|
IMO, the only real "no shilling" conference these days is FOSDEM, though some of the smaller conferences (SaltConf/etc) are also reasonable. Anything really big is gonna be shilling. Red Hat Summit and DevConf are surprisingly shilling-free, but that's predicated on the idea that you've already bought into Red Hat, so we don't need to shill.
|
#
?
Jun 15, 2015 22:35
|
|
|
|
| # ? May 11, 2024 19:51 |
|
|
I hate my current job (office dispatch for a construction company) and I'm looking to get into IT (again?) I have a few questions for you guys about getting started in this: 1. Is there an IT job where all you do is setup and maintain large server rooms? What's it called? 2. Certifications? Which ones are any good? Which ones should I stay away from? 3. Is it worth going to a tech school for this type of thing? Bit of background about what I meant with the "again?" comment: I used to work at a games studio. Initially this started out as a simple QA job, nothing really all that impressive. Then we started a new project that involved (for all intents and purposes) our first large scale multiplayer component. Nobody in the studio (with the exception of the networking programmer) actually knew how to setup up a clean room, how to test for the multitude of technical networking issues that can and do crop up, how to test for bandwidth needs, etc. All anyone knew was that we needed these things. On a whim I volunteered to investigate what it would take to set up a clean room, that quickly turned into me being in charge of setting up and building a clean room, writing all of the test cases, training about 14 dudes on how the hell xbox live, and PSN work and what can happen and how to read network console traces, and then the studio created a position for me out of it. I basically went from "I have a router at home, internet comes out of it" to "I wrote a script to switch everyone's IP between the internal network and the clean room, and tweaks the QOS tables accordingly. Just run it and it'll all go by itself. " inside about a month and a half. It was getting to the point where the studio IT guys were coming to me to ask about issues they were coming across with build farms and stuff.
|
|
#
?
Jun 15, 2015 22:36
|
|
|
whaam posted:I like the idea of a CISSP because security is one of my favorite things to work with, but none of our industries are high security so it may not have as much value for me here anyway. I am strongly considering more of a PM role, but I don't have a degree, which is also another fear I have going into a less technical role. You can get away with no degree as an engineer or architect, once you get into management they start to look at that a lot closer. You might be able to get into an MBA based on experience. there is also the masters in IT http://www.csu.edu.au/courses/master-of-information-technology Is an Australian one, you could try for it as an international distance student. spend that stipend on trips down under each year. KennyTheFish fucked around with this message at 22:45 on Jun 15, 2015 |
|
#
?
Jun 15, 2015 22:38
|
|
|
Seriously, just stop using LastPass. http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/
|
|
#
?
Jun 15, 2015 22:56
|
|
|
evol262 posted:IMO, the only real "no shilling" conference these days is FOSDEM, though some of the smaller conferences (SaltConf/etc) are also reasonable. Yeah, definitely. Comes with the territory for any sponsored event. The OpenStack Summit just seemed especially blatant. Even the keynotes were literally just product demos from vendors. I went to a session on "How to Install and Configure Swift" and it was actually a walkthrough by the SwiftStack guys on how to buy and install their product  . And so on.I did do some good networking, though, and it was absurd how many companies were there trying to hire anyone who could spell OpenStack. It was a useful lesson on why people talk about the hallway track at most conferences being the best part.
|
|
#
?
Jun 15, 2015 23:03
|
|
|
MustardFacial posted:1. Is there an IT job where all you do is setup and maintain large server rooms? What's it called?
|
|
#
?
Jun 15, 2015 23:42
|
|
|
Aunt Beth posted:This title sort of varies depending on the nuances of the role, but I've seen it referred to as hardware planner, infrastructure architect, or datacenter manager. They're the ones responsible for the buildout of a computer room, power capacity and architecture, cooling, and generally rack/equipment placement as well one the room is up and running so that proper airflow and so forth is maintained. So for someone with zero experience (outside of that games networking thing), zero certs, and zero professional training. Should I be looking for something like that? or is there a lower level of that job I can get more easily and then learn up and gain experience in the job?
|
|
#
?
Jun 16, 2015 00:02
|
|
|
I'd just like to point out that your avatar is loving excellent.
|
|
#
?
Jun 16, 2015 00:13
|
|
|
MustardFacial posted:So for someone with zero experience (outside of that games networking thing), zero certs, and zero professional training. Should I be looking for something like that? or is there a lower level of that job I can get more easily and then learn up and gain experience in the job? I think you are looking for something more like "data center tech" or possibly "NOC tech". Those are the more entry level positions. With literally zero qualifications it would be a great idea to knock out the A+ and CCENT certs. Or know someone with an in. Docjowles fucked around with this message at 00:33 on Jun 16, 2015 |
|
#
?
Jun 16, 2015 00:31
|
|
|
Docjowles posted:I think you are looking for something more like "data center tech" or possibly "NOC tech". Those are the more entry level positions. Someone else was telling me to do CCNA first at a bare minimum. Thoughts?
|
|
#
?
Jun 16, 2015 00:36
|
|
|
MustardFacial posted:Someone else was telling me to do CCNA first at a bare minimum. Thoughts? The CCENT is the first-half of the CCNA.
|
|
#
?
Jun 16, 2015 00:43
|
|
|
Would it be worthwhile to take a course at a tech school? This is the one I was looking at: http://www.bcit.ca/study/programs/181bdipts Sorry about the litany of questions, but it's hard to know what certificate or course qualifies me for doing cool networking stuff, and what is basically useless and qualifies me for a fulfilling job in a call center.
|
|
#
?
Jun 16, 2015 00:52
|
|
|
Looks legit, I'd do it.
|
|
#
?
Jun 16, 2015 00:53
|
|
|
MustardFacial posted:Would it be worthwhile to take a course at a tech school? This is the one I was looking at: http://www.bcit.ca/study/programs/181bdipts I went to BCIT, PM me.
|
|
#
?
Jun 16, 2015 01:00
|
|
|
CLAM DOWN posted:I went to BCIT, PM me. PM sent.
|
|
#
?
Jun 16, 2015 01:02
|
|
|
MustardFacial posted:So for someone with zero experience (outside of that games networking thing), zero certs, and zero professional training. Should I be looking for something like that? or is there a lower level of that job I can get more easily and then learn up and gain experience in the job?
|
|
#
?
Jun 16, 2015 01:12
|
|
|
CLAM DOWN posted:Seriously, just stop using LastPass. "No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised." In this particular case, there doesn't seem to be a huge reason to run away screaming if you're using two factor auth (which you should). I mean, what other alternatives are out there? Using Keepass and storing that on Dropbox/Spideroak (or schlepping it around with you), writing down your passwords, using your same password everywhere... I don't really see any other options but maybe that's just convenience over security.
|
|
#
?
Jun 16, 2015 01:18
|
|
|
dox posted:I mean, what other alternatives are out there? Using Keepass and storing that on Dropbox/Spideroak (or schlepping it around with you), writing down your passwords, using your same password everywhere... I don't really see any other options but maybe that's just convenience over security. Is it a bad idea to use patterned, overlapping pass phrases? For example, I'll use a handful of repeated passphrases for stuff I don't care about, then where security actually matters, unique passphrases that I can still remember because they differ based on incrementing certain characters (along with their shift equivalents) and changes in keyboard position. Admittedly I have to use password recovery if it's been a while since I've visited something, but it lets me use unique, complex passwords without recording them anywhere, encrypted or otherwise.
|
|
#
?
Jun 16, 2015 01:28
|
|
|
CLAM DOWN posted:Seriously, just stop using LastPass. The point of lastpass and many of the other password managers is that even if you get the hashed passwords it doesn't get you any useable data without costly amount of computing time.(5,000 round hashing) You would still have to guess the password used by the client.
|
|
#
?
Jun 16, 2015 01:54
|
|
|
lampey posted:The point of lastpass and many of the other password managers is that even if you get the hashed passwords it doesn't get you any useable data without costly amount of computing time.(5,000 round hashing) You would still have to guess the password used by the client. Yup true, but overall, based on the security breaches losing trust and general risk associated with the cloud, I would personally not use Lastpass anymore nor recommend it to others.
|
|
#
?
Jun 16, 2015 01:58
|
|
|
CLAM DOWN posted:Yup true, but overall, based on the security breaches losing trust and general risk associated with the cloud, I would personally not use Lastpass anymore nor recommend it to others. I understand the apprehension, obviously the most secure option is to use non-repeating, complex pass-phrases, and just remember them, but it's impractical. I think that Lastpass w/ complex passphrase and two-factor auth is about the most secure and convenient option. If you use Keepass, and put it on your dropbox, isn't that about as insecure, but just in a different way? Also you can't do two factor auth with Keepass, right?
|
|
#
?
Jun 16, 2015 02:02
|
|
|
CLAM DOWN posted:Yup true, but overall, based on the security breaches losing trust and general risk associated with the cloud, I would personally not use Lastpass anymore nor recommend it to others. There is no risk regarding any security breaches with lastpass, they never has access to your plaintext passwords, only the hashes, which are then stored encrypted on there servers. The worst case scenario of a rogue employee taking the unencrypted hashes still leaves them without useful data. The biggest risk of using last pass is that you will lose your account permanently if you do no remember your password. The alternatives to lastpass are all significantly more risky when you consider how people will actually use them.
|
|
#
?
Jun 16, 2015 02:12
|
|
|
lampey posted:The biggest risk of using last pass is that you will lose your account permanently if you do no remember your password. I think you can download an offline version of Lastpass. Not sure how that works, though.
|
|
#
?
Jun 16, 2015 02:14
|
|
|
I'm pretty happy with the compromise of KeePass + Dropbox. It's less convenient (particularly on mobile), for sure. I probably wouldn't recommend it to my parents. But at least I can rest assured that the only dipshit who could mess it up and store my master password or security challenge insecurely is me ( ). If Dropbox gets hacked, oh well, there's some unidentifiable encrypted binary blob in my data. If someone breaks AES encryption, we all have bigger problems anyway. To be fair, the bigger risk is that the KeePass devs or the libraries they use hosed up the implementation. But that's no different than any other encryption tool.Dropbox also supports two-factor auth.
|
|
#
?
Jun 16, 2015 02:52
|
|
|
CLAM DOWN posted:Seriously, just stop using LastPass. Use RatticDB instead, it doesn't even encrypt and the devs recommend using LUKS to keep your data safe... quote:When designing RatticDB we made some very specific design decisions. We didn't include encryption in the application at all. Encryption is not easy to do right, increases complexity and the application needs to be able to decrypt the passwords somehow anyway. We do recommend that you install it in such a way that the database is on an encrypted filesystem theperminator fucked around with this message at 02:59 on Jun 16, 2015 |
|
#
?
Jun 16, 2015 02:57
|
|
|
Docjowles posted:I'm pretty happy with the compromise of KeePass + Dropbox. It's less convenient (particularly on mobile), for sure. I probably wouldn't recommend it to my parents. But at least I can rest assured that the only dipshit who could mess it up and store my master password or security challenge insecurely is me ( The best part for me is the mobile integration for lastpass. It pops right up when filling secure forms with the stock keyboard It really reduces the times I reuse the same weak password and I don't have to spend as much time recovering and remembering complicated passwords. There was an article, The Only Secure Password Is the One You Can’t Remember that illustrates why just remembering passwords is not feasible. Security wise, does storing the blob part with dropbox and then decrypting it on your computer end up any more secure than storing the blob with lastpass and then decrypting it locally?
|
|
#
?
Jun 16, 2015 03:15
|
|
|
theperminator posted:Use RatticDB instead, it doesn't even encrypt and the devs recommend using LUKS to keep your data safe... 
|
|
#
?
Jun 16, 2015 05:03
|
|
|
SIR FAT JONY IVES posted:Also you can't do two factor auth with Keepass, right? You can, sorta-kinda. With Keepass, you can have a keyfile in addition to entering your password so that you need both the keyfile and your password to unlock a keepass DB. It's not quite the one-time password you're most likely thinking of, but it's certainly not just limited to password auth.
|
|
#
?
Jun 16, 2015 05:54
|
|
|
CLAM DOWN posted:Yup true, but overall, based on the security breaches losing trust and general risk associated with the cloud, I would personally not use Lastpass anymore nor recommend it to others. Seriously? They're a hyper-massive target, and they're doing everything right: Not keeping the data in an easily-used form, salting everything, extra server-side rounds (I'd wager they're about the only major player doing so) and responsibly disclosing the inevitable breaches. No perimeter will ever be perfect nor will any (non-trivial) software ever be bug-free, and even Kaspersky's own malware analysis systems were found compromised a couple weeks ago. They may not be the best fit for you, personally, but they are still top tier for password management and better than a lot of other password managers out there. theperminator posted:Use RatticDB instead, it doesn't even encrypt and the devs recommend using LUKS to keep your data safe... Funny, I would applaud them for NOT loving around with encryption that they're not sure they can get 100% bullet-proof and keep the associated investments in years going forward, especially for a database system which makes it an inherently primary target. Edit: was thinking this was a general-purpose DB not a password-management tool. You're right, that's insane. keseph fucked around with this message at 07:35 on Jun 16, 2015 |
|
#
?
Jun 16, 2015 06:01
|
|
|
Ugh. I had an effort post lined up but I realize it wouldn't have any effect. If you trust your data to an outside company then it's on you. Years of managed hosting has shown me that companies are poo poo. Yes credit cards in plain text in databases poo poo.
|
|
#
?
Jun 16, 2015 07:07
|
|
|
keseph posted:Funny, I would applaud them for NOT loving around with encryption that they're not sure they can get 100% bullet-proof and keep the associated investments in years going forward, especially for a database system which makes it an inherently primary target. The kind of person who designs a password system that stores everything in plaintext, and for security recommends disk encryption is tremendously out of their depth and has no business doing what they're doing, who knows where else they're loving up security-wise in their code. if you think it's an acceptable password management system it's because you're incompetent.
|
|
#
?
Jun 16, 2015 07:12
|
|
|
keseph posted:Funny, I would applaud them for NOT loving around with encryption that they're not sure they can get 100% bullet-proof and keep the associated investments in years going forward, especially for a database system which makes it an inherently primary target. You cannot be serious-posting here.
|
|
#
?
Jun 16, 2015 07:13
|
|
|
CLAM DOWN posted:You cannot be serious-posting here. Here in America we don't have to worry about identify theft. Apparently only Canada has that issue. That's why we leave our passwords available for anyone to use.
|
|
#
?
Jun 16, 2015 07:20
|
|
|
theperminator posted:The kind of person who designs a password system that stores everything in plaintext, and for security recommends disk encryption is tremendously out of their depth and has no business doing what they're doing, who knows where else they're loving up security-wise in their code. I was thinking it was a general-purpose DB (may've been thinking of riak), not a password manager. Didn't click the link while phone posting. Yeah, that poo poo is totally unacceptable for a purpose-built password manager.
|
|
#
?
Jun 16, 2015 07:33
|
|
|
We've been using password safe which is a fairly expensive piece of software from a German company. It's been fantastic though. We host it internally and publish it via a dual-factor Rds server.
|
|
#
?
Jun 16, 2015 10:33
|
|
|
I bought 1Password a while back and absolutely love it. Sync the encrypted DB via Dropbox which is 2FA,and it supports TouchID on the iPhone.
|
|
#
?
Jun 16, 2015 13:41
|
|
|
lmao if your password repository can be completely compromised with cat /dev/mem
|
|
#
?
Jun 16, 2015 13:43
|
|
|
Vulture Culture posted:lmao if your password repository can be completely compromised with cat /dev/mem Care to expound?
|
|
#
?
Jun 16, 2015 15:06
|
|
|
SIR FAT JONY IVES posted:Care to expound? If you can rip a plain-text hash/key out of memory, it undermines the point of encrypting the content. That said, don't most (properly coded) authentication methods remove credentials from memory as soon as they're passed these days?
|
|
#
?
Jun 16, 2015 15:22
|
|
|
|
| # ? May 11, 2024 19:51 |
|
|
AreWeDrunkYet posted:If you can rip a plain-text hash/key out of memory, it undermines the point of encrypting the content. This is specifically referencing the attack on LastPass?
|
|
#
?
Jun 16, 2015 15:25
|
|