> Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!
Verge reports someone has taken credit for an ongoing DDOS against IA.
"An account on X called SN_Blackmeta said it was behind the attack and implied that another attack was planned for tomorrow"
https://www.theverge.com/2024/10/9/24266419/internet-archive...
That class of sites generally is, yes. But on HN we go by article quality, not site quality (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...) and I didn't see a better specific article on this. If there is a better one, we can change the link again.
I feel like it's safe to assume the official Internet Archive would not write a "friendly"/attempt-at-humurous/unprofessional/confusing/delivered-by-popup message advertising a devastating security breach. Oh also while announcing that nowhere else.
Obv an attackers ability to insert a message does imply a breach beyond a DoS. But I am pretty confident that message was not from the IA.
It's all good, as long as you're not in that recent AI Girlfriend breach which exposed a ton of users who were trying to coax it into generating CSAM images.
“I went to the site to jerk off (to an adult scenario, to be clear) and noticed that it looked like it [the Muah.ai website] was put together pretty poorly,” the hacker told 404 Media. “It's basically a handful of open-source projects duct-taped together. I started poking around and found some vulnerabilities relatively quickly. At the start it was mostly just curiosity but I decided to contact you once I saw what was in the database.”
Not sure if you're being sarcastic or not, but pentesting is not a particularly evil activity — and you often have to look at data to see if you actually found something.
What is evil is the way that he's ensured that the predators in the dataset will never face any consequences by making the data available to HaveIBeenPwned, making it trivial for predators to protect themselves (the method through which this is possible intentionally left as an exercise for the reader), and making the data available to a news website for...some reason, but it's bound to ensure that the vulnerability will be patched out quickly and no one else will be able to access the data.
I find it much more likely that this hacker who sought out a website for uncensored AI erotica isn't actually a good guy, and might even have something to hide within the dataset. Hopefully, I'm wrong and we'll see more of this.
Truly unique email addresses and passwords per service is the strongest approach, but there may be alternatives. For instance, Gmail allows address+tag@gmail.com, which will save you from the lowest hanging fruit (block the +tag when it’s compromised to prevent the laziest spam from reaching you). iCloud also allows automatically generating a new email address that forwards to your inbox for a new account when using iCloud Keychain (possibly when using other password managers too, but I haven’t tried).
Gmail's +tag (and the .) is nice in theory, but terrible in practice. It's super easy for malicious actors to just drop them and there are a few services out there that simply are not able to work with the +tag, potentially getting you locked you out of your own account. Not gmail's fault, but I would recommend against using it.
> Create a new email address for every service we sign up for?
Exactly that, yes! Various services like icloud or proton offer "hide-my-email" addresses, or you can use any email service and just leverage a dedicated email aliasing service like SimpleLogin (paid but cheaper).
This way your email addresses are always random, and since these are shared services, the fact that it's random doesn't identify you either. In proton's / simplelogin's case, you can even set the display name used and email first, so from the outside it's not going to appear as strange, or have any real limitations.
If you think about it, modern email services don't really allow for easily testing if an email address is valid or not, so pretty much the only way your email is ever found out is if you share it on. So never share it on. Always share an alias instead. With automated systems, you may even want to rotate it every so often, so that if there's a leak, you can identify not just who leaked, but also roughly when.
Fixed identifiers, like an email address, are terrible, as their lifetime is always significantly longer than whatever context they're being used in for.
Should we be linking to the site that is very likely to be breached? Could start to host any type of malware until the access can be definitively revoked
That's just about article quality though. Is there a policy about linking to known compromised sites? Should one flag the submission for moderator attention?
Even if we assume folks are using up-to-date browsers (and many aren't!), a compromised site could deliver payloads to browsers ranging from zero-days to phishing content to browser extension compromises (esp. for crypto wallets etc.), that might be delivered differently to different viewers. We don't want to amplify the spread of an attack, especially to our community!
There are too many things to add if we start adding things like that. Each one is important in its own context, of course—like here—but once you start making lists of important things, you end up in a whole-is-less-than-the-sum-of-its-parts situation. I don't think such lists are likely to be effective in the long run.
That's also why the site guidelines (https://news.ycombinator.com/newsguidelines.html) are nowhere near as long as they would be if we tried to include all the important things. Better a shorter list that people can actually read.
I hope that doesn't come across as dismissive—I do see your point!
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
If an attractive story takes precedence over fact, then we will repeat the story of a James Bond film. Maybe the one with that bikini scene, bikinis are attractive after all.
Now I'll have to dig through my IA account and remember if I donated to them directly via credit card (and if they stored it), or if it was through PayPal.
If you're a blackhat and you want to be annoying, you can use Stripe tokens to charge your target's customers. The target is the payee, so you won't make any money, but it'll add to the chaos.
HaveIbeenpwnd says it was just passwords/usernames/emails, so seemingly not. (My company just got an email from them about the breach and I confirmed I'm in there with a quick search on their website.)
How long does an average hard drive last? You'd have to spend that 700k every that many years (plus the extra bits you mentioned). Quite an operation actually
I actually find that fairly tame. For a point of comparison, Wikipedia gets ~$150M in revenue a year, an "asset rise" (I presume this is what non-profits call profit?) of ~$15M a year, and is sitting on about a quarter billion in the bank.
Not that they want to, but I think Wikipedia could fund this using their current donations if they wanted. Hell, I almost wonder if one of the big storage providers would do it for free if they could do it in their staging environment so they get real traffic. It would be less good than real backups, but extra copies are still extra copies even if they're unreliable.
You're right, I guess it is tame and achievable so far as organisations go. I was imagining trying to get some friends together to have a decent percentage of the IA backed up, but that seems out of reach based on this napkin math. Not that that is necessarily demotivating, but it's going to depend on a lot of people intuitively seeing the value and keeping up their share
Yeah, as a sort of pet project I don’t think backing up the whole thing is possible.
You might be able to back up a significant portion of the unique data in IA if you limited it to text files. I think they probably have the highest information to file size ratio.
It’s also probably the most likely to already be back up, though. Interesting issue; you might also get somewhere by cutting the 50TB up into 10GB torrents (or 100GB or whatever, something reasonable for a consumer hard drive) and maybe adding a script that checks the torrent swarm stats to recommend a torrent to download.
Something where I run it, tell it I want to let it use 600GB, and it hands me torrent files for the least seeded 600GB. Maybe a super basic web UI so people can see how well backed up it is?
Unsure if people would sign on or not; I probably would. I’ve got 10 or so TB of NFS I’m not using I could chuck at it. I would guess there are other data hoarders out there who would do the same, but only if it were somewhat easy. I’m probably not going to volunteer to do an hour of rtorrent cleanup a week to make sure I’m backing up the right things.
A good portion of the text on Wikipedia relies on Wayback Machine links to remain verifiable. If they lose that, I guess the editors might have to comb every page for information which would need to be either resourced or deleted.
This is a great question, and a state of the art kind of thing.
HDDs are sold with a lifetime drive read/write amount and power cycle warranty, along with usually some environmental operating envelope. read/write relates to the quality/space of the platter, power cycle is usually the actuator & read/write head being reseated/wearing out. Environment is the same as all other devices in a DC.
Most folks replace drives when they die (reads/writes stall or return garbage), or when the warranty runs out. Some will pay for a warranty exception, and some will just use the drive outside of warranty. Depending on how you use the drive, what environment it's in, etc changes how much you can push things.
I'd say anywhere from 4-8 years, depending on how it's used. In many cases it can be cheaper to have a worse environment for your fleet (thus using less power on hvac) and replace devices more frequently.
There's also the fact that hard drive capacities keep increasing and increasing significantly faster that the power required, and sooner or later for very long term storage it'd become cheaper to migrate all your data from those 5 year old 4TB drives to more modern 16TB ones. That's assuming you want hot access to the data and don't plan on spinning them down as soon as you've written to them, like you'd do for a cold backup of the whole IA.
I remember for a long time (I'm talking 20-ish years back here), every hard drive I bought had double or more the capacity of every drive I'd ever bought previously combined. My first ever 40MB (yes, megabyte) drive got upgraded to an 80MB one, that got updated to a 250MB one, then a 750MB, and then a whopping 2GB drive (how would I _ever_ fill that up???) - and so on. That's slowed down some, but I'm currently starting to think about upgrading my 8TB drives (Raid1 pair) with 20TB drives when the prices start to drop a bit more.
Drives do 140-220MB/s depending on the LBA distance of the readhead, and that's not really changing. 160MB/s is very common.
So your 8TB drives, assuming 1MiB writes with a 20ms latency and 160MB/s, you can rewrite the drive ~155 times/year. At 20T this drops to ~62 times/yr.
Do people really replace their drives when the warranty runs out? Hard drive manufacturers won't provide data recovery on drives that fail under warranty[1]. It makes more economical sense to just run a drive until it dies. You'll end up paying the price for a new drive either way, but less often if you ignore the warranty expiring.
1: I discovered this myself when a Seagate drive containing some important data failed under warranty. If you're foolish enough to send them a failed drive with data you need recovered (like I was), all they'll do is throw it in the bin and send you a replacement drive.
I tried for 6 weeks. Eventually, it just stops functioning. The same program and arguments spits out "segmentation fault" 33% of the time I run it, with the other 67% working perfectly. The only way I could explain it was that it was in a function outside the main, because when I put the exact same code in the main, compiled and ran, it worked.
I have no other explanation. At some point, having too many nested loops and variables causes segmentation faults, whereas less complex code functioned without error. I needed to have certain things performed, and it only functioned in the main.
Why would you try to do this in C of all languages? It's one of the worst choices, especially for a self-learner and a beginner like you. Consider: choosing another language could, on its own, 100% eliminate any possibility of getting a segfault! With just that, you'd be spared from having to produce an abomination of many thousands of loc inside a single function, which is never (unless you're Donald Knuth) a good programing practice.
Python is slower but easier, and less likely to segfault out of blue! You don't even have to have a main() loop. If you just have an idea worth demoing quick, I'd recommend switching to Python 3.
If this is a backup, you don't need it to be powered up and available 24x7.
So the question becomes more like "how long does an average hard drive last while powered down and still reliably be able to power back up and be read?".
I'm fairly sure that is a lot longer than the single digit years that'd be the probably answer to your question.
I wonder if there are useful guidelines for long term storage of powered down hard drives? My gut feel is the major failure modes would be electrolytic capacitor failure, bearings sticking as the lubrication ages, and obseleting of the interfaces. I wonder how hard it'd be to find hardware that'd read my Mac SCSI hard drives from 25 years ago?
> How long does an average hard drive last? You'd have to spend that 700k every that many years (plus the extra bits you mentioned). Quite an operation actually
You'd have to spend a lot more, because with that many drives, you need redundancy now.
True, that would be an up front cost. At the same time, the IA is still live. This initial expense can be softened by building up redundancy over some years rather than trying to do everything at once
> True, that would be an up front cost. At the same time, the IA is still live. This initial expense can be softened by building up redundancy over some years rather than trying to do everything at once
I think with that many drives, you'd be losing them constantly, and I suppose you wouldn't know which ones until later (assuming you're doing an offline backup, if you aren't you have to factor in power costs).
Electricity, bandwidth, and generally running a business is not free. Also for these pay-as-you-go setups you'd need a considerable amount of free space available on demand.
That said, it's not an especially cheap option. Hetzner has storage boxes for EUR 2.5/TB/mo (in fixed 5 and 10TB boxes though)
IA stores lots of redundant stuff in 5 file formats and none of them are particularly well-compressed, I think. There are (big) savings to be had, but maybe figuring that out (software dev and compute time) isn't worth it?
Oh no! I didn't know their IPFS initiative didn't pan out. What happened to it? I am surprised how hard it is to google. I remember interviewing for a role on that team at the archive to help move it to filecoin. Was so happy to hear that the effort was underway to decentralize their datastore. We need this more than ever.
There are people still working on trying to make it happen but it's just a collosal amount of data and filesystems are notoriously hard, so it's very slow going.
From my own personal experience doing distributed archiving with no relation to Archive.org, Filecoin/IPFS's UX isn't quite there yet. They still don't let you serve data to the network from a normal filesystem, you have to let their system ingest all of your stuff so you end up double-storing data or you have to give into everything being stored as inscrutable binary blobs.
That's why I still haven't integrated ArchiveBox with IPFS/Filecoin/Storj, let my data live in a normal filesystem dammit!
> They still don't let you serve data to the network from a normal filesystem, you have to let their system ingest all of your stuff so you end up double-storing data or you have to give into everything being stored as inscrutable binary blobs.
