Tuesday, January 12, 2016

The Mythical STEM Shortage

Long ago, there were Personnel Managers.  Nowadays, there are Human Resource Managers.  As an engineer or scientist, you are a consumable resource, just like oil and electricity.  You are used to make a project work and once the project is done, you are not needed anymore and you will be laid off.  

In my experience, there is a perpetual over supply of engineers and scientists and roughly 10% to 15% of engineers are always unemployed or underemployed.  However, there is a huge shortage of Entrepreneurs.

Jobs are created by small businesses - large businesses destroy jobs.

Large businesses buy small businesses, absorb them, take the good products, discard the bad ones, fire half the people in the first round, and the rest in the second round.  This is known as increasing productivity.

For example Intel, Microsoft, Cobham, IBM, Yahoo, Boeing, Lockheed-Martin, United Technologies - they buy companies and then frack them and shake the employees out.  The result is a constant clamor from thousands of middle aged engineers and scientists complaining that they cannot find work.

However, for the younger 20-something crowd, the situation is much worse and their unemployment rate varies from 25% to 50%!

In a capitalist system, the over 45 crowd are supposed to provide jobs for the under 25 crowd and that can only happen if the large businesses light a fire under them and force them to start their own businesses.

If you are an unemployed or underemployed STEM, then you can do one of two things: Go look for a job in a tough and desolate place where others are scared to go, or find an unemployed salesman and an unemployed MBA and start a company. 

Engineers and scientists are typically NOT good at sales and management.  Don't try to do it yourself, you will waste your own money and you will fail.  Your job is to innovate.  Get others to sell the junk you make and schmooze the bank manager. 

When a reporter asked Sutton why he robbed banks, he replied: 'Because that is where the money is'.  Apparently O'l Willy had a MBA.

So, since I already took the only job in the desert - you have to get off your chair, go start a company with two compatriots and hire five unemployed 20-somethings to do the work!



Juniper, Citrix and Fortinet

No, this is not about the famous Donovan song.

Most of this list was compiled by M. Jennings:

NSA Helped British Spies Find Security Holes In Juniper Firewalls [theintercept.com] Quote: "... British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks..."

Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors [wired.com] Quote: "This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire."

New Discovery Around Juniper Backdoor Raises More Questions About the Company [wired.com] Quote: "Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system."

Juniper 'fesses up to TWO attacks from 'unauthorised code' [theregister.co.uk]

'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS [theregister.co.uk] Quote: "And it may have been there since 2008, making this a late contender for FAIL of the year."

How to log into any backdoored Juniper firewall -- hard-coded password published [theregister.co.uk]

Juniper promises to fix ScreenOS cryptography ... eventually [infoworld.com]

Listen up, FBI: Juniper code shows the problem with backdoors [infoworld.com] Quote: "FBI director James Comey should be taking notes: The Juniper debacle shows why security experts are up in arms over government-ordered backdoors."

Another quote from that article:

"Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said.

And ditto for Fortinet [arstechnica.com], the Deep Packet Inspection filter company, who also thought it wise to install a SSH server with a hard coded password.

Not to be outdone, Citrix also makes products with the same stupidity and a fixed password of Citrix123.

It is amazing that Fortinet, Citrix, Juniper and its spawn Pulse Secure, are still doing business. The only explanation is that literally nobody cares about security and only pays lip service to it.

GIGO: Garbage In, Garbage Out...