Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: I made an HN job board (hnjobs.org)
149 points by monological on July 3, 2013 | hide | past | favorite | 77 comments



This is neat! A few questions and comments:

1. It looks like you don't actually need peoples' HN password. Which people shouldn't be giving out. Update your website's copy!

2. This looks very similar to the Stackoverflow Careers' admin panel. Which is dandy. I'm interested to see how this goes.

3. Searching by geography would be useful, I think.

4. Could you elaborate on who you are, what your motivation is for building this, etc? (Do you plan on charging at some point?)

5. This is important because there is always an element of trust when using an employment service. By using a job posting service, you get insight into our openings, the types of people applying, our communications, and whether we are choosing to hire them.

Especially because your service has such robust communication/messaging facilities, I would be really interested to know what has brought this about before using it to recruit for my company. (We're hiring by the way!)

Good stuff! Looks slick, seems easy to use, and if you're able to keep it high-quality (how would one do that?) then I'm all ears.


Thank you!

1) I was thinking of changing the verification process by allowing users to place a special token in their profile, which I can just scan for (within a small time window). Thoughts?

2) I took ideas from stack overflow and 37signal's job boards.

3) In the works! :)

4) I work at Xilinx as my day job, but I have a passion for startups and spend quite a bit of time on HN (as a lurker though). I noticed there are 'who's hiring' posts every month, which are usually quite popular. I figured a dedicated website would suit the community well.

If I ever start charging, it would only be after I implement more features, make the site more useful, and depending on what feedback I get. Also if I do charge, whatever the cost might be, it would help filter out a lot of junk posts.

5) This is absolutely key. I hope to earn this trust. :)

I appreciate the feedback.


1) The special token is much better idea. I don't feel comfortable giving out any passwords to anyone, (almost) ever.


I see one posting in England, but damned if I can see how to add another! I'm assuming location has to match the auto-complete whitelist, and the only London(s) that show up are not the one I need.


I wish HN would do OAuth.


I'm not the OP, but I wanted to write and thank you for taking the time to leave that great feedback!


It's pretty bad that I have to enter my HN password.


When I was running usethesource.com (a job board that allowed only people with a certain HN karma to post) I worked around this authentication issue by having people place a magic string in their HN profile.

So, you'd register as say jgrahamc on my site and then place 'magic string' in your HN profile and usethesource.com would know that it was really you.


Didn't realize it was brought down. Which means I hadn't checked in quite a while. Which kind of makes sense as to why it was brought down (and it's not hard to imagine why), but did you ever write up a post-mortem or such?

"usethesource site:jgc.org" on Google just gave me the original post.


The post-mortem would likely be: "I don't have time to invest the necessary effort to make the site popular."


Just saw this after posting my solution. This is a much nicer approach.


Agreed. I will try implementing this asap.


How do you prevent people from just copying someone else's magic string?


The magic string doesn't need to be private, each user gets a randomly generated string. Either they can place it into their own profile or not.


If you make the magic string an HMAC of the user's name and some secret, then they should be non-transferrable.


Requiring the user to HMAC to be able to post jobs is great and would help filter out recruiters that can't figure that stuff out.

Or better yet, how about a job board that requires the person submitting the job to solve programming puzzles common in technical interviews. Also permit people posting the jobs to link to open-source projects that their company publishes and contributes to. It would be great if people could filter the job board to only show jobs from companies that have completed a challenging puzzle and/or publish/contribute actively to an existing open source project with X number of forks and Y number of followers.

Searching companies by some sort of "github" rank based on the people on the company's organization page would be awesome too. i.e. between the 10 developers listed on a page, what is their average forks/dev and stars/dev?


It wouldn't work to make the user perform the HMAC, since it requires having the secret, and then the user could share the secret. You need the server to calculate

magic = HMAC(secret, username)

and then give 'magic' back to the user. And then the server can decide whether the (username, magic) pair is valid.


you could still require the user to HMAC too, just for filter's sake :-)

alternatively, make the 'submit job' feature only available as a (documented) HTTP POST operation without any matching HTML form.


Then the recruiting companies will just pay a dev to write a tool for them to bulk post job req's all day.


I think a better approach would be to have the user enter a token into their "about" section, then when the have the site could scrape their profile and then the token could be removed after.


WTF that's horrifying, this should be taken down it's a honey trap!


A better way to verify that I own the username is to make me put a token in the about of my profile.


I tried registering by using my HN username with a different, non-HN password. It seemed to work.


Yes, I do not feel comfortable giving this site my HN credentials.


How about making a thread that doesn't get upvoted so it's not on the front page, but that you can link to where users post an authentication code you provide. You then scrape that page and match the username to the auth code.


Or a comment in this thread. People could reply to one of the posts here as proof-of-username. No need to make a dedicated thread; all comments got their own static url.


The other option is simply not linking it with HN. Later on, I'm going to allow for filtering by karma if you're looking for potential employees.

Another thought I had was putting a token in your profile which I can scan for. What do you think?


ya, life could get pretty rough if you had to enter your HN username too


It is downright stupid. The author is an idiot for doing this. And I don't call people idiots lightly. Presumably PG will block this site from accessing HN shortly.


I think you mean't to say something like naive about alternative approaches right? Because calling someone an idiot will more than likely make pg block you.


Sometimes actions are not just naive, but plainly idiotic.


You asked for my HN password. I entered "no fucking way". The page is still loading, but if it's not gonna pass (I ticked the box 'use a different password') I won't be registering on your website.

Edit: Okay even if I wanted to give you my HN password (which I have absolutely no intention of doing), I can't register: "Sorry please try again later. Failed to connect to news.ycombinator.com."


Dude, ask for people password? What?

If you want to check for an HN user, simply ask them to paste a token in their profile description. And they can remove the token after you did the verification. Basic authentication mechanism.

Asking for people password is crazy. Even if you are using https and doing the best security practices.


I apologize, my server got banned by HN, thus all registrations are failing. Pg can you unban the server's IP: 216.70.83.132?


No you don't need to do that. Just stop asking for a user's password. This way you're doing the exact opposite of what you should be doing: this is filtering the smart people out. Only naive users enter their password on a website that has just been created, exists for like five minutes, has a handful of jobs on it, and happened to make it to the HN homepage claiming to be a job site. I'd almost create a similar site, then post all password in a heavily hashed form so that users can check and confirm it's valid while not actually revealing their password.


How should I authenticate then? I could always let the user put a token in their profile, which I can scan for, but I can't do that either because the IP is blocked and I can't scrape the profile.


You could have people reply to a post somewhere (like in this thread, or one post in this thread). You can make a cronjob that checks every 10-30 seconds, which won't get you banned and is a reasonable time to wait for verification.

Profiles is another option but this requires more traffic and you probably need to authenticate to view profiles (which is not a problem, but there are probably more restrictions on accounts to keep bots out).

It's not even about trusting your website with my HN password, it's about the way it's asked. If people do this, they might do the exact same on any scam website. This kind of behavior shouldn't be encouraged. Even e-mail isn't considered safe to transmit password on, and that's supposed to be private.


You got banned for a reason so why would he unban you?


at a minimum you should scrape the jobs on the https://news.ycombinator.com/jobs jobs page



I'd definitely use a job board that was a better interface to a whoishiring thread.


http://hnhiring.me/, mentioned by another commenter, seems to be this.


One of my tags had a . in it (asp.net) and gave me a validation error when I tried to preview the post, cleared out all the other fields.


I've been trying to find an email to contact you or Leafly since I saw your job posting. Any help?


scott-at-leafly


I forgot I had this site opened in a tab amongst 12-16 tabs. With the tab that small, I thought I had a site open in the background about handjobs until I clicked it and realized it was the HN job board.


LOL Hilarious :D :D


Btw, there's also http://hnhiring.me/ which is just another interface to the monthly jobs threads.

(I didn't make it, see the About link)


So, a generic bootstrap theme that looks broken in parts, is not laid out efficiently at all when you click a job, and requires me to put in my HN login information ? I'll pass.


Thanks for the valuable feedback. It's an MVP just to test the idea out. If it sticks the UI will improve significantly.


OP here. Per PG's recommendation, the site can now take any username/password. It does not require your hn username or password.


I really like it!

One minor error though: you misspelled "Hadoop" as "Haddop" on the listing gleaned from our "Who Is Hiring" posting even though the original doesn't have the mistake. Are you generating these automatically or manually?

Thanks!


What is the source of those listings and how is it different from https://news.ycombinator.com/jobs ?


I manually took a few posts from the 'who is hiring' thread. Jobs from https://news.ycombinator.com/jobs are YC companies only.


Good job on shipping!


It doesn't do geographic searches well.

"San Francisco" results in just 1 match, whereas there are 5 on the front page alone.


Interesting...

You may want to check out my program to search (and optionally) apply to all the jobs listed on HN. the difference is you searched jobs in the "Jobs" column, but I search on Who's hiring post. This is the url:

https://github.com/jw2013/HN_jobs


I think the whoishiring threads are enough, if you did it just for fun as a side project then its pretty cool.


Would be happy to post a Flight Software Developer role at SpaceX but it seems that the site is down.

I guess for now, people can go to http://hire.jobvite.com/j/?cj=ojolXfwJ&s=HN to apply


The whole HN password thing is sketchy, but I'm not super tied to my account so I went ahead and tried to register. It's telling me that my HN account doesn't exist, though. What's up with that??


Hopefully PG has alright blocked this site from accessing HN.


Nice work! I lately built something similar, but I'm targeting voluntary open-source tasks: http://helphub.ws/ :)


What I need as a job searcher:

1. the ability to filter by geographic area (including some way of grabbing "remote"/"telecommute" jobs).


I am a lazy ass. A few months back I wrote a crawler that goes thru all posts by "whoIsHiring" and dump in Db to collect stats like location, Skills etc. It is a Python script and DB has records of 2012


This is a great idea! I enforce location per job post so I can do this very thing. It's in the works.



Only the companies funded by YC can post offers in hn/jobs. This is more a replacement / complement of the "Who is hiring/freelancers" monthly posts: https://news.ycombinator.com/item?id=5970187 https://news.ycombinator.com/item?id=5970190


I went to the register page and it reminds of web2py. Are you using that to run the back-end?

I really love web2py.


seriously, I can't have an exclamation point (!) in my password? what the heck are you doing with passwords that you need to prohibit basic punctuation?


Is there any way to filter by remote, H1-B etc.?


SSL is a sweet bonus feature. Is this on Heroku?


He's not using Strict Transport Security. The cookies that I can see don't have the secure flag set. I can't see a session cookie as I will not sign up to this service until he fixes the login. But I'm going to assume he hasn't set the secure flag on that either.

Which all boils down to the following: An active MITM can trivially steal your session cookie and take over your account.


Https should be default when handling logins. I won't use one of my strong passwords on non-https websites.


open source this! what are you using?


You could do something useful instead.


I try to downvote fewer people (it's so demotivating to stay active in the community when you get downvoted for being disagreed with), but this is just entirely non-constructive. If you had given any reasons for your opinion, I wouldn't have.


If I have my opinion, I probably have reasons for it.

Taking everything from an emotional perspective is dumb.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: