Hacker Newsnew | comments | show | ask | jobs | submit | archivator's comments login

Damn Interesting did a full episode on the entire event - http://www.damninteresting.com/the-zero-armed-bandit/

It's really fascinating stuff.


I love how much longer the documentation is than the actual file. That said, I'm also somewhat wary of using forked pgsql and ubuntu images.


The Bod and in general the wider library system in Oxford (over 120 libraries!) was easily the best part of my undergrad academic life there. Having a dedicated space for studying, open 24/7, within 20m of my room was absolutely liberating and fundamental to the experience.

I sometimes wonder whether I should continue my education somewhere like Oxford, just so I can experience the focused concentration of a library again.


> Having a dedicated space for studying, open 24/7, within 20m of my room was absolutely liberating and fundamental to the experience.

My sentiments exactly. I chose my undergrad college (not at Oxford) for the sole reason that it made particular mention that its library was open 24/7 on its website. I figured it was as good a reason as any, and it turned out great.

I've also had experience with another university in the states that has an open stacks policy–anyone can just walk in and use a desk or read a book, no registration, card swipes or anything required. Absolutely liberating. Instantly made the university so much more welcoming (contrast this to the university I'm currently at where you have to jump through hoops to get a visitor access to the library, and if they're there without someone to sponsor them, god help them).


I don't think I've seen an Australian university library that wasn't open to anyone to walk in and browse the shelves. When I was in the UK I found it incredibly odd that most of the university libraries required ID, and made it quite difficult to visit.


A web search identified Stony Brook as having an open-stacks policy. Are there others? Proximity to such libraries could be promoted by real-estate agents.

Humans are so much more than symbol processing algos. Physical environment and context matter to the creativity which is our primary species differentiator.

Libraries can be viewed as always-evolving local caches. Digital images reduce the latency of discovery, but like travel to a distant land, nothing can substitute for tactile experience and three-dimensional motor memory as anchors of emotional experiences and learning.


Many university libraries will allow non-students, or at least they only check for a student ID before and after certain hours.

Even then, it's easy to sneak through if you act like you belong there. Librarians tend not to be the type that try hard to keep people out of a library. If it's actual campus security, that's a different situation.


I have never physically been to a university that wasn't open stacks, is it common? It would seem antithetical to the Hippocratic Oath of Librarians.


This is my favorite Unreal 4 demo - https://www.youtube.com/watch?v=MOvfn1p92_8 (sadly missing the wonderful quote "I light my level by dropping a sun in.")

I'm completely in awe of the feedback loop here. It even compiles and swaps code while you're in the game!


Unfortunately that demo is outdated. They dropped a lot of that GI tech because it was never made performant for medium spec machines.


It was meant to be hotels in a single country, it's still operational at http://bookinbulgaria.com

In this business, the big competitors all reserve a bunch of rooms in the hotels and manage their booking themselves. The hotel is then not allowed to touch these rooms.

The model here was to give the hotels a reception-desk piece of software and have them use it to maintain availability. A lot of the hotels that signed up had nothing like this, so it was definitely a win for them. Armed with exact availability, you can have a much better booking system (and of course, if the hotel only wanted to give you a chunk of their rooms, they're perfectly capable of doing that).

Hotels can sign up on their own (including local bank details, etc) and just need to be reviewed before showing up on the site. It supports i18n, scheduled payments, lots of bells and whistles.

The fact of the matter is that this failed because of market reasons (too small a market, dominated by big players, primarily) but it may have a niche somewhere else on this planet. :)


Is it possible to pivot into another market sector.

For example, holiday home rentals? bed & breakfast? car rentals? I think there is a lot of potential in the car rental market... e.g. allow private vehicle owners to rent out their vehicles. There are probably a few insurance details to work out, otherwise it sounds like you have 80% of that sort of system built already.


I'm thinking the same.

My brother works in the travel software industry (for a big player) and that market is an extremely hard nut to crack, unless you are coming at it with a boat load of contacts and money.

The big tour operators (I know this from the European side) are quite well tied into the bug boys contractually. They often will enforce sole-usage on hotels to prevent this kind of side market entry your parents have attempted. the hotels can be penalized or dropped from the operator's books, for simply offering rooms outside the tour operator.


Interesting. I have a client who has a booking engine for their very specific education tour company and have been wondering if I could port the software for resale. They sell direct to the traveler no agents or 3rd parties so it works well for them but I've been curious if this model is adopted widely..

I don't know enough about the larger industry and what barriers there are to entry however. What kinds of tour operators in Europe are blocking entry to the market? Is this just tour groups making certain hotels exclusive, or the booking sites?


While I'm not arguing against your overall point, your example is not a good one. Volley was unnecessary. It only got attention because Google did it but the community was already on top of the issue. From shipping their own, newer Apache Client libs, through koush's ion and picasso, to Square's okhttp, networking on Android is full of good libraries to use. Volley didn't anything dramatic to this and, judging by the amount of attention it has received, it was someone's side project.


I take your point, and that's exactly why I'm not using it in production, but it doesn't seem like Google should have drawn as much attention as they did to it, running a session on it within Google I/O, if it was just intended to be a side-project and not for widespread consumption.

I guess I'm just coming at this with a WWDC mentality, where a presentation would be run only on a completely production-ready and documented framework, and perhaps I/O does things differently.


As someone just now learning how docker works, I absolutely agree.

Personally, I think there are some new-ish interesting immutability ideas that can be explored with regards to static files. It's not clear to me whether static assets (or even static sites) belong inside the container. I would be really interested in experienced folks' opinions on the immutability of the image. Where do you draw the line on what goes inside it and what's mounted in?


This is my general rule of thumb, but bear in mind it's only my approach. I'm not even going to claim that it's good. Just that it works for me...

Is it source or configuration? Then its external to the container, either mounted at runtime of the container (typically always true for source code) or injected into the image at build time through the Dockerfile. Application source is almost always mounted, things like nginx/apache configuration files are nearly always injected during the build process.

I prefer this approach because my source is decoupled from the image, and if another developer wants a dev setup free from Docker, he/she can do so.

I prefer the source I use for config files because it allows me to keep the dockerfile, the configuration files for various services, and a readme all beside one another in source control. This allows other developers to get a basic idea of the container's configuration (if they so desire), and also modify that configuration if they want to tweak/alter a setup.

I see the configuration file approach being potentially a bad idea, but with the small group I currently work with, we're all fairly comfortable making configuration changes as necessary and communicate those changes to others effectively. I don't know how well that approach would hold up at scale.

I would do the same thing with static sites and files, I think. Why? The static site isn't the part of the system, it's the product that should be executed on the system. Therefore, at least in my opinion, it should be as decoupled from that system as possible.

But, like I said, this is just my philosophy. I'm sure someone else will have an equally valid but totally opposite approach.


You don't have to choose between what's inside and what's mounted in. You can mark persistent directories (directories that should live longer than any given instance) as volumes with "dockercrun -v". Docker will arrange for them to live separately from the rest of the container filesystem. Then you can share volumes between containers with "docker run --volumes-from"


Book In Bulgaria - http://www.bookinbulgaria.com - It's a full-blown reservation system, with a hotel reception endpoint (so that availability is always accurate). Hotels can sign up themselves, and it also has fully automatic billing.

We've received really positive feedback from both hotels and tourists, it just turns out that Bulgaria is a really (really) tiny market.


It's either that or Twitter will be completely blocked in Turkey. They're playing a tough game but at least it's a game that the Turkish public can play too, as long as you're faster than the censors.

The alternative is for the government to take down the entire game field.


They have blocked twitter before, Youtube is even blocked right now. But knowing twitter is starting to bow Turkish government’s requests is not assuring anyone.

It's blocking accounts right now. But what may come afterwards is really worrisome. Also Starting with Turkish government will mean other governments will start the same tactics against Twitter.

So any non-Turkish citizen should fear about what is about to come.


Or, they just did the expected. Those accounts were unlawful and there were court orders against them. You or I may disagree with it does not matter.


The question is at what point a service has to accept local laws. Like when a country bans "sexual images" or certain pictures of "prophets" or criticism of its political leaders, does Twitter, or for that matter any other service - esp. Google, has to bow to that law.


I'd imagine at the point that the options become "comply with the law" or "deny access to that locality".


Like any whistle-blowing.It's illegal so no one should whistle-blow and any corruption should stay hidden.


These accounts will just switch to Russian social media or blogs.mail.ru which have Turkish language support and would be happy to host corruption docs of the Erdogan regime. Then use twitter to spread links to it.

Nothing twitter can do if thousands of Turkish twitter users are linking to pastebin entries and other moving targets hosting links where to get these docs.


We have seen haramzadeler switch accounts from @haramzadereler1 to @haramzadeler333 and many numbers in between beforehand. So they will just switch accounts hence it's a matter of time before twitter bows and creates a special api for AKP government just to deny any account they want.


funny, pastebin is blocked in Turkey. The censorship is not conservative in turkey


For Twitter, they preferred complying with the law. If there would not be large interest groups on this event and only known individuals would be acting, I would symphatise. But sorry IMHO this case is too dodgy to call "whistle blowing".


Really? So in your opinion letting people learn about prime ministry level corruption and ministry level threats of starting war with Syria is not whistle blowing?

I think you also believe the recordings are montages.


I do not take sides on this. I just felt both sides are master manipulators and I prefer to ignore both.


Court has declared they can't block Twitter, so it was unblocked.


This was not an issue. Anyway, after Twitter's former lawyer, the one who was fighting for civil rights issue suddenly left, I knew it's all downhill from there for Twitter in terms of fighting for civil rights of their users.

Can't wait for Twister to be mature enough.



What's the recommended non-serious-personal-use VPN these days?

PPTP is completely broken (MS-CHAPv2 especially), OpenVPN is hard to setup and maintain.

I've been using ssh as an impromptu VPN-like thing but I'd really, really like an actual VPN solution.


> OpenVPN is hard to setup and maintain.

That's not true. OpenVPN is the easier, most straight-forward solution when it comes to set-up[1] and configuration (routing, firewalling, client auth, etc.). Try to setup OpenSWAN and you'll see what hard to setup really means. I don't know about new software like SigmaVPN.

[1] Or maybe I am too used to it.


I wrote a ruby script to help with OpenVPN.

https://gist.github.com/arnehormann/9744964 There's a usage howto in the comments and this should be short enough to fully grasp what it does. No third party requirements, just ruby core + openssl.

It creates client and server configuration and creates and manages CA and CRL.

The VPN uses tun mode over UDP. Required changes on the server are written down in comments at the beginning of the server configuration.

If there is sufficient interest, I can make it a real repo so it can get issues and pull requests.


I use n2n for things that don't really matter, it's quite nice and simple, but has some pretty glaring potential if not real security flaws in its design (and the v2 that was supposed to fix some of them seems to be in some kind of deep technical debt hole and tends to crash).

After this thread I'll be looking at fastd and zerotierone, though.


What do you use for things that matter?

Do you have something else to create L2 overlays that is more secure?


Unfortunately, openvpn. :/


As you know, OpenVPN cannot do what n2n can do.

Someone has to run an OpenVPN server. Everyone on the network has to trust that server.

And connections between network participants are not peer to peer.

With OpenVPN and most other VPN's, if I'm not mistaken, each person's traffic passes through a central point: some VPN server/appliance.

This is a major difference and has its own set of security implications.


Has anyone used or know about SoftEther VPN?

I was looking them up the other day they seem very nice.

Link: http://en.wikipedia.org/wiki/SoftEther_VPN



Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact