×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

Given the length of time we've been going back and forth on this site (and it's been a long time), I propose we meet in person. Please reach out to me here if you're interested. If you don't know why you should be interested, please disregard this reply and have a nice day.

about 1 month ago
top

Ken Ham's Ark Torpedoed With Charges of Religious Discrimination

philip.paradis Re:How is this relevent? (451 comments)

If you think Slashcode is so "inherently broken", why are you using this site?

Please be advised that it's plausible that the GP is engaged in the business of pretending ignorance in an effort to identify individuals who possess the requisite knowledge to accomplish certain aims. I don't particularly care about this possibility as it pertains to myself, but I'm becoming increasingly "itchy" with regard to digging into this person's background. It wouldn't be the first (or even tenth) time I've confirmed such behavior, where confirmation is defined as irrefutable identification of the full background of the involved party. Most of these guys really aren't very bright, but hey, they allegedly mean well.

about 1 month ago
top

Ken Ham's Ark Torpedoed With Charges of Religious Discrimination

philip.paradis Re:How is this relevent? (451 comments)

On the off chance that you're actually one of those "special guys" who isn't really a complete idiot but is instead engaged in the business of posting bait posts in forums like these with the intent of identifying "candidates" for employment by certain entities, please be advised that I've already worn a uniform for a living "once upon a time," and I'm not presently interested in returning to that sort of service. This is mostly due to the fact that your organizational concept of loyalty is demonstrably flawed at best (all it takes is one lying and improperly trusted jackass in a senior officer role to ruin the fun for others), and there's also the minor problem that your pay fucking sucks considering the nature of the work at hand. If none of the aforementioned criteria apply to you, meaning you're simply a pompous ass and idiot, all I can really say is "good luck in life, and try not to piss off the wrong people." Cheers.

about 1 month ago
top

Ken Ham's Ark Torpedoed With Charges of Religious Discrimination

philip.paradis Re: How is this relevent? (451 comments)

I authenticate the parent post.

about 1 month ago
top

Ken Ham's Ark Torpedoed With Charges of Religious Discrimination

philip.paradis Re:How is this relevent? (451 comments)

Once again, you've proven you have have no understanding of these issues. The GP's reference to downgrade protection refers to mitigation of a MITM's ability to force a protocol downgrade to SSL 3.0 and hence gain the ability to decrypt sensitive data such as session cookies. As I mentioned in an earlier reply, TLS_FALLBACK_SCSV offers mitigation for such protocol downgrade scenarios, although it should be noted that the most desirable means of resolving this entire mess is to disable SSL 3.0 on the server side.

Why are you persisting in posting replies which clearly indicate you're nothing more than a pompous ass and pretender? To help you understand my context, I spend the majority of my time contributing to the efforts of a team that is devoted to securing a varied assortment of information assets for Fortune 50 companies. Do I really need to track you down and dox everything I find to everyone you know? Is that really what you want? Hush up now, it's past your bedtime, junior.

about 1 month ago
top

Security Company Tries To Hide Flaws By Threatening Infringement Suit

philip.paradis Re:So... is the LAME strategy valid? (124 comments)

The general idea is that people may run a lower risk getting into trouble if they adopt the practice of shipping raw ingredients, separate components, unfinished works, mostly functional containers lacking only media content or a specific bit of code to be useful, etc instead of a "ready to roll" push-button-go-fast product. To what degree this works out in reality is highly dependent on the the specific statutes governing the independent components and/or completed thing in question.

about a month ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

I'm trying to explain that this isn't a case of a chip on a shoulder. I'm not an exception. Quite to the contrary, the fact that CS graduates are poor fits for most software development roles is the rule.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

When it comes to experience, I think the real problem is that people simply aren't okay with the concept of "starting off in the mail room" anymore. Folks in their twenties have this idea that they're going to obtain a piece of paper than will entitle them to a sizable salary straight out the gate from college. Meanwhile, the folks who actually have real talent and passion for the work will have obtained whatever job they could at any number of companies, and within five years will have tripled their salaries by moving to more desired positions after demonstrated their growth and ideas internally.

