Any other developers about ?

Discussion in 'Scripting & Programming' started by dmarsh, Oct 26, 2017.

  1. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    Seems theres not so many of us, anyone working as a developer or dabbling ? :D
     
    JK2447 likes this.
  2. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    Top Poster
    of the Month

    6,664
    722
    318
    I've dabbled with scripting but its all server administration orientated so certainly not development or even dabbling I suppose. Unless you're fluent in that massively popular (I jest) language we were taught to learn the fundamentals of Object Orientated programming for my degree.... Smalltalk! :boogie: I know, impressive :D:
     
    Certifications: VCP4, VCP5, VCP6, VCP6.5, VMConAWS Skill, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: VCAP 6.5 DCV (Design)
  3. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    I did some Smalltalk at uni also, lot the Smalltalk people moved to Java. It didn't entirely suck, just a resource hog for the time. Even now Java can be a resource hog too.
     
  4. Rob1234

    Rob1234 Megabyte Poster

    888
    88
    94
    Most development I see done now, is all outsourced\offshoring.

    I see a massive gap in developers who also know security not just for creating the application but also from a pen testing point of view so many applications have security holes in and are getting exploited that I have seen organisations now start to say maybe it is cheaper to develop a secure application from the beginning and not as an add-on near the end.
     
    Certifications: A few.
  5. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    I was more interested so see who is a developer on the forum, there has never been many devs here even in 2007. I don't think this is a geographic issue. If anything there are more developer jobs now than in 2007.

    I have taken pen test courses and also looked into reversing. I'm familiar with kerberos, SAML, PKI, encryption, OAuth, XSS, SQL injection, CSRF, buffer overflows, fuzzing, and a whole bunch of other stuff.

    Anybody with experience will try not to create insecure applications, the problem is there are many inexperienced developers. Development is fairly hard to begin with, writing a 'secure application' is much harder and likely much more expensive.

    Generally you are on a small close knit team and you have 1-2 years to develop an application with a lot of features and get your product to market. Developers are working flat out 50 hours a week most of this time, on top of this they are expected to be project managers, testers, pen testers, business analysts, technical authors, operations, security experts, etc. Its not really that surprising that stuff gets missed.

    Often Pen-test teams are hired or internal security teams are used to look at the product. Generally they don't massively increase the quality of the product but they do increase the cost, because unless you get an elite team of security researchers looking at the product for a few months, you don't find the issues.

    It's like me asking you to build a ford mustang because I don't have a lot of money. Then later on because the product is successful I ask you to turn the mustang into a tank.

    Teams are generally scaled up and down throughout the duration of the project to save on costs. Most projects simple can't afford full time security staff throughout the full duration of the project. Even If they could afford it, since there really are only a handful of elite security researchers in the world, such staff would in most cases be useless CISSP type people.

    Until you actually build something yourself from the ground its easy to criticize, why not write your own secure software if its so easy?

    If you look at Heartbleed you will see that even security experts get it wrong.

    How many MS security hot-fixes have we seen over the last 20 years.
     
    Last edited: Oct 26, 2017
  6. Rob1234

    Rob1234 Megabyte Poster

    888
    88
    94
    Apologies if it sounded like I was blaming developers! Building a secure application is more then just the developers I have seen many a time when they have had to build an application but the business have not actually said what application they want!

    My point was as you mention it is not easy to do so if you have the ability to do it then you will be in the few.

    Have you ever considered bug bounty hunting as something to do?

    As for developers on here good point I always just assumed certs were not that big in the field. Compared to say Networks for example where most go down some kind of Cisco, palo alto route etc.
     
    Certifications: A few.
  7. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    Finding bugs in someone else's software can be trivial or extremely difficult depending on how badly it is written.

    The type of people that are likely to pay for such bugs are the people that will fix the easy to find bugs.

    You are therefore looking for the proverbial needle in a haystack.

    The reason there is buggy software is it costs so much more money to write perfect software than adequate software.

    Finding the issues is the hardest part, if it takes me 2000 hours to find one bug, and I get £2000, I make £1 an hour.

    The economics simply don't stack up.

    Add to that I could spend 10,000 hours and find zero bugs, its simply not good business.

    How many books have you bought with zero typos, grammatical mistakes, misspellings, punctuation, or factual errors ?
     
