I chose .NET and C# for my current startup (2 years in), where I'm the founding lead developer, and I'd still make the same call today. We've been very productive, built a lot of solid features, and two years in we have a stable, high-performing set of apps. We're using ASP.NET Razor Pages, Web API, backend services, and a .NET MAUI Blazor Hybrid app that's published to the app stores - all written in C# using the latest .NET version. Some parts run in Azure, other parts run on high-performance GPU servers on Ubuntu. It has felt like a very practical modern stack, not some legacy-only enterprise choice. Also, hiring has been a non-issue as I had no trouble finding solid C# developers.
Awesome. We've been using Sparrow-0 in our platform since launch, and I'm excited to move to Sparrow-1 over the next few days. Our training and interview pre-screening products rely heavily on Tavus's AI avatars, and this upgrade (based on the video in your blog post) looks like it addresses some real pain points we've run into. Really nice work.
That’s great! I also built Sparrow-0, and Sparrow-1 was designed to address Sparrow-0’s shortcomings. 1 is a much better model, both in terms of responsiveness and patience.
For what it's worth, the startup I currently work for is built entirely in C# and .NET, as was my previous employer. Both startups are based in the Dallas, TX area. Across both companies, applications were hosted on Azure and AWS using a mix of PaaS services and virtual machines running Windows and Linux. We've consistently found this stack to enable strong productivity and high-velocity release cadences.
For some reason, .NET is extremely popular outside of major tech hubs (notably in Europe), where you're much more likely to work for (without loss of generality) Ikea than for Google.
The Dallas area is a major tech hub. It’s just an older hub of major enterprisey type companies with major tech divisions there like Texas Instruments, AT&T, Bank of America, defense contractors like Lockheed, etc.
Office Space took place there before the dotcom bust.
Less enterprisey, but John Carmack and id Software also started there.
I lived and worked in Atlanta from 1996-2020. Those aren’t anymore tech companies than Delta, Home Depot or Coke by modern definitions. In all of the companies you named, software development is a cost center, not a profit center - follow the money. Who gets paid the most as a group at those companies? Those are enterprise companies.
I've worked at multiple startups that were built on .Net from day one. One very large music streaming site built entirely on VB.NET [0].
[0] I actually think VB.NET is the superior .Net language, but it lost support at MS and died. I think the code is vastly more readable (to me) than C-style code, and I've coded in every C, Java, C#, whatever variant.
The 2 apps in production are MAUI Blazor Hybrid apps. The learning curve was very small since I already was familiar with C# and Razor syntax after having built many C# server-side rendered web apps. Development is quite rapid since it's essentially using web technologies. For my use cases, the users do not care about the app looking native as these are B2B apps. Both apps are deployed in the 2 major mobile app stores and 1 app is also deployed in the Microsoft Store.
The 3rd app was an internal-only Android app built with the UI written entirely in C# instead of XAML. I chose to write the UI in C# instead of XAML primarily just for fun and to see how that would work out. I ran into a lot more issues using native UI when it came to me wanting to customize things, such as removing an annoying bottom text underline/border that is added by default to Entry (textbox) controls.
I'll probably never build another native UI app if I have the choice and will stick to MAUI Blazor Hybrid apps because it is so much faster to create the app using web technologies (HTML/CSS).
Great job! And congrats on actually getting something out there. I can really see this being useful for some organizations.
I also envisioned this same type of tool around 10 years ago and it is still on my ever growing list of ideas to implement. I took the idea further to support not only SQL but other languages such as HTML, JavaScript, Python, C#, etc. You could then support returning different types of media based on the URL extension such as .html to return a webpage, .json to return a JSON API, .csv to return a CSV file, etc. As time marched on, many of these same ideas came to fruition in things like AWS Lambda, Jupiter Notebooks, Microsoft Monaco Editor, etc.
I ran an intern program for a year as a software development leader at a previous job. About 25 interns ran through the program that I created. Each intern was paired with a full-time mid to senior-level developer. Out of the interns, only about 5 were decent and required very little handholding while the others required quite a bit of work to answer their questions and keep them on task. Of those 5 decent interns, I only offered full-time employment offers to 2 of them. I believe we paid $16-$20 per hour (the executive team set that rate) and most worked around 10-20 hours per week while a few were able to work upwards of 30-35 hours.
I can only speak for my experience, but I couldn't make it work financially and we would have gotten a lot more done had we used those funds to pay for 1 or more nearshore or offshore resources. It created a fun environment and I think everyone learned and grew from the experience, but from a productivity and financial point of view, I don't think it was worth it.
So based on your experience with Eastern European devs, I think your money would be best spent on hiring 1 or more additional devs from Eastern Europe.
We've been hit by this at work as well. We had to add CAPTCHA and a several other techniques to defend against this.
How it works:
1. Attacker leases 1 or more premium rate numbers in an international country.
- Attacker can lease a premium rate number for as little as $10/month
- Typically, the attacker gets to keep 70% of the money generated by the premium rate number.
2. Attacker then finds companies with OTP (One-Time Passcodes) or 2FA (Two-Factor Authentication) endpoints that require no validation and writes a script to automate the webpage or call the API endpoint
- Attacker will typically obtain a new IP address per API call using a VPN or a rented botnet from the dark web.
3. If the premium rate number costs 10 cents, then each successful text message they can send to the number generates 7 cents for them.
4. The attacker then just needs to send 150 SMS to the premium rate number to break-even on their $10 investment, not counting the cost of the VPN or rented botnet.
There is a lot of money to be made here by an attacker unfortunately. :(
I agree with other comments here. $0 is the minimum amount people should be willing to pay if they're not disputing charges or reporting fraud to the credit card networks / regulators.
No idea. I think there's a real problem with the whole design of premium numbers because I'm not sure how one is even supposed to know when payment is required or meaningfully accept it, though at least the API apparently allows this.
FWIW, I do think $0 might make a sane default, but you do understand that the user would have to change it from $0 before they could use the account, right? The whole point of using Twilio to send an SMS is because you wanted the SMS to actually be sent, which means you are going to have to pay for the SMS, and SMS is always stupidly expensive.
I would imagine there are rules/regulations about a SMS provider blocking communications before fraudulent behavior is determined? Not saying it shouldn't/couldn't be done, but probably one of those things with a simple tech fix but a complicating social/business aspect.
It could be an option in the API call with a default in account settings. I bet most people who are trying to reduce spam accounts by requiring a phone number would actually prefer to exclude these numbers anyways.
surely not if the customer _explicitly requests_ that the communications are blocked? iirc in Aus it was possible to have your provider block messages to premium rate numbers back in the days when it was popular to buy ringtones.
It isn't just as simple as 'premium rate numbers'.
Some of the criminals behind these attacks will have access to the phone network. They'll pick an expensive route, like a range of phone numbers in Georgia (the country) from the USA, and offer a cheaper route to it. The system will start using their route for those calls. They'll accept all calls to that route, get paid, and never actually connect any calls.
That gives them a range of "normal" phone numbers which helps them avoid throttling on just one number. But they can be just as expensive as premium numbers to call.
At least, this is how it was explained to me as my team fought these attacks a couple years ago. We'd see calls to a large range of a few thousand numbers. Couldn't throttle on a single number.
I think you're conflating toll bypass fraud with IRSF. A grey route that never delivered any calls or only a fraction of them would have bad ACD numbers and people would not use that route. With hacked Asterisk/FreePBX boxes people usually call the international numbers described in OP and split the termination fee with some corrupt carrier/intermediary. There is a related fraud where people use the hacked Asterisk/FreePBX boxes to terminate calls, which from what I understand these actually have pretty good quality until the unwitting owner gets a $40,000 phone bill and shuts everything off. Traditional toll bypass fraud is when countries are expensive to call internationally but have cheap local calls, so people in those countries buy a bunch of sim cards, put them in a box with a bunch of gsm modems, and use those to basically "convert" an expensive international call to a cheap local call (and profit the difference between the two rates).
Edit: Oh, you're talking about number hijacking. I think they usually aren't offering termination services though, usually it goes hand in hand with the kind of fraud described in the OP.
> Traditional toll bypass fraud is when countries are expensive to call internationally but have cheap local calls, so people in those countries buy a bunch of sim cards, put them in a box with a bunch of gsm modems, and use those to basically "convert" an expensive international call to a cheap local call (and profit the difference between the two rates).
