lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20398.1295017247@localhost>
Date: Fri, 14 Jan 2011 10:00:47 -0500
From: Valdis.Kletnieks@...edu
To: phocean <0x90@...cean.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	Zach C <fxchip@...il.com>, lists@...com.org
Subject: Re: Getting Off the Patch

On Fri, 14 Jan 2011 09:25:51 +0100, phocean said:
> But this is so well known, at least I thought, that I wonder what is the
> purpose of all of this.

It's a symptom of our industry slowly getting older.  In the '70s and '80s,
pretty much everybody had 3-5 years experience, and almost nobody
had more than 10, because the field wasn't 10 years old.  Nobody looked
down on the newbies, because (a) they didn't stay newbies long because
there was only 3-4 years worth of stuff to learn and (b) the old-timers could
still remember being newbies themselves.

Now it's different - the guys who were here at the beginning are all old, gray,
and/or bald, and looking at retirement, and we have to start worrying about
the collective brain drain that will happen at that time.  Meanwhile, demand
is surging faster than truly qualified people can be supplied, so we're seeing
a lot of young hires who only know what they learned in an 18 month course
at ECPI or similar trade school.  In other words, we're at exactly the same
position when the great flood of McSE holders happened a few years back.

RFC1925 says: "Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in networking can never be
fully understood by someone who neither builds commercial networking equipment
nor runs an operational network."  We've gotten to the point where a large
segment of the industry wasn't taught "patching doesn't work" in school, and
they have yet to experience it themselves out in the real world.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