1. Acting as a go-between for (presumably Jeremy Hammond) the Stratfor hacker and Stratfor itself, Brown misled Stratfor in order to throw the scent off Hammond. Having intimate knowledge of a crime doesn't make one automatically liable for that crime, but does put them in a precarious legal position if they do anything to assist the perpetrators.

2. During the execution of a search warrant, Brown helped hide a laptop. Early in the trial, in advancing the legal theory that hiding evidence is permissible so long as that evidence remains theoretically findable in the scope of the search warrant, Brown admitted to doing exactly that, and that's a crime for the same reason that it's a crime when big companies delete email after being subpoenaed.

3. Brown threatened a named FBI agent and that agent's children on Twitter and in Youtube videos.

The offense tied to Brown's "linking" was dismissed.

Brown's sentence was unjust, but it wasn't unjust because he was wrongly convicted by a trigger-happy DOJ; rather, he got an outlandish sentence because he managed to stipulate a huge dollar figure for the economic damage caused by the Stratfor hack, which he became a party to when he helped Hammond.

    $ export LC_ALL='C'    $ awk '{ print $2 }' 10-million-combos.txt | tr 'A-Z' 'a-z' | sort | uniq -c | sort -nr | head -n 20    55893 123456    20785 password    13582 12345678    13230 qwerty    11696 123456789    10938 12345    6432 1234    5682 111111    4796 1234567    4191 dragon    3845 123123    3734 baseball    3664 abc123    3655 football    3330 monkey    3206 letmein    3136 shadow    3126 master    3050 696969    3002 michael

[1]: http://www.wordle.net

How does tying each password to its corresponding username help with password research, and does the value gained outweigh the cost of someone using this list for malicious purposes?

I'm not saying this should be illegal, but I'm struggling to understand the intent here.

Everyone knows that legally questionable moves should always be made on a friday. That allows everyone in government to cool down for a couple days. By the time the weekend is over all the news outlets have moved on to whatever war just started up. You don't want some hothead prosecutor tweeting out a threat, forcing himself to follow through later in the week. Nobody picks a fight when 15 minutes away from a weekend.

Watch the NSA/CIA/MIB admissions. They always stage their spying/torturing me culpas on friday afternoons.

We know users pick bad passwords. It seems to me the most compelling "problem" is hardly a research question -- isn't it about finding ways to encourage users pick strong passwords, not share them between sites, and not put them on sticky notes on their monitors.

Ok, putting my charitable hat again... My best guess is that researchers would like some idea about how long it takes to crack some percentage of accounts; e.g. with rainbow tables or other techniques?

The author mentioned "Analysis of usernames with passwords is an area that has been greatly neglected and can provide as much insight as studying passwords alone." What directions might a researcher take this?

Unfortunately, I was equally impressed with what attackers are able to do with them as well. An important point is that attackers tend to have better lists, because they are the ones stealing and cracking them, and these lists make them increasingly better at cracking passwords. Defenders use the lists for all sorts of analysis on how exactly users pick passwords.

For example, "complex password policies" have become increasingly popular. But do they actually increase the entropy of the chosen passwords? Surprisingly little, since users will "defeat" the policy by applying easy to guess "munging rules". Humans being human and such. The thieves have the lists, and learn to apply the munging rules and defeat the policies. Researchers need these lists so they can discover the same weakness and try to react.

More recent research looks at things like how effective the password strength indicators are at actually helping users choose stronger passwords. We also learn about how users choose different strength passwords based on the sites they visit and such. This is absolutely fertile ground for research which can improve how we perform authentication.

Yet another good use of the lists is in defending against online attacks. E.g. Failed attempts that follow the general probability distribution of the lists are easier to identify as bots.

[1] - I think all the talks are posted, although I'm not sure there's a central archive, each conference is identified as Passwords^[Year], e.g. Passwords^14 https://passwordscon.org/

Anyways, that password is not in this list. I have found it in other password dumps before. So, I don't know what to think.

The teacher willfully (and knowingly) teaches the student about "possible means of access to a protected computer."

Note: According to http://www.law.cornell.edu/uscode/text/18/1029 teaching is defined as trafficking information ("the term traffic means transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of; ")

  grep -i <password> 10-million-combos.txt

But Barrett Brown is not the first or only example.

Aaron Swartz is the only example I need to understand what to expect from the various US law enforcement agencies.

Err, no he wasn't. He just managed to get a modest amount of attention.

I thought of exactly the same. I was motivated by the password strength meter out there. How can you actually tell a password is strong or not or whether a password is known to attacker or not if you can ask (I was thinking along the line of private information retrieval) privately and get a probability rather than a yes/no based on all the known stolen credential out in the Internet (there are many Gbs files you can download)...

That aside... I think it's pretty clear that modern Linux is not losing its way. If you go back even five years, and complain that your latest pre-release version of Debian won't suspend properly because it needs a password, you'll get laughed at by all the people who try to suspend their laptop and have it crash in some way or another.

We're now in the uncanny valley of software progress. If suspend weren't working, you'd feel hardcore and learn it and deal with it. If it worked perfectly, then you wouldn't think about it. (What was the last time you thought about how OS X or Windows does suspend, or handles permissions on mounted drives, or whatever? When was the last time you read a manpage about launchd or one of its helpers? Hint, the manpages are useless.) If it has almost all the complexity to work perfectly, you get neither of these benefits.

But it would help things immensely if someone were to document all this, from a busy sysadmin's perspective, not from an upstream developer's. There are occasionally manpages, but they're written like git's. Lennart's "systemd for administrators" series is a start, but that's more of a pitch for why you should want to build your new systems on it, and it only covers systemd. Docs on how to figure things out when they go wrong would be most useful.

I think it all stems from D-Bus, which has become the primary mechanism of command and control on desktop Linux. To address the OP's initial issue of user mounting disks, it's managed via Udisks, which is mostly accessible via D-Bus.

