Maybe the europeans can get some governments with brains that aren't enamoured with self destructive austerity and fund it themselves as a giant european wide jobs programme.
Which is basically what EADS is already, so it's just throwing more money at them.
That what I said. It's rare in industry because they're not off in industry using that information. It's not that it's actually rare, it's just rare to find someone in industry who uses it actively.
At the school I went to (and others I looked at), "software engineering" was even more theory. It was all about the mathematics of evaluating efficiency of programs and/or mathematical proofs of the "correctness" of programs.
Please note: I did not say I think CS is supposed to be software development. I said the university lies to potential students. They tell kids the program will get them a high paying job as a developer but all you can do with what they actually teach is go on to graduate school and get a low paying job as a scientist.
If the students want a good job out of college then they have to teach themselves how to ne a real developer. In the end they could have skipped the university and had more time to teach themselves.
That's unlikely. Our graduates are in the same boat as yours and can easily make 80k/year as a developer with 3 months experience. We don't teach you to be a C/C++ developer, we give you everything you need to specialize into C/Java/Webdevelopmet etc. It's not like being a scientist is low paying either, if anything being a scientist is higher paying than being a developer unless you're at a university where you're kinda railroaded into union pay scales. But you get a good pension out of it.
And ya, software engineering (as taught by engineering) can be very design heavy or it can be very programming heavy. In the end it doesn't really matter, all CS/SE grads can get the same jobs and will make very good money within 12 months of graduation assuming they're minimally competent and didn't go to grad school.
But yes, if all you want to do is program in one type of language for one type of problem and not know how to do design, architecture, or analysis you're better off with a 12 month community college course in programming than CS. If you want to lead a team of those people and be a lead programmer you take CS or SE.
I was being illustrative of what salting does not a technical analysis of compromising passwords.
it was sort of obviously contrived, as passwords are never going to take exactly 525.95 seconds, and I'm not going to live exactly 50 years (now minus 2 days).
You might not recover low hanging fruits quickly with salting. It depends on the salting, if it just adds a couple of alphanumeric characters it's not adding a great deal, but a good salting algorithm could take a trivial password 1234 and turn it into #1_2_June*10_sqrt((to 8 digits)asciicodeof(3))@accountname4.
CS isn't programming. If you want to be a programmer take software engineering if the school is a hard programming school, or programming at a community college.
CS programmes are to train scientists. The fact the public is using them to be programmers is simply not correct. It would be like asking a Surgeon to be a Biologist or a Biologist to be a Surgeon.
The other problem you bring up, which is knowing where to find suitable libraries for your problem is *very* domain specific. If your project uses the Unity game engine it's completely different than if you use Unreal engine. Even though they're both game development. We explicitly do not teach narrow domain specific information because you can be taught that by whomever employs you.
And yes, after second year you've learned most of the actual coding you're going to get, with a bit more in 3rd year for algorithms and software engineering and everything else from there is on your own. Because all of that other stuff you actually have to know, and enough people can figure out how to do the coding well enough that we don't need to dramatically change up the programme. If you want to be a programmer don't go into science. In the same way that if you shouldn't expect a physicist to be a structural engineer.
And yes, some schools will have more programming than others.
From what I've been reading in the business press over the last couple of years, when folks lose their jobs in their 50s or later, they're screwed for the rest of their life.
Now is the time to go into senior management or similar. Sell your years of expertise training people, that kind of thing.
You're right, in that any career he was particularly in before is dead and buried unless he can market himself to a former competitor. Training in a programming language is unlikely to help unless he plans to start his own business and start out as lead programmer.
It is, but it's a course on rarely taken and rarely offered. It's for people who know they plan to work at a bank for example, and will need COBOL to work on some critical system that you can't do anything about.
Fortran is an extremely rare skill because it's taught primarily to people in sciences who don't go off into industry. They still actively use Fortran in sciences and are professional scientists.
It might be a promotion because there's more room for growth in management. If you're a sys admin III, and the best you'll ever do is sys admin V paying 10% more than you get, well then you have to decide if that's what you want as your career. If you go to a management a management I may pay less than a sys admin III but a senior management V pays double a sys admin V...
But you can do your own due diligence and look up salaries in the area and demonstrate that as what your research shows to be appropriate compensation.
This is normal for anywhere that has fixed salary scales. The management stream starts lower, but finishes higher than the fact that. That they'd be willing to move you laterally pay wise is a pretty reasonable concession. What they're trying to avoid is the "peter principle" (http://en.wikipedia.org/wiki/Peter_Principle), where you would be promoted based on your extensive experience in one are into another where you will completely train wreck and waste everyones time and money.
In terms of how you prove the experience, or what your job is you get documentation. You have written reports about your duties from your supervisor and subordinates about what you were doing (and telling them to do) right? Good. If not you can still write a description of your duties that demonstrate leadership and give HR the option to submit it to the relevant employees themselves and get their opinion as to whether or not it is an honest reflection of what you did, give them references about a previous employer. Essentially you're applying or a new job, treat it as such. You're taking the chance that one of your boss or subordinates will not try and fuck you over, but if you're narrow enough in focus, that part of your responsibility was leadership, that doesn't mean other people didn't also, but you had to lead kind of thing. You can be diplomatic in highlighting what you did, without suggesting anyone else didn't do anything as well.
Imagine you were going from completely orthogonal fields. Your experience at being an assembly line worker doesn't count towards your experience as a medical doctor. Sure, you may have had to supervise people before, and done some half assed project management. But you're not a project manager. If you want to be a project manager you have to prove yourself as a project manager. And no, project management has nothing to do with leadership or strategic direction for a company. Or at least it might not where you are. Project management is about managing the implementation of a project created by leadership. At least some places.
If you think that a reasonable starting rate is 25% more than you're making that might be fine. Tell them that, (but remember, my friend who makes X is not statistically significant), and ask how quickly you can expect to see salary growth and based on what metrics. I know a lot of people who started at 45-50k this time last year and are now at 70k-80k. If they're willing to say you can get a 25% bump in say 3 months or 6 months well... then they're just trying to cover their own asses.
As for salary range for what you're doing.... depends on where you are. A lot. And on one piece of information you haven't provided, which is how many employees would be under supervision.
Censorship need not be to hide the existence of information from the public, only restrict their access to it. The Chinese government is actively trying to hide the existence of the Tienanmen square massacre, and that's certain the form of censorship we think of most, but it's not all of it. The British government isn't hiding that the pirate bay exists, they are simply saying you aren't allowed to access it from within the UK. Pixelating porn or graphic violence isn't telling you that people don't have penises or their heads blown off it is done because seeing it could (according to the censor) be damaging to you.
For the british government a 'censorship' code makes a lot of sense. "You are attempting to access material forbidden to persons within the UK, for information on why this information is blocked click here'. The same could be said for much of the 'morality' police in the middle east. "This site contains blasphemous material and to protect you from its content we are preventing your access, this helpful message brought to you by the police of vice and virtue'. In fact in those cases a censorship status code would be an indication that the bureaucracy is doing the job it is tasked with doing, and something they can point to as places they have blocked.
In the same way your anti phishing filter might be censoring you from some malicious website, they're quite happy to tell you that you've been blocked from that site, because you've actually asked them to censor it for you. The government in the UK especially, was asked by the public who voted them into office to make decisions, including censoring material (as that is a government power) in their best interests.
The UK government through the film classification board censors films and games, or it used to until some of that power was transfered to the EU. What criteria they used for censorship wasn't a secret, and they even had processes for appeals and re-evaluations if you felt like the censorship was unfair. Everyone knew what they were doing, because that was their mandate, rate films, restrict access to them, and prevent harmful material from getting into the UK. Website censorship isn't fundamentally any different, by 'importing' a banned film from the US or france or whatever you were doing the mail order equivalent of changing your DNS provider. The fact that the legal situation in the UK hasn't caught up to DNS providers yet doesn't mean it won't.
CS doesn't have to teach you about programming (for more info see my other posts in this thread).
That's the most front facing of what we do, but it is by no means the only part of it. Physics spend almost as much time on programming these days as computer science, and they aren't thought of as programmers generally.
That depends very much on the school you go to and its emphasis. As I say, Wilfred Laurier you could make the argument it's almost hardware engineering. Down the street to waterloo it's almost pure math. Other places near by (Guelph, Windsor, Western, Toronto, Queens) are more in between or more on a spectrum of software engineering - pure math rather than hardware - pure math.
It's *supposed* to be science and not engineering, but you end up with varying amounts of practical engineering problems. Probably the biggest abstract challenge in the business is delineating between software engineering and computer science, and not following the example of physics and electrical/mechanical engineer which has not really worked out very well. Not that anyone cares enough to actually try and solve the problem but when employers can't tell the difference between your graduates you're doing something wrong.
If you're just a coder then you may as well have gone to community college, you're not doing science. Science is in the analysis. You can teach a scientist to be a coder relatively easily. You can't teach a coder to be a scientist relatively easily (insofar as one considers 1 year of school vs 4 as a huge barrier).
You can also employ someone who could be a scientist in a job that isn't science.
Learning the mechanics of a language isn't programming. It's theory of computation. That's much more a scientist problem than writing code with it. Being able to design a language well is a scientist problem. Being able to write code in it, not so much. In the same way that aircraft engineers don't have to be pilots.
Which was all my point. A computer scientist isn't a programmer. Most of them aren't even supposed to be programmers. They may have to have some limited knowledge of programming, and they can be trained into programming. But they aren't programmers, they're scientists who specialize in problems that arise in computing.
Right, and computer science *uses* math, and sometimes is math, just like physics uses math, and sometimes is math.
