@IRJ said in Topics of Systems Administration:

@scottalanmiller said in Topics of Systems Administration:

It's great stuff to know, but if we are approaching SA as a role, should we really teach all the application specific skills on top? And if so, why these and why not loads of databases, printers, directory servers, web servers, WordPress and so on? How do we pick which applications to teach and which to expect people to learn separately?

Experience is the only teacher here. A book or online training will only teach you a very small portion of your jobs throughout your career.

I agree with @JaredBusch. I've never seen this unicorn SA position you've always talked about. I've worked in a few enterprises, SMB, and for software companies. I have never seen a SA making $400k that never touches anything outside the OS.

Samesies.

@scottalanmiller said in Topics of Systems Administration:

@EddieJennings said in Topics of Systems Administration:

@scottalanmiller said in Topics of Systems Administration:

@EddieJennings said in Topics of Systems Administration:

@scottalanmiller said in Topics of Systems Administration:

I agree that broader concepts matter. But is an SA book a good place to teach network protocols? Should a networking book or an email book do that instead?

I'm sure this will get a laugh from you, but I don't recall any of my CCNA books (even the networking fundamentals) mentioning DNS, SMTP, and other network protocols.

I'm pretty sure that they do, lol. The Net+ definitely does. That's where that stuff really goes, definitely not in a systems book.

It would be super high level of course. Digging into SMTP makes no sense until you are a deep email expert. Even full time email admins rarely know much about SMTP beyond the very basics. For other roles to know much would be unproductive. Knowing that it's the protocol of email is really enough.

I will admit a bit of bias in my feeling of the importance of needing to know a bit about SMTP as my last two jobs have ended with me being the primary (in one case, only) E-mail administrator

I have a similar, but opposite bias. Back in the 90s I read like every major book on SA you can imagine. They all covered pretty much the same stuff. And then, in a career where I've worked in everything from SMB to three Fortune 10s, in academia, have taught both university and professional classes (I was the SA teacher for IBM and Lockheed), have overseen hundreds of high price admins.... never once in decades of experience have I encountered any role that in any way resembled what every book and reference touted as "what SAs do."

They all seem to have worked in a tiny subsection of 1980s or 1990s SMBs, done just one or two essentially similar tasks, and just assumed that the entire field was what they saw without the slightest general experience. I assume that somewhere there was a professor who never managed to get a job in the field and a number of their students kept regurgitating the same false info.

And it would vary from minor (they all taught Sendmail, but Postfix is what almost all real world deployments were) to major (they all taught GUIs and printers, but find a UNIX shop that uses either, anywhere.) And it was giant percentages of the books, like 60-80%, focused on tasks I've never seen anywhere, in any industry, at any size, at any point in time - and almost all are ones I couldn't imagine having any scale.

And, of course, it all comes at the expense of learning the basics and actual material. I assume because it's easy to teach Sendmail basics and hard to teach real SA concepts. One is just copying common commands, the other is explaining difficult ideas. It has felt like they've always been a crutch, a way to cheap out on teaching what matters but make books long and daunting with little effort.

How did you teach classes for Lockheed when you only worked there for a week?

@scottalanmiller said in Topics of Systems Administration:

@stacksofplates said in Topics of Systems Administration:

@scottalanmiller said in Topics of Systems Administration:

That handbook is also associated with LISA, that totally out of touch and incompetent (and not to be seen anywhere in the real world) group that claims to oversee systems administration and traditionally defined the scale of administration by the ridiculous concepts of "user account count" and "code compilation".

Like systems such as Amazon or Change.org or Facebook or Google were all "small time, low level" admin shops because they don't create millions of users at the OS level.

Not sure what you mean here. Looking at the programs over the last 10 years (the 4th edition of the book was released in 2010) LISA has been about DevOps principles, containers, security, etc. Is backed by Amazon, Facebook, Netflix, etc and a good number of the speakers are from those companies.

This is weird, but Wikipedia says that they announced four years ago that LISA was going away.

And this is all that there is for a website, so seems likely...

https://www.usenix.org/lisa

Their last salary survey was 2011 (which I had seen in 2011.)

https://www.usenix.org/conferences/byname/5

There's one scheduled for next year.

@scottalanmiller said in Topics of Systems Administration:

That handbook is also associated with LISA, that totally out of touch and incompetent (and not to be seen anywhere in the real world) group that claims to oversee systems administration and traditionally defined the scale of administration by the ridiculous concepts of "user account count" and "code compilation".

Like systems such as Amazon or Change.org or Facebook or Google were all "small time, low level" admin shops because they don't create millions of users at the OS level.

Not sure what you mean here. Looking at the programs over the last 10 years (the 4th edition of the book was released in 2010) LISA has been about DevOps principles, containers, security, etc. Is backed by Amazon, Facebook, Netflix, etc and a good number of the speakers are from those companies.

idk the one I have doesn't have anything about hardware. It's all cloud, VMs, containers, CI/CD, scripting, CM, security, etc.

They do have a section on datacenters but I think that's just for info, it's the smallest section.

This book has pretty much everything:

https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0134277554/ref=sr_1_4?dchild=1&keywords=systems+administration&qid=1606769775&sr=8-4

@IRJ said in FIPS encryption (non domain laptops):

@frodooftheshire said in FIPS encryption (non domain laptops):

@IRJ Wow. So I'm guessing I would need to wipe these machines and put on Windows 10 Enterprise 1809 to go a. get compatibility and b. make sure these devices continue to get security updates? But when I check 1809 EOL is May 11 2021???

I may just have this client work directly with a third party to manage all this as I don't imagine this will come up again, and I'm not sure it's worth the time investment to really get a grasp on everything and what's involved.

Yeah it looks like it. I've not dealt with FIPs 140-2 on Windows before, only Linux.

This document is from May 2020 and shows 1809 still as the latest FIPs 140-2 certification.

https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf

Before you get into a rabbit hole here, what's your actual requirement?

This is the correct approach. What's the requirement?

It takes a good amount of time and money to certify the OS so that's why the FIPS certified releases are behind. I'm not sure on Windows but with RHEL/CentOS you can enable FIPS mode on any release, it's just not "certified".

@thejb said in Anyone Know a Good GUI for HAProxy?:

@scottalanmiller

$1200 does seem crazy, but it is an ADC not just a GUI for HAProxy.

Some features include an Accelerator built upon nginx, WAF for security, GSLB and high availability.

For more information on the features - https://www.snapt.net/platforms/aria-adc/features

Is there a reason that you don't natively support deployments to things like k8s? It seems crazy this day and age to not have first class support for that seeing as almost everything will be there. Esp in the enterprise space where this has to be marketed for.

@IRJ said in Anyone Know a Good GUI for HAProxy?:

@manxam said in Anyone Know a Good GUI for HAProxy?:

@scottalanmiller said in Anyone Know a Good GUI for HAProxy?:

And all of this can be yours for the low price of $1200 per year (or as much as $9500).

That seems expensive,lol.

https://www.snapt.net/platforms/aria-adc/pricing

You might as well just use AWS at this point. You are looking at $200-500 a year for an Application Load Balancer which is much better than their premium package lmao. You could have 10 ALBs and still come out way ahead.

See pricing examples
https://aws.amazon.com/elasticloadbalancing/pricing/

And you don't have to manage it.

The UVC line allows for RTSP. Why not just use the same cams and send them to a different NVR?