I've just accepted that Microsoft, Google, and Meta all have a constant wiretap in my office (on account of my Windows PC, Android smartphone, and Meta VR headset).
It's rather dystopian to just know and accept this, but there's really no alternative if you want to participate in modern society at a normal capacity (sans the VR headset, that really isn't a necessity).
Something something, keep your enemies closer, right?
I've heard this sentiment a lot, that governments/secret agencies/whoever create zero-days intentionally, for their own use.
This is an interesting thought to me (like, how does one create a zero-day that doesn't look intentional?) but the more I think about it, the more I start to believe that this fully is not necessary. There are enough faulty humans and memory unsafe languages in the loop that there will always be a zero-day somewhere, you just need to find it.
(this isn't to say something like the NSA has never created or ordered the creation of a backdoor - I just don't think it would be in the form of an "unintentional" zero-day exploit)
I'm not sure that governments actually create them, not prolifically at least. There's been some state actor influence over the years, for sure.
However, exploits that are known (only) by a state actor would most definitely be a closely guarded secret. It's only convenient for a state to release information about an exploit when either it's been made public or it has more consequences for not releasing.
So yes, exactly what you said. It's easier to find the exploits than to create them yourself. By extrapolation, you would have to assume that each state maintains its set of secret exploits, possibly never getting to use them for fear of the other side knowing of their existence. Cat & Mouse, Spy vs Spy for sure.
>In December 2013, a Reuters news article alleged that in 2004, before NIST standardized Dual_EC_DRBG, NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library
https://en.wikipedia.org/wiki/Dual_EC_DRBG
I think you are right that the shady actors pretty much can use existing bugs.
But you are also right that this is not the only way they work. With the XZ Utils backdoor (2024), we normal nerds got an interesting glimpse into how they create a zero-day. It was luckily discovered by an american developer not looking for zero-days, just debugging a performance problem.
Is the goal with this project (generally, not specifically async) to have an equivalent to e.g. CUDA, but in Rust? Or is there another intended use-case that I'm missing?
Oh shoot thanks for letting me know! I just pushed that update this weekend. I'll auto-confirm anyone who signs up until I fix it later tonight. I've put you on the waitlist.
As someone who is currently looking for a job, I don't like this idea.
All this does is increase the effort and barrier to entry to apply for a job. This is not a good thing. Applying to jobs is already time consuming as it is; nobody wants more hoops to jump through.
I understand that recruiters/hiring managers/whatever get a lot of junk applications, but frankly, it is your job to sort through them. You are paid to do this.
Could the hiring/job seeking process be better? Yes, absolutely. Currently, it's terrible, and almost everyone involved is making it worse. But the solution is not mailing job applications.
I don't fully agree. I agree that helping employers find qualified candidates is good for those candidates, but I don't agree that making applications mail-in only would achieve that end. It doesn't solve a lot of the larger problems when it comes to job applications, and just makes things harder for the applicant.
That never seems to happen in practice. The number of jobs I have applied to that required additional effort and that never bothered to reply is just too high.
All sorts. Some make the application process very long, some ask for what is essentially a long cover letter through written questions, some ask you to complete tests, one sent me an IQ test...
> I understand that recruiters/hiring managers/whatever get a lot of junk applications, but frankly, it is your job to sort through them. You are paid to do this.
Recruiters, hiring managers, and whatevers are humans too, with ordinary human limitations. Just because they are paid to do something doesn't mean they gain superhuman capabilities.
Even if I am a recruiter with nothing else to do, if I get 5k applications for a role each week, I won't individually review 5k applications in a week. It's not possible. So I will have to rely on some automated system that filters out most of those applications. Who knows how good that system is.
On the other hand, if I get 100 mail applications for a role each week, that I can review that.
I'm not in love with this proposal, but I definitely see the appeal. Adding a little cost/effort on the applicant side automatically filters out a ton of applicants that have not bothered to learn anything about the role or company.
In the past I've had success with adding things to the job description like: "please include a link to your favorite gif in your email." And that filters out about 95% of applicants who don't read the job description and don't have a gif link in their email. But with LLMs I imagine those kinds of filters work less well than before.
That's a fair point! It is true that recruiters are human and cannot review 5k applications per week.
I don't mean to say that recruiters must/should review all applications, because indeed this is sometimes impossible. I'm just saying that, as a recruiter, your job is to review applications and you should therefore not be making things harder for the applicants.
Asking for someone's favourite GIF to filter out junk applications is a great idea. This does not detriment the applicant, and it makes the recruiter's job easier. This is good. Making all applications mail-in is not good, because it detriments the applicant (by way of costing significantly more time and some money), while also not solving some of the larger problems when it comes to the job application process.
> get a lot of junk applications, but frankly, it is your job to sort through them.
But this isn't their job. Their job is to hire someone who passes the hiring bar. If they can do that without ever looking at a random resume everyone at the company is happy.
An unstated thesis of the article is that several years from now people who want to accomplish that job just won't look at resumes submitted online - whatever anyone's feelings about it.
