I think it's great because although dominated by Ruby (Griffin is a committer on Rails, and I gather it's ThoughtBot's main language) the discussion is typically applicable to other languages, or focuses on a human element. I don't think I've ever written a line of Ruby, and I enjoy it.
There's also some Haskell discussion and more recently a lot of Rust - Griffin having created the Diesel ORM .
The format's great though, and as a consequence never sounds like a contrived dialogue - it typically starts as a "what have you been working on this week", and that recent real experience turns into a more general discussion around whatever it was.
I can't really recommend it enough, I only found it fairly recently, and went back through to listen to the entire catalogue of episodes.
- 0: https://thebikeshed.fm
- 1: https://githib.com/sgrif
- 2: https://github.com/diesel-rs/diesel
Regular listens - shows to which I subscribe, in rough order of how excited I am to see them show up in my podcast app:
Not So Standard Deviations 
Talk Python to Me 
The Versioning Show 
Data Skeptic 
Occasional listens - not subscribed but regularly check for interesting guests:
Data Stories 
Partially Derivative 
I tried Software Engineering Daily last year and wasn't a big fan - based on the following here I'll have to give it another shot.
0 - https://soundcloud.com/nssd-podcast
1 - https://spec.fm/podcasts/immutable
2 - http://shoptalkshow.com/
3 - https://talkpython.fm/
4 - https://www.sitepoint.com/tag/versioning-show-episodes/
5 - http://dataskeptic.com/
6 - https://datastori.es/
7 - http://partiallyderivative.com/
I have tried several tech-related podcasts, but gave up on most within a couple episodes.
One common format is a host who brings on a new guest for an hour-long interview each episode. My main gripe with these is they're too long for the amount of substance they contain.
I ended up basically scrolling the archives of these shows to pick out only the guests I was already interested in, because the random ones just weren't worth the listening time.
The podcasts I keep coming back to are concise, edited episodes of 30 minutes or less. Most of these aren't directly related to the types you're looking for, though. I'd love to know of more.
StackExchange Hanselminutes SE-radio SEI podcast Cognicast Software Engineering Daily
Last year, I listened through a lot of the Changelog's back catalog. But I sort of maxxed out on it because my interest is more toward the infrastructure than the front end development tools.
Developer Tea is along the same lines, straddling between technical topics & career development.
Soft Skills Engineering is entirely focused on, well, soft skills.
Leader.team is just getting started but they seem to be a good resource for technical leads & managers.
and it's not a technical podcast, but Creating Disney Magic (Lessons in Leadership, Management, and Customer Service) with Lee Cockerell is a must-listen for me every week.
Developer on Fire tends to feature more personal interviews with software developers.
Software Engineering Daily produces episodes at a similar rate to the previous podcast but discussion tends to be product-oriented.
Coder Radio can be good fun sometimes. The hosts can sometimes be a bit over the top.
 http://www.se-radio.net/ http://developeronfire.com/ http://softwareengineeringdaily.com/ http://www.jupiterbroadcasting.com/show/coderradio/
Edit: funny replaced with off topic
My favorite podcast because the hosts (a) are highly talented developers (b) did careful research for each episode (c) chose common Apple programming challenges as the topic for each episode.
Sadly, it died last year, and I've found nothing out there to fill its void.
In addition, ICANN the organization will have new accountability measures that will allow the community to challenge decisions it makes. It provides new powers like spilling its Board under certain circumstances.
One of the main drivers to change the current setup is NTIA's role above is seen as undue US government influence in what should be a purely technical operation by many. Over the years some have advocated fundamentally altering how ICANN works (like moving it to the UN) because of the US Government's influence. By transferring the primary oversight role to the multi-stakeholder community (users, business, non-profits, etc.) who have always really driven ICANN's decisions anyway, it is hoped that that criticism will go away and pressure to fundamentally alter how it works will dissipate.
I think a lot of politicians (ahem Ted Cruz) are trying to frame the transition in a shadowy way to discredit the current administration, but its simply a procedural thing thats been in the works for a long while.
ICANN has a list of squashed conspiracy theories. https://www.icann.org/iana-stewardship-questions
But for many years no one did this, except very rarely. And the honors were left to some folks in the US, IANA/ICANN. Do not be fooled by the acronyms and the fabricated processes and formalities on the official websites. IANA was essentially one person. Bless the hearts of those who worked to create the early internet but these "organizations" derive their "authority" from nowhere. The internet is an abstraction, a term to describe different networks that cooperate.
The generally static nature of the root.zone file changed recently. It has doubled, maybe tripled in size and is now filled with TLDs such as .loans and .cologne. As well as trademarks such as .google, .microsoft, etc. These can also capture traffic from users who type strings into address bars that are not FQDNs.
ICANN charged $85K+ just to bid on these beauties; they made some very easy money. Most of them are worthless. Exit time for ICANN. :)
Now that it is filled with garbage, and perhaps anticipating some finger-pointing, it is time to acknowledge that the root.zone belongs to everyone and is managed by all countries of the world, not only the US.
The "transfer". More fabricated formalities.
The truth is that anyone can exercise control over the root.zone file, and anyone can serve it. Whether you choose to follow them or not is up to you. (Most users just let default DNS settings decide this for them.)
Similar to the early IANA, one person can do this job. I maintain and serve my own root.zone. I am the only user but there could just as well be hundreds of users. This could grow to thousands which could grow to millions which could grow to hundreds of millions which could grow to...
This is what happened with the DNS. It started out small and grew big. Believe it or not it is still not that big. I could fit all domain names in existence on consumer-sized storage media.
Thus concludes an opinion. Mildly informed.
Right now domains like wikileaks.org and thepiratebay.se exist. Will they continue to exist in the same manner going forward? Or, in a few years, will attacks on these domains be made, and their domains seized?
I'm really concerned about this, above all.
Milton Mueller at Internet Governance Project (1).
his latest blog post may shed some light (2).
This is the primary issue I have with every single one of ICANN's rebuttals: nothing will change (so they say), and yet, here we are, making a change.
Okay, then, here's a stupid question: why is a change being made? Ted Cruz may be an ass, but that doesn't make ICANN's position correct.
If nothing will change, they guess what? No change is necessary. If it ain't broke, don't fix it.
If something will change, then ICANN should be entirely up front about what that change exactly is. Instead, we get a bunch of denials that nothing will change, the US has no current role anyway, yadda yadda yadda, but serious you guys, we have to change this right now.
We're talking about managing the DNS system here, that's not an "insignificant" thing, as other commenters have suggested.
Yes, existing ASes can already block specific domains today. Fine. But ICANN could easily become a Title IX-type situation, where ASes are forced to block specific domain names in order to remain part of the global Internet system.
It's true it doesn't police ASes that direction today, under the existing ICANN governance model, but there's (to my knowledge) no reason why that couldn't be true today (under US control), and I see no reason why adding "more stakeholders" will make the situation any less likely in the future. If anything, it makes it more likely: look at the UN. Certainly ICANN itself doesn't think it's any less likely, but here's what they don't say: with this change, it'll be extremely hard for US citizens to fix if it does come about. That's not "insignificant" to me.
 For instance, consider how the US Justice Dept. is using "Dear Colleague" letters in 2016 to force schools to adopt a less-rigorous sexual assault policy or face loss of federal funding. ICANN could apply similar pressure to ASes in the future (not funding, but zone updates or whatever).
Then, the international corporation would decide what websites you can access, and if the website you want to have a look at doesn't adhere to the corporation's view, it will simply become inaccessible.
There is also the question of political relevance; that is, why the urgency? Why require that this be passed during the Obama administration just before an election, and without congressional input?
To stop this? See this petition.
https://wh.gov/iMbbvWhich routes to:https://petitions.whitehouse.gov//petition/stop-icann-handov...
ALSO, an interesting side note:
What exactly was wrong with the 1998 setup? ISI and Jon Postel were managing fine back then.
I also don't recall a "US control over ICANN" that could be "relinquished" being part of the original ICANN proposal. I don't think that would have gone over well with the European operators at the IETF meetings. If it had been they probably would have stuck with the CCITT's x.25 networks, Minitel and such.
- size of backlog
- time new requests spend in queue
- cost of delays to the business
Mistakes, rewrites, late nights, firefights, and deadlines. Core dumps, memory leaks, hardware faults, and plain bad luck. Big O, data flow, always learning -- or out you go. Manager metrics, schedules hectic, methodology hegelian dialectic. Taking the heat, feature creep, open office, uncomfortable seat. Holy wars, revolving doors, carpal tunnel, all you can take? There's always more. Fucking suits, random reboots, and the ever present "thousand language stare". Oh yeah, pressure -- lots of pressure. And time, time, time. Metric shitloads of time. Time, man. You gotta do your fucking time.
My experience is generally the people I recognize as having deserved the title don't _simply_ just code. Not only do they write code that works and delivers the feature in a timely manner, they make it so the next 3 features to come out in that area can be done quickly by junior developers. Not only do they code, but they make everyone around them better coders. Not only do they code, but they also think strategically about what the team needs to keep going two years from now. Not only do they deliver the project, they get everyone excited about delivering the project.
I once read someone say "there's a difference between having ten years of experience, and having the same year of experience ten times." Time is a factor, but it's also whether you've exposed yourself broadly and deeply to new technologies, approaches and experiences so that when you are in a new situation (technical or otherwise), you have patterns for how to deal (or the self awareness to know that you don't know how to deal). So, part of it is time, but part of it is spending that time wisely.
Senior developer is about wisdom as opposed to knowledge. Juniors may learn things quickly, but what distinguishes senior is that you can trust them to do the right thing which is not always technical problem.
I like to compare this to asking children a question that they don't know the answer to. Some children will feel they have to come up with some answer and some will say that they don't know.
Junior developers too frequently feel pressured to produce a result and they don't see how saying that they don't know something is making them closer to producing anything. Senior developers know from their experience that this is just as important to know when you don't know something as it is important to know things. They will not feel too bad about not knowing something because they know the alternative is even worse.
It can happen even with two years of experience.
From https://rkoutnik.com/2016/04/21/implementers-solvers-and-fin..., which is a really great read.
Our industry is way too obsessed with fashion... sooner or later you realise that most of the "new" stuff is largely existing ideas re-hashed in a slightly different form. Senior programmers realise this and can pattern match to understand the role of various new technologies, and learn the details if and when necessary.
How do you get there? You already are, you just don't realise it yet.
No, I'm not being snarky, so hear me out...
I've met and worked with many developers over the years and lots of them have become very good with technology and user domains, but still have struggled to "crack the digital ceiling". These are brilliant people who have achieved serious things, but are still not recognized by the big decision makers as "senior", whatever that means.
Then there are a select few who always get the big gigs, big money, and big reputations. Why? Because they best satisfy their customers. There are lots of non-technical skills that help them, but I think the biggest is their ability to separate the signal from the noise and zero in of the most important things to work on and to get them done. It's almost like they have "satisfiability radar". And this rarely requires any special technical or people skills. All they really have to learn is a good grasp of the technology, a deep understanding of the customer's domain and business, and the ability to get things done through others. And how did they develop them? By good old fashioned grunt work, whether digging into the bowels of the system or getting up off their butts and relentlessly going around finding out whatever they needed to know.
Once you've figured out the best thing(s) to work on to best satisfy your customers, got them onto the decision makers' radar, and found a way to get them done one way or the other, you are no longer a dev or even a senior dev. You're now a digital rainmaker, the most senior dev of all.
1. Technical Skills a. Great programmers: are able to write modular, well-tested, and maintainable code b. Know a domain really well and radiate that knowledge
2. Leadership a. Begins to show architectural perspective b. Leads the design for medium to large projects with feedback from other engineers
3. Code quality a. Leaves code in substantially beter shape than before b. Fixes bugs/regressions quickly c. Monitors overall code quality/build failures d. Creates test plans
4. Communication a. Provides thorough and timely code feedback for peers b. Able to communicate clearly on technical topics c. Keeps issues up-to-date with progress d. Helps guide other merge requests to completion e. Helps with recruiting
They were forced to offer me position of senior developer and no other company after that dared to offer me lower position.
Junior: Can do it with guidance and/or clear and non-transitional specs
Developer: Takes the ball and runs with it. Can walk a customer through requirements gathering and make recommendations. Will help guide junior developers.
Senior Developer: Can architect a system well. Can communicate equally well between executives, salespeople, management, and end users. Can and will mentor lower level developers. Can explain concepts on the fly to lower level developers and walk them through the development process in terms they understand. Takes initiative at learning new technologies.
2) When you get asked by the business to do something you question what they are asking and the motivation, and then determine the best course of action based on their motivation rather than delivering the specific task they asked.
That's it really, it's nothing to do with your coding ability but more to do with your mentoring ability and problem solving skills. This is what is valuable to your colleagues and the business. Any answer related to coding ability is missing the point, it's important, but after a few years most people are the same programming level - it's just some people can help at the team or business level which is what makes you senior.
More seriously, except for very big and very hierarchical orgs where tenure is overly important, people will tend to give you the senior title when your work is indispensable. To be indispensable you don't need to know by heart this technology or the other - you need to identify what are the things that bring the most value and work hard at delivering them.
Senior people have made the right mistakes, wasted weeks of time, and know what to avoid, what to embrace, and what to ignore. A senior dev can understand the requirements and figure out what is important and deliver something without a lot of external input.
So to answer the original question: it is impossible to know.
> But I feel like I'm always a step behind the rest.
Don't look at things in this way, low self-esteem is the worst you can get. There are always people better than us, but their skills and knowledge weren't conjured up. Even extremely talented people need time to learn. And if you don't feel like learning new things may make you better, why to feel guilty? If you're not a Java programmer, why to feel bad because you don't know Spring or other details perfectly? You wrote you do things fast and correctly. So you're better than, say, 90% developers who work slow and produce crap. :)
As others have mentioned as a senior you can be left to implement changes without guidance, you will clean up issues as you come across them instead of leaving it to others, you suggest improvements, you make time to mentor and guide more junior members of the team, you know how to relate to muggles and you act like a team captain.
Knowing lots of different hosting environments and languages comes with experience. The approach you take to your role show's your all rounded skill set.
To sum it up I will use .NET as an example, in my eyes when someone says I am a senior .NET developer I assume that she/he has: - used UMLs, - knows how to write proper OOP and understands SOLID, - can use MS SQL and some kind of ORM, - uses some of the testing frameworks (e.g. NUnit), - knows how to deploy application whether on IIS, or install it with ClickOnce for example. - know how to handle source versioning (TFS or whatever is your poison)
I probably missed a few things, but that's about it for me. If a senor doesn't have these skills I assume first that she/he has great knowledge of company business which would make her/him a valuable asset, or that she/he got lucky, or it's a crappy company :)
My main problem with thinking about developer roles in this way is that there's obviously no standard for what constitutes seniority. It varies between and sometimes within organisations. Advertising it, glorifying it, striving to achieve it, all take the focus away from far more interesting things that you can say about yourself and aim for.
Are you working on interesting projects? Are you learning new stuff? Are you being challenged technically? Are the other people on your team good developers? Do you enjoy what you do?
Seniority as an end in itself seems like a hollow objective to me. And making a big deal about it in a recruitment context takes the focus away from more meaningful topics.
1 year later new and shiny will become the standard, there will be thousand of beginners and you'll be one of the few "senior" developers on that technology.
Of course you'll already be learning the new and shiny that will become the standard 1 year later.
To me the things that make a senior developer are:1) you give them a project, even an ambiguous or large ones, and expect it will work out fine.2) they have been around enough different situations that they likely aren't going to be thrown for a loop by new challenges.3) they mentor their fellow less senior developers.
To get there you need 2 things:1) bare time, you just have to put in the time2) variety of projects - if all you have is a bunch of time on the same problem you are unlikely to have developed the breadth of knowledge you need.
- you are technically competent
- can handle design aspects of full stack (backend, persistence, frontend)
- have enough credibility and confidence to say NO to business people
- you can lead a small team of developers (2 to 5 people)
Our senior developer is always thinking about the business value when estimates are made vs quality. He even does not do alot of softwae development, but is always asked to help out other developers, system engineers and even management to give advice.
To be able to do that in a professional way, your vision plus skillset makes you a senior imo. Not just the years of experience and amount of skills you have.
Some times it's given to people instead of money.
Don't worry about the title. Worry about getting good at what you do, and an asset to your team and organization.
They have to have the basics we all need as engineers simply to pass the interview process. The data structures and algorithms, Big O and be able to walk through systems they have worked on in the past and the trade offs they made and why.
Then on top of the basics I look for a few more things. Usually the understanding of multi threading, multi process, asynchronous programming is very different between junior and senior folks. I dive into distributed systems and see if they have any exposure. I dive into multi paradigms and how deep their knowledge is in their respective toolset they have listed on their resume.
I don't necessarily think you need to know multi threading in and out, or distributed systems in and out, or your tool set in and out. You certainly need to know one or two of those though. You need to have some body of work you can speak very well to, this is a huge indicator of seniority. Mentorship and all the other things that go with that help differentiate as well between junior and senior.
I don't think there is a hard rule anywhere. Different folks will look for different things and at least where I work those things I listed are very important differentiators.
A solid general code understanding is also needed in my opinion. This includes things like using documentation over googling everything. If I pair with a senior and he types "golang how to do x" on every problem, I probably wouldn't consider him senior. (Not saying googling is bad. Just don't be a copy-paste-from-stackoverflow engineer)
With that, I also hate the term "senior engineer". I got friends with 3 years of work experience that are now "senior" because a company hired them under a senior position (basically more salary) and the companies after that just did the same because "well he already is a senior, right"? This also generates a strong in-balance inside the team with a hierarchy that shouldn't be there. I am usually advocating for getting rid of job titles and calling everyone just "Software Engineer"
I am now 6-7 years into my career and don't consider myself senior. When people in interviews ask me what my career goal is, I usually mention I want to be able to consider myself senior as the next step.
The true power to make you senior is how you train your brain to think and abstract. This will boost your capability of design rather than just coding
I consider senior someone who:- knows how to mentor juniors- knows his way around tech, even if he never used a particular product- most important, can communicate effectively with stakeholders and devs.
The best "senior" is the one who nags everyone to get stuff moving forward. Doesnt mind getting his hands dirty and going by people's desks to make sure the team delivers.
You may need to brush up your marketing skills in order to promote yourself as senior. Don't get impressed by people that know stuff.
Since I started programming my work-behaviour changed from asking people all the time when I don't know what's happening to reading their code.
I think developers are considered senior if they can work on their own.
Like, if you get all the engineering practices of designing, implementing and maintenance done without much help.
Another aspect that seperates seniors is their ability to talk and present to senior or top management.
Seriously, I worked for a place where thay was the rule.
Titles are somewhat meaningless. Apparently I'm a consultant these days...
Senior is the difference between keeping your eye on the big picture and helping to move your team forward to the objective in a timely manner to achieve the business objectives that drive the company forward. It's the ability to step up and lead your team when called for. It's the ability to make decisions balanced between what's technically right in the short and longer term without losing sight of the end goal.
Never forget that you're not paid to deliver software just to deliver amazing software. The software you deliver is a tool, a means to an end. That may be to cut costs, it may be to increase profits, it may be the lifeblood that your company's stock price hangs on.
A junior developer may be amazing with the tools provided and may have some good architectural sense. They may need some, or a lot of hand holding. A junior developer generally has their head in the code most of the time and may but probably shouldn't be expected to understand or care about the objectives of the business as a whole. You give them a feature to develop and can largely expect that they will need all of the dependencies to hand. They may have a good handle on debugging and unit, integration and functional testing or this may be something they need to learn. This is OK.
An intermediate developer can be given objectives regarding code and architecture and left to their own devices and trusted to deliver on their objectives in a timely manner. By this time, you should expect to at least understand the business objectives and be able to think critically about the code they're providing in order to meet those objectives. I would expect an intermediate developer to have enough of a clue about architecture that handed a feature requirement and some architectural direction for how to integrate it, they could architect it competently and integrate it and know where to go to ensure any dependencies are satisfied. They will have a good handle on debugging and at least unit and integration testing. They may have a good handle on functional testing and debugging production code.
A senior developer is someone in my mind who who can be trusted with the business objectives, can chase down architectural advice, from an architect or UX input or whatever else they need to get the job done; they can communicate effectively with stakeholders and the business; they can be expected to dig in and fill any gaps that would prevent delivery or cause problems in production. They can delegate pieces appropriately and deliver what is expected in the allotted time frame. They may be someone that can step up as team lead/team manager, or lead from the back and be the glue that gives the team cohesion. They can be expected to have the discipline to take care of things properly when nobody is watching. They can be expected to help debug production issues and be among the first to muck in when the shit hits the fan to help resolve production issues.
So you see, the difference between junior, intermediate and senior doesn't have an awful lot to do with code or tools. You will expected to either be or become a master of your tools whether junior, intermediate or senior. You will be expected to do this on the fly, on the job, regardless of everything else that is going on around you. This is part of being in this industry. You will be expected to keep up with the codebase and dig in and understand it at whatever level you're at. These are all prerequisites for your job as a developer, they are not a prerequisite for your title. There's a big difference.
If you want to make the jump from junior to senior quickly, here's my advice: Find the most gnarly difficult problems your company is having and dig in and help solve them consistently. When you've put yourself through the wringer; when you've suffered the late nights, the stress, the anguish about whether or not you've got what it takes to do this job. Do this until you get to a point where you think you've seen every last problem that could possibly occur, and despite that, something else hits you out of left field and knocks you clean off your feet. Do this until when this happens, you just get back up and keep going. When you get knocked down and get back up when everyone else would say fuck it, when you can be trusted to make shit happen when everyone else would say fuck it - this is when you can call yourself a senior developer.
"Out of the 39 000 men and women that make up the United States Coast Guard there are only 280 rescue swimmers. This is because we are the Coast Guard's elite. We are the best of the best. When storms shut down entire ports, we go out. When hurricanes ground the United States Navy, we go out. And when the holy Lord himself reaches down from heaven and destroys his good work with winds that rip houses off the ground, We. Go. Out." - Ben Randall, The Guardian
Live by example.
Above that, it depends what you want to do. If you fancy managing people, you can be a team/tech lead, or if you don't, then there is the title of "expert"(only a handful of programmers who worked here 10+ years have those).
In my understanding, a senior engineer is an engineer that can contribute without the need for technical supervision.
Now, not requiring supervision is different to leadership. A senior engineer is often an individual contributor, not necessarily a team technical leader.
Some others I like:
- Momentum (https://chrome.google.com/webstore/detail/momentum/laookkfkn...)
- Hacker News Enhancement Suite(https://chrome.google.com/webstore/detail/better-history/obc...)
- Better History(https://chrome.google.com/webstore/detail/better-history/obc...)
- HTTPS Everywhere - by EFF, works alongside the HSTS preload list to improve HTTPS coverage (https://www.eff.org/https-everywhere)
- Privacy Badger - By EFF again. Blocks scripts. (https://www.eff.org/privacybadger)
- Send to kindle - Sends articles directly to my kindle (https://www.amazon.com/gp/sendtokindle/chrome)
- iReader - Quick and easy readability extension that lets you read badly formatted extensions. (https://chrome.google.com/webstore/detail/ireader/ppelffpjgk...)
- Ad Block Plus 
- Nimbus Screenshot and Screencast 
Full Page Screen Capture. It can auto split very long page for me.
I'm sure it has many features, but I just use it to quickly delete cookies for one site, primarily on my development sites.
I use it a couple of times a day, probably.
Most common use case: I switch rails projects, and being on the same localhost:port address, it tries to use my other cookies and causes problems. I delete them in 2 seconds.
Visual History - augment back/forward with tree-like hierarchy navigation (disclaimer; made this one)
* move around the page
* click on links
* opening new page from browsing history
* refresh page
Basically the only time I need to use mouse or trackpad are pages that have incorrectly marked links (they just add some on-click behaviour without marking element as link)
Marker - https://getmarker.io .
This Chrome extension allows you to capture a screenshot, annotate it and create a GitHub issue, a JIRA issue or a Trello Card without leaving your page
It's pretty powerful for bug reporting.
Disclosure: I'm the founder :)
ScreencastifyVideo capture from desktop/tab/webcamhttps://chrome.google.com/webstore/detail/screencastify-scre...
The Great SuspenderAutomatically suspends unused tabs to free up system resourceshttps://chrome.google.com/webstore/detail/the-great-suspende...
Open ScreenshotCan capture an entire page, even if bigger than screenhttps://chrome.google.com/webstore/detail/open-screenshot/ak...
So I have only 5 of them installed.
From chrome web store:
* blank ntp (shows a blank page, rather than the chrome default)
* ublock origin (duh)
Not from the web store (I "trust" them, for I wrote them):
Full Page Screen Capturehttps://chrome.google.com/webstore/detail/full-page-screen-c...
- Pocket (https://getpocket.com/chrome/) - To read something later.
- Pushbullet (https://www.pushbullet.com) - Less wonderful since they make Universal Clipboard a premium feature, but still the most graceful way to get content across from phone to laptop and back.
- Better History (http://better-history.com/) - Because let's face it, Chrome history sucks.
- Any.do (https://chrome.google.com/webstore/detail/anydo-extension/kd...) - I've stopped using the app on my phone for most part, but this extension is still easier to use than adding things to your calendar.
Without it, the web is a totally different place.
Dynamite  - right click on anything than Dynamite / Hide element or selection and it removes a DOM element that was under cursor. Sometimes you have to to this several times to remove something. Firefox has Nuke Anything Enhanced . It allows me to:
- get behind obnoxious popups with no visible close button
- get through dumb subscribe-wall
- remove annoying floating navigation bars (really handy if you like to resize browser windows like me)
The Great Suspender  - it unloads tabs unused for specified time and allows to reload them on click. I forgot which one I used on Firefox.
FooTab  - blocks loading of tabs on startup - it would be great if The Great Suspender would do this (Firefox do this by default).
I use uBlock Origin and HTTPS Everywhere, but that's just baseline.
Each time you open a new tab you see a nice picture.
After installing this, you can adjust the playback speed by 0.1 increments on any HTML5 video element. Works great for lectures and talks. I often watch some videos at 1.5x, 2x, and sometimes even 3x for exceptionally slow speakers.
http://www.gettoby.com/ - for saving bookmarks easily.
http://www.unwander.com - for saving places from Trip Advisor, Yelp etc directly to a Trello type board.
Tab Snooze: Close unnecessary tabs and make them magically reappear when you need them.
Trying out Falcon, keeping the exclusion list updated has been slighty more work than originally estimated.
Proxy Switcher, to access some sites though an SSH proxy automatically
A little buggy, but saves a lot of time while developing a new site.
Something like Tree Style Tab but TO shows a single tree for your entire browsing session instead of just the current window. Its cloud backup allows me to sync my tree hierarchy across my devices.
"Click to remove element" - Remove any html element.
"Fix fixed" - remove sticky headers
And various adblockers I guess.
note: I'm the proud developer of BriefTube.
Allows my monkey brain to actually get some code written when I'm connected to the chasm of infinite distraction that is the internet.
Full disclosure: I wrote it, but it is open source and totally free.
Its Pretty good. Especially on youtube.
Another is one I wrote and use to read articles without seeing paywalls. It got pulled off the chrome web store as it started to pick up users, but you can still install and run it in developer mode: https://github.com/cezary/bypass
Lightshot: to capture some part of the page as png
Google Transalte: to understand others
Adblock Pro: to block ads cruelly
adblock for youtube
the great suspender
- YouTube Ratings Preview
- Remove Google Redirection
- TrackMeNot (sends random queries to search engines)
- HTTP Headers
- Vanilla Cookie Manager
- Project Naphta (on the fly OCR for images)
(currently, extension seems to work only for videos accompanied with english subtitles)
It seems very broken that IT specifically should be bound to a physical place. Are there any plans to innovate in this regard or any research YC is doing?
My choke point has always been finding another technical-minded parter that gets the industry. Every time I've seen the YC application season roll around, I've thought it'd be a perfect fit for applying to YC, with the connections and clout that come with it. What's stopped me, even at my half-assed pace, was the chance of the huge ego/momentum hit of getting rejected, considering it's still a labor of love (although profitable).
I have a handful of customers that are already paying monthly for "The Vision Lite" at discounted prices: just enough for me to continue development. But larger competitors are sure to move more aggressively into the area over the next year or so, before my current trajectory can deliver on the "this is Star Trek-level shit" experience I've got planned. I'm sure I can grow my customer base at a moderate rate, but I'm not sure I can keep up once the field gets serious against better-funded competitors.
Where do you think the tipping point is between the Basecamp-style "Just get profitable, stay profitable, and move forward" model vs. "Take VC money and turn a two-year schedule into a six months, and get entrenched while you can?" (Fred Brooks notwithstanding)
Has YC ever considered a class of only single founders and trying to solve the problems YC anticipates with single founder startups (i.e. emotional support, etc...)
It seems to me that the demand is there, and the potential for single founders to succeed is certainly possible... why not experiment putting together a track that "fills in the blanks" for singe founders much the way YC does with legal and accounting for startups to get started.
Edit: I recognize the signaling issue of not being able to convince a cofounder to join, etc... but sometimes signals are just noise.
I get that SV is a great place to start a startup, all things being equal. But there are a lot of great opportunities that are 8-12 time zones away. And leaving your customers alone for 3 months -- especially if you are trying to grow rapidly during those 3 months -- sounds very risky. Additionally, the money spent living in SV for three months could otherwise be spent on working capital; this is extra true in developing markets where costs are lower.
In the absence of a formal policy change re: moving to SV for 3 months, would you be willing to extend a bit more leeway for founders who really want to get their companies into YC but don't want to spend too much time away from the customers they're trying to please?
As a middle-aged developer, I've seen a lot in my lifetime, but I believe that right now, even though in some ways I'm much more hopeful for the future than I've ever been, I feel like there are many huge time-bombs out there in the world that make focusing on a startup just to have a chance to become financially successful a petty and, for some, a possibly futile ordeal.
For example: political divisiveness/change/chaos, scary world leaders and potential world leaders discussing/threatening/testing nuclear weapons, wars for and against religions involving terror, causing mass death, spawning racism and restricted freedoms, other random shootings/acts of violence, discord and violence between people that are racially targeted and those who want to serve the public to protect people regardless of their race, terrible diseases/epidemics some without cures or growing resistance to cures that we've long depended on, weather related natural disasters, economic troubles, etc. The list goes on and on.
Given the climate of the world today and all of our problems, what things do you want to see- not just in the startups that you and/or YC as a whole want to help, but across the board? And what do you say to those that think that just don't feel safe enough to invest the time, money, and effort on a startup which has a greater chance of failure than success when they could just be working a stable job to try to save enough to survive what is ahead?
Here are my questions:
1. Do you think people need to get a PhD degree to become useful research scientist in AI industry?
2. Do you think people need to get a PhD degree to become Member of Technical Staff (Machine Learning) in Open AI?
If not, what would you need to see from an application with no product to be accepted into YC?
If so, what was about that application that made you believe in them so much?