I can understand a person who has just spent a horrendous amount of money on a piece of paper being keenly interested in immediate relief from that debt, but that isn't reality, although it does appear to be a self-perpetuating problem.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re: Missing the point (130 comments)

Please name five companies you believe represent a significant challenge in this area. I'll obtain offers from all of them within 30 days.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

But you won't make it far as a dev without some serious self-education

Absolutely agreed. The key point here is that someone with a serious interest in software development can obtain an entry-level position with entry-level responsibilities, and dedicate the next couple of years to serious self-education while getting paid, instead of paying someone else for a piece of paper that doesn't mean anything in practice.

This results in an employee who has already demonstrated the ability to amass continued education on his own, which is actually the most critical quality of all for a successful career.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

Any person who uses ridiculous arguments such as using their own unique success story as some kind of proof is either really bad at logical reasoning or has a big chip on their shoulder.

I've quoted that specific bit of your reply because it succinctly summarizes the flawed nature of your thought process on this matter. The fact that most GED holders don't attempt careers in software development is irrelevant. However, it is highly relevant that GED holders and/or high school or college graduates with degrees completely unrelated to computer science tend to be better programmers.

That swings both ways, as most people with poor academic credentials also provide emotionally-driven responses in an attempt to prove to themselves that their lack of a degree is not a disadvantage.

This doesn't make any sense in context. I have nothing to prove for myself; I already earn a very good salary and have excellent mobility in several fields. I'm attempting to get people to take a moment to consider whether their established beliefs on the topic at hand have any grounding in reality, because it is my direct experience (and not just for myself, including many others as well) that those beliefs are fundamentally flawed. Degree mills are certainly making a tidy profit convincing people otherwise, though.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

I don't disagree with your observations, but in reply I have two of my own: (1) the average GED holder doesn't pursue a career involving substantial software development duties, but a substantial number of gifted developers have GEDs, and (2) I wish more people would make the connection you just nailed. In many cases, software development is much more a creative art than it is an abstract and dry discipline, with the caveat that it by necessity involves a measure of structured thought as well (just as [most] novels follow certain structural principles).

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

I think I understand the core premise you're trying to convey here, but I must stress the point that in practice people holding a CS degree tend to demonstrate lower actual programming and systems engineering ability than their non-CS peers. This is the real world fallout from the common misconception that computer science graduates are well suited to software development roles. As a rule, they tend to be a poor fit for such jobs.

As for companies "requiring" a BS or BA degree, I've never encountered substantial resistance in this area. Perhaps it's more accurate to say I've made a point of circumventing such barriers without a second thought. Regardless of what any given HR department might stipulate for job requirements, I've found that communicating demonstrable proof of ability to solve relevant problems to a handful of people in any given business tends to result in an interview, and I've rarely gone through more than one interview before being offered a position.

Establishing direct contact with people who will actually evaluate candidates on their technical merits is easier than ever these days owing to the prevalence of social media networks. On a related note, I once knew a human resources recruiter who was aggressively opposed to employees directly reaching out to candidates. That HR recruiter isn't employed anymore.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

While in practice nothing is perfect, I'd like to add that your mention of "security hole plugging" conveniently ignores the principle that you don't have to plug holes that don't exist in the first place. Abject failure to recognize this point is probably at least half the reason for information security being in its presently deplorable state. Hint: bolt-on approaches to security are typically no security at all.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

And it sounds like you're defensive because you don't have a CS degree (i.e. you have something to prove).

Not at all. I have zero regrets in this area, mostly due to the fact that I recognized very early on that a CS degree was largely useless for most roles that entail full-time software development responsibilities. Please don't misunderstand me here: I grew up with a bunch of smart people (including CS majors) who wound up attended schools like Georgia Tech, Emory, MIT, and CalTech. Their ability to contribute in properly aligned positions isn't under dispute here.

Here's what I'm really trying to say: of all the programmers I've worked with, the ones producing the best code in terms of functionality, efficiency, and security have almost universally lacked CS degrees. Interestingly enough, I've worked with some very gifted developers who held bachelor's (and in some cases master's) degrees in fields such as psychology, electrical engineering, physics, pure mathematics, and even English literature. The "odd factor" here has been the pronounced absence of CS degrees among that pool of truly able developers.

I have some very simple advice for young people interesting in pursuing software development as a career. Get any job that pays the bills for now, spend every free waking moment actually writing software in a variety of languages and learning about software written by others, become intimately acquainted with a variety of operating systems and toolchains, and start putting information security first in everything you touch. In less time and at considerably lower expense than you would suffered chasing down a CS degree, and armed instead with a portfolio of practical demonstration of skills, you'll have little difficulty obtaining a decent software development position.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

This is entirely false. I've never had any difficulty whatsoever obtaining employment related to software development or systems/infrastructure roles, and neither have most of my peers who hold similar credentials. Perhaps this trend has been partially related to our ability to demonstrate skills on demand, i.e. "get the job done, and done properly" rather than an appeal to a piece of paper that essentially says "trust this guy; he passed some exams that may or may not actually bear any relation whatsoever to the work your business needs done right now."

I am perpetually amazed by the volume of collective myth parroting that persists on this topic. To be perfectly clear: lack of a college degree may indeed greatly reduce your chances of employment in many fields, but it matters a hell of a lot less than you've been led to believe for software development and systems/infrastructure positions.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

That's a fundamentally flawed statement. The question isn't whether I'm representative of most individuals with GEDs, but whether I'm representative of individuals holding GEDs who happen to have pursued careers involving substantial software development duties. You may wish to reference my last reply for clarification.

On a side note, in my experience these discussions tend to invite emotionally-driven responses from people who spent an awful lot of time and money obtaining a CS degree because somebody told them they needed it to pursue any kind of career associated with information technology. I certainly hope you aren't one of those people.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

This is the sort of reply I expected, so please allow me to bring my core point into sharper perspective. In the course of my fifteen years of employment in a variety of roles in assorted industries (network infrastructure, hosting, finance, biological sciences, etc), my firsthand experience has been that software developers "lacking" a CS degree have displayed a marked tendency to produce more functional, reasonably secure, and efficient/scalable code than their CS counterparts. They have also, on average, commanded substantially higher salaries in software development roles than their CS counterparts.

Degree mills and some otherwise respected educational institutions may not be happy about these facts, but it's important to note that they're not exclusively to blame for the situation. A computer science degree simply doesn't translate to skill in software development, largely because formal computer science has relatively little to do with programming. Thus, my original post is entitled "missing the point."

I've worked with a few CS graduates who purportedly had a specialized focus on information security. As it turned out, their ability to actually perform in their professional roles was woefully lacking.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Re:Missing the point (130 comments)

I have a GED, and I assure you I earn substantially more than most CS graduates. Additionally, I continue to note a marked absence of (1) actual programming ability, (2) knowledge of even the most rudimentary information security practices, and (3) adequate understanding of core systems principles among recent CS graduates. Perhaps your perspective is the result of having grown acclimated to working with people with substantially reduced capabilities.

about 2 months ago
top

Be True To Your CS School: LinkedIn Ranks US Schools For Job-Seeking Programmers

philip.paradis Missing the point (130 comments)

A huge number of software development jobs don't require a CS degree, including many highly paid positions. In fact, having a CS degree may reduce the odds of being hired for some positions. It seems the trend of misunderstanding the term "computer science" hasn't lost any momentum.

about 2 months ago

Submissions

top

Multiple Rackspace Security Vulnerabilities Discovered

philip.paradis philip.paradis writes  |  more than 2 years ago

philip.paradis writes "According to materials published today, several Rackspace cloud security vulnerabilities have been discovered. Problems with a Rackspace-supplied agent running on cloud servers have been documented, along with a much more severe issue with the method Rackspace has used to generate default root passwords for cloud servers. In short, root password hashes were generated using a legacy hashing function (resulting in cryptographically weaker hashes to start with) and used the system hostname as the first portion of the password.

Thus, cloud servers deployed in this manner would only consider the first eight characters of the root password significant, potentially allowing an attacker with simple knowledge of this weakness and the system's hostname to remotely log in via SSH as root. As hostnames are easily determined by a number of means, the potential for damage is significant. Additionally, evidences exists that Rackspace is storing customer root passwords internally in a recoverable format.

These issues were reported to the company, as described in the previously published Rackspace cloud security pre-advisory. To date, Rackspace has apparently mitigated some of the issues for newly deployed instances, but serious questions remain regarding the integrity of servers in the wild which were deployed using the flawed methods. As the company is a large hosting provider with well known IP space, and the time at which these problems were first manifested is unknown, the number of vulnerable servers could be significant."

Journals

philip.paradis has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?