←back to thread

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

(techcrunch.com)
282 points bundie | 4 comments | 25 Jun 25 18:07 UTC | HN request time: 0.444s | source
Show context
yodon ◴[25 Jun 25 22:32 UTC] No.44382371[source]
Pretty sure auth is not something I want a self-taught dev (or even most CS-graduate devs) writing.

Oauth2, JWT's, hashes, timestamps, validations, and such, are all totally simple until they're not. The black hats have way more experience and way more time invested in this space than most any normal dev.

replies(8): >>44382542 #>>44382600 #>>44382664 #>>44383532 #>>44383603 #>>44385107 #>>44385540 #>>44459701 #
1. pinkmuffinere ◴[25 Jun 25 23:13 UTC] No.44382664[source]
> The black hats have way more experience and way more time invested in this space than most any normal dev.

Surely the black hats you refer to are themselves self-taught? They didn't find a school that would teach them about crime, right? In that case it seems like self-taught can be good enough.

replies(3): >>44383202 #>>44383609 #>>44384288 #
2. msgodel ◴[26 Jun 25 00:47 UTC] No.44383202[source]
Black hats have to be right once, white hats have to be right every time.

They can spray and pray, you have to write proofs.

3. qualeed ◴[26 Jun 25 02:08 UTC] No.44383609[source]
>They didn't find a school that would teach them about crime, right?

The difference between the bad guys and good guys isn't what they've learned. It's how the use what they've learned.

Any cybersec course worth its price tag is going to teach you all about penetration testing, exploits, etc. It's pretty hard to come up with a good defense if you don't learn about how the attacks work.

4. slt2021 ◴[26 Jun 25 04:54 UTC] No.44384288[source]
if blackhat is wrong nobody will hear about it

if software dev/blue team is wrong, it leaves a giant gaping hole in the system open for anyone to exploit 24/7