Ask HN: What is the thing you've built that you regret the most?

I built a lighting system for <hotel chain you've heard of> to save energy by turning off hallway lights when not in use. The environmental aspect was great and saved hundreds of thousands in electricity. Someone eventually realized that the mesh network I built to connect all the lights together and report usage statistics could also be used to track employees moving throughout the building and catch them taking unauthorized breaks in the stairwell, so that's its main purpose now.

I'm a lot more paranoid about privacy these days.

When I was at Akamai about 5 years ago, I was involved in building the system for making their CDN compliant in China. There were two main features, and they were activated on all servers running inside mainland china (not HK, macau or Taiwan)

1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.

2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.

No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?

I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.

I worked in an Ad-tech start-up in Berlin run by two of the most evil f*kers I've ever encountered. I built out their principal ad auction algorithm and a lot of the back-end to support it, and all they did with it was target vulnerable groups of people at particular times of the week when they thought they were at their lowest ebb.

One meeting in particular really stands out still, a social media giant that everyone knows was in town meeting the founders to sell additional personalization data. Before that meeting, I thought things the start-up were doing were a bit sketchy, maybe borderline unethical. During the meeting itself, it was more like sitting around a table with Dr. Evil and a few henchmen. They were actively, unambiguously picking vulnerable groups for ad re-targeting. And that's not even the worst of it, the meeting wraps up and one of the founders says "OK guys, let's go get some beers and bring some girls". Then this despicable excuse for a man promptly walked out into the office, points at a few female employees and says "You, you and you, come with us now".

Early in my career (late 90s) I worked at a big company that just loved getting patents, had a big patent wall and did plaque presentations, etc. I got swept up in this and patented some "novel" (:eyeroll:) uses of a device that a partner/supplier made. Yay... I got a plaque and a few bucks, but Big Corp was never going to commercialize these uses, that was clear. They just wanted to run up the patent count.

But the partner corp was just a startup, trying to break into some markets, and now had some of those opportunities encumbered by patents and rightfully viewed our partnership as not in good faith (we didn't tell them about the patent work). The engineers at the partner firm were fairly pissed off at me, since I knew them well on a personal level and my name was on those patents. And naturally Big Corp promptly forgot about that business, never doing anything with the "IP".

I've thought about chucking those patent plaques in a fire, but I keep them in a box as reminder of that little snippet of my career, which I'd otherwise probably block out.

I worked for a company that made deep packet inspection based network equipment. Western customers mostly used it for "security" and media streaming man in the middle attacks (actually a useful feature saving lots of bandwidth).

The boxes were also sold to Syria and Burma, and were used to facilitate censorship and human right abuses

I built a crypto invoice system that was originally targeted towards our freelance dev clients, which was soon overrun with drug sellers, weapons sellers, and when it reached a point where some of the invoice descriptions included words like "8yo.mp4" we realized it was time to put it down. We reported the IPs of the people involved and shut down the servers. Luckily I live in a third world country and not somewhere I could get in trouble for.

My first job at Microsoft was to build IronRuby, which was an implementation of Ruby on top of the Common Language Runtime. I got the job because I had built a bridge that connected MRI (Matz's Ruby Interpreter) to the CLR before I joined the company. This project ultimately failed because of a principle that we learned from the school of hard knocks: respect developers' existing code investments. Developers couldn't use it because many of Ruby's existing libraries were thin wrappers over native code, and we couldn't get them to work for many reasons.

It turns out that the project was more of a demonstration of our ability to get dynamic languages to run efficiently on the CLR. To that end, I think we were successful. But once we achieved that there was not much of a path forward so the project was eventually shuttered.

ever heard of ActiveX? you know, arbitrary code installing and running in your browser on Windows and available to be scripted by javascript? like, instead of Java? sorry. I'm not solely responsible, but sorry, pretty responsible. we were young. code-signing as a means of validating origin was a great idea. though it needed additional infrastructure to prevent abuse and allow global revocation, and that wasn't perfectly thought through or executed. live and learn. :grinning-emoji:

Moving Murfie to Pine Bluff has been a disaster. The entire situation has been bad for Murfie users and myself.

I'm coming up on 3 years now with very minimal progress on returning media to users and getting the site fully operational.

There are a lot of places where in hindsight I could have made better decisions. At every point the best course seemed to stand out, only to sour with unexpected obstacles.

At first I thought I could stay in the warehouse, but then the returns became too much to complete before I had to vacate. COVID struck, and delayed the container move. Then I couldn't use my warehouse, and couldn't unload the containers. This is delayed efforts to return media and restore files that would have been easy to replace if I could unload the containers. Meanwhile Murphy customers have been 3 years without their discs or access to their media. I feel terrible about it. Some have died without getting their media.

I'm still fighting to do the right thing. I've filed a lawsuit against the city for refusing to issue permits, and I'm constantly looking for solutions, but I feel like I've failed a lot of people.

At a previous employer I helped build an employee monitoring system that was essentially a keylogger and would also take screenshots periodically and on every click. All this data was piped into our cloud and could be used by middle management for granular monitoring and evaluation.

The whole product was positioned for process optimisation but I know for a fact that it was used to monitor and eventually reduce headcount at multiple customers. I still feel gross just thinking about it but the company is supposedly making good money off of it given that they just announced a new version.

The Qatar slave helmet.

My company built the smart helmet used to track Qatar’s army of abused workers. The claim is GPS and accelerometer where used to track if a worker stopped moving or fell due to an accident; the geo fencing was supposedly for tracking if they had enough workers in an area for the job.

The reality is the helmets where/are used as mass surveillance tech to ensure workers are continuously active and never leave their assigned areas for petty things like going to the bathroom or finding shade to prevent heat stroke.

I went to college for a number of years in electrical engineering technology. I started working even before I finished my degree. My first gig was PLC programming material handling systems for the pharmaceutical industry. It made sense, in order to maintain safety and a sterile environment it’s much better to have a stainless steel robot handle pails, jars, drums, etc of pills in a clean room instead of people touching them.

Next up was a table to help workers move large objects with hydraulic movement and pins to hold the material in place via compressed air activation, and all the associated limit switches electronic eyes etc. cool enough.

Then the big leagues, a 300k (17 years ago) A-B (Allen-Bradley) robotic arm in an auto parts plant. Day 3 inside / outside / on top of the cage, I become aware of a number of people standing behind the yellow line staring at me, later cursing me, one threw some crumpled paper at me… I’m asking the plant foreman wtf is with those guys. He says well as soon as your robot works they’re all laid off. I left that day and never went back. Someone finished programming and set up I’m sure, I could care less, I didn’t. I thought one day I’ll get stabbed in the parking lot.

I realize that my automation didn’t take jobs away from society, I didn’t do anything evil. Those jobs would just move and hopefully spawn better jobs in the community (medium to long term). But in that small short term microeconomic moment, there were real consequences, and I was the face of them. I was not happy, I changed careers that exact day.

My first job was for a sketchy knock off autoparts company that was a glorified drop shipper. I built a dozen websites and a database of a few million rows. I was proud of it at the time.

Then I started reading customer support emails, took a few phone calls from disgruntled customers, and it turns out the company was just cycling cash. Would charge 100 orders and float the cash as it trickled out refunds.

I ended up leaving, and the company sold for a couple million a year later. I was left with a bad taste for e-commerce that has only recently went away.

I decided to build my own kitchen cabinets from scratch. I only had my small townhouse in which to build them. They eventually came out great, but it took 2 years to complete them.

The lesson I learned is to make it easier to abort large projects. Even if it delayed me by 6 months, I should have found a rentable workshop.

I don't know for certain, but when I was an undergrad I was helping a PhD student with his thesis around text classification, mostly grunt work, speeding up some hastily thrown together algorithms, etc. He said it was for his company, which was good enough for me; I was getting experience, he was friendly and polite and we enjoyed each other's company and mutual learning.

I found out years later (this was in the mid 1980's), that his company was "The Company"; the US CIA.

So I don't think my shitty little pieces of C code written on a Windows box ever made it into any US Gov't system parsing Internet mails/chats/etc, but it could have.

Built an e-commerce site in partnership with a close friend and someone he partnered with that sold smoked fish. My friend had actually been paid by his partner in the past and partner claimed to have insider relationships with a Canadian fishery and cannery.

After a couple of months of weekends we launched the site. Third partner was to take care of fulfillment because of their connections.

A couple of months after that, my mother in law contacts me and asks when her shipment will arrive. Turns out she liked what was on offer and wanted to be supportive.

My friend and I got the fish guy on the phone. He said he had to take a day job and was having trouble doing the fulfilling. I said ok, refund my MIL and I’m going to turn all the “add to cart” buttons into “email us” buttons and when you let me know you’ve got a plan to fulfill orders, even if just once a week, let me know and we’ll put the site back online.

My MIL never got her refund. Neither of us have heard from the fish guy again.

I won't say much more here but this second question caught my eye, because the answer is the same as for your earlier question. Some impactful work I am intensely proud of also became a thing that haunts me (or at least challenged my idea of "doing good").

Think about dual-use. You may never really know quite how your creations pan out. Not quite in the league of Mikhail Kalashnikov, but it piqued my now intense interest in tech ethics.

EDIT: damnit seems like everybody here is in the same boat. So mine was a gesture detection for medical robotics control that was repurposed for look-and-lock air combat (fire and forget a2a missile. An important caveat is I'm not even a "pacifist" and went in eye's wide open with a defence firm. I just wish they'd told me more up front that this was "generic tech" I was developing.

Worked for a YC some time back. It was quite a ride, but our seed round was just about gone and we had zero product-market fit after some time. It was ran a bit like a cult.

As we scrambled to create something of value and keep the lights on, I (unintentionally) built and highly optimized a free-trial funnel for a Saas service according to a "gym-membership" model; ie, our entire revenue stream depended upon tricking people into submitting their credit cards and charging them for months when they forget to cancel (or couldn't due to the complicated cancellation funnel). Once someone hit gym-membership status, we would pause all emails, reminders, etc (on CEOs design) so they would forget about us and let their card be charged for years. People at our company would fight against these tactics, but leadership's only focus was AB testing the hell out of the funnel to continually increase subscriptions and impede cancellations.

To combat the inevitable high charge back rates we eventually encountered, our staff would purchase pre-paid gift cards at corner markets and we programmatically submitted multitudes of tiny transactions through out the day to skew the chargeback rate to an acceptable place; this was the CEOs idea again, rejecting our ideas of selling things people actually wanted.

It was a house of cards, but the success of monetization was leveraged to land further contracts with governments (that we could never fulfill) until it all came crashing down. I left long before then on principle.

The entire venture was revealed to be a complete mess from day 0. From the start, this outfit threw its entire batch seed into google ads to drive "users" and feign growth to pump up the valuation on demo day, landing a couple million in investment for something that had no real value. Hm. It seems that a system was crafted here to pick winners and losers, and the company responded by gaming it in every way they could.

Built an aircraft-mounted camera gimbal pointing system that I thought was supposed to be used by energy companies to look for power poles but was also sold to US Border Patrol to hunt down immigrants. Not my finest hour.

A ticketing company was experimenting with BLE beacons to trigger things like seat upgrades and coupons when people walked by certain things in a venue… or at least that’s what they said it would be used for.

Instead they covered LA Live and surrounding area with them and then just sold that data to… well I’m not sure who since I left shortly after they did that.

The justification was “but we put it in the TOS and Privacy Policy”.