OnlyFans is at his core a tech company, with (I'd guess) a stack that looks a lot like any other high volume social media platform. They likely have a decent size engineering group.
Yet all of what I would think of as the expected recruitment links (e.g. https://careers.onlyfans.com/) go nowhere. Quick searches on LinkedIn, Indeed and CrunchBoard come up empty.
Obviously, this is due to their content. But I wonder, how does a company like this recruit good (or at least decent) talent?
Hey, know a couple folks working in adult companies including the big one like Pornhub,Xhamsters, xxx.com. They mostly employed through a proxy IT shop that from the first glance has nothing to do with adult technology. Also AFAIK you're not allowed to state in your CV the name of the product you have been working on.
Interesting, hadn't seen that the CEO stepped down. Rebranding after acquisition to distance themselves a bit from him is a reasonable move. The guy was shady as fuck. Though, the company has a reputation for being a sweatshop in the engineering and video editing departments. I don't thing a rebrand or private equity is going fix that any time soon.
I'd be interested to learn more about that, how does that work? Are they subcontractors? Hired directly through that shop? Is that shop owned by outside people or does the tendrils of whoever owns those sites extend there? Such a fascinating, underground world that doesn't see much light.
Imagine working in an outstaffing company like EPAM or Cognizant, but you only work for a single client.
The shop is not owned by outside people and has little interest in having more than one customer.
Come to Cyprus one day, you will get a flavor of undergrad tech of all kinds – gambling, adult tech, betting, etc. All these guys are legally operating in the dark mode and sitting on a ton cash of money without VC support.
I think, to a large extent, they don't attract decent talent. The sites are barely functional from a monetization POV.
OF, for example, leaves stacks of money on the table by not having a functioning recommender engine. OF artists are almost always discovered and promoted on platforms like Twitter, which DO have finely tuned recommender systems, but it seems like such an inefficient way of going about things.
Programming the front end for an adult website is not that much different from any other web development. You will never even watch much "content" at work despite the product you're working on.
I'm sure you can comment about the actors, but given that OF is simply a hosting platform, I assume the GP was talking about hiring developers.
Sex work often involves a lot of drug addicts and negative outcomes for all involved. Those who advocate for it are often not telling their whole story.
The negative outcomes are mainly due to societal stigmatization. Which explains the 'not telling the whole story' pretty well too. It's not exactly great dinner conversation.
Drug addiction is not really something that's compatible with adult performing. I'm sure it would correlate with some type of sex work (the cheapest 'street corner trick-turning' comes to mind) but those are not the type of people you'll find on OnlyFans.
I wouldn't be surprised if you find more drug addicts in a high-speed trading floor than the average OnlyFans performer population.
Ps I'm not advocating it as a career option but I know some people are drawn to it and genuinely like it. Reddit is/was full of people doing it for free and I don't think it's a bad idea to try to make a job out of it for those people.
> The negative outcomes are mainly due to societal stigmatization
disagree - ordinary citizens often do not get to see the inpatient room at rehab clinics, emergency rooms and court hearings. The fun ends pretty quickly for a lot of people. not making this up "real"
Are we talking about sex workers or the "War on Drugs"? It's very much established that society and even the government can make certain stereotypes and stigmas stick if they want it to.
honestly, no one suggested "make self-harm illegal" here you added that. People can do vice all day and more importantly all night. After you have seen the results a few (dozen) times you might change your mind. Meanwhile, lots of people with active substance abuse habits will chime in quickly about how wrong it is to criticize substance abuse habits.
I just don't understand how sex work (and especially video sex work) equates to drug abuse.
I know many OnlyFans performers and only one of them has a drug problem (and had this already before she turned to OnlyFans). She's also not very popular because it's pretty clear that she has this problem. That's why it's such a bad combo. The successful ones (well, successful as in they make a few hundred bucks a month because it's not a goldmine) make much higher quality and have a normal day job / life.
Like I said some sex work does really correlate with drug abuse but it's really the lowest-quality street prostitution, girls that turn tricks for a few bucks to pay for their drug habit. They won't be popular on OnlyFans because they simply look awful. It's terrible but the sex work is a result of their drug abuse, not the other way around. The same with the petty theft surrounding drug abusers.
> The negative outcomes are mainly due to societal stigmatization. Which explains the 'not telling the whole story' pretty well too. It's not exactly great dinner conversation.
Source please?
> Ps I'm not advocating it as a career option but I know some people are drawn to it and genuinely like it. Reddit is/was full of people doing it for free and I don't think it's a bad idea to try to make a job out of it for those people.
This content, free or not is a net negative on society.
Well the people I generally meet would talk about porn at the dinner table when we go out and many of them publish on OnlyFans too lol :P I also often repair sex toys for my friends.
But I wouldn't imagine this to be a popular topic when meeting up with the in-laws that's all.
The same is true of lots of kinds of work: finance, healthcare, foodservice, retail, construction... (Especially construction.) The common thread is income inequality and poor protection for workers, not sex.
They don't. I worked for kink for 4 years. Before I was hired, they had a guy who wrote terrible PHP code and the site was a mess. We spend a bunch of time rewriting everything from scratch and rebuilding everything in the IT department. We also had a really hard time hiring good people.
After I left, they made a bunch of new hires that completely destroyed all the good work we did, because they didn't understand it.
For example, kink used a lot of top level domains and wanted to have a single login for their customers across all domains. We built a whole SSO implementation, that while complicated, solved the problem amazingly well. Log into any site and you're magically logged into all of them, without needing a server side tracking solution. Well, the new team didn't understand it at all (despite it being well documented), and broke all of it.
It's interesting that the motion is called that, because any biscuits I've ever made get tough and not flaky if you knead them too much. And too much is pretty much anything more than the bare minimum required to get them to hold together.
Biscuits (in the US sense) are more like a chemically leavened pie crust than a yeast leavened bread.
I like the term “making biscuits” better than “kneading” or “kneading biscuits”. Butter biscuits (and scones) usually require handwork to integrate the butter into the dry ingredients. In my experience, this handwork pretty closely resembles what the cats are doing. There’s a lot of squeezing going on to break up the cold butter and mix it in.
I think of it more as a pinching motion to divide the big clumps of fat into smaller ones while coating them in flour. I'm still not convinced that cats know how to make biscuits :-)
There was a old type of biscuit in Maryland that was not leavened with chemicals but aerated by beating. Kneading would make them too tough of course. I don't understand the technique exactly and someday I'd like to try making a batch, although it would be better to find a place I can try a real one first if that still exists.
Any scone I've ever eaten (around the world) was sweetened to some degree. American southern style biscuits are unsweetened and have a higher fat content than a scone. It's really hard to find decent ones outside of their natural range, even throughout a lot of the USA. I would never order them in say, Seattle.
As a counterpoint there's this article about the technique, not the flour, being the critical ingredient. I remember both because I dated someone from the south who missed the biscuits and I was trying to make better ones. The link you have made me think I needed to work on the flour. Then this made me think improving the technique was more important, but by that point I had gotten better at it. Now I'd have to restart the practice to make something I'm proud of. Most of the biscuits I make now get frozen and then shared for breakfast while camping or even backpacking.
None of that is to say I'm an expert, seeing that article just reminded me of a lot of biscuit making.
Biscuits in the American sense are scones in the Commonwealth sense.
Scones in the US sense are sweet. Scones in the rest of the world are savory, more like American biscuits.
Biscuits in the Commonwealth sense are American cookies, although I feel like American cookies are usually the thick kind with chocolate chips, whereas Commonwealth biscuits are often the plain thin ones that you might dunk in a cup of tea.
In Italian I've seen a bunch of names for the kneading: pigiare la lana (to tread the wool), fare il pane (to make [knead] bread), and la danza del latte (the milk dance). I think that the first two are references to the movement, just like "making biscuits"; except that bread actually improves as you knead it, unlike biscuits.
As in Portuguese it's just "amassar pãozinho", or roughly "to knead bread", with a [likely affectionate] diminutive.
I don't really consider that clickbait. You've just described most subscriber-only content from analysts and others. But not sure how useful it is to post half an article here.
"something (such as a headline) designed to make readers want to click on a hyperlink especially when the link leads to content of dubious value or interest."[1]
The article you get when clicking isn't the content promised by the headline. To get the content promised, one needs to go to a second article, which requires a fee.
"Let's now assume that the user enables the PIN unlock and configures Bitwarden so that it doesn't require the master password on restart."
If the user has setup Bitwarden so the master password is not required, then the user gets what they asked for, namely a password database secured by a 4 digit PIN. Not clear to me why this is a problem Bitwarden needs to fix.
You're assuming the average user understands security when that is definitely not the case. The job of Bitwarden is to help all users (even ones ignorant of security) to secure their data. If Bitwarden has no warning explaining that pins are unsecure, then the fault 100% lies with Bitwarden.
Some things fall into the "obvious" category, users should just know them, and it's not 100% on Bitwarden to make the world a safe place.
Is it a good idea to leave your password on a piece of paper under your keyboard? No, and you shouldn't need Bitwarden to tell you that.
Is it a good idea to use your name and date of birth as a password? No, and this should be obvious, not something Bitwarden needs to educate you about.
Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.
Are there people out there who do need this education? Of course. But that's a job for someone with infinite patience and understanding. Not some words on a web page from a supplier.
Case in point, my step dad belonged to a "computers for elders" group and one day he learned about antivirus software. Next time I watched him, he was googling for anti virus software and downloading any he could find, from anywhere on the internet. He ended up with 6 different AV packages, some very dubious looking indeed. I tried to explain the dangers but he couldn't understand how antivirus could actually harm his computer. And he was a practicing doctor of medicine before retirement. It really highlighted the challenges of protecting some people in the brave new digital world.
> Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.
Most people really don’t know that. It is not obvious to a normal user.
I realize math education in the US sucks but are really suggesting most people can’t figure out that 0 to 9999 is all the possibilities you get from 4 digits?
I'm confident your average person would understand that a PIN is insecure if it was explained to them.
But think about other things in life that use a PIN -- debit cards, customer support shortcuts, etc. These are things that can't or typically won't be brute forced and are deemed as "secure enough" in our world.
Your average person has no idea how a 2FA token is generated, but they know it's just a few numbers that they have to enter on various websites and apps, and those numbers resemble a PIN. Yet another reinforcement that just a few numbers keeps things secure.
If you walk a user through software setup, and at some point they need to provide a complex master password, they would never automatically assume that being presented with an option to use a PIN would remove the security provided by a complex master password.
Only if they were to think it through, or have someone who thinks analytically, would they understand that in this scenario, given that it's Internet-accessible software, a PIN could be brute forced in no time unlike their debit card or any other PIN they may need to use in the course of their day to day life.
One could get into a long debate about whether "most" is literally true or not, but I think most of us should be able to agree that at least a significant proportion of people - enough to matter - either won't or can't think of this without some prompting.
>Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.
Normal users see that Bitwarden blocks you after 5 guesses, therefore an attacker will never get past all 10000 guesses. They won't realize that this block is easily evadable.
It's a bit of a stretch to label Bitwarden users as average user. Average users don't know about password managers beyond whatever their browser supports.
With a secure enclave of some kind, there could conceivably be a three attempt limit before the temporary key associated with the pin is deleted, and full pass phrase is required. In such a setup pin might make sense.
As it is - I'm not sure if pin makes sense even if there's user demand? Then again I do use biometric unlock - and that's not really great either.
At least the bitwarden installs are behind fde (macOS) - and possibly (?) file based encryption (Android 13+).
> the user gets what they asked for, namely a password database secured by a 4 digit PIN.
A 4 digit PIN would be safe if Bitwarden securely enforced an attempt limit on the PIN. There's several options to implement this securely (see e.g. other comments about Windows Hello or use of a TPM).
Why did you jump to a 4 digit PIN instead of a 10 letter word? (which is still faster than the full 20 letter master password with many special symbols)
Is it because of the name PIN? So there is your simple answer of what problem Bitwarden needs to fix
Your mirroring fails precisely because it's a password, and it's pretty common to set minimum requirements, so you can't have 4 digit pin
Similarly with your first point - I don't think the master password has many special symbols, I'm just asking a question that illustrates the issue with the original faulty assumption
They could make the pin process intentionally slow… maybe with some number of iterations… and as computers get faster they can just update the number of iterations required…
If the PIN is local, only a secure element type of chip could meaningfully enforce this restriction. Otherwise, whatever memory or disk stores the secret encrypted only by the 4-digit PIN could still be brute forced. Just disabling entering a PIN in the UI would not be enough for security.
An Nvidia RTX 4090 can crack a 4 digit pin using PBKDF2 with 200k iterations in less than a quarter of a second. Argon2 is definitely the better option, but even at 1 hash per second, that's less 3 hours.
> [...] As a comparison baseline, a 2.4 GHz Core2 CPU can perform about 2.3 millions of elementary SHA-256 computations per second (with a single core), so this would imply, on that CPU, about 20000 rounds to achieve the "8 milliseconds" goal.
So you'll need something that takes at least as long as entering your full password, at which point you basically could enter the full password (from a UX perspective). They PIN is here to make it faster and it will always be security vs. ease-of-use.
It already is intentionally "slow". However, for a 4 digit pin there are only 10 thousand combinations. It is not practical for it to be so slow that 10000x it is an infeasible amount of time. Not only would the user have to way too long on each entry, the attacker could just use faster hardware.
Or multiple machines. There are about 31k seconds in a year. 3.1 seconds per iteration seems already slow as a response time to unlock a db so it's about one year for those 10000 attempts. Split it between 10 machines by first digit, it's down to a little more than one month. Split it between 100 machines by the first two digits and it's down to half a week.
A four digit PIN is poor security. What Bitwarden could do is removing that feature.
Split it to 5000 machines, which will be "quite easy to get" for a computation that takes a single line in most languages. Then we're talking about 6 seconds and 50% success on first try.
That's a bit like putting a website password check in the client-side JavaScript. Attacker removes lockout, continues brute-forcing.
There really isn't a solution if the entropy is low and the enforcement mechanisms are in the hands of the attacker. Even a TPM or secure element is just a financial obstacle to a sufficiently motivated attacker.
Nice to see an article address what Moore actually said (transistor count doubles every 24 months) and not what people often thinks Moore said (performance doubles every 24 months).
It started out as every 12 months in the original 1965 article which lasted for about a decade before being updated to 18 months, and relatively recently people started talking 24 months.
In the early 1980s there was a time it seemed to hang in the air because all the clock rates in a micro were synchronized to the video scan. Steve Jobs had no idea the Apple ][ was going to last as long as it did so they came out with the the failed /// and the 128k Max that was really just an awesome demo.
It wasn’t until the mid 1980s that PC compatibles reached a place where you could buy a new computer that was exponentially better than the computer you bought 2 years ago but that was gone around 2005. Until then the smaller transistors were really faster and consumed less power but since then you mostly have more of them and moderate improvements in power consumption.
In the beginning, everything good correlated with more transistors: decreased pitch led to lower power per transistor, faster clock frequency (implying faster RAM), more RAM, and lower cost per transistor. In the decades since pretty much everything but "number of transistors" has fallen off. Pitch doesn't mean pitch, clock speeds are a function of cooling, cost is going up.
One thing that has correlated well with Moore's Law still is exponential cost to open a new fab, and fewer companies chasing the latest node. As Moore's Law slows, and possibly eventually ends, the end is going to be caused by economics, not just physics.
Yeah, to some extent- how much I'm not sure- Moore's Law became a self-fulfilling prophecy. Because everyone knew that transistor count was about to double, everyone- including the Wall Street investors- agreed that you needed to spend all that money to build that new fab, because if you didn't you can be damn sure your competition would. So the semiconductor industry "was allowed" by investors to continue making enormous investments in the next generation of fabs. If there was some similar law for, say, rockets, could we have had that sort of progression in space travel instead?
No, because the economics are different. To put some things in context:
- Cost of the Saturn V development program: $6.417bn then / $35.4bn in 2020 dollars
- Cost of TSMC's Arizona fab: $12bn now
- The Saturn V program launched a handful of humans into space for $0.185bn then / $1.23bn now per launch.
TSMC's fab may cost a lot, but it produces a very large number of chips and, most importantly, it's reusable. The most density- and performance-sensitive applications use the newest fabs first, but the fabs are not thrown out immediately after a newer process is developed. Instead, the older fabs start making cheaper chips that don't need leading-edge performance. All of that up-front cost is amortized over a decade of continuous use.
If investors had poured money into rockets instead of chip fabs, we wouldn't have had everyone going to space. The investors would have just lost their shirt. Space has inherent costs we can't engineer around (e.g. fuel) and getting there is primarily a scientific endeavor rather than a consumer good. Keep in mind, there's nowhere to go[0] in space once you get there, except back to Earth.
Meanwhile, chips are something everyone needs now, and owning a fab is still a profitable venture even when the R&D costs go up - at least, for as long as the manufacturing technology works and people are willing to pay a premium for better chips. It's not purely an R&D arms race.
[0] I am leaving the possibility of terraforming Mars out of this, as that has enormous problems on its own.
Cost per device might have flattened at the leading edge (where fabbing processes are increasingly customized, so skyrocketing costs are to be expected) but the trailing edge could be seeing more improvement, AIUI.
>and not what people often thinks Moore said (performance doubles every 24 months).
Performance double every 24 months isn't the modern take anymore. In the past 3 years all major PR has twisted the word "Moore's Law" to just meant transistor improvement.
It's not even that, and it never really has been. Anyone talking about performance was misrepresenting it. The prediction was that the density with which you're at the point of minimum-cost-per-transistor would double every year. It was also originally a prediction going out 10 years to 1975.
The more transistors you put on a chip, the less expensive each transistor is, but the higher the risk of defects, so there's always an optimum amount as your fabrication processes improve.
> The complexity for minimum component costs has increased at a rate of roughly a factor of two per year (see graph on next page). Certainly over the short term this rate can be expected to continue, if not to increase. Over the longer term, the rate of increase is a bit more uncertain, although there is no reason to believe it will not remain nearly constant for at least 10 years. That means by 1975, the number of components per integrated circuit for minimum cost
will be 65,000.
> I believe that such a large circuit can be built on a single wafer.
Not sure where you're getting those numbers. I've been a Backblaze customer for 10+ years, and I was contacted about the directed share program. Have not heard about price or volume yet.
Not who you replied to but I got an email October 22nd "Pre-Registration for Potential IPO Directed Share Program
" telling me to express interest, did, then October 28th got an email from Fidelity "Backblaze Directed Share Program - Account Opening Invitation" giving me until the 9th to open a Fidelity brokerage account.
Yet all of what I would think of as the expected recruitment links (e.g. https://careers.onlyfans.com/) go nowhere. Quick searches on LinkedIn, Indeed and CrunchBoard come up empty.
Obviously, this is due to their content. But I wonder, how does a company like this recruit good (or at least decent) talent?