Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Project Management or Business Analyst (Score 2) 158 158


Not to be sexist, but most women prefer jobs that include more interaction with people and less time spent in solo problem solving, so it's not terribly surprising that she does't love coding. This isn't to say there aren't women who really like coding, or even introverted women who find working with people all day to be unpleasant. There are all kinds... but on average my observation is that women prefer more human interaction.

So, assuming that your wife falls into that category, there are lots of roles in and around software development that are more people-focused. Project management requires an additional set of skills, both people skills and management skills, but it's eminently learnable, and having a technical background is very valuable -- as long as it doesn't cause her to second-guess what the developers are telling her (always a risk with PMs, and even more with those whose technical background is shallower than they think it is. There's a tendency to assume that everything they don't know how to do is easy.)

Business Analyst is another good one. It, again, requires some additional skills she probably doesn't have but can learn. Industry knowledge tends to be important, but most companies are okay with analysts learning that context on the job. She also needs to learn how to gather and document requirements. A technical background is useful there because good requirements need quite a bit more precision than most non-technical people are used to. There's also a risk; formerly-technical BAs have a tendency to overspecify. An important skill for this role which isn't so easy to learn is writing. Good BAs are excellent writers, able to concisely and accurately boil complex issues down to simple statements.

Another option that might be excellent if she can swing it is Systems or Application Architect. Companies generally want experienced, senior developers to move into these roles, but smart but less-experienced people can do it as well. Architects take the business requirements and convert them into high-level technical plans/architectures. Architects tend to spend less time interacting with people than PMs or BAs, but still quite a bit since they provide the primary interface between the technical and business teams. Architects need to have good technical skills and good "taste", meaning a good feel for what sorts of structures are easy to build, easy to maintain and flexible, and for how to intelligently trade those issues off. They also need to be good at translating technical issues into language the business people can understand. Honestly I expect that your wife probably doesn't have the depth of experience needed to make a good architect, but I thought I'd throw it out.

Another that might be good if she's a good writer and enjoys writing is technical writing. Good tech writers have greater need for writing skill than they do technical skill, but the latter is very valuable because it enables them to more quickly and accurately understand the information that needs to be documented.

In smaller companies a lot of these roles get mixed and combined with other business roles, so another good option is to look for a position that isn't necessarily directly related to software development, but could benefit from having a deeply IT-literate person.

Finally, the option that I've long thought I'd take if I ever got tired of writing code is the law. It's a lot of additional training, but I think there is a deep and growing need for attorneys who understand technology. This is especially true in the areas of patent and copyright law, but I think it applies in many areas. Of course, the law may not have any attraction whatsoever for your wife.

Whatever, I'd really encourage her to take the time to figure out what she wants to do, and do that, rather than settling for something she doesn't really like. We so much of our lives working that it's really a waste to spend it doing something we don't like.

Comment: Re:The founding documents present a path... (Score 1) 146 146

The electorate fully agrees with him.

This is completely untrue. The electorate is pretty divided, and whether you can find a majority depends which poll you look at, and which week. The fact is that there is a significant part of the electorate that thinks bulk surveillance is fine because they have nothing to hide and it keeps us safe. That they're wrong on both counts doesn't change their opinion, or their votes

Congress mostly agrees with him.

And yet they passed the USA Freedom Act which, although better than the PATRIOT Act, still authorizes way too much surveillance. And in the process they failed to do anything to curtail article 702 of the FISA, which is the basis for the FISA court's ruling -- as was completely predictable before passage of USA Freedom. The argument is that while article 702 authorizes only surveillance of foreign people, the court considers it perfectly reasonable for the NSA to hoover up ALL the data and then figure out later what they can and cannot look at. This all comes back to the NSA's choice to define "collect" as "look at", since the law hadn't defined the term.

Congress had a perfect opportunity to define "collect" as "collect", and chose not to.

Yeah, we have a problem here. And the "democratically elected government" ain't it.

The problem is fundamentally the electorate, which isn't sufficiently convinced that bulk data collection is a bad thing. If 80% of the voters wanted it shut down, enough to make it a major election issue, it would be shut down. But as is Congress knows that with a slim majority (at best) concerned about data collection, if they shut it down and then Something Bad happened the voters would turn on them like a rabid dog.

The system isn't perfect, but it is basically working as intended. We just need to convince more of our fellow Americans that surveillance is bad.

Comment: Re:Apples and oranges (Score 1) 92 92

... it's just a little more than 1% the size of OpenSSL...Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions....

So then, aren't size comparisons between OpenSSL and s2n at best useless, and at worst intentionally misleading?

No, but this particular comparison is. Besides all of the stuff s2n doesn't provide, s2n actually uses OpenSSL's libcrypto to provide the implementations of all of its crypto algorithm. A useful comparison could be made between OpenSSL's TLS layer and s2n, with some caveats listing the TLS features s2n doesn't provide.

Note that none of this means that s2n doesn't have value. If you don't need the other OpenSSL features, it's a lot less code to audit.

Comment: Re:Soooo... (Score 5, Informative) 44 44

Like most of the up-voted posters here, I think you're missing the point. This new service isn't a Google Code replacement or a Github competitor. It's an add-on for cloud-based hosting, so people who are hosting systems on Google App Engine or Compute Engine can keep their source there as well, with nice tools for working with the code online, managing releases and even live debugging... if there's a problem with your running app you can debug it instantly. The system snapshots the live system so it's not interrupted and then gives you an online debugger so you can examine the state, step through the code, etc.

It's a value-added feature on a paid cloud hosting service, not a place to host your latest open source project. That's what Github is for.

Comment: Re:Less suspect than the others (Score 5, Interesting) 78 78

But one of the vulnerabilities I've pointed out recently to proxy maintainers is that it's become quite commonplace to host SSL based traffic on an external router or load balancer, and carry it entirely unencrypted between that load balancer and the local server. It often eases maintenance of SSL keys and allows far less expensive, small servers to handle the actual traffic and allows the cost of robust SSL services to be shared more effectively.

Google's encryption is end-to-end. It's also not SSL-based, but instead much simpler and more robust (and more efficient), though there's nothing proprietary or custom about the encryption ciphers or protocols used (Google employs lots of cryptographers who would quickly stomp on any questionable designs). I work for Google and used to do stuff related to internal network encryption though I worked on a different aspect of it, focused on securing payments data (credit card numbers, etc.).

I think it would be awesome if Google were to publish the details of its security infrastructure, which is dramatically better than anything I saw in my 15 years as a security consultant, but AFAIK that hasn't been done so I have to keep my comments vague and high-level.

I'll also point out, since I know it has been mentioned publicly, that Google didn't actually start doing all of the link encryption in response to Snowden's revelations. It was a project that was already well under way. Snowden's information did cause the project to be accelerated, though.

From what I saw, the main effect was that the tolerance for exceptions to the encryption requirement dropped basically to zero. In an enormous and complex infrastructure like Google's there are always dozens of corner cases where anything you'd like to do is really hard for one reason or another, and so big infrastructure changes tend to take years to fully deploy, to avoid requiring project teams to drop all their productive work in order to avoid breakage from the change. Snowden's data changed the encryption mandate from "You need to get this done as soon as you can" to "Encryption will be on 100% by date X, no exceptions. If you can't see how to make it work, come talk to us and we'll help." (X was single-digit weeks away).

I know one team who had to deploy a spit-and-baling-wire construction to enable their protocol to be encrypted, and then had to fight with serious performance degradation until they got a well-designed and tested replacement in place. They begged for permission to turn off encryption for a while so they could focus on building the solid replacement rather than spending their time fighting production fires caused by the interim solution... and they were denied. This was for an important production service related to financial systems, too, which gives you a good idea of how serious Google was about the encryption mandate.

Thank you, Edward Snowden!

(I want to be sure no one thinks that last line is sarcastic. It's not. At all. I think Edward Snowden is one of the great American heroes, and I think that history will eventually give him his considerable due. I don't know anyone on the team I mentioned who would disagree, either, even though it caused them some weeks of long hours and stress.)

Comment: Re:Lots of great features and no kdbus (Score 1) 113 113

I'm not sure what encryption is useful for. If my servers get hacked, they're able to read encrypted files.

You mention laptops and mobile devices, and claim that they get hacked way more often than they get lost/stolen. This is absolutely not true. Look at the many, many instances of laptops being lost or stolen with sensitive databases on them, and the ones that get reported publicly are just a tiny fraction.

It's also not necessarily the case with ext4 encryption that a box getting hacked reveals all of the data on it. Ext4 encryption allows each user account -- or even various subdirectory, IIRC -- to have its own keys. So a hacker can only get access to the directories whose keys have been loaded into memory. So the attacker has to own the box and then maintain ownership and connectivity until the data he's after has been unlocked.

You're also ignoring implementations which use hardware-based keys (HSM or similar) with other access controls on key usage, potentially even including rate limiting. So even if an attacker manages full privilege escalation and fully owns the box, he can't get access to anything encrypted unless he can satisfy the other access control requirements, and may also be rate-limited.

Malware on my Android device can read my encrypted files as soon as I get the phone properly booted.

Only if said malware can manage a privilege escalation attack. Granted that this issue is orthogonal to disk encryption, which is all about protecting against attackers with physical access to a powered down (or, to a lesser extent) locked device.

Comment: Re:Conversely (Score 1) 163 163

It should be pretty hard to obtain an expendable human in the countries where the remaining rhinos live. C4 is very stable and won't go off on impact, but a stable and long-lasting detonator would be needed.

Expendable humans are easy to find anywhere, and much easier in Africa than most places.

It's not about the stability of the explosive, or even the detonator, it's about the mechanism for triggering the detonator. It has to be sufficiently sensitive that it is certain to go off when the horn is removed, but cannot be triggered accidentally even by the enormous forces rhinos put on their horns. For that matter, getting the fake horn attachment to withstand those forces may not be trivial.

Comment: Re:Conversely (Score 1) 163 163

New idea: Give the rhinos an authentic-looking prosthetic horn with some C4 in it and a tensioned trigger wire running to the old horn stump. If some fucker cuts the horn off, BOOM.

Just means the poacher needs an expendable human, too. Those aren't particularly hard to obtain, unfortunately. And you also have to be very careful to ensure that the bomb won't go off when the rhino smacks something with its horn. Though I suppose blowing up all the rhinos will stop the poaching...

Comment: Re:Paul Ehrlich? (Score 1) 294 294

Heck, some European countries are beginning to get fairly concerned about population decline. Denmark has gone so far as to to run PSAs encouraging people to have children. Globally, it seems pretty clear that we've already passed the peak birthrate and it seems that we can expect it to continue dropping. Although births are declining the total population will continue to rise for a while because right now the world demographics are heavily weighted to the young end, so population will rise as the age distribution is "filled out". We're on course to hit a peak of about 10 billion people, sometime around 2040-2050. This assumes we don't make great breakthroughs in life extension.

Comment: Re:Motown (Score 1) 110 110

You can measure the quality of any streaming music service by typing the word "motown" into the search box. Does Motown immediately start playing? A+ Is there a list of Motown playlists? A Does something else happen? Fail.

I guess by your test, Google Music All Access gets an A, though personally I think what it does is better than immediately playing motown. What it provides is several sections: Motown artists, Motown albums, Motown songs, Motown Radio stations (similar to Spotify), Motown Playlists (apparently put together by users and shared to the world) and Motown videos, each with a selection of a half-dozen choices and a "See All" button that takes you to the rest of the matches for that section.

Not caring for Motown myself, I can't comment on the quality of the contents of the sections. It all looked pretty reasonable, though.

Relative to the points in the summary, Google also has Adele and Taylor Swift. Beatles... not so much. There are a bunch of "albums" but most of them are interviews along with a couple of albums including somewhat random songs... but none of their actual album releases. It's also possible that a couple of the music albums I see are not in the library, but were uploaded by me (you can upload your own music and it appears in the streaming service just as though it were part of the library. I think Metallica is also not in the library. I've uploaded all of their albums, so they're all there for me. It's possible I also uploaded some Adele, though there are albums I don't have so they must be from the library. And I don't own any Taylor Swift, so I'm sure all of that is from the library.

Oh, and Google Music's subscription also includes YouTube MusicKey, so whatever isn't available in the streaming service is almost certainly available there. The Beatles' music is, though not under a music license, so it's not available for download or background play.

(Disclosure: I work for Google, though I'm speaking here as a satisfied customer of the music service.)

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson