You're linking to commercial services touting them as examples of Amazon being more open than Google? Services linked to are: MapReduce, S3, EC2, SQS, SES and MechTurk.
I think what the article means here is that with Amazon, you can just use it. It's not free or open.. source but you can just access it, understand how it works and use it.
Google just tout they have XX and ZZ but only so-called elite can play with it or even just know more about it. It might end up being crap, no one else than Google engineers will know.
The only way you are going to learn how these proprietary systems work are by working at Google or Amazon. What makes the EC2, S3, etc. APIs different from AppEngine or the 100s of other Google APIs there are? They're all just APIs to proprietary systems (well, except when writing apps for Chrome and Android). You are learning "how they work" only in the most superficial meaning of the phrase.
OK kids, here's what you need to know. There are three levels of your relationship with Godaddy:
Level 1: You're in balls deep. You register your domains with GoDaddy, use their DNS servers and host your shit on their servers. You also get your SSL certs from them. That's what the OP was doing.
Level 2: You're in up to the balls, but that's where it stops. You register with them, host your DNS with them but your website lives on another providers servers and you get your SSL elsewhere.
Level 3: You wearing a condom and don't give them their own key or underwear drawer. In other words, you register your domain with GoDaddy but you host the DNS somewhere else like DNSMadeEasy which costs, but is reliable. You also host your site somewhere else like Linode for example. And your SSL cert is something that costs more but is reliable. I have an EV cert from Verisign which costs but you get better conversions.
Level 3 is the only place you want to be. Pay them the bare minimum, immediately delegate the DNS hosting to a reliable rock solid provider that doesn't black-list DNS servers and use that provider to point your A record to whatever web host you're using. You get cheap domains and the only time you have to wade through GD's cluster fuck interface is when you change DNS providers or want to register another domain.
My primary domain did over 27 million DNS requests last month via DNS Made Easy with a 12 hour TTL and it's been registered with godaddy for over 4 years now with no problems at all.
If my DNS provider messes up, I change to a new one and I am back within 72 hours (at most). If the mail provider messes up, I change to a new one and I am back within X hours (where X is the TTL set for the domain). If my webhost messes up, I am back within X hours (because I of course make offsite backups), etc.
The only part where one needs a 100% reliable business partner is domain registration. And after hearing all the horror stories about Godaddy, I would not trust them, not even if I was wearing your methaphorical condom.
"Additional labor cost and complexity" seems like poor reasoning. The long term benefits would seemingly outweigh any short term savings in labor cost.
I've heard of 3 out of 10 of these highly successful startups. I think we call ourselves successes prematurely to try to accelerate the arrival of true success. Again today a very good friend who runs a startup with great potential trumpeted the fact that he is profitable. Looking deeper, turns out he's no longer pouring cash into the company, but unable to pay himself a salary.
Lets cut the bullshit guys. You're "highly successful" when you're able to pay yourself and your employees above market rate salaries and retain profit for growth.
Edit: ...as well as being able to start making a dent in the debt you may have accumulated during the cash burning phase of your startup. If you want a really fucking scary exercise, plot your cashflows to date and do a NPV or IRR calculation on the flows. You'll have quite the come-to-jesus moment and will realize how deep the hole is you need to climb out of before you can call yourself successful.
I'm not gonna say I know your friend more than I do but what I can say is I understand why he says he is "profitable" even though he is not. Ok, lets look at it this way:-
"Looking deeper, turns out he's no longer pouring cash into the company, but unable to pay himself a salary."
Replace "company" with property and "salary" with capital gains.
Does it make sense now? He (and probably many others here too, including me) sees his startup as an investment and once an investment starts paying off by itself (break even), I will definitely declare it profitable and trumpeted it as a huge achievement. Why? Cause this investment is paying for itself and I can potentially sell it or earn more off it without bleeding any of my cash into it. Trust me, when you reach that position, you will be a very happy man.
You've failed to take into account the opportunity cost of your time spent working on the business. Lets assume your labor costs $120,000 a year and the company is not paying you. So it's costing you $120,000 a year.
Sell that "property" as you call it, to someone else and it'll cost them $120k a year to replace you or pay you.
The investment isn't paying for itself, there is no capital gain and the reality is that you would have to pay a buyer to take it off your hands so they could lose money at a rate of $120k a year.
At this point in a businesses evolution you're losing money at a terrifying rate and unable to feed your family because you're working for free, but hey you are profitable because you've managed to pay your $20 a month Linode hosting bill.
Dude, I don't want to crap all over your parade or the OP's. But unless we know what we're all working towards and what the definition of success is, we're lying to ourselves and each other and there's no way to measure whether we're making true progress towards meaningful goals or not.
A dire misunderstanding of business cashflow like this poster has demonstrated makes me worry for all the starry eyed kids on HN starting businesses. They read shit like this and gobble it up as gospel. Then they dedicate years of their lives to working their asses off for very little pay, thinking they've achieved meaningful milestones on the way to generating wealth and creating jobs, but the reality is they're wasting their time, wasting investment capital and are a distraction from truly productive endeavors and truly talented entrepreneurs.
What perpetuates this cluster fuck is the monthly talent acquisitions that Google, Facebook and other heavyweights make getting conflated with job creation, innovation and the creation of new cashflow. Building an entity that attracts top talent into a single room and selling that room full of new-hires to google for $2 million an engineer has nothing to do with entrepreneurship. Are you hearing me Levchin?
