They built a rube goldberg machine without any thought to how they would maintain it or upgrade it.

Which describes every large software project implemented by a non-software company, ever.

Until you realize that this will also put a moratorium on things like privacy laws, as well as put a hold on any action regarding things like bandwidth caps, net neutrality, and copyright enforcement legislation. That may be good or bad, depending on how we're represented, but I'd rather have the debate in congress, rather than have them be forced to sit idly by while the incumbents go unchecked.

Back when GoDaddy was publicly in support of SOPA, I moved away from them. Ended up saving a lot as well.

No regrets.
 

Your distro will have a regular patch channel that will address most vendor-introduced vulnerabilities. Patch religiously, and often. At least once per week. It's not like you're responsible for SLA's or regression testing. If you somehow uncover a bug when you patch, muscle through it, and keep going.

Use a firewall and only expose necessary ports. Protect the ports with strong authentication, encryption where applicable, and possibly a reactive blocker such as fail2ban to keep the script kiddies at bay. If you must run an external SSH server, run it as a seperate process, and only allow key auth, and only for a single user.

Get on whatever mailing lists or errata lists support your distro and apps, and try and keep up with them. If your apps are maintained as source, try and use the repos to update your apps instead of just relying on standard stable packages. You'll get bug fixes faster (probably bugs as well. See above)

Use something like logwatch and read the daily mails.

Also use something like rkhunter to alert you in case something changes.

I really wish I had mod points for this. Thank you, sir.

You sound like you're endorsing living a life with no roots, no community involvement, and no long-term commitments. Seeing the world and its cities and cultures is a really cool experience, but eventually most people like to settle down and do things like have families, hobbies, and own possessions that don't have to fit in a suitcase.

The career-long road warrior mentality directly contradicts with the need most folks have for being close with extended family, laying down roots in a community, or having long-term friendships with close physical proximity.

Working hard may give you a sense of purpose, but trivializing work-life balance will only isolate you.

Since you're a member of the 4-digit ID club, then you may just be old and gray enough to have survived more than 10 of them. Are you functional or technical?

This says less about Sony, and more about the judge in the case. According to several ratings websites, Hon. Joseph Spero is pretty new to the Magistrate bench, and has the reputation for being predisposed to siding with government and business 100% of the time. Hopefully there will be an injunction and appeal coming soon on this.

Most cable and DSL ISPs offer a small business plan for exactly what you are doing. You get static IP addresses, reverse DNS, and no blocked ports. This should really be a non-issue.

Also, most of the time, small business IP ranges are outside of the ISP's regular dynamic range, so your chances of being on a RBL are significantly lower.

Mostly, except in very small organizations, there are several implicit safeguards to keep any one person from doing evil with the systems. They are subtle, but effective.

Peer review: Most sysadmins are hired by other sysadmins, or at the very least a technical manager. This means that you are hired based on your skills, reputation, track record, and demonstrated attitude. This means that ideally, you wouldn't even *think* about intentionally subverting a system, because that would mean breaking it or compromising it in some way, and most professional SA'a are simply too OCD to allow it.

Business continuity: Most organizations have several layers of continuity in place, such as disaster recovery scenarios, system snapshots, monitoring, and auditing. This means that unless you are VERY subtle, or work for an entirely incompetent team, you WILL get caught, and the damage will be minimized as you are being put into a police car, never to work in IT again.

There are no "indispensable people:" If you are a sysadmin, and you are the only one who knows your systems, you have not done your job. Every system and app should be documented, and there should be accountability for every change and decision.

No technical solution will ever replace good management and planning, and a design that eliminates the vulnerabilities of a system to rogue sysadmins, will also eliminate its flexibility. It's just a lot cheaper and easier to try and run a good shop.

I'm guessing your work email address ends in .edu?

If you're like most IT managers, you probably have a budget. Which is probably wholly inadequate for immediately and elegantly solving your problems.

Look at your company's business, and how the different offices interact with each other, and with your customers. By just upgrading existing infrastructure, you may be putting some of the money and time where it's not needed, instead of just shutting down a service or migrating it to something more modern or easier to manage. Free is not always better, unless your time has no value.

Pick a few projects to help you get a handle on the things that need more planning, and try and put out any fires as quickly as possible, without committing to a long-term technology plan for remediation.

Your objective is to make the transition as boring as possible for the end users, except for the parts where things just start to work better.