What is Reddit's opinion of
Hacker News?
From 3.5 billion Reddit comments
➔ Hacker News website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
I read this in Dilbert the book : > > Grab a handful of paperclips and find an office/meeting room. Shut the door and lie down on the ground with your feet against the door. Sprinkle the paperclips in front of you. Now have a nap. > > If someone tries to enter the room, the door will hit your feet. This will naturally cause them to pause (and stops them entering), it wakes you up and lets you reach for the paperclips which gives you a ready excuse ("Oh sorry, I was just picking up the paperclips")
This article is talking out of its ass. There is a sharing program that installs a proxy on localhost. These links to 127.0.0.1:4001 are actual filesharing links, and Universal is asking Google to take them down.
From the Hacker News comments: He had his account re-activated, and was offered an internship at Uber.
> Amos here from Uber. First of all, this was a very cool app Will. I love your passion for technology and your interest in Uber. For some pretty obvious reasons (many of which are mentioned in the comments), we didn't have a choice to but to suspend your account. That said, there's no hard feelings. We've re-activated your account and would love to chat with you about an internship this summer. I hope you continue creating and exploring!
Interesting discussion happening at Hacker News
TL;DR
Sony earlier faced similar issue vis-a-vis Baidu (Sony BMG copy protection rootkit scandal). This seems to be lot worse.
A guess: Baidu’s push service is used for pushing content to MyXperia, which can remotely track or lock your device. Poor choice of provider.
Just unpacked my Sony Z3 compact, haven't installed a single app and its connecting to China. I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about.
I really don't like quote dropping, but I've always found PC master race to be the epitome of this one:
>Any community that gets its laughs by pretending to be idiots will eventually be flooded by actual idiots who mistakenly believe that they're in good company.
-René Descartes (maybe, I'm finding conflicting sources, give me a minute)
according to wikiquote...
>The original source for this quote, as far as I can tell, is a Y Combinator user named DarkShikari. See https://news.ycombinator.com/item?id=1011498.
IDK, IDC, it applies to PCMR and that's the important thing.
This may be the biggest security vulnerabilty of all time.
The scope of this bug can't be underestimated. Essentially an attacker can connect to any server running OpenSSL and steal anything in process memory including the encryption keys. ( Silently )
This means:
An attacker can just open a connection to your bank over https and silently download among other things the keys used to prove to browsers that the bank is who they say they are.
From now on they can pretend to be your bank and you will get the nice green secure tick in your browser, stealing all your communication.
Up to 70% of the internet has been totally insecure for 2 years and will be for a while yet.
You can rectify the problem by installing the latest version of OpenSSL but there is no way to know you haven't already had your keys stolen.
The only way to be secure is to upgrade OpenSSL. Create new certificates and revoke your old certificates. Sysadmins the world over are about to have a very bad week.
- Some good discussion happening over at HN: https://news.ycombinator.com/item?id=7548991
- Here is the security advisory from OpenSSL: https://www.openssl.org/news/secadv_20140407.txt
- Site to test if you're vulnerable: http://filippo.io/Heartbleed/
The following operating systems have shipped with vulnerable versions of OpenSSL
- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
- CentOS 6.5, OpenSSL 1.0.1e-15
- Fedora 18, OpenSSL 1.0.1e-4
- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
- FreeBSD 8.4 (OpenSSL 1.0.1e) and 9.1 (OpenSSL 1.0.1c)
- NetBSD 5.0.2 (OpenSSL 1.0.1e)
- OpenSUSE 12.2 (OpenSSL 1.0.1c)
The discussion about this article on Hacker News is interesting, and given the author and another native Bengali speaker don't agree how the character in question even should be represented, it's not particularly surprising the Unicode consortium hasn't figured it out, either.
One of the VLC developers commented on Hacker News:
> VLC does not (and cannot) modify the OUTPUT volume to destroy the speakers. VLC is a Software using the OFFICIAL platforms APIs. > > The issue here is that Dell sound cards output power (that can be approached by a factor of the quadratic of the amplitude) that Dell speakers cannot handle. Simply said, the sound card outputs at max 10W, and the speakers only can take 6W in, and neither their BIOS or drivers block this.
Pretty disappointing. As this comment from HN says, Oracle themselves are guilty of this.
I hope this goes up to the Supreme Court. I imagine that Google are sure to appeal this.
'rayiner at HN made a good comment that's worth repeating here:
>Offices are a really great example of the push to keep programmers from thinking of themselves as professionals, either by treating them like IT or tech support, or like college kids. Google or Facebook's revenue per engineer is probably 3x that of a law firm or consulting firm, but the overwhelming practice in the latter sorts of places is for each professional to have an office with a door.
>When you're a growing startup, having private offices costs you flexibility as well as cash because open plan is easier to reconfigure as you grow. If you're at the point where you're commissioning a Ghery, you're well past that excuse.
A lot of drama because of a fork from FFmpeg called "libav". I think there was a lot of aggression between the two forks and Michael was under a ton of stress from both sides. HERE is a thread from earlier today on HN, and one of the top level comments is from the president of VideoLAN, and that draws a lot of fire as well.
FFmpeg is amazing software, but I don't blame Michael for not wanting to work in that kind of environment.
The top comment over at "hacker" news (lol) is:
> That comment was taken out of context. Wired wrote an entire article about an offhand remark.
> I was at ChefConf, the comment was made during a panel discussion on open source [1]. On the panel there was an engineer from Facebook, an IT Director from Gap, and Mark Russinovich the CTO of Azure (note Azure, not Windows).
> The conversation went something like this (paraphrasing):
> Moderator: "Microsoft used to really suck, and they were really anti-open source. But now they are open sourcing things like CLR on GitHub. I bet one thing they will never open source is Windows."
> Mark: "You never know, it's definitely possible. Crazy stuff happens."
> Nothing more on the subject.
So ... yeah, probably not. Nice clickbait by Wired though. Did they hire some buzzfeed writers recently or what?
Or perhaps it's more about durability and weight than cost?
From this hacker news thread:
>Reading
> http://en.wikipedia.org/wiki/Metal_matrix_composite
>"MMCs are nearly always more expensive than the more conventional materials they are replacing. As a result, they are found where improved properties and performance can justify the added cost. Today these applications are found most often in aircraft components, space systems and high-end or "boutique" sports equipment." >So it seems the goal was really first to have the more durable material.
However, I agree with the descendant point:
> Maybe not if you're Apple. It could cost them less to go through a complex yet highly optimized manufacturing process than to buy more gold.
This comment on HN on the subject, from another ex-Amazon employee who was also sued, is pretty informative:
https://news.ycombinator.com/item?id=7975428
tldr "Amazon has pursued this particular non-compete "hundreds" of times, and has never [...] prevailed once"; they theorize it's to frighten other employees who consider leaving.
All of it seems odd, but the strong push towards BitLocker is really weird. It's not just on that page, but even when you install this new version you get a message box saying to use BitLocker instead.
And if they're pulling a Lavabit, why the push to BL which is undoubtedly backdoored? Why not just leave it at the "TrueCypt isn't secure! Now you can only decrypt!"?
There's just too much weirdness for this to be legit. See here and here.
A lot of this happens because the things are running Real Time OS's that prioritize Data I/O speeds over security. A standard computer is a 'time shared OS'. Which means there is a non deterministic amount of time between and Interrupt happening on the chip level, and the correct program receiving the data.
Writing a secure RealTimeOS is really hard, and only 1 company to date has succeeded and they sold themselves off to blackberry (QNX).
Its nice to go on, and on about system security but sometimes is just impossible, and air gap is all you can have in some situations.
Source: I write code for a lot of these things for a living.
I had this discussion once on Hacker news if you would like to read it here is the link
I am getting the same feeling I got during the begginings of the great Digg migration. The question is though, where would we all migrate too? Voat.co seems to have been the destination of /r/fatpeoplehate and other related "not nice" people. And hackernews is just programming but with a terrible web design and nothing amazing like RES to clean it up.
This reminds me of a good article about how farmers cant modify their tractors anymore:
http://www.wired.com/2015/02/new-high-tech-farm-equipment-nightmare-farmers/
There were some really insightful comments on this topic on Hacker News:
Top comment on Hacker News by rgbrenner:
> > We need a break. We need an opportunity to learn to the features we already have responsibly — without tools! Also, we need the time for a fundamental conversation about where we want to push the web forward to. > > How about this.. YOU take a break. Stop trying to keep up with every little new thing that comes out. Wait a while. > > And you'll get exactly what you want. > > The tools that it turns out were a bad idea will die. And those that are good will thrive. > > And you'll get more time to learn the actually useful ones... and you'll get to learn from the mistakes others made early on. > > Yes, you'll be a bit behind.. but you're apparently already ok with that anyway.
Here's one argument against last-mile unbundling: https://news.ycombinator.com/item?id=8997777. Relevant section:
> Unbundling kills investment into the network, because why spend billions of dollars on infrastructure that you'll have to lease out at wholesale prices to your competitors? > > My theory is that unbundling is what killed DSL as a competitor to cable here in the U.S. FTTN has been quite successful in the U.K.,as a gradual scheme for building fiber further into the network, with a last-hop of VDSL that can get faster as it gets shorter. There has been little FTTN deployment here in the U.S., because there's just no way for telcos to recoup the billions of dollars spent on fiber if they're forced to lease the VDSL at the other end to competitors for a song.
I don't necessarily agree, but the argument seems to make some sense, at least.
Ah. You're one of them...
My only comment to you:
I have made a pet interest of confronting the ancap types I occasionally run into--in tech, you sometimes stumble across enough of a True Believer to let their flag fly high--with questions of, what do you do when you're born into poverty? What is your recourse when you have nothing to sell? What do you do when somebody--but not the state, because the state doing it is Wrong, but Jim down the road with a real big gun and a couple muscley friends is just participating in economic activity--takes everything from you?
The answers start evasively, but I've read as much von Mises and Rothbard as most of the vocal adherents and I can speak their language enough to fight on their own terms. Laughable handwaves of insurance companies and private security aside--and we called these "barons" in a prior age, but history and economics have already been laid aside to get into their weird twists of philosophy, so no it will not turn into feudalism, that's a silly notion--the answer is and will always be "and then you lose and you die".
What chills me is that while most seem to have enough of an emotional intelligence to know that this argument doesn't win, I rarely hear even a shred of doubt when you finally get to that hard little core--because the idea of losing so totally as to be rendered economically incapable is not part of the equation. Other people lose, not them. This is also why there is so much overlap in this crowd of the worship of eat-your-dead meritocracy; that ancap nonsense devolves inevitably into feudalism is a feature, not a bug. Because they believe, as is their right, that they will be the knights, if not the barons and dukes and kings, of their new order.
In case anyone doesn't subscribe to /r/bitcoin, here's some background:
Bitcoin is a digital currency. You trade it by creating digital "wallets" on your computer or mobile device. There have been a few cases where bitcoin wallet apps were either rejected or removed from Apple's iOS App Store. The shit hit the fan when an app called "Blockchain" was removed after being available for 1.5 years. Blockchain postulated that Apple was removing Bitcoin wallets because Apple wanted a monopoly on payments on the platform. However, others have pointed out that it was most likely because they lied about their app to the App Store review team, and secretly enabled hidden functionality <em>after</em> it was approved, which is a clear-cut violation of App Store rules.
Anyhow, the /r/bitcoin community took this as an attack on Bitcoin, which resulted in an avalanche of posts like this one.
I found this comment on HN summarizes the major points.
> Case-sensitivity is the easiest thing - you take a bytestring from userspace, you search for it exactly in the filesystem. Difficult to get wrong.
> Case-insensitivity for ASCII is slightly more complex - thanks to the clever people who designed ASCII, you can convert lower-case to upper-case by clearing a single bit. You don't want to always clear that bit, or else you'd get weirdness like "`" being the lowercase form of "@", so there's a couple of corner-cases to check.
> Case-sensitivity for Unicode is a giant mud-ball by comparison. There's no simple bit flip to apply, just a 66KB table of mappings[1] you have to hard-code. And that's not all! Changing the case of a Unicode string can change its length (ß -> SS), sometimes lower -> upper -> lower is not a round-trip conversion (ß -> SS -> ss), and some case-folding rules depend on locale (In Turkish, uppercase LATIN SMALL LETTER I is LATIN CAPITAL LETTER I WITH DOT ABOVE, not LATIN CAPITAL LETTER I like it is in ASCII). Oh, and since Unicode requires that LATIN SMALL LETTER E + COMBINING ACUTE ACCENT should be treated the same way as LATIN SMALL LETTER E WITH ACUTE, you also need to bring in the Unicode normalisation tables too. And keep them up-to-date with each new release of Unicode.
A Philadelphia journalist recently went undercover as an UberX driver. It's not the best piece of writing, but it's worth reading.
http://citypaper.net/uberdriver/
There was also some interesting conversation on Hacker News, including a comment from someone claiming to be a former driver.
> I have no problem hailing an Uber - they are really, really cheap. However, it's a raw deal for drivers. Uber turns a blind eye to driver-contractors driving without commercial vehicle insurance. It has to, as the additional cost (which is pushed onto the driver) would cause the driver's hourly rate to plummet even further.
Another users clarifies
> So basically you mean than Uber can only make money if most their drivers do not respect the law. Which gives Uber an unfair advantage over the competition (regular taxis that do respect the law ). It's like saying employer X doesn't check if his employees are legal workers, because if he did it would be too expensive to do business.
