minutes ago 0 replies      
We are going to get a distributed something. He mentions a lot of the existing efforts.

I think these are tough problems but actually mostly solved in different projects that are out there. The hardest part is making the ideas work together and agreeing on protocols.

The solutions that become popular could really help quite a few people. I see it as possibly being the key to society's overall struggle for effective organization.

Right now I believe we need a small number of very flexible distributed protocols to be used as widely as possible, and have most if not all other systems built on top of them. That will mean a high degree of automation in systems integration. If we can do that and solve problems like privacy, synchronization, and latency issues at the same time, we could leverage that type of system for addressing things like inequality and efficient use of resources.

6
marknadal 29 minutes ago 0 replies      
I met Mark and Tim Berners-Lee at Extensible Summit and was very happy that they are still actively fighting for the World Wide Web in its full distributed, decentralized glory.

I do work on synchronization in distributed systems, and would like to add my database, http://gunDB.io/, to the list. Why? Because it answers his questions in the "Some State and Processing Really Wants to Be Centralised" section. If you want more info on this, check out the github repo, or ask me.

Anybody interested in these subjects should be at https://2015.distributed-matters.org/ber/, Kyle Kingsbury will be doing the keynote and later on in the day I'll be presenting my protocol.

Mark's "Modifying The Web is Scary" section is important, I do see a lot of people reinventing the wheel but it isn't too hard to get everything to work over PATCH (sadly a verb which didn't take off but is in the specification) and upgrading to WebSockets.

Overall, great post. I hope more people talk about this.

7
lazyloop 1 hour ago 0 replies      
8
nexys 1 hour ago 0 replies      
Unix Recovery Legend (1986) ryerson.ca
38 points by electrum  2 hours ago   10 comments top 5
1
krylon 34 minutes ago 0 replies      
> Well, for one thing, you must always remember the immortal words, DON'T PANIC

So true. A colleague of mine managed - on his second or third day on job - to delete every single user account in our Active Directory. After an hour, we gave up trying to restore the AD (it was an SBS2008, so no AD recycle bin) and simply restored the entire DC (at the time, our domain only had the one DC) from backup. Surprisingly, most of our users took it very well and used the time to get some paperwork done or clean up their desks or something like that. Still, it was one of the most stressful days of my life. So we kind of panicked. In restrospect, I think another hour or so of research might have saved us the eight hours of restoring that server (did I mention that our backup infrastructure really, really sucked at the time?).

In smaller desasters, I've found the ability to remain calm most valuable, though. Having your boss breathing down your neck impatiently can instill a deep desire to simply do something just to show that you are working on the problem. But if you don't understand what's wrong, at best you are wasting time, and possibly making the problem even worse.

2
acveilleux 1 hour ago 1 reply      
I've had to do something similar a long time ago in the mid-90s when Linux switched from libc5 to glibc6. In this case, I hadn't deleted everything, rather I'd stupidly upgraded libc locally.

After learning a valuable lesson in exactly how dynamic library work and the recommended process for live libc upgrade (don't do it if ABI changes) I fixed it by using my IRC client which was already running so unaffected to get a statically linked copy of /bin and /sbin from another machine, via DCC Send...

Recovery then consisted of restoring libc5 from slackware 3.2 install media.

I can't remember how I got root, either su was statically linked (believable since it's setuid) or I had a logged in root session. I did have to used the tcsh "echo *" trick for file listing and the shell built-in cd...

3
Zenst 1 hour ago 0 replies      
Yip had a manager do that on a clients site, bestpart was the kit was so new that only a few in the country and the install set for the OS had not arrived and no backups. Was new machine and been partialy configured, awaiting tapes.

Luckily anotehr client had the same RS/6000 (think 3rd in the country outside IBM) and was able to borrow there install DAT to bring AIX back to life.

Odd as had problem with RT/6150 in which (nobody admitted it) had similiar problem and that involved to get it limping along copying files from a working system onto this holed system to fill the gaps. Which given the eventual reinstall that weekend took most of the weekend only to find that floppy disk 70 odd was corrupt, much fun.

But *nix is great as always more than one way to get things done and on many systems can also be true.

Still good education in not only backups, but backup integrity as you never know when you want to read them back.

4
davidw 56 minutes ago 1 reply      
That's way more badass than my own rm -rf disaster: http://journal.dedasys.com/2006/01/30/disaster-strikes/
5
amyjess 18 minutes ago 0 replies      
I first found this story in a collection of Unix horror stories several years ago: http://www.yak.net/carmen/unix_horror_stories

If you enjoyed this one, you'll probably enjoy the others in there as well.

Breaking and entering: lose the lock while embracing concurrency, Part I workiva.com
15 points by tylertreat  1 hour ago   1 comment top
1
c54 58 minutes ago 0 replies      
Kudos for the clever title :D
Pocket: 20M users with 20 people firstround.com
98 points by pointnova  4 hours ago   51 comments top 16
1
eliben 3 hours ago 7 replies      
I'm one of the first paying customers of Pocket.

Alas, their quality has been going down recently. The most important feature - keeping the location inside an article between app invocations, is not working. For long articles, if I stop in the middle and want to resume later, there's a 80% chance that Pocket will happily set me right in the beginning.

Besides, their rendering for articles with code sucks, so I almost always use "web view", a decision Pocket also forgets every other time.

So I end up using Pocket as a convenient keyboard-shortcut to save articles, but on my phone actually open them into Chrome, which has no problem remembering the location in a tab.

