Ask HN: /.well-known/techstack
I feel a lot of push back would likely be security related.
But my follow-up question would be: For someone who is really determined to hack you, aren't there plenty of other channels by which said hacker could obtain this information? The first thing that comes to mind is Job Postings. If your company has never hired anyone except Haskell engineers, how likely is it that you're running NodeJS on the server-side? Also, I'm not extremely familiar with all the caveats, but I've certainly read about how hackers can obtain details about what OS a web server is running on simply by analyzing the TCP traffic.
So maybe a related question would be, how much of your public-facing stack can you realistically expect to hide from outsiders? Knowing this could help me understand why we don't have a "/.well-known/techstack" defined, and likely never will.
2 comments
[ 4.1 ms ] story [ 21.0 ms ] threadI used to run a F100 web site. In my naiveté I put up a page with extremely high level details about what we were using to produce the site. As a result we started getting hammered by SQL injection attacks (on CGIs which had no SQL fields, so moot other than the processing "loss") and I started getting phone calls, daily, from software sales guys pitching me one stupid thing or another, fully aware that the person they were talking to could not possibly buy their thing because of who I worked for.
The thing that killed it for us though was that we listed a variety of software tools which weren't approved "program products" sold by my employer, including open source, so it was easier to remove the page than continuing fighting a losing multi–front battle for my time and attention.
I don't think it's necessarily a bad idea, but there's got to be some value to the organization.
<thought_process>
It will be far easier for businesses who do this sort of thing to assimilate themselves into the "fiber" of the local tech community.
The businesses who do that will find it far easier to obtain and retain top local talent.
</thought_process>
I agree that the question that needs to be answered for something like this to bootstrap would probably be something like "what is the value to the organization". But I think that question, over time, would evolve into the assumption that "we need to do this in order to survive".