I like the convenience of Uber, but I'm surprised how most people think it's a godsend.
Are there any current or former drivers here?
It's more likely that someone turned the repo public in anticipation of a launch or at least a public beta.
For example atom/language-css/readme.md added the line "Contributions are greatly appreciated. Please fork this repository and open a pull request to add snippets, make grammar tweaks, etc." 4 days ago.
The same line was added to atom/language-mustache/README.md & atom/language-puppet/README.md & atom/language-pegjs/README.md a day ago. So far I've only found it in the language-* repos.
The website just says "soon" though: http://atom.io
Edit: /u/Rumel57 links to a Hacker News comment that says:
>Looks interesting! I saw a commit 24 minutes ago for "Prepare 0.7.0 release" in the Welcome package, so it looks like they're planning to go public shortly.
Found this while googling and wanted to share it. It's a repost, but I think I am not the only one who missed it first time.
Links to previous discussions: Hacker News | Reddit
That was discussed on HN a year ago - https://news.ycombinator.com/item?id=7296497
A good summary:
> Anyone foolish enough to think that the variables are there to hold the values 3, 5 and 7 is probably wasting their time on the code in the first place.
I believe the top comment from HN is dead on at summing up why this sucks: https://news.ycombinator.com/item?id=8398898
"I have no family and no car, but I do live in Chicago alone in a big apartment (for about $1000/mo) and I have a sailboat which is cheap to own in Chicago because the marinas are inexpensive. I also save a large part of my take home pay.
Practically speaking even for me, to really cover a cost of living, giving like-for-like living situation, luxuries (like the boat) and maintaining my savings rate, double my current salary, or very close to that, would be the proper COL for moving to San Francisco. Ironically when most companies talk about COL it's usually on the order of 20%.
I highly doubt reddit is really offering a COL that allows people to reproduce their lifestyle like-for-like in SF. For people like me who are single and have a few luxuries and live in not a particularly cheap city you're looking at double. For a family living in a cheap city you're looking at multiple times that.
Really what Reddit is offering (assuming their COL is typical) is that the employee takes a pay cut, or they're fired. If that's not a shit sandwich I don't know what is."
> Interesting note: there are now two apps in the Google Play Store under Spotify Ltd. The first one -- Spotify, is the existing app. https://play.google.com/store/apps/details?id=com.spotify.mobile.android.ui
> It has the package name 'com.spotify.mobile.android.ui'.
> The new one is 'Spotify Music,' which appears to be brand new. https://play.google.com/store/apps/details?id=com.spotify.music
> It has the package name 'com.spotify.music.'
> To me, this indicates that the signing keys for the Android app were also stolen during the breach.
and
> This looks like a reasonable explanation. > The new app is signed by "CN=Spotify, OU=Android, O=Spotify, L=Stockholm, ST=Stockholm, C=SE", the old was signed by "CN=Anders Bond, OU=Mobile, O=Spotify, L=Stockholm, ST=Sweden, C=SE". The new key was generated on 2014/05/24.
TL;DR: It looks they either lost or forgot the way to sign their APKs.
From a fellow Android dev, that's not good. If you lose your keystore or access to it, then you cannot update the original app.
According to this hackernews thread, they will be cross-signing their certs with IdenTrust which will give them "very broad compatibility from day one".
This is one of these things which is just a few percent less crazy than it sounds.
The issue is that special relativity isn't quite compatible with quantum gravity, see http://en.wikipedia.org/wiki/Doubly_special_relativity
What it comes down to is that quantum gravity has a length scale and a time scale, both of which are unthinkably tiny. However, special relativity says there is nothing special about any particular space or time interval because if somebody was going fast enough, an interval that looks like a planck interval to most people could get expanded or shrunk to something big like a kilometer or an hour.
But following that line of reasoning is problematic if there is no special reference frame, since for all I know I already am going incredibly fast relative to some imaginary observer.
Doubly-special relativity manages to preserve the invariance of the speed of light under ordinary conditions but also preserve the invariance of plankian quantities under extreme conditions. Related theories also bring in the idea of a special reference frame which means you might be able to "push" against the vacuum.
The main trouble jiving that with these experiments is that the energy scale at which the grain of space would come into play.
Telegram is not as secure and private as one would think visiting their website.
In fact their cryptografic technology has many flaws, and their crypto contest is rigged to be unsolvable.
<http://unhandledexpression.com/2013/12/17/telegram-stand-back-we-know-maths/>
<http://thoughtcrime.org/blog/telegram-crypto-challenge/>
<https://news.ycombinator.com/item?id=6916860>
What can I say? It's just plain ridiculous. I am looking for a change right now with decent experience under my belt but I have to take out my data structure and algorithm notes and start all over again. I cannot imagine what it must be for your level of experience. There was a similar discussion on hacker news about this after a guy that developed HomeBrew was asked to invert binary trees in a google interview : https://news.ycombinator.com/item?id=9695102
Honestly, look at candidate's resume for God's sake and use your common sense and ask relevant questions. We use agile methods in our engineering but there's zero agility here and such stupidity is allowed when it comes to interviews, it boggles my mind.
>Do you know PPK and his work? He's been at the cutting edge of web-standards and implementations for at least 12 years if my memory serves me correctly.
>>And you'll get exactly what you want. //
>If he wants to avoid the web being badly negatively effected by short term views of current browser companies and standards bodies then he won't get what he wants by sticking his head in the sand and ignoring the direction he sees things going.
>If this were the writing of a small time web-dev (like myself) then I think your comment would work; but I'm assuming PPK is coming from a position of experience that's given him an almost unique overview of the direction of browser and standards development vs. the historic "feel" and integrity of the web.
>PPK is doing the equivalent of saying "let's stop and ask for directions [on our car journey]" and you're saying "no, let's just keep driving I'm sure we'll get to where we want to go".
>He's up against it as, to my mind, cautious development doesn't serve the needs of corporations and so won't happen.
>>"We’re pushing the web forward to emulate native more and more, but we can’t out-native native." (OP) //
>I find it funny that web pages are trying to be native apps and many mobile apps are shipping when they're ostensibly just web pages.
>tl;dr I think the OP has more to say, and that it's more important, than you're giving credit for.
As of now, this seems to be an experiment enabled by default for a subset of Chrome Canary users.
Thankfully, Paul Irish writes on Twitter:
> this is terrible. From what I can tell only 6 people have been involved in this so far. Going to do my best to stop it.
Experiment or not, Google needs to whacked over the head fast and hard. They need a message that it is not okay to break the most fundamental ingredient of the web, just so they can increase their search volume a bit more.
As zaroth wrote on HN:
> Google heard of this thing called a 'Uniform Resource Locator', and thought, "Hey, that's us!"
It's a good parable. It did its annual rounds on Hacker News a couple of weeks ago. Some good commentary (typical of HN) resulted.
I think the parable is good not because either A or C are realistic, but it's an important conversation and I think many projects and coders can find themselves somewhere on a spectrum from A to C. I think it's also useful for a company to reflect on whether they scoff at or approve of A or C approaches.
Oh God, thank you. Fucking thank you.
After countless bullshit postmodern feminist dramas over jokes, pronouns and the like, scandals over trivialities and misquotations (Paul Graham controversy, anyone?) and the emergence of a new, ultra-liberal "geek feminist" movement that has invaded all technological discourse with its potent toxicity, it's very refreshing to see a realistic point of view.
I'm sick of oversensitive people with emotional disorders blowing things out of proportion, as in the libuv pronoun controversy, Donglegate, bro pages and whatever the heinous oppression of the week is (the Geek Feminism Wiki keeps a log) to fuel their persecution complexes. Every week on Hacker News, it's all the same. And it always goes in the same direction: nowhere.
I just ran a search on HN for this article, and guess what... it's been sunk straight to the bottom with barely any attention: https://news.ycombinator.com/item?id=7189846
I still visit HN regularly because of the great computer science and programming articles you can find, although I am getting aggravated by all the SEO, marketing and social justice bullshit. I'm thinking of moving to lobste.rs or something.
A real gem from the same comment thread:
> […] you use PHP to perform MySQL queries in the middle of HTML tags. If you want to do this, you know some principles are merely burden for your smooth execution of the web site development, and should be throw out the window at first thought.
They'd only do that if he lied about his podcast being clean, while making it NSFW.
Kinda like how the Blockchain app acted like a completely different app while in review, then changed once it was out in the store. https://news.ycombinator.com/item?id=7194085
Oops.
Thiss seems to have more info > One thing people might not realize (I'm not sure how obvious it is) is that these renders depend strongly on the statistics of the training data used for the ConvNet. In particular you're seeing a lot of dog faces because there is a large number of dog classes in the ImageNet dataset (several hundred classes out of 1000 are dogs), so the ConvNet allocates a lot of its capacity to worrying about their fine-grained features. In particular, if you train ConvNets on other data you will get very different hallucinations. It might be interesting to train (or even fine-tune) the networks on different data and see how the results vary. For example, different medical datasets, or datasets made entirely of faces (e.g. Faces in the Wild data), galaxies, etc. It's also possible to take Image Captioning models and use the same idea to hallucinate images that are very likely for some specific sentence. There are a lot of fun ideas to play with.
As someone who just switched their unlocked 920 over to T-Mobile and apparently gets free Spotify streaming over data, this makes me very happy.
Edit: Read the discussion below, it's a good one!
Edit2: Here's some more discussion on the topic over at Hacker News!
At least BGR asked for a statement from them instead of just blasting them on an assumption that Verizon is the sole problem. Not sure what else you would expect them to do.
I linked this in a different thread, but I think it's worth mentioning here as well:
This comment from Ycombinator sums it up nicely.
> I would not take some offhanded remark from an outsourced, minimum wage, offshore worker as confirmation of anything.
Yes, I built a tool that I believe could help people optimize their front-end, so I try to post in relevant subreddits. Some of those, I didn't even post but was actually posted by other people (I have one account). The fact that the post still receives upvotes means that there are people who have not seen it yet and find it helpful.
I've also posted to Hacker News.
> “Any community that gets its laughs by pretending to be idiots will eventually be flooded by actual idiots who mistakenly believe that they’re in good company.” -~~Rene Descartes~~ DarkShikari
Most of these sites are going to give you traffic you will never be able to build a business on. You really need to spend some time thinking about who your perfect customer is and where they can be found, it's not in the tiny and often irrelevant overlap between "startup traffic" and "your specific market".
eg: inbound.io who wrote this list and others as part of their content marketing strategy. You're selling a social media tool, you could be mining fb/twitter/linkedin and looking for companies committed to social media. Why hope any of them are reading this when you can just go and contact them directly at any scale you want.
YC person and gmail inventor Paul Buchheit said this recently:
Exposing yourself to the direct, harsh feedback of the market is key. I've noticed that bad founders will do just about anything to avoid this. Instead of selling, which is hard, they spend their time going to conferences and meetups, trying to do PR, talking to biz dev people about partnerships, etc. It all sounds like work, but mainly serves to insulate them from the harsh reality that nobody wants their product.
That's what these sites are. Telling startups you're a startup instead of telling your market you have a product they need.
> Universal might not be as "stupid" as people think...
> That address is most likely for a client that the most popular french language pirate streaming Cacaoweb site uses. http://cacaoweb.org/ Basically if you go to that site and download the client you will have a web service running on port 4001 which will accept certain parameters.
> The links for that service (and other similar services) are published on the internet pointing to the local loopback address with a resource identifier of the specific content in question e.g. http://127.0.0.1:4001/?f=4a3aba6e5e7cff2825347f7293a462ae
credit to dogma1138 on Hacker News
still seems like someone inside their network is running this client, so someone is up to shady things.
Link to hacker news discussion about this: https://news.ycombinator.com/item?id=9403571
Points to note from that discussion:
- This website sources F-droid to provide a nice looking web frontend.
- The author did this as a hobby. He talked to the F-droid developers before going ahead to do this.
- The popular apps section is new compared to F-droid.
Which is to say, on those machines, Superfish can read all your https traffic, including banking.
https://twitter.com/kennwhite/status/568270748638318593/photo/1
There is no official explanation yet, and he's not planning to release it for another week, to give more companies time to patch their SSL and revoke and issue new certificates. https://twitter.com/indutny/status/454790640078176256
That said, the current consensus is that rather than finding the key at its initial position in memory (generally very early in the process' heap), that he was looking for the P and Q values, which are used in numerous points while actively decrypting data. These values are the two factors that make up the private key. You can look for these numbers in the memory that Heartbleed does give you access to. You actually only need one of the numbers, then you can use it in combination with the public key to figure out the other number.
More information here: https://news.ycombinator.com/item?id=7573377
My coding process is pretty bad. Write somewhat usable code, debug all the tiny mistakes I make. Thursday night, some pushes to github started failing. When you push as often as I do, this is a huge pain.
I woke up Friday to find out that this was likely the result of the Chinese government, or their supporters (regardless, the gov should still get the blame for the environment they have created).
This really rubs me the wrong way. I personally don't really know what I'm doing, but as pointed out by an astute hackernews reader, pissing off a bunch of talented programmers is probably not a wise move.
Hope the GitHub ops team is doing okay, sounds like it has been a rough few days!
>They had real value when silk road was a thing.
You're talking about Bitcoin.
Dogecoin is not meant to be ~~hoarded~~ saved. The developers who work on Dogecoin made it that way so people wouldn't ~~hoard~~ save it like they do Bitcoin.