Computer science is science, to publish papers and be a professional computer scientist you have to do science, you can't just do math.
To use a car analogy. An engineer isn't an auto mechanic, but they have to understand what the auto mechanic can do, and occasionally may get their hands dirty like a mechanic. But there is a lot more to it than the part that is similar to an auto mechanic.
Your mistake is thinking there isn't something else to computer science than coming up with an algorithm, which by itself is probably legitimately an exercise in math alone. But comp sci is different than that, in that you are constrained by what is computable (just as physics is constrained by what is physically possible not just what is mathematically possible), and part of the job is of course figuring out what those constraints actually are, describing them, and quantifying them. That's science. It uses math. But it isn't math. An algorithm that isn't computable is a math problem. An algorithm that is computable is like quantum mechanics trying to figure out what is possible within the realm of what we know to be physical.
You really don't need to be a programmer to be a computer scientist. We have 120 or so grad students and about 60 are PhD students. Of those maybe half are competent programmers. Most of them develop one algorithm, which they may or may not implement themselves, and then the analysis of how that algorithm will perform is what makes them scientists.
You definitely don't need to know programming to do chemistry, and you can dodge it and still be a physicist easily enough. And they're still scientists.
I'll grant that it's very difficult to be a computer scientist with 0 programming skill at all. But you don't need to actually be good at it to be able to demonstrate your idea works, and how efficient it is. If you're in a field like HCI, theory of computation or cryptography you can get by with no programming skill at all.
And yes, real science is about a process, and developing something testable. You don't have to be the one that builds the testing apparatus. I'm a computer scientist today, but I used to be a physicist, I couldn't have built an electromagnet to save my life, but I know in principle how they work, but I certainly used magnets in my research, and I understand conceptually how they are built, in fact I could say that about most electronic components (resistors inductors capacitors, transistors), optical equipment (extremely high quality mirrors) etc. If you're in comp sci you *can* do quite a lot where you either direct someone else implementing it if you have the money to pay for it (which is extremely rare), or if your research doesn't require coding at all. As I say, the big ones that come to mind are theory of computation stuff, HCI who may need to use basic design tools but not write anything like real code, and cryptography, where you're coming up with new encryption algorithms, and having someone implement it is almost trivial compared to the pure math part. Probably the software engineering principles and practices guys (including testing) don't theoretically need to ever write any code in the course of their research, but you probably couldn't do research in those areas if you never coded before.
One could reasonably argue that the field is actually information science, not computer science, or computing science. But it's definitely science. We're in a faculty of science, degree requirements mandate breadth in science (first year courses in core science courses), there's a depth requirement in mathematics (statistics, linear algebra and calculus which are all part of the toolkit of being a scientist), and algorithms is certainly a component of science.
It's a common theme to say it isn't science, and I'm sure some of the programmes aren't. But they're supposed to be, and to be approved by the ACM or equivalent that you are an actual science programme you have to prove that you're teaching your graduates to be scientists. Science is a process, and computer science definitely covers that process as well as the other sciences. I'll grant you that physics is harder, I have a BSc in theoretical physics and half -1 course of a BSc in comp sci (and then graduate degrees in comp sci), but that doesn't mean computer science isn't science. It's not physics, it's not chemistry, and it's not biology, which are to some degree logical cascades of each other, but it is nearly as close to physics as chemistry is, and as close if not closer to math than physics is.
I meant if you were starting now it would be very different. I know a lot of successful computer people (IT, CS etc.) who came in from somewhere else ages ago. But to get into the business from a completely unrelated field is very difficult now.
If that's the case then the CS programme was doing a bad job. A bachelors in any science should prepare you to be a competent scientist with expertise in that field. In the same way an engineering degree should prepare you to be an engineer.
It's true that for someone who is a full time research scientist directing research you pretty much have to have a PhD these days. But that doesn't mean the work the BSc and MSc level people do isn't science. Coming out of a BSc you should be able to pick up a journal in an area you know something about and make sense of it enough to know how you could use that information and re-implement it if you have the resources.
Being able to create new material for the journal....not necessarily BSc level. That's more the defining features of an MSc or PhD (and there it's about rate, novelty, and quality).
Sure, for 3 years after a B.Eng you aren't technically a professional engineer, but you're doing engineering under supervision of someone who is. But that should be the same with a science degreee. You start out life as a junior scientist under the heavy supervision of someone else.
After a BSc there isn't very far to go up that is actually anything new. An MSc and PhD take a few (4-8) more courses than in a BSc, but all of that course work is something a BSc level person can step into. Doing 'research' is a very specific type of problem that needs to be solved, where you're trying to solve a problem that fits in a publication. That's what MSc and PhD people specifically (myself included) have to do, but we are very marginally better trained than a BSc level person. After the BSc it's more about what sort of problem you're trying to solve, and just how much time you are willing to allocate to the problem and how much risk you're willing to take on it.
