Yeah I don't get this either. I've been looking for a job for like 3-4 years, even an entry-level one, since I graduated college in May of 22 and I still haven't found one. I'm probably doing something wrong (and that's a different discussion), but it's getting harder and harder to know if it's me or the AI applicants or the AI ATS system. And then we have the AI job seekers which are AI-created accounts trying to find employment -- I've already started to see a few of these pop up on Linked In. They were banned, but still, the fact it's happening all is a bit worrying if not predictable.
I... Don't really understand where to draw the line here. I'm not one to write AES implementations or something. But I did write a Noise implementation in C++ [1]. Does that count as "rolling my own crypto", even though I did my best to follow the Noise specification to the letter and used an audited cryptographic implementation? And the only reason I did that is because there wasn't such an implementation for C++. I won't deny that I'm not an expert of cryptography, but I think this article is a bit extreme, at least from my reading. We can't always use "off the shelf" implementations of everything, because maybe one doesn't exist, or one exists but it has no license (there are surprisingly a lot of these on GitHub), or it has a license incompatible with your projects license, and so on and so forth. But hey, what do I know?
[1] https://github.com/ethindp/noise-cpp
I think I interpret the phrase "don't roll your own crypto" as expanding out to something like "don't roll your own crypto unless you're willing and able to prioritize solving any vulnerabilities that people report to you". Someone who is porting a well-regarded cryptography codebase by carefully going through all of the relevant code and matching all of its intentional behavior has a credible claim they're part of the exception.
People who have put in the time to learn the common failure modes of cryptography attempts and how to solve them could make the claim they're in the exception to some degree. Someone who can't imagine how they would begin evaluating a report about something like "ciphertext malleability" shouldn't.
I mean fair enough I suppose? I've always gone with the idea that "don't roll your own crypto" meant not implementing cryptographic building blocks. Which is reasonable and fair. I just take issue with it being something you'd apply to all crypto code.
I don't care if you write crypto code. I never said I cared if you write crypto code. But don't:
1. Deploy your code
2. Publish your code in a package ecosystem
3. Encourage other people to use your code
...unless it's survived the gauntlet of peer review and has a good rationale for existing in the first place.
The reason I proposed an onion model for this discourse is that there isn't a binary switch where "if you do X you are rolling your own crypto but if you do Y you aren't rolling your own crypto". The deeper you slice, the more danger and responsibility you've incurred.
People who think "it's fine to build a custom protocol out of cryptography bricks because I'm not rolling my own bricks" are the highest risk group in software developers. Even moreso because (as tptacek constantly points out) most vulnerabilities occur at the joinery.
Bit of a possibly unpopular take but I very much disagree. The syntax of windbg/cdb is just... Really bad. I feel like I'm writing assembly and the mnemonics don't actually align with what the command does. So it's difficult for me to get confident with it. At least the commands in gdb make sense (and I wish gdb supported windows executables, but alas...)
It wouldn't surprise me if this was a significant under-count. I've been applying for jobs for, what, 3-4 years now, both when I was in Uni and after. I don't even know how many job applications I've submitted but I think I've gotten maybe 10-15 interviews at most? I have of course gotten the typical advice: "Build your network", "Submit a cover letter", blah blah blah, but the first bit is completely useless to me (I don't have the finances to go to conferences for example) and I've tried the second bit and haven't gotten anywhere. I've been told to tailor my resume but... Yeah, I'm not doing that when I'm supposed to be submitting hundreds of applications per day or something. Honestly it's hard to muster up the motivation now to apply for jobs instead of working on open-source projects and (maybe) posting something freelance-ish on fiver or something because at least with open-source projects I'll get somewhere and it's something I enjoy; with job hunting and all the automation at play, and with even more things getting automated, it's a lot harder to answer the question of "why should I even bother" when companies are slashing headcount like crazy and aren't fined heavily by these platforms for posting ghost jobs and wasting my time (or some equally as harsh punishment that makes them actually pay attention). I still apply occasionally, but given how horrible the market is I know my job application count has significantly fallen. I just hope the market turns around and we see some huge crackdowns on all this automation because it's massively disincentivizing applicants (after all, why apply when you can only submit an application every 10-30 seconds while a bunch of people can submit 10000 applications per minute?).
Most of my projects on my GH are me contributing to other OSS projects, or me just experimenting (there are a couple exceptions). One of them is one I've thought about posting about on here, actually, since it's in it's pre-release stage and is quite stable. I've never had my own blog for professional purposes, so talk about new territory for me... Lol
If you're submitting a hundred applications a day, you're doing it wrong. You should get better results aiming for just a few a day, but each tailored. (Though obviously it's just not a great time right now, I'd argue not being bot-fodder and obvious chaff is extra worth it if any human ever does actually look.)
Your the first person who's told me the opposite of the advice that I've been told. It's hard to figure out which advice I should actually consider and what should be thrown out.
I'm honestly unsure how tailoring would change my resume all that much. I'm a new college grad (graduated about 2 years ago, will be 3 in May) so... Shrug. Honestly I'm wondering if I should just keep doing what I'm doing, maybe? Idk nowadays, and I doubt the automation problem is going to go away.
I mean I just don't think spamming applications pays dividends so much as exhibiting alignment with positions you actually have got a match for. That said, if you've never swung a first position post degree it's probably only going to get harder.
Especially now if you don't have real experience or interesting public facing content or code or contributions... I definitely think spamming applications is only going to help if the positions you're hitting have few applications.
I'm obviously low sample size, though. But I've mostly found roles without using my network or applying for more than a few places a day for a few weeks. But right out of college the two things that saved me were applying for positions that more experienced folks would have seen red flags (got me in the door of the field) and having experience in pertinent stuff during college.
Location: Minot, ND, US
Remote: Yes
Willing to relocate: No
Technologies: Ada, C, C++, .NET (all languages other than F#), Golang, Java, Javascript, Python, Rust
Résumé/CV: Available on request
Email: ethindp@pm.me
Hi HN, I'm a recent computer science graduate looking to become a software engineer. I unfortunately don't have much professional experience, other than my Google Summer of Code intern with TianoCore, where I worked on the EFI Development Kit, A.K.A. EDK II. However, I feel that I make up for that with my eagerness to learn new programming languages, technologies, and tech stacks, and my strong work ethic. During my time as a student at university I wrote a compiler, a basic operating system, and contributed to several low-level hardware crates in Rust for embedded software engineers. I also wrote an add-on for a screen reader, and before that I assisted a developer in making a GTA mod accessible to individuals with disabilities.
Fresh college graduate with a BS in computer science. Participated in GSoC working for EDK II/TianoCore last year implementing a prototype for an audio output protocol for individuals with disabilities. Also wrote a pascal compiler as an educational requirement in College. Can't wait to see what's out there!
reply