I have trouble reconciling Unix's notion of "everything is a file" and how a modern Linux desktop operates via D-Bus. Don't get me wrong, I think D-Bus very powerful and flexible. I just wish it was easier to explore and test via file-based tools. Maybe a FUSE layer?

Anyhow, if the OP thinks that Linux was once "clean, logical, well put-together, and organized", I can only laugh at his rose-colored glasses. Linux is and always was a cobbled-together mess of orthogonal paradigms (no better illustrated than by the design philosophy clash of XWindows vs Unix). Maybe earlier Linux was simpler because it was still playing catch-up with other Unix clones out there. Nowadays it's leading the pack in innovation, and so things are changing, and fast. I don't know if documentation really is worse now that it used to be, I'm afraid to fall in the same nostalgia fallacy.

Ultimately, I see this rant as nothing other than "things are different now and I'm scared and confused". Not that I don't sympathize, being in roughly the same place. However, I decided I can't stop technology, and sucked it up and sharpened my google-fu.

The same applies to suspend. The local user perhaps should or should not be able to suspend the machine. Presumably remote users should not be able to do so at all.

What about wireless network connectivity as the machine moves? Who should have permission to manipulate that?

If we did not have more a more complex dynamic permission system[1], some would be saying that modern Linux is outdated and unable to cope with the more modern reality of much more dynamic needs like this.

Instead, the article seems to be saying that it's become too complicated.

We can't have it both ways.

[1] http://www.freedesktop.org/wiki/Software/systemd/multiseat/

For the record, my permission problem was solved via "sudo pam-auth-update --force". Thanks Arch Wiki for giving me the crucial hint.

I don't think this was ever really the case, but I do think software is evolving to meet the list of constantly updating use cases.

Of course managing one network interface with all your peripherals connected at startup required less complexity. But if your target audience also has use cases of wanting their USB drive to "just work" when plugged in, being able to connect to a new wifi access point under their normal user, etc., you will want some extra layers of abstraction that aren't available if you limit yourself to FDs and Unix-style permissions.

In addition, some software is cross-platform and doesn't always care about maintaining consistency with the conventions on a single platform.

Personally, I enjoy new technologies and systems in linux. I used to run Gentoo and other distros that constantly brought out cutting edge software. And I'm used to somewhat alpha/beta quality software that mostly works. And because it works well compared to my experience with windows software, so I wasn't too bothered.

Maybe it's because my background is in hardware, but all of the new software had always taken awhile for me to grasp and appreciate. But in the linux community, I've always been able to find info and solve problems that I've come across and learn about the system. Windows problems usually can be solved because large masses of people tried so many things, but I wouldn't get any enlightenment about computers or software when fixing Windows problems. Maybe my world view has been skewed by comparing linux to windows, but I've always felt that I'm able to learn and understand more with linux vs Windows.

http://segfault.linuxmint.com/2015/02/about-betsy/

"It worked, but I dont know why"

"I dont even know where to start looking."

"Thats about as comprehensible as Vorlon poetry to me"

Potentially non politically-correct answer to the article title: maybe it's not Linux who lost its ways, but some old-time users? (who forget the beginner's spirit to look for answers on forums, manuals, to try to understand before casting a judgment)

Linux has always innovated around the paradigms, taking inspiration from everywhere. It was never "clean, logical, well put-together, and organized". It has always been messy, but in a good way.

When I first discovered linux, I had to adapt to all these new things. That was in 1992. When I decided to use again a modern linux distribution on my laptop in 2014, I had to adapt - again. I have no doubt I will have to keep adapting in my lifetime.

The error would be to consider that the "right ways" are fixed, and that innovation should be stopped.

There will be many new things, some will be kept, some will be discarded. Change is the only thing one can constantly bet on.

Free Office365 and CloudFlare are probably the best part of this announcement, since they are "easily migrate-able" by most startups. Migrating from DO/AWS/Linode isn't fun and productive. Even though they are negligible (in terms of money and value) they are the easiest "sticky" points for early stage startups.

That being said - for DevOps people with experience across AWS/DO/Linode and Azure, this would be a good time to start the cold calls and sell your services to YC companies. Paying someone $5-10k on high ($2k/month) AWS bills to free services is a no-brainer.

EDIT: On that note, if any DevOps people want me to do the hustling (aka sales, lead generation) for them, let me know.

EDIT2: Anyone know if the $500k goes for 3-years? If it's only 1-year, then this may not beat the 1-2 years and ~$10k you get from Amazon via their platform: http://aws.amazon.com/activate/portfolio-detail/

It's also worth pointing out that our $60k offer for YC companies is still around, if you're in one of the older batches.

I'm probably worried over nothing since YC investors are smart and tend to leave tech choices to the founders but I'd like to hear some feedback on this from people that pitch in the future.

Either way Microsoft seems to make pretty good decisions lately (from my humble POV). Seems like they are essentially playing the same power law as (other) investors, hoping that the next XXX will be run on Azure.

On a somewhat realted note...I worked in IT in Africa for a bit and it was pretty strange how locked into Microsoft server stuff they (Africa is big but it was true for all countires I had work relations in) are. I naively assumed that Linux/BSD would be more wide spread there but my very subjective conclusion is that MSxx-certificates are really widespread there and piracy is kind of tolerated so it's easy to learn. It was a little bit harder than expected to find Linux admins for example. I've always wondered if this was active corporate policy or just an "accident".

Nietzsche: God is dead.

God (couple of years later): Nietzsche is dead.

pg: Microsoft is dead. http://www.paulgraham.com/microsoft.html

Microsoft (couple of years later): Here's some gift* for your startups. :)

(*: please don't start explaining that it is not a gift, etc. -- I know. :) )

I was accepted into Microsoft's BizSpark program last year so I get $150/month free Azure credit. Azure is very nice to use. So far, I have just been using Ubuntu Linux VPS instances (similar to AWS EC2) and everything works similarly to other providers I use like AWS, IBM BlueMix, Digital Ocean, and Google's cloud services. Really, these are all very good services, so use the one you can get for free or at a low cost.

I used to be pretty much down on Microsoft, but now they are doing a lot of stuff right in my opinion: providing solid Linux support on Azure and providing an unbelievably good deal on the family edition of Office365. It seems like they are buying themselves into the cloud market, but with all of their cash on hand, that seems like a good strategy!

Anyway, if you have a business idea you want to try then look into BizSpark.

In the BizSpark Plus days, your company would receive $60K of hosting but could only use it to pay 100% of your bill in the first year of BS+. In the second year, you could use it to pay 50% and then in the third year you were paying full price for Azure. It was a pretty good deal, but if you are already spending $30-60K (or $250-$500 K) on infra in your first year or two, you're in a select breed of companies.

We were invited up to Redmond in the past to meet with teams from various Azure services and participate in private previews of some cool features. They're really working hard to make a great platform.

Satya, please don't have them mess things up with the next portal release! The whole sideways scrolling gives me a headache.

Passing them on at a 20% discount would make for a sweet ~$400k runway extension.

For the future YC batches - depending on what your company is going to be doing, it would make very little financial sense to NOT host on Azure.

http://www.microsoft.com/bizspark/default.aspx

https://cloud.google.com/developers/startups/

I wondered why my company after 18 months of effort to get going on AWS with certain apps has had a shift to get on Azure 'without compromise' in 2 months.

I doubt these sort of offers are only going to start ups, Microsoft is taking on web services hard core.

E.g., boot up a bitcoin mining cluster (though this particular idea would obviously yield low return since it would be running on off the shelf hardware)

The PaaS front is of particular interest. For example, it's not immediately evident that Heroku even offers anything similar, beyond a small free tier available to anyone.

This would only benefit YC startups who already use Azure. (Unless the switching cost from AWS/Rackspace/Google is low enough nowadays.)

Professionally, for simplicity I'd choose Rackspace or Google. For Scalability and price I'd choose Amazon. For personal projects I love Digital Ocean.

I dislike Azure's control panel and VM setup, and find their VMs slow. I'd only really consider them if I planned to implement a project that required leveraging the entirety of the Microsoft technology stack.

I can't see technology companies embracing Virtual Windows Server RTs and MSSQL Servers. Startups enjoy technologies that are easy to manage and scale with smaller teams. Enterprise level companies still need inhouse dedicated hardware for security.

Azure is kind of an oddball in the virtual hosting space.

Is this sentence constructed poorly or did a private comment slip in?

With a move like this Microsoft becomes THE Linux company as the millions of non-tech and tech businesses who are Windows based migrate to Quantum over time. They could make the underlying souped-up Linux OS FOSS and sell the Quantum OS layer (or whatever works).

I am thinking in terms of the next 50 years, not 5. In the long term I just don't see how the existing MS model can prevail. A move like this Quantum OS concept would instantly align them with web development and provide a solid alternative to Apple on developers desktops and perhaps even Ubuntu at the server level.

https://www.youtube.com/watch?v=4F4qzPbcFiA

Does anyone actually trust cloud services in Five-eyes jurisdictions anymore? Is there a company in those jurisdictions that people could use that is more dangerous to trust than Microsoft?

1. https://en.wikipedia.org/wiki/NSAKEY

Great article. This importance of pervasive cultural factors was the key insight for me. I follow an unusual diet that happens to consist of 100% unprocessed foods. I allow myself to sleep when I'm tired. I live somewhere I can enjoy long walks and other fun exercise. I'm never late because I don't set schedules.

> In the United States, you cant go to a movie, walk through the airport or buy cough medicine without being routed through a gantlet of candy bars, salty snacks and sugar-sweetened beverages. The processed-food industry spends more than $4 billion a year tempting us to eat. How do you combat that? Discipline is a good thing, but discipline is a muscle that fatigues. Sooner or later, most people cave in to relentless temptation.

This is the trouble with following a different lifestyle; almost every aspect of it conflicts with modern culture. Buying vegetables at a store, there's tasty frozen pizza across the isle. Going out with friends, for variety and a normal social atmosphere, modern-influenced food is the only option. Walk into a gas station and there's the chips. Look at cat pics on the internet and there's pictures of beer and bacon. Everyone wants to set a schedule, out of habit if not the belief that stress increases productivity. People call to talk late at night.

Even after forming good habits, every instance of conflict with the culture requires some willpower, and socially, each requires an explanation. The only way I've succeeded is when living a more isolated lifestyle, somewhere remote. That leaves out cultural enjoyment and reinforcement.

Herbal teas, coffee and wine.

Goat's milk and honey.

Wild greens, beans, and olive oil.

Work in the fields, gathering it all.

A nap in the afternoon, and plenty of sex.

This is a recipe for a long life.

This is probably true and helps a lot. But who created the statistics? The pension system there is widely misused. People keep their death parents "alive" on paper to receive their pension for many years. It was so widespread and the loss so great in Creek (and some other EU countries) that the European Union intervened.

"Some will expect a major update to the worlds most popular protocol to be a technical masterpiece and textbook example for future students of protocol design. Some will expect that a protocol designed during the Snowden revelations will improve their privacy. Others will more cynically suspect the opposite. There may be a general assumption of "faster." Many will probably also assume it is "greener." And some of us are jaded enough to see the "2.0" and mutter "Uh-oh, Second Systems Syndrome."

The cheat sheet answers are: no, no, probably not, maybe, no and yes.

If that sounds underwhelming, its because it is.

HTTP/2.0 is not a technical masterpiece. It has layering violations, inconsistencies, needless complexity, bad compromises, misses a lot of ripe opportunities, etc. I would flunk students in my (hypothetical) protocol design class if they submitted it. HTTP/2.0 also does not improve your privacy. Wrapping HTTP/2.0 in SSL/TLS may or may not improve your privacy, as would wrapping HTTP/1.1 or any other protocol in SSL/TLS. But HTTP/2.0 itself does nothing to improve your privacy. This is almost triply ironic, because the major drags on HTTP are the cookies, which are such a major privacy problem, that the EU has legislated a notice requirement for them. HTTP/2.0 could have done away with cookies, replacing them instead with a client controlled session identifier. That would put users squarely in charge of when they want to be tracked and when they don't want toa major improvement in privacy. It would also save bandwidth and packets. But the proposed protocol does not do this.

