evgeny0's comments

evgeny0 | 15 years ago | on: Dropbox authentication: insecure by design

I like the idea from a technical point of view, but I doubt it would make much of a difference in practice, because most home users log in with administrator accounts anyway. So do most developers. Only the rare, security-conscious power user would typically log on with a restricted account and even then.

evgeny0 | 15 years ago | on: Paul Graham spills: Why some companies get his cash and others don't

Are you joking or did you used to be a phreaker? That is hardcore! +1

evgeny0 | 15 years ago | on: Show HN: "Never wait on hold again" service built with Rails and Twilio

Love it! To take it further, AT&T could choose to pay more to NOT have Verizon notified.

evgeny0 | 15 years ago | on: Peter Tattam created Trumpet Winsock and got very little: Let's set things right

Donated.

Thank you for opening up the online world to me, back in the days when just trying to connect to the Internet was a bit of an adventure!

evgeny0 | 15 years ago | on: Paranoia and deletion: the wipe man page

+1, but I'd stop mentioning it after the first time (unless of course you're just doing this as an experiment and aren't really interested in selling the stuff)

evgeny0 | 15 years ago | on: Hack Week at Dropbox

Full-size image: https://dl.dropbox.com/s/2pa7akochkgsnos/IMG_0988.JPG

The blocks are similar, but not identical. If you look closely you can clearly see that the line lengths are different.

evgeny0 | 15 years ago | on: Warning: Software Startups are Not as Easy as Everyone Says (2007)

Who on Earth said startups were easy?

evgeny0 | 15 years ago | on: NYT Review of ‘The 4-Hour Body’

The problem is not being "a bit of an ass" (embarrassing yourself), it's being "a bit of bullshitter/scam artist" (cheating others).

evgeny0 | 15 years ago | on: Technical job post tips for the desperate

Your point about the salary is valid - stating the salary does create some problems. However, not stating it creates much bigger problems.

It would be relatively rare that you advertise for a senior developer and end up hiring a junior one (when you had no intention of hiring a junior at first). It would be much more common that your job ad is ignored by the really good developers and instead you have your time wasted by those who are underqualified.

If your existing employees are paid below-market rates that is a latent problem in any case. Eventually they will figure out that they're underpaid. Even if you don't advertise salaries some of your competitors will.

evgeny0 | 15 years ago | on: Fixing XSS on a bank website - A customer's saga

But the random username / random password / client-side SSL certificate is excellent security.

The SSL certificate is, but not the random username. That's just a maintenance hassle. A username is not a secret - that's what the password is for. The random password isn't so great, either, because it pretty much forces you to write it down and then it just becomes a (poor) version of the SSL certificate. It should instead be a strong password that you can actually remember.

evgeny0 | 15 years ago | on: Why We Desperately Need a New (and Better) Google

This is something a browser extension could do (though not as well as the engine itself, of course). There is Chrome extension called "Google Blacklist"[1] but it didn't seem to have any effect when I tried it out. Perhaps others will have better luck.

[1]https://chrome.google.com/extensions/detail/hbodbmhopadphblo...

evgeny0 | 15 years ago | on: Important Safety Notice from WakeMate

Great story! Hardware manufacturing in China sounds just like software development in India: if you give very precise specifications - so precise that you may as well have written the code yourself - they will usually be followed. However, if you don't say things like "the software should run without errors" you may well find it crashes on start-up.

evgeny0 | 15 years ago | on: Overcome Fear in 2011. Get Rejected On Purpose

Agreed. You may also be ruling yourself out of consideration for future opportunities with the same company that you genuinely are qualified for, because you've created the perception that you're incompetent or just don't interview well. (Let's face it, it would be difficult to give good answers at the interview when you're clearly not qualified.)

evgeny0 | 15 years ago | on: “Merry Christmas" vs. "Happy Holidays" - nearly double the conversion rate.

This is basically why I give everyone a unique email address, and /dev/null the address after I stop needing it.

Offtopic, but what service do you use for this email redirection setup? Or do you run your own mail server? I do exactly the same thing, currently using MyDomain.com, but looking for a better alternative.

evgeny0 | 15 years ago | on: How I Used Amazon’s Mechanical Turk to Validate my Startup Idea

I'd go further: many people will happily agree to buy something for $x when they think it's all hypothetical, but would never actually buy it. Hence the oft-repeated advice "don't ask people if they would buy, ask them to buy".

evgeny0 | 15 years ago | on: You don't really want a million dollars

Have you done A/B testing on that, ie. whether you get more or fewer upvotes with the reminder?

evgeny0 | 15 years ago | on: Microsoft quietly shuts down Office Genuine Advantage program

+1 Perhaps it's their way of dealing with the fact that Office is just too expensive for many people, without acknowledging that to the public by dropping the price.

People who don't use Office for business would struggle to justify $209 AUD (RRP for Home and Student edition) to themselves just to write the occasional letter - even if they're not aware of Google Docs or other alternatives.

evgeny0 | 15 years ago | on: How to (In)validate Your Startup Idea

Instead of saying "the solution to problem X will actually be available TONIGHT at www.[startupname]ly.com" couldn't you say "the solution to problem X will be available SOON/LATER/NEXT YEAR at www.[startupname]ly.com. Pre-register so we can let you know when it is" ? First, you wouldn't be deceiving anyone. Second, wouldn't it be an even better indication of interest if people are willing to wait for the product?

evgeny0 | 15 years ago | on: Hidden admin user on every HP MSA2000 G3

I can just see it now...

  - A hidden admin account is perfect for debugging and support!
  - What if someone guesses the password?
  - Nah, who the hell is gonna guess THAT?!

evgeny0 | 15 years ago | on: Tim Ferris: 3 More Case Studies of Successful Cash-Flow Businesses

Yes. I mean, I think the guy is an arrogant, unethical bastard, but IF you can just get past that and keep an open mind I think he does have a few interesting points on productivity, priorities, questioning what you really want, etc. There's actually a lot of stuff in the book that I agree with, but there's a lot that really irks me, too.