  8. Dazzo

    Dazzo Byte Poster

    196
    12
    37
    I'm a developer focusing on a legal software currently but just landed a new job I start in December hoping to dabble in a few other things! Got knowledge on website development with PHP and MySQL and looking to finally start looking at an MVC before starting my new role.

    In the UK developer roles seem to be prolific at the moment, more so than tech or support roles.
     
    Certifications: A+, MOS: Master 2010, Network +
    JK2447 and dmarsh like this.
  9. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    Good to see you Dazzo, hope it works out! :D
     
  10. Pseudonym

    Pseudonym Kilobyte Poster Premium Member

    371
    111
    90
    I think I'd like to get into a DevOps role eventually. That's loosely my aim at the moment, but you never know how things will pan out over the next 5-10 years. But yeah, I do find myself interested in the development side of things.

    D'you think it's worth learning Computer Science - in terms of the theory? I bought a book called computer science illuminated a month or 2 ago and plan to give it a good few reads in the future.

    For now, at least I'm focusing on the operations side and trying to understand and learn as much as I can before I focus on anything else.
     
  11. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    @Pseudonym I would look at the following
    https://www.pluralsight.com/courses/linux-cli-fundamentals
    https://www.pluralsight.com/paths/docker
    https://www.udacity.com/course/introduction-to-operating-systems--ud923
    https://www.udacity.com/course/advanced-operating-systems--ud189

    Then look at stuff like, bash scripting, git, ansible, vagrant, and basic networking.

    Then maybe play with jenkins and teamcity, but that is optional really.

    Book contents page looks decent, its worth knowing the fundamentals of number systems etc also which the book covers.

    You should be able to get up to speed on most of this stuff in under two years.

    I tend to set smaller goals like try to learn basics of subject X in 2-4 weeks, or learn advanced feature Y in 1 week.
    Then as you go along keep trying to apply what you've learnt or see how it relates to another subject.
    If you do this constantly for 2 years you make lot progress.

    I would train myself into the role and take a DevOps role with basic salary. Wait too long and the change can harder to make.
     
    Last edited: Oct 27, 2017
  12. Pseudonym

    Pseudonym Kilobyte Poster Premium Member

    371
    111
    90
    Cheers for that mate. Sorry for the late reply. I have a habit of disappearing on here..

    definitely some good looking resources there, as soon as I'm finished with my current cert path I'll be looking at precisely all of these.
     
  13. Juelz

    Juelz Gigabyte Poster

    1,705
    342
    201
    When I first wanted to get into IT I wanted to be a developer.. gave it up after a month. I was more into web dev I did enjoy learning it but couldnt see myself doing it as a career, I find support more interesting now. I could fall asleep in a convo about dev work but could sit and talk for hours about AD, Exchange etc. Different strokes for different folks I guess.
     
  14. Pseudonym

    Pseudonym Kilobyte Poster Premium Member

    371
    111
    90
    I'm not really sure development is precisely what interests me. I'm more about automation, the fact that you can make 500 computers do things at the same time fascinates me. I think I just like the idea of time saving and efficiency, even though it takes days-weeks sometimes to get solutions up and running haha. Really satisfying feeling for me though when you figure it out and iron out all of the kinks.
     
  15. dmarsh

    dmarsh Petabyte Poster

    4,136
    415
    219
    They are all just programs that were designed and written by programmers. Typically in C++. LDAP and Mail servers are pretty established ideas.

    I find most enterprise bloatware pretty dull, certainly things like config options or boring corporate user interfaces.

    I enjoy the techy parts, making something fast, small or efficient, solving a challenging problem.

    I used to enjoy writing compact efficient code in assembler or C, now things are lot different, but the focus tends to be on functional, reactive and multi-threaded.
     
    Last edited: Nov 21, 2017
  16. Dazzo

    Dazzo Byte Poster

    196
    12
    37
    I generally like the idea of saving people time or making their life easier. I'm relatively new to development so this may change but making process' faster, or building something from scratch which enables someone to do their job efficiently is a big reward.

    I think I am getting access to pluralsight in my new job so plan on jumping straight in to a course over christmas and finishing a Udemy one up next week on my week off :)
     
    Certifications: A+, MOS: Master 2010, Network +

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.