[He goes on to tear a strip off the IETF and the politics behind HTTP/2.0 ...]

Another better way would have been keep SPDY, as there is usefulness there, separate and then on HTTP/2, to incrementally get there, and use an iteration of something like AS2/EDIINT (https://tools.ietf.org/html/rfc4130) which does encryption, compression and digital signatures on top of existing HTTP (HTTPS is usable as current but not required as it uses best compression/encryption currently available that the server supports). This standard still adheres to everything HTTP and hypertext transfer based and does not become a binary file format but relies on baked in MIME.

An iteration of that would have been better for interoperability, secure and fast. I have implemented it directly previously from RFC for an EDI product and it is used for sending all financial EDI/documents for all of the largest companies in the world Wal-mart, Target, DoD as well as most small and medium businesses with inventory. There are even existing interoperability testing centers setup for testing out and certifying products that do this so that the standard works for all vendors and customers. An iteration of this would have fit in as easily and been more flexible on the secure, compression and encryption side, and all over HTTP if you want as it encrypts the body.

Here's a list of common servers support for SPDY/HTTP2: https://istlsfastyet.com/#server-performance

On a serious note: it's nice to see ALNP being used in HTTP/2

I found the answer from their blog:

"Part of the service CloudFlare provides is being on top of the latest advances in Internet and web technologies. We've stayed on top of SPDY and will continue to roll out updates as the protocol evolves (and we'll support HTTP/2 just as soon as it is practical)."

Am I missing something? Do some people have so many cookies that this makes a difference or something?

As engineers, the ones that take simple concepts and add complexity, those are not engineers, those are meddlers.

It could be as long lived as XHTML.

I was hoping for more SCTP rather than a bunch of cludge on top of what is a pretty beautiful protocol in HTTP 1.1. Protocol designers of the past seemed to have a better long view mixed with simplicity focused on interoperability that you like to see from engineers.

Please.

Downvoters: although I don't usually do this, I'd ask you to enter into a discussion with me instead of just hitting the down arrow. Do you honestly think my discussion is worth being silenced?

Here's the current implementation: http://opensource.apple.com/source/Libc/Libc-1044.1.2/gen/Fr...

http://linux.die.net/man/3/wordexp

wordexp, wordfree - perform word expansion like a posix-shell

So, the implementer decided to take the short route, and just spawn a shell which, essentially, gets passed the input data to wordexp(), to do the work. But, of course, having something that starts with such a comment...

/* XXX this is _not_ designed to be fast (...) wordexp is also rife with security "challenges", unless you pass it WRDE_NOCMD it must support subshell expansion, and even if you don't beause it has to support so much of the standard shell (all the odd little variable expansion options for example) it is hard to do without a subshell). It is probably just plan a Bad Idea to call in anything setuid, or executing remotely. */

...in your standard C library wasn't such a smart idea to start with. Scroll down, there are many more gems in the comments!

Sometimes it's better to just implement it as

        void wordexp() {                fprintf(stderr,"wordexp() is a security nightmare. Not implemented.\n");                assert(0);        }

(EDIT: typos)

    [ $# -gt 0 ] && export IFS="$1";/usr/lib/system/wordexp-helper

Also, that code seems to be from 2008 (or at least that's the latest year in the copyright header) despite the commit being from 2012. Does anyone know if this has been updated? Inserting a NUL byte between each word, and at the end doesn't sound like it requires Perl...

Piston, the project that's backing Hematite, is very interesting in that it's an attempt to explore idiomatic approaches to game engine design in Rust. I'm not sure how many game developers will value Rust's memory safety over C++'s sheer flexibility and mature tooling, but I commend the Piston developers for taking a chance on a new and unproven language!

EDIT: If you'd like to take a closer look at game development in Rust, be aware that there exist dedicated communities for this on reddit ( http://www.reddit.com/r/rust_gamedev ) and IRC ( http://client01.chat.mibbit.com/?server=irc.mozilla.org&chan... , a.k.a. #rust-gamdev on irc.mozilla.org).

https://news.ycombinator.com/item?id=8610459

I've been thinking lately of where I would like to live for most of my late twenties and early thirties. I'm definitely a bit of a loner, but at the same time, I like living as part of a close-knit community. I wish I could find a little "tribe" of self-directed folks roughly my age in an old, creaky house somewhere in the mountains... or on a remote island... or in a forest, or something. Just people working on their projects, tending to their garden, raising some chickens (or maybe some kids), enjoying the fresh air, and mostly living away from the rest of society. An art commune for the 21st century, I guess.

Unfortunately, if such a place exists, I doubt it has a website, and I especially doubt they'd take in strays. Guess I'd have to organize it myself. It's too bad I don't know anyone else who'd want to live like this. (And even if I did, who knows if we'd get along?)

Maybe I'll just go and become a hermit.

It's a bit of a minefield, and I only know the warnings that legal/HR tell managers :-)

Edit: to clarify/simplify

Turkey is an amazing place to work and live, there's an incredibly vibrant hacker community, and the people are some of the most welcoming in the world (especially if you're a visitor). Istanbul rents on the European side can run pretty high, but on the Asian side (and with the way the exchange rate is going these days), I think you'd be remiss to leave it out.

If not Istanbul, Ankara has a bunch of universities and rents are considerably cheaper. Bodrum, too, has relatively low rents and absolutely amazing natural beauty. Ok, enough ranting...

Seriously cool concept, though. I look forward to seeing where you take it!

Standardized rooms all over the world, run as a network of independent providers adhering to the international code of practice, advertised and paid for on AirBNB (because we already have hassle free hotel check in experience, why build another one).

