|
I work at a small company, about 30 employees.
We do have a few network guys, but we're still jacks of all trades.
I do software architecture, development, continuous integration, databases, documentation (technical and non-technical), but networking is where I draw the line... That's just a completely different job
lw@zi wrote: IMHO, he should be answering these questions either by himself or by someone higher up the chain There isn't a higher up the chain, the customer probably doesn't even know what a protocol is
|
|
|
|
|
Sander Rossel wrote: There isn't a higher up the chain, the customer probably doesn't even know what a protocol is
In that case you or your team lead need to understand from the customer about the business importance of this application. Then you can decide how much "secure" you want it to be. If your customer is going to host this application on their premise, you might want to talk to their networking team if they have some kind of policies and process about this. You wouldn't want to end up with a product only to know that customers do not support/approve of your communication mechanism.
"You'd have to be a floating database guru clad in a white toga and ghandi level of sereneness to fix this goddamn clusterfuck.", BruceN[ ^]
|
|
|
|
|
As a developer, you should know about the topic you're working with. If your topic is networking (which it is), then you need to know about networking.
|
|
|
|
|
Knowing a bit is important, but being an expert is not. As a former developer and network expert - different times and jobs - I think it important for the developer to know how to implement various network protocols and processes, but determining which are best for the organization or product is a matter for networking experts to decide and specify. That being said, I found that in my role as a developer, having the detailed hardware level knowledge of an electronics engineer made me a far more capable software developer than any of my software-only peers. Similarly, if you're going to develop networking products or component services, it would give you a decided advantage to become expert in their uses and best practices. But strictly speaking, I wouldn't consider that a job requirement.
Will Rogers never met me.
|
|
|
|
|
As a developer you are tasked to write all kind of software.
Ideally, particularly if people ask for your opinion, it is better to have at least a vague idea of how all kind of software works.
So that at the very least you make pertinent google queries!
It's alright to not have the answer to everything btw! Just say you will investigate it. As a developer other look up too what is expected of you is to find a good answer faster than other.
Other than that it's either that or say don't ask me, I have no clue!
But you can have both! I.e. be totally ignorant and looked up to!
In fact.. just like life!
Your friends might ask you all sorts of questions. You might have the answer or not. Now it's up to you whether you wish to impress them or not!
|
|
|
|
|
If you are a web developer I think you should know some basics about how servers work, how you can see error log files,what an error means and how to make settings for your domain .I'm talking with some fellow web developers that don't know stuff like that and they are having a lot of problems deploying a site or when they get an error and their site drops.If you are not a web developer I haven't heard anyone from my circle know such stuff and why you have to.
|
|
|
|
|
As a professional programmer, you are responsible for the entire application. If it talks to the outside world, that includes how it communicates.
The system administrator is responsible for the system he controls. If that system is insufficient, it is your duty to correct that deficiency. You cannot make this evaluation without being competent in best practices for everything your application does.
Now, if you are a junior dev, you should have someone above you with this responsibility. But if you're a senior, it's on you.
|
|
|
|
|
The way I see it is no you don't absolutely have to but if you want to thrive in your environment you probably want to understand the environment your thriving in. Likewise if you're going to be interacting with people who are dealing with this a given related technology that isn't core to your efforts, while you don't necessarily 'need' to become an authority on the topic, it does become highly conducive to become informed to the point of being conversant and able to identify the street signs in the neighborhood your driving though without having to stop and bother the locals all the time.
This not only earns you respect from the locals it also prevents you from focusing their ire as well which at times can potentially lead to other pitfalls. Peripheral knowledge is the socialization of work, so drink it in, take little sips, being careful not to get trapped into becoming a pseudo SME due to budgetary restraint and some manager realizing you know more than someone else about something you're not ready or willing to dive headlong into.
|
|
|
|
|
If you work as a developer for the US government you probably do. Where I work, we have to get CompTIA Security+ certified per DOD 8570 regulations. It's a royal pain in the butt because it's all about networking, security, encryption, etc - 80% of which we don't use as developers/database programmers. But we have to do it nonetheless or else we can't work here.
|
|
|
|
|
RabbitMQ has inbuilt support for TLS.
As of RabbitMQ 3.4.0, SSLv3 is disabled automatically to prevent the POODLE attack.
You should just read the RabbmitMQ docs[^].
Marc
|
|
|
|
|
I read it
But setting up TLS is a bit tricky... First of all I'm not an admin on the server and second the examples in the docs are Linux while I'm on Windows.
My answer was: Yes, we can use TLS, but we don't have to as the service is not reachable from the outside (all localhost)
|
|
|
|
|
How many developers does it take to screw in a lightbulb?
None, it's a hardware problem.
But in all seriousness, why not know the stuff? Everything you learn improves you as an individual and makes you more valuable. Always keep improving yourself!
|
|
|
|
|
I'm still figuring out whether to learn Python, Scala, Redis, Neo4j, .NET Core, baking a pie, driving a bus... You see there's a problem with learning everything
Although I agree learning about some networking makes lots of sense.
|
|
|
|
|
What is so hard about saying: "Let me get back to you"?
I use it all the time in my dealings with (paying) customers. No one has ever had issues.
What no one likes, is off-the-cuff answers that are questionable.
Or, you can say it's not in your job description; but that usually only works in union shops.
|
|
|
|
|
Gerry Schmitz wrote: Let me get back to you Because finding the answer takes way too much time that I don't have
I'm never off-the-cuff, questionable, or sticking to my job description
|
|
|
|
|
|
Maybe it's because I work as a freelance but I have the vision that a developer must provide solutions no matter what.
|
|
|
|
|
That's a bit shortsighted... If I asked you to create something in a language you never used, using a database you've never heard off, including some libraries you didn't know exist... Sure, you COULD come up with something, but you know it's going to take you a lot of time to learn all that stuff and the result will not be top notch quality. The only fair answer would be "sorry, but I can't help you with that"
|
|
|
|
|
I live in a third world country. My customers need solutions. I know I can't always provide top notch quality but when I can provide good quality I tell them and when I cannot I recommend someone who does.
My point is that I am a developer who is not afraid to get his hands dirty in servers, networks, configurations and the like.
Cheers!
|
|
|
|
|
From my standpoint, this is where consultants come in.
Find an expert, or someone with a lot of SOLID experience here, and pay them to give you the information and the configuration settings you will need.
The problem today is that most companies are making decisions WAY BEYOND their abilities. Kinda like Clinton using a non-secured blackberry to check her own email server while using A CHINESE network connection. Really. If TLS was not setup, then her password went through in clear text. OMG.
But companies do this all the time. It is why I like the new push to use SSL Everywhere, all the time. Everything should be encrypted when it is going over the wire.
|
|
|
|
|
Sander Rossel wrote: Common knowledge, or stuff left to sysadmins?
My opinion, of course you should know, maybe not now, but eventually. You were tasked with getting RabbitMQ running, therefore you are now the expert that will be answering those sorts of questions when they come up. So you don't know when your lead asked? Fine, go figure it out. After all, someone has to know to be able to advise the sysadmins. Your lead clearly thought that someone should be you, and I completely agree with them.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
|
|
|
|
|
I read through all of the responses to your post and I have a completely opposite opinion for you.
If you are a software developer and that is what you are specializing in than you already have a huge knowledge base to learn and work with. Trying to cross lines into networking and\or infrastructure, which have their own huge knowledge bases has been found to be highly inefficient making much of the results ineffective in the long term.
A study was done on just this issue many years ago when networking was a more compartmentalized function due to the limited set of options we had. Even then it was found that software developers and software engineers would also run into serious issues when attempting to work with two completely different knowledge bases. As a result, the analysis found that it simply couldn't be done very easily.
Today, of course, we have different environment but the emphasis has gone from 4th generation style development environments back to 3rd generation or even maybe second generation environments where the level of detail is larger exponentially.
The commenters who have replied that yes you should have knowledge of this additional detail in your tool-kits are promoting the idea that developers should be an "every man" type of professional, which is categorically impossible. However, this pressure has evolved as a result of different viewpoints towards the way development should be accomplished; and in this case it is to be done by turning the clock backwards.
The idea for example, of ASP.NET WebForms was to make web development far easier than it was with "Classic ASP", which it did. The same held true for standard Windows Forms, which allowed developers to use other languages than C++ to develop desktop applications.
Today development has now promoted so many paths to getting a task done that it is almost impossible to decide which one will secure one's career in the long term. The answer everyone provides for this is to know just about everything like it is something very easy to do and anyone should be able to do it. Well, you can't.
Nonetheless, the requirements of you maintaining your position may also depend on how flexible you are in such situations so it may behoove you to develop a proposal that suggests bringing in a specialist as needed to assist with you such additional complexities if you cannot afford the time to learn this material on your own due to other pressing responsibilities.
The real problem you are facing is that the younger generations of professionals have created environments of such complexity that they will not be sustainable in the long term; this time by turning development into some level of rocket science, which it was never intended to be and nor can it be with the level of support now needed for so many IT organizations around the world.
Steve Naidamast
Sr. Software Engineer
Black Falcon Software, Inc.
blackfalconsoftware@outlook.com
|
|
|
|
|
One of the problems with software these days is when developers knowingly or (more commonly) unknowingly develop insecure solutions. Saying "it's an architect's problem" is buying into the culture that enables this. If--as you've mentioned--you've analyzed the problem and determined you don't need to know something, then move on. But be aware of the issue and remember that you may not be around to explain (or remember) today's decisions for the eventuality that scalability necessitates a modification.
Saying that the solution doesn't merit security because of its lack of ubiquity is ignoring the fact that cyber-criminals can easily gather formidable bases of data by taking advantage of lack of security across the multitude of solutions that didn't think security was merited. In fact, most sensitive data available to criminals these days is not gathered in one fell swoop, but combined from many sources that have been compromised.
|
|
|
|
|
I think understanding at least basically how it works will make your code better. For example, if you send a message and expect a response - understanding some of the things that might make it take longer - such as the effects of latency for example will make the difference between something that works, and something that works well - even on slower networks.
There's a lot of developers who get by without these skills - and if you have a good relationship with you sysadmins, then you can make it work.
By way of analogy - you don't need to understand how your car works to be a good driver, but you do need to know something about the car - or when it needs fixing, to safely make an interstate trip in it. Otherwise you might make it - or you might become friends with the RACV.
|
|
|
|
|
I'm staying in digs in a tiny town (pop: about nine, give or take three), next to a church and graveyard, whilst working in a nearby city.
As always, I leave my laptop in the room, with the camera running to take pictures when anything moves.
The desk is in the middle of the room, away from any curtains, etc, that could blow in front of it, and nothing in the room can move of its own accord. And the window was closed.
But something moved, today. I got over 400 pictures, compared to the usual 50-100.
I've cut out all the pictures that were taken because of changes in lighting (there's a picture window less than eight feet behind the laptop, so clouds trigger the motion detector).
But that still leaves 318 pictures -- which are pretty big (over 20meg), so I've dumped them in a RAR file, and uploaded it to Mega.
This is not a spoof, and I am not taking the p1ss (I do do spoofs, and I do take the p1ss, but I don't lie). The laptop was set to take snaps when it detected movement, and no humans entered the room (if they did, there would be pictures of them). They are real photos, taken automatically today, by a laptop camera that was not malfunctioning in any way.
Download only if you want the sh1t scared out of you.
The rar file[^]
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|