Thanks, I did read that blog post but adding yet another dependency to my stack just for authentication of a single user (me)? I don't know… Then I might as well just install Headscale.
As of about a month ago, you can also sign up to Tailscale with any OIDC-compatible identity provider, so if you don't want to use Gmail or Microsoft you can self-host your own!
Seriously, if you use one of their recommended identity providers and their "AI" bans you, can you change your access controls on tailscale to another provider? Ideally without physical access to the other machines.
The list of identity providers is just ginormous companies that are likely to automatically ban accounts.
Yeah, as someone also on a TN, I'd love to hear more. I'd also love to know what the renewal process has been like for people that have been in the USA for a while (I've been here for 4 years and am looking to renew next October).
CBP (and USCIS) is just getting tougher on TNs, sometimes applying standards/requirements that don't exist, and really gives no deference anymore to the issuance of a previous TN when the TN is being "renewed."
If you or your friends are interested, you should check out Matasano (disclaimer: I work there). Our hiring process is much more focused on work-samples, and the in-person interviewing is pretty laid-back. We're also very up-front with candidates about what to expect and where they are in the process. Check out our careers page:
For what it's worth, that's a fair concern. I offer two things that make it not quite as bad as you may think, though :-)
1. We don't expect applicants to be amazing at this already. Having a background in security is good, of course, but not necessary. As a data point: in the office I work out of, we have someone who used to work in a bakery, someone who worked for an insurance company, and several people who had never done security before applying to Matasano. It's my opinion that you generally learn more "on the job", as it were, than you would preparing for an interview anyway. @tptacek's post at [0] is a good example of the type of people we have working for us.
2. We generally send candidates resources to help them prepare - I believe a couple recent applicants got free copies of "The Web Application Hacker's Handbook" [1].
Any interview process that requires a substantial time investment by the candidate pre-interview is broken.
Why would I spend some time learning the security niche just for one interview? I could instead work on Android development, Python, Scala, or a whole bunch of other things. Those would be useful for many jobs, and not just 1-3 employers.
Why is putting in a lot of time researching security for your interview a better use of my time than learning more widely applicable skills?
What if I put in all the time, pass the pre-screening, and then when I meet you, it turns out you aren't the type of people I'd want to work with?
> Any interview process that requires a substantial time investment by the candidate pre-interview is broken.
I disagree, but accept that this depends largely on the desired outcomes. If the candidates goal is to spray-and-pray by applying at dozens of companies and hoping one makes them an offer they can accept, I'll grant that requiring more time may be a hindrance. If, however, the candidate's goal is to learn something, improve their skills, and demonstrate to the potential employer that they're capable of doing this on a short time cycle, they may welcome the opportunity, and many have.
> Why would I spend some time learning the security niche just for one interview? I could instead work on Android development, Python, Scala, or a whole bunch of other things. Those would be useful for many jobs, and not just 1-3 employers.
Because you want to work in security generally, and for us specifically? I fully accept that not everyone shares career goals which align with our needs, and encourage them to pursue other avenues. If you're dream in life is to be a broadway actor, we're unlikely to be able to help. That doesn't make this goal less important to you or valuable to the world at large, it just differs from what we do and offer.
That said, if you think that security skills (and web app security specifically, which is the typical path for those learning for the interview) are relevant only to "1-3 employers" I fear you drastically underestimate the size of the market both within security consultancies and enterprises that have a security team (or just appreciate security-minded developers).
> Why is putting in a lot of time researching security for your interview a better use of my time than learning more widely applicable skills?
It may not be. There's a lot of paths to self improvement, and their suitability to a specific individual will vary, depending on that individuals goals, desires, and learning style. I don't think anyone is trying to prescribe 'the one true path to self improvement' but rather one that we've found to work, and one that we help our candidates advanced down.
> What if I put in all the time, pass the pre-screening, and then when I meet you, it turns out you aren't the type of people I'd want to work with?
Then we shake hands and each go our own ways, hopefully having learned something about each other and ourselves in the process. Maybe we've made contacts that'll be mutually valuable in the future whether it be for future employment, a business relationship, or simply someone to chat with at some developer meetup, conference, etc. and bounce ideas off of. Choosing not to continue a relationship is a perfectly viable outcome of any interview process.
I recently started programming in Lua too - it's a fantastic language if you want to embed it in anything, and using the LuaJIT FFI [0] makes interfacing with C code from pure Lua a pleasure. I've also started writing a set of extension libraries[1] that provide various "missing" features - mostly inspired by Ruby.
https://tailscale.com/blog/custom-oidc/