Hacker News new | comments | ask | show | jobs | submit login
Stockfighter's Jailbreak CTF trainer is live (stockfighter.io)
155 points by alt_ on June 16, 2016 | hide | past | web | favorite | 79 comments

I rarely want to like a product more than I want to like Stockfighter, because of both the people involved and the underlying concept.

But there are a million other things I want to sink time into improving. Music, my Starcraft MMR, boxing. To finish a day hacking and coding, come home, and - for months, if I want good results - do more hacking and coding feels like an exhausting prospect. Even if the scenario is fun, it feels contrived.

I'm not presenting any solutions. Maybe I'm just not the target market, because I don't have the desire right now to code all day and then code some more. But I wonder how big that target market is?

> because I don't have the desire right now to code all day and then code some more

Tell me about it. Speaking only for myself, I have near-constant coder's guilt - a term I just made up to describe the nagging voice in my head that keeps telling me I should be coding more in my free time. It sounds something like this :

"somewhere a rockstar wizard ninja is writing a C compiler in Haskell and here you are wasting your time with Overwatch, you miserable slacker"

Hi man, I just interrupted my game of Overwatch because a colleague pointed me to this comment. My C compiler in Haskell is located here: https://github.com/tinco/nanc it's not fully functional yet, but will be soon ;) Also, just got owned by a team with 3 tracers :(

edit: Just read what this thread is about. I really like to program, so much so that I usually find an hour or two per day to code (not every day, check my github streak if you want) Usually it's between 11pm and 1am, after dinner, after a movie with my partner, when she's playing a video game or watching a series, I do some coding.

So I also play video games or watch movies. I like competitive games, mostly SC2, DotA and now Overwatch, but I don't worry about my MMR the way I used to when I played over an hour per day. Compared to achieving a high MMR building a ninja rockstar software project like a C compiler in Haskell is easy. Who is going to compete with me? It's a crazy idea anyway! I just work on it a couple hours per week, and after a year or two it'll be an impressive project no matter what. It's got everything I learned in it.

Regaining the MMR I had in SC2 back in University will take me months of hard practice, but when I feel like continuing my C compiler, the commits are still there. The C compiler stems from a deep passion I have and a deep frustration I feel with the state of the art, that's why even if I don't dev on it for a few months, I'll go back to it eventually and continue. So... I can relax and play Overwatch for an hour or two, no worries. (Overwatch is much more forgiving than SC2 or DotA btw.)

Do you code for your day job, though? Your profile suggests you may be a technical manager. I'm guessing you don't code for 8-10 hours a day, then come home and code for 1-2 more hours[0]? That's the argument the parent is making. I know that I personally am only good for 4-6 hours of productive coding. Any more than that and I write bugs, not code.

[0]: If I'm wrong and you're doing 10-12 hours of productive code a day, then good god man, what's your secret?!?

Haha, yeah you are correct. Unfortunately I usually don't get more than a few hours of code in per day at work. I lead a small development team, besides that I also assist in sales and communicate with customers.

Today was a good day and I spent about 6 hours staring at code at work, and maybe will get about a half hour of hobby coding in before I go to bed. I would agree that anything above 8 hours of real coding is pretty superhuman, though it looks like some people on github are achieving it.

> Hi man, I just interrupted my game of Overwatch because a colleague pointed me to this comment. My C compiler in Haskell is located here: https://github.com/tinco/nanc it's not fully functional yet, but will be soon ;) Also, just got owned by a team with 3 tracers :(

Haha what an unexpectedly fantastic response. Kudos on your cool side project, and triple Tracers sounds like the pinnacle of frustration :P (is this a new meta? I was just watching a top tier EU game where one team rolled 3 tracers + 2 winstons)

> Overwatch is much more forgiving than SC2 or DotA btw

Couldn't agree more. I personally find SC2 almost too stressful to play competitively these days (as a 30 year old fogey), and the match length of your typical MOBA is also a major turn off for a casual like me.

