
Ask HN: /.well-known/techstack - perpetualcrayon
Does anyone know of anything like the above .well-known URI, where a company can provide details as to what they&#x27;re using to run systems in their technology departments &#x2F; companies?<p>I feel a lot of push back would likely be security related.<p>But my follow-up question would be:  For someone who is really determined to hack you, aren&#x27;t there plenty of other channels by which said hacker could obtain this information?  The first thing that comes to mind is Job Postings.  If your company has never hired anyone except Haskell engineers, how likely is it that you&#x27;re running NodeJS on the server-side?  Also, I&#x27;m not extremely familiar with all the caveats, but I&#x27;ve certainly read about how hackers can obtain details about what OS a web server is running on simply by analyzing the TCP traffic.<p>So maybe a related question would be, how much of your public-facing stack can you realistically expect to hide from outsiders?  Knowing this could help me understand why we don&#x27;t have a &quot;&#x2F;.well-known&#x2F;techstack&quot; defined, and likely never will.
======
epc
What would be the value to the organization? How does it benefit me to let any
random user agent know what my tech stack is?

I used to run a F100 web site. In my naiveté I put up a page with extremely
high level details about what we were using to produce the site. As a result
we started getting hammered by SQL injection attacks (on CGIs which had no SQL
fields, so moot other than the processing "loss") and I started getting phone
calls, daily, from software sales guys pitching me one stupid thing or
another, fully aware that the person they were talking to could not possibly
buy their thing because of who I worked for.

The thing that killed it for us though was that we listed a variety of
software tools which weren't approved "program products" sold by my employer,
including open source, so it was easier to remove the page than continuing
fighting a losing multi–front battle for my time and attention.

I don't think it's necessarily a bad idea, but there's got to be some value to
the organization.

~~~
perpetualcrayon
My thinking at the moment goes mostly like this:

<thought_process>

It will be far easier for businesses who do this sort of thing to assimilate
themselves into the "fiber" of the local tech community.

The businesses who do that will find it far easier to obtain and retain top
local talent.

</thought_process>

I agree that the question that needs to be answered for something like this to
bootstrap would probably be something like "what is the value to the
organization". But I think that question, over time, would evolve into the
assumption that "we need to do this in order to survive".

