Slashdot Mirror

There is one, http://www.sage.org/ethics/

That's an excellent point. Here is an excerpt from the SAGE System Administrators' Code of Ethics:

Privacy

        * I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.

Except that my accountant has her CPA - a real life honest to god certification. (Not the take-a-class-and-take-a-test mickey mouse 'certifications' of the IT industry.)

She also has a code of ethics, belongs to a serious professional organization, and has a body of law that restricts what she may or may not do and an oversight organization over the top of all of that.

Pretty much none of which IT 'professionals' have.

There's always Sage, which is a step in the right direction.

Its not that "the need for the users to have a friend that they can goto with their questions", but rather Linux users need more friends. Lets admit it, we don't have many that we've met in person.

Maybe, but it's not like there are not plenty of oppurtunities to utilize.

Go to one of the SAGE conferences, and you will have a hard time finding a Windows notebook, other than the Microsoft employees. They are pretty scarce at the O'Reilly conferences as well. (Yes, I only use Linux on the desktop.)

Here are a few things that have helped me out:

• The big one: go to LISA. It can be tough convincing the boss to send their one-and-only IT guy, but it's an incredibly exciting environment. You'll learn lots, you'll meet lots, and you'll get to rub shoulders with people doing incredible things -- and people in the same boat you are.
• If you can't go to LISA, start reading their proceedings. They've just opened up everything to the public (previously you had to wait a year if you weren't a member), and there are some incredible gems to be found. The MP3s from LISA '07 weren't as good as being there would have been (sob), but they're still damned good.
• You should still get a membership in SAGE. Subscribe to the mailing lists, get a subscription to ;login:, and inhale deeply.
• Look around for professional organizations to join, or other opportunities. There's a sysadmin group at the university where I work; there's also a committee trying to figure out what the university's IT strategy should be for the next 5-10 years. I've been lucky enough to be involved with both, and they're interesting. Sure, I run a small shop, but I've rubbed shoulders with (well, envied from across the room :-) the guy in charge of a cluster of computers that'll be processing data for the ATLAS experiment.
• Start your own techy/sysadmin conference, a la LUGRadio Live. No, LUGRadio Live isn't particularly sysadmin-oriented, but I have the strong impression that the organizers just decided they wanted to hold their own conference, and they did. And if you look at the schedule for their US conference, it's got a damned impressive list of presenters. (I'm considering starting a sysadmin conference next summer in Vancouver, BC...anyone interested?)
• Other sources of info: Planet Sysadmin (disclaimer: they've got my blog in there), ONLamp, and your local LUG.

Hope this helps!

Sage has one also:

http://www.sage.org/ethics/

And so does SAGE (for system administrators), more to the point: http://www.sage.org/ethics/ethics.html

http://www.sage.org/ethics/

The SAGE Code of Ethics touches on this a little. IMHO, Employees should be able to have a reasonable expectation that IT won't be spying on everything they do for no valid technical reason. Yes I know it's the companies computer by law, but that doesn't mean that you have an automatic (moral) right to go rifling through it, much like the custodian doesn't have a right to go rifling through your desk.

That said, if you are going about your normal duties and find such crap, feel free to turn them in.

I'm stealing this from training I went to at LISA last year: you tell the LEO (law enforcement officer) politely, but firmly, that as company policy you're happy to help, but all such requests must be directed to the legal department.

The legal dep't will look at it and decide what to do, and then you do it. They know their job, you know yours; they don't make decisions about storage capacity or OS support, and you and I don't make decisions about constitutionality or legality. And if/when you've got the information they're looking for, you pass it back to the lawyers and they hand it over to the LEO.

This covers your ass, your company's ass, and the LEO's ass (assuming you or your friends aren't being socially engineered). Any LEO should be happy to talk to the lawyers.

Now, all that said...I realize that this leaves out questions of conscience. If Mark Klein hadn't had spilled the beans, we'd have been a lot longer finding out about this problem. But as a rule, I think those situations are rare; most law enforcement stuff is <handwave>your garden variety stuff -- robbery, fraud, yadda yadda</handwave> (sorry, no citation to back that up) -- and the odds of being involved in something truly offensive is pretty slim. I hope it stays that way.

OK, so you believe that by posting as anonymous, that there is no way it could be tracked back to me? And you believe this in context to a story on a people tracking system?
Dude, spend less time jerking off, your brain needs more exercise.
Every ISP tracks and maintain logs of IPs, and dial in times for dial up customers. Many countries are introducing or have passed laws making it a legal requirement. Many (most?) ISPs are already doing it out of courtesy to law enforcement (wouldn't want to piss off the cia or interpol now would you?).
Some quick unfiltered results from a google search for those who are challenged in using a tool like google;
http://www.sage.org/lists/sage-members-archive/200 2/msg01352.html
http://news.com.com/2100-1028_3-6156948.html
http://tools.ietf.org/html/rfc3871
http://safari.oreilly.com/0130454966
http://news.zdnet.com/2100-1009_22-5748649.html

A quote from the last article;
A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."
So brave man go ahead, post any classified secrets you know of as AC on slashdot and see if anybody is listening - that is IF you know of anything classified, somehow I doubt that you do.

If you already have a Windows Server in place, consider installing Citrix as a simple applications server and letting most users access a single copy of MS Office installed on the apps server rather than giving each and every one of them their own installation. It's almost certainly a less-expensive (and still legal) solution than buying enough Office licenses for every desktop and, assuming reasonable usage patterns, should provide a good end-user experience.

It is not acceptable, as an alleged professional, to willingly or by policy violate the laws of where your business is located.

I know it sounds like a pain, but you should stand up for your professional ethics. If they are crazy enough to fire you for refusing to break the law, you should deal with the wrongful termination appropriately. As a refresher, our professional ethics are well summarized HERE.

If they asked you to go out in the parking lot and siphon gas from random cars rather than submit a travel reimbursement because the "budget is tight", would you? Would you shoplift copies of the software from BestBuy for them?

Write up a small presentation listing the various options and their costs and drawbacks:

• Full licenses for all desktops
• Full licenses for power users and a citrix server
• Full licenses for power users and openoffice for others
• Google Documents

Illegal options aren't really options and should be neither offered nor considered.

While it may not qaulify as a mandetory code of ethics, I'd encourage you to read the SAGE System Administrator's Code of Ethics
We as professional System Administrators do hereby commit ourselves to the highest standards of ethical and professional conduct, and agree to be guided by this code of ethics, and encourage every System Administrator to do the same.
Professionalism

        * I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.

Personal Integrity

        * I will be honest in my professional dealings and forthcoming about my competence and the impact of my mistakes. I will seek assistance from others when required.
        * I will avoid conflicts of interest and biases whenever possible. When my advice is sought, if I have a conflict of interest or bias, I will declare it if appropriate, and recuse myself if necessary.

Privacy

        * I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.

Laws and Policies

        * I will educate myself and others on relevant laws, regulations, and policies regarding the performance of my duties.

Communication

        * I will communicate with management, users, and colleagues about computer matters of mutual interest. I will strive to listen to and understand the needs of all parties.

System Integrity

        * I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.
        * I will design and maintain each system in a manner to support the purpose of the system to the organization.

Education

        * I will continue to update and enhance my technical knowledge and other work-related skills. I will share my knowledge and experience with others.

Responsibility to Computing Community

        * I will cooperate with the larger computing community to maintain the integrity of network and computing resources.

Social Responsibility

        * As an informed professional, I will encourage the writing and adoption of relevant policies and laws consistent with these ethical principles.

Ethical Responsibility

        * I will strive to build and maintain a safe, healthy, and productive workplace.
        * I will do my best to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers.
        * I will accept and offer honest criticism of technical work as appropriate and will credit properly the contributions of others.
        * I will lead by example, maintaining a high ethical standard and degree of professionalism in the performance of all my duties. I will support colleagues and co-workers in following this code of ethics.

Draft of September 12, 2003, approved September 18, 2003, by the SAGE Executive Committee and September 30, 2003, by the Ethics Working Group.

Co-signed by LOPSA, USENIX, and SAGE 2006.

USENIX grants permission to reproduce this Code in any format, provided that the wording is not changed in any way, that signatories LOPSA, USENIX, and SAGE are included, and that no other signatory or logo is added without explicit permission from the copyright holders.

http://www.sage.org/ethics/

Yeah, great that you are shilling for IronPort, too bad they play both sides of the spam game to their own advantage - arms dealers.
Look, the famously pompous internet ass Brad "I am associated with the _reference_ implementation and it is perfect, so don't question it*" Knowles doesn't like them:
sage blah blah blah

* Although, for some unknown reason, he basically retracted most of his vemonous "OpenNTPD sucks, I am associated with the reference implementation" rant -
I wonder who got to him and told him to STFU? ...

Check out the SAGE sysadmin toolbox page, and scooch down to "What's the scoop on hearing protectors and noise-cancelling headsets?". (The whole damn page is useful, too...)

Any company should have reasonable policies in place (so that employees at least know when and why data may be accessed) and should employ Systems Administrators that take their Code of Ethics seriously.

Any employee who indicates by deed or word that they aren't willing to live up to that level of professionalism should not be allowed access to sensitive or private data.

I don't know about other folk, but I subscribe to these:

http://www.acm.org/constitution/code.html
http://www.sage.org/ethics.mm

Ask your IT colleagues if they've heard of them.

I might guess that most USENIX, SAGE and LOPSA members are well versed in open source tools.

You could try the respective jobs boards:

• http://www.usenix.org/jobs/
• http://www.sage.org/jobs/
• http://lopsa.org/jobs

I might guess that most USENIX, SAGE and LOPSA members are well versed in open source tools.

You could try the respective jobs boards:

• http://www.usenix.org/jobs/
• http://www.sage.org/jobs/
• http://lopsa.org/jobs

I might guess that most USENIX, SAGE and LOPSA members are well versed in open source tools.

You could try the respective jobs boards:

• http://www.usenix.org/jobs/
• http://www.sage.org/jobs/
• http://lopsa.org/jobs

A SAGE membership on the other hand... that I would give

Well, I would say the salary survey is the least important thing they do, but if you are concerned with system administration as a profession, ethics, or training, I would say SAGE & USENIX are the two most important organizations available. And it's $155 a year if you want any more than the survey, plus fees for the conference, so it sounds like you really have not seen the real benefits. Try LISA, you will not be disappointed. (;login is good also)

Maybe you need to rethink your goals?

I'm sick of seeing "open" or "market" for salary ranges.

I'm sick of seeing job postings that want someone to be experts in Cisco, Windows administration, Exchange, AD, Linux, Solaris, Oracle, SAP, and perl scripting experts for $60k.

I'm sick of seeing job postings with technology contradictions, including requiring more years of experience with a technology than it's been around.

I'm sick of seeing job postings for jobs that don't exist -- find a way to penalize recruiters who post non-existant jobs for resume collection.

I'm sick of seeing job postings which misclassify jobs entirely. Find standardized ways of describing a position, like using SAGE's job descriptions -- http://www.sage.org/pubs/8_jobs/core.mm

I'm not making a value judgement. I am commenting on the way things are. If you access a computer not administratively owned by you, or do not have a release to do so, in the eyes of the law, access other than intended (regardless of intent or level of information leak) will probably be seen by a court as a violation of the law.

If you do security, infrastructure, and/or server integration that is the standard you have to adhere to avoid the "appearance of impropriety" and any snafu's that might come up in western law.

Additionally, he also should have taken note of this:

http://www.sage.org/ethics.mm

A previous poster mentioned cfengine briefly. If I understand cfengine correctly, it may be just what you're looking for.

Also, if you're the sort who can/does go to conferences, the LISA '05 conference (Dec. 4-9 2005) features several sessions on cfengine by Mark Burgess. (LISA is the "Large Installation System Administration Conference", put on by USENIX and SAGE. There's also a conference BLOG, and this is the link to the tech program info.

I've been invloved with SAGE, the
professional organization for sysadmins, since it was created in 1992
and have been a PHB for a while longer. Year after year, one of the top
three complaints that sysadmins have about their boss is that the boss
doesn't understand what they do. (Bear in mind that having a boss that
does understand what you do is a two-edged sword :) ).

If having a clueless boss bugs you that much, I'm afraid that your only
professional alternative is to find a new job. You can try "shooting"
your boss by going to the top, explaining the situation and trying to get
him replaced, but if you fail, you're likely to get shot yourself.

Good luck.

Go read the SAGE descriptions>/a> of a senior sysadmin. System administrators worth their paycheck DO do development. Development isn't their primary responsibility, but it's quite hard to really manage systems without doing any programming.

Furthermore, just you do you think wrote a good chunk of the open source software that made Linux / BSD / FOSS what it is today? I'll give you a hint. It was people trying to make their own job easier to do... Unfortunately, only a small fraction of sysadmin development is released to the world due to company policies. Much of the FOSS tools were done by university sysadmins (which I would consider a "Large Environment.") Banks are "atypical" environments due to special federal regulations, security concerns, etc. (I did a stint at a bank a few years back, so I'm well aware of what goes on internally) so if you are using "banks" as a measure of all large IT shops, you are using a flawed reference.

One of them didn't have any - pure scholarship play. Another went to UMass, and had about $20K - apparently perfectly managable. I don't know about the third. But what's your point: people should be paid more if they have student loans? I think not. It's a choice. And if you're really good, you don't need loans at all.

And who allows those technical workers to answer the survey? Who pays for their time to do so? And who are these "technical workers" anyway, when nobody bothered to ask at any company I've ever worked for (and in fact, most of those companies had rules about discussing salary at all, in hopes of keeping us from organizing the workers).

It's called the Internet. You should try it sometime. Visit SAGE here. If you truly believe they are in the pockets of big business, and you can't see how employees could possibly answer their surveys, then I have a fine line of tinfoil headwear to sell you.

This?

FYI - as far back as February 2002, Sage-IE - http://ie.sage.org - has been involved in various forums, and discussions with relevant bodies in the Republic of Ireland. Sage-IE also held a symposium on this issue, which was very well received. Details on Sage-IE's involvement can be found at http://ie.sage.org/tdr The topic of TDR is a hot one in Ireland, and one that Sage-IE is continuing to be actively involved in

FYI - as far back as February 2002, Sage-IE - http://ie.sage.org - has been involved in various forums, and discussions with relevant bodies in the Republic of Ireland. Sage-IE also held a symposium on this issue, which was very well received. Details on Sage-IE's involvement can be found at http://ie.sage.org/tdr The topic of TDR is a hot one in Ireland, and one that Sage-IE is continuing to be actively involved in

Find a local consultancy (ask around, get recommendations, and perform interviews, maybe start with your local sage group) that's full of a bunch of Unix gurus, and contract one or two to act as mentors for about two weeks. Do not settle for anyone with less than about 7 years experience with Unix, and 5 years experience with Linux. Make sure and have a list of tasks (setup an email server, setup a webserver, configure backups, that kind of thing) that are indicative of your needs, as exercises which will help you learn the platform. These folks will be top-notch- do not expect to pay $40-60/hour "Windowz" type rates. For an 80 hour engagement, $12,000 per guru would not be unusual. Negotiate a money-back guarantee at least based on your task list as a set of deliverables. (We do this frequently).

After your two weeks, make sure you contract with either the same company, or RedHat (or whomever) for ongoing escalation support for when you get stuck.

I'm a strong proponent of the mentor approach. I've been on both sides and can attest to the success, IF you have a good mentor. Books are a good reference, and a class is a good generic 'crash approach', but consider how valuable it would be to have a guru or two immersed in your environment, with you and your staff present and participating.

This link might also help you find good mentors.

Good luck!

Find a local consultancy (ask around, get recommendations, and perform interviews, maybe start with your local sage group) that's full of a bunch of Unix gurus, and contract one or two to act as mentors for about two weeks. Do not settle for anyone with less than about 7 years experience with Unix, and 5 years experience with Linux. Make sure and have a list of tasks (setup an email server, setup a webserver, configure backups, that kind of thing) that are indicative of your needs, as exercises which will help you learn the platform. These folks will be top-notch- do not expect to pay $40-60/hour "Windowz" type rates. For an 80 hour engagement, $12,000 per guru would not be unusual. Negotiate a money-back guarantee at least based on your task list as a set of deliverables. (We do this frequently).

After your two weeks, make sure you contract with either the same company, or RedHat (or whomever) for ongoing escalation support for when you get stuck.

I'm a strong proponent of the mentor approach. I've been on both sides and can attest to the success, IF you have a good mentor. Books are a good reference, and a class is a good generic 'crash approach', but consider how valuable it would be to have a guru or two immersed in your environment, with you and your staff present and participating.

This link might also help you find good mentors.

Good luck!

If you choose the SysAd route, you'll likely have to start with a HelpDesk/Desktop support position and work your way up. You'll need to be able to organize and prioritize your work ruthlessly, learn to deal with the stress, health challenges, and lack of satisfaction of a workload that cannot ever be finished, deal professionally with unreasonable customers (not to mention co-workers and supervisors), and maintain unquestionable integrity and sound judgement. If you can do that and stay positive and motivated, I guarantee you that you will advance rapidly in just about any organization.

- Gregg

If you choose the SysAd route, you'll likely have to start with a HelpDesk/Desktop support position and work your way up. You'll need to be able to organize and prioritize your work ruthlessly, learn to deal with the stress, health challenges, and lack of satisfaction of a workload that cannot ever be finished, deal professionally with unreasonable customers (not to mention co-workers and supervisors), and maintain unquestionable integrity and sound judgement. If you can do that and stay positive and motivated, I guarantee you that you will advance rapidly in just about any organization.

