Slashdot Mirror
The Rise and Rise of IT Administrators
maffstephens writes "Have you noticed how difficult it's become to develop software? Not because software is more complex, but because there seems to be an army of administrators standing in your way - sys admins, network admins, database admins, runtime admins - the list is endless. They should be there to help us, to make our lives easier, but the reality is often very different. This thought-provoking article from Software Reality is all about the emerging culture of spiteful, dog-in-the-manger prevention amongst corporate IT administrators. Software development has become so inefficient as a result, it's no wonder so many companies are outsourcing."
Because these "adminstrators" know little to nothing about development, I spend hours in meetings working on stifling buzz-word compliant "Enterprise Architecture" plans. If we all just sat down and coded first, our productivity would soar.
In the time it takes to argue about how we might want to do something, I could literally have implemented betas of each ideas considered.
The high school I attend is completely saturated with technology, but only half of it works half the time. We suffer from horrible ineffiency due for the most part to our ITs/admins who got put in a job they have no idea how to do. They can't contend with all they have before them and thus adopt a horrible attitude. Nobody wants to talk to them or be around them, and nothing gets done.
Developers, Developers, Developers, Developers...
(That's all I hear these days, thank you Steve Ballmer)
As a sysadmin, the Devs need to learn how to play nice and keep the system stable. As a developer, I want total access to everything.
Solution? Developer network off the main network. If they blow it up, it's their fault and they fix it. Sounds good in theory. I think programs like Ghost will play a big role in this type of setup.
absolutely. i work in a f500 corporation and as the dev manager i spend half my time convincing the program manager to convince the IT guys to let our stuff trickle out. i can totally see the IT managers point, that his job is to keep everything up all the time and if everything is changing underneath him, he can't do that! i am at least happy we have our own sandbox (which we manage, the IT folks will only swap out hardware, apply security patches, or format, nothing else), and we hand over new software releases on a quarterly basis. I don't think there really is any other way to do it, can't have random groups deploying software to production servers, i don't think the CEO or CIO would want to hear the finger pointing blame game when something goes wrong. gotta be a better way tho...
We're a cancer?
I think it's more that the software development cycle is becoming move evolved, as happened to engineering a few decades ago. The days of slapping things together and getting it out the door are gone, and good thing, we all see what occurred at Microsoft when quality wasn't a top priority. Buggy software with huge security holes.
IF we want the public to trust software and computers more we have to develop a more "engineering" like mentality. Otherwise the public will think rebooting your computer three times a day is normal and acceptable.
I say this from the point of few as both a system administrator and developer. There were times in my old company I would highly object to certain courses of action because they might have compromised security. This forced the developers to go back and rethink things. However the developer side of me usually had a better suggestion anyhow.
Which brings us to the next point, part of the developer "get it out the door" mentality involves a lack of understanding by said developers of how systems work. They learn their C++ or Java in school, but they fail to learn how the underlaying OS and hardware work. IT training has become job training rather then creating computer scientists. Perhaps things would flow better if all invlved better understood the fundamentals of computers.
I for one am not said to see the development cycle slow down. Far too many times have I see bosses go, "Just get it done, we'll worry about cleaning it up later." Do you want the software controlling your car or the X-ray machine at the hospital being managed by such a manager? I certainly don't.
I work for a government agency in the U.S., and as you can imagine, it's saturated with sysadmins who watch over security, resource allocations, etc. Our solution was to build our own network infrastructure. We purchased two servers, cross-trained about six of us to work as admins on those servers, and completely bypassed the regular admins. The result is that we're one of the most productive organizations in our industry, because we were willing to put in a little extra effort to get around the problem.
It's good to use your head, but not as a battering ram.
I'm not defending all the admins, because there ARE a lot of clueless ones out there, but have you ever stopped to think that we're here as subject matter experts?
I'm a UNIX system administrator. My responsibility is to ensure my systems perform well. This includes actual performance statistics (I/O, CPU, memory), security, reliability, scalability.
It also means I need to scale up the hardware as applications grow. I need to keep tabs on what my systems are doing, and why.
I'm the "guy who gets in your way" because my responsibility is to the system, not to you.
I don't work for you. I work for the systems. They are my "customers" if you will.
Sure, I slow you down when I tell you "No, your app can't run as root."
I slow you down when I make you diagram your database so we can lay out the I/O correctly.
I slow you down when I make you tell me what you're doing with shared memory so I can tune my kernel.
I slow you down when I ask for projections over the next year so I can plan the hardware and scale appropriately.
I slow you down when I shut off telnet, ftp, r services, and every other plaintext protocol. You b*tch and moan because your expect script from 1994 needs to be rewritten, but too bad.
I slow you down when I ask for a detailed list of which ports your application uses, who they communicate with, and what IP blocks I need to permit access from.
Yep, I'm in your way.
That's my job.
And if you don't like it, well, too bad. I *DON'T* ask you why you're using C instead of Java. That's not my business.
I'm a systems subject matter expert. I don't pretend to be a code expert.
Your a coding expert. Don't pretend to be a systems expert.
Let me do my job, and I'll let you do yours. We need to work *together* and understand the interactions between your code and my systems.
Systems are NOT simple. They're very complex; you need to understand all the interactions here, from the kernel through the disk management (whether it be VxVM, LVM, or whathaveyou), through the network drives, through the firmware, through the HBA drivers...
Let me do my job. Yep, it'll "slow you down" a bit, but in the end, we'll actually have a complete SYSTEM that functions. Code, OS, hardware.
So you can't roll things out in an hour anymore. At least it works now.
I disagree. We need to focus on the quality, not the quantity. We need better planning, not just less of it.
I've been involved with companies who spend forever planning and twice as long coding, and they still produce crap. Why? Because the design is always done by committee, so no really good ideas get out there, and the design always ends up as a preoptimized mess with a few "management-approved" ideas thrown in.
I seriously think a small tag-team (2 or 3 people) should be responsible for projects, and they should take in all of the input and recommendations, and produce a solid spec by themselves.. rather than the typical '10 departments sit around a table for 20 meetings and produce a piece of shit' method.
mogorific carpentry experiments
I my office, the IT personnel grant or deny software installation requests (among many other IT-related tasks, but software installation draws a nice example). People usually want software because it would make doing their job easier. Does this mean IT should allow any tool to be installed? If a software request is denied, the requestor will sometimes complain loudly along the lines of "Your job is to make sure I can do mine, not regulate it," to which IT will retort "but if we allow any software, it will result in incompatabilities between departments ultimately reducing productivity and increasing maitenance costs." Both are right; this sometimes results in a bitter relationship, but lets face it, they're keeping checks on each other. A successful development company needs to find a balance between the two.
For too long developers have been held up as the ultimate in computing knowledge, while administration has been seen as some monkeyboy sitting in a computer room swapping tapes out.
As a result, nearly every end user of a developed system is given attention before system administrators and operators. The secondary result is SA's and operators are left with big piles of innefficient crap to wade through, and much of the pressure of making said piece of crap work. How many folks here have had to work in huge, bloated teams of SA's all to support an ill-concieved and poorly developed (but gee whiz does it look greeeat!) product, getting paged and phoned all night to come in an slap more duct tape? How many people here have had to manage a bunch of boot-camp MCSE's trying to do 400 manual processes an hour because "that's the way it was developed"? How many people here have had to explain to a customer that some piece of code written by a fresh off the MIS degree train VB developer isn't RFC compliant and therefore 45 percent of the people in the world won't be able to interface with it? How many SAs here have had to tune the crap out of boxes and networks because a login page makes 75+ ODBC database calls? How many security consultants have had to go in and basically tell a company that they'll have to repartition and reinstall every server because someone found SQL injection in an app that required superuser privileges?
The list goes on and on. Administrators aren't there to make life easier for developers, they are there to make things work--and make them work better, more reliably, and more securely. I'd suggest that this whiny ivory tower developer wake up and realize that coporations have gotten smart to the crap he's been turning out and further realized that the people who run the stuff are just as important as the people who write it and use it.
In short, he needs to learn how to work on a team.
Developers are smart, but they aren't the top of the computing pyramid. There are many other groups of people that are just as smart in different areas.
This pushes me to take responsibility for having an overall understanding of how the application fits into a larger security context, and that the application works in the real world/under load.
Only then is the app dumped onto the larger network. I think all developers should do some real-life system adminstration, and system administrators should do some development.
There are a world of difference from what the normal marketing person, executive, etc needs from a computer and what a programmer needs. Most people don't need much in the way of room to play around, and they shouldn't have that room.
Programmers are different. I write code, I need to test it. Maybe it needs root to run. You, as the sysadmin controlling my stuff, need to let me do that. In reality, there almost needs to be a different network for programmers, where they have the room that they need to mess with their code and see how it works. Sysadmins need to understand this difference. Programmers don't need root access to the network's servers, but they might need root access to a testing server, and it's the sysadmin's job to make sure that he can have a testing server running on a network.
Nice mindset there; you're a real team player. The reason we are there(network/sysadmin here) is to HELP you.
However, we're also there to make sure you don't do stupid things. While you say "these IT people get in our way", I point to a laundry list of really, really, REALLY stupid things developers have done at every company I've ever worked for; they just don't THINK about anything besides code, and they get Great Ideas without thinking through the consequences, either technology or business-wise. Some of it is just sheer laziness, and I've been faced with developers who act liked goddamn 5 year old spoiled rotten BRATS- this was particularly bad a few years ago when anyone who knew what "printf()" meant, got a 75k+ job.
