

DuckDuckGo Goodies - heliumcraft
https://duckduckgo.com/goodies#Cryptography

======
null_ptr
It looks like a a bunch of the goodies are user-made. I had no idea DuckDuckGo
was so open to developers [1], what a nice surprise!

[1] [http://duckduckhack.com/](http://duckduckhack.com/)

~~~
cinquemb
As long as it doesn't supposedly conflict with their core values[0]… because
you know your search engine should censor such things that don't conform to
your world view ;)

[0][https://github.com/duckduckgo/zeroclickinfo-
spice/pull/100](https://github.com/duckduckgo/zeroclickinfo-spice/pull/100)

~~~
cheapsteak
That website allows people to create profiles for other people _without their
consent_, then allows the person's attractiveness, friendliness, _goodness_ to
be publicly rated/smeared.

And you wanted all that data to be displayed when a person's name is searched
for?

And when the people at DDG decided not to pull in your plugin you're calling
it censorship?

I have no words

~~~
cinquemb
For someone with no words, you sure do have alot to say.

Go on, tell us more about how you don't like x behavoir that people enage in
everyday with or without the aid of technology? Ever comment on somone without
their consent, even if there may be some truth to it or not in an
unaccountable fashion? Ever upload a photo to a social network without asking
all possible parties if that was ok? Did you give the ok for mass surveillance
by corperations and governments and the secret profiles they compile and
leverage in private?

DDG has every right to not want to allow x for their platform, but let's not
pretend that them making that decision is going to make things just go away,
especially just because one may or not like x. Not all of us can create The
Names Database, cash out for $10m and try to sell privacy as a service through
a search engine and ignore the elephant in the room.

------
tytso
Um, I'm sure the NSA would be happy to implement a strong password generator
if you asked nicely. Seriously, if we aren't willing to trust the NSA to
generate strong passwords for us, is it really a good idea to trust DDG (or
any remote web service) to generate a strong password?

~~~
_zekiel
We open sourced our instant answers platform a couple years ago, in the hope
to get more eyeballs on them (for quality and quantity):
[http://duckduckhack.com/](http://duckduckhack.com/) It might not address your
point but any underlying flaws (randomness, etc) can be caught/fixed by the
community.

~~~
ucarion
Sounds like that still requires that we trust DDG to be actually using the
code in its git repo.

~~~
andreasvc
Yes, just like you're trusting the gazillion lines of code running on your own
computer. No one is able to audit all of them in their lifetime.

~~~
skj
Giving the benefit of the doubt to the gazillion lines of code running on your
computer, that you and several million other people downloaded from the same
place, with verified SHA sums, is actually pretty reasonable. If you're truly
paranoid, all you have to do to ensure that you're benefiting from crowd-
sourced verification is verify the SHA sum code.

Stuff running on some website that only the web site admins can see is not in
the same ballpark.

~~~
andreasvc
Where you download it from and SHA only gives guarantees about integrity of
the data transfer. I am talking about trusting that the code does what it is
supposed to do. Bugs can hide in code for years, whether inserted accidentally
or intentionally, as the Heartbleed episode demonstrates. SHA does absolutely
nothing against this.

~~~
skj
I'm addressing malice, not oversight. The SHA allows you to be confident that
you've got the same code as everyone else.

~~~
andreasvc
I was addressing malice as well. Having the same code is no guarantee that it
does not contain an intentional bug that can be exploited. Neither is knowing
that it came from some specific entitity (code signing), because again this
presupposes establishing trust. There is no technical solution to trust.

~~~
skj
But if the code you have is the same as the code millions of other people
have, it's safer to give it the benefit of the doubt than a single server than
only a handful of people have access to.

~~~
andreasvc
I just gave you an example where it turned out not to be safer: Heartbleed.
Malicious bugs can be well hidden, also in open source code. The openness
shouldn't give you a false sense of security, because it doesn't imply the
code has been audited any better than some closed source code.

~~~
skj
I disagree that heartbleed is an example of not being safer. If everyone's SSL
was a closed-source library, then we would be considerably less safe.

But to carry the analogy to a closed-source web site that you just connect to,
as is the topic of this comment thread, we'd certainly be less safe if we
routed all SSL traffic through an unknown system on the web that had the
opportunity to decrypt and encrypt.

------
JoshTriplett
I often find myself guessing at some of the DDG goodies or !bang searches, and
more often than not the thing I want already exists.

I wish the !bang searches in particular were more discoverable, though.
Perhaps if you search for "foo site:bar", or "foo bar" where bar is a well-
known site or service, DDG should suggest 'Try "foo !bar" or "!bar foo" to
...".

~~~
a3n
I too have had trouble finding where the bang codes are.

I think the easiest is this: Go to the ddg home page, click on the drop down
to the right of the search field, and at the bottom of that is "By category
(!bang)"

Click that and you'll go to
[https://duckduckgo.com/bang.html](https://duckduckgo.com/bang.html)

Or you could just remember duckduckgo.com/bang :)

~~~
Spittie
Or just search !bang :)

------
navpatel
How did the pass up on the opportunity to call this DuckDuckGoodies?

~~~
genericuser
They are calling it DuckDuckGoodies if you click through to the page.

(I admittedly can't be certain they were an hour ago when you asked.)

------
tantalor
I made one of these about 2 years ago. It displays the descriptions of UN
numbers, those little codes you see on trucks transporting nasty chemicals.

[https://duckduckgo.com/?q=UN+1993](https://duckduckgo.com/?q=UN+1993)

Perl module: [https://github.com/tantalor/perl-Number-
UN](https://github.com/tantalor/perl-Number-UN)

DDG module: [https://github.com/duckduckgo/zeroclickinfo-
goodies/blob/mas...](https://github.com/duckduckgo/zeroclickinfo-
goodies/blob/master/lib/DDG/Goodie/UN.pm)

It was very nice to work with the DDG people to get this integrated.

------
svmaris
The IMDB example in the Entertainment section is showing a pretty weird result
for "Shawshank Redemption". Instead of the well known movie, the highlighted
result is an episode of a quite obscure TV series ("Dating a Puppet").

\-- Edit: I've just noticed the query goes straight to imdbapi.com, which
returns the same results when searching for "Shawshank Redemption", without
the "The" prefix. Which is still a bit weird, but has nothing to do with DDG.

~~~
_zekiel
Thanks for the heads up! We're going to update this page soon--IMDBAPI uses a
variety of sources, one of them (iirc) is OMDBAPI.com and it looks like the
error is stemming from there:
[http://www.omdbapi.com/?t=Shawshank%20Redemption](http://www.omdbapi.com/?t=Shawshank%20Redemption)

------
Geekette
Very cool. DDG should consider displaying the goodies page as default for
beginners, with choice to collapse the section in favour of the plain page if
desired. It would encourage more experimentation and additions. Suggesting it
because even a regular user like myself had no idea this page existed, much
less a newbie.

~~~
_zekiel
Duly noted! It's been relatively hard to discover so we're working on that for
the next version of DDG. Really appreciate the feedback in-favor!

~~~
mcintyre1994
FYI the sidebar scrolling doesn't work (and general layout is a bit iffy) on
Nexus 7 chrome. I wasn't going to say anything but if the audience is very
general it might be worth fixing - the new ddg works awesomely other than
that! :)

~~~
_zekiel
Gotcha! Sidebar scrolling (via flick, not tap) is still being worked on but
the other iffyness sounds iffy :) We'll give it a look.

------
fransr
Found a security issue with the Goodies (XSS at duckduckgo.com). I just posted
it through your feedback form "I found a bug", hope that reaches the right
people.

~~~
_zekiel
Thanks! Looking for it now.

~~~
fransr
Did you get it? Noticed it was still working.

------
derefr
I'm sad to see that the "hash" goodie just identifies the type of the hash.
It'd sure be nice if some web-crawler index or another would hash the
documents it crawled before throwing them away--then you could search
arbitrary web-resources by hash, the same way you can currently search images
by image-fingerprint. (And such a feature, in "I Feel Lucky" mode, would
effectively turn the entire web into a DHT.)

------
VaucGiaps
[https://duckduckgo.com/?q=unix+time+1400000000](https://duckduckgo.com/?q=unix+time+1400000000)

~~~
gabriel34
What is this? GET?

------
steve_benjamins
Awesome. An easy interface explaining each goodie.

Such a simple idea- and yet I've never seen Google figure something like this
out. I mean I'm sure it's buried somewhere in Google's technical docs, but
those docs don't qualify as easy interfaces.

Well done DuckDuckGo!

------
quotient
This is awesome. They've managed to identify many little utilities that users
need occasionally. Google has a similar set of utilities, but it is only
accessible through the search-bar, and you need to know what you're looking
for. DDG's is much easier to browse/use.

~~~
_zekiel
These come from our open source instant answers platform:
[http://duckduckhack.com/](http://duckduckhack.com/)

So, anyone can suggest or create instant answers and it works out better that
they're open source, since people who are most passionate about a topic
(movies, legos, pokemon, gardening, etc) will know the best sources for it and
the best information to display.

------
sepbot
I don't like that the generated UUID has uppercase letters.

------
kudu
Since the link links to the Cryptography section, that should be part of the
post title.

------
akennberg
Couldn't find any Bitcoin goodies. That's surprising!

~~~
rsl7
There's a new one!

[https://next.duckduckgo.com/?q=bitcoin+eur](https://next.duckduckgo.com/?q=bitcoin+eur)

------
ing33k
awesome ! can the plugins be written in any language ? or is it just perl ?

~~~
draegtun
From the DuckDuckGo Goodie FAQ:

 _What if I don 't know Perl?_

 _If you don 't know Perl, that's OK! Some instant answer types (Fathead,
Longtail) don't require the use of Perl. Also, if you know PHP, Ruby, or
Python you should be able to write a Goodie in Perl pretty easily using this
awesome cheat sheet._

ref:
[https://duck.co/duckduckhack/faq#goodie](https://duck.co/duckduckhack/faq#goodie)

So DDG Goodie plugins can only be written in Perl.

~~~
cainetighe
Goodies on the goodies page represent all of the available instant answer
types (async API calls, functions, DB full text, and DB keyword).

------
aw3c2
Page seems not to work correctly with Javascript disabled.

~~~
LukeB_UK
Nowadays you can't realistically expect to browse the internet with Javascript
disabled.

~~~
aw3c2
You have no idea how nice the majority of web is that way. Sites load fast,
they don't spawn annoying rubbish, tracking is mostly broken, cpu usage is
low, etc etc. Maybe I should write about it some day.

~~~
idlewan
Please do write about it.

I used noscript for a while in blocking everything mode, then requestpolicy
for better filtering, but got tired of having to allow stuff for most of my
browsing (now I'm on adblock privacy + ghostery + privacy badger + cookie
monster + biscuit + self-destructing cookie + smart referer).

I'd love to read about what others do and their usage, how they get around.

~~~
logn
I use NoScript but have enabled the option "Temporarily allow top-level sites
by default". That means any site I directly visit is allowed to run JS. But
any references to scripts on other domains are blocked. That makes the web
pretty usable but more secure.