Agree with you on most points, d2, however I think you're confusing the terms "successful" and "profitable".
Successful in having their baby at least pay some bills is a milestone. Having it pay your bills as well is another, then having it pay for your future generations is yet another. Success is an arrival at a predefined milestone, may it be anything you so choose to predefine.
Delivering cryptographic software via a network, having it run in a "maleable" runtime and creating a user expectation that it will be secure, is not new.
We've been doing this on the desktop for years.
I'd like to pose a question to the authors:
Don't all the premises you've based "Javascript Cryptography Considered Harmful" on apply equally to downloaded desktop software?
-A chicken egg problem
-A malleable runtime for apps with admin access
-Code verification being defeated by other hostile apps on the system
-Inability to trust the secure keystore because of the chicken-egg problem and other hostile apps installed prior to the crypto app's installation.
It didn't hold up well against attack there but there was usually an underlying bit of assumed trustworthiness on the local network that shifted the blame.
But protocols designed for enterprise desktops always turn out to be an unmitigated disaster when run across a hostile internet, particularly from a security perspective.
Kerberos fits your description ("protocols designed for enterprise desktops") exactly. The hardest thing I've found about running it across a hostile internet is dealing with NAT issues. The (latest version of the) protocol itself is pretty decent from a security perspective.
Then again, the original version of it, when it was designed for enterprise desktops, would not be particularly effective.
Actually, Kerberos was designed at MIT for the explicit scenario of an untrusted network: "I'm OK, you're OK, the network is hostile".
It may work acceptably for VPN-like applications, but how does it work for actual internet applications? E.g., how do you enroll new clients into the authentication realm over the internet?
Yes, it was designed for an untrusted network. But, there are good reasons why older versions of the protocol are not trustworthy today, which go beyond the increase in computer power relative to the key space [1].
The problem with enrollment is more or less the same as the problem with enrollment using any other crypto trust scheme. In the most secure situation, you'll want to start the process in person.
In practice, with kerberos you have to trust the KDCs holding your keys. With asymmetric systems, you have to trust the CAs who have signed the keys of the parties you are communicating with.
I agree that it isn't a good solution for what we might call "web scale" applications. It is a reasonable way to do password authentication, but federated authentication would require establishing cross-realm trust between identity providers and relying parties.
We're talking about "problems" in the context of "things that make cryptography hard". The other security flaws of C/C++ are orthogonal to this issue.
This isn't a value judgement on Javascript. I like Javascript. The hard fact of the matter is, not every good programming environment is going to be suitable for cryptography.
Perhaps, but almost all buffer overflow, remote code execution bugs are very similar to XSS attacks--feed the program something it doesn't expect along with some junk for it to execute. The mechanism is different but the concept it the same.
This is right on - particularly the part about you screwing up the hiring process, not the exec being at fault. I made assumptions about a level of professionalism that I never assessed properly. I went through this a year+ ago and I hired the wrong guy. Unfortunately he took the legal language in emails during the termination process personally - another symptom of the root cause for which he was fired.
Yes and no - it's a case of asymmetric information, and while you can do your best to obtain more information (hiring process), you can't know exactly how a person will perform until they're actually there.
The nurse "called the emergency room doctor, who told him that I was dead and that they should walk away," says Snitzer. "And he hung up and he said to the rest of the people in the room, 'Is anyone else here uncomfortable with walking away from this?' And they all said yes. And it was at that point that he called Dr. White."
"Drink coffee and then take a 15 minute nap.". Advice like this makes it hard to take this article seriously. It's also a little thin on the data. Sure, it's an article on caffeine, so it'll rank on the geek sites, but do you feel richer or empowered after reading it?
I used to drink about 5 cups of coffee a day. I stopped cold turkey and life didn't seem worth living. So I scaled back to one cup of really really FUCKING good coffee every day. Jamaican Blue Mountain roasted beans, $40 a pound. That's right bitches. The only thing more expensive has passed through the asshole of a small cat-like creature. You already know what it's called because you're a geek and you're smart. Hey, I like pussy, but that's taking it a little too far.
So I take my one cup of blue mountain black, no sugar, milk or other evil pollutants. Fresh ground, French pressed. And then it's tea for the rest of the day to segway from my morning caffeine kick in the ass to a righteous l-theanine zen buzz.
> That's right bitches. The only thing more expensive has passed through the asshole of a small cat-like creature. You already know what it's called because you're a geek and you're smart. Hey, I like pussy, but that's taking it a little too far.
Was this part really necessary to make your point?
The caffeine nap works. Well for me anyway.
Also helps with stopping you from sleeping longer then the recommended 20min (give or take) and falling into deep sleep.
Actually for the money, you can do better than Kopi Luwak or Jamaican Blue Mountain.
Cup of Excellence winners are always good, though it may be more expensive than Blue Mountain. I was given a sample to roast once. Something like $40/kg _green_. Otherwise just sample various beans from a speciality roaster.
Hey. Genius. Some of us send over a million emails a week as a free service to users who are happy to hear from us. We just can't afford to check the damn inbox for that many people, so noreply makes it clear. Don't fucking reply because if we had to pay an agony auntie on the other end to feel your pain, the service wouldn't be free.
sigh