I like stupid apps and things like this, but the fact this received funding just reminds me of 1999. Apps like this shouldn't take funding, they're short-lived hype apps, they're not the next Twitter or Facebook. Can the bubble just pop already please? Save the VC funding for startup ideas that actually deserve it. This is the pet rock of mobile apps.
At least Mike Judge has a plot he can adopt for season two of Silicon Valley though.
Probably relocating from Israel to a new office in San Franscisco, in addition to hiring new staff, and marketing to keep the buzz going (they even turned the funding itself into a PR campaign, which is very well done).
> I'd imagine the developers threw a massive party with kegs and thousands of pizzas...
I'd imagine this shows either some disconnect or envy, or a little bit of both.
> Apps like this shouldn't take funding, they're short-lived hype apps, they're not the next Twitter or Facebook.
Why not? So they can slave for months on some feature set that needlessly bloats their simple product? Buzz around the funding grew them from 50k users to an estimated 250k users in a span of less than a week. Why sit still and not ride the wave to full-on virality or an early exit? If they manage to eat just 1% of WhatsApp's lunch, the investors would have made a fine investment.
> Yo is an MVP product that is not refined nor innovative and could be built by a 14 year old with a Udemy course on Objective-C
The first version of Facebook was not refined or innovative. There are a lot of talented coders on HackerNews who could built any app currently on the market in a weekend. They either do not bother (because they don't think it is innovative enough) or they do bother, but fail to connect with the market. Yes, this product is a victory of smart marketing and user virality, not a victory of using the technology.
If you can build an MVP application that attracts funding, 250k users and a lot of media attention, then I suggest you go start that Udemy course and do so. I won't complain when you get funding to realize the full potential.
> Save the VC funding for startup ideas that actually deserve it.
No. Save the VC funding for those startups that show promising growth and realistic strategies. Save the VC funding for startups that will bring return on your investment. Save the VC funding for the pet rock startups that managed to sell 15 million $ in profit in their first 6 months.
I see comments to this effect every now and then on HN (ie. any skilled team could build out Facebook in 30 days)
It's great to shoot for the stars and have faith in yourself, folks, but shockingly lots of people who get paid to program also happen to be REALLY GOOD at what they do.
While I could focus on the benefits of a little bit of humility (and they are many) instead I'll say that there are people who come on to these sites and see ridiculous statements like this and will suddenly start to wonder what's the point of learning to code if they'll only be good once they can build any app in a weekend.
So no, there aren't people who can build any app on the market in a weekend. And that doesn't mean that any of those people are bad at what they do.
I wont believe the funding until, it's been confirmed. This not funding, this is PR hype. Able worked for a company and the CEO wanted the Yo app. The same CEO has given him the funding. I've heard many stories of fake funding on Angellist why should this be any different.
How can security be anywhere on their early timeline? (i agree it should) but the market (10-20yr olds) and investors are not asking for more security. Also, how secure is secure? Very difficult to know when you are secure enough - and what will your product be tomorrow?
My thoughts on a solution: Short term: "AMA request - Head of security for startup XYZ". Which leads to a community security score/rank. EDIT: http://www.reddit.com/r/IAmA/comments/28n64e/ama_request_per...
Long term: ONE COMMON Open Source framework that is way too easy to implement regardless of the languages used. Seriously way too easy NOT to use
....
;)
What we do know is they sure have recieved a lot of attention they wouldn't have otherwise.
It isn't. You have an obligation to your users and the personal data they entrust you with. Build it in. Today. And know that you can't write secure code as part of an agile process. Security means sitting down and working out a threat model before you jump into code, user needs and backlogs. In other words, choose design up front, or have a contingency ready because you're going to get hacked.
Interviewer: "So dude, what have you done in your career?"
Yo dev: "I built Yo."
Interviewer: "Yo got hacked. Goodbye."
Both of those pots of "gold" are threatening enough attack vectors.
Theoretically, could the founder of Yo have pressed charges against the student? (This would, of course, be complete suicide for any startup. But companies aren't always rational actors.)
In fact, what those guys are doing increases the collective conscious and improves the system to be able to develop better/safer products.
In fact, it seems straightforward to make a case against the student's activities. From the Computer Fraud and Abuse Act:
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
...
(C) information from any protected computer;
The phone numbers are probably information from a protected computer.
Young people are pretty often cavalier about jeopardizing their futures. I'm just checking whether there is, in fact, a chance that this young person could have.
Does anyone remember this case?
If it's not yours, don't mess with it.
The issues with Yo were not entirely Or's fault. As he put it, the app was intended as a "prototype" and had it not blown up so fast, this would not have been an issue. A common claim is "You have 1 million dollars, hire someone to fix this!" which Or had already done. A meeting with the parse team had already been scheduled long before today and had everyone tried to hack the app today, the attempts would fail. During this meeting Parse's Security team, Or and I fixed the security issues. I would be happy to answer any other questions, post below.
During the conversation Chris and I were both offered freelance jobs. Chris declined, I accepted. I currently am working on a feature for Yo to update your username.
My answer is yes, it's insanely easy. Don't try to secure your API keys instead try to secure your API.
Does hacking the app means hacking parse.com?
The title of the article even hints to this be marketing.. "allegedly."
I don't believe much of anything I see on the Internet. I think you shouldn't either!
Just think about it. We have more and more flash-in-the-pan shoddily written apps in mobile.
And because they're flash-in-the-pan, for a time, they're popular. And because they're shoddily written, they're easily exploited at the peak of their popularity, so you can amass a ton of personal information from the app users and abuse it any way you want.
Hacking crappy mobile apps may soon become the new "my WordPress blog got hacked". Think of the potential, it can be a whole new industry. Not to mention all the fake diplomas, mortgages, Russian brides and Cialis pills that'll get sold in there.
