For my family, definitely yes. Though it may just be that non-technical people are going to take longer to understand the gravity of technical problems, and I think that's compounded by most people's latent contempt for software / IT people.
My family initially decided Edward Snowden was a traitor and coward for 'fleeing' to Russia. They threw every stale argument at me, from "I have nothing to hide" to "everyone is spying on everyone, what's the big deal?"
They've started to backtrack from these positions. I'm not sure why or how, but I suspect they just needed people they trust (e.g. some columnist in the NY Times) to tell them they're wrong.
Man, I work as a frontend engineer at one of the big tech companies and I understood like 25% of this post.
And that's not meant to be a criticism, I'm just reflecting on my total ignorance of most security vulnerabilities. I know about and having implemented some measures against XSS / CSRF, but it's clear there are dozens of attack approaches I'm not even aware of.
The root problem is that something which shouldn't be HTML was sent back with the HTML mime type.
Usually this happens with content type sniffing (IE no MIME type is specified) but it leaves the door open to attacks like these. It changes the handler of the input from code designed to care about security (IE your upload handler code) to code designed to care about usability (MIME sniffing heuristics, or in this case the decompression/rendering library).
When this happens you usually get bad/unexpected results, but it makes it easy to figure out where you can stop caring about implementation details- when the user input leaves the area of the code designed to secure it!
Well, he's a security specialist. And I feel he's figuring out new ways to attack. If you're not an attacker yourself, then I think you'll always lag behind.
I'm currently taking a security class and what I'm noticing is that I mistake the complicatedness for complexity but in essence most vulnerabilities and attacks have the same high level overview.
What I'm trying to say is: don't feel so bad, if you understood 25%, then you know more than you think. Perhaps you too are captured by the complicatedness of his post ;)
I think he meant the difference between things being complicated (possibly unnecessarily) and complex (inherently). Simple things can be complicated to the level they're hard to understand, but it doesn't mean they are complex.
Yes this is what I meant. Perhaps I should've given a bit more context in my original post.
Here's a fun example. English has a lot of Latin and Germanic based words in it that you can construct entire sentences. I was surprised to find out as a non-native speaker. In my opinion, the Latin sentences seem way too complicated to express simple ideas.
Germanic example:
In my anger I struck my small sword in his belly.
Latin example:
In my rage I injected my gladius in his abdomen.
1. Allowing something that is not HTML (and user-supplied) to be returned by the server with the text/html MIME type, causing the browser to want to parse it as HTML.
2. A link between the CDN (Akamai) domains and a top-level sub-domain on Facebook (i.e. photos.facebook.com was aliased to some Akamai domains).
At this point the attacker is able to serve HTML from a Facebook domain. There are things that could be protected against here, but the attacker has a lot of vectors they can go for at this point.
It's interesting that you think working for a big tech company makes you especially qualified (or else you would not have mentioned it here). By working for a smaller company, you'd have to know these things or else face a world of pwnage.
I know HackerNews can rock the haterade like no other, but why aim that at developers who took months out of their lives to build a tool for the open source community? And why do so with such unhelpful criticisms? And do you think the team that built this had anything but a huge net loss in opportunity cost? $11k is an above average software engineer's monthly take home. This was built in at least a few months with several engineers.
If the UI is laughably bad, surely it should be easy to list out some constructive criticisms rather than disparaging insults? I will offer some:
1. One defense of the default UI is that in bl.ocks.org, most examples are shown with the visualization on top and the code on the bottom. Maybe they were trying to offer a similar experience, but I agree it doesn't make sense as the code will almost always be longer in height than the output it creates. Side by side should be the default view, and the code should be on the left, output on the right.
2. The inability to resize the code view when in side by side mode (clicking on the ying yang), is also frustrating.
3. The home / about / gallery menu in the top left feels incomplete. It needs styling and a proper home. It feels like it was just stitched on.
4. Having the video seems like an okay idea but I think most people are used to in browser editors at this point and don't need a video explanation. The UI should speak for itself in this regard. You could have some instructions commented out in the editor for how to get started, but that's it.
5. Borrow from others: jsbin, codepen, jsfiddle...
Overall, I think this could be a really helpful tool and this is a strong prototype. The UI needs some work but the core functionality works well, and I like that I don't have to rerun the code to see the output.
Thanks for the constructive criticism!
1. You got it spot on, I wanted to keep a tight coupling with bl.ocks.org. Personally I spend most of my time in side-by-side mode which is probably indicative...
2. This one is a struggle, I want the width to stay 960px so that the end result is more likely to be compatible with bl.ocks, but this might be too patronizing.
3. Yep...
4. Yeah, I'm still working on this. I do think a tutorial is necessary for all the ways this can improve a person's workflow. Also, a lot of people will start with d3 here (I use it to teach, and expect others will too).
5. I've definitely paid attention to those, trying to take the good parts but stick to some firm design principles (mainly, code in blockbuilder should work 100% the same in bl.ocks.org AND when you clone it locally).
Thanks again for this comment. Please shoot me an email at enjalot@gmail.com or hit me up on twitter if you have more ideas/questions!
Is it really that baffling to see critical opinion without constructive criticism as a reply to some other comment?
If my intention was to leave constructive criticism I would have done it as a comment to the post itself. Kudos to you for writing good constructive criticism. In this case, though - I'm agreeing with a parent comment and giving my general impression about design.
And listen, if this project was done without any funding I wouldn't have said a word - I understand that you can't expect great design from a side-project made during weekends or evenings. However, in case of blockbuilder.org there was a kickstarter campaign which collected $11,205.
Based on github stats [1] there were only two active developers and only one of them was active within last couple of month.
Based on the same github stats there should be around 6-7k lines of code. Do you think that is something that should take more than 2 months of work and cost $11k?
What I'm getting to is the following - author of the project decided to work on it and in its current state to me it looks like $0 were spent on it. Again, I repeat that it only looks like that to me.
Given all that and the fact that project is considered as "finished" (Kickstarter: "Estimated delivery: Oct 2015") - I'd say it is a fail. I don't see people using it in its current state, therefore it did result in any positive outcome for the backers.
Lots of comments here focusing solely on the beer pong aspect of frat parties. You guys aren't wrong: there's nothing sexist about beer pong.
The use of the word 'frat' really is the difference here. Beer and beer pong are the obvious connotations with frat parties. Scantily clad women, roofies, and rape, are some others, even if those associations are unfair. Why in the world would you associate your company with something like that?
The party itself isn't some egregious, unforgivable mistake, but the fact that while under investigation for gender discrimination, it does something like this, illustrates to me that Twitter is pretty oblivious to the problem.
Perfect summary. Don't forget racism as an additional association. I'm not sure why there is an overwhelming atmosphere of denial on HN whenever the topic of women in tech comes up. What's the deal? Do you think women are adequately represented in tech jobs? What about minorities?
There are a group of men who joined the profession because of the exclusionary atmosphere: it makes them feel special and elite. You can see this in the study of interest in computer science classes depending on classroom atmosphere: the hyper-masculine condition has a rise in male interest at the same time women's interest falls dramatically (http://ilabs.uw.edu/sites/default/files/Cheryan_Meltzoff_Kim...)
There are some people who just don't want anything to change and resent the effort required to think about people who are different from them, but there are others who have ego invested in maintaining the exclusionary atmosphere of the profession. I suspect, though I don't have a citation, that those people are also more likely to participate in forums like Hacker's News that reinforce that sense of being special.
If a workplace is seeking diversity, I think there's also something problematic about a very alcohol-driven work culture. The Geek Feminism wiki points out a number of problems with an alcohol-focused event:
If one is continually performing the "will I be safe" calculus, alcohol clearly increase risk. Much more so at a party whose whole purpose is getting smashed, and which has strong connotations of college sexual dynamics.
I'd DDoS your up arrow if I could. I'm not a woman... but after discovering that I have a severe allergy to alcohol I don't drink at all anymore and there is no way I would feel comfortable attending an event that was so focused on drinking. On top of that, even as a man I would feel unsafe in such an environment... unfathomable to me how it would feel if I was a woman.
thanks for this. I don't know what I was expecting beyond the jobs board / who is hiring threads. maybe some kind of secret handshake that only ycombinator people know?
You don't have to go that far down the Backbone road to get performance that rivals other frameworks is the point.
All this comes down to is how do you update the DOM when data changes. React nicely packages up that functionality for you, but in a huge dependency and in a fairly opinionated framework.
For a lot of developers, the flexibility of Backbone is worth the incurred cost of having to manually create listeners / render actions for data updates.
The goal of writing software isn't performance, though. It's a feature.
"For a lot of developers, the flexibility of Backbone is worth the incurred cost..."
Ugh. I could not disagree more. The "flexibility" that Backbone provides in allowing you to write manual DOM updates after an initial render is easily it's biggest down-side. This Backbone pattern to rendering data treats every data and state change as a 1-off situation after the initial render. Painful. "Flexibility"
> The goal of writing software isn't performance, though. It's a feature.
Agreed. No customer/user will ever come to you and say "I want you to build something, and I don't care what it does at all. I just want it to be fast." Performance isn't the raison d'etre for a product/app, functionality is. Now, they might say "I want it to do X, but it has to be fast," and in those cases having something fast that sucks is still worse than having something 20% slower that doesn't suck.
>The "flexibility" that Backbone provides in allowing you to write manual DOM updates after an initial render is easily it's biggest down-side. This Backbone pattern to rendering data treats every data and state change as a 1-off situation after the initial render. Painful. "Flexibility"
Exactly. Speaking from my employer's experience (we went Backbone -> Angular), Backbone is flexible in the same way that having four tires instead of a car is flexible: you can do anything you want with those four tires! It just takes a lot of really arduous work duplicating the same things that other people have already built and refined before you have something useful. But hey, four tires weigh less than a car does!
Ah so that's what was happening. I was trying to post it yesterday with no luck.
I wonder why the mods would block this link. I'll admit the article seems more intent on telling a sexy story than commenting broadly on the state of Silicon Valley gender issues.
I pretty much agree with this. They created a D3.js treemap and probably even used a standard Colorbrewer blue color scheme, as seen in this d3 example:
Was it terribly uncreative for the other YCombinator company to do the same thing? Yes.
Was it plagiarism, copying, or unethical? No way. You did not invent the treemap nor a strong blue on light blue color scheme. Your UX is not unique enough to claim design infringement here.
Lastly, your TOS is probably the most alarming part of this story. You should not be so afraid of competition that you attempt to prohibit 'competitors' from using your product.
There seems to be in this thread (and on HN in general) a lack of empathy for the recruiter.
Here's my perspective on (internal) recruiters as someone who sits next to them at an office:
1. Recruiters tend to be really nice people.
2. All day long they talk about prospects with other recruiters almost as if they were talking about potential romantic partners. Except replace any discussion of your physical characteristics with your intellectual / linkedin characteristics. It would be weird if it weren't their job.
3. If a recruiter sends you an InMail, if you reply back (no matter what the response) it helps them as each unanswered InMail costs them money (they don't get to reuse it).
4. Their job is really hard (especially for finding developers), and they are under a ton of pressure, especially when a company is growing, to build head count. Investors really value head count growth heading into a Series B / Series C round of funding.
So, consequently, I would recommend that devs cut recruiters some slack. Be grateful we live in a time where our greatest annoyance is someone contacting us with a job opportunity.
It wasn't always like this and it probably won't be forever.
> Be grateful we live in a time where our greatest annoyance is someone contacting us with a job opportunity.
I've said this before, and will say it again: there is a world of difference between being approached by a recruiter who has been explicitly commissioned to fill a position, and being hounded by a recruiter who is just trying to fill their quota.
I still try to maintain a reasonable approach to them. I get an insane amount of recruiter spam at my work inbox, which I ignore. Everyone is trying to get their (live)stock hired by anyone, for anything. Some of the more enterprising ones will try to inmail me with their solicitations. Most of them contain a magic phrase "I noticed you are looking for developers". I've started to send these individuals a canned response: "If you found that out, you also read that we don't accept agency resumes." I also include the link to my post above.
Isn't the dislike for external recruiters? They can be wildly variable in quality - spamming by keywords, regardless of geographic areas. And the good ones may overprepare, asking questions that the company won't.
Edit: oh yeah. Sudden radio silence. Adding bogus resume tidbits. Posting bogus jobs, just to pump their contact numbers in the database.
I see a lot more bad external recruiters than good.
I've had sudden radio silence so much, even after talking to them on the phone. I don't understand because sure they wasted my time, but now they're wasting their time too!
The dislike probably is directed mostly at the external recruiters, but a lot of this stuff applies to them as well.
I've only had two bad recruiter experiences, one with an internal and one with an external. The former lured me in with a 'big equity' role that turned out to be junior developer. The latter was a recruiting contractor for Tesla who told me they were building a new frontend team. When I got on the phone with him it turned out the team had existed for two years, was over 10 people, and was simply refocusing their product.
In both cases, the recruiter was dishonest about the position. So what I've learned is not to take next steps until I have much clearer details on the role.
External recruiters tend to be way more vague on details, so I can understand the annoyance of having to reply with "tell me what you're actually trying to sell me on." But I find that sending a direct reply like that tends to be pretty effective at eliciting details.
My problem with recruiters isn't the recruiter. My problems with them are:
- the types of jobs they are trying to fill
- the types of companies they are working with
- knowing that I will get paid less vs. working directly with the company
I would agree, that most recruiters are pleasant, approachable people -- they need to be, they're salespeople. But I don't necessarily get annoyed with them. I feel fortunate that my skills and experience are wanted, and having recruiters contacting me frequently is a good problem to have.
But in the end, I just feel that I have very little to gain in speaking with a recruiter.
I'm on the hiring manager side (full time roles, no contracts). I can assure you that you won't make any more coming directly to us for a full-time role than working through a recruiter.
We fill most (90+%) roles using our internal recruiters (so you still get an advantage coming direct through our internal team and by all means I encourage that), but for the subset of roles that we open to external recruiters, I'm going to make you the same offer [or think about the negotiations the same] either way.
The referral fee we pay the external recruiter is a one-time fee and literally comes from another bucket of money. Yes, I also have to budget for and fund that bucket, but since it's non-recurring, it's treated as a recruiting expense, not a compensation expense.
For a contract role, there are probably good reasons to go direct, as the markup is an on-going compensation expense in many case, but for full-time, I suspect most companies work like mine does.
This is how we operate as well. There's no penalty for someone coming in via an external recruiter in terms of their salary.
I don't necessarily believe this but the other argument about making less money is that recruiters are incentivized for you to take the job and not to push the envelope on your behalf knowing that the company might balk and back out.
This is interesting. I've found that a (good) recruiter will work hard to drive up your salary because it benefits them in the end usually. I believe most make a commission based on your salary in the contract. This only applies to external recruiters--I doubt it works the same for internal recruiters for obvious reasons, but I may be wrong. I dunno.
Although not in tech, my partner was contacted by an external recruiter looking to fill a position at an architecture firm. She was reluctant to leave her current job working with the best (IMHO) living architect today, but the recruiter did the leg work and came back with an offer that was something few of us could negotiate on our own. All she had to do was respond to the recruiter's occasional emails. This is the ideal scenario, and as I mentioned in a previous comment, I don't know the ins and outs of recruiting, so it might be more cutthroat than I realize, and they probably don't have the resources to give you that kind of a la carte service, but I think the OP's approach can open the potential for that.
> I've found that a (good) recruiter will work hard to drive up your salary
That hasn't been my experience at all. I've been contacted by several recruiters and nearly all of them asked me to lower my rate for them.
On one occasion I was asked in depth about what rates I would find acceptable under which conditions and then after they established contact between me and their client I would find out that they had already offered my absolute minimum rate (which I had previously qualified with "if it's a perfect match, a nice environment, and the office is practically next door, I may be willing to go that low") without asking me.
But I guess recruiters for consultants are a different matter from recruiters for permanent employees. There's probably a higher incentive to negotiate a high wage for a permanent employee because in most cases you'll only sign them up once. With consultants you just want them signed as frequently as possible.
>I've found that a (good) recruiter will work hard to drive up your salary because it benefits them in the end usually. I believe most make a commission based on your salary in the contract.
How did you find this out if you don't mind my asking?
From my experience and common sense it would be pretty reckless for a recruiter to try and get few %% more in commission at the risk of loosing the entire deal.
When I discussed salary with a recruiter it was never in the direction "Let's try and get you even more money!" it was more in the direction: "If you don't take the <ridiculously low salary> now you might spend months looking for anything higher and in the meanwhile somebody not as entitled as you will take this job and will be making money hand over fist!".
Sure, you can almost always ask (everywhere you read they will tell you it's completely safe though it depends on industry, I guess, I have seen offers rescinded over mere asking) however if you are not prepared to walk away there is little incentive to offer what you are asking.
An agent who maintains long relationship with you might actually be ready to negotiate on your behalf since it will both strengthen your relationship and bring quite a lot of money in the future as it increases your base price in all the future negotiations. Third party recruiter placing FTEs, on the other hand, has much to lose by walking away and very little to gain.
I think what many here have said is right: few lack empathy for the individuals, but many lack empathy for the system. Those very nice people who sit next to you are, in essence, spending their days spamming people, and talking about (inevitably superficial) resume characteristics. It may not be their fault personally, and it does sound like a tough job, but that doesn't mean it's a good system. I don't really understand why I don't have a personal relationship with one or more recruiters who I've described my career goals to and who I trust to send me good leads. It's just a bunch of anonymous people who I'll never meet selling me possible snake-oil.
Huh. That is interesting - used to be 180 degree opposite to that, the InMails with replies to used to cost, the ignored ones got refunded. Changed last month.
Does make more sense this way round, spam people and it costs you, make an engaging proposition and it doesn't.
Thank you for this response. I fully admit that I don't see the recruiter side of things. There isn't a lot of discussion about the trade, or craft, or whatever you want to call it and I think there should be.
I will certainly reply to every InMail that I get now.
It is my hope that methods and conversations like this can make the field better for everybody.
I respond to InMails where it is clear the recruiter actually took the time to read my profile and had a valid reason to believe there might be a match.
Knowing now that unanswered InMails cost them money, I'm doubling down on my stance to not answer InMails from recruiters who are spamming and/or clearly didn't bother to take the time to see if I really would be a good match or if they just matched a couple of buzzwords and hit send.
My family initially decided Edward Snowden was a traitor and coward for 'fleeing' to Russia. They threw every stale argument at me, from "I have nothing to hide" to "everyone is spying on everyone, what's the big deal?"
They've started to backtrack from these positions. I'm not sure why or how, but I suspect they just needed people they trust (e.g. some columnist in the NY Times) to tell them they're wrong.