Why are developers some of the most IT inept users?
Posted by sccm_sometimes@reddit | sysadmin | View on Reddit | 477 comments
I can grasp why doctors, lawyers, and college professors are consistently the top-ranked Dunning-Kruger effect winners with anything IT related. "I have a PhD and my 12-year old nephew does computers, how hard could it be?" But what really surprises me is how IT illiterate most developers are, especially when considering many of them come from a Computer Science background.
It's not a generational or a recent phenomenon either - from the boomers to the zoomers it's the same conversations each time just with slightly different tech stacks.
-
"I need admin permissions."
-
Why?
-
"So I can use my development tools"
-
Which tools do you require?
-
"VS Code and Python..."
-
They install into your user profile AppData folder. You can install/modify/run them all without admin access.
-
"But what if I need a new tool that does require local admin?"
-
All approved applications are available in the Company Portal and they'll even apply our standard settings so you won't need to customize the defaults.
-
"VP of Engineering: This is urgently impacting our work and interfering with the production release schedule.*"
-
The last time we granted one of your direct reports admin permissions they set off multiple security alerts because the "developer tool" they downloaded for critical project work was actually Chinese malware.
-
"The patches you pushed broke my software, now I can't work!"
-
No, the vendor finally deprecated the feature which they announced over a year ago and you/your manager received 5 separate emails about in advance. Example: Microsoft killing off Internet Explorer.
Or better yet: there's a typo in your command, you're using the wrong syntax, you forgot to include an escape character.
At least when the summer interns make the same inquiries, they don't have the same level of hubris in terms of thinking they know better than you. It feels like teaching a child why drawing on the wall is bad when we repeatedly have to explain to professional coders with years of experience why they shouldn't disable security features just because they sometimes get a prompt they have to click OK on. Or how code-signing certificates work and why they should use them. Or that they're not allowed to install 20-year old software just because the vendor told them Java versions which weren't released by Sun Microsystems aren't supported.
jonathon8903@reddit
I started out my career in IT and migrated over to becoming a developer.
I don't exactly disagree with you. I've had to be the one shouting from the rooftops about security at times among my team. In development spaces, security beyond basic application security doesn't appear to be a primary concern.
However that said, highly restrictive environments do frustratingly slow down development work. It's not unexpected to be thrown a task in the middle of a sprint which requires a new tool to be downloaded that might need admin permissions. If you are stuck waiting on IT who doesn't have the care or bandwidth to hurry up and help you, that two day task suddently takes you over a week to do.
Overall I think everyone has done well with the way our company handles things. We get local admin on all our computers and it has endpoint AV. It is sometimes annoying and creates issues but far better than waiting on our IT team to have to field everything we need.
lol Truthfully, I use a piece of software that was released around 15 years ago by our hardware vendor. As far as I know, it hasn't been updated since. It's annoying to me because I have to install Java whenever I need to use the application. That said, it does at least run using the latest version of Java. But this was hilarious to me just because it was relatable.
sccm_sometimes@reddit (OP)
Very nice to see that perspective from both sides!
Many of the issues we see usually arise from developer culture, which to be fair is the responsibility of leadership - not individual developers. If something is worth doing, it's worth doing right. Something gets implemented as a "temporary workaround", then it gets forgotten, the person that wrote it leaves, and no one dares touch it for the rest of eternity out of fear of breaking something.
We tell people all the time that they need to encrypt their data at rest and in transit, even in Dev/Stage environments. Because if you push it to Prod and the encryption module isn't working, that's how the company ends up in the news with a multi-million lawsuit for data breach.
The most difficult part is getting users to understand why security restrictions exist, which is usually to protect everyone from accidental whoopsies. These conversations usually go like, "I know the vendor said you could just upload our company data to their Google Drive, but you'll have to upload it to our secure portal instead and they can download it from there where everything is audited and logged."
alluran@reddit
Tell me you've never worked in a department that generated a sellable output without telling me you've never worked in a department that generated a sellable output.
rahga@reddit
No. Developers build software that generally runs on hardware.
Walling off parts of a developer's computer is like asking a tire shop employee to change a tire without a tire iron or impact wrench. They see is as stupid and unnecessary for a reason.
Deathra9@reddit
Nothing is as permanent as a temporary fix that works.
That being said, this is where leadership needs to make a decision and brief everyone on what risks to accept. First thing that security needs to acknowledge is that they cannot mitigate risk, only shift to a different risk. Every security control results in risk to productivity, and this actually has to be properly balanced.
If your organization needs to be an industry leader, then security needs to be flexible. If the org needs security first, then leadership needs to accept the slowdown this creates, i.e. month long sprints with a month+ process to push to prod, instead of the usual two week cycles.
Arudinne@reddit
There's a lot more to security than encryption, but that's definately a starting point.
https://www.theguardian.com/world/2026/feb/24/spanish-engineer-smart-vacuums-remote-control is a good example.
DaftPump@reddit
This should be a management cooperation really. If a careless dev causes a security breach it's egg on IT's face....as well as their mess to clean up.
webguynd@reddit
Dev environments shouldn't be set up to be in a position to cause a breach, especially with recent supply chain attacks.
Hot take, but they should also have local admin on their own machines (at least, as a separate account they can elevate to, not their main login).
Where you restrict access is prod. They should have their own isolated dev environment on AWS or whatever, DBs populated with dummy data that simulates prod, etc.
You don't overly restrict like they are regular users, you assume breach and minimize the blast radius.
All the horror stories come from devs having keys to prod. That's the error, not local admin. But, doing it that way, with good a good DevSecOps org is expensive, so good luck getting management buy in.
Breezel123@reddit
And then
That is an oxymoron, not a hot take.
dinnerbird@reddit
There's a part of me that believes that Java is only still relevant on the desktop because of Minecraft
AdministratorThree@reddit
It's a large contributor to Java's relevancy even today, for sure. Myself and many other IT folk only got into computing because they modded minecraft in the 2011-2015 era.
AFlyingGideon@reddit
This makes me sad. One of my kids entered the Java world this way. Alas, he defected to C#.
His older brother has also moved away from Java, but to Python. That's okay with me.
dinnerbird@reddit
I remember having to do open heart surgery on the core Minecraft JAR file back in those days. Yikes
TYGRDez@reddit
I never wrote mods myself, but I definitely remember needing to delete the META-INF folder...
ManyInterests@reddit
This. At the end of the day, the tradeoffs are a business decision. The user access level of an individual user endpoint (esp for a highly technical role) is usually not going to be what makes or breaks your overall security posture. But restricting software installs definitely will slow the business down. You also have other ways to help mitigate the risks without slowing things down that make the business tradeoff more balanced.
I've never been issued a daily driver laptop without local admin access, ever. The endpoint security can still be overbearing in other ways, and IT still audits installed software, but they don't get in our way of day to day operations.
shitty_mcfucklestick@reddit
One example of a relatively benign but annoying blocker is the Windows firewall prompt. It’ll fire on almost every app a dev uses the first time, like Postman, vscode, Docker, DB client, etc. and needs admin privileges to approve. So a reminder to ensure you pre-authorize all apps in WF or you’ll be doing a lot of Remote Desktop & eye-rolling in your future.
psmgx@reddit
yeah this was my experience. "move fast and break things" hacker culture ship it ASAP, etc. etc.
also a mix of divorce from the day-to-day realities of IT -- they're not doing change requests or remediation -- plus a generous dose of "engineer's disease" knowledge worker BS.
cesarmalari@reddit
As a developer - it's because we think we're smarter than you. Sure, we're not, but we think we are. And we really like going around "showing it off". Sure, we're wrong, but we don't like hearing that, so we just ignore it when you prove us wrong.
On a serious note though - so far today, I've had a UAC challenge for: -
nvm useon windows to switch node versions (though msie looks like an interesting option to replace that) - start/restart SQL Server local service -ShareXupdate installations (though I don't know why - maybe I did the original install globally?) - Install Visual Studio (not VS Code) updatePlus, any situation where we have to develop for something that will have to run as an admin, though those are much more rare these days - probably been over a year since I deployed to old-school IIS or developed a windows service.
Savings_Art5944@reddit
Same as a Microslop Excell user. They can crunch numbers but might be as stupid as a box of rocks when it comes to computers. Computers are just tools.
Does a carpenter need to know how his hammer was made?
According_Jeweler404@reddit
Why does sysadmin culture nurture passive-aggressive condescending neckbeard drivel like this post.
(See how useless stereotypes are?)
N3wAfrikanN0body@reddit
Cause they live in the application layer.
smb3something@reddit
Sysadmins live in all layers. Knowing how everything fits together is a big part of it and developers could use more knowledge there. I'm getting stunning results building apps myself with AI as I know exactly what i want it to do and not do do and what to inclide to make sure meets security requirements.
Rentun@reddit
Most developers have no need for in depth understanding of networking or OS features. That stuff commonly gets abstracted away by the language or framework.
Software development is a ridiculously broad field though. Some devs do have expert level understanding in those areas, since all of the software that runs each of those layers was ultimately written by a developer. It's just much more specialized of a role than system administration is. Sysadmins are much more commonly generalists that don't have expertise in any one area.
Jadithslimrivven@reddit
I'm not saying they need a CCNA or anything. But, holy hell, how do they know so little? Like, how does a web developer not even know what DNS is? I don't care if they know what an MX, A, or AAAA record is, but at least know what it is. I don't care if they know what ranges are Public or Private IPS, but at least know they exist. Jeez, I've had devs put in tickets cause they couldn't install a USB printer. Like consumer grade, bought off the shelf at Staples, my grandmother did this when she was still living kind of USB printer.
Which, to be fair, is not necessarily about that, but rather the combination of hubris and ignorance. They have this knowledge of one little bubble of IT and start demanding all sorts of dumb shit, usually stuff they don't actually need, but they used the root account in bootcamp, therefore it is an absolute must. Sudo isn't standard. I need root or it will be literally impossible to do the project. I need admin access for all time so I can use VS Code.
Meanwhile, you are sitting in a meeting with some security consultants and executives, trying to explain why you can't qualify for a SOC2 certification because the dev team just won't meet all the requirements. They have to have all the passwords in plain text on a file server the entire company has read access to. Their App won't work without it. No, everyone has to use the same account and password cause that's how we made it, so tough. etc.
I don't necessarily blame the devs wholly for this. The education they received simply ignored it. Mostly because that's how it was pre-2000s, basically the wild west. They teach what they know and produce folks who need root access, cause wtf is sudo? Even the application layer security is barely touched on.
Unless there are industry changes, it will remain a problem.
Win_Sys@reddit
Because a lot of programmers don’t need to know. Just like you don’t need to know how to create an object to pass as a parameter so the API or library can create and send the DNS request. I’m not saying this is the way it should be but once the code has done its job, it’s not their problem. I doubt they would expect a sysadmin to know what a particular error code means and what is causing the code to throw that error, right?
Sudden_Office8710@reddit
🤣 yeah they are the farmers. The architect builds the environment and the sys admins tend to the land the architect cultivated. And that’s why sys admins have a limited skill set as well. I find that sys admins and developers have their blind spots so don’t go thinking that sys admins have something over developers that’s why sys admins are paid less than developers. The question is such a load of horse shit.
chaoslord@reddit
I'm not sure where you live but I get paid way more than our in-house developers as the head sysadmin.
chaoslord@reddit
Yeah old developers needed to know the whole stack. Lots of old games were coded in assembler ffs. Now everything is abstracted purposefully, so every dev doesn't need to write a driver to do anything.
traumalt@reddit
To be fair, early days we had shit compilers. Nowadays the compliers can compile much better assembly than any human can write by hand.
MagicWishMonkey@reddit
Sysadmins not understanding why admin is required for a lot of dev work is a pretty big indicator that the knowledge gap is not one sideded...
smb3something@reddit
I've never been one to fully deny devs admin privledges. I totally get why it's needed, just as I need admin access to my own machine at times for tools etc. What I won't do is give them admin under their normal logged in user. They get a separate local admin for privilege escalation if need be. It doesn't give either side 100% what they want, but it's the best compromise I've been able to make. If it was in a bigger org, it might be different but I mostly support smaller orgs that don't have formal approval processes.
falcopilot@reddit
sudo for the win. (Also sudo for Win...)
VMWare Workstation has some nice kubernetes-ish features which are absolutely unusable unless the logged in user has admin rights.
MagicWishMonkey@reddit
If on-demand access works for you, that's fine, I totally agree that you're definitely better off if you don't let people run wild with admin rights on their workstations.
I think the fact that you support smaller orgs might make it easier, too, since I assume someone can just ping you on slack/gchat to request something vs submitting a ticket that will sit in a queue for days on end before anyone looks at it.
smb3something@reddit
I mean, we do have a ticket system, but as we're 'external' IT we have SLAs to tend with so requests don't normally sit. Normally we'd highlight the risks, make suggestions and present that to the listed approver for such things at the client company for a decision.
fearless-fossa@reddit
Pray tell me why I should ever give a dev admin privileges.
They get a container where they can shoot stuff down all they like.
I'm not going to deal with a dev putting a 24h write lock on a prod db over a holiday again.
MagicWishMonkey@reddit
The ability of a dev to connect to your prod db has nothing to do with admin privileges, and the fact that a dev can see your prod environment at all is not great.
It's good that you're in a shop focused around container based development, that solves a lot of problems, but not all orgs work that way.
Interesting_Word99@reddit
Sysadmins love overstating their skills and role in the company.
SevaraB@reddit
People love overstating their importance. It’s human nature, and it’s not unique to sysadmins. Shoot, you can find facilities guys who swear their work is as critical to the company’s brand image as the marketing team.
DesignerGoose5903@reddit
To be fair a derelict building with broken lights would definitely impact at least my image of a company...
xCharg@reddit
To be fair how big % of customers even know how each company's HQ looks? Any company I deal with professionally - I've never been to neither seen on picture how their buildings look like.
music2myear@reddit
This is true. It doesn't even have to be the face of the building either: a poorly maintained bathroom, broken or malfunctioning facilities, poor decorum in the hallways, all these would impact the image of a company to an outsider.
zaphod777@reddit
Not much would get done without electricity and HVAC so they're not exactly wrong.
It's almost like various different departments exist for a reason.
sobrique@reddit
But honestly it's often in reverse order. Look at all the people tagged as 'key workers' during COVID. How many of those are high up in the company rankings?
axonxorz@reddit
Yep, the salesman who thinks he's hot shit forgets that A/R chasing is extremely boring at best, actively unfun at worst, shipping his product doesn't happen without logistics staff.
It takes the whole goddamn village.
Interesting_Word99@reddit
No, but it's certainly a trademark of this sub. Full of martyrs who can't say no and then complain that IT is shit.
fogleaf@reddit
That's who get upvoted anyway. Because others say "Oh yeah me too."
People who have things automated and their job is flowing smoothly aren't going to come here on the regular to say "man things are going great for me. Hey everyone, look how good I look!"
igaper@reddit
You can replace Sysadmins with any other role in a company and that'll statement will be true.
AdmRL_@reddit
Nah, no one quite has the ego of a sys admin except execs and directors, if you ask a sys admin they're the keystone to the business, the only reason it's functioning and god what would they do without such a fantastic and talented employee?
It's honestly quite nauseating the way some people fellate themselves in this sub and the profession more broadly, the comment two above being a prime example.
igaper@reddit
Yeah no one has an ego like people with a big ego 😉 you claim it's a profession trait, I claim it's a personal trait.
sobrique@reddit
I have to say, I think that sysadmins need a measure of 'big ego' to be decent at their job.
Because you're very frequently working with half assed solutions, incomplete information, and systems that are in an inconsistent state.
Without some ego you might go 'this is crazy town, I'm gone!' where with enough self confidence, you'll bodge it until it works anyway.
So I do actually think it's a professional trait of sysadmins (not uniquely so - there's other professions that need it for the same reason).
It's very easy to end up in uncertainty paralysis when you've complex stuff that's broken and no one knows why.
igaper@reddit
Or like me have ADHD and because of that compulsory need to solve every problem that comes across my desk xD
After 2-3 years of that I became very confident in my role, but ego? There's no need for that.
I know I'm not needed, but also I know and I've talked with the board that they won't find one person to take over from me - but they will need 2-3 other people. (Reason for that is that I'm also developer who knows how to write code and I am consumer facing admin as well).
sobrique@reddit
I also have late diagnosed ADHD, and that's also IMO a professional trait - now I know what I'm looking for a I see a LOT of sysadmins with the flags if not the diagnosis!
The reason I'm good at incident response is because every day is incident response.
But I think we're arguing semantics when we're talking about the difference between 'being confident in my role' and 'ego' because the two can be pretty much the same.
Making a call on an uncertain solution - even if you're probably right - requires you to have that confidence.
smb3something@reddit
Yeah, I've met sysadmins / directors / developers etc with that mindset. It's the person not the role.
StandardSignal3382@reddit
DB Admins?
yourapostasy@reddit
YMMV, but I’ve noticed less experienced sysadmins are like that. The more prudently wise ones realize the field is so large now that Socrates’ pithy saying applies in spades, and only effective teams can get it done at scale, depth and high complexity: “The more I know, the more I realize I know nothing.”
Interesting_Word99@reddit
I would agree. The old boys at work are all about remaining as anonymous as they can.
sobrique@reddit
The phrase I've used is 'delegation by least incompetence'.
You don't have to be the guy who knows about $APP. You just need to be the guy that is most likely to be able to fix $APP. And if that's because you've spent 30s more than anyone else kicking it till it 'works' ... well, guess what, you're the SME!
Interesting_Word99@reddit
Yep... that's whats happened to my team and looking after SAP because the BASIS team have slopey shoulders.
NotYetReadyToRetire@reddit
Anonymity meant I could often avoid being swept up in disasters - if the folks in IT (I was a developer in a non-IT department) didn't know about my 40+ years of Windows/Xenix/Ultrix/Unix/Linux admin experience prior to that job, they wouldn't ask for assistance and my weekends remained mine.
There were a select few that I would happily drop hints to if I knew the issue and how to fix it, but most of them got the "joy" of discovering things on their own.
sccm_sometimes@reddit (OP)
Quite the opposite. We're usually much happier in a dark room somewhere quiet so we can tend to our herd of servers. If I could collect a paycheck without anyone at the company except my manager knowing I exist, man what joy that would be.
DonkeyOfWallStreet@reddit
I only want to work at the network layer everything else is meh.
tdhuck@reddit
Same, sysadmin work sucks especially when you have to deal with developers as OP stated.
DonkeyOfWallStreet@reddit
Oh trust me. I know.
I've spent plenty of time banging my head against a wall trying to make progress with network issues in black box environments.
Oh well they just became irrelevant as new technology has emerged. So less stressful.
2boogaloo4u@reddit
Bro help the developers. What is this post? The next step up after sysadmin is devops if youre working for a company that's responsible for its own software. If youre just hosting vendor's apps right now then assist the devs in your environment because someone is pressuring them to innovate and create custom apps for your org. It sucks when it's delayed for days because you don't want to prioritize us and we get stuck behind red tape for some simple access to tools and just want to work.
Interesting_Word99@reddit
Have you spent any time reading the delusions of grandeur on this sub?
ChesterM54@reddit
I think you're projecting
Interesting_Word99@reddit
Hilarious after your last comment.
rimjob_steve@reddit
Most sysadmins I know are just intune/entra people. I’ve never met a good one that knows layers 1-4 if we’re talking osi.
MIGreene85@reddit
Not sure why so many sysadmins lack networking experience these days or if that’s how it always was, but we’re out there
Box-o-bees@reddit
It really varies from company to company really. My first job was for a small software development company. Our sys admin team did everything from architecture, security, networking, to deploying app updates.
It was a great way to learn how an environment works. The people I worked with were extremely knowledgeable.
tdhuck@reddit
That's because the company is being cheap and wants a sysadmin to do everything. A sysadmin is not a network admin just like a network admin is not a sysadmin. I'm not saying they shouldn't work with e/o, share information and have some overlap, but they are not the same job. Sure, in a smaller company they can be, but now we aren't really talking apple to apples.
When IT managers figure out that they need two people instead of one, then maybe things will change.
BTW, things aren't going to change.
Interesting_Word99@reddit
I must say, I have nowhere near the breadth of knowledge our seniors do and am constantly humbled with what they know of all parts of IT.
rimjob_steve@reddit
There’s definitely good ones out there. I have yet to run into a sysadmin that doesn’t cry about the network while not trying to learn anything about it though. I’m sure they’re out there it’s just a rare breed. And the worst thing I’ve heard them say is “I know enough to be dangerous”. Nope. Don’t touch the network please.
smb3something@reddit
I've been wearing too many hats. It's funny cause as the sysadmin you're the pathway between different things. Application not working and vendor blaming the network? Network engineer says its not the network? Well I'll capture the traffic and PROVE to you your application is not doing TLS handshake with current protocols. Sysadmin should have pretty decent network knowledge, maybe not write a cisco config from scratch quickly knowledge, but ya gotta know how the data moves around.
ChesterM54@reddit
LMAO can you tell me another role where literally everything in the company depends on System/Network Administration?
Honestly...
HVAC Monitoring and Controls
Door Locks (Centralize fob security) - runs on what? You guessed it, a server and it requires a network
Security Cameras
Literally every employees Phone
Literally every employees computer
The entire network those computers and phones connect to
The software they run depends on... you guessed it.... a computer and an internet connection
There are some companies our there with sysadmins who, if they abruptly left due to sudden death or injury or layoff - would be completely and utterly fucked until someone else came in with equal or better skills.
goingslowfast@reddit
So you open the wallet and hire that person? Have both been that person, and been brought in as a consultant to find that person.
Interesting_Word99@reddit
Thank you for making my point.
Fallingdamage@reddit
And now that developers dont even need to know how to develop, its going to get a lot worse. You think sysadmins relying on AI output to figure out how to plug in a mouse are bad...
smb3something@reddit
Both IT and Devlopment have long relied on google and the info from others to get their jobs done (stackoverflow). Now that knowlege just sits in an agent. Software development has gotten a lot worse of the years because of the lowered barrier to entry. Mainstream software (Looking at you microsoft) has been sloppy for some time.
Fallingdamage@reddit
Now the answers are simply weighted averages of specific combinations of words you input. The answer is the most likely string of characters based on the input pattern. The AI doesnt actually know if the answer is right or not and the user no longer has the mental capacity to know if its right. They just keep rephrasing their questions until they get an output that seems to work. They dont know why they just know it does.
AGsec@reddit
I'm sorry, but are you saying you're on the same professional/technical level as a software engineer because you vibe coded an app?
smb3something@reddit
No, but I can see how that might be threatening. I'm saying I can meet many/most of the needs I would have previously gone to a developer for myself now at a much lower cost and quicker turnaround. I'm at a fairly high technical level at this point in my career, just different focus area. It all ties together though in IT, so while my coding knowledge isn't as deep as an experienced dev, I've got the understanding of how that code hits each part of the stack (storage, processing, network etc) so it's been working fairly well and the code that comes out runs good (even if a bit hard to read the way AI does things).
Even if I did have the knowledge to write the code myself, I wouldn't be able to do it as quickly as the agents, so I'd likely be moving towards an agentic development flow anyways if I was a software engineer.
Reetpeteet@reddit
You know? I never thought of it that way. Interesting!
INeedSomeTacoC@reddit
And I can use AI to write various IT automation and fix-it scripts.
What do I need IT for, amirite?
smb3something@reddit
You certainly can use it to help with scripts and such for automation. AI has helped speed that up for me, but also expanded the quickly available options to build more complex automation requiring sustained information and logic flows. Both Sysadmin/Dev jobs will still be needed, just done in a different way. Knowledge of the coding languages isn't going to be the big selling point / barrier to development it once was. The valuable skill set is the knowledge of the development process itself of identifying specifications/expectations a framework and then the application itself.
INeedSomeTacoC@reddit
We will see.
The AI companies pitching us dev tools basically all now have prompt generators where you type in pseudo code and then it generates compilable code from it.
If we are at the point where I’m basically already fully diagramming the code and architecture for the AI in a custom constrained language that the AI understands better, then we basically are just right back at software development with an extra intermediate language and associated toolset within the tool chain.
Maybe it’ll take us up to UHLLs (ultra-high level languages) or something, but probably not unless the output is deterministic; which LLMs are generally by design not deterministic.
conspicuousxcapybara@reddit
That’s an insane take, considering HTTP3 / Quic also encompasses the network layer, and you’ll touch that even with the most basic NextJS blog.
calmingchaos@reddit
Fucking lol. No dev on next is actually considering http3 other than “oh neat”. Thats literally all abstracted away with the fetch api.
Ashamed-Ninja-4656@reddit
I think they actually live in layer 8
N3wAfrikanN0body@reddit
Ah, good old meat space lol
Ashamed-Ninja-4656@reddit
The PEBKAC zone
Disgruntled_Smitty@reddit
Or management.
MechanicalTurkish@reddit
The source of all ID-10T errors
killerpotti@reddit
They're the dreaded layer 8 issue. One of the worst culprits at that layer 8
mugenbool@reddit
Yeah pretty much.
“Why don’t these professionals know the same things I know? What are they stupid?”
Droid126@reddit
Yes there's a guy on our dev team that's all about "code as infrastructure" he wanted his own server to run Talos on. Had no idea how to install Talos on said server. Did not know BIOS from UEFI...
It's been three years, he hasn't learned much about the hardware, I have however learned all about Talos, docker, jupyterhub, terraform, azure dev ops, a bunch of python, and I've built several data analytics shaped things. Like a pipeline that ingests papercut data, meter reads, Meraki client logs, and patient visit counts, to build a print report that tracks sanctioned and unsanctioned print as well as an average pages printed per patient metric that we can compare between offices. We found our largest office printed an average of 4.1 pages per visit and our smallest office 23.7ppv.
jpanixix@reddit
and everything below it is someone else's problemand everything below it is someone else's problem
-lousyd@reddit
Like Eloi.
mschuster91@reddit
Might be worth an investigation if the application approval process is worth its salt. If it takes months to run an application through it or requires multiple approvals just to get started... people will go the "shadow IT" route or ask for local admin preemptively.
zezblit@reddit
My current place does this and it's utter dogshit for Devs. MS Intune is constantly uninstalling docker or forcing updates IN FIVE MINUTES BETTER NOT LOSE YOUR DEBUGGING TRAIN OF THOUGHT FUCKO.
Coworker had visual studio partially uninstalled for her, which meant basically a day of debugging the broken uninstall IYKYK.
This isn't even going into the fact that it can take weeks to onboard because software access is so slow, and god forbid we need something less than 5y old.
Local admin solves all that for us, and we get smacked by crowd strike if we install something we shouldnt
alluran@reddit
and sometimes even if we don't 🤣
NoPossibility4178@reddit
Like if you keep declining my browser extensions that make my life easier and after 10 alternatives you're auto declining... I'm gonna find a hole in the system or a workaround and I'm not gonna tell you shit about what I find.
sccm_sometimes@reddit (OP)
Perfectly demonstrating the point of the post. "The rules don't apply to me! My individual needs and preferences are more important than everyone else's!"
timbotheny26@reddit
I'd love to know what browser extension is so desperately needed. The only thing I've ever used is uBlock Origin and now uBlock Origin Lite - they're the only ad blockers I trust.
mschuster91@reddit
React Developer Tools is a must-have for frontend developers, so is Requestly for FE and BE developers. Color Picker is a must-have for frontend developers and UX people. If you deal in accessbility, Accessibility Web Helper. Better History makes Chrome's utterly broken history at least somewhat usable. If you're working with AWS, Switch Roles is a godsend because AWS can't be arsed to improve wrangling with multiple different roles and accounts at the same time.
And that's just those coming immediately to my mind.
timbotheny26@reddit
That's good info, thank you.
Truthfully though, when I talk about the piles of extensions I see being used on personal devices/demanded by users, it's not functional tools like what you mentioned but rather silly, frivolous things that either already exist in their browser, or have absolutely no place in an enterprise environment.
alluran@reddit
I've certainly done tasks where that was useful.
I've had workflows before where I generate a list of links that I need to validate / set a setting on / whatever
Launch them all, then apply change, and close the tab till there's none left.
Opening all at once then closing as I go is more accurate than trying to remember where in the list of 50 URLs I'm up to.
Meanwhile - tell me the exact security risk that is posed by me opening more than 1 tab at a time :P
mschuster91@reddit
If I were to guess: accountants who want to pull up all 50 list items into tabs at once or someone trying to wrangle a highly convoluted mess of Kubernetes containers and logs. Basically, catastrophically bad internal tooling.
NoPossibility4178@reddit
Good for you I guess? I literally gave an example of an extension. What would you do if you had to open 50 links? I'm open to suggestions.
timbotheny26@reddit
Sorry, that was nastier than I intended.
What are you doing where you need 50 links open at a time?
AlphonseLoeher@reddit
You are exactly the worst kind of sysadmin. The kind who follows a concrete set of 'rules' without understanding why they exist in the first place
pspahn@reddit
That's not why they're the worst kind of sysadmin. They're the worst kind of sysadmin because they're also an asshole.
fearless-fossa@reddit
You need sensible and transparent workflows to get applications approved. If people want modern tools because that's how they're the most productive, the company should do its best to accommodate them.
gakule@reddit
Your job is to provide them with a way to do their job safely and effectively using the tools they need. If you deny them that partnership because of your unnecessary lording, yeah, they're going to find a way to do their job.
This goes for any staff member, not just developers.
INeedSomeTacoC@reddit
Hey pot, meet kettle.
NoPossibility4178@reddit
From my view, it's their problem for having 0 compromise when they can't justify why they are rejecting something. I'm not gonna do 10x the work or whatever because some intern looks at something and is like "I don't like it" and no one above him cares. Replace me with AI I guess.
Superbead@reddit
Yeah, the thing OP is missing is that depending on your work, you don't necessarily know what you're going to need to do it. In past jobs I've had requests for eg. installing a local DB engine turned down because of course it's not on the list of approved applications. So the work just had to be held up while my manager argued with the IT manager, and by the time that was resolved, I'd forgotten what I was doing.
Also from first-hand experience: this kind of attitude is absolutely how you end up with a shitload of janky VBA hanging off Excel and Access.
The system we have in place where I am now is good; you just click a thing for about 15 mins of local admin, give a reason, and it gets promptly approved remotely
xCharg@reddit
So you didn't need it at all as it turns out.
Superbead@reddit
No, I still did, but what about what I wrote made you think the job was cancelled?
xCharg@reddit
The part where you've forgotten why you needed a thing. Earth kept spinning at that point right?
Or you had to recall what you need it for, install and use it afterwards? Then I got you wrong.
Superbead@reddit
Yes, the job wasn't cancelled just because the security people fancied an ego trip. I'd started working on something else by then and had to remember where I was up to with the previous work
jackinsomniac@reddit
Our team needed a SQL database server for our work. Nothing big or fancy, just a basic one. But everytime my manager put in the request, it was denied for our team being too small. So, we all used Access and Excel instead.
A few years later we get a email saying Access will be banned org-wide. Cool, so maybe now they'll approve our SQL instance? Our manager went back n forth with them for a few days. In the end, they approved an exception for us to keep using Access.
Superbead@reddit
Utter idiocy to see Access as less risky overall than a well-known DB
sccm_sometimes@reddit (OP)
Sysadmins tends to see the environment as a whole, while Devs tunnel-vision on whatever project their team is working on.
Every company is different, but speaking from personal experience we tend to have 1 preferred product in each category and maybe 1-2 secondary if there is a specialized business need not met by the first one. (MS SQL/Oracle/MongoDB).
Unless you have some kind of top-down standards being enforced, over time dev teams tend to fracture into silos with each one claiming their tech stack is the supreme one to rule them all, without much thought given to how a dozen other applications are going to integrate into the same data processing workflow.
Your team might be working with Java and Postgres, another is using C# and IBM DB2, someone else wants SQLite and Python. The list goes on and on and each project manager gets territorial about it to the point where no one's willing to make a short-term sacrifice for a long-term gain. Just kick the can down the road and let it become someone else's problem.
freebytes@reddit
Your comment demonstrates the same 'hubris' you mentioned in your post. Developers often know what they need to accomplish their job better than someone in IT. Tech stacks are constantly evolving and security updates for their tools are constant.
Superbead@reddit
Well, yes, but we could look at it from the other side where I'm a developer and you're a sysadmin, and ultimately you're there to make my job possible.
Absolutely. The past experience I've had is working in hospitals in the UK, so typically there's a central IT team who looks after all the servers, the network and the PC/laptops, and then individual departmental IT/developers who look after the local applications and develop stuff for reporting, automation and so on. What you need as the latter depends very much on the legacy systems in place.
A lot of the demands I made, for example, were because I was tasked with extracting records from various archived databases for legal reasons. I was essentially reverse-engineering things. We weren't building a product as a company.
MathmoKiwi@reddit
And this is how the company ends up being a decade behind where tech is. Because there is zero chance to explore and evolve forward, as everything is shut down immediately
Because we "have our approved tool" (which was approved the better part of a decade ago, and even back then it was no longer cutting edge)
mschuster91@reddit
The core problem is that often enough, something is considered being "done", there is no budget for more than absolutely required "keep the lights on" stuff.
I've been in shops that were an utter mess because everything used its own stack and frankly, it was a mess. On the DB side: MariaDB, MySQL, Oracle, PostgreSQL, MongoDB - they had it all, and it was a nightmare keeping up with admin work because no team on its own was decently enough in size to afford a dedicated DBA person. On the runtime side it was mostly Java Spring but in different versions, some was built with Ant, some with Gradle, some with Maven. Everyone integrated nodejs frontend builds differently. Truly painful to write usable CI/CD pipelines, not made easier by Maven being an unholy pile of dung. And hosting was even messier. Some had Dockerfiles that were absolutely rotten (think of each apt-get install a separate layer), some had decent Dockerfiles, some were pure JARs/WARs. Some things were built with Jenkins from the pre-DSL era, others used Gitlab, others used Github.
Trust me, you do not want to be the one tasked with cleaning up as much of the mess as possible.
stupidic@reddit
You get 15 minutes of admin, it only takes 1 minute to launch lusrmgr.msc and add yourself to local administrator.
Cooleb09@reddit
CyberArk EPM and most other competent products in that space block that.
TiggsPanther@reddit
It’s the other side of just-in-time and least-privilege that doesn’t seem to get talked about much.
From a purely security point of view, it’s great. But it also means that sometimes you won’t know what access you need (say, if you’re doing something new for the first time) until you hit the brick wall of permissions.
Even if it’s something you do a lot, having to account for any approval process longer than Microsoft PIM (and even that, sometimes) can stop your flow dead in its tracks.
The other problem is that these various security processes are vital but the benefit isn’t obvious.
As a general rule, you don’t see the disasters that were averted. The exploits that failed. The malware that didn’t take hold and therefore, did no damage to company systems or data.
But you do see every damned time what you need to do ends up taking more steps owing to security.
The former is more important but you see (and feel) the lafter.
BrightCandle@reddit
Development also involves looking at various different software at options to determine what it is ultimately you intend to use and what will become approved in the future. If developers can only install approved applications then their job has been severely hampered, it assumes that what they need is completely known and chosen from the outset and I have never worked on a project where that is true.
NotYetReadyToRetire@reddit
I've been on both sides of that battle; I'm a free spirit if I'm the developer, but I'm a tyrant if I'm the sysadmin. Hypocrite? Sort of, but not exactly - my goal was to make MY job easier.
BrightCandle@reddit
I have been on both sides of this as well. There is a reason why devops is a thing and why we hand a good amount of control to development teams to deal with their own operational concerns while also putting expertise into the team.
livinitup0@reddit
The problem is that most of yall just look at what a tool is supposed to do and just download it without a second thought to security, compatibility or any other thing we look at to approve a software and then get mad when they blocked by crowdstrike lol
Then typically they complain to their manager, who complains to mine, who I then remind that we already have an approved tool for whatever the dev is doing. They just “prefer” some random GitHub slop and somehow it’s “vital” to “development”
No offense but your statement about how it hampers devs to only use approved software is EXACTLY why I enforce our approved software policy so rigidly
EVERY security y regarding unapproved software has come from devs. Every. Single. Time.
How many times did those devs actually need those random hombrewed dangerous apps and dependencies they were caught introducing into my network? Not even once.
INeedSomeTacoC@reddit
If yall updated the list regularly and had alternate apps already available, that would be helpful.
We had wanted an alternate to Postman forever but kept getting told “postman is approved, use postman”.
But now that Postman is basically spyware and now not allowed, it’s “the application approval process takes months; just wait”. We’ve been waiting over six months just to be able to do the basics of our jobs again, and the head of IT recently got fired over this.
Like, y’all engineered in exactly zero supply chain redundancy in your approved corporate software stack. I get that makes your job easier; but that doesn’t make me empathetic to your plight. Giving me local admin would make my job easier, but I don’t insist on it because I know it’s a bad idea, they’re just not paying for their bad ideas.
livinitup0@reddit
Oh this is 1 situation ffs
If you need software, and you know it takes forever, plan accordingly. You think I like waiting months for simple powrshell scripts to get approved? No… I plan ahead, escalate properly when needed and deal with it or figure out something else when all else fails …like we’re supposed to.
757DrDuck@reddit
Your golden sticker is in the mail.
INeedSomeTacoC@reddit
Did you miss the point where most IT depts want to support one tool to do the job, not multiple, so despite us wanting multiple as to “plan ahead”, IT says no.
goingslowfast@reddit
This can easily lead to non-reproducible builds and hell when dependency mismatches happen because one dev had the wrong version on their workstation.
Consistency is king in reliability.
bobdobalina@reddit
Pretentious much? you know my settings?
JoustyMe@reddit
I mwan, you have to setup proxy, certs, sources of packages and so on.
RikiWardOG@reddit
certs and CASB pains are so real. GOD I hate it
JoustyMe@reddit
Also local Docker setups with corporate security. And nów security is important but dev cycle was never enginieered in to current Secuirty Policies.
sccm_sometimes@reddit (OP)
I know there's 50 people doing the same work using the same toolset. I doubt you've found a magic combination that no one else's ever thought of.
Silhouette@reddit
(Serious comment, not throwing any shade here.) You might like to revisit that assumption. It's probably wrong and could well be why your developers try to circumvent your approved processes.
For context - I have used three different diff tools so far this morning. And I spent most of the morning in meetings so that was just in a few minutes of actual code review where I wanted to see things three different ways. In the last week I have probably used 20+ different little tools to help with development and related tasks. My colleague who I've just been speaking to probably did the same and with some overlap but several of their chosen tools being different. Developers use a lot of little tools - unless they're constrained to just a standard set of the big names in standard configurations - in which case you will be paying a significant price in both productivity and probably retention.
There are other things that IT groups often miss about how software development actually works in the real world but IME the above is the big one most of the time. I'd say at the moment not providing good supply chain management to cope with the wave of current attacks is likely to be another recurring theme. And there's always the old chestnut of the mandatory antivirus scans of all the temporary files that are generated during routine development work that make running the tools take 3x longer than they need to. It doesn't require being root to overcome these things but it does require the people who have root to be understanding of the practical requirements and very responsive to developer needs.
If your instinctive response to an email asking for the 21st little tool to be authorised/installed is to create a ticket with an estimated 48 hour response time with approval then being a 50/50 shot anyway then things are not going to go well. If your policy is not to exclude anywhere from the real-time malware scans then expect that mail from the CTO.
bobdobalina@reddit
emacs or vim?
altodor@reddit
CodeBlocks is the only approved IDE. We're a Javascript shop? Don't care. It was good enough for granddaddy it's good enough for you /s
RedPandaDan@reddit
Definitely this, I have worked places where IT Security would throw tantrums if they ever thought you wanted to use computers to run software, and god help you if you wanted a port opened. Fuck dealing with all that, just shove everything down port 443 for the rest of eternity.
equationsofmotion@reddit
Yeah I've been on both sides of this (though admittedly my sysadmin skills are now pretty rusty) and IMO tensions like this are almost always structural, rather than personality-driven.
dark_frog@reddit
I think the big personalities drown out the structural problems, in that it's hard to recognize the structural root cause when everyone involved is arguing over something too specific. It doesn't help that but sides often overestimate their own communication skills.
FastHotEmu@reddit
I don't know. It's a mystery like "Why are sysadmins some of the most inept programmers?" and "Who let the dogs out?"
Id_Rather_Not_Tell@reddit
But... Sysadmins don't pretend to be programmers either and understand it's a completely different skill set.
mods_are_lame1@reddit
That’s not true. I got one on my team. Got a Claude subscription and now he thinks he’s Linus Torvalds.
HSuke@reddit
That's a complete outlier in my experience.
danekan@reddit
They do but they aren’t called sysadmins anymore and they make 3x the salary
Creationship@reddit
Hello fellow 3x salaryman
Moontoya@reddit
I learned programming in the era of Pascal, RS+, McDonnel Douglas PICC,Cobol - via VAX VMS "dumb" terminals.
you dont _want_ me coding :D
ctrocks@reddit
What, no Fortran???
Moontoya@reddit
we did RS+ a "parallel" processing language instead
goingslowfast@reddit
Some old school PICK guys have wild troubleshooting skills from solving problems before tools existed to solve them easily.
angrydeuce@reddit
Your point is valid but in truth, ive met a lot fewer sysadmins that are as completely in the dark about the other facets of IT as compared to those other roles being completely in the dark about Sysadmins.
Sysadmins may not access the full stack in a certain position, but at least they are aware of the stack and generally have an idea about how those pieces all talk to each other.
Like I could not manage a database to save my life, but I have 1000% spent many hours helping DBAs figure out why their shit isnt working the way its supposed to. I once spent a painful hour trying to help a DBA install a local network printer blind over the phone and she was just lost as shit.
I honestly see it as a bit of a luxury to be able to just have your little corner of the world to worry about. Im getting looped in on anything and everything always lol
galrito@reddit
You are wrong, but I laughed
DehydratedButTired@reddit
Because development is like herding unicorns. Once you get them working you don’t touch them, it’s bad juju. The problem is you eventually need to get them working somewhere else after they are already working and now not only are you superstitious but people don’t understand why your unicorns are so difficult.
That’s how one dev tried to explain it to me. I stopped asking questions after that.
Case_Blue@reddit
Just today, a dev complained that 'the firewall blocked me' after he was connected to a host on the same subnet.
Moontoya@reddit
Ive had to sit and explain many many many times, to a wide range of people that "firewalls" sit between you and the wider internet, internal stuff like connecting to a server or printer dont cross that demarcation line.
no, the firewall didnt block you, you werent using https / had a glaring typo / disabled your wifi adaptor thanks to stupid touchpad design / you need to get off that computer and go track down the tree whos generated oxygen youre wasting.
samon33@reddit
While that may indeed be true in your specific case, it is absolutely normal to have a firewall (or sometimes multiple) between end user devices and server, printer, etc vlans. Or between servers, or between datacenters, etc.
Moontoya@reddit
I live in the SMB world and have worked in the likes of AT&T, Citigroup, Allstate etc.
Nearly every network is small lan of up to 200 devices, potential vlans, single router (eg draytek 3900) hung off a broadband connection - thats it
The software "firewalls" baked into the likes of Bitdefender Gravityzone does block things, but it fricken TELLS you thats its blocking it (and why). Just finished a ticket where a solicitor (lawyer) is screaming her head off about "the firewall" blocking her emailing a court employee.
it wasnt the firewall, it wasnt even close to anything relating to firewalling - it was down to her trying to send "John.Smith At symbol courts.gov.uk (Id use the actual symbol, but that gets sucked into the u/username shite). They put trailing spaces after the user but before the at symbol - but nooooo, according to her its the stupid firewall blocking it.
Home users - theres a firewall on the home router (of sorts) and maybe Microsoft defender firewall which, I suppose, is better than a punch in the dick, but not much else.
Large companies, across multiple sites, yeah mpls, bonded connections, vlans out the elbow, multiple checkpoints and fire-break/airgaps. Even then, its rarely the firewall causing problems, its almost always DNS (yes, even when it cant be DNS's fault, its DNS's fault)
AFlyingGideon@reddit
Why segment the network into separate vlans if there's no need to protect devices on one from those on another? This just pushes more traffic through your router which is forwarding packets between those vlans.
Moontoya@reddit
Vlans setup for things like CCTV monitoring, which can be piped out a secondary wan connection.
also - Ive inherited a LOT of truly bizarre network setups over the years, nobody knows why it was done a certain way but wont give me permission to break things and do it the right way.
my msp is mid-tier, lots of ubiquiti, drayteks, zyxels etc - UK/Ireland based - comes with the Small /Medium Business world we operate in.
there are days when all I can do is scream into the void because clients/team-mates arent listening to me - eg one clients whining because their site to site vpn keeps shitting itself - because its an ipsec tunnel where one end is hung off a starlink connection. They dont grasp that maintaining a reliable connection is a bit challenging when its swapping between starlink nodes every 3-5 minutes and theyre at a quite oblique angle to the orbital "ring".
So, instead of comprehending that the problem is, y`know, the actual laws of physics, Im getting it in the neck ebcause the tunnels not stable. They refused a router upgrade a few months prior, clinging onto a cheapDraytek 2860 which doesnt support openvpn/wireguard (which DO behave properly for site to site on starlink).
What can you do when a client ignores your advice and then is unhappy because exactly what I warned them of is happening?
AFlyingGideon@reddit
So you've at least one additional router beyond your description. That makes having two vlans more understandable in that the two have different gateway hardware. This could be done w/o the segmentation, but it's probably easier this way.
I'm more used to vlans being used for security reasons. Effectively, vlan A sees everything outside itself as less trusted, whether another local vlan B or the Internet. Needless to say, firewalls sit between vlans.
I do this even in my own home. The wifi network to which guests connect has a firewall between it and my alarm system vlan or my servers' vlan etc. My kids also have their own vlan, but that's just me being lazy and making traffic balancing easier.
Once, I believe, I exploited vlan segmentation to cheapen bridging but that was years ago (when I was helping to migrate a part of a data center).
chypsa@reddit
Them being on the same subnet does not preclude a firewall blocking them, though :)
Case_Blue@reddit
It does proclude "our" firewall which they allude to.
chypsa@reddit
Classic...
Unusual-Biscotti687@reddit
Well, a local PC firewall could indeed do that.
fdeyso@reddit
I had an argument with a dev from a not-cheap contract who wanted to use basic auth smtp for an ms365 account because “ it just works” and when i informed him that MS is killing it they acted surprised and after a quick google they become argumentative that there’s still 6 months left at least and after that we can just deploy an IIS6 server with an unauthenticated smtp relay because that’t their other “solution”, the main task of the product is sending emails, i can’t believe how much they don’t keep up with the times.
kaiser_detroit@reddit
I wouldn't say this is a hard and fast rule, but there's certainly a surprising number of people in the dev world that are totally tech clueless.
Anecdotal examples:
Had a data analyst/developer/dba that paid me to come over and setup his personal computer at home, because he had no idea how it went together. Nice guy. Super smart. Paid well. He gets a pass.
Worked with an ERP developer and EDI specialist who came stomping her feet because her brand new laptop (that I had setup) was already broken because it wouldn't charge. I went back to look at it. Took one look. Removed the power cord from the ethernet port, plugged it into the power jack, turned around, walked out. Miserable personality. Total Dunning-Kruger case study. This is just one example of the similar temper tantrums she threw. Completely tech inept outside of her little comfort zone.
greendookie69@reddit
I dunno, I'm a kid who grew up with a computer in the 2000s and learned everything I could about anything. So I can't understand it either.
I also can't understand how they're unable to adjust their audio input/output devices during a videoconference.
FlippingGerman@reddit
Are mechanics necessarily good drivers?
krona2k@reddit
As an older engineer we grew up in the era when some of us programmed directly the metal and we often don’t appreciate the implications of a laissez faire approach to IT these days. The details of this are something we are generally not interested in and find annoying. I’m not saying that’s right.
squibby_sh@reddit
I have a question for you - hae you ever asked a software developer what surprises them about "IT" and what they know about computers and how software works?
Do you think they might have some similar conversations about the sysadmin folk?
Interesting_Word99@reddit
You realise they're completely different roles? We had a CCIE certified Network savant who couldn't even change his wallpaper in Windows.
_DoogieLion@reddit
I’d question the troubleshooting skills of a “network savant” who couldn’t work out how to do that
Interesting_Word99@reddit
You'd question someone with a CCIE? Best of luck to you.
Some people just aren't arsed learning something outwith their domain. They want to keep all the headspace for whats important in their world.
TreiziemeMaudit@reddit
Yes I would, because I was on a phone with a guy having CCIE who just couldn’t configure a basic vlans on a switch. The paper is not worth the ink being printed on it, no matter what fancy abbreviations you put on it.
Interesting_Word99@reddit
Nice story you made up there. You realise how hard the CCIE is and how much experience you need in networking to think about attempting it?
lemaymayguy@reddit
I had my ccnp about 5 years ago. Ccie was always the stretch goal
Yes there are paper ccie certers out there. Also I dont care how good you are, if you cant manage your own OS i dont want you as a coworker
Interesting_Word99@reddit
Most Network Engineers I've met are clueless with their OS. They live in PuTTY.
Mortonwallmachine@reddit
No way a CCIE can't use their OS or change a wallpaper.
You wouldent be able to finish it without basic computing skills.
Interesting_Word99@reddit
Our CCIE Network Architect left his PC unlocked, we changed his background to a sexy kangaroo, he had a full blown meltdown as he didnt know how to change it back. This indeed happened.
Also, our network team are always asking daft basic Windows Qs
xCharg@reddit
There are a bunch of things could've been there, like panic someone sees it, frustration his "friends" did it to him and so on, but if he's truly incapable of figuring out how to change wallpaper - yes, he's an idiot and no amount of certs and papers and titles would change that.
lemaymayguy@reddit
meh, I use putty maybe once or twice a day sure. But most of my work now doesn't need me to ssh into something. It's all declared in code anyways
Interesting_Word99@reddit
I'm guessing you are aware that you aren't all the network engineers in the world, and all environments differ, aye?
lemaymayguy@reddit
>You'd question someone with a CCIE? Best of luck to you.
Yup, I just took offense to your dumb statement here is all. but I'd lol at someone sitting in putty all day with their big bad CCIE lololol
TreiziemeMaudit@reddit
Mate, if I made that story up I would be sipping beers back home and not postponing my flight back home, because somebody is very stupid and I can’t have access :-)
sccm_sometimes@reddit (OP)
Sounds like a "Bob". I've known many Bobs over the years who everyone would praise as some techno-wizard because he worked with very complex systems that no one else could understand. Until one day he retires and the person reviewing Bob's code discovers that the work was incredibly simple, it was actually Bob who was needlessly making it more complex than it ever needed to be.
anikansk@reddit
I dont believe you.
serverhorror@reddit
I don't even know what CCIE is, it means nothing to me.
TwilightCyclone@reddit
I assume you’re taking the piss?
serverhorror@reddit
What? Because I'm not knowledgeable about certs?
I have seen too many people waving certs around and knowing nothing, I rather talk to people and fund out what they know that way.
Interesting_Word99@reddit
Most folk on this sub are helpdesk
ChesterM54@reddit
dude would you stfu. you have a holier than thou approach to every single comment here.
Interesting_Word99@reddit
Chester, take a chill pill. 3 replies to 3 different comments in a minute is wild.
anikansk@reddit
I once was trying to connect a site to site VPN from one Australia to Indonesia. I was under a desk with a Cisco router we didn't own, no password, with its serial crossed out in a building that had no power
The CCIE got it running, from Germany, using the Force.
Fair_Condition_1460@reddit
You have a point, but I will say I've known some utterly daft CCIEs in their domain. Can draw a cloud on a whiteboard, have no idea how things actually work when questioned.
I think the diploma milling also applies to the dollar chasing network grindsetter.
It's non-trivial to get xxIE certs, but when attainment is the goal, rather than validation of skillset, this is what happens, and it devalues the certs, and wastes my time in interviews. Oh you have a merit badge, congrats, do you have a high-functioning brain?
Mindestiny@reddit
Also braindumps are hugely popular in the cert world. The tests themselves are often absolute bullshit riddled with errors and theyre super expensive which pushes so, so many people to cheat.
The cert model has always been broken in favor of the cert companies collecting revenue over education.
Interesting_Word99@reddit
You realise the CCIE has an 8 hour practical? How are you brain dumping that.
HappyVlane@reddit
cheesy123456789@reddit
Many many people who claim CCIE have only done the written exam. If they don’t have their CCIE number handy, they’ve most likely only done the paper.
Interesting_Word99@reddit
I imagine after the gruelling process of obtaining it, anyone legit would know the number off by heart.
Fair_Condition_1460@reddit
CCIE #(written) will never not be funny.
Fair_Condition_1460@reddit
Yes it's largely revenue and branding and market penetration, incentivised VAR discounts etc.
However, for the **IEs there is a gruelling 8hr practical exam, so they have a little weight, but still idiots bootcamp and cram and bluff their way through and end up certified to pass the exam, not to pass in the real world.
ChesterM54@reddit
Every comment from you in this thread is pure projection my dude
Interesting_Word99@reddit
Four replies. Jesus dude, you're a strange one.
majkkali@reddit
Yes, I would. Having certificates doesn’t necessarily mean you know how to do actually do stuff. All it means is that you were able to learn theory and memorise things. Just like in school. Whether you can apply it in real life scenarios or not is a completely different thing. Some of the best IT engineers out there have no certificates. All self-taught.
UpperAd5715@reddit
CCIE actually is a lab exam for which you have to go to cisco and perform it under supervision of a panel so while you could technically luck your way through it it's definitely not a "memorize book and get paper" exam
_DoogieLion@reddit
I’d question anyone in a technical troubleshooting role that works with computers all day and can’t figure out how to change their wallpaper yes.
They don’t need to know how to do it. They do need to know how to work it out though.
anikansk@reddit
I met a Cisco dude who was so smart I wouldn't have cared if he didnt know how to go to the toilet.
_DoogieLion@reddit
I would also question the troubleshooting skills of someone who couldn’t figure that out 😂
anikansk@reddit
Yeah, you raise a fair point 😂
Interesting_Word99@reddit
Or they just ask the Helpdesk. Keep them in a job.
ProofMotor3226@reddit
That’s a poor response protecting a lazy person. I don’t care if they have a CCIE, if they can’t take 5 minutes to Google how to change their wallpaper id also question their troubleshooting skills.
It’s not about “protecting headspace” it’s more they don’t feel like they have to be bothered by it since someone else can do it for them. Lazy.
gioraffe32@reddit
My dad has been in IT for 30+ yrs now. But he cut his teeth on mainframes and then moved to servers and Linux and networking. He's never supported end user devices. And it's obvious. He's absolutely terrible with Windows (though he does OK with his Macbook these days). He lives in CLI.
He had this personal laptop in the 00s and early 2010s. I was terrified of touching that thing. I don't even know how he could use it. I remember once seeing his browser and he had, I shit you not, at least five of those malware search bars that were "popular" back then. Took up like a third of his screen space. I was like "wth are you doing to this poor thing?? Why don't you remove these? Better yet, why are you installing these??"
At one job he was at, he was required to have certs, so he went for his A+. And one of the funniest things he learned from studying A+, that he mentioned to me, was being able to change the screen resolution and scaling of the desktop. He was like, "Did you know you can do that??" all excited. At the time, I was doing end user support, so I was like, "Yeah? That's not new...you didn't know that...?"
sccm_sometimes@reddit (OP)
That's like making half-court shots in basketball without knowing how to dribble. I question how someone can claim to have higher level skills while having barely any comprehension of the fundamental basics.
Interesting_Word99@reddit
No, our Network Architect didn't do that. He is just clueless with Windows. His skills and knowledge would dwarf most. They're just not related to Windows.
_DoogieLion@reddit
Google, “how do I change wallpaper on a computer”
I would question anyone that lacked the skills to do that. What happens when they hit a network issue they can’t figure out?
Interesting_Word99@reddit
Now, did I mention he couldn't Google it, or that he didnt know how to do it?
ChesterM54@reddit
He didn't know how to Google something? My dude.. please.. just stop already
Interesting_Word99@reddit
Five.
_DoogieLion@reddit
That’s a distinction with no practical difference
VIDGuide@reddit
Nah.. I’ve had developers repeatedly do the “an error message happened” without any more details. That’s literally their thing. If they can’t think to give any more context to that, as a developer, maybe they need to be replaced with Claude ..
sccm_sometimes@reddit (OP)
And 99% of the time if they actually read the error message it explains exactly how to fix the problem.
SapphireSire@reddit
Lol...I worked with a network engineer who didn't realize the closest star to earth was the sun.
He literally had no idea and it took 3 of us to explain what a star is.
laserdicks@reddit
Their job is to actually make things happen.
IT's job is to make things not happen.
The success rubric of one will obviously fail the other.
sccm_sometimes@reddit (OP)
lol, considering how GitHub and LastPass got breached (over-privileged developers refusing to follow basic security hygiene) IT's job is frequently to the save the users from themselves.
Like even my grandma knows at this point not to write down passwords on sticky notes, but for some reason developers think it's ok to store credentials in plain-text .env files
mschuster91@reddit
To be fair, that's industry standard - just look at AWS, any random ass malware can grab and exfiltrate \~/.aws/config and \~/.aws/credentials. And you can't really defend against that happening either.
The core problem is, you need some sort of persistence mechanism if you want to deal with credentials. Either it's an agent (e.g. ssh-agent), but people don't like agents because of RAM consumption and agents historically being a nice entrypoint for attackers, or you store plaintext files, or you use some OS-level mechanism, at this point though you'll run into xkcd 927.
And if you have (like you should) a Docker container for your nodejs backend that needs some credentials to access a third party service, you practically don't have much choice other than a .env file because everything else is just another huge mess.
sccm_sometimes@reddit (OP)
Secure credential storage and retrieval has been a solved problem for almost a decade now. AWS Secrets Manager/Azure Key Vault/CyberArk/etc. Secrets are automatically rotated and pulled as-needed via API.
Other than out of convenience, I cannot see how anyone can claim that saving credentials in plain-text is an unavoidable fact of life.
mschuster91@reddit
Yes, for stuff that is deployed to the cloud, absolutely (although it still can be annoying and shoot you in the foot).
But we're talking about local development here.
Other-Illustrator531@reddit
IP based condition statements in the access policy, leak keys all you want now!
mschuster91@reddit
I've seen that go catastrophically fucked up when the internet connection at a site went down for two days, and I've seen it go nasty at another site which had an VPN tunnel connection go down, so YMMV.
Unless you legally own the IP address(es) of the exit NAT gateways... be certain to have a break-glass account not covered by that IP address protection rule. And regularly test that to make sure no one made a catch-all Deny in some IAM policy either.
Other-Illustrator531@reddit
Agreed on the risks, fortunately for us, we have all those bases covered. It's just another layer and we still rotate keys, enforce least privileges, etc. In trying my hardest to not have a CISA level incident! Lol
Silhouette@reddit
TBF that's a well-known problem and moving away from persistent access keys should be a priority for anyone who needs to access AWS infrastructure using the CLI or similar tools now. As you said yourself there are alternatives that don't have that inherent vulnerability. If you go into your AWS dashboard to generate new keys interactively they even try pretty hard to discourage you and direct you towards those better alternatives. The same goes for things like SSH keys to access EC2 instances - but at least you can put a passphrase on an SSH private key instead of storing the important bit in plain text.
DevOpsOpsDev@reddit
Even if you use aws sso, the temporary credentials are still stored as filed on the local file system, the creds just expire and get replaced when you invoke the login again
laserdicks@reddit
Close, but no. It is to save the corporation from users.
remuliini@reddit
We are just probably dead inside.
rogue780@reddit
Why are you meeting developers use Windows?
kurizma@reddit
comparing computer science to IT is like asking an electrical engineer to rewire your house.
flunky_the_majestic@reddit
I think I have a good perspective on this because I work with a dev team now, and formerly ran the IT team. To me, it sounds like you should spend some time with the devs.
Sometimes the roadblocks are annoying little quirks that they're able to work around. They start out so small and workable that nobody thinks to document them. After a while the issues add up. Especially when a dev needs a new workstation or a new hire gets onboarded, they are reminded of all the cruft they dealt with. As a result, these little complaints build up into a general vibe of "IT Sucks" rather than an articulable report.
If you have the bandwidth, maybe an IT liaison can relocate to the dev team's offices (or Zoom meetings) for a week. They might be able to see some common root causes making life difficult for the devs. That way you have something to act on.
gwig9@reddit
Ehhh... I'm shit at coding so I generally give them a break when they are shit at IT... BUT I definitely see where you are coming from. Just treat them like the rest of the doctors/lawyers/fancy degree having people. Be sure to use small words so they don't get scared and trigger their flight/fight response. ;)
onebit@reddit
I've never worked at a company with apps available in a company portal. The "approval process" has always been a bureaucratic way of saying no.
CodeGrumpyGrey@reddit
Just to advocate for the developers slightly here - some environments do get in the way and devs need slightly tweaked permissions. The big one that comes to mind is needing to attach a debugger to a process. IIRC that is often locked out and the devs may not know that there is a separate permission to allow it outside of local admin. Also, if they are expected to keep Visual Studio (not VSCode) or SSMS up to date, then that requires admin permissions. It’s stupid, but there are some legit reasons for it.
Equally, many devs will just default to “I need local admin, gimme gimme gimme” without checking what they actually need to do things.
Deathra9@reddit
Ok that brings up an interesting question… why is it now considered a best practice to block debugging tools. I tried to get something up and running and found out that another hurdle was debugging tools shut off on each browser. Is that security manager spite, or an actual vulnerability?
CodeGrumpyGrey@reddit
If I’m able to attach a debugger to a running process, I’m potentially able to read and change the contents of its memory - completely bypassing some attempts at security. If end users don’t need to attach a debugger, I fully support locking them out. Developers have a legitimate need for that level of access, and so should get granted it (on the proviso they don’t use it to bypass security).
Browser dev tools have a similar issue within the browser sandbox. If the app is well written, following modern best practices then it should be relatively harmless. But there are too many applications that will naively trust a client running on a users computer/browser. Locking it out if a user doesn’t need it, can be more secure
freebytes@reddit
Debugging tools in the browser should be there for everyone. A guy in sales should have access to it. There is no reason to block it.
Developers, on the other hand, need debugging tools for processes. That is different.
MegaOddly@reddit
my issue comes with devs who have local admin on their computer with their company account then when said application is used on another computer for a user that doesnt need that permission set it doesn't work because it needs admin privileges to work even after installing. Thats an issue i see a lot with custom made apps in my work
webmaster9919@reddit
The real question is why are these shits paid so much. A sysadmin contributes way more value to a working product thank a developper because this product would never exist/work if there are only devs.
webguynd@reddit
My hot take: Devs should have local admin on their own machines.
You shouldn't treat dev workstations like the standard user environment. The local admin need is real, and overly restricting dev will cause shadow IT problems. You'll end up with unmanaged AWS accounts on a managers credit card.
What devs shouldn't have access to is direct access to prod and prod data. They should have isolated dev environments replicating prod though, with dummy data that's as close as possible to prod. Separate dev API keys that can be revoked without affecting the app in production, etc.
This requires good DevOps culture though and management buy in.
You should also just be assuming a dev machine will get compromised at some point. Isolate them from prod, make sure the repos are secure, and treat their laptops as ephemeral so it can be wiped and re-imaged immediately.
Lastly, you need a management culture that holds devs accountable when they do break their own environment you set up for them.
No_Presence9915@reddit
Because IT has installed so much spyware and shit on the computer I can’t barely get the dubugger to run and it takes minutes to start after compiling waiting for the virus scanner to decide if the program I just wrote is okay.
ForOhForError@reddit
As a dev that gives a shit about process, sorry for the ones who don't :(
musiquededemain@reddit
System administration and software development are two totally different disciplines and skill sets.
Cley_Faye@reddit
Having a bare minimum idea of how software works seems like a pretty good common base for both.
Cley_Faye@reddit
I'd go with "how are so many people inept at IT", not specifically one group or another.
The level of skill of newcomers is abysmal, but even more worrying, some people I've known for a while seems to become dumber on topics they knew perfectly well. There's something terrible brewing for the near future.
Candid-Molasses-6204@reddit
The best way I've found to "enable" developers in a large to mid-sized company is to isolate them off on their own if they want to go that route. They get local admin; they can do what they want basically. They get no access to data, they need to VDI to prod which they have to be on VPN to get to (archaic I know but it's solid from security perspective), they get split off into their own Azure subscription ID and if any of the devs violate those rules and spin off their own prod we have the buy in (in previous lives) to fire them.
elcheapodeluxe@reddit
I write software that needs to perform tasks with elevation requested from the user. Therefore to debug that software, sometimes I need to run my IDE with elevation. Sometimes the developers do know what they need and IT is a genuine obstacle to getting work done.
verocoder@reddit
As a dev, I have like a child’s awareness of how windows works because my windows machine is a bridge to my Linux dev environment so often local things are a bit baffling. Plus it’s a lot of context switching from total control to very low control which can boggle the mind a bit.
FlyingBishop@reddit
I feel like you don't know anything about development and you're being condescending despite not understanding what you're talking about. I have a laundry list of things I need local admin for, but also if you understood how python worked you wouldn't be so blase about allowing them to install it in userspace. Yes, keeping them out of local admin is a nice security gate to have, but python itself can still do tremendous damage. You install python, you install pip, you can download any kind of code and supply chain attacks are becoming increasingly common. Denying them local admin may give you the warm fuzzies but it's a false sense of security, developers have to be constantly vigilant and even that is not going to save anything if the right attacker hits.
lungbong@reddit
Our billing platform had an issue once, an army of devs marched up to my desk telling me it was the network and I needed to fix it now because they needed to roll an update out urgently and network had broken it on step 1.
I went to the monitoring and sure enough billing has a couple of red alerts, the reason code saying "rollout password locked out". Idiots had been trying to use the dev environment password on prod and the application had locked them out for too many incorrect logins and hadn't even requested access to the prod password.
They quickly sloped off to get a billing admin to unlock their account.
Temporary-Library597@reddit
"Decade?" Try "this century." Or even longer. I remember in the late '90's people looked at me funny when I told them I was learning networking.
Fireman476@reddit
The best devs I have worked with all started as help desk guys, and moved up to dev. They get it.
PositiveBubbles@reddit
I actually think more people in roles who haven't done helpdesk in over 10 years or at all should have a week of doing it just to understand as you learn to understand business and process at a broader level.
Sometimes though, some staff regardless of area will always try to be lazy or avoid things they don't want to do. If people do it all the time, i find it's easier to not engage with them.
ThreadParticipant@reddit
I just want devs in their own Tenant and they can do what they want there… if they break something it’s on them and the rest of my org is still fine.
MegaOddly@reddit
yes
Snogafrog@reddit
I’m legit considering this
sobrique@reddit
Because more than anyone else, developers modify their environment.
They'll often have top tier workstations, because of being coders.
They'll also 'need' to do privileged operations to some extent. Opening sockets, and installing files in 'system' locations, etc. just to make their apps run.
So at home, they can just y'know, turn off firewalls, selinux, and run everything as root, and it 'works'....
zero_z77@reddit
I am a generalist. I went to school for CS, but learned everything i know about IT on the job as 1 of like 5 people in the entire IT department. I have been a developer, datatbase admin, domain admin, sysadmin, helpdesk, networking, cybersecurity, backups, i even learned basic logic circuits, soldering, and ladder logic back in highschool.
So i can see both sides of this, but the sysadmins are usually right. Even when i was in college i could see how extraordinarily fucking lazy some developers are. No one writes code from scratch anymore and hasn't since the early 2000s. You'd be lucky if they even run what little they do write before they ship it to QC, let alone make it secure or optimized.
Most modern code is just finding a dozen libraries and frameworks that do 95% of what you need to do and stringing them together into one gigantic mess of a project, shipping it, and letting QC sort it out. Fortunately, i've never had to do that myself, but i do understand why they do it.
It's because the developers who get promoted are not the ones who write good & fast code, it's the ones who write code the fastest. In other words, barely functional slop delivered today gets you a promotion and a bonus while perfection delivered next week gets you laid off, at least in the private sector (i worked in government). The result is bloated, unoptimized, and incomprehensable code that no one understands, and now that last 5% is now being done by AI that's worse that one of those "boot camp" coders from the 2010s.
To put this in perspective, MS word '97 could run inside of 8-16 mb of RAM. Today, fucking notepad on windows 11 runs 20-50 mb of RAM and it is not doing anything close to what word '97 was doing 30 years ago. You are not at all crazy or delusional for noticing that software, and software developers have been getting progressively worse for the last 20-30 years.
Natural_Row_4318@reddit
Good developers are lazy. They’re the ones who produce a solution quickly. The organizations hire us value velocity far more than any other metric.
JameEagan@reddit
As a dev I can't stand when a company restricts admin access. Call me inept I guess, but really, I'm a developer with 20+ years of experience. If I want to fuck something up at the company I could do it a dozen different ways even without admin access. Quit making my job more difficult by treating me like Debbie from accounting who clicks every email attachment.
PositiveBubbles@reddit
I've seen IT places give out admin rights out like candy, it is hard for those that actually do the right thing and when admin rights get removed for everyone it does mean a change in workflow/design of access patterns. That should be on a larger scale though and if the blast radius isn't large then just in time access to do admin functions should be fine.
I've just seen less people willing to do the right thing that this is the consequences.
SN6006@reddit
The number of web developers I work with that don’t live or use the developer console in a browser is frustrating
Wonderful_Look322@reddit
the application approval process taking forever is probably half the battle here, like if someone's waiting three weeks just to get a linter approved they're gonna start thinking admin access is faster, which it technically is in the moment but yeah that's how you end up with malware problems.
Natural_Row_4318@reddit
Developers are usually the last seam for your organization malware problems.
It’s always Debbie in useless admin role clicked a phishing email she shouldn’t have and now all her teams data is locked by ransomware because they ran their org on excel spreadsheets.
AdSquare9819@reddit
Because developers think they know what they are talking about.
mesaosi@reddit
Software Development has long gone from something that people did because they had a passion for computers to something they learned because they were told they'd make good money at it. A large portion don't actually have an interest or passion in the job or computers at all, it's just a path to a decent salary and they'll do the minimum to get there.
Natural_Row_4318@reddit
I’ve been in support and I now work as a lead engineer.
Any environment that will not give me admin permissions in some format would be an instant quit
510Threaded@reddit
I still have a passion for anything computers. Love digging into low level languages, security, networking, hardware, or even devops to an extent.
sccm_sometimes@reddit (OP)
Agreed. I think the level of the accountability for your work is also a big factor. I've seen Network admins get chewed out because the Marketing Director was on a Zoom call with 50+ video participants and the video would sometimes get blurry. I've rarely seen developers be held accountable for writing shitty code.
Tony-Angelino@reddit
Sorry, but that kinda tells you what kind of a company you're working for. Or you simply don't see all that happens there.
I'm a 50+ old fart, some stereotypes have existed since the dawn of time. To admins, all devs are idiots. To devs, all ux people are idiots. To all of them, project managers are idiots. To project managers, all team members are complete incompetent fools.
In reality, all the people I have ever worked with knew their shit. If they didn't, they would not have survived the real work for long. There were always reviews, key points were never changed without the four eyes principle etc. Proper teams never let shitty code reach stage, just like shitty network or cloud config never came to be prod. Communication helps prevent that "us vs them" mentality, because we are in the same boat.
bwyer@reddit
Eh. I used to provide support for developers back in the ‘90s. This sort of thing happened back then as well; my favorite being the developer who was convinced his VAXstation was broken when he forgot to turn on the monitor.
Mindestiny@reddit
I'm convinced the SEs who didn't get pushed into it for the money are all somewhere on the spectrum. They can think in code fantastically but hoo boy when it comes to thinking about things from another angle their razor sharp logic completely breaks down.
stucjei@reddit
Fuck, maybe that's why I can't code for 16 hours a day and develop amazing projects and have a github account with all these open source tools I made; I out too many spectrum talent points into learning other tech stuff as well to have broader thinking.
Kurgan_IT@reddit
And usually very few dev have an idea of what's under the IDE the use for coding. Actual OS workings, network, hardware, etc.
newbies13@reddit
Everyone is a user when it's their problem in my experience. It's not just dev's it's sysadmins, and helpdesk people, and network engineers and everyone... When something breaks, or feels wrong, people revert into whiny special snow flakes.
I don't think its malicious or IQ related, I think its a combination of how businesses treat IT help and human nature. One of the most toxic and degrading things you can do in any business is let an employee feel like they have no accountability to resolving an issue... the IT team is frequently thrown into that exact role for many companies.
The second an employee thinks "someone else should fix this" they turn into users.
PositiveBubbles@reddit
That's a good point. when I switched from the team that maintained a solution to one of the customers of the solution (even though systems provide the platform to maintain it) I had to change my mindset to be more of a customer from the user experience side so I learned to just present the facts rather then whinge.
Things are still not great but I'm at least getting asked by my higher ups what I'd recommend if I was still on that team so they can at least ask questions lol
ranger_dood@reddit
I spent the better part of 6 months arguing that throwing more resources at a VM wasn't going to solve anything, because the application is running single-threaded. "But it runs so much better on my workstation!" Yes, because your quad-core processor has a much higher clock speed than our 32 core server procs.
We ended up buying a dedicated high-end workstation to run it on.
PositiveBubbles@reddit
I've learned to push back end give a much evidence as I can in writing that they need to follow the acceptable use policy around IT or evidence that they'll need to look at their application config and work with is to get the outcome accepted by all in the current environment. If anything needs to change on our side, just make sure the correct approvals are collected in writing.
japanfrog@reddit
My company tried applying the whole ‘one size fits all’ policies to dev environment and it failed miserably. While it did apply to most devs successfully, a lot of the IT staff clashed with the driver developers that frequently needs admin access for development and debugging. A lot of our staff had the same attitude you have and it made conversations with these particular devs a one way street.
Our restrictions were so disruptive to their work that it went so high up the chain that we were forced to revert all the other good policies we had implemented (like just in time access for admin).
dathar@reddit
Web developers that don't know generic A/AAAA and CNAME DNS gets me every time. Also 301/302 redirects.
^heavy ^sigh
SpaceChimps98@reddit
They have a productivity mindset, not a security mindset. They're also under time pressure. If they run into anything that prevents them from doing their job, it adds stress.
garfield1138@reddit
5 minutes later, people start using their own device.
freebytes@reddit
I literally got approval to use my own device after I gave them the specs for my machine. They were sending out terrible, janky laptops. I had to install their software for them to control my machine and set permissions, but I am perfectly fine with that. (And I have agreed that if I ever leave the company, I will take out and physically mail them the SSD from the computer.)
It is the same situation as if they sent me the hardware, but I get to control the specs, because I am obsessed with productivity.
Any-Fly5966@reddit
6 minutes later, they should get a message that they can’t access company resources from a noncompliant device!
Eggslaws@reddit
Too late - I'm logged in!
sccm_sometimes@reddit (OP)
Your account has been disabled, device placed in network quarantine, and account information sent to HR/Legal/Compliance/Your Manager/ and Their Manager, with documented audit logs attached showing you willfully violated company security policy despite multiple banners/pop-up messages warning you there would be serious consequences if you proceed!
danekan@reddit
This shop sounds years behind that
sccm_sometimes@reddit (OP)
Literally got pulled into a meeting last week where we had to explain why users aren't allowed to sign into GitHub with their personal accounts while working with company data.
xSchizogenie@reddit
And lack of access to company data.
Happy_Kale888@reddit
Don't forget the famous quote "works fine from here"... That drives me nuts to no degree I hear it so often. And the denial and unwillingness to work through a issue or god forbid speak with or connect to a end user having the issue.
smilNwave@reddit
Sales and devs, I avoid them like the plague
Working_One2146@reddit
Part of it is incentive structure. Their manager measures them on shipping speed, not on security compliance. So every friction point from IT feels like an obstacle to the only metric they care about. The VP escalation pattern you described is basically guaranteed by that dynamic.