2
11thEarlOfMar 3 hours ago 2 replies      
When I see stats like this, or like the 400MM users/40 devs, that WhatsApp had at one point, I can't help but think back to, say, 1985. What would it take to develop and scale a software product to that number of users?

I worked for MultiScope in 1991. We had to order discs and have disc labels printed, copy the compiler onto the discs, have manuals and boxes printed, stuff and shrink-wrap the boxes, ship to Ingram Micro for distribution, and then wait 2-4 weeks for our product to show up on the shelves at Egghead. I recall 5 developers, and we were ecstatic to ship 4,000 copies of a major new version.

That gets me thinking in terms of leverage. The leverage that 2015 Internet technology affords a single developer is a potent economic force.

3
aresant 1 hour ago 1 reply      
Just a random note - https://getpocket.com/ lists 17,000,000 users on their badge @ the bottom, last update I found was in April @ 12m (1), and this article highlights 20m

Back in the day when we built the Trapster.com website (prior to the Nokia team takeover) we a/b tested a static user # that we updated monthly vs. a # that changed and was specific to usage / etc.

We found that the specific was a significant conversion driver and we executed several tests to get that message closer to the top (2).

Of course this was also back in the day where consumers looked on desktops for the app to download vs. the modern trained user that looks on app store.

But maybe something to consider moving up the page and building a script to execute more frequently.

(1) http://web.archive.org/web/20150325061108/https://getpocket....

(2) http://web.archive.org/web/20130812132821/http://www.trapste...

4
brayton 2 hours ago 0 replies      
> "If save-for-later service Pocket had a spirit animal, itd be the American field ant."

We need an ongoing list of startups and their spirit animals. How else will I know what products to use.

5
someear 2 hours ago 0 replies      
Great read but not a fan of the headline. The underlying concept is good - growth and headcount dont always need to scale together, user count is too relative to the industry, company, or product. In some cases, scaling to 1000 users would be a bigger feat than scaling to 20m users.
6
rocky1138 4 hours ago 1 reply      
I loved the Pocket Chrome extension and used it every day. Once they changed it to one that required cross-domain cookies, I uninstalled it and only used Pocket once or twice as a result. Unfortunate!
7
sancha_ 3 hours ago 3 replies      
How many of those users were forced by updating Firefox?
8
hathym 4 hours ago 1 reply      
The real question is; how much they are making?
9
throwccc1 1 hour ago 0 replies      
I think I remember in the early days there being pushback from content providers about not getting clickthroughs, ad impressions. What's the status of this type of service re: copyright? Neither Pocket nor users have any right to transform / create derivative works -- is there some loophole here about personal use and not re-distributing?

Is it a copyright violation to make a cross-stitch version of a tweet for your living room? To provide a meme generator service that uses NYT headlines?

10
rw2 4 hours ago 3 replies      
Curious to hear if this is actually a significant stat. It seems simple to run a app company with only 3-4 technology person if you have a scalable technical structure.

With a customer facing transaction based service like Uber this would be hard. But pocket is pretty straightforward.

11
omouse 1 hour ago 1 reply      
Shame it isn't free/open source.
12
untog 3 hours ago 0 replies      
It's interesting - the article mentions them having a lot of projects on the docket, but doesn't go into detail on most of them. I use Pocket every day and a few bugs notwithstanding, I'm very happy with it. In a weird way, them having that many projects worries me because it means it might bloat outwards from what it is today.
13
untog 3 hours ago 0 replies      
..in what way? Are you talking about the Firefox Pocket integration? Because that's not really all that comparable to MSN Search (and Pocket has been around a lot longer than that integration has)
14
Killswitch 1 hour ago 0 replies      
Very good article, makes me feel better being a sole employee of a SaaS.
15
favadi 2 hours ago 1 reply      
Can someone tell me what it offers over Evernote Web Clipper?
16
nahtnam 4 hours ago 1 reply      
The Future of Food on Urban Rooftops techcrunch.com
18 points by sharp11  3 hours ago   3 comments top 2
1
mkent 1 minute ago 0 replies      
On the opposite end of success we have a rooftop greenhouse in Vancouver being sold on craigslist: http://www.cbc.ca/news/canada/british-columbia/craigslist-va... http://vancouver.craigslist.ca/van/bfs/5133023654.html).
2
beambot 28 minutes ago 1 reply      
Conventional wisdom says each person requires ~1 acre (43k sq-ft) to source enough foodstuff for themselves.

With two people per 1k sq-ft apartment... you need ~100-fold improvement over the conventional wisdom to get full 100% sustainability. So let's assume you can magically get 10x gains in "land use" efficiency, and that you can stack those units 10 levels high (piping 1/10 of the 1kW/m^2 solar incidence to each level). But herein lies the rub: Urban density exceeds 2 people per 1k sq-ft of building rooftop area. So 100% rooftop sustainability is probably a no go.

Of course something is better than nothing (is it truly better than rooftop solar?), but it's worth pointing out that it can't be a panacea.

IKEv2 in iOS 9 and OS X El Capitan ietf.org
34 points by tomputer  8 hours ago   3 comments top
1
internet2000 47 minutes ago 2 replies      
Very interesting. Related: What's the recommended way to set up an IKEv2 server on Linux? I haven't kept up with the StrongSwan fork situation for a while now.
Chiara Vigo: The last woman who makes sea silk bbc.co.uk
84 points by callum85  5 hours ago   10 comments top 7
1
dghughes 1 hour ago 1 reply      
Interesting as it is, the silk and the history of the family, it seems odd that Vigo teaches weaving it to a few people but not how to make it shine. Or at least it wasn't specifically mentioned about the process of lemon juice and spices.