... and stuffed with IKEA furniture we all know and love :)

I also found Coconat [1] on HN, and got in touch with them over email. Hopefully my wife and I will be visiting them when they open in July.

[1]: http://coconat-space.com/

BUT WHY OH WHY THE SCROLL HIJACKING?

I can't speak for NY, but in London, you could get a nice room in a shared flat for 890 GBP (=1356 USD) on the edge of first zone, so the commute (monthly Underground ticket for zones 1&2) would be a much more reasonable 130 GBP (=200 USD), far from 698 USD as listed on the site.

What should they do to make me really happy? Be able to invest some sum of money (or an existing property?) and enjoy a lifetime of co-living (they need much more destinations, of course). This can be a nice mode of rapid growth, property in exchange to co-living promise.

The inclusion of a moped or shared vehicle in each location would seal the deal for me.

$1,600 is more than a little pricey....

3g Internet in Portugal is a little bit expensive. Not too bad -- about 2 euro a Gig. 500 euros a month will get you a nice place. Not sure about how long a lease you'd need to sign.

Mexico City. Why on earth would you want to go to Mexico City?

As an aside I can't understand why, as a first step, co-working spaces in different locations haven't partnered up to offer this to people looking to move around and sort out their own accommodation. Having the availability of, say, Regus offices, with the entrepreneurship and tech focus found in current co-working spaces would be a huge plus.

- Are there more locations that are considered?

- Is this meant to grow with demand, or be limited to a few first-come/first-served offering?

- It's not clear to me (maybe I misread) what happens when I move to another country. Am I holding a lock on the rooms everywhere, or am I allocated a room on request?

I work remote, and currently in school but once done, I totally want to start moving around the world for periods of times. Q1 2016 is about when that should start happening.

Why did you choose Ubud instead of other places in Bali?

On the global map, Mexico City is linked to SF, NY, and Bogot, while the text description says: "SF, NY or Caribbean for a day".

Any ideas how that will play out?

I guess I'm just spoiled by the relative safety of the US.

This is a dumb quote. What it describes in terrorists is what the rest of the article describes in general. If a terrorist deserts, he is a coward (to the rest of his compatriots).

I guess compiling lazy functional languages was synthesis at one point, too, before people really figured out how to do that efficiently via eg the tagless spineless g-machine.

I wonder whether synthesis is like AI: whenever we understand how to do something, like play chess, it's no longer AI.

EDIT: Comments on the site delve into that very topic.

I'm aware the author is a professor of CS, but this is a statement I always see people originally trained as programmers claim, and as a mathematician and a programmer I respectfully disagree.

Mathematics does what you define it to do, and if you can communicate your idea to another person it doesn't matter whether you "mutated" a variable or not. Likewise, you could say that there's no such thing as mutation in programs because the value of a variable in a language that supports mutation depends implicitly on time; you just don't express that in the source code. It's a matter of perspective, and more perspectives are often better than fewer. In math if you want to index a variable to have "pretend mutation" to avoid confusion you can, but there's no rule about it. If you feel the best way to communicate that idea is with mutation, then that doesn't stop it from being mathematics.

    public Node(SortedSet<T> left, T element, SortedSet<T> right) {      this.left = left ;      this.right = right ;      this.element = element ;

A graph is defined mathematically G = {V, E}. A single vertex with no edges is a graph. A set of vertices with no edges is also a graph. These may or may not be interesting, but edges are dependent on vertices. The converse is not true.

This example with Node(value, left, right) is standard object oriented fair. It's worse than Car(model, manufacturer, color, year). The Car simplifies something complex. Node(value, left, right) makes something simple more complicated. It's an implementation not an abstraction.

For Go and Rust, this subject has been discussed.[1][2] In both cases, the participants in the discussion got tangled up with how slicing syntax would interact with multidimensional arrays, and ended up doing nothing.

The number-crunching community is mostly using Matlab/Octave, and Python with NumPy.

[1] https://groups.google.com/forum/#!searchin/golang-nuts/Multi...

[2] http://internals.rust-lang.org/t/difficulty-with-rfc-439-and...

http://monsieurcactus.github.io/circles/122514-Lima%C3%A7ons...

(I do understand why'd they regex for bad names since at one point Apple publicly showed who was enqueued for support, but not very helpful to tell someone their last name isn't good when they already need help! Not trying to be sensational, but they could have just flagged it for human review to see if the name was an obvious joke, or better yet, not display names publicly)

Edit: https://discussions.apple.com/thread/1491462

Google+ had similar problems, if I remember right, and they ultimately solved the problem by getting rid of the real name policy entirely.

That's an odd phrasing for something that should be very easy to verify.

It seems like a lot of hassle to try and automatically enforce an obviously difficult problem with little upside. Human behaviors, try as we might, are never going to conform to rigorous standards. :)

I don't fully understand the compact tree proposed here. I used balanced red-black trees, and others have suggested tries since the element size is fixed (160-bit address, or 256-bit tx hashes). I think you're basically proposing a trie. It would be possible to make invalid addresses that incur the worst-case cost to check (00001, 00002, 00010, 00020, and so on) but this is maybe splitting hairs.

Anyway, this is awesome to use Coq for formal verification of cryptocurrency components. We need way more of this.

[1] http://www.cs.umd.edu/~amiller/gpads/

As the author states, lightweight ledgers are well suited to proof of stake. I'm working on such a crypto 2.0 that also uses the Python VM for smart contracts and is multichain scalable with cross-chain contracts.

See Qointum: https://qointum.com

I wrote the 'init' feature for nimble - it's so awesome to see it being used!

http://howistart.org/

You'll find a sampling of Go, Erlang, Haskell and a few others.

Here is the repo: https://github.com/howistart

And of course many thanks for Tristan for curating it!

No, it doesn't. Just like every other neoliberal economy out there, since when has China's government started caring about the consumers?

The Chinese government is "punishing" Qualcomm for monopoly, yes, but it has nothing to do with the consumers.

