In my experience, your #3 is it. It is a filter. Most places want either a degree or "x" amount of experience.
As a requirement, I've only seen it as a must have in state/Federal/municipal jobs.
Do employers care if someone it more literate? Realistically, in the environments I worked, they didn't care at all, provided the employee was able to get their deliverables in during a sprint.
Even on iOS, VPNs are trivial. Some VPNs even offer an app which can allow you to select the closest server group, install a profile, and have the VPN auto configure when on Wi-Fi, with the ability to whitelist a few trusted SSIDs.
I'm amazed that Apple or Google hasn't offered their own VPN service where you just flip a switch, ensuring no matter what hanky-panky the AP/ISP does, the worst they can do is slow down or block traffic, not change it.
I decided to go with a VPN always when telcos started actively adding X-UIDH headers on HTTP exchanges. That, and Phorm with ads injected via traffic in flight.
Yes, Excel is a staple in work environments... but what software out there can replace it that is just effective? I know some consulting groups would love to replace it with their own, expensive solution. However, for 99.99% of what is out there, LibreOffice Calc, Numbers, or Excel can do the job well.
Even without insurance, the cost of a breach is most often lower than taking proper measures and coding to not have it happen. Every company that has had a major breach has recovered in 6-12 months at most. Even Equifax's stock just lost a year's worth of gains and is on its way back up.
The only thing that can stop this is government regulation, or contractual agreements like PCI-DSS, which actually put pain where it matters... at the pocketbook.
I would assert that it is a 99/1 ratio. Security is a solvable problem, and we have had rigorous, solid, time-tested methods of security since the 1960s and 1970s, be it physical security, network security, or security of a computer.
I did an "Ask Slashdot" about a similar topic a few weeks ago, but it was more inclined to why companies have no interest in security, because (to them) security has no returns.
The problem is that we already know how to do segmented operating systems, windowing systems that have varying levels of security, application security, solid encryption with good key management, secure tunnels. All mainstream x86-64 and ARM CPUs come with AES in hardware and a hardware RNG (even if you have to run it through Yarrow like FreeBSD does, just in case.) The issue is that developers cut corners. Why use a 4096 bit key, where big-O for this is O(n^3) when you can use 64, 64 bit keys for a fraction of the CPU? Why use all 14 rounds for AES-256 when you can use just one? Why use a salting/hashing mechanism when you can just store the password as plaintext? Who will notice? Who will care?
Then we get to more fundamental things. Why should developers care about security at all? If they don't make their deliverables for sake of security, they get admonished for it in public at the daily stand-ups, if not eventually fired. If their code causes people to sue the company, then the lawyers are the ones handling that... not the devs. Even if there are consequences, they are less than not making the sprints.
Then, we get to the bottom line: There is profit to be had by insecurity. If a CEO finds out their company got hacked, they can short their stock, wait a few months, announce it, and profit tidily. Insider trading laws are easily skirted around, especially if there is a few months delay between the transaction and the announcement.
To;dr, security is not a matter of "can't". It is a matter of "won't".
Local access can mean a heap of trouble as well. Especially on the CPU level where a VM may run untrusted code, and the code is able to use the ME to escalate privs.
The nice thing about Android are firewalling apps. Root is a lot better, but you can get apps that do a loopback VPN as a way of firewalling. With this in mind, just blocking all outgoing traffic except specific programs is easy. On the iOS side... only firewall available is available via jailbreaking.
BitCoin is becoming pretty unwieldy with the time to process transactions. Even with taking shortcuts, the time it takes is taking steadily longer to process (days in some instances), the blockchain is getting a lot larger, around 145 gigs, and the concern about existing issues like the 51%+ mining bloc.
BitCoin is a great "version 2.0" cryptocurrency, with "version 1.0" being Chaum's DigiCash. What is needed is a "version 3.0" currency that has some way to keep one group from getting to the 51% mark, some anonymity like the blinding factor in Chaum's currency, ease of mining, various escrow/signature methods, a way to only have to parse a subset of the blockchain and not worry about being double-spent, ability to have older transactions be archived from the blockchain to save space, a mechanism to have exponentially more blocks added when needed, so the amount of energy it takes to mine a coin stays about the same, and perhaps have the upper bound of coins be related to how many coins are in use.
Every generation has its tulips. In the '80s, it was Cabbage Patch Kids. The 1990s brought Pogs and.com 1.0 companies (pets.com, flooz, beenz.)
What we are going to see is cryptocurrencies hyped up, a nasty collapse happen, then they will go back to a sane level and wind up a useful way of doing value exchanges once the "ooo, shiny" aspect is gone. Cryptocurrencies are a good concept, but because the shysters are back (a lot of them fled when Mt. Gox fell flat), it is something to stay away from for now.
I also don't see anything wrong with an ICO, provided the currency has undergone some scrutiny and has something it can bring to the table that is noticeably better than Ethereum or BitCoin (not having to run through the entire blockchain to validate a transaction, a way of doing anonymity similar to a Chaumian currency, some way of protecting against 51% attacks, etc.) However, with all the cryptocurrencies out there, it would have to be extremely unique and innovative to be worth investors' time.
We sort of have that with Outlook creating a postmark which served as a proof of work. However, with spammers having plenty of CPU cycles available, this seems to have been phased out.
What might be interesting might be a proof of work system with a very small granularity, so one could mine a unit of currency with a relatively small amount of CPU spent, and then send that as part of the E-mail. That way, one could set E-mail thresholds fairly easily, and even if the message was crap, it at least added something to your wallet.
That's why one has throwaway addresses, be it foo+bar@gmail.com, or aliases on your own domain, so you can pinpoint which group of schlubs decided to break their pinky promise of not spamming, as well as to just delete the alias or filter it to/dev/null. Some places, I just use mailinator.
You just have to assume that if you give your phone or E-mail address out, it will be hawked to third parties and spammed to Hell and gone.
One solves security issues by architecture primarily. This ensures that the damage a bug can do is minimized. I do wish mainstream operating systems went with a microkernel, or a more structured, compartmentalized system. It might make writing drivers tougher, but it would keep something like a USB flesh drive from masquerading as a keyboard and mouse, when it shouldn't.
The Linux kernel has been pretty good when it comes to security, but what threats are out there might just trying to patch bugs without a major redesign of the kernel's architecture similar to trying to patch a leaking dam with duct tape and JB Weld epoxy putty sticks. Even Microsoft had to re-architect Windows from XP to Vista due to this.
Things like SELinux and AppArmor do help, but it might be that structuring kernel space, and moving to a microkernel based architecture may be inevitable.
Microsoft was a strong mobile player. The problem is that Apple changed the entirety of what people expected in mobile phones, and MS had to pivot to keep up with it. Before the iPhone, the stylus was part of the interface, as well as a physical hardware keyboard. The iPhone set user expectations to a completely different style.
I will give credit to MS for several things. There is nothing out there as scalable as AD for users, computers, and other core organization in a company. The DHCP protocol is also a big advantage... and beats what we had before (rarp/bootp.)
The Microsoft of the Halloween Documents doesn't exist anymore. If Linux does something well, Microsoft can make money from it selling Azure to run tasks on. If Android does well, Microsoft gets a chunk of every Android device going out there. So, unlike the past, their revenue streams don't depend on just Windows for an OS. For example, MS SQL server runs on Linux... and MS still gets their cut for licensing.
MS is still a corporation, and they are beholden to the bottom line above all, but MS hitching their cart to Git is not unexpected. It is a widespread, easily maintained, relatively cheap technology... and having something different is expensive. So, moving to Git isn't a surprise move... and it is a good thing overall.
Or you have a train at all. Here in Austin, there is a rail system... with one route that stops by a downtown hotel, and no other relevant spots in the area. You have buses that run... sort of. Cycling? If you can use the Greenbelt paths, you are A-OK, but if not, better get a cycle cam for front and back, as hit and runs are extremely common. So, you pretty much take your car places. The local council is divided into districts, and none of the districts have any interest in doing anything for the better city, so any meaningful discussions on transportation issues get tabled indefinitely.
Shoulders are overrated. A boot is usually the best way, next to a door ram.
Here in the US, front door physical security is piss-poor across the board, be it easily bumpable five-pin tumbler locks, doors that will fall to a stout kick because it only locks one point, doors with large windows, and so on. At best, if you want better, you buy a security screen door.
The average European door has at least 3-4 point locking, cylinders that resist snapping, punching, and drilling, deadlocking, and a solid door jamb. A lot of Eastern European doors use an Italian brand of door lock, which uses lever locking, at least four rods near the door handle, and a number of points around the door for added security.
You can say that about the US. You could take an American who is studying in Germany and blame them for the worst incarceration rate in the world or the atrocities done in Iraq. However, that is pointless. One needs to separate the person from their government. Someone may be of the Han race, but not a Chinese citizen.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Risk management is a big thing. However, for most companies, because the individual execs are so well shielded, even if a company causes loss in the thousands to tens of thousands of lives, it is pretty much impossible for the C-levels or even VPs to see any consequences. The banking industry in 2008 showed that with the megabuck bonuses after the recession.
In reality, if a company has a $100 asset, the CxOs will say that paying $10 has no ROI to them. The $100 asset gets destroyed, and the business is toast. However, there is no real consequences, so the top brass just hop in their yachts for a cruise once the bankruptcy papers are filed.
When I was in college, AGW (now climate change) was answered in a simple way. A score.
Number of peer reviewed papers in scientific journals supporting AGW: Many. Number of papers in the journals showing AGW is not happening: 0
It has been a number of years since I graduated, but yet, the hockey stick chart has yet to be disproven. Africa is turning into desert at an accelerated pace, and there are many other obvious signs worldwide showing that we have hit the warmest temperatures in geologic time... and each year is warmer than the next.
I don't understand the pushback against something so obvious and man-made. Nobody had any issues with banning CFCs to save the ozone layer.
The panels I have encountered usually have a 20 year warranty. If they are DOA, usually it is found before they are installed. If they die after they are around, it may be a pain to go up to the roof and replace it, but less of an effort than if something bad happened with a reactor, such as if a reactor head cracked.
The only reason I would have reservations when it comes to nuclear power is the fact that there is no real responsibility for safety. In the modern world of golden parachutes and "synergistic optimization", a company that makes a reactor head from zinc pot metal, causing an instant meltdown when the rods are placed, has no responsiblity or worries. They got the contract funding, and worst, the company at fault gets a token fine while the government has a new Superfund site to deal with.
If we can't even trust contractors to ground shower heads, how can we trust them to not cut corners where every part of the nuclear rollout has to be relatively precise.
Solar is a different story. Dead panels? It goes back to the store or maker. The tech for installing solar panels is extremely simple, and it is hard to get killed installing them, other than electrocution or a panel hitting someone on the head. Solar is a lot more idiot resistant than nuclear, and with the fact that there is no real responsibility for disasters, might as well go with the boneheaded stuff where cutting corners is a lot more obvious and immediate.
Slashdot Mirror
In my experience, your #3 is it. It is a filter. Most places want either a degree or "x" amount of experience.
As a requirement, I've only seen it as a must have in state/Federal/municipal jobs.
Do employers care if someone it more literate? Realistically, in the environments I worked, they didn't care at all, provided the employee was able to get their deliverables in during a sprint.
Even on iOS, VPNs are trivial. Some VPNs even offer an app which can allow you to select the closest server group, install a profile, and have the VPN auto configure when on Wi-Fi, with the ability to whitelist a few trusted SSIDs.
I'm amazed that Apple or Google hasn't offered their own VPN service where you just flip a switch, ensuring no matter what hanky-panky the AP/ISP does, the worst they can do is slow down or block traffic, not change it.
I decided to go with a VPN always when telcos started actively adding X-UIDH headers on HTTP exchanges. That, and Phorm with ads injected via traffic in flight.
Yes, Excel is a staple in work environments... but what software out there can replace it that is just effective? I know some consulting groups would love to replace it with their own, expensive solution. However, for 99.99% of what is out there, LibreOffice Calc, Numbers, or Excel can do the job well.
Even without insurance, the cost of a breach is most often lower than taking proper measures and coding to not have it happen. Every company that has had a major breach has recovered in 6-12 months at most. Even Equifax's stock just lost a year's worth of gains and is on its way back up.
The only thing that can stop this is government regulation, or contractual agreements like PCI-DSS, which actually put pain where it matters... at the pocketbook.
The ironic thing... PostgreSQL is a better MongoDB than MongoDB.
I've set up a website using Ada CGI apps before. Wasn't ideal, but it worked and did the job.
I would assert that it is a 99/1 ratio. Security is a solvable problem, and we have had rigorous, solid, time-tested methods of security since the 1960s and 1970s, be it physical security, network security, or security of a computer.
I did an "Ask Slashdot" about a similar topic a few weeks ago, but it was more inclined to why companies have no interest in security, because (to them) security has no returns.
The problem is that we already know how to do segmented operating systems, windowing systems that have varying levels of security, application security, solid encryption with good key management, secure tunnels. All mainstream x86-64 and ARM CPUs come with AES in hardware and a hardware RNG (even if you have to run it through Yarrow like FreeBSD does, just in case.) The issue is that developers cut corners. Why use a 4096 bit key, where big-O for this is O(n^3) when you can use 64, 64 bit keys for a fraction of the CPU? Why use all 14 rounds for AES-256 when you can use just one? Why use a salting/hashing mechanism when you can just store the password as plaintext? Who will notice? Who will care?
Then we get to more fundamental things. Why should developers care about security at all? If they don't make their deliverables for sake of security, they get admonished for it in public at the daily stand-ups, if not eventually fired. If their code causes people to sue the company, then the lawyers are the ones handling that... not the devs. Even if there are consequences, they are less than not making the sprints.
Then, we get to the bottom line: There is profit to be had by insecurity. If a CEO finds out their company got hacked, they can short their stock, wait a few months, announce it, and profit tidily. Insider trading laws are easily skirted around, especially if there is a few months delay between the transaction and the announcement.
To;dr, security is not a matter of "can't". It is a matter of "won't".
Local access can mean a heap of trouble as well. Especially on the CPU level where a VM may run untrusted code, and the code is able to use the ME to escalate privs.
The nice thing about Android are firewalling apps. Root is a lot better, but you can get apps that do a loopback VPN as a way of firewalling. With this in mind, just blocking all outgoing traffic except specific programs is easy. On the iOS side... only firewall available is available via jailbreaking.
BitCoin is becoming pretty unwieldy with the time to process transactions. Even with taking shortcuts, the time it takes is taking steadily longer to process (days in some instances), the blockchain is getting a lot larger, around 145 gigs, and the concern about existing issues like the 51%+ mining bloc.
BitCoin is a great "version 2.0" cryptocurrency, with "version 1.0" being Chaum's DigiCash. What is needed is a "version 3.0" currency that has some way to keep one group from getting to the 51% mark, some anonymity like the blinding factor in Chaum's currency, ease of mining, various escrow/signature methods, a way to only have to parse a subset of the blockchain and not worry about being double-spent, ability to have older transactions be archived from the blockchain to save space, a mechanism to have exponentially more blocks added when needed, so the amount of energy it takes to mine a coin stays about the same, and perhaps have the upper bound of coins be related to how many coins are in use.
Every generation has its tulips. In the '80s, it was Cabbage Patch Kids. The 1990s brought Pogs and .com 1.0 companies (pets.com, flooz, beenz.)
What we are going to see is cryptocurrencies hyped up, a nasty collapse happen, then they will go back to a sane level and wind up a useful way of doing value exchanges once the "ooo, shiny" aspect is gone. Cryptocurrencies are a good concept, but because the shysters are back (a lot of them fled when Mt. Gox fell flat), it is something to stay away from for now.
I also don't see anything wrong with an ICO, provided the currency has undergone some scrutiny and has something it can bring to the table that is noticeably better than Ethereum or BitCoin (not having to run through the entire blockchain to validate a transaction, a way of doing anonymity similar to a Chaumian currency, some way of protecting against 51% attacks, etc.) However, with all the cryptocurrencies out there, it would have to be extremely unique and innovative to be worth investors' time.
We sort of have that with Outlook creating a postmark which served as a proof of work. However, with spammers having plenty of CPU cycles available, this seems to have been phased out.
What might be interesting might be a proof of work system with a very small granularity, so one could mine a unit of currency with a relatively small amount of CPU spent, and then send that as part of the E-mail. That way, one could set E-mail thresholds fairly easily, and even if the message was crap, it at least added something to your wallet.
That's why one has throwaway addresses, be it foo+bar@gmail.com, or aliases on your own domain, so you can pinpoint which group of schlubs decided to break their pinky promise of not spamming, as well as to just delete the alias or filter it to /dev/null. Some places, I just use mailinator.
You just have to assume that if you give your phone or E-mail address out, it will be hawked to third parties and spammed to Hell and gone.
One solves security issues by architecture primarily. This ensures that the damage a bug can do is minimized. I do wish mainstream operating systems went with a microkernel, or a more structured, compartmentalized system. It might make writing drivers tougher, but it would keep something like a USB flesh drive from masquerading as a keyboard and mouse, when it shouldn't.
The Linux kernel has been pretty good when it comes to security, but what threats are out there might just trying to patch bugs without a major redesign of the kernel's architecture similar to trying to patch a leaking dam with duct tape and JB Weld epoxy putty sticks. Even Microsoft had to re-architect Windows from XP to Vista due to this.
Things like SELinux and AppArmor do help, but it might be that structuring kernel space, and moving to a microkernel based architecture may be inevitable.
Microsoft was a strong mobile player. The problem is that Apple changed the entirety of what people expected in mobile phones, and MS had to pivot to keep up with it. Before the iPhone, the stylus was part of the interface, as well as a physical hardware keyboard. The iPhone set user expectations to a completely different style.
I will give credit to MS for several things. There is nothing out there as scalable as AD for users, computers, and other core organization in a company. The DHCP protocol is also a big advantage... and beats what we had before (rarp/bootp.)
The Microsoft of the Halloween Documents doesn't exist anymore. If Linux does something well, Microsoft can make money from it selling Azure to run tasks on. If Android does well, Microsoft gets a chunk of every Android device going out there. So, unlike the past, their revenue streams don't depend on just Windows for an OS. For example, MS SQL server runs on Linux... and MS still gets their cut for licensing.
MS is still a corporation, and they are beholden to the bottom line above all, but MS hitching their cart to Git is not unexpected. It is a widespread, easily maintained, relatively cheap technology... and having something different is expensive. So, moving to Git isn't a surprise move... and it is a good thing overall.
Beats Visual Sourcesafe, definitely.
Or you have a train at all. Here in Austin, there is a rail system... with one route that stops by a downtown hotel, and no other relevant spots in the area. You have buses that run... sort of. Cycling? If you can use the Greenbelt paths, you are A-OK, but if not, better get a cycle cam for front and back, as hit and runs are extremely common. So, you pretty much take your car places. The local council is divided into districts, and none of the districts have any interest in doing anything for the better city, so any meaningful discussions on transportation issues get tabled indefinitely.
Shoulders are overrated. A boot is usually the best way, next to a door ram.
Here in the US, front door physical security is piss-poor across the board, be it easily bumpable five-pin tumbler locks, doors that will fall to a stout kick because it only locks one point, doors with large windows, and so on. At best, if you want better, you buy a security screen door.
The average European door has at least 3-4 point locking, cylinders that resist snapping, punching, and drilling, deadlocking, and a solid door jamb. A lot of Eastern European doors use an Italian brand of door lock, which uses lever locking, at least four rods near the door handle, and a number of points around the door for added security.
I would be respecting the candidate's OPSEC skills.
You can say that about the US. You could take an American who is studying in Germany and blame them for the worst incarceration rate in the world or the atrocities done in Iraq. However, that is pointless. One needs to separate the person from their government. Someone may be of the Han race, but not a Chinese citizen.
If faced with being tossed to the local airport police and dragged off for a stint in the local pokey for a bit, most people will give up their devices.
Risk management is a big thing. However, for most companies, because the individual execs are so well shielded, even if a company causes loss in the thousands to tens of thousands of lives, it is pretty much impossible for the C-levels or even VPs to see any consequences. The banking industry in 2008 showed that with the megabuck bonuses after the recession.
In reality, if a company has a $100 asset, the CxOs will say that paying $10 has no ROI to them. The $100 asset gets destroyed, and the business is toast. However, there is no real consequences, so the top brass just hop in their yachts for a cruise once the bankruptcy papers are filed.
When I was in college, AGW (now climate change) was answered in a simple way. A score.
Number of peer reviewed papers in scientific journals supporting AGW: Many.
Number of papers in the journals showing AGW is not happening: 0
It has been a number of years since I graduated, but yet, the hockey stick chart has yet to be disproven. Africa is turning into desert at an accelerated pace, and there are many other obvious signs worldwide showing that we have hit the warmest temperatures in geologic time... and each year is warmer than the next.
I don't understand the pushback against something so obvious and man-made. Nobody had any issues with banning CFCs to save the ozone layer.
The panels I have encountered usually have a 20 year warranty. If they are DOA, usually it is found before they are installed. If they die after they are around, it may be a pain to go up to the roof and replace it, but less of an effort than if something bad happened with a reactor, such as if a reactor head cracked.
The only reason I would have reservations when it comes to nuclear power is the fact that there is no real responsibility for safety. In the modern world of golden parachutes and "synergistic optimization", a company that makes a reactor head from zinc pot metal, causing an instant meltdown when the rods are placed, has no responsiblity or worries. They got the contract funding, and worst, the company at fault gets a token fine while the government has a new Superfund site to deal with.
If we can't even trust contractors to ground shower heads, how can we trust them to not cut corners where every part of the nuclear rollout has to be relatively precise.
Solar is a different story. Dead panels? It goes back to the store or maker. The tech for installing solar panels is extremely simple, and it is hard to get killed installing them, other than electrocution or a panel hitting someone on the head. Solar is a lot more idiot resistant than nuclear, and with the fact that there is no real responsibility for disasters, might as well go with the boneheaded stuff where cutting corners is a lot more obvious and immediate.