YetanotherHackerNewsdigest.com
HN Theater | HN Academy | HN Books

HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.
Rankings: this week · month (apr/may) · year (2024) · all time
digests · search

Hacker News Comments on
Thomas Ptacek - America has doomed the industry. Please send help.

CUSEC · Vimeo · 10 HN points · 1 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention CUSEC's video "Thomas Ptacek - America has doomed the industry. Please send help.".
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Mar 16, 2016 · 5 points, 1 comments · submitted by orlandohill
orlandohill
This is tptacek's talk on getting into the software security industry. The talk was given in Canada, hence the title.
Sep 23, 2012 · alinajaf on From 0 to cryptography
Remember this?

http://vimeo.com/9260794

Somehow found myself watching it a few weeks ago. In it the biggest realisation I had was that I would have been just as likely as the developers at flickr, vimeo etc at punching in `sha1(secret_key + 'foobarbarbaz')` for computing a MAC. Thus began my foray into cryptography. My reading list is a little backlogged but 'Cryptography Engineering' is bubbling its way to the top.

My biggest takeaway so far is to just stay the hell away from crypto, but I work with other developers on big codebases, so I need the knowledge firepower to convince them to stay the hell away from crypto.

That being the case, there wasn't much I wasn't familiar with in the article, but since I'm a crypto newbie it was nice to go over those concepts again.

Nov 30, 2010 · 5 points, 2 comments · submitted by smokinn
smokinn
Although the vimeo date says 10 months ago, that's just when the video was uploaded. It was only released a couple of days ago.

It's a talk by tptacek on software security given at the CUSEC conference last January.

m0nastic
I know some folks here don't like watching videos, so here are the points I'd take away (and I think they echo pretty strongly what Thomas has been saying here):

* Don't do your own cryptography, use SSL and GPG. If your problem isn't able to be expressed using either of these, you should probably refactor it.

* Don't read Applied Cryptography (but do read Practical Cryptography), it's responsible for a great deal of the shittiness of our industry.

* The Art of Software Security Assessment should be required reading by everyone in Canada (the talk was given in Canada)

* If you're into CS, you should seriously consider getting into the security industry (it pays well, and lets you work on much cooler stuff than you might otherwise get to work on)

* If you want to get into the security industry, you should find an open source project (or any project) and try to find vulnerabilities in it. Report them in a non-doushy way and you'll be off to a good start. Also, pick something to become specialized in (dsp, etc.) and you'll have a greater chance of getting the industry's attention.

* Writing secure software is ridiculously hard. Even software designed to be secure will have bugs, and bugs can more often than not lead to vulnerabilities. This bodes well for people in the security industry.

I recommend watching the video, it's nice hearing Thomas talk about this stuff, and while his advice shouldn't really need to be vouched for, I agree with what he says.

HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.