Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Dual major (Score 1) 397

I strongly recommend for anyone considering a computer science degree to pick a dual major.

Mine was a hybrid telecommunications engineering and computer science degree - it was very interesting to observe those of us who clearly enjoyed programming and had the knack for it would elect for increasingly more programming and computer science oriented courses, while those who didn't had many other good course options. In our course of about 35 people, about half had the knack for programming while the other half always seem to need help.

Comment Re:We're dealing with an imbalance of power here (Score 2) 211

I'm on the side of moving software engineering towards a Profession rather than Unionization.

Right or wrong my impression of unions are that they are catered towards less skilled labor, while professions require a lot more skill that can be encapsulated by many certifications. Lawyers with their bar and accountants with their CPA are examples. I've no doubt many of us can easily come up with a fairly basic curriculum for basic certification - take for example Secure Coding practices. Given how diverse and specialized a lot of our work can be, I imagine a lot of esoteric certificates can be devised. Certifications would likely need to be renewed from time to time as well, considering how quickly technologies and techniques evolve. A profession centered around good education benefits everyone.

Comment Shutting down because no Executive Director? (Score 1) 223

Reading through the website, it seems the reason they're shutting down is because the current Executive Director is stepping down, and they haven't found anyone that's a good fit, or those who are a good fit don't want the job.

Reading through the job description - I think it kind of sucks. Salary 120k-160k which is apparently the market rate for this sort of position in San Francisco - doesn't seem very much. And the following paragraph jumped out:

While this job is fulfilling and supportive in many ways, it also has some serious downsides. As the visible leader of a feminist activism organization, many people will feel entitled to your time and energy without compensation and you will need to tell them no frequently so that we can fulfill our mission. We will provide you with experienced support in handling harassment and threats, as you will almost certainly be the target of these. Sometimes partners, sponsors, donors, or community members will pressure the Ada Initiative to do things contrary to its mission and you will need to stand up to them. Listening to and responding to reports of sexual violence, intimate partner violence, and criminal harassment are a frequent part of the job.

Comment the credit card playbook (Score 1) 112

The credit card system works pretty well - so easy to use that family members usually don't have any trouble using each other's cards. Behind the scenes however, there are comprehensive fraud detection systems, as well as clear responsibilities of fraud liability (usually card issuer).

I agree with another poster who mentioned that the onus of security should be mainly on the system - much more than the end user. What this means is that if you're going to setup any kind of password or multi-factor authentication system, it must be relatively easy to use. But then ensure there's an intrusion system in place that works in a similar manner to credit card fraud detection, where anomalies are quickly flagged and escalated for investigation.

Comment VLSI is hard (Score 1) 150

The final project of this VLSI elective course I took required each team to build three logical modules that would work together. I was responsible for the control and integration portion bringing together all the logical modules. I spent an entire sleepless night sorting out the issues. Our team was the only one that had a functioning chip (simulated) in the end. The lecturer wasn't surprised - most chips of any reasonable complexity require A LOT of painstaking (e.g. efficient routing, interference) work to get them working - often requiring certain modules to be pulled apart (or redesigned) so they integrate better with others.

Comment Potential can be incredible (Score 2) 264

Actually, if you're willing to take a risk and join a startup and have stock options, you can stand to gain an incredible amount. Most startups fail, but finding another job shouldn't be a problem.

What I suggest is to first find a relatively large stable corporation to work for after graduation. After 3-5 years experience, join a startup (do your research on them first of course) or a relatively new company that is planning to go public, and negotiate a nice chunk of stock options. It is likely there will be many long nights at work, but the energy and vibrancy will sustain you. Don't get married too early - if the relationship gets serious, live with each other for at least two years, and get a prenup.

Best area for this sort of lifestyle is still the US west coast, home of the venture capitalists.

But as another poster noted, it helps to have a certain love for this field that extends into your personal life - technologies evolve quickly enough that you should be constantly learning. From my fifteen years plus experience as a software engineer, there are very few people who have this sort of passion. Most prefer to settle into doing the same thing day in day out - their priorities shift elsewhere like to their families - the good news is that most larger companies need people like that, and still pay a decent salary.

Comment Audiophiles and NwAvGuy (Score 1) 288

I wonder how many of you find the faith based approach of many audiophiles silly (or disturbing). Nevertheless, it's amazing how large the audio industry has grown, in effect selling snake oil. For those of you who have not heard of NwAvGuy, he's an electronics engineer (most likely specializing in audio) who called BS on the racket - ran his own analysis to debunk expensive headphone amplifiers, and went so far as coming up with a cheap yet excellent reference design.

Comment secure software dev (Score 1) 135

Secure software development is something I've gotten into recently, and the growth potential there is excellent. Become familiar with BSIMM (Build Security In Maturity Model), in particular what they categorize as the SSG (Software Security Group). Here are some highlights from their document about the SSG:

The best SSG members are software security people, but software security people are often impossible to find. If you must create software security types from scratch, start with developers and teach them about security. Do not attempt to start with network security people and teach them about software, compilers, SDLCs, bug tracking, and everything else in the software universe. No amount of traditional security knowledge can overcome software cluelessness.

Submission + - Sourceforge staff takes over a user's account and wraps their software installer ( 11

An anonymous reader writes: Sourceforge staff took over the account of the GIMP-for-Windows maintainer claiming it was abandoned and used this opportunity to wrap the installer in crapware. Quoting Ars:

SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.

Comment Re:The absolute #1 contribution of Java (Score 1) 382

Seems to me that's the fault of the college/university for not teaching these concepts.

A good syllabus will teach students enough important concepts, and how to think with these concepts. It will also recognize different languages being better for teaching different aspects of CS. High level languages like Haskell are excellent for teaching algorithms. Prolog/Lisp for AI. C and assembly for low level concepts. Java IMO would be good for teaching concurrency/threading. At the end of the day, the student will be able to express the core portion of quicksort in a single line of code with Haskell, yet be able to convert it to Java, C or even assembly - and understand why you might need to do so, and the additional factors needed in lower level languages.

Comment Not a waste of time but... (Score 4, Informative) 125

Good courses and certifications are offered by the SANS Institute ( Black Hat organizes one of the premier security conferences, and also hosts many interesting courses ( Certifications and courses provide a great way to start learning about security along with some really esoteric specialties, but if you think a certificate is suddenly going to make your software secure, you'd be sadly mistaken. To be effective in computer security, you need to constantly learn and keep up with recent developments. If I were hiring a candidate I wouldn't care about certifications as much as the effort and interest the individual exercises in the extremely broad field - some humility wouldn't hurt either.

The mindset of software developer working on secure or hardened software is also a little different - normally good developers focus on aspects such as clean design, extensible architecture, performance, and efficiency, but few tend to be aware of the things hackers do to exploit your code because you didn't do proper input validation, or ensure that you were protected against buffer overflows from maliciously crafted payloads.

More good resources for software developers:
- CERT coding standards (
- OWASP ( if you're doing anything related to the internet

There's a lot to learn, which is why courses can be useful to get you started. Here are some of the things you would learn:

Security occurs at many levels. Your software is the obvious focus. Also, the application or web servers they're hosted on if any, as well as the O/S. Your software might be pretty secure, but if you do not setup your web server properly you could get screwed as well. Given the pervasive nature of SSL/TLS, you should also be aware of security vulnerabilities in openssl (if your software or servers make use of - most likely they do) and be able to understand the description and lingo used to describe the vulnerabilities. This is the more IT or sys admin oriented aspect of security. Some familiarity in this area is good.

Layered security design. Develop multiple security layers to protect your critical data. Do not rely on SSL/TLS only. Learn about public key infrastructure (asymmetric encryption algorithms), and their role with symmetric encryption algorithms like AES.

Understand what threat modeling and analysis is about. Familiarity with assurance case modeling is also interesting where you start to see the boundary between reliability and security become increasing blurry.

Do not invent your own protocols/algorithms if you can find one that already exists, especially if it has a threat analysis to accompany it. Some courses go over some of the better known protocols for things like authentication or authorization, and how to deploy them correctly.

Comment Miranda anyone? (Score 1) 138

I was taught Miranda (precursor to Haskell) some twenty years ago in my undergraduate degree. To this day I use still functional programming (Haskell) to prototype any reasonably complex algorithm.

To give you an idea of how compact functional programming languages can express complex algorithms - here's quicksort:
qsort (x:xs) = qsort (filter ( x) xs)

Couple high level functions with closure gives us a very powerful tool to express complex algorithms.

Comment So how do you develop relatively secure software? (Score 2) 58

Here's what works in most practical systems with a little effort:
- Threat model. Sequence diagram of all external communication between all servers and clients. Apply STRIDE analysis. May be take a step back to see if you can simplify the workflow.
- Assurance model. State diagram of system. Capture success and error states. Unit tests for each case.

Add to that third party oversight:
- Static analysis tools.
- Third party verification.

I assume you're not developing mission critical systems that control functions in a nuclear power station, or even a car breaking system. Rather you're looking at consumer or enterprise level systems that involve some confidential, and possibly credit card information. Short deadlines and budget constraints mean you can't spend forever coming up with a solid specification or even do extensive analysis.

Comment Re:Double tassel ... (Score 1) 216

The way this played out in my undergraduate degree, which was a hybrid course in electronics engineering and computer science was that those of us who had a knack for programming ended up electing more and more CS subjects, while those who didn't ended with a more EE oriented course (many of those individuals went the telecommunications route rather than circuit design). Similarly, an introductory CS course could provide different tracks to allow students to focus on their strengths, i.e. while everyone is expect to do some basic programming, do not make advanced programming mandatory, but rather one out of several options.

Comment H1B from 2000 viewpoint (Score 1, Insightful) 442

I came to the US on an H1B back in 2000. I'm now a US citizen, even married an American. My starting pay back in 2000 was around $60k (Washington DC metro region), and is about twice that today (software engineer/architect) not counting bonuses that can add another 10-20k. I got no complaints about my salary.

Most of us in the technology group are/were H1Bs, and are now responsible for hiring new software developers. I've conducted dozens of interviews over the years (mostly entry level new grads from nearby universities) and noticed the extremely small number of American applicants (salary offered is competitive), while other departments are full of Americans (including IT). Sometimes I don't think our still smallish company would have survived or grown without the H1B program. One interesting factor about the Washington DC metro region is that it has a lot of work that requires security clearance so are only available to Americans, but I think that in turn sets a decent baseline for prevailing wages that H1Bs here benefit from.

Slashdot Top Deals

It is not well to be thought of as one who meekly submits to insolence and intimidation.