Here is this week's digest:

Ask HN: Can't get hired – what's next?

Facing a tough tech job market, many experienced software engineers find themselves struggling to get hired. Key takeaways for navigating this include:

• Sharpen Technical Skills: Focus intensely on practicing for technical screens, including LeetCode and framework-specific questions. Consider if over-reliance on AI tools is hindering fundamental coding ability.
• Address Soft Skills: Humility, attitude, and communication are frequently cited as critical factors, especially for senior roles. Self-awareness and willingness to adapt your interpersonal approach can be crucial.
• Re-evaluate Expectations & Strategy: Four months is not a long job search in the current climate. Adjusting salary expectations, especially outside high-cost tech hubs, and being open to contract work or less conventional roles can open doors. Networking is often more effective than direct applications.
• Founder's Dilemma: Startup/founder experience can be perceived as a "tax" by traditional companies; learn to translate this experience effectively for corporate roles.
• Long-Term View: Consider taking a lower-paying role to get a foot back in the door and gain relevant experience, rather than holding out indefinitely for a specific compensation.

Read more

Ask HN: How does one build large front end apps without a framework like React?

Building large frontend applications without heavy JavaScript frameworks is a viable approach, offering benefits like increased project longevity, greater performance control, and independence from fast-moving ecosystems. Key strategies involve embracing native web APIs such as the DOM, ES6 Modules, and Web Components, coupled with modular architecture and minimalist state management techniques (e.g., custom events or small libraries like Nanostores).

For many applications, backend-driven UI with technologies like HTMX or Phoenix LiveView can minimize client-side JavaScript. While frameworks provide structure and accelerate development, a carefully crafted vanilla approach, often augmented with TypeScript and modern build tools (Vite, ESBuild), can yield highly tailored and maintainable solutions. Projects like Obsidian, Filestash, and CodeMirror demonstrate complexity handled without monolithic frameworks.

Read more

Ask HN: What are people doing to get off of VMware?

Organizations are urgently seeking alternatives to VMware following Broadcom's acquisition and subsequent significant price hikes (reported up to 600%). Key migration strategies include:

• Hyper-V: Popular for Microsoft-heavy shops due to existing Windows Server licenses.
• Proxmox VE: A cost-effective KVM-based solution gaining traction, especially for SMBs, though 24/7 enterprise-grade SLA is a common concern (addressed by some resellers).
• Nutanix: A hyperconverged infrastructure (HCI) option, seen as a spiritual successor, but can be expensive with some reports of instability.
• Open Source KVM Stacks: Solutions like OpenStack, Apache CloudStack, XCP-ng, and direct KVM/libvirt implementations offer vendor independence.
• Cloud Migration: Lift-and-shift to Azure or AWS is a frequent choice, often becoming more cost-effective than inflated VMware licenses.
• Containerization: Modernizing applications to run in containers (Docker, Kubernetes with KubeVirt/OpenShift) is also a strategy to reduce reliance on traditional VMs.

Useful tips include understanding your specific workloads, leveraging existing licensing agreements, and recognizing that vendor lock-in risk is a major factor driving these changes. The perceived lack of 24/7 support for open-source options is often a barrier, but resellers can sometimes fill this gap.

Read more

Ask HN: What are some impressive vibe coding projects?

Developers are leveraging AI for 'vibe coding'—a rapid, AI-assisted approach to building projects, often for personal use or quick experimentation. Notable projects include an inventory system for artists, a coffee shop directory, a trading performance monitor, and an Android game. Key insights shared include the importance of committing code frequently due to AI's unpredictable changes, the necessity of clear and specific prompts, and the value of human common sense for architectural design and bug fixing even with AI-generated code. This approach is proving effective for learning new languages and creating custom tools without manual coding. The debate between purely 'vibe coding' and more 'AI-assisted' agentic coding highlights different levels of human oversight.

Read more

Ask HN: Our AWS account got compromised after their outage

Following a recent major AWS outage, several organizations reported account compromises, sparking debate on whether the events were linked.

Key theories for the compromises include:

• Opportunistic Phishing: Attackers leveraging the outage chaos to send convincing phishing emails, tricking users into revealing credentials.
• Pre-existing Compromise Exploitation: Malicious actors who already had stolen credentials (e.g., API keys, dormant IAM user access) waited for the outage, using the increased activity and potential distraction as cover to launch their attacks (e.g., spawning EC2 instances, requesting SES quota increases, setting up persistence).

Useful tips and productive arguments shared:

• Enhanced MFA: Implement phishing-resistant MFA like FIDO/passkeys, especially for console access. AWS Identity Center supports FIDO2 for generating temporary API credentials.
• CloudTrail Forensics: Utilize CloudTrail logs to identify the source of suspicious activity, including RunInstances, ConsoleLogin, GetSessionToken, AssumeRole, and IAM management events.
• Temporary Credentials: Generate short-lived STS credentials for privileged API access to limit the window of exposure.
• Account Hygiene: Regularly audit and remove dormant or unused IAM accounts and access keys.
• Outage Vigilance: Be extra cautious during outages; always log in via bookmarked links, not email links. Treat unexpected requests or changes with extreme suspicion.

Read more