Hacker News new | past | comments | ask | show | jobs | submit login

I've got nothing against CRUD apps, because they make the world go round, but it is unlikely that Starfighter will choose to send our candidates to firms making CRUD apps. The difference will be fairly obvious when you see our client roster. We're geeks with good taste for the kind of jobs a geek would actually want to have.

(Sorry for being coy here. Don't want to jinx contract signing.)

The problem is that the great hackers are already inundated with unattractive job offers. Offers that seem very attractive to people who are not them.

If you had a deal with Google/Apple/Dropbox/NSA that said "If we find someone who can complete this challenge, you agree you hire them at $500k/year + $100k signing bonus doing work on Skunkworks Project X" you would have an incredible flow of hackers.

No one has created a marketplace for world class experts and yet these positions and people exist.

Congratulations on launching and good luck!

The problem is that the great hackers are already inundated with unattractive job offers.

This is true for a subset of great hackers who are conveniently visible to the tech industry's antiquated, inefficient, insane, and exclusionary hiring practices. It is very much not true for many very talented engineers in the world.

We're going to arbitrage that inefficiency to zero.

>We're geeks with good taste for the kind of jobs a geek would actually want to have.

You're geeks who've assumed that the only job a geek wants to have involves finding system-level exploits.

It's all very clever to write a program that reads use it's own bytecode as the secret, but does that feed people? Get them to Mars? Heal people? Does it make application programming easier, less error prone, more accessible? Perhaps there exists some insights at the lowest level of program execution that are only revealed in a career like this (a la _A New Kind of Science_), but somehow I doubt it.

But hey, everyone is welcome to their opinion.

Typically the people who find these sorts of bugs have jobs penetration testing and auditing applications. Some of those applications are important to people's lives and wellbeing. And if you don't work for the NSA or similar, you're actively helping the application owners to find and remediate those bugs, which improves security for the creators and the users.

For example, if you're an application security analyst at Google and you find a security flaw that could result in users' personal information being leaked, aren't you making the world a better place by finding and repairing that bug?

> Does it make application programming easier, less error prone, more accessible?

If you want to write systems that improve the safety of application programming, it helps to have a lower-level understanding of what is happening.

As for Mars, if articles like this (http://spinroot.com/dcas/) are any indication, there will need to be a lot of systems programming and especially tool building that requires deep systems understanding.

It's so weird to me, because for me, it is absolutely the other way around. It's easy to break into computer systems. Put a single quote in the wrong place on enough web apps in a /19's worth of IP addresses and you will get in. What's interesting about security is the tour of functionality it takes you on. Security is an opportunity to crawl into the ventilation ducts, open the hatches, and directly tinker with the inner workings of hugely complex systems. It's a goal system that gives you a reason to do that, that points you in a coherent direction, that forces you to learn and retain otherwise random-seeming details, and rewards you with huge endorphin rushes to keep you going.

It doesn't even have to be competitive. It's just... fun.

Virtually everything I know about computer science I learned because of software security.

I don't think you need to care that much about security to benefit from a syllabus of exercises framed by security.

Well, see, that's totally coherent and makes a lot of sense. Everyone has had epiphanies from a deep dive or two, but usually it's bugs, not security, that "frames the discovery process".

I think you should copy/paste this onto your landing page.

Wow, that's such an awesome point. I still remember the rush from reading 2600 and trying to break into systems in middle/high school.

That joy and excitement is totally gone now in Bob's CRUD Shop(TM), so it's phenomenal to have a curated lab to play around with (that won't get you arrested).

I assume, given your involvement, that this isn't likely to be an issue, but how likely is it that your candidates will be able to find jobs outside of SF/NY, or in fact outside the US?

If the goal is to find the top talent that wouldn't don't normally show up on a firm's hiring radar, then I would expect that includes finding people who aren't in those cities (and don't want to be).

I couldn't find any mention of geography it in your blog post or on the starfighters.io website, but I've been burned many times by initiatives where the absence of geogrphical information is supposed to imply "USA only" (because they forget that the rest of the world exists), or if you're very lucky "USA and select European countries".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact