IndignantNerd | 4 years ago | on: CNN Has a Strong Contender for the Worst Chart You’ll Ever See
IndignantNerd's comments
IndignantNerd | 4 years ago | on: Quad9 and Sony Music: German Injunction Status
Are you a German resident or otherwise subject to their jurisdiction? What would happen if you just ignored the lawsuit, and/or ignored the final judgment?
IndignantNerd | 4 years ago | on: Getting to the Product Manager interview stage
From what I’ve seen in hiring, you’ll reach the 75th percentile with consistent formatting and no spelling mistakes. It’s incredible how bad some of the resumes are. You would think it would be a good idea to optimize the one constant across all your job applications, but apparently not. If you’re applying as a senior frontend engineer, but you can’t even layout text in Microsoft word, what should I infer about your ability to build a web page?
That 75th percentile might even be enough to get to an interview, depending on how sparse the company’s pipeline is. But in terms of optimizing content to advance from 75 to 90+ percentile – the best method is something that jumps out at the person reading. That might be an elite degree, or a popular project, or an unusually relevant background for the company.
Basically, you need a clean resume and at least one “thing” that jumps off the page and differentiates you from other candidates.
Sometimes I wonder how the hiring process would change if applicants could see the resumes they’re competing with.
IndignantNerd | 4 years ago | on: AuthZ: Scalable permissions system
When a startup I work for was borderline manipulated into onboarding onto the Carta platform [0], I did some brief security review.
I noticed they’re loading third party JS with at least one postMessage handler with a wildcard origin. They were also sending the current page title (which can include things like company or investor name) to this provider. It appeared they were also using a version of Knockout.js that is 2+ years old. [1]
This did not inspire a lot of confidence. The linked blog post at least takes security seriously, but it’s clear they’re patching over a lot of legacy cruft.
There’s a hell of a lot of sensitive data on Carta, which I’m sure they’re already selling to their “partners” anyway, but IMO it’s only a matter of time before they (or one of their “partners”) are hacked and a whole bunch of companies suffer from information breach.
IMO the main reason they haven’t been hacked yet is simply because you need to pay $2k just to get access to their questionably secure app.
[0] Your lawyer tells you that you need a 409a and Carta is the best. But if you only want the 409A, and don’t want to get growth hacked onto Carta’s platform, you’re out of luck. They won’t do the 409A for you unless you complete the full onboarding process, which includes appointing Carta as your company’s transfer agent, and uploading the email addresses of your investors and allowing Carta to spam them with tasks like re-signing legal documents that you issued off-platform.
[1] This is not a technical analysis and I’m just going by what I remember from watching my local chrome dev tools. Don’t @ me.
page 1
I feel like the “MSM” has an inherent advantage by being first in line to receive info from government officials. Social media offers the illusion of influence – it feels like you’ve got the MSM beat - until you realize that the only stories anyone discusses are those that fit within the narrative established by the MSM.
As long as we allow these corporate news orgs to define the bounds of discussion, we’ll never escape this rage-maximizing cycle of Overton window shifting that we all collectively subject ourselves to.