Tags:
corporateIT
IT
computing
farhadmanjoo
slate
johncwelch

Advertise here: Contact FM.

Loosening up locked-down corporate IT
September 1, 2009 9:40 AM Subscribe

Over on Slate, Farhad Manjoo writes that corporate IT ought to allow users more freedom in web browser selection and installation rights on their work computers. John C. Welch responds.
posted by porn in the woods (172 comments total) 9 users marked this as a favorite

Uh, are IT workers the postal workers of 2009, or what? Because that dude sounds like he's about to start mail ordering firearms like any second now.
posted by kittens for breakfast at 9:47 AM on September 1 [3 favorites has favorites]

In the battle of Fool Versus Prick, we all lose.
posted by COBRA! at 9:47 AM on September 1 [32 favorites has favorites]

Ugh. Man who is not an idiot says users should have more freedom. Man in charge of fixing idiot's mistakes think less freedom is better.

Real problem: most users are idiots.
posted by GuyZero at 9:48 AM on September 1 [13 favorites has favorites]

Gotta love a blogger who refers to another as a "New Media douchebag." There's a certain... reflective distance, let's say, that one needs to develop in life.
posted by el_lupino at 9:49 AM on September 1 [6 favorites has favorites]

Well, all I know is that I wouldn't be where I am today if it weren't for me having just about 100% unfettered access to do things to my work computers, and while I don't really know if that's a great policy to have across the board, it really really helped me out and I didn't cause any bridges to fall over because of it. Of course, this was all Linux stuff, so a lot of what Welch write about in his rebuttal probably wouldn'tve happened with me anyway.

That said, Welch comes across as an enormous asshole in just about *exactly* the way most non-IT people expect IT/sysadmins to react.
posted by the dief at 9:50 AM on September 1 [12 favorites has favorites]

yeah - we had someone fry her computer doing that exact thing Welch talks about - "but it looked real!" plus she hadn't done the recommended backup of her local stuff for awhile (there's an icon right on the desktop for that) - so she lost a bunch of stuff.

at least she realized it was her fault and wasn't made at IT.
posted by sio42 at 9:50 AM on September 1

"mad" not "made".
posted by sio42 at 9:51 AM on September 1

I don't know about installation rights for non-technical users, but a greater *diversity* of software is absolutely necessary. Biological monoculture gave us the Irish Potato Famine. I don't want to see the Earth Computer Famine that results when 99% of computers, all running exactly the same "managed" build of Windows 3000 crash at the same instant.
posted by DU at 9:52 AM on September 1 [2 favorites has favorites]

I dislike both their essays for various reasons.
posted by boo_radley at 9:53 AM on September 1 [3 favorites has favorites]

Can we lock them both in an airtight box together and drop them in the ocean?

Seriously, there's a problem here that neither side is really getting. New media douchebags (of which I'm a proud member) need to understand enterprise requirements a lot better than they are, and IT has to find a way to evolve to cope with how people are using computers in the 21st century.

Being asshats about it and drawing fictional lines in the sand aren't going to help anyone get anything done.
posted by bwerdmuller at 9:55 AM on September 1 [3 favorites has favorites]

Grumpy sysadmin is grumpy.
posted by sciurus at 9:56 AM on September 1 [1 favorite has favorites]

For an eeeeeeebul IT person…

Don't do this.
posted by Civil_Disobedient at 9:57 AM on September 1

Yes, yes, I like Public Enemy too, but as it turns out, they aren’t a reliable network administration methodology.

Heh.
posted by It's Raining Florence Henderson at 9:58 AM on September 1 [1 favorite has favorites]

Oh bitch, bitch, bitch.

STFU and GBTW.

Kids today.
posted by jquinby at 10:04 AM on September 1 [1 favorite has favorites]

????acular cavalcade? Really! Wow. That's.. that's anger, right there.
posted by cavalier at 10:06 AM on September 1

Infantilize workers? No, we're putting on the diapers you demanded. You wanted to browse anywhere and do whatever; that's why we have this anti-virus software. You want to say "oops" and reach back in time three months; that's why we have an enormous SAN. You beg for database access because "I've been here twenty years and I don't feel like a person" without it, but you can't even get past the fourth step on the sheet we handed you. We build software to support initiatives you swear are critical, but four months later looking at the logs, you've never signed in. We put you in the Power Users group because you swore to your boss you needed it, then you saw a pop-up and clicked on it.

The users want rights, without responsibility, and they are hungry for everything that comes across their eyes. Email after email, meeting after meeting, it all sounds like:

I want that. I want all the new software. I want everything that will distract me from my job and everything that I was told not to install. I want that betaware. I want that shiny toolbar. I want that pornography. I want that webcam app. I want to run that Facebook thing with my mom. I want that Weatherbug with an astronomy screensaver. I want to punch the monkey on sketchy gore sites. I want those camgirls. I want to run Windows 95 in its own screen. I want that map package that lets me zoom around Chicago. I want emails about the after hours martinis on my Blackberry. I want something that lets me turn my cursor into a sparkly hand. I want the power to surf anything. I want administrative access.

And the little blinking icon says, "Click me, baby, click me.”

There's only so many toys we can cram into that padded playpen the users have demanded before they can hurt themselves with those, too.
posted by adipocere at 10:08 AM on September 1 [30 favorites has favorites]

John C. Welch sounds capricious and snotty, which, ironically, are the very attitudes that give tech support a bad name.
posted by Blazecock Pileon at 10:08 AM on September 1 [5 favorites has favorites]

????acular cavalcade? Really! Wow. That's.. that's anger, right there.