It's known YC prefers teams. Do you have a preferred shape or size for the team (2 tech, 1 marketing, or 1 tech, 1 web, 1 marketing and business etc); is any combination shown to be more likely to succeed within YC?
How do you view teams too heavy on tech? It's common for a group of tech people to have the idea, but as a team have some gaps on say the marketing side, and probably other areas.
A startup I was involved in, years ago, lacked much depth in sales and marketing. Filling that gap was a nightmare. Candidates would happily talk out of their hat, claim allsorts they didn't have, and those we trialled failed hard then invent no end of "reasons" why it's working perfectly. Suddenly recruiting programmers was easy!
Even people we've known in this area suffered from at least some of these habits, sometimes meaning it's a case of "nice guy, don't trust him as co founder". Made it hard to resolve, so the least worst techie got stuck with site copy etc.
No surprise, I've learnt much more about online marketing since those days. :)
How would an Indian startup trying to build a global product primarily for the U.S / Europe market fit into the scheme of things?
Do you think the start-up structure of running a business could increase or decrease income inequality (and what do you consider beneficial?)
Does it make sense to keep applying to YC, given our size now? From what I understand, we got rejected every time because our equity split is around 80-20, which makes us more like a single-founder company. We would have liked to be part of YC but if YC strongly prefers not to consider single-founder companies then we would save time and not apply.
What should I know about applying based on that?
Also, for the competitors question, should I put a list of 15-20 names I made, or choose the top 3 or so?
Finally: I may be able to launch within the next few days. Should I try to launch and wait to apply until I have launch data, or should I apply now? (The nature of the startup is consumer facing and I think I can gain some traction within the first week.)
I would wager that if you take a look at an accurate distribution of markets according to potential you would find a magnitude more small/average markets (that are untapped) than billion dollars ones. And similarly, I suspect that the success rate for those "boring" ventures is much higher than the exciting shiny rising stars.
Question: Why not optimize for companies that are certainly not going to become Airbnbs but will capture the full value of an averagely sized market (say between 50 and 300 millions)? And if my guess is correct and they end-up eating a lot less resources than the soon-to-be-unicorns, you could even optimise for volume.
Is the pay-off (wrt. to the energy spent and success rate) for unicorns really worth it?
Some friends and I were throwing around ideas on how to eliminate scalping, a practice we get bitten by. We came up with some solutions that might work, but they don't provide any financial gain for event organisers so I couldn't see them going for it.
Any ideas how your 'YC cities' thing is going to look?
Twitter seems to be the example du jou, but there are many.
Do you feel the YC partners are mainly bullish or bearish irt cryptocurrencies?
If not then how quickly can the [unrelated] problem below be solved, algorithmically
Unrelated Problem: Given a set of numbers of length n, find a single rule that can map each item x to the corresponding item x+1
are the odds stacked against us if we have 5 founders? (EE, ME, EE, SW, Sales/Business)
Also does a startup that can help reduce carbon emissions/move from something that generates lots of emission classify under the energy section of request for startup?
Is there a place for me in YCombinator?
(p.s. I have several other follow up questions I'd love to ask if you entertain me with a response)
2. In the competition of web vs mobile? What would be their state after 10 years?Will there be more native mobile apps or websites?
Is working at a start up a viable path for college graduates or is it recommended starting at a more established company?
Do you see Silicon Valley maintaining its dominance as a tech capital in future decades or will there be better entrepreneur ecosystems?
Which industries are ripe for entrepreneurship? Like the automobile industry at the moment has innovations of self-driving and electric energy source.
I understand you have limited resources and that YC's core is focused on fast growing companies, but some early-stage ideas/prototypes need a little help before becoming something YC would accept (and, it looks to me, the bar is higher every year).
The MOOC fills one part of the gap, but, will it enable promising students to get some sort of funding?
My cofounder and I don't live in the same country so we're each recording half the video separately and then editing the pieces together. Does this affect us negatively in any way?
For how many companies per batch, YC is a second accelerator?How many companies have raised Seed round?
Quick question 1: Is there a "Delaware C Corp" equivalent for the incorporation process/legal structures of nonprofits by state, or does it not matter?
Real question: Is there something to be said about founders waiting until they have users and initial growth to then use the YC opportunity to transition towards growing their company? In other words, if a startup is only getting one shot to go through YC, generally is finding initial product-market fit harder, or is growing the company?
Granted, the latter can't happen without the former happening first. But it would seem that for some founders that have genuine insights into real big problems, it would suck to waste the opportuniy of YC just "checking the boxes" of building their MVP, which they could know how to do already from PG's essays/YC's blog/Startup Class -- whereas they could be getting genuine advice on problems unique to their specific domain problem if they just waited and applied later.
How behind am I, assuming my primary goal is maximizing positive impact on the world?
Do you prefer that companies have their own technology or is it okay that a company utilizes existing platforms in the beginning?
My team consist of CS and ME/EE.
It's PokeBin.com if you wanted more information.
Put in another way, would there ever be a case where you'd recommend a bootstrapped company not take investment (assuming the terms were good) in the bay area?
EDIT: Particularly if there is potential synergy with a business component as well?
Do you have any particular industries in mind to invest in? where do you see the most potential?
What sort of advice does YC offer founders when it comes to hiring early employees?
i.e. might have no interest in presenting at demo day or pursue any further fundraising, but instead look for profitability and self-investment as the path to growth.
1. What's the possibility of YC companies doing biz dev with LargeCorp during the 3 month bootcamp? Is this something that YC can help with due to it's large network etc.
For emerging industries like our's in the virtual reality space, there is so much money driving the industry into gaming and the desires of the bigger players like Facebook and Oculus. Is it more valuable to align with these bigger players and play along with their game, or disrupt the industry but risk being outcasted?
Thanks!Stan SedberryVidi VR
This question is unrelated to YC. How often do you go with your gut in decision making, and how well does it turn out?
Do you agree with this? How do see these evolving?
For example becoming a self taught programmer? Quadrupling one's income? Doing all that while starting a new family? I feel like I'm becoming significantly more formidable. But the side project that pulled me into becoming a programmer, itself, is still lacking clearly visible progress.
I have the idea, a v1 design, portion of the API, and incomplete web app prototype... all built by me. I lack the business plan in paper however have pretty cool ideas on how I can eventually generate income.
Is this enough to be considered? Have companies come to you with less while still being accepted?
When to put this on the Internet to show you guys and how much should I have.
Working on this in my spare time is very difficult to get to a point I'm happy with. Maybe I should quit my job?
Be good to be super clear on this...
P.S.: I'm talking about a case where only the subsidiary has applied for YC and that subsidiary is making a different product than what the parent company is making.
1. Would YC consider a media/publishing company that is not really a tech startup short of leveraging tech to reach a broader audience. (it's more like investigative journalism to arm buyers with info. needed to negotiate better deals.)
2. The info. in these reports can capture value by being sold right away, but giving the info. away for free is more in line with the mission of eliminating information asymmetry (by selling we are just replacing one inbalance, with another)...so is it better to capture initial value...or try to build trust to the point of people going straight to you to research purchases...and monetize later on or with add-ons (i.e. outsourced negotiation.) or eventually becoming the defacto source for consumer research (which is bound to be monetizable one way or another)?
Do you think it helps, as a founder and in life, to be optimistic rather than realistic?
Is it a good/bad idea to found a startup in a market that is no longer saturated but also has big players (such as social media?
Have you ever considered writing a startup book?
what's you opinion on product managers and when/do you think a startup should hire one?
I know you know a bunch of people who are concerned about technological stagnation and I was curious about your personal take on it.
source: long experience with co-founder teams
If you are a 1 person startup (and don't want to be a CEO), how would you decide on the CEO as and when that may be? (say you decide you want to be a CTO / COO)
The first is to get past H.R. gatekeepers to get you to an interviewer. This involved having the right years of experiences, keywords, school, gpa, etc...
The second is to have interesting things to talk about with an interviewer. Putting your school project on your resume won't heart the 1st one. But if it's and interesting project and you would look good talking about it. Then heck yeah put it on your resume.
After 4 years though if it's not a really awesome project you might want to remove it. It could be perceived like you haven't accomplished anything noteworthy recently.
Going further, it's worth doing a minimum amount of research for any position you want and to CV/resume tune for it.
Especially if it can be related to the job you are applying for.
I have Caps Lock mapped to Ctrl and I'm glad that MacOS provides this option out of the box, but Caps Lock as Esc is not an option for me. I hope there will be an out of the box way to map Escape to something sensible.I'd trade ~ for Esc anytime, as long as ~ and ` are accessible via the OLED strip.
It was constantly registering touches on the top row when I didn't want them. With a laptop, I commonly rest my hand on the keyboard and touch -- but don't depress -- keys.
Today it's only used in a desktop configuration with an external keyboard.
I'm not the only one who felt this way -- see, for example, this Ars review of the gen 3, which said of the gen 2 keyboard:
"...the keyboard shed its top row of function keys, replacing them with a software-controlled touchable strip, and used a peculiar arrangement for buttons including home, insert, backspace, and delete. The result wasn't better; it was awkward."
As time progressed, task switching and copy/paste were obvious shortcomings due to limitations with iOS, but the experience was mostly bearable but not awful.
Towards the end it became unbearable as the escape key was so engrossed with all things unix/linux that i gave up a month early.
If the escape key is actually vanishing, I am completely confused. macOS is a unix derivative and apple has a boatload of developers. Why would they want to alienate us?
Other than the coffee-shop crowd, how many of you would say you're exclusively a laptop-keyboard user? Not a dig, just wondering.
If Apple offered an iPad Pro, running OSX with USB ports (or a thunderbolt port usb hub) for a physical keyboard, I would switch over in a heartbeat.
I press escape OFTEN, but tildes rarely. For the most part its to get into consoles in games or other dev functions - I could see myself losing it and not being too sad.
PPS - Just 2 spots left now, if you'd like to take part.
All those concepts don't matter if you don't have where to apply them, and ifyou do have use for them, you'll learn them soon enough. It was quite visiblewith a nice paradigm of aspect-oriented programming dozen years ago(from imperative programming field); it looked like a good idea, but there wasnowhere to put that into use sensibly, and AOP eventually died.
Create a network with automatic IPv6 addresses and start the management access service (likely ssh) on the zt0 interface. then it "just works", regardless of NAT in between.
