I’m sure the job postings will say, but many dev ops roles are looking for someone with senior experience. Like 8-10 years or the resume is ignored.
Id say the way to beat this is look for tier iii roles for folks that don’t know what they need is dev ops. Explain the value of what you want to do as a sysadmin to bring value. Then just write dev ops on your resume when you wind up doing dev ops.
100% building a home lab and being able to talk about it openly, from memory, in your own words, from experience, is invaluable for interviews.
I might update this. I might not. I have a lot to say but In out drinking.
All I will say now is save this list. You’ll look back at it in 5 years and wonder what half of those things are.
…
Okay a bit more from the bar:
If you want dev sec ops, grafana, elk, build dashboards, get your agents setup in your fleet, get it all secure locally. That alone will impress any interviewer who knows anything.
Dev ops specifically? Focus on building a local GitLab instance. Use grafana to monitor it. Run some app that has a busy db. Grafana dashboards on that. Oh my goodness, what a HOG you are GitLab! Tune it for your env. Purposely misconfigure something to watch, idk, the RAM keep growing because you didn’t setup redis or some shit.
The sea is vast. You’re hungry. Employers will see that once you land interviews.
If you want a ton of dev sec ops ideas, I am a good sounding board. Regular dev ops isn’t my daily grind so I know a bit less. What I do know is if you’re not ready to rebuild a multi node cluster some night after hours, you’re not quite a boss (doesn’t mean you’re not ready). So, emulate that nightmare.
Back to drinking 🍻
Edit: double check your *arr ideas bc afaik most of those were abandoned after a few major vulns were uncovered. That was months ago so that may be old hat.
Yep.
It’s like they wanna get bought to compete with GitHub or something.
They’re moving fast and breaking things. And bloating their product in the process. In the last 24 months they paid over $1M to a single bug bounty hunter who basically took them to the cleaners.
But totally agree. It’s the best UX, best product for home lab or even small enterprise use if you’ve got someone to get it tuned appropriately.
While I agree, out of the box the configs ARE NOT for home lab use.
Why this matters –
Traefik’s configs are a little less cumbersome if you’re managing a lot of services.
Black holes not only don’t have surfaces, they dont have suns.
When a CA issues an SSL/TLS certificate, they’re required to submit it to public CT logs (append-only, cryptographically verifiable ledgers). This was designed to detect misissued or malicious certificates.
Red and Blue team alike use this resource (crt.sh) to enumerate subdomains.
Idk of any good series but techno Tim has a great video on using cloudflare and traefik to get wildcard letsencrypt ssls for your docker services.
I think the bulk of users are running discarded junk and raspberry pis.
That was me, I built a ~$5k rig and now some of what I’m doing is just nonsense of a typical self hoster, so the point is somewhat valid, but even those like me mostly started out with discarded junk and raspberry pis.
Docker used to scare me until I tackled a project that required me to use it. Then I realized I learned it without knowing I’d learned it.
Are the two servers on the same LAN? Did you update all configs for the new servers address?
Is the docker container spinning up and running, or failing and exiting?
Run docker ps, it’ll tell you how long your containers have been running or if they exited.
If everything is running then it’s most likely network, and I’d need to know how it is you used to access it on the old server (web address? Ip?)
If it’s not running then you get to dig through error logs to get to the next step 🤓
What do you mean “doesn’t have the same way”?
My first method eliminates waiting to see if your students code runs fast enough. Unless complexity is part of the assignment, I’d still say go for the hash.
It’s also less work for the professor/grader.
I mean just for the love of God don’t spin up something on your company’s infrastructure that accepts file uploads.
Just don’t.
If you’re reading this and going “well, it’s just internal,” or “well, it doesn’t do much it just accepts this exact file type.” My god. Ask your CISA. And if they’re okay with it, cool. That’s on them.
Unless your whole business is transferring files, don’t. And even then… Don’t.
And if you’re still confused, the answer is to use another company’s infrastructure for this. Use Azure. Use AWS. Use Google cloud or even g suites. Don’t accept that liability. Let the trillionaires do it.
Why give your students a way to get RCE on your institutions servers through anything less than perfect file upload implementation.
For a .tar? I wish you the best…
Instead of that, simplify.
Use unique salts for each assignment per student.
Align hashes with those salts to check the outcome for each students assignment.
Literally have them send you a CTF style sha256 string.
Do it step by step where each step doesn’t depend on the next, grade as a percentage of flags accurately procured.
For getting your stuff available over the internet, y I recommend a secure tunnel with wire guard between your vps and servers running the services.
Make your vps an authentication portal using stuff like Authelia and Fail2ban.
If you’re really needing out, get ELK stood up for free and get agents on your containers/services to keep visibility into any potential… Anything
Show it.
Take for example the case where person A has blocked person B.
Person C comments. Person B responds.
New thread, same post, person C comments about how some people think like person B, and quote them.
As is the current case, person A can see this quoted material. It’s just text. It’s not in any programmatic way tied to the person B account.
We don’t need to change this just because it’s a child comment of person B.
Been doing this with a warning system. I tag shitty people and block them if I see a person who is tagged acting shitty.
2 years in, no regrets.
I do wish Lemmy would fix the blocking system though. If someone who I’ve blocked responds to me, I don’t see it. Fair enough, but I also don’t see what people who respond to that say. I feel like it should just show the username as [blocked] and the content as [hidden] with an option for me to show that content/username, while keeping the rest of the child content fully visible.
So oddly tier iii is just tier 2. Most places don’t have a tier 2.
1 years experience as sysadmin is great. Here’s the neat little trick no one tells you: what you say your job is on your resume should reflect WHAT YOU DO. Not the title of what you were hired for
Are you doing dev ops at a small outfit as a support engineer? Your resume should not say “support engineer.” It should say what your tasks reflect to the market. Not what some dude said your position is.