top | item 30838668

(no title)

kafkaIncarnate | 3 years ago

https://nvd.nist.gov/vuln/detail/CVE-2022-1015

https://nvd.nist.gov/vuln/detail/CVE-2022-1016

https://access.redhat.com/security/cve/CVE-2022-1015

https://access.redhat.com/security/cve/CVE-2022-1016

https://ubuntu.com/security/CVE-2022-1015

https://ubuntu.com/security/CVE-2022-1016

https://security-tracker.debian.org/tracker/CVE-2022-1015

https://security-tracker.debian.org/tracker/CVE-2022-1016

I just spent the whole weekend patching whatever the last kernel vuln was and had to plan around like 20 people's schedules. I thought Meltdown/Spectre was bad, this year is already feeling like that year in repeat.

15 years as a sysadmin, anyone have suggestions for my next career move? Thanks.

discuss

jhugo|3 years ago

If you had to spend the weekend updating kernels, you might want to look at your overall system architecture. Replacing a node with another one running a newer kernel shouldn't be a stressful or time-consuming task; it's part of the normal progress of the system.

WestCoastJustin|3 years ago

This greatly depends on the organisations size and if you're on-prem vs cloud. If you have a small-medium startup with a single product and a fairly simple architecture in AWS this might make sense. But, if you're a bank or something with 1000's of applications, 100k+ servers on-prem, and a global footprint with availability requirements this is a vastly different story.

These are obviously two extremes but you can see there is tons of stuff in the middle two. The larger folks are the ones that are stressed 24/7 even when they have the tools to do it.

turminal|3 years ago

You just made a bunch of assumptions about what their system is and does.

unknown|3 years ago

[deleted]

roomey|3 years ago

Support in a multinational, clock in, clock out.

No stress, (relative to what you are doing now).

You can hand off to another team at the end of your shift.

You got HR, perks, pension etc. You just gotta eat a bit of shit :)

Yes there is a ton of downsides too but look, you are a Linux admin you may as well sit back and use them skills for a while so you can de-stress and get your life back.

Not sure where you are based but there is a massive demand for Linux admins in Ireland (and probably Europe)

unknown|3 years ago

[deleted]

iso1210|3 years ago

Build systems that can cope with the loss of nodes and ideally self-heal if you kill a node.

3np|3 years ago

Do the major distros not share and coordinate such high-impact security issues with each other? 1015 is tracked for RedHat bugzilla since 2022-03-17. Can't find any information relating to Gentoo, Arch or NixOS, and no fix for Debian or Ubuntu.

Is there a patch one can apply in the meantime? The RedHat suggested mitigation requires disabling functionality that is heavily depended on.

ddaalluu2|3 years ago

1st 2 links report cve id not found Redhat & Ubuntu have cookie walls and Debian pages are the only readable without pressing or clicking or agreeing or disagreeing on anything. However none of the sites mention a fix.

What is the fix? Surely they don't release this kind of info without a fix.

mananaysiempre|3 years ago

The oss-security message has the commit hashes, these links (aside from the NVD, which seems to just lack information for the moment) are is only needed to figure out when their backports hit your distro kernel. The answer to that seems to be “not yet” for all the liked distros, which is weird.

I do not see a mitigation mentioned, but the impact of both of these seems to be limited to users with the ability to install nftables bytecode, so it seems having user namespaces disabled (if you don’t need them) would make this irrelevant?

vaylian|3 years ago

Yes, this confuses me as well. It would be good to know what kind of fixes the grandparent has applied.

bigiain|3 years ago

> anyone have suggestions for my next career move?

I'm keeping my eyes open on circus website careers pages. I reckon I'd have way fewer clowns to deal with if I was an actual clown car driver... :sigh:

pabs3|3 years ago

Maybe look at Linux kernel livepatching, that should reduce your need to reboot as often.

voxadam|3 years ago

> anyone have suggestions for my next career move?

https://www.goatops.com/

HenriTEL|3 years ago

At least point 1 is solved now.

jamal-kumar|3 years ago

Infosec

WestCoastJustin|3 years ago

> 15 years as a sysadmin, anyone have suggestions for my next career move?

I made the switch to Technical Product Marketing after 15+ years doing linux sysadmin stuff. This might seem weird at first but all tech companies have complex products that they are trying to sell to a technical audience. Marketing needs technical folks embedded that can translate between the tech stack and marketing speak. You can probably 2x your sysadmin compensation quite easily and offers tons of career growth (developer relations, tons of conference speaker opportunities, become some industry expert, etc).

No idea about your skill set or area of expertise but here's an example from vmware [1]. Just search for "Technical Marketing". The job typically involves doing technical reviews of competitors, something you'll already do when deciding to choose a product as a sysadmin, reviewing internal marketing content to make sure people are telling the truth, doing talks/training, recording demos, interacting with PM/Eng about product releases, testing and writing about new releases, etc. If you like the technical side and don't mind teaching this can be a good transition. You basically leverage all the skills you've built over 15 years and apply them to something else quickly.

The kicker here is that you can just apply to companies where you already use their products and know them inside and out (giving you a massive advantage compared to other people applying). Say, you do tons of AWS stuff, well who better to work with marketing on the technical side then a sysadmin who breaths this stuff everyday, or maybe you're doing stuff on cisco switches [2], or maybe some netapp storage fabric expert [3], same thing. All these companies have technical roles in marketing that want you and it can range from mega corps to cool startups like GitLab [4].

[1] https://careers.vmware.com/main/jobs/R2204162?lang=en-us

[2] https://jobs.cisco.com/jobs/ProjectDetail/Technical-Marketin...

[3] https://jobs.netapp.com/job/Bangalore%2C-Karnataka-Technical...

[4] https://about.gitlab.com/job-families/marketing/technical-ma...

coldpie|3 years ago

As an industry, we need to stop pretending that computer security is a possibility. Assume everyone on the Internet has full access to any network-connected computer, and arrange your affairs from that assumption.

LinuXY|3 years ago

SRE. Learning to build the automation that makes changing the kernel a change to a config file (Ansible/Salt/Nix/etc.) and pushing a button.

staticassertion|3 years ago

It's because of user namespaces lol this is gonna be the next decade, sorry