Given the length of time we've been going back and forth on this site (and it's been a long time), I propose we meet in person. Please reach out to me here if you're interested. If you don't know why you should be interested, please disregard this reply and have a nice day.

Please be advised that it's plausible that the GP is engaged in the business of pretending ignorance in an effort to identify individuals who possess the requisite knowledge to accomplish certain aims. I don't particularly care about this possibility as it pertains to myself, but I'm becoming increasingly "itchy" with regard to digging into this person's background. It wouldn't be the first (or even tenth) time I've confirmed such behavior, where confirmation is defined as irrefutable identification of the full background of the involved party. Most of these guys really aren't very bright, but hey, they allegedly mean well.

On the off chance that you're actually one of those "special guys" who isn't really a complete idiot but is instead engaged in the business of posting bait posts in forums like these with the intent of identifying "candidates" for employment by certain entities, please be advised that I've already worn a uniform for a living "once upon a time," and I'm not presently interested in returning to that sort of service. This is mostly due to the fact that your organizational concept of loyalty is demonstrably flawed at best (all it takes is one lying and improperly trusted jackass in a senior officer role to ruin the fun for others), and there's also the minor problem that your pay fucking sucks considering the nature of the work at hand. If none of the aforementioned criteria apply to you, meaning you're simply a pompous ass and idiot, all I can really say is "good luck in life, and try not to piss off the wrong people." Cheers.

I authenticate the parent post.

Once again, you've proven you have have no understanding of these issues. The GP's reference to downgrade protection refers to mitigation of a MITM's ability to force a protocol downgrade to SSL 3.0 and hence gain the ability to decrypt sensitive data such as session cookies. As I mentioned in an earlier reply, TLS_FALLBACK_SCSV offers mitigation for such protocol downgrade scenarios, although it should be noted that the most desirable means of resolving this entire mess is to disable SSL 3.0 on the server side.

Why are you persisting in posting replies which clearly indicate you're nothing more than a pompous ass and pretender? To help you understand my context, I spend the majority of my time contributing to the efforts of a team that is devoted to securing a varied assortment of information assets for Fortune 50 companies. Do I really need to track you down and dox everything I find to everyone you know? Is that really what you want? Hush up now, it's past your bedtime, junior.

The general idea is that people may run a lower risk getting into trouble if they adopt the practice of shipping raw ingredients, separate components, unfinished works, mostly functional containers lacking only media content or a specific bit of code to be useful, etc instead of a "ready to roll" push-button-go-fast product. To what degree this works out in reality is highly dependent on the the specific statutes governing the independent components and/or completed thing in question.

I'm trying to explain that this isn't a case of a chip on a shoulder. I'm not an exception. Quite to the contrary, the fact that CS graduates are poor fits for most software development roles is the rule.

When it comes to experience, I think the real problem is that people simply aren't okay with the concept of "starting off in the mail room" anymore. Folks in their twenties have this idea that they're going to obtain a piece of paper than will entitle them to a sizable salary straight out the gate from college. Meanwhile, the folks who actually have real talent and passion for the work will have obtained whatever job they could at any number of companies, and within five years will have tripled their salaries by moving to more desired positions after demonstrated their growth and ideas internally.

I can understand a person who has just spent a horrendous amount of money on a piece of paper being keenly interested in immediate relief from that debt, but that isn't reality, although it does appear to be a self-perpetuating problem.

Please name five companies you believe represent a significant challenge in this area. I'll obtain offers from all of them within 30 days.

Absolutely agreed. The key point here is that someone with a serious interest in software development can obtain an entry-level position with entry-level responsibilities, and dedicate the next couple of years to serious self-education while getting paid, instead of paying someone else for a piece of paper that doesn't mean anything in practice.

This results in an employee who has already demonstrated the ability to amass continued education on his own, which is actually the most critical quality of all for a successful career.

I've quoted that specific bit of your reply because it succinctly summarizes the flawed nature of your thought process on this matter. The fact that most GED holders don't attempt careers in software development is irrelevant. However, it is highly relevant that GED holders and/or high school or college graduates with degrees completely unrelated to computer science tend to be better programmers.

This doesn't make any sense in context. I have nothing to prove for myself; I already earn a very good salary and have excellent mobility in several fields. I'm attempting to get people to take a moment to consider whether their established beliefs on the topic at hand have any grounding in reality, because it is my direct experience (and not just for myself, including many others as well) that those beliefs are fundamentally flawed. Degree mills are certainly making a tidy profit convincing people otherwise, though.

I don't disagree with your observations, but in reply I have two of my own: (1) the average GED holder doesn't pursue a career involving substantial software development duties, but a substantial number of gifted developers have GEDs, and (2) I wish more people would make the connection you just nailed. In many cases, software development is much more a creative art than it is an abstract and dry discipline, with the caveat that it by necessity involves a measure of structured thought as well (just as [most] novels follow certain structural principles).

I think I understand the core premise you're trying to convey here, but I must stress the point that in practice people holding a CS degree tend to demonstrate lower actual programming and systems engineering ability than their non-CS peers. This is the real world fallout from the common misconception that computer science graduates are well suited to software development roles. As a rule, they tend to be a poor fit for such jobs.

As for companies "requiring" a BS or BA degree, I've never encountered substantial resistance in this area. Perhaps it's more accurate to say I've made a point of circumventing such barriers without a second thought. Regardless of what any given HR department might stipulate for job requirements, I've found that communicating demonstrable proof of ability to solve relevant problems to a handful of people in any given business tends to result in an interview, and I've rarely gone through more than one interview before being offered a position.

Establishing direct contact with people who will actually evaluate candidates on their technical merits is easier than ever these days owing to the prevalence of social media networks. On a related note, I once knew a human resources recruiter who was aggressively opposed to employees directly reaching out to candidates. That HR recruiter isn't employed anymore.

While in practice nothing is perfect, I'd like to add that your mention of "security hole plugging" conveniently ignores the principle that you don't have to plug holes that don't exist in the first place. Abject failure to recognize this point is probably at least half the reason for information security being in its presently deplorable state. Hint: bolt-on approaches to security are typically no security at all.

Not at all. I have zero regrets in this area, mostly due to the fact that I recognized very early on that a CS degree was largely useless for most roles that entail full-time software development responsibilities. Please don't misunderstand me here: I grew up with a bunch of smart people (including CS majors) who wound up attended schools like Georgia Tech, Emory, MIT, and CalTech. Their ability to contribute in properly aligned positions isn't under dispute here.

Here's what I'm really trying to say: of all the programmers I've worked with, the ones producing the best code in terms of functionality, efficiency, and security have almost universally lacked CS degrees. Interestingly enough, I've worked with some very gifted developers who held bachelor's (and in some cases master's) degrees in fields such as psychology, electrical engineering, physics, pure mathematics, and even English literature. The "odd factor" here has been the pronounced absence of CS degrees among that pool of truly able developers.

I have some very simple advice for young people interesting in pursuing software development as a career. Get any job that pays the bills for now, spend every free waking moment actually writing software in a variety of languages and learning about software written by others, become intimately acquainted with a variety of operating systems and toolchains, and start putting information security first in everything you touch. In less time and at considerably lower expense than you would suffered chasing down a CS degree, and armed instead with a portfolio of practical demonstration of skills, you'll have little difficulty obtaining a decent software development position.