I don't understand this part. What data would you have to give them? Why can't it just live next to your stuff on your OS' filesystem?
They're saying that the client software (the servers that speak the IPFS protocols) has to load the files to be served into their own local storage database, it can't just keep a "metadata file" and read the existing files off disk. Presumably somebody could write a client that spoke the IPFS protocol and did this, or fork the main Go or JS one, but until someone does that they're stuck with the software that's already been written
For IPFS, I'm fairly sure you can now serve from your normal filesystem, rather than load it into their blockstorage -- or at least the blockstorage has pointers to real data blocks that are part of your existing files (it's the nocopy option[1]; it's marked as experimental, so there may be some sharp edges.)
For Filecoin, if you want fast access, you do need to keep a second hot plaintext copy, as well as the sealed Filecoin copy. But that works for the backup case for IA, because the hot copy would be served from the archive's existing infrastructure (and/or a distributed IPFS hot cache) -- you'd just use Filecoin for the proven safe backup.
The project to back up IA to Filecoin is still ongoing. The IA dashboard that shows the current state is (perhaps predictably) down at the moment, but it crossed the 1PiB line last year[2], and they've been optimising the onboarding flow recently.
(Disclosure: I work at the Filecoin Foundation/Filecoin Foundation for the Decentralized Web, which partners with the Archive on this project, as well as supporting other Internet Archive backup projects.)
Needing to keep a separate hot copy at 220PiB is already ~$7M/yr, and multiples much more than that if you factor in labor and redundancy. The --nocopy option looks great though, I didn't see it last time I was looking around for an MFS/FUSE solution, I'll try it.
I appreciate your effort and I hope the project continues.
"Based on historical records from the first half of the last century, Mr Musk (inventor of the car and the rocket) and President Xi were the most respected and popular individuals on earth."
Backup / duplication is not an easy project for sure. But meanwhile for now IA is a single organization operating under one legal system. And one technical setup, would be relevant today. That's a major weakness.
Right in most southern states in rural areas that would be pretty good and you could enjoy fresh air and nature while working from your back porch and scanning a few acres of land and wildlife, sipping on sweet tea.
The undertone was intended to be: that's an insane amount of money, something one with quadruple that amount of experience would maybe earn in a for-profit organisation, but I guess your reaction further proves it's different where you're from
It's not high for bay area software jobs; there are new grads who were paid more than that 10 years ago and I assume new grad wages have gone up since. Of course cost of living (particularly rent) and taxes are high there too, but if you don't blow it all on renting a higher-end place or luxuries you can still save a lot.
Does this mean you get benefits (like free housing, healthcare, and money to buy food with) if you earn less than 105k/year? Or what does low income threshold mean here
It's one criteria for eligibility for social benefits that can include being able to live in certain kinds of public housing. Usually there's a lot more criteria that go into it, but income is a fairly major one.
647 comments
[ 3.2 ms ] story [ 352 ms ] thread> Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!
Sometimes with friendly / attempt-at-humorous error messages it’s difficult to tell
Submitted URL was https://archive.org/.
Is there any link between them and the real attack or are they just unrelated people claiming credit for it?
Obv an attackers ability to insert a message does imply a breach beyond a DoS. But I am pretty confident that message was not from the IA.
https://x.com/troyhunt/status/1843788319785939422
What a nice guy.
What is evil is the way that he's ensured that the predators in the dataset will never face any consequences by making the data available to HaveIBeenPwned, making it trivial for predators to protect themselves (the method through which this is possible intentionally left as an exercise for the reader), and making the data available to a news website for...some reason, but it's bound to ensure that the vulnerability will be patched out quickly and no one else will be able to access the data.
I find it much more likely that this hacker who sought out a website for uncensored AI erotica isn't actually a good guy, and might even have something to hide within the dataset. Hopefully, I'm wrong and we'll see more of this.
I don't know what the best practice is for keeping our personal data safe anymore.
(No, this official looking email from my bank is fake since it was sent to Grocery@my.domain …)
Yes! Just get a domain and have every email it go to you. Mine is something like “@super-secure-no-viruses.email”
Exactly that, yes! Various services like icloud or proton offer "hide-my-email" addresses, or you can use any email service and just leverage a dedicated email aliasing service like SimpleLogin (paid but cheaper).
This way your email addresses are always random, and since these are shared services, the fact that it's random doesn't identify you either. In proton's / simplelogin's case, you can even set the display name used and email first, so from the outside it's not going to appear as strange, or have any real limitations.
If you think about it, modern email services don't really allow for easily testing if an email address is valid or not, so pretty much the only way your email is ever found out is if you share it on. So never share it on. Always share an alias instead. With automated systems, you may even want to rotate it every so often, so that if there's a leak, you can identify not just who leaked, but also roughly when.
Fixed identifiers, like an email address, are terrible, as their lifetime is always significantly longer than whatever context they're being used in for.
I guess internet security is not as bad these days. :)
Already there are two new users just for this.
Update: Subdomain seems to be returning normal responses again now.
https://news.ycombinator.com/item?id=41792651
https://sourcegraph.com/github.com/polyfillpolyfill/polyfill...
Seems like they self hosted that service
Even if we assume folks are using up-to-date browsers (and many aren't!), a compromised site could deliver payloads to browsers ranging from zero-days to phishing content to browser extension compromises (esp. for crypto wallets etc.), that might be delivered differently to different viewers. We don't want to amplify the spread of an attack, especially to our community!
That's also why the site guidelines (https://news.ycombinator.com/newsguidelines.html) are nowhere near as long as they would be if we tried to include all the important things. Better a shorter list that people can actually read.
I hope that doesn't come across as dismissive—I do see your point!
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"
We need not one but many internet archives. Just one and we will repeat the outcome of the Library of Alexandria.
"Goodwill and donations" will never be robust against an entire industry that makes profit off of artificial digital scarcity.
Now I'll have to dig through my IA account and remember if I donated to them directly via credit card (and if they stored it), or if it was through PayPal.
I found this reddit thread from /r/DataHoarder about backing up the internet archive particularly interesting, given the circumstances
1: https://www.backblaze.com/blog/hard-drive-cost-per-gigabyte/
Not that they want to, but I think Wikipedia could fund this using their current donations if they wanted. Hell, I almost wonder if one of the big storage providers would do it for free if they could do it in their staging environment so they get real traffic. It would be less good than real backups, but extra copies are still extra copies even if they're unreliable.
You might be able to back up a significant portion of the unique data in IA if you limited it to text files. I think they probably have the highest information to file size ratio.
It’s also probably the most likely to already be back up, though. Interesting issue; you might also get somewhere by cutting the 50TB up into 10GB torrents (or 100GB or whatever, something reasonable for a consumer hard drive) and maybe adding a script that checks the torrent swarm stats to recommend a torrent to download.
Something where I run it, tell it I want to let it use 600GB, and it hands me torrent files for the least seeded 600GB. Maybe a super basic web UI so people can see how well backed up it is?
Unsure if people would sign on or not; I probably would. I’ve got 10 or so TB of NFS I’m not using I could chuck at it. I would guess there are other data hoarders out there who would do the same, but only if it were somewhat easy. I’m probably not going to volunteer to do an hour of rtorrent cleanup a week to make sure I’m backing up the right things.
[0]: https://www.hyphanet.org/
A good portion of the text on Wikipedia relies on Wayback Machine links to remain verifiable. If they lose that, I guess the editors might have to comb every page for information which would need to be either resourced or deleted.
This is a great question, and a state of the art kind of thing.
HDDs are sold with a lifetime drive read/write amount and power cycle warranty, along with usually some environmental operating envelope. read/write relates to the quality/space of the platter, power cycle is usually the actuator & read/write head being reseated/wearing out. Environment is the same as all other devices in a DC.
Most folks replace drives when they die (reads/writes stall or return garbage), or when the warranty runs out. Some will pay for a warranty exception, and some will just use the drive outside of warranty. Depending on how you use the drive, what environment it's in, etc changes how much you can push things.
I'd say anywhere from 4-8 years, depending on how it's used. In many cases it can be cheaper to have a worse environment for your fleet (thus using less power on hvac) and replace devices more frequently.
I remember for a long time (I'm talking 20-ish years back here), every hard drive I bought had double or more the capacity of every drive I'd ever bought previously combined. My first ever 40MB (yes, megabyte) drive got upgraded to an 80MB one, that got updated to a 250MB one, then a 750MB, and then a whopping 2GB drive (how would I _ever_ fill that up???) - and so on. That's slowed down some, but I'm currently starting to think about upgrading my 8TB drives (Raid1 pair) with 20TB drives when the prices start to drop a bit more.
Drives do 140-220MB/s depending on the LBA distance of the readhead, and that's not really changing. 160MB/s is very common.
So your 8TB drives, assuming 1MiB writes with a 20ms latency and 160MB/s, you can rewrite the drive ~155 times/year. At 20T this drops to ~62 times/yr.
Do people really replace their drives when the warranty runs out? Hard drive manufacturers won't provide data recovery on drives that fail under warranty[1]. It makes more economical sense to just run a drive until it dies. You'll end up paying the price for a new drive either way, but less often if you ignore the warranty expiring.
1: I discovered this myself when a Seagate drive containing some important data failed under warranty. If you're foolish enough to send them a failed drive with data you need recovered (like I was), all they'll do is throw it in the bin and send you a replacement drive.
is for sure not true, that would be crazypants
I have no other explanation. At some point, having too many nested loops and variables causes segmentation faults, whereas less complex code functioned without error. I needed to have certain things performed, and it only functioned in the main.
So the question becomes more like "how long does an average hard drive last while powered down and still reliably be able to power back up and be read?".
I'm fairly sure that is a lot longer than the single digit years that'd be the probably answer to your question.
I wonder if there are useful guidelines for long term storage of powered down hard drives? My gut feel is the major failure modes would be electrolytic capacitor failure, bearings sticking as the lubrication ages, and obseleting of the interfaces. I wonder how hard it'd be to find hardware that'd read my Mac SCSI hard drives from 25 years ago?
Easy… that original Mac is sitting in my basement and it worked like a charm last time it was powered on 4 years ago.
You'd have to spend a lot more, because with that many drives, you need redundancy now.
I think with that many drives, you'd be losing them constantly, and I suppose you wouldn't know which ones until later (assuming you're doing an offline backup, if you aren't you have to factor in power costs).
1.71% a year failure rate if you care for the hardware as much as they do.
They are cheaper per Gio, and last significantly longer
hard-drive price: $0.014/GB
B2 price (12*6/1024): $0.070/GB/year
They have their own backups which I think is good enough for now unless someone plans on donating a few hundred million.
From my own personal experience doing distributed archiving with no relation to Archive.org, Filecoin/IPFS's UX isn't quite there yet. They still don't let you serve data to the network from a normal filesystem, you have to let their system ingest all of your stuff so you end up double-storing data or you have to give into everything being stored as inscrutable binary blobs.
That's why I still haven't integrated ArchiveBox with IPFS/Filecoin/Storj, let my data live in a normal filesystem dammit!
I don't understand this part. What data would you have to give them? Why can't it just live next to your stuff on your OS' filesystem?
For Filecoin, if you want fast access, you do need to keep a second hot plaintext copy, as well as the sealed Filecoin copy. But that works for the backup case for IA, because the hot copy would be served from the archive's existing infrastructure (and/or a distributed IPFS hot cache) -- you'd just use Filecoin for the proven safe backup.
The project to back up IA to Filecoin is still ongoing. The IA dashboard that shows the current state is (perhaps predictably) down at the moment, but it crossed the 1PiB line last year[2], and they've been optimising the onboarding flow recently.
[1] https://docs.ipfs.tech/reference/kubo/cli/#ipfs-add
[2] https://blog.archive.org/2023/10/20/celebrating-1-petabyte-o...
(Disclosure: I work at the Filecoin Foundation/Filecoin Foundation for the Decentralized Web, which partners with the Archive on this project, as well as supporting other Internet Archive backup projects.)
I appreciate your effort and I hope the project continues.
https://www.indeed.com/viewjob?jk=3bb8222ccd9a88ea
That is. Paying over 100k at the lower end of the range for 3y experience as software engineer
For context someone making less than $105k is classified as "low income" in San Francisco. https://www.sfgate.com/local/article/under-100k-low-income-s...
Thanks for clarifying your intent.
[0] https://www.hcd.ca.gov/sites/default/files/docs/grants-and-f...
Does this mean you get benefits (like free housing, healthcare, and money to buy food with) if you earn less than 105k/year? Or what does low income threshold mean here