This is a completely userland solution however. You probably don't want to put real service traffic on it if you care about throughput. It's perfect for management however. (or just test it, maybe you can saturate your link anyway)
This works either by using the public servers for discovery, or you can set up your own dedicated endpoint(s). Either way, the traffic takes the direct route through the NATs, or within the local netowrk if possible.
Might be overkill if you just need to reach one particular service (e.g. HTTP(S)) though, in which case you could consider setting up a reverse proxy (e.g. using nginx) on a DMZ'd server?
I've never set up a VPN and I'm not too knowledgable about them. Should I set one up? I don't know. Toyed with the idea a few weeks ago up until I read this post on StackOverflow (http://serverfault.com/questions/653211/ssh-tunneling-is-fas...) - TLDR (VPNs are slow)
But it really depends on the use-case. HTTP from behind NAT - that's easy, just port-forward. If you're talking about SSH access, then you have a few more options that you might want to explore (port forward, or tunneling to an external host). If you're talking more than one host behind the NAT, then you have another set of possible solutions (reverse-proxy HTTP servers, SSH gateways, etc...).
Care to give us more information?
It had the advantage of being quite easy to setup for me as I'm quite used to setup VPNs and NAT forwarding rules (for having living in China, bypassing firewalls is almost an everyday routine exercise :)Also, it worked perfectly well and the performances were reasonable. I could access my server at home, in Beijing, behind a NAT, a dynamic IP and the country's firewall, from anywhere in the world. I was happy!
There are surely other (better?) ways to do it though, and the autossh/reverse tunnels option looks very interesting.
However, assuming this device/VM runs "unix", and to K.I.S.S., use reverse SSH tunnelling. Once an SSH tunnel is established on your side, you can do whatever you want... e.g. tunnel VNC through for GUI.
You can of course add more layers of security e.g. non-standard SSH port, dedicated VM/server for the SSH entry point, refresh SSH keys regularly etc.
Essentially you will add a directive to SSH config for the NAT host, and the host that you want to access. In the directive for the host to access, you will specify that you're proxying through the NAT host.
You can then leave out all of the port forwarding options when connecting to the target host, SSH will pick that up from the config file.
I built Wormhole Network https://wormhole.network with the idea of making remote access very easy and as secure as possible.
Disclosure: This is SaaS and I've built it.
Wormhole builds an overlay network where you can run any L3 protocol really. By default we provide DHCP for IPv4 within the 100.64.0.0/24 (yes, just a /24 by default as it suits most users, it can be customised or even disabled under request). We have chosen this address space to increase the chances of non-overlapping with your own networks.
The advantage of running an overlay network like Wormhole are:
- No need to open ports anywhere or do any inbound NAT or PAT. All traffic is outgoing. By default UDP, but the protocol would fall back to 443/TCP if needed.
- The above means it works pretty much anywhere with an Internet connection that lets you browse the web.
- Your devices' IP addresses inside Wormhole could be always the same, regardless of where they are. Think of migrating your servers to a new hosting? Keep the same IP. Do you team mates move frequently, work from home at times or even from their favourite coffee place? No problems, they'll keep the same IP address.
- Full access between devices inside the network. It works like a real LAN. No need to open ports to reach out to your development server nor leave any other services reachable from the internet. You could lock down all inbound access from Internet to your servers and still reach them through Wormhole.
- All traffic is encrypted. Note: We don't roll our own crypto. We rely on SoftEther's (see below).
- No need to configure a VPN with your cloud/hosting provider, provision VPN hardware nor anything like that.
- Multiplatorm Linux, Windows and macOS.
- It all runs on free, open source software: SoftEther https://www.softether.org so you can audit the software (and it's not ours, people are using it all over the world for VPN)
The architecture is based on central servers that route the traffic among the peers in your network, hence why full connectivity can be accomplished always with only outbound connections. It is important to choose in which server you want to create your connection, so the latency is as low as possible.
Learn more about us in our documentation section: https://wormhole.network/docs/
We currently have a few hundred users and are looking into making the product better by listening to your feedback. We have a free tier without time or traffic limits, available in three regions (US East, Netherlands and Singapore); it just has user limits. No credit card needed to use it.
I'll be extremely happy to receive criticism, suggestions and any other feedback in general here or directed to pedro /at/ wormhole.network
These machines have two graphics x16 PCIe slots wired as x16 and two more x16 wired as x8 powered by an 1100 watt power supply. New, a similar power supply would cost more than the what a whole system will go for including a Xeon CPU, some Ram and possibly a disk and perhaps a Windows license.
The downside is that the Precision 7xxx's are big and heavy and a bit power hungry and only come in Oakland Raiders black with silver.
The Precisions are also certified for various flavors of Linux when new, so there's unlikely to be any driver problems regarding their hardware. They're stupid easy to open up and in and around...a similar new case would also probably cost more than a complete used system. I've found them very reliable.
From there, it would just a be matter of how much money there is for GPU/graphics cards, more RAM, and SSD's and how it gets spread around based on the anticipated workload: a $50 SSD and a $50 GPU might be enough for fooling around and developing a toolchain. After that, it's just a matter of how far you can fall when sitting on your wallet.
I don't know anything about pre packaged solutions but maybe a gaming rig would be appropriate.
- Is it better to use a different passphrase on each key, or does using the same one not matter much? - How much less secure is it to not use a passphrase on a key? - Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
- Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
My favoured solution is to use a yubikey via gpg: with this method you use your gpg subkey as an ssh key.The yubikey 4 supports RSA 4096 bit keys, if you need NFC then the Yubikey Neo supports max RSA 2048 bit keys.
From that, we get:
- you're not sharing passphrases between keys, you're sharing them between devices, and whether that's safe depends how likely it is that a compromised passphrase on one device can be transferred by an attacker to another. - Similarly, whether a blank passphrase is a good idea or not depends on what other measures are protecting access to that private key. - If a private key ever turns up on the wrong machine, you *know* the key and both source and destination machines have been compromised.
I have setup a VPS, disabled passwords, and setup a key with a passphrase to gain access. At this point my greatest worry is losing this private key, as that means I can't access the server.
What is a reasonable way to backup my private key?
Encode it as something similar to a QR-code, print it, and store it in a hole in the wall? Copy it to an USB-stick and hide that somewhere safe?
Alternatively, I have access to more than one computer, so I could also authorize a couple of other keys to access the server. So I would transfer the public key to the authorized machine, and add them to the authorizedkeys from there?
How to deal with the possibility of death? Do I trust someone with my keys and passphrases?
Host myhost IdentityFile ~/.ssh/myhost
This is a question of layers. If you don't have a passphrase on your key, what stops someone from gaining access to it? Just your account password? If they steal your device, is there some form of storage encryption involved?
> - Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
I have different keys for different purposes per client device. This is mostly because sometimes I need to login to places that are ancient enough I need to use a weaker key than I would like to use in other places or vice-versa, there's places I can only login with ed25519 keys.
Though having different keys per purpose isn't necessary it allows me to keep certain identities separate. I have a different one for GitHub for example, mainly because GitHub exposes my public key and therefor allows for clever tricks like tying the key to an established identity should I use that key to authenticate in other places.
I would also recommend configuring SSH so that it doesn't send over any/all keys by default. Take a look at the IdentitiesOnly option in ssh_config.
Yep in an ideal world, though I suspect in practice it doesn't matter much.
- How much less secure is it to not use a passphrase on a key?
You are relying completely on the security of your disk, against either physical or cyber. Use a passphrase, use an agent to manage it.
- Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
Per client device. This is the device that can be compromised and cause invalidation to be required, so this is the one which should be seperate. For convenience you can maintain all your devices public keys concatenated together and hand them out like that - comment each with hostname and date created for ease of identification.
- Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
Up to a point. RSA in 8 bits is trivial. Go for a highish key length, different key types have different recommended lengths. Note some machines dont support higher lengths.
- How/Where should private keys be stored on a device using them?
Permissions should be set for only you to read with no writing. Even better if your home drive is encrypted as it is only vulnerable whilst you are logged in.
- What are some of the pros and cons from a security standpoint, and how may doing different things affect the usability of a key?
If you hop machines a lot key per client can be problematic. In this case a portable secure drive is useful. Of course one leak can be fatal here.
Try not to fall back on passwords, they have nothing like the same security.
Most usability issues are caused by the people running the servers not reacting in a timely fashion to key updates.
- Is it better to use a different passphrase on each key, or does using the same one not matter much?
If they are being used on different device then different passphrases makes sense otherwise no.
10? Not sure you can really quantify an answer. I'd recommend a passphrase if you aren't already using disk encryption with that it's probably less of a concern however with agents there's not much issue with not having one.
Use a different key per client device but you don't need a different key for logging into different servers unless you care about people correlating those users.
Use more than 2048bit for RSA/DSA beyond that it doesn't matter.
~/.ssh on some local filesystem.
It is better to use a different passphrase for each key but it is also less convenient unless you're using a password manager (personally, I'm using KeePass)
> - How much less secure is it to not use a passphrase on a key?
That depends on the security of the computer where the keys are. I remember a Firefox vulnerability where one site exploiting it was looking for ssh keys on the local file system. So I'd say that a passphrase is very important.
Personally I'm using a key per account per host.
> - Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
Yes up until 2048 where the returns of increasing the amount of bits will start diminishing.
It's better to think about specific attack scenarios. If your keys get exfiltrated because of some local exploit (like a browser vulnerability, a malware download or physical access) then the attacker has access to your servers.
1) Disable passwords and only allow keys even for root with PermitRootLogin without-password
2) public-key authentication has somewhat unexpected side effect of preventing MITM per this security consulting firm http://www.gremwell.com/ssh-mitm-public-key-authentication
Regarding key types:
- DSA keys (ssh-dss) suffer from several issues (fewer bits, bad RNGs in Debian, other issues), and modern versions of OpenSSH deprecate it.
- RSA is pretty standard, and generally speaking is fairly secure for key lengths >=2048. RSA-2048 is the default for ssh-keygen, and is compatible with just about everything.
- ECDSA is largely considered compromised because the constants NIST chose for the cryptosystem weren't well documented how they got them, and the assumption is that the NSA chose them to provide a "backdoor" (so it would provide the same security for a general attacker, but significantly easier for them). This was confirmed as being theoretically possible, and there is of course concern that the NSA could potentially leak those constants, instantly breaking the security of this cryptosystem.
- ED25519 is more or less the same as ECDSA, but was put together by DJB. The big advantage here is speed. EC crypto is much faster to sign, slightly slower to verify, and equivalent security can be achieved with fewer key bits.
- Notes for the future: both RSA and ED25519 become insecure against quantum computing (integer factorization and discrete log are both in BQP).
