Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Few Qualified Candidates (Score 1) 809

What happened to all the /. posts about how there is an excess of qualified U.S. candidates and companies asking to raise the H1-B cap are just trying to pay people less?

Anyway, OP's problem is one I think is very common when you're actually looking for someone really good. Even if crypto or security is not the primary job, a senior architect/developer/designer will be able to do a much better job knowing about crypto and security for the same reasons such a person would do a much better job knowing about multi-threading or cache behaviors. Knowledge and skill in those areas will ensure the design and code starts out in a better state than otherwise. In today's increasingly security-conscious world even the most basic of applications and devices need team and project leads to consider security as a fundamental aspect of development.

A lot of answers to this post are basically stating security considerations are not important to the job or the questions are too specific. I disagree with that. (Although I do think it would be OK for people to make a few mistakes around details in an interview as long as they demonstrated proper understanding.)

Maybe a candidate does know how to set up a web site to use HTTPS instead of HTTP. Does that same candidate know why certain cipher suites should not be used? And that really only secures the public network communication. What ensures user passwords are not easily accessed while in use and not just while at rest? How do you protect sensitive keys, symmetric or private, like the one used to encrypt user data?

If you're putting together something super simple and turnkey like a personal blog then maybe you can get by just following examples you read online. But if you're actually developing a new application or device then your solutions will need to be customized to your needs and capabilities. And that's not something you can copy/paste out of a Google search.

Comment Re:HTTPS is not flawed (Score 2) 185

I had tried using GnuTLS for a while in one of my builds (with libcurl, I think), but found it didn't always work right while OpenSSL did. I'm not sure if that is because I had to do something different with GnuTLS, but it just wasn't happy as a drop-in replacement.

Anyway, I don't think "trust should be earned" works. If you visit a banking or shopping web site, in what way are they supposed to earn your trust before you do business with that web site? I can't think of a particularly good way (scalable, understandable, and convenient) other than the "I trust X and X trusts Y so I can trust Y" approach we are using today.

Comment Re:It's more like a stunt to me (Score 1) 229

Let's say one of your unionized coworkers came up with and lead the implementation of an idea that would save your company $5M or increase revenues by 10% over the next year. What would their expected reward be? If a different company saw that result (or potential) in that same coworker, what might they be willing to extend in terms of a job offer to that person?

You're kidding right? I used to work for a huge hardware/software company back in the day. My "real job" was to work on the OS, but I was also sent all over the world to "save" $50-150 million dollar sales on multiple occasions. I busted my ass and did some pretty damn good work - if I say so myself. Know what I got? $500, a plaque and a pat on the back for going above and beyond. I also got to keep my job and got a minor promotion. Which is exactly what would happen to the union guy - he'd get a few hundred bucks, and a bump to his pay grade (aka, a promotion.)

That was my point. I didn't say that this unionized employee who saved the company $5M or increased revenue 10% got rewarded. My expectation is that he wouldn't, precisely because his compensation (i.e. reward) is constrained by a preset formula. Which is great for treating everyone equally, but people are not all equal. A competitor that recognizes this would come in and grab that exceptional unionized employee in a heartbeat, and reward exceptional work appropriately.

IMO, Buffer is not going to attract any amazing talent. Just okay talent. Unless they have some other sort of bonus equity policy in place to reward exceptional contributions.

Anyway, I hope you left that job and went somewhere better that would recognize and reward your abilities.

Comment Re:It's more like a stunt to me (Score 1) 229

Let's say one of your unionized coworkers came up with and lead the implementation of an idea that would save your company $5M or increase revenues by 10% over the next year. What would their expected reward be? If a different company saw that result (or potential) in that same coworker, what might they be willing to extend in terms of a job offer to that person?

If you are at a job and had one of those ideas, do you know what your reward would be? I'll give you a hint. It isn't monetary (unless the company had a written policy before-hand, and almost none do). So unions don't make a difference in whether a single exceptional worker is paid for their exceptional work. Those types of bonuses are reserved for management only, so at best, your idea could make your department head some cash.

That was my point. When compensation is tied to a specific formula (be it a union-designed formula or just one the company came up with) you will run into trouble when it makes sense to reward exceptions. All people are not equal, nor do people or their ideas all fit into nice little compensation buckets. In such an event, the people with equity or who are not constrained by those buckets are the only ones who can benefit.

Instead, that exceptional employee is probably best off taking a competitor's job offer because that competitor is willing to recognize and reward being exceptional.

Comment Re:Contribution? (Score 1) 229

Personally I'm of a suspicious mind and always wondering if I'm being underpaid because I'm not good enough at making my achievements visible, make demands or negotiate well enough. A visible system like this has a certain appeal, you at least know you're not being paid less than your coworkers.

There are ways you can figure that out without having to know your coworkers' salaries. For example you could interview at other places or read salary data online. If a company is afraid of losing you, they'll do what they can to keep you. If you're worth more than your current employer will acknowledge, then changing jobs would be a good idea. This tends to be why the average tech job these days is a few years instead of a lifetime like it used to be--employees started embracing the free market. If it turns out you're not actually worth as much as you think you are, the free market will end up letting you know (most likely) although learning that might be a tough lesson.

Comment Re:No respect for employee privacy (Score 3) 229

I don't care what others get paid, it is up to me to negociate a salary with my employer.

So you're perfectly happy to go into negotiations at a disadvantage, knowing that the employer has relevant information that you don't have?

You can get information your employer doesn't have, such as what other companies are willing to offer you to jump ship and work for them. You can also do research online to see what salary surveys have to say. And finally, if you're willing to, you can also pay for the knowledge of payroll information by geo, title, responsibilities, etc.

Comparing yourself to your coworkers can be difficult, for the very reason that you're not as likely to know what they're doing or how well they're doing their jobs as well as your employer (i.e. managers) knows.

Of course, you can also talk to your coworkers to share information. Such as what reasons were given for such and such during salary reviews. Without getting into hard numbers.

Comment Re:It's more like a stunt to me (Score 1) 229

There is no way to run an organization with 100% transparency - people will start comparing each others' workload (and/or contribution) with the salary figure.

And that is bad because...?

The art of managing is an ART and it's a very delicate task.

And if you don't believe that, just ask a manager. His work is an ART and it's very delicate and that's why he's entitled to 500 times the salary of someone who works for a living.

It's bad for exactly the example you gave (and seem to embody). Everyone thinks they work harder and better than they really do, and doesn't really know what other people do or thinks that other people's work is easy or worth less. It happens between couples at home (e.g. housework) who are in love with each other and spend a ton of time together and know each other very well. Of course it's going to happen in the work place.

Unless a person's work is only measured in the number of non-defective widgets made per hour, human nature gets in the way. (Plus, the quality of a lot of non-robot work is a subjective measurement.)

Comment Re:It's more like a stunt to me (Score 1) 229

I work in a unionized environment. All wages are in contractual 'bands'...we all know each other's pay if we bother to look up a job classification and leaf through to the most recent contract's appendix.

We all seem to continue working without being at each other's throats.

I'm sure that's true. But do any of the unionized employees produce or create at a much higher level of quality or quantity than others? Most businesses desire that, and humans tend to desire recognition of some sort. A shout-out is good enough for some, but if any employee realizes that they could be earning twice as much and/or receiving much more tangible recognition continuing to do what they love only for a different company, many will do so.

Let's say one of your unionized coworkers came up with and lead the implementation of an idea that would save your company $5M or increase revenues by 10% over the next year. What would their expected reward be? If a different company saw that result (or potential) in that same coworker, what might they be willing to extend in terms of a job offer to that person?

By similar argument, it would make sense for Apple, Google, Facebook, etc. to pay employees along shared bands (why limit it to within a single company?). But that's actually illegal. Tech companies that do pay that way (e.g. IBM) are not attracting the top talent these days.

Comment Re:My experience with Surface (Score 1) 135

The Xbox 360 red ring of death (RRoD) fiasco had a very high failure rate (relatively speaking) at a very high cost to Microsoft ($1B USD) and they originally denied any manufacturing/design flaw. The 3 year replacement program was only established about 1.5 years after release, when they finally acknowledged the problem.

You are perhaps an unlucky outlier of hardware failures (perhaps you should be checking your gaming environment) but attempting to paint the Xbox 360 failure rate as comparable to the failure rate of other consoles is ignorance, and Microsoft's "better" service of those failures is a direct result of the high failure rate coupled with a massive PR hit.

Comment Re:Because Science Debate is AWESOME. That's Why. (Score 1) 375

I have one issue that I vote on, and that's science. It's the only issue I understand well enough to evaluate the candidates on. If they know their science or have advisors that understand science, then I will trust them with most everything else.

That's a pretty ignorant extension of trust, in my opinion. (Which you've qualified with 'most'.) But I am pretty sure you understand some other issues well enough to evaluate candidates such as their positions on abortion, terrorism, same-sex marriage, etc.

In addition to social issues, hard science doesn't cover economic issues very easily. I don't think it is responsible at all to ignore issues just because you can't fully understand them. You should make an effort to understand. A President who throws a bunch of money at NASA and the NSF but can't figure out the economic feasibility of health care reform or conversely believes the death penalty should be applied to all felonies because it makes economic sense isn't going to be so great.

Comment Re:What if... (Score 1) 136

I no longer consider any manager to be 'professional' if they get so dogmatic and process obsessed that they underline the word 'must' before asserting the need for a given practice or methodology.

Well, your opinion would be in direct opposition to the processes employed by NASA to reach insanely high code quality. I found an article from 1996: The Write the Right Stuff. Although they do agree creativity is stifled, it does indeed result in better software.

And I, as a professional programmer, think there are certain _must_ practices. If you fail to do these things, you aren't doing a good job and you aren't acting as a professional (e.g. documentation, source code management, testing). For small trival activities these aren't necessary any more than a builder needs a blueprint or safety specifications for a dog house. But if you're building an office building you better include the necessary processes and cut out the "creativity" that might kill someone.

I do think there are two pressures that negate acceptance of the sort of process that NASA uses to produce such great software. The first is that it can be boring. Most people do not like their jobs to be boring, even if told that it's important. Other industries have regulations that require engineers to do boring work. Software developers are not subject to any such requirement unless the company mandates it (e.g. ISO9001). The second is that, unlike NASA, most software companies are competing for customers at a cost of time and money. And customers generally accept "good enough" software as long as it is cheap and available. Cutting corners to meet those demands is an obvious result, just like teachers cut corners to meet test requirements or banks cut corners to meet earnings expectations.

So I expect your opinion, produced from the varied experience in the tech sector you cited, is that the process gets in the way of you shipping and generating a profit. That's a valid argument. It is also valid to argue that many agile processes will not produce better software, when employed by some people. However I do not agree that a manager is unprofessional to mandate a process and fire employees who do not comply.

Slashdot Top Deals

Whom the gods would destroy, they first teach BASIC.