This is beneficial to both parties, it's not just to throw spikes on the road for applicants without care.
The less nonsensical applications they get, the more time they can give your application.
> I understand that recruiters/hiring managers/whatever get a lot of junk applications, but frankly, it is your job to sort through them. You are paid to do this.
Indeed they are, and that is what they're doing by asking for a written application.
I think the "nothing to hide" argument is made for a different reason.
People are unafraid of the government knowing certain things because they believe it will not have any real repercussions for them. The NSA knowing your search history is no big deal (as long as you're not looking for anything illegal), but your church knowing your search history would absolutely be a big deal.
> The NSA knowing your search history is no big deal (as long as you're not looking for anything illegal)
Until someone at or above the TSA decides they don't like you. And then they use your search history to blackmail you. Because lots of people search for things that wouldn't be comfortable being public. Or search for things that could easily be taken out of context. Especially when that out of context makes it seem like they might be planning something illegal
Heck, there's lots of times where people mention a term / name for something on the internet; and, even though that thing is benign, the _name/term_ for it is not. It's common for people to note that they're not going to search for that term to learn more about it, because it will look bad or the results will include things they don't want to see.
> People are unafraid of the government knowing certain things because they believe it will not have any real repercussions for them.
A very famous quote: "Conservatism consists of exactly one proposition: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect."
Many people - particularly white people, but let's not ignore that a bunch of Black and Latino folks are/have been Trump supporters - believe that they are part of the in-group. And inevitably, they find out that the government doesn't care, as evidenced by ICE and their infamous quota of 3000 arrests a day... which has hit a ton of these people, memefied as "leopards ate my face".
I'm surprised there haven't been more people "exercising" the second amendment in light of what ICE is doing.
Granted, I'm not in the U.S. so I don't know what it's like on the ground, but I'm surprised to not hear about any armed resistance despite how gun-happy many Americans are.
I am not surprised: the sort of person most likely to exercise their second-amendment rights is probably also the sort of person to support what ICE is doing.
The "7+" clients thing is actually "more than 7 but I keep getting new clients and don't want to update my resume every time", but I get how that comes across.
For the max professional exp: does freelancing not count? I was making bank in high school, so I figured if I'm doing contract work for employers and making money, then it's professional, no? (naturally freelance isn't going so well now, otherwise I wouldn't be looking for a job)
Otherwise that all makes sense, thanks for the feedback! :)
> I'm struggling to figure out what you're good at
Can it not be all of them? :p
That's one of my big challenges with resumes. People assume I can only be good at one thing and/or assume that I'm lying about my work experience.
I can get _really good_ references from all of my previous employers (because I am legitimately good at everything on my resume), but I never seem to get to that point.
Historically, if I get a technical interview, I get the job every time. The challenge is getting the technical interview.
The more broad and general the claim of value the heavier burden there is on trust.
It's the same for products. Products with very narrow niche value props are immediately attractive to the few people with those specific needs. When you sound like everything to everyone, people are naturally less likely to believe you and the only way around that is a strong recommendation/referral. (Not a name you list on resume, but someone the hiring person trusts saying "you should really consider hiring this person, they are exceptional").
The more specifically relevant you can be to their needs, the more you will stand out.
This is as true for products as it is for resumes, especially when considering that people "hire" products.
I agree with the other respondent. I’d go as far as to say your resume is bad. All I got from it is that you went to university and have some backend experience and also game development experience. I would have passed on your resume if it had been submitted to a job I was hiring for. There is not even a GitHub link.
A person should be able to look at your resume and visualise what you have done and what you could do for them. What game(s) did you work on? What PHP frameworks did you work with? What were the internal tools you built?
“We need someone to do x, is this the resume of someone who can do x?”
The job market is tough and fixing your resume might not be a silver bullet but it is at least something actionable :)
If anyone told me that they are good at everything, it would show a lack of self awareness if they have only been working for three three or four years and would be an immediate red flag.
But your real issue is that you have a generic experience that really doesn’t stand out and the software development field is saturated. Yes I know everyone has to start somewhere. The market just really sucks right now and there really isn’t any reason for companies to hire junior developers when they can find their perfect match.
Make multiple versions of your resume, each of which emphasizes a different aspect of your skillset, and use the one that most closely matches the job description when you apply. When I am really interested in a job, I usually make a new version of my resume just for that one job application. It's not as much work as it sounds, because I just include or exclude different bullet points depending on the main skills required in the job description, so that when the person reviewing my resume reads it, they will say "I'm looking for an experienced C# developer... and this is an experienced C# developer! It's a match!". If I include too much info about my other skills, then they wonder if I'm much of a C# developer at all. It's about reducing what the hiring manager would see as "noise" so that they clearly receive the "signal" that they are looking for.
Also, leverage recruiters - give your resume to as many professional recruiters as you can. They're often better than applying directly now. Also apply at staffing companies, that's a good way in.
It's rather dystopian to just know and accept this, but there's really no alternative if you want to participate in modern society at a normal capacity (sans the VR headset, that really isn't a necessity).
Something something, keep your enemies closer, right?
reply