Generally, use RSA if you work with older servers that only support it, or ED25519 if you like shiny things. Otherwise it's a bit of a tossup.
Regarding using separate keys:
- I follow the philosophy that a private key should never leave the host it was generated on. If you aren't sharing keys between machines, you remove the risk that you'll accidentally share it publicly.
- Beyond that, I'd recommend at a minimum having separate work/personal keys. Keeping separate keys for each user/host you want to log into is a tad excessive, but can be useful for key revocation/rotation.
Regarding passphrases on keys:
- Yes. FDE is sometimes trivial to bypass, and you want to be protected in case someone sets your ~/.ssh folder to be synced to dropbox/samba/etc. You can use an agent to keep the decrypted keys in memory, but I'd avoid using agent forwarding.
Regarding bastion hosts:
- You didn't ask about this, but it is essential for a "best practice" setup.
- Bastion hosts are small VPS hosts that basically run sshd and have a static IP. You disallow any ssh traffic except from your bastion hosts to your servers.
- You'll want to have at least 2 bastion hosts with different hosting services, in case one isn't available.
- Run sshd on your bastion host on a port other than 22. Not for security, but for reducing log volume.
- Run fail2ban on your bastion host, even if you've disabled password authn. Again, not for security, but for reducing log volume.
- Set up fail2ban to alert when a new IP successfully logs in.
- SSH can use certificates for authentication, and this can make the key distribution problem much easier to solve. I have a script that makes this easier.
- Push for everyone in your organization to use SSH keys, and only SSH keys.
- Defense in depth. All it takes is skipping one step and you expose yourself. Assume that something that was exposed has been compromised. An attacker only needs to succeed once.
tl;dr - the defaults are fine and password protect your keys.
Two questions came up, how many iterations to use via "-a ", and should I add the private key to my home folder repo in version control? I don't want to lose it in a disk crash, but don't want to give it to bithub either.
Using a passphrase is highly recommended except for server-to-server accounts, which should be locked down (and specify the specific command that server can execute in the authorized_keys file - Userify supports this).
You should definitely use a different passphrase for keys stored on separate computers, and it's not a bad idea to use a different passphrase for separate keys stored on the same computer, especially if they have different servers they can access. However, practically speaking, if your computer was compromised (ie keylogger etc) then it's game over anyway.
> Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
Yes, it does make a difference, depending on what you mean by "real-world". Anyone less than a state-level actor will probably be unable to cost-effectively attack even a 1024 bit key, but that won't be true for long. We suggest 2048 bit keys if you are using RSA, with 4096 if you prefer extra security and don't mind slight latency during a connection, or ED25519 for keys on systems that support it. Generally the defaults are pretty good. We have a HOWTO for different OS's here: https://userify.com/docs/generating-ssh-keys-on-ec2/
> How much less secure is it to not use a passphrase on a key?
From the server's perspective, it's EXACTLY the same, but from the client (your laptop's) side, it's completely different. While it's possible that your laptop could still contain your decrypted key in its key manager's RAM or suspended state (ie unencrypted swap file etc), the use of a passphrase even on (actually, ESPECIALLY on) a non-full-disk encrypted system will raise the level of effort to access your key to near-impossibility levels, especially from non-state actors, whereas a key that has NO passphrase is a piece of cake. Use a passphrase EVEN WITH full disk encryption (for example, the evil maid attack)
> Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
If you're using a different key and storing them on different computers, you should probably use a different passphrase on each key. The passphrase (or even if one exists) is not visible to remote servers (or Userify - we provide a free-text field that becomes your authorized_keys on remote servers.)
You don't need to use a different key per user account, although you can. You also should not use a different key per server.. that will turn into a management nightmare. It's perfectly ok to use one key everywhere, but you should probably use a different key on your laptop and desktop, or if the keys have different levels of access (Userify can automate that for you too).
> How/Where should private keys be stored on a device using them?
Ideally on a device using full-disk encryption, including swap and laptop suspend space, to prevent access to a decrypted key in RAM (you are using a passphrase, right?). However, FDE does not protect you from other compromises on your system (i.e., another user that gains escalation to root and installs a key logger), and does not protect against a compromise of your BIOS (i.e., Intel UEFI) or boot process (evil maid attack again).
> What are some of the pros and cons from a security standpoint, and how may doing different things affect the usability of a key?
Keys are safer than certificates because there are less moving parts and no outside requirements for your internal CA or dependency on a CA that might go down. Keys can be a management nightmare at scale, but there is software to manage them (ie Userify, ManageEngine, BeyondTrust, ssh universal key manager, keybox (free/open source), etc). If you are doing a small project with few team members, you can also do management with Chef, Puppet, etc, or just by hand.
In terms of usability, a real key solution that manages keys across entire groups of servers with a few clicks can be really helpful... you can do all of the regular SSH things like tunneling (replace stun/sslwrap, etc), proxying all of your other traffic (SOCKS5), keep SSH connection alive (autossh etc), smart ban based on failed attempts (fail2ban, deny hosts), forward encrypted X11 or VNC connections, forward SSH itself (tunnel SSH within itself), and so much more.
We're going to start blogging about all the awesome things you can do with SSH soon, since it's really an amazing and deep protocol.
1. Userify https://userify.com Free cloud and on-premises versions available; full disclosure: I work there
2. ManageEngine: https://www.manageengine.com/
3. BeyondTrust: https://www.beyondtrust.com/
4. SSH Universal Key Manager: http://www.ssh.com/ (no TLS?)
5. Keybox http://sshkeybox.com/
Passphrase is strongly advised
Is it better to use a different passphrase on each key, or does using the same one not matter much?
How much less secure is it to not use a passphrase on a key?
If you expect to be moving your SSH keys across machines (e.g. to use your same personal key on both your laptop and your desktop), then they should absolutely be passphrase-protected, even if they're only transferred via encrypted media.
Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
Meanwhile, for situations where a server needs to connect to another machine via SSH, each such server gets its own key. That way, if a server is compromised or decommissioned, I can revoke access by key.
Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
How/Where should private keys be stored on a device using them?
A reasonable balance between security and practicality is for any portable media (including portable devices, like laptops/tablets/phones) to be encrypted (in addition to the key itself being passphrase-protected). Better security would be to extend this to non-portable media and machines as well (but this is painful to enforce on servers unless you have physical access).
The directory in which keys are stored should only be accessible to the OS user actually using those keys (so, for example, `~/.ssh` should have permissions `drwx------` when viewing with `ls -la`).
Basically, server SSH keys should be treated like you'd treat your SSL/TLS keys.
What are some of the pros and cons from a security standpoint
and how may doing different things affect the usability of a key?
Upgrade your SSH keys!https://blog.g3rt.nl/upgrade-your-ssh-keys.html?_utm_source=...
You may find that books are under rated. With all of the free resources available I find that I often underestimate the value of someone having spent several hundred hours preparing material specific to a subject that I want to learn more about.
If, at the end of all this, you don't have a clearer idea about how to help these people to happily give you their time / money / eyeballs, then maybe just leave it be and enjoy $30 worth of beer each month or something.
In terms of getting more $, affiliate income makes lots of money. In the old days when we used to run sites with adsense and affiliates, the affiliate income accounted for about 70% of the revenue. If you had a good place on your site for it, I'd start by looking in to the amazon associates program. FYI. The amazon affiliate pays out from 4% - 10% of the sale of the product.
We haven't monetized hackernoon.com at all and have instead focused on good content and we are now well into the millions of monthly uniques. Its not worth the time to monitize 3k visitors
The reason I'm not sharing the url is because the code is somewhat outdated and may be insecure. In my spare time I'm working on a new version which matches some of the recent security 'standards'. The website started as a project just for learning how to develop a basic website with interaction between users. So about seven years ago I tried becoming new instance of \Zuckerberg. I started chatting the website all over de chat-places. I added a twitter account, following (by hand :)) all those singles and lonely people out there hoping they follow back. Greeting them every day and helping other twitter addicts keeping their following list clean with new tools also presented within a backoffice on the same website.
My situation only allows me to work just a couple of hours a week on a side project. The reason I'm looking for some new ideas to monetize the project a bit more is because I want to buy a new house, like within a year or so. Just need a 100K in euros additionally to buy a nice place to give my son the full experience of life as much as possible in the way me and my wife dream about it. I can't just switch jobs, because the company I work for did alot for me. And I am a very loyal person when it comes to people/businesses helping me out with stuff.
Now, for the chat service, its more like a lonely-chat-service. About 100 visitors a day, saying "Hi, is there anyone around here?" or something like that. Then, the silence is killing them at which point they probably start clicking those ads :) So as I removed the usefull stuff from the website, people started clicking more on ads, to just get away.
When I read the feedback, I think I should just add some sort of feedback button or create a popup with a textarea in which they can add their dream they expected to get in by entering the website. And then start building them those dreams, for just a penny a day.
How specialized are you, maybe if you're incredibly specialized and have the right crowd, you can start having premium accounts, in exchange for special features.
3k is pretty low, for a chat service (in general, maybe for extremely specialized services it isn't).
If possible, try to expand your userbase, advertising? Social sharing? Affiliate programs?
The possibilities are endless and you live and die by the specifics of your niche.
Decide if you want to aim for massive, or niche, ads, premium features, freemium?
If you want more specifics, I think you need to be more specific in your question, but then I'll gladly expand.
You probably won't fix that in this thread if you don't share the URL or even enough information about your chat site for people to give educated feedback.
What kind of users are they? Do they chat about everything or is there a theme or geographical niche? What kinds of ads are displaying through adsense? How long did it take you to get to 3k users? Do you feel like it will be hard to get more? Why did you throw up adsense at such low traffic?
Whatever you do I'd try to listen to your users and see exactly what they want. 3,000 users really isn't very many and it would be really easy for them to disappear. Talk to your users, find out why they're using your site/service, keep that in mind when building out your feature set.
Edit: Keep in mind, building out the service and keeping it free is also an option, especially if you enjoy working on and running the site. If you listen to your users and keep improving the product, it's very possible to turn 3K monthly users into 300K. I run an API that has a front end site which gets around 175K monthly hits and brings in about $1300+ (CAD) a month from the ads. The site costs peanuts to run so I'm happy to serve the 35 million API calls for free and fund the project 100% via adsense. It just depends on how far you'd like to scale it and what your users are like.
This advice is coming from someone who has a site doing roughly $5k month from AdSense via 275k+ visitors / 1.3M+ pageviews and it makes up about 30% of the site's revenue. Rest is from paid plans & affiliate marketing.
