Hacker News new | past | comments | ask | show | jobs | submit | justinludwig's comments login

More about what you actually do -- I'd suggest something like "Secure, Sustainable Open Source: We partner with open source projects to monitor their upstream dependencies for security fixes, and automatically rebuild and distribute our partners' projects with those fixes. Our partners don't have to change what they do, and we share 70% of our subscription revenue with them."

Also:

> New SecureBuilds are created whenever upstream CVEs are available, with a 6-day SLA for critical vulnerabilities.

Surely this should be "New SecureBuilds are created whenever upstream fixes for CVEs are available" -- you cut new builds for the fixes, not the bugs, no?

reply


i like it! and yes, that is correct :)

reply


Simply being first isn't the moat -- _switching cost_ is the moat. You've got to get people using your app in order for being first to matter. And the easier it is for those users to switch, the smaller the moat is.

IE6's moat wasn't that it was first at anything, it was that it was installed as the default browser on all new Windows machines -- switching was work. And once lots of custom web applications were built that used IE6-only features (or required IE6-only bugs), switching became impossible.


You realistically only have time for one of the following:

1. be a serious student

2. be a serious athlete

3. be a serious maker

4. be a serious business-person

My advice would be not to take any of them too seriously -- enjoy college, enjoy your sport, enjoy tinkering, make connections. Don't worry about starting a company until after college. Take advantage of your college years to learn, work on other people's projects, try out new things, and invite others to collaborate with you.

If you're brimming with ideas now, you'll have just as many in four (or six or eight) years, and you'll have gained invaluable connections and the know-how to execute on them. (But if before then a great opportunity falls into your lap to start a business with some of your fellow students or professors, don't be afraid to take a sabbatical from being a student and athlete and having a life, and dive into it for six months or a year.)


This tactic is usually used as a diversion, either to bury an important email message (like a notification that your credentials to an important account have changed) in a flood of garbage messages, or to keep you focused on your email instead of keeping tabs on your usual responsibilities (like say to monitor the entrance to your office suite).


If this is her personal phone number, then it's likely available from any number of "legitimate" data brokers; plus likely would be part of various database dumps you can buy on the dark web. It's pretty easy for someone who knows what they're doing to spend a few minutes of research on social media to find several employees of a small company, lookup their personal contact info, and message them claiming to be the company's CEO.

To protect your employees, let them know that either a) you'll never call or text their personal phone number; or b) if you call or text, it will always be from a known good phone number (which they can put in their phone's contacts).


I loved Lemmings (the game) as a kid! But as an adult, I found out everything I thought I knew about lemmings (the animal) was a lie: https://www.snopes.com/fact-check/white-wilderness-lemming-s...


This was part of the original Netscape 6 pre-releases in the late 90s. Looks like the search button was added to the URL bar for milestone 11:

http://www.andrewturnbull.net/mozilla/history.html


Buy a cheap Android phone on eBay, use it on Wi-Fi for work accounts instead of your personal phone.


I did this with my old Galaxy. Also, because I only use it for auth, I get a full work week of battery life on standby.


That's a good idea and others have suggested it.

I'm significantly annoyed at being forced to use Microsoft software on my personal device for work at my own cost though.


OWASP Cheat Sheet Series [1] is a great place to start (for websites or HTTP services generally). Also see their Web Security Testing Guide [2] for a comprehensive list of security issues to watch out for:

[1] https://cheatsheetseries.owasp.org/index.html

[2] https://owasp.org/www-project-web-security-testing-guide/lat...


Set up an Asterisk box and connect it to a SIP trunking service (like Twilio or a bunch of other similar providers) to make and receive regular phone calls. Use the same provider to separately send and receive text messages (via the provider's web API). With a little elbow grease, you can replicate all the features of Google Voice using that (plus have a lot more possibilities for customization and automation).

The downside is that while you can get a basic set-up done over a weekend, it will probably take you much longer to actually get everything set up to your liking (and you'll probably need to do a lot of background reading and research just to figure out what you want to set up, how it all fits together, etc).


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: