Hi! I'm a backend-leaning fullstack engineer with strong infra/DevOps experience. I have 8 YOE with a mix of enterprise and startup; 3+ YOE working remotely in a globally distributed team. Looking for a backend or fullstack role with product thinking.
Early in my career, I led the technical side of a workflow automation project at Earthlink - a big local enterprise. Later, I contributed 3+ years to Automattic (US) - the company behind WordPress. I've built and maintained time-sensitive, high-throughput services processing millions of ops daily.
While I'm a technical guy by title, I've worked very closely with business and have decent product development experience.
I do my best on high autonomy, ambiguity, and solving hard problems. I know how to turn vague business needs into systems - I've been doing that for most of my career.
Haidt, in his great book "The Righteous Mind," has been arguing that reasoning evolved not to discover truth but to win arguments. There's a lot of scientific research backing his idea.
Haidt's metaphor is the rider and the elephant: the elephant (intuition) leans, and the rider (reasoning) invents the justification afterward and then defends it like a lawyer, not a truth-seeker.
Intelligence doesn't fix this - it just makes people better at coming up with hard-to-defeat arguments; that explains why smart people disagree all the time.
You can probably catch a big pie of those with simple heuristics to flag suspicious repos for expensive review
(human- or AI-based). I did that with public account & repo data, and I believe they can do much more given the amount of private data they have access to.
I'm talking about 10s of repos flagged in a few hours. I don't think the volume would be that big for an expensive review.
Well, my trend detection logic rewards recent stars more than older ones [1]. Recency is an important factor for many custom and public tools that track GitHub trends. I think the bad guys intentionally recreate repos - I actually noticed that.
That being said, they do take action if you report the repo. So I'm guessing good users are doing the heavy lifting here with reporting. I don't believe GitHub is taking enough proactive measures, or maybe they do, but it's not working well, obviously.
This is just one flavour of abuse. GitHub does NOT give a shit about the scale of the malware problem.
I've seen so many forms of malware repos working on a GitHub trends newsletter [1], mostly about crypto, NFTs, KMS, and similar stuff.
In the first runs of the project, I was so surprised by tens of malware repos that looked like trending repos. A lot of them share some common traits that made filtering feasible:
- Made by a fresh GitHub user - many created in the past few days.
- The average creation date of Stargazers accounts is very close to the repo creation date. If you take the mean time diff, those bad repos get exposed.
I reported 10s of malware repos, but then I gave up as I felt GitHub was not really doing enough to fight back. I was like... these guys don't seem to care, why should I?
God knows how many people have been abused by these malware repos on GitHub.
I finished The Lean Startup a few days ago, and I really felt the power of the ideas you've shared there coming from a heavily technical background; incredible work.
It's already been 14+ years since you wrote the book; I wonder if a second edition is something you have in mind, or at least on your consideration list
Sam Altman and other big figures tend to shape their narratives around their personal and organizational interests. When people were skeptical, they pushed hard into the "God-like AI" narrative. Now that safety concerns are growing and their growth plans are in danger, they're pushing back against what they used to advocate.
Even if they genuinely believe what they’re saying, their perspective is still fundamentally biased and should always be taken with a healthy grain of salt.
I hate to say it, but I'm becoming less and less interested in structured content, and more interested in disorganized, messy content over time. I don't like the thought of how this may end up in a few years for me.
Tokenmaxxing is so dumb. You should never show your team how exactly you're measuring their performance; people will optimize for the metric, not the actual performance.
Classic Goodhart’s Law: when a measure becomes a target, it ceases to be a good measure.
Remote: yes
Willing to relocate: depends
Technologies: TypeScript/Node, Ruby/Rails, Python, Frontend (JS/Dom, React, Tailwind, ...), Microservices & Distributed Systems, REST APIs, GraphQL, RabbitMQ, Pub/Sub, Redis, Postgres/MySQL, Elastic Stack, Prometheus, Splunk, Kubernetes/Docker, Ansible.
Website: https://hadid.dev
Résumé/CV: https://hadid.dev/resume/
GitHub: https://github.com/mhadidg
Email: career+hn @ [my website domain]
---
Hi! I'm a backend-leaning fullstack engineer with strong infra/DevOps experience. I have 8 YOE with a mix of enterprise and startup; 3+ YOE working remotely in a globally distributed team. Looking for a backend or fullstack role with product thinking.
Early in my career, I led the technical side of a workflow automation project at Earthlink - a big local enterprise. Later, I contributed 3+ years to Automattic (US) - the company behind WordPress. I've built and maintained time-sensitive, high-throughput services processing millions of ops daily.
While I'm a technical guy by title, I've worked very closely with business and have decent product development experience.
I do my best on high autonomy, ambiguity, and solving hard problems. I know how to turn vague business needs into systems - I've been doing that for most of my career.