> Passion and interest don't really come across ...
What an oblivious statement made by your actual reviewer!
fastcall 50 days ago [-]
Actually only the first screenshot is a review of my application, I asked some friends for their credentials to test the information disclosure out. (you would only get 1 review per application)
Sorry if that wasn’t clear in the blog post!
neilv 50 days ago [-]
Agreed.
Admittedly, "passion and interest don't really come across" might've been a valid impression, since the post after sounds like it wasn't the top priority:
> I decided to apply even though I was pretty busy that weekend, hoping my schedule would clear by the time the hackathon came around.
However, this could be yet another instance of gatekeeping that has sprung up, now that there's tons of money involved, and a whole lot of petty posturing and maneuvering.
When I was a kid, from a non-affluent family, who was fortunate to be able to start programming computers, I could just do things.
I'm not aware of anyone ever being appointed arbiter of whether I had enough "passion and interest" to participate in some activity or venue.
You'd just show up, and other enthusiasts would be reasonably encouraging and supportive.
Too much nowadays in our field has a whiff of being about classism and collusion, to create barriers to joining the clique.
Don't get me started on the obviously frat-pledging interviews that Google popularized, and then way too many newcomers mimicked that gatekeeping baggery, as if it was good and reasonable, rather than bro snobbery.
BoorishBears 50 days ago [-]
You can still just show up.
A recent highly advertised hackathon rejected my application.
I DM'd an organizer and got told there was no space at the venue.
I showed up anyways and security was checking names before allowing entrants in.
Walk in with a box of "stuff" and shuffle over with a look of friendly inconvenience, and as they're scouring the list for my name: "Oh uh sorry I was a really late application so I might be towards the end or something".
"Ah thanks for letting me know!", and after some half hearted searching security pens in my name, and off I go. My team ended up being finalists.
The room was probably half empty btw. I get fire codes are a thing but as someone who's helped organize hackathons, organizers are notorious for overestimating the conversion rate from "accepted" to "actually shows up"
It's in one of the screenshots, in the part about how they could fetch their reviewer's full name and comments.
ForTheKidz 50 days ago [-]
Tbh, if I could go to a conference that guaranteed all signs of passion and interest would be banned, it would be depressing.... but far more useful. Passion is something best saved for happy hour. The best advice I've received is not from passionate people but rather people who have resigned themselves to the work.
Very grateful I'm nowhere near conferences or academia, but equally grateful others are doing the work filtering the bullshit out for me.
accurrent 50 days ago [-]
Nice catch.
I remember the days when one could just show up to a hackathon and do cool hacks. Now it feels like they only exist for serious reasons.
non- 50 days ago [-]
You definitely still can just show up and do cool hacks.
Also hackathons are really easy to host if you keep them under 50 people. All you really need at that size is a co-working space and some pizzas.
So if you don't like the vibe at your local hackathons, why not host your own one weekend?
I think the key is really the size of the thing. Giant hackathons with big sponsors and prizes are always going to be more "serious" feeling than your local self-organized hack-days.
pdntspa 50 days ago [-]
The hackathons I have been forced to participate in always seemed like a cheap shot at labor and ideas from some corporate overlord
And for the record.... PIZZA is not an appropriate compensation. Especially if someone is lactose intolerant!
Twirrim 49 days ago [-]
They did a great one at Amazon several years ago. Engineers had been loudly complaining about the elevators in one building, and how long it could take at lunchtime to get one. All sorts of crap about how the elevator algorithm sucked, etc.
Amazon eventually arranged a weekend hackathon with someone from the elevator company. Whole bunch of engineers tried their hardest to do a better scheduling job, and failed. Almost like engineers at elevator companies have had decades to experiment and refine things.
It did shut down all the complaints.
jimbob45 50 days ago [-]
It’s always Little Caesars too. At that point, I’d rather just have the $5 that the pizza cost.
rikthevik 49 days ago [-]
The box it came in probably tastes better.
49 days ago [-]
paradite 50 days ago [-]
O-1
paradite 50 days ago [-]
Ok looks like people are not getting my comment.
Being a judge in a hackathon is one of the criterion for O-1 visa.
It might work in practice, but it really does not seem to meet the spirit to me. It’s definitely not true to just say “being a judge in a hackathon is one of the criterion” directly.
Actual regulation is:
Evidence of the alien's participation on a panel, or individually, as a judge of the work of others in the same or in an allied field of specialization to that for which classification is sought;[1]
is one of eight criterion (of which meeting three is required).
Examples given by USCIS[2] are:
Examples of relevant evidence may include, but are not limited to:
Reviewer of abstracts or papers submitted for presentation at scholarly conferences in the respective field;
Peer reviewer for scholarly publications;
Member of doctoral dissertation committees; and
Peer reviewer for government research funding programs.
Which seems to indicate rather more prestige than “judging a hackathon” is the intent of the regulation.
Yes. This is my point I'm trying to make. Thank you for explaining it.
uoaei 50 days ago [-]
"phenomenon" is singular, "criteria" is plural
babuloseo 49 days ago [-]
do you know if there is one for Japan?
accurrent 49 days ago [-]
Ah now it makes sense why some of my colleagues were judging hackathons like crazy. TBH the number of O-1s being handed out is a joke. People 2 years out of college are getting O-1s for being able to call chatgpt APIs. I mean given the number of reviews I do on a regular basis for academic journals I guess I would qualify.
babuloseo 49 days ago [-]
rofl I didnt know this was a thing, why are people so intent on gaming the system? I was judging thing in person and even during covid I did it via Discord for some events (Discord hackathons were a different culture of their own and were great) even the physical ones I did had certain traditions depending on which universities you were judging at, I do peer reviews for the research lab that I help out with sometimes so maybe that counts, but the thing is I am just doing all this because I think its fun to do. Knowing that other people have potential nefarious reasons or trying to game things or even "cheat" the system was like one of the reasons why I quit Pokemon Go initially or certain games that put everyone on the same leaderboard.
babuloseo 49 days ago [-]
wait what I didnt know this I mentored and judged at various hackathons in the USA, do people really care about what type of visa they get? Is this a thing in 2025?
Etheryte 50 days ago [-]
The O-1 visa is appealing otherwise, but the fact that it doesn't give your spouse a right to work is an absolute no starter as far as I'm concerned. So it only really makes sense if you're single or if your other half qualifies for a separate visa.
setopt 50 days ago [-]
That’s ridiculous. So if your SO doesn’t qualify for their own work visa, they can immigrate but not work? Or they can’t join you at all?
Etheryte 50 days ago [-]
If you have an O-1 visa, your significant other can get an O-3, which allows them to join you, but not work. Their whole presence is tied to your visa, if you lose your O-1, they lose their O-3 too. I was looking into getting an O-1 at one point, but stopped once I came to learn this.
CalRobert 50 days ago [-]
Not just a US thing, Ireland did this to critical skills employment holders for years. Worse, they pretended your spouse could work, but then made the process so cumbersome it was almost impossible to comply.
igleria 50 days ago [-]
Gives the impression of it being by design: They want talent but only for so long, they don't want the talent to "overstay their welcome" thus they complicate things, like not allowing the spouse to work
idiotsecant 50 days ago [-]
I think they'll gladly keep the holders of these visas as long as they're desperate. It's not about length of time, it's about keeping them tied to a single employer, working like a rented mule, afraid to speak up. These visas make people good, docile employees because if they aren't they get removed from the country. It's kind of wild that they are so casually accepted.
FeepingCreature 50 days ago [-]
I think if you make it a moral violation to give people nice things with attached conditions, this will not result in more people having nice things.
You're proposing the alternative "let people live in the US without being tied to a specific employer." But realistically, the alternative on offer is "don't let people live in the US at all."
idiotsecant 48 days ago [-]
Why wouldn't we just let them live in the US?
bombcar 50 days ago [-]
Exactly. It’s designed to allow you to work for a time and then return. They’re nice enough to allow a spouse to accompany, but not to work or remain.
Brian_K_White 50 days ago [-]
nice enough, wow
kevin_thibedeau 50 days ago [-]
They can work in your country's consular offices if one is nearby.
1. The kind where you have to advertise all over and work hard to convince people to come to. You're happy with whoever shows up.
2. The kind where you have so many entries that you need to filter out the non-serious people and save your limited space for people with the actual skills and motivation to show up and contribute.
The second kind is usually associated with some big institution or influencer. It might have a history of participation from people who went on to be successful.
In this case, it's associated with universities. Different universities probably encourage their students to apply and compete.
CoolCold 50 days ago [-]
I'm curios - my naive understanding that instead of using backend which will allow limited subset of actions/validate input, there is some 3rd party DB ( Firebase ?) which works via some sort of per-user API keys to allow fetch directly by frontend devs?
Anduia 50 days ago [-]
Firestore's quick setup uses "test mode", which is free and unrestricted. The "locked mode" recommended for production blocks all reads and writes until you set up the rules.
So I don't know if they had the site in test mode, or they simply set a rule to allow everything (I've seen that happen) instead handling access based on user permissions.
pfg_ 50 days ago [-]
In this case they had permissiona set up - but your application status was stored in the same object as the rest of the info you could modify, and you were allowed to read and write to it.
ForTheKidz 50 days ago [-]
Wait, firebase allows full access to http connections accessible from a browser? Wtf? Why would you want to give the user direct access to a database to begin with? Is firebase built around the idea of not running your own servers or something?
sunbum 50 days ago [-]
Firebase is not a db, its an entire platform as a service. So you don't really create much a backend, it handles it all for you.
johnecheck 50 days ago [-]
Pretty much. Google manages everything. It handles Auth, which ties into the rules for accessing Firestore (the db), and you've got Functions for any code that needs to run server-side.
All with libraries in a lot of languages to make it easy. Pretty solid product with a cohesive experience and a generous free tier.
Naturally, you'll pay an exorbitant amount once you start to scale and realize you've been locked in.
ForTheKidz 50 days ago [-]
Huh! I just spent an hour diving in and I see now.
Crazy giving up that much control of your product to a third party. I can definitely see the appeal to spike realtime/chat projects, though—they really leaned into that api design well. Selling out to google was a mistake.
koakuma-chan 50 days ago [-]
Aren't firebase apps notorious for having really stupid vulnerabilities?
johnecheck 45 days ago [-]
Wouldn't surprise me, but this isn't really google's fault.
As a product with a ton of appeal to the least experienced developers, lots of mistakes happen.
My understanding is that (assuming you trust google) there's no reason you can't build a secure application on firebase.
reportgunner 50 days ago [-]
Yeah you can't really run it on-site so you just debug in the open.
pwillia7 50 days ago [-]
+1 Hugo + Papermod -- Same setup I use for my blog! (reticulated.net)
I was lol, my application is actually the 1st one in the information disclosure section.
I didn’t get any feedback or even a reviewer name, oddly enough.
szszrk 50 days ago [-]
So... what was the full commend of the reviewer? :) You made us curious.
belter 50 days ago [-]
Netflix cancelled the second season...Not enough interest...
ngruhn 50 days ago [-]
Ah yes, the four foundational criteria to rate a hackathon application: passionAndInterest, projectAndPracticalExp,
techSkillsAndExp, diversity
falcor84 50 days ago [-]
I found that jarring too. Diversity can only really be a criterion of a group, not an individual. Otherwise it's just tokenism.
dmurray 50 days ago [-]
It could be a measure of each candidate's difference (in diversity points) from the overall cohort, which is an approximation of how much the diversity of the group will change by accepting/rejecting this candidate.
But that seems hard to implement - you'd have to recalculate this for every candidate every time you got a new candidate - so perhaps we can implement an optimization: approximate this by estimating the distribution of the group and measuring differences from some centroid.
HR teams, I'm available for techwashing consultancy.
falcor84 50 days ago [-]
> HR teams, I'm available for techwashing consultancy.
Nice! Especially if coupled with a secondary business whereby you train applicants on how to increase their "diversity points"
EDIT: I think I have the appropriate "one weird trick": flood the pool with fake applications grouped together but very dissimilar to you.
