Hacker News new | past | comments | ask | show | jobs | submit | rsobers's comments login

Ugh.


not sure are aware, but the actual quote is "The decision to announce the research findings was intended to encourage remediation of the vulnerabilities prior to Election Day".


3 days before the election.... sure it was...


It doesn't seem likely they were seeking contracts or revenue at this time either. Perhaps making a political statement?


Agreed. This is crazy:

1. A rich and powerful person parroting Trump's evil statements --> ban from YC.

2. A rich and powerful person helping put Trump in a position to turn his evil statements into reality for an entire country --> No ban from YC.


It's not crazy. Banning people because they have political opinions you disagree with is insane and will destroy democracy and polarize society.


Opinion laundering.


> 1. A rich and powerful person parroting Trump's evil statements --> ban from YC.

Has this happened yet?


Sam stated anyone that said what Trump does would be banned.


Eh, you'd be surprised how much value a company can get just by marrying a few data sources (e.g., marketing automation + google analytics + CRM).

Doing this right now manually piping data into PostgreSQL via Heroku and using Chartio to visualize and query.


I like the idea of a marketplace, but I don't think background checks and references are the way to build a credible list of the world's best pentesters.

I think what patio11 is doing with Starfighters.io is orders of magnitude better. Run developers through a gambit of supremely difficult tests via a fun CTF-type game and pair the best hackers with the highest enterprise bidder. Works not just for pentesters, but all devs really.

Also, I know where to get the best pentesters because they're listed on all the top companies' bug bounty pages. It's proof of skill I'm after, not some Gartner-esque gatekeeper telling me who's best because they've "background checked" them.

Give me a system more like StackOverflow or Starfighters where I can see the work. Not something subjective like eBay or Yelp, which can be easily gamed.


I hear you and I get it. What you are describing are security-focused pen testers, mission-focused red-teams. They are absolutely welcome, and they are a subset of the pen-tester universe. They are not a good fit for someone needing to get a PCI pen test, but they do incredible work in other areas. It highlights the point in the blog that the landscape of finding the 'right' pen-test team is not easy. Some are brilliant at one thing, others at many, but even an elite group may not be the right fit for the task at hand.

We are taking the feedback system seriously and are slowly testing it out. An easily gamed system is useless for everyone.


I'll be interested to see what you come up with!

But why must demonstration of skill be limited to elite red-team style pentesting? You could devise challenges geared at demonstrating all sorts of knowledge (HIPAA, PCI, websec) basic or advanced.

If you've seen the sad state of PCI audits in particular these days, you'll get my drift. I think there's a huge opportunity here to raise the quality bar with your marketplace.


What? Do you seriously think that the best hackers will bother to jump through hoops set up by patio11?


We're hoping to be less "hoops" and more "a fun experience which competes with someone's Starcraft/Instagram/Game of Thrones/etc time" that also happens to be really useful the next time you're in the market for a job.

Take a look at the leaderboard for Microcorruption some time. It's public. (SF's are not, as a considered design decision for the moment.) If you do and cannot understand the claim I am making, that's cool, but I feel no particular need to elaborate.

More important in the long term than the names you will recognize are the names you will not.


In my experience, skilled people have no qualms about showing their work. I don't care if it's through a game, research, conference talks, whatever.

I'd just want more proof than "Bob says he does a bang-up job" -- there's so much incest in enterprise, recommendations and upvotes mean nothing.


I would change:

> Moments, which we launched last week, is a great beginning.

To:

> Moments, which we launched last week, illustrates the problem. It missed the mark.

I honestly don't think Jack or Ev think Moments, in its current incarnation, embodies what Twitter is or should be.


Won based on what criteria?

Atlassian has over 1,100 employees. When I was at Fog Creek we had ~30.

So if we're talking about profit per employee, I can assure you the people who built FogBugz don't feel like they've lost anything.


Does the data ultimately live upstream on a corporate file server somewhere? Or is it pure peer-to-peer sync?


The data ultimately lives upstream on a corporate file server, so long as you install the "AeroFS Team Server" -- which is the backing storage agent. The Team Server is indeed optional, so you could theoretically just run things in a peer-to-peer manner, but really the recommended environment is to have the Team Server up and running.


I think there's some truth in what you say about stroking journalists egos, but remember, nobody is forcing Uber to play so aggressively; they're doing it for the sake of growth.

Revolutionary, fast-growing, successful companies are going to be scrutinized no matter what. It's up to the Uber exec and PR teams to decide when to put on the brakes--at the expense of growth--to avoid it.

Certainly there are other groundbreaking companies (e.g., SpaceX) that haven't found themselves in Uber's position, and it's likely due to their leadership, not their ability or willingness to pay off journalists.


To start, the Uber exec was suggesting that they do their dirt-digging anonymously ("Nobody would know it was us.").

Also, those articles you linked to are examples of journalists providing commentary around direct quotes or facts/reports about the company. AFAIK, Sarah Lacy didn't dig up and expose personal information about people at Uber nor their families.


According to Levie, Box has 99% of the Fortune 500. Does it really count if 75 people in Toyota's marketing department uses Box to share a few hundred gigabytes of files?

The numbers don't lie: "Box’s average customer value (ACV) is $3,653, much lower than the median of 59,600." [1]

They're selling "enterprise" software at SMB price points.

Setting aside security concerns, getting a big enterprise to move a substantial part of their IT infrastructure to the cloud is a logistical nightmare. Perhaps they underestimated this.

[1] http://tomtunguz.com/box-ipo/


Is this supposed to be feedback on his talk? If you watched, Levie is implementing his own suggested wedge strategy.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: