HackerTrans
TopNewTrendsCommentsPastAskShowJobs

timgl

282 karmajoined 14 tahun yang lalu
Co-founder of posthog.com - open source product analytics.

comments

timgl
·kemarin dulu·discuss
founder here, what specifically do you use posthog for that you now find hard to find?
timgl
·11 hari yang lalu·discuss
We review every single applicant so this doesn't sound right. It might be that rejection emails get batched and sent on a schedule. I can't find your resume based on your username but if you want to send me an email on tim at posthog dot com I will look into it.
timgl
·2 bulan yang lalu·discuss
You mean Product Engineers? We've hired ~80 people in that role in the last year!
timgl
·2 bulan yang lalu·discuss
PostHog | Full-Time | Product engineers, backend engineers, Technical Account Managers, sales leader | REMOTE (all remote) | Hiring GMT-8 to GMT+2 PostHog makes dev tools that help product engineers build successful products.

* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.

* we are growing through more autonomy and transparency not through process.

* we have a ton of scale and a bunch of super interesting technical problems to solve

* we're building 20 more products over the next couple of years, so you could end up building one of those

* public compensation calculator! see immediately what you'd get paid

* we're hiring: product engineers, clickhouse operations engineer, backend engineers, product managers, technical account managers and technical customer success managers.

https://posthog.com/careers
timgl
·3 bulan yang lalu·discuss
Not at the moment but we probably will be hiring more later in the year!
timgl
·3 bulan yang lalu·discuss
PostHog | Full-Time | Product engineers, backend engineers, Technical AMs, sales leader | REMOTE (all remote) | Hiring GMT-8 to GMT+2

PostHog makes dev tools that help product engineers build successful products.

* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.

* we are growing through more autonomy and transparency not through process.

* we have a ton of scale and a bunch of super interesting technical problems to solve

* we're building 20 more products over the next couple of years, so you could end up building one of those

* public compensation calculator! see immediately what you'd get paid

* we're hiring: product engineers, clickhouse operations engineer, backend engineers, product managers, technical account managers and technical customer success managers.

https://posthog.com/careers
timgl
·5 bulan yang lalu·discuss
We have a lower bound on our location based pay which is a percentage of salary in SF, which applies to both those locations. We fixed the currencies a while ago (so people's pay don't fluctuate up and down in local currencies), which is why those two locations have different pay now.
timgl
·5 bulan yang lalu·discuss
PostHog | Full-Time | Product engineers, backend engineers, Technical AMs | REMOTE (all remote) | Hiring GMT-8 to GMT+2

PostHog equips developers to build successful products by combining product analytics, feature flags, session replay, a data warehouse, CDP and many more.

* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.

* we are growing through more autonomy and transparency not through process.

* we have a ton of scale and a bunch of super interesting technical problems to solve

* we're building 20 more products over the next couple of years, so you could end up building one of those

* public compensation calculator! see immediately what you'd get paid

* we're hiring: product engineers, clickhouse operations engineer, backend engineers, product managers, technical account managers and technical customer success managers.

https://posthog.com/careers
timgl
·6 bulan yang lalu·discuss
Apply anyway! There's a chance we can't hire there for legal reasons, but it's probably because we haven't hired anyone from there yet.
timgl
·6 bulan yang lalu·discuss
Yes, just mention it in your first call :)
timgl
·6 bulan yang lalu·discuss
PostHog | Full-Time | Product engineers, backend engineers, Technical AMs | REMOTE (all remote) | Hiring GMT-8 to GMT+2 PostHog equips developers to build successful products by combining product analytics, feature flags, session replay, a data warehouse, CDP and many more.

* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.

* we are growing through more autonomy and transparency not through process.

* we have a ton of scale and a bunch of super interesting technical problems to solve

* we're building 20 more products over the next couple of years, so you could end up building one of those

* public compensation calculator! see immediately what you'd get paid

* we're hiring: product engineers, clickhouse operations engineer, backend engineers, product managers, technical account managers and technical customer success managers.

https://posthog.com/careers
timgl
·7 bulan yang lalu·discuss
PostHog | Full-Time | Product engineers, backend engineers, Technical AMs | REMOTE (all remote) | Hiring GMT-8 to GMT+2

PostHog equips developers to build successful products by combining product analytics, feature flags, session replay, a data warehouse, CDP and many more.

* we have a public handbook (posthog.com/handbook) if you want to learn how we work, pay and more in complete detail.

* we are growing through more autonomy and transparency not through process.

* we have a ton of scale and a bunch of super interesting technical problems to solve

* we're building 20 more products over the next couple of years, so you could end up building one of those

* public compensation calculator! see immediately what you'd get paid

* we're hiring: product engineers, clickhouse operations engineer, backend engineers, product managers, technical account managers and technical customer success managers.

https://posthog.com/careers
timgl
·8 bulan yang lalu·discuss
The only compromised versions are the ones listed. Any other versions are fine.
timgl
·8 bulan yang lalu·discuss
Hm did you click on "help" (on the right side) -> "Email our support engineer" when logged in?
timgl
·8 bulan yang lalu·discuss
No, just the host that was running the package (the exploit was pretty generic and not targeted at PostHog specifically). In fact, so far we think there were 0 production deployments of PostHog because the package was only live for a little bit.
timgl
·8 bulan yang lalu·discuss
co-founder here. We mentioned it in the main thread about this: https://news.ycombinator.com/item?id=46032650 and on status.posthog.com

- posthog-node 4.18.1, 5.13.3 and 5.11.3

- posthog-js 1.297.3

- posthog-react-native 4.11.1

- posthog-docusaurus 2.0.6

If you make sure you're on the latest version you should be good.
timgl
·8 bulan yang lalu·discuss
Yep, we are moving to workflow OIDC as the next step in recovery.
timgl
·8 bulan yang lalu·discuss
The packages were published using a compromised key directly, not through our ci/cd. We rolled the key, and published a new clean version from our repo through our CI/CD: https://github.com/PostHog/posthog-js/actions/runs/196303581...
timgl
·8 bulan yang lalu·discuss
co-founder of PostHog here. We were a victim of this attack. We had a bunch of packages published a couple of hours ago. The main packages/versions affected were:

- posthog-node 4.18.1, 5.13.3 and 5.11.3

- posthog-js 1.297.3

- posthog-react-native 4.11.1

- posthog-docusaurus 2.0.6

We've rotated keys and passwords, unpublished all affected packages and have pushed new versions, so make sure you're on the latest version of our SDKs.

We're still figuring out how this key got compromised, and we'll follow up with a post-mortem. We'll update status.posthog.com with more updates as well.
timgl
·8 bulan yang lalu·discuss
co-founder of PostHog here. It looks like we were also a victim of this attack: https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24

We've rotated keys and passwords, unpublished all affected packages and have pushed new versions, so make sure you're on the latest version of our SDKs.

We're still figuring out how this key got compromised, and we'll follow up with a post-mortem. We'll update status.posthog.com with more updates as well.