EDIT: uPdaTed mY WoRdInG FoR ThE w0rd nAzI /u/DilbertPickles
There's already a large discussion on it on Hacker's news, so you might want to look there.
Also, the blog post doesn't really explain what PANDA is. It's basically a fork of QEMU (an modern platform emulator) that can capture everything (e.g. memory access, CPU state) that happens. That way you can replay everything to analyse it.
You can use this to thwart anti-debugging measures implemented in DRM software like spotify.
He's cleared it all up, turns out everything we know is just conspiracy by the bourgeoisie.
>The fact that burgeose Russian governemnt manufactures documents to support this Goebbels lie cannot deny the evidence.
Link to the entire comment thread since HN doesn't have "view all comments" link.
Here's why you should invest in Google:
Currently the biggest challenge of UBER is regulatory - cities are fighting it tooth and nail. One way to exert strong political pressure is to offer a real breakthrough new service for the mass population(and not something like UBER which is an incremental innovation targeted for a small section of the population). This also fits with the breakthrough mentality shown by google's leaders.
Such service could work like UBER for public transit[1], basically enabling people to share rides with multiple other people while decreasing the costs significantly and highly optimizing routes and travel time and maybe/probably making such a service a viable alternative to private car ownership.Low cost, fast transportation, without the need to drive, with much less pollution, traffic jams and accidents - today. Such an offer would be hard for politicians to resist for long.
One key to enable such service at scale, is access to plenty of people and their real-time travel data, and having an ability to offer them an highly targeted ad + route + service. That sound perfect for google+UBER. Like a huge market they're positioned perfectly for.
But that's just phase I.
James was the founder of /r/ruby almost seven years ago: http://www.rubyinside.com/ruby-gets-its-own-reddit-702.html
There's more information on https://news.ycombinator.com/item?id=8804624 which includes that he was in Mexico and involved in a car accident.
From HN (io.js contributor):
> Buffer 4.259 5.006
> In v0.10, buffers are sliced off from big chunks of pre-allocated memory. It makes allocating buffers a little cheaper but because each buffer maintains a back pointer to the backing memory, that memory isn't reclaimed until the last buffer is garbage collected.
> Buffers in node.js v0.11 and io.js v1.x instead own their memory. It reduces peak memory (because memory is no longer allocated in big chunks) and removes a whole class of accidental memory leaks.
> That said, the fact that it's sometimes slower is definitely something to look into.
> Typed-Array 4.944 11.555
> Typed arrays in v0.10 are a homegrown and non-conforming implementation.
> Node.js v0.11 and io.js v1.x use V8's native typed arrays, which are indeed slower at this point. I know the V8 people are working on them, it's probably just a matter of time - although more eyeballs certainly won't hurt.
> Regular Array 40.416 7.359
> Full credit goes to the V8 team for that one. :-)
Seems that these things are being looked at by either the io.js team or the v8 team. But if we take a logical approach at the way io.js operates with release cycles, as soon as the v8 team fixes the performance losses, io.js is going to outperform node by a large factor (in terms of these arrays).
I think calling it "product" is bad wording, but at least he has a point: You don't compile systemd from sources by yourself. Your distribution vendor adjusts the source code to their needs via patches and creates a binary you are using. They should be wise enough to create and use their own ntp pool.
BUT, as others pointed out, these time servers shouldn't be in there by default. Test setups don't belong into the code itself, at least that's my opinion. It's not a "default" setting. So there shouldn't be any servers in there to make it clear for vendors: Hey guys, this won't work, please get a NTP pool!
But for what it's worth, the reponse from some parts of the community regarding this issue is embarrassing (take a look at the Hackernews thread). If it wasn't a systemd issue, nobody would care at all. But as it is Poettering and systemd, people start calling him "dick" and talk about "how bad systemd is" and bla bla bla. When Linus is rejecting a kernel patch with some offensive mail, everybody is fine with that as well.
https://news.ycombinator.com/item?id=7460225
> For the record, Mozilla does provide employee benefits that cover same-sex domestic partners, and I would be shocked if any CEO attempted to change this. (I am a Mozilla employee.) > > The Mozilla community is governed by participation guidelines that state: "support for exclusionary practices must not be carried into Mozilla activities," and "support for exclusionary practices in non-Mozilla activities should not be expressed in Mozilla spaces." > > http://www.mozilla.org/en-US/about/governance/policies/participation/ > > UPDATE: In a meeting with Mozilla staff this morning, Brendan reiterated that he was involved in the creation of that code of conduct, and supports it 100%. He also specifically said that he should be held accountable to it, and that it's important for those in positions of power to be accountable to those with less power.
I don't think you could call him "openly anti-gay". AFAIK all that is publicly known is that he gave money to some campaign. He never explained why and it doesn't seem he voiced any public opinion on that matter. I think Mozilla employees and we all should keep an eye on what he does. But simply condemning him on that one action seems as wrong as the action itself.
While the failed attempt at hashing ID numbers is the headline here, as pointed out over at HackerNews, it's also highly likely that the level of fine-grained detail in this data makes it possible to identify and track individual passengers, regardless of the MD5 fail.
Voat is an alternative - it claims to be "reddit without censorship" (I don't know how accurate that claim is, but it is the site's selling point).
Less direct, but still high quality alternatives with a slightly nerdier focus are slashdot and [hackernews](https://news.ycombinator.com/news().
> This article seems to be completely missing the point that if she had taken the time to develop her own personal identity outside of work rather than trying to fit in with her coworkers she would have been much better off as an individual. You don't need to have fun with your coworkers, you just need to work well with them.
I think in the end, ultimately this individual realized just that. Understandably some will disagree with her reasoning on how she came to this conclusion. However if you take anything away from the article, IMHO it should be basically what you have just said. $JOB == $JOB in the end, you should still live your own life and have your own identity.
> Most of these are caused by YouTube using an advanced buffering algorithm that ISP's mess up by throttling CDN content.
Is there any proof about this claim that ISP's are throttling CDN content? It could also very well be the case that it is a bad/overloaded CDN. This article (MitchRibar) does not prove definitively that this is the ISP and not the CDN. There are ways to test this to be definitive however no one to my knowledge has done so (or they haven't shared the results because its not what they were expecting). A Hacker News post explains in more detail why MitchRibar's article is flawed in that respect (placing blame) and explains how a real test can be done to either prove or disprove this.
On a side note though, in either case the steps listed should bypass the problem regardless if its a failed CDN or ISP throttling (which also begs the question, why would an ISP Not throttle those IP's as well if they were throttling).
https://news.ycombinator.com/item?id=7545958
> Google's HTML 5 media player uses Media Source Extensions (MSE) now . This enables them to use adaptive streaming implemented in JavaScript using DASH JS libraries. > > Unfortunately MSE support is not complete in Firefox so the MSE using HTML5 YouTube player doesn't work..
