Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the NSA Can't Replace 90% of Its System Administrators

Posted by Unknown on from the plus-they'll-sink-your-oil-tankers dept.

An anonymous reader writes "Curious about the recently purposed NSA cuts, Courtney Nash explores a few myths about systems automation 'In the aftermath of Edward Snowden's revelations about NSA's domestic surveillance activities, the NSA has recently announced that they plan to get rid of 90% of their system administrators via software automation in order to "improve security." So far, I've mostly seen this piece of news reported and commented on straightforwardly. But it simply doesn't add up. Either the NSA has a monumental (yet not necessarily surprising) level of bureaucratic bloat that they could feasibly cut that amount of staff regardless of automation, or they are simply going to be less effective once they've reduced their staff.'"

14 of 251 comments (clear)

  1. replace Windoze with Linux by minstrelmike · · Score: 1, Insightful

    That's one way to reduce the number of sysadmins effectively.

    1. Re:replace Windoze with Linux by Anonymous Coward · · Score: 2, Insightful

      You're joking, right? It's a way to reduce the amount of money you give to MS, but increase the number of admins you have, or increase the pay of your admins.

    2. Re:replace Windoze with Linux by cheater512 · · Score: 2, Insightful

      Not really increase the number of admins, but I'll give you the last bit about having to pay more.

      "Oh no we now have to employ competent people and they want reasonable wages!!!!!"

      The only reason why there are as many Windows servers out there as there are is because a cheap IT graduate without a clue can blunder their way through it and eventually get the job done. Its not because they are manned by efficient admins who understand the system well.

    3. Re:replace Windoze with Linux by Anonymous Coward · · Score: 3, Insightful

      That's one way to reduce the number of sysadmins effectively.

      I don't think that's true in an enterprise environment with thousands of servers.

      In my experience, it takes a larger installation to justify the team size for a well run Windows Server installation (to administer all of the Microsoft System Center components (SCCM, SCOM, etc)), but once that investment in management tool configuration is done, then administering large numbers of Windows Servers doesn't really take more people than administering large numbers of Linux servers. LIke most MS Enterprise products, the MSC components can be complicated to configure and take a certain amount of dedicated resource to configure and use them well.

      The same scalability may not hold true once you get to Google Scale with a million servers to manage, since at that point you can justify spending a lot more resource on writing custom management and support tools even down to customizing kernels if you want to.

      In a small shop where you may have a few dozen servers, then you may find the MSC tools to be overkill and not worth the effort to set them up well so Linux can be simpler and easier to administer.

      I think people claim Linux needs fewer admins because it has a history of bailing twine and bubblegum configuration management with rsync and ssh-while-loops...

      At around 3-400 servers we implemented Puppet and MCollective with some in-house plugins. Now that I know it well, I seriously wouldn't run ten servers without it.
      There isn't anything really special about Linux that enables these tools to work, and I actually think the Windows Puppet agent gets off easy with NT services vs. init scripts with sketchy status commands, registry vs hundreds of different config syntaxes, and so on.

      So anyway, when I see someone brag about Linux needing fewer admins, I take it the same was as someone saying they get better gas mileage by turning the AC off and rolling the windows down... I guess if you tolerate that you can spend less on a car. Whoopie...

    4. Re:replace Windoze with Linux by Sycraft-fu · · Score: 4, Insightful

      Ya I have to day at my work at least the Linux servers are certainly NOT easier than the Windows servers to administer. The Linux lead spends a lot of time dicking around in the command line messing with scripts and settings to get everything working and managed nice. It works, don't get me wrong, we have a functional setup and process, but this idea that it is somehow easy and magic is false and speaks to a lack of experience.

      When I see someone who proposes something like "replace Windoze (lol I totally stuck it to Microsoft misspelling their software!) with Linux" as a magic fix for needing less people in a big enterprise to me it says this is someone who has installed Linux on their desktop, and maybe a personal web server, and somehow thinks that means they know all about enterprise administration. They figure what is true for them must be true for 50,000 systems. I mean after all, the fact that they had Windows crash on them one time clearly means it is unstable and unsupportable!

      Windows does a lot right for the enterprise. Their authentication service is really good. AD really does the trick for managing a large collection of systems and users. We use it as the backend for everything, Windows, Linux and Mac and yes, we've tried it other ways (we used to do Sun LDAP and IDsync as the backend, what a nightmare to make work). Anyone who says Microsoft doesn't have good tools for large scale management is really just saying they don't have experience in a large scale setting with Windows and other OSes.

      Also that suggestion is funny, given that the NSA likes and uses Linux for a number of things. You might want to look up who gave us SELinux (hint: the NSA). Ever wonder why it has such paranoid, granular, control if you want it? That's why.

  2. the bright side by roc97007 · · Score: 5, Insightful

    > or they are simply going to be less effective once they've reduced their staff.

    Which wouldn't be such a terrible thing.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  3. I'd be far more worried.... by Anonymous Coward · · Score: 5, Insightful

    The worst thing you can do with a person in a privileged access position is tell that person substantially in advance that they have a 90% chance of being made redundant. The overwhelming majority of people are reasonable, rational and won't do anything - but when you have such a large set of people - some won't be so amenable to being pushed out the door.

    In short, I'd be surprised if they haven't created a small army of potential Edward Snowden's through this. Wherever I've worked, if we made a system administrator redundant we'd have disabled their account before they were told and then broke it to them - even if it was under consideration, we'd send them home with pay for the duration - it's just common sense.

    -SG

  4. Only one thing is for sure... by bill_mcgonigle · · Score: 5, Insightful

    ... 100% of potential leakers are now 90% sure that they're going to lose their job anyway.

    Carry on, NSA.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:Only one thing is for sure... by bill_mcgonigle · · Score: 4, Insightful

      also denigrating the character of System Administrators as a class, that they would betray their country over a job

      Quite the opposite - they appear more likely than typical to betray their job for their country.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. Re:outsource to F*** Up and give up control of dat by Zontar+The+Mindless · · Score: 5, Insightful

    Hello? Have you have your sarcasm detector surgically removed?

    And please don't do that fucking boneheaded bit with the fucking asterisks. If you're really fucking old enough to say "fuck" and that's what you fucking mean, then fucking say "fuck", already. Otherwise, just fucking use a different fucking word.

    --
    Il n'y a pas de Planet B.
  6. Re:We know nothing by Anonymous Coward · · Score: 2, Insightful

    then isn't this discussion even more of a waste of time than usual on slashdot?

    Law of headlines... no. It's probably about the same amount of time wasted.

  7. Re:SPOILER ALERT by colinrichardday · · Score: 2, Insightful

    Plain and simple the federal government is suposed to be small, the states are suposed to be the ones with the power.

    And who is supposing this? Also, people might have had more sympathy for States' Rights if states didn't use them to oppress people.

  8. Re: Laying off Americans, hiring Bangladeshi ? by Mabhatter · · Score: 4, Insightful

    SILLY RABBIT!

    The NSA will just set up shop in Dubai, with their other Haliburton friends... They will import labor that can barely speak English, and with Dubai's labor laws they can literally padlock the employees to the desks.

    Manning and Snowden both prove anybody not an "Inquisitor" for the team is a liability to the cause. They consider themselves OUTSIDE the law, don't expect them to learn the lessons we think they should.

  9. Re:change of title? are all IT system administrato by aaaaaaargh! · · Score: 4, Insightful

    My guess is a change of title, too.

    I don't understand why the news and journals report what the NSA announces. For a long time this agency didn't even exist officially. They are allowed and expected to lie about absolutely everything, there are not even reliable records on how many people they employ. Their official statements are and have always been deliberate bullshit and disinformation. It's pointless to take into account anything they say about themselves at all.