Appendix E
Additional miscellaneous things you might want to look up:
- Mutexes
- Semaphores
- Multithreading
- Markov chains
- Tail recursion
- Vulnhub
- nload
- bmon
- Java Spring MVC
- Windows Terminal
- Cygwin
- A/B testing
- The movies Sneakers, Hackers, WarGames, and Revolution OS
- HTML canvas
- XAML
- Bit shifting
- Bootloaders such as GRUB or rEFInd or rEFIt
- Magic numbers
- StringBuilder
- Discrete structures/combinatorics
- RedHat OpenShift
- IBM Cloud
- Ansible
- Vagrant
- Docker Swarm
- Closures
- Mixins
- iftop
- Traits
- Jira
- Confluence
- Webpack
- Redux
- JBoss
- ncurses
- Reverse proxy
- Failover cluster
- High availability
- ERP: Enterprise Resource Planning
- CRM: Customer Relationship Management
- Software pipeline
- Supply chain
- Dependent types
- Constrained types
- Tree traversal algorithms
- Tree inversion
- Approximation algorithms
- Metacircular evaluators
- MetaObject protocol
- Purely functional data structures
- Cellular automata
- Automata theory
- Computability theory
- Closures
- Bioinformatics
- Lazy evaluation
- Higher-order functions
- Formal methods
- Formal semantics
- Complexity theory
- Graph theory
- Compiler theory
- Coding theory
- Robotics
- First-class functions
- Homoiconicity
- Self-modifying code
- Concurrency
- Computational geometry
- Code as data
- Fractals and chaos
- Bayesian classifiers
- Neural networks and machine learning
- Combinatorics
- Optimization
- Markov generators
- Computer organization and architecture
- Pperating system concepts
- Information theory
- Theory of computation
- Type theory
- Distributed systems
- Human-computer interaction
- Computer vision
- Automated reasoning
- Evolutionary computing
- Natural language processing
- Game theory
- Data visualization
- Data science
- How to reverse a linked list
- How to invert a binary tree
- How to reverse a string
- How to clean up a switch statement
The point of including stuff to look up on your own is to firstly show that there are too many concepts to cover in a single book, and also to get you in the habit of learning things independently. You don’t always need to read an entire book about a subject, but a big part of being a software developer is being able to google effectively, reading articles, wiki pages, official documentation, video tutorials, or even self-paced cheap online classes – all to learn new things. Technology is always changing, so you need to constantly learn new things. I personally think it’s good to have a list of stuff to look up. Then, in your free time, you can look up some of those concepts.
If you want to learn more about IT-related stuff (which is not the focus of software development or this book), I wouldn’t recommend spending too much time on it, but here are some things you might want to look into:
- Certifications
- CEH (infosec)
- CISSP (infosec)
- OSCP (infosec)
- CompTIA A+
- CompTIA Server+
- CompTIA Network+
- CompTIA Linux+
- CompTIA Cloud+
- Cisco CCENT
- Cisco CCNA
- Cisco CCNP
- Cisco CCIA
- Microsoft MCSE
- Amazon AWS Certified DevOps Engineer
- WSUS
- PXE (pronounced “pixie”)
- NetBIOS
- Acronis or Clonezilla
- Active Directory
- Lightweight Directory Access Protocol
- SMB
- Backups and versioned backups
- ZFS snapshots (and how they can protect against ransomware)
- Separate admin accounts
- Hypervisors and virtual machines
- Server
racks and Us (the unit of measurement for server sizes, i.e. 1U, 2U,
3U, or 4U)
- Rackmount server hardware is typically 19 inches wide and 1.75 inches per U (so 2U means 3.5″ tall), even in countries where they use the metric system instead of imperial
- Windows Server
- IIS
- Remote Desktop
- VNCs
- SSH and telnet (telnet is old and insecure, but you might encounter it when dealing with legacy tech)
- Disk imaging
- Routing
- Switching
- Subnetting
- Firewalls
- Wireless access points
- Patch panels
- Patch cables
- Patch tuesday
- Cable testers
- OSI and TCP/IP
- Bash
- PowerShell
- Windows Management Instrumentation
- Msconfig, WMI, and other useful tools in Windows (you might occasionally use Linux or macOS on workstations, but Windows is the most common in the enterprise – not counting servers, which often run Linux)
- AutoRuns
- Process Explorer
- Disk management
- AppLocker
- Thin clients
- Packet captures in Wireshark
- Project management
- VoIP/PBXes
- Endpoint protection software
- Deployment
- Deep freeze software
- KVMs
- Microsoft Office (Word, Excel, Powerpoint, Outlook, and sometimes Access)
- Roaming wifi
- FTP and SCP
- Application whitelisting
- DNS
- Outlook
- Microsoft Office
- Office 365
- G Suite
- Desktop and server hardware
- Projectors – sounds simple, but when you’re in a big classroom or meeting filled with people waiting for you to fix it, it can be stressful unless you’re well-versed in it
- VLANs
- RAID
- RAID1, RAID0, RAID10, RAID5
- ECC RAM
- Network printers
- Security perimeter vs. cloud or BYOD
- NAT
- Web-based interfaces for configuring devices (such as routers, switches, printers, and more)
- Phishing
- Kerberos
- Local accounts vs. domain accounts
- Network-attached storage (NAS)
- Storage Area Network (SAN)
- Security – malware, exploits, software updates, misconfigurations, password policies, and more
- Incident response
- Corporate VPNs (not the same as consumer VPNs)
- Updates and staging servers
- Building an OS snapshot
- Software licensing and SLAs – when I refurbished computers at a place called PRC, we’d use the same image for every refurbished machine, but then you’d have to put a new license in for Windows. But because of having a special agreement with Microsoft, because of dealing with bulk licenses and also being a non-profit, PRC paid very little for each Windows license.
- IT should not interfere with business processes – companies use tech to get things done. A company doesn’t exist just for the sake of using tech.
- Preventing single points of failure
- Data destruction, such as if a company gets rid of their old computers, but they had customer data on the hard drives, and they want to nuke it so people can’t go dumpster diving to steal private company/customer data. DBAN is a good solution for this.
- Budgeting and reports
- Database administration
- Email servers
- Web servers – from an administration standpoint, not a development standpoint (security, updates, reliability, etc).
- Inventory and asset management – what are all the devices and accounts on your corporate network?
- Logging and monitoring
- Troubleshooting
- BIOS/UEFI
- BIOS flashing
- Data Loss Prevention software
- Monitoring software on employee computers
- Booting a computer from a network location rather than a local hard drive or SSD
- Copper and fiber cables
- Electrostatic discharge (ESD)
- What it means to be properly grounded
- PDUs
- Cable conduits
- Cable management
- Data recovery
- Computer repair
- Wireless site surveys (finding deadspots or signal attenuation)
- Captive portals
- Ransomware and other threats
- Rate limiting
- Geoblocking
- Basics of Windows, macOS, Linux, Android, and iOS
- AAA: authentication, authorization, and accounting
- CIA: confidentiality, integrity, and availability
- Wireless concepts
- Different versions of wifi (802.11b, 802.11g, 802.11n, 802.11ac, 802.11ax)
- Routing protocols
- IP and MAC addresses
- Upgrading hardware
- Planning and rolling out new deployments, such as replacing old computers with new ones
- Types of cables and ports
- Hotswappable drives and AHCI
- Identifying and fixing performance bottlenecks
- Looking at S.M.A.R.T. data on a drive to see if it’s failing
- Drive cloning
- Drive mirroring, striping, and parity arrays
- Rebuilding an array after a drive failure (such as in a parity array)
- Tape drives
- QoS
- ICMP and dashboards that can aggregate ICMP messages
- Sources for enterprise or IT professional tech news (such as The Register) – not consumer tech news! https://www.theregister.co.uk/
- Telling people not to write their passwords on sticky notes and other low-hanging fruit like that
- How to talk with people who have a tech issue that they can’t describe well (helpdesk communication)
- How to have the patience of a saint (helpdesk headaches)
- Lots of small but useful miscellaneous tech skills, such as using a command line checksum tool to verify the checksum of an executable you downloaded, and then comparing the checksum to the one it’s supposed to be to make sure you’re not using a trojanized version of something. VirusTotal is good too, but not for private documents, as people who use the VirusTotal API can see what people scan/upload there.
- Forums, wikis, and other documentation or help sources you can use when you encounter a problem that you don’t know how to fix. Keep in mind that, when I say forums here, I don’t mean fun social media stuff. I mean there are forums specifically dedicated to discussing enterprise tech and the issues that can come up. Software developers have Stack Overflow, and there are some similar things for IT professionals, though it’s often vendor-specific. Server Fault is a good general place for IT questions and answers, but it’s by no means the only thing to look into.
I got part of an IT degree before switching to computer science. You don’t need to be an IT expert to be a software developer though, but if you want to get into more DevOps-centric positions, or just if you want more well-rounded knowledge of technology, it can be good to learn some of these things. But it’s not required for a software developer to know system administration stuff.
Types of security software used in organizations (not home settings) that you may or may not want to look up:
- Antivirus
- IDS
- IPS
- Firewalls
- SIEM
- Data Loss Prevention (DLP)
- Ticketing systems
- Canaries
- Dummy data
- Honeypots
- Dashboards
- SOCs
- VSOCs
- IAM – Identity and Access Management
- Threat intelligence
- Endpoint detection and response (EDR)
- Blacklists
- Whitelists
- EMET anti-exploit
- Sandboxes
- Deep Freeze
- Corporate spyware for monitoring employees
- Security dongles
- Authenticators
- WSUS
- Encryption software
- Incident response
- Corporate VPNs
- AccessData FTK
- Data destruction software
- Web filtering
- Host-based vs. network-based
- Heuristic analysis
- VirusTotal
- Spam filtering software
- Imaging/reimaging
- TPM
- Kernel security modules
- Automatic pen testing tools
- Certificate pinning
- Logging and monitoring software
- Log analysis software
- Automatic alerts
- Web application firewalls
- Internal SSL for within a LAN
- Private cloud
- Disabling word macros
- Email attachment scanning
- DNS servers that block malicious domains
- Traffic analysis
- NAT
- Pen testing tools
- Red team assessments
- YARA rules
- Deep packet inspection
- NGFW – Next Generation Firewall
- Dark web monitoring