"fueling concern that the country -- the worlds second-largest economy -- is using such inquiries to boost its native enterprises."

No shit. Look at all the local clones/"competitors" that have started doing very well after the original companies have been eliminated from the market (Google, Dropbox, just to name two obvious cases).

It's all about lobbying, the kind that you don't find in public records - i.e. bribing and corruption.

And then immediately follow with "While the percentage being charged is similar, the value of the handsets -- used as the basis for the calculation -- will be assessed at 65 percent of the devices total price for phones sold in China, Qualcomm said."

If read right, that means Qualcomm is forced to effectively discount licensing fees in China based on this decision, meaning the Chinese government has engaged in a bit of price-fixing relative to the rest of the world on the patent fees.

But Qualcomm refused to withdraw those claims. Just to be nasty. So I don't feel sorry for them.

I don't know how China defines a monopoly relative to the U.S. definition, but Qualcomm seems like a natural candidate.

Wow, is that a common tactic? No wonder antitrust was on them.

It is starting to really annoy me when powerful countries like China and my country, tha USA, throw their weight up against companies just doing business. This article is about one example with China, and my personal pet peeve is the USA under FICA laws brutalizing (sometimes small) banks in developing countries for not keeping up with the paperwork demanded by the empire.

It seems to me that the world needs an effective way for small countries to not get rolled over, including unfair patent portfolio attacks. If this article was about a small developing country vs. Qualcomm my reaction would be different.

EDIT: Yes slightly off topic but Vuforia is owned by Qualcomm and recently surprised all SDK developers with the bait and switch to licensing from free for commercial. But it has happened so drastically that there is no way to find out what it costs, "contact sales" is the answer but no response from them yet. It was very rushed see here: https://developer.vuforia.com/forum/vuforia-40-beta/prices-a... This is a good example of how not to introduce pay commercial licensing on something that used to be free.

I've not sampled the connections available to government officials, but until Cuba gets a huge overhaul (read, installation) of a proper internet infrastructure, and peering to multiple countries, they won't be able to make use of this.

- Average monthly wage in Cuba is $17

- 2.8m people with access to internet (26%)

- 3.3m people with computer access (31%) "at home, work or school"

- "A modest computer with a monitor costs $722 in Cuban stores, and at least $550 on the black market", so I suspect more at work/school than at home

- "The country has 53 broadband internet accounts today"

[1] http://www.theguardian.com/world/2015/feb/09/netflix-launche...

Considering the extremely little bandwidth they have, a homebrew wireless 'cable' from Florida or Mexico would be a game changer for Cuba.

Wait, what?

U.S. ???

So, the price was not based on fundamentals of the business, but rather buzz, hype, and tactics like restricting the number of shares. The common stock price has since risen but it's now running a P/E ratio of 135 (1).

Who is getting the short end of the stick when reality kicks in? Mom and pop investors? Mutual funds and pensions?

Also, what's with the "bootstrap" banner at the top of the page? Grubhub took $84 million in funding (2).

1. http://research.investors.com/quotes/nyse-grubhub-inc-grub.h...

2. https://www.crunchbase.com/organization/grubhub

Sell calls at the price you want to sell for the month that the lockup expires. If your shares get called away you got the price you wanted and some premium. However, you miss out on a huge gain if it goes far beyond your call level. Also, if the stock tanks in that time you keep your now less valuable shares but you got some premium.

So, after selling calls you can take that money you made from the premium and buy puts with it at around the same price. You've created a spread here and have locked in a selling price and gave yourself some downside insurance - all for very little cost to you over all since the covered call premium paid for most, if not all of your puts. Your only risk now is that the stock goes through the roof and you miss out on some upside - but that makes sense as you've eliminated risk for very little out of pocket cost. So maybe you do this on 1/2 or 2/3 of your position or whatever you're comfortable with.

Of course the difficulty is if you have a ton of stock and the option market for your company isn't very large and therefore illiquid.

One question that came after reading:

    The underwriter wont move forward unless they get a very    high percentage (99-100%) of employees/shareholders to sign    a lock-up.

Any more supervision? Did the way development and deployments work change? I can imagine when you're publicly traded the higher ups might suddenly care much more about being on the safe side of things and try to enforce stricter rules.

[1] http://en.wikipedia.org/wiki/Sokoban

Now, when there are rocks, stumps or trees within the area things get more interesting, depending on your tolerance for having to sharpen the blades...

at least in CA (and majority of other states) the requirement is only 1 year of post-med-school training:

http://www.mbc.ca.gov/Applicants/Physicians_and_Surgeons/

" How much training must I complete before I am eligible for licensure?

A US/Can must complete 12 continuous months of training in a single program to be eligible for licensure. Further, a US/Can must be licensed by the end of the 24th month of training. "

So going into 3rd year of residency one must already be licensed.

The rest of states:

http://www.fsmb.org/policy/public-resources/state_specific

Note: That is not to dismiss the importance of residency. As one can see from the above, its importance goes way beyond of just getting the license.

Used to be the student would put on his/her list the residencies in order of priority, and so would the institutions rank the candidates. Let the matching begin!

A thing to note is that not all residencies were in the mix and there were always a good number of students who weren't selected or maybe didn't even participate. That left room for students to find vacancies to fill.

AFAIK there weren't any students who couldn't get into a residency somewhere even if not among their top choices. Besides by the end of the first year of training there were always plenty of residents shifting to other programs so "holes" migrated around to an extent.

Chances are the situation is not at all dire for the current crop of graduating medical students. It tends to all work out.

1) Students need a residency to become a Doctor.2) Residencies are funded by congress.3) More doctors -> cheaper healthcare

So why don't we fund more residencies? And why is the government the one funding them?

I don't think the "matchmaking algorithm" in the blog post actually matches the colloquial meaning of the word "Algorithm".

The name likely hearkens back to the Robert Louis Stevenson (edit: Robert, not Robery) story of the same name in which (minor spoiler warning) a group gathers regularly composed of men who want to end their lives but lack the minerals to do it, so they arrange murders based on the deal of a deck of cards. Really wonderful story, really, part of his "New Arabian Nights," which you can find online here:

http://www.gutenberg.org/ebooks/839

"The "leave no trace" mantra of Burning Man was borrowed from the Suicide Club and the philosophy of Warne."

That's really cool to learn exactly where the LNT philosophy came from. I suppose something like it would have been established eventually but that idea is a core part of Burning Man and in burner lifestyles in general.

http://www.nonsensenyc.com/about/

There's usually a handful of interesting events going on around the city and will often lead you to strange new places (in a good way).

Srsly, this is fascinating and sounds like a lot of fun.

https://www.youtube.com/watch?v=L-XWl9x13PU

here is the usual sessionhttps://www.youtube.com/watch?v=L-XWl9x13PU

every time i started that game because people around me said it was fun, it reminded me of the "typical novice's session with ed" after a while.

http://c2.com/cgi/wiki?EdIsTheStandardTextEditor

     Let's look at a typical novice's session with the mighty ed:  golem> ed  ?  help  ?  ?  ?  quit  ?  exit  ?  bye  ?  hello?   ?  eat flaming death  ?  ^C  ?  ^C  ?  ^D  ?

If memory serves, I was playing it on thermal printer that eventually became the TI "Silent 700" series.

I believe the program was written in what was called "Super Fortran" at the time.

It was a great deal of fun.

[1] http://www.digibarn.com/collections/systems/ti-tymshare-100/...

A friend modded a version to automatically fire photon torpedoes when you entered a sector with Klingons. It calc'd the trajectory so it never missed.

Of course the downside was the blow back if you shot one right next to you. Or if there was a star in the way. Or there were >3 Klingons that would hammer you while the computer is cycling through the auto firing sequence.

A true Star Trek fan would know this violates the Treaty of Algeron: http://en.memory-alpha.org/wiki/Treaty_of_Algeron

https://medium.com/@harper/crowdsourcing-isnt-broken-5681da9...

Which is more efficient Corporations or crowd sourcing? Perhaps the sweet-spot is somewhere in the middle. Just add some rules and structure for vetting the players or distinguishing the saboteurs and maybe it might work!

But wily humans are good at finding their way around even the most secure digital systems."

/me eyes HN's karma system suspiciously...

Interesting, and a good story, but it hardly invalidates the concept of crowdsourcing.

If people can reenforce matches, and people who match alike are probable to see the same board, then the trolls will most match the other trolls and be invisible to the serious competitors?

I've played with collaborative filtering for sites like HN and I wonder if the same approach might sort trolls from the serious in these kinds of things?

http://williamedwardscoder.tumblr.com/post/15581427232/self-... <- my blog on collaborative filtering and trolls

After experiencing what OOP is really all about, an interactive environment with live objects sending messages to each other, readily available to be inspected and manipulated [0], I find it a drag to go back to Python and Clojure (less so) on my day job.

I now feel like every other OOP implementation (without the live environment) is just a horrific bastardized version of Smalltalk.

[0] http://simberon.blogspot.nl/2013/01/swimming-with-fish.html

[0] http://book.seaside.st/book

Edit: Actually, I guess some of the things done in Seaside are now more common, such as building up a webapp from reusable components that have code and some local state coupled with a view.

As a father, I loved that I didn't feel like a fraud as I could easily help him dig around and answer just about any question on what's really going on.

It ruined things for me, most everyday tools and languages look messy and inelegant next to Smalltalk.

I am mostly programming my current passion project in Clojure and Clojurescript, but, I shadow my project with a version in Pharo. I love the environment for experimenting and the visibility to what is going on in a computation is a refreshing change from trying to figure out when something goes wrong in my Clojurescript code.

Nice use case for IPv6.

"VIDIOC_STREAMON: Invalid argument libv4l2: error turning on stream: Invalid argument

Can't seem to get it to work trying anything on github etc and want to get enough around to file a real issue.

sudo apt-get install libncurses5-dev

I like it.

One request - what's the bitrate? (I know it's probably possible to measure in 1 line of shell)

I remember watching the world cup on an ASCII terminal

:)

Can someone explain the following:

   for file in ./* ; do        # Prefix with "./*", NEVER begin with bare "*"     if [ -e "$file" ] ; then  # Make sure it isn't an empty match

  cat -- *

2. What's the -e check for? It says "an empty match" -e means that the file exists, but * would only return files that exist, so -e must (with some caveats) be true. (The caveat being that there's a race condition between the globbing and the test, but with the added test, there's _still_ a race condition between the glob, the test, and the command execution. Are we just attempting to minimize the amount of race-condition by testing?)

In the case of the first example he shows, the cat -n problem, you can do the following in zsh to expand the results of the wildcard globbing automatically:

    cat *(:A)

    cat *(.:A)

    cat **/*(.:A)

Remember to test your patterns with a print statement first:

    print -l **/*(.:A)

[1] on my BSD system, many internal Tcl commands honor this convention. Damned if I can find a section 1 shell command that uses the convention, but I'm sure I've seen them.

[2] my version of cat doesn't have a -- flag, so my example is contrived; not sure if GNU cat differs.

EDIT: typo, perl(1) supports "--". See perlrun(1) for details.

With human-manageable strings comes ambiguities, especially in concatenative situations like commandline expansion and SQL injection susceptible code.

There's really no good universal solution. Judiciously adding explicit boilerplate as the article describes, or using less open-ended syntax which ends up adding common syntactic overhead as well, are both more painful to the user in common cases.

  import shutil

We tried using the "tradeoff Analytics" service for the project - and I must say , the tools and help available around it, the API and its documentation is pretty bad , convoluted and unusable. This is true too other services available through watson too.

We looked into IoT ( Internet of things ) as well . And once again , ran into a ton of dead ends without being able to proceed. The API documentation and examples just suck . If you are used to playing around with well documented APIs / Tools / Languages - this is going to be frustrating.

If the OP is the person who actually wrote the article , please please please go back to Watson Dev Cloud or BlueMix and try it out your services and APIs an a consumer.

Are there plans to open up parts of the older voice technology and contribute it e.g. to CMU Sphinx?

Speech to Text: https://speech-to-text-demo.mybluemix.net

Text to Speech: http://text-to-speech-demo.mybluemix.net

http://www.msnbc.com/msnbc/how-supercomputer-sees-the-state-...

What the folks @ MSNBC did was to pass the last 10 SOTU speeches to Watson and collate the results over a graph.

But, Here is why I have trouble believing Watson's perception. Try passing the following input to Watson - (or any other gibberish)

"jkldsjglkfdsjgdfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj df gfgdflg;dfg g;fkgljsdfgk;gjldfg dgkjldfgdhfgkjdfhjgfkldskf;ksdlf;ksdlfks jkdhfkhsdjkfhksdhj ljfsdjfhdsjkfjskdhfkjsdhfsdfkls;dkfl; dkfl;sd;fsk roweruoweuroiweuroiwe uweoruweoruweo ruweuro kjgsfgjkldfsjgsklfgjfdsl gjfdlkg fd jkldsjglkfdsjgdfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj df gfgdflg;dfg g;fkgljsdfg kjgsfgjkldfsjgs klfgjfdslgjfdlkg fdjkldsjglkfdsjgdfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj df gfgdflg;dfgg;fkgljsdfg kjgsfgjkldfsjgs klfgjfdsl gjfdlkg fd jkldsjg lkfdsjgdfls kg;jsf g dsfg fdg jsdfjg dfskg dfsgj df gfgd flg;dfg g;fkglj sdfgkjgs fgjk ldfsj gs klfgjfds lgjfdlkg fd jkldsjg lkfdsjgdfls kg;jsf g dsfg fdg jsdfjg dfskg fsgj df gf gdflg;dfg g;fkglj sdfg kjgsfgjkldfsjgs klfgjfd slgjfdlkg fd jkldsjglk fdsjgdfls kg;jsf g dsfgfdg jsdfjgdf skg fsgj df gfgdflg;dfg g;fkgl jsdfg kjgsfgjk ldfsjgsklfgjfdslgjfdlkg fd jkldsjg lkfdsj dfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj f gfgd flg;dfg g;fkgljsdfg kjgsfgjkldfsjgs

fkldskf;ksdlf;ksdlfks jkdhfkhsdjkfhksdhj ljfsdjfhdsjkfjskdhfkjsdhfsdfkls;dkfl; dkfl;sd;fsk roweruoweuroiweuroiwe uweoruweoruweo ruweuro kjgsfgjkldfsjgsklfgjfdsl gjfdlkg fd jkldsjglkfdsjgdfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj df gfgdflg;dfg g;fkgljsdfg kjgsfgjkldfsjgs klfgjfdslgjfdlkg fdjkldsjglkfdsjgdfls kg;jsf g dsfg fdg jsdfjgdfskg dfsgj df gfgdflg;dfgg;fkgljsdfg kjgsfgjkldfsjgs klfgjfdsl gjfdlkg fd jkldsjg lkfdsjgdfls kg;jsf g dsfg fdg jsdfjg dfskg dfsgj df gfgd flg;dfg g;fkglj sdfgkjgs fgjk ldfsj gs klfgjfds lgjfdlkg fd jkldsjg lkfdsjgdfls kg;jsf g dsfg fdg jsdfjg dfskg fsgj df gf gdflg;dfg g;fkglj sdfg kjgsfgjkldfsjgs klfgjfd slgjfdlkg fd jkldsjglk fdsjgdfls kg;jsf g dsfgfdg jsdfjgdf skg fsgj df gfgdflg;dfg g;fkgl jsdfg kjgsfgjk ....

=====

And Watson rates it as the following.

Big 5

Openness100%Adventurousness100%Artistic interests2%Emotionality1%Imagination100%Intellect100%Authority-challenging100%Conscientiousness93%Achievement striving94%Cautiousness57%Dutifulness1%Orderliness1%Self-discipline81%Self-efficacy3%Extraversion1%Activity level1%Assertiveness1%Cheerfulness1%Excitement-seeking2%Outgoing1%Gregariousness1%Agreeableness1%Altruism1%Cooperation1%Modesty1%Uncompromising1%Sympathy1%Trust1%Emotional range11%Fiery1%Prone to worry10%Melancholy34%Immoderation24%Self-consciousness6%Susceptible to stress9%

Needs

Challenge61%Closeness84%Curiosity51%Excitement66%Harmony65%Ideal54%Liberty75%Love23%Practicality86%Self-expression25%Stability60%Structure57%

Values

Conservation78%Openness to change5%Hedonism15%Self-enhancement76%Self-transcendence11%

========

Its plain gibberish , and you still get some results. I tried passing other text transliterated to English and Watson still gives results like this. I would expect it to atleast call it out as gibberish-text.

"Disliked" is certainly an understatement.

It's interesting though, in all of the coverage of Intellectual Ventures nefarious court adventures I've never heard it reported that they started out as a patent defense fund. Is that really true?

There's so much prior art (procmail, sendmail, cc:Mail, UseNet, routing tables, and probably plenty more) I don't see how this patent could survive a challenge.

I'm having trouble reconciling $299 million with these patents, which appear to be gigantically obvious. The second patent, US6073142 A, appears to basically be a description of procmail circa 1990. I challenge anyone to figure out where the $299+ million idea was.

Can this algorithm be run in reverse, to generate an image from the network? That's been done with one of the other deep neural net classifiers. "School bus" came out as a yellow blob with horizontal black lines.

An interesting question is whether there's a bias in the data set because humans composed the pictures, and humans like to take pictures of certain things. (Cats are probably over-represented.) Images taken by humans tend to have a primary subject, and that subject is usually roughly centered in the images. It might be useful to test against a data set taken from Google StreetView images, which lack such a composition bias.