SQL injection: I didn't know you could do that!
-
@bridget99 said:
OK, but how is anyone going to get rich off of some certification for developers? It's not like the state CPA board sucks up some huge portion of the economy. Don't you think having CPAs and PEs brings a net benefit to society?
All licensing schemes are designed to limit competition by preventing new entrants to the market. Some, like medicine, may incidentally serve a useful purpose, but they all work to limit new entrants, and generally more so than the benefits of any minimal standards that they apply. They generally come into effect due to the union / guild / lobbying group related to the trade. There is money to be made by schools (or whatever organization controls certifications) as well as the practitioners who benefit from the reduced supply.
Some of the more ridiculous licensing rackets are for florists, hair braiding or selling caskets. CPAs and PEs have some value, since there are legitimate fiduciary or liability issues and fairly objective standards for assessing these. Aside from disparate and conflicting internet rants, there is definitely no similar standard for software development.
@bridget99 said:
Or are you really ready to fully embrace jungle law?
My first reaction was to say that this straw man is beneath you, but then I remembered...
-
@boomzilla said:
Some of the more ridiculous licensing rackets are for florists, hair braiding or selling caskets. CPAs and PEs have some value, since there are legitimate fiduciary or liability issues and fairly objective standards for assessing these. Aside from disparate and conflicting internet rants, there is definitely no similar standard for software development.
You may want to check your response .. Texas Board of Professional Engineers - Software Engineering and IEEE-USA and IEEE Computer Society Teaming Up to Develop Professional Exam for Software Engineering seem to disagree with you.
-
@boomzilla said:
All licensing schemes are designed to limit competition by preventing new entrants to the market.
Regardless of the design/intent, the actual result is only limiting if the licenses remain difficult to obtain.
In practice, you'll get a grand diversification of all kinds of licenses, some good, some bad, some truthful, others shams, some cheap, some expensive.
So that limits the limiting.
@boomzilla said:
side from disparate and conflicting internet rants, there is definitely no similar standard for software development.
Yeah, though the basis of the licensing argument is "well, there should be!" and I don't know if I agree with that.
But when I come across all sorts of bullshit programmers receiving real money for their shit services, I cannot help but wonder if there is a way to prevent these people from getting work. Certification is one way, but it's not exactly a silver bullet and as we've seen it creates a secondary market with its own various levels of competence.
The most effective way is if the buyers are able to tell the difference, but it's also the hardest and most time-consuming,
-
@OzPeter said:
@boomzilla said:
Some of the more ridiculous licensing rackets are for florists, hair braiding or selling caskets. CPAs and PEs have some value, since there are legitimate fiduciary or liability issues and fairly objective standards for assessing these. Aside from disparate and conflicting internet rants, there is definitely no similar standard for software development.
You may want to check your response .. Texas Board of Professional Engineers - Software Engineering and IEEE-USA and IEEE Computer Society Teaming Up to Develop Professional Exam for Software Engineering seem to disagree with you.I would say they're doing exactly what I said they would do. The details of the Texas exam seem reasonable, but I don't see how it's much more than what any other bogus certification does. The net effect is likely to be similar to what you get with financial ratings companies, where people outsource their due diligence to unaccountable agencies with mandates from the government with predictable results.
Texas has another of those stupid licensing requirements where eyebrow threaders have to get cosmetology licenses, which require you to go to cosmetology schools. Can you guess how much time in cosmetology school is spent on eyebrow threading? About none.
-
@dhromed said:
@boomzilla said:
All licensing schemes are designed to limit competition by preventing new entrants to the market.
Regardless of the design/intent, the actual result is only limiting if the licenses remain difficult to obtain.
In practice, you'll get a grand diversification of all kinds of licenses, some good, some bad, some truthful, others shams, some cheap, some expensive.
So that limits the limiting.
If you look at other professional licensing, it almost always requires some sort of education or degree, in addition to passing some test. There is always some group out there with their hands out, and the organization behind the license holders will always want to keep the barriers high to prevent too many new entrants. Consider the current lament that old programmers are being replaced by youngsters. Notice that you never hear about this in heavily regulated / unionized trades? That's the point.
@dhromed said:
But when I come across all sorts of bullshit programmers receiving real money for their shit services, I cannot help but wonder if there is a way to prevent these people from getting work. Certification is one way, but it's not exactly a silver bullet and as we've seen it creates a secondary market with its own various levels of competence.
The most effective way is if the buyers are able to tell the difference, but it's also the hardest and most time-consuming,
Yep. This is true for just about anything. Auto mechanics and building contractors come to mind. And those guys have licensing and so forth. Right now, there's a huge demand for software development, and simply not enough "good" supply. The best hope for the future is probably that tools and techniques improve enough that less creativity and discipline is required to get most of the stuff done, just like manufacturing processes in other industries have done.
Also, so many people hiring / buying software don't want to pay the extra money for even basic QA. They definitely don't want to pay lawyer / PE like fees to make the certification worth anything.
-
@OzPeter said:
@bridget99 said:
I think PEs and CPAs are universally considered more trustworthy than non-certified workers in the same profession. The only certifications that I really consider complete bullshit are the proprietary ones like the MCSE, and the PMP certification.
Except that unless you are supplying services directly to the public a PE license is a waste of time and effort especially given that a huge percentage of engineers never see the outside of their cube farm. There has been noises made for a while that all engineers in the US will be required to get a PE regardless of what their job entails but I can't see that flying.
As for PMP .. I have considered it myself just because it is one of those things that companies like to have, and will hire based just on the strength of it. Personally I'd prefer to get formal Agile coaching certification, but the industry that I work in isn't structured to use Agile methods at the level I am working at.I've considered getting the PMP pretty seriously, but I just don't buy into the material I would have to study. I just looked over a set of sample questions, and it was rife with misconceptions : adding resources to a behind-schedule software project is a good idea; there is a learning curve for bulk software installation projects; a good way to predict project success is to run a Monte Carlo simulation. I chuckled at that last one in particular; how would one set up a simulation of a development project? And even if one did, wouldn't that be a more complex undertaking than the project itself much of the time? How about just asking some trusted technical workers?
-
@bridget99 said:
And even if one did, wouldn't that be a more complex undertaking than the project itself much of the time?
It's NP hard!
-
@scruff said:
bridget99: "a Profession" and "Professional" are not exactly the same thing.
This
The rest of the discussion is pointless.
Football ("soccer" for those not in the colonies) is not "a profession", but you get 'amateur footballers' and 'professional footballers'. The difference is that the 'professional' ones do it for a living, the 'amateur' ones do it for fun. There is no correlation with skill; 'amateur' players could be better than 'professional' players.
The same applies to programmers. dog walkers, star gazers, masseuses etc.
You do not have to work in 'a profession' to be 'a professional <whatever>'.
Programming is not 'a profession' (in most places), but you can get 'professional programmers' anywhere.
-
@dhromed said:
But when I come across all sorts of bullshit programmers receiving real money for their shit services, I cannot help but wonder if there is a way to prevent these people from getting work.
Many others have tried and failed before you, my friend. No matter how much of a hashup is caused by a total incompetant, bullshit and family connections often trump sanity.@dhromed said:
The most effective way is if the buyers are able to tell the difference, but it's also the hardest and most time-consuming
It *is* a matter of "buyer beware", and now the internet has enabled information dissemination at a much faster rate it's possible to obtain references/reputation of an individual via a search engine alone.
-
@Cassidy said:
@toon said:
but has been a
professionalPHP/MySQL developer for over six years, maybe seven.FTFY. Professionals generally won't
make amateur mistakes repeatedly for that length of timeuse PHP/MySQL.
FTFY.
-
@Cassidy said:
I can only speak for myself but after two years of teaching myself C# and trying to use it during software development, I started studying for my MCTS and MCPD certifications (successor to MCSD). I learned a lot from it because it enabled me to put everything in the correct context. I came from a C++ background, so I had some trouble understanding the .NET Runtime.@bridget99 said:
OK, but how is anyone going to get rich off of some certification for developers?
Simple law of supply and demand. In the UK, at one point there was great demand for developers with MCSE/MCSD to their names, so many organisations (including mine) created courses to get them through these qualifications. We made quite a profit from it, as did people achieving the qualification since it carried an implied guarantee of a higher starting salary.
After a few years of boot-camp certificates, Industry began to understand that the letters didn't necessarily indicate a level of skill or knowledge - if anything, they indicated a lack of experience. By then the damage was done, and some people had profited handsomely from the overall debacle.
The proof of the value of this certification is that before it, I failed a job interview conducted by a .NET guru. And after obtaining the certification and some years of practicing what I learned, I'm now working with that same guy and I'm considered by management to be on the same level inside my field of expertise.
Don't just disqualify all Microsoft Certified people based on your limited experience.
-
@bjolling said:
Don't just disqualify all Microsoft Certified people based on your limited experience.
I'm not (but didn't make that clear in my post, re-reading what I said, sorry).
I've met many skilled and experienced people that are Microsoft-Certified, and many utter fuckwits that held Microsoft Certifications and failed to understand why I was asking all these troublesome questions at interviews because their certifications should have been enough.
My point was that certifications aren't the be-all and end-all, and that industry placing a high value on a specific certification could also entice unscrupulous bodies from providing fast-track certification routes, devaluing its meaning.
-
@OzPeter said:
@bridget99 said:
I think PEs and CPAs are universally considered more trustworthy than non-certified workers in the same profession. The only certifications that I really consider complete bullshit are the proprietary ones like the MCSE, and the PMP certification.
Except that unless you are supplying services directly to the public a PE license is a waste of time and effort especially given that a huge percentage of engineers never see the outside of their cube farm.In the US at least there are regulations that require that certain kinds of things are required to have a licensed engineer sign off on the design (and that they are then at least partially legally responsible if something goes horribly wrong), so I wouldn't say that it is a waste even in a cube farm (get paid more if you can do the sign off).
-
@locallunatic said:
But how many PE's per cube farm lackey do you really need? 1 for every 10? 1 for every 100? And the requirement is only for fields where you have to do things like sign off on construction drawings .. so again what proportion of people really need to be doing that? I know it will vary across industries, but I have never had a situation where not being a PE stopped me from doing my job.In the US at least there are regulations that require that certain kinds of things are required to have a licensed engineer sign off on the design (and that they are then at least partially legally responsible if something goes horribly wrong), so I wouldn't say that it is a waste even in a cube farm (get paid more if you can do the sign off).
-
@toon said:
TRWTF here, is that this person is not only my boss, but has been a professional PHP/MySQL developer for over six years, maybe seven.
I wish I was surprised to read this. I still sometimes see SQL injection vulnerabilities in most of my colleagues' code and I've pretty much given up at this point as people can be such bitchy little princesses when their work is criticised. In my experience so far, years of experience correlates more with resistance to new things and unwillingness to admit mistakes than with any tangible wisdom. They begin sentences with phrases like "Well I've been doing this for ten years", and from then on you know they aren't listening.
I'd advise you to think very long and hard about your dreams of quitting. Are they really going to solve anything? Do you realistically believe that the next company magically won't have developers like this? I'm beginning to believe that the only way of avoiding this kind of bullshit is by single-mindedly focusing on distancing oneself from the masses of shit-tier developers as a primary career goal.
-
@GNU Pepper said:
They begin sentences with phrases like "Well I've been doing this for ten years", and from then on you know they aren't listening.
In a previous job, I've had a guy use that as an argument in a discussion. Me: [argument that pertains to the discussion and makes logical sense, to me anyway]. Him: "I've been working here for thirty years." Then he looked at me, as if that was supposed to convince me I was wrong.
@GNU Pepper said:
I'm beginning to believe that the only way of avoiding this kind of bullshit is by single-mindedly focusing on distancing oneself from the masses of shit-tier developers as a primary career goal.
If I didn't have cold feet about it, I'd start my own company. That's the only way I can think of...
@GNU Pepper said:
I'd advise you to think very long and hard about your dreams of quitting. Are they really going to solve anything? Do you realistically believe that the next company magically won't have developers like this?
At this point, it's more that what's making me want to leave is the combination that he's my boss and also generally hard to reason with. I don't mind not having the last say in anything (if I wanted that, I'd get rid of my cold feet) but if someone's boss makes up a "fact" that's wrong, and his underling disagrees, the underling is basically wrong if the boss is backed by the rest of the firm, no matter what the truth is. I don't have a boss + 1. Perhaps this is one of those things that pass and the two of us can look back on later, but it's beginning to look like that won't be the case.
-
Can you use ?1 and ?2 and so on like you can use with SQLite?
-
Extra bonus WTF: Just overheard the same guy talking to my other boss. Saying: "yeah, I was working over the weekend; since we strengthened the login procedure I couldn't get into the application, so I temporarily made it so the login check is always true." Well, he changed it back after, so I guess it's not dangerous? Or something?
-
@GNU Pepper said:
They begin sentences with phrases like "Well I've been doing this for ten years"
You: "you mean you've been making the same mistake for 10 years? Or do you mean that in your 10-year experience you've never heard of code injection exploits? It takes great skill to have 10 years experience of a subject and yet manage to completely avoid defence coding techniques."
@toon said:
Him: "I've been working here for thirty years." Then he looked at me, as if that was supposed to convince me I was wrong.
You: ".. and, in your thirty-year career, have you ever come across any code exploits such as these?"
I've faced this situation many times: when people remind me of their work duration, I ask them how it equates to skill and knowledge. Nothing punctures this "duration bubble" then one of their managers asks how - given all their years - they didn't know that.
@toon said:
Saying: "yeah, I was working over the weekend; since we strengthened the login procedure I couldn't get into the application, so I temporarily made it so the login check is always true."
Oh Jesus Shitting Christ. You should have asked him if he left all the doorswide open when he left so staff can enter the building the next morning.
-
@Cassidy said:
Oh Jesus Shitting Christ.
There's a hip marketingy place in town that's looking for a backend developer. I sent out my resumé to the recruiter just now: we'll see what happens!
-
@toon said:
No, you're right, he wants to be good at what he does; it's just that he's got a real hair up his ass about being told how to do his job. So whenever he gets the perception that that's the case, he gets very defensive in an offensive sort of way (if that makes sense). He can't help it, but of course that doesn't make much of a difference to me. One of the reasons I'm considering leaving.
Actually wanting to be good at your job requires wanting it MORE than wanting to not be told how to do the job. Not knowing about SQL injection would require actively avoiding hearing what anybody else has to say about the field he is in for... well, six or seven years. That's not wanting to be good at your job, its assuming you are so much better at your job than anybody else that they aren't worth paying attention to.
-
@boomzilla said:
Auto mechanics and building contractors come to mind. And those guys have licensing and so forth.
Oddly enough, the best mechanics I've ever met aren't ASE certified, and the best contractor I've ever worked with (they built my garage) didn't have a state license - either in this state, or the one they're based out of.
-
@Weng said:
@boomzilla said:
Auto mechanics and building contractors come to mind. And those guys have licensing and so forth.
Oddly enough, the best mechanics I've ever met aren't ASE certified, and the best contractor I've ever worked with (they built my garage) didn't have a state license - either in this state, or the one they're based out of.And the best programmer you know doesn't believe in OOP or multithreaded GUIs, and throws up big, topmost wait screens during lengthy operations instead of "pumping" messages.
-
@bridget99 said:
@Weng said:
@boomzilla said:
Auto mechanics and building contractors come to mind. And those guys have licensing and so forth.
Oddly enough, the best mechanics I've ever met aren't ASE certified, and the best contractor I've ever worked with (they built my garage) didn't have a state license - either in this state, or the one they're based out of.And the best programmer you know doesn't believe in OOP or multithreaded GUIs, and throws up big, topmost wait screens during lengthy operations instead of "pumping" messages.
This must be some new definition of "best".
-
@DescentJS said:
@bridget99 said:
More likely a failure in the "know" department. Or skillful deployment of "irony".And the best programmer you know doesn't believe in OOP or multithreaded GUIs, and throws up big, topmost wait screens during lengthy operations instead of "pumping" messages.
This must be some new definition of "best".
-
My definition of "professional" is someone you hire to to a job because they know how to do it better than you.
The reason professional bodies (associations, licensing, etc.) exist is because without knowledge of the field, the person doing the hiring has no means to judge how good the professional is. (like the Dunning-Kruger effect)