Note that there's a little more to this commit message than meets the eye:
>When and if WebKit implements Shadow DOM, we won't use these vestiges of the old code. Note that this checkin (and the earlier actual removal of the old implementation) are not a commentary on our long-term plans to support it or not. > > The checkin message is a series of inside jokes, which I see have confused many people. You can just interpret this as "remove some remnants of dead code, also I am a bit of a jokester". (Where "I" is the author of the patch, not me.)
(source)
These rules are several years out of date.
Modern browsers (both Blink and Webkit, and probably Gecko too) use a dirty-bit system for DOM manipulation. Manipulating the DOM is just a few pointer swaps; it is not quite as fast as pure Javascript, but it's close.
However, when you dirty the DOM, it means that the browser then has to perform an expensive CSS recalc + layout + paint operation when control returns from JS. Or worse, it may have to perform that layout synchronously, blocking execution of that JS, as soon as you perform a query on a DOM node that was invalidated by your previous operation. I wrote more on this here, which also includes a link to a post by a core Webkit (now Blink) contributor with the list of properties that triggered layout as of 2011 - the list is currently very similar, although there's an experimental Chrome feature under testing that will invalidate everything I'm writing, and of course Servo does everything differently. You may also want to read How Browsers Work, which is still remarkably accurate, though again some research being done by Blink and Servo would change it dramatically.
The advice to remove your element from the page before doing DOM manipulation on it was true when IE6 was the dominant browser, 8 years ago. It's counterproductive now - it will make your code run marginally (though not severely) slower. The key performance idea with 2014 browsers is to batch all your mutations to the DOM; instead of mutating, then querying, then mutating again, keep a work list of everything you need to change and then apply the changes all at once.
Not just the TLS stack. Pretty much any aspect of MirageOS is fair game (TCP/IP stack, OCaml runtime, etc).
Here were some thoughts from one of the Piñata authors. https://news.ycombinator.com/item?id=9028581
It was actually bandwidth.com who implemented MMS support for all their clients including Google Voice. They started to support MMS a few months ago.
well this blew up... totally took down my database after it ranked highly on r/technology and news.ycombinator (still kinda high on both). For more info check them at: http://www.reddit.com/r/technology/comments/1ugou3/evidence_my_isp_is_making_money_from_tracking_its/ and https://news.ycombinator.com/item?id=7016058
Can we not have this click bait stuff here?
Quote from hacker news by antoncohen about this article: >That comment was taken out of context. Wired wrote an entire article about an offhand remark.
>I was at ChefConf, the comment was made during a panel discussion on open source. On the panel there was an engineer from Facebook, an IT Director from Gap, and Mark Russinovich the CTO of Azure (note Azure, not Windows).
>The conversation went something like this (paraphrasing):
>Moderator: "Microsoft used to really suck, and they were really anti-open source. But now they are open sourcing things like CLR on GitHub. I bet one thing they will never open source is Windows."
>Mark: "You never know, it's definitely possible. Crazy stuff happens."
>Nothing more on the subject.
I don't know why people upvote these mainstream journalist articles that barely has anything to do with programming...
> on HackerNews, Twitter
https://news.ycombinator.com/item?id=8457298 for anyone else who wanted convenient links
also https://twitter.com/search?f=realtime&q=to%3Aawilkinson%20OR%20from%3Aawilkinson&src=typd
The comment from Paul Graham that I found more interesting is where he gives the reasons why it could have been created by a government. Ah, here it is:
> I've long suspected bitcoin was created by a government. Bulletproof protocols usually require peer review, yet there have been zero leaks from the reviewers. Pools of crypto guys who don't leak stuff are usually employed by governments. > The part that puzzles me is why a government would do this. I can imagine several possibilities: > > 1. To finance their own black operations. > > 2. Because they thought digital currencies were inevitable, and they preferred bitcoin to some potentially more malevolent form. (Could bitcoin have been worse from a government's point of view?) > > 3. A friend suggested this: because they felt their currency would never become the standard reserve currency, and they felt it was better that no one's be if theirs couldn't be. > > 4. A variant of the above: the US did it because it seemed inevitable that the dollar would eventually lose its place as the standard reserve currency, and better to have it replaced by bitcoin that the yuan. > > I realize some of these explanations are pretty far fetched, but so is an individual cooking up bitcoin as an intellectual exercise. Whatever the explanation of bitcoin's origin turns out to be, it will probably be pretty weird. > > Anyone have opinions about these possible explanations, or other ones?
From the topics selection, Hacker News has an overall Slashdot vibe. But you might miss the whimsical short summaries the Slashdot editors were infamous for.
Also the community is built around YCombinator (the hoster and initiator of this platform) which is some kind of startup incubator or something. They use HN for their own ads and announcements, and sometimes in posts about startups, discussion in the comments shifts to YC, which can be a bit annoying sometimes if you don't care about YC, but it's still alright, I think.
You stole this exact comment from doctorshady... I dunno that's just weird
http://www.reddit.com/r/technology/comments/2sglie/online_ad_company_uses_cookies_that_come_back_to/cnpafap https://news.ycombinator.com/item?id=8890237
So what I gather in comments is the ms API is nicer for devs, but Apple has market share so the inferior (from a user perspective (user being devs)) choice wins.
Is that accurate? If so, that's what we usually dislike about Microsoft (well 20 years ago anyway, and on /., reddit circle jerks). Kinda disappointing.
Edit: Whoa, and the reason they all started working on pointer events was because Apple was playing patent ransom...wtf?
Wow.
edit2: Looks like there is a much informed discussion on HN about it. https://news.ycombinator.com/item?id=8182553
Whilst many of the top results seem deliberate, all 99K of them can't be :(
On the HN thread, people are suggesting similar searches e.g. there are over 500K hits for mysql $_GET
I thought everyone knew about it, it was on Reddit and Hacker News for days. But just in case no-one has seen it, here's the HN comments, the Reddit thread seems to have vanished - but that might be Reddit's legendary searchability rather than it being deleted.
I'm not going to comment on that incident, as all the avenues were thrashed out at the time. But the fact that such dramas drive out core contributors raise doubts about the long-term viability of the project in my eyes.
Copying a comment from HN, because it's relevant:
> Calling GnuPG "email encryption software" really understates its importance. It's also used in countless applications to encrypt data at rest, and GPG signatures are used to secure the distribution of software. For instance, GPG is an essential part of the package managers of Debian, Ubuntu, and RedHat.
Hackernews has started donating money to the cause, and there's some interesting discussion on what can be done.
https://news.ycombinator.com/item?id=9003791
Hopefully reddit will join in. This is an extremely critical piece of infrastructure that we all rely on. Please consider supporting the work this guy has been doing for years.
Another plausible version on ycombinator: >Maybe while looking at the code themselves they found a very bad bug which would make previously made encrypted partitions easily crackable, and fixing it would obviously make the world aware to this, and they don't want to endanger or ruin the lives of everybody who has had a truecrypt container with sensitive data taken from them (for example to a malicious government), so the only way to go for them is to tell people their product should not be used any more and is bad.
Hi, author of Enaml here. Development of new features in Enaml has slowed in the past year as my work focus has shifted. Enaml is fairly stable however, and is currently in production at multiple Fortune 500 companies, including a top 10 investment bank. Happy to answer any questions about the project.
Also, Enaml seems to be trending on Hacker News today, if you want to read the comments there.
Edit:
Here is my most recent talk on Enaml, which will answer most of the "what is this?" questions: https://vimeo.com/79536617
If you aren't following the hacker news conversation: https://news.ycombinator.com/item?id=9560790
It appears that the key in question that is factorable is not a valid key. Not only is it not valid but it is not signed by the owner. So at best we are looking at a malicious posting of a fake key, that is "factorable". At worst the individuals posting this and the ones responsible for posting the faulty keys to the public key servers are one in the same. I'm inclined to believe this is just a publicity stunt.
I actually just looked into this. The most succint comment that I could find was here.
The tl;dr is that Rust and D both aim for a similar niche, but Rust guarantees memory safety through compile time checks. D is intended to be more expressive, and forcing the user to consider object scopes gets in the way of that.
In general, there are a ton of languages in development right now (Rust, D, Go, Swift, Hack) that are all seeing various levels of success.
Between Rust and D, in particular, the developers seem content to let the other group do their thing.
I liked this comment on HN, where this was submitted a few weeks ago:
> This is an example of a page that begins talking about sewing and embroidery, and eventually becomes about typography.
Unlike Chick-fil-A's semi-official stance against homosexuals, Mozilla has explicit policies supporting inclusiveness:
https://news.ycombinator.com/item?id=7460225 > For the record, Mozilla does provide employee benefits that cover same-sex domestic partners, and I would be shocked if any CEO attempted to change this. (I am a Mozilla employee.) > The Mozilla community is governed by participation guidelines that state: "support for exclusionary practices must not be carried into Mozilla activities," and "support for exclusionary practices in non-Mozilla activities should not be expressed in Mozilla spaces." http://www.mozilla.org/en-US/about/governance/policies/participation/ > UPDATE: In a meeting with Mozilla staff this morning, Brendan reiterated that he was involved in the creation of that code of conduct, and supports it 100%. He also specifically said that he should be held accountable to it, and that it's important for those in positions of power to be accountable to those with less power.
Also, a blog post from Christie Koehler, a queer woman who works at Mozilla, mentions that Mozilla actually has benefits on par with heterosexual marriages: http://webcache.googleusercontent.com/search?q=cache:subfictional.com/2014/03/24/on-brendan-eich-as-ceo-of-mozilla/&client=ubuntu-browser&es_sm=125&strip=1 > Mozilla offers the best benefits I have ever had and goes out of its way to offer benefits to its employees in same-sex marriages or domestic partnerships on par with those in heterosexual marriages. Last year we finally got trans-inclusive healthcare.
After some investigation, the real TLDR is that there appear to be subkeys with invalid signatures on the keyserver, and these are the ones being factored easily. It's very suspicious that they're there on the keyserver. But apparently gpg rejects these subkeys when they are downloaded.
Best explanation I've found: https://news.ycombinator.com/item?id=9561407
From the Hacker News:
https://news.ycombinator.com/item?id=9432384
>z1mm32m4n 38 minutes ago
>If an image fails to load, the browser draws a little box with some alternate text describing that box. If the CSS doesn't load, your text and content is displayed in a weird font without the grid layout you were using, but if you wrote your HTML semantically (using <h1> instead of <div class="title"> etc.), the browser can still show most of your content, and you can still move around on the page.
>
>If the JavaScript fails to load and you were using it to significantly alter the content on your page, for example loading a news article asynchronously, the entire page fails to load.
>
>I don't mean to pick on this app in particular (I actually think it's really cool and I plan on using it and learning from it), but take a look at what happens to http://hswolff.github.io/hn-ng2/ when you switch off JavaScript--it's completely unusable. Now try switching off JavaScript on Hacker News--all the links and comments are still there.
Funny how on both sites most commenters haven't even looked at the link.
Incorrect, the application sandbox stays active even with a jailbreak. Since some people are on a downvoting spree today, here is a link of saurik saying just that instead:
"A good oversimplification might be something like: D was conceived by people who were tired of how clunky C++ is. Rust was conceived by people who were tired of how unsafe C++ is."
Rust focuses on memory safety and guaranteeing correctness and deterministic behavior. Instead of garbage collection, it has "smart pointer" types baked into the language and does an interesting amount of compile-time checks to try to guarantee memory safety.
D focuses on being a better, easier to use C++. Writing D is like working with the bastard child of C++ and Python. You get the native code generation of C++, but also you have really slick stuff that you usually find in scripting languages - array slicing, hash map primitive types, great regex support, etc. You also get a template system that's just as powerful as C++'s without making you want to pull out your hair every time you have a single typo, and D's ability to do compile-time code evaluation means that you can write functions that generate code, then mix that code into the rest of your code. If that sounds insane, it is, but people have done awesome stuff with it like making an entire damn parser generator or a regex function that actually generates D code for the automata that specifically matches the given expression
Disclaimer: I've worked a good bit with D and haven't touched Rust. Someone correct me if I'm terribly wrong or would like to prop up Rust some more. By all accounts it's a neat language too.
From hacker news ( https://news.ycombinator.com/item?id=9315769 ):
That comment was taken out of context. Wired wrote an entire article about an offhand remark.
I was at ChefConf, the comment was made during a panel discussion on open source [1]. On the panel there was an engineer from Facebook, an IT Director from Gap, and Mark Russinovich the CTO of Azure (note Azure, not Windows).
The conversation went something like this (paraphrasing):
Moderator: "Microsoft used to really suck, and they were really anti-open source. But now they are open sourcing things like CLR on GitHub. I bet one thing they will never open source is Windows."
Mark: "You never know, it's definitely possible. Crazy stuff happens."
Nothing more on the subject.
Actually, Google Analytics shows that it was this page that broke the site. (Though, now that I check, Reddit's definitely up there).
Edit: OK, it's Reddit killing the site now ... by a wide margin :)
From the comments on Hacker News:
> It looks like they weren't actually using React for much. The diff is +230 lines, and there's close to that much of just new tests. Most of the actual changes are trivial (e.g. @isMounted() to @mounted) and there's not all that much DOM manipulation logic in the end result. > > Overall it looks like React guided them in the right direction for how to design their view code, but they don't actually need most of React's functionality.
