Hacker News new | comments | show | ask | jobs | submit | quasistar's comments login

Just a few reasons today's Web trumps anything from the 'Technorati' (seriously?) era: Open API's that reply in JSON, Cloud VPS's at $0.02 per hour, 10 Gb ethernet, 54 Mb fiber in my house, multicore computers in everyones pocket, GPS at everyones fingertips, web frameworks like Sinatra (yes, it took more than three lines of code and two bash commands to publish 'Hello World!' to the web back then), caching solutions like Redis, data crunching pipelines like hadoop, payment processing like Dwolla...need I go on? There will always be folks hankering for the glory days of alt.religion.kibology and compuserve. Ignore them. Create something game-changing instead.


> Create something game-changing instead.

I can't just be a citizen on the web. I have to be an entrepreneur in order to matter.

I want the wide-eyed hippies back in charge rather than the Ayn Rand freaks.


We didn't have swarms of zombie windows PCs to be DDOS'd by back then, either. That was a plus.

AJAX is awesome, but I hate that every site uses it 'just because' and my browser in now hosting applications with persistent network connections instead of displaying a document.


Let's take an opposing view, shall we?

> Open API's that reply in JSON

The serialization format doesn't matter. What matter is that we have way more APIs, all different, with inconsistent semantics and non-orthogonal feature sets than the non-web APIs of 15 years ago. On average the people designing these APIs are less competent than the people from 15 years ago creating more headaches for the people that are competent.

> Cloud VPS's at $0.02 per hour

Cloud virtualization is expensive, not cheap. It has its merits, the overhead for elasticity is much less than it used to be, but this matters only at scale. At small scale you get unpredictable performance and terrible I/O.

> 10 Gb ethernet

No such thing. Even on servers its rare. I had 1 GigE on my laptop 10 years ago. I can't get a better NIC on any laptop today. The world is actually worse than it used to be because back in the day I didn't need to worry about saturating Ethernet. Now I do.

> 54 Mb fiber in my house

I used to be able to buy a symmetric link with a fixed IP address and reverse DNS. Now fixed IP is a rarity, symmetric links are usually not available for non-business customers and when they are, they cost more than 15 years ago. Reverse DNS? Ha ha.

> multicore computers in everyones pocket

I don't need a multicore computer in my pocket. I need a phone with good signal and a battery that lasts. They don't make them anymore. Even if I need a computer, smartphones barely qualify. iOS is locked and Android requires me to do a type of programming I don't like. I'm used to computers that I can program the way I want, not being bound by some framework.

> GPS at everyones fingertips

I don't care. I never used a GPS, never needed one. What I've seen is that now people get lost when their GPS breaks. I view that as a failure of civilisation.

> web frameworks

I'd probably break some Hacker News scalability limit if I started writing about this one.

> caching solutions like Redis

Redis is required because the other pieces of the stack suck. It's a remedy, hardly a cure from an architectural point of view. The broad architectures around us are more unsuitable and more abused than they used to be.

It's actually worse than that. Unix and Plan 9 have thought us that's it is better to model behaviour through a single bounded interface rather than a growing set of specialised interfaces. This allows composition, protects against lock in, and allows synthetic components. Now there's a Redis API, there's a Cassandra API, there's a MongoDB API, there's a Zookeeper API, there's a Riak API, there's a RabbitMQ API. Everything has an API. A different API. Not only this destroys composability, it also hinders experimentation, increases the technical debt, makes the cost of transition higher, and bounds the writer into using a limited set of tools.

> data crunching pipelines like hadoop

Hadoop is a a player in an extremely niche field. I don't think it's relevant to talk about a thing as specific as hadoop in the context of something as general as the cultural and pragmatical shifts in the Internet. However, if you brought in the discussion, Hadoop is awful. Companies deploy it because it's trendy, not because they need it, introducing complexity, additional dependencies and a whole new set of problems to solve. Hadoop also dropped the bar on what is considered simple and sane deployment causing new software to be just as awful to deploy when they wouldn't really need to.

> payment processing like Dwolla

No idea what this is, but payments on the Internet are worse then they used to be. Sure, now you can buy anything, but it's harder to pay. Paypal periodically asks me for IDs and freezes my accounts just because I happen to move between two countries, there are many more types of cards, some work on the Internet better than others, some banks work on the Internet better than others. Merchants support only limited and disjoint set of payment options forcing me to have multiple types of credit cards and various types of accounts I don't want or care about. Back in the day, you had a credit card, it worked. Now I can buy groceries and shoes on the Internet. Back in the day I could not, but I didn't want to. I wanted to buy various types of equipement, and that I could.

> There will always be folks hankering for the glory days of alt.religion.kibology and compuserve. Ignore them.

The article was not about the olde glory days, it was about a fundamental shift in the way people and machines interact on the Internet. A transition from protocols to services. I think this is a worthy thing to discuss and your dismissive, condescending post is not warranted.


I'd like to subscribe to your e-zine.


e-zines are a sign of the decline of civilization. We engage in discussion on Gopher, the way God intended.


That the Brubeck obit is a Top 10 HN story puts a smile on my face ;)

If you're in a jazzy mood tonite, I can strongly recommend the recent Shinichiro Watanbe anime "Kids on the Slope" (坂道のアポロン Sakamichi no Apollon).



Completely OT but I just don't get anime at all. What am I missing? I got 10 minutes through Episode 1 at that link expecting something to happen - nothing did. I don't even really follow the storyline - a wimpy kid who can only stop himself throwing up by running onto the school roof.

It's like cryptic crosswords, god and football matches - I must be missing a part of the brain.


That's just representative of the "slice of life" genre, not anime as a whole. I'd say try Cowboy Bebop, it's the same director, same composer, but this time it's a bounty hunter space opera with a jazz score. It often gets compared to Firefly. It doesn't seem to be on Crunchyroll but it's widely available.


Also, Kids on the Slope is pretty good, if the idea of a jazz tribute coming of age innocent high school soap opera is appealing. Thanks quasistar.


For anime in this genre, the pace can be a bit slow at times. This series is definitely character driven, as opposed to being event driven (although there are of course events that drive the characters). Since it's a bit of a "coming of age" story the focus is more on their development, and it takes a few episodes for the anime to set the background for the story and its players before it starts "moving."

One way to appreciate this approach is to contrast the storytelling techniques of western comics vs Japanese manga in the 90s (as they have since borrowed a lot from each other). The book "Understanding Comics" explains how in a western comic book each frame, while containing art, typically contains a lot of text. The story in western comics at the time was very textually driven, with the art as an accompaniment to help illustrate (ha!) what occurred in the text.

In contrast, manga could spend pages on images where the only "text" would be textual sound effects, devoting much space to creating an ambiance or mood. Furthermore, dialog might be more sparse and short, with greater reliance upon illustrating emotion. In fact, one of the reasons that the stereotypical anime style of big heads / large eyes developed was because of the realization that it was an effective technique to wordlessly convey emotions in characters (although this style actually originated in a western comic, Betty Boop).

Sorry, my memory is a bit fuzzy as to how Understanding Comics explained this all, but if you consider this difference in approach to storytelling, you might better understand what "slice of life" anime are doing. The intent isn't necessarily to pull you into a series of events and "go somewhere" immediately.

That being said, I heartily recommend this series. I had always found jazz interesting, although it was a bit too esoteric for me to know where to start. This series introduces jazz through some songs that are very easy to get into, even though they have a lot of depth. The end result of this, for me, was that I ended up taking up the sax and loving it. :)


The story is kind of slow and pretty set in Japan's social context. If you like to read novels by Haruki Murakami then you can get the story and its context easier.

Japan (or to some degrees, Korea, Vietnam, China, Taiwan, Hong Kong) has been influenced by Confucianism. How to deal with shame is a central part in social life. This includes dealing with feelings of alienation to one's social counterparts. And "being wimpy" is kind of shame experiences for teenagers in those countries.

You need to understand "shame" and "guilt" are two different concepts. "Guilt" is based on actions and morality. "Shame" is based on attributes that one possess. That's why you can see a lot of murders in East Asian's dramas having no feelings for guilt, but having feelings of shame.


Video of moxie at BlackHat 2012 for deep essential background on the subject:

SSL and the Future of Authenticity


What's the status of the Convergence SSL alternatives that were going to be built into Chrome/FF?



Trevor Perrin and I are actually making some encouraging progress with TACK, which is a less controversial proposal with fewer moving parts. It's for dynamic certificate pinning rather than a full CA replacement, but we feel that it takes a big bite out of the problem and is potentially a step on the path out of the current mess.

The internet draft and reference code can be found here: http://tack.io


is there a faq or tack for dummies? i'm reading the rfc, but somewhat confused.

edit: http://blog.cryptographyengineering.com/2012/05/tack.html helps (i was missing that it is in addition to tls, so it's like perspectives / network notaries, but over (limited) time, for a single client, rather than over multiple clients)


Why are you shifting from convergence? It seemed like such an ingenious solution.


I'm not Moxie, but one attractive thing about TACK is that it standardizes something browser vendors already do: if you're on a short list of sites trusted or taken seriously by Google, for instance, your certificates can be "pinned" in Chrome; essentially, Chrome builds in a notion of what your certificate is supposed to be. As a result, no matter which CAs have been compromised by which foreign governments, Chrome isn't going to believe that a pinned site, like MAIL.GOOGLE.COM, is represented by a Diginotar or Comodo certificate.

The obvious problem with that is that you have to call in a favor from Google to get that level of security. TACK is a mechanism that allows any site to get something comparable.

Another attractive thing about TACK is that it follows a model that other security features in the browser already use. For instance, the HSTS header is a widely-supported feature that allows websites to instruct browsers to remember that a site is intended to be reached only via HTTPS. TACK does something similar, but with a much more useful assertion.


Yep, it also has benefits to the site. AGL is quite generous with his time in terms of accepting static pin requests, but it can become a difficult situation for large website operators. It's a little nerve-wracking to know that the fastest you can make a change is 10 weeks out (the expiration for Chrome pins post-build), and some of those pin lists get pretty long (CDNs, multiple CAs for whatever reason, multiple SPKIs per CA, etc).

TACK is designed to alleviate that pain for the site owner by providing flexibility, and by eliminating even the CAs the site uses from its scope of exposure.


I conceptualize Convergence as providing trust agility for situations where a client needs third party verification. TACK is about reducing the number of situations where we even need to trust a third party at all.

The latter helps the former by making it easier to deploy. If TACK were the norm, then the only purpose CAs would serve is to introduce clients to websites they have never seen before (rather than authenticating every single connection to a website during every page load to that website).

By taking a bite out of the problem, we feel the remainder will be easier to solve. And yeah, hopefully we can position convergence as that solution.

It's also easier to get TACK done with browser vendors, simply because it's well encapsulated as a TLS extension, is fairly uncontroversial, and requires them to write less code. Basically, we feel it's a good first step.


One question I have about convergence. I understand how it helps prevent MITM attacks by getting consensus from a trusted third party as to the authenticity of a particular cert.

However what happens if the MITM attack is on the other end, in other words somebody has got into a hosting providers network and is MITMing a bunch of traffic to some of their servers.

They could use this to pass back bullshit certs/public keys to all clients (including notaries) who connect to servers they have MITMd.

One way to prevent this of course would be to have the server keep it's own list of notaries and self-check every so often and alert clients if something appears wrong.

However here you are relying on server administrators keeping this configured and working. I could imagine less scrupulous administrators on strict SLAs disabling this and letting it fail in a way that is silent to the end user to avoid downtime. This would be more difficult to do with the traditional CA structure since the attacker would need a valid cert for the site or would need to SSL strip everything (which would eventually get noticed).

Or do I have this wrong and it is intended to augment the existing CA structure rather than replace it?


Gods they must be cray

Lyrics over HTTP?

What would Kool Herc say?

Venture valuation

Drifting to the perihelion

Maboo with the Bently scout

Now Marissa's got her checkbook out

Annotations the new cream

Even writin up your daydreams

Like Cobb with one last job

Wakin up before you scream

A Venn diagram intersection

"Seems like a bad idea"

"No really is a good idea"

Priceless like a loan rejection

Copyright in Fringe mint

Walter Bishop eating Thin Mints

Don't require six senses

To see text bubbles everywhere

Maybe time to give up the ghost

Or upgrade to a $7 sponsored post


Uncanny. I can claim in true honesty that I had a remarkably similar vision for a comprehensive life 'experience quotient' app not even 2-3 weeks ago. The travel portion looked very similar: GPS enabled tracing of a global map space with percent coverage. But travel would be but one table in a comprehensive database of life experience: financial, relationships, science, arts, drugs, sex and everything else worth living for. An algorithm would tally a grand 'statistic'. It's the stuff of Borges' wildest fantasies, n'est-ce pas?


Indeed, this cogent essay has been a long time coming and should be a pre-requisite for anyone thinking of getting in the game. "A barbershop isn't designed to grow fast. Whereas a search engine, for example, is." Brilliant.


Both the app and the team made a strong impression on me. There is some real heat here. 3x3 is soo much better than double dating. And the 'bathroom intercourse' metrics are certainly a unique measure of 'penetration'.

Interested to hear what mechanics they are considering adopting to drive long term engagement. After all, who wants to bear the mark of having the reputation about town of being a 'serial grouperizer'.

Also, how do they plan to make money? Revenue share on the pre-paid date?


Congrats, Kurt! An entire generation of game devs bestow their most humble appreciation for showing us the path to enlightenment. Hopefully the new content will reflect the changing state of the field, for example: OpenGL ES 2.0 hacks for smartphones and WebGL.


While the author of the linked article expiates the hit coding performance can take when fasting I have personally observed an interesting phenomena during my observation of Ramadan. Namely, I can experience moments of acute lucidity and penetrating insight into a problem at hand.

Usually this occurs when I am in the midst of something that requires a good bit of effort such as tackling a thorny algorithmic conundrum or analyzing a particularly complex call stack. If I attune my mind to repress the pangs of bodily need I occasionally feel as if the external world melts away and I slip into an almost mystical state of oneness with the task at hand. Needless to say, I have been surprised immensely by this development.

One theory I have is that the blood flow that would normally be assigned by my body to the act of digestion is now free'd up to be reallocated to the ole cranium. Plausible? Unsure, but am certainly enjoying these life experiments!

Side note: for those observing the fast I have also noticed that my immune system is closely linked with the gut and my self-imposed starvations can lead to immune system compromise. Make sure you supplement your Iftar goodies with some replenishing nutrients such as pro-biotic yogurt smoothies rich in vitamin C and home-cooked chicken consomme.


I also tend to notice an increase in my productivity and ability to focus during Ramadan. A good breakfast is essential, I usually stick to yogurt, granola and vegetable juice - say my prayers then head back to sleep for a couple hours. I can't say I'm not hungry when 820 rolls around but I don't find the month debilitating and most of the time my co-workers don't realize I'm fasting until it's almost over.


I think probably whether you think you're abnormally better or abnormally worse at coding while fasting, you're just getting some placebo effect of whatever you're inclined to believe. I'm not sure what evidence there is that a little fast has significant effect on someone's ability one way or the other.


yes and also your liver gets a break. i normally experience the same a few hours after what would normally be my lunch time. Feel very light physically and find it easy to attune attention and really be creative. i do wonder if the lack of music/tv throughout the month also has an impact


>almost mystical state of oneness with the task at hand awesome


'Cambridge Seed' sounds like a reality TV show about a sperm bank that only accepts donors from elite universities ;)

Congrats to everyone who has ever applied and the YC team! You have changed the rules of the game for the better...



Applications are open for YC Summer 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact