Thanks for sharing your xp. I always thought that working for ManWinn (the proprietors of PornHub and Brazzer etc) in Montreal would be an interesting xp. Wasn't even thinking about the technical challenges but thought maybe in a business where you are selling a primal human desire, you cannot be coy and hide behind the usual BS startup-speak, "changing the world by bringing joy to the inspired accountants and internet markers of the world via artisanal book-keeping SaaS/AdWords campaign dashboards written in GoFluxReduxGoRustEmberElixir and handcrafted in California, lightly dressed with material responsive design"... "No, we're the proprietors of amateur and Brazzer Network-produced porn using PHP and web-design from the 90's (yes complete with the old plain pop-up's but none of that new subscription modal pop-up dark pattern), but our customers' penises do not care - in fact they love it."
When you're building software for a specialized field like finance, health care etc., the end-impact is always obscured by layers of product managers, business analyst and the domain where you have no knowledge - web development in porn seems like a good biz to be into where "I'm not only the Hair Club president, but also a client."
You're right. Porn sites in general are poorly designed from the UI side. But the fact is, porn users will go through hoops to find what they want. Eventually the porn companies got into analytics (I'd say in the mid- to late- 2000's), and the ones who used that data to improve their products took off.
One thing about being an engineer there was that you did actually own the product end-to-end. I remember taking systems from development to production without all the bullshit you normally encounter at large corporations. I would put something into production and my boss (the CTO) would leisurely say "Oh yeah, contact so-and-so in ops to have them secure the server." I would do that, and I didn't get a freak-out like you'd experience in more straight-laced companies: "YOU PUT THIS IN PRODUCTION WITHOUT FILLING OUT ALL THE REQUIRED JIRA TICKETS AND APPROVAL FROM 3 LAYERS OF MANAGEMENT?!?! WE'RE GONNA HAVE TO TAKE THIS DOWN AND HAVE A MEETING!" Nope, a dude in ops, who was usually stoned, would log in, add all the necessary protections and even redeploy the whole stack if he had to. No griping.
One thing about it was that you'd have to be okay with some unscrupulous/unethical practices. Copyright infringement is par for the course in that industry. Studios/companies stealing others' content is unavoidable (and encouraged).
I remember when I wrote a tube site and I was given a list of other tube sites to rip content from. For that particular project the product manager (who was also a high-ranking exec) strongly emphasized two things: every action had to be trackable, and it was a necessary requirement that handling DMCA take-down notices had to be a very streamlined and automated process.
Why? They would have people monitor which videos were heavily viewed and which were taken down frequently. If a particular studio's content generated lots of traffic but were frequently taken down, the sales/ad guys would contact that studio to make a deal. If no deal was struck, then an "anonymous user" would reupload the content to the site; starting the cycle again. Eventually that would wear down the studio into cutting a rev-sharing deal. Sometimes the company would buy the studio outright, if it made enough sense.
Actually the last part makes great sense - it pretty much is what allowed music platforms to proliferate. It levels the playing field where you no longer are fleeced mercilessly.
I mean, I use Libgen and usually get enough books to cost me 5k or 10k €. Hopefully it will bring sanity into that market (Even though it is already blocked in UK, for some obscure reason)
Take my Spotify away and I'll probably just stop caring about music that much at all
> Blocking access to the ibgen.org and libgen.in website has been made pursuant to a Court Order dated 19 May 2015 obtained by the members of the Bloomsbury Publishing PLC and others.
> Any TalkTalk customer affected by the Court Order has a right under the Court Order to apply to vary or discharge it. Any such application must:
> (i) clearly indicate the identity and status of the applicant;
> (ii) be supported by evidence setting out and justifying the grounds of the application; and
> (iii) be made on 10 days notice to all of the parties to the Court Order.
They unfortunately have datacaps and don't offer fiber only openreach FTTC style connections at best and at about 3 times what I pay for 1gbit up/down in London ATM.
In Germany ibgen.org redirects to http://gestao.ibgen.com.br/aluno/ and libgen.in is just displaying a parked domin site. Or are those outdated domains?
> "YOU PUT THIS IN PRODUCTION WITHOUT FILLING OUT ALL THE REQUIRED JIRA TICKETS AND APPROVAL FROM 3 LAYERS OF MANAGEMENT?!?! WE'RE GONNA HAVE TO TAKE THIS DOWN AND HAVE A MEETING!"
This is totally OT, but during my training at a large corporation, I was building a very simple web application and found it desirable to access the corporate phone directory to augment some of the information I presented to the users.
I looked around a little and discovered that there was indeed an LDAP server that served the phone directory for the entire freaking company. It would even speak to me after I did an anonymous bind. ;-) So I wrote my web application, handed it off to the guy who ended up maintaining it (me being a trainee and all), and the I thought I'd be a good corporate citizen and checked what I had to do to "legally" access that LDAP server. Turns out I had fill out an application form that was something like six pages long.
Unfortunately, filling out that form and sending it to the designated address were my last actions as a member of that team, as my time with that particular team was up. So I never found out if "they" rejected the application or not. (I guess they approved it, because if it was such a big deal, they would not have opened that LDAP server for anonymous access, but you never know - could have been plain stupidity.)
That seems to be the entirety of the last two jobs I've had too - go and build something in dev that's incredibly useful but not signed off/uses APIs that'd need a 6 month review process for (did something similar with LDAP access, found an endpoint and used it for something infinitely more useful to the business), once IT finds out about it, I get my wrist slapped, but have built a fairly solid business case in only a few days, and get to fasttrack through sign off to production.
Ruffle a few feathers, but organisational inertia would kill off anything particularly useful for our teams that are 24/7 fighting fires.
No, the information they wanted was actually surprisingly reasonable - how many requests per day was my application going to make, how many concurrent connections, how many people would be using my app, what kind of information did I need, what did I need it for, who could they contact if my application turned out to be - intentionally or by accident - DOS'ing the LDAP server(s), and so forth.
I just found it kind of funny that I should fill out a six-page form to get information I could technically access already, anonymously. (Also, it was the first time I saw such a form, that might have been a bit of a culture shock for me.)
Granting anonymous access would be a matter of organization precedent, but I can imagine a world where it's encouraged to dev against these services and notify upstream service owners when stuff is about to change reasonably ahead of time (too soon and too many chefs might come, unfortunate reality).
I think every service owner should know who their 'customers' are, it's important because of things like Pager Duty rotations for example. Remember that scene from Hackers, "God wouldn't be on this late?"... in a sense, the 6 page form might seem like overkill but it beats sifting through a conversational email thread asking for all the same pieces of information. They could gamify the form I suppose, if that's better than a paper form... but on their end there should be a spreadsheet used for op budgeting etc and they need the info.
I see - at my work I'm currently encountering change requests and they are about the same thing. Papers/requests explaining in baby steps what is going on so it can be replicated.
It's my first time coming across them - I suppose it's a good idea, but slightly overkill since I write documentation for my code and it's in source control as well.
Nope, a dude in ops, who was usually stoned, would log in, add all the necessary protections and even redeploy the whole stack if he had to. No griping.
That made me laugh. The guy in charge of securing a production server is usually stoned...
It was amazing. Half of devops was stoned during work hours. I actually think it helped, because they usually had their hands full and probably needed stress relief. In spite of being stoned, they were far more competent and responsive than any devops personnel I've had to deal with since then. They really knew their shit, because porn sites are a big target for scammers, hackers, etc. They always knew about the latest exploits, backdoors and whatnot.
A couple decades ago, I worked support for a smaller national ISP (since swallowed and re-swallowed up), where at the time the "unofficial" drug test policy was, "you bring 'em, we'll test 'em."
I do think the porn industry by nature tends to push some limits in terms of tech... It's to the likes of the riaa, mpaa and LinkedIn to be the ones who push the bounds of unscrupulous tech.
I've been saying for years, eventually it will have to come full circle, that ad delivery controls will have to be first party, and that if they continue to push the overbearing, over the top ads, people will just not read the content and leave. That's what will start to come next. FTR, it didn't have to be via websocket, it could still be services, rpc, and other channels... though websocket to a canvas would allow for a different level of control, and less chance for adblock bypass.
All the same, it's interesting and somewhat cool...
Devops working for a porn company getting stoned because they are stressed... interesting you say they had their hands full. Maybe that's why they didn't get any work done? :P
If he was able to reduce his job to a handful of carefully crafted puppet scripts, he earned the right to do things as he pleased, and that was his motivation for working in porn. I knew guys in college who got baked every day and were in objectively hard majors like MechE. I've learned not to judge.
Deployments should be automated to the point where you can do them drunk / in a high-octane emergency situation. I consider "locking down a server" to be part of said deployment process.
Exactly, when I was Lead Dev on Pornhub, I had more than once a phonecall at 2 or 3am while out partying having to sort out problems and deploy. All streamlined, press button, deploy happens, almost null chance of fuck up and if it would, a simple button click for a split second revert.
I was once placed on a medication that went too far that direction... where I couldn't break out of the single thought path. Where driving was enough of a distraction, that where I was going would slip by, and I had to circle around multiple times. And I had once lost three hours of time and have a couple hundred tabs open in my browser as I started reading an article, then just kept stearing through, etc.
I was encouraged to stick with it for a month to see if it normalized, it didn't... I don't even remember the medication, but would never want to experience that again... I'll take the half dozen to dozen stray thoughts in my head at once... I'm far more effective that way. Though stress makes it hard to get/stay asleep.
Its worth pointing out that the effects vary by strain and some are better for some kind of work than others. For example, I don't think I could work well on most indica strains, but they may help me with creative problem solving (in smaller doses that don't make me too sleepy).
If you were suffering from clinical anxiety as PTSD and ACE patients do then you might find cannabis to be the one thing that makes your mind clear of distracting fear and flashbacks. Assuming that all people and minds and drugs interact in the same way is a huge mistake.
Some people I know only go to the porn sites to steal their code. I'm surprised you say that about the UX side because there is some nice libs in there and weird stuff with jquery. There is always that danger though that you might see something. So, not so great.
I'd define one of the dividing lines between small company and big company as "where you start needing to get approval to do the basic parts of your job". Not saying one is better than the other, just that all companies seem to go through this period where you start needing forms filled and approval E-mails to do more and more. Sometimes for good reasons, sometimes not.
It's when it takes weeks for something that should be rubber-stamp approved it becomes more of an issue...
For the record, I'm currently working at a financial institution, worked at another previously, and moving into a position with a medical industry company. It's a matter of striking a balance.. and there are others that cope with it far better than I do.
I still find it funny, when you have full github proper access, but can't access gists... and then when searching for things, a lot of programming examples, and even blog articles reference gists... that is painfully stupid.
Yeah i think all that red tape comes from appeasing the stock market, government agencies, and insurance companies.
Do not have the proper paper trail when shit hits the fan? Well there goes your share value, you get a hefty fine from government oversight, and the premium just went through the roof.
There's a great deal more than just regulations. I'd argue that for one line item of regulation in most poorly organized enterprises (most) you will get at least 10 jobs of bureaucracy to help track it not because of the regulation but because the culture of most companies is about disempowering employees from making decisions as much as possible. This is why the cultural definition of "devops" invoking Deming and empowering workers to make decisions closer to the problem site to me is literally against the existing company culture of Taylorism and sales where managers are worshipped for decision making.
Nobody really fined Target for its data breaches - pretty sure that PCI audits had passed repeatedly, in fact. Their stock easily recovered as well. So why are big companies so worried about security? Because breaches are a drag upon everyone and slows down features and improvements. I'm familiar with environments where change freezes are enacted for months after every critical outage, and nobody's regulations say to do anything like that. That's purely a belief in the false equivalency that stability and development velocity are antitheses. Gosh, someone tell Google and Amazon to fire their SREs and stop deploying any new code to get better availability numbers!
Precisely; in industries where a company can be fined megabucks per day, or be shut-down entirely, for non-compliance those layers of approval and review are unfortunately necessary. Though of course some of them are just jobsworthing by middle managers.
How do porn companies continue to handle credit card payments without complying with PCI standards and processes?
I don't have pr0n industry experience, but I worked for the largest merchant acquirer (MA) (the orgs that allow merchants to accept CCs) in the U.S. The merchant acquirer ecosystem has a pyramid structure where many Independent Sales Organizations (ISOs) service specific industries while re-selling CC acceptance from ~6 companies (~80%+ market share). These pr0n companies pay monthly rates that correspond with their chargeback numbers, etc and do not deal directly with the MAs.
Big porn companies are very serious about PCI compliance. They also closely monitor their fraud numbers. If a MID (merchant ID) goes above 5% (volume or cash amount) fraud, the processor could get fined by Visa/MasterCard/etc ($50k+) and lose the right to accept credit card payments for that particular payment network. Processors who handle porn (high-risk) accounts will often have a general, shared account they'll let you use, because they can take measures to average down and hide the fraud. However, they charge you a premium to use that general account, so you're better off using your own if you have other measures to control fraud.
My former company solved this problem by simply acquiring a payment processor company. They had total control over their processing that way. As a bonus, they had access to other porn vendors' account activities, since it was one of the 4-5 major high-risk processors used by porn companies. It was a win-win for them.
re acquisition of their and competition's processor
They just keep getting more clever, devious, and entertaining, don't they? Shit, I'd do my own Braintree for my porn company with the company's positive gains from legit customers covering the losses from the others. Who cares if my bottom line at my main company was good. Success of processor could even pay for better fraud management.
Of course, already having enough cash to buy an established one is always nice. :)
We don't handle the payments ourselves, they re all handled by high-risk merchants so we don't need to worry about being PCI compliant. Fees are bigger than the usual merchant ones though, lots of fraud and chargebacks.
Hey, I prefer lesbian porn myself because not into watching dudes but come on... Most porn is naked woman and men having sex so not seeing dick would be kinda hard. What's wrong? The penis to titillating for you?
When you're building software for a specialized field like finance, health care etc., the end-impact is always obscured by layers of product managers, business analyst and the domain where you have no knowledge - web development in porn seems like a good biz to be into where "I'm not only the Hair Club president, but also a client."