Ask stories

The "new" page with dead articles shown has about 5 submissions per page with Indonesian titles and spam contents usually containing a phone number.

Sometimes they're posted by brand-new accounts, sometimes it's "aged" accounts that have never posted before. For instance, this one created in 2021 has posted 12 times in the last 2 hours:

https://news.ycombinator.com/user?id=TheDarkLegend

(you'll need to have showdead turned on)

Is this the world's most misguided phishing attempt? AFAIK dead posts don't get picked up by any search engines etc...

Lately, I’ve noticed a new trend on X: Devs (and indie hackers in particular) are ditching cloud providers and jumping straight to bare-metal servers like Hetzner.

Honestly, I think the big cloud companies just haven’t kept up. Their services feel clunky compared to the standalone alternatives. Just try comparing Vercel’s dev experience to Amplify’s, and you’ll see what I mean. On top of that, AWS has gotten way stingier with startup credits.

Put those two together, and it’s no surprise fewer people are hosting their MVPs on AWS. It’s tough to stay under $150/month with a database and a server, while on bare metal you can grab 16 GB RAM for around $20/month.

- Do you think the cloud is actually losing ground? - And for those using bare-metal: how do you handle DB backups, CI/CD, and pulling logs? - Would you scale something using bare-metal servers?

[Carlos](https://github.com/clostao)

This past Friday afternoon, a member in our Discord server reported a phishing email pointing to a fake login page.

We took up to research it and because of clumsy decisions by the attacker we got their GitHub and their operational Telegram bot.

Screenshots: https://imgur.com/a/FTy4mrH

Sometimes the attacker incompetence can be a defender's best weapon ¯\_(ツ)_/¯

The phishing page was a standard clone of an "email", unbranded anf generic service. A bit of gobuster reconnaissance and we got the site's .git directory publicly accessible and listing its contents.

Inspecting of the requests also got us the first Telegram bot token. This is the digital equivalent of leaving the blueprints to your entire operation, including past versions and deleted files, lying on the front lawn.

We pulled the repository, found automated deployments and multiple fake pages with different hardcoded Telegram bot tokens and Chat IDs.

With the source code, repo and the active Telegram bot token, we filed detailed abuse reports:

- GitHub: We reported the repository containing the phishing kit's source code. It was taken down for violating TOS.

- Telegram: We reported the bot using the provided token and chat ID, leading to its removal.

- Hosting Provider: The malicious site was reported and taken offline.

Lesson learned? Never deploy a .git folder to production. Even if you are a criminal.

Acknowledgement: This was a collaborative effort by members of the BeyondMachines Discord community. The crowdsourced speed and collaboration helped us take this down very fast.

Before we sat around screens we sat around campfires telling stories. We’re hardwired to be storytellers, and that’s how we fundamentally connect with other people and understand the world.

I’ve been thinking about how KISS a small team could go and still stay productive and aligned. This is my take:

1) The story unfolds. Repeating meetings where team hash out the next steps to be done before the next meeting

2) The plot. A plain text document in the repo showing what has been done, what needs doing, and any related notes or comments

Here is an example of the plain text story/narrative of the project:

```

# Project: Cloud Cost Dashboard

Enable easy access to cloud cost data for the team.

## Integration

DONE Cloud cost API integrated with billing system @bob

## Dash board

Dashboard must pull data from AWS, Azure, and GCP for comparison.

TODO Set up a cloud cost reporting dashboard @alice TODO Train team on how to use the dashboard @alice

```

The following rules apply:

- A task is either in status TODO or DONE and it fits exactly on one line

- Add @name to assign tasks

- New TODOs are added at the bottom (so look there for tasks to pick)

- Feel free to add any free text/notes etc to the file to provide context and insight

As the project progresses the story unfolds and self documents.

BONUS: Use the task line for the commit message

Some questions:

- Does this approach seem like enough to keep a small team productive and focused?

- What essentials are missing (given a small team context)?

Would love to hear your thoughts!

Curious whether AI tooling are making engineers more productive with more free time or more productive with even less free time.

One big problem I have with pomodoro apps: they disappear. Even when the timer's running, I forget about it.

So I built a macOS app that runs as a persistent, always-on-top sidebar. When you collapse it, it becomes a 3px colored progress bar.

That constant visual reminder helps my time-blindedness stay on track.

Curious if anyone else struggles with the same thing.

literal shower-thought i had tonight as i was thinking about how at work we all don't like dealing with our helm charts because the syntax and structure ends up looking so ugly and it just feels wrong (not to mention the multiple different approaches of handling kubernetes resources in multiple different pipelines.

i try to see beyond any initial repulsion to weird looking code because i know that it may be super functional. but it got me thinking: what makes code beautiful? what makes code "high quality"? (other than that it results in a working, performant, and robust software program obviously).

so i'm curious -- can you show me the best code you've encountered? it can be a small snippet or it can be a "slice of a library" or an architecture etc. have you written anything yourself that you are super proud of?

Looking for some inspiration for some books to read during the Christmas holidays

Signing up for classes and I am debating between a Natural Language Processing class and a LLM engineering class. Which one is the better option? I feel like there’s been a lot of recent discourse about LLMs becoming irrelevant in the near future.

Natural Language Processing: Introduces the computational modeling of human language; the ongoing effort to create computer programs that can communicate with people in natural language; and current applications of the natural language field, such as automated document classification, intelligent query processing, and information extraction. Topics include computational models of grammar and automatic parsing, statistical language models and the analysis of large text corpora, natural language semantics and programs that understand language, models of discourse structure, and language use by intelligent agents. Course work includes formal and mathematical analysis of language models and implementation of working programs that analyze and interpret natural language text. Knowledge of statistics is helpful.

Engineering LLM-Integrated Systems: Studies the software engineering foundations for systems that integrate large language models (LLMs). Examines how LLM-integrated systems turn natural language instructions into actions. Offers opportunities to build systems with natural and fluid interfaces, integrate them with existing software, rigorously test their behavior, and understand their failure modes and limitations.

Not sure which one will be more helpful! For context I am a data science major but interested in working in machine learning in the future!

I was recently laid off at a big tech company after 10 years. And now I am facing the harsh reality of trying to crack leetcode medium/hard problems (something I never managed to do routinely while I was working at this company). Is anyone here in a similar situation or has been in one? If so, how do you keep yourself motivated to solve multiple problems a day, especially knowing you are actually never going to work on such problems as part of an actual job?

Edit: I need to practice leetcode because the interview process for almost every software engineering role (especially in the Bay Area) seems to require going through at least one round of coding challenge based on leetcode medium/hard problem. I did not call it out earlier because I thought this is a very obvious point. Perhaps, I should have clarified that I am mostly targeting software engg roles.

Complete MCP traffic analysis tool with desktop app for Mac, Windows GitHub: https://github.com/mcp-shark/mcp-shark Web: https://www.mcpshark.sh/

We now have IG/TikTok/YT Shorts. First it was mails instead of letter, text/fb instead of mails, then images, then videos, now shorter videos. We might also fill in for the other senses, not sure, but then that's the end of the line.

There is no reason to assume that things will change direction, unless there is some force that makes it so. I am trying to think of a scenario where people would do more of something archaic like reading in the future, than they do now.

What could that be? I can't come up with anything. Does it matter? Can we be fine without reading?

Race condition, producer consumer, and cool stuffs like that? I do java

I keep finding myself commenting on threads and then forgetting to check back. HN doesn’t have built in notifications, so I’m curious how people here actually keep track of discussions they are part of.

What’s the best workflow you’ve found to follow active conversations without missing replies?

I am a software engineer with about 20 years of experience, and lately I have felt a bit lost about what to do going forward.

For the context, I have always been passionate about software engineering, I started very young and have worked in it non stop every since. I mostly worked broadly in web development and have pretty-much mastered all areas and layers of the stack (infra and cloud, databases, backend, network, front-end and even a bit of mobile...). I've also been an indie game dev on my free time ever since.

For the last 5~10 years I have not been evolving or learning anymore in my daily job, and feel that I've basically seen everything. It only feels repetitive, and as I've lived through many tech bubbles, I don't get much interested in the major trends because the fundamentals are the same and everything old gets new again.

Over the years, I've worked in many companies, from big ones to fresh startups, B2B and B2C, in direct and as a contractor as well as web dev agencies. I've also found out that while I like tech leading and the various design and spec phases of software, I don't like managing people. I do not want to evolve as a CTO either because of those reasons and the endless meetings. But the industry seems to think that the normal path forward is to quit being a developer and manage people instead, which is a totally alien idea to me because it involves completely different skills and knowledge.

I am now at a step in my career where I find it impossible to find a company where my knowledge and experience is really valued and useful. I'm often the most senior, more than even the managers and CTOs, but have less power or influence and am just another cog in the machine. I see the mistakes being made and know what it will cost (because I've been there and done that many times), I do my best to explain that and recommend alternatives, but more often than not it still happens anyway.

I've long considered switching to game dev professionally since I find that it has a lot more fun and interesting challenge, and I yet have lots of things to learn there. But as a husband and a dad, the reputation of the industry (low salary and crunch time) makes it difficult to seriously consider. I'm now thinking that freelancing my be my best bet going forward, and then explore and build things from here.

I know that there are more senior (30, 40+ years...) people around here, so I'm curious to hear your experiences. Did you ever feel the same way, what did you do and how did you finally find a satisfying daily job?

Theoretically, what would be the downside of replacing expensive CEOs with AI agents?

I’ve been asking myself this question a lot lately because I’m pursuing a CS degree but I’ve been second guessing my decision because all I ever hear about now is people either getting laid off or new graduates having a hard time landing entry level roles, never mind the AI of it all not that I believe it is a feasible replacement for actual programmers but at the same time it’s hard to tell if it has the potential to be that later on. I’m still a couple years shy of graduation but it doesn’t seem like enough time for things to improve if ever.

I have spent the last few days trying (and failing) to find real cases where AI agents actually scale in production. Outside of coding agents and dev-productivity tools, I am struggling to see anything that looks like a genuinely scalable agent system.

Most of what people are calling “agents” today are basically deterministic workflows with one or two LLM calls glued together. That is not an agent. That is a at best API pipeline.

So I am genuinely curious: are there any real examples of agents handling large, messy, multi-step workflows at scale? Not demos, not toy projects, not VC decks.

Only two kinds of engineers climb the success ladder in today's cut-throat IT environment (especially in India):

1. The people pleaser types who know how to use the right technical vocabulary, massage the ego of superiors, attend parties, etc. They typically grow into project managers and IDU heads.

2. The dependency creator types who isn't just a nerd but also knows how to keep control of their systems in their own hands, share only little or ambiguous information rather than open source all knowledge, maybe even fake bugs every now and then to signal who really controls the show, etc. These grow into software architects, CTOs and other roles.

If you aren't one of these two types, a long-term career in corporate IT isn't really for you. You might gain some experience for a while but eventually end up being used or becoming punch bags for these other two types.

Whatever I do and learn no progress is going to happen in my country(nepal).

There is no benefit of having merit in Nepal. Private jobs are already low paying. Remote jobs do not come generally to Nepal.I see remote jobs love India and south east asia. I do not get the point of remote job if they are hiring from specific country. The only thing I can do in nepal is public service commission (civil services) and crack computer engineer. But the pay is meagre there as well, unless I am lucky enough to enter central bank of Nepal(NRB).

Honestly, it feels like I am pushing not just a wall but universe itself in Nepal. Because nothing is going to happen irrespective of my abilities. I am currently preparing for PSC and I do not believe I will be happy as a PSC engineer even if I end up at NRB(central bank).

Something feels missing inside me. I have took countless therapies and what not. They helped me a lot to be where I am at now. I feel scared to try opportunities out of my comfort zone (kathmandu is my comfort zone).

As an adult, nobody pushes you, you have to push yourself. I am in a serious deadlock internally. I can decrease the effect using yoga and meditation but that does not troubleshoot the cause. Personally, I want to pursue something academic away from nepal. I believe that would provide me the much needed confidence in my life.

For the last couple of months, about a 1/5 of links on HN are inaccessible from Russia because site owners block this traffic. I have a suspicion that they don't even know that. Especially, when it happens on Claudflare side. That's kinda sad. And I wonder why that's happening.

Not many job openings available, pay is bad etc - that seems to be the current reality of the job market.

Those who are currently (or recently) interviewing, got job offers - what was the process like? Ignoring the FAANG companies for a second - how has the hiring process changed in the last 1-2 years, in the era of AI?

Are we still forced to solve leetcode type problems? Take home exercises? Could you please share your experience? Especially for mid-to-senior level programmers