[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: certification

To: paw@northstar.dartmouth.edu
Subject: Re: certification
From: Stephen Potter <spp@psasolar.psa.pencom.com>
Date: Mon, 09 Mar 1998 10:16:41 -0600
cc: spp@colltech.com, sage-members@usenix.org
In-reply-to: Your message of "Mon, 09 Mar 1998 10:57:09 EST." <199803091557.KAA11212@phibes.dartmouth.edu>
Sender: owner-sage-members@usenix.org

Lightning flashed, thunder crashed and paw@northstar.dartmouth.edu whispered:
| Stephen Potter opines:
| 	Lightning flashed, thunder crashed and Greg Rose <ggr@qualcomm.com> whi
> spered:
| 	| 1. a group which accepts information via a secure
| 	| Web form, but then wants to keep the information
| 	| secure; the info is PGP encrypted in the CGI
| 	| script and sent off to a "drop box" machine, which
| 	| accepts this stuff but otherwise doesn't talk on
| 	| the net. Being able to organise something like
| 	| this is not trivial, and not a common skill among
| 	| sysadmins.
| 	
| 	There's a good reason that skill isn't common among SAs.  It isn't an S
> As
| 	job.  This should be the job of a web developer, a programmer.  SA are 
> not
| 	programmers.
| 	
| Maybe not, but if you think SAs don't have to do this sort of thing, you're
| living in a different reality from many of us.  A mere programmer wouldn't
| necessarily understand all the security ramifications of such a system, and
| *someone* has to set up the box and webserver...

Setting up the box and the server have nothing, specifically, to do with
this example.  This specific example is far over the line between what is
an SA type of job and what is a developer type of job.  I may be in a
different reality, but if so, so are the last seven clients I've had.  All
of them had developers who were supposed to do this kind of programming.
If the developer doesn't know the securitiy implications, he should know
how to find out, by using resources he has available.

| Greg's not saying that _every_ SA needs this skill, but some do.  In any
| case, Knowledge Is Good.

If "Knowledge is Good", and therefore is all that is needed in order to
have a merit badge, I'd like to see a merit badge for "Automobile
Maintainence".  After all, out there somewhere, there's probably an SA who
runs the computerized systems in a large mechanic shop.  He most likely
needs to know how to do some basic maintainence in order to test and
install systems.

-spp

References:
- Re: certification
  - From: paw@northstar.dartmouth.edu

Prev by Date: Re: certification
Next by Date: Merit Badge thing
Prev by thread: Re: certification
Next by thread: Re: certification
Index(es):
- Date
- Thread