I am currently a Computer Science student in university who really loves Linux and FOSS software, hates it when governments and corporations spy on people, and would probably rather have a job that brings meaning and benefits society than one that has a high paycheck (although I do recognize that I also need to have enough money for food, housing, .etc). I also watch Scammer Payback and Jim Browning and I love what they’re doing, but I don’t know if I could turn that into a real job.

I’ve thought of doing pen testing (later on in my career), but I’ve come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything. Although for something like banks, I’d maybe be ok working there, as everybody still needs them and they’re not going away any time soon.

I also need something that I could get into fresh out of university or even as an internship or co-op.

Am I being too pessimistic? What would you suggest me to do? Feel free to challenge my views on life.

  • Real talk, you don’t have the luxury of being an idealist right out of university. Your goal is to get a job. When you’re in that job you will likely not have the luxury of being an idealist either.

    When you have enough experience making practical, reasoned decisions, then you can stand on principals.

    For context, I have been in this business for nearly 20 years. The people I have personally worked with who have resisted things on philosophical grounds ALWAYS get left behind. I’ve seen it with systemd, the cloud, and now I’m seeing it again with kubernetes. You cannot escape the collective inertia of an entire industry.

    Obviously there are still thresholds… I would never work for someone like Raytheon. You have to draw lines somewhere but saying you aren’t going to work for a company that does user behavior tracking is short sighted and impractical.

      • Most resistance I have seen mostly comes down to a misunderstanding in the benefits that kubernetes offers. The assumption is that kube is used for autoscaling and that, if the inbound traffic is predictable then the added complexity is unnecessary. When that happens the “kube isn’t right for all situations” turns into “kube isn’t right for any situation” whether the person in question would ever admit that or not…

        All of this ignores the MASSIVE reliability enhancement kube delivers and the huge amount of effort currently going into modern tool development surrounding the kube ecosystem.

  • I spent 20 years working for my local newspaper. It was a ton of fun and I constantly got to do new things. I did everything from making a palm pilot game to accompany our coverage of the Sydney Olympics, to an Apache module for a custom cms to iPhone and Android apps.

    Now I can’t say that working for a news company is a good idea in 2023, but the point is there’s probably a company local to you that needs a wide variety of programming and isn’t a “tech giant”.

    • Hey high five, also a local newspaper guy! I bumbled into it maybe 7 years ago. It doesn’t pay well (it’s pretty rural) but it totally aligns with my principles. It’s rough in the newspaper industry these days but it’s also an interesting challenge. Your competition is basically Facebook and Google.

      I totally agree though. Certain small businesses are happy to have a skilled programmer. My boss gives me a lot of leeway to follow my principals when it comes to user privacy and stuff.

  • Unfortunately for those who have those values, not all paid positions involve acting on those values.

    Random brain dump incoming…

    Most businesses pay money to solve problems so they can make more money. You can solve their problems - but not in the way that you may be thinking.

    This is a generalisation that is not strictly true, but I say it to illustrate a different way of thinking: Businesses do not undertake penetration testing because they want more secure software. They do pentesting so they can stay in business in the face of compliance and bad actors.

    To find a job, you want to start learning what people pay for. People pay contractors to come in and fix things, then leave again (politically easier, sometimes cheaper). People pay sotfware developers to develop features (to sell more stuff).

    Start looking up job titles and see which ones interest you (DevOps, frontend dev, backend dev, embedded…). Don’t get too stuck on the titles themselves. It’s just to narrow down what kinds of business problems you find interesting.

    Other random questions:

    • What specific projects are you interested in?
    • What types of problems do you like solving?
    • Do you like digging in and finding those tricky bugs that have been bothering people for years?
    • Do you like trying out new frameworks which let you think about the system differently?
    • Would you rather implement a database or GUI toolbox?

    Once you’re deep in the belly of the beast, you’ll find ways to exercise those values. It’s hard to know in advance what this will look like.

  •  agilob   ( @agilob@programming.dev ) 
    link
    fedilink
    English
    5
    edit-2
    1 year ago

    I’ve thought of doing pen testing (later on in my career), but I’ve come to realize that it is better if users just started using privacy-respecting FOSS software like Signal, because if you give a hacker enough time, patience, and the right resources, they could hack into anything.

    Your idea of pentesting is so far from what it looks like in reality that it’s probably not a path for you, at least not now. Let me explain: how am I going to protect my banking app using Signal? How will I know if our JSON unmarshalling library used by transaction service isn’t vulnerable or exploitable? What FOSS software shows me live dashboards of deployed software in container and their security risk?

    everybody still needs them and they’re not going away any time soon.

    Bank is a civilization old concept, it has always been here and will be. Banks are so durable, they will run after our civilization ends.

  • You won’t be stuck. You can always reevaluate and change employer later too.

    You can’t know many things, like work environment, leadership style, beforehand. After assessment before and during interviews, you’ll have to get and and see.

    Given that you seem to weigh meaning and impact quite high, I suggest

    • check for jobs for Non-profits and rights/citizen protection government orgs
    • check companies and industries you’re interested in
    • consider smaller companies where you have an impact, and where you have or serve a product

    You can get an idea of roles and availability from job offers/seekings.

    Consider practicality; setting for a reasonable job first, and then taking the time outside of it to seek opportunities, alternatives, or contribute.

  • Most jobs that work with FOSS are at the most privacy violating companies unless you go to (eg.) ARM to be a compiler engineer.

    Other than that, your best bet is meta, google etc. as they have the resources to pay to write code for other people.

  • I would recommend finding a company with a solid internship program and use the internship program to get your foot in the door and get hired. Companies like Cloudflare, VMWare or other with a security interest have strong internship programs.

    Point is, using internships is arguably easier to get in. Many college students, myself included, used internships just to get any experience. But what you really want to strive for is interning where you want to work and kicking butt.