Did they say to switch to Bitlocker which is thought to be insecure? Maybe that's another hint. "Hey get in that other boat that's filling with water..."
Edit: Indeed someone said this better than I did.
there was an informative reply over at
https://news.ycombinator.com/item?id=7312856
>As one of the volunteers operating the existing Market St. WiFi and the housing project WiFi, I can say that this is definitely being discussed and evaluated, but I don't have a lot of hope for the Department of Technology making anything happen. They have deeply-rooted relationships with large telcos and utilities that have granted them good deals on easements to lay their existing fiber and copper paths. If the city started offering competing services for money, it would throw those relationships in jeopardy. It's really too bad, as a lot of the dark fiber resources are already in place to build a decent backbone that could support radial paths out different neighborhoods. However, there's very little technical clue (if you're a competent network engineer in the Bay Area, why would you work for a city? ick.) and political capital/gumption towards making this happen. The layer 0 - 7 stuff is easy. It's layer 8 and above (money, politics, humans) that make this hard to accomplish. If you're an SF resident, call or write your supervisor. Let your opinion be heard and demand proper infrastructure! Fiber is becoming the new roads; how you get your product to market. Municipalities need to step up and get building, because the big utilities and ISPs sure as hell aren't. reply |
Go read the comments on this story on hacker news:
https://news.ycombinator.com/item?id=7233730
So much rationalizing. My favorite was:
> I actually see a silver lining in this story. The worst thing an officer of the was able to do was inconvenience you for a day. Compare that to pretty much another other time in recorded history, and indeed still many places today, and you could have been locked up for far longer for pissing off someone in an authority position.
>Now obviously this is a ridiculous situation and the officer was on a powertrip, but you did break the law and technically she was within her privileges to bring you down to holding. Still, the fact that you encountered pretty much the worst scenario possible and were only held up for a few hours from start to finish is, to me, a sign that the system is working pretty damn well.
Oh my brd the HN comments: > To the author: You're right, it's unacceptable but you know how to fix it? You say something at the point in which it occurs. Nip it in the bud. Running off to write yet another gender-division-in-the-tech-world blog which will be read, primarily, by the sort of folk who already agree with you isn't going to make nearly as much of a difference as taking care of issues promptly. After doing so, blog about what happened and the resulting reaction. That's the sort of story that'll spread like wildfire.
.
> Not to defend the men in this story but I imagine they are like many guys in tech-single and lonely, and see these sorts of meet-ups as an opportunity to meet women with similar interests. Specifically the line "Oh ok cool, so if we start dating I can use the app with you!" seems to suggest this objective.
> I think a lot of their statements are said to provoke a reaction from women in a "flirty" manner, not because these men are actually misogynistic. Their well-intentioned flirtatious remarks are being interpreted as sexist by women attending these events, likely because these men are inexperienced with women and unsure how to relate to them.
https://news.ycombinator.com/item?id=9730944
> It's not bad work but it looks like The Register has hyped it much too far. Breakdown: > > * OSX (but not iOS) apps can delete (but not read) arbitrary Keychain entries and create new ones for arbitrary applications. The creator controls the ACL. A malicious app could delete another app's Keychain entry, recreate it with itself added to the ACL, and wait for the victim app to repopulate it. > > * A malicious OSX (but not iOS) application can contain helpers registered to the bundle IDs of other applications. The app installer will add those helpers to the ACLs of those other applications (but not to the ACLs of any Apple application). > > * A malicious OSX (but not iOS) application can subvert Safari extensions by installing itself and camping out on a Websockets port relied on by the extension. > > * A malicious iOS application can register itself as the URL handler for a URL scheme used by another application and intercept its messages. > > The headline news would have to be about iOS, because even though OSX does have a sandbox now, it's still not the expectation of anyone serious about security that the platform is airtight against malware. Compared to other things malware can likely do on OSX, these seem pretty benign. The Keychain and BID things are certainly bugs, but I can see why they aren't hair-on-fire priorities. > > Unfortunately, the iOS URL thing is I think extraordinarily well-known, because for many years URL schemes were practically the only interesting thing security consultants could assess about iOS apps, so limited were the IPC capabilities on the platform. There are surely plenty of apps that use URLs insecurely in the manner described by this paper, but it's a little unfair to suggest that this is a new platform weakness.
selected fapping material:
HN:
>> Just out of curiosity, is this the first time a language is written using itself?
> No, bootstrapping is fairly common. Rust is another common example of a bootstrapped language and has been for some time.
in the slides:
> Why was it in C?
> Bootstrapping.
> (Also Go was not intended primarily as a compiler implementation language.)
> inb4 implicit "as opposed to ML" or "as opposed to C"
HN:
> Fun fact: what's common between Rob Pike, Bjarne Stroustrup, Larry Wall, Guido van Rossum, and so many other language inventors?
> They're all C programmers!
HN:
> Dons fedora
> Can we trust the go compiler?
Discussions on Hacker News: https://news.ycombinator.com/item?id=9566091
To quote one user:
An iPhone battery is about 5 watt hours, ten percent of this is 0.05 watt hour. [0]
The most efficient mining chip I could find information about is the BM1384, which consumes 2.058W at the lowest power bracket.[1]
We would exhaust our 10% allotment in 1.5 minutes.
In those five minutes our speed would be 8.25 gigahash per second, producing 0.000003542 BTC per day [2].
Our total income for 1.5 minutes of mining would be 0.000000003689583 BTC. [3]
At 238.5 our 10% iPhone 5 battery life has been exchanged for $0.0000008801 USD.
Thoughts?
I'm always reminded of this when I see South African videos like this.
> I live in South Africa in a gated community with 24/7 guard patrols and 12 ft high barbed wire fences.
> My own house also has blade-topped fences, I have an electronic gate which requires a 6-pin entry pad and a thumbprint. I have 3 dogs, double-plated steel doors and retractable window bars.
> Some fucker broke in through the ceiling last week while I was asleep and stole my iPhone and wallet.
> The reason we do this in South Africa is because of safety. Home invasions, car jacking, mugging, kidnapping are everyday occurrences here. I know of 3 people who have been killed during one of these engagements and everyone I know knows someone who has died.
> If you worry about your kids wandering the streets in America, Canada, New Zealand.. Come to Africa and get some context.
> Possessions are meaningless, your health and your friends are what counts. That's something some people learn the hard way in this country.
Jesus fucking Christ, sometimes people can get a little to butt-hurt about Linus's antics but this is pathetic. If your not used to opensource this might seem weird (meetings publicly available, git, etc) so I'm happy to answer any questions you all have.
Edit:
HN thread : https://news.ycombinator.com/item?id=9176654
Link to commit : https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0bc65729070b9cbdbb53ff042984a3c545a0e34