- Gregg

> An experienced systems administrator
> can expect to earn a salary in the
> US$50,000 to mid- to upper-$60,000 range.

Hm, the _average_ in the SAGE survey in 2002 was $67,600. But I guess that's more or less in the ballpark.

A short book I wrote on the subject is available from USENIX/SAGE.

Well, according to SAGE, programming is a skill sysadmins should have. For everything above a Level 1 admin programming is a desirable or required skill. Yes, yes, scripting isn't really programming, but still. The upper level admins should be required to have knowledge of an actual programming language.

I'm fairly certain that a straight sysadmin job will most likely not require the same level of programming skill that a job that has programming as a job duty would. My sysadmin job doesn't require it. But it sure beats clicking a dozen times through some GUI on 800 different computers. So first it saves me time, then it saves my organization time, which ultimately saves money.

"Hey, look at me! I'm replacing redundant co-workers with very small shell scripts!"

I've just written a short book on this. Documentation for SysAdmins, SAGE/USENIX's 11th short-topic book, should be available shortly (probably at LISA 2003.

Global economy certainly did not grow 10% in the past few years. You do the math.

I honestly don't give half a shit about the global economy. I only care about the US... and in the tech industry, according to SAGE, the average raise in the past year was 8% or so. That's close enough for me to say it's fair.

Anyway is'nt it funny that US Tech industry is going downhill for the workers whil the Industry is making money for the "bosses" (and the investors)?

I know it might trump your little party for the poor, helpless little people that make it all happen, but my salary has been steadily going up for the past 5 years, despite the tech bust. In 1999, the median salary for a US Systems Administrator was $64,271. As of 2002, the average salary was $67,675 ($67,920 for males, and $64,946 for females).

So even through a massive recession, and firings and layoffs, the average salary is 5.296% higher than it was 3 years earlier. So, which industry is going downhill again?

Anyway is'nt it funny that US Tech industry is going downhill for the workers whil the Industry is making money for the "bosses" (and the investors)?

I know it might trump your little party for the poor, helpless little people that make it all happen, but my salary has been steadily going up for the past 5 years, despite the tech bust. In 1999, the median salary for a US Systems Administrator was $64,271. As of 2002, the average salary was $67,675 ($67,920 for males, and $64,946 for females).

So even through a massive recession, and firings and layoffs, the average salary is 5.296% higher than it was 3 years earlier. So, which industry is going downhill again?

In the field of system administration, there are no more professional organizations than SANS and SAGE. SAGE is actively working to make itself more relevant to system administrators, and serve their needs and desires even better.

You can either believe me, or go to the SAGE web page at www.sage.org and see for yourself. If you think they're not doing something right, I encourage you to volunteer to help fix whatever you think is wrong.

Disclaimer: I am a member of SAGE and trying to do what I can to help make it a better organization.

-Robert

I can't find anything definitive, but you might want to look at the Salary Surveys from SAGE. It seems fairly clear that there are more System Administrators that work with *nix than Windows. As of 2000, 69.7% worked with Solaris, while 66.6% (666? a sign, maybe?) worked with Windows NT. Linux was just a bit below that, at 62.8%, while Windows 2000, having just come out that year, was behind at 45.1%.

Of course, that WAS 3 years ago, and I don't have a membership to SAGE, so I can't tell what 2001 looked like... But it seems that there's more Sys Admins out there working with *nix than with Windows... hmmmmm.

I can't find anything definitive, but you might want to look at the Salary Surveys from SAGE. It seems fairly clear that there are more System Administrators that work with *nix than Windows. As of 2000, 69.7% worked with Solaris, while 66.6% (666? a sign, maybe?) worked with Windows NT. Linux was just a bit below that, at 62.8%, while Windows 2000, having just come out that year, was behind at 45.1%.

Of course, that WAS 3 years ago, and I don't have a membership to SAGE, so I can't tell what 2001 looked like... But it seems that there's more Sys Admins out there working with *nix than with Windows... hmmmmm.

Check out the SAGE site. They've already done everything you suggest.

System Admins should follow a formal code of ethics, just like any other profession. (i.e. accountants) Obviously, they do not always do so.

One good start might be to look at existing codes of ethics from professional bodies, like SAGE. Here is theirs