

Show HN: I made an HN job board - monological
https://hnjobs.org/
I noticed the who&#x27;s hiring threads are very popular every month, so I decided to create a job board specifically for hacker news. You can tag jobs, search, view user&#x27;s profiles and more.<p>Tell me what you guys thing! Any feedback is appreciated.
======
memset
This is neat! A few questions and comments:

1\. It looks like you don't actually need peoples' HN password. Which people
shouldn't be giving out. Update your website's copy!

2\. This looks very similar to the Stackoverflow Careers' admin panel. Which
is dandy. I'm interested to see how this goes.

3\. Searching by geography would be useful, I think.

4\. Could you elaborate on who you are, what your motivation is for building
this, etc? (Do you plan on charging at some point?)

5\. This is important because there is always an element of trust when using
an employment service. By using a job posting service, you get insight into
our openings, the types of people applying, our communications, and whether we
are choosing to hire them.

Especially because your service has such robust communication/messaging
facilities, I would be really interested to know what has brought this about
before using it to recruit for my company. (We're hiring by the way!)

Good stuff! Looks slick, seems easy to use, and if you're able to keep it
high-quality (how would one do that?) then I'm all ears.

~~~
monological
Thank you!

1) I was thinking of changing the verification process by allowing users to
place a special token in their profile, which I can just scan for (within a
small time window). Thoughts?

2) I took ideas from stack overflow and 37signal's job boards.

3) In the works! :)

4) I work at Xilinx as my day job, but I have a passion for startups and spend
quite a bit of time on HN (as a lurker though). I noticed there are 'who's
hiring' posts every month, which are usually quite popular. I figured a
dedicated website would suit the community well.

If I ever start charging, it would only be after I implement more features,
make the site more useful, and depending on what feedback I get. Also if I do
charge, whatever the cost might be, it would help filter out a lot of junk
posts.

5) This is absolutely key. I hope to earn this trust. :)

I appreciate the feedback.

~~~
Scene_Cast2
1) The special token is much better idea. I don't feel comfortable giving out
any passwords to anyone, (almost) ever.

------
nilsjuenemann
It's pretty bad that I have to enter my HN password.

~~~
jgrahamc
When I was running usethesource.com (a job board that allowed only people with
a certain HN karma to post) I worked around this authentication issue by
having people place a magic string in their HN profile.

So, you'd register as say jgrahamc on my site and then place 'magic string' in
your HN profile and usethesource.com would know that it was really you.

~~~
andrewchoi
How do you prevent people from just copying someone else's magic string?

~~~
egwynn
If you make the magic string an HMAC of the user's name and some secret, then
they should be non-transferrable.

~~~
malandrew
Requiring the user to HMAC to be able to post jobs is great and would help
filter out recruiters that can't figure that stuff out.

Or better yet, how about a job board that requires the person submitting the
job to solve programming puzzles common in technical interviews. Also permit
people posting the jobs to link to open-source projects that their company
publishes and contributes to. It would be great if people could filter the job
board to only show jobs from companies that have completed a challenging
puzzle and/or publish/contribute actively to an existing open source project
with X number of forks and Y number of followers.

Searching companies by some sort of "github" rank based on the people on the
company's organization page would be awesome too. i.e. between the 10
developers listed on a page, what is their average forks/dev and stars/dev?

~~~
egwynn
It wouldn't work to make the user perform the HMAC, since it requires having
the secret, and then the user could share the secret. You need the server to
calculate

magic = HMAC(secret, username)

and then give 'magic' back to the user. And then the server can decide whether
the (username, magic) pair is valid.

~~~
skrebbel
you could still require the user to HMAC too, just for filter's sake :-)

alternatively, make the 'submit job' feature only available as a (documented)
HTTP POST operation without any matching HTML form.

~~~
tracker1
Then the recruiting companies will just pay a dev to write a tool for them to
bulk post job req's all day.

------
lucb1e
You asked for my HN password. I entered "no fucking way". The page is still
loading, but if it's not gonna pass (I ticked the box 'use a different
password') I won't be registering on your website.

Edit: Okay even if I wanted to give you my HN password (which I have
absolutely no intention of doing), I can't register: "Sorry please try again
later. Failed to connect to news.ycombinator.com."

------
csomar
Dude, ask for people password? What?

If you want to check for an HN user, simply ask them to paste a token in their
profile description. And they can remove the token after you did the
verification. Basic authentication mechanism.

Asking for people password is crazy. Even if you are using https and doing the
best security practices.

------
monological
I apologize, my server got banned by HN, thus all registrations are failing.
Pg can you unban the server's IP: 216.70.83.132?

~~~
lucb1e
No you don't need to do that. Just stop asking for a user's password. This way
you're doing the exact opposite of what you should be doing: this is filtering
the smart people out. Only naive users enter their password on a website that
has just been created, exists for like five minutes, has a handful of jobs on
it, and happened to make it to the HN homepage claiming to be a job site. I'd
almost create a similar site, then post all password in a heavily hashed form
so that users can check and confirm it's valid while not actually revealing
their password.

~~~
monological
How should I authenticate then? I could always let the user put a token in
their profile, which I can scan for, but I can't do that either because the IP
is blocked and I can't scrape the profile.

~~~
lucb1e
You could have people reply to a post somewhere (like in this thread, or one
post in this thread). You can make a cronjob that checks every 10-30 seconds,
which won't get you banned and is a reasonable time to wait for verification.

Profiles is another option but this requires more traffic and you probably
need to authenticate to view profiles (which is not a problem, but there are
probably more restrictions on accounts to keep bots out).

It's not even about trusting your website with my HN password, it's about the
way it's asked. If people do this, they might do the exact same on any scam
website. This kind of behavior shouldn't be encouraged. Even e-mail isn't
considered safe to transmit password on, and that's supposed to be private.