ISeeDeadPackets@reddit
There's a very highly adopted piece of software used at many banks and credit unions that STILL requires activex. The institutions running it have it as sandboxed off as possible (generally) but how many years have we had to address it? I don't know if the devs are lazy or just unsupported, but either way...
cdoublejj@reddit
they teach them cray shit maaan. but, my interns thank me, "im gonna have to teach my self because the what college teaches is computer science, not actually IT.
learning a CPU scheduler (if they even teach that) doesn't lean ya squat about appdata folders and user profiles. i learned all that on my own by browsing the files on PCs back in the day.
jezusflowers@reddit
Coming up from sysadmin and now managing a DevOps team, this goes both ways. Shitty pre approved app catalogs that don’t allow us to install critical new dependencies one of our libraries now needs can throw a whole sprint out. ZIA acting as a MiM screws with package managers, amoung may other things. Overly restrictive policies that prevent us from rolling out more secure dynamic infrastructure (you can’t have a service principal that grants managed identities permissions to this specific scale set! Only IT can IAM!), etc get really damn annoying and don’t make anything better. I’ve also worked with some guys in systems that couldn’t be bother to learn two lines of Powershell, and one genius that turned the Datadog integration on for one of our VCenters without configuring it, so we suddenly had 1000s of infra hosts to pay for.
But then I have devs that can’t figure out how to fill out a self service form, can’t follow a document to fill out a form, and can’t follow basic policy for resource tagging and cry when their resources get cleaned up for non compliance. Or that can’t read a log file and submit a ticket the second a CI job fails, even though it’s clearly a compile error on the project they just made commits to. Assuming they remembered how to use git (or how to read the doc).
It goes both ways.
firstnevyn@reddit
Try doing docker/k8s dev in an env with Zia
Mitm the internet and watch packaged everything break horribly but containers are particular pain.
ivanhoek@reddit
They’re not IT inept, they’re annoying you hoping you get out of their computers lol.. the idea is eventually you don’t want to deal with it anymore and do give them admin and walk away.
nux_vomica@reddit
characters straight from the terminal of the BOFH himself. it’s my system, you just unfortunately exist in it
nightwindzero@reddit
So my career expierience has been Help Desk, leads into Sysadmin and with that we understand scripting typically.
Development is an entirely different skill set which can exclude basic troubleshooting. I've seen it and worked with it and it can be REALLY frustrating because you go "Wait, I want to learn programming, but YOU don't know ANYTHING about my skill set?"
Individual-Unit3470@reddit
You speak the truth in my opinion. I think it is because developers typically live in a 'box' of static processes, where people who do things like troubleshoot issues live in a world of dealing with exceptions. Programmers, in my opinion, have their processes specifically so the don't have to deal with exceptions so when they do have to deal with exceptions, they freak out. As a side note, I just interviewed two programmers who are in their senior year of college, and neither one of them could tell me how to get IP information from the command line, so part of it might be what they are being taught (or not taught, as the case may be) in school.
jzaczyk@reddit
They know JUST enough to be dangerous.
Seigmoraig@reddit
Had a senior dev in charge of our website's architecture whose computer had an out of date software that needed updating. Asked him to do it and get back to me once it was done. 5 minutes later he tells me it's done but the alert was still in the system for out of date software. I asked him how he did the update because it's still showing out of date and he tells me he went to Windows Update and that there's no updates pending
I died a bit inside
jrsherrod@reddit
Narrow focus
EarthySofa@reddit
Software engineer here and I feel the burn. It’s all true 😢
rolandjump@reddit
I think this can be said for most professions. Some are good some don’t know what they’re doing including sys admin folks
Masou0007@reddit
Wait until one asks to have a toner cartridge changed, and the look they give when you tell them to change it themselves haha.
conspicuousxcapybara@reddit
That isn’t even remotely ‘computer science’, ‘software engineering‘, ‘dev ops’ or whateve.
No way am I messing around with the hardware of a printer, when I’m too clumsy to do maintenance that I at least understand from a theoretical perspective.
Masou0007@reddit
My bad, assuming devs would have actual basic computer skills, and not be terrified of hardware.
sccm_sometimes@reddit (OP)
I'd actually rather do that myself. It takes 5 seconds and I don't want them spilling $300 worth of toner all over the floor.
ironwaffle452@reddit
I just dont work if they dont give me admin permissions... Each time i needed something to install it always took more than a week to install f software...
GlobalCurry@reddit
I'm a developer and it blows my mind how many other developers I've encountered who barely know how to use a computer.
JoshyMN@reddit
when u goto school for csci and you get paid really well to just do application layer level stuff i guess im not sure why you’d even want to expand outside of it. Especially the older crowd who grew up with less stuff overall to worry about.
Huge-Atmosphere-8057@reddit
Meh, this feels more like you expecting people who have never worked with sysadmin shit to know sysadmin shit.
RvstiNiall@reddit
Those aren't developers. They're finance bros who learned to code to try to speedrun their way to a $250,000 paycheck.
USarpe@reddit
Same expirience and so you know why there are so many bad Software out, if the programmer don't understand the basic security, how can he develop secure software?
xRolox@reddit
I’ve found that having devs or researchers as your main customers is like herding cats. They usually know what they need to get the job done and are very good at what they specialize in but need guidance.
I’ve run into numerous scenarios where they have this preconceived notion that the underlying system has unlimited throughput, storage is never ending, speed should be the same here vs there, etc.
At the end of the day this is why your job exists. You figure out the systems that let them do their work. Any issues down the line are usually a failure of documentation, process, or admins themselves.
If you’re seeing this friction, take it as feedback. What would allow you to maintain the same security posture but make your life and your users lives easier
AGsec@reddit
You sound like you're trying to tell them how to do their job rather than facilitating and amplifying their work. There's a difference between the two.
HoosierLarry@reddit
In my experience, most devs are like auto engineers that take the bus because they don’t have a license…and they’ve never worked on a car before or touched a ratchet or wrench.
ShoulderIllustrious@reddit
It's kind of a mix, I do both things in my dept and some of the company wide system admins aren't that bright either. They bought the cyberark software to rotate passwords and set up a portal with mfa for retrieving the passwords.
This is all good, but they didn't choose to buy any of the epm software that helps integrate that password into the elevated prompts cuz clipboard are not allowed.
When asked why, they said, and I quote, "you do not need it to rdp into a machine". Which would be correct if the company didn't do any development. The years prior, they're always telling every dev to install for themselves only not for all users. So when it comes time to update VSCode years later, the dude has to exit his program, open up a terminal with the elevated password, then cd to where VSCode is installed and open it to update, when done, go back to his project. This loop is basically what happens to all the programs the poor bastard installed with the prior policy.
Now the dude is running stuff and notices it's taking a long time, he needs to use resource monitor, guess what, not allowed. You need to type in the password cuz the sys admins for the company didn't choose to buy that. He doesn't know that he can open an elevated prompt and then use resmon. So what does he do? He buys a scanner and prints his password to a barcode. Cuz when he complained to the sys admins about the password, he's told to just type it in.
The dude didn't need to install anything, but they made his life harder by changing policies and not considering his workflow. Now he's leaking his password all over the internet...cuz he's using a barcode generator online.
PaleFlyer@reddit
I'm a PLC engineer, working with a SCADA team.
SCADA. As in they develop single pane of glass interfaces to DATA CENTERS.
They literally tried to spec a 5 year old i7 as a core network server. Yes. A desktop class i7 to run critical high availability (per the contract) software.
404error___@reddit
Quick question ... What if the developer needs VMWare and tweak the nic?
pakman82@reddit
It's the training environment. I went thru my bachelor's for programming 19 years After getting into IT on an A+ certification. ..(2019-2021) and they had us use browser based programming simulators as much as possible. On parts that covered running our own "hosting" they had us install things with every bit of "security" disabled, and still most ppl struggled according to the teacher. I ended up with a house-hold SQL/ apache farm, because I had admin'd web and application servers at a few dozen places by that point. If they don't learn any other skills, they don't have any other skills
evil_shmuel@reddit
Reminder: Computer science is related to computers in the exact same way that astronomy is related to telescopes
sccm_sometimes@reddit (OP)
They're fundamentally intertwined and related concepts where you perform well in one without a basic understanding of the other?
jimboslice_007@reddit
While this is true, astronomers will generally look in the right end of the telescope without help.
szaszm@reddit
I'm a developer. Just look at your list of local admin requests and you'll see all the reasons we need local admin, but I'll try to list a few I can think of. Installing my preferred editor, utility, etc. Raising sysctl and ulimit max open files, because some IDEs need many thousands of open (I think) inotify fds. Installing chromium, because this particular web app is broken in firefox, or the other way around. Reverting an update, because it broke something. Installing Java 8, because the legacy app I need to debug for a customer still needs that. Installing Python system-wide, because the per user installation won't be detected by this service I'm working on, that runs as admin.
You can do most of these in a VM, but VMs are slow and annoying to use. Just set up network permissions properly, so if I mess up something with my local admin, it can't do anything with your network.
Deexeh@reddit
The best part is when said dev gets ahold of an AI tool and starts sending you suggestions on how to fix it from said AI tool.
Yes, Clarence, for the 5th time now I did enable it. Please refer to the last screenshot I sent you, of it, being enabled.
ConsequenceFade@reddit
There's a quote by a Turing award winner, "Computer science is not a science and it has little to do with computers". It's interesting but many programming languages are so abstracted from the machine that you don't have to know that much about computers to use them. In my experience, particularly with web developers is that they don't even consider themselves to be "IT" but rather artists. Like they are actually insulted if you call them IT people.
_haha_oh_wow_@reddit
Coding and sysadmin are two totally different jobs and skill sets.
HoosierLarry@reddit
OP gets why I have such little respect for most developers.
They’ve never actually been in support and administration.
xDroneytea@reddit
Is this a perspective based in bias? Do you expect them to have a higher technical level than your typical end user because they're around computers more?
Taxi drivers are sat in a car all day but they're not mechanics.
sccm_sometimes@reddit (OP)
I expect Accountants to know how to do math and Art/Marketing users to know color theory. If your job requires a Computer Science degree, then yeah I think it's not setting the bar too low to expect those users to understand how computers work at a higher level than the average person.
KaelthasX3@reddit
It's more like being a taxi driver who don't know how to turn on AC, or to pump a tire.
netsysllc@reddit
Most of them are poor developers as well......
INeedSomeTacoC@reddit
I mean, you guys do have developer profiles that gives them certain extra permissions, right? Right!!? RIGHT?!?!?
Like our devs all can change their network settings without needing admin.
They can also edit IIS and other local profiles from installed applications without admin.
They can also enable/disable FIPS compliance without admin.
And a few dozen other misc permissions.
The simple fact is the developers do need more access to their machine’s settings than typical users, and if you haven’t made a profile set that dramatically reduces the things that you’re bitching about, then that’s a YOU problem. IT should’ve realized and sorted that shit out years ago in any competent organization.
SirStanley22@reddit
I've been in development long enough to know developers can and will be complete asses but reading through your complaints it seems like you're running some weird sort of operation and putting devs under the general definition of whatever freakshow you're having to deal with is ragebait level content.
PriorityNo6268@reddit
Our company made the dev teams responsible for lot of stuff, like security, backup, costs, etc. They can get help from the IT and security teams, but they are responsible and have to answer to clients and management when things go wrong. If things go wrong you get remarks in your employee record, 2 or 3 strikes and you are kicked out. Strangely a lot of things are possible now, which where a big issue when the where not responsible....
ubermonkey@reddit
I don't doubt that there are dumbass devs who don't understand how the computer actually works, but what is WAY more common in my experience is wildly restrictive IT policies that actively thwart both users and devs.
Trip-Trip-Trip@reddit
I can't imagine working in a job where I don't own my computer. I assume it's needed in megacorp environment but f me that would be annoying.
Also I don't know shit about tech outside my niche, but I also don't pretend to so... No Dunning kreuger?
BuffaloRedshark@reddit
Years ago the provisioning team hired contractors to script something in their new provisioning tool. It was setting the AD attributes for home drives wrong. 4 meetings and multiple weeks later I finally got them to send me the script I had been asking for since before meeting 1. Had never used that language before but 3 minutes in notepad using ctrl+f and I found the issue. Hard coded incorrect path on multiple lines, wrong drive letter being assigned on another path and their "developement" script having the production domain name hard coded in it as well.
badaz06@reddit
Honestly it's not much different in other industries, and essentially it's that they approach things from their perspective and no one else's. Car manufacturers don't take the perspective of the guy who has to fix the car when they design it, they look from the perspective of the factory assembly line and the bottom dollar - which is why you have to pull the front end off a car to get to a plastic gear that shreds after 5K miles. I've seen (unfortunately first hand) companies develop a module that sales and marketing lauded as the greatest and best thing ever, but that module relied on other newly released software that didn't support the other main aspects of the product.
(Hmm...I wonder if they left there and are now writing the new Powershell modules...hmmmmm...)
flattop100@reddit
For the same reason sculptors are lousy plumbers.
damanamathos@reddit
It's because they've spent the weekend working at lightning pace on their home computers and find all the work restrictions annoying and counterproductive and getting in the way of their very valuable and important work.
Artistic-Subject-956@reddit
That sounds like a company where I (as a dev) wouldn’t want to work. Windows is jucky and I hate being jailed on my own laptop.
Nevertheless, the people you described sound incompetent
Mister_Brevity@reddit
It’s called the dunning-Kruger effect. Also happens with sysadmins that can’t look at situations objectively and assume everyone else is stupid - be careful not to fall into that trap.
sheikhyerbouti@reddit
A least once a quarter I get a batch of newly hired offshore contractors that I have to send explicit instructions on how to completely sign out of their remote desktop (as opposed to merely disconnect from it) so that their permissions can update.
conspicuousxcapybara@reddit
Your Dunning-Kruger effect is in full force, considering you can’t even attach a debugger without admin rights. Unless you change the GPO in Window — but that’s just Windows — and when you do that ALL processes can attach a debugger to ALL other processes.
That way, your ‘security’ essentially gives every app an arbitrary memory read/write exploit…
jamesaepp@reddit
In my small amount of experience working alongside a dev team, it boiled down to they were worried about this week's features to ship and not worried about the accumulating technical debt.
Their "customers" were the workers who benefited from new features which augmented human labor.
Our "customers" by contrast were a lot of times the developers themselves. They're deploying foo, they require bar. Is bar the best tool for the job? Are there security vulnerabilities? How are we going to restore bar in an outage? None of those questions are important. They need to deploy foo.
Foo stopped working? Probably the network. No changes to the network? It's the servers. Probably the patch tuesday you guys installed. Oh it's not that? Oh yeah, we did push a new feature. Feature was bugged and exhausted TCP sockets on the server. Oopsies, we'll fix that.
/rant
Khue@reddit
In my experience, most developers are some of the most linear functioning, short term thinking people on earth. They are given a task with an objective and some guard rails and they are expected to get to a solution and the solution that gives the correct/expected result is all that matters. They then move on to the next objective and so on and so on.
The end result of this is non strategic, short term thinking without consideration about future state or continuing maintenance. If there is a problem with what you coded and it's identified, you treat it just like a brand new objective.
What this results in, is no capability of foresight or looking beyond the current solution. If there weren't tools like SCA or SAST, security wouldn't even be a thought. If it weren't for security teams holding guns to their heads, most of them would still be coding on Java 7.
So when you ask things like "why don't developers consider x" the answer is because if it doesn't directly solve their problem with the least resistance, they don't care. This is what makes AI even more nefarious. My guess is that the coding debt that will accumulate from AI is going to expontentially scale and spaghetti code is going to start becoming a problem. It's going to cause severe cognative offloading and that's going to be a massive problem that will manifest in a myriad of different ways.
Creationship@reddit
It already is. A banking company that you’ve heard of is vibe coding entire new banking platforms. Directors are cheering on the vibe coding. Product managers are “shipping code”. It’s a complete cluster.
Charming-Medium4248@reddit
It goes both ways. I've been able to do things on corporate networks that make me wonder if our sysadmins understand security at all.
Kadaknath888@reddit
I worked under a someone who stored passwords in database in plain text.
aaraujo666@reddit
Yes. there are a bunch of developers from the diploma mills that did a 6 month course and think they are SWEs now, but on the other extreme, you have people like me, who have been programming, professionally, since 1981.
If you think you know my settings and preferences so I ”won't need to customize the defaults”, sounds like you are the one with an over-inflated sense of importance.
If your process doesn’t allow me to use tool X for the task at hand, let me know when you are going to complete the task and I’ll tell the customer.
roadit@reddit
This is not about knowledge, it is aboout control.
As a developer, you want to build things. You want to create stuff and make it work. You want to get into a flow, design and implement and see the results and show them to others and tick off things on your work list. That's why you are a developer. That's what work is all about for you.
As admins, we are The Knights Who Say No. Our job is to make sure people can not do things, when those things are too risky. We keep putting sticks into the wheels of the developer's flow. They find they cannot proceed as the installation guide says because of some known restriction, or worse, they get weird errors they have to spend hours debugging that may or may not be traced back to some administrative restriction. And then, all they can do it put in a ticket and sit on their hands and hope and pray that the gods will grant them a way to continue. This is incredibly frustrating. Not just because it causes delay. It is frustrating because it takes control out of their hands. And the only way forward is to negotiate with people. They didn't become developers to negotiate with people, if that was their idea of fun they would be lawyers or managers. They absolutely hate it.
This is the reason DevOps was invented, it was invented so developers could develop without having to throw tickets over a wall and pray to the admin gods.
You can't fix this situation, but the least you cam do is have some understanding of what it's like.
Creationship@reddit
I’ve worked on both sides for many years and you nailed it. I’m working on something with a tight deadline and then I hit a (previously unknown) access wall, that pretty much derails the flow state. Then I have to wait 2-3 days to get access provisioned.
3 days pass and you get a ticket response back from the admin that your request has been denied because you didn’t word the response correctly or they don’t see the need for your request or they think they have a better solution for you. Now you’re negotiating with someone who is talking down to you, and it’s gonna take 3 more days and now you’re a week removed from that flow state you were once in and 3 levels of managers are asking you why a feature isn’t implemented yet based on your initial estimate.
You explain the roadblock, your manager usually takes it upon themselves to go try to unblock it. This is why those escalations happen.
Kittamaru@reddit
I'm in a weird in-between, upside-down, Stranger Things sorta place where my case for needing access is fairly straightforward (NonFunctional Testing. Literally anything from performance testing to security testing, break testing to simply running loads for sysadmins to be able to collect logs and data to run down issues, and everything in between) and yet also, apparently, exceedingly difficult to explain.
When we tell our enterprise security team we need access to XYZ to do security testing, they come back with twenty versions of "why", most of which end with "because YOU told us to test this thing!"
I am all for security. I totally understand the idea of PoLP. I even get why our network and infrastructure stack is segmented into more sections than a damn millipedes shoebox.
What I don't understand is why it seems everyone involved in the tech world from project manager up seems to have had a full frontal lobotomy. Setting target dates before even having a scope of work. Promising go-lives without even knowing what, if any, infrastructure needs to be ordered, tested, or redesigned.
Making the call to use an external vendor to create an automated process to translate COBOL into JAVA so they can dump it from a mainframe into AWS, and expecting it to just "work". Then dumping six years into a project that everyone with two functioning neurons told them wouldn't damn well work...
I just... I'm tired. I'm not even 40 yet and I'm so fucking tired of it. Just... a little common sense. A moments pause. The least bit of humility and grace... is that too much to ask?
de_Mike_333@reddit
idk man, people are just people. Some are cool, some are tools, happens everywhere.
bingblangblong@reddit
two chicks at the same time man, that's what I would do with a million dollars
g-rocklobster@reddit
This should be the top rated comment as it's 100% true.
largos7289@reddit
Well my original college degree was in programing. They did not teach you anything hardware related because honestly you didn't need to know it. You probably should, but they felt why? you're going to be a programmer, you're never going to be changing out a hard drive ever. However because i had a hardware background, i applied for programing positions, but they saw the hardware experience and said," hey would you consider a hardware role?" My first job so i said yes, thinking i'll move into a programing roll. Well here i am 30 yrs later and if you asked me to program something i could probably do it, but it would take me 10 times longer then say a developer with the same experience.
bingblangblong@reddit
because https://www.youtube.com/watch?v=I-u8fo5esYI
MagicBoyUK@reddit
Dunning–Kruger effect. They assume as as they can write some code, they know everything about IT, and that security isn't a problem.
kruvii@reddit
You don't know what you don't know.
ITNoob121@reddit
Do you know how to do their job too as well as your own?
Tbf, I do know what you are getting at, but some people are just arrogant, I don't think that's specific to developers.
jcradio@reddit
My favorite thing is arguing with non developers about why I need admin privileges for development tools while they think I don't need the access, while I cannot execute a function because the access is denied.
Despite showing and explaining why, they assert they know more about my problem than I do.
jbldotexe@reddit
this is one of the more circle jerk comment section / posts I've seen in a while
Vermino@reddit
I think it's because of 2 aspects.
First aspect is the fact that programmers jobs and it's output are highly visible to the user. I want program x. That'll take 3 months to make. Customer will want to see a program after that 3 months, but understands that during those 3 months you've been typing words all day.
Second aspect is that Programmers jobs are about 'creating' things, not 'maintaining' things, like a sysadmins' job.
When you get new things, most people are happy, usually it took time/effort/money. Yet keeping things going is half implied. Most things just work by themselves - till the day they don't ofcourse. But you then fixing it/preventing it makes that day just seem like a day where it just worked, which isn't special at all.
Very few people look at a TCO, most of them just look at the price tag at purchase - not considering the maintenance costs, which often are significant.
So yeah, A programmer is someone that has a tangible deliverable, which is writing the code. A sysadmins's job is less tangible and involves 'maintaining things'.
ironykarl@reddit
Part of it is specialization.
But part of the story is that some developers aren't actually very good at what they do.
da_apz@reddit
I had the privilege of maintaining web servers in a job long gone. I quickly learned that most web developers I encountered had absolutely no clue about anything Linux based and had zero interest to learn. This caused often their problems becoming my problems, when "it does not work!" was not because of the system malfunctioning, but them not understanding very basic stuff such as file access rights or something. Instead of spending 2 minutes of google time on "why a program I copied onto Linux does not run", they just went above my head and often got the "your problem will be taken care of" treatment from the CS.
Then there were a lot of cases where they ran stuff that required ancient script interpreters and deprecating them was without a fail a shit show where years of "this and this will be deprecated, please make sure your shit works in more modern environment" went to deaf ears and it was on the move day that they woke up that it won't work.
cjnewbs@reddit
I think it should be noted that "web-developer" is a really wide range of jobs/skillsets. As a web developer myself it's frustrating seeing for example some "WordPress developers" call them self developers when they will install 200 plugins and no understanding of whats happening so they can shoe-horn something into running on WP that should absolutely not be running on it, on top of being notorious for not having a staging or test environment of any kind. Seeing them call themselves developers is like someone calling themselves a mechanic because they know how to start their car.
Horsemeatburger@reddit
It's because these days everything is packed in frameworks and APIs which abstracts away the complexity of the underlying components from the development process, so many devs get away with having no clue how all the hardware bits work together, or even the OS their software runs on. Their apps still work because the frameworks deal with it.
This is less of an issue in embedded computing as understanding of how the underlying OS works (if there is even one) and the hardware is much more important than for a developer building some desktop, smartphone or web app.
AshMost@reddit
What bothers me lost isn't their lack of knowledge about their primary work tool, it's the attitude.
sccm_sometimes@reddit (OP)
Yup, I've politely asked users multiple times "Try using VS Code without admin permissions first, and if you run into any issues we can take a look then. Is that ok?" Yet they still insist on it and complain up the leadership chain without any shred of justification and in turn their manager who hasn't written a line of code since the 1980s treats them like spoiled children by amplifying the same complaints.
rb3po@reddit
I remember talking to a programmer who explained to me that IMAP was super secure because it uses TLS, and TLS couldn’t broken. I tried explaining that none of this matters if someone chooses a 6 character password with zero MFA. The point just never seemed to land; IMAP was a secure protocol to them.
kremlingrasso@reddit
This all comes down to:
"why the fuck are you developing on your office laptop?!"
Seriously your company issued PCs are for checking your email and teams and copy pasting excel files and somesuch. Development is done in Dev labs VMs or at least Dev VDIs. There you can install shit and have admin rights because it can be controlled what the whole environment has access to.
It's literally just creature comfort that they want to open their laptops and start coding right away instead of the extra 5 minutes to go through proper IAM.
robvas@reddit
Their tools often require full access to the system, and most developers and sysadmins aren't knowledgeable enough in the area of knowing how to provide access to those tools so that they can job while also falling in line with security/access requirements
gpetrov@reddit
Bacause sysadmins became that from the love of computers. Devs don’t. They went to a school that their parents sent them. The same parents told them there is money in this go study software development. The didn’t have the passion for computers like admins do.
bossman1337@reddit
IT is a plethora of skills, personally I've came from the bottom up with the hardware and software from the mod 90's, through networking and now a programmer. Some people skip alot of steps with certain courses available. I'm more of a knowledge of all but a master of nothing.
Obvious-Water569@reddit
A lot of the time it's a superiority complex. They make the thing that makes the money so they're more important than us peons. I saw the same thing when I worked in a school. The teachers were a fucking entitled nightmare.
Sad-Comment-6018@reddit
No. They just need to do their jobs
Obvious-Water569@reddit
And I need to do mine without being spoken down to like a piece of shit.
nbs-of-74@reddit
Or they dont know how DNS works, or networking, or they want labs at home that ofc should have access to corporate servers, or they want labs at home so must disconnect from your always on vpn (because CISO wants all traffic passing through a NGFW), or they insist on hard coding certificates into their code so SSL decode breaks (and, kicks off the argument re: ssl decryption that EVERYONE loves to have their half penny say over :D), or want the 'latest' ai coding tool and ofc its been authorised (yet no one can find any evidence that its been authorised for use within the company).
ETC ETC ETC.
wheels000000@reddit
I see you developers and raise you K-12 teachers. We are in trouble as a world if they are the people teaching the kids critical thinking, troubleshooting, or basic computer skills.
Tex-Rob@reddit
This is a topic as old as the profession, and has been coming up on this sub since it started. A lot of young sysadmins think development is IT.
Ratiocinor@reddit
How much collective human energy has been wasted over the years by stereotyping large groups of people?
Believe me there are just as many stupid lazy incompetent sysadmins out there as there are developers, I've had to work with them. Downvotes on the left. In fact there are people bad at their jobs everywhere
That's literally how I was able to pivot into sysadmin work from software development in the first place. I was the only developer who actually cared about maintaining our environment and the IT department at my company was so incompetent and unwilling to touch anything Linux related because "we don't have time to decommission that old RHEL 5 environment and put RHEL 9 on that hardware right now" that they eventually just said "ok fine you do it then if it's so easy". So I did.
I basically became the Linux sysadmin for the company because the IT department just wanted to cling to their Microsoft certs and "that's the way we've always done it", and were terrified at the prospect of a bash script or making a Linux filesystem. It's only after I started sysadmin work I realised that 99% of the time "that is not possible" actually means "I don't know how to do that and I don't want to have to learn"
I even got friendly with the head IT guy and convinced him to let me trial run several Linux workstations on old hardware. Long story short they ran successfully for years several developers including myself used them, they were fully AD integrated, and IT wouldn't touch them at all because they were Linux. Every few months someone in IT would check their antivirus dashboard and see that there were several workstations in the manifest that weren't pinging antivirus, and they would pester me to install antivirus on those machines, and I would have to have the same conversation single every time that "these are Linux workstations they are running the latest version of Fedora, that antivirus is not even available for that operating system nor is it really required" and I would get the same pushback each time. I would remind them that they are automatically updated, that only myself and IT have admin (sudo) access on them and that devs can't install random shit on them, that if they aren't concerned about our various RHEL and Ubuntu servers not having the antivirus then they shouldn't be concerned about these either. It didn't matter. Every time I'd get the same old response and be told "but... they need antivirus... can you at look into alternatives or something"
But I guess that goes against your narrative that all sysadmins are godlike beings and all developers are just dumb code monkeys
RikiWardOG@reddit
Dev machines need to be locked down differently. Our lead devs do have a separate local admin account. Our work moves too quickly to be hindered that much. You audit and use tools like airlock and have good app approval processes in place with complianceand legal. You can also have them work inside containers where if they do dumb shit its all sandboxed. A lot of these ai tools are still shit and dont offer robust admin controls so you're kinda caught in a pickle. That said, jrs seem so clueless these days and have trouble even reading error codes. Things like python start to act weird fast with permissions when not running from system install and out of appdata and dealing with env variables starts to get messy. One of our DB devs came out of a more traditional systems roles and tbh is one of the best people in the company to work with
TechnologyMatch@reddit
developers being IT‑inept isn’t new, it’s the classic “deep in one lane, blind in another” problem. they can write complex code but trip over basic admin rules or patch cycles because that’s not where their focus has ever been
part of it is hubris, part of it is the bootcamp/diploma‑mill pipeline flooding the field with folks who learned just enough to code but never touched enterprise IT. so when they hit security prompts or system policies, they treat them like bugs instead of guardrails
it’s like watching a pro gamer dominate in one title but forget the basics when they switch genres. skill in one domain doesn’t automatically transfer, and without humility, the gaps show fast.
iamabdullah@reddit
You allow users to install apps on their profiles? 💀
techparadox@reddit
The conversation we have on repeat at our shop is the dev asks for a software package, we install it, and the very next question we get is, "How do I configure this to talk to the server?" My department isn't in charge of your server or configuration, we just handle the install. Go talk to the senior dev that said you needed this installed and get the config info from them.
stucjei@reddit
Could it be part a communication issue as well? Like if they established a pattern of being a security risk then obviously that's that, but maybe having more support available from IT to install what they want for an environment would please them, based on the example conversation.
But I feel ya though, I once spend two hours running around the office figurine out why the whole network was crashing. Turned out one of the programmers plugged a VOIP phone with both ends into the wall, causing repeated cascades of broadcast storms that tore the network down.
bartread@reddit
A load of issues, but let's start with this one: 50% of developers are worse than average and the bottom 75% of developers basically aren't worth employing as developers because they'll create more problems than they solve.
This means all companies are competing for the top 25% of developers who are actually worth employing but the numbers don't add up to allow them all to be successful at this.
In the early 1980s being good at computers meant you could understand every aspect of a system: how to administer it, how to program it, its entire software stack, networking, hardware, peripherals, etc., in full depth and detail. That stopped being true sometime in the late 1980s to early 1990s and absolutely wasn't true in any way by the mid to late 1990s.
IT skillsets started to specialise so there's a very real sense in which being a sysadmin is a completely different skillset to being a developer working in a particular software stack.
You do still get people who span the different IT skillsets but in the main they tend to be older, and started tinkering with computers as kids 40+ years ago. Amongst those who are younger and have those crosscutting skills they tend to be more in DevOps or SRE type roles than pure software developer.
