HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bostondavidvc

no profile record

comments

bostondavidvc
·vor 5 Jahren·discuss
If you have a few minutes, you could file a bug here: https://webkit.org/reporting-bugs/ and potentially get it in front of Safari's networking team.
bostondavidvc
·vor 5 Jahren·discuss
Whoa, this kind of impressed me (linked from the blog post) https://bughunters.google.com/about/patch-rewards

Payouts for security-positive improvements to security-critical OSS projects:

* $20,000 for setting up continuous fuzzing with OSS-Fuzz

* $10,000 for high-impact improvements that prevent major classes of vulnerabilities

but the low end of the scale is kind of neat too:

* "$1,337 for submissions of modest complexity, or for ones that offer fairly speculative gains."

* "$500 our "one-liner special" for smaller improvements that still have a merit from the security standpoint."

... and you can qualify for these even if your day job is working on one of these OSS projects!

> Q: I'm a core developer working on one of the in-scope projects. Do my own patches qualify?

> A: They most certainly do.

Neat stuff.

(Googler here, but I don't work on the VRP.)
bostondavidvc
·vor 5 Jahren·discuss
> there is no limit where one can say, "My work is done"

I'm a couple years into my first software job, at Google. We don't do performance evaluations relative to whether you're doing as much work as you're capable of in 40 hours. You're evaluated against a fixed rubric corresponding to the job level. In other words, if you're capable of doing a Software Engineer N's worth of work in 40 hours and your title is Software Engineer N-1, you can either put in the 40 hours and get promoted to Software Engineer N eventually, or you can work less and still be perfectly productive relative to your current role's expectations. Plenty of people make that latter choice and work well under 40 hours.