I grant you that lots of CS programmes are bad at making scientists though. But that doesn't mean they have to be.
Ya, anyone who can read (which is, admittedly, a surprisingly high barrier when it comes to computing) can setup a linux box and hack out a PHP webpage. That's basically starting at the level of a highschool kid or a 1 year college course, so that's about where you'd expect to start employment wise.
If this was the 1980's the suggestions would be very different.
Back then finding anyone who knew anything about computers was a small miracle, and you could get your foot in the door and then experience matters. Today you're competing with people who are already a step above you, so you pretty much have to have demonstrable skills doing the job for someone, or you have to know someone that thinks you're competent enough to help you get a job.
because CS is about science and doing actual science. Developing new hash functions if you want a relevant example for todays news. Being a programmer is one thing in the toolkit of being a scientist, it's not the entirety of it.
Different schools have different emphasis though, but some places, where CS grew out of math departments it's much more about things like complexity theory, formal theory of languages and theory of computation sort of stuff than learning to write code.
For places where CS grew out of physics departments it can be much more hardware based, (Wilfred Laurier, the closest school to waterloo is a mostly hardware based CS programme, where waterloo is much more theoretical), or software, depending on what sorts of problems the people who created the department wanted solved, and how much money they could get to start the department.
Lots of CS grads, probably most of them, are not coders. They're scientists, some of whom can write code, and some of whom are much more about problems that can be solved with computers, and how efficiently that can be solved. Teaching people to code in a particular language is relatively easy if they have the math skills. Teaching them the maths skills is hard. Lots of them can't even replace a video card on their own, which seems kind of sad, but that's the same as an electrical engineer is not an electrician. They are related fields, but one is not entirely inclusive of the other.
CS *is not IT*. As part of doing CS you may have to learn to do some IT, but IT isn't programming necessarily either. A 5 year old can get a LAMP or Windows IIS php mysql setup going. IT is about being familiar with how to use particular software packages someone else has written to support whatever your business is. Being a network programmer, and sometimes that's part of being a sys admin, is about writing tools to solve your own unique problems, but not at the level of the packages you can download usually. The CS students who wandered over to your information systems or information science or... whatever programme did so because they want to know how to write code, but they don't have to be hardcore coders to be computer scientists. It's certainly useful for some people, and at some schools being able to code well is definitely required, but that's not universal.
Salting only protects you from precomuted "rainbow" brute force methods which means if you have a big enough table your password is cracked in seconds to minutes rather than oh I don't know what is the average for your typical password? Hour, day..two days? week tops...? Does this difference really mean anything substaintial to the vicitim?
To a single victim no. But you've taken the complexity of the problem from hacking a password to hacking 6 million passwords each taking as long. So to the 'average' victim your expectation time before being hacked is 3 million times longer, on a 6 million element set, than one that wasn't salted. There are just over 31 million seconds in a year. So even if your password takes 1 second to crack you've still bought yourself about a month. If it takes a day... well you'll be dead before it's brute forced so who cares.
I only expect to live exactly 50 more years. So if it takes 525.95 seconds to crack my password I have a 50/50 chance of being dead before they manage to brute force it under salting (at 525.95 seconds per they will be able to hack about 3 million in 50 years, and the other 3 million in the next 50 years). If on the other hand it takes 525 seconds for the first one, and small fractions of a second for the next 6 million, I could reasonably expect to have been compromised already.
Even if you change your password now what does that get you? If they're still unsalted SHA1 any minimally competent man in the middle attack will be able to get the hash, and then your password, as if it was part of this release.
If linkedIn actually has a different security system live and these are all old accounts who haven't changed passwords or the like, well then you have some idea what's going on. But changing your password from one unsalted SHA1 hash not tied to an account to another unsalted SHA1 hash doesn't get you a whole lot.
Or they did that in 2002, to launch a website in 2003, and have no idea how to transition a hashed password database from one system to another, which is a more difficult problem.
The thing is: we still don't know where this hack is from. 6.5 million of 160 million is a very small set of the data. Are *all* linkedin passwords SHA1 with no salting? If so changing your password doesn't do a whole lot of good, and that's a huge disaster for the whole outfit. Is one of their services (say LinkedIn syria) using SHA1 but no where else? (If you're an american linkedin user and found a SHA1 of your password on the list that just means you happen to have the same pwd as someone in syria then).
is this all accounts that haven't changed passwords since 2003? Or whenever they implemented something else? All users who created accounts using a mobile? Etc. The slew of possibilities of what these passwords are is pretty endless. If it's just random grab of 6 million people who happened to log in at some point that's a serious problem because it means all the passwords are unsalted. If it's a specific set of users then we can start to understand when and how this mistake was made - if it was a mistake at all. LinkedIn could very deliberately use SHA1 without salting for all users from Syria or russia or something. I'm not really sure why unless it has to do with cryptography export rules, but that would be a valid reason then.
Slashdot Mirror
Maybe the europeans can get some governments with brains that aren't enamoured with self destructive austerity and fund it themselves as a giant european wide jobs programme.
Which is basically what EADS is already, so it's just throwing more money at them.
That what I said. It's rare in industry because they're not off in industry using that information. It's not that it's actually rare, it's just rare to find someone in industry who uses it actively.
At the school I went to (and others I looked at), "software engineering" was even more theory. It was all about the mathematics of evaluating efficiency of programs and/or mathematical proofs of the "correctness" of programs.
Please note: I did not say I think CS is supposed to be software development. I said the university lies to potential students. They tell kids the program will get them a high paying job as a developer but all you can do with what they actually teach is go on to graduate school and get a low paying job as a scientist.
If the students want a good job out of college then they have to teach themselves how to ne a real developer. In the end they could have skipped the university and had more time to teach themselves.
That's unlikely. Our graduates are in the same boat as yours and can easily make 80k/year as a developer with 3 months experience. We don't teach you to be a C/C++ developer, we give you everything you need to specialize into C/Java/Webdevelopmet etc. It's not like being a scientist is low paying either, if anything being a scientist is higher paying than being a developer unless you're at a university where you're kinda railroaded into union pay scales. But you get a good pension out of it.
And ya, software engineering (as taught by engineering) can be very design heavy or it can be very programming heavy. In the end it doesn't really matter, all CS/SE grads can get the same jobs and will make very good money within 12 months of graduation assuming they're minimally competent and didn't go to grad school.
But yes, if all you want to do is program in one type of language for one type of problem and not know how to do design, architecture, or analysis you're better off with a 12 month community college course in programming than CS. If you want to lead a team of those people and be a lead programmer you take CS or SE.
Of course to all of your points.
I was being illustrative of what salting does not a technical analysis of compromising passwords.
it was sort of obviously contrived, as passwords are never going to take exactly 525.95 seconds, and I'm not going to live exactly 50 years (now minus 2 days).
You might not recover low hanging fruits quickly with salting. It depends on the salting, if it just adds a couple of alphanumeric characters it's not adding a great deal, but a good salting algorithm could take a trivial password 1234 and turn it into #1_2_June*10_sqrt((to 8 digits)asciicodeof(3))@accountname4.
Again though.
CS isn't programming. If you want to be a programmer take software engineering if the school is a hard programming school, or programming at a community college.
CS programmes are to train scientists. The fact the public is using them to be programmers is simply not correct. It would be like asking a Surgeon to be a Biologist or a Biologist to be a Surgeon.
The other problem you bring up, which is knowing where to find suitable libraries for your problem is *very* domain specific. If your project uses the Unity game engine it's completely different than if you use Unreal engine. Even though they're both game development. We explicitly do not teach narrow domain specific information because you can be taught that by whomever employs you.
And yes, after second year you've learned most of the actual coding you're going to get, with a bit more in 3rd year for algorithms and software engineering and everything else from there is on your own. Because all of that other stuff you actually have to know, and enough people can figure out how to do the coding well enough that we don't need to dramatically change up the programme. If you want to be a programmer don't go into science. In the same way that if you shouldn't expect a physicist to be a structural engineer.
And yes, some schools will have more programming than others.
From what I've been reading in the business press over the last couple of years, when folks lose their jobs in their 50s or later, they're screwed for the rest of their life.
Now is the time to go into senior management or similar. Sell your years of expertise training people, that kind of thing.
You're right, in that any career he was particularly in before is dead and buried unless he can market himself to a former competitor. Training in a programming language is unlikely to help unless he plans to start his own business and start out as lead programmer.
It is, but it's a course on rarely taken and rarely offered. It's for people who know they plan to work at a bank for example, and will need COBOL to work on some critical system that you can't do anything about.
Fortran is an extremely rare skill because it's taught primarily to people in sciences who don't go off into industry. They still actively use Fortran in sciences and are professional scientists.
It might be a promotion because there's more room for growth in management. If you're a sys admin III, and the best you'll ever do is sys admin V paying 10% more than you get, well then you have to decide if that's what you want as your career. If you go to a management a management I may pay less than a sys admin III but a senior management V pays double a sys admin V...
Not so much anymore.
But you can do your own due diligence and look up salaries in the area and demonstrate that as what your research shows to be appropriate compensation.
This is normal for anywhere that has fixed salary scales. The management stream starts lower, but finishes higher than the fact that. That they'd be willing to move you laterally pay wise is a pretty reasonable concession. What they're trying to avoid is the "peter principle" (http://en.wikipedia.org/wiki/Peter_Principle), where you would be promoted based on your extensive experience in one are into another where you will completely train wreck and waste everyones time and money.
In terms of how you prove the experience, or what your job is you get documentation. You have written reports about your duties from your supervisor and subordinates about what you were doing (and telling them to do) right? Good. If not you can still write a description of your duties that demonstrate leadership and give HR the option to submit it to the relevant employees themselves and get their opinion as to whether or not it is an honest reflection of what you did, give them references about a previous employer. Essentially you're applying or a new job, treat it as such. You're taking the chance that one of your boss or subordinates will not try and fuck you over, but if you're narrow enough in focus, that part of your responsibility was leadership, that doesn't mean other people didn't also, but you had to lead kind of thing. You can be diplomatic in highlighting what you did, without suggesting anyone else didn't do anything as well.
Imagine you were going from completely orthogonal fields. Your experience at being an assembly line worker doesn't count towards your experience as a medical doctor. Sure, you may have had to supervise people before, and done some half assed project management. But you're not a project manager. If you want to be a project manager you have to prove yourself as a project manager. And no, project management has nothing to do with leadership or strategic direction for a company. Or at least it might not where you are. Project management is about managing the implementation of a project created by leadership. At least some places.
If you think that a reasonable starting rate is 25% more than you're making that might be fine. Tell them that, (but remember, my friend who makes X is not statistically significant), and ask how quickly you can expect to see salary growth and based on what metrics. I know a lot of people who started at 45-50k this time last year and are now at 70k-80k. If they're willing to say you can get a 25% bump in say 3 months or 6 months well... then they're just trying to cover their own asses.
As for salary range for what you're doing.... depends on where you are. A lot. And on one piece of information you haven't provided, which is how many employees would be under supervision.
Censorship need not be to hide the existence of information from the public, only restrict their access to it. The Chinese government is actively trying to hide the existence of the Tienanmen square massacre, and that's certain the form of censorship we think of most, but it's not all of it. The British government isn't hiding that the pirate bay exists, they are simply saying you aren't allowed to access it from within the UK. Pixelating porn or graphic violence isn't telling you that people don't have penises or their heads blown off it is done because seeing it could (according to the censor) be damaging to you.
For the british government a 'censorship' code makes a lot of sense. "You are attempting to access material forbidden to persons within the UK, for information on why this information is blocked click here'. The same could be said for much of the 'morality' police in the middle east. "This site contains blasphemous material and to protect you from its content we are preventing your access, this helpful message brought to you by the police of vice and virtue'. In fact in those cases a censorship status code would be an indication that the bureaucracy is doing the job it is tasked with doing, and something they can point to as places they have blocked.
In the same way your anti phishing filter might be censoring you from some malicious website, they're quite happy to tell you that you've been blocked from that site, because you've actually asked them to censor it for you. The government in the UK especially, was asked by the public who voted them into office to make decisions, including censoring material (as that is a government power) in their best interests.
The UK government through the film classification board censors films and games, or it used to until some of that power was transfered to the EU. What criteria they used for censorship wasn't a secret, and they even had processes for appeals and re-evaluations if you felt like the censorship was unfair. Everyone knew what they were doing, because that was their mandate, rate films, restrict access to them, and prevent harmful material from getting into the UK. Website censorship isn't fundamentally any different, by 'importing' a banned film from the US or france or whatever you were doing the mail order equivalent of changing your DNS provider. The fact that the legal situation in the UK hasn't caught up to DNS providers yet doesn't mean it won't.
CS doesn't have to teach you about programming (for more info see my other posts in this thread).
That's the most front facing of what we do, but it is by no means the only part of it. Physics spend almost as much time on programming these days as computer science, and they aren't thought of as programmers generally.
That depends very much on the school you go to and its emphasis. As I say, Wilfred Laurier you could make the argument it's almost hardware engineering. Down the street to waterloo it's almost pure math. Other places near by (Guelph, Windsor, Western, Toronto, Queens) are more in between or more on a spectrum of software engineering - pure math rather than hardware - pure math.
It's *supposed* to be science and not engineering, but you end up with varying amounts of practical engineering problems. Probably the biggest abstract challenge in the business is delineating between software engineering and computer science, and not following the example of physics and electrical/mechanical engineer which has not really worked out very well. Not that anyone cares enough to actually try and solve the problem but when employers can't tell the difference between your graduates you're doing something wrong.
If you're just a coder then you may as well have gone to community college, you're not doing science. Science is in the analysis. You can teach a scientist to be a coder relatively easily. You can't teach a coder to be a scientist relatively easily (insofar as one considers 1 year of school vs 4 as a huge barrier).
You can also employ someone who could be a scientist in a job that isn't science.
Learning the mechanics of a language isn't programming. It's theory of computation. That's much more a scientist problem than writing code with it. Being able to design a language well is a scientist problem. Being able to write code in it, not so much. In the same way that aircraft engineers don't have to be pilots.
Which was all my point. A computer scientist isn't a programmer. Most of them aren't even supposed to be programmers. They may have to have some limited knowledge of programming, and they can be trained into programming. But they aren't programmers, they're scientists who specialize in problems that arise in computing.
Right, and computer science *uses* math, and sometimes is math, just like physics uses math, and sometimes is math.
Computer science is science, to publish papers and be a professional computer scientist you have to do science, you can't just do math.
To use a car analogy. An engineer isn't an auto mechanic, but they have to understand what the auto mechanic can do, and occasionally may get their hands dirty like a mechanic. But there is a lot more to it than the part that is similar to an auto mechanic.
Your mistake is thinking there isn't something else to computer science than coming up with an algorithm, which by itself is probably legitimately an exercise in math alone. But comp sci is different than that, in that you are constrained by what is computable (just as physics is constrained by what is physically possible not just what is mathematically possible), and part of the job is of course figuring out what those constraints actually are, describing them, and quantifying them. That's science. It uses math. But it isn't math. An algorithm that isn't computable is a math problem. An algorithm that is computable is like quantum mechanics trying to figure out what is possible within the realm of what we know to be physical.
You really don't need to be a programmer to be a computer scientist. We have 120 or so grad students and about 60 are PhD students. Of those maybe half are competent programmers. Most of them develop one algorithm, which they may or may not implement themselves, and then the analysis of how that algorithm will perform is what makes them scientists.
You definitely don't need to know programming to do chemistry, and you can dodge it and still be a physicist easily enough. And they're still scientists.
I'll grant that it's very difficult to be a computer scientist with 0 programming skill at all. But you don't need to actually be good at it to be able to demonstrate your idea works, and how efficient it is. If you're in a field like HCI, theory of computation or cryptography you can get by with no programming skill at all.
And yes, real science is about a process, and developing something testable. You don't have to be the one that builds the testing apparatus. I'm a computer scientist today, but I used to be a physicist, I couldn't have built an electromagnet to save my life, but I know in principle how they work, but I certainly used magnets in my research, and I understand conceptually how they are built, in fact I could say that about most electronic components (resistors inductors capacitors, transistors), optical equipment (extremely high quality mirrors) etc. If you're in comp sci you *can* do quite a lot where you either direct someone else implementing it if you have the money to pay for it (which is extremely rare), or if your research doesn't require coding at all. As I say, the big ones that come to mind are theory of computation stuff, HCI who may need to use basic design tools but not write anything like real code, and cryptography, where you're coming up with new encryption algorithms, and having someone implement it is almost trivial compared to the pure math part. Probably the software engineering principles and practices guys (including testing) don't theoretically need to ever write any code in the course of their research, but you probably couldn't do research in those areas if you never coded before.
One could reasonably argue that the field is actually information science, not computer science, or computing science. But it's definitely science. We're in a faculty of science, degree requirements mandate breadth in science (first year courses in core science courses), there's a depth requirement in mathematics (statistics, linear algebra and calculus which are all part of the toolkit of being a scientist), and algorithms is certainly a component of science.
It's a common theme to say it isn't science, and I'm sure some of the programmes aren't. But they're supposed to be, and to be approved by the ACM or equivalent that you are an actual science programme you have to prove that you're teaching your graduates to be scientists. Science is a process, and computer science definitely covers that process as well as the other sciences. I'll grant you that physics is harder, I have a BSc in theoretical physics and half -1 course of a BSc in comp sci (and then graduate degrees in comp sci), but that doesn't mean computer science isn't science. It's not physics, it's not chemistry, and it's not biology, which are to some degree logical cascades of each other, but it is nearly as close to physics as chemistry is, and as close if not closer to math than physics is.
my fault, wasn't clear.
I meant if you were starting now it would be very different. I know a lot of successful computer people (IT, CS etc.) who came in from somewhere else ages ago. But to get into the business from a completely unrelated field is very difficult now.
If that's the case then the CS programme was doing a bad job. A bachelors in any science should prepare you to be a competent scientist with expertise in that field. In the same way an engineering degree should prepare you to be an engineer.
It's true that for someone who is a full time research scientist directing research you pretty much have to have a PhD these days. But that doesn't mean the work the BSc and MSc level people do isn't science. Coming out of a BSc you should be able to pick up a journal in an area you know something about and make sense of it enough to know how you could use that information and re-implement it if you have the resources.
Being able to create new material for the journal....not necessarily BSc level. That's more the defining features of an MSc or PhD (and there it's about rate, novelty, and quality).
Sure, for 3 years after a B.Eng you aren't technically a professional engineer, but you're doing engineering under supervision of someone who is. But that should be the same with a science degreee. You start out life as a junior scientist under the heavy supervision of someone else.
After a BSc there isn't very far to go up that is actually anything new. An MSc and PhD take a few (4-8) more courses than in a BSc, but all of that course work is something a BSc level person can step into. Doing 'research' is a very specific type of problem that needs to be solved, where you're trying to solve a problem that fits in a publication. That's what MSc and PhD people specifically (myself included) have to do, but we are very marginally better trained than a BSc level person. After the BSc it's more about what sort of problem you're trying to solve, and just how much time you are willing to allocate to the problem and how much risk you're willing to take on it.
I grant you that lots of CS programmes are bad at making scientists though. But that doesn't mean they have to be.
Ya, anyone who can read (which is, admittedly, a surprisingly high barrier when it comes to computing) can setup a linux box and hack out a PHP webpage. That's basically starting at the level of a highschool kid or a 1 year college course, so that's about where you'd expect to start employment wise.
If this was the 1980's the suggestions would be very different.
Back then finding anyone who knew anything about computers was a small miracle, and you could get your foot in the door and then experience matters. Today you're competing with people who are already a step above you, so you pretty much have to have demonstrable skills doing the job for someone, or you have to know someone that thinks you're competent enough to help you get a job.
because CS is about science and doing actual science. Developing new hash functions if you want a relevant example for todays news. Being a programmer is one thing in the toolkit of being a scientist, it's not the entirety of it.
Different schools have different emphasis though, but some places, where CS grew out of math departments it's much more about things like complexity theory, formal theory of languages and theory of computation sort of stuff than learning to write code.
For places where CS grew out of physics departments it can be much more hardware based, (Wilfred Laurier, the closest school to waterloo is a mostly hardware based CS programme, where waterloo is much more theoretical), or software, depending on what sorts of problems the people who created the department wanted solved, and how much money they could get to start the department.
Lots of CS grads, probably most of them, are not coders. They're scientists, some of whom can write code, and some of whom are much more about problems that can be solved with computers, and how efficiently that can be solved. Teaching people to code in a particular language is relatively easy if they have the math skills. Teaching them the maths skills is hard. Lots of them can't even replace a video card on their own, which seems kind of sad, but that's the same as an electrical engineer is not an electrician. They are related fields, but one is not entirely inclusive of the other.
CS *is not IT*. As part of doing CS you may have to learn to do some IT, but IT isn't programming necessarily either. A 5 year old can get a LAMP or Windows IIS php mysql setup going. IT is about being familiar with how to use particular software packages someone else has written to support whatever your business is. Being a network programmer, and sometimes that's part of being a sys admin, is about writing tools to solve your own unique problems, but not at the level of the packages you can download usually. The CS students who wandered over to your information systems or information science or... whatever programme did so because they want to know how to write code, but they don't have to be hardcore coders to be computer scientists. It's certainly useful for some people, and at some schools being able to code well is definitely required, but that's not universal.
Salting only protects you from precomuted "rainbow" brute force methods which means if you have a big enough table your password is cracked in seconds to minutes rather than oh I don't know what is the average for your typical password? Hour, day..two days? week tops...? Does this difference really mean anything substaintial to the vicitim?
To a single victim no. But you've taken the complexity of the problem from hacking a password to hacking 6 million passwords each taking as long. So to the 'average' victim your expectation time before being hacked is 3 million times longer, on a 6 million element set, than one that wasn't salted. There are just over 31 million seconds in a year. So even if your password takes 1 second to crack you've still bought yourself about a month. If it takes a day... well you'll be dead before it's brute forced so who cares.
I only expect to live exactly 50 more years. So if it takes 525.95 seconds to crack my password I have a 50/50 chance of being dead before they manage to brute force it under salting (at 525.95 seconds per they will be able to hack about 3 million in 50 years, and the other 3 million in the next 50 years). If on the other hand it takes 525 seconds for the first one, and small fractions of a second for the next 6 million, I could reasonably expect to have been compromised already.
Even if you change your password now what does that get you? If they're still unsalted SHA1 any minimally competent man in the middle attack will be able to get the hash, and then your password, as if it was part of this release.
If linkedIn actually has a different security system live and these are all old accounts who haven't changed passwords or the like, well then you have some idea what's going on. But changing your password from one unsalted SHA1 hash not tied to an account to another unsalted SHA1 hash doesn't get you a whole lot.
Or they did that in 2002, to launch a website in 2003, and have no idea how to transition a hashed password database from one system to another, which is a more difficult problem.
The thing is: we still don't know where this hack is from. 6.5 million of 160 million is a very small set of the data. Are *all* linkedin passwords SHA1 with no salting? If so changing your password doesn't do a whole lot of good, and that's a huge disaster for the whole outfit. Is one of their services (say LinkedIn syria) using SHA1 but no where else? (If you're an american linkedin user and found a SHA1 of your password on the list that just means you happen to have the same pwd as someone in syria then).
is this all accounts that haven't changed passwords since 2003? Or whenever they implemented something else? All users who created accounts using a mobile? Etc. The slew of possibilities of what these passwords are is pretty endless. If it's just random grab of 6 million people who happened to log in at some point that's a serious problem because it means all the passwords are unsalted. If it's a specific set of users then we can start to understand when and how this mistake was made - if it was a mistake at all. LinkedIn could very deliberately use SHA1 without salting for all users from Syria or russia or something. I'm not really sure why unless it has to do with cryptography export rules, but that would be a valid reason then.