Welcome to the world of IAM (identity and access management). There are many solutions to the above stated problem. If you don't absolutely need to store it don't. That includes passwords, ssn, dob, or anything of the sort.
There are a ton of services you can federate with, it's easier for the user less passwords to remember.
If you really want users to authenticate natively. Take a look at one of the new-er players out there Storm Path. It's basically your IAM backend to-go. Don't write your own security if you don't have to :)
> If you really want users to authenticate natively. Take a look at one of the new-er players out there Storm Path. It's basically your IAM backend to-go. Don't write your own security if you don't have to :)
But depend on an NSA aware third party to store your client's credentials?
Breathe, I was where you were a couple of months ago literally when I was 26. It's intimidating reading hn and seeing everyone's accomplishments in summation. I read 2 books that helped place things in perspective "The Growth Mindset" and "The One Thing". They'll help you be more focused, productive, and stop beating yourself up.
I didn't start coding in earnest till 25. I don't count my cs degree. I lamented my choice to go to architecture school after graduation. I COULD have gone to CMU or MIT most likely on scholarship. I regretted my choice deeply until recently when I realized I use the thought processes learned in my design lab more than anything I learned from my cs degree.
Recently I ve been hyper productive and am slowly marching towards my first product.
Meditate a bit, take stock of what you want to work on, and come up with a reasonable plan to get there. Take the time to figure out how you best work.
Does anyone have any good intel on nuclear powered desalination plants. I know desalinated water is about the most expensive around but for keeping the population with enough drinking and washing water.
The agricultural impact is huge and requires more water than the people do. But, I wonder if desalination would help supply water to the populous.
Just because someone is good at their jobs shouldn't excuse inappropriate behavior. It lessens everyone else on the team and those seeking employment. Look at professional sports just because they're 10x ers should they get away with their transgressions. Or, because they are so good should they be held to higher standards.
Wonderful, let me add this to the list of things I need to do in my spare time to remain a hire-able resource .... GitHub, Meetups, reading hacker news, preparing for puzzle interviews, , HackerRank, conquering a CTF. Jeez, can we say dance monkey dance.
> What are some things you'd worry about a company like this doing that would increase dance-monkey-dance factor?
Not the OP, but anything where a recruiter can go look my rating up, they will. And then that becomes a positive signal, increasing the speed of the rat race, because to be "hip", you have to do the N+1 things. Blech.
If you want to reduce the "dance" factor, have a sheltered tunnel from Starfighter to the first day on the job. Don't have it be a pipe to the tech interview, don't let it be a pipe to a recruiter's desk, don't let HR do anything but verify employment eligibility. Seriously.
Microcorruption player identities were totally private. There's no way for a recruiter to look someone up, unless they used a very-identifiable username. Privacy is important to us.
How would you imagine the bizarro-world third party recruiter that would emerge from something like Starfighter could interoperate with employers to shield you from the kind of BS you're concerned about? We're interested in ideas!
I would suggest Starfighter Recruiter, LLC have a contract with a VP, CTO. Something to the effect of...
"We provide you the names of people interested in your fine company, along with our certificate of credibility. You in turn agree that the interview process will be entirely on the intangibles[1] of interpersonal relationships, career goals, etc".
Along with that would be a rider that would involve Starfighter Recruiter LLC taking liability for providing a measurably crappy candidate, as well as disclaimers all around relating to intangibles.
Personally, I don't really want to futz around with long-winded negotiations and alpha male chest thumping. I want to demonstrate my capability, discuss my career goals and interests, and verify that fine hiring company is actually a reasonable place to work that meshes with me and my career aspirations.
[1] I.e., candidate is a loud-mouthed jackass that can't work with anyone, but can pass any technical challenge with flying colors.
I think if it leads to higher quality job leads than that would be great for many people. I find personally with response rates to cold drops of a resume being around 75%. The amount of time shifting through positions I don't want >> than pursuing those that I do.
The great employers don't require to much chest thumping and I've had some down right fun interviews. I question the culture of a company that uses a CTF game as a metric to hire people. People who play and succeed at CTFs tend to be hyper-competitive and thats not always a wonderful characteristic in a team member or company.
Thats fair, after reading some of your comments above. I believe you don't intend this to be more work for people. And, I believe hiring on both sides of the equation is a non trivial problem.
We used it at Matasano and had a diverse culture of people --- many with families --- with a variety of different personalities and personal styles. Beware of attribution error.
The underlying idea here isn't speculative. We used it at Matasano, and it was extraordinarily effective.
It's certainly the case that I have never personally have desired to do the ACM competitions, as they, IMO, reflect neither CS aptitude nor software engineering capability. I always chose to do my homework, sleep in, or fool around with my own interests.
But it did seem from the outside that those doing ACM competitions were the upper echelon of the school.
Perhaps a CTF situation would be similar. We can only see what unfolds.
Sorry, I think I'm a bit of a cynic and a bit burned out. There seems to be at least an expectation in the tech industry of having to maintain certain after hours activities to make one self marketable. Personally having a 50+ hour a week day job + side projects + studying + leveling up in order to find new employment is exhausting .... I'm just concerned adding another implied responsibility to a candidates plate seems overwhelming.
But, if someone loves to play CTFs and is seeking employment than its a great match. Me personally I'm a build things I want to see in the world and the job will come ... kind of person.
"expectation in the tech industry of having to maintain certain after hours activities to make one self marketable"
On hacker news you are getting a very small slice of the tech industry. And by reading HN you are subjected to repeated attempts to make you think there is a clear way to be marketable and to earn a living. Rest assured that there are people in tech that the HN crowd makes fun of that are earning fine livings and enjoying their jobs.
Also, rest assured that for the overwhelming majority of competent, smart tech workers, only a tiny percentage have heard of HN, and a tiny percentage of that slice view it as something to be taken seriously. For most, there is no difference between Hacker News and https://twitter.com/ViceHN.
I think you should be talking to you current employer about setting aside some of your current work time to training. One or two days a month for you study / explore technologies that will grow your skills and therefore the skills the company can draw on.
Director: Our operating expenses are through the roof. We've got a dozen developers and we're still behind schedule...
Manager: That's because we don't have any "good" developers. We need to find some of those 10x productive developers and get rid of some of the guys we have.
Director: So you're telling me we can replace 10 developers for the price of one good one?
Manager: That should be true, but the 10x guy is going to want a bit more money.
Directory: Let's do this!
(some time later at the interview)
Manager: Were looking for highly productive programmers and we're willing to pay top dollar. We see you've accomplished X, Y, Z so we want you to come and join our team.
Developer: Sorry, I can't...
Manager: How about $50k more salary...
Developer: Wow, ok, I can't really say no to that.
(some time later the first day)
Manager: Welcome to your first day, here is your team. Get as much information from them as possible because we'll be laying off 10 of them in 30 days. Good luck!
> What are some things a company like this could do to decrease dance-monkey-dance factor?
- Let players be paid by your clients to play for ~1 day.
- Introduce a non-game version that's a straight forward coding assessment.
- Make the game un-cheatable.
- Write into your contracts that you won't be the exclusive hiring funnel.
- Keep your clients confidential and don't let them mention your game in job ads (i.e., target people who just want to play a game).
Edit: I have to add, this does seem like a dance-monkey exercise and not something that an actual profession would have people do. My preferred hiring approach would just be contractor-for-a-day arrangements.
”My preferred hiring approach would just be contractor-for-a-day arrangements.”
I’m not sure that method would be suitable for people who already are employed. At least in Sweden, where I live, you can (AFAICT) get fired for working for your employer’s competitors. So if you don’t get the new job, you might lose your current job as well.
He raises a good point. I stopped reading NYT online regularly when I started spending more time reading HN. The fact is you have to pick your battles. And what you spend your time on.
Your question is good though. If I understand you to be saying "what can we do to get you to drop one of those other things or you nightly watching of reality tv?"
While I'm very happy to see attempts to get rid of the interview and move towards a work-sample test, this comment represents the whole sense of unease I have at this.
I think patio11 and tptacek hope this can replace those things, so that you can work towards a new gig on your own terms (instead of going through the usual song-and-dance).
There are lots of ways to acquire and prove skill and knowledge; ultimately, they are all monkey dances to at least some degree. Until we develop a way to read minds (and it'd be great to also do the reverse: give everyone the ability to insta-learn, Matrix-style), we will continue to have to use some kind of signaling mechanism. Right now, there are many of them, all with various levels of difficulty, entrance requirements, and resource requirements. Many are only available to those with various types of scarce resources: free time, supportive parents and family members, and money. Let's list some examples:
- get a degree in any subject (money, family support)
- get a degree in a more pertinent subject (money, family support)
- continually learn new theory/techniques/technologies on your own (time)
- write FLOSS code (time)
- get industry certifications (money)
- get achievements with HackerRank and other 'challenge' services (time)
- go to interviews, answer questions (time, possibly others)
Not to mention all of the 'administrative' things people do to communicate their capabilities (as another comment noted. Those take time, too.)
Something like this seems like it is taking a stab at replacing at least a few of these, but of course it still requires at least some extra resources (in this case, time.) The go-at-your-own-pace nature of it definitely works in its favor. Things like this evolve similar to technology, and its cycles of consolidation and deconsolidation; where once we may have used separate devices (for music, video, reading, etc.), we now use just a couple, or increasingly, one. Perhaps we could think of things like this as the next steps in 'skill and knowledge acquisition consolidation.' Hopefully, things like this will reduce the need to spread efforts so thinly, and save us more of those scarce resources. So while it may be another monkey dance, perhaps it will allow us to dance less, but in a more focused way. Or at least stay on a smaller number of simian dance floors.
If nothing else, it'll be another fun way to learn new things and experiment with theory/techniques/technology you ordinarily wouldn't.
There are a ton of services you can federate with, it's easier for the user less passwords to remember.
If you really want users to authenticate natively. Take a look at one of the new-er players out there Storm Path. It's basically your IAM backend to-go. Don't write your own security if you don't have to :)