Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why the NSA Can't Replace 90% of Its System Administrators

Unknown Lamer posted 1 year,9 days | from the plus-they'll-sink-your-oil-tankers dept.

Government 251

An anonymous reader writes "Curious about the recently purposed NSA cuts, Courtney Nash explores a few myths about systems automation 'In the aftermath of Edward Snowden's revelations about NSA's domestic surveillance activities, the NSA has recently announced that they plan to get rid of 90% of their system administrators via software automation in order to "improve security." So far, I've mostly seen this piece of news reported and commented on straightforwardly. But it simply doesn't add up. Either the NSA has a monumental (yet not necessarily surprising) level of bureaucratic bloat that they could feasibly cut that amount of staff regardless of automation, or they are simply going to be less effective once they've reduced their staff.'"

cancel ×

251 comments

Sorry! There are no comments related to the filter you selected.

change of title? are all IT system administrators (2)

Joe_Dragon (2206452) | 1 year,9 days | (#44612721)

change of title? are all IT workers called system administrators? do all IT works say do stuff maybe 1-2 times an week that classes them as an system administrator? maybe with more automation then that 1-2 times a week can go a way?

Laying off Americans, hiring Bangladeshi ? (1, Interesting)

Anonymous Coward | 1 year,9 days | (#44613339)

Perhaps NSA is not kidding

Perhaps they will just go ahead and lay off 90% of their admins, who are American citizens

And then, they will hire admins from Bangladesh as replacement

NSA doesn't need to be troubled by admins who are American citizens who understand the concept of Liberty, Human Rights, and Democracy - they can hire replacement admins from 4th world countries where nobody cares about any of those "Western Luxuries"

replace Windoze with Linux (1, Insightful)

minstrelmike (1602771) | 1 year,9 days | (#44612727)

That's one way to reduce the number of sysadmins effectively.

Re:replace Windoze with Linux (2, Insightful)

Anonymous Coward | 1 year,9 days | (#44612919)

You're joking, right? It's a way to reduce the amount of money you give to MS, but increase the number of admins you have, or increase the pay of your admins.

Re:replace Windoze with Linux (2, Insightful)

cheater512 (783349) | 1 year,9 days | (#44613223)

Not really increase the number of admins, but I'll give you the last bit about having to pay more.

"Oh no we now have to employ competent people and they want reasonable wages!!!!!"

The only reason why there are as many Windows servers out there as there are is because a cheap IT graduate without a clue can blunder their way through it and eventually get the job done. Its not because they are manned by efficient admins who understand the system well.

Re:replace Windoze with Linux (0, Redundant)

farrellj (563) | 1 year,9 days | (#44613461)

Windows server management is much more SysAdmin intensive than Linux server management. Most Linux Boxes are "fire and forget" after they have been configured. Windows boxes decay quickly, and need a great deal more upkeep from the SysAdmin.

Re:replace Windoze with Linux (4, Informative)

Anonymous Coward | 1 year,9 days | (#44613725)

Windows server management is much more SysAdmin intensive than Linux server management. Most Linux Boxes are "fire and forget" after they have been configured. Windows boxes decay quickly, and need a great deal more upkeep from the SysAdmin.

Why do you think that? Sure, unskilled Windows Admins have to fiddle with it relatively often, but not good Windows admins. I have a couple of SAP, Exchange and other Windows servers I have to manage. They don't require any more babysitting that any of the linux boxes do. They're all VMs on Hyper V or Xen or ESX and I worry more about patching the host firmware than anything else.

I choose to check up on them, and verify that backups are really restorable, etc, but in terms of HAVING to manully manage them? Not this year. And I do it all with built in tools, no "enterprise" level management either. Just bandwidth, scheduling and lots of disk space and scripts.

Re:replace Windoze with Linux (-1, Troll)

Anonymous Coward | 1 year,9 days | (#44612921)

Actually that's not a great idea. Linux has significantly higher TOC than Windows. Basically, Windows Server is easy and can be run by a trained chimp MCSE who will work for cheap. In addition, the better hardware support tends to mean that real-life stability is better with off-the-shelf hardware compared to Linux.

Re:replace Windoze with Linux (0)

The Mighty Buzzard (878441) | 1 year,9 days | (#44613745)

Ten or fifteen years ago this might have been true about the hardware. Today Linux is far more likely to give you a better experience than Windows with off-the-shelf kit.

As for TCO, that depends on your situation. One *nix admin can handle easily twice as many servers as an MCSE can handle Windows boxes. Five or ten times as many would probably be more realistic.

Re:replace Windoze with Linux (4, Interesting)

hawguy (1600213) | 1 year,9 days | (#44612923)

That's one way to reduce the number of sysadmins effectively.

I don't think that's true in an enterprise environment with thousands of servers.

In my experience, it takes a larger installation to justify the team size for a well run Windows Server installation (to administer all of the Microsoft System Center [wikipedia.org] components (SCCM, SCOM, etc)), but once that investment in management tool configuration is done, then administering large numbers of Windows Servers doesn't really take more people than administering large numbers of Linux servers. LIke most MS Enterprise products, the MSC components can be complicated to configure and take a certain amount of dedicated resource to configure and use them well.

The same scalability may not hold true once you get to Google Scale with a million servers to manage, since at that point you can justify spending a lot more resource on writing custom management and support tools even down to customizing kernels if you want to.

In a small shop where you may have a few dozen servers, then you may find the MSC tools to be overkill and not worth the effort to set them up well so Linux can be simpler and easier to administer.

Re:replace Windoze with Linux (2)

dbIII (701233) | 1 year,9 days | (#44613539)

I don't think that's true in an enterprise environment with thousands of servers.

No, it is very true in exactly that environment - you don't need a lot of people to run clusters full of a lot of very similar nodes.
In slightly smaller situations where every machine is its own unique little snowflake you may not get that, but at huge scales it has been demonstrated to be true almost universally.

Re:replace Windoze with Linux (3, Insightful)

Anonymous Coward | 1 year,9 days | (#44613581)

That's one way to reduce the number of sysadmins effectively.

I don't think that's true in an enterprise environment with thousands of servers.

In my experience, it takes a larger installation to justify the team size for a well run Windows Server installation (to administer all of the Microsoft System Center [wikipedia.org] components (SCCM, SCOM, etc)), but once that investment in management tool configuration is done, then administering large numbers of Windows Servers doesn't really take more people than administering large numbers of Linux servers. LIke most MS Enterprise products, the MSC components can be complicated to configure and take a certain amount of dedicated resource to configure and use them well.

The same scalability may not hold true once you get to Google Scale with a million servers to manage, since at that point you can justify spending a lot more resource on writing custom management and support tools even down to customizing kernels if you want to.

In a small shop where you may have a few dozen servers, then you may find the MSC tools to be overkill and not worth the effort to set them up well so Linux can be simpler and easier to administer.

I think people claim Linux needs fewer admins because it has a history of bailing twine and bubblegum configuration management with rsync and ssh-while-loops...

At around 3-400 servers we implemented Puppet and MCollective with some in-house plugins. Now that I know it well, I seriously wouldn't run ten servers without it.
There isn't anything really special about Linux that enables these tools to work, and I actually think the Windows Puppet agent gets off easy with NT services vs. init scripts with sketchy status commands, registry vs hundreds of different config syntaxes, and so on.

So anyway, when I see someone brag about Linux needing fewer admins, I take it the same was as someone saying they get better gas mileage by turning the AC off and rolling the windows down... I guess if you tolerate that you can spend less on a car. Whoopie...

Re:replace Windoze with Linux (4, Insightful)

Sycraft-fu (314770) | 1 year,9 days | (#44613727)

Ya I have to day at my work at least the Linux servers are certainly NOT easier than the Windows servers to administer. The Linux lead spends a lot of time dicking around in the command line messing with scripts and settings to get everything working and managed nice. It works, don't get me wrong, we have a functional setup and process, but this idea that it is somehow easy and magic is false and speaks to a lack of experience.

When I see someone who proposes something like "replace Windoze (lol I totally stuck it to Microsoft misspelling their software!) with Linux" as a magic fix for needing less people in a big enterprise to me it says this is someone who has installed Linux on their desktop, and maybe a personal web server, and somehow thinks that means they know all about enterprise administration. They figure what is true for them must be true for 50,000 systems. I mean after all, the fact that they had Windows crash on them one time clearly means it is unstable and unsupportable!

Windows does a lot right for the enterprise. Their authentication service is really good. AD really does the trick for managing a large collection of systems and users. We use it as the backend for everything, Windows, Linux and Mac and yes, we've tried it other ways (we used to do Sun LDAP and IDsync as the backend, what a nightmare to make work). Anyone who says Microsoft doesn't have good tools for large scale management is really just saying they don't have experience in a large scale setting with Windows and other OSes.

Also that suggestion is funny, given that the NSA likes and uses Linux for a number of things. You might want to look up who gave us SELinux (hint: the NSA). Ever wonder why it has such paranoid, granular, control if you want it? That's why.

Re:replace Windoze with Linux (1)

macraig (621737) | 1 year,9 days | (#44612963)

No way, dude! Haven't you heard? Windows administers itself. Well, unless it's in Russia....

Re:replace Windoze with Linux (-1)

Anonymous Coward | 1 year,9 days | (#44613001)

Men's balls slapping off your chin.
Bend over and take it in the ass again.
I'm not necessarily saying your gay.
But that Linux shit makes you look that way.
 
FUCK OFF FANBOY!!!! GO SUCK SOME MORE LINUX DICKS!!!!

Re:replace Windoze with Linux (1)

gmuslera (3436) | 1 year,9 days | (#44613185)

They probably they already have Linux in most, as they know the backdoors it have Windows builtin, and who wants to intentionally install a backdoored system for their critical information? At least for linux they can have their own internal distribution for servers.

But what say the article is that even with Linux they can't reduce a lot the number of sysadmins, and that said by people of 2 of the most used linux automation platforms, Puppet and Chef.

I vote bloat. (0)

Anonymous Coward | 1 year,9 days | (#44612739)

Fairfax county Virginia wouldn't survive without it. Private contractors milking public paranoia.

This is a message (2)

ADRA (37398) | 1 year,9 days | (#44612743)

This comment has been generated by obligatory troll-bot 10000, an innovation of Huawei and your local NSA front. Have a nice day.

Outsource to China (5, Funny)

Anonymous Coward | 1 year,9 days | (#44612745)

Maybe instead of cutting staff numbers they can just outsource the administrators to China?

outsource to F*** Up and give up control of data a (-1, Troll)

Joe_Dragon (2206452) | 1 year,9 days | (#44612769)

outsource to F*** Up and give up control of data as well? just so in the end it costs more to fix the f*** up then what you saved in labor?

Re:outsource to F*** Up and give up control of dat (0)

slick7 (1703596) | 1 year,9 days | (#44612853)

outsource to F*** Up and give up control of data as well? just so in the end it costs more to fix the f*** up then what you saved in labor?

There are plenty of American companies that cringe when they hear Air Fance and the A-300.

Re:outsource to F*** Up and give up control of dat (5, Insightful)

Zontar The Mindless (9002) | 1 year,9 days | (#44612885)

Hello? Have you have your sarcasm detector surgically removed?

And please don't do that fucking boneheaded bit with the fucking asterisks. If you're really fucking old enough to say "fuck" and that's what you fucking mean, then fucking say "fuck", already. Otherwise, just fucking use a different fucking word.

Re:outsourci F*** all (0)

Anonymous Coward | 1 year,9 days | (#44613427)

Fuck those fucking fuckers! They're all fucked up.

Think of this as an exercise in poetic license. If the NSA fires their/our own and replaces 'em with higher paid contractors employed by privately owned companies who are free and likely to hire the newly fired public employees, everyone but the shareholders gets screwed. The public pays more for the same service. The employees are effectively relieved of their gub'ment pensions which will be replaced by the insecurity of privately guttable replacements and the shareholders and executives walk away with their pockets stuffed. It's an accelerated form of privatization which benefits investor/crooks, many of whom ooze out of the public sector and straight into quasi-entrepreneurial ownership. Real entrepreneurs actually create something new. These scum just recreate governmental functions under a corporate umbrella. It's neo-fascism at its worst.

Re:outsourci F*** all (1)

Zontar The Mindless (9002) | 1 year,9 days | (#44613585)

Yes, that's a pretty apt description of the likely downward spiral of greed.

(I guess I was just busy enjoying some cheap thrills, watching JD troll himself with the China reference at the top of the thread.)

Re:outsource to F*** Up and give up control of dat (1)

dbIII (701233) | 1 year,9 days | (#44613645)

Some poor sods are behind filters that won't let the see any web pages that contain words like fuck unless the word is obscured in some way.

Re:outsource to F*** Up and give up control of dat (1)

gmuslera (3436) | 1 year,9 days | (#44613215)

Hey, they were the ones that claimed that noone need to have anything to hide, unless they are terrorists. In the other hand, maybe the ones that order drone strikes qualify as that.

To The Cloud (1)

wisnoskij (1206448) | 1 year,9 days | (#44613269)

My not just migrate To The Cloud.

Re:Outsource to China (2)

plopez (54068) | 1 year,9 days | (#44613341)

Even better, fire 90% of sysadmins then give the rest of the employees admin access. The problem of sysadmins is now solved...

Re:Outsource to China (1)

Neuronwelder (990842) | 1 year,9 days | (#44613605)

Shh! Don't give these cheap bastards any ideas!!

Re:Outsource to China (2)

Culture20 (968837) | 1 year,9 days | (#44613661)

I know you're joking, but the Great Firewall will prevent the NSA secrets from reaching the American citizenry, which is all the NSA cares about these days.

They seem to have a strategy (5, Informative)

cold fjord (826450) | 1 year,9 days | (#44612765)

Apparently they look for clues to organizations that have solved similar problems.

NSA Boosting Automation in Wake of Snowden Leaks [wsj.com]

The agency has created a private cloud using OpenStack, a Web standard developed by NASA and Rackspace Hosting Inc. Analysts say this lets the NSA run its IT operations in a way that more closely mirrors that of Amazon.com Inc. or Google Inc. Previously, it took weeks or months for employees at NSA to get access to computing resources, said Nathanael Burton, a computer scientist speaking at the OpenStack Summit in Portland in June. The private cloud “let us grow to a scale that a very small team of 12 to 15 people could manage,” he said.

“We’ve transformed the NSA and over the next few months we’re going to be working with the larger intelligence community to roll out our OpenStack system across the entire intelligence community,” said Mr. Burton in a video of the conference. The NSA did not respond to requests for comment.

Re:They seem to have a strategy (1)

Zontar The Mindless (9002) | 1 year,9 days | (#44612899)

Woohoo! The Cloud is the solution to all our problems! We're saved!

Re:They seem to have a strategy (1)

cold fjord (826450) | 1 year,9 days | (#44613031)

It seems to work for Google and Amazon, I trust you've heard of them? Or did you have some insights about how what they do won't work for NSA?

Re:They seem to have a strategy (-1)

Anonymous Coward | 1 year,9 days | (#44613139)

It seems to work for Google and Amazon, I trust you've heard of them? Or did you have some insights about how what they do won't work for NSA?

You have got to be one of the most miserable bastards I have ever
seen on the internet. Every comment you make is something only
a miserable asshole would write.

If you can't get laid without paying for it then you need to go pay
for it and get some of your miserableness washed off your miserable
asshole self.

Re:They seem to have a strategy (2)

Zontar The Mindless (9002) | 1 year,9 days | (#44613511)

That whooshed right past you, didn't it?

Re:They seem to have a strategy (0)

s.petry (762400) | 1 year,9 days | (#44613715)

Pay attention to the innovation company there, Google, and what their head count really is. Amazon also, but they are not on pace with Google in terms of automation.

* Automation still costs money and requires manpower. Or are you trying to imply that the NSA has never used any automation and that 9 out of 10 admins were typing on a few machines only? I think Snowden's level of access shows how idiotic that implication is.

I don't think the post you responded to asserted that it does not work. I can't speak for them mind you. The way I read it is more of a statement regarding how dumb it is to believe that they are not already using massive automation. Consider that not that many years ago, the NSA knew very well what Puppet was and used home grown solutions because Puppet has some nasty design flaws (some of which have been handled, but many others remain). I think your implication is based in ignorance and bias.

Several... (0)

Anonymous Coward | 1 year,9 days | (#44613735)

One, neither Google nor Amazon use Openstack. Openstack is no where near the best of breed yet.

Two, I don't know about them specifically, but I've seen places that have the ability and will to do it correctly, and I've observed organizations that really don't but think they do. There is a high probability NSA ultimately falls into the latter category, even if you hand them the perfect tooling (that generally isn't made available).

Re:They seem to have a strategy (1)

Austrian Anarchy (3010653) | 1 year,9 days | (#44613275)

From what it sounds like, all they are doing is concentrating more access to fewer people. That makes the stew for colossal breaches, instead of mere large breaches. If you don't want someone walking out the door with all of your secrets, you have to make sure that nobody has access to ALL of your secrets.

Re:They seem to have a strategy (1)

lightknight (213164) | 1 year,9 days | (#44613387)

Shhhh. Shhh. Shh. Sh. This will be funny. They will narrow it down to several people, who will be totally trusted with all the secrets, and one of them will make out with everything, all at once.

Re:They seem to have a strategy (1)

AHuxley (892839) | 1 year,9 days | (#44613409)

You think the NSA and CIA would sit down and talk about the fun they had with the Soviets on the bulk document walk outs.

Re:They seem to have a strategy (1)

AHuxley (892839) | 1 year,9 days | (#44613019)

So they are going to spread their data, with more post 911 agencies sharing. The data will all be compressed, encrypted and safe... yet totally usable in real time...
The NSA always worked with small groups cold. What you seem to be suggesting is the NSA is having its own past resold to it by private contractors with open ended data costs. Better private sector vetting for real this time too?

Re:They seem to have a strategy (1)

cold fjord (826450) | 1 year,9 days | (#44613163)

It looks to me like they are sharing architecture, not data, but I suppose both could work. Small groups can be logical, not just physical. Logical is easier to maintain with less headcount. I expect the NSA will be trying to shed contractors for this work. Since there is a grand jury investigating and issuing subpoenas to the company conducting the security clearance investigations I expect there will be some tightening.

Re:They seem to have a strategy (1)

AHuxley (892839) | 1 year,9 days | (#44613525)

If the NSA wanted architecture, they can build it in the USA and have their cleared staff look after it cold.
This is not about renting floorspace, cooling and adding ever more size.
The cloud is for data sharing ie connecting to others in the US gov and getting data in from private groups/contractors.
Again the NSA always used "logical, not just physical" file "access" to keep staff from seeing the full projects.
You mention "maintain" - someone still has to look after all the new new captured/shared files, voice prints, video, calls, faces and the "cloud" will be huge. As in headcount, cleared input, keeping it running and extracting data from it, costs and fancy interconnections.
New skill sets in every agency to get the data flowing to a new 'cloud' is usually more contractors.

Obfuscation (1)

Valentinial (2980593) | 1 year,9 days | (#44612795)

1. Fill current admins heads with bad info. 2. Get rid of 9 out of 10 of them. 3. From then on everytime someone working at NSA leaks something blame it on a. disgruntled or b. info that does pan out (it was contrived anyway) 4. ????? 5. Profit.

We know nothing (3, Interesting)

Chuckstar (799005) | 1 year,9 days | (#44612807)

Since "anonymous reader" isn't in a position to know anything about how the NSA's systems are set up, what these administrators exactly do, who has/needs administrator privileges vs. who could do their jobs with reduced privileges, etc., etc., then isn't this discussion even more of a waste of time than usual on slashdot?

Re:We know nothing (2, Insightful)

Anonymous Coward | 1 year,9 days | (#44612917)

then isn't this discussion even more of a waste of time than usual on slashdot?

Law of headlines... no. It's probably about the same amount of time wasted.

Re:We know nothing (1)

AHuxley (892839) | 1 year,9 days | (#44613323)

The discussion seems fine. We know the data "in" from the 1960's onwards - global phone numbers, fax, email, data, voice prints, satellite, cable landing sites.
You can understand the option to collect all info in real time and then not want to move vast amounts of bulk data around the world, so it it worked on in safe regions eg UK, Australia, NZ.
We know the data "out" is a select stream returned to the USA in near real time.
We know the brands of super computers, power needs and cooling water use.
We understand encryption sold to consumers was always going to be weak or plain text was going to be available to the USA.
We now know how tame the US brands are and what quality of oversight was in place.
We now know hardware that once looked out over the globe is deep within the USA.
Administrator privileges would have always been vetted in the cold war. The USA never wanted a UK system of rapid growth and pure staff 'trust'
The USA understood the state of mind MI5 was entering from the 1950-90's (~fast growth/no long term trust/too many Soviet spies) and saw their generational vetting/tracking as a better option.
So the NSA has faced new missions in the last 15 years: grow fast, a few new languages, sharing with others in the US gov, lots of contractors and that US vision of quality "jobs" for the locals.
Cloud computing was always offered as the next big move. More gov/private sharing, jobs, more safe, more live data, better quality data.
Can the NSA fix the 'people' issue? Too many people (public and private) have quality clearances now, are too political connected and know the US need for their costly expert skills.
Too many brands/contractors cleared from the boss down with expert staff getting fast electronic database clearances with some real life background work are on the edges of US crypto.

The NSA has technology beyond the ken of mortals (1)

Anonymous Coward | 1 year,9 days | (#44612823)

...or they have ways of automating unimaginable to the uninitiated. Take a look at stuff the US government made, and when.

The F-22, developed in the 90s at latest, had processors more powerful than 2005 commercial processors. The NSA's improvement to encryption technology proved math knowledge 7 years ahead of its time. The Blackbird was over a decade ahead of its time for physics.

Now IBM has a brain simulation with as many synapses as a human brain, running 1500 times slower. That's just 16 years of Moore's law doubling. Is it so far-fetched to thing the NSA has AI that can replace a lot of sys admin and basic spycraft duties?

Re:The NSA has technology beyond the ken of mortal (2)

gl4ss (559668) | 1 year,9 days | (#44612881)

source for that f-22 shitniz? 'cause I call bullshit OR it's very creative definition for a commercial processor. blackbird wasn't ahead in "physics", rather it was and still is a milestone in _manufacturing_(titanium).

but yes, it is far fetched to "thing" that nsa has an AI, since they don't seem to have even a HI. they just said they're cutting down on system admins to get the senate off their backs since what the NSA actually is... is that it is a MASSIVE money pump to private hands(for people who skim the contractor wages).

Re:The NSA has technology beyond the ken of mortal (0)

Anonymous Coward | 1 year,9 days | (#44613125)

source for that f-22 shitniz? 'cause I call bullshit OR it's very creative definition for a commercial processor. blackbird wasn't ahead in "physics", rather it was and still is a milestone in _manufacturing_(titanium).

"Still is" is a bit of a stretch, as it was abandoned because other systems replaced the need for it (at least publicly). Satellites are now better for surveillance. It is no surprise -- in the other vertical extreme, Russian submarines made of titanium were deeper diving than anything else built, but ultimately the tactical advantages from having the capability did not really exist, and it was extraordinarily hard on the boat's systems.

Re:The NSA has technology beyond the ken of mortal (0)

Anonymous Coward | 1 year,9 days | (#44613469)

Are you talking about SR-22?
Different bird.

the bright side (5, Insightful)

roc97007 (608802) | 1 year,9 days | (#44612835)

> or they are simply going to be less effective once they've reduced their staff.

Which wouldn't be such a terrible thing.

the bright side-MOAR leaks. (0)

Anonymous Coward | 1 year,9 days | (#44613211)

Heh. People think they leak now? Just wait till all those (Dell) admins hear they're going to be fired.

Re:the bright side (1)

gmuslera (3436) | 1 year,9 days | (#44613251)

Will be. They will still be collecting everyone's information, but as with less staff could be less secure, and an external intrusion there will mean that even more people with bad intentions will be able to access your information, or get 0day vulnerabilities right from the source, or use the backdoored (by them) systems in all the world to do a test drive of the attack the NSA is preparing [schneier.com] .

Re:the bright side (2)

roc97007 (608802) | 1 year,9 days | (#44613463)

Will be. They will still be collecting everyone's information, but as with less staff could be less secure, and an external intrusion there will mean that even more people with bad intentions will be able to access your information, or get 0day vulnerabilities right from the source, or use the backdoored (by them) systems in all the world to do a test drive of the attack the NSA is preparing [schneier.com] .

Point to you. I would reply that, perhaps I'm being too optimistic, but I'd like to think that such occurrences would serve to further discredit the NSA, making it more likely that such information gathering and intentional security breaches (backdooring being essentially that) would be curtailed. So, short run, sucks, but long run, better.

The idea being, people who can't be trusted with security, should have security taken away from them.

I'd be far more worried.... (5, Insightful)

Anonymous Coward | 1 year,9 days | (#44612839)

The worst thing you can do with a person in a privileged access position is tell that person substantially in advance that they have a 90% chance of being made redundant. The overwhelming majority of people are reasonable, rational and won't do anything - but when you have such a large set of people - some won't be so amenable to being pushed out the door.

In short, I'd be surprised if they haven't created a small army of potential Edward Snowden's through this. Wherever I've worked, if we made a system administrator redundant we'd have disabled their account before they were told and then broke it to them - even if it was under consideration, we'd send them home with pay for the duration - it's just common sense.

-SG

Re:I'd be far more worried.... (1)

AHuxley (892839) | 1 year,9 days | (#44613607)

I am sure the Russian embassy is asking its helpers in a few regions of the USA to be ready for much more work.
The Soviet Union picked up so much form UK staff in the 1950/70's via poor working conditions/pay.
The UK staff where mostly in the gov and had real standing, rank, jobs.
If your security clearance is the only way to work and its not worth as much outside the gov?
If a contractor job gave you standing, a good lifestyle, holidays (as in time and cost), rent, a good car - what is waiting?
A resume thats loaded with terms only other cleared workers can understand? A full pension?

"IT doesn't add value" (1)

Anonymous Coward | 1 year,9 days | (#44612841)

So many companies claim this, then have their computer systems basically implode. The NSA will not be an exception. I don't think too many Americans, (or anyone else, really), will mourn their passing.

SPOILER ALERT (0)

Anonymous Coward | 1 year,9 days | (#44612851)

Either the NSA has a monumental (yet not necessarily surprising) level of bureaucratic bloat that they could feasibly cut that amount of staff regardless of automation, or they are simply going to be less effective once they've reduced their staff.

It's option number A, dipshit.

And it isn't just the NSA, it's the entire Department of Defense. Jesus fuck, you would think somebody would notice when the Navy has more admirals than it has ships.

Re:SPOILER ALERT (2)

ganjadude (952775) | 1 year,9 days | (#44613069)

you stop at the DoD??? pfft, the same could be said of ALL federal employees. We could cut the federal government by 90% overnight and the vast majority of americans would not even feel a bee sting out of it. Plain and simple the federal government is suposed to be small, the states are suposed to be the ones with the power. Sometime about 100 years ago (some would argue the progressive movement) things changed and we started giving the federal government more power. First alcohol prohibition (which at least they had the decency to amend the constitution vs what they do these days and just claim power) and so on and so on. to be fair im sure someone will come out with previous abused by the federal government, for example jefferson overstepped when he made the LA purchase, but id say it was between 1915 and 1945 that the country radically changed, and not for the better. well, maybe for the short term but not long term.

Re:SPOILER ALERT (2, Insightful)

colinrichardday (768814) | 1 year,9 days | (#44613541)

Plain and simple the federal government is suposed to be small, the states are suposed to be the ones with the power.

And who is supposing this? Also, people might have had more sympathy for States' Rights if states didn't use them to oppress people.

Re:SPOILER ALERT (1)

luis_a_espinal (1810296) | 1 year,9 days | (#44613755)

you stop at the DoD??? pfft, the same could be said of ALL federal employees. We could cut the federal government by 90% overnight and the vast majority of americans would not even feel a bee sting out of it. Plain and simple the federal government is suposed to be small, the states are suposed to be the ones with the power. Sometime about 100 years ago (some would argue the progressive movement) things changed and we started giving the federal government more power.

No. Not 100 years ago, but 148 years ago, with the end of the civil war, which settled once and for all the supremacy of the federal government over states powers (including the power to keep slavery legal.) Let us not skip the nitty gritty details, shall we?

*lmod up (-1)

Anonymous Coward | 1 year,9 days | (#44612865)

bre 'very poorly survive at all all along. *BSD irc.easynews.com You can. No, little-known may also want of Walnut Creek,

Simple solution (1)

PPH (736903) | 1 year,9 days | (#44612877)

Replace computers with typewriters [slashdot.org] .

Re:Simple solution (0)

Anonymous Coward | 1 year,9 days | (#44613633)

Goverment also fucked-up security with typewriters in the past. Everything had to have multiple copies, many copies were made by using carbon paper which was then simply tossed into the trash. Trash tells many secrets.

Only one thing is for sure... (5, Insightful)

bill_mcgonigle (4333) | 1 year,9 days | (#44612879)

... 100% of potential leakers are now 90% sure that they're going to lose their job anyway.

Carry on, NSA.

Re:Only one thing is for sure... (1)

cold fjord (826450) | 1 year,9 days | (#44613329)

Probably hundreds of thousands of people have worked for the NSA and only a small hand full of them have betrayed their country, stole secrets, and defected. You seem to expect that System Administrators are a big risk for stealing secrets and defecting. That would seem to both confirm the wisdom of the NSA in reducing their numbers while also denigrating the character of System Administrators as a class, that they would betray their country over a job. Do you really know that many people that shallow?

On a related note: Bradley Manning: 25 years in prison? Or 60? [usatoday.com]

Re:Only one thing is for sure... (4, Insightful)

bill_mcgonigle (4333) | 1 year,9 days | (#44613501)

also denigrating the character of System Administrators as a class, that they would betray their country over a job

Quite the opposite - they appear more likely than typical to betray their job for their country.

Re:Only one thing is for sure... (2)

fustakrakich (1673220) | 1 year,9 days | (#44613617)

...that they would betray their country...

"If you see something, say something." Failing to report a crime can get a guy in trouble...

Re:Only one thing is for sure... (1, Flamebait)

Colonel Korn (1258968) | 1 year,9 days | (#44613671)

Probably hundreds of thousands of people have worked for the NSA and only a small hand full of them have betrayed their country, stole secrets, and defected.

Working for the NSA is a betrayal of country, so I think that 100% of those people have by definition earned your disapproval.

Re:Only one thing is for sure... (0)

Anonymous Coward | 1 year,9 days | (#44613677)

Do you really know that many people that shallow?

Do you really want me to answer that?

Re:Only one thing is for sure... (1)

AHuxley (892839) | 1 year,9 days | (#44613699)

It was a different world then cold. Full pension, full working life, experts at the top of their fields with great hardware, software winning the cold war one project and shared operation at a time.
ie not wondering about 'work' in a week, month or year. You now have many more staff been given a few years of the same clearances with all the wages and contacts of moving 'up' or been very job secure.
MI6/5/GCHQ can tell the NSA what the outlook is when you dont keep that full wage/full pension deal on average.
So can Russians working in the GRU/KGB world.
The one message the USA always understood was the perception of cash and looking after its very best.

Re:Only one thing is for sure... (0)

Anonymous Coward | 1 year,9 days | (#44613719)

I think most people don't have a stick up their ass half as big as the one you've got up yours, no.

Re:Only one thing is for sure... (0)

Anonymous Coward | 1 year,9 days | (#44613367)

but they don't have any more secret programs to leak ! :)

Well... (0)

Anonymous Coward | 1 year,9 days | (#44612897)

To be fair when you work force is made up of a lot of computer scientists, cryptographers, mathematicians, etc you could probably turn over some responsibility for administration to the workforce with out losing much.

Re:Well... (1)

plopez (54068) | 1 year,9 days | (#44613369)

I've worked with Phds who programmed and admined machines. It was scary. Horrible code and scripting and one guy deployed an hardened box on the interweb outside of the organization firewall. The server which was deployed was compromised in less than a day.

What's the firing criteria? (0)

Anonymous Coward | 1 year,9 days | (#44612901)

More of concern is, are they being hired and fired based on their loyalty to General Alexander? Or to the constitution of the United States?

I bet he's firing people who might question his interpretation of the constitution.

Encrypt their data (1)

MichaelSmith (789609) | 1 year,9 days | (#44612927)

The NSA could certainly prevent 90% of their systems administrators from seeing the data though. All data should be encrypted when it is not displayed. Everything on file servers should be encrypted and most of the admins won't need the keys.

Better becareful posting that stuff (4, Funny)

mysidia (191772) | 1 year,9 days | (#44612951)

Don't you dare try to get rid 90% of system admins.

Better back off, or I will replace your management team with a 5 line shell script, and sell it to Obama as a way of demonstrating that he is serious about more efficient government.

Re:Your right....... (1)

Anonymous Coward | 1 year,9 days | (#44613265)

Look how well the DRM take down bots have worked. Another flawed knee jerk solution to a already flawed system.
When it hits the fan it will cover everyone that has signed off on this. If we end up having another 911 just wait and see everyone trying to blame someone else for missing it and pointing fingers.
Why didn't the bots catch it?
Who was responsible for the writing of the bots?
Why don't you have more people tracking your data?
Why weren't you people trained better to see the patterns in the data?
Why do you collect so much data that you don't have the time or resources to filter it or review it?
Who implemented this?

They don't need to (1)

jennatalia (2684459) | 1 year,9 days | (#44612997)

They have a specific job. Their admins do fine completing that job. They go through rigorous background checks. Unfortunately, a contractor got to the info and was able to thwart the system. ES just made it extremely difficult for everyone interfacing NSA to work now.

Re:They don't need to (1)

wisnoskij (1206448) | 1 year,9 days | (#44613279)

And you want the job of spying on your fellow citizens, breaking the law, abusing your power, and covering up for others who do the same?

Uh... (1)

Nexion (1064) | 1 year,9 days | (#44613027)

woot?

Bunch of babies (1)

JustineM944 (3004807) | 1 year,9 days | (#44613033)

Why do I have to read all this classified garbage on Slashdot? Is the NSA's shredder broken?

So we win regardless? (0)

Anonymous Coward | 1 year,9 days | (#44613051)

Either a bloated government department will piss away less money,
or they become less effective at voilating our rights

who cares either way, just get rid of them

Offshored, of course! (2)

sgt_doom (655561) | 1 year,9 days | (#44613071)

Like everything else, they will simply offshore all those sysadmin jobs to India, China, Vietnam and Russia, of course, which is what they normally do, you douchetards!

Re:Offshored, of course! (1)

lightknight (213164) | 1 year,9 days | (#44613435)

Good. There's nothing like hiring the Russians to fight the Chinese, who are busy fighting the Vietnamese, who are busy fighting the Iraqis, who are busy fighting the Russians. The entire world is fighting a war on a dozen fronts, and you don't need to worry that they'll do anything really stupid, since their best minds are devoted to the mindless tasks of destroying someone's bunker or supply lines. Then you take your private jet to your private island, and quietly learn how to solve that Rubik's cube...blind-folded.

LIAR LIAR PANTS ON FIRE (0)

Anonymous Coward | 1 year,9 days | (#44613083)

The NSA has a proven track record with lying to the American public.

Re:LIAR LIAR PANTS ON FIRE (1)

lightknight (213164) | 1 year,9 days | (#44613459)

Most people do. Show me anyone, anyone at all, and, given enough access, I could probably prove them a liar.

And you know what? (1)

boarder8925 (714555) | 1 year,9 days | (#44613105)

...or they are simply going to be less effective once they've reduced their staff.

I'm perfectly fine with their being less "effective."

Re:And you know what? (2)

lightknight (213164) | 1 year,9 days | (#44613477)

I'd be more happy with them returning to their original mission, and understanding that destroying the Constitution to save the Constitution is not a valid option.

Magic Beans sold by Puppet Labs? (0)

Anonymous Coward | 1 year,9 days | (#44613153)

Magic Beans sold by Puppet Labs? That's the only way I can see this working out. Of course, in practice, there is no such thing as "Magic Beans" from anyone, least of all Puppet salesmen.

Anyone who has done a puppet deployment, realizes that you've just traded 1 problem for another.

In IT, knowing Puppet is great for your career - it is like being Microsoft Certified. There will always be someone that thinks they need you, when it truth, YOU are the problem and will end up costing more that just getting great sys Admins who you can trust.

Automation has a place - Salt, Rexify, Chef, Ansible, CF Engine and 10 others are play in this space. Each has issues.

That makes a great sound bite (2)

You Don't Know Me (265497) | 1 year,9 days | (#44613189)

and in the spirit of pointy-haired bosses everywhere it means little. The administration is going to squeeze whatever good press they can garner from the comment and then do nothing. Oh, wait, there will be a panel of learned IT staff, then a study group, then a plan-for-a-plan group, then a project planning group then a phase I project and then, wait for it, a cut in funding that cancels the project.

NSA Can't replace 90% of its SysAdmins? (0)

Anonymous Coward | 1 year,9 days | (#44613255)

Are you kidding me? As far as I am concerned the NSA can replace 100% of them, with adobe-bricks (three dimensional rectangles made from mud and straw), and we will all be better off. We can turn the NS's storage facilities into a competitors for, or extensions of, the Yucca Mountain Nuclear-Waste Storage Project, and we'll be beter off again.

What to do with the let-go SysAdmins? The rabid ones, the ones not glad to be out, need to be shot. The sane ones, the ones glad to be out, we can replace some of the 67,000 or so we were told we were short last year, and so had to import from abroad to fill positions, with. There weren't Americans enough to fill those positions, they said. Well, replace the NSA's with nuclear waste and there should be, and we should be able to send most of the imported ones home again. ......Or has it been those imported ones the NSA has been hiring?

Wow, that was dumb (1)

rsilvergun (571051) | 1 year,9 days | (#44613313)

I think I lost a few IQ points just reading it. Anyway, in rebuttal:

1. You don't need very many smart people. Albert Einstein did all the hard stuff when it came to the atom bomb. Factories run with a 2 or 3 engineers instead of thousands of workers. Lotus 1-2-3 put thousands of accountant clerks out of work. Etc, etc. I suppose we can all go work at Walmart.

2. Fewer people means less people to leak. Also fewer jobs means people more afraid of losing what little they have. It means less idealism and more dog-eat-dog survival.

But hey, who am I point all that out. If we just keep telling ourselves the scary stuff isn't happening because it didn't all happen at once that makes it OK, right?

Teacups full of storms! (1)

Anonymous Coward | 1 year,9 days | (#44613403)

Why are people unable to parse simple English? They are not "laying off 90% of their system administrators" - they didn't say "we're going to lay off 90% of our sys admins." They said "we're going to take admin privileges away from 90% of the people who have sysadmin privileges." The job doesn't cease to exist just because you can't type "rm -rf /*"

NOWHERE in the coverage of Gen Alexander's remarks [reuters.com] has he said they were planning to lay off 90% of their IT workforce. What he said was this:

Before the change, "what we've done is we've put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing," Alexander said.

This is a case of the NSA saying, "we've given sys admin access to far too many people, and we're going to restrict that now."

maybe technology replaced need for humans again (1)

ClassicASP (1791116) | 1 year,9 days | (#44613503)

Perhaps the reason they are laying off 90% of them is because they simply don't need them anymore because XKeyScore now does manually what used to take a lot of manual system administrator work to accomplish. They say they've been collecting data since 2008 but its plausible they've been at it for a lot longer than that.

Keep them out of private sector. (0)

thedarb (181754) | 1 year,9 days | (#44613579)

Would it be legal to add "Have you ever worked for the NSA?" to your interviewing questions? I'd like to see them all denied jobs in the private sector once they lose their jobs with the NSA. They have knowingly worked to support spying on American citizens. Treat them like the criminals they are.

While we're at it, ask if they worked for SCO over it's last 5 years... don't want that so called 'talent' to ever have an IT job again, either.

Would it be legal to form a do-not hire list based on previous employment? It's not a race, it's not a sexual preference, it's not a gender... It's an indicator of ethics.

Trust? (0)

Anonymous Coward | 1 year,9 days | (#44613647)

Why should anyone trust anything the NSA says to begin with?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>