This strikes me more as keeping it a secret within the family more than protecting people from God. Business failed sure but that's no reason to keep the process of making it shine a secret if she is hit by a bus or drops dead that's it for the knowledge.

2
mc32 3 hours ago 0 replies      
This is an interesting history. And perhaps it's nothing more than uniqueness which makes this interesting; however, ms Vigo seems very well suited as ambassador for this dying tradition. She has the lineage, the myth, and aura to make it interesting for a new crop of artisans now that there is more interest in traditional methods.
3
pndmnm 4 hours ago 0 replies      
Good collection of links on the topic a few weeks ago at Metafilter: http://www.metafilter.com/151993/It-was-necessary-also-to-fi...
4
jeffreyrogers 3 hours ago 0 replies      
I always enjoy stories like these. It reminds me of this one on making a panama hat from about a month ago.[1]

[1]: http://www.npr.org/sections/goatsandsoda/2015/08/08/34068270...

5
joshdance 2 hours ago 0 replies      
Anyone have a video of the silk shining? Would love to see it.
6
elektromekatron 3 hours ago 1 reply      
It seems somehow profane, but I'd love to get some into a materials lab and see how it behaves.
7
trumbitta2 3 hours ago 0 replies      
My Brother's Keeper theverge.com
8 points by petewailes  1 hour ago   discuss
Notes on How Parsers and Compilers Work (2007) sourceforge.net
15 points by terminalcommand  5 hours ago   discuss
ZEVS, the Russian 82Hz ELF transmitter vlf.it
19 points by signa11  3 hours ago   1 comment top
1
Cyph0n 42 minutes ago 0 replies      
Amazing stuff. I wonder how the antenna on the receiving submarines is setup. Also the sensitivity and selectivity of the onboard receiver circuitry must be insane!
A/B Testing Advertising: A Playbook for Publishers pubnation.com
24 points by sandinmyjoints  3 hours ago   discuss
We are slashing the C1 price by 70 percent scaleway.com
83 points by Remiii  3 hours ago   38 comments top 13
1
siscia 1 minute ago 0 replies      
It seems to me a very nice deal for the Erlang/Elixir developer... Cheap, multicore, server...
2
ddoscampaign 2 hours ago 1 reply      
This is brilliant because the main cost of running gear is power draw (PDUs / electrical circuits). Having OEM/ODM blade ARM setup a-la sgi cloudrack/supermicro is the way to drive costs to the floor, in a Backblaze/Google way. Unfortunately, it's a "Dell/Walmart model" hypercommodity where such a business has to maintain massive customer subscriptions to stay cash positive and still just trickles in $.

It's an interesting space, but if I were launching a cloud IaaS/VPS, I would probably optimize for the other extreme of "Apple model" premium/full-service expensive hosting that has fantastic uptime, gear and sales/support for enterprise/startup and IT/web operations... There's some more money in that and less headaches. (The most money seems to be in the upper-middle pricepoint area.)

3
jo909 40 minutes ago 1 reply      
For every comparison we should take into account that scaleway offers dedicated hardware, not a VPS.

Also I think its important to note that they (currently) only offer one very "small" server model, so your whole application would have to be able to scale horizontally really well to be able to run on such infrastructure. So you can't have a few big database servers and a lot of small stateless application servers, which I belive is a very typical architecture today.

4
Tinyyy 22 minutes ago 0 replies      
I wonder if it is effective to run Tor nodes on this, given the unmetered bandwidth. I suspect that CPU is going to be a huge bottleneck here. Does anyone mind trying it out?
5
zinxq 2 hours ago 1 reply      
Storage and VPS systems are becoming (have become) commodity so quickly.

It will be interesting to see if this has any effect on open-source Saas businesses. I.e. "We'll host it for you or you can host it yourself for free" - for example, ghost.

Hosting it for me has definitely has its level of remove-hassle advantages, but if such software is easy to install and low maint, then it becomes notably cheaper to grab a VPS for it.

6
lux 2 hours ago 2 replies      
This makes them very similar in price to Digital Ocean, even slightly cheaper. I wonder what the performance comparison would be between their equivalent tiers...

Their S3-compatible object storage is also quite appealing.

Being in North America though, I'd love if they had a data centre option here too.

7
lordlarm 2 hours ago 2 replies      
Scaleway is a highly interesting player in the IaaS market as they're one of the few currently that are offering ARM based servers. Will we see more ARM servers the next couple of years from more vendors?
8
coreyp_1 1 hour ago 0 replies      
I would love to have a server with them, but I can't think of any projects to put on it (that I have time for). :(
9
weddpros 3 hours ago 0 replies      
At 3/m, it's really worth it for some workload...
10
ay 2 hours ago 1 reply      
11
killercup 2 hours ago 2 replies      
(The title currently just says '2,99 per month'. This should probably be changed "2.99" instead, since a lot of people would expect HN to default to USD. Even I (living in Germany) was surprised it was in Euro.
12
bluejellybean 2 hours ago 2 replies      
13
sz4kerto 1 hour ago 1 reply      
Mokusatsu: One Word, Two Lessons (1968) [pdf] nsa.gov
13 points by zt  4 hours ago   discuss
Vy A Vim-like in Python made from scratch github.com
99 points by ecthiender  11 hours ago   53 comments top 14
1
shadowmint 4 hours ago 1 reply      
Curious, want to try it yourself before you flame it to death for being in python 2 or claiming to be remotely plausible as a vim substitute?