As others have pointed out, without knowing more about your site it's difficult to answer. But some suggestions. Try selling add-ons such as premium emojis or avatars. Look towards a premium account with added features as well.
Partner with them on making this more profitable.
Also you can ask for Bitcoin / Litecoin donations depending on how technical your visitors are. I know you want normal currency, but you can convert BTC using Coinbase and other exchanges
Firefox appears to be a bit better by letting you set a master password that's used to encrypt passwords, although without digging into the behavior I can't say exactly how much that helps.
: https://news.ycombinator.com/item?id=6166731: http://kb.mozillazine.org/Master_password
You can read more about that 1pass vuln here: https://news.ycombinator.com/item?id=11212002
Most browsers store their passwords in plain-text, this means there's applications that can fetch all your stored passwords from all browsers and send them to an undisclosed location in seconds given user level privileges on the machine.
By upgrading to lastpass you have reduced that attack surface by using a secure passphrase and encrypted data-store but you have increased your attack surface to anything accessing lastpass servers and application bugs.
With all these attack vectors one might think that it's better to just not save passwords and just remember them, while this is true in theory in practice it's impossible to remember a sufficiently unique password for each website you are registered to which leads to password reuse which is another much greater attack vector where your leaked passwords from one site can be reused on other sites.
In general I would advice you to use a password manager that generates and encrypts passwords (Lastpass is one of them), use a secure passphrase and don't reuse passwords. Password reuse will likely make you less secure than writing your passwords on a post-it by your computer (don't do that either)
I would also consider looking into using proper 2-factor authentication for sensitive login (document storage, email, password manager) but I don't want to bore people with the details there so I'll defer you to do some independent research
* Store passwords encrypted (Lastpass is fine)
* Don't reuse passwords on different sites
Granted, if you use full-disk encryption, this concern is much less serious.
By contrast I know from personal experience you can earn the same or better than what's listed here outside of London and enjoy the lower cost of living.
Freelance Flash animation / dev for big digital agencies and ad companies (5 years ago) - 250 p/h, with 3 years experience.
Tech Lead - Digital Agency in Shoreditch (1.5 years ago) doing Node / Ember / Angular / DevOps - 45k, however I chose a lower salary for more leave and flexible working hours.
Now I work in Berlin in a dev role doing Node / React / Redux. 57k. My living expenses are 1/2 what they were in London, and I live in a central Berlin 1 bedroom apartment rather than shared housing.
Really need to move towards the midlands (Bristol, Birmingham, Leicester, Staffordshire - cheaper rent, cheaper water, higher pay)
I've been a Dev for 7+ years.
Currently doing my own startup and cyber-security consulting for 750-900/day.
17 years experience, initially as a general web developer, then front end, now more back end. Currently Ruby on Rails but I can turn my hand to almost anything.
Not a manager, not a senior developer, not a tech lead. No desire to be.
I work quite short hours (9.30-5) and that's what's most important to me.
Web Developer in London for a dating company - 75000 pa (with bonuses it's around 110000 pa)
Current gig 475pd, to be honest I had better leads but the client offered the same day of interview and I started the following day.
I have 6 years experience and no degree.
Guy next to me does the same job for 53k.
Edit: media type of industry. Work normal hours, usually 9-5:30.
No degree. Around 10 years experience in Network Security.
- Permanent position
- Cloud stuff
- 66k plus bonus et al which pumps it up to around 88k
I have a PhD (4 years programming), and ~4 years professional experience as well.
Previous roles:Fresh Graduate: "Developer" 28k + 3k bonus.Fresh PhD Graduate: "Senior Developer" 40k.
Experience: 20 years as a dev.Skills: full stack dev .net, angular, iOS etc.
Edit: long term so no "off" days & 150k ish per year depending how many holidays I take.
Small Investment Bank - 61k + ~30% Bonus (3-5years experience) Java / Angular - Back Office Developer - Permanent
Small Hedge Fund - 65k + 50%+ Bonus (expected/promised) - .Net / WPF (5years experience although not in .Net) - Permanent
Digital marketing, education sector, 4 years experience: 39k + healthcare
Startup salaries topped out at 80k (ignoring non-liquid stock) so went contracting. You need the stomach for it, but it pays a lot better for similar work.
I've been longing to go contracting in the last few months, but judging by the sentiment on this thread, it doesn't look like it's a wise choice.
One of the big tech companies
70k Base20k Bonus+ ~20k / year stock vesting
10 years C++, specialised in low latency
Base 67kBonus anywhere between 15 to 50%
77k basic 10k bonus plus stocks
28k in London, full stack dev with 2 years experience... react + redux, node, express, elasticsearch, rabbitmq, postgres, mongo etc.
Front office large investment bank. Java. Perm. 15 years in banking, 20 years in programming
110k - no significant bonus.
That's where I would start.
That being said. What's actually kind of good (with actual technical specifications) is Bitcoin wiki, even when it's slightly outdated; then official bitcoin website; and sometimes bitcoin stack exchange website (but that can become outdated too).
I don't think Blockchain can be disconnected from Bitcoin, and if you do, it's very general and not that specific.
And if you want a compiled list of resources for learning:https://drive.google.com/file/d/0B6CKmAqa1_nzRGVicnlHY1BaaUk...
Someone tells a joke based on a prompt. This would be your Genesis block. Then everyone else competes to tell the funniest joke based on only that and the new prompts from the audience.
Repeat until you have an ongoing, hilarious comedy routine that cannot be edited after the fact without being found out because that would ruin the whole routine. It just wouldn't be as funny.
Inserting metadata into the blockchain.https://medium.com/@bkawk/inserting-metadata-into-the-blockc...
Andreas M. Antonopoulos: "Consensus Algorithms, Blockchain Technology and Bitcoin" [UCL]https://www.youtube.com/watch?v=sE7998qfjgk
I work in the field and the most difficult thing is to separate the noise from the signal. On talks with financial institutions and the government, they say they want to use the blockchain but when you ask about how many nodes they are planning to run they came up with one, or doesn't understand the question. Also, there are a lot of use cases that are not realistic because they depend on oracles or there is no way to enforce the smart contract in the real world.
2) Longest lecture Nick Szabo, inventor of blockchains, ever gave was in the money museum in Zurich: https://www.youtube.com/watch?v=tWuN2R2DC6c
3) Study the original source code (bitcoin version 0.0.1).
The intro to bitcoin concepts is great place to learn about blockchain.
You'll need (at present) about 80 GB of disk space to hold the blockchain. The full node client will download it for you or you can torrent a recent snapshot of the blockchain and then synchronise from there (quicker).
The software you can obtain from here:
Or you can use git to pull the source code from GitHub and compile it yourself. I've done both, and found the developers on GitHub friendly and responsive to pull requests, even helpful to a newbie submitting a first pull request.
Beware that running a full node will try to eat all your upstream bandwidth. It takes a few days for the Bitcoin network to notice the existence of your new full node, but the number of connections will grow (others asking you for pieces of the blockchain, as well as transaction verifications). You can learn a lot about the Bitcoin ecology this way.
Bear in mind that the word "blockchain" is an evolving word; almost every definition I've read differs. Some see it as barely different than a distributed database that doesn't allow deletions. Many others see it as paradigm shifting.
I have a blockchain/bitcoin tutoring service at www.blockchaintutoring.com. I did a Show HN but didn't get a single comment :(
I'm a programmer myself, but my target market is not the typical HN user. I'm looking to teach more business types and people in the law profession, for example. I'm preparing a small course plan to help people get from 0 to knowledgeable. The course will certainly be a bit technical, but I would not cover for example the pros and cons of the blocksize debate unless someone asks for that information.
I invite you to contact me, either through my website's contact form or the email address there provided. We can chat, and then if you ever choose to use the service, it's going to be at a discount for HN users. Your questions will definitely help me tailor my offering.
Although this paper does not directly address the blockchain, I believe it and the thesis below are at the root of the concept. (If you want to go down the rabbit hole, check out the references page of the above paper). Fair warning, the above paper is from 1999/2000 so obviously much has changed, but still worth reading.
Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control by Mark Samuel Miller:
^ Following along with this helped me a lot. Bitcoin is a rather large onion, but, as others are saying, implementing parts of it is the only way to go.
For organizations that are closely aligned with humanitarian causes (e.g. health projects in the developing world), I've noticed a much higher gap, presumably because these organizations are able to attract talent that's more passionate about the cause/willing to accept lower compensation.
None of which is to say that a particular individual might not wish to take a position with a particular non-profit that pays less than market rate for a variety of reasons. Only that non-profits often pay full market rate for development [in the context of donors] and fund-raising and administrative staff as well as for services and goods from outside organizations.
What's important is that you feel fairly compensated, and that you don't have to fight for that too hard, so that your income continues to grow.
edit: but other non-profits will typically pay much lower.
I see several advantage and disadvantages both of our startups have.
first they might be pressured to focus on profitablity since they are funded, I don't.
they have side projects, offering courses on growth, and doing case studies, which I think are being purposed to be potential loss leaders to drive the main business. however the confusing part to me is that they are already monetizing for these side projects, which leads me to conclude that perhaps their investors are getting impatient and are pressuring them for returns already? which means that they are vulnerable to anyone that can offer the same product for free can starve them to death with a runway siege. and it will be hard for them to raise additional funding because if current investors aren't seeing good returns, how will additional investors buy in?
they are also doing a lot of inbound marketing, not yet outbound, means they have no sales team yet, first mover advantage to reach all the potential customers in the market is not yet capitalized.
plus there is always room in other markets on the globe, and I do have the language capability and freedom, and if I were to launch to a market like china for example
They have SDK for android, ios, and maintain libraries in js and python, where I am only doing python and utilizing react(native). Which means I will have smaller potential clientele, but it also means I can iterate much faster.
I do believe both of our startups have numerous similar and different challenges to overcome. I do have a couple ideas on how I could execute better to one day lead the market, if not then at least forever be a barrier to them in their journey to capture the total addressable market. Hey, nothing to lose for me right.
Look at different angles than they have :) . For starters, you're not competing on keywords ! :)
Now is where the real work begins. Continue to improve your product or service and you will prevail.
Just get on with building your thing. This mostly doesn't matter.