JackDanMeier 50 days ago [-]
What would this realistically be rated on? If anything it seems like racial profiling
9dev 50 days ago [-]
Pretty obvious—"Guys, this year we need a few people of color and especially women on the hackathon, I don't want another white wiener party!"
So they artificially skew the participants by granting bonus points for any minority groups.
barry-cotter 49 days ago [-]
I like how your imagined DEI HR bureaucrat[1] engages in Asian erasure. 100% credible.
[1]in soul if not title
kimixa 50 days ago [-]
Could be diversity of proposal - if they don't want 50 people all trying to solve "the same problem"
Brian_K_White 50 days ago [-]
No one uses the word diversity by itself to mean that.
Even if the writer did, it still isn't reasonable for a million readers to presume that a writer meant anything other than what they wrote, according to the consensus usage of the the words/phrases in the given context.
It only makes sense to assume the writer meant what most readers would interpret they meant, and don't move off of that assumption unless the writer issues some update or correction.
cyrillite 50 days ago [-]
Don’t forget sex and randomly inferred things too!
przemub 49 days ago [-]
In Stalinist and Maoist countries you’d get extra points for uni when coming from a worker or farmer family. Times change, ideologies change, but some things don’t.
TwoPhonesOneKid 49 days ago [-]
That actually makes sense from the perspective of a state managing its labor force, though. That's just smart. "Diversity" for its own sake is just meaningless centrist bullshit.
chinabot 49 days ago [-]
There used to be a local hackathon where I used to live in London. Amazingly talented people used to attend, great social, I really miss going to these events
joshdavham 50 days ago [-]
Slightly tangential: I'm currently working on a web app that uses Firebase and I'd like to potentially open source it in the future.
Given all these recent articles where people have been finding vulnerabilities in Firebase apps, should I be careful to open source it? The data in my app isn't super sensitive (e.g., social security or bank info), but does contain PII like names, emails, passwords.
henryfjordan 49 days ago [-]
You should triple-check the configs for your Firebase instance, make sure you understand all the security implications.
If you release the app as open-source make sure you remove references to your specific Firebase instance.
I'll also say that the app being open-source isn't the problem. As you can see from the blog-post, there's a LOT you can do just from looking at the frontend code delivered to your browser.
byyoung3 50 days ago [-]
u should maybe focus on security instead of AI haha
miyuru 50 days ago [-]
App itself might be AI generated as well.
byyoung3 50 days ago [-]
Impressive stuff nonetheless.
nusl 50 days ago [-]
Firebase again.
xavdid 49 days ago [-]
> disclosure timeline (mm/dd/yyyy)
> 09/03/2025 - vulnerability disclosed
a security vulnerability and time travel to go with it!
fastcall 49 days ago [-]
lol fixed :p
koakuma-chan 50 days ago [-]
Buzz online where? I haven't heard about it, feel like I'm missing out.
babuloseo 49 days ago [-]
cool wanna give me a reference so I can get in, do I have to phyiscally show up?
babuloseo 49 days ago [-]
oh no applications are closed, bummer I was working on some ai stuff last week and on the weekend, its a shame that people that are working on AI stuff are too busy to notice events like this where some publicity or peer review or criticism might come handy
dd_xplore 50 days ago [-]
The irony !
yzydserd 50 days ago [-]
Which part was ironic?
gukov 50 days ago [-]
Hacking a hackathon itself, maybe.
bertylicious 50 days ago [-]
But there is no irony, because it's two different meanings of the word "hacking": firstly "gaining unauthorized access", and secondly "focused programming".
I always hated that there is this second meaning. Especially since IMO it's being used to "steal" some of the glory associated with the original meaning.
When did this second meaning emerge anyway? Is this site here partially at fault?
falcor84 50 days ago [-]
They both stem from the more general meaning of hacking as looking for clever outside-the-box solutions to a problem, showing disregard to the intended/expected/typical way of going about that sort of thing. It apparently originated with this meaning in the late 50's at MIT's Tech Model Railroad Club.
ifdefdebug 50 days ago [-]
historically, "gaining unauthorized access" IS the second meaning.
bertylicious 50 days ago [-]
Oh nice, I wasn't aware. I always associated hacking with "gaining unauthorized access" and googling for the first definition confirmed that I'm my eyes. Didn't know it was the other way around and the term is actually much older than I assumed.
Aicy 50 days ago [-]
Here's a pleasant article on the subject from Richard Stallman, the developer of GNU / Linux.
Both are derived uses, but breaking in seems slightly more distant than the more recent usage of hackathon.
"Hack job" predates computers. The oldest form known means "to cut irregularly or inexpertly", with industrial revolution era uses similar to to people saying "AI slop" in the last year or two: https://english.stackexchange.com/questions/211750/where-did...
"The" jargon file says "[originally, someone who makes furniture with an axe]", while other sources claim it's the name of a tool that functions much like an axe or a mattock, or such an action as one might use the item for:
"""In fact, the OED also defines hack as a tool for breaking or chopping up, dating from before 1300:
He lened him þan a-pon his hak, Wit seth his sun þus-gat he spak.
And hacker follows. From 1620:
One good hacker, being a lusty labourer, will at good ease hack or cut more than half an acre of ground in a day."""
What an oblivious statement made by your actual reviewer!
Sorry if that wasn’t clear in the blog post!
Admittedly, "passion and interest don't really come across" might've been a valid impression, since the post after sounds like it wasn't the top priority:
> I decided to apply even though I was pretty busy that weekend, hoping my schedule would clear by the time the hackathon came around.
However, this could be yet another instance of gatekeeping that has sprung up, now that there's tons of money involved, and a whole lot of petty posturing and maneuvering.
When I was a kid, from a non-affluent family, who was fortunate to be able to start programming computers, I could just do things.
I'm not aware of anyone ever being appointed arbiter of whether I had enough "passion and interest" to participate in some activity or venue.
You'd just show up, and other enthusiasts would be reasonably encouraging and supportive.
Too much nowadays in our field has a whiff of being about classism and collusion, to create barriers to joining the clique.
Don't get me started on the obviously frat-pledging interviews that Google popularized, and then way too many newcomers mimicked that gatekeeping baggery, as if it was good and reasonable, rather than bro snobbery.
A recent highly advertised hackathon rejected my application.
I DM'd an organizer and got told there was no space at the venue.
I showed up anyways and security was checking names before allowing entrants in.
Walk in with a box of "stuff" and shuffle over with a look of friendly inconvenience, and as they're scouring the list for my name: "Oh uh sorry I was a really late application so I might be towards the end or something".
"Ah thanks for letting me know!", and after some half hearted searching security pens in my name, and off I go. My team ended up being finalists.
The room was probably half empty btw. I get fire codes are a thing but as someone who's helped organize hackathons, organizers are notorious for overestimating the conversion rate from "accepted" to "actually shows up"
Can't see anything. Was the page edited perhaps?
https://fastcall.dev/reviewed-3.png
Very grateful I'm nowhere near conferences or academia, but equally grateful others are doing the work filtering the bullshit out for me.
I remember the days when one could just show up to a hackathon and do cool hacks. Now it feels like they only exist for serious reasons.
Also hackathons are really easy to host if you keep them under 50 people. All you really need at that size is a co-working space and some pizzas.
So if you don't like the vibe at your local hackathons, why not host your own one weekend?
I think the key is really the size of the thing. Giant hackathons with big sponsors and prizes are always going to be more "serious" feeling than your local self-organized hack-days.
And for the record.... PIZZA is not an appropriate compensation. Especially if someone is lactose intolerant!
Amazon eventually arranged a weekend hackathon with someone from the elevator company. Whole bunch of engineers tried their hardest to do a better scheduling job, and failed. Almost like engineers at elevator companies have had decades to experiment and refine things.
It did shut down all the complaints.
Being a judge in a hackathon is one of the criterion for O-1 visa.
https://www.linkedin.com/pulse/getting-o-1-visa-easier-than-...
Actual regulation is:
Evidence of the alien's participation on a panel, or individually, as a judge of the work of others in the same or in an allied field of specialization to that for which classification is sought;[1]
is one of eight criterion (of which meeting three is required).
Examples given by USCIS[2] are:
Examples of relevant evidence may include, but are not limited to:
Reviewer of abstracts or papers submitted for presentation at scholarly conferences in the respective field;
Peer reviewer for scholarly publications;
Member of doctoral dissertation committees; and
Peer reviewer for government research funding programs.
Which seems to indicate rather more prestige than “judging a hackathon” is the intent of the regulation.
[1]: https://www.ecfr.gov/current/title-8/chapter-I/subchapter-B/...
[2]: https://www.uscis.gov/policy-manual/volume-2-part-m-chapter-...
You're proposing the alternative "let people live in the US without being tied to a specific employer." But realistically, the alternative on offer is "don't let people live in the US at all."
1. The kind where you have to advertise all over and work hard to convince people to come to. You're happy with whoever shows up.
2. The kind where you have so many entries that you need to filter out the non-serious people and save your limited space for people with the actual skills and motivation to show up and contribute.
The second kind is usually associated with some big institution or influencer. It might have a history of participation from people who went on to be successful.
In this case, it's associated with universities. Different universities probably encourage their students to apply and compete.
So I don't know if they had the site in test mode, or they simply set a rule to allow everything (I've seen that happen) instead handling access based on user permissions.
All with libraries in a lot of languages to make it easy. Pretty solid product with a cohesive experience and a generous free tier.
Naturally, you'll pay an exorbitant amount once you start to scale and realize you've been locked in.
Crazy giving up that much control of your product to a third party. I can definitely see the appeal to spike realtime/chat projects, though—they really leaned into that api design well. Selling out to google was a mistake.
As a product with a ton of appeal to the least experienced developers, lots of mistakes happen.
My understanding is that (assuming you trust google) there's no reason you can't build a secure application on firebase.
https://decapcms.org/ is a nice front end CMS admin if you're looking for one.
I didn’t get any feedback or even a reviewer name, oddly enough.
But that seems hard to implement - you'd have to recalculate this for every candidate every time you got a new candidate - so perhaps we can implement an optimization: approximate this by estimating the distribution of the group and measuring differences from some centroid.
HR teams, I'm available for techwashing consultancy.
Nice! Especially if coupled with a secondary business whereby you train applicants on how to increase their "diversity points"
EDIT: I think I have the appropriate "one weird trick": flood the pool with fake applications grouped together but very dissimilar to you.
So they artificially skew the participants by granting bonus points for any minority groups.
[1]in soul if not title
Even if the writer did, it still isn't reasonable for a million readers to presume that a writer meant anything other than what they wrote, according to the consensus usage of the the words/phrases in the given context.
It only makes sense to assume the writer meant what most readers would interpret they meant, and don't move off of that assumption unless the writer issues some update or correction.
Given all these recent articles where people have been finding vulnerabilities in Firebase apps, should I be careful to open source it? The data in my app isn't super sensitive (e.g., social security or bank info), but does contain PII like names, emails, passwords.
If you release the app as open-source make sure you remove references to your specific Firebase instance.
I'll also say that the app being open-source isn't the problem. As you can see from the blog-post, there's a LOT you can do just from looking at the frontend code delivered to your browser.
> 09/03/2025 - vulnerability disclosed
a security vulnerability and time travel to go with it!
I always hated that there is this second meaning. Especially since IMO it's being used to "steal" some of the glory associated with the original meaning.
When did this second meaning emerge anyway? Is this site here partially at fault?
https://stallman.org/articles/on-hacking.html
"Hack job" predates computers. The oldest form known means "to cut irregularly or inexpertly", with industrial revolution era uses similar to to people saying "AI slop" in the last year or two: https://english.stackexchange.com/questions/211750/where-did...
"The" jargon file says "[originally, someone who makes furniture with an axe]", while other sources claim it's the name of a tool that functions much like an axe or a mattock, or such an action as one might use the item for:
"""In fact, the OED also defines hack as a tool for breaking or chopping up, dating from before 1300:
He lened him þan a-pon his hak, Wit seth his sun þus-gat he spak. And hacker follows. From 1620:
One good hacker, being a lusty labourer, will at good ease hack or cut more than half an acre of ground in a day."""
- https://english.stackexchange.com/questions/70658/what-does-...