I've never been convinced that these forms of making stuff good by massive oversite actually works.
Pretty much every major engineering project has massive oversight. If you're likely to affect the safety of the general public, it comes with the territory.
Do you know why you can crash your car into a solid wall at 60 MPH and probably live to tell about it? Because there are so many rules and tests. Just because you can't fathom the immense effort that goes into a project... don't assume it isn't happening.
Most of these "software engineers" working on mobile apps have no idea what it is like to work on safety-critical systems. Until recently, security was not considered as part of the system's safety. That was a serious omission, but it is being rectified.
I feel some serious sympathy for anyone who is left holding the bag. When it comes to securing a legacy system to a comparable same level as its existing mechanical safety certifications, it is either impossible or will require a Herculean effort.
We've seen the fruits of safety regulations, however, and they will need to expand now that everyone can carry a capable computer in their pocket.
The airline can't fix the issue aside from replacing the aircraft. And there is no reason to assume Airbus or MD or anyone else is any better than Boeing.
This is a fundamental problem across the entire industry. It also affects the car and trucking industries----no security designed into those vehicles either, for the most part.
I'd assume they're only reporting about Boeing because the hackers were given a Boeing to play with.
Maybe karspersky has become too effective at capturing and stop NSA's malware and spy tools.
Malware developers maintain updated versions of popular security suites, and they make sure their payloads are not detected prior to release. This is fairly well known.
Lone-wolf coders were doing this 10-20 years ago. I'm sure the global intelligence agencies can figure out how to spin up a bunch of VMs to test their tools.
Kaspersky is not special or notable in this regard.
If Kaspersky (or any proprietary shop) does not follow a similar scheme, their code audits mean very little. Kaspersky could start following a reproducible build process for the future, but it won't help us verify that their current code and executables are the same.
You people burn money not even for fun, and then these people are also complaining about it?!
That's why they're complaining about it now.
This is early in the game's life. They can pressure EA to fix it, demand refunds, or warn other players to avoid it.
On their end, EA has the ability to fix things very easily. They could make player progress less dependent on grinding and microtransactions.
Why would anyone buy a game they're not going to play?
That's the problem with pre-orders; some of them have already paid, and they've been delivered a steaming pile of crap.
And besides the pre-orders, there are people who love this type of game and the Star Wars universe. This release should be a great source of enjoyment for them. But it's not, because the fun has been ruined by a P2W progression.
I am borderline about this kind of game myself, and the P2W aspect pushed me firmly into the "No" camp. Head-to-head competitive games do not work with P2W mechanics, at least not for me.
Why is this a bad thing? Shouldn't earning a hero character take time and effort?
It's a bad thing if the player doesn't want to wait. Maybe no one wants to play for days just to get access to the characters they really wanted to play.
Or maybe the player doesn't want to wait because the "unlock" process is blatant money-grubbing bullshit.
That's what makes it valuable and worthwhile
For some people, playing the iconic characters is what makes the game worth buying in the first place. If they have to play for at least 40 hours before that's even possible... it won't be fun.
I have bought games with DLCs or microtransactions, as long as they were subtle and essentially optional. I almost always buy DLCs when the base game is good. E.g., I paid for everything for Fallout: New Vegas. If the game isn't great without DLCs/micros, then they don't deserve that money. I won't be buying this game.
Most people like unlockable secrets and Easter eggs. No one likes having essential content locked away behind a paywall or a pointless grind.
Maybe they tried something else first, but sooner or later you have to test with the actual chemicals that the system is designed for.
Slight differences in temperature or pressure can cause/prevent leaks, so it is entirely possible that the engine tested good with another chemical. You can't get identical temperature, pressure, flow rate, and turbulence from two different substances.
A native tool for bridging air gaps, circumventing network ACLs, and connecting wireless to external/unmanaged devices.
I hope they don't forget to include a Group Policy setting to disable it. Bluetooth is bad enough on its own. I'd rather not deal with another chatty, proprietary network protocol.
Good luck if you want to hold anyone accountable for any of this. Maybe you have the time and money to slug it out in the courts. Or years to wait for a verdict.
We have some experience with addressing this. Companies can get slapped pretty hard for violating HIPAA---either for improper disclosure or poor security. However the law was written, it is effective in making them think about security properly. A law by itself doesn't guarantee good conduct across the board, but it certainly helps when there are consequences.
If any congressman wants to extend HIPAA-level security requirements to any system that handles the personal information of American citizens, he gets my vote automatically. We should have done it 20 years ago. Better late than never.
Unless there are new rules and new consequences, nothing will change. Wallets and ballots, people.
I edited Wikipedia a little bit a long time ago. There were a few articles that I knew I could improve easily, so I did.
Once that was done, there wasn't a lot I could contribute without doing a whole of research. I didn't have the time or the drive to do it. Honestly, I expect this is the norm. Most contributors will start with the low-hanging fruit, and they will drop out as it becomes increasingly difficult to contribute further.
If someone is smart, detailed-oriented, and dedicated then Wikipedia could be their ideal hobby or volunteer cause. A small group of those people can do a lot of the day-to-day work. As long as new information and corrections come in from professionals and experts periodically, there is nothing seriously wrong with the organization.
When people won't even read the manual to learn how the product works, call centers are inevitable.
If someone's only skill is driving a vehicle then perhaps that person should consider educating themselves further.
There will always be some people whose greatest skills are still within reach of automation. Education is a stopgap measure because there are limits to how highly we can educate most people---individual potential is not limitless. This will only become more common as time goes on.
What do we do with them? Let them starve?
Plus, we may need a million more nurses or engineers, but we don't need 10,000,000 or 100,000,000. There is probably some upper limit on the number of educated professionals we need. Sure, we're below that threshold now, but if we start shoving people through BA/MS/Ph.D programs en masse we'll get there eventually.
Of course it is. You cannot remotely manage anything without network traffic. While AMT could hide this traffic from its host, it cannot hide the traffic from the network.
It's easy enough to monitor activity on an enterprise router, or to mirror a port so you can analyze its traffic later without affecting the traffic in any way whatsoever.
For a home user, you could route your traffic through a device running Snort or DD-WRT. I believe both support port mirroring. If not, it's pretty easy to find working enterprise equipment cheap on eBay. Even an entry-level Catalyst switch will support mirroring.
It's never going away. Disable it if you're so inclined, as it is not necessary for the other items.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
TPM-protected disks will have a recovery key generated by default. For home users, this key is saved to a text file and is intended to be stored offline. For enterprise users, the recovery key is pushed into either Active Directory or the MBAM database.
You can add and remove key protectors with Bitlocker after enabling it, so you have a choice of: password, Smart Card, recovery keys, or a recovery certificate. You can have multiple protectors on each disk, of same or varying types.
There is a much easier way to protect operating systems from persistent threats.
You are essentially proposing a fancy read-only system partition, which has been thought of before but is virtually never done. There are reasons for that:
1. Your read-only system will still have exploitable vulnerabilities. It can be hard or maybe even impossible for malware to achieve persistence in such an environment, but it also exceedingly difficult to patch. We have malware today that is not persistent and simply relies on reinfection after reboots, so this is a known/proven failure mode. The need to patch will never go away.
2. If executable files are allowed outside of the read-only storage, traditional viruses/worms/trojans can still propagate and persist relatively easily. They may be slightly less capable than they are today, but all of the significant threats will continue to exist.
Really, issue #1 kills it for both the standard home user and the enterprise. Your firmware or OS will have exploitable bugs---even Linux and BSD are not exceptions, and BSD in particular is written with a focus on security. The system will need to be patched, and you have made it exceedingly difficult to do that.
While this may be ideal for your particular use case, there is not a sizable market for this type of design. I cannot see a market for it developing in the near future either.
Whenever you have to hand control of the vehicle back to the human, there is going to be a delay. This is absolutely unavoidable and potentially very dangerous.
The driver, who was presumably inattentive during the fully-automated drive, will have to assess the surroundings and respond. This makes existence of a SAE Level 3 car inherently unsafe---there is little empirical support for idea that we can have a safe sometimes-automated system that fails into manual control.
Human attention change, perception times, and decision-making times are all fairly well understood now. Individuals fall into a reasonably large range, but even the best-performing humans will have trouble asserting control in a timely fashion---especially if the automated system is standing down due to an ambiguous and potentially dangerous condition. Snap judgements and muscle memory are barely enough
While I applaud the progress, I believe that Level 3 autonomous cars should never be sold as such to the public. The manufacturer can test these systems and gather all the data they want, but the driver should be required to maintain situational awareness at all times.
Let's say the Amazon employee/contractor admits to taking the laptop. Now what?
An admission of theft? That would make things easy.
But assuming everyone kept their mouths shut, how would you prove anything?
I wouldn't consider this stupid key in the first place. If I did lose my damn mind for some reason, I would still have a security camera or two watching the entryway.
The whole idea is stupid to begin with. Amazon doesn't need access to your house. They need a safe place to drop a delivery while you're gone. A securely-mounted lockbox with one-time access PINs would work. There is absolutely no reason for the deliveryman to enter your private living space.
Even if I put this new stuff on my resume, it is covered by the fact that I know the Old stuff too, and people think I am just padding my Resume.
Just omit the unnecessary skills.
If you're serious about job hunting, you should be sending a custom resume for each opening.
Personally, I found it easiest to write up a huge "master" resume with all of my history and highlights. I update whenever I change jobs, undertake a meaningful new project, get promoted/transferred, or whatever. I trim it down and tweak it for each opening.
Dropping from 5+ pages to a typical resume of 1-1.5 pages takes a bit of thought, and it forces me to think about how I present myself relative to what the job is looking for.
I agree with you in principle though. I always strip skills before I strip certifications. For whatever reason, tangentially-related certifications seem to be a plus---but not the skills required to earn or use those certifications.
This, what people call tax "avoidance" should really be called tax minimisation, because that's what it is.
I mean, you could call it that to feel better about yourself if you want. But if you're required to pay tax on a transaction and purposefully don't, then it's tax evasion. It doesn't matter if you reduce the risk of getting caught by paying cash.
I prefer to pay cash because it lowers prices
I pay however is easiest for me. If transaction fees will make or break a merchant, he isn't running his business very well.
I'm honestly just waiting 'til the bounty is higher than the fine to see how people start cheating on their taxes and then turn themselves in because it makes them pay less.
I don't think it will work that way.
The IRS does have programs for people to report themselves though. You can ask them to waive fees/penalties/etc when you true up.
the problem is that organizations are sloppy about hiring people for those positions because they aren't high status jobs.
This is exactly the issue. Sometimes you have to pay well for a low-skill job because you don't want to risk having an idiot or a junkie doing it.
Somewhere, someone paid good money for a background investigation so that someone else could be a janitor. Because even the most sensitive labs have floors and bathrooms, and you don't pay an engineer $200K to clean the tiles and unclog the toilets.
Skills, reliable performance, and trustworthiness all play into an individual's value in the labor market, and some companies just don't understand that until there's a problem.
You give the employees access to buttons that say "Reset password" or "Disable account" and not carte blanche admin access to change any parameter they like.
You often run into the problem of rarely used but essential permissions. The typical response is to give them out widely "so we have them when we need them" and then to audit the use of those privileges.
Most people say they're going to do that, and then don't bother with the auditing at all. Or maybe they do review the usage for a while, and then they stop "because nothing ever happens".
Modern identity management applications will provide temporary just-in-time privileges, but most of them are a complete pain to integrate into custom applications. Either you use something they already support, or else you're going to need significant developer and sysadmin time. They're getting a little better, but I still pity anyone who gets stuck with that task.
Are the NOC staff responsible for diagnosing and resolving issues when a server fails?
This typically requires administrator privileges. On the Windows side, most OS utilities require elevation. While it's easier to get granular permissions on Linux, it's also very hard to configure a system that can be managed without any sudo users.
While you may benefit from more permissions, your NOC team requires administrative access to do their jobs. Maybe they could use lower privileges 80-90% of the time, but sooner or later they will need full access.
I've been on a NOC team once before, and I can understand their reluctance to grant privileges---they will be blamed first when anything goes wrong. And if they approved your permissions, they can still take the blame because they "allowed it to happen". Needless to say, I'm not surprised if everyone who can find a better job leaves the NOC.
Slashdot Mirror
I've never been convinced that these forms of making stuff good by massive oversite actually works.
Pretty much every major engineering project has massive oversight. If you're likely to affect the safety of the general public, it comes with the territory.
Do you know why you can crash your car into a solid wall at 60 MPH and probably live to tell about it? Because there are so many rules and tests. Just because you can't fathom the immense effort that goes into a project... don't assume it isn't happening.
Most of these "software engineers" working on mobile apps have no idea what it is like to work on safety-critical systems. Until recently, security was not considered as part of the system's safety. That was a serious omission, but it is being rectified.
I feel some serious sympathy for anyone who is left holding the bag. When it comes to securing a legacy system to a comparable same level as its existing mechanical safety certifications, it is either impossible or will require a Herculean effort.
We've seen the fruits of safety regulations, however, and they will need to expand now that everyone can carry a capable computer in their pocket.
The airline can't fix the issue aside from replacing the aircraft. And there is no reason to assume Airbus or MD or anyone else is any better than Boeing.
This is a fundamental problem across the entire industry. It also affects the car and trucking industries----no security designed into those vehicles either, for the most part.
I'd assume they're only reporting about Boeing because the hackers were given a Boeing to play with.
Privacy engineer at least indicates a focus.
Software engineer, programmer, and coder are used ambiguously or interchangeably so often that the distinction is meaningless.
You can typically disable this functionality.
In fact, it is necessary to disable it in some regulated environments.
Maybe karspersky has become too effective at capturing and stop NSA's malware and spy tools.
Malware developers maintain updated versions of popular security suites, and they make sure their payloads are not detected prior to release. This is fairly well known.
Lone-wolf coders were doing this 10-20 years ago. I'm sure the global intelligence agencies can figure out how to spin up a bunch of VMs to test their tools.
Kaspersky is not special or notable in this regard.
It doesn't matter that Debian is doing it.
If Kaspersky (or any proprietary shop) does not follow a similar scheme, their code audits mean very little. Kaspersky could start following a reproducible build process for the future, but it won't help us verify that their current code and executables are the same.
You people burn money not even for fun, and then these people are also complaining about it?!
That's why they're complaining about it now.
This is early in the game's life. They can pressure EA to fix it, demand refunds, or warn other players to avoid it.
On their end, EA has the ability to fix things very easily. They could make player progress less dependent on grinding and microtransactions.
Why would anyone buy a game they're not going to play?
That's the problem with pre-orders; some of them have already paid, and they've been delivered a steaming pile of crap.
And besides the pre-orders, there are people who love this type of game and the Star Wars universe. This release should be a great source of enjoyment for them. But it's not, because the fun has been ruined by a P2W progression.
I am borderline about this kind of game myself, and the P2W aspect pushed me firmly into the "No" camp. Head-to-head competitive games do not work with P2W mechanics, at least not for me.
Why is this a bad thing? Shouldn't earning a hero character take time and effort?
It's a bad thing if the player doesn't want to wait. Maybe no one wants to play for days just to get access to the characters they really wanted to play.
Or maybe the player doesn't want to wait because the "unlock" process is blatant money-grubbing bullshit.
That's what makes it valuable and worthwhile
For some people, playing the iconic characters is what makes the game worth buying in the first place. If they have to play for at least 40 hours before that's even possible... it won't be fun.
I have bought games with DLCs or microtransactions, as long as they were subtle and essentially optional. I almost always buy DLCs when the base game is good. E.g., I paid for everything for Fallout: New Vegas. If the game isn't great without DLCs/micros, then they don't deserve that money. I won't be buying this game.
Most people like unlockable secrets and Easter eggs. No one likes having essential content locked away behind a paywall or a pointless grind.
Scandinavian countries have hydro and/or geothermal power. They are also suitable for wind and more friendly to nuclear than the US.
Solar isn't the only way to cut emissions. It gets disproportionately high recognition in the US because we have large tracts of land suitable for it.
Maybe they tried something else first, but sooner or later you have to test with the actual chemicals that the system is designed for.
Slight differences in temperature or pressure can cause/prevent leaks, so it is entirely possible that the engine tested good with another chemical. You can't get identical temperature, pressure, flow rate, and turbulence from two different substances.
A native tool for bridging air gaps, circumventing network ACLs, and connecting wireless to external/unmanaged devices.
I hope they don't forget to include a Group Policy setting to disable it. Bluetooth is bad enough on its own. I'd rather not deal with another chatty, proprietary network protocol.
Good luck if you want to hold anyone accountable for any of this. Maybe you have the time and money to slug it out in the courts. Or years to wait for a verdict.
We have some experience with addressing this. Companies can get slapped pretty hard for violating HIPAA---either for improper disclosure or poor security. However the law was written, it is effective in making them think about security properly. A law by itself doesn't guarantee good conduct across the board, but it certainly helps when there are consequences.
If any congressman wants to extend HIPAA-level security requirements to any system that handles the personal information of American citizens, he gets my vote automatically. We should have done it 20 years ago. Better late than never.
Unless there are new rules and new consequences, nothing will change. Wallets and ballots, people.
Emotional decision-making is bad. Evidence gathering, thorough review, and ongoing assessment are good. News at 11.
Why do we have to tell people to stop being mindless cheerleaders or bed-wetters? Maybe we need to push critical thinking harder in school.
I edited Wikipedia a little bit a long time ago. There were a few articles that I knew I could improve easily, so I did.
Once that was done, there wasn't a lot I could contribute without doing a whole of research. I didn't have the time or the drive to do it. Honestly, I expect this is the norm. Most contributors will start with the low-hanging fruit, and they will drop out as it becomes increasingly difficult to contribute further.
If someone is smart, detailed-oriented, and dedicated then Wikipedia could be their ideal hobby or volunteer cause. A small group of those people can do a lot of the day-to-day work. As long as new information and corrections come in from professionals and experts periodically, there is nothing seriously wrong with the organization.
Call centers should be a last resort.
When people won't even read the manual to learn how the product works, call centers are inevitable.
If someone's only skill is driving a vehicle then perhaps that person should consider educating themselves further.
There will always be some people whose greatest skills are still within reach of automation. Education is a stopgap measure because there are limits to how highly we can educate most people---individual potential is not limitless. This will only become more common as time goes on.
What do we do with them? Let them starve?
Plus, we may need a million more nurses or engineers, but we don't need 10,000,000 or 100,000,000. There is probably some upper limit on the number of educated professionals we need. Sure, we're below that threshold now, but if we start shoving people through BA/MS/Ph.D programs en masse we'll get there eventually.
have you ever checked?
Personally, no.
is it even possible to actually check? ahaha.
Of course it is. You cannot remotely manage anything without network traffic. While AMT could hide this traffic from its host, it cannot hide the traffic from the network.
It's easy enough to monitor activity on an enterprise router, or to mirror a port so you can analyze its traffic later without affecting the traffic in any way whatsoever.
For a home user, you could route your traffic through a device running Snort or DD-WRT. I believe both support port mirroring. If not, it's pretty easy to find working enterprise equipment cheap on eBay. Even an entry-level Catalyst switch will support mirroring.
Not a chance in hell so long as Intel AMT exists.
It's never going away. Disable it if you're so inclined, as it is not necessary for the other items.
I don't like TPM because if it breaks everything it protects is gone and I neither need nor want my systems to be secured against physical access in a way that can't stand alone. (e.g. passphrase)
TPM-protected disks will have a recovery key generated by default. For home users, this key is saved to a text file and is intended to be stored offline. For enterprise users, the recovery key is pushed into either Active Directory or the MBAM database.
You can add and remove key protectors with Bitlocker after enabling it, so you have a choice of: password, Smart Card, recovery keys, or a recovery certificate. You can have multiple protectors on each disk, of same or varying types.
There is a much easier way to protect operating systems from persistent threats.
You are essentially proposing a fancy read-only system partition, which has been thought of before but is virtually never done. There are reasons for that:
1. Your read-only system will still have exploitable vulnerabilities. It can be hard or maybe even impossible for malware to achieve persistence in such an environment, but it also exceedingly difficult to patch. We have malware today that is not persistent and simply relies on reinfection after reboots, so this is a known/proven failure mode. The need to patch will never go away.
2. If executable files are allowed outside of the read-only storage, traditional viruses/worms/trojans can still propagate and persist relatively easily. They may be slightly less capable than they are today, but all of the significant threats will continue to exist.
Really, issue #1 kills it for both the standard home user and the enterprise. Your firmware or OS will have exploitable bugs---even Linux and BSD are not exceptions, and BSD in particular is written with a focus on security. The system will need to be patched, and you have made it exceedingly difficult to do that.
While this may be ideal for your particular use case, there is not a sizable market for this type of design. I cannot see a market for it developing in the near future either.
Whenever you have to hand control of the vehicle back to the human, there is going to be a delay. This is absolutely unavoidable and potentially very dangerous.
The driver, who was presumably inattentive during the fully-automated drive, will have to assess the surroundings and respond. This makes existence of a SAE Level 3 car inherently unsafe---there is little empirical support for idea that we can have a safe sometimes-automated system that fails into manual control.
Human attention change, perception times, and decision-making times are all fairly well understood now. Individuals fall into a reasonably large range, but even the best-performing humans will have trouble asserting control in a timely fashion---especially if the automated system is standing down due to an ambiguous and potentially dangerous condition. Snap judgements and muscle memory are barely enough
While I applaud the progress, I believe that Level 3 autonomous cars should never be sold as such to the public. The manufacturer can test these systems and gather all the data they want, but the driver should be required to maintain situational awareness at all times.
Let's say the Amazon employee/contractor admits to taking the laptop. Now what?
An admission of theft? That would make things easy.
But assuming everyone kept their mouths shut, how would you prove anything?
I wouldn't consider this stupid key in the first place. If I did lose my damn mind for some reason, I would still have a security camera or two watching the entryway.
The whole idea is stupid to begin with. Amazon doesn't need access to your house. They need a safe place to drop a delivery while you're gone. A securely-mounted lockbox with one-time access PINs would work. There is absolutely no reason for the deliveryman to enter your private living space.
Even if I put this new stuff on my resume, it is covered by the fact that I know the Old stuff too, and people think I am just padding my Resume.
Just omit the unnecessary skills.
If you're serious about job hunting, you should be sending a custom resume for each opening.
Personally, I found it easiest to write up a huge "master" resume with all of my history and highlights. I update whenever I change jobs, undertake a meaningful new project, get promoted/transferred, or whatever. I trim it down and tweak it for each opening.
Dropping from 5+ pages to a typical resume of 1-1.5 pages takes a bit of thought, and it forces me to think about how I present myself relative to what the job is looking for.
I agree with you in principle though. I always strip skills before I strip certifications. For whatever reason, tangentially-related certifications seem to be a plus---but not the skills required to earn or use those certifications.
This, what people call tax "avoidance" should really be called tax minimisation, because that's what it is.
I mean, you could call it that to feel better about yourself if you want. But if you're required to pay tax on a transaction and purposefully don't, then it's tax evasion. It doesn't matter if you reduce the risk of getting caught by paying cash.
I prefer to pay cash because it lowers prices
I pay however is easiest for me. If transaction fees will make or break a merchant, he isn't running his business very well.
I'm honestly just waiting 'til the bounty is higher than the fine to see how people start cheating on their taxes and then turn themselves in because it makes them pay less.
I don't think it will work that way.
The IRS does have programs for people to report themselves though. You can ask them to waive fees/penalties/etc when you true up.
the problem is that organizations are sloppy about hiring people for those positions because they aren't high status jobs.
This is exactly the issue. Sometimes you have to pay well for a low-skill job because you don't want to risk having an idiot or a junkie doing it.
Somewhere, someone paid good money for a background investigation so that someone else could be a janitor. Because even the most sensitive labs have floors and bathrooms, and you don't pay an engineer $200K to clean the tiles and unclog the toilets.
Skills, reliable performance, and trustworthiness all play into an individual's value in the labor market, and some companies just don't understand that until there's a problem.
You give the employees access to buttons that say "Reset password" or "Disable account" and not carte blanche admin access to change any parameter they like.
You often run into the problem of rarely used but essential permissions. The typical response is to give them out widely "so we have them when we need them" and then to audit the use of those privileges.
Most people say they're going to do that, and then don't bother with the auditing at all. Or maybe they do review the usage for a while, and then they stop "because nothing ever happens".
Modern identity management applications will provide temporary just-in-time privileges, but most of them are a complete pain to integrate into custom applications. Either you use something they already support, or else you're going to need significant developer and sysadmin time. They're getting a little better, but I still pity anyone who gets stuck with that task.
Are the NOC staff responsible for diagnosing and resolving issues when a server fails?
This typically requires administrator privileges. On the Windows side, most OS utilities require elevation. While it's easier to get granular permissions on Linux, it's also very hard to configure a system that can be managed without any sudo users.
While you may benefit from more permissions, your NOC team requires administrative access to do their jobs. Maybe they could use lower privileges 80-90% of the time, but sooner or later they will need full access.
I've been on a NOC team once before, and I can understand their reluctance to grant privileges---they will be blamed first when anything goes wrong. And if they approved your permissions, they can still take the blame because they "allowed it to happen". Needless to say, I'm not surprised if everyone who can find a better job leaves the NOC.