I am currently a Computer Science student in university who really loves Linux and FOSS software, hates it when governments and corporations spy on people, and would probably rather have a job that brings meaning and benefits society than one that has a high paycheck (although I do recognize that I also need to have enough money for food, housing, .etc). I also watch Scammer Payback and Jim Browning and I love what they’re doing, but I don’t know if I could turn that into a real job.
I’ve thought of doing pen testing (later on in my career), but I’ve come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything. Although for something like banks, I’d maybe be ok working there, as everybody still needs them and they’re not going away any time soon.
I also need something that I could get into fresh out of university or even as an internship or co-op.
Am I being too pessimistic? What would you suggest me to do? Feel free to challenge my views on life.
Ideals largely vaporize when you have bills to pay and you are facing homelessness.
Your best bet is start talking to local job recruiters, ask them what tech stacks and certs are in high demand, and go learn that stack and get those certs and take whatever job will pay you.
Once your bills are getting paid you probably will have time/energy to work on personal projects.
The vast majority of work is closed source proprietary stuff.
In fact to be more specific, the vast majority is mind numbing “thing” management CRUD applications.
Inventory management, people management, accounting, etc etc.
“We wanna make an app for managing (things)” is gonna be your life for awhile.
It’s also heavily a lot of “we had this (thing) management app made by someone 12 years ago. It’s now barely functional, riddled with bugs, has huge security holes, and has tens of thousands of users every day on it. We want you to add new features to it and not fix any of the existing massive issues at all. We have no idea how it works, it has zero documentation, we don’t even know where it is hosted atm, and you will count yourself lucky of you even get the git history”
You heavily want to focus your skills first and foremost on how to read other people’s code. How to interpret wtf this zero documented function does and how it works.
That’s your #1 skill.
Real talk, you don’t have the luxury of being an idealist right out of university. Your goal is to get a job. When you’re in that job you will likely not have the luxury of being an idealist either.
When you have enough experience making practical, reasoned decisions, then you can stand on principals.
For context, I have been in this business for nearly 20 years. The people I have personally worked with who have resisted things on philosophical grounds ALWAYS get left behind. I’ve seen it with systemd, the cloud, and now I’m seeing it again with kubernetes. You cannot escape the collective inertia of an entire industry.
Obviously there are still thresholds… I would never work for someone like Raytheon. You have to draw lines somewhere but saying you aren’t going to work for a company that does user behavior tracking is short sighted and impractical.
Curious. Are you seeing those resisting k8s provide an alternative option for large scale orchestration of containers?
Most resistance I have seen mostly comes down to a misunderstanding in the benefits that kubernetes offers. The assumption is that kube is used for autoscaling and that, if the inbound traffic is predictable then the added complexity is unnecessary. When that happens the “kube isn’t right for all situations” turns into “kube isn’t right for any situation” whether the person in question would ever admit that or not…
All of this ignores the MASSIVE reliability enhancement kube delivers and the huge amount of effort currently going into modern tool development surrounding the kube ecosystem.
I figured it was something like that. I don’t think anybody in the industry believes kubernetes is even close to a great solution (it is a good one, just not great), but it’s mature enough that it solves most business needs well and there aren’t any good alternatives that I’ve seen.
I honestly love it. Of course it’s not perfect but I don’t ever want to go back to the old way if I can avoid it.
I’m past kubernetes now haha Using DAPR and loving it. Letting azure manage the containers.
I spent 20 years working for my local newspaper. It was a ton of fun and I constantly got to do new things. I did everything from making a palm pilot game to accompany our coverage of the Sydney Olympics, to an Apache module for a custom cms to iPhone and Android apps.
Now I can’t say that working for a news company is a good idea in 2023, but the point is there’s probably a company local to you that needs a wide variety of programming and isn’t a “tech giant”.
Hey high five, also a local newspaper guy! I bumbled into it maybe 7 years ago. It doesn’t pay well (it’s pretty rural) but it totally aligns with my principles. It’s rough in the newspaper industry these days but it’s also an interesting challenge. Your competition is basically Facebook and Google.
I totally agree though. Certain small businesses are happy to have a skilled programmer. My boss gives me a lot of leeway to follow my principals when it comes to user privacy and stuff.
Unfortunately for those who have those values, not all paid positions involve acting on those values.
Random brain dump incoming…
Most businesses pay money to solve problems so they can make more money. You can solve their problems - but not in the way that you may be thinking.
This is a generalisation that is not strictly true, but I say it to illustrate a different way of thinking: Businesses do not undertake penetration testing because they want more secure software. They do pentesting so they can stay in business in the face of compliance and bad actors.
To find a job, you want to start learning what people pay for. People pay contractors to come in and fix things, then leave again (politically easier, sometimes cheaper). People pay sotfware developers to develop features (to sell more stuff).
Start looking up job titles and see which ones interest you (DevOps, frontend dev, backend dev, embedded…). Don’t get too stuck on the titles themselves. It’s just to narrow down what kinds of business problems you find interesting.
Other random questions:
- What specific projects are you interested in?
- What types of problems do you like solving?
- Do you like digging in and finding those tricky bugs that have been bothering people for years?
- Do you like trying out new frameworks which let you think about the system differently?
- Would you rather implement a database or GUI toolbox?
Once you’re deep in the belly of the beast, you’ll find ways to exercise those values. It’s hard to know in advance what this will look like.
deleted by creator
I’ve thought of doing pen testing (later on in my career), but I’ve come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything.
Your idea of pentesting is so far from what it looks like in reality that it’s probably not a path for you, at least not now. Let me explain: how am I going to protect my banking app using Signal? How will I know if our JSON unmarshalling library used by transaction service isn’t vulnerable or exploitable? What FOSS software shows me live dashboards of deployed software in container and their security risk?
everybody still needs them and they’re not going away any time soon.
Bank is a civilization old concept, it has always been here and will be. Banks are so durable, they will run after our civilization ends.
You won’t be stuck. You can always reevaluate and change employer later too.
You can’t know many things, like work environment, leadership style, beforehand. After assessment before and during interviews, you’ll have to get and and see.
Given that you seem to weigh meaning and impact quite high, I suggest
- check for jobs for Non-profits and rights/citizen protection government orgs
- check companies and industries you’re interested in
- consider smaller companies where you have an impact, and where you have or serve a product
You can get an idea of roles and availability from job offers/seekings.
Consider practicality; setting for a reasonable job first, and then taking the time outside of it to seek opportunities, alternatives, or contribute.
My cousin got a job working on FOSS for 5 years out of college. His secret? Work 40+ hours a week literally for free, crash on people’s couches, and get his girlfriend to feed him. He eventually got a real job because that’s obviously totally unsustainable.
Unless you have a sugar daddy/momma or a trust fund, you need an actual job. Some companies make good use of FOSS and give back to the community. But I’d suggest settling for any job to get an income and experience while you figure out what companies you actually want to work for.
North Dakota
I would recommend finding a company with a solid internship program and use the internship program to get your foot in the door and get hired. Companies like Cloudflare, VMWare or other with a security interest have strong internship programs.
Point is, using internships is arguably easier to get in. Many college students, myself included, used internships just to get any experience. But what you really want to strive for is interning where you want to work and kicking butt.