Like what you see? Subscribe here and get it every week in your inbox!
Issue #269 - May 5, 2024
If you are looking for work, check out this month's Who is hiring?, Who wants to be hired? and Freelancer? Seeking Freelancer? threads.
Here are the top threads of the week, happy reading!
1. Ask HN: How do people create those sleek looking demos for startups?
Top comment by peteforde
Arcade looks genuinely great, so thanks for posting this question.
Several folks have already mentioned that the real value of screen capture tools is to create assets that can be used by a person whose job it is to explain abstract concepts to an audience. I would go so far as to say that if you're a founder, hiring someone who is really good at product videos is something you should 100% outsource even if you're talented with storytelling and motion graphics. It's a distraction from your key priorities, and you don't have enough distance from the subject matter to be objective about what's okay vs great.
I'd like to add that it's really debatable that a video where someone rapidly zips around an interface that they haven't used is actually something people want to see. I suspect that on its own, such a video is often not the huge win that it might seem.
Also, if a process is really easy (press a button, enter a credit card) then you can bet your ass people will soon be tired of seeing the same presentation with different marketing copy.
Things that were absolutely novel at one point include: agent chat widgets in the bottom right corner, presentations that tween and zoom on every slide, infinite scroll newsfeeds, captchas. All timeless things people love more and more every day, right?
2. Ask HN: How to handle user file uploads?
Top comment by kevincox
I would encourage not directly using the user-uploaded images. But uploading directly to S3 is probably fine. I just wouldn't use the raw file.
1. Re-encoding the image is a good idea to make it harder to distribute exploits. For example imaging the recent WebP vulnerability. A malicious user could upload a compromised image as their profile picture and pwn anyone who saw that image in the app. There is a chance that the image survives the re-encoding but it is much less likely and at the very least makes your app not the easiest channel to distribute it.
2. It gives a good place to strip metadata. For example you should almost certianlly be stripping geo location. But in general I would recommend stripping everything non-essential.
3. Generating different sizes as you mentioned can be useful.
4. Allows accepting a variety of formats without requiring consumers to support them all. As you just transcode in one place.
I don't know much about the cost on the AWS side, but it seems like you are always at some sort of risk given that if the user knows the bucket name they can create infinite billable requests. Can you create a size limit on the pre-signed URL? That would be a basic line of defence. But you probably also want to validate once the URL expires the data uploaded and decide if it conforms to your expectations (and delete it if you aren't interested in preserving the original data).
3. Ask HN: Modern day equivalent to HyperCard?
Top comment by rickcarlino
1. Decker is the closest modern equivalent https://beyondloom.com/decker/
2. Bubble is easy for non-coders. https://bubble.io/
3. Gambas BASIC is a bit more technical, but will give you hard 90's vibes (Linux only) https://gambas.sourceforge.net/en/main.html
I think the advent of LLMs might make these types of tools more accessible to non-coders, or at least I hope so.
4. Ask HN: What's the best charting library for customer-facing dashboards?
Top comment by kfor
I like Vega-Lite: https://vega.github.io/vega-lite/
It’s built by folks from the same lab as D3, but designed as “a higher-level visual specification language on top of D3” [https://vega.github.io/vega/about/vega-and-d3/]
My favorite way to prototype a dashboard is to use Streamlit to lay things out and serve it and then use Altair [https://altair-viz.github.io/] to generate the Vega-Lite plots in Python. Then if you need to move to something besides Python to productionize, you can produce the same Vega-Lite definitions using the framework of your choice.
5. Ask HN: I have been unable to land a job in two years, does anybody
Top comment by kristopolous
I wouldn't hire someone presenting themselves like this. My immediate energy is "disagreeable and difficult" and it fails the vibes test.
I know that's stupid but it's also real.
Use something simple like linktree and go way deeper on your blogposts if you want to use that. When I'm in a hiring manager role, I'm looking for works that express depth and competency.
Really, if I can find say, 100 or so lines of competently written code, I'm interested. As far as what that means, take https://js1k.com/ and click on any of them and go to the demo details. I just picked a random one: https://js1k.com/2019-x/details/4167 ... I see that code and I think "well this person seems to know what they're doing, it's worth a phone call".
Or let's take https://allrgb.com/ ... any one of them take pretty decent understanding and coding to do (here's a random one: https://allrgb.com/random-triangles) Make one, do a writeup on it, release the code and present that.
Another tactic: Any large software project. Let's take Libreoffice. Bugs from the last 7 days: https://bugs.documentfoundation.org/buglist.cgi?chfield=%5BB... ... or the 1000 open tickets on wireshark: https://gitlab.com/wireshark/wireshark/-/issues start fixing them. There's plenty of work to do.
If your work is good, the jobs will actually come to you. Most companies are desperate for good, motivated, easy to work with engineers.
6. Ask HN: Anyone else depressed by the relentless monetization and spying?
Top comment by VelesDude
For the most part I have adopted the trope of 'the only way to win is not to play'. By that, I mean checkout of online life as much as possible.
The issue is that if 95% of folks decide against building these systems of oppression, that 5% remaining will still build it. And then the other 95% will justify it as "If I don't, they will". The sign of moral corruption at work. And those that do it will always have a 'claim to virtue'. They are innovating this that and the other under the disguise of progress. The real question is, was it worth it?
The weirdest part is that Richard Stallman essentially spelled it out in full back in the late 1980's and almost nobody listened.
7. Ask HN: Can Devin genuinely replace the roles of developers?
Top comment by fhd2
My perspective (as a CTO who's hired hundreds of developers in the past 12 years) is that I don't have a use case for Devin, from what I've seen about it.
That comes down to why I hire developers in the first place: To share my responsibilities with people I can trust.
I don't hire them to write code or to close tickets. The act of programming, I consider an exercise that helps them understand the problems we solve and the logic of our solutions. I'm always excited when I have a well specified ticket I can hand to a new hire to learn the ropes. So the kind of thing I can imagine Devin can pull off at some point, that'd actually be detrimental to the kinds of teams I build.
I don't think I represent the majority of why people hire developers though, so I guess tools like that may well have a big impact on the industry. Nobody can predict that though.
Uncertainty sucks, but it's how things are. I find the best way to deal with uncertainty is to become better at adapting to unforeseen circumstances. Programmers have quite a bit of experience with that, for what it's worth.
8. Ask HN: How do I stop political SMS spam?
Top comment by SaberTail
If you're in the USA, don't donate more than $200 to any political campaign. If you donate more than $200, then those contributions have to be reported to the FEC (Federal Election Commission). Those reports are publicly available, and include your email address and phone number. Other campaigns, then, harvest that information to build their own list.
$0 might be a better number, since campaigns will also sell their donor lists to other campaigns, but having your information out there in public means anyone running for dog catcher anywhere in the country can reach out to you to beg for money.
9. Ask HN: What fields or technologies are you excited about?
Top comment by hiAndrewQuinn
Don't laugh. I am really, really excited about Bash and vanilla PHP.
I landed myself in a shop that sells, essentially, tiny locally-networked systems of specialized Linux boxes. Yes, our core offering is running on the JVM, but all along the edges there is just so much Bash and PHP.
I don't think I'll ever work in a place again where I have this much opportunity to become a genuine old school shell and webshell wizard again. I want to master the Primordial Arts, their endless exceptions to exceptions, and come out the other side as a true master of something completely fucking ridiculous.
I did it once with Microsoft PowerShell. I can do it again.
10. Ask HN: In the event of an apocalypse, how long until we could produce CPUs?
Top comment by Tade0
The first amplifying vacuum tube was patented in 1908 and you could produce a crude computer from that, even if terribly inefficient.
I imagine civilisation would wind back to around the 18th century, because we would understand things like fertilizers, calculus and how to make steel, but could not immediately use that knowledge to produce steam trains, bicycles or saxophones.
So, assuming an accelerated pace of development thanks to some of this knowledge surviving I'd say 50 years give or take.