 git clone https://github.com/iogf/vy cd vy virtualenv . ./bin/pip install untwisted pygments ./bin/python setup.py install
You'll probably want to edit /vyapp/plugins/toggle_mode.py to use a KeyPress binding that is valid for your platform at this point, or you'll get:

 _tkinter.TclError: bad event type or keysym "Apostrophe" 
...and finally,

 ./bin/vy
Right, now you can start playing wading your way through https://github.com/iogf/vy/blob/master/INTRO.md and try to understand the command syntax.

Good luck!

Vim clones are a dime a dozen; this is actually an entirely different thing, and although I can't imagine actually using it for anything... it's interesting to see people work on different approaches to text editors.

A simple hackable python text editor may not be useful in the long term for anything (for all the reasons about distributing python and python performance limitations), but its certainly viable for prototyping interesting features.

2
stevebmark 14 minutes ago 0 replies      
Interesting project. Vim is riddled with issues and we badly need a replacement (coming from a dedicated Vim user). Currently VimR and NeoVim are in the lead for tackling some of the hard problems (async calls, a real plugin system, obvious features like fuzzy finder with good UI integration, etc).

I found this part amusing: "What did Bram Moolenaar say". After using Vim for a few years, and seeing his design choices, I wouldn't personally be interested in his opinion of an editor!

3
reikonomusha 37 minutes ago 0 replies      
Am I wrong in thinking that this is a Tk Text widget (or possibly several), with a selection of functions atop? Plugins for the most part are just key press callbacks which manipulate this Text widget and associated state?

I know every project must start somewhere but this doesn't seem to have considerable substance for a purported next gen vi(m), and given its heavy reliance on pre-made tools (like text areas), without much abstraction, it seems like it would be hard to get over the hump to make it competitive with existing editors.

4
emilssolmanis 5 hours ago 3 replies      
> [..] on top of tkinter which is one of the most productive graphical toolkits.

> ..

> [..] on top of Tkinter that is such a great graphical toolkit.

Right. About as great as pulling teeth. Not that there's many alternatives, of course...

5
blux 4 hours ago 0 replies      
> The source code of the syntax highlighting plugin is about 80 lines of code.

Which is not that big of an achievement considering it depends on pygments for syntax highlighting...

6
michaelmrose 4 hours ago 0 replies      
I don't believe Bram said it would replace vim I think he took something out of context.
7
mden 31 minutes ago 1 reply      
Some of the cleanest code I've seen! Pretty fun skimming through files and functions.
8
florianletsch 2 hours ago 1 reply      
Hm, why do most of his files end with 10 to 15 blank lines of whitespace? Is that a thing or was he just sloppy?
9
santiagobasulto 6 hours ago 1 reply      
"I'm working on a ncurses based library with a symmetrical archicture to python tkinter". That sounds nice.

I'd suggest don't work trying to replace vim in the future. Work to learn and to fix any necessity that by some reason vim is not fulfilling for you. Then the world will say...

The project has a good architecture (plugins seem interesting). But it could use some tidying up.

10
xmstr 5 hours ago 1 reply      
Looks interesting but why not Python 3.x?
11
OJFord 6 hours ago 2 replies      

 > a great chance to substitute vim in the future.
Why? What's the advantage over vim?

12
synparb 4 hours ago 1 reply      
pyvim (https://github.com/jonathanslenders/pyvim) is also a pretty slick vim clone in python that uses the python prompt toolkit (https://github.com/jonathanslenders/python-prompt-toolkit)
13
qznc 6 hours ago 0 replies      
Looks similar to http://www.vixn.org/
14
zephod 6 hours ago 2 replies      
Minimal Viable Programs (2014) joearms.github.io
5 points by exupero  4 hours ago   discuss
Show HN: Javvy A fun way to learn Java on iOS and Android javvy-app.com
57 points by hgllnt  5 hours ago   21 comments top 10
1
tixocloud 4 hours ago 1 reply      
Interesting concept. I especially like that you've made it a little bit more fun, which could make it more accessible. If I'm not mistaken, these are bite-size tutorials? Will it lead eventually to a finished program? Building something that worked and was function/moderately useful was what perked my interest to dive further into development.
2
an4rchy 4 hours ago 1 reply      
I like the simple design. I just noticed that you guys are also behind Swifty. Which languages are you guys planning on next?
3
arturadib 5 hours ago 1 reply      
This is "Duolingo for programming languages". Well done.
4
kalatalabnik 59 minutes ago 1 reply      
Hi, looks good, interesting way to learn about Java. IMHO it would be nice, if there were more space for user input (choosing from two options is not enough). Questions at the end are good example for adding user interaction, not just only revealing the answer.

There is something strange in 03-04, second line starts with "6 myBoolean ...". I don't understand it.

Also at 03-13 is incorrect result, it's false.