Your account is on a plan from prices that we set back in February 2015. Back then, we were 5 people in a San Francisco coworking space trying to figure out if what we were building was going to be useful to anyone other than our early adopters. Over the past year and a half, we've learned a ton about just how valuable Rollbar can be, how it fits into the modern software development lifecycle, and where it can go. Tangibly, we have: * Grown our full-time staff over 3x, from 5 people to 17 * Hired dedicated support staff * Released and improved countless features, including SSO, 2-factor auth, and tons of integrations ... and we're extremely excited to keep working on our missionto help developers build and maintain software, quickly and painlesslyfor many years to come. To have the resources to do that, we need to adjust our prices to better reflect the value that Rollbar can provide, and we hope that you'll stick with us on this journey.
Offer a full month trial to your existing userbase, and 1 week trial to new users. The Rollbar email is a great example on how transparency can go a long way. Consider offering different pricing plans with different set of features. Power users are more likely to pay more, and casual users can continue using limited features at a smaller price.
Also, as much as I agree with traskjd comment, I don't think it holds true to Brazil. You probably know what I'm talking about. I'm afraid the strategy here must be "price as cheap as you can", unless you are dealing with a very special audience (or with enterprises).
I'm happy to know how this turns out. Consider sharing a blog post with your experience :) Good luck / boa sorte.
I wouldn't expect any medical office to balk at $9/mo . . . if anything you should raise the price, that seems too inexpensive. I'd do three plans $49, $99 and $199 depending on features/levels you can offer or maybe per doctor/staff/patient depending on your app.
Do you have Hipaa style privacy laws regarding electronic medical records in Brazil? That usually commands a premium here so same app for non-medical $99/mo for medical $199/mo.
I think you're pricing too low, if it provides value speech therapists are going to expect to pay for it.
Good luck, let us know how it goes.
I'd also suggest charging more than $9 a month. I appreciate there's a currency difference between the US & Brazil, however that's really not a lot of money. Consider the human support side alone. One question from each customer would likely take months to recover the cost of (and that's after you paid to acquire them, and provide the service).
Just my 2c, but hope it helps!
It is too broad and so there is no one deciding factor. You don't even have a clear definition of success. Is http://lawcomic.net/ successful? It has a loyal following, but it doesn't update that much, or earn much money for its creator.
If you're selling something, make it something that people want at the right price and make it easy for them to buy.
If you're selling advertising (you're a decade late on that one...), give people a reason to come back to the site - make the site sticky or have network effects.
Scaling comes later (assuming your initial design isn't a complete resource hog). It literally follows the money.
My understanding (feel free to correct me if I'm wrong) of it in the context of good websites is
Host: You need a great host/site, something stable & something people want to use
Agent: I consider agents as internal factors like technical, sales & marketing, They help you grow & the ensure stability.
Environment: Environment is pretty much your jurisdiction, you need to make sure that your solution is legal & your environment is supporting of you growing. Another fascinating theory to study around that is the Overton window (https://en.wikipedia.org/wiki/Overton_window).
Vector: A vector, an organism which transmits infection by conveying the pathogen from one host to another, with the most powerful agent been word of mouth.
I guess if you have these 4 components structure well, then you have a pretty good chance of having a successful website according to the Epidemiologic Triad.
Now if you're question is more around business models, then heres also another good resource to look into by HBR(https://hbr.org/2016/10/the-transformative-business-model)
I first got hooked on slatestarcodex (http://slatestarcodex.com/) when the author hit a five post homerun streak and he was just too good to not check in with.
When I'm evaluating whether to follow a tumblr I can see the process unfold in real time, where I scroll down and finally think to follow after I see several really good posts at once. The moment I stopped and saw myself doing that I realized if I ever wanted to get followers on tumblr my blog would probably need to have the same kind of five-post punch to get people interested.
1. Update often.
2. Make it easy to find your new stuff, or display your archive proudly and live off the interest.
3. Keep a high quality bar. It might even be useful to take your absolute best and put it in one place so you can show people your better side.
4. Market aggressively or be prepared to wait a while.
It's also question that needs to be better defined. What sort of site? What definition of success?
For many sites, the biggest pieces are having something that people want or need, then consistently providing it. Of that pairing, having something people want is the absolute core.
You'll get some ideas.
More to the point, making sure people know about it and the site is easy to use. Beautiful design is nice but if it gets in the way people will admire it once, twice... and finally give up. Don't let content get stale.
As good as it is from a technical perspective Delphi, while not truly a dead language (it's still commonly used in many enterprise-size companies), it is a dead-end. Besides, Delphi and its ecosystem is mostly closed source. The vast amount of readily accessible help and information programmers have come used to with modern language environments simply isn't available for Delphi. Be prepared to pay (or convince your employer to pay) for 3rd party libraries or build everything yourself.
You can't get that time back so long-term it's probably better to develop software in a more modern ecosystem.
Having said that, I don't know your local market or industry.
TL;DR - it's not that Delphi is so bad, but there are so many other environments / languages that are thriving these days, why limit yourself?
Also, don't believe them if/when they tell you they are looking to migrate to something more reasonable as part of their attempt to get you to join. I interviewed at a place that did VB6, but they promised work in .NET during an upgrade, but I suddenly found myself reading COBOL and being asked how excited I would be learning JCL. They are still on VB6 and I left there only 8 years ago.
There's this idea of a T-shaped skill set that I think very much applies to this kind of business: You have your primary skill (i.e. the service you offer, in your case engineering expertise), in which you have in-depth knowledge, and then you have supporting skills (like accounting) in which you're no expert but which you know sufficiently well enough to be able to market your services.
Finding the right balance between earning sufficient revenue sustainably (and the always reasonably full sales funnel required for that) and not taking up more work than you can handle can be particularly stressing.
The biggest stressor for the owner's of most small businesses is not getting a regular paycheck.
Go for it!
See : https://news.ycombinator.com/item?id=9877881
Will bookmark, thanks for this
In addition to this documentation, for Gmail and Facebook, I have completed the "I'm dead, do this with my account" sections of my account profiles. Gmail, after 90 days of inactivity, my brother gets an email and gains access to the Gmail account.
I have 2fa everywhere and my close ones won't be able to keep updating my box or troubleshoot... I guess the bank will close my card when I die and I can pay in advance. Currently, I have 3 years of 'insurance' , but what if DO doesn't exist anymore...
As for passwords, keys and so on, you can put all that into a single archive. (eg. regularly export your password manager, put any private keys you want to pass on, instructions for how to use them, etc)
Encrypt the tarball/zip file with a symmetric key.
Then you can use Shamir's Secret Sharing Scheme to split up the key so that a certain threshold of key holders is required to access the data (eg. Any 2 of 4): http://point-at-infinity.org/ssss/
Distribute the parts of the key to your heirs.
Leave instructions in your will so your heirs can locate the encrypted file when the time comes.
Folks speculate that he must have known something. But his wife insists he was always a planner. The business appears to be busy and humming along fine. In many ways a tribute to what he built. Certainly a huge relief to his family, employees, and customers.
Here's good link on contingency planning> https://partners-network.com/2013/10/17/contingency-plan-for...
 - https://en.wikipedia.org/wiki/Bus_factor
In the grand scheme of things, we're all irrelevant. And in the end, none of this really matters.
So, there's the technical route, whoever has the passwords wins.
But if it matters, and you don't want your technical heirs to be fighting each other, you should probably establish ownership and succession with a lawyer.
Concentrate on living a healthier/safer life and keep it going longer.
The next step, however, would be to educate the populous so that all voters were informed, and that voters would be presented (in an elegant fashion) with what is relevant to their districts on the three tiers of national, state, and local policy. I don't know if Unix has a good metaphor or reflection of this, but unix is meant to be a) modular and b) minimalist, so if we can sponsor the idea of true modularity in voting, I think we could see some full-participation schemes that are not overwhelming. I don't have to vote on every issue, but could vote on collections of issues that reflect my general ideology or current understanding of what best suits the republic.
Another issue though, is ownership. In the Feudalistic Republic of the United States (as of 2016) it's hard to describe a system that could be adopted reasonably that promotes the idea that all the nation belongs to everyone in it. We have some things like "the right to life, liberty, and property [often misquoted as 'happiness' at the end here]" and how does one reconcile this idea of property with a truly harmonious community? Good question.
So in short, the basis of the Unix philosophy would help (especially with law versioning, that is just what needs to happen and is so brilliant and clear I am surprised there is not greater traction for it). All Laws need time limits (and easy renew options if they are good)... And the entire populous needs higher quality information that [forces?] causes people to consider the community at large.
/rattle like a snake
I would see https://developer.apple.com/design/awards/ as the tech equivalent award currently.
Managers would read papers about the CMM and declare that they wanted to be a Level 5 organization, causing insane amounts of busywork and document generation and overall grief to realize that their underlying business processes were hopelessly in the way of any positive change.
So then the goal went from "Level 5 or Bust!" to "Okay, let's try to get to 3" and then later "Um, can we make Level 2?" Then everyone just gave up. There were only a handful of shops that ever made 5 and stayed there, the Space Shuttle engineers being the most famous example.
In design, Apple's core hardware design team is over the top psychotic about the quality of their work. It's a true obsession for them. Many font foundries have similar neuroticism driving their work.
I think Chef's Table (great show!) does us all a disservice by kind of skipping over how unbelievably grueling such an undertaking is. It truly is inhuman. It's unfathomably difficult to create merely a successful restaurant... it takes a perfect storm in both the positive and negative sense for someone to create something like a Michelin starred restaurant.
So yes, probably. Is it sexy? Certainly not. It looks insane more than anything outside of the lens of a beautifully crafted documentary.
Hint: The proof is in the pudding. But you have to sit through the whole meal to know whether you enjoyed it...
Their products were regarded as things that "Just work" their website was very easy to use for support and information, and these were consistent over a long period of time.
I'm not so sure about the Apple today, but in the 2000s they were certainly were hitting their marks.
Deep work is hard, not always satisfying. Generally speaking, progress equals happiness. What's important to you? What do you want to achieve? Why?
Robbins has a good system for creating an action plan > https://www.youtube.com/watch?v=78pwjZ7lzBI
I wish I had some good advice for you, but I'm still trying to figure it out myself.
In my experience, burnout comes from too long as a student/worker (even self-employed) without giving yourself a break (among other things, but this is a common start to it). Maybe find some other hobbies to help you out, even if they're only intermittent (like my infrequent gaming hobby). They give you something entirely different to focus on for a few nights each month. That break can do wonders for your motivation and focus when you return to your other projects.
Focus efforts now to release v1. Find your willing user first, commit to deadline with the user, deploy version 1 for user to start off with, then watch life take on new motivation as criticism, comments and compliments start coming in.
MVP or bust