Prime examples of stupid things I've seen: logging into machines using the root account because you're too lazy to use su. Or not allowing you to ssh directly into a system from your home PC without a VPN. Or yelling at you when you use temp tablespace for permanent data. Or not letting you move production functionality to some desktop system underneath your desk. Or using the database admin account for your application, instead of a seperate account?Or not implementing your latest code changes until you're willing to put down on paper that you actually did your job properly and TESTED the damn changes(do you know how many times I've seen developers just push code out without testing? Guess who gets blamed first. Guess who gets PAGED first, at 3am when it crashes. Management doesn't distinguish between a misnamed variable and a "Internal Server Error 500"; they're both production problems, and you're not in charge of production).
We're part of the team, and we're here to stay. You can either work with us, and clearly communicate to OUR supervisors(not just us) what your needs are...or you can make us the enemy, always try to do things half-assed, and get nothing done. Your choice- but management usually sides with safety, and we're the ones saying "that's not safe", and even if management doesn't side with us- when things blow up, we simply point to the emails we sent saying "that wasn't safe", and let you sweat it out while we restore from backups and clean up your mess.
Sometimes it's simply not our choice; it's "do it this way, tell Development that". You have no idea how frustrating it can be sometimes for even us- I once worked at a place where root passwords were changed on us sysadmins, and we were told "use sudo". The incompetent assholes a few levels up didn't realize that gee, guess what, if the machine crashes and fsck fails, you need the root password.
Please help metamoderate.
Well, there you go.
My developers tend to want to run their web servers on port 80. I won't let them.
Why not? Because then they have to have root privs to start/stop the app.
No dice.
What's my solution?
Run the webserver on a high port (I tend to use 8000, but that's arbitrary)
Put the systems (Yes, each app has to have at least two for redundancy) behind a pair of load balancers. Let the load balancer do the work. While we're at it, make sure the load balancers have SSL accelerators too, so we can offload that from the CPUs...
Much saner architecture than letting a developer download Apache from Sunfreeware and running it on port 80.
And then people wonder why we have sysadmins?
Are there sysadmins who've never coded, not highly skilled at what they do who are a drag to work with? Of course. Sysadmins run the gamut, the best (and probably most productive) have enough coding experience to know and work with the dev side also. The very best can run circles around the average dev imx. Naturally the very best devs are int the same class.
There are just as many 'developers' who don't have the first idea how to perform adequate testing, let along consider the constraints of running in a production environment let alone writing portable, consistent or maintainable code.
The author of this article is quick to bitch about a sysadmin losing his working files. Sure it happens. What the hell is with a developer who doesn't bother to keep any working copies of 2 weeks work? (In my own time managing a corp. network I'm pleased to be able to say I had exactly one instance of unrecoverable data loss -- where two users hadn't realized that NFS did not provide pc clients with any form of locking)
As a distribution maintainer (lunar) I see several OSS packages a week breaking reasonble build schemes or changing thier tarballs, (breaking MD5/PGP checks) without updating version info. So I'm sorry but there are no shortage of sloppy developers out there.
In my own engineering practice I've found over the years that all work goes better if the people doing it know they'll be held accountable for it over the long haul. Too many devs are allowed to get away with a 'throw it over the wall' mentality, going on to the next project and never having to deal with some of their cruft. Of course the same logic applies to the sysadms, I've seen lots of the behaviors the article rants about it but I gotta say ranting and pointing fingers ain't the solution.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
I've been one of those evil System and Network administrators for over a decade now. Most of that time has been spent supporting software development labs.
I don't know what planet you or the author of that article live on, but I've seen a steady increase in the quality of software development and maturity in the development models used in the last decade. This may have slowed our development a bit, but you can see the results in our defect find rates. We're delivering a much better product than we used to.
Rather than just hacking out some code, doing a perfunctory test, and throwing it over the wall to be released, our developers are actually managed these days and do this cool thing called "planning." Yes, they actually investigate, propose, design, implement, and test code on a schedule. We even have teams dedicated to testing the systems to make sure they work. Oh, the horror!
In a decent software lab, which I consider mine to be, most of our management is also made up of engineers who rose through the ranks. These people know their stuff and trust the engineers beneath them.
In my area at least, we've also seen a large increase in the complexity of systems as well. No longer are our engineers programming a lone application to slap on a PC or a server. Our projects are large and distributed across multiple networks and servers. We have to traverse firewalls and worry about security trust domains and lots of other things that nobody cared about a decade ago.
I think that this increase in complexity of projects is likely responsible for the entire list of negative consequences that the article attributes to 'role fragmentation'. The only one I'd leave out is "de-skilling of the workforce". That may have been true in 2000, but the layoffs of the last few years have forced everyone to do work that was once done by multiple people.
All of that requires more attention to detail, and requires more effort to get right. I don't see that as good or bad, it simply is. Get used to it and stop whining about having to actually plan something and coordinate with others.
- Necron69
What I often see is the people who least understand the big picture when it comes to technology are the ones who feel held back.
...
..."
The people I see getting mad just don't understand the impact or implications their "simple requests" may have on others.
"Can't you just open up ports 135-139 in the firewall for everybody"?
"It works fine on my system, something must be wrong with the server"
and my all time favorite when people don't have a clue why their system isn't working
"It must be the network"
They really don't understand how their system works.
As an admin (LAN, WAN, firewall, server, email, etc... you get the idea) for a med size (3000 users) organization I often have to learn other peoples jobs just to figure out what the heck they are really trying to accomplish. It usually goes something like....
Customer: "We need
Me: "Why?"
Customer: Pick one:
1) Vendor says so
2) We tried everything else
3) Thats what someone else said
4) ?
Me: "What are you really trying to do?"
Customer: "What do you mean?"
Me: "Don't tell me what you think you need, tell me what you are trying to do?"
Once I understand what someone is trying to accomplish then I can often work somethign out for them.
Keep the Classic Slashdot.
I know I am going to get modded down terribly for this. I dont care. Because this is my sincere opinion. I want to ask these average americans who bitch about outsouring , what is wrong with outsouring ? its part of globalization which is something america initiated, perpetuated and benefited MOSTLY. Giant american multinational corporations went and screwed up virtually every local industries and firms in developing countries. As a result of this american economy benefited a lot(whether it was just for a few rich or not is open to debate). Heavily subsidized american agricultural products resulted in devastation of un-subsidized farmers in the developing countries. All these time, these guys who bitch about outsourcing were happy with these. But when the same trend of globalization continued and resulted in so called "outsourcing" , all hell broke loose !!!. So where were you all when a HELL LOOOOT of farmers and other industry workers in developing countries like india were loosing jobs becoz of globalization ? Or is it that "anything is OK as long as we are at the receiving end" ? Why there is a hypocrisy when its outsouring ?
http://www.nasirudheen.blogspot/
be careful there. developers don't automatically equal smart, and admins don automatically equal dumb.
to say any different reveals your ignorance about either field.
No truer words have been said.
They need to wake up and understand that us developers are the true brains behind the enterprise. We walk on water. We are GODS I tell you. I can't count the number of times I've had to yell at my sysadmins for making the coffee too strong, not popping grapes in my mouth fast enough, or moving the hand-fans too slowly. The fuckers. It's as if they don't understand that their purpose in life is to serve me. That the entire company exists not as a profit generating entity, but as my personal support system. Heaven forbid I do something smart like suggest or create a decent PROJECT LIFE CYCLE to avoid conflicts with other departments. I'd much rather whine on slashdot. Now I have to go. My 3 o'clock rubdown is coming up and I need at least another 2 hours of slashdot reading time before that. I mean christ, what do they pay me for.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
You only get to pick 2.
Why has the administration been allowed to bloom unnoticed in the software industry when it is having all these negative effects?
Because Administrators are the ones who have to deal with the most headaches. I quit administrating and switched to development because of the complete lack of control I felt. The bulk of my admin was on Windows NT servers. A bad patch or rogue program caused grief, which I was expected to fix. Because of largely closed-source development environments, that meant flailing around in the dark trying endless shotgun approaches: patch, reboot, test, change, reboot, test, reconfigure, test, blow out OS, reload, test...on and on and on. Meanwhile developers would say "just get my database up and running! I don't care about _your_ problems".
Unix is the best environment I know for Administrators. It slowly nudges them towards programming because of the close relationship of scripting and automation. Admins grow to become programmers. NT on the other hand, is a completely non-sensical environment because it's prodiminatly adminsitrated through application layers; no programming knowledge required.
The old addage of freedom and responsibility applies. The more responsibility you have, the more freedom you should have. The less responsibility you have, the less amount of freedom is tolerable. Since a lot of admins work with closed-source products, they do not have the freedom to fix or investigate problems the way their open-source counterparts have, and therefore are given the responsibility without freedom.
Largely, I agree with the article's points, but I think the blame goes beyond the administrator. I think it belongs squarely in the lap of the commercial software industry. Then answer: open-source.
Ruby on Rails Screencast
He believes the Database admin should allow him to make any changes whenever he wants them.... who cares if theres a REASON there are naming conventions.... never mind that someone actualy took the time to think about the possibilities of portability, or that there may be software already developed elsewhere that is dependant on those conventions and may need to be portable or cross-aplicable.... never mind how your changes may one day end up going live with a horrid architecture that you "evolved"
He percieves security and network admins as simply being in his way, and that having his rights restricted is not only an insult, but an offense to his craft. Not minding that security holes can and WILL bring a network to it's knees... expecialy if your a target.... not thinking about the huge potential for corporate espionage, or employee sabatage. Maybe i should just give you full rights to the entire domain?
He thinks that having the "right" to install whatever he wants whenever he wants without respect to the company policies or threat assesment is a given. That the potential for harm in HIS case is somehow different than from the secrataries.
Well to you sir i say this..... get your head out of your ass. Unless your specificly developing an application that uses communications systems outside of standard FW blocking.... there is no reason on gods green earth that FW shouldnt be locked down as much as is possible. Have you ever seen what a virus can do to a network? What Blaster or sobig did last summer? while blaster is preventative by those "pesky" vigilant admins, sobig can bring a company to it's knees without even getting infected. My T1 maxed out on incoming sobig eails sent from the web..... because some jack-asses in other companies and home users werent so "strict" about their own security measures. I almost lost my job because management coudltn understand that the problem wasnt even ON our network.
I have also developed... majoring in computer science and working on several large projects. And box control is somewhat necesary for programmers.... but in the long run.... really isnt. you set up and request a bunch of tools, install them and should be through on that machine. If you want full out control.. your not gonna be on my network, no fucking way... cause salespeople, secrataries and smart-assed "developers" catch nasty viruses and cause serious problems. sometimes i hate laptops.
He does mention some very solid points, all of them relating to BAD administrators. Admins who dont evaluate the potential benefits of suggestions by their co-workers, admins who fear for their job fruitlessly, admins who think they are god of their systems and allow no flexibility, or admins who arent willing to do something as simple as setting up test-bed networks DMZ'd away.... or on a seperete network entirely. These guys suck, which is why i have three pipelines to the net... so when users need to do things i feel are in-secure, or when we recieve visiting salespeople and/or outside computers.... i can safely give them web access without it touching my network.
It's called team-work. And the biggest problem with this guy is is he obviously thinks he is the most important part of the company... like everyone should be catering to him.... well guess what? your not that important. And in 90% of buisnesses out there, you barely exist. Most comapnies have a primary need to maintain their systems, and to improve them safely and incrmentaly, because any failure, even one day of outage... will cost far more than your extra time spent dealing with the granted quite annoying delays of a secure and well-managed infrastructure. the day to day cost of my companies development team (fairly large) verses the cost of having any sort of network failing on any particular si
--Idiots, Every single one of YOU, A flaming mass of conglomerated morons, hey wait a second, isnt that how RAID works?
That there is a reason why alot of admins are paranoid about giving anyone , not just developers, control of their box. The case in the article was an extreme example, but I couldn't help but wonder "What did some developer do years ago that completlty hosed everything?"
The back up situation at the place in the article sounded outrageous. The author had every right to be angry about that.
As far as the firewalls go..if there is a security breach, the developers would not get sacked and new abused ports are discovered. Users find ways of clogging everythign up with Yahoo! IM going through port 80, outside KaZAa users from Brazil suddenly thing that you have LTR Return of The King hidden somewhere on your network or script kiddies from Korea sudenly decide to scan port 1021 all day long...In other words, there are lots of reasons to change the configuration of a firewall daily (unless disconnected from the outside completlty..but no users want that).
Like NetNinja said, cleaning up after them is a nightmare, plus the admins are liable for the mess , not the developers. Communication between groups is the key.
You can't build a meaningful system without understanding all of the parts that go into it. This is why specialization is an anathema to efficiency.
The ideal project group contains about 3 people, all of them code, all of them plan, all of them test, and all of them administer. The individuals may be responsible for a specific area, say security, but they all know and share in the design.
The main problem is that technical people don't know enough to serve in more than one capacity, and the formal corporate structures enforce this division, through their arbitrary classification of techs based on which ersatz MS diploma they possess. Administrators think that software development is separate from security administration, when in fact these are just two chapters in the same book. If developers know nothing about security you end up with MS Outlook, if security admins know nothing about software then you still end up with MS Outlook.
There are only two different job classifications in IT, the Hacker and the User.
He has decided that his problems are due to administrators, who are all clueless, and that he would be so much better off if his world was run by developers, that are all knowing.
The reality is that the authors problems are due to inept individuals and the corporate bureaucracy that keeps these inept individuals in place. The problems are not simply admins vs. developers. This is no different than any other profession.
There are countless bad administrators out there. Many/most do not deserve the title of Administrator. But, at the same time, there are just as many developers out there that should not be allowed near a keyboard and yet they are forcing new "applications" down end user's throats on a daily basis, "applications" that reduce productivity due to bad design and processing inefficiency, buggy and untested code, and a total lack of understanding of the business process.
There are far too many inept individuals on both sides of the fence. It is not about admins vs. developers.
One more thing, the author seems to understand that J2EE is a bad idea so, why does he continue to develop with it?
but it seems that the author missed several of the intervening years that have led to the current situation.
In the beginning, the developers also were required to administrate the machines they were developing on and for. Shortly after that, as there were more deployments, there were folks who's primary task was system administrator, and they would perform development tasks according to the needs of the organization and in order to make thier own jobs much easier, then came the network administrators, who would also develop software according to the needs of the org, and in order to make thier own jobs much easier. Then it all went to shit as the marketing department realized that there was money to be made, they began asking for needless software with dubious need and poorly thought out devlopment requirements that could be used marketing fodder. The administrators became notorious for (rightly) defending defending thier turf and saying "not on my network. not on my system."
So the role of developer was born, a person with skill in writiong code with the willingness to write program asked using whatever programing language specified without any objection whatsoever, regardless of the technical merit of the spec, the need for the program, or the overall effect on the system, as long as they were paid. All applications were written in whatever the language of the day happened to be, and fufilled the purpose of whatever the flavor of the month dioctated. What had been elegantly designed systems that specifically fufilled the needs of the user using existing tools (most often transparently) whenever possible, using custom (or community) designed software whenever necessary, and requiring the least amount of system rescources possible, now became incomprehensible morasses of rediculously complex dependancies, multiples of propietary protocols that replicated each others capabilities but were "incompatible" with systems that served the exact same purpose, huge collections of libraries all addressing the same needs and differing only in what would justify the high cost of the (propietary) product, and an absolute disregard for any sense of of efficient and elegant network, system, or application design.
The design process has been divorced from the persons who use the apps, maintain the systems, and have the best knowledge of the needs of the given organization. Software development is now managed by sales people, marketing divisions, and corporate executives, most of whom have little real knowledge of the IT feild other than what they read in Gartner's artcles, and will accept the advice of a "consultant" before even considering asking one of thier own employees. These are the people who believe that the best developers are teenagers, that ".net" is the "way of the future", and that when a sales person tells him that thier product achieves something never before accomplished, or that it provides capabilities available nowhere else, they believe this.
Now the developers are crying that they don't have domain administrator rights on the network, or that they cant write to directories that they have no reason to be writing to in the first place. They bitch when the network has been infected by yet another virus, but complain when the administrator strips all VB script attachments from thier emails. They bitch about how much work they have, about thier hours, and about thier pay, but drop to thier knees for any manager that brings them yet another impossible to implement product idea or project that serves very little purpose (other than as something that might sell). They bitch that the admins are fscking around all day without understanding that this means all is well on the network and the admins have done thier jobs well.
This is the problem in the development world, and it is being addressed by Open Source. True, there may be some job loss a
Read, L
I agree that delivery of a mature stable system is the number one priority. Unfortunately this is often in direct conflict with the expedient goals of developers, who say things like "just give everyone access."
The only real problem in the article is incompetent administrators and incompetent management. Interestingly there are no incompetent developers in his world.
Delaying a multi-million dollar project is never okay for a competent admin. Competent management would never allow such a thing to happen either, or such an admin to remain employed. Missing backups should be an instant pink slip too.
Unfortunately most developers are no more competent than most management and most admins. Most people are mediocre by definition. Paranoid admins are no worse or more common than managers who don't do anything but protect their fiefdom, or developers who know nothing but driving a particular gui.
In technology we'd all be better off if we understood computer fundamentals better, but we can't all do that. Very few of my developers have any acquaintance with microcontroller programming, but studying that is a part of my understanding of how computers work. Most of them have never touched Unix, or any free tools either as far as they know, but knowing those makes me a better admin.
Dealing with multiple administrators is a pain. Modern systems are large and complex, and complexity increases exponentially with size. You're going to have to deal with multiple administrators, and modern projects need a project manager.
I worked in the office of the network architect for a fair sized company, and he spent hours at a time on calls making the network work, sometimes days. He also implemented a VOIP architecture that saved the company hundreds of thousands of dollars in the first year. None of the developers would have been able to do his job. They didn't have the technical expertise, nor would any of them have been willing to troubleshoot the global WAN around the clock.
One director who wanted the NetArch to make a client's VPN to work right now, threatened to call the CEO because it didn't. Never mind that the client had refused to give us any of the information we had requested (weeks before) to make it work. We had done the best we could, and the final problem turned out to be one with the client's configuration, which we weren't given any information on. One client finally agreed to call their tech support, who pointed out that they needed to use a special acces point coming from NATted environments. Simple for them, impossible for us.
A friend worked in a company without a dedicated admin. This startup full of brilliant coders got their FTP server cracked, and someone downloaded all of their work. Maybe it was one of their competitors, maybe not.
Backups are a pain, and none of the development servers I've seen were actually backed up regularly by the developers. These were the same folks who insisted on running Visual Source Safe without licenses, and just didn't have an administrator, so when they had to fix the database or roll back to an earlier version so that people with Macs could use it, they were out of luck. They never bothered to learn to use their tools, so they encountered the same problems over and over again.
When they wanted firewall holes for AudioGalaxy, or for me to give them software that they were unwilling to buy, or when they opened another virus infected email, I was at fault. When the dev servers failed, even though they existed solely to give the developers total control, it was my fault. When the VP wanted a deleted email back, we had backups though, unlike the development servers maintained by the developers themselves.
I may sound cranky, but I was always cheerful & respectful of my developers. I knew that they just wanted to do their jobs, and didn't know how things worked.
The author reports that many developers feel that administrative burdens are halving their development efficiencies. That's meani
Assembly is the reverse of disassembly.
If idiots could fly, you'd be an ass-tro-nut!!!
Developers whine about not being able to willy nilly install anything tools they desire, code in the "cool" language of the week, or drag in any middle ware which is fun for them to playwith i.e. (Tomcat, Jaguar).
.NET using CORBA, XML and exotic middleware, however they don't understand it, nor do they have any desire to feed and care for it. This results in yet another orphaned system that will probably need to be rewritten in just a few years since there will be no one around to understand it. However, nowadays it looks like the next re-write will take place in India.
The developers then work on their little projects, get them finished, and DUMP IT ON THE ADMINS and RUN AWAY (off to the next exciting project). Yes, the developers are typically able to coble together their cool Java Beans J2EE to
Unfortunatly, for the sake of the users and the corporation, the Admin ocassionly has to say, "No". Believe me, I'd like to let everyone install EVERYTHING and play all day and all night. Innovation, innovation, innovation to the extreme. And that security stuff, who needs it. Just turn off all that annoying ActiveX security for the ease of development. We wouldn't want to slow anybody down. Also, disable all the Java security and let applets connect to and from anywhere. Ditch it all, after all the world is a safe place. There aren't any bad people out there creating hostile ActiveX and Java applications, plus the firewall and virus checker will save us, right?
Systems must function for the sake of the customer and the customer's business. For this to happens, there must exist a well understood development framework and compotent people to manage and maitain the framework. Without this, you are in the wild-wild west of systems and are heading for the land of perpetual system rewrites
I am an ex-developer admin so I work with my developers to help them logically design their applications and database objects. I even tune their SQL, but I resist letting them go off in "cool" direction of the week, just so they can add a new line to their resume and dump yet another one-off application on me which is guaranteed to misbehave and be nearly impossible to upgrade.
So yeah, maybe I don't let the developers have free reign, but we also have the best-performing, most available systems around.
A 600hp car with the keys locked inside isn't good for much other than looking at. Who cares about the uptime of development boxes? If your developers are so incompetent that they can't keep from permanently mucking up their own machines, then your company has other things to worry about.
Developers don't need root access. Simple.
For what? Give me one good reason why.
tcpdump/snoop/ethereal - sometimes watching the packets on the wire is orders of magnitude faster than any other option for debugging a network app.
OS bugs - they aren't "suppossed" to exist but we all know that doing weird shit to a system can push it off into corner cases that the OS engineers haven't handled so well. Sometimes once in the corner, the only way out is to reboot. Until a patch shows up, letting the developers reboot the system after they dork it up trying to debug their own code is a real time-saver. Especially if they are working 2nd or 3rd shift when finding a sysadmin to reboot the system can be difficult or even painful for all parties (just love gettings those 3am pages to reboot a computer and if the system is classified you have to physically come in to do the reboot).
That's two reasons. There are more.
When information is power, privacy is freedom.
wrong.
If the app isnt running as root, you dont need root permission to trace system calls.
Unless your OS sucks or something.
I've seen both the best and the worst of having admins involved, and in not having them involved. About three years ago, my firm rolled out a web-based customer service app. My comrades in UNIX, NT and my network team were only told that they needed to provide servers and connections, not that there was a major application rollout. The first day the app was in use, I had the operations VP screaming in my ear that his agents at our remote site were unable to work because the app was so slow. We found that, because of the undocumented and untested requirements of the new application, the WAN usage at our remote sites went from under 200k to maxing out two T1 circuits. It took two years to finally get that situation stabilized by increasing our bandwidth several times over (increasing our costs) and spending several man-years to correct the application.
After a change at the CIO level, we now have multidisciplinary teams - programmers, admins, DBA's - working together to prevent such expensive oversights. The problem with the article is that it romanticizes the past. How many of us have had to live through DOS programs whose programmer assumed their program was the only one running? Today, more than in the past, we cannot afford to have walls built between the various groups in IT. The costs of failure are too great.
I think, therefore I am - Rene Descartes; I yam what I yam, an' that's what I yam - Popeye
But that's exactly the point. Developers should have their own little playground to play in, where security should not be the primary focus. If you are concerned about security, make the computers in the development lab join a private network that is separate from the company lan.
Then everybody will be happy. You won't get calls from developers who are more than happy to fix their own troubles. Developers won't have to deal with you. So, what's the problem?
Oh, you mean you do development work on production boxes? Well, shame on you. How much is a nice development box these days?
Many of the posters who disagree with the author, wrap themselves in the flag of "looking after the company's interests" - well who the hell do you think the developers are working for? - they aren't just making shit up on their own - Its the managerial idiots in the company who want you to roll out "Project I Pulled Out of My Ass So I Can Feel Important # 15" and no I would give you business requirement because this project is too overdue already just back fill them from the tech spec you guys make up and oh, yeah its important you follow all the processes and work nice with the poor "we're only trying to do our job" Operations Dept. And by the way if its late or wrong (because you read my mind incorrectly) then its your ass, not anyone else's.
:) I think they (IT management) think that things like wget is an example of what they would term "shareware".
He is right, admins have too much power and too little responsibility for being on the line for projects getting rolled out.
Here are some tidbits from one of my jobs at a Fortune 100 Co:
When I first started working at CoX there were no UNIX tools on any of the UNIX servers prod or dev. I had to compile gzip, top, wget, perl and all the other tools needed for a normal system. Why didn't they need top or ntop, because if there were problems on the system they would throw up their hands and say it was because of the developers processes and called them/us.
The network admins would refuse to participate in troubleshooting and no one else was allowed to use the sniffers. They would also do network work including taking switches and routers down during the nightly batch processing without notifying the "developers" who then got called at 4 AM to troubleshoot why "their" overnight processing failed.
The Oracle DBA said that it was not possible for the same query to take different lengths of time to run(at different times).
PC admins - no FTP GUI clients were on the list of approved software since the business users didn't need that type of product. No "shareware" allowed. They were starting to talk about no "shareware" for the UNIX servers around the time I was leaving
The security admins ruled that the r* commands are a "security risk" [period, blanket, no appeals] and the developers were give three weeks to change all the production processes - never mind that getting approval for a change request (from the tribunal of these idiots that run the change control "process") takes longer than that and all the code needs to be changed and tested before submitting the change request (into the IIS/VB million dollar change management system that could keep even the CIA from pulling any usable information from it). You will need to be prepared to justify any and all aspects of your project before the tribunal, even though they are the ones who are forcing you to make the changes.
The list goes on and on. My experience across many jobs (20 years) being both an admin and a developers, is that generally admins are less competent and more useless than developers. The order in terms of least knowledgeable and most "preventative":
1. Project Managers (completely and utterly useless)
2. Security Admin (most seem obsessed with think that make the least difference for true security - ie patching iPlanet so that it doesn't do HTTP TRACE) Their job usually also involves the slimy, salacious task of monitoring people's email and looking through http server logs for who's downloading porn)
2. (tied with security) Network Admins, won't help troubleshoot; nothing is wrong with the network; I can ping that machine from this one so its not the network; no you can't have any performance data about the net/router/switches its "confidential"; no you can't have the snmp password for the machines that you end up having to support because all the admins are useless, its "confidential"; no you can't use the sniffer, but its not the network so you don't need the sniffer anyway;
3. DBAs (The
This article smacks of the typical chaos that corporate developers often bring to the table. The author bitches that IT won't give him admin rights to his PC, yet he neglects to mention when he did have them the sysadmin was having to call him frequently to explain the high amounts of bandwidth being devoured by his system after he installed Kazaa. Or how about the help desk ticket asking if there is some way to block all the pop up ads when it turns out Mr. Developer installed Gator or some other [spy|ad]ware.
Yes, I'm a corporate bastard sysadmin. If I weren't a bastard the company would need four more of me to clean up the constant messes the developers create due to their complete lack of consideration for company resources. I'm not talking about the legitimate development work, either, but rather the pure crap that these guys do with their systems that end up introducing all sorts of malware into the internal LAN.
Just stop your bitching, and remember you're not at home. This isn't your network. It isn't your computer. It's the company's. Try to respect that a bit more, m'kay?