You might consider hiring yourself out as a contractor. This is especially interesting if you're specialized in some vertical where you can bring consultancy skills to the table. Be the guy who's brought in when there's a problem, replace some proverbial screw, and then charge a week's salary for it. Because nobody else knew exactly which screw to replace.
Also, this path allows you to delegate work to other contractors that you have vetted. After all, your clients care about the results, not who does the actual job.
The thing I can't figure out is how to get a good pipeline of screws that need replacing. All of my previous roles have been full-time salaried staff, and my network is all people like that. Getting a new job of that type is the infamous hurdle of interview panels, which would mean getting the contract takes more time than executing it, if the model I knew applied.
So what model does apply? How do you find enough work efficiently enough with that kind of model? How do you make it sustainable and not run out of the screws that your professional network needs replacing?
Multi-decade permanent contractor here (software developer). Some of it is luck. Some of it depends on the nature of your industry. Also, OP seems to enjoy learning new tech stacks, which makes them attractive to more owners of screws that need replacing, thus increasing their marketability.
It doesn't hurt to occasionally beat the bushes and ask your friends if they need screws replaced, or if they know anybody who does.
Short answer: if you replace screws efficiently and communicate well, you will become the go-to person for replacing screws.
I can't speak for SWE, but in other industries a consultant is brought in with little formal process, as a one-time expense usually approved by somebody they knew already.
There are also brokers/agencies that match contractors with projects/jobs and take a percentage cut. Not ideal but better than nothing if you’re hopeless at networking like me
The Mac, yes. But my father was a construction worker earning a below median wage (definitely not middle class) in 1988 when we bought our Atari 1040 ST. This was in the Netherlands, Europe.
(Although admittedly we were rich by world standards.)
Could you explain why not? Technically speaking it's nothing special as Moodle is completely built on the LAMP stack (although WAMP is also supported, as well as PostGreSQL, Oracle, MariaDB and MS-SQL).
Moodle was popular over a decade ago; and is designed for large organizations. It is primarily self-administrated by non-technical users and tries to deliver video heavy content. These combined to make it a hard introduction to scaling LAMP for many.
This still reads like a failure of governance to me.
It’s up to Chemours whether to hold themselves responsible for not meeting their internal guidelines (from what I read here they did/do). Of course it’s less than ideal they keep everything silent but their incentives probably point them that way.
If the government also knew, and chose not to do anything (and indeed, apparently wrote that it’s not financially feasible), then that’s a fault of government. The company won’t close itself if what they’re doing is morally dubious but legally perfectly fine (especially the people working at that location have a great incentive to not make waves, even if they’re the ones drinking the water).
> Of course it’s less than ideal they keep everything silent but their incentives probably point them that way.
> The company won’t close itself if what they’re doing is morally dubious but legally perfectly fine
It always surprises me that society has been programmed to accept morally-dubious practices that are legal as something inevitable, that a company can use that as a cop out. Perhaps amoral capitalism isn't a great system for society, and needs some reform to stop fucking people's lives for economical/financial gains...
> morally-dubious practices that are legal as something inevitable
I think I stopped believing that there was any changing this around age 30 or so. You can only see so much of it before it just becomes the default assumption.
Then there’s these times in your life when you do the right thing and are consistently punished for it… I can see why people would stop caring.
I assume you compile the source code because you want to be sure you don't use any compromised binaries? But how can you be sure the source code wasn't compromised with some obfuscated C code? (Honest question, I'm just a humble application developer.)
It is dramatically easier to hide malware in a compiled artifact than in public source code, not to imply that the latter does not happen.
In security focused orgs though you review all code yourself with the exception of things with extensive third party signed review such as the Linux kernel itself. Even then I review codepaths in the kernel critical for my use case such as random.c
From there, if I -alone- compile containers, kernels, or binaries, someone could coerce me to tamper with them to compromise all downstream users. Same if there was a central build system I can access. To mitigate this I ensure my artifact builds are deterministic, sign my changes, and have team members review my changes, reproduce my artifacts bit for bit, then counter-sign the results.
It is never wise to be in a position where there is possibility of you yourself tampering with things that control anything of value, or else someone will coerce you to help them steal said value.
As a security engineer it is my job to ensure no one ever has to trust anyone, including me.
While I do not build LFS regularly or for production use, the security improvement typically comes from the fact that the end system is _super_small_ and focused. Less software means less attack surface.
Sure, compromised binaries are nasty but personally I do place quite a lot of trust with the distribution repos.
(PS, if you are reading this and contribute packages to distribution repos: Thank you!)
Also, this path allows you to delegate work to other contractors that you have vetted. After all, your clients care about the results, not who does the actual job.