I have some of that crosscutting skillset because I fall into the category of having tinkered or worked with computers for 40+ years, and because I've managed teams with those different skillsets so even stuff that was less familiar to me I've picked up a bit of. But more importantly I know the concerns and so I know where to look in order to learn about the specifics of what I need to do to secure a network, system, or individual machine.
But lots of people who've come into the world of IT more recently don't because they've learned to develop software with a particular stack, and often within a particular layer of the application (e.g., front-end), and that's pretty much where their skillset begins and ends.
Even for those of us who do, on a locked down corporate laptop, the mantra is usually if in doubt call IT because we don't necessarily know (and can't find out) how the machine has been configured, and we don't want to get flagged up due to "unusual" behaviour on the system.
Now, going bavk to IT: you aren't immune from stupidity. You have some absolute drongos amongst your ranks too. And those drongos will do things like this: install $WELL_KNOWN_ENTERPRISE_FULL_DISK_ENCRYPTION_PRODUCT on all company laptops despite that fact that with some device configurations that software has known keystroke repeat and keystroke bugs on the bloody login screen where users enter their credentials... which causes those users to inadvertently lock themselves out of their laptops at higher than baseline levels. Grr. You'll also put VS Code in Software Center but won't whitelist extension publishers so people end up getting supply chained by a malicious extension version. Again, grr.
anikansk@reddit
Trying to decide whether this is it arrogant, entitled or pretentious.
natebc@reddit
unprofessional too but hey, maybe they'll learn.
Joe-Cool@reddit
They're academicians (many of them). It's a different way of thinking. Like a Nobel prize winning mathematician that is unable to operate a scientific graphing calculator.
Many of them don't think about it with any ill intent. Some of them are just assholes. (kinda like with every flock)
Moontoya@reddit
¿Por qué no la trinidad?
anikansk@reddit
Quarter Pounders.
Shadax@reddit
This is already the third post from this sub this morning I've scrolled across complaining about other users or teams. Time to unsubscribe I guess.
Mountain-eagle-xray@reddit
I mean sometimes you need admins rights as a dev because youre dev'ing something that needs admin rights, like creating windows services or what not.
Previous-Low4715@reddit
Scientists are the worst, trust me. "I don't care if it's triggering 140 separate CVEs, I need to run this cobbled together Access database "app" on a Windows 95 VM on this unmanaged Windows 8 machine connected to the internal network because there's no other way to operate this bespoke machinery we paid half a million for 19 years ago and never maintained or bought support for, stop making my job difficult"
neucjc@reddit
Haha. This is way too accurate. Also, they never document and security is not a concern.
DoctorOctagonapus@reddit
This, but our IT director used to be in charge of dev, and mentored the current dev manager. The tail wags the dog.
alwaysdnsforver@reddit
If I never hear "I think something is wrong with the server" (and it turns out to be shitty code) again in my career, it will be too soon.
shelfside1234@reddit
I’ve had people ask me for the IP address of a particular server because apparently they never learnt nslookup at Java school
tr1ckd@reddit
As similar as they may seem, they are very different worlds. I have a 4 year com sci degree but ended up working in IT rather than staring at code. I don't think there is as much crossover as people think. I don't get people that are completely helpless, but I could see them not understanding some things that I think are IT basics. Heck there's still things that some people would consider basics that I'm learning being several years into IT. The thing that I think crosses over the most isn't the knowledge, but rather learning how to learn as well as learning how to isolate and debug issues. That said, I'm sure a lot of people don't come out of it with those skills and they fall flat when they come up against something new or especially complex.
sebf@reddit
Interesting point. Honestly, I think a lot of good developers do not come from a computer science background. Recruiting with that in mind can help building strong teams.
Big_H77@reddit
From my experience it’s been an unwillingness to think outside of their defined parameters, and god forbid anything happen which derails their locked in thought processes… That and nobody likes a god-complex
Electrical-Quiet-686@reddit
Fun team I consulted for. Ukraine based COO and decided MFA is stupid and annoying. Company was running with all sensible security features / recommendations switched off and I think 3 times during 2 years I got email warnings rhat one of the developer accounts had been compromised. Supplying huge commerce organisation and somehow managed to get through whatever audit was done. When healthcare projects started they preferred to abandon healthcare as a vertical than to meet the basic regulatory requirements or it security. It's crazy.
fckns@reddit
I know it's hindsight, but knowing what their neighbours are, they should've known that security is top priority.
MightyDevOps@reddit
Because they code all day , can you do 10,000 lines in a couple days so that turns into an actual sellable part of a software and you don't kill everything in the process?
The thinking is much different and if you are locked in a blackbox 9-5 to churn out software improvements you will have a hard time picking up stuff outside of your competence especially if you are doing it for decades.
You will hate that shit with all of your being
mrpink57@reddit
As a dev once it’s 5 i will not look at code, read about it, think about it or talk about it.
Atalzer@reddit
I work with legacy software developers and one person said to me he's not familiar with Windows, he's an IBM guy. Not like Windows has been around for over 30 years or anything.
sccm_sometimes@reddit (OP)
They're a rare breed, but I have met some Unix CLI wizards who get visible disgruntled whenever they're forced to use a GUI.
proigor1024@reddit
They live in the application layer and everything below is magic. A dev who understands k8s networking but can't find the print button is a real phenomenon and ive stopped trying to explain it
darth_skipicious@reddit
because they can mogg you by breaking their own machine & making you fix it while they go get coffee or a nap
WayneH_nz@reddit
They just dont teach the skills now. I had an 18 year old that had been to private (elite) schools his entire life, and had to teach him how to use a mouse. All schooling done on touch pads and touchscreen. Not a gamer, just.. not needed.
sccm_sometimes@reddit (OP)
On a call with a user: "Now click on File -> Settings -> General"
"Slow down, I'm not an IT expert like you!"
sollozzo70@reddit
But I don’t need brakes or a seatbelt, why can’t you just let me do what I want?
Edexote@reddit
Because they think they know better.
danekan@reddit
You have pointed out your own problems while calling others inpept 1) you do need admin to install many vscode extensions on a Mac. Even for well known, simple, common ones 2) you should not be allowing developer the choice of what to install. There should be a review process. Developers should not be getting in to license agreements on behalf of your company. Even free software usually has a license. And Extensions are very dangerous these days. Especially openvsx market. 3) you should have a tool to request temporary admin and it manages it for you, logs and timeboxes.
HandGrindMonkey@reddit
I think it's because they are natural rebels, they question the rules and push back. That's why they are developers.
kujakutenshi@reddit
I've honestly never seen a dev who knows infra but I've seen infra people who can do dev tasks.
Excellent-Program333@reddit
And the escalate every fucking ticket, without fail, snd CC: anyone they think eill listen, up to C-Level!
panopticon31@reddit
We once had a internal developer who spent 30 minutes trying to figure out why their laptop would not plug in......when I finished putting out fires and was able to stop by I showed them their docking station was not plugged in to the electrical outlet.
sccm_sometimes@reddit (OP)
Got a similar one. User swore up and down that something was wrong with the wifi because it kept dropping his connection. Had to show him that you need to plug in the charger first before you close the lid on your laptop, otherwise it'll go to sleep.
Hot_College_6538@reddit
A long time ago now we had a developer who complained that when he compiled code his desktop PC shut down. We discovered when hitting compile he would lean back in his chair in a triumphant way, hands behind head, and his foot would kick the plug out a little bit.
BenzDriverS@reddit
This does not apply to the developers that are true problem solvers.
redunculuspanda@reddit
I have had:
web devs that i have had to build web pages for
Desktop support people that I have had to fix Macs for
Sys admins that I have had to do Linux command line for
Lots of people have absolutely no comprehension or willingness to learn anything outside of their tool stack.
cubenesis@reddit
It's because you can't reliably foresee when you'll need elevated access. I've had plenty of times where I needed it for a trivial task that would require hours, if not days to wait for support. Even installing, updating my IDEs, does require elevated rights. Changing environment variables, sometimes you need to do something in program files, e.g. installing certificates on JDKs trust strore, good luck without elevated rights.
MDParagon@reddit
Have you ever drove an hour to an office at 3am just to turn on a computer? I've surely never experienced that
Fitz_2112b@reddit
We've got a developer at my shop that absolutely refuses to stop using unsupported, open source software that we know has security holes in it.
justarandomuser10@reddit
I been a SysAdmin for a long time and have a strong belief that developers are reckless. I was a developer for a few years and thought SysAdmins are reckless. Now I am a SysAdmin again and think developers are reckless. If I decide to become a dev again, will probably think SysAdmins are reckless.
dat510geek@reddit
Can we talk specifically about web developers and not understanding smtp requirements for 365. WordPress sites, cheap website my clint got built. Guys s f tard.
pizzathief1@reddit
My cup holder is broken.
awetsasquatch@reddit
I don't think I've had any that are IT illiterate or anything, but some who don't understand some IT troubleshooting basics - but it's not really their job to know that. They work in a pretty specific niche of IT where they're writers more than technical workers.
VermicelliCrazy811@reddit
im guessing you work with a lot of devs.
in a thread far far away, a ford mechanic posts: “why are all ford cars garbage?”
Kilobyte22@reddit
I may have more than once had to explain to a developer how to use git.
Also: I have no idea why your typical enterprise Java application logs 20 stack traces during startup, all of which are apparently "normal". How am I supposed to tell "normal" errors and errors which actually need attention apart from each other.
dbxp@reddit
That should be determined by log level, usually its set in the config
Kilobyte22@reddit
Should. Usually isn't unfortunately.
dbxp@reddit
Do they run their software in IIS? You need admin privileges to access the IIS config
ForsaketheVoid@reddit
Ok but everyone wants admin privileges. life is so much easier when you have admin privileges
freethought-60@reddit
Sad to say, but you're not saying anything new, because it's a general trend that's been going strong for over a decade (for the worse), at least from my personal point of view. I've had senior staff who, while deploying their applications and setting up the necessary network parameters, have asked me in writing whether "/24" was somehow equivalent to "255.255.255.0"... I went out into the courtyard, quite shocked, so as not to throw a tantrum in the middle of the office.
Antroz22@reddit
Some devs really treat their computers as magic black box
yotties@reddit
Why do sysadmins and owners not document which access permissions are required and do not advise on which intergrated tools can be used? Is the same question in reverse.
"We program in excel, so we have a programming language " does not really get you there.
sccm_sometimes@reddit (OP)
More often than not the documentation is there, it's part of the new employee onboarding process, it's in the internal KB portal, and the Help Desk is always there for any other questions. People just prefer to take shortcuts and developers seem to have an ingrained attitude that the rules shouldn't apply to them, at least in my experience.
twatcrusher9000@reddit
It's a different autism silo than ours
Sad-Comment-6018@reddit
Sorry but you're argument doesn't sound like devs are IT illiterate, just sounds like they want more access.
Sva522@reddit
OK for python and vscode. But they are million tools which reclaim root. Depends on you stack. Maybe Web dev is less impacted. In my speciality embeded C++ there is no way I can work without beeing sudoers. Packages are pulled from company internal mirror. This is a cultural shock between the it and dev. You are considering dev as a user of a IS your are responsible of. Dev needs they own "bubble/VM" with rules for interconnexion.
nemor3@reddit
The ones who came from genuine curiosity about computers are usually fine. The ones who picked it because "software engineers make $150k" treat the OS like a black box they're forced to interact with between Stack Overflow tabs.
FeralSquirrels@reddit
I promise you there's a lot of inept people out there, at different levels and certainly between disciplines.
Developers I like to put into a group who are either so laid back they code in their sleep or are so stressed with deadlines and problems that the slightest inconvenience may cost them their job.
And end of the day, they're Devs. You may as well say "why does this Ferrari engineer not know how to use cruise control?!" - well, my guy, the engineer knows Engines, or perhaps they know transmissions or aerodynamics (which you don't in all likelihood) - why would they know about something so far removed from their speciality or experience?
Exactly. Devs aren't Sysadmins. Or even Helpdesk staff. They code, develop and do "that kinda stuff". Doesn't mean they also know all the ins/outs or anything more in depth than Bridget in Accounting, or Fred in Contracts.
There's been something similar for jobs for a long time. If it's not IT, it's something else. I can promise you there's a lot of people who aren't great but it's a learning opportunity.
If you can take a deep breath and do your job to guide them to fixing the issue and be approachable? It's a skill. It'll literally keep you in a job and in work. If you do it well enough they may even be able to share it in their team and save asking you next time as well.
Can promise you there's some equally inept Sysadmins and similar staff out there and you always remember the ones who've been proper cocks to other people because they consider (or outright call you) dumb, unqualified, stupid, an idiot or who also generally make you regret raising a problem.
If you're unhappy in your current role, the best thing to do is usually to look at why: is it the way things work and you can influence changing it? Is it just the business at large? is it you? If you work in IT you're usually a problem solver, so solve the problem - even if it means finding a different job elsewhere.
A large part of my career choices has been to pivot to a place where I'm no longer dealing with people on a daily basis who have these kinds of problems because while I like people I don't like people's problems - I want to deal with the specific issues I like dealing with. Maybe you need to do the same.
darkwyrm42@reddit
They're very different worlds. One realm is focused on fitting together a bunch of components into a thing, and the other deals with making the thing work with other things. Both can be mindbogglingly deep, but to the uninitiated, they both look like playing with computers.
opinionsOnPears@reddit
It’s not vscode and python that needs the admin permissions, it’s the douche that created the library they’re using that needs the admin permissions
agent_fuzzyboots@reddit
Long time ago when I supported devs I often asked them to show me the error and then show me the code so we could figure it out together why it didn't worked, during the code "review" I asked questions what did this or that thing do and what was supposed to happen.
Almost every time we solved the problem together, I'm not a coder but I was a damn good rubber duck 😂
MotanulScotishFold@reddit
Analogy would be that developers are like drivers while sysadmins are like mechanics.
WRB2@reddit
Keep in mind that many of us old-timers cut our teeth in environments where the OS was locked down identified by people who were second or third line support. Combine that with the Wild West of development software where the first words out of their support line was are you an admin on your system. If not call me when you are. 5hit has changed but that doesn’t change the habits we’ve learned trying to save our bacon.
Fritener@reddit
"but your a mechanic, what do you mean you can't make gasoline?"
Even-Cartographer551@reddit
I mean I can... But the EPA will be up my butt faster than the car will go on my DIY juice... 😏
Id_Rather_Not_Tell@reddit
In the sysadmin space you generally touch a little bit of everything so you'll get an appreciation for where different tech stacks overlap and where they don't. You will generally learn what you don't know just as much as you learn what you do, before you find something to specialise in.
Programmers tend to spend 90% of their time in the application layer and only move outside of it to "make something happen", not understanding that this "something" is predicated on an entirely alien tech stack, like networks, operating systems, topology, etc.
TCP? It's just the thing I need to insert into this function to make 'A' happen. They often skip over the integration that needs to happen before applying concepts.
suncontrolspecies@reddit
people in IT usually are not only like that but also evil.. just see how far BIG TECH are going.
20years as sysadmin, platforms eng, SRE...
Mapache9227@reddit
Usuario Desarrollador: No puedo abrir archivos aparece un mensaje de disco lleno
Helpdesk n1: Por lo que veo aqui tienes el disco lleno...
Desarrollador: ah eso pensaba...
crippledchameleon@reddit
I have a good one, dev tried to deploy app on 71000 port. He was nice about it and admited his mistake, but it was funny.