Yeah. That's as far as I got.
posted by dortmunder at 10:11 AM on September 1

I do appreciate the issues that IT managers have to deal with and have seen how hapless users have screwed up internal networks by letting worms and viruses loose but I've also been frustrated by the roadblocks that corporate IT puts in the way of getting your job done. In my last job at [giant government contractor], it took four to six weeks to get approval to be allowed to install any free software. Even something as simple as a python library. We ended up having a write a lot of tools ourselves because it was easier and faster than going through the process of getting approval for stuff that someone else had written.
posted by octothorpe at 10:11 AM on September 1 [3 favorites has favorites]

Let's just make a compromise: the users can have unfettered desktops if the IT folks never are expected to come on nights and weekends to fix what they break. Sound fair?
posted by Pufferish at 10:12 AM on September 1 [8 favorites has favorites]

There's only so many toys we can cram into that padded playpen the users have demanded before they can hurt themselves with those, too.

Make users fix their own damn mistakes. It reduced productivity? Dock pay. I've never done anything with a work PC that I wasn't prepared to deal with myself. I don't get why sysadmins continue to internalize users' fuck-ups. If I smashed the window in my fancy window office and it made my office unusable, management wouldn't let that slide. Why do they do the same thing when users mess up their computers?
posted by GuyZero at 10:13 AM on September 1 [7 favorites has favorites]

" IT has to find a way to evolve to cope with how people are using computers in the 21st century."

No. IT MANAGERS need to find that way, and that way is FAT CASH MONEY. Because fat cash money is what it costs to rewrite the Firefox installer for you every time there's a patch. Fat cash money is what it costs to rewrite the AIR installer for you. Fat cash money is what it costs to plug up the flawed Windows design that makes it so difficult to give end users incremental privileges. Fat cash money is what it costs to cover the increased storage requirements, increased support volume, and higher demand for user education. Fat cash money is what it costs to hire more grumpy sysadmins to do grumpy sysadmin things to clean up after clueless users who demand more privilege than their knowledge, caution, and competence should permit.

The simple things that most end users want to do are not unreasonable, for the most part. What is unreasonable is the time and dollar cost to make it happen in the fantasy-like manner that is usually demanded of your IT crew.

There's a reason IT people are cranky, and that reason is that they are already required to do a lot of work with very little time or money. The industry routinely requires unpaid overtime as it is. Asking for an increased workload and increased system capacity FOR FREE is just going to make an already tired and cranky person more tired and cranky.
posted by majick at 10:14 AM on September 1 [8 favorites has favorites]

Gotta say, as an IT person, Farhad Manjoo sure as hell didn't consider any repercussions for the IT team at all. It's all about the workers magically becoming more productive. The added overhead for IT to now support all kinds of programs that were never tested for inter-operation with the current IT environment? No mention. The added problems caused by users downloading and installing crap software that ruins their workstation? Not even a peep. The amount of training required for IT staff to now support a dozen different browsers instead of just the one? Why bother even thinking about it. Nobody cares about what IT does, as long as it gets done, on our terms!

Like TSA guards at the airport, workplace IT wardens are rarely amenable to rational argument.

Fuck you you goddamn stupid shithead. The fact that you can't wrap your tiny brain around the reasons why IT operates like it does doesn't mean that all IT workers are stupid and you are the lone voice of reason.
posted by splice at 10:15 AM on September 1 [6 favorites has favorites]

Calm down and just install Firefox Portable.
posted by HumanComplex at 10:17 AM on September 1 [3 favorites has favorites]

Just reading as much of Welch as I could stand (not much) has anyone else had trouble with Firefox choking on old code? What old code does Firefox not support that I'm missing.

Similarly, there's a wonderful flowchart comparing server calls made by Apache and IIS. Guess which one I'd want to secure.
posted by Kid Charlemagne at 10:18 AM on September 1

Any sysadmin who's afraid of Firefox in this day and age isn't worth their salary. It's faster, more stable, more convenient, works better with .pac files, lots more features, updates its own damn self, what's not to love? It's secure, as most DLP, HIDS and anti-viral software works with it just fine - because it's not new and scary. It's more than five years old, and has a very healthy market penetration and a much better track record than IE.

Fast flash, buddy, most users are not idiots - yes, there are a few, but they are a small minority, and they're going to eat up your day with something regardless of what you have deployed, be it firefox plug-ins, or just sticking a grilled cheese sandwich in the CD-ROM slot. Making the average user who knows how to follow an install wizard miserable because you have to deal with Mary in Accounting who doesn't is sub-moronic, and, to be frank, lazy and indicative of abysmal customer service.

I mean, really - the whole "old server that hasn't been updated" argument in particular is incredibly dumb. He has a critical system that isn't being maintained, and gloats he's spending zero dollars on it? Great going genius, let's hope its hard drive is immortal, and its software immune to a few years worth of unpatched security holes. And he's too dumb to realize that PCs with firefox will also have IE for a fallback for his broken old site? Come on. Fire the bozo, or at least stick him in the back room ghosting drives where he can't hurt anything, and let someone who understands modern IT standards and practices take over.
posted by Slap*Happy at 10:18 AM on September 1 [19 favorites has favorites]

IT spends $$$ building large system infrastructure on top of Microsoft tools. IT now locked into IE6, a decaying, unsafe technology. Rather than admit they were idiots for using proprietary rather than open standards that would work on any browser, they get defensive and piss on everything.
posted by CheeseDigestsAll at 10:19 AM on September 1 [13 favorites has favorites]

" I don't get why sysadmins continue to internalize users' fuck-ups"

Let me be explicit, here: Because a sysadmin who doesn't internalize her users' fuckups is going to get canned when the users decide that "whine to sysadmin's boss' boss' boss" is equivalent to "take responsibility for your actions." That story has played out so many times it's not even worth asking the question any more.

The cost of end user fuckups is hidden because executives demand it be hidden. Period. End of statement.
posted by majick at 10:19 AM on September 1 [12 favorites has favorites]

Interesting. Underneath all the vitriol, there essential problem seems to be that companies ask IT to run things so that nothing users do could possibly get them sued, and that's preventing users from doing things that would help their productivity and frustrating the shit out of them. It seems like there needs to be a better way to measure the risks, here.
posted by Diablevert at 10:20 AM on September 1 [2 favorites has favorites]

This thread is like a facebook quiz for Mac versus PC.
posted by srboisvert at 10:24 AM on September 1 [5 favorites has favorites]

I wrote about this subject once.

Don’t Like: The Mutual Contempt and Destructive Relationship Between IT Workers and Office Executives.

There is a palpable dynamic in the modern workplace. It’s one I do not enjoy. IT Workers and Office Executives… they freakin’ hate each other. Sadly, I happen to think it is a marginally serious problem.

The dystopic relationship goes something like this: Office Worker (who gets paid a lot more) calls in IT Worker (paid a lot less) to fix problem which may or may not be easily fixable. IT Worker already has wayyyy too much on their plate and is forced into having to deal with situation based on 1) scale of emergency and 2) importance of the requester. So IT Worker comes up to fix (usually too late if it’s an emergency cause they had to deal with some other BS). They attempt to fix and they’re probably the wrong person to be helping anyway. If the problem is seriously complicated the Office Worker gets upset and doesn’t know why the IT Worker can’t just click some button and fix it. Then Hatred grows.

There’s a couple of factors involved in all this. Most Office Workers don’t understand dick about computers or programming and just how freaking hard it is. They often treat IT Workers as inferiors and interpret the tinkering nature with which computers are dealt with as a sign of their lack of intelligence. And that, my friends, is BS. IT Workers are declared lazy and stupid because one often doesn’t understand what they are doing.

Now, that being said, IT Workers (I’m trying to be both fair and accurate here) aren’t exactly the greatest programmers or technicians in the world. This isn’t meant to be a vicious shot, it’s just a reality, since most of the brightest of their people go into different fields and stay away from the IT World. With that, they deal with impatient assholes all day who want them to finish their project. This leads to bitterness and disaffectedness. Which means that many IT Workers who have been there for a while are beaten down, tired and sloppy. And thus the workers make assumptions. Worse, they regard the office workers as inferior idiots who don’t know anything.

So… two groups who have to work together… and they think the opposite groups are idiots. It’s a really, really shitty dynamic folks and all the disruption that results from it could be fixed if people just regarded one another with a little more respect. That’s all.
posted by Lacking Subtlety at 10:24 AM on September 1 [3 favorites has favorites]

Hey, I'm constantly amazed at what a giant fucking mess end users with ONLY user rights can make. Malware is getting better and better at NOT requiring admin access to ass-fuck a computer.

While Welch does come off as bitchy, it does get tiresome to hear how we're all just getting in the way of productivity when our main job is maintaining a stable corporate environment, making room for productive workers to BE PRODUCTIVE.

As a for instance, Google Chrome seems to install with user rights only. NEATO. Google Chrome also makes a MAJO tool of our workplace useless. It also doesn't seem to neatly UNBREAK this web-based tool when uninstalled.

I also applaud Welch's notion that it should NOT be an IT responsibility to help lazy managers NOT manage their staff. I see this all too often. I've said it a few times around here: "There is no IT solution for stupidity". Of course...this doesn't stop management from asking.
posted by Richat at 10:24 AM on September 1 [2 favorites has favorites]

Wow, that IT guy is a douche. I mean, a really surprising douche. Just so fucking douchey. Even his little cartoony picture makes him look like a douche.

There may well be good reasons why IT doesn't want to support FireFox (although I just downloaded it to my Documents folder and it works great), but that guy hasn't done a thing to convince me.
posted by OmieWise at 10:26 AM on September 1 [7 favorites has favorites]

I've been in IT for 10 years, and I deal with this issue frequently. My solution was this:

- If you're on a Mac, you'll get total unfettered access. You really have to try hard to screw things up as a general user. They get administrator access to install what they chose, as long as I'm informed. Our marketing, entertainment, web, and graphic design departments are all Mac, totaling about 70 users. The worst things I have to deal with for them is hardware failure, or directory problems on the hard drive.

- If you're on a PC, you'll be treated as if you're juggling boxes of nitroglycerin. Blocked sites, no administrator-level access, only approved programs installed, and usage tracked. The amount of damage a regular user could do to our network just by aimlessly wandering the net is unbelievable. With about 200 windows users to deal with, I'd like to do more with my job than just clean up the messes ignorant, but good intentioned, users get into with viruses and spyware.

If our company could go completely Mac, my life would be so much easier. Last year I looked at some of my old work logs, and for every Mac support request, we had 28 PC support requests.

What I've found is, Windows is inherently dangerous and unstable to a company, unless you have a huge investment in IT staff and resources to "make it work right."

As long as you have the environment properly contained, Windows is an excellent platform to get work done. It's the price (in money and manpower) of containment that I am more concerned about. Macs may cost more upfront, but the price quickly evens out in the long run.

(I don't really see myself as a Mac fanboy, but I used to be much more of a PC proponent until I had to wrangle hundreds of machines singlehandedly)
posted by chambers at 10:27 AM on September 1 [12 favorites has favorites]

Just realized I didn't mention above that many programmers are also overqualified for IT jobs but have to take them because of the reality of the job market. That statement makes it seem like they are all inept. Not my intention at all.
posted by Lacking Subtlety at 10:28 AM on September 1

Any sysadmin who's afraid of Firefox in this day and age isn't worth their salary. It's faster, more stable, more convenient, works better with .pac files, lots more features, updates its own damn self, what's not to love?

i just wiped it from my vista 64 computer for being a crashy, ill-behaved piece of crap that wouldn't shut down in task manager or allow the computer to shut down

it never did that in xp

so far, opera seems to work fine
posted by pyramid termite at 10:28 AM on September 1 [2 favorites has favorites]

But at work they're stymied by the IT department, that class of interoffice Brahmins that decides, ridiculously and capriciously, how people should work.

No, you see, we keep very good records and I can give you a line-item cost of what adding a new piece of software will incur across departments and levels. Furthermore I have a very real budget and I often have to make decisions between adding a much needed $14,000 router to handle additional capacity for mission critical systems or allocate that money for tech support so you can bring in your home laptop for us to "quickly look at."

Of course I implemented a very simple program that works remarkably well. Vmware View's virtualization allows users to reset to a known good base image. Install whatever you want but if you start having trouble and it is not on our very well tested and planned list of support line of business software, you're going to have to rollback (though we are not dicks and are willing to help you out when we can for non-work critical things, emphasis on when and calling us on all our various devices is not a good tactic). And if I may, my base image does include Firefox, Chrome and a few nice toys like VLC (which plays any media you throw at it) and cygwin. I practice what I preach and run off the same base image. Throw in a few licensed programs like Visual Studio after the reset and I'm off and running very quickly.
posted by geoff. at 10:29 AM on September 1 [4 favorites has favorites]

I was the "Eebul IT guy" for a division of a very large (50, 000+ users) technology company and we gave Admin rights to all our users. We did filter internet thru a proxy but most of my users had full internet access thru a "development" T1. The developer users rarely if ever had any problems even with unfiltered access but the “non tech” users regularly had problems on a monthly basis, even with filtered internet access. I believe you base your policies on the users you support. Almost all my users did use Firefox but they also knew that we had old internal sites that would only work with IE, so we standardized on that browser to make sure everyone could use those sites. In the end because 90% of my user base was tech types it made sense to have a policy of full admin access for everyone. In many companies with non computer savvy users I would lock everything I could down.
posted by white_devil at 10:32 AM on September 1 [3 favorites has favorites]

First thing I do when interviewing for a job (well, after all the initial stuff) is ask to talk to whoever is in charge of IT. A five minute conversation can tell me if I'm going to be fighting that guy the whole time, or if he's going to be trying to make my job easier. And, I'm sure, he gets a gauge on how much support he's actually going to have to supply me. Ideally, we both decide that we're not going to have to spend a lot of work time around each other.

Short version: All users, and IT guys, are not created equal.
posted by ChurchHatesTucker at 10:33 AM on September 1

Make users fix their own damn mistakes

HAHAHAHAHAHAHAHAHAHAHAHHAHAHAAHAHHAHAHAHAHAHAHAHAHAHAHAHAHA!!!

No, wait... *gasp*

HAHAHAHAHAHAHAHAHAHAHAHHAHAHAAHAHHAHAHAHAHAHAHAHAHAHAHAHAHA HAHAHAHAHAHAHAHAAHAHAHAHAHAHA!!!

You're kidding, right? What, I get to tell my boss that I don't need to do my job because it's the user's fault? It's ALWAYS the user's fault, and it's ALWAYS _MY_ job to fix it, that's why they pay me. That's part of what IT is for. Kind of like an auto mechanic, it doesn't matter if I fucked up the car, I'm paying the mechanic to fix it. He doesn't get to refuse to do the work because I'm the one who fucked up. That's what working in a service industry is. You clean up other people's messes.
posted by splice at 10:33 AM on September 1 [6 favorites has favorites]

I find myself in an odd position here after reading these two articles. By virtue of the fact that I am reasonably familliar with technology, I am one of the people automatically involved in IT questions when they arise around my organization (though I am a long ways away from being an IT person; I just understand reasonably well what the limits of what we can ask of our network are and aren't). So I completely get the arguments that Welch is making (though I wish he hadn't come across as an angry, spiteful person in making them). However, I am also a big fan of allowing more choice in programs and the other things that Manjoo advocates for.

I don't know what that means, except that there must be a way to bridge this gap without the vitriol.
posted by never used baby shoes at 10:36 AM on September 1 [1 favorite has favorites]

I acknowledge that 99% of all non IT people are idiots. However, when you hire someone into a non IT position, and she spends 50% of her time having to invent new ways to do things because IT will not give her the tools to do it the right way, and her CV clearly states, and experience has clearly shown, that she knows how to use the tools - GIVE HER THE TOOLS ALREADY.
posted by strixus at 10:39 AM on September 1 [3 favorites has favorites]

You clean up other people's messes.

Screw that and screw people who accept that.

If a user walked into the machine room and unplugged a router or the Exchange server they would get screamed at or fired. If they mess up their own PC then it's suddenly IT's problem? Users should know how to manage their own systems or live in mortal fear of them and do nothing outside of logging into their apps and doing their work.

Kind of like an auto mechanic, it doesn't matter if I fucked up the car, I'm paying the mechanic to fix it.

Unless the company owns the car in which case the driver better not mess it up or they get fired. If a FedEx guys drives his truck into a fire hydrant I'm pretty sure he isn't going to be given the chance to make that mistake twice.

Now, I know how computers work so really this is just an extension of the fact that I don't have much patience for people who get easily confused by them. If you find computers confusing and don't know how to fix them, get a job that doesn't involve them.
posted by GuyZero at 10:40 AM on September 1 [2 favorites has favorites]

There's an asymmetry here. Manjoo, who's taking the side of the people using the IT systems to do the work that the organization(s) was set up to do, is very possibly guilty of not considering all the costs involved in what he's proposing. John C Welch, on the other hand, is taking the side of the IT people with apparently no recognition at all that these roles only exist in the first place to support and facilitate the work that the organization was set up to do. If some State Department employee wants to use Firefox and the room erupts in applause when he mentions it, that's a problem, right there, and while as an IT person you may or may not have the resources to respond, you should not respond by mocking the problem, or by suggesting that all the people who resent how IT stops them getting their jobs done are full of "bullshit". If you're working for an underresourced IT department, that's your choice: get another job, petition your bosses, or decide that the pros of your job outweigh the cons of leaving it, and be quiet. Don't blame the people whose work is being stymied by bad IT.

In summary: John C Welch probably thinks Lotus Notes is a really great email program.
posted by game warden to the events rhino at 10:42 AM on September 1 [10 favorites has favorites]

HumanComplex: Calm down and just install Firefox Portable.

Your organization's Internet use policy restricts access to this web page at this time.
posted by shakespeherian at 10:44 AM on September 1 [1 favorite has favorites]

game warden to the events rhino: "In summary: John C Welch probably thinks Lotus Notes is a really great email program."

Whoa, whoa, that's a bit too far.
posted by boo_radley at 10:46 AM on September 1 [2 favorites has favorites]

The very small company I worked for had ZERO actual IT people working at it. But it did have a set of networked computers with a common printer/copier unit, a server in the back room... Everything was running XP, because that was the most recent OS that the management was comfortable using.

We were hit by viruses and trojans OVER and OVER and OVER. Where was it coming from? From the idiot bookkeeper who kept insisting on downloading fancy cursors that sparked and danced on her desktop. They were all trojans, every one. And repeatedly, she was told she was not supposed to go to website X or Y and was not supposed to download this thing or that thing, but she kept doing it. It cost the company more in outside consultant fees cleaning up the mess than it cost them in that person's salary for the year.

I'd be all for technology locks which were put in place one you screw up. A "one strike and you're locked down" approach. Anyone who can surf and work and not end up infecting their own computer or installing backdoor trojans? They keep the privilege. Have your computer lock down or show a virus even once and have to call in outside help to fix it? You have lost your rights.
posted by hippybear at 10:47 AM on September 1 [5 favorites has favorites]

Users should know how to manage their own systems or live in mortal fear of them and do nothing outside of logging into their apps and doing their work.

"People should be different then they are." I think we can all agree about that, but it's not really a solution.
posted by smackfu at 10:47 AM on September 1

" there must be a way to bridge this gap without the vitriol."

Cash. No, really.

Just pay for the cost of what you want to happen, while simultaneously recognizing that the risk-adjusted cost of what you want is often orders of magnitude above your gut estimate.

Give me the budget for a system that allows everyone to pretend they're root, and I'll build it for you. Just know that the cost of it isn't 5 minutes of my time to go "right click, Permissions, full control" on the universe. The cost of it is the potentially tens of thousands of dollars per user that I'm going to shell out for the tools and infrastructure to make the now potentially catastrophic end user fuckups into minor inconveniences instead of enterprise-destroying cataclysms.

Pay for the thing you ask for, and unless your IT crew is totally worthless -- and such things do exist I assure you -- you'll usually get it. The problem is users' perception of costs is not only inaccurate, it's made out of pure fantasy.

When the CEO known for mysteriously rendering almost any computer within reach inoperable every month or so is convinced that having administrative privileges over every object in a domain is what will fix her misaddressed email bouncing and absolutely will not consider an alternative view of the universe despite the explanation coming from people she pays to be her experts on the matter (a real-world situation I found myself in) you're not dealing with people who exist on the logical, rational plane. Unfortunately, IT people will find themselves in situations like the one I described all the time and will go to great lengths to avoid them.
posted by majick at 10:48 AM on September 1 [4 favorites has favorites]

Then again, I can recognize when something isn't working in Firefox and when I should try IE, so I don't end up bothering IT with questions of this nature.

My analogy is weakened by its anachronism: anyone who can't figure this stuff out shouldn't go to a gas station that still sells leaded and unleaded gas because their head might explode.
posted by GuyZero at 10:48 AM on September 1

Welch may be talking like the typical IT flaming asshole, but I believe that he's dead right. For any large company, the kinds of liability issues that unfettered access can cause are way too expensive. Ultimately, Manjoo has zero clue what he's talking about. He's looking at things purely from his own point of view, and not even trying to imagine, much less actually investigate, the IT side of things.

Welch is right; where are his concerns about bandwidth and security? How about good old fashioned time and money? Manjoo has no clue that user tools have to be tested and supported, lest all sorts of bad things happen. The fact that he has no idea what sorts of bad things can happen is a testament to the quality of IT departments he has worked with.

And I just love this sentence: "Other firms want to do something even more sinister: keep workers from having fun." There's so many things wrong with that sentence, I don't know where to start...so I won't.
posted by Edgewise at 10:48 AM on September 1 [4 favorites has favorites]

- If you're on a Mac, you'll get total unfettered access. You really have to try hard to screw things up as a general user. They get administrator access to install what they chose, as long as I'm informed. Our marketing, entertainment, web, and graphic design departments are all Mac, totaling about 70 users. The worst things I have to deal with for them is hardware failure, or directory problems on the hard drive.

That's because you have to. HFS+ routinely forgets directory and file permissions, so users need to run Disk Utility on a whim to get the OS working again. AFS works well enough, but Apple's file server, again, routinely forgets its permissions leaving you to "propagate permissions" on your file server to fix random "user joe can't access this file he made yesterday even though the permissions say he can" bugs. ACLs are a kludge on top of a decades old file system HFS+ that doesn't really work that well to begin with, and the server tools are slow, and oftentimes useless to address your needs if anything bad happens.

MS enterprise tools are a breeze to administer in comparison to the crap apple provides, and they scale well. Apple wants to make toaster ovens and tv sets - they aren't interested in making administrators lives easier - and it shows.

It's a shame, because I want to like apple hardware. But if you have real work to get done, you use windows or *nix. If you want to show off to the creatives at the coffee bar, you get a mac. (and could they please FTFF already!)
posted by Pogo_Fuzzybutt at 10:53 AM on September 1

I love Firefox.

But half of the users will use it and half will not. Some of the ones who will use it might complain about their banking software not working with it. Or, hey, that accounting software mandated from up above turns out to only work with Internet Explorer 7. "We haven't tested with IE 8 yet," the vendor says. Whoops. Good luck with Firefox! Filthy light thief is a user who does pre-emptive thinking, "Then again, I can recognize when something isn't working in Firefox and when I should try IE, so I don't end up bothering IT with questions of this nature."

Most users do not.

And if you're working in a place with integrated authentication, sometimes Firefox does not play nice with it. Great, so you just type in your username and password again, right? Easy. Sure is easy for me ... the users, not so much. "Why can't it just work?" And while we can push updates to Internet Explorer out, there's trouble with doing it on Firefox.

I prefer Firefox, but it can't be mandated across the board, and with choice comes diversity. After Firefox comes Safari, and Opera. Diversity can be neat, but not only does each increment of diversity (not proportional to the number of users who have it) increase the support time for it, it also increases the user confusion. And then the whining starts. "Why is this so harrrrrd?"

We've started some institutional pushback, with monitoring software to show that the umpteen licenses you demanded for Adobe Creative Suite CS4 have gone primarily unused and that, despite the fact that we have an excellent backup system, you have seven exact copies of a 150mb TIFF stored in one directory, that I just happened to notice scroll by as I ran a robocopy — I am terrified of what I would find if I actually looked. Not, mind you, that management would do anything about it in the end. As long as IT is stuck in cleanup, the users are free to do whatever. If the users demand an admin account from the higher ups, then log into email using that account, from an internet cafe, who cleans up?

You know why people don't pee on the toilet paper at home? Because they are the janitors. Give me Manjoo for three months. Three months of pushing a mop along after the users and I will break him, tediously re-imaging machines and then re-installing that custom software that one guy just had to have, of reminding the same person five times not to do that. After those three months, he'll leap like a terrier denied a treat as I dangle a book on managing Group Policy above his head.
posted by adipocere at 10:55 AM on September 1 [5 favorites has favorites]

IE6 4-EVAH! FINANCE DEPARTMENT REPRESENT!
posted by Artw at 10:55 AM on September 1 [4 favorites has favorites]

This could borrow some logic from healthcare discussions. If allowing installing software raises a risk of something expensive and bad happening, your 'it insurance' costs are higher. Every employee has rights to basic it-care. If you want this more expensive it-care that covers your dangerous lifestyle, then your paycheck will be reduced to cover the difference. Everybody happy?
posted by Free word order! at 10:57 AM on September 1 [3 favorites has favorites]

If some State Department employee wants to use Firefox and the room erupts in applause when he mentions it, that's a problem, right there, and while as an IT person you may or may not have the resources to respond, you should not respond by mocking the problem, or by suggesting that all the people who resent how IT stops them getting their jobs done are full of "bullshit".

I'm going to go ahead and say that yes, it is bullshit, and it deserves some mockery. Seriously, is this what you would ask your CEO about? Homeboy asked Hillary? Right there, that's mockable.

I'm sure that security is, like, a REALLY BIG ISSUE for the state department. Guess what? Browsers are the main vector through which security gets compromised. Trying to achieve airtight security on multiple browsers is not cheap or easy, not to mention making sure all the internal webapps work on both browsers. In my company, they don't.

And for what? This is a "problem"? I use firefox, and occasionally use IE, and while I definitely prefer the former, I wouldn't break out into applause over it. Even these clap-happy bureaucrats are unlikely to riot over this, or even look for jobs elsewhere. Both browsers get you where you need to go. Somehow, I think they'll make do.

So while their own IT guy certainly shouldn't mock them (because that's not professional), I'll join Welch in shaking my head over these nimrods.
posted by Edgewise at 10:59 AM on September 1

Welch is known for his vitriol, and at least sometimes he manages to raise a stink enough to get peoples attention (ie: adobe actually talking to mac sysadmins on how to make a better installer).

The problem with the virtriol is it alienates a lot of people, but considering the other extreme (the gentle, passive aggressive approach seen in some IT shops) it is at least good to have both ends of the spectrum out there.

That being said, from a management standpoint, the biggest problem for most IT people is they are considered a black hole for money, because they rarely have any ability to quantify the value or systems they bring to the table for the entire company. Internal IT can get hit with this harder than external or contracted IT support, because when I come in as a contractor you get a list of how much it cost for me to implement project X, and if it saves you Y dollars in a year, it is easy to find out if it was worth the expense.

Internal IT rarely has this break down of cost per project per hour of implementation, so instead they just try to reduce costs across the board, without even knowing what the impact is for the rest of the company. As long as they don't cost too much, they keep their jobs. And since they can't easily figure out how to say "well, our added maintenance cost of letting users do A and B will still reflect an increase in C productivity and D total money in our pocket" they get stuck in this cycle of just minimizing all investment in any systems, and doing the bare minimum.

And add that in most cases they have no way of tracking which user is a trouble user, they have no recourse with management to get some users to stop abusing systems, since they can't show the financial impact. During my last job as doing in house it, they finally let go of 6 people in a team of 50 that led to a 60% reduction in call volume, not just because of the errors and mistakes those users were making, but the cascading effect their mistakes would have on other peoples workflows (ie, document review processes that were messed up at stage 1 but not caught until stage 5). And these were not new employees, they were long term ones who just couldn't learn new tricks.

If the department was being billed at a per incident per user rate, making that decision to either dedicate resources to training those staff, or just cutting them loose, would have happened much sooner, instead of the department having to reduce costs across the board.

So my theory is: set proper expectations among management and the users of what IT can and cannot do, be able to account for the costs of fixing users problems (how much does it cost the company for this server to be offline for 6 hours, not just how much to fix it, but what is the lost opportunity cost, how much will it cost to have people work the weekend and pay them overtime to get caught up, etc.), and from there, decide what level of freedom the users can have.

Depending on each company, and what are acceptable costs, that should dictate the level of freedom. There isn't a blanket argument for either direction in most situations, and depending on how much money you want to spend up front, you can give users a sense of freedom of what they can do on their workstations, but have a safety net to easily restore their machine if they went too far. Being able to make that determination really boils down to figuring out what the actual overhead cost per user is for their equipment, just as companies know how much it costs to provide health insurance, HR overhead, and other systems. If you can start tracking that, then you can build a real management plan.
posted by mrzarquon at 10:59 AM on September 1 [8 favorites has favorites]

OK, I started to write about this, then decided not to, but seeing how this is turning....

We have a system here that our IT people validated. This process takes forever and runs about $70,000* if a hall conversation I once had is to be believed. When the process is done they will have shown the data appearing on the computer matches the data collected by the instrument that everything is secure, that the system has an audit trail and is in all ways "just peachy".

As a local administrator I get pinged really regularly to help people get back into the system when it decides to unpeson them. Once, while on the phone to vendor tech support, I was instructed to check the extension on the user database. It was what it should have been, but while I was there I opened the database in notepad. Alarm! It was gibberish but it wasn't random gibberish.

Later I saw a presentation on securing and qualifying Excel spreadsheets and found myself thinking, "I wonder how many bits of encryption Excel uses - if the FDA is cool with this, and then we have an official this is good enough mark.” That's when I found this.

OK, so remember the nonrandom gibberish. About two months after that Excel talk and a week after reading Cryptonomicon I found myself wondering about that non-random gibberish. How bad was it really? I did not expect to be able to decrypt our user database and administrator activities log with paper and pencil. I didn't test these passwords out - and I certainly didn't see if anyone was using their instrument password as their network password. I passed the word along to someone who had enough authority to call the vendor and scream, but I don't know if they did anything.

It's not that I think all IT workers are stupid - but management went looking for a model and picked the US health care system. Then, took the "make sure the rank and file get no respect" and "flog the hell out of them if they fail the test, even if the test has noting to do with reality" elements of TSA and called it good. If you have the misfortune of being a really skilled and knowledgeable IT worker you get massively overworked because everyone seeks you out specifically, so you go looking for a better paying job where they won't know how good you are because then everyone will seek you out, causing you to be massively overworked...ad nauseum.

So, yeah, I can't wrap my brain aroudn the reasons why IT operates like it does. But I can change drug release data at my whim and send death threats to whoever from many of my co-workers e-mail accounts.** It probably ought to go the other way.

*Work out how many months of your favorite medication that will buy if you want to join in on my personal outrage. That the vendor felt one step above ROT13 was good enough is appaling. That nobody noticed in weeks of testing....

**Well, I could. I warned everyone with an account on the system (including my boss) to not use the same password there and on the network.
posted by Kid Charlemagne at 10:59 AM on September 1 [3 favorites has favorites]

I think ChurchHatesTucker probably hit the point - all users and IT folks are not equal. I guess I would categorize myself as a knowledgeable user - enough for my IT folks to realize that I could be allowed local admin rights and involve me in discussions with regarding the future plans of our network because they respect the fact that a) I understand enough to know what they are talking about and b) I can express the work related needs of the organization in a way that they understand and so can propose solutions/fixes. And I can also do the reverse - explain to the organization why what we want isn't possible/a good idea.

Maybe that's the solution - some sort of hybrid person who can bridge the gap between these two areas.
posted by never used baby shoes at 10:59 AM on September 1

After reading all of the rants in this thread agreeing with Welch, I'm even more happy that I don't work in a company with an IT department anymore. You all sound like bus drivers who would be happier if they didn't have to keep slowing down the damn bus to let passengers on and off.
posted by octothorpe at 11:00 AM on September 1 [8 favorites has favorites]

Give me Manjoo for three months. Three months of pushing a mop along after the users and I will break him, tediously re-imaging machines and then re-installing that custom software that one guy just had to have, of reminding the same person five times not to do that.

Too funny! But I don't think it would take three months; this guy has a propensity to look at things only from where he stands. He'd probably be one of the most satanic IT managers to walk the earth.
posted by Edgewise at 11:03 AM on September 1

" there must be a way to bridge this gap without the vitriol."

Cash. No, really.

I've become very fond of saying that there is a solution for every tech problem we have - provided we have enough cash.
posted by never used baby shoes at 11:03 AM on September 1

D'ja ever notice, on the internet, people say things they wouldn't say to each others faces? From the comments:

"Good article but honestly fix your CSS. The article was great before I moved past the fold. Is repeat so hard to spell out in code?"

"...So if you have a better way to word a background-repeat statement, by all means share, i'll be happy to fix it if I buggered the syntax. Otherwise, fucking off would be a good option."

You got your troll in my flame! You got your flame in my troll! Mac rulz!
posted by greensweater at 11:03 AM on September 1

During my last job as doing in house it, they finally let go of 6 people in a team of 50 that led to a 60% reduction in call volume, not just because of the errors and mistakes those users were making, but the cascading effect their mistakes would have on other peoples workflows (ie, document review processes that were messed up at stage 1 but not caught until stage 5). And these were not new employees, they were long term ones who just couldn't learn new tricks.

At one previous company the management was fond of saying "all problems are ultimately people problems." I'm not sure if it's really perfectly true, but it's true enough to keep in mind.
posted by GuyZero at 11:04 AM on September 1

I find it slightly amusing that Mr. Manjoo is also the author of "True Enough: Learning To Live in a Post-Fact Society."

My problem with these sorts of things is that the author tends to look at his own anecdotes and experience, and generalize far out of proportion. Should Slate's IT department do things differently? Maybe, I don't know enough to say. But to take that and generalize it to "IT departments should let people do whatever they want" just doesn't work. Different environments have different requirements. The US State Department probably needs a bit tighter control than Slate - arguably, it needs tighter control that it's currently exercising.

Using Google as an example doesn't get you very far; Google is a "big tech firm" as noted in the article, they spend lots of money on tech support, and they have a unique infrastructure for data storage. They aren't really comparable to Slate, or the US State Department, or anyone else except Google.
posted by me & my monkey at 11:05 AM on September 1

Well, Manjoo's the better writer at least.

I've worked two places that had IT staff, a university and a large corporation. I've also worked at a small magazine that had no such staff (it fell to the designers to come up with a budget and get it approved, and maintain all of the networks, etc.). At the university, the IT staff was famously stupid and lazy, and it basically took a call from a department head to get anything fixed—I remember a journalism class where we had to double up on computers because one after another had been winking out over the course of the class due to a corrupted permissions file that anyone who had access could have fixed in thirty seconds. I also remember the IT guy for the newspaper installing some sort of Gator thing on all the computers that would theoretically both block pop-ups and pay users to browse the internet, but really was a giant spyware monstrosity. And it was IT that claimed they were making back-ups of the newspaper's old online issues, when they only ever managed to back up the CSS layout.

On the other hand, working at the large corporation, we had one excellent IT person who handled the front lines, and another lazy admin above her who was basically secure in her position due to nepotism and had given up learning anything about technology after the introduction of OSX. But seeing as the staff there was mostly technologically retarded (including one of my bosses yelling at me because when he hit print, the paper didn't come out of the computer directly, but rather the PRINTER in the hall—he also had to be taught more than once how to switch between applications on OSX), they did pretty well for what they were given. It was only the caprices of the management that fucked things up, like continuing to buy zip discs and demanding paper copies of everything, or once when the editorial director made IT ban some news and gossip site for everyone because it made fun of him.

I'll also say that my girlfriend's experience with IT at her university has been mostly negative, and entirely stupid due to both management and IT. The biggest problem is that for her part of the library system, which includes about a hundred people, there is only one IT worker. Which means that they're constantly trying to make all sorts of random-ass shit work, like incompatible laptops function with digital projectors, etc. But for a long time (and maybe still continuing) the blog that was forced on my girlfriend, every post had to be sent to IT to make live, because they wouldn't give the permissions to the users to do that. Which meant that, again, with just one person, it could be six days before anything went live, which meant that things like "Library patron computer network is down" couldn't be posted at all because the IT tech was, you know, working on the problem. Her management has also come up with projects like a computer in a glass display case that no one can touch, which should display a wiki about the library—because wikis are in—that only the library staff can access. Or could, except that those changes need to be done by IT as well.
posted by klangklangston at 11:05 AM on September 1 [2 favorites has favorites]

"You all sound like bus drivers who would be happier if they didn't have to keep slowing down the damn bus to let passengers on and off."

I'll stop this bus as many times as you need, sir, and I'll call you by name and doff my hat to you each time you board. Just quit sneaking on and pay the fare, please.
posted by majick at 11:05 AM on September 1 [2 favorites has favorites]

Make users fix their own damn mistakes

Are you crazy? Or have you literally never worked in an office?

Imagine:

User: The computer won't let me go to this online parts catalog. It says page not found. I need to get a price so we can order this and get it here by Friday.

Me: Ok let's take a look here... ah. Yep, spyware. Looks like you downloaded spyware. Sorry, I can't help you with that. It's your fault.

LATER

Boss: You're fired.
posted by odinsdream at 11:07 AM on September 1 [10 favorites has favorites]

The IT department, in modern organizations, is a way of tricking detail-oriented, depth-focused obsessives who have no inclination or talent for management into big-picture, breadth-focused managerial positions.

No wonder everyone ends up angry.
posted by Western Infidels at 11:07 AM on September 1 [4 favorites has favorites]

I wish there were a BOFH at Slate.
posted by Pronoiac at 11:08 AM on September 1 [2 favorites has favorites]

God, I hate people sometimes.
posted by Astro Zombie at 11:09 AM on September 1

"You all sound like bