Hacker Newsnew | comments | show | ask | jobs | submit | IgorPartola's commentslogin

Could that be a honeypot to trap bots that don't respect robots.txt?


Looks more like a mop-up after a website infection incident.


I have had to do that before. The URLs in that case seemed to have a more random distribution than most of these.


maybe, but why would THAT be the honey pot? it could be any phrase, really.


Well, you'd want them to try to crawl it. Perhaps there was a bot crawling their site for such links and they wanted to identify specifically that one. It seems most likely that such URL's never existed, but this would be a decent way to identify a bot that's otherwise not distinguishable.


What about the blue?




My wife sees white/gold, I see black/blue on the same exact screen. Observations:

I did not know there was a contraveesy when first shown the image. She did. I am 100% sure I am seeing the correct image (I am since color dropper verified). She is trying to figure it out. Can this be the power of suggestion since the initial person she saw it from said gold/white?

I tried zooming in on parts of the image to show her that it was indeed black/blue. She saw the blue at high zoom but as soon as any color variation to the blue or a little of the black started to show, she said it flipped back to gold/white for her. When zoomed in on the black she cannot see it as black, and I start seeing a gold tiny to it.

She saw the decomposed color swatches and acknowledged them as black/blue.

When looking at pictures in better lighting of the supposed same dress, she sees it as black/blue.

Hypothesies: (1) this is the case of the power of suggestion. Once you are told it is a certain color you cannot unsee it.

(2) this has to do with poor quality of the image. Is the image on the cusp of some uncanny valley where most people's brains try to fill in the missing information? I say most because apparently around 70% of people see it as gold/white (Sploid poll).

(3) Maybe this has to do with some type of screen refresh rate? Would have been a lot more likely with CRT screens, but don't know if there is some tech on LCD's that can have this effect.

Someone please explain this. I am losing sleep here.


Your brain does a lot of work when you look at things. You don't perceive exactly what your eyes see. You will use context to see something one way or another. [1][2]

The dress photo is deceptive because of the exposure, levels, and cropping. When some people look at it, they see a lot of light behind it, and subconsciously assume that the dress is probably in shadow. A white-gold dress in shadow would look the way the image does, so their brain says the dress is white and gold.

When others look at the dress, they instead see a dress that is illuminated by light probably behind the photographer, or maybe an over-exposure in some other way. Either way the dress is washed-out, and a blue-black dress would look that way if it were washed out. So their brain says the dress is blue and black.

In reality the dress is blue-black, but the photograph is essentially an optical illusion. Within the context of the photograph only, both ways are valid. You can even switch the way you see it if you can get your brain to "reset" the assumptions it's making about the image. For those of you seeing white-gold, try looking at an upside-down version of the image. [3]

Here is an image that might do a better job at demonstrating what I'm trying to convey. [4]

[1] http://lesswrong.com/lw/290/blue_and_yellowtinted_choices/

[2] http://en.wikipedia.org/wiki/Checker_shadow_illusion

[3] http://s4.photobucket.com/user/ometauru/media/YNOPKWp_zpstcv...

[4] http://i.imgur.com/9N4KNLn.jpg


Or maybe different people have different strengths? Look, I like to tinker at all levels of the stack, but I know what it takes to, say, write a correct web server. I am not going to write my own unless I must (did this at least once).

Some people prefer to re-use existing code and are good at integrating existing pieces. Others are good at writing purpose built stuff from scratch quickly. And even that is spread across technologies. I can write an async task manage, but can't easily create a CSS grid system. Just don't get stuck in the "built here" or "not built here" camp and you'll be fine.


Was watching an older episode of the Nightly Show the other day and they were talking about anti vaxxers. Had a woman there from the Thinking Moms Revolution [1]. Larry asked her if someone came out with a vaccine against autism would she give that to her kids. She said she would not because she wouldn't trust it. So the problem is not autism but trust.

Another great insight from that show: this is about guilt and control. Something bad happens to your child => you feel guilty. You have the urge to do something about it, and while you cannot control lots of things, you can decide whether to vaccinate. This is similar to how people get eating disorders: food is often times the only thing they can control in their lives.

This was interesting to me because I cannot fathom how you can stare facts in the face and stubbornly disagree, putting your own child at a huge risk. This in no way excuses it, but it does highlight how someone goes from "I want my child to be well" to "I will not vaccinate".

[1] http://thinkingmomsrevolution.com/


I think knowing this it is stupid to encourage the vaccination of children under 2. Under one year olds have half of deaths and a big enough share of life threatening issues for all children under 15. Now every time they get a shot and then die/have a real issue, the mechanic of guilt and control will make parents want to find a culprit. Given that most of the life saving of vaccination doesn't come from individual but rather mass immunization it is probably not the greatest strategy nowadays to fixate so much on the immunization of babies as a strategy. Society should rather aim at getting more people immunized long term. I for one find it utterly perplexing that in Austria where I live there is no immunization strategy except immunizing babies. Grown ups have to pay for their own shots, cannot get blood levels done easily there is no information except for tick vaccination because it is paid by pharma marketing dollars. Getting vaccinated in a society with good vaccination rate is like a blood donation. There is almost zero individual benefit. Society should recognize it and make it painfully easy and beneficial to do so. I am pro vaccination but I hate how it is turned into a moral question rather then a simple numbers game it is. And yes I realize the game involves people dying but so does every single transportation decision or policy. This is no different


The 'guilt and control' phenomenon also looks like it shows up in deciding whether to leave your children at home during a quick trip out. While a road accident may be much more likely than an accident alone at home, good luck explaining that to either the parents or the law. The desire to feel in control frequently seems to be very hard to reason against.


Are you saying you leave your kids home alone while going out because you are afraid of car accidents?


I know this is a little dark, but perhaps trust and desperation are related for humans. If everyone saw tons of kids dropping dead from measles, they would feel a type of desperation to save their kid, and the amount of "trust" needed for them to get their kid vaccinated drops.


Minor point: conservatives and liberals love their guns. What they say publicly doesn't change the fact that the gun manufacturers hold huge political power in the form of the NRA over both parties, and that's not likely to change. If this was not so, we'd have an Australia-style buyout a long time ago. As is, we are stuck with monthly (or is it weekly now?) mass shootings, staggering numbers of handgun murders, and a crazy amount of police brutality simply because access to guns is easy and protected by the NRA.

To bring it back to crypto: there is a correlation between easy to obtain $TECH and use of $TECH. Currently, HTTPS is not as easy as HTTP, so its adoption is less. Let's Encrypt will change that. Currently, access to guns is easy, so their adoption and use is high. With the current political climate that will never change.


>As is, we are stuck with monthly (or is it weekly now?) mass shootings, staggering numbers of handgun murders, and a crazy amount of police brutality simply because

it's not simple, it's not all because of guns, and until you modify the 2nd amendment, there is no right of the government to remove guns from the public.

I could go on about how our homicide rate is not too far out of line with other developed countries, how many many gun deaths are self inflicted, how there are a million things that kill more people each year than guns, but this goes way off the NSA topic.

to crypto, that's been the whole discussion today with PGP, isn't it? That the reason it's not adopted is because it isn't easy.


Agreed. Discussion for a different thread. I have pretty strong views against mass availability of guns as you can tell, but one issue at a time.


don't have to modify the second ammendement, just get non-conservative judges to interpret the consitution how it was meant to be.


Why is easy access to guns a cause of police brutality?


A police office would be more likely to overreact to a situation if he/she believed a suspect carried a firearm (in fairness, for the sake of the officers own defence). In a state where guns aren't common, the police officer would feel less threatened and be less likely to overreact.


Note that police brutality is the unjustified use of excessive force, not an appropriate response to an attack or a credible threat.

Our police in the US use this excuse far too often. They don't need to believe that someone has a weapon; many treat everyone as if it were the default when that simply isn't the case.

In fairness to the victims of police violence, this has got to stop.

>In a state where guns aren't common, the police officer would feel less threatened and be less likely to overreact.

We've allowed our police to develop a culture of brutality and cheating. Taking guns from the public (assuming that's possible) might make things worse.


It's actually quite simple. PGP/GPG is the equivalent of the S in HTTPS. It's a trust model + ciphersuite + tools and libraries for using it. Would you ask your users to use TLS directly? No, you would not. Would you be surprised if the users hated using TLS directly? Nope.

What PGP/GPG actually needs is a nice UI. What's been holding it back is webmail. PGP and webmail are incompatible. Now that mobile is starting to take over people are using non-web based mail clients again and PGP becomes viable again. Imagine integrating Keybase with Mail.app. Now when you send an email to people it's automatically encrypted and verified. As you compose your message you can see that <igor@example.com> is known on Twitter as @exampleIgor and on Facebook as /exampleIgor and on HN as exir.

This is where we should be heading: building on top of the PGP protocol (and fixing the protocol where 20 year old warts are popping up, such as issues with forward secrecy).


The problem is that, on the whole, users simply don't care. They have more important things to worry about than email encryption (you know, stuff like spouse, kids, mortgage, partying, etc).

The only way I can see end-to-end crypto really being adopted is if it's turned on by default everywhere. The selling point can't be the security, because people don't care about security -- the selling point has to be something else. Anything that requires a manual adoption step is going to automatically limit itself to a very niche audience.


Which is why I proposed that UI: it works automatically. While using the system, it simply indicates to you as you compose the message "Yes, the email address you are sending mail to belongs to the person you intend to message" or "No, that email address belongs to someone else" or "This is a brand new email address." This way when you are emailing your lawyer to set up a will, or you email your accountant with your tax info, you can be sure that (a) you are emailing just the right person and (b) that only they can read the communication.

While setting up the system, you are simply required to link your identity. Twitter, Facebook, LinkedIn, GMail, HN, the government all should allow you to easily link your identity. This should be a normal part of your account creation (this can tie in nicely with another change: getting rid of passwords and using a browser UI for identifying yourself a la Persona, but PGP based). Basically when signing up for Twitter, it should optionally let you upload one of your public keys (via a nice browser UI no less). Twitter (Facebook, GMail, etc.) would then expose a nice API for querying by public key fingerprint: "Who has 0xDEADBEEF?" => "@DeadBeef". Revocation, key updates, all that should be automatic: you revoke your public key and issue a replacement, all your services update automatically.

This is the point where lots of people will raise concerns about privacy: "This means Twitter now must have access to my GMail account! WTF?!". No. This process must be voluntary and optional. If you want to have 200 different identities online, go for it. I don't care to know your real name, I just care to know that I am talking only to the person I intend to talk to. Think emailing a well known developer on GitHub, having never met them. You don't need their real name, you are only interested in them in so far as they publish OSS on GitHub. This allows you to prove that github.com/example is @example on Twitter, example@example.com, example@gmail.com, and HN user "example".

And the benefit to "regular Joe" is that when he emails his accountant, he can now send his credit card number and SSN without fear of eavesdropping.


It has been long established that using Twisted's web capabilities is a bad idea. It has been broken from the usability point of view for a very long time and I don't think it will ever be fixed. Without reciting the entire history, Tornado got a lot of crap for not just fixing what Twisted had going on, but creating a new framework from scratch. Having worked with both, I see why they did it.

Basically, if you have a bad experience with Twisted + web, you are very much not alone but the fault is with Twisted, not Python. Here's how I break it down:

If you need async networking at the TCP or UDP level, use Twisted.

If you want a web application, use Django.

If you want a one page landing page type application, use Flask.

If you are on a restricted budget and need really good performance for your web application that you tried and couldn't extract from Django, go with Tornado.


> that using Twisted's web capabilities is a bad idea

Isn't async just a bad fit for a typical Web page? Two things which take most time per request (in my experience) are DB queries and rendering templates. While you can have async DB driver (only for postgres right now), all the template engines do their job synchronously, which - with async event loop - blocks everything until finished. There's deferToThread in Twisted, but if we're going to use a pool of threads anyway, what's the point?

I also thought this problem was mostly solved with Nginx and uWSGI. This setup works extremely well in my experience, eliminating problems with handling too many sockets and such but allowing to write Django code as usual.

Async is good if you mostly do things which can be asynchronous, like fetching things over the net, reading files from disk, communicating with Redis and DB. You really need pre-emptive scheduler for tasks (not necessarily threads, see Erlang) for anything that's going to be CPU-bound. And it's not true that rendering web pages is 100% IO-bound - not when you're using Python, Django and need consistently ~100ms response times.


Well, you answered your own question ("what's the point?"): because not every application is "app stack + RDBMS". There are many situations where your backing store is not an RDBMS. There are many situations where you are not rendering templates. There are many situations where queries take seconds, while rendering the result takes microseconds.

While nginx is a very useful tool, it's not the application layer. What if you need your application layer to be fast and complex? What if your application layer works on streams, not rendered HTML pages? What if you want to support server-client notifications via WebSockets? There are so many different situations where a "block this request processor until the request is served" does not work.

Having said that, I'll repeat again that async is not what you should reach for unless it makes perfect sense for your application. If you are building an RSS fetcher, sure go for it. If you are building a product for which you see peak usage of, say, 1m users, go for it. However, for most people, time to market is much more important than peak performance after you can't scale the hardware cheaply. That's where Django (Flask, Rails, etc.) make more sense.


"What's the point" referred only to the use of deferToThread in Twisted. And I was specifically talking about "typical Web page", you know, login, logout, comments and such.

Other than that we actually agree 100%. I wrote that "Async is good if you mostly do things which can be asynchronous", you in turn listed a couple of examples of such things (WebSockets, not RDBMS). We're violently in agreement here.

One additional point I made was about Erlang. Really, if you're building " a product for which you see peak usage of, say, 1m users" go for Erlang (or rather about pre-emptive scheduling, but it boils down to Erlang anyway). In my experience it's the only environment which provides both concurrency and parallelism for both IO and CPU-bound tasks and is easily (transparently!) distributable to many nodes.


That's a good and complete summary.

I have been curious about Erlang for some time. The syntax keeps sending me running in the other direction, but perhaps I just haven't found a suitable project to work on where I could have an excuse to really dig in. any favorite resources you can recommend on learning Erlang?


Of course LYSE (http://learnyousomeerlang.com/) and then "OTP in Action" after you know the basics. But!

There are at least two languages that work on Erlang VM and offer alternative syntax. There's Lisp Flavoured Erlang (http://lfe.io/) and Elixir (http://elixir-lang.org/). Elixir, in addition to syntax, improves on some aspects of Erlang which make newcomers uncomfortable, adds more powerful metaprogramming utilities and adds modern features like browsing the docs from REPL. I found "Introducing Elixir" (http://shop.oreilly.com/product/0636920030584.do) rather good as a starting point and you can do quite a lot with it. But, in the end, you have to at least know how to read Erlang docs, because Elixir won't (and doesn't even try to) cover all of Erlang libraries with friendly wrappers.

Personally I'm used to Erlang syntax, which is small and consistent and I like the "explicit is the only way, no implicit things ever" language philosophy of Erlang, but Elixir is a fine language to learn and use. There's a web framework called Phoenix which despite being very young is already better (subjectively) than pure Erlang frameworks.

I used Erlang twice professionally: for writing a kind of reverse HTTP proxy with caching and for writing a backend for web app using WebSockets. It performed very, very well and was quite pleasant to write. Both things are running non-stop for over a year now and never crashed and were not restarted even once, despite being changed significantly in the meantime (that's just an anecdote, of course).

Erlang is a bit odd and has much smaller community than Python. Lack of libraries may be a problem. I'd never use Erlang for something I'd use Django. I would consider using it for things I'd otherwise use Flask, but probably wouldn't chose it in the end. But it's my "go to" tool for situations where I'd use Twisted/Tornado or gevent now.


I'll just add, if you want a simple REST API server, flask works well. Here's an example of async with flask and sqlalchemy: https://github.com/kljensen/async-flask-sqlalchemy-example


Correct, I was going to mention that

If you need a "CMS style" web application go for Django, now if it breaks too much from that you might want to try Flask/Pylons/Pyramid


Worse. You'll probably be forced to marry to dog-robot of the same sex as you. This slippery slope is so steep!


I feel like a this is a recipe for making some serious spare change: good idea + good design skills + site that sells T-shirts. I remember reading about the person who set up the "I survived the Snowpocalipse" T-shirt site a couple of years back and made a decent amount of money off it.



Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact