Actually only the first screenshot is a review of my application, I asked some friends for their credentials to test the information disclosure out. (you would only get 1 review per application)
Admittedly, "passion and interest don't really come across" might've been a valid impression, since the post after sounds like it wasn't the top priority:
> I decided to apply even though I was pretty busy that weekend, hoping my schedule would clear by the time the hackathon came around.
However, this could be yet another instance of gatekeeping that has sprung up, now that there's tons of money involved, and a whole lot of petty posturing and maneuvering.
When I was a kid, from a non-affluent family, who was fortunate to be able to start programming computers, I could just do things.
I'm not aware of anyone ever being appointed arbiter of whether I had enough "passion and interest" to participate in some activity or venue.
You'd just show up, and other enthusiasts would be reasonably encouraging and supportive.
Too much nowadays in our field has a whiff of being about classism and collusion, to create barriers to joining the clique.
Don't get me started on the obviously frat-pledging interviews that Google popularized, and then way too many newcomers mimicked that gatekeeping baggery, as if it was good and reasonable, rather than bro snobbery.
Tbh, if I could go to a conference that guaranteed all signs of passion and interest would be banned, it would be depressing.... but far more useful. Passion is something best saved for happy hour. The best advice I've received is not from passionate people but rather people who have resigned themselves to the work.
Very grateful I'm nowhere near conferences or academia, but equally grateful others are doing the work filtering the bullshit out for me.
You definitely still can just show up and do cool hacks.
Also hackathons are really easy to host if you keep them under 50 people. All you really need at that size is a co-working space and some pizzas.
So if you don't like the vibe at your local hackathons, why not host your own one weekend?
I think the key is really the size of the thing. Giant hackathons with big sponsors and prizes are always going to be more "serious" feeling than your local self-organized hack-days.
1. The kind where you have to advertise all over and work hard to convince people to come to. You're happy with whoever shows up.
2. The kind where you have so many entries that you need to filter out the non-serious people and save your limited space for people with the actual skills and motivation to show up and contribute.
The second kind is usually associated with some big institution or influencer. It might have a history of participation from people who went on to be successful.
In this case, it's associated with universities. Different universities probably encourage their students to apply and compete.
I'm curios - my naive understanding that instead of using backend which will allow limited subset of actions/validate input, there is some 3rd party DB ( Firebase ?) which works via some sort of per-user API keys to allow fetch directly by frontend devs?
Firestore's quick setup uses "test mode", which is free and unrestricted. The "locked mode" recommended for production blocks all reads and writes until you set up the rules.
So I don't know if they had the site in test mode, or they simply set a rule to allow everything (I've seen that happen) instead handling access based on user permissions.
In Stalinist and Maoist countries you’d get extra points for uni when coming from a worker or farmer family. Times change, ideologies change, but some things don’t.
There used to be a local hackathon where I used to live in London. Amazingly talented people used to attend, great social, I really miss going to these events
Slightly tangential: I'm currently working on a web app that uses Firebase and I'd like to potentially open source it in the future.
Given all these recent articles where people have been finding vulnerabilities in Firebase apps, should I be careful to open source it? The data in my app isn't super sensitive (e.g., social security or bank info), but does contain PII like names, emails, passwords.
You should triple-check the configs for your Firebase instance, make sure you understand all the security implications.
If you release the app as open-source make sure you remove references to your specific Firebase instance.
I'll also say that the app being open-source isn't the problem. As you can see from the blog-post, there's a LOT you can do just from looking at the frontend code delivered to your browser.
oh no applications are closed, bummer I was working on some ai stuff last week and on the weekend, its a shame that people that are working on AI stuff are too busy to notice events like this where some publicity or peer review or criticism might come handy
cbracketdash|11 months ago
What an oblivious statement made by your actual reviewer!
fastcall|11 months ago
Sorry if that wasn’t clear in the blog post!
neilv|11 months ago
Admittedly, "passion and interest don't really come across" might've been a valid impression, since the post after sounds like it wasn't the top priority:
> I decided to apply even though I was pretty busy that weekend, hoping my schedule would clear by the time the hackathon came around.
However, this could be yet another instance of gatekeeping that has sprung up, now that there's tons of money involved, and a whole lot of petty posturing and maneuvering.
When I was a kid, from a non-affluent family, who was fortunate to be able to start programming computers, I could just do things.
I'm not aware of anyone ever being appointed arbiter of whether I had enough "passion and interest" to participate in some activity or venue.
You'd just show up, and other enthusiasts would be reasonably encouraging and supportive.
Too much nowadays in our field has a whiff of being about classism and collusion, to create barriers to joining the clique.
Don't get me started on the obviously frat-pledging interviews that Google popularized, and then way too many newcomers mimicked that gatekeeping baggery, as if it was good and reasonable, rather than bro snobbery.
CalRobert|11 months ago
moralestapia|11 months ago
Can't see anything. Was the page edited perhaps?
ForTheKidz|11 months ago
Very grateful I'm nowhere near conferences or academia, but equally grateful others are doing the work filtering the bullshit out for me.
accurrent|11 months ago
I remember the days when one could just show up to a hackathon and do cool hacks. Now it feels like they only exist for serious reasons.
non-|11 months ago
Also hackathons are really easy to host if you keep them under 50 people. All you really need at that size is a co-working space and some pizzas.
So if you don't like the vibe at your local hackathons, why not host your own one weekend?
I think the key is really the size of the thing. Giant hackathons with big sponsors and prizes are always going to be more "serious" feeling than your local self-organized hack-days.
pdntspa|11 months ago
And for the record.... PIZZA is not an appropriate compensation. Especially if someone is lactose intolerant!
paradite|11 months ago
peterarmstrong|11 months ago
Aurornis|11 months ago
1. The kind where you have to advertise all over and work hard to convince people to come to. You're happy with whoever shows up.
2. The kind where you have so many entries that you need to filter out the non-serious people and save your limited space for people with the actual skills and motivation to show up and contribute.
The second kind is usually associated with some big institution or influencer. It might have a history of participation from people who went on to be successful.
In this case, it's associated with universities. Different universities probably encourage their students to apply and compete.
CoolCold|11 months ago
Anduia|11 months ago
So I don't know if they had the site in test mode, or they simply set a rule to allow everything (I've seen that happen) instead handling access based on user permissions.
pwillia7|11 months ago
https://decapcms.org/ is a nice front end CMS admin if you're looking for one.
wodenokoto|11 months ago
fastcall|11 months ago
I didn’t get any feedback or even a reviewer name, oddly enough.
belter|11 months ago
ngruhn|11 months ago
falcor84|11 months ago
JackDanMeier|11 months ago
przemub|11 months ago
chinabot|11 months ago
joshdavham|11 months ago
Given all these recent articles where people have been finding vulnerabilities in Firebase apps, should I be careful to open source it? The data in my app isn't super sensitive (e.g., social security or bank info), but does contain PII like names, emails, passwords.
henryfjordan|11 months ago
If you release the app as open-source make sure you remove references to your specific Firebase instance.
I'll also say that the app being open-source isn't the problem. As you can see from the blog-post, there's a LOT you can do just from looking at the frontend code delivered to your browser.
byyoung3|11 months ago
miyuru|11 months ago
nusl|11 months ago
xavdid|11 months ago
> 09/03/2025 - vulnerability disclosed
a security vulnerability and time travel to go with it!
fastcall|11 months ago
koakuma-chan|11 months ago
appleaday1|11 months ago
appleaday1|11 months ago
dd_xplore|11 months ago
yzydserd|11 months ago
alcor-z|11 months ago
[deleted]
adibvafa|11 months ago
[deleted]
sureglymop|11 months ago
jackwilsdon|11 months ago