> So I also play video games or watch movies. I like competitive games, mostly SC2, DotA and now Overwatch, but I don't worry about my MMR the way I used to when I played over an hour per day. Compared to achieving a high MMR building a ninja rockstar software project like a C compiler in Haskell is easy. Who is going to compete with me? It's a crazy idea anyway! I just work on it a couple hours per week, and after a year or two it'll be an impressive project no matter what. It's got everything I learned in it.

I'll be using your experience for inspiration. I also love coding - particularly once I get started - but lack the discipline to make a habit out of it in my spare time. Hopefully in a few months I'll have some similarly interesting work to show for myself :)

Could very well be then! They played 3 tracers a winston and a Mei. (Winston had a play of the game smashing four of us in Mei's ulti :\)

I'm 29, experience the same with SC2, it's just not fun if all you can do is to learn the meta and polish your mechanics.

Whatever you build, make sure it's test driven! Nothing beats sitting down to work on your project and the only thing you need to do is to run the test suite to remember what you should work on next. It also helps you chop your project up in fun achievable sized bits. I make it a point ending every session with 1 red test.

I know on console 3 Tracers, a Winston and a Mercy will wipe basically any other composition right now, at least until someone comes up with a decent counter. Pharah does alright against it, but if the Tracers are good, well, look out...

Mine is even a little more annoying than yours. It doesn't like me doing productive things.

"somewhere a rockstar wizard ninja is building a passive-income side project and here you are wasting your time tending a garden and working in your woodshop, you miserable idiot with stupid priorities."

> tending a garden and working in your woodshop

After doing tech for 15 years, that sounds glorious.

Have you ever weeded a garden for a summer? It's quite a chore.

Have you ever spent days fighting poor decisions you'll end up accountable for through no fault of your own? Gardening and woodshop please.

I suffer from this badly, I'm slowly coming to the conclusion that I'm just not that good at any of it. I get the basics, I even do it for a living, but I'm never going to be driven to create products.

I want to be able to make something, I also really want to be able to finish my progress on cryptopals, or finally get a real bounty on hackerone, but I'm just not good enough.

And I get caught thinking, well if I just didn't spend so much time playing computer games, or wasting time I could do that stuff.

But is it true, or am I just using them as an excuse, so I don't have to face up to the fact I'm just not that good at it. It's easier to blame my laziness than blame the fact that I struggle to produce output and struggle to find meaningful[1] vulnerabilities.

If I ever do find myself unemployed, then I'd hit stockfighter up straight away, that would I guess give me the motivation to work at the stuff. I think there's a fundamental "understanding gap" between me at the problems presented though. In the same way that I can look at a demo scene write ups and understand the concepts they're talking about but there's this vast chasm between the work I do and the work they do, and it's not clear how to bridge that gap.

Maybe I should read less hacker news and spend more time practicing the craft. But hey, I'm back in the "if only I worked harder" trap.

[1] Sure, I can find open redirects, maybe the occasional http subdomain leaking a cookie from the https root domain, maybe even an open endpoint, but finding vulns worth paying for[2] is difficult when dealing with sites which already care enough to have bounties.

[2] It's not about the money, I'd likely not even claim it given the typically small amounts paid out and the hassle of declaring it, but I'd like to bag a bounty for pride sake.

> you are wasting your time with Overwatch

No time spent playing Overwatch is time wasted.

It's likely also a sign that you're reasonably satisfied with your professional situation. :)

I can relate to this. When I was on a project at work once maintaining legacy code, I got no fulfillment so I had about 3 side projects going at once. Now that I am back to interesting stuff at my day job, my motivation for side projects has gone way down.

Or the opposite- working a job you don't like just leaves you drained...

I know that feeling all too well :(

I was lucky enough to beta test this so I've had time to clear the trainer levels. And let me just say, wow. The tricks and turns you have to navigate to get through this are some of the best fun I've had sitting in front of a computer.

I like that people are evaluating this against things like Overwatch, because for me, Stockfighter is a form of entertainment. I still play video games occasionally, but in my growing adult years, I'm not able capture that same rush from winning.

Not so with CTFs. Maybe it's because I'm a relative newbie, but the dopamine rush I get from winning a level is incomparable. There is something about a solve, when you get that brainfeel where you just understand completely what is going on, that is unique. Perhaps that's what black hat hackers feel when they p0wn a system. The closest recollection for me is when I smashed through that top level brick in World 1-2 of Super Mario Bros, and I could run across the roof to win the level.

Brainfeel...I like that word. I'm going to keep it.

You all have great timing. It's very likely that something will melt down soon, but I'm not going to notice, because I'll be in a chair getting my arm inked up. It's going to be a nine-fives kind of day!

Mean feedback about the UI, especially if accompanied by an even meaner summary of what you'd rather the UI does instead, is most welcome.


(Erin's Calcifer tattoo is taking longer than expected, so if you want to wait like another 15 minutes before doing whatever unforeseen sequence of things in the UI that will hard-panic all the servers, your timing will be perfect).

Can you make enter repeat the last command? s<enter> is kinda annoying. iirc microcorruption let you repeat the last command.

edit: also, the password reset link doesn't go anywhere.


Howl's Moving Castle?

I was actually going to say I like the UI quite a bit at first glance. I haven't bit in yet, but overall I really dug the layout.

There are things I want to do with this UI that we couldn't do in Microcorruption --- ways to make assembly a little more accessible to programmers who aren't already from security or game development, where the people who crushed Microcorruption came from --- because the assembly was a flat marked-up blob of text. But there are definitely ways in which it's a step back.

The user interface is appalling. Whoever designed this has managed to produce worse ergonomics than a single 1970s-style terminal, for essentially a similar set of tasks (editing text+binary files and piping data through commands).

I see some discussion of "files", but seem unable to list them or explore the filesystem. I don't know if this in-game filesystem is supposed to be on the "AVR" device or an imaginary "developer machine". Where do the outputs of running commands like "compile" go? Why can't I inspect the compiler? What actually comprises the state of the system I'm interacting with? If this is notionally to find good developers, why is the UI sandboxed inside a web browser, where building and using tools (which is what good developers and reverse engineers do) is incredibly painful?

Half the commands produce no output and make no visible change to any state, e.g. "load garbage". Almost all commands silently ignore extra parameters. There's no tab completion, no history search, commands don't even show up in the output log...

Links and commands seem to randomly be assigned to either always open in new tabs or load in the current tab of the browser, both in the "debugger" and help pages.

Moving through command history puts the cursor at the left hand side of the prompt. There's noticeable latency when single-stepping the program, which is just astounding.

Did nobody try to use this shit, even a little?

Snif. My feels. Right in the feels! Try as hard as you like though, you cannot make comments like these unproductive!

* You cannot "explore the filesystem". The "files" are really just bookmarks in case you want to switch between different C-like programs to deal with a level. I hate the UI more than you do, but suggestions very welcome.

* You mean "compile" as in, the debugger command? What would you like it to print? Before we split the source editor off into its own page (it used to live in a tab, and it just didn't work), the CLI was an important way to interact with the compiler. Now the command is vestigial. I suppose I could just make it print out the bytecode instructions from the compiler.

* What does "inspect the compiler" mean?

* How can I surface the documentation that explains the relationship between the compiler and the system so that it is more apparent that it exists? It's clear you didn't see it.

* Hate the web interface? You're in luck! https://starfighter.readme.io/ --- skip to "Microcontroller API reference".

* I have a hit list of improvements to the command line, but if you have more suggestions, I'd be happy for them.

* The "latency" you're seeing when you single-step programs is... the network? The clientside UI code?

Just a little, is the answer to the last question.

Sorry for being rude.

It seems strange that there are a set of names associated with blobs of data (source code) but the tools for managing that name->blobs map (querying which names are mapped, removing a mapping from the map, etc.) are incomplete. The source code editor allows views and updates, but I don't see how I would do garbage collection, and one can't perform views or updates from the debugger, but is expected to refer to the names there (in the "compile" command, and possibly others?).

Also about the "compile" command in the debugger (which is what I meant), it's unclear what state is mutated when I type "compile level_1.cg" and hit enter--it claims to have compiled and loaded 361 bytes, but I don't see a location into which they were loaded (checking the memory tab shows 32 bytes that don't resemble a program binary... is there somewhere else I should be looking?). If I subsequently type "run", it claims "no valid compiled program loaded". Is the program that I compiled and which was reportedly loaded not valid? Or do the "compile" and "run" commands' output refer to different notions of "loaded"?

By inspecting the compiler, I mean seeing what it does and how. Is the compiler inside or outside the trusted codebase of the handheld trading thing? Is there a way to hand-craft bytecode?

I also don't really understand why "compile" would load anything into anything else. Maybe there's a more clear name for the command?

Or, if you can remove the entire command prompt in favor of a more streamlined read-edit-test workflow, that seems ideal in terms of intelligibility. I would suggest making the programmatical interface more prominent (present it as a first-class alternative to the Web one). Since the idea of the site seems to be demonstrating developer ability, I expect many users will be put off at the notion of using a Web UI to do significant amounts of programming; even JS coders don't live in the one-line REPL of a browser inspector.

How do I get to those docs? I browsed the list on the left of https://www.stockfighter.io/trainer/dox but didn't see anything that explained where programs are stored after compilation. The "Command Reference" mentions compile, but the relationship between compile/run/flash/vmload/vmexec isn't clearly described; is "run" simply a convenience wrapper around the others (excluding compile)? What does the "vm" prefix imply? Why does compile take an argument, but the rest don't? Is there utility in, say, compiling and flashing, but not vmloading, a program (e.g. cache invalidation if we can flash underneath a different running program)? Or is this needless flexibility?

I originally skipped the guided tour, figuring that since I'm familiar with machine-level debugging and AVR in particular it would be a waste of time, but now see that it explains some of the expected workflow, though it's mixed with explanations of basic architecture concepts.

If it keeps you generating feedback like that, be as mean as you like! I need stuff like this.

The source file thing is definitely strange. I could just lose it entirely; save your own files! That's how the termbox client works. It made slightly more sense when it was driven from the CLI.

"compile" in the debugger is vestigial, but if we think it makes sense to have it do something useful, let's have it do something useful. I'll have it do what the compile button does, and also print a summary of the generated program. It'll be immediately clear what it does. I'll make "load" do something sensible too.

I think more people want me to have a command line than want a completely streamlined interface, but I think I have some work to do on making the command line work better.

There is utility, later on, in looking more carefully at the individual steps of getting a program to run, but there is not much utility to it in earlier levels. I can hide those commands earlier; I didn't because that'd be kind of a tell. Earlier on this year, I wanted this interface to capture more of the annoyance of figuring out a realistically complicated target (rather than it being immediately clear what your objective was), but I'm moving away from that now.

It's definitely very tricky to write documentation for this that makes sense to reversers or embedded devs and that works for the people who've never done any of this kind of stuff. Maybe I shouldn't be trying to accomplish both things in one set of documents!

My #1 takeaway from your original comment: I need to do an audit of all the command line commands and have them all be discoverable by running them and seeing what happens. That is definitely not the case right now, and it's a very easy gap for me to close.

There shouldn't really be anything you can do in the web interface that you can't do in the API.

- Can't have the compiler side by side with the debugger, even though there's plenty of room on the screen

- When the PC jumps, the highlighted instruction doesn't follow, leaving you lost when stepping through a program

- Can't hit enter on a blank line to repeat previous command

- No 'finish' debugger command?

- Seem to end up in random functions when stepping over simple instructions

- Am I supposed to type 'flash' or 'run' to execute my compiled program? Sometimes the one I just compiled gets executed, sometimes the one I compiled previously - how can we view what's being executed?

