A Few Things I’ve Learned Over The Last 3 Years – 2023 Edition

Education Is Over Rated

Why would I say something like that? Is it because I haven’t finished my degree? Well, maybe that is part of it, but over the last decade or so I’ve seen a lot of people come and go who both have, and don’t have a college degree. While I think college can be a great way for someone with no prior experience to get a little experience on tools they will use, I’ve found that most people who are good at what they do aren’t good because they went to college, but good because of their life experience. This experience can be both professional or done as a hobby. I started out in Linux as a hobby and I grew it into a career.

Perhaps a bit more detail here is required. As an example, while I was enrolled in college I took at MySQL class. I thought this is going to be so easy since I’ve worked and done functions of a DBA (Database Administrator) for a few years, how hard can it be? Well it was one of my toughest classes because we didn’t focus on using databases so much as we spent trying to understand what you can do with them. This included things like how would we use things like stored procedures, what is a one-to-one vs a one-to-many relationship look like, but hardly spent any time entering or retrieving data. Now this is just one example, and maybe not even the best. What I’m getting at is sure you can take a class, but do you really know how the product works? I’ve found that college will give you a base understanding, but no real world experience.

Maybe I am a bit bias in this idea, but in some places I’ve worked, I have found that when ever we are bringing someone on board, those with 4 years of professional experience are far more valuable that those who spent the last 4 years in college. I will never understand why some places will say “If you want to work here you can either have a Bachelors degree or 8 years professional experience”. Who in their right mind thinks those are equivalent? Maybe that was true a long time ago, but I would rather hire a kid who has been screwing around in Linux while living in his parent’s basement for the last few years than someone fresh out of college. That’s just my 2 cents.

Some Certifications Shouldn’t Expire

Everyone these days seem to be issuing out certifications these days. There is everything from CompTia to Microsoft, Cisco, and ISC^2. Now there are some that are more valuable than others, like the CISSP (which at the time of this writing, I’m currently studying for), and others like the Network+ which you must renew ever few years. I don’t think networking is really changing that much guys. In my mind, if you got the certification once, you are good forever regardless of if you renew or not. Some like the CISSP where things are changing constantly, I can understand having continued education to keep being certified, and I like that you don’t have to retest unless you let your cert expire.

Linux Is Not Always Secure

There is this belief that Linux is more secure that other operating systems. While that might be slightly true in some cases, the default installs are not always the best. Some are better that others, like having SELinux enabled by default can provide a lot of additional security, but if you don’t have a firewall installed, what’s the point? All systems need to be properly configured after setup. This means everything from the firewall, iptables, SELinux, to server configurations like Apache or NGINX. I’m sure I can write many examples of this, but I’ll pick just one I’ve seen in the past. I was doing some contract work for a small business and they were using git for their website code. Once a new versions of the site was ready they would log into the production server and perform a git pull. Now a bad way to easily update with good roll back capabilities. The problem was no one configured Apache to block access to the .git folder. When I discovered this I decided to see what I could find in there. Oops, looks like someone accidentally committed some passwords a while back and it was still in the git commit history. I was able to access this information from anywhere. So I quickly added a couple lines to the Apache config to block access to the .git folder and simply provide a 404 error page. Remember, you’re only a secure as your weakest point.

Commercial Solutions Are Not Always The Best Solution

There is this idea that if you want a good solution, you need to purchase it. Now there are exceptions to the rule, like how I prefer to run my own mail services for my sites, it would be much easier to pay Google $5 a month per address and then I don’t have to deal with spam as much and I get address book and calendar functions without the need for goofy addons, but where’s the fun in that? One example I’ve seen, and I don’t want to pick on anyone, but when it comes to development teams needing a project management platform, I see a lot of users going to something like Jira. Now I’ve never been a fan of Jira, but I’m also not trying to knock it for those who like it. Fun fact, I’ve now helped 2 previous employers and 3 other clients move off Jira to other solutions, but that isn’t what I’m talking about today. There are many other tools out there that are great for project management that can be self hosted and potentially save a lot of money. As per my example with Jira, it is expensive for large teams. I’ve seen places that will spend upwards of $150K a year for it! I’m a huge fan of Redmine, and it is free and open source. You can hire someone to maintain that for less than the cost of a Jira license and have unlimited users. Now I’m not saying Redmine is the best all over solution. I’m just saying that there are open solutions that might be better in that paying high prices for proprietary software.

Another example is dropbox. I actually like dropbox for a few things, and for paid solutions it might be one of the best, but have you ever heard of Nextcloud? You can do everything you can on dropbox, but without paying that $10/user/month fee. Which can add up quickly. You can run Nextcloud on AWS and use an S3 bucket for storage, and if you know how to configure it right, it will be just as safe as dropbox, but you are in full control of your data.

There are always open solutions to paid software. Also, in case you weren’t aware, I’m an advocate for open source software and so I have a bit of an agenda.

WordPress Isn’t All That Bad

Why all this hatred for WordPress? I like it. This site is built on it. I have done many projects in the past revolving around it. The number one thing I hear is it isn’t secure, number two is that it is built on PHP and PHP sucks. Well I value your opinion and believe you are welcome to it, but I think you’re wrong. To start with PHP drives the internet. Many of the largest sites are built on PHP, like Facebook! Second, the makers of WordPress are continuously working on it for new features and bug fixes. The best way to keep secure is to not allow write access via the web console (except for your uploads folder), and use a tool like the wp-cli to keep your installation, plugins, and themes up to date for you. I have some sites that check for updates daily. Now because you nay sayers say something like, well a new version can break things and you shouldn’t auto update… well, you’re right… in some cases. In important production environments, like lets say you use WordPress for your corporate site, maybe you shouldn’t auto update, but you can on a dev version of the site and once a new version of WordPress comes out, you can test and then deploy to production when ready.

Working From Home Is Awesome!

I’ve been fortunate that since COVID-19 struck my employer has moved to a work remote system. We thought it wouldn’t last because so many companies love seeing people in their seats, but management has keep very good track of things and found that most employees work more from home than in the office. Often there are fewer distractions like chatty coworkers, that will keep you off task, but also a worker that doesn’t spend time commuting in and out off the office every day is happier. No one likes sitting in traffic every day, and due to housing prices, there are people who must live up to or over an hour away from work. I’ve done the hour long commute before and it isn’t fin and burns you out. We are far more production, and I feel like I am as well. It is great being able to roll out of bed, get the kid off to school and start working right away. I often find myself working longer days because I’m not looking at the clock wondering when 5pm is going to hit and thinking about ways to get home to avoid all the traffic.