Convince everyone that node + mongo + backbone + bitcoin is the beginning and end of all software development, from systems software to scientific computing. Receive kickbacks.
HN is mainly goodwill for YC (any VC would pay a fortune to have HN and its audience).
So the parent comment seems to suggest that it's damaging to the goodwill of the site to disable signups.
If this was a permanent change, I'd agree, but it may be temporary, and it's not totally disabled (you can still signup by submitting content, as someone else wrote).
vladd, while I completely agree that "HN is mainly goodwill for YC," I think potentially your subsequent parenthetical statement shows misunderstanding of a different business model, the VC model. Or, maybe it was just ambiguous language easily misinterpreted by me (and, I'd assume, others as well).
Many content-based companies would love to acquire HN and its audience (e.g. Conde Nast's Reddit acquisition). VCs would love to invest in an HN spin-out to reap returns from said investment via a sale of the entity. However, "VCs would pay a fortune to have HN and its audience," reads more like VC-as-owner/PE rather than VC as investor.
Maybe I'm digging too deep in the semantics here, but this seems to be a point that is often lost and VCs vaunted (or derided) as less investors-cum-advisors and more private equity slash-and-burn corporate raiders.
Er, no. HN is part of YC's screening and application process. You have to have an HN account to apply to YC and if you have been an active user, your comments here basically become part of the screening process. It is part of why HN is better behaved than a lot of forums: Being an asshole here can help close doors for some folks which are potentially worth million$.*
* At least, this was all true last I heard. I have not looked at their application or application rules/process recently.
You can't anymore. There was a post a few months ago that you should set a password on the site itself to be able to continue to log on in the future (future being now, since a couple of days or maybe even weeks already).
My impression was it was more a feature of clickpass's implementation being outdated and requiring maintenance than OpenID not being useful, although there was sentiment that OpenID never gained enough traction and isn't the future anymore.
Unless you can't because that box isn't there to do a password reset. Which, btw, is really frustrating as I just had to create a second account to write this. I used to use OpenID and now I can't login to my old account at all.
I had the same experience. Pretty frustrating when you don't know what's going on (I'm a pretty regular visitor and missed the OpenID thread) and then want to comment on something and BAM! You have to create a new account in order to do so.
Maybe a separate page for changes to this site? That way, if someone misses it on the front page, they don't get hung out to dry.
I'm surprised that http://ycombinator.com/newsnews.html has not been updated on this important topic. How much would it help, though? There should be an RSS of it.
pg (or possibly another admin these days) will remove the create-account functionality if HN suddenly becomes very popular, as with the LinkedIn thread. I'm trying to find one of his comments where he mentions this, but there are 8,511 to wade through, and the obvious searches haven't found it yet.
I wish they'd fix the log-in system in general. It continually reports "bad login" for no reason, rendering your ID permanently useless because there's A: nothing wrong with the credentials you entered and B: no way to reset them. And yes, I have an E-mail address specified.
And the behavior is totally unpredictable. Once, after several attempts, a message magically appeared about sending a new password... but because the log-in credentials were "bad" and in fact cleared out, the system didn't know where to send any such E-mail. Yet it claimed to do so. Surprise, surprise: That E-mail never arrived.
So we wind up having to create a new user ID on every machine or every time a cookie expires. It's pathetic.
they also change a minimal amount - $5 i think - that discourages idle registration. i think it works well for them. maybe hn should consider it (it's not for profit - it's for the psychological "bump").
The problem with Metafilter is that $5 over time hasn't scaled. It's been $5 since they implemented it way back when, and as the popularity of the site rose, $5 wasn't enough to stop people from registering to add their pointless commentary anyway.
A few years ago I used to really find value in their community and felt that the added registration fee filtered out people that were just there to give bad advice on the green or self-post on the blue, but for the two years or so, it seems as if paying such a little amount makes people even more likely to post crap because they feel some sense of validation or privilege after payment.
Additionally (since SA was mentioned), there are so few moderators at MF that subtle trolls and misinformation loudmouths are prevalent (some have been known for their antics for several years) and threads derail and turn into a get-off-my-lawn!-fest really quickly.
countdown to people selling HN invites like it's a damn torrent tracker </joke>
hopefully this maintenence takes care of the issue of the login page being unstyled. i always thought it was supposed to go in a popup on the same page, that would make sense given its unstyled markup.
I dont think we are going to see a single pop-up anytime soon on HN. (Quick edit: Site has minimal 'html/css only', _flat_ feel and pop-ups are a different breed.)
I wondered that for a while, too. But there is a forgot password link, actually. You just have to enter your username and leave the password field blank, and then hit "login." You'll then be presented with a link to get a newly-generated password in an email.
The past few days I've gotten several emails from 'info@ycombinator.com' telling me that I have a new password. (I received several new passwords in the past few days.)
The header seems to indicate that the message was actually sent from news.ycombinator.com.
Are these legit? Why am I receiving them?
Has anyone else got one?
If HN replaces your password with a random one when requesting a forgot password, that's a great way to denial of service someone -- just keep requesting new passwords every 10 seconds and they'll never be able to login.
The better approach is to generate a secure password change link with an expiring change request token. Upon clicking the link, the token is validated and you're allowed to set a new password (or have one randomly generated). However, until the link is clicked and the token validated your old password should remain the same.
68 comments
[ 4.5 ms ] story [ 94.7 ms ] threadSo the parent comment seems to suggest that it's damaging to the goodwill of the site to disable signups.
If this was a permanent change, I'd agree, but it may be temporary, and it's not totally disabled (you can still signup by submitting content, as someone else wrote).
Many content-based companies would love to acquire HN and its audience (e.g. Conde Nast's Reddit acquisition). VCs would love to invest in an HN spin-out to reap returns from said investment via a sale of the entity. However, "VCs would pay a fortune to have HN and its audience," reads more like VC-as-owner/PE rather than VC as investor.
Maybe I'm digging too deep in the semantics here, but this seems to be a point that is often lost and VCs vaunted (or derided) as less investors-cum-advisors and more private equity slash-and-burn corporate raiders.
Might a VC chime in here?
*edited for spell check and readability.
* At least, this was all true last I heard. I have not looked at their application or application rules/process recently.
- They post/comment on news items.
- ????
- Profit.
- They get engaged in the community
- They get exposed to YC classes and start ups
- Talent is attracted to joining YC
- YC continues to get best talent
- Best talent attracts more/better investors
- Increases the likelyhood of start up success in incubator
- Profit.
Go ahead an log out of your account and try to comment on this link.
In the future, when a major feature like this is removed, it would be nice to see a banner across the top for people who will be affected.
What are considered current "best practices" in building an account system?
My impression was it was more a feature of clickpass's implementation being outdated and requiring maintenance than OpenID not being useful, although there was sentiment that OpenID never gained enough traction and isn't the future anymore.
Maybe a separate page for changes to this site? That way, if someone misses it on the front page, they don't get hung out to dry.
*updated for clarity
I suspect you can still sign up but via another screen?
The loss of openid button definitely affects existing members though...
edit: I may have misremembered; the first reference I've found was http://news.ycombinator.com/item?id=3481174, but I'm still looking.
edit: Gave up looking. I probably don't know what I'm talking about.
And the behavior is totally unpredictable. Once, after several attempts, a message magically appeared about sending a new password... but because the log-in credentials were "bad" and in fact cleared out, the system didn't know where to send any such E-mail. Yet it claimed to do so. Surprise, surprise: That E-mail never arrived.
So we wind up having to create a new user ID on every machine or every time a cookie expires. It's pathetic.
A few years ago I used to really find value in their community and felt that the added registration fee filtered out people that were just there to give bad advice on the green or self-post on the blue, but for the two years or so, it seems as if paying such a little amount makes people even more likely to post crap because they feel some sense of validation or privilege after payment.
Additionally (since SA was mentioned), there are so few moderators at MF that subtle trolls and misinformation loudmouths are prevalent (some have been known for their antics for several years) and threads derail and turn into a get-off-my-lawn!-fest really quickly.
hopefully this maintenence takes care of the issue of the login page being unstyled. i always thought it was supposed to go in a popup on the same page, that would make sense given its unstyled markup.
The past few days I've gotten several emails from 'info@ycombinator.com' telling me that I have a new password. (I received several new passwords in the past few days.)
The header seems to indicate that the message was actually sent from news.ycombinator.com.
Are these legit? Why am I receiving them? Has anyone else got one?
I've ignored them for now.
New Hacker News pw: <new password>
So someone probably thinks they have your username and are wondering why they can't remember the password or receive an new password.
Far less likely is that someone could be trying to discover/exploit a timing attack on the forgotten password generation algorithm.
The better approach is to generate a secure password change link with an expiring change request token. Upon clicking the link, the token is validated and you're allowed to set a new password (or have one randomly generated). However, until the link is clicked and the token validated your old password should remain the same.
Didn't somebody do that already?
But yeah http://news.ycombinator.com/item?id=639976
…makes the site _much_ less useful for me, I must confess.
Thanks.
LinkedIn's password database leaked earlier today.