erhardm's comments

You're supposed to check the signature with the key you got "out of band". That means good security practice. Even if you get the key from a SSL/TLS enabled site, you can't guarantee it's the right one, CAs can be compromised. The checksum is to let you check if the download is corrupted and the signature is to check against the key you already have. Other forms of checking are just false sense of security.

Thank you for your feedback!

version 2.0:

https://www.wetransfer.com/downloads/67bb311d67f76dcd74318b7...

1. Added your suggestion. Not sure if the format(can only write capital letters because it's a subtitle) is the right one.

2. Considered mataniko's suggestion and removed "side projects" part from the header.

I listed projects that I've done(they are mostly university assignments with the extra mile). I have limited experience with HTML, had to do an assignment involving PHP and I'm really ashamed of the result. It will do more wrong than good.

All the listed projects have a private repository on Bitbucket. Currently I'm not comfortable making them public, but after my finals I will take some time polishing them for publishing.

I'm not sure if I worded correctly the descriptions of the projects(particularly "build with Ant...etc...managed with Git" part). I want to show that even if I developed them alone, I am rigorous using source code management and automated build software/systems(even if nobody asked me to). I'm not sure if I achieved this purpose.

I swapped "Technologies" part with "Familiar with". I'm not sure if it's the right thing. I'm not particular interested in getting a internship only in Java or C. I would like to broaden my options. I like Python, ASM, VHDL, Common Lisp, Prolog and others even if I've only done trivial things in them. I'm more like "the right tool for the job" guy, but also at the right time(i.e. I avoid PHP as much as possible because it breeds a wrong way of doing things and I'm too inexperienced to avoid common mistakes - later, having more experience maybe I'll reconsider my choice).

Could you suggest a way of finding the companies that appreciate the spirit of learning new things, considers applicants even if they don't have enough experience yet?

3. Dropped everything below university(details in 4.). Added expected graduation year. I don't know if describing what I'm learning here adds any value(also that would take more space and it will pass the 1 page suggestion from mataniko). Fairly standard - Algorithms, Data structures, OOP, Operating systems, functional programming, image processing, system theory, hardware/logical design, embedded systems(mips,avr), Computer architecture, etc...

4. My mother tongue is German, but I'm born and live in Romania. Previously listed education has shown that I studied at a German school. Now studying in English and most of my relatives living in Germany and not speaking daily anymore, my German is a little rusty, so I changed it to "fluent"(managing expectations). I added Romanian though being a Romanian citizen is self-explanatory.

4'. Removed professional skills.

5. Removed others.

6. Removed references.

You may notice I didn't took every single suggestion into consideration and I hope I didn't insulted you having done that. My apologies if it may seem ungrateful. I really appreciate taking your time writing your suggestions down. Maybe I'm wrong and need more persuading:)

Thank you for your feedback!

Please check the updated version 2, linked in my response to S4M's comment.

Even if I didn't knew from the beginning that someone will steal a laptop from the coffee shop, the moment I saw the MacBook left alone I probably was thinking "I hope you have it locked, or it will get stolen...someday".

OT:If you look in her wallet when she was paying, you can see that she's a little cash-strapped.

I would like to take part of such kind of interview, not necessarily to take the job, but to experience an honest and objective evaluation from an experienced developer. Being a student and not actively looking for a job it's hard for me to self evaluate. Hitting roadblocks I don't know if the problem is genuinely hard to solve or I just bit more than I could chew

I definitely agree. I choose to study CS in English because of this. CS is made to be taught in English. I have a friend who was struggling in English and when she applied for a job the interviewer didn't even asked how her English was, all the interviewer questions were in English.

If you use public-key it only shows the ip. I don't know if you use password, 2-factor auth or Kerberos it shows any additional information.

I would guess that if you enable debugging it will show some identifiable information, I never had to debug it.

I still think that it's a good idea to change the default port for sshd, even if you don't let root to login and use public key auth and fail2ban. Why? Because this "obscurity" helps keeping false possitives to a reasonable low number, so you can actually see if there's a tageted attack or not.

If I see a auth failure "root"-"123456" I instantly know that's not a targeted attack, it will unnecessary fill my log files that will add with time and become a burden to audit my systems, which at some point I either don't do it thoroughly or any at all.

SELinux takes care of controling which application could open outbound ports, so if your box is properly configured, there are other ways to reduce the impact if the box is exploited

I, personally, like that HN is talking more about politics. We have to build our technology with politics in mind. Accompany technology with good politics(in the meaning of ethics and society and communities) and use(where's possible) technology to route around bad politics.

To be fair, he said he's not a hardware guy. But he also is right, FinFet transistors are better for power consumption and that's really important in mobile devices

I assume he also implies that fingerprints aren't any safer

I don't feel safe at all. The same way goverments could ask Microsoft to have a builtin backdoor for Windows, they could ask for a signed rootkit.

It's also because mostly germans value quality over quantity. They don't demand very high margins. They demand very high quality which ultimately brings high margins. Mostly their targets are about quality, not throughput.

“Ich zahle keine gute Löhne, weil ich viel Geld habe, sondern ich habe viel Geld, weil ich gute Löhne zahle.” - Robert Bosch

English version: I don't pay big salaries because I have lots of money, I have lots of money because I pay big salaries.

If you treat your employees well, they will do good things to your company

I would recommend first reading the nsa best practices guide for RHEL servers. It's a good starting point in securing a Linux machine.