------
angryasian
at a minimum you should scrape the jobs on the
[https://news.ycombinator.com/jobs](https://news.ycombinator.com/jobs) jobs
page

~~~
zalew
and
[https://news.ycombinator.com/submitted?id=whoishiring](https://news.ycombinator.com/submitted?id=whoishiring)

~~~
loire280
I'd definitely use a job board that was a better interface to a whoishiring
thread.

~~~
roryokane
[http://hnhiring.me/](http://hnhiring.me/), mentioned by another commenter,
seems to be this.

------
sv123
One of my tags had a . in it (asp.net) and gave me a validation error when I
tried to preview the post, cleared out all the other fields.

~~~
heynk
I've been trying to find an email to contact you or Leafly since I saw your
job posting. Any help?

~~~
sv123
scott-at-leafly

------
mapleoin
Btw, there's also [http://hnhiring.me/](http://hnhiring.me/) which is just
another interface to the monthly jobs threads.

(I didn't make it, see the About link)

------
jh3
I forgot I had this site opened in a tab amongst 12-16 tabs. With the tab that
small, I thought I had a site open in the background about handjobs until I
clicked it and realized it was the HN job board.

~~~
capulcu
LOL Hilarious :D :D

------
TallboyOne
So, a generic bootstrap theme that looks broken in parts, is not laid out
efficiently at all when you click a job, and requires me to put in my HN login
information ? I'll pass.

~~~
monological
Thanks for the valuable feedback. It's an MVP just to test the idea out. If it
sticks the UI will improve significantly.

------
monological
OP here. Per PG's recommendation, the site can now take any username/password.
It _does not_ require your hn username or password.

------
jboggan
I really like it!

One minor error though: you misspelled "Hadoop" as "Haddop" on the listing
gleaned from our "Who Is Hiring" posting even though the original doesn't have
the mistake. Are you generating these automatically or manually?

Thanks!

------
jpaulchan
What is the source of those listings and how is it different from
[https://news.ycombinator.com/jobs](https://news.ycombinator.com/jobs) ?

~~~
monological
I manually took a few posts from the 'who is hiring' thread. Jobs from
[https://news.ycombinator.com/jobs](https://news.ycombinator.com/jobs) are YC
companies only.

------
stevenj
Good job on shipping!

------
create_account
It doesn't do geographic searches well.

"San Francisco" results in just 1 match, whereas there are 5 on the front page
alone.

------
jw2013
Interesting...

You may want to check out my program to search (and optionally) apply to all
the jobs listed on HN. the difference is you searched jobs in the "Jobs"
column, but I search on Who's hiring post. This is the url:

[https://github.com/jw2013/HN_jobs](https://github.com/jw2013/HN_jobs)

------
tharshan09
I think the whoishiring threads are enough, if you did it just for fun as a
side project then its pretty cool.

------
ryanfitz1604
Would be happy to post a Flight Software Developer role at SpaceX but it seems
that the site is down.

I guess for now, people can go to
[http://hire.jobvite.com/j/?cj=ojolXfwJ&s=HN](http://hire.jobvite.com/j/?cj=ojolXfwJ&s=HN)
to apply

------
bradhe
The whole HN password thing is sketchy, but I'm not super tied to my account
so I went ahead and tried to register. It's telling me that my HN account
doesn't exist, though. What's up with that??

~~~
mike-cardwell
Hopefully PG has alright blocked this site from accessing HN.

------
janoelze
Nice work! I lately built something similar, but I'm targeting voluntary open-
source tasks: [http://helphub.ws/](http://helphub.ws/) :)

------
danielweber
What I need as a job searcher:

1\. the ability to filter by geographic area (including some way of grabbing
"remote"/"telecommute" jobs).

~~~
pknerd
I am a lazy ass. A few months back I wrote a crawler that goes thru all posts
by "whoIsHiring" and dump in Db to collect stats like location, Skills etc. It
is a Python script and DB has records of 2012

------
dangerboysteve
What's wrong with
[https://news.ycombinator.com/jobs](https://news.ycombinator.com/jobs)

~~~
gus_massa
Only the companies funded by YC can post offers in hn/jobs. This is more a
replacement / complement of the "Who is hiring/freelancers" monthly posts:
[https://news.ycombinator.com/item?id=5970187](https://news.ycombinator.com/item?id=5970187)
[https://news.ycombinator.com/item?id=5970190](https://news.ycombinator.com/item?id=5970190)

------
TheLegace
I went to the register page and it reminds of web2py. Are you using that to
run the back-end?

I really love web2py.

------
troygoode
seriously, I can't have an exclamation point (!) in my password? what the heck
are you doing with passwords that you need to prohibit basic punctuation?

------
kgodey
Is there any way to filter by remote, H1-B etc.?

------
kmfrk
SSL is a sweet bonus feature. Is this on Heroku?

~~~
mike-cardwell
He's not using Strict Transport Security. The cookies that I can see don't
have the secure flag set. I can't see a session cookie as I will not sign up
to this service until he fixes the login. But I'm going to assume he hasn't
set the secure flag on that either.

Which all boils down to the following: An active MITM can _trivially_ steal
your session cookie and take over your account.

------
aioprisan
open source this! what are you using?

------
dakimov
You could do something useful instead.

~~~
lucb1e
I try to downvote fewer people (it's so demotivating to stay active in the
community when you get downvoted for being disagreed with), but this is just
entirely non-constructive. If you had given any reasons for your opinion, I
wouldn't have.

~~~
dakimov
If I have my opinion, I probably have reasons for it.

Taking everything from an emotional perspective is dumb.

