< Back to the archive

Like what you see? Subscribe here and get it every week in your inbox!

Issue #207 - February 26, 2023

Here are the top threads of the week, happy reading!

Top comment by throwawaaarrgh

It just occurred to me that so many people were laid off, we could start the world's largest software co-op (and arguably one of the largest tech orgs, period). We could build software products that every industry needs, that every worker owns a part of and can vote on org-wide decisions.

Literally everyone you need was laid off... Tech people, business people, marketing, sales, etc. We just need a forum and some volunteers to organize. We all know what products companies/individuals would pay for, because we used to build/buy them.

(there are lots of different kinds of co-ops, and I'm not suggesting any particular model other than a worker owned organization where the workers own and control the company)

Top comment by b212

Poland.

On one hand it’s a bit slower on the other Google here hiring like crazy, Netflix opening up an office, Shopify acquiring whole companies…

To me it seems like big tech fires in the US then look for cheaper workforce elsewhere. Or maybe just a coincidence?

Top comment by zenexer

I recognize that IP address! Your site is being used as a pawn in a rather sneaky attack, and I was hit by it recently. Those email addresses belong to the victims—like me.

Let’s say I’m a hacker. I’ve gotten into Alice’s Amazon account and want to place a bunch of orders using her payment info. However, I don’t want her to notice until after I’ve received the ill-gotten goods.

To ensure she doesn’t notice the email notifications from Amazon, I want to “bury” those emails with spam. I can do this by entering her email into tons of online forms. Most will only send a single email—for example, your blog will probably only ask Alice to confirm her email—but once is enough.

This happened to me a couple weeks ago with Apple. Someone used the default billing and shipping info on my Apple account to place an order for an iPhone 14 Pro Max. I woke up to hundreds of emails from various blogs and other sites asking me to confirm my email. Being a security researcher, I knew that meant someone didn’t want me to see something else that had landed in my inbox.

I went through each one by hand. One included the IP address that submitted the form, which was interesting but not particularly useful. Eventually I found the receipt from Apple.

It’s not clear how the attackers intended to intercept the package; presumably, they would’ve tried to convince the courier to redirect it or retrieved the package from my doorstep, but Apple intervened and was able to stop the delivery before either of those happened.

It’s also not clear how the attacker got my billing and shipping info. Apple was able to confirm that my account wasn’t compromised and that nobody had contacted support pretending to be me. That billing info wasn’t used with many other companies.

Edit: You can see what this looks like from the victim’s side here: https://imgur.com/a/DHEJwKh Note that the usernames have the same sort of gibberish.

Top comment by MaxPengwing

My main grief is that recruiters in tech has no clue what they are writing in the job listing.

They also tend to reach out to you over linkedin and refuse to give you the actual job description unless you give them your email/phone-number and CV, which is just infuriatingly arrogant.

My hope is that tech job listings stop listing stuff like Must have Experience with XXX and YYY application/framework and instead start listing skills needed to be success full in the role. Tech becomes outdated so incredibly fast and we're allways learning in our jobs that it's kinda futile to list tech instead of skills.

Sure Need to know Python, C#, Assembler, that is a skill, but applications and frameworks are something that you can learn, and besides each company use them slightly different so you'd need internal training anyway.

Top comment by neom

It's a difficult position. Many of us are teetering on the edge. I couldn't support my wife and I while she continued what she was working on, I had to move home with my parents while she continued on her own so at least one of us could move forward. I felt ashamed, unless, hopeless. We spent over 6 months apart, but our marriage survived, and so did I.

This really helped me:

When despair for the world grows in me

and I wake in the night at the least sound

in fear of what my life and my children’s lives may be,

I go and lie down where the wood drake rests in his beauty on the water,

and the great heron feeds.

I come into the peace of wild things

who do not tax their lives with forethought of grief.

I come into the presence of still water.

And I feel above me the day-blind stars waiting with their light.

For a time I rest in the grace of the world, and am free.

- Wendell Berry

Get out into nature for a day, leave your phone at home, observe reality, walk. The world is mighty, and so are you. :)

Top comment by brutus1213

My take:

1) You have an undergrad degree. The point of the degree is not to teach you knowledge one shot. It teaches you how to learn and problem solve. Your post has a tone of desperation. You need to realize what amazing qualities you bring to any kind of employment situation. Just this alone will make you successful.

2) In your situation, just don't even bother with Leetcode problems. If an employer flunks you for it, so be it. Thank them for the interview practice.

3) You need to apply consistently for jobs. They do not need to be fashionable. Make a website for your local tiny business. Heck .. go to your favorite tiny restaurant that doesn't have a site and ask to make it to them .. pro bono. If you did that for 1 month on your own terms, you will get a resume going.

4) I appreciate the comments posted by people suggesting OSS projects. I think that is too much for you and too long of a path. I recommend making portfolio pages or apps. Remember how you did it in undergrad getting that first job?

5) Stick to boring, mass market tech. Python and Java are great for employment. I would not recommend time with Niche languages unless you want to shoot for the stars right away. Do brushup on git.

6) Don't stress out and don't work crazy hours on anything. Start with 2-4 hours, and build up to 8.

Stay healthy

Top comment by devjab

In my anecdotal experience it's been sort of terrible from the start. In my first interaction with it, it suggested that I use a library that had been deprecated for a few years, which is when I found out it's data cut-off point was in 2021.

We've been building an API with: Asp.Versioning, Microsoft.AspNetCore.OData.Query,, Microsoft.AspNetCore.OData.Deltas and Microsoft.EntityFrameworkCore, and it's been very bad at it. I think it's sort of understandable, because there isn't a lot of documentation or examples for these libraries, and, some of them have changed a lot since 2021, but it can't even write an ActionResult function correctly without a lot of help. At one point we asked it to do something resulting in some very terrible code. When I pointed out what was wrong, it apologized and then proceded to give me the exact same piece of code.

We use it quite a lot, along with co-pilot to test the waters, and so far it's rather unimpressive. From my completely anecdotal experience, it hasn't gotten worse, but neither are useful for things that haven't been solved a million times before. I think the major advantages we're going to see from it is in terms of automated documentation and possibly having it write tests.

That being said, I don't think it's that much worse than google programming. C# documentation is really hard to find. Some of the Odata documentation is a github repository with very few comments and only in-memory example code, but it was easier to find through the use of chatGPT than it was on Google. I do think it needs to automatically include the source and date for what it bases it answers on to help you navigate the answer. What I mean by this is that IActionResult wasn't replaced yet by ActionResult in 2021, so if it simply told you that it's answer is old, then you'd probably be more inclined to look things up in the official documentation. I know I would.

Top comment by snowmaker

Hello - I'm one of the people at YC who work on YC's co-founder matching site (which, if you aren't familiar with it, is at https://www.ycombinator.com/cofounder-matching).

It's not totally clear to me if OP is referring to that product specifically or something else, but I figured I would take the opportunity to get feedback anyway!

We are very actively working on the co-founder matching site and would love to hear from people who have used it - what your experience was and how we could make it better.

We've been running the site for about two years now, since we launched it here: https://news.ycombinator.com/item?id=27750298. Coincidentally, the idea actually grew out of open threads just like the ones OP suggested. We started by experimenting with those threads on HN and our Startup School forum, but nobody ever found an actual co-founder that way.

So we decided to build it as an actual product. Since we launched, over 20 teams that met on the site have gotten funded by YC, and many of them are doing quite well. So we think the early results are overall promising.

That said, co-founder matching is a very hard problem. It's a multi-sided marketplace with complex dynamics, and we know we have a lot of work to do to make it work for everyone. We'd love your feedback if you've tried it.

Top comment by ChrisMarshallNY

Funny story.

I have three domains (.com, .org, and .net) of my [first initial][last name][.tld]. Have had them for a long time.

A defense law firm in Australia, set up a domain, with [first initial][last name].com.au

I used to get regular emails, with terrifyingly personal stuff in them. Many of these emails came from Australian government/court orgs. They probably could have been sued into the mantle for some of the stuff (like juvenile criminal proceedings), that got sent to some random Yank in New York.

I was always careful to forward everything I got to the lawyers, along with contacting the courts, and letting them know their mistake.

In a couple of instances, I was thanked. In most, I was ignored.

No one ever tried the barratry route with me. I actually probably would have sold them my domains at cost, if they had asked, but they never did.

I haven't gotten one of those emails in years. I have no idea why.

Top comment by phphphphp

The thing you want, low stakes low effort programming, doesn’t really exist. The reason Google can survive building everything themselves — and thus giving you and many others endless code to write — is because they have exceptionally deep pockets and army’s of people.

Outside of Google-type companies, people write code to serve a direct business need which means the impressive software engineers are not the people who write good code but rather the software engineers who can use technology to benefit the business — which sometimes means writing code, but often does not.

If you go to a smaller company, even in a software engineering role, even as an individual contributor, expect to spend a lot less time having fun programming and a lot more time solving business problems.

You can absolutely coast in a low stakes environment at a smaller company, but don’t expect that being able to write Google-quality code will impress anyone. At a pragmatic company, people are more impressed by whatever benefits the bottom line. If you’re not a natural at the business side of things, it’ll be much more challenging to impress at a small company than it would be to impress at Google.