I really enjoyed microcorruption, and thought that UI was fine, but this feels like a step backwards.

Enter on blank lines: easy enough, will do.

Putting the compiler in the debugger was how it used to work. Everyone hated it. Also: it's using Ace, which really grinds Chrome. I can easily add a pure textarea tab that will let you edit code, if you _really_ want it.

To run a C program, do one of two things:

* Compile it in the source editor, which will generate a blob of compiler output (which is deliberately not documented) that the browser will cache.

* Use the "flash" command to write it to SPI flash.

* Use the "vmload" command to send a SPI message to the AVR to reload the program from the SPI flash.

* Use the "vmexec" command to send a SPI message to the AVR to execute the program.


* Compile it in the source editor

* Type "run", which does all the rest of those things.

I like Microcorruption's UI, too. I gave this one more to do. I agree: it's not there yet! Working on it. How elaborate do you want the web-based debugger built on this API to be? :)

(I'm serious: thanks for the feedback. This section of the thread is the stuff I was hoping to get).

Thanks for replying - I just wanted to dive in and get stuck into the levels, but found the UI so confusing that I just gave up - particularly as someone with no AVR experience, and with the tutorial dying half way through.

The biggest pain point was figuring out what was executing. As I mentioned, I would be playing around in the compiler, hit compile and save, and then attempt to run it in the debugger. The 'run' command either seemed to have no effect, or would run a previously compiled program, not the one I'd just written. Even typing 'reset' didn't help.

The memory didn't seem to be updating in real time either, which made things even more confusing!

Running in Firefox if that makes a difference.

I haven't tried this, but https://github.com/ketchupsalt/debugger might be of interest to you.

More generally, it's not actually sandboxed inside a web browser, you can interact with system through REST-ish API as well. see https://starfighter.readme.io/docs/retrieve-device-status for some documentation on that. It's obviously pretty inconvenient to get a full debugger type experience that way, but I don't really see how they could make it less sandboxed, given the constraint that the authoritative copy of everything must run on their servers for security.

I do wish all the commands gave some sort of feedback, load in particular is super frustrating that way.

This line seems like a bug to me (assigning the int 16 to a variable that should be of an enumerated type {I8, I16, I32, S, R}, though I don't know if Go has those):


There are probably a zillion little bugs in that thing (I haven't used it in months) but if people really want it to work, I'm probably less than 4 concerted hours from making it workable.

Which "load" command? What's the feedback you're looking for?

Did you write a C program, click the compile button, and now want to run it? Just type "run".

There's an in-game reason why we break out the flash/load/exec commands the way we do, but "run" does all the fiddly steps.

I want typing "load foo.cg" and hitting enter in the debugger to print _something_, almost anything. Ideally it would print different things depending on whether foo.cg actually exists and is a valid file to try to load or not. Just some sort of feedback indicating that the command actually did something would be great.

I like the different load/flash/vmload/vmexec commands, I've certainly needed to stop at points in the middle to inspect the debugger state.


Yep, like "compile", that command is vestigial (the source editor used to live in a tab, and, ironically, the file saving stuff made more sense that way, driven from commands on the CLI).

Yep, I can make "load" do that. Give me a few hours, though! It's an easy task, but I'm tethered through my iPhone right now.

I personally am in no rush for this, all my discretionary coding time is currently going to a work sample for an opportunity Starfighter found me at the moment.

> Did nobody try to use this shit, even a little?

Isn't that moving a bit beyond useful or informative and helpful to a discussion to aggressive and antagonistic? Is this free game/tool/resource actually causing you that much agitation?

There was a lot of useful stuff in that comment!

Yes, which is why I focused on the the last little bit which I think wasn't really productive at all. It expressed frustration, which I understand, but in an antagonistic and condescending way which doesn't add to the point at all. It's easy for a tone like that to poison a thread.

I'm glad, as one of the people it was directed towards, that you can take it positively.

"Starfighter is a new, weird kind of recruiting company. We detect and market underpriced programming talent. We do that by creating opportunities for programmers to casually and effectively demonstrate aptitude."

Having a hard time parsing this. Do you find underpriced talent and help them get paid more?

Susie works making crud apps for a boring insurance company. She is a brilliant programmer but due to where she lives, personal situations, she hasn't faced a challenge that lets her know the extent of her abilities, etc, she is working below her potential.

Susie creates a novel solution to one of Stockfighter's games. Stockfighter uses that solution as evidence to present her to companpanies as a great engineer. She gets job offers for more money, challenge, and satisfaction than she currently has.

Susie writes great crud apps in Django/RoR/Node/MEAN/ASP/etc ad nauseum, and in order to get a raise, she must write a novel C program off a minified library that compiles to bytecode while using exact memory addresses as a debugger?

How does this solve Susie's problem?

Most developers can write crud apps without any issue.

Not all of them have problem solving skills that translate well across different technologies.

It's not about looking for people that meet a specific checklist of tools/languages, it's about finding people who can solve problems - even in fields they are not familiar with. The latter is far more useful trait for an employee to have.

It doesn't, unless Susie discovered she liked really low level stuff a few years ago.

It's definitely not equally applicable to everyone, and that's ok.

In case anyone in the thread above didn't know, there is a different set of stockfighter challenges to play that involves writing code that accesses a REST API that be more aligned with Susie's interests in that case.

Except according to an earlier posting from someone who went thru the process -- they didn't get a direct offer: they still had to go thru technical interviews. I thought a big point of this was that you could skip the BS technical interviews and prove yourself thru this.


While it's a great service, this takes a lot away for people who are great programmers but might not be great technical interviewers.

We're just recruiters. We exert pressure where we can and get process breaks from most of our clients, but we're a tiny little company. Everyone gets interviewed.

Nobody wants to eliminate tech job interviews more than I do.

To be fair, regardless of where the lead was sourced, if I was responsible for hiring a new programmer, I would make damn sure I had an interview with them that contained at least a technical portion. It's irresponsible not to, I wouldn't be doing my job. If the new employee turns out to not be able to code their way out of a paper bag, I'm sure I would catch at least some of the flak.

Trust but verify.

Additionally, Stockfighter will get a placement fee for Susie from her new employer. This will allow Stockfighter to continue operations independently, and will let them help more Susies find better employment opportunities in the future.

Is that really the problem though? In my circle, plenty of people are doing the boring crud apps at random big company. The problem is that they're paid very well. So taking a job that is more challenging often involves taking less money, for more risk, with a small possibility of a payoff. Is there really a surplus of highly interesting tech positions with better than average pay that are desperately looking for people? If you're struggling to find talent, you're probably not paying enough.

>The problem is that they're paid very well

Are you sure? Tech companies you've heard of on the west coast (other than Amazon) are paying their most junior people at least $100k. When I looked at big boring insurance companies in the Midwest (toying with the idea of staying close to home) I was seeing closer to $50k for entry level and $80k for mid-career.

This invariably comes up whenever this is discussed, and what's usually referred to is that many people have a fairly narrow perception of what interesting tech work is, and sometimes exposure to other industries, or even interviews in other industries, can expand what they view as interesting work. Apparently, many industries have a problem sourcing good technical talent, even if they have the need and the ability to pay.

You might not think a position at an insurance company sounds interesting, but if the CTO starts explaining their plan on integrating their major departments with a new application they are developing from scratch (and maybe you get to help make ground floor decisions, like language), and needs to contain some interesting data warehousing to make sure that the statisticians and actuaries can access the data in heretofore impracticable ways, that might just tickle your fancy.

tptacek, one of the Stockfigher founders, comes from the world of security consulting. That strikes me as exactly the right sort of niche: incredibly high-paying even relative to cushy crud apps, but there isn't really an obvious inroad for even an experienced programmer to make the shift over to doing security work.

I'd imagine there are other specialized software engineering fields with similar problems.

Yes, that's the thesis. I mean, we're happy to represent anyone capable! But we're particularly interested in the people with no resumes.

They classify players to a market price and alert on those who are currently paid less. Presumably, they then attempt to capture from the difference by recruiting CTF players to market players.

Presumably, if they are able to entice those people away from their current employment, they are offering something better, whether it be more money, more fulfilling (which can be for many reasons, such as being more challenging), or allows a better lifestyle. If nothing else, if gives those undervalued employees that have been identified a metric by which they, and their current employers, can judge their worth on the market.

Sounds like a brilliant business model, honestly. The world is brimming with brilliant programmers who are, for one reason or another, not able to reach their full potential due to outside constraints (third world countries, lack of tech investment, etc)

I know this is a low-quality comment, but i just want to congratulate the whole stockfighter team for getting the jailbreak ctf out. it looks like it was a ton of work and looks fantastic. as somebody who was excited about it after trying my hand at microcorruption, i'm super excited to see this finally. hats off!

one comment on the trainer: when you click on the Jailbreak link, it just drops you into the debugger, if you, like me got lost, run the `tour` and then click on the little person+ head and go to the documentation and go through the quickstart.


Thank you!

This is just an early demo version. It's going to get pretty bananas in a few weeks. Noisy testers are very welcome; we're going to start spoiling the "full CTF" levels next week for beta testers.

I am a bit worried that stock fighter is the wrong approach. If Susie wants a better job inwould recommend my path:

- if you want to find a better paying job, take each lunchtime and call every job advert you qualify for that pays 20k more than you earn. Do this for three months. You will get the raise.

- even better is to supplement this with LinkedIN, blog posts, network maintenance (when did you last have call or have coffee with your previous boss?)

- do this for the next three jobs.

You are now at the pay ceiling for your skill set. Well done.

Now ... err ...

Start your own business, preferably selling something that scales (your time does not scale and you are selling it at pretty much the max - say 100-150k)

Dev hiring is a sourcing problem, not a filtering problem.

The people behind starfighter are brilliant and I respect them big time. So, probably they know what they're doin. I am excited to see how they want to solve dev hiring since starfighter looks more like a product that does filtering, not sourcing.

(I am thinking since a long time to build something that leverages Github to find and reach out to engineers; e.g., when a company looks for Angular people to just parse the Angular repo for engineers that watch / contribute to the repository and reach out to them. if you have any ideas on this or want to help, please shoot me a message).

It's both. They're focusing on the sourcing part, which is commendable, but I'd still like companies to engage a better filter. The one most have now is the equivalent to trying to hammer square pegs into round holes with bit of wood they happened to find.

Unfortunately, changing that appears to be a very tricky social problem. It's going to take a recruiter (or recruiting company) with such a great reputation and track record that companies trust that recruiter's judgement in personnel implicitly. But how?

Please don't unleash another method of spamming developers on the internet. We already get 10 linkedin requests a day for the hottest coolest new idea.

Question: are frequency, consistency, and productivity important metrics for bubbling up users that get noticed as really good candidates?

I poke around every now and then on stockfighter but am definitely not looking for a job change in the near term. Is this use case something y'all support?


wow, I just found microcorruption, now it looks like there's man-months of fun ahead.

Technical comment: "forgot password"-link is not wired to anything? Not working for me on FF at least.

The forgot password link doesn't work for me in Chrome either, but I found this URL and it seems to work: https://www.stockfighter.io/ui/forgot_password

Fixed. (And yep, that is the correct URL.)

Is the server struggling again? None of my input into the UI seems to be having an effect.

I'm getting crazy high latency just through the login page. Looking into it. The emulator servers (a pair of m3.mediums) are barely breaking a sweat.

Is the tour supposed to end abruptly at "this is r1" ?

It is not! You are the third person to tell me that's happened. Looking into it.

Yeah, I'm getting some rather high latency on my inputs.

So it's proprietary?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact