stuffaandthings's comments

Do a lot of practice problems. There are plenty in the book "Cracking the Coding Interview" Use the tools you'll be expected to use for an interview with one of the top 4 companies (i.e. internet text pad, pen and paper, whiteboard) Do several problems every day and you'll be ready in a few months. Make it your 9-5 and you can be ready in a few weeks.

It's all about practice! Good luck!

Also, if you can get in touch with a recruiter at those companies, they'll give you tons of helpful tips (mostly just how to practice and what to practice)

UBI would cause hyper inflation if it came from 'new' money. As in, if the fed just started printing out 5k/mo/person. Most theoretical implementations of UBI suggest the money coming from taxes (taken from larger corporations) or from a reduction of funding in another area (military)

Start investing $5k/mo while keeping my day job.

Just wanna add that we used C0 for a subset of the class, and most of the students jump into a more rigorous course which involves actually implementing malloc.

I agree with you that learning the ins and outs of memory is super important, but the methodology of this course doesn't imply the lack of teaching memory management

I don't think so: https://www.archlinux.org/packages/community/x86_64/docker/

might just be a Fedora thing

yup

EB interface is affected too

To answer your first question, the data is hosted on devices part of the distributed network.

For example, if you have a static webpage it may either be present on every node in the network (so anyone else accessing your webpage would only be making a local request to their copy of the data) OR the webpage would be split up into many pieces distributed amongst all the nodes, so say your webpage is split into n chunks you fetch each chunk from Node_1 ... Node_n and use some algorithm to stitch it back together.

These are obviously over simplifications, but you should take a look at how Gnunet, Freenet, and Zergnet(?) and how they approach the distributed web. Also, looking at p2p networks might give you an idea of how this works as well.

Ansible, because I like having an agentless configuration management tool. In my experience, Ansible also seems the most readable (obviously subjective). I've used Puppet, and Chef but only through AWS OpsWorks.

That said, I've been playing around with Kubernetes lately and trying to move a lot of our infrastructure onto Kubernetes. The use of Dockerfiles kind of nullifies the need for a full fledged configuration management tool for me and I've been relying on bash scripts and distributed kv stores to manage state and environment variables (using 12 factor approach and managing environment variables with consul and secrets with vault)

So, take this with a grain of salt because I do not actually work in the security industry.

My understanding of security researchers is limited to an academic setting. Many PhD students, masters students, professors, etc at my school were technically security researchers. Usually this consists of a lot of theoretical exploration. Check out this paper, I think it's pretty accurate to what a security researcher does: https://www.tau.ac.il/~tromer/acoustic/ So that's the academic side. Companies like Google, Microsoft, Red Hat, etc. will also hire Security Researchers where your job is a bit more open ended and focused on outside-the-box work (finding new vulnerabilities, testing software, maybe some offensive security work).

Please correct me if I'm wrong, but my understanding of a netsec person is someone who's job is to implement and maintain secure systems. While this can definitely involve experimentation, it seems like more of a defensive approach to security. A job description might say things like: "Protect critical systems from attacks", "incident response", "disaster recovery".

I think a Security Engineer is much closer to a Security Researcher, but in a more 'applied' way... for example, as a security engineer at Dropbox your job might be to actually implement (write code for) cryptographic communication between the client and server. So, to me, a Security Engineer is much closer to a software engineer. Whereas a Security Researcher is much closer to an academic.

I hope this helps clarify things. There are other great responses on this thread.

Also, I completely understand public sector not being a good fit.

You're absolutely right, but people are willing to consider CTF work as experience. If you can go into depth how you solved a problem, no one will question your conceptual understanding.

I think it's definitely easier if your interviewer actually knows what security ctf's are.

I don't know enough to have a well formed opinion. I don'y know any contractors personally, and haven't read up on it much. Sorry!

The best advice I can give you is to join a Security CTF team (your college may or may not have one, but there are others that are open to all).

Internships and jobs will open up from being part of a CTF group. It's also A LOT of fun* (*opinion).

netsec might not necessarily be what you're looking for. A position as a Security Researcher is probably what you most fit into... finding the right recruiter can also help you out a lot.

Another (and honestly, easier to get into) security industry is the public sector. Intelligence agencies, military intelligence branches, etc. They'll hire you based on personality and potential, and will train you further. This (in my limited experience) usually means less pay.

Hope this helps. Good luck!

I use Albert on my Arch Linux installation as an alternative to Alfred. Not quite as good, but it works and is familiar (also extensible).

If you're looking for clipboard management, there are tons of linux solutions for that, see: https://wiki.archlinux.org/index.php/list_of_applications#Cl...

As for an alternative to Karabiner, I use Xmonad and manage my keymapping through the use of Xmodmap (https://wiki.archlinux.org/index.php/xmodmap)

People have had success with macOS on certain Lenovo laptops (t450s)

I just got a T460s, and am super happy with my Arch Linux setup.

The build quality definitely isn't as good as Apples. I had to return my first T460s due to severe light-bleed issues. The new one is fine, though the TrackPoint isn't as good as it was in previous generations. The TrackPad also is not as good as Apples, though I try to keep a keyboard-only workflow so it's not that much of an issue (till it is)

The department had every intention of sharing the information at, I believe, Blackhat. A lot of research (especially security related research) is funded and approved by the government. Before they were able to give the talk at Blackhat, the government stopped them from doing so. Since the provided funding was from the government, they had to comply to avoid legal issues.

This is a matter of legal debate about the intentions and methods of the government, IMO. To reiterate I don't think it's fair to blame students/faculty/researchers for not breaking the law and agreements that allowed them to conduct the research in the first place.

As for what CMU has done to insure that this does not happen again... I don't know.

It's unfair to think of CMU as an 'evil' entity just because of what some people in one particular and small department did.

There's a lot of really good work that comes out of CMU, including the department that helped the FBI.

EDIT: furthermore, SEI was doing independent research into the security of TOR. The FBI subpoena'd CMU to give up the results/contents of the research which is what ultimately helped the FBI do what they wanted.

At my school there was always a small group of students who went down the OS path in Computer Science. A lot of people stuck around til some fun C stuff but then stopped when it got to writing compilers, kernels, and entire OS's.

Seemed like a small niche that really got into it though. I have a few friends that went that route and seem pretty competent

I tried sending at e-mail and got a connection timed out response from hello at carsen dot io

There have been many posts about this: https://news.ycombinator.com/item?id=4649396 https://news.ycombinator.com/item?id=627977

Seems like its hard to just get traction.