[ale] a quick test of web site stupid

Jim Kinney jim.kinney at gmail.com
Wed Mar 6 16:44:45 EST 2013


On Wed, Mar 6, 2013 at 4:10 PM, Matt Hessel <matt.hessel at gmail.com> wrote:

> I see the idea behind the certification, but in practice that seems mostly
> useful to employers when hiring individuals with little on their resume.
>

It's not for employers. It's for lawyers and judges to use as a bludgeon to
make companies use good practices is coding for public consumption. If
company FOO is in software development, and they provide code for banking,
they MUST have a certified banking code engineer on staff and sign off on
the code or else that code is not legal to use for banking. Or they can pay
a banking code engineering firm to evaluate their code and sign off if it
suits the engineers standards.

If mom-n-pop company hires a developer to put up a web site, they don't
need a certified engineer to approve anything UNTIL they add something like
shopping site with credit card stuff. If their website gets defaced because
they hired an idiot, that's their problem. If their website gets hacked and
credit card data is stolen, then it's a criminal offense on them for
deploying code that was not approved by a professional engineer. I see
drop-in certified modules for various platforms to do this.

I can't build a bridge for public use until I am a certified, tested and
passed Professional Engineer. As a PE, it's MY name on the line for the
stuff I sign off on. So a PE won't approve crap. Is it a perfect system?
Nope. But it keeps slick talking idiots from building bridges and
practicing law and medicine.

A person who passes a PE exam doesn't need much else on their resume. It's
not possible to pass without mountains of knowledge and/or experience.
There is already a Professional Software Engineer license process. What is
needed is to add HIPPA and Banking modules (or more generically - data
security) and then require that places that use software in these fields
have X years to be using certified, compliant software or they get shut
down, fined out the ass or both for repeated violations. "Market forces"
can't fix this crap. It's like why we all drive on the right hand side of
the road. Someone decided we have to clean up the mess and made it happen.

like i need another project....

> And I'll second the point on bridging networks.  Some creative use of
> stunnel can easily fool most security devices and allow anything in or out
> of a secure network.
> On Mar 6, 2013 11:55 AM, "David Ritchie" <deritchie at gmail.com> wrote:
>
>>
>>
>> On Mon, Mar 4, 2013 at 12:56 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>>
>>>
>>> Given the importance of reliable software in a growing number of areas,
>>> I see a need to have professional licenses for programmers that touch
>>> finance, health care, public safety, etc. We don't let just anyone design a
>>> bridge and that's for good reasons. We need to rethink this field from a
>>> public health and safety perspective.
>>>
>>> I can also see a need for mandatory professional certifications for
>>> System Administrators in those same areas.
>>>
>>> ditto for DBA work.
>>>
>>> James P. Kinney III
>>>
>>>
>> Snort...  the mice voting to bell the cat.
>>
>> 1) Will never happen, as the companies want huge masses of potential
>> employees for which that they don't have to pay much.
>> 2) How would you certify competency? The field is changing all the time,
>> and the demand for people who even 'kinda' know what
>> they are doing currently (and probably for the indefinite future) will
>> outstrip supply.
>> 3) Supposing (or more correctly, "when") something blows up - what would
>> be 'punishment' meted out against the professional?
>> Are they really to blame when their employers aren't willing to patch, or
>> unwilling to listen... ??
>> 4) Shelf life of professional certifications is short, so professionals
>> have to be selective. Licensing will, by definition, be bureaucratic and
>> trail
>> current practice. Often the certification questions are a laundry list of
>> random stuff that may or may not have any use in day to day administration,
>> or aren't specifically geared to security related issues. I can't  expect
>> licenses to be any more current.
>> 5) making network secure that are also usable by your employees to get
>> their jobs done (particularly as more and more stuff is becoming cloud/web
>> based)
>> is really a PITA. IPV6, I am guessing, is going to make this even harder,
>> and corporate IT departments are largely clueless about it. That is just
>> one way
>> to see this blowing up. Bridging networks outside of buildings is getting
>> increasingly trivial to do, particularly if have some level of physical
>> access. SSL VPN's
>> and tunneling are particularly troubling to me...
>>
>> Disclaimer: Not based on experience with any past, present, or future
>> employer(s). I do this to build my typing speed.
>>
>> -- David
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130306/80c772f8/attachment-0001.html>


More information about the Ale mailing list