* Posts by Tom Wood

480 posts • joined 14 May 2008

Page:

UK employers still reluctant to hire recent CompSci grads

Tom Wood

Re: I see nothing has changed

"Well I would say that someonee embarking on a CS degree should ALREADY know how to code......"

Well, that wasn't me. Sure I was "good with computers" at school, and learned a bit of HTML etc, and my A-level further maths included modules of discrete mathematics (algorithms and so on), but I didn't actually write my first "hello world" until I started my CS degree course in 2003. There were no programming courses at school, and nobody to encourage me to program.

I graduated with a 1st class MEng in 2007, and have done alright in software jobs since ;-)

I would imagine that most 17 year olds who think they know how to code, don't really. They may be able to hack together code from examples, but they probably don't understand the detail of *why* things are done the way they are (or better ways of doing things)

1
2
Tom Wood

Re: Interesting...

So maybe there really is a difference between "good" CS degrees and bad ones.

"A good way to test this is to give some example code that returns a pointer to a local variable and ask them to describe what can happen if you start to use that pointer."

We have a question based on exactly that problem in our interviews. Not only do I ask what happens if you use the pointer (it depends) but how they would locate such a bug in code that someone else had written.

It's not universally true, but of those with a few years experience, it seems that those without a CS background struggle more with questions such as this than those who studied CS, but that's just the impression I've got from the candidates I've interviewed.

1
0
Tom Wood

Re: unable to write a "for" loop in C/C++/Java

I can't remember the degree, but it was most likely computer science or something very similar (actually we've found at least a couple of unis have a course called Computer Games Programming which is actually basically Computer Science but made to sound sexier to 17 year olds who are applying for a degree).

Though, I'd still expect a Computing/IT graduate to be able to write a loop, maybe in Bash/Python/whatever scripting language they prefer but surely they're going to need to automate doing repetitive stuff at some point?!

2
1
Tom Wood

Re: unable to write a "for" loop in C/C++/Java

The guy who was completely unable to write a for loop was an extreme example, but the sort that sticks in your head. Sure, he'd probably done it before and I'm sure his uni software project must have contained many loops, but sat in front of a computer he couldn't remember the syntax. I can't remember whether he claimed to know C, C++ or Java but as the loop syntax is the same and we'd given him a choice of languages, the fact he couldn't do even this basic thing from memory was rather concerning. (It wasn't the only thing where he failed to show knowledge or understanding, however).

2
1
Tom Wood

Re: Interesting...

As someone who does interview both graduates and more experienced developers (and a comp sci grad myself), in an embedded software business, I'd say I most value someone who has learned the fundamentals of CS (algorithms, complexity, computer architecture, logic) and some software engineering (design, testing, OO, design patterns) and can evidence applying both through their project work. The "Android/IOS/Linux/Oracle/Windows 10/Azure/AWS" stuff I really don't care about, provided their project work shows they have applied some knowledge in some domain areas and can pick it up quickly. (Though understanding the basics of the Linux/POSIX style command line is a big plus).

One reason why I'm always wary of "experienced" programmers who were self-taught and came from a hardware or physics background for instance is that they can bash out code based on tutorials they've learned etc, but they don't really understand basics like what a pointer is or what the difference is between a list and a vector, for example. Which can lead to writing buggy software, or being unable to debug such issues in other people's code...

4
3
Tom Wood

Quality of graduates

We're a small/medium sized software consultancy (~60 or so employees in the UK). This year we advertised a vacancy for a software graduate. Many who applied who were either in the final year of their course or who had graduated with a Computer Science or similar degree failed our 10-question online multiple choice filter test. The test in question is open book and not time limited; the questions cover the basics of programming and CS theory, nothing complex; and our "pass" mark is only 6 out of 10. (Question 11 is "how many of the above answers did you look up online or ask for help with" - we wouldn't necessarily reject someone who looked up most of the answers, provided they got them all right!)

Of those who got to an interview (6 candidates if I remember correctly), none was up to standards (and our standards are not overly high for a graduate; we're talking basic failings like being unable to write a "for" loop in C/C++/Java). We left the graduate role unfilled this year. We do also take a "year in industry" student, who we interview about half way through their second year at uni, with the same questions and interview process, and universally the "year in industry" applicants were brighter and more capable than the graduate ones.

Which suggests that somehow we failed to attract the "good" graduates, and were left with a bunch who had somehow graduated or were on track to graduate in Computer Science but yet failed to understand the fundamentals of their chosen subject.

11
0

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

Tom Wood

Re: Why? - Let's have some critical journalism

And actually, I don't need to control the DNS server, that just makes it easier. Since I can see and intercept all your traffic to my AP, I can look out for any initial non-HTTPS request and spoof a response, for example.

This also works with secure access points, if there is a common password I can get hold of (e.g. WPA2-PSK). If there's a hotel or pub that has a known WiFi password they provide to customers (maybe they stick it up behind the front desk/bar), for example, I could easily set up an AP using the same SSID and password and chances are at least some of the time (e.g. if your device has a stronger signal from my AP than from the hotel's) you will end up connecting to my network.

12
0
Tom Wood

Re: Why? - Let's have some critical journalism

Avast obviously weren't being malicious.

However.

Let's say I can convince you to connect to a WiFi access point (AP) I control.

Chances are you use the DHCP server in my AP to get an IP address *and DNS server address*.

So I configure my AP to point you at a DNS server I also control.

When you type www.facebook.com in the browser, I can deliver a DNS result that points you at a web server I also control, that provides a facebook lookalike login page.

You don't look close enough to notice that this particular connection to Facebook isn't redirected to HTTPS, you log in, I get your facebook password.

You can replace "facebook" for "most other secure websites", unless you've visited them before, and they use HTTP Strict Transport Security, and your browser supports it (Facebook actually do send HSTS headers, but many other secure sites, e.g. online banks, don't.

16
0

Hacker shows Reg how one leaked home address can lead to ruin

Tom Wood

"to open and close his bank accounts"

“I have enough information at this point to open and close his bank accounts, or do whatever I want,” he says.

Er, really? Sure, he knows a fair amount about his "victim", but that still shouldn't be enough to do anything particularly lucrative to a criminal.

Last time I tried to close a bank account, I had to go into the branch (even though it was an "online" savings account), and show the bank card of my linked current account, and sign a form. That was for a dormant account with no money in it - had I actually wanted to withdraw money and close the account I'd have needed the card's PIN and also possibly some other photo ID if the amount in question was large enough. To steal money with online banking, from the two banks I use, I'd need (1) knowledge of logins, passwords etc and (2a) access to my card and PIN or (2b) access to my phone, depending on the bank. The attacker described here doesn't have ANY of that info.

Maybe this speaks more to the lax security policies of American banks than anything else?

And being able to gain root access someone's web server (not really sure how that is related to "replicating" a web site) is entirely unrelated to learning anything about their home address, car registration etc, and more the fact they were running an old unpatched Linux distro.

34
1

London's contactless ticket payment system for sale in £15m deal

Tom Wood

Something's not right in the figures.

"TfL claims 65,000 journeys a day are being made using contactless with 500,000 million journeys made using contactless since its introduction."

If that "500,000 million" is right then at 65k journeys a day it would imply it's been running for 21 thousand years. If it's really only 500,000 journeys then it's only been running for just over a week?!

3
0

Brexit threatens Cornish pasty's racial purity

Tom Wood

Re: Swings and Roundabouts.

"The EU does not allow origin discrimination of that nature on goods, hence the need for the "protected origin" scheme and the roomfuls of bureaucrats to administer it."

[citation needed]

19
3

HR botches redundancy so chap scores year-long paid holiday

Tom Wood

January 1st?

When has anyone ever worked on New Years Day?

11
0

LinkedIn mass hack reveals ... yup, you're all still crap at passwords

Tom Wood

Re: Attitudes to risk

"ANY information they can glean from it can be used to reconstruct your identity, at least to the point they can employ social engineering to get more information and then eventually they have enough to compromise or steal your identity."

They *could*. But *would* they?

Your common-or-garden cybercriminal, much like your common-or-garden house burglar, will go for the easiest targets. They're after quick money not some convoluted identity theft.

In practice, my LinkedIn password is better than "password" or "12345678", but not as good as 12 truly random characters or whatever. Which is fine, as long as there are lots of people who have passwords worse than mine; just as my house isn't likely to get burgled as long as I have pretty good locks on the doors, and the guy down the street has crap ones.

2
0
Tom Wood

Attitudes to risk

I really don't want someone to get access to my bank account, or my email account, or root access to my servers, so I use secure passwords for them.

But LinkedIn, or for that matter some random forum such as this one, what's the worst that can happen if someone logs in as me?

The main risk if someone steals my login details from the likes of LinkedIn (or indeed this forum, which doesn't even use a HTTPS connection...) is if I use the same email and password combo for either this site and others, or for my email account, in which case they can get access to all the "forgotten password" emails and the like.

But if I don't, then what's the problem?

I have a better lock on the front door of my house than I do on my garden shed, for much the same reason. Get into the shed and at most you can steal some plant pots, potting compost, barbecue charcoal and a bit of garden furniture maybe.

9
1

Three UK: Our MMS prices are up. Get around us with WhatsApp or Skype

Tom Wood

Ryanair logic

Customer: "Why is X so expensive? Surely it doesn't cost you anywhere near that much to provide the service?"

Ryanair/Three: "Well, you don't have to use X."

It doesn't really answer the question, even if they are correct that you can generally avoid the charges by jumping through various hoops.

5
1

Bloaty banking app? There's a good chance it was written in Britain

Tom Wood

LOC was thrown out as a useful measurement for *coder productivity*.

It used to be assumed that the more LOC per day, the better the coder.

Now it is often believed that less is more, simpler is better, so actually writing negative LOC could be a very good day indeed. Hence the argument in the article that fewer LOC in non-British banking apps is a good thing.

13
0

Blighty starts pumping out 12-sided quids

Tom Wood

Re: iSIS

http://www.mirror.co.uk/news/uk-news/royal-mint-forced-change-name-7657745

1
0
Tom Wood

Re: counterfeit pound coins

Yes - depending on which article you read something like 30-45 million circulating pound coins are fake.

2
0
Tom Wood

Re: iSIS

They actually seem to have quietly dropped that name since 2014 - the link from the article redirects to a different page. Can't think why.

The potential security features are intriguing though. Could the coins, rather than being just a lump of metal, actually contain some kind of chip?

4
0

One-third of all HTTPS websites open to DROWN attack

Tom Wood

read the details

A server that supports TLS 1.2 is only vulnerable if it or some other server that does support SSLv2 is using the same certificate.

1
0

Cameron co-opts UK mobile industry for EU Remain campaign

Tom Wood

Re: BBC bias

Yes, every BBC Radio news bulletin I've heard in the past 2-3 days has had a brief "x says we should remain in the UK for y reason" from the newsreader, then some spokesperson for the UKIPs/Tories/other xenophobes of choice have been given a 30 second clip to spout complete tripe arguing about why we should leave.

I've not heard a single clip spoken by a correspondent from the "remain" camp.

9
2

Good thing this dev quit. I'd have fired him. Out of a cannon. Into the sun

Tom Wood

Either always use braces, or use Python...

6
0

GCHQ’s Xmas puzzle proves uncrackable

Tom Wood

Re: QR code?

There are online "scanners" that work from webcams or uploaded images. You could have reproduced the QR code in MS Paint or similar if you really didn't have a way of photographing it.

2
0

DWP building a separate ID tool as Verify can’t cut it, whisper sources

Tom Wood

Re: This is a solved problem surely?

Yes, but this is once you have a bank account. Setting up a bank account if you've never had one is a surprisingly difficult task. Especially for recent immigrants (e.g. refugees granted asylum) who have no identity history in the UK and may not even have ID documents from other countries.

It's these sorts of individuals DWP in particular will have difficulty identifying.

I imagine the Verify system would also struggle to identify many of those particularly of an older generation who even if they have a bank account may not have any debts (so no credit record), have no driving licence or passport, etc.

9
0

New gear needed to capture net connection records, say ISPs

Tom Wood

Re: How exactly does this work

@Missing semicolon:

You are correct. But the URL is inside the HTTP request itself - not in the packet headers - and is encrypted for HTTPS. That's what I meant by "Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?"

0
0
Tom Wood

How exactly does this work

When I visit www.theregister.co.uk, this isn't one transaction. First there is a DNS lookup, which in my case currently resolves www.theregister.co.uk to 104.20.24.212. Then I open a TCP connection to 104.20.24.212:80 and send a HTTP GET request for /. Then the HTML loads and this may trigger many further DNS lookups and requests for images, style sheets, javascript and so on.

Exactly what are they logging to determine I am visiting www.theregister.co.uk? The DNS lookups? The TCP connection to 104.20.24.212:80? (But who knows what that IP address really is - actually this particular example has no reverse DNS - but it could well be a shared server, CDN server, etc).

Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?

10
1

NZ unfurls proposed new flag

Tom Wood

Re: Research

http://www.flaginstitute.org/wp/british-flags/the-union-jack-or-the-union-flag/

1
0

Terrorists seek to commit deadly 'cyber attacks' in UK, says Chancellor Osborne

Tom Wood

The Tories winning the election was pretty terrifying...

6
4
Tom Wood

Has Osborne just watched Spectre?

a new "National Cyber Centre" which is described as "the countries first dedicated ‘cyber force’

3
0

NHS IT must spend a fortune to save a fortune, says McKinsey

Tom Wood

Incremental changes

This would be fine if it were a case of spend £500k, save £1m, 16,000 times over. If it didn't deliver after the first few such projects you could cut your losses and run. If it did work, it would pay for itself in short order and not need much in the way of actual upfront investment.

But somehow I expect it's not that simple...

1
0

Skype founders planning non-drone robodelivery fleet. Repeat, not drones

Tom Wood

It's as if they have never seen Robot Wars

Just imagine all the ways one of these could get (1) stranded through it's own incompetence to deal with the hazards of a typical street (puddles, slippery leaves, dogs and their droppings, fallen branches, parked cars etc), (2) maliciously waylaid (tipped over/put on top of a bus shelter/thrown into the canal/kidnapped by local kids/troublemakers), driven off in a thief’s van, etc.

5
0

The ONE WEIRD TRICK which could END OBESITY

Tom Wood

Re: craft it smaller

In the UK that would be illegal. The smallest quantity for selling draught beer and cider is a third of a pint. You are also allowed to sell two-third pint measures, and any (integer) multiple of half pint measures, but that's it. https://www.gov.uk/weights-measures-and-packaging-the-law/specified-quantities

4
0

CODING PEEP SHOW offers chance to hire devs as they program

Tom Wood

Re: Watching paint dry

"Any idiot can bash out a foreach loop on automatic"

Based on some of the apparently experienced developers I've given technical interviews to, that statement is sadly false.

6
0

Turn-by-turn directions coming to Ordnance Survey Maps

Tom Wood

Re: too little too late

Google maps is fine for road - offroad it's pretty useless though.

Compare for instance Ilkley Moor:

Google map

https://www.google.co.uk/maps/@53.8948331,-1.841674,13z?hl=en

vs OS map

http://binged.it/1JJiJaQ

and that's just based on the 1:50000 OS map data, zoom in and you'll see the extra detail from the 1:25000 version.

4
0

'Hans free' mobe gag crowned Fringe's funniest

Tom Wood
Facepalm

Re: The one from a few years ago was much better

Was that "2011 winner Nick Helm" by any chance?

16
0

Wikiland turns to Shapps and says ‘those emails you wanted, we deleted them, sorry’

Tom Wood

Do you mean Data Protection Act?

The FoI act only applies to public bodies, doesn't it?

A Subject Access Request is a thing where you can get data held on you by a company or organisation under the terms of the Data Protection Act.

6
0

Amazon UK conditions 'exhausting', claims union

Tom Wood

A lot of a warehouse isn't storage

It might be a mistake, but a lot of the floor area in a warehouse isn't "storage capacity" - it's taken up with aisles, conveyors, shelf supports, packing benches, etc.

4
0

Labour Party website DDoS'd by ruly democratic mob

Tom Wood

Re: I'd like to know..

Germany, France, Spain, the Netherlands, Italy... all have state owned railways. Hell, their state owned railway companies even own a good chunk of our supposedly private railway companies. What is it about these countries that means they can run successful state-owned railway companies but we can't?

3
2
Tom Wood

Re: I'd like to know..

Well the railways is fairly easy. The state still owns most of the infrastructure and rents it out to the privatised operators. You just let their contracts expire and don't renew them, or if you want to get more creative find ways to terminate them early. (As the franchises start falling back into state hands, the state then gets to keep the profit from them, which can be reinvested or used to buy up the remaining contracts).

And, of course he could borrow more. Brown didn't "borrow and spend every pound there was to have", as evidenced by the fact that Osborne has borrowed more than Brown did: http://blogs.spectator.co.uk/coffeehouse/2013/11/the-tories-have-piled-on-more-debt-than-labour/

3
3
Tom Wood

Re: It's £3.88 a month

That's for a full membership. You can pay a minimum of £3 to become a "supporter" which means you get a vote in the leadership contest but none of the other perks of membership.

5
0

Safe as houses: CCTV for the masses

Tom Wood

Re: Netatmo's Welcome costs €199, which is presently about £140.

You just need to get a decent credit card that doesn't charge such fees. http://www.moneysavingexpert.com/credit-cards/travel-credit-cards

0
0

That's not an Ofcom email about your radio licence – it's a TROJAN

Tom Wood

Re: I got one at work

Indeed, I run my own mail server and use suffix addressing (sometimes called "plus addressing" as that is what is supported by gmail) for this purpose. In gmail you can use myname+anything@gmail.com and it will be delivered to myname@gmail.com. Use a different "anything" for each account and if it leaks you know who has been passing your address, and can block that variant (or just block it if they don't honour unsubscribe, etc).

Since the plus character is commonly used for this purpose it's actually not that good as a spammer could strip it out and still reach your inbox. If you have your own server you can specify an alternative character to use, I use a dash/minus sign, but you could use a dot, underscore etc. Someone could still guess and remove it and hit your inbox, but in practice I've found that doesn't happen, and if it did I could just dump the inbox and create a new one, and redirect all the existing aliases to it.

0
0
Tom Wood

Re: Probably these work the same as bank scams

Indeed, looking at my mailserver logs, I received two attempted mails this morning to an address that is no longer used, allegedly from spectrum.licencing@ofcom.org.uk:

Aug 5 08:52:58 mail postfix/smtpd[8095]: NOQUEUE: reject: RCPT from unknown[14.161.18.210]: 550 5.1.6 <xxx@xxx.co.uk>: Recipient address rejected: Address no longer in use; from=<Spectrum.licensing@ofcom.org.uk> to=<xxx@xxx.co.uk> proto=ESMTP helo=<static.vdc.vn>

Aug 5 09:06:21 mail postfix/smtpd[8127]: NOQUEUE: reject: RCPT from unknown[202.131.235.74]: 550 5.1.6 <xxx@xxx.co.uk>: Recipient address rejected: Address no longer in use; from=<Spectrum.licensing@ofcom.org.uk> to=<xxx@xxx.co.uk> proto=ESMTP helo=<[202.131.235.74]>

I have never used this address (or any address for that matter) for anything to do with Ofcom.

So there is no data leak, this is just general non-targeted spamming.

1
0
Tom Wood

Probably these work the same as bank scams

They send them to millions of addresses. Some people who have a genuine reason to have contact with Ofcom (or Barclays, HSBC, etc) see the email and think it must be targeted directly at them.

Admittedly radio hams are towards the more niche end of the spectrum, which reduces the number of targets for the spammer, but also probably increases the likelihood that those in the target audience do fall for the scam.

Mostly these things are sent by botnets and will be caught by the usual anti-spam DNS blacklists.

0
0

Buffoon in 999 call: 'Cat ate my bacon and I want to press charges'

Tom Wood

Re: Too polite

Maybe not. I like this explanation from here: http://www.theguardian.com/notesandqueries/query/0,5753,-18852,00.html

"Why are there no pork or other pigmeat cat food varieties? "

"I've always understood the reason to be that the pigmeat industry has a long-established method of disposing of its waste products. They call the result "sausages" - or, if you're lucky, "economy sausages". "

19
0

Blighty's BONKERS BANKING BONKING BONANZA: Apple Pay arrives

Tom Wood

"associated security/privacy benefits that brings about"

But Apple gets to know everything about your shopping habits...

Contactless cards work well and seem to be accepted in most places these days... even if I had an iPhone I can't see what the advantage to the customer is over using a contactless card. (Yes the retailers may like the lower charges, but do you really think they will pass them on?). If you really find it too much trouble to carry a card around (in reality most people will have a physical wallet with them anyway) then just out your card in your phone case, glue your card to your phone, or get one of those low-tech Barclaycard stickers.

6
9

This whopping 16-bit computer processor is being built by hand, transistor by transistor

Tom Wood

I must be the only software guy here

because I think it's a ridiculous project :-)

Just because you can, doesn't mean you should. This is the opposite of progress - deliberately doing thousands of small repetitive tasks that a machine can do much better (for almost every definition of better - smaller, faster, cheaper, more reliably, using less resources)...

0
19

Vodafone hikes prices to 37.5p/min – and lets angry customers flee

Tom Wood

EE are charging more - 44p

http://ee.co.uk/help/add-ons-benefits-and-plans/price-plans-and-costs/ee-price-plans/changes-to-numbers-starting-08-09-and-118#what

But, NHS England says doctor's surgeries shouldn't use 084 numbers. Many banks and customer service lines are changing to use 0345 or 0370 instead of the 08 versions (03 numbers come out of inclusive minutes).

1
0

Milking cow shot dead by police 'while trying to escape'

Tom Wood

Re: A cow is actually quite dangerous

Indeed. NZ has about 10 million cattle (beef + dairy) and 38 million sheep, but just 4.5 million people.

Though I'm not sure if you should calculate injury rates per animal or per farmer...

7
0

Radio 4 and Dr K on programming languages: Full of Java Kool-Aid

Tom Wood

Re: It would have been better

Indeed, and that's how a good Computer Science degree course works. The actual language doesn't matter nearly as much as the concepts behind it.

6
0

Page:

Forums