八方来风 › 网址小屋

文章 feed - 评论 feed

2014-02-15

The Coinbase Blog — Introducing “BitHack”: Hackathon by Coinbase

Comments: "The Coinbase Blog — Introducing “BitHack”: Hackathon by Coinbase"

URL: http://blog.coinbase.com/post/76553987867/introducing-bithack-hackathon-by-coinbase


We’re excited to announce the launch of Bithackathon.com – an online hackathon to inspire developers across platforms and continents to build solutions with bitcoin.

 

We will judge app entries based on creativity, usability, and execution. The prize? Bitcoins!

  • 1st prize: $10,000  worth of bitcoin
  • 2nd prize: $5,000  worth of bitcoin
  • 3rd prize: $3,000  worth of bitcoin

Criteria

We are looking for apps that excel in three areas:

1) Creativity:

  • Originality of idea
  • Innovation

2) Usability:

3) Execution:

We invite any and all developers around the world to participate in the competition.  Check out www.bithackathon.com for more information – spread the word!  Look forward to seeing you there.

Original post on Hacker News

usablica/progress.js · GitHub

Comments: "ProgressJS – A themable HTML5 progress-bar library"

URL: https://github.com/usablica/progress.js/


ProgressJS

ProgressJs is a JavaScript and CSS3 library which help developers to create and manage progress bar for every objects on the page.

How To Use

1) Include progress.js and progressjs.css in the page (use minified version from minified folder for production)

2) Execute following JavaScript code in the page:

//to set progress-bar for whole page
progressJs().start();
//or for specific element
progressJs("#targetElement").start();

Use other methods to increase, decrease or set a auto-increase function for your progress-bar. Furthermore, you can change the template using setOption method.

API

Check the API and method usage with example here: https://github.com/usablica/progress.js/wiki/API

Build

First you should install nodejs and npm, then first run this command: npm install to install all dependencies.

Now you can run this command to minify all static resources:

make build

Roadmap

  • Add example folder and provide examples
  • More browser compatibility + mobile/tablet device support
  • Add more templates

Release History

  • v0.1.0 - 2014-02-14
    • First version
    • Increase, decrease and auto-increase functions
    • Ability to design and add templates

Author

Afshin Mehrabani

License

Copyright (C) 2012 Afshin Mehrabani (afshin.meh@gmail.com)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Original post on Hacker News

Fullstack Academy - Romance.js - Programming Valentine's Day Poetry

Comments: "Fullstack Academy - Romance.js - Programming Valentine's Day Poetry"

URL: http://blog.fullstackacademy.com/post/76605703216/romance-js-programming-valentines-day-poetry


On this Valentine’s Day - two aspiring poets at Fullstack Academy want to help you use programming to further your own romantic endeavors.

A bit of background

Nimit and I (David), now instructors at Fullstack Academy, actually met on the first day of college over 14 years ago and bonded over our mutual love of Web technologies and the ethos of open-source (our youthful form of rebellion consisted of running Linux instead of Windows). That’s our founder story and why we continue to this day to love working with the Web and training aspiring Web developers. However, what’s less well known is that we also share a mutual love of poetry and considered ourselves somewhat accomplished amateur poets throughout college.

Although our poetry career never fully blossomed, on occasion you might still find one of us counting syllables on fingers or looking up rhymes as we construct a poem for our loved ones. I’ve always found the hardest thing to do is find inspiration - find something that knows what I want to say and how I want to say it.  Fortunately, with a bit of computer programming, we can train our computer to mimic any poet, including ourselves.

If you’ve started with Codecademy or Codeschool’s JavaScript course, this exercise should be right up your alley. It’s a fun way to explore language and we hope it will inspire you this Valentine’s Day.

Sounding like ourselves

If you’ve ever played Mad Libs, you’ve experience the amusing quality of text interpolated with some randomness. Our mind has an amazing ability to impose a story onto that randomness. Our poetry program is like Mad Libs but with two differences:

Our program chooses every word rather than filling in blanks Our program trains itself by building a set of all words that follow each word in the corpus (the corpus is the poetry or text you want to mimic). Our program picks a random word from the corpus to start. Then it picks from the set of words that have followed this word.

For example, if we take one of my favorite poems from e.e. cummings:

since feeling is first
who pays any attention
to the syntax of things
will never wholly kiss you;

wholly to be a fool
while Spring is in the world

my blood approves,
and kisses are better fate
than wisdom
lady i swear by all flowers. Don’t cry
—the best gesture of my brain is less than
your eyelids’ flutter which says

we are for each other: then
laugh, leaning back in my arms
for life’s not a paragraph

And death i think is no parenthesis

We first identify the unique words that appear in the poem: “since”, “feeling”, “is”, “first”, “who”, “pays”, “any”, “attention”, etc. Then for each word, we identify the list of words that follow that word. For example, for the word “is” we see “first”, “in”, “less”, “no” and for the word “my” we see “blood”, “brain”, “arms”. We store these “following” words associated with each starting word.

The magic about this is that based on how we train our model (what body of text we put in and what sequences it has) it can create a pretty good approximation of what the author of that corpus sounds like.

Although you can be the judge of whether or not you like the poetry this generates, it does pose an interesting philosophical question: are we anything more than the aggregate of all our experiences and language combined in some probabilistic web.

Setting up the Corpus (poetry you want to mimic)

For our code to work, it first needs some body of text to train itself on.  Let’s set up a place in our HTML where we can dump a bunch of text.  For that, we’re going to use a trick that web developers use to store long strings in HTML - script tags that aren’t JavaScript.  By setting it up this way, the browser ignores it but makes it still easy for us to grab the text out. Feel free to follow along by opening your own JSFiddle.net fiddle.

Now let’s set up a way to store all the pairs.  For our implementation, we’ll create a JavaScript object where the keys are single words and the values are an array of all the words that follow that word in our corpus.  Every time we see a new word combination, we’ll store the combination in our object for use later.  We’re going to store duplicates as well so later on, we don’t have to worry about storing probability weights, we just need to randomly choose a word and the probability will work itself out.

Great, now we have two helpful pieces of data: words and wordpairs.  words is a long list of every word in our corpus and wordpairs is where the pairs are stored.  wordpairs[“love”] will return an array (a list) of every word that our program has ever seen follow love.

Making Poetry

Now that we’ve prepped the kitchen we just need to flambe the paper (don’t worry, your program will botch its metaphors even worse). Let’s write a function called “writePhrase” that takes a length of words and returns a phrase of poetry.  We also write a helper function to randomly choose from an array since we’ll be doing that several times.

Take a look at this following JSFiddle (set up with Shakespeare’s Sonnets) to see what kind of output it creates. Open the JSFiddle  and you can change out the corpus and see what kind of other poems you can create! Perhaps you can use it as an inspiration for a beautiful poem for your own loved one.

Further Challenges

The core system that we’ve built is called a Markov Chain (read more on Wikipedia). It’s a simple and elegant way to model various problems in Computer Science and as we’ve seen, can be used to generate amusing text based off a training corpus. However, there are still many directions to go from here:

  • Our program doesn’t handle sentence structure in the original corpus, this makes it start and stop each phrase awkwardly
  • We’re pretty aggressive about removing punctuation, this produces a bland ending text - try to keep two versions of the word, one that has been normalized and one that keeps the original formatting


If you’d like to continue exploring programming and dive deeper into computer science and web development, feel free to reach out to me at david@fullstackacademy.com. We’re hosting a free one-day introduction to web programming called Road to Code in early March at Fullstack Academy where beginners learn to do other awesome things with code!

Original post on Hacker News

Crazy ants take on fire ants and win | Ars Technica

Comments: "Crazy ants take on fire ants and win | Ars Technica"

URL: http://arstechnica.com/science/2014/02/crazy-ants-take-on-fire-ants-and-win/


Fire ant, meet crazy ant.

If you’ve ever been attacked by red imported fire ants, you can likely attest that these tiny insects have a nasty defense mechanism. When threatened, fire ants inject or dab their enemy with a potent neurotoxic venom that quickly dispatches most other ants and can sometimes even send humans to the hospital.

This deadly assault is a pretty effective deterrent to most other ant species, which tend to keep their distance. But the fire ants have now run up against another invasive species that's willing to take them on: the tawny crazy ant. This unassuming little ant has the surprising habit of aggressively barreling right into a colony of fire ants, seemingly undeterred by their toxic venom.

In this week’s issue of Science, researchers from the University of Texas at Austin report that crazy ants are actually able to detoxify fire ants’ venom, helping them displace this usually dominant species.

A crazy ant’s headlong charge into a mass of fire ants almost always results in it being smeared with venom. But once covered in the neurotoxin, these ants perform a systematic and ritualized behavior. First, an ant stands on its hind legs and curls up its abdomen, touching its mandibles to a small gland at the tip of its body called the acidopore. The ant then runs its front legs through its mandibles and grooms itself fastidiously.

It looks like the ant is covering itself with a secretion from its own body as a response to the fire ant's venom. To determine whether this behavior actually counteracts the venom’s effect, the researchers ran a controlled test. They used nail polish to seal the acidopore of one group of crazy ants, and simply sham-treated a second control group. After coming into contact with fire ant venom, the crazy ants with the sealed acidopores—which could not secrete any chemical defenses—had a survival rate of just 48 percent, whereas 98 percent of the control group survived. Clearly, something originating from the acidopore was increasing the survival of ants covered in venom.

By testing crazy ant secretions, the researchers found that the life-saving substance was actually formic acid from the crazy ants’ own venom. So far, it's unclear exactly how this chemical detoxifies fire ant venom. It’s possible that formic acid denatures the enzymes that enable neurotoxins to enter cells.

While this rare ability confers a huge advantage for crazy ant survival, its biggest implications are ecological. Ever since fire ants were imported into the southern US in the 1930s, they have been the dominant ant species in most grassland ecosystems. But crazy ants—introduced only about 12 years ago—are now taking over, thanks in part to their ability to detoxify fire ant venom. When the two species fight over food or space, crazy ants come out on top 93 percent of the time.

Digging into these two species’ past sheds light on this asymmetry. Tawny crazy ants and red imported fire ants share an evolutionary history since their native ranges overlap in parts of South America. Their arms race began there, with fire ants evolving venom to defend themselves and crazy ants evolving a detoxification mechanism as a counter-defense. Now the chemical warfare has been re-engaged here on a second continent, playing out across the Gulf Coast. And for a second time in the past century, a new invasive ant species is dominating and drastically transforming ecological communities.

Related PSA: crazy ants are attracted to electronics. So if you're a technology lover living in the southeastern US, watch your computers and appliances because these tiny invaders are headed your way.

Science, 2014. DOI: 10.1126/science.1245833  (About DOIs).

Listing image by University of Texas

Original post on Hacker News

Airbnb and Housing - The Airbnb Public Policy Blog

Comments: "Airbnb and Housing"

URL: http://publicpolicy.airbnb.com/airbnb-housing/


This morning, you might have seen a story on Airbnb and housing prices in Marfa, Texas, and beyond. We strongly believe that Airbnb makes communities more affordable and we know it has already helped families stay in the home and community they know and love.

First, let’s start with some context. As readers of this blog know, Airbnb has more than 500,000 listings around the world. If you’re looking for a place to stay in Marfa this evening, there are a total of five options available.  In the six year history of Airbnb, only 17 properties have ever been booked in Marfa. So it’s difficult to argue that Airbnb is having any impact on the housing market in this community.

But many have asked an interesting question about whether home-sharing has an effect on housing prices in communities where more people share their homes. We believe home-sharing makes it possible for more people to pay their bills and stay in their own homes. When Airbnb first got started, we heard from hosts who told us how sharing helped them pay their bills and avoid foreclosure or eviction.

Then, we started doing some research and the data shows that people depend on Airbnb to help pay their bills. We conducted a series of studies in cities around the world. Here are just a few of the key data points:

  • 56% of Airbnb hosts in San Francisco said they use their Airbnb income to help pay their mortgage or rent.
  • 46% of Airbnb hosts in Paris said they use income for essential living expenses such as rent and mortgage payments.
  • 87% of Airbnb hosts in New York share only the home in which they live. And 62% of Airbnb hosts said Airbnb helped them stay in their homes.

The sharing economy is relatively new, so there isn’t much academic research on this question, but noted UC Berkeley Professor and housing expert Ken Rosen conducted a detailed study for us and asked whether home-sharing is responsible for rising rents in San Francisco. Here’s what he wrote:

In cities like San Francisco, the cost of a home or an apartment is never far from anyone’s mind and there is no shortage of theories about why rents continue to rise. One of the latest theories posits that the “sharing economy” and short-term rentals are to blame for high rents. But not only is there no evidence to suggest that short-term rentals are making homes less affordable, our research and analysis indicate that home sharing has the potential to make urban housing more affordable for more families.

Rosen’s work also examined whether some people would stop renting their apartments to permanent residents and start sharing them only on Airbnb. Here’s what he found:

Although there have been media reports of renters and landlords benefiting financially from converting traditional apartments to dedicated short-term rentals, we believe this represents isolated cases of individuals and not the market as a whole.

Data shows that most Airbnb hosts occasionally share only the home in which they live and use the money they earn to help make ends meet. That makes home-sharing an important lifeline that helps families around the world afford to live in the city they love.

Original post on Hacker News

Useful Learning Resources For Web Designers | Smashing Magazine

Comments: "Useful Learning Resources For Web Designers | Smashing Magazine"

URL: http://www.smashingmagazine.com/2014/02/14/learning-resources-roundup/


Fortunately, learning is not limited to only a small minority of people anymore; it is not even limited to visiting a school or a university. The Internet makes it possible for us to distribute knowledge at a small price, and is full of resources to expand everyone’s knowledge on an enormous variety of topics.

Since learning is a lifelong task that doesn’t stop after pursuing a certain academic certificate, this round-up is not only dedicated to beginners. It’s for everyone who wants to become an expert in a certain field or is simply curious about the Web and the latest tools and techniques around them.

We hope that this round-up will bring you closer with many of the valuable resources that are available out there. Some are completely free while others can be obtained through quite affordable memberships. You may also be surprised to find that your local college or university is also publishing free classes and courses on all sorts of topics you can think of — make sure to keep an eye open!

Here are the topics of learning resources we’ll cover today:

Coding

Code Avengers
Code Avengers’ courses are a fun way for students to learn computer programming and Web design. Participating in interactive coding challenges, bug hunts and robot missions takes the pain out of learning JavaScript, HTML5 and CSS3. The lessons are designed for students of all ages.

Coderwall
Thousands of developers share their achievements and current projects on Coderwall. Connect with them, share your own pro tips, and get feedback. Learning new programming languages, tools and technologies has a playful twist and is far from boring. Discover how others are solving their challenges, and gain badges for every completed project.

The Starter League (formerly Code Academy)
Trying to build Web apps without the necessary support and guidance can be painful. The Starter League provides you with expert instruction and mentorship. They also paired up with 37signals (creator of Basecamp and Campfire) to provide hands-on knowledge on building successful Web apps.

Pluralsight
Pluralsight was created by a group of developers with the goal of providing the highest quality training possible — for developers, by developers. The library is huge, with courses on nearly every topic you could ask for.

TekPub
TekPub was created with the goal of educating developers. The mini-casts topics range from JavaScript to Ruby on Rails, with more in-depth tutorials available. (Note: Tekpub has been acquired by Pluralsight; old videos can be accessed via Pluralsight).

PeepCode
PeepCode offers high-quality one-hour screencasts on development resources. Learning the most important techniques is quick and easy with these tutorials. (Note: Peepcode has been acquired by Pluralsight; old videos can be accessed via Pluralsight).

Hacker Rank
On Hacker Rank, coders compete to beat high scores by solving little challenges accross the whole science universe, including areas like algorithmy, code gold or artificial intelligence. How do you match up against others when coding a bot to win at tic-tac-toe?

Mozilla Webmaker
Mozilla Webmaker wants to help you move from merely using the Web to making something amazing with it. It has new tools for you to use, projects to help you get started, and a global community of creators — educators, filmmakers, journalists, developers, youth — all making and learning together.

Google Developers University Consortium
The Google Developers University Consortium features courses on mobile and Web development. You will find many usful resources, especially if you’re working with Android and Google Maps.

Android Training
On Android Training, you will find a collection of classes to help you build Android apps. The classes explain the steps to take in order to solve a problem or implement a feature, using code snippets and sample code.

Programr
Programr is an online lab for students and enthusiasts who want to learn programming. The platform’s goal is to give you the skills you need in order to write sophisticated programs. Test your coding skills by mastering assignments, build your own app right in the browser, and check out contributions by other users. You can even show off your know-how in programming contests. It supports coding languages for console, Web and mobile.

Learn Code the Hard Way
“Less talk, more code” is the credo of Learn Code the Hard Way. Students start by getting code to work; learning the theory comes second. The website focuses on practice by featuring exercises and rote repetition, which will help you gain confidence in whatever you want to do.

Dash
Dash teaches HTML, CSS, and Javascript through fun projects you can do in your browser.

Hack Design
Hack Design is an easy-to-follow design course. You can simply receive a design lesson in your inbox each week, which is hand crafted by a design pro. A great resource if you love learning at your own pace. No fake projects.

Code School
Code School teaches Web technologies in the comfort of your browser with video lessons, coding challenges, and screencasts.

Codecademy
At Codeacademy, you can build your own projects and learn how to create interactive websites, games, and apps. You can also join groups to code with your friends and show off your progress with points and badges.

Codewars
At Codewars you can challenge yourself on kata, created by the community to strengthen different skills. Kata are ranked to approximate difficulty. As you complete higher ranked kata, you progress through the ranks so Codewars can match you with relevant challenges.

LearnStreet
LearnStreet makes learning to code easy for anyone. Whether you would like to start off with JavaScript, Ruby or Python, the platform has got you covered. Build your skill base in the interactive courses, and use it in fun little projects.

PHP Academy
PHP Academy provides free tutorials on PHP and other Web development topics, including MySQL, JavaScript (including jQuery) and CSS. There are free video tutorials, optional premium membership and a forum to ask for help.

PLAYterm
PLAYterm is a platform where CLI users share their skills and inspire others. It can replay your terminal sessions online, and it provides embed codes that you can put on your website. Share your knowledge and help others improve their skills.

The New Boston
With his project, The New Boston, Bucky Roberts makes high-quality education available for everybody. His YouTube channel features a lot of computer-related tutorials on topics such as Java, C++, After Effects or Phyton.

gotoAndLearn
gotoAndLearn is a free video tutorial resource for Flash, Game development and HTML5 by game developer evangelist Lee Brimelow.

repl.it
On repl.it, you can explore more than 15 programming languages in your browser — even on the go with your phone or tablet. Just type an expression into the console and wait for the results. The Web application also lets you save your session and share it with others.

The Pragmatic Bookshelf
The Pragmatic Bookshelf’s mission is to improve the lifes of developers by offering text books, audio books and videos for training. The content is produced by programmers for programmers, addressing relevant cutting-edge topics.

HTML and CSS

30 Days to Learn HTML and CSS
Do you want to learn HTML and CSS but don’t know where to start? 30 Days to Learn HTML and CSS is a free course consisting of one video daily for 30 days. All you have to do is spend 10 minutes a day on a new topic. By the end, you’ll have the necessary building blocks to code an entire website.

A Beginner’s Guide to HTML & CSS
This simple and comprehensive guide will help novices take their first steps in HTML and CSS. Outlining the fundamentals, it teaches you all of the common elements of front-end design and development.

Don’t Fear the Internet
For those who don’t want to learn to code, this website provides a brief introduction to WordPress, CSS and HTML, even throwing in some PHP trickery. Jessica Hische and Russ Maschmeyer have prepared short chunks of technical information in concise videos.

JavaScript

Backbone Screencasts
If you’re learning Backbone.js, these screencast will be very useful. The extensive live coding sessions will walk you through, from the beginning to more advanced stuff like using Backbone.js with Ruby on Rails.

appendTo
JavaScript and jQuery skills are becoming more and more sought after. By offering a number of lessons, appendTo helps you develop those skills. Signing up isn’t even necessary; just watch the free screencasts (each around 10 minutes long), and start building your foundation of JavaScript and jQuery knowledge.

JavaScript Garden
JavaScript Garden is a growing collection of documentation about the most quirky parts of JavaScript. It offers advice on avoiding common mistakes and subtle bugs, and it lays out performance issues and bad practices that JavaScript programmers might run into on their journey to the depths of the language. The resource is dedicated to professional developers, rather than beginners, and it requires some basic knowledge of the language.

NodeSchool
NodeSchool offers interactive lessons for Node.js, including core concepts and electives. There is also a list of free/affordable in-person NodeSchool events around the world which are .

Eloquent JavaScript: A Modern Introduction to Programming
The book “Eloquent JavaScript” by Marijn Haverbeke introduces the JavaScript programming language and programming in general. A free digital version is available in HTML format and you can order a paperback version from Amazon. Furthemore, the book has been translated to French, German and Polish. (Note: A second, more modern edition is currently in process.)

Node Tuts
Node Tuts by Pedro Teixeira offers free webcasts exclusively about Node.Js.

Ruby on Rails

Ruby on Rails Tutorial
Michael Hartl has written a tutorial book named Ruby on Rails Tutorial. Visit the website to find the free online version, along with screencasts.

TryRuby
Ruby is a revolutionary programming language from Japan known for its simplicity and power. On TryRuby, you can experiment with it right in your browser. A 15-minute interactive tutorial will help you get started.

Hackety Hack
Hackety Hack teaches you the basics of programming by introducing the Ruby language. Build your skills from scratch, and use them to build desktop applications and websites.

Virtuous Code
Avdi Grimm is a software “cultivator” who publishes a screencast series on Ruby development. When you subscribe, you get new screencasts every Monday and Thursday (or access to the full scripts if you prefer reading to watching), the source code for each video and access to the complete archive of episodes.

RubyMonk
RubyMonk is an interactive Ruby learning plattform. You will learn the basics of the programming language right in your browser. The tutorials are free but donations are very welcome.

Rails for Zombies
Learn Ruby the zombie way with Rails for Zombie. You don’t have to worry about configuration. After watching short introductory videos, you can start experimenting right in the browser. The course is aimed at beginners, but there are also courses for more experienced Ruby developers.

RailsCasts
RailsCasts by Ryan Bates, offers a free weekly screencast featuring Tips and Tricks for Ruby on Rails. The topics are targeted for intermidiate users, but beginners and experts can also get something out of it. You may subscribe for additional screencasts.

Design

Drawspace
Drawspace is a community of drawing enthusiasts, professional artists and art educators. It features a huge library of free downloadable lessons that teach you how to draw or enhance your current abilities. With a profile, you can track your progress, from beginner to advanced levels.

Miscellaneous Lessons From The Web Industry

Treehouse
Treehouse is for beginners and experts. It offers material for learning everything you need to be successful in the Web industry. This includes technical knowledge, but also skills for starting a successful business. You can learn via specific tracks (i.e. Web developement) or topics.

Tuts+ Premium
Tuts+ Premium is a subscribers-only platform that offers resources for learning creative and technical skills such as design, Web development, motion graphics and photography. The content is created and constantly revised by leading experts. Choose whether to learn by video or articles with screenshots. A large community is behind Tuts+ Premium that you can connect with and ask for further help.

Ontwik
Ontwik gathers the latest lectures and conferences from Web developers and designers in one place. It covers topics such as JavaScript, NodeJS, jQuery, Ruby, Rails, HTML5, CSS3, UI, UX and more. There are also lectures on creativity, marketing and startups.

Because technical knowledge is not enough

A Student’s Guide to Web Design
Here is an attempt to better equip graduates in the design industry. It provides resources and information to help young Web designers with life after graduation.

#The50
After graduating from art college, Jamie Wieck realized that he had no clue about professional life. So, he started #The50 to help students and graduates in the same situation learn what every creative should know. The tips are made up of 140 characters and a hash tag, making them easy to share on Twitter.

The Web Design Community Offers Advice to Beginners,” Smashing Magazine
We asked, “What is the single best tip from your experience that you would give to a newbie developer?” This article compiles all of the amazing responses we received.

Jessica Hische’s Thoughts
Illustrator Jessica Hische doesn’t have a traditional blog, but she shares answers to frequently asked questions about her and her work. You’ll find useful advice on random topics regarding the Web industry such internships, pricing, non-creepy networking, and so on.

The Secret Handshake
The creative industry is very different from traditional companies and applying only traditional methods in the application process won’t bring you too far. The Secret Handshakes is a resource for students and young creatives looking for insiders insights, honest answers and solid solutions to help you go pro.

WaSP InterAct Curriculum
Designed to keep up with the fast-moving industry, WaSP InterAct is a living curriculum that prepares students for careers on the Web. Courses are divided into several learning tracks, covering everything from the foundations to professional practice. Recommended reading lists, assignments and exam questions help you to become a real Web professional.

Conference Organiser’s Handbook
Are you planning to organize a conference? Then, the Conference Organiser’s Handbook is the best place to start. The website was put together by Peter-Paul Koch and provides information on everything you need to know, from start to finish.

Expanding Your General Knowledge

TED
TED is devoted to “ideas worth spreading.” You can watch talks on technology, design, business, global issues, science and entertainment. Get inspired by other thinkers, and get involved in a community of curious people!

Khan Academy
The Khan Academy wants to provide anyone anywhere in the world with a world-class education — for free! All you need is an Internet connection. A huge video library provides you with lessons on a wide array of topics, covering everything from basic maths to macroeconomics to programming basics and even art history. Test your knowledge, track your progress and earn badges.

University of Reddit
The University of Reddit is an open-source peer-to-peer learning platform. The courses are free and range from computer science to mathematics to languages.

VideoLectures.Net
Registering on this site gives you free access to educational video lectures. The videos cover many fields of science and feature distinguished scholars and scientists at conferences, workshops and other events. The high-quality content is aimed at both the scientific community and the general public.

P2PU
The Peer 2 Peer University is an open-education project that encourages lifelong learning, following its credo “We are all teachers and we are all learners.” Everybody can participate and make use of the content. It also features a School of Webcraft, with some basic tutorials.

Online Courses
Online courses offers 100 open courses for tech geeks. Among them, you will find general computer science topics and courses on Web design and development. The website also provides information on accredited schools, college finances and studying.

Lynda
Lynda helps you learn software, creative and business skills. As a member, you get unlimited access to a huge library of high-quality video tutorials, taught by working professionals. Topics also include design and development.

Learners TV
Learners TV provides a huge collection of free downloadable video lectures on all sorts of topics, including computer science. The website also features science animations, lecture notes and live, timed online tests with instant feedback and explanations.

ReadWrite
ReadWrite covers all things Web, tech and social media. Its list of tech-focused instructional websites links you to platforms that teach a wide array of topics. The topics are pretty general, ranging from computing to hacking.

Learn a new language

Radio Lingua
Radio Lingua is a podcast that helps you learn languages where, when and how you want. There are quick starter courses if you want to learn the absolute basics of a language, or you can take your skills to the next level by diving into grammar and vocabulary. The episodes are aimed at learners of all ages and conducted by experienced teachers and native speakers.

Busuu
Learning a language with Busuu is completely different from what you are used to. As a member of the platform’s community, you learn directly from native speakers via video chat. That way, everyone is not only a learner, but also a teacher. To keep you motivated, the language you are learning is represented as a tree, which grows with the effort you put in. Joining Busuu is free.

Open University classes & University-style classes

Udacity
Udacity’s learning experience is different from other education platforms. Learn by solving challenging projects and by interacting with renowned university instructors and other students. The courses are as demanding as studying at a real university, but a range of certificate options are available.

OnlineCourses (formerly know as Lecturefox)
On OnlineCourses you will find high-quality classes from renowned universities such as Harvard, Berkeley and MIT. Topics range from biology to accounting, foreign languages to science.

Education Portal
Making education accessible is the goal of the Education Portal. The platform offers articles and videos on researching schools, degree programs and online courses. Covering everything from arts to sciences, it also has a list of free Web design courses that lead to college credits.

OpenClassroom
Stanford University’s OpenClassroom provides videos of computer sciences courses. You can watch the videos for free, and the lessons are split up into short chunks of quality information.

MIT OpenCourseWare
MIT OpenCourseWare publishes virtually all MIT course content. The open platform doesn’t require any registration, and it features free lecture notes, exams and videos.

OpenCourseWare
The OCW consortium is a collaboration of higher-education institutions and associated organizations from around the world to create a broad and deep body of open-education content using a shared model.

The Faculty Project
The Web isn’t be the only thing you are interested in. If so, then the Faculty Project might be for you. It brings lectures from leading university professors to anyone with an Internet connection. The free courses are taught through video, slideshows and reading resources, and they cover lessons from maths to economics to history.

Academic Earth
Whether you want to advance your career or just take classes that interest you, Academic Earth provide anyone with the opportunity to earn a world-class education. The website offers free lessons and learning tools from many disciplines. If you would like to study further, it also connects you to universities and scholars.

Course Hero
Course Hero has a mission to help college students get the most out of their education by giving them access to the best academic content and materials available. Search for study documents by department, keyword and even school. After registering, you can use the resources for free.

edX
edX is a not-for-profit enterprise by MIT, Harvard, Berkley and the University of Texas System. Take part in high-quality online courses from different disciplines — including computer science — and obtain a certificate from one of the renowned universities. The institutions use the insights they gain from the platform to research how technology can transform learning.

Coursera
Partnering with the top universities from around the world, Coursera offers free online courses. The lectures are taught by renowned professors and cover a variety of disciplines. Assignments and interactive exercises help you test and reinforce your knowledge.

Webcast.berkeley
Since 2001, Webcast.berkeley has been a window into UC Berkeley’s classrooms, publishing courses and campus events for students and learners everywhere in the world. View audio and video recordings of lectures online, or download them to your device.

The Open University
The Open University is open to anyone and offers over 570 courses at many different levels, from short introductory courses to postgraduate and research degrees. Studying is flexible and adapts to your lifestyle. You can even connect to other learners online and use the activities to assess your progress.

Last Click…

WeekendHacker
Do you have a small project or idea in mind but need a little help? WeekendHacker is a place to reach out to designers and developers who may be able to assist. Simply sign up, post your project, and sit back and wait for someone to help.

Until Next Time!

We hope that this list of learning resources will help you to further develop your skills and open doors for you. Of course, you’re more than welcome to share other resources that are missing in this round-up in the comments section below! Also, we look forward to hearing which resource you find most valuable, and why!

By the way, you may also want to check out Melanie Lang’s list of inspirational podcasts — we highly recommend it!

(sh, ml, ea, il)

Front page image credits: Programmr.

Advertising

Original post on Hacker News

How I want to write node: stream all the things!

Comments: "How I want to write node: stream all the things!"

URL: http://caolanmcmahon.com/posts/how_i_want_to_write_node_stream_all_the_things_new/


I wrote the async library back when Node first removed Promises from core (yes, that really was the case). Back then, I preferred to do with plain callbacks what was usually done by including third-party Promise, Future or Continuable libraries instead.

I find a certain elegance in describing complex patterns using simple parts, particularly when the parts are made composable through a common interface. In Node, and JavaScript in general, you're likely to use a combination of Promises, callbacks, Streams, Event Emitters and even ES6 Generators. To me, however, these all represent values in the future. What if we could reduce entire programs to transformations over a Stream, and have just one API to rule them all?

Well, here is my proposal, for your consideration and feedback:
Highland, a high-level streams library

var _ = require('highland');
var doubled = _([1, 2, 3, 4]).map(function (x) {
 return x * 2;
});
var data = filenames.map(readFile).parallel(4);
data.errors(function (err, rethrow) {
 
});
data.pipe(output);
var output = fs.createWriteStream('output');
var docs = db.createReadStream();
_(docs).filter(isBlogpost).pipe(output);
docs.pipe(_().filter(isBlogpost)).pipe(output);
var clicks = _('click', btn).map(1);
var counter = clicks.scan(0, _.add);
counter.each(function (n) {
 $('#count').text(n);
});

This is not a new idea, but I believe it is a new combination of features, which is important. Those of you that work with Streams in Node may be aware of the excellent modules by Dominic Tarr, similarly if you're from the browser you might use FRP libraries such as RxJS. These are all great, but they hint at a deeper abstraction, one which would allow us to write entire programs using Streams. In an attempt to achieve this, Highland implements:

  • Back-pressure support - Data sources are regulated so that slow consumers are not overwhelmed
  • Laziness - So we can use the reading of Streams to sequence the execution of code - this means we can choose to read from files in parallel or series, or stop reading after an error, for example
  • Asynchronous operations - So we're able to handle async data sources and async transformations
  • Error and data channels - So we can manage error propagation from sync and async code
  • Compatible with Node Streams - So we can pipe Node Streams to and from Highland Streams and play nicely with the Node ecosystem

If you find this idea intriguing and want to explore it further, then check out the Highland website. I'd love to hear your experiences.

Highland on GitHub

Original post on Hacker News

solo.im - a single founder peer group

Comments: "solo.im - a single founder peer group"

Original post on Hacker News

doo | Every ending holds a new beginning

Comments: " doo | Every ending holds a new beginning "

URL: https://doo.net/story.html


Every ending holds a new beginning

It is with a heavy heart we have to announce that “doo – the document app” will be shutting down on Monday, March 17, 2014.

We founded this company in June 2011 to change the way people organize and work with documents. These were our hypotheses.

  • We believed the time had come to shift from “folder-based” to “tag-based” organization of documents.
  • We believed the increasing number of digital documents and document sources poses a big problem to many people.
  • And we believed people are struggling to access all these documents and document sources from their (mobile) devices and to keep them “in sync”.

Well, maybe we’re still too attached to our “baby”, but we actually still believe in these hypotheses. Anyway, here are the facts.

  • We launched the first doo app for Windows 8 in October, 2012 – right on time for the Windows 8 launch. The app gave us a tough time – also in subsequent months – since it was really hard to do what we do on this platform.
  • In parallel we got our data intelligence team up and running and started to build advanced data intelligence technology for documents including image pre-processing, OCR and auto-tagging based on a combination of machine learning- and several other algorithms.
  • Then, in February, 2013 we launched doo for OS X. Apple featured the app as “editor’s choice” on the Mac App Store. All major tech blogs covered us. doo for OS X soon became top downloaded app #1 globally and in more than 50 markets including US, UK, and Germany. But after a lot of initial downloads, we soon saw a significant drop in our download and user activity figures. “Well, the app is not feature complete, performance needs to be optimized either and we don’t have the mobile apps yet to make our case regarding sync. It’s OK”, we thought and moved on.
  • In March, 2013 we received the Innovate 4 Society award sponsored by Microsoft. The award was presented by Chancellor Dr. Angela Merkel to our CEO, Frank, at the CeBIT.
  • Next, we launched our Android app in April and iOS app in August, 2013. Now, we had our mobile apps including mobile scanning. The Android user base displayed steady growth and user activity; plus, we received a lot of positive user ratings on Play and were selected as a TopApp by Deutsche Telekom. However, we couldn’t get enough visibility on Play to accelerate our growth.
  • The iOS app, in contrast, received a lot of attention. It even became one of the “Best Apps 2013” on the iTunes Store later this year. And again, same experience as doo for OS X.
  • We were very happy to see a world class company like Evernote feature our app.
  • In October 2013 we finally launched a beta version of our Windows Desktop app; and the RC in January 2014.

After launching all these apps, delivering our core feature set and continuously improving on performance and stability, we still couldn’t generate the necessary growth and user activity. We had to face it. Either our hypotheses were wrong or we didn’t get the product right to address the problem. We simply do not seem to address the needs of a large enough audience.

Thus, as of Monday, March 17, 2014 at 4pm CET the doo servers will be shut down and the User License agreement for the use of doo is terminated with effect as of this date. The doo apps for OS X and Windows will continue to work locally, but the apps for Android, iOS as well as all features related to our server such as synchronisation among devices, connecting and synchronizing with cloud services, or online login to the doo user accounts will no longer work.

All user data and files on doo servers will be completely and irrevocably deleted. All data in your local apps will, of course, not be affected. Have a look at our user guide and FAQ for more detailed information regarding the shut down.

So what’s next?

Even though we’ve been chasing the wrong rabbit, we have built outstanding cloud storage, sync and search technologies. Plus, we have great investors, who believe in our team. So there is only one option: we have already started working on new products based on what we’ve learned … we’ll keep you posted!

Thanks a lot for all your feedback, encouragement and support! And don’t hesitate to reach out with any thoughts or questions. Email us at hello@doo.net or tweet @doo.

Original post on Hacker News

BBC News - Linking to free web content is legal, says EU Court

Comments: "BBC News - Linking to free web content is legal, says EU Court"

URL: http://www.bbc.co.uk/news/technology-26187730


14 February 2014 Last updated at 09:50 ET

Websites can link to freely available content without the permission of the copyright holder, the European Court of Justice says.

The court's decision came after a dispute in Sweden between journalists and a web company that had posted links on its site to online news articles.

A Swedish court had asked the EU court to consider whether this broke copyright law.

The "position would be different" for links that bypass a paywall.

The journalists worked for the Swedish newspaper Goteborgs-Posten and had articles published on the paper's website.

The company Retriever Sverige runs a website that provides links to articles published by other websites.

Broken the internet

The journalists argued in the original case that users of Retriever Sverige's website would not know that they had been sent to another website by clicking on the links and therefore had made their articles available without authorisation. They said that because of this they were due compensation.

The case was unsuccessful in the Swedish courts but there was an appeal and the appeal court asked the EU Court of Justice to consider whether copyright law had been broken.

The court had to consider whether by providing links Retriever Sverige had taken part in an "act of communication to the public". Under EU copyright law, authors have the exclusive right to authorise or prohibit any communication to the public of their works.

The court ruled that the law had not been broken because the articles in question were on Goteborgs-Posten's website and therefore already "freely available".

In a statement it said: "The owner of a website may, without the authorisation of the copyright holders, redirect internet users, via hyperlinks, to protected works available on a freely accessible basis on another site."

But they ruled that the "position would be different" if a link led users to material that had purposely been restricted from being freely available - for example if it had been posted on a site that operates a paywall.

"If the decision had gone the other way it would have broken the internet," said Susan Hall, technology lawyer at Clarke Willmott.

"The way we communicate online is predicated on sharing material, whether that's links to Robert Peston on Bank of England interest rates, decisions of the European court or pictures of otters who look like Benedict Cumberbatch," she said.

Goteborgs-Posten told the BBC that it was making no comment on the ruling.

Original post on Hacker News

IP Address Details - ipinfo.io

Comments: "IP Address Details - ipinfo.io"

Original post on Hacker News

Pandora Knows if You Are a Republican - WSJ.com

Comments: "Pandora Knows if You Are a Republican - WSJ.com"

URL: http://online.wsj.com/news/article_email/SB10001424052702304315004579381393567130078-lMyQjAxMTA0MDEwMzExNDMyWj


Feb. 13, 2014 7:32 p.m. ET

Next time you listen to a Bob Marley channel on Pandora Media Inc., P -0.19% Pandora Media Inc. U.S.: NYSE $36.09 -0.07 -0.19% Feb. 14, 2014 2:59 pm Volume (Delayed 15m) : 4.85M P/E Ratio N/A Market Cap $7.02 Billion Dividend Yield N/A Rev. per Employee $862,018 02/13/14 Pandora Knows if You Are a Rep... 02/06/14 Stocks to Watch: Green Mountai... 02/05/14 Pandora Outlook Disappoints Bu... More quote details and news » P in Your Value Your Change Short position the Internet radio service may peg you as likely to vote for a Democrat.

The Oakland, Calif., company plans to roll out a new advertising service next week that would enable candidates and political organizations to target the majority of its 73 million active monthly Pandora listeners based on its sense of their political leanings.

How can it do this? The company matches election results with subscribers' musical preferences by ZIP Code. Then, it labels individual users based on their musical tastes and whether those artists are more frequently listened to in Democratic or Republican areas. Users don't divulge their political affiliations when they sign up for Pandora. (Take a quiz to see what your playlist says about you.)

Pandora's effort to pinpoint voter preferences highlights how digital media companies are finding new ways to tap information that users share freely to target advertising. These go beyond the traditional tracking of Web-browsing habits. Pandora, locked in a battle for advertising revenue with Internet radio services such as Spotify, sees political advertising as a way to boost revenue.

Facebook Inc. FB +0.12% Facebook Inc. Cl A U.S.: Nasdaq $67.41 +0.08 +0.12% Feb. 14, 2014 2:59 pm Volume (Delayed 15m) : 29.02M P/E Ratio 110.59 Market Cap $171.67 Billion Dividend Yield N/A Rev. per Employee $1,242,230 02/14/14 Top 50 Cities for Singles Look... 02/13/14 Facebook Adds New Options for ... 02/12/14 New Apps Whisper and Secret Ca... More quote details and news » FB in Your Value Your Change Short position is considered the pioneer in compiling information that users share to create demographic profiles for online advertisers. During the 2008 election, Facebook began allowing political firms to target users by mining clues to their interests and their location.

Before the 2011 Iowa Straw Poll, for example, Rep. Michele Bachmann (R., Minn.) advertised to Facebook users who had identified themselves as Tea Party supporters or Christian rock fans, or who had posted messages in favor of tax cuts.

"Targeting users is basically the currency in data right now," says Jack Krawczyk, Pandora's director of product management. He says companies like Pandora and Facebook, which know users' names, and can track their media consumption or stated preferences across computers, tablets and phones, have an advantage over companies relying on Web browsing cookies.

In November, Pandora allowed advertisers to target users who listened to salsa, or Spanish-language music and live in ZIP Codes with many Hispanic residents. It plans to tease out more demographic groups in coming months. "We can infer parenting," Mr. Krawczyk said. "If you're registered as a female in your thirties and have a children's music station."

Users of Pandora's free service cannot opt out of politically targeted ads, though they can opt out of cookie-based ads on Pandora's website. Pandora offers an ad-free premium service for $3.99 a month.

Pandora's inferences start with a user's ZIP Code, supplied at registration. Pandora then reviews election results for that county, Mr. Krawczyk said. So if 80% of citizens in a certain county voted for President Obama in 2012, Pandora assumes that 80% of people in the ZIP Codes in that county "lean Democrat." If the county voted twice for Obama, the algorithm pegs users in those ZIP Codes as likely to be "strong Democrats."

Pandora has allowed political advertisers to target users based on their ZIP Code since 2011. Now, it is adding information about users' musical tastes and other attributes in the hope of creating a more valuable profile.

Do political leanings correlate with music preferences? Mr. Krawczyk said he believes Pandora's predictions are between 75% and 80% accurate, but the "true test" will be how the ads perform. Pandora uses county election results in assembling its profiles because it has found they are better predictors than more-local results, such as from a voting precinct.

Of course, some of the analysis seems simplistic. Pandora users who listen to country music more often live in Republican areas, while fans of jazz, reggae and electronic music are more commonly found in counties favoring Democrats, the company said. R&B listeners lean slightly to Democrats and Gospel and New Age listeners lean slightly to Republicans, Pandora said. Classic rockers like Bruce Springsteen and Hip Hop artists are harder to classify; they count fans in both parties.

