To be honest not really. For mid career pivots, your work on your resume counts more than a degree. You'd see more success transitioning organically by helping out with simple technical projects on the team and filling knowledge gaps with YouTube. Formal courses fill you with information that gets forgotten without practical application.
PMs with engineering knowledge are actually very valuable. I love cross-functional team members, since they always provide new perspectives. So I wouldn't call it a pivot either, more like a career boost. You'd need to have a supportive engineering team who'd be willing to let you get your hands dirty though, that'd be your bigger challenge.
I went through a similar change from PM(-T in my case) to SDE, and I can +1 the parent. The best way to make a mid career change is to find a job where the old and new role can overlap, which I how I did it as well. If you're currently working as a PM, try to get an engineering role for the same product. The engineering part will be new, but you will be able to leverage your domain expertise.
I will caution you that SDE is a job family that requires a ton of practitioner experience, especially at the higher job levels (and you likely don't want to transition to a lower level). The only way I was able to make this change was because I have a relevant college degree and because I started out my career as an SDE and always kept up to date. And even with that, it took me 2.5 years to make the job change official.
Still, don't let that caution scare you, if you really want the change and you want it for the right reasons. SDE is probably the easiest of the STEM disciplines to get into without a format education in the field.
And finally, another big +1 on the parent's comment about PM-T with technical experience being super valuable.
This requires the attacker to steal your key. When that happens, by the time they can get the secret key I've already revoked it.
The biggest problem with FIDO keys isn't the fact that people can gain access to your accounts if it's physically stolen.
I have redundant keys for backup access. But I have no idea which accounts I used the lost key for, in order to log into them one by one to revoke the key.
How does everyone here keep track? A post-it note in the cookie jar?
>This requires the attacker to steal your key. When that happens, by the time they can get the secret key I've already revoked it.
You're held in custody, detained, arrested, etc while your keys are dumped and accounts are accessed. You don't have the opportunity to revoke it without risking prison time.
This situation can happen if you simply choose to fly or visit another country.
That’s a different situation outside of most people’s reasonable threat model. The police don’t need to clone your Yubikey if they can use it as much as they want, and if they decide to go NYPD on you nothing else you do is going to end in a different outcome unless your MFA check is an in-person confirmation in a location outside of their control.
Though in this scenario, your adversary doesn't need to resort to a technical attack to clone your key. They can compel you to comply, and keep you locked up until you do.
They can, but assuming the law is actually being followed, you can only be held for so long without charges, and can be compelled to provide so much testimony.
Being able to quickly clone keys gives any LEO an opportunity to access your digital life as part of a simple stop versus a full criminal case.
In the UK, s 49 of the Regulatory and Investigatory Powers Act 2000 provides for 2-5 years' imprisonment if you were to fail to do so, depending on the nature of the offence under investigation.
In Australia, s 3LA of the Crimes Act 1914 (Cth) imposes a similar obligation with a penalty of 5 or 10 years' imprisonment.
If you find yourself in this position in Russia or China, they would just make you disappear for as long as they saw fit.
That's not the only possible attack here: FIDO direct attestation requires a key to be shared among either none or at least 100 000 devices (for privacy reasons):
> If the authenticator puts the exact identical attestation key into a group of Authenticators (e.g., group of devices, phones, security keys...) so that the attestation key doesn't become a Correlation Handle, then each group of Authenticators MUST be at least 100,000 in number. If less than 100,000 Authenticators are made, then they MUST all have the same attestation key.
Yubico, to my knowledge, has chosen the latter route; this means that compromising a single Yubikey's attestation key compromises at least 100k others immediately
The article notes "The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key." (emphasis added)
however, i have to admit that i sort of ensnared myself in my own noose here by being too clever! i forgot that grep's regexp dialect only supports + if you \ it, and it took me six tries to figure out why i wasn't getting any grep hits. there's a lot to be said for the predictability and consistency of pcre!
Single letter variables in Golang are to be used in small, local contexts. Akin to the throwaway i var in for loops. You only grep the struct methods, the same way no one greps 'this' or 'self'.
The code bases you've been reading, and even some of the native libraries, don't do it properly. Probably due to legacy reasons that wouldn't pass readability approvals nowadays.
Imagine having a book that was written centuries ago that's considered one of the four pillars of great Chinese novel classics.
Have that book be arguably the most popular of the four. (Debatable with 3 Kingdoms)
The story is told to children since they're young.
During a time where the story was adapted into plenty of derivatives like Dragon Ball, one TV show stood out. Every single Chinese, and Southeast Asian kid has watched it growing up. It was THE weekend TV to wait for. The theme songs are extremely catchy. The TV show is put on reruns every once in a while. Entire nations have watched it.
Then China, who arguably never had a AAA game title this widely marketed before, writes a sequel loosely based on the original novel and lined the game full of homages and music remixes from the TV show.
Western audiences can review however they want, any person who can hear this song in their head "dun dun dudun dun dun dududuuuun pewpewpew pewpewpew" is going to love it even if it's only mildly playable, let alone being actually fun to play.
And have you seen the animations?
If power rangers were a centuries old story, with statues, temples and mythos around them, and it's the first ever AAA game from the US to be published. The moment you hear "Go Go Power Rangers" you're buying the game.
I thought the big problem was that most Chinese gamers were biased to mobile multiplayer games, or at least 2D isomorphic games that could be played on tablets. Those games are already pretty famous outside of China at least, this is the first time I’m seeing a 3D game take center stage instead.
There are so many versions of the monkey king that I lose track. Like the one that was reincarnated in the modern world as a handsome brother for some reason (late 90s?), then there was a movie with Jackie Chan and Jet Li in it 15 years ago. It made 53 million in the USA at least, which was more than it made in the mainland.
They were biased to mobile games because it's the most lucrative, and so game studios index on that. If you go further back, there were wildly popular CRPGs that just weren't very widely marketed outside of China. They were AAA grade of that era, but never officially translated nor marketed.
Jinyong Heroes, Calamity of Heaven and Earth, Heroes of the Celestial Sword were all popular CRPGs within China on the level of Final Fantasy, but were merely cult classics outside the country. None of them were homages, and didn't have this ethnic level of cultural influence.
They were (are?) widely regarded and almost always based on costume dramas, which are very Chinese in cultural influence. It will be interesting to see how this wukong plays out and if it sets a new gaming direction for the mainland.
Boq/PoD merely standardizes production deployments. You can choose to not do it, and end up having to redo everything yourself. The vast majority of all services uses it perfectly fine.
Unified rollouts, unified versioning, universal dashboards, security compliance, standardized quota management, standard alert configs. It's opinionated, but I can drop into any team and hit the ground running. I don't want to learn your custom dashboards doing the exact same thing with different names.
The issue with PoD is that it's a great concept and implementation that's tight on resources, and doesn't have much of a plan to expand beyond its current paradigm. The P2020 team deserves way more recognition for all the work they have done.
Along the same grain, Google, the search powerhouse, releases Google Authenticator with no search bar in the Android version. And continues to wilfully not include one despite multiple feature requests.
Yet there's a search bar in the iOS version. Just why?
I'm willing to bet that in that gigantic Piper repo, there's already a local search library that they could just drop in in a single CL. But that's not LLM.
When I bought a new phone and moved all my stuff over from a backup of my original phone, apparently the Google Authenticator doesn’t back something up.
When I launched GA all of my 2FA data was gone.
Thankfully I had my backup codes. And I could also still use the old one on the old phone. But the nightmare potential is quite high.
Aegis [1] seems to be a great alternative, at least on Android. Besides a search bar, it allows you to backup or export all your entries in an ecrypted vault. You can also include them in the Android cloud backups.
An alternative in sitautions where OTP-only is allowed. E.g. I work as a freelance contractor and every single customer requires MFA with GPS tracking. Some also require accessing Bluetooth on the phone.
For a long time GA had no method to back up or extract the data. It also excluded itself from ADB backups. One had to root their phone to extract the data.
Google authenticator is absolutely horrible. Until recently there was just no way to back it up, at all. If you were getting rid of your phone, well, tough shit.
You just need to export it using QR codes. My keys were paginated into 11 QR codes when transferring devices.
They now have cloud sync, which I don't really think is a good idea. But it solves your problem of migrating devices. However I've already moved on to Aegis, because I'm done fling scrolling through my Mahabharata of TOTPs to find the correct account.
> apparently the Google Authenticator doesn’t back something up.
This is widely known and IMO a very good argument to use a different TOTP/2FA app than Google Authenticator. There's plenty out.
Personally I use Bitwarden pro, which lets you add TOTP keys directly to the account you're using it for, integrating it into the login-process. Very smooth.
Yes, I was shocked by this too moving phones many years ago. I’m surprised things haven’t improved. I switched to 1Password for this reason; it backs up the 2FA seeds, and I only use it for storing the 2FA seeds, and when I need to use it, I copy-paste the numbers, and I don’t use it for passwords, retaining most of the 2FA factor separation. Switching phones worked (after entering my login, pw, and long master key in the new 1P install).
(My passwords are copy pasted from somewhere else, so admittedly not 2 different factors, but at least 2 independent ones.)
So in short, even though I probably use 1% of the 1P functionality, I can recommend 1P for replacing GA.
Nice, thanks for sharing. I've been looking for an alternative to CDPush (Google's internal version controlled config push).
Unaudited, untracked web UI based feature flagging has been my peeve with the other solutions. I'm surprised all the feature flagging solutions out there don't have this as a default. The next step would be to use an artifact versioning repository to decouple from S3.
PMs with engineering knowledge are actually very valuable. I love cross-functional team members, since they always provide new perspectives. So I wouldn't call it a pivot either, more like a career boost. You'd need to have a supportive engineering team who'd be willing to let you get your hands dirty though, that'd be your bigger challenge.
reply