OSS can be looked at, but is it? Are you sure that several competent reviewers have actually looked at the code and made comments? Are you sure the reviewers comments have been incorporated in the released version? Was one of the reviewers actually competent in the architecture of the product? In security? Is there a record of reviews?
Suppose I told you that in my shop, every piece of code was reviewed by 4 people in writing? That each reviewer had to approve the code before it even went to the next reviewer? That one of the reviewers had to be a security guru? That there was a written vulnerability assesment and security implications section of the review. That functionality was tested by a non-developer tester. That integration was done by a separate group. That there was a written or electronic record of all of this. And that this was proprietary OS code and that people were still productive and happy working there.
OSS isn't all perfect, proprietary isn't all bad. Oh they both can be either, neither or somewhere in between. Usually in between.
After 37 years in IT, I assure you you can get to retirement. And it is easier now with IRAs and 401Ks than it was in my era.
For most in the private sector, there will be no pensions. That era is gone. Far better for us as we are now so much more portable because we aren't enslaved by that promised pension. Knowing there is none and knowing we must be responsible for our own future, we are free to plan and move to wherever is desireable/necessary.
The trick is save fanatically, diversify your investments and make sure you are always perceived as giving more value than you cost.
I've never left the original company I hired on with, yet have gone through 6 corporate ownership changes, several technical revolutions, and flitted in and out of management and technical contributors roles as the need arose. I was never wed to the product or technology, just to doing a good and interesting job. I never planned on being a lifer, this was, after all, just supposed to be a summer job while I was waiting to get into law school. But it got too fun to leave. These fools paid me to solve logic puzzles I'd have worked on for free.
Am I the sole survivor still with the company of many of the groups I was in along the way, yes. Perhaps because I was always willing to change and learn.
Did the promised retirement package vanish somewhere along the way while the corporate biggies pocketed multi-millions? Yes. But thanks to taking home less than 40% of what I make, there is money in the bank for when I want to retire. And there was money to pay for kids to go to school. Stay married to the same person. Live in the same house. Drive your cars into the ground. Yes I live less grandly than many I know, but it suits me and my risk tolerance.
Can you be sure that each and every code change is reviewed by competent individuals trained and experienced in security and with a comprehensive knowledge of the architectural issues with the work product? By each and every we include device drivers from every source under the sun that are in the kernel and thus have the ability to do good things or ill.
Who maintains the security model, the design documents, the overall architecture? Who argues that this code, while it speeds things up wonderfully, violates architectural principles that are important to the security of the entire system? And who can make the decision stick...that security is more important than functionality or speed.
Yes OSS could be more secure than most proprietary products by virtue of the quantity of eyes.
But perhaps it is possible to make a product even more secure by following great developmental practices, ones that are only enforceable in a proprietary world. And submitting it to peer review by acknowledged experts.
Compare the assurance requirements contained within the Common Criteria to the practices followed in most OSS product development and maintenance. OSS has some real problems.
Not that it isn't wonderful... but security in the OSS world has yet to be proven.
Will the AMI version of their BIOS (once Paladium is implemented in the hardware/BIOS) allow the execution of an alternative OS (not Linux, not Microsoft) with no changes to the existing OS? What changes will have to be made to the OS to make it boot and execute is it would today but on a Paladium-empowered platform?
In other words, can I just turn the thing off in the BIOS? Or are you changing things so radically that today's I386 OS won't work without change?
I'm the hiring manager. I'm looking for people who have potential to contribute to OS development on the basis of experience or training or both.
So how do I find such people?
I ask because I have another job to do...that of leading a development team. There are only so many hours in the day. And too many web sites you can post a job description on. And too many people who answer and who are obviously not qualified for the job but are despirate for anything associated with computers.
Head hunters or buzzword scanners are part of the approach I use not because I want it that way but because I must if I'm to get the rest of my job done.
So how to separate the real prospects from the not-even-close?
I try really hard to be specific about what I'm looking for, what the profile of our ideal candidate would be, where we are located, what our culture is like, etc. I try to post to areas where a likely candidate would see and not to general computer oriented job search engines.
I'm presuming a responder whould make sure that, if they have buzzword1-I'm-asking-for experience and buzzword2 traning, that it or something close would somehow appear in their resume.
If it doesn't, then we are probably never going to connect no matter if I am reviewing the resume or if a buzzword hunting robot or headhunter is looking. The stack of resume's is just too deep.
I try in my postings to show what I'm looking for so as not to waste other people's time if the fit isn't there. I'm going to presume that if someone is really interested in a Unix-based written in C OS development job, that some development buzzwords are going to appear in their standard resume or they are going to tailor it a little bit to try and show me how they fit what I'm looking for. I scan for the most general terms first, then narrow. I print anything that looks vaguely promising and those I read end to end or until the resume disquallifies the candidate in my mind.
If I try and be specific and they are too, we have the best chance.
I've seen lots of places that specify text only email responses. Not me.
I figure that even a Word user should have some of the more popular format-converters installed (they are free, after all, and only require you to know how to install them). WP wouldn't shake me.
But a paragraph on how the persons background fit what I'm looking for would get as big a response as a resume...and faster. If the fit is there, we can always worry over the resume later.
So if you are trying to land that job, tailor the resume or the Email. Because if you put out a standard one, you only make it difficult on the hiring manager and invite a pre-scan by a less technical recruiter.
And if you are hiring, then please do the same and tailor your job descrition so that the person who is going to scan for it will get good hits and can connect.
The hiring process is time consuming and frustrating for all concerned. Would be nice if there was a magic way but I think we all are just going to have to work at it.
Slashdot Mirror
What if you had a compatible with Linux OS that was EAL5+ CC targeted and in evaluation?
0 181xts400.htm
Such a thing does exist. See http://www.entrust.com/entrustcygnacom/labs/pfSEL
OSS can be looked at, but is it? Are you sure that several competent reviewers have actually looked at the code and made comments? Are you sure the reviewers comments have been incorporated in the released version? Was one of the reviewers actually competent in the architecture of the product? In security? Is there a record of reviews?
Suppose I told you that in my shop, every piece of code was reviewed by 4 people in writing? That each reviewer had to approve the code before it even went to the next reviewer? That one of the reviewers had to be a security guru? That there was a written vulnerability assesment and security implications section of the review. That functionality was tested by a non-developer tester. That integration was done by a separate group. That there was a written or electronic record of all of this. And that this was proprietary OS code and that people were still productive and happy working there.
OSS isn't all perfect, proprietary isn't all bad. Oh they both can be either, neither or somewhere in between. Usually in between.
After 37 years in IT, I assure you you can get to retirement. And it is easier now with IRAs and 401Ks than it was in my era.
For most in the private sector, there will be no pensions. That era is gone. Far better for us as we are now so much more portable because we aren't enslaved by that promised pension. Knowing there is none and knowing we must be responsible for our own future, we are free to plan and move to wherever is desireable/necessary.
The trick is save fanatically, diversify your investments and make sure you are always perceived as giving more value than you cost.
I've never left the original company I hired on with, yet have gone through 6 corporate ownership changes, several technical revolutions, and flitted in and out of management and technical contributors roles as the need arose. I was never wed to the product or technology, just to doing a good and interesting job. I never planned on being a lifer, this was, after all, just supposed to be a summer job while I was waiting to get into law school. But it got too fun to leave. These fools paid me to solve logic puzzles I'd have worked on for free.
Am I the sole survivor still with the company of many of the groups I was in along the way, yes. Perhaps because I was always willing to change and learn.
Did the promised retirement package vanish somewhere along the way while the corporate biggies pocketed multi-millions? Yes. But thanks to taking home less than 40% of what I make, there is money in the bank for when I want to retire. And there was money to pay for kids to go to school. Stay married to the same person. Live in the same house. Drive your cars into the ground. Yes I live less grandly than many I know, but it suits me and my risk tolerance.
Good luck. Stay flexible. And protect yourself.
OSS can be viewed by many eyes.
... but security in the OSS world has yet to be proven.
But is it?
Can you be sure that each and every code change is reviewed by competent individuals trained and experienced in security and with a comprehensive knowledge of the architectural issues with the work product? By each and every we include device drivers from every source under the sun that are in the kernel and thus have the ability to do good things or ill.
Who maintains the security model, the design documents, the overall architecture? Who argues that this code, while it speeds things up wonderfully, violates architectural principles that are important to the security of the entire system? And who can make the decision stick...that security is more important than functionality or speed.
Yes OSS could be more secure than most proprietary products by virtue of the quantity of eyes.
But perhaps it is possible to make a product even more secure by following great developmental practices, ones that are only enforceable in a proprietary world. And submitting it to peer review by acknowledged experts.
Compare the assurance requirements contained within the Common Criteria to the practices followed in most OSS product development and maintenance. OSS has some real problems.
Not that it isn't wonderful
Will the AMI version of their BIOS (once Paladium is implemented in the hardware/BIOS) allow the execution of an alternative OS (not Linux, not Microsoft) with no changes to the existing OS? What changes will have to be made to the OS to make it boot and execute is it would today but on a Paladium-empowered platform?
In other words, can I just turn the thing off in the BIOS? Or are you changing things so radically that today's I386 OS won't work without change?
http://www.levitjames.com/crosseyes/prversion2.htm l allows "reveal codes and edit them" functionality in Word.
I'm the hiring manager. I'm looking for people who have potential to contribute to OS development on the basis of experience or training or both.
So how do I find such people?
I ask because I have another job to do...that of leading a development team. There are only so many hours in the day. And too many web sites you can post a job description on. And too many people who answer and who are obviously not qualified for the job but are despirate for anything associated with computers.
Head hunters or buzzword scanners are part of the approach I use not because I want it that way but because I must if I'm to get the rest of my job done.
So how to separate the real prospects from the not-even-close?
I try really hard to be specific about what I'm looking for, what the profile of our ideal candidate would be, where we are located, what our culture is like, etc. I try to post to areas where a likely candidate would see and not to general computer oriented job search engines.
I'm presuming a responder whould make sure that, if they have buzzword1-I'm-asking-for experience and buzzword2 traning, that it or something close would somehow appear in their resume.
If it doesn't, then we are probably never going to connect no matter if I am reviewing the resume or if a buzzword hunting robot or headhunter is looking. The stack of resume's is just too deep.
I try in my postings to show what I'm looking for so as not to waste other people's time if the fit isn't there. I'm going to presume that if someone is really interested in a Unix-based written in C OS development job, that some development buzzwords are going to appear in their standard resume or they are going to tailor it a little bit to try and show me how they fit what I'm looking for. I scan for the most general terms first, then narrow. I print anything that looks vaguely promising and those I read end to end or until the resume disquallifies the candidate in my mind.
If I try and be specific and they are too, we have the best chance.
I've seen lots of places that specify text only email responses. Not me.
I figure that even a Word user should have some of the more popular format-converters installed (they are free, after all, and only require you to know how to install them). WP wouldn't shake me.
But a paragraph on how the persons background fit what I'm looking for would get as big a response as a resume...and faster. If the fit is there, we can always worry over the resume later.
So if you are trying to land that job, tailor the resume or the Email. Because if you put out a standard one, you only make it difficult on the hiring manager and invite a pre-scan by a less technical recruiter.
And if you are hiring, then please do the same and tailor your job descrition so that the person who is going to scan for it will get good hits and can connect.
The hiring process is time consuming and frustrating for all concerned. Would be nice if there was a magic way but I think we all are just going to have to work at it.