Generally, the preferences are distinct enough to appeal to advertisers. "There are very few places where people listen to a combination of country music and jazz," Mr. Krawczyk said.

Pandora has signed up two political-advertising firms, Precision Network and Bully Pulpit Interactive, which ran digital media for Sen. Elizabeth Warren's (D., Mass.) campaign and for New York City Mayor Bill de Blasio.

Bully Pulpit President Andrew Bleeker said the firm is looking to Pandora to "help us tailor the right message to the right audience."

Mr. Krawczyk said Pandora is planning to offer data about income into a targeted advertising formula, based on the average income in a user's ZIP Code. He says that people within higher-income brackets have more eclectic musical tastes than others.

Original post on Hacker News

2014-02-14

Untitled

Comments: "scribd"

URL: http://www.scribd.com/vacuum?url=http://msnbcmedia.msn.com/i/MSNBC/Sections/NEWS/nsa-snowden.pdf


There was a problem sending you an sms. Check your phone number or try again later.

To get Scribd mobile enter your number and we'll send you a link to the Scribd app for iPhone & Android.

We've sent a link to the Scribd app. If you didn't receive it, try again.

Original post on Hacker News

Schneier on Security: The Insecurity of Secret IT Systems

Comments: "Schneier on Security: The Insecurity of Secret IT Systems"

URL: https://www.schneier.com/blog/archives/2014/02/the_insecurity_2.html


 

A blog covering security and security technology.

« GOPHERSET: NSA Exploit of the Day | Main | My Talk on the NSA »

February 14, 2014

The Insecurity of Secret IT Systems

We now know a lot about the security of the Rapiscan 522 B x-ray system used to scan carry-on baggage in airports worldwide. Billy Rios, director of threat intelligence at Qualys, got himself one and analyzed it. And he presented his results at the Kaspersky Security Analyst Summit this week.

It’s worse than you might have expected:

It runs on the outdated Windows 98 operating system, stores user credentials in plain text, and includes a feature called Threat Image Projection used to train screeners by injecting .bmp images of contraband, such as a gun or knife, into a passenger carry-on in order to test the screener's reaction during training sessions. The weak logins could allow a bad guy to project phony images on the X-ray display.

While this is all surprising, it shouldn’t be. These are the same sort of problems we saw in proprietary electronic voting machines, or computerized medical equipment, or computers in automobiles. Basically, whenever an IT system is designed and used in secret – either actual secret or simply away from public scrutiny – the results are pretty awful.

I used to decry secret security systems as "security by obscurity." I now say it more strongly: "obscurity means insecurity."

Security is a process. For software, that process is iterative. It involves defenders trying to build a secure system, attackers -- criminals, hackers, and researchers -- defeating the security, and defenders improving their system. This is how all mass-market software improves its security. It’s the best system we have. And for systems that are kept out of the hands of the public, that process stalls. The result looks like the Rapiscan 522 B x-ray system.

Smart security engineers open their systems to public scrutiny, because that’s how they improve. The truly awful engineers will not only hide their bad designs behind secrecy, but try to belittle any negative security results. Get ready for Rapiscan to claim that the researchers had old software, and the new software has fixed all these problems. Or that they’re only theoretical. Or that the researchers themselves are the problem. We’ve seen it all before.

Tags: air travel, disclosure, economics of security, obscurity, secrecy, security engineering

Posted on February 14, 2014 at 6:50 AM28 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

In Europe they use quantum key cryptography in their voting systems:

http://www.idquantique.com/news-and-events/...

In Europe, the struggle to create a public realm out of the monarchy's private government extends back to populist movements in the Middle Ages such as the Ranters and Diggers and Bretheren of the Free Spirit; they seem more likely to view their government as something that really belongs to them, with the potential to work for them.

In the United States, our struggle to create a public government really begins with the 14th Amendment. Between then and the civil rights era is when we obtained universal suffrage. The franchise was highly exclusive in the Revolutionary era -- so much so that "WE, the People" probably only represents the will of 5-7% of the population at the time. Since then, the conservative battle cry has been "smaller government" and "privatization." Notwithstanding that we had private government once before -- when we were owned by the Britain -- we have this myth of obtaining self rule by fighting tyranny, when, in fact, the road to self rule has been a much more complicated struggle. But the myth prevails over history.

The 522B is ancient - at least 5-10 years old. http://aerodetection.com/rapiscan-522b/ says the units it has are 8-10 years old.

I'd be much more interested in the Rapiscan 620DV which appears to be the model used at major airports in Europe.

I still remember the first time I ran smack into security-by-obscurity. My boss at the time put me in charge of the most secure system we had at work. It was kept behind a heavy locked door and I was admitted only after a strong lecture on how important it was to keep it as secure as possible.

Even behind a closed door, he felt it necessary to whisper: "and the password is 'secret', which of course we can't tell anybody and they would never guess..."

The idea of continual improvement driven by the hostile nature of the operating environment seems very similar to evolution in the natural world. I don't mean analagous to, I mean another form of evolution, survival of the fittest. Obscurity, obfuscation, and political lobbying are all attempts to exclude a product from the security evolutionary process but even at the very highest levels - government printed currency, NSA information - it is impossible to isolate anything from security evolutionary forces.
It is better to embrace this process and to continually iteratively evolve and grow stronger and wiser during the process than to try and hold the driving forces of evolution at bay. The driving threat forces of security evolution themselves evolve, adapt and get stronger over time. You can hold them at bay temporarily through obscurity and obfuscation, but it then become only a matter of for how long? e.g. Sony Playstation 3
The Playstation 3 is an interesting example in that it was finally cracked due to sloppy cryptography implementation ( what was meant to be a random number generator was implemented as a constant ). I say interesting because peer / open review would have exposed the obvious flaw and it would have been fixed. In this case it was the obscurity and obfuscation that ultimately was responsible for the security being broken.
https://www.schneier.com/blog/archives/2011/01/sony_ps3_securi.html

OK, so if Kaspersky or Symantec or TrendMicro or Norton doesn't hand over all their source code I shouldn't buy the product... right?

OK, go ahead and post all your passwords and SSN's and your credit card info.

@beatty Well ... yes, although not just because you don't have source code. Virus scanners typically only search for known exploit code (and perhaps a few variations on it). They're fundamentally reactive and in my view not worth the effort.

@vincent You jest. The difference between secret paswords and secret algorithms has been explained to death already.

@vincent: not really. That is yours, your privacy for your own usage/protection, but when somebody offer for public usage some kind of security product, it should be available for public scrutiny on potential security threats/weaknesses and invasion of privacy (like recently Samsung on smart TV agreed to provide led indicator when camera is on. I hope that activation is hardware, not software).

The meta-problem here is that many (in my experience most) software "engineers" are incompetent and do not qualify as engineers. The result is that the typical software system sucks badly.

This machine is just a standard example. However though Windows (no matter what version) was suitable as an embedded OS has no business working on software or surrounding systems.

@beatty -- you shouldn't buy their products if you don't trust them. I don't and the systems my family uses haven't had an problems. But they don't hide what they're doing and they have some pretty vigorous competition.

@vincent -- I hope you don't think there is anything especially "secure" about your SSN. But hiding secret information used to access a system is different than hiding or obscuring information about the the system itself, which is what this post is about.

No, this just another cherry-picked instance of failed product development that is being used for self-serving purposes. It's easy, isn't it, to swoop in after the fact and point out everything that went wrong. Do you even know what the original threat model was? For all you know this failure was the RESULT of anal security engineers that suffocated product development until the project collapsed. You don't know. You pick up on all this pop news junk and fling it anyway you want.

Oh, it gets better. I keep thinking that if you control the software, you can probably control where the X-Ray beam is at. And observe that TSA agents walk back and forth through the scanner all the time.

So you keep it ON bouncing back and forth scanning at roughly chest level when not actually scanning the full body. When you see something metallic (say, a TSA badge), you immediately drop the emitter down to crotch level for the next 10 seconds...

"For all you know this failure was the RESULT of anal security engineers"

Win98 and plaintext passwords are not the result of anal security engineers. Unless, of course you mean actual anal security engineers, in which case it is not surprising, as they only know stuff about how to use a variety of rubber corks.

I somewhat disagree that engineers try to hide their bad designs through obscurity. I don't believe they even think about security.

There seems to be this idea of "Well, why would anyone attack that?" that is prevalent far too often. It's why we have empty passwords on internet-facing SCADA stuff, hopelessly outdated operating systems that can't be updated on embedded systems, etc. Nobody thinks like attackers. Closed systems are perfectly acceptable to people who don't think they will ever be a target.

It would be like me inventing my own door lock, and because no one has seen one before, I can assume I'm protected. (Of course this could also be said - Since no one has attempted to break into it yet, I hope I'm protected)

Rather than the alternative

Buying a door lock that has been proven in the real world. Paying attention to security bulletins so that if an exploit is found, I can replace it with a fixed version.

@vincent - Either way, I'm not giving you my key.

@Jason. All you said is valid when you are random target making you more protected than next target in the phishing scheme. Just to bring some relax mood: "Two young ladies were in the jungle and spotted lion. One start running, another asked is she really could run faster than lion. Nope, she reply. Just faster than you..." If you are NOT random target, all depends on the actor's resources available to break your security (psychical or informational): local thugs, organized crime, LEA local or state, LEA federal, foreign agents, etc.

@vas pup:

Well, now we're just getting deeper into security concepts. I don't think the threat of a targeted attack is a reason to abandon tried and tested methods. I think it's a reason to bring in additional expertise, add some additional layers of protection. (Instead of just a good door lock, add a surveillance system, alarm system, maybe a stronger door, bars on windows). The security system you use, no matter what you're protecting has a cost that must be weighed against the risk, and to be effective almost certainly will be layered.

@ Bruce,

    The truly awful engineers will not only hide their bad designs behind secrecy, but try to belittle any negative security results

That statment is a little unfair, because when it comes to hardware the closer you are to the metal, generaly the more competent you are as an "engineer".

The problem generaly starts and ends with managment, because,

1, Like quality, security has to be there fully functional from project day 0.

2, Security processes, training etc "cost".

You have to be an "old engineer" to remember the days befor quality processes were considered part and parcel of the job. And unfortunatly the area quality processes are least frequently found is "software engineering". Just take any modern software methodology and find the bits that are actually about "Quality Assurance"...

The simple answer is all you will find is an illusion or mirage paying lip service to any real quality process. It's also the reason grizzled old vetrans of software coding will tell you that most software development methodologies are at best "make work" and that you will get better results where team members share a common non adveserial goal and thus trust each other.

And when you look back at the development of QA systems it was the teams who bought into it and trusted the others that the most benifit was seen.

The reason QA actually got going was two fold,

1, Managment saw the financial benifit before the factory door.

2, Those who saw benifit used QA as a part of purchase decision.

Neither of these conditions is true currently for "security" thus managment treat it as "a non productive inefficiency" and thus "managment mantra" says it should be ruthlessly expunged from the work process "to increase productivity"

The way to get security into the design process as a norm is by making having it the most profitable path to walk, that way as with QA "managment mantra" will change.

Untill that time blaiming other people for "keeping their jobs" is a little unfair.


I think the article is dead wrong about the threat projection system being a big issue.

The purpose of this system is to keep the screener alert. In a normal airport, a contraband item like a bomb, gun, etc. might occur at most once a day. Rare contraband like a bomb is probably less than once in a lifetime. Hence it would be natural for a screener to simply 'pass' all luggage, even if they are being diligent. Adding these "false positives" gives the screener something to do, and increases security by "impedence matching" the task at hand to the psychology of the operator.

It's true that an attacker could have the system inject innocuous items, or perhaps have it inject items at a very high rate. I suspect that either of these new behaviors would be quickly noticed.

Actually, in any airport, contraband like this would occur at most 24hrs/airport-lockdown-time per day.

Looks like I was wrong. The other article gives more details about the system, and it is pretty crappy.

It's one thing to superimpose false images that are removed after alarming on them. It's another entirely to allow some other person to choose the time when the false image will be shown, and to replace rather than modify the image.

Hacking is illegal. Selling crappy secured soft- / hardware isn't (wearing my black and white glasses now).

"Upon seeing a weapon on the screen, operators are supposed to push a button to notify supervisors of the find. But if the image is a fake one that was superimposed, a message appears onscreen telling them so and advising them to search the bag anyway to be sure. If a fake image of a clean bag is superimposed on screen instead, the operator would never press the button, and therefore never be instructed to hand-search the bag."

If the training software assumes that the .bmp images have simulated contraband, one would think that the training software would do something if the operator doesn't press the button when a .bmp is displayed. Or does the attacker who introduces a "clean" .bmp file also modify the software?

Thank you, Bruce... "Obscurity means insecurity" is exactly what I've always meant, when I said "closed source by definition is insecure".... only open source can be secure (which doesn't guarantee that it is, only that it's at least possible).

What really worries me is that we haven't really learned a lot.

The 1983 movie wargames could happen today. Maybe not in the US (although I doubt that), but there are more countries in the world. The problem with security by obscurity is that you just don't know whether there is a WOPR that has a backdoor with the login "Joshua".

How secure are these nucleair platform systems? Just look at the stoxnet virus. Is "the west" capable of protecting itself against this kind of things? I don't think so. (looking at this news item)

And is the JSF/F-35 capable of dropping a nuke? It also contains 20 mln lines of C++ code.

I think this is way more worrying than any "terrorist attack".

I don't know. Maybe it's just BS that I am talking about. I am not a security expert. But I do know that you can't trust computers. Not yesterday, today or tomorrow.

Bruce,

Saw you at SAS, thanks for speaking!

Did you notice on the way out that all the machines in the Punta Cana airport were the make and model Billy and Terry evaluated?

Mike

Your comment about engineers (smart vs awful) was unfortunate. Well-established companies such as Diebold produce software with a workforce that is salaried and university-educated. The software produced usually conforms to management's priorities. If QA isn't isn't part of the software process, the software produced will tell the tale. The company with good management and a weak engineering staff is a rare beast. Unicorn rare. If Diebold has crappy software, then Diebold is to blame, not some mythical bumbler.

To say nothing of the procurement process.

True of Diebold and Rapiscan!

Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..

 

Original post on Hacker News

pstadler/flightplan · GitHub

Comments: "pstadler/flightplan · GitHub"

URL: https://github.com/pstadler/flightplan


Flightplan ✈

Run a sequence of commands against local and remote hosts.

Flightplan is a node.js library for streamlining application deployment or systems administration tasks, similar to Python's Fabric.

Installation & Usage

# install the cli tool
$ npm install -g flightplan
# use it in your project
$ npm install flightplan --save-dev
# run a flightplan (`fly --help` for more information)
$ fly <destination> [--plan flightplan.js]

Sample flightplan.js

// flightplan.js
var Flightplan = require('flightplan');
var tmpDir = 'pstadler-sh-' + new Date().getTime();
// configuration
plan.briefing({
 debug: false,
 destinations: {
 'staging': {
 host: 'staging.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 },
 'production': [
 {
 host: 'www1.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 },
 {
 host: 'www2.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 }
 ]
 }
});
// run commands on localhost
plan.domestic(function(local) {
 local.log('Run build');
 local.exec('gulp build');
 local.log('Copy files to remote host');
 var filesToCopy = '(git ls-files -z;find assets/public -type f -print0)';
 local.exec(filesToCopy + '|rsync --files-from - -avz0 --rsh="ssh"'
 + ' ./ pstadler@pstadler.sh:/tmp/' + tmpDir);
});
// run commands on remote hosts (destinations)
plan.international(function(remote) {
 remote.log('Move folder to web root');
 remote.sudo('cp -R /tmp/' + tmpDir + ' ~', { user: 'www' });
 remote.rm('-rf /tmp/' + tmpDir);
 remote.log('Install dependencies');
 remote.sudo('npm --production --silent --prefix ~/'
 + tmpDir + ' install ~/' + tmpDir, { user: 'www' });
 remote.log('Reload application');
 remote.sudo('ln -snf ~/' + tmpDir + ' ~/pstadler-sh', { user: 'www' });
 remote.sudo('pm2 reload pstadler-sh', { user: 'www' });
});
// run more commands on localhost afterwards
plan.domestic(function(local) { /* ... */ });
// ...or on remote hosts
plan.international(function(remote) { /* ... */ });
// executed if flightplan succeeded
plan.success(function() {
});
// executed if flightplan failed
plan.disaster(function() {
});
// always executed after flightplan finished
plan.debriefing(function() {
});

Documentation

Flightplan

A flightplan is a set of subsequent flights to be executed on one or more hosts. The constructor doesn't take any arguments. The configuration is handled with the briefing() method.

var plan = new Flightplan();

Flights

A flight is a set of commands to be executed on one or more hosts. There are two types of flights:

Domestic flights

Commands in domestic flights are executed on the local host.

plan.domestic(function(transport) {
 transport.hostname(); // prints the hostname of the local host
});

International flights

Commands in international flights are executed in parallel against remote hosts defined during the briefing.

plan.international(function(transport) {
 transport.hostname(); // prints the hostname(s) of the remote host(s)
});

You can define multiple flights of each type. They will be executed in the order of their definition. If a previous flight failed, all subsequent flights won't get executed. For more information about what it means for a flight to fail, see the section about Transport.

// executed first
plan.domestic(function(transport) {});
// executed if first flight succeeded
plan.international(function(transport) {});
// executed if second flight succeeded
plan.domestic(function(transport) {});
// ...

flightplan.briefing(config) → this

Configure the flightplan's destinations with briefing(). Without a proper briefing you can't do international flights which require at least one destination. Each destination consists of one ore more hosts.

Values in the hosts section are passed directly to the connect() method of mscdex/ssh2.

plan.briefing({
 destinations: {
 // run with `fly staging`
 'staging': {
 // see: https://github.com/mscdex/ssh2#connection-methods
 host: 'staging.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 },
 // run with `fly production`
 'production': [
 {
 host: 'www1.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 },
 {
 host: 'www2.pstadler.sh',
 username: 'pstadler',
 agent: process.env.SSH_AUTH_SOCK
 },
 ]
 }
});

You can override the username value of all hosts by calling fly with the -u|--username option:

fly production --username=admin

flightplan.domestic(fn) → this

Calling this method registers a domestic flight. Domestic flights are executed on your local host. When fn gets called a Transport object is passed with the first argument.

plan.domestic(function(local) {
 local.echo('hello from your localhost.');
});

flightplan.international(fn) → this

Calling this method registers an international flight. International flights are executed on the current destination's remote hosts defined with briefing(). When fn gets called a Transport object is passed with the first argument.

plan.international(function(remote) {
 remote.echo('hello from the remote host.');
});

flightplan.success(fn) → this

fn() is called after the flightplan (and therefore all flights) succeeded.

flightplan.disaster(fn) → this

fn() is called after the flightplan was aborted.

flightplan.debriefing(fn)

fn() is called at the very end of the flightplan's execution.

flightplan.isAborted() → Boolean

Whether the flightplan is aborted or not.

flightplan.abort([message])

Calling this method will abort the flightplan and prevent any further flights from being executed. An optional message can be passed which will be displayed after the flightplan has been aborted.

plan.abort('Severe turbulences over the atlantic ocean!');

Transport

A transport is the interface you use during flights. Basically they offer you a set of methods to execute a chain of commands. Depending on the type of flight, this is either a ShellTransport object for domestic flights, or an SSHTransport for international flights. Both transports expose the same set of methods as described in this section.

plan.domestic(function(local) {
 local.echo('ShellTransport.echo() called');
});
plan.domestic(function(remote) {
 remote.echo('SSHTransport.echo() called');
});

We call the Transport object transport in the following section to avoid confusion. However, do yourself a favor and use local for domestic, and remote for international flights.

transport.exec(command[, options]) → code: int, stdout: String, stderr: String

To execute a command you have the choice between using exec() or one of the handy wrappers for often used commands: transport.exec('ls -al') is the same as transport.ls('-al'). If a command returns a non-zero exit code, the flightplan will be aborted and all subsequent commands and flights won't get executed.

Options

Options can be passed as a second argument. If failsafe: true is passed, the command is allowed to fail (i.e. exiting with a non-zero exit code), whereas silent: true will simply suppress its output.

// output of `ls -al` is suppressed
transport.ls('-al', {silent: true});
// flightplan continues even if command fails with exit code `1`
transport.ls('-al foo', {failsafe: true}); // ls: foo: No such file or directory
// both options together
transport.ls('-al foo', {silent: true, failsafe: true});

To apply these options to multiple commands check out the docs of transport.silent() and transport.failsafe().

Return value

Each command returns an object containing code, stdout andstderr:

var retval = transport.echo('Hello world');
console.log(retval); // { code: 0, stdout: 'Hello world\n', stderr: null }

transport.sudo(command[, options]) → code: int, stdout: String, stderr: String

Execute a command as another user with sudo(). It has the same signature as exec(). Per default, the user under which the command will be executed is "root". This can be changed by passing user: "name" with the second argument:

// will run: sudo -u root -i bash -c 'Hello world'
transport.sudo('echo Hello world');
// will run sudo -u www -i bash -c 'Hello world'
transport.sudo('echo Hello world', {user: 'www'});
// further options passed (see `exec()`)
transport.sudo('echo Hello world', {user: 'www', silent: true, failsafe: true});

transport.log(message)

Print a message to stdout. Flightplan takes care that the message is formatted correctly within the current context.

transport.log('Copying files to remote host');

transport.silent()

When calling silent() all subsequent commands are executed without printing their output to stdout until verbose() is called.

transport.ls(); // output will be printed to stdout
transport.silent();
transport.ls(); // output won't be printed to stdout

transport.verbose()

Calling verbose() reverts the behavior introduced with silent(). Output of commands will be printed to

transport.silent();
transport.ls(); // output won't be printed to stdout
transport.verbose();
transport.ls(); // output will be printed to stdout

transport.failsafe()

When calling failsafe(), all subsequent commands are allowed to fail until unsafe() is called. In other words, the flight will continue even if the return code of the command is not 0. This is helpful if either you expect a command to fail or their nature is to return a non-zero exit code.

transport.failsafe();
transport.ls('foo'); // ls: foo: No such file or directory
remote.log('Previous command failed, but flight was not aborted');

transport.unsafe()

Calling unsafe() reverts the behavior introduced with failsafe(). The flight will be aborted if a subsequent command fails (i.e. returns a non-zero exit code). This is the default behavior.

remote.failsafe();
remote.ls('foo'); // ls: foo: No such file or directory
remote.log('Previous command failed, but flight was not aborted');
remote.unsafe();
remote.ls('foo'); // ls: foo: No such file or directory
// flight aborted

transport.debug(message)

Print a debug message to stdout. Flightplan takes care that the message is formatted correctly within the current context.

remote.debug('Copying files to remote host');

transport.abort([message])

Manually abort the current flight and prevent any further commands and flights from being executed. An optional message can be passed which is displayed after the flight has been aborted.

remote.abort('Severe turbulences over the atlantic ocean!');

What's planned?

  • Add possibility to define a sudoUser per host with briefing().
  • Add a simple interface for file transport to remote hosts (e.g. rsync).
  • Tests will be implemented with upcoming releases. A part of this will be driven by bug reports.

Original post on Hacker News

10 French startups disrupting the way you experience fashion online

Comments: "10 French startups disrupting the way you experience fashion online"

URL: http://www.rudebaguette.com/2014/02/14/10-french-startups-fashion-marketplace/


It may sound like a stretch to say that French people are the reference for fashion. But as we say, “il n’y a pas de fumée sans feu” (there’s no smoke without fire).

In addition to having a very prolific fashion sense, the French are also very creative when it comes to the shopping experience. The landscape of French fashion startups is flourishing those days: 6 of the 10 companies presented in this article closed a round last spring/summer season and the results of their investments are released now. Let’s open the catwalk.

 

1.    Flink, the Flipboard of fashion blogs.

The last born of “fashion inspiration” apps Flink defines itself as the “Flipboard of fashion blogs”. Thomas France and his co-founders developed the idea while working on another e-commerce app, Shopelia: user-feedback got them the idea on focusing on the fashion vertical. Its mobile-first approach and great UX seduced fashion lovers and got them to 50,000 downloads in just a few days. Their next step is to release a new, more social version in two months.

From Flink’s Instagram account

 2.    Carnet de Mode, crowdfunding meets social shopping.

Carnet de Mode brings together fashion-lovers and young creative talents: the former can participate in the funding of a collection, the latter are able to develop it and get access to their first customers. A real mix between crowdfunding and social shopping which seems to be a good call for fashion – a highly emotional sector that federates its passionnates. Elaia Partners agreed and invested in the startup in May 2013 ($1 million – the first e-commerce platform in Elaia’s portfolio) arguing Carnet de Mode was truly “revolutionizing the online shopping experience”.

3.    InstantLuxe, buying luxury online has never been safer.

The fashion luxury marketplace places its expertise in luxury leather goods, watches and accessories. They play the intermediary and ensure a safe transaction between buyers and sellers with no risk of counterfeits. They achieved a €2 millions round of investment in June 2013 with Iris Capital and ISAI (who already invested €650 000 in 2010) which enables them to focus on the German market and mobile commerce.

4.    Monshowroom, the first marketplace for on-going collections.

When Séverine Grégoire and Chloé Ramade created Monshowroom.com in 2006, the platform was basically the only way to access current collections online, an opportunity for people living outside of big cities, or simply online-fashion lovers. Today, the platform has become a reference with 270 brands available. Alven Capital and Crédit Agricole Private Equity funds invested in the company in 2009 and Casino bought their share in 2012, in order to create synergies with the e-commerce platform “CDiscount”, as sources say (FR).

Monshowroom’s Instagram

5.    Dymant, invite-only eCommerce, the true eLuxury experience.

Dymant changed the e-commerce industry by focusing on the story-telling and esthetical atmosphere experience more than on the products. Quality VS SEO, to put it shortly. The marketplace offers invite-only customers the opportunity to access high-end and exclusive French “artisanat” (craftsmanship). Partech Ventures and IDInvest invested $1 million last year in order to enable the startup to address other geographical markets.

6.    Vestiaire Collective, a second-hand luxury marketplace.

Co-founded by Sébastien Fabre and Sophie Hersan, Vestiaire Collective is a marketplace for second-hand luxury fashion products. Created in Paris in 2009,  (because, as Sebastien Fabre told us: “In order to launch a fashion marketplace, we had to be in Paris”), they now are developing abroad: London in 2012, Germany and the U.S in 2014. This internationalization follows their series C round with Condé Nast ($15 millions), an interesting choice of partner, motivated by the expertise of the group in online community-based businesses and the U.S market.

Vestiaire Collective has innovated in the marketplace sector by adding a friction in the process – which could be seen as a bad example: in order to ensure a faithful community of customers, Vestiaire Collective has an editorial committee that selects which articles can be sold online, that specialists then check before they arrive in the customer’s hands. A great service that ensures happiness on both sides of the sale. They just opened a “Vintage” and “Lifestyle” section: take a look at it (even you male readers, you represent 15% of Vestiaire Collective’s clientele!)

Vestiaire Collective’s Instagram

7.    VideDressing, social shopping for previously owned outfits.

If your wallet is slightly smaller than Chanel and Dior-material, then VideDressing might be the right fit for you. The principle is the same as other social shopping platform: Meryl Job and Renaud Guillerm, co-founders, managed to build a strong a faithful community first, and then monetized it by facilitating trades inside this community. They now claim a 5-times growth factor between 2011 and 2012 and realized two rounds in 2013 in order to penetrate the German market – the last one with Global Founders Capital for $5 Million.

8.    Selectionnist, shopping through fashion magazines.

If you have ever been frustrated by not remembering the reference of an outfit you’ve seen in an old edition of Elle Magazine while waiting at the doctor’s, then you’ll love Selectionnist.

Selectionnist, founded by female serial-entrepreneurs Tatiana Jama and Lara Rouyres (Living Social, Dealissime) enables its visitors to search for things spotted by magazine or by brand. The beautifully-built website might also inspire some other shopping wishlists. The website just launched yesterday, time to try it out!

Selectionnist’s Instagram

9.    Wheretoget.it, finds the fashion items you lost of sight.

Extreme situation, you have spotted an outfit somewhere, anywhere, and you must have it. But of course, you don’t have the reference. Hopefully, Wheretoget.it is here to help.

The platform (which is French, unlike the URL extension « .it » might indicate) gathers a community of passionate fashion-lovers who are able to spot where you can find your desperately lost article, providing that you have a picture. If not, there is a great chance they will find something similar, or even better. The force of the “multitude” applied to fashion. Rumor is that Romain Moyne, founder, is currently working on a Series A round of investment[fr].

10. Rad, flash sales dedicated to the Cool.

Rad’s value proposition is quite similar to other fashion discovery platforms: the cooler the pictures, the more you want to buy. How did Rad work out so well then? Rad’s particularity holds in its editorial line: it’s just cool, then you can only get it for a small amount of time.

They closed a €2.5 Million Series A round of funding in June 2013, declaring: “We are raising to accelerate our growth — hire key people, build a logistics platform, speed up acquisition through marketing, develop our production capacities”.

Rad’s Instagram

Original post on Hacker News

Multiple Simultaneous Ajax Requests (with one callback) in jQuery | CSS-Tricks

Comments: "Multiple Simultaneous Ajax Requests (with one callback) in jQuery | CSS-Tricks"

URL: http://css-tricks.com/multiple-simultaneous-ajax-requests-one-callback-jquery/


Published February 13, 2014 by Chris Coyier

Let's say there is a feature on your website that only gets used 5% of the time. That feature requires some HTML, CSS, and JavaScript to work. So you decide that instead of having that HTML, CSS, and JavaScript on the page directly, you're going to Ajax that stuff in when the feature is about to be used.

We'll need to make three Ajax requests. Since we don't want to show anything to the user until the feature is ready to go (plus they all kinda rely on each other to work right) we need to wait for all three of them to be complete before proceeding.

What's the best way to do that?

Ajax calls in jQuery provide callbacks:

$.ajax({
 statusCode: {
 url: "/feature",
 success: function() {
 // Ajax success
 }
 }
});

Or the "Deferred" way, this time using a shorthand $.get() method:

$.get("/feature/").done(function() {
 // Ajax success
});

But we have three Ajax requests we're needing to perform, and we want to wait for all three of them to finish before doing anything, so it could get pretty gnarly in callback land:

// Get the HTML
$.get("/feature/", function(html) {
 // Get the CSS
 $.get("/assets/feature.css", function(css) {
 
 // Get the JavaScript
 $.getScript("/assets/feature.js", function() {
 // All is ready now, so...
 // Add CSS to page
 $("<style />").html(css).appendTo("head");
 // Add HTML to page
 $("body").append(html);
 });
 });
});

This successfully waits until everything is ready before adding anything to the page. So by the time the user sees anything, it's good to go. Perhaps that makes some of you feel nauseated, but I've done things that way before. At least it makes sense and works. The problem? It's slow.

One request ... wait to be done ... another request ... wait to be done ... another request ... wait to be done ... go.

It would be faster if we could do:

All three requests in parallel ... wait for all three to be done ... go.

We can use a bit of Deferred / Promises action to help here. I'm sure this is some JavaScript 101 stuff to some of you but this kind of thing eluded me for a long time and more complex Promises stuff still does.

In our simple use case, we can use jQuery's $.when() method, which takes a list of these "Deferred" objects (All jQuery Ajax methods return Deferred objects) and then provides a single callback.

$.when(
 // Deferred object (probably Ajax request),
 // Deferred object (probably Ajax request),
 // Deferred object (probably Ajax request)
}.then(function() {
 // All have been resolved (or rejected), do your thing
});

So our callback-hell can be rewritten like:

$.when(
 // Get the HTML
 $.get("/feature/", function(html) {
 globalStore.html = html;
 }),
 // Get the CSS
 $.get("/assets/feature.css", function(css) {
 globalStore.css = css;
 }),
 // Get the JS
 $.getScript("/assets/feature.js")
).then(function() {
 // All is ready now, so...
 // Add CSS to page
 $("<style />").html(globalStore.css).appendTo("head");
 // Add HTML to page
 $("body").append(globalStore.html);
});

Another use case: mustard cutting

My use-case example above is a 5% feature. Keep the page lighter for the 95% of users who don't use the feature, and have it be a relatively quick add-on for those that do.

Another situation might be a cut-the-mustard situation where you add in additional features or content to a page in certain situations, as you decide. Perhaps do a matchMedia test on some media queries and determine the device's screen and capabilities are such that you're going to include some extra modules. Cool, do it up with some parallel Ajax calls!

Original post on Hacker News

GOG.com

Comments: "GOG.com"

Original post on Hacker News

Linux Design Tools: High-end Design on a Low-end Budget

Comments: "Linux Design Tools: High-end Design on a Low-end Budget"

URL: http://www.sitepoint.com/linux-design-tools/


While the world’s best commercial graphic applications come with packed with features, they also come with a price tag many find hard to justify.

Though there are plenty of less expensive alternatives, the simple truth is: It’s hard to get cheaper than free.

Today we’re going to look some of the free, open source graphic apps available, and see if they are a viable replacement.

If you are currently unfamiliar with the abundance of free open source graphic apps now available, you may well be missing out.

The best open source graphic applications on this list are comparable in quality to their leading commercial equivalents.

Don’t be put off by the word ‘free’ either. This is a case where ‘free’ definitely doesn’t mean low quality.

I know what you’re thinking: “If I use free software, I’ll have far too much extra money!’

Relax. You can always donate to the hard-working developers behind these apps, and help them make them even better.

So, let’s get to the list, and see if open source can genuinely compete with their expensive commercial counterparts.

Sidenote: Although most of these applications were originally developed for Linux, they often have Windows and Mac versions.

1. Could You Use GIMP to Replace Photoshop?

Often the first application that comes to mind when you are thinking about free, open source graphics is GIMP (Gnu Image Manipulation Program).

While GIMP doesn’t have all the niche features of Photoshop, it certainly offers a lot. In fact, there are a good many professional designers who use GIMP and judging by their output, the results are stunning.

So, assuming you have some design skills, the limitations of the applications you use is secondary.

Image Credit: gimp.org

What Can GIMP Do?

GIMP is a raster graphics application that is useful for image editing and retouching.

You can also use it to create raster images from scratch, as well as simple animations.

Cage Transform in action

It supports layers and channels, has an advanced gradients function, includes paths and quick masks. There are rotation and transformation tools, as well as tools for scaling, cropping, resizing, file format conversion, and more.

GIMP can also be used for both Web and print design.

It even has a few tools that don’t have direct analogs in Photoshop — for instance, the Cage Transform tool that allows to warp just parts of objects.

Where Does GIMP Fall Short?

The main areas where GIMP falls behind are interface and feature list.

Any designer raised on the Photoshop interface, might not always find menus options where they predict them to be.

It’s true, the GIMP interface is different from Photoshop, and there will be an inevitable learning curve.

However, if the UI differences are a show-stopper for you, there’s always Gimpshop. Gimpshop is GIMP retro-fitted a very Photoshop-like interface.

Some may argue that reproducing Photoshop is not something to aspire to. You be the judge.

In terms of features, it’s hard to pinpoint exactly which Photoshop features are missing, as most missing functionality can be added via GIMP’s rich plugins ecosystem.

In theory, this is a better model, as you won’t have lots of unused functionality obscuring the features you need.

As an example, GIMP doesn’t ship with RAW image processing abilities, but this can be added via the UFRaw plugin.

GIMP does lack the granular text options of Photoshop, along with its adjustment layers. CMYK support is also somewhat limited by default, though additional plugins can plug this gap if required.

While the lack of these features may well be a show-stopper for some, I suspect many designers would not even notice their absence.

Interoperability is often cited as the biggest problem for dedicated GIMP users. Clients frequently want to provide you with PSD files, and while GIMP supports PSD in theory, the practical results aren’t always ideal.

This file format issue is often cited as a key hurdle for new adopters, and is likely the major reason GIMP is not as widely-adopted as it might be.

Price Comparison Between GIMP and Photoshop

While there are some obvious caveats to adopting GIMP, these hurdles often become less important when you compare costs. As I mentioned, GIMP is free – it’s hard to get cheaper than that.

On the other hand, Photoshop is no small investment. Currently, you can get Photoshop CS6 as a standalone application for $699-999 or for $1,299-2,559, bundled with other Creative Suite 6 products.

With Adobe’s new rent-only policy – i.e. their Creative Cloud the situation is similar.

If you are lucky to catch a promotion, you can get Photoshop for under $10 a month – otherwise the regular price is $19.99-29.99 a month.

If you decide to go for the complete Creative Cloud, the price goes up to $49.99 a month (on a yearly contract), which is $600 a year.

That is a lot money for most of us — especially if you are not using the software every day!

2. Could you use Inkscape to replace Illustrator?

Adobe Illustrator is another leading commercial vector graphic application that has a viable free open source competitor in the form of Inkscape.

SCREENSHOT, Image Credit: inkscape.org

What Does Inkscape Bring to the Table?

Inkscape uses the W3C standard Scalable Vector Graphics (SVG) file format as it’s default. As you might know, SVG is a format that is becoming more relevant to web developers with every passing day.

It can also work with other popular vector formats, such as .ai, .eps, or .pdf, while most other vector graphics programs can handle its SVG files.

Inkscape ships with markers, clones, alpha blending, path operations, bitmap tracing, and other standard SVG features.

For a full list of features, check this.

Perhaps the most interesting section here is the list of features Inkscape has that are missing in Illustrator. According to inkscape.org, the following Inkscape abilities are lacking in Illustrator:

  • Edit SVG source directly

  • Clones, tiled clones, edit clones on canvas

  • Keys to move/rotate/scale by screen pixels

  • Shapes as objects

  • Edit gradients with handles on-canvas

  • Edit nodes with keyboard

  • One-click paint bucket fill

While this list may need to be updated, I think it’s useful enough to include regardless.

What Illustrator Functionality Is Missing in Inkscape?

If you decided to switch to Inkscape, you should also be aware of its limitations.

Firstly, file interoperability can be an issue, especially with older .ai files.

Inkscape.org also publishes a list of Illustrator features that are currently missing in Inkscape:

These include:

  • Gradient meshes

  • Multiple strokes and fills for one object

  • Color management for print (ICCProfiles, etc.)

  • PMS color management

  • Natively work with graphs based ondata

  • Free transform and perspective transform (available via extension)

  • Blends (available via extension)

Again, this list may be slightly outdated, but gives you a sense of what you might be losing if you decide to throw your lot in with Inkscape.

Now, I wouldn’t class myself as a ‘power-user’ of either Illustrator or Inkscape. But as an occasional user I can attest that my skills (or the lack of them) are certainly a much more serious barrier, than any software limitations.

From my point of view, there is no critical feature or tool that Inkscape lacks. For the majority of projects — even demanding professional use — I believe Inkscape is a very feasible alternative.

Price Comparison Between Inkscape and Adobe Illustrator

The price comparison between Inkscape and Adobe Illustrator is very similar to the earlier Photoshop comparision – free vs $599 for Illustrator CS6, or $19.99 a month for the standalone Creative Cloud version, or $49.99 as part of CC bundle.

Switching to Inkscape could save you $240-600 a year.

3. Could You Use Scribus Instead of InDesign?

If you are into desktop publishing, then you might be interested in Scribus as an alternative to Quark Xpress, Adobe InDesign, or Microsoft Publisher.

Scribus is not an exact match of either program, so you shouldn’t expect it to have all the features you know from these programs.

Scribus: SCREENSHOT, Image Credit:
http://www.tomsguide.com/us/download/Scribus,0302-6428-150189.html

What can Scribus Do?

In simple terms, Scribus offers solid “CMYK color, separations, Spot Colors, ICC color management and versatile PDF creation.” It also can work with most common raster and vector image formats, as well as many text formats.

Features that Scribus Lacks

Similarly to GIMP and Inkscape, the Scribus interface is very different to that of InDesign. Until you become accustomed to it, it’s likely to take you some time to perform even the simplest tasks.

Now, I am no Scribus expert, and to be frank, my encounters with InDesign are pretty sketchy, but experienced desktop publishers tell me they couldn’t use Scribus for critical publishing tasks.

Aside from this, many common functions you will find in InDesign, are currently absent from Scribus. For instance, in Scribus you can’t even dock, move or hide individual palettes.

But what’s the main buzz-killer?

Currently Scribus can’t open InDesign’s default format. While Scribus’s PDF export facility covers most print situations, the lack of ‘INDD’ support will be a roadblock for some.

Again the savings are significant – free versus $19.99/49.99 a month for InDesign.

However, since Scribus isn’t anywhere near as competent a replacement to InDesign, as GIMP and Inkscape are to Photoshop and Illustrator respectively, I think the price comparison is far less relevant.

This comparison is truly an ‘apples to oranges’ situation.

4. Other High Quality Linux Graphics Tools

The list of open source useful applications that are compete competently with commercial equivalents is too long to cover comprehensively here.

However special mention has to go to the amazingly powerful Blender 3D, used for 3D design, video editing and special effects.

SCREENSHOT, Image Credit: blender.org

While arguably not be a complete substitute for Premiere, 3DS Max or Maya, Blender has become a rich and powerful platform — evidenced by Blender-powered, short films and games such as Big Buck Bunny, Sintel and Tears of Steel.

Big Buck Bunny: Created entirely in Blender.

Krita and MyPaint are two other graphic programs in addition to GIMP you can use. Paint.net for Windows is also a very viable Photoshop alternative.

Xara for vector graphics and Pencil for cartoons are also good. When you add FontForge (for fonts creation), Dia (for diagrams), or Draw from the LibreOffice package, you’ll see that you can do pretty well without a spending metaphorical dime.

These applications are just a sample of what’s available in the Linux world. Some are included in Linux distributions, while others need to be downloaded and installed separately.

If you don’t have the time to do it, you can get a graphics-focused Linux distribution, such as DreamStudio.

Dreamstudio includes all the applications listed above, plus some other graphics, sound, and video applications, like Darktable. Similar in function to Adobe Lightroom, Darktable helps you manage your digital negatives, view them through a zoomable light-table, as well as develop and enhance raw images .

Ready for Primetime?

Whether these applications can become your default editors is a question only you can answer. However, even if you decide they aren’t quite ready to completely replace your commercial suite yet, they may still may have a useful role in your toolkit.

Frequently I find it more efficient to use an open source application for many of the simple graphics tasks you might perform in a typical day — cropping, scaling and simple color tweaks.

Faster start-up times mean I’m often exporting from my open source app before it’s heavier commercial kin has had time to load.

And that can make a big difference to your productivity in a busy day.

As with many other decision in life, the choice of open source versus proprietary software isn’t only about the money.

Ada is a fulltime freelancer. She enjoys design and writing and tries to keep pace with the all the latest and greatest new developments in technology

Original post on Hacker News

页面 5 的 5 -