Is this really fraud? Is it fraud to offer any VOIP service, or only when it can connect to the phone network, like Skype?
I guess I could see how it might be against the T&C's of the telecom company, to offer a service that undercuts them, but hardly a criminal act of deception.
I consider it to be relatively harmless but how it is classified depends on the country. India is pretty cheap to call even absent simboxes but they still crack down on the practice for “national security reasons” because it makes tracking people more difficult. The UK (Ofcom) banned them outright for some reason a long time ago but that’s being appealed. In some African countries the laws are pretty vague and do not outright ban them, usually they charge people with “unregistered telecommunications business” or something like that.
Fraud is what the government decides it is, the governments have deemed this to be fraud.
Telecom companies don’t necessarily care about this, it’s often the governments who want to tax incoming international calls as an easy revenue source.
How is this a workable system!? Why would anyone pay them. This seems like fraud on the part of the phone networks for billing for service that was never provided or should have been provided cheaper.
while I don't agree with sanctions, this seems like the kind of time where you just block off a country/exchange entirely if you cannot have the confidence of what things cost to send there.
I don't understand why twilio cannot simply set a flag on their phone company account saying "under no circumstances will we pay for these shenanigans", and why the phone company billing stuff cannot simply block sms messages to such scam accounts.
In particular, email (smtp) to sms gateways exist. Why doesn't twilio just use one of those (and maybe pre-arrange a flat monthly payment to avoid being blocked for going over quota).
> I don't understand why twilio cannot simply set a flag on their phone company account saying "under no circumstances will we pay for these shenanigans", and why the phone company billing stuff cannot simply block sms messages to such scam accounts.
Everyone has the idea "just don't pay for fraud" but in practice it is difficult because there are many different carriers in the typical international call chain, which means to dispute charges you need everyone to agree. Also carriers have long term agreements with eachother about billing and it is not as easy to just dispute the charges like you can with a credit card.
You’re talking about the fee your carrier charges for normal texts. These are “premium” charges, meaning the user is charged an extra fee on their bill regardless of their SMS billing plan.
In Germany the standard price for an SMS is 9 cent, of which somewhere around 2-3 cents are paid to the recipient's carrier. Unlimited plans are common, but only because nobody texts anymore (same applies for phone calls).
Maybe on prepaid plans? Been a while since I've heard of SMS costing anything on subscription plan, outside of roaming charges. Mobile Internet effectively cannibalized that income stream for the phone companies.
Lanvera is a leading CCM (Customer Communications Management) outsourcing and technology company specializing in the design, production, and delivery of secure customer communications including invoices, statements, tax forms, collection letters, compliance notices and other business critical documents to any delivery channel including print, electronic and mobile platforms. Lanvera has a strong presence in the Financial Services industry and is expanding into other vertical markets. In short, we generate documents for our clients and serve those up via the web or deliver them via postal service, email, SMS, SFPT, etc.
We are an established, profitable company with hundreds of clients looking to significantly increase our software development team for designing and developing the next generation of our processing infrastructure, customer web portal, and electronic delivery platforms.
Technologies we work with: The modern Microsoft stack using .NET, Visual Studio, C#, ASP.NET Web API, ASP.NET MVC server side rendered using Razor, MS SQL Server, T-SQL, Azure DevOps/VSTS/TFS, Git, IIS, HTML, CSS, JavaScript, JSON
The Senior Software Developer position is a hands-on role that emphasizes advanced skills in developing full-stack software solutions coded in C# on the Microsoft .NET Framework as well as system design, data modeling, mentorship, and team leadership skills. This role requires the ability to design complex systems from scratch and the ability to see the project through all layers of the SDLC including successful testing, production release, and hand-off with appropriate support and technical documentation to the operations team.
Are you a software engineering/computer science/information systems student looking for a company with cutting edge technology? Do you want to be a part of a business offering services that support a client’s digital transformation journey? As a Software Developer Intern in a nimble environment, you make real contributions to the team and the services we offer to clients. You will be provided opportunities to perform deep analysis, design, coding, configuration, documentation, support, and installation of software. We need interns that offer energy and innovation with new technology tools and ideas.
Contact Us:
Please email CoreDevHR@lanvera.com with HackerNews in the subject to have your resume prioritized.