Anyway, looking forward for PHP. ;)

5
sjdev 1 hour ago 0 replies      
This looks great. I have a few friends involved in teaching K-12 education who have been exploring ways to introduce some of the younger ones to programming so I will be sure to pass this along.
6
impostervt 4 hours ago 1 reply      
What are some good sites for learning Java, as it's used inside of large organizations? I already know how to code, but have run screaming from Java whenever I started looking at it. But where I work, it's ubiquitous.

I'd rather not learn on my phone. I have this giant desktop sitting in front of me...

7
markbnj 4 hours ago 1 reply      
I love how the first question is presented so the answer is the completion of a string literal, which is then printed. Very interesting approach to getting people engaged right up front. Nice job.
8
tylerpachal 4 hours ago 1 reply      
Is this aimed mainly at beginners? I would be interested in brushing up on my Java, and would like to skip over the basic stuff like variables and conditional statements and stuff like that.

(Downloading now)

9
ausjke 4 hours ago 1 reply      
very interesting, what about do this to other languages too, say php, lua, python, javascript...

Duolingo to "programming" languages that is.

10
mentos 4 hours ago 1 reply      
Second example was a little confusing for me "A variable can only remember one value at a time. If you want to change its value, simply use its name without the type."

The 'simply use its name without the type' might be better worded?

Factoring RSA Keys with TLS Perfect Forward Secrecy redhat.com
26 points by benwithem  4 hours ago   1 comment top
1
arielby 12 minutes ago 0 replies      
This is the well-known CRT fault attack, nothing new. SSL implementations that don't verify their signatures leak the private key if their signature routine has a bug - this is essentially a hardware problem. Verifying your signatures is fast, though, so doing it is worthwhile hardening (NSA can potentially use cosmic rays for this attack, probably nobody else).

The findings are very similar to the classic "Ron was wrong, Whit is right" paper - if you scan the entire Internet, you will find broken hardware. You will also find SSH servers with their root password being `12345678`.

A Brief Introduction to Graphical Models and Bayesian Networks (1998) ubc.ca
10 points by dstein64  5 hours ago   1 comment top
1
bra-ket 38 minutes ago 0 replies      
it would be interesting to know how graphical models can be integrated with deep learning, and specifically how causal relationships can be inferred with neural networks
Knowledge-Based Trust: Estimating the Trustworthiness of Web Sources [pdf] vldb.org
6 points by jcr  5 hours ago   discuss
Buffett FAQ buffettfaq.com
106 points by tim_sw  13 hours ago   29 comments top 7
1
karlb 5 hours ago 0 replies      
This is a great complement to a book I loved: The Essays of Warren Buffett, a compilation of Warren Buffett's shareholder letters, organized by subject matter.

http://www.amazon.com/Essays-Warren-Buffett-Lessons-Corporat...

2
RaSoJo 5 hours ago 5 replies      
Thanks a lot for sharing. I am an utter novice at investing. Until now I have looked more at technicals(and gambled) when it came to stocks. Needless to say the current market scenario has left me burnt.

I am trying to do fundamental analysis a lot more.(currently trying to get my head around Benjamin Graham's "Intelligent Investor" - with inputs from Buffet himself)

But this mode of investing needs a lot more mental strength than i thought - it is almost a strict regime that needs to be followed.

Wanted to know how regular Stock Investors in the HN community go about doing this. I.e. Studying the macro/micro factors and company fundamentals on a regular basis - and making investment decisions accordingly.

Any books or tips would be more than welcome.

3
urs2102 5 hours ago 0 replies      
This is really great. I wonder if something like this could be compiled for other great people respsective to their industry. e.g. Carmack FAQ or Musk FAQ
4
kirk21 4 hours ago 0 replies      
His letters to shareholders are real gems: http://amzn.to/1UrANYO

Took me a month or 2 to read them all.

5
bwillard 6 hours ago 0 replies      
This is a very nice collection of Buffett QnAs.

It would be interesting to see these in a timeline to see how his various answers have changed (or not) over time.

6
kifler 6 hours ago 0 replies      
Very comprehensive but some answers can be very dated.
7
tscosj 8 hours ago 0 replies      
A Cartographer Whos Transforming Map Design wired.com
121 points by kurren  11 hours ago   12 comments top 6
1
rubidium 6 hours ago 1 reply      
Some of her earlier papers can be found here: http://www.personal.psu.edu/cab38/Pub_scans/Brewer_pubs.html

Here's the ColorBrewer tool: http://colorbrewer2.org/

I never thought about what a PhD in cartography would look like. Nice to learn more about the thought being put into maps.

2
larrydag 5 hours ago 0 replies      
Here is the popular Color Brewer implementation in R. https://cran.r-project.org/web/packages/RColorBrewer/index.h...

A tutorial on how to implement RColorBrewer in R. http://www.compbiome.com/2010/12/r-using-rcolorbrewer-to-col...

3
gavreh 5 hours ago 1 reply      
Here's the blog post about how her work has influenced Esri's ArcGIS software: http://blogs.esri.com/esri/arcgis/2014/11/12/brewing-a-new-c...
4
electricblue 1 hour ago 0 replies      
I've been using colorbrewer to make maps for many years now, nice to see her getting some recognition.
5
ipunchghosts 6 hours ago 3 replies      
I sit a few buildings down from Cindy's office and have also been studying colormaps quite a bit in the last 3 years. Its interesting how many plotting packages get this wrong but are finally catching up.

I switched from Matlab to Python years ago and was sad to see pyplot using the default rainbow palette still. However, there was some good work done by Chris Beaumont to improve the plot quality. See: http://plotornot.chrisbeaumont.org/ You can easily import these styles into matplotlib using rcparams.

Matlab is using a roughly perceptually linearly luminant colormap they call Parula now. Good job Matlab.

Paulo Penteado has also done some good work in this area. See: http://www.ppenteado.net/ast/csbc2012_pfp_2_pres.pdf

I want to talk about the Luv Lab colorspace. There are several places on the net (even in the literature) that are wrong about these colorspaces saying Lab is for emissive displays and Luv is for reflected light. This is actually not true. (If anything it is reversed). See: https://groups.google.com/d/msg/scikit-image/DIRaSXJoEes/2jD... and Berns reference.

The interesting with colorspaces (and colormaps thereof) is that working in a perceptual space like Luv/Lab is yields a non-linear (and non-convex) gamut in the sRGB space used by most monitors. There is more "headroom" in the magenta hue of colors than say green. However, you have to then look at monitor output as a function of hue and human sensitivity -- with a red object and blue object with the same reflectance under the same illumination, the red object will appear darker to humans. So there are many transfer functions at work here which makes the problem challenging in picking the right colormap that is perceptually uniform, has the maximum number of perceived differences, and has the appropriate number of hues for best represeting your dataset.

Finally, it would not be complete of me to not mention this article: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=411848...

Slides: http://www.cs.odu.edu/~mweigle/cs725s15/presentations/nam-pr...

6
wscott 8 hours ago 0 replies      
The "Tufte" of maps.
Don't Use These Lame Acronyms If You Don't Want to Get Nabbed by the Feds bloomberg.com
32 points by Sami_Lehtinen  2 hours ago   21 comments top 10
1
unoti 1 hour ago 1 reply      
Whenever you write an email, you should envision how it'll read as evidence in a court transcript. Envision a jury reading over your shoulder. That's essentially what will happen if there's a preservation order and a court case.

This is just one of tons of reasons why email is overused. Live, interactive, two-way conversations are better for most things. Making better use of interactive conversations does require some planning and discipline, to keep a list of what you need to discuss sorted by person. But the benefits of that practice are numerous, and increased privacy and plausible deniability is a comparatively minor benefit.

A few reasons to prefer interactive discussion to email:

- plausible deniability and increased security

- reduced chance of misunderstanding

- less time spent and potentially wasted carefully crafting the perfect message, because you can monitor your recipients reactions in real time and dynamically alter your delivery depending on which parts are immediately understood and agreed upon

- collaborate on the ideas interactively and rapidly, rather than a simple one way transfer

Email is good for some things, but it's seriously overused.

2
Todd 1 hour ago 1 reply      
"They use terms to find evidence of whether someone is trying to hide their activities because evidence of a cover-up is frequently more potent than the evidence of the alleged crime"

Each of these steps towards a surveillance state would be easier to stomach if the path weren't so clearly identified in 20th century fiction.

3
current_call 1 hour ago 1 reply      
Taking a conversation offline provides evidence of intent because if youre trying to cover your tracks, you probably know what youre doing is wrong,

I can't tell if this is big business trying to make investigating white collar crimes harder or the federal government trying to drum up support for mass surveillance. I'm leaning towards the former based on where the article is.

4
linkregister 1 hour ago 1 reply      
This article is a waste of space. Clearly if your work emails are being subpoenaed by a federal investigator, you're already under suspicion (the article is talking about federal insider trading investigations). All this means is that if you refer to an out-of-band conversation, then they will look there.
5
mamon 18 minutes ago 0 replies      
When I was a child I loved USA, thought it was great country, and dreamed of visiting it one day. Now, when I'm grown up and finally I can afford intercontinental travel I am seriously afraid to even enter USA. I might be arrested for no reason, or have my cash forfeitured, also for no reason... I think that few remaining free countries in the world are Switzerland, Singapore, Australia, and maybe Hong Kong
6
jkot 1 hour ago 0 replies      
This is just insane. Email communication is completely open, it is like writing on the postcard.
7
x3n0ph3n3 1 hour ago 1 reply      
I usually defer to a different mode of communication when it's more convenient or appropriate to the discussion. Instead of trying to type a novel to explain something, I'd prefer to engage in a conversation in order to identify parts of the topic that can be skipped. This usually reduces the time cost to communication.
8
task_queue 1 hour ago 0 replies      
Privacy implies guilt. Otherwise, you'd have nothing to hide.
9
lordnacho 39 minutes ago 1 reply      
The lines on a trading desk are recorded anyway for regulatory reasons. All this is doing is telling the authorities when it might be a good idea to pull those records.
10
rietta 58 minutes ago 1 reply      
Wow, so asking for a PGP key or asking if they have TextSecure on their phone must be REALLY bad!
Best practices for a new Go developer medium.com
132 points by torrance  15 hours ago   75 comments top 10
1
peteretep 10 hours ago 4 replies      

 > You will realize eventually that what you first thought > was worth criticizing was actually a deep work of > genius.
Funny, I found the more I used it the less I liked it.

 > Ive seen a lot of criticism of Gos shortcomings > from people who are true experts in many languages > other than Go.
Cool, normally I just call those people "experts".

 > I cant recall similar criticism from someone whos > worked with Go at a very deep level for a year or two.
You would do well to understand the meaning of the term "survivorship bias".

2
johnnydoebk 1 hour ago 1 reply      
I'm not interested in C++, not using it, do not care about it. So, I am neither visiting HN links that are about C++ nor taking part in discussions related to C++.

And I'm really curious what drives people in this thread that are coming to say they do not want to use Go, do not like it, and stuff like that?

3
oconnor663 5 hours ago 3 replies      
> Because Go gives us interfaces and closures we can write much more elegant, generic APIs with a flavor similar to Ruby or Lisp and this is the direction the language naturally wants us to take. Personally I like to use the empty interface for plumbing and only pin things down to specific interfaces or concrete types where I need to for performance or correctness.

That's a lot like using opaque pointers in C. What is it about Go that makes people assume it's shortcomings are beautiful designs?

I learned yesterday that `x == nil` can return false even if x is nil so long as x is an interface type. But it depends on whether x is actually nil or a nil value with a specific type.

(

My other pet peeve is that a method with a non-pointer receiver that tries to modify the receiver object will silently drop those modifications on the ground, because the object is copied. Which makes some sense, except that Go likes to convert to pointer receivers automatically, so the caller can't tell that anything is wrong. The only difference is one character in the method definition. Everyone I know hits this bug at some point and loses half an hour before they learn to look for it. You could almost say "all method receivers must be pointers" except that you need to refer to interface types without the pointer.

(

4
danieldk 4 hours ago 1 reply      
Learn about stack versus heap, and recognize that Go treats the stack differently from other languages.

Note that the Go language spec does not even contain the terms 'stack' and 'heap. Whether something is stack or heap-allocated isn't always clear. E.g. consider:

 foo := &Foo{} // or: new(Foo)
This could be stack or heap-allocated (in the most popular Go implementation) depending on whether the compiler thinks it escapes or not.

5
drakenot 7 hours ago 2 replies      
I was hoping this article would have more substantive advice for new Go developers. It seemed to mostly have very general advice that applies to most other languages like: "Don't try and write language X in language Y. Keep complexity down by not over using complex language features."

I'm writing my current hobby project, a podcast fetcher, as my first project in Go.

The project has been going generally well but there have been a few annoyances so far:

* Why are you not able to easily version git dependencies? Go's solution to this problem is to tell you to create an entirely new git repository for each major version. Really? If they didn't want to go full blown dependency versioning with something like CocoaPods, they could at least let you specify a git branch or tag.

* The db.Sql abstraction does not support multiple result sets. Therefore database drivers, like the popular mysql driver, don't support multiple result sets. This really limits the kinds of stored procedures you can call.

* The debugger support is bad. I have to fall back to using print statements for most of my debugging.

6
kasey_junk 5 hours ago 1 reply      
> I resisted the recommended workspace configuration, as described in How to Write Go Code. Dont bother, especially in the beginning

I've had the same dev folder structure across platforms, languages, jobs and decades. I basically had to abandon that structure when starting Go. I fought & fought and at the end of the day it is just easier to use their expected workflow. It was (is?) galling but it was the only way to stop fighting the tools and get work done.

7
stonewhite 10 hours ago 3 replies      
I was expecting an empty page with a huge "don't" in it. But instead there was interview excerpts from Go developers and a ambiguous list of "best practices".It would be more meaningful if this was backed with some actual practices with some code examples.

I just don't see what people think others would understand by teleologic statements like: "write Go the way it wants to be written"

8
jerrac 5 hours ago 6 replies      
So, if Go is as bad as the comments so far make it out to be, what are some alternative languages? Specifically, a compiled language that can be deployed without worrying about dependencies. That's the feature that has had me looking into learning Go. I want to be able to just copy one file to my server and run it, no need to install anything extra on the server to make my program work.

Actually, can Go even do that? I think it can...

9
jheriko 5 hours ago 2 replies      
its not all go specific, despite the comment about 'C style' heap allocation and pointer usage, you will find your C code will get better if you do not do this as well. the heap is a last resort, not the first.
10
forgotAgain 3 hours ago 0 replies      
I take it these are the idiomatic best practices.
LookingGlass A distributed, forward-secure platform with pseudonymous email lookingglass.email
57 points by occult  13 hours ago   22 comments top 6
1
Canada 7 hours ago 5 replies      
It's email transported and authenticated using combination of Tor, Axolotl, and socialist millionaire. Unfortunately:

> LookingGlass is meant to be run on a local, headless (without monitor), always-on computer. Installation consists of copying a disk image to an SD card, inserting that into a Raspberry Pi, and plugging it into your local network (preferably behind a router).

Appliance designs such as this have 0 chance of gaining significant use.

The author should consider rolling this solution into software packages that run on operating systems people actually have.

2
huhtenberg 6 hours ago 1 reply      
That's an unfortunate name selection, because of this - https://en.wikipedia.org/wiki/Looking_Glass_server - an integral part of the Internet routing infrastructure.

E.g. http://lg.he.net

3
occult 2 hours ago 0 replies      
For anyone interested the source code is here:

https://github.com/last-box/LookingGlass

Also, there's a subreddit here.

https://github.com/last-box/LookingGlass

There's a TOR-based IRC and Forum system too.

4
dsr_ 7 hours ago 1 reply      
I don't understand how burn-on-view is supposed to work. In my world, if you can see something, you can copy it. (Analog hole, clipboard, screenshot...)
5
betimsl 4 hours ago 1 reply      
I tried to download the RPi image, but; how can I trust 10+ GB worth of software not to have some kind of flaw?
6
zokier 3 hours ago 0 replies      
Sounds a lot like agl's Pond, but of course that is not a bad place to draw inspiration from. Anyone able to outline the main differences?
The xkcd survey docs.google.com
320 points by rivert  5 hours ago   224 comments top 33
1
jawns 5 hours ago 6 replies      
If you like this sort of thing, you may also enjoy:

1) My website Correlated.org (http://www.correlated.org), which has been generating weird correlations based on users' survey responses for more than four years.

2) Spurious Correlations (http://www.tylervigen.com/spurious-correlations) by Tyler Vigen, which also offers wacky correlations, but based on publicly available datasets rather than survey responses.

3) Google Correlate (http://www.google.com/trends/correlate/draw), which allows you to draw a curve, then find search terms whose popularity over time matches the shape you drew.

2
emidln 5 hours ago 7 replies      
Found out that gnome 3 has some keybinding for dynamically changing screen resolution. I don't know which keybinding that is, but I found it during the mash the keyboard test.
3
Balgair 2 hours ago 4 replies      
I wonder how many responses of :

Cantaloupe');DROP TABLE Food;--

ol' Randal is going to get (or some permutation thereof). Figuring that Randal is pretty smart, I bet he has a piece of code to parse out that. Still, anyone here have a good hack that can just nuke days of his time whilst completing this form? Only other one I can think of him using is (for Matlab):

Cantaloupe'); clear all; clc; close all;

4
muaddirac 3 hours ago 6 replies      
I can't shake the feeling that this will just measure of how willing people are to follow instructions for no reason whatsoever.
5
brianwawok 4 hours ago 8 replies      
So is the last question not a common thing? Because I do it every year or so, but my wife thinks I am crazy.
6
kittenfluff 5 hours ago 10 replies      
=== SPOILER ALERT! ===

The most interesting question, to me, is the one about which words you know the meaning of.

About half of them aren't real words. I assume this question is used partly as a gauge of vocabulary (how many of the real words do you recognize) and partly of honesty (how many of the fake words do you claim to recognize).

7
11thEarlOfMar 5 hours ago 4 replies      
> On a scale of 1 to 5, which number is your favorite?

> 1 | 2 | 3 | 4 | 5

Chuckle...

8
irixusr 3 hours ago 1 reply      
Thermostat: Warmer or Colder?

How about less intense? At the office I bring a sweater in the summer and so sometimes strip to my undershirt in the winter....

9
Walkman 4 hours ago 11 replies      
"Pick a number from 1 to 100"

I wonder how many of that will not be 42 :D

10
abruzzi 4 hours ago 3 replies      
Is the submit not supposed to work on iOS? Kind of a let down to spend 10 minutes filling it out, then the submit button doesn't do anything.
11
lekashman 3 hours ago 4 replies      
I am incredibly excited by this survey specifically because of the question regarding sandwiches.

I finally will have some meaningful data for my extensive definition of sandwiches as a structural form!

12
tedchs 22 minutes ago 0 replies      
The link here is different than the link from the comic, is this OK?
13
cpfeifer 4 hours ago 0 replies      
Hope the results will be as entertaining as the Color Survey:http://blog.xkcd.com/2010/05/03/color-survey-results/
14
ohitsdom 4 hours ago 0 replies      
I've never had so much fun taking a survey.
15
spacehome 3 hours ago 1 reply      
I spent 15 minutes filling it out only for Google to tell me "Wow, this file is really popular! It might be unavailable until the crowd clears."
16
pdkl95 3 hours ago 1 reply      
"There was an error submitting your form response. Please wait a bit and try again."

sigh

17
eridal 1 hour ago 0 replies      
I like that it was allowed to put negative numbers of siblings/twins .. which I did :)
18
samdb 1 hour ago 1 reply      
Was strangely fun answering these. Can't wait to chart some of this data on http://chartblocks.com
19
dghughes 1 hour ago 0 replies      
I laughed at the last one I've done that and I certainly say go for it, there's nothing like uniformity in regards to underdress!
20
ddlatham 4 hours ago 1 reply      
Is there any reason the results or at least the summary page are not already visible?
21
ArekDymalski 3 hours ago 1 reply      
Was it proper thing to stop myself from writing "five random words are here" as a response to "Write five random words"?
22
moubarak 3 hours ago 0 replies      
After wasting time on this i get "Wow, this file is really popular! It might be unavailable until the crowd clears. Try again."
23
a3n 3 hours ago 0 replies      
"five random words"
24
pravj 3 hours ago 3 replies      
My answer to 'Write any 5 random words' :

 'Moon landing was a hoax'

25
hudell 3 hours ago 1 reply      
"Which of these can you do reasonably well?"

Should really have a "none" option.

26
an4rchy 4 hours ago 0 replies      
That was a fun survey... would be great to see the visualizations that come out of this data set
27
hitekker 3 hours ago 1 reply      
I have a google form like this for Couchsurfers who wish to stay a few nights in my apartment. I believe my questions might be little bit more on the insane side though.
28
ashwn 1 hour ago 0 replies      
no idea why i just took that
29
wageslave420 3 hours ago 0 replies      
Anything for xkcd.

Much respect. salute! o7

31
VikingCoder 4 hours ago 6 replies      
Who else?

> Type five random words

five random words

32
r3bl 4 hours ago 0 replies      
Well, it's totally random alright.
33
veddox 4 hours ago 2 replies      
       cached 2 September 2015 19:02:04 GMT