What level of access/trust do you demand

[kent_dorfman766]

I started my career managing UNIX servers and network infrastructure for development projects at some of the big UNIX shops. At that time we essentially worked "for" the development staff, servicing their needs with regard to systems provisioning. When I shifted from pager-monkey to the development world in mid career I expected the same consideration I gave as an SA, but I've noted over the past 20ish years that the paradigm has drastically changed to an environment where the dev staff is subsurviant to the IT staff. As I move into the quasi-retired phase of life I'd like to bettwer understand how far things have slid, beyond my own experiences.

This poll is not about justifying a particular position, as much as it is merely about understanding how much restriction/control professionals will tolerate in 2023.

 

[Tecuma]

I am working for a big company (140.000 employees, global offering of products and services) as a mix of technical project leader and developer.
We have several internal IT departments with separate roles. Together they offer an internal lab infrastructure and services (GitLab, Jira, Confluence, Firewall, virtual machines). I have to be happy what they offer . In general it works. In case of problems you have to create tickets and wait until it is fixed. Rules of a big company.

 

[zirias@]

an environment where the dev staff is subsurviant to the IT staff.

I think that's a gross misinterpretation. In an IT organization, development and operations work together to deliver products (sometimes software, nowadays more often hosted services), and it's always operations supporting development with what's needed infrastructure-wise for the products.

Whether you as a dev administrate your own workstation has nothing to do with that. What developers often need is tools, often ad-hoc, to create something new, to test something, whatever. The organization might want operations to stay in full control of any software installed anywhere, but then, it's just more work for operations to fulfill all the individual needs of developers on all their workstation machines timely.

Therefore, you also see a different model quite often: There are templates to quickly provision a developer VM with all the standard tools, these VMs go into an isolated network segment and the developer gets full admin privileges on "their" VM to additionally install anything they might need. Less work for everyone and still controlled.

 

[kent_dorfman766]

I think that's a gross misinterpretation. In an IT organization, development and operations work together to deliver products (sometimes software, nowadays more often hosted services), and it's always operations supporting development with what's needed infrastructure-wise for the products.

Whether you as a dev administrate your own workstation has nothing to do with that. What developers often need is tools, often ad-hoc, to create something new, to test something, whatever. The organization might want operations to stay in full control of any software installed anywhere, but then, it's just more work for operations to fulfill all the individual needs of developers on all their workstation machines timely.

Therefore, you also see a different model quite often: There are templates to quickly provision a developer VM with all the standard tools, these VMs go into an isolated network segment and the developer gets full admin privileges on "their" VM to additionally install anything they might need. Less work for everyone and still controlled.

So rather than giving me a monolog that supports your position, why not answer the poll question? Don't make me guess...

 

[kent_dorfman766]

I am working for a big company (140.000 employees, global offering of products and services) as a mix of technical project leader and developer.
We have several internal IT departments with separate roles. Together they offer an internal lab infrastructure and services (GitLab, Jira, Confluence, Firewall, virtual machines). I have to be happy what they offer . In general it works. In case of problems you have to create tickets and wait until it is fixed. Rules of a big company.

so answer the poll question above.

 

[Tecuma]

I already had before writing my post. May I had forgotten to press the cast button

 

[cracauer@]

I spent much of my programming life in performance and stability work. I always had physical machines with hands-on access so that I could mess with the BIOS, the disks etc.

 

[yuripv79]

I have entire lab of different h/w at work, but as it's remote and introduces the lag (whatever small it is, it's still noticeable), I prefer to have my development VMs on ESXi that is "under my bed". Lab hardware is used only when I need to look into costly-and-uncommon-hardware-specific issues.

 

[zirias@]

So rather than giving me a monolog that supports your position, why not answer the poll question? Don't make me guess...

I think my very first sentence clearly explained why I don't

 

[Jose]

I also work for a large organization. I recently had a director in our IT infrastructure complain that my group was treating his "like a vendor". I felt like replying that I actually expect a lot less from vendors because of the high standards our organization is supposed to have. I refrained.

Unfortunately as companies get larger they get bogged down with these fragile flowers who are more worried about people being "nice" than getting things done. Mind you, I never make personal attacks at work (that would be unprofessional), and I learned long ago to stick to a recitation of the facts when reporting a problem. Nowadays you can't even do that if the facts are considered to be too damning. You're supposed to ignore the elephant in the room but still find solutions to the structure collapsing because of the weight of the pachyderm.

I used to get upset about this sort of thing when I was younger. Now I get paid a lot more, am nearing retirement, and can't wait! Let the children play. I'm mostly checked out.

 

[Phishfry]

My place if you demand anything they will show you how valuable you are.

They demand respect and they pay a good salary.
I don't have an IT function but I have to use the assigned systems for shop management.
I don't touch anything. I am a machinist. The IT guys use Desktops2Go (possibly citrix customized) with Microsoft Outlook for corporate email. Adobe crapola on pdf open irks me. I did install Sumatra.
I gave up preaching to these folks.

(My interaction with Desktops2Go):
I want to cleanup my Windows startup menu because Quickbooks updater is connecting everytime I login and I don't even have Quickbooks on my VM.
(Talylor from Tech Support)
Let me check with Joey your IT guy to see if he will approve this request. I will call you back.

2 hours of fuming and I finally get an email from Taylor. Sorry. Your request has been denied by IT.

So I immediately call IT Joey whom I know. Friday of course he is not in the yard. He blows off my call.
Around 4 hours later he calls me back to tell me he can't change my VM. All of them use a base image.
Blah Blah Blah.

All I could think of is Monday morning every desktop in the shipyard is trying to connect to Quickbooks updater.
Stupidest interaction ever.

What do you do? Pure ignorance.

I had worked on tons of peoples computers hoping to land the job back in the day.
It was given to somebodies son.

Signed disgrunted windows virtual user.

 

[ralphbsz]

For context of your question, let's assume that the poster (the person responding to the survey) is a professional software engineer, meaning a person who gets paid to develop software, commonly called "programming". At least that is part of their job.

Your question the breaks down into a large set of connected but independent questions:

• Do you get provided a work machine (typically a laptop, sometimes a desktop), or do you have to bring your own, or a mix (you can get one, but can also bring your own)? If you bring your own, what are the restrictions on model / OS / and so on?
• Do you actually do development (compile, link, run) on that machine, or do you use it solely to access resources that are in the backend? The backend could be a group server, a computer lab, or a cloud-like cluster. Note that the answer may very well be hybrid, with editing on the front-end, but running and testing on the back-end. Or for tasks like CAD and data analysis, graphics and editing may be on the front end, processing on the back-end.
• On the work machine, do you have freedom to install software, and modify configuration? Perhaps the work machine is one that doesn't even make that possible (like a Chromebook).
• Who manages the work machine (updates, configuration, OS installs)?
• Do you have root access on the work machine? Note that this is not identical to the previous two questions: You may have root, but are only allowed to run certain configuration, install certain OSes, and chose applications from a list, or even from an internal install server.
• Can you use your work machine for minor personal tasks? Like on the lunch break read the news, or check the stock price, or read your personal e-mail to see whether your kid is throwing up in childcare?
• If you use one or more back-end machines, same set of questions: Who installs, who configures, who has root?
• There will be storage of some data on the machines of the employer. That might be user or customer data, which brings up lots of data protection rules and regulations. It might even be specially protected, such as military, intelligence, or medical data. Does having root on a machine (either front-end or back-end) imply that you can read such data? How about deleting or modifying it?
• Think about a workplace such as Amazon, including AWS. If someone had "universal root access" on all their servers, that would mean this person would have the capability of finding out who ordered what merchandise on Amazon, who reads what books, and what AWS customers do and store. Note that when I say "root access", in the real world this is a much more complicated question than "user process with user ID = 0 on one Unix machine". There must be people who do have root access (or equivalent) to administer things, but that access is likely very restricted and watched.

I think the bottom line is this: In most cases, developing software does not require the right to modify machine configuration (with the exception being kernel and performance work), nor does it required unfettered access to data. In some cases, it does. With great power comes great responsibility. I know people who have ultimate access in places like the NSA in Maryland, AWS, and Google Cloud. I think they would consider the questions asked at the top of this thread to be very silly.

Let me give you a way to explain this in the auto world (brought on by a recent thread): "I am a car mechanic. I know how to fix and modify cars. That means that I am allowed to perform any modification, even illegal and unsafe, to my car and any others, and drive it in violation of all traffic laws on all roads. I don't have to worry about speed limits or read traffic lights, because I understand how a hydraulic poppet works. I can paint cars any color, even if the car is owned by one of my customers, and was only in my shop for an oil change." If someone made this statement, we would think that they are at least insane, more likely criminal. If someone said "I work as a programmer in a big hospital. I need root access on all servers, so I can install my favorite emacs macros on all machines, and so I can check any file stored on any disk whether it might be more compressible with gzip versus bzip, even if that file is the X-ray picture of a patient's behind." For some odd reason, in our software engineer culture, the first part of that statement (the one with emacs macros) actually gets some traction.

 

[kent_dorfman766]

Unfortunately as companies get larger they get bogged down with these fragile flowers who are more worried about people being "nice" than getting things done. Mind you, I never make personal attacks at work (that would be unprofessional), and I learned long ago to stick to a recitation of the facts when reporting a problem. Nowadays you can't even do that if the facts are considered to be too damning. You're supposed to ignore the elephant in the room but still find solutions to the structure collapsing because of the weight of the pachyderm.

Ain't that the truth!?

Managers used to hate how well I kept records because I would frequently call them out on stuff. Somewhere down the road the lines of reality got distorted, as you allude to, "ignore inconvenient facts". I think this trend started about the time GW was giving the Jedi mind control mantra "There are weapons of mass destruction...There are weapons of mass destruction"

 

[kent_dorfman766]

1) They demand respect and they pay a good salary.

2) So I immediately call IT Joey whom I know. Friday of course he is not in the yard. He blows off my call.
Around 4 hours later he calls me back to tell me he can't change my VM. All of them use a base image.
Blah Blah Blah.

1) Interesting that you described the dynamic as essentially them buying your respect, but no converse of them respecting you...pretty much what is the norm in modern business.

2) This is pure laziness on the part of IT orgs, and is a key reason why I have no use for them. There is no reason they can't serve you as an internal customer and give you what you need. As I stated in OP, IT orgs have way too much power and are not serving anymore.

 

[Phishfry]

Not only is our IT unsupportive, Desktops2Go is a product from a local company.
So they outsourced our infrastructure to the cloud.
Call the cloud guys. We want to work from home (IT guys).

Imagine every email from your corp going through Microsoft servers.
Imagine every PDF that you org has is known by Adobe.

Ludicrous

 

[kent_dorfman766]

Not only is our IT unsupportive, Desktops2Go is a product from a local company.
So they outsourced our infrastructure to the cloud.
Call the cloud guys. We want to work from home (IT guys).

Imagine every email from your corp going through Microsoft servers.
Imagine every PDF that you org has is known by Adobe.

Ludicrous

I lived under that nonsense at my last contracting gig, which is one of the reasons I quit. The IT manager was a lazy POS kid who wanted everything to be a self-managing cloud app so he could avoid any responsibility. He expected me to do embedded systems design (hardware up thru UI) on a locked down windoze/azure craptop with a 10 inch display (I'm 56 and wear bifocals). He was livid that I refused to and did all my work on my home network under my own infrastructure and since he wouldn't make the git repo accessible to my network, I emailed him tarballs of my work.

 

[Phishfry]

I think I could switch 75% of our desktops to open source while saving tons and offering flexibility.
Some office critters will need Windows for Great Plains applications. Rest of place is web stations.

It made me think earlier, Our 4 seats that have Graphics cards assigned cost alot more.
Do they save anything by virtualizing these seats?
I think a Acad workstation deserves a real GPU. I am biased.

 

[kpedersen]

I am in a kind of weird place where I am a university lecturer, govern a bunch of spin-off companies relating to the university (and also do contracting on the side). The IT situation for each is fairly different.

I would say that IT services at the university is fairly stifling. The hardware is *great* (Recent gen X1 Carbons, Thinkstations and previously some HP Z-series). However the Windows image that IT services puts on it is.... defective.

However, we have some tiers of support:

1. Fully managed. Enjoy a broken Windows.
2. Admin managed. Enjoy a broken Windows (with admin privileges, locked bios).
3. Linux (RHEL8) fully managed. Managed by a tiny team, pretty much one guy (though he is effective!)
4. Self supported. You need a good "business case" for this. I.e research requirements (unlocked bios)

In some ways I am disappointed by the number of academics (even in the computing department) who just keep with 1... at most 2. Very few actually opt for 3.

What most technical guys do though (if your business case for self supported is rejected) is use some of the research funding most of us have access to in order to buy your own separate machine and just use that for everything. It does tend to feel a bit wasteful that IT have all these great machines but no-one uses them. I do from the bottom of my heart feel sorry for all of our many, many, many students that have to use the lab PCs on a daily basis. All the pop-ups feel like a 13-year old teenagers PC from the 90s. It is pretty unbearable.

As for the spin-offs, it is actually a bit of a wild west; I don't specifically enforce anything. mac and Linux seem to be king here. Finally for my contracting, I tend to use OpenBSD (I prefer the graphics stack) but ultimately have build servers to target whatever the client requests. My main one runs FreeBSD because I can target almost any platform from the single OS.

 

[kent_dorfman766]

Would be nice to have enough respondents so that the data isn't just statistical noise. 200+ viewers and only 13 respondents. Folks seem more interested in debating than just adding to the quantifiable data pool.

 

[Jose]

Probably because it's a tradeoff involving several factors. There's no one neat little box that expresses what I would do in every situation. I picked the one that has applied most often in my career, but I've been happy with other experiences, too.

I was tempted to say that I would deal with whatever if you paid me enough, but that's not true. It is however true that compensation is a big part of the tradeoff. I'm willing to put up with a lot more nonsense if the money's good.

 

[kpedersen]

Probably because it's a tradeoff involving several factors. There's no one neat little box that expresses what I would do in every situation.

Indeed. I did the vote but as posted, there was no real option that suited my specific use-case.

Perhaps the vote would be more fitting for a Likert scale approach of "on a scale of 1 to 10, how hard do you push to be able to self-manage your underlying IT layers".

 

[ralphbsz]

Would be nice to have enough respondents so that the data isn't just statistical noise. 200+ viewers and only 13 respondents. Folks seem more interested in debating than just adding to the quantifiable data pool.

The few possible answers in the poll are too coarse to make this reasonable. Thinking about my last 3 jobs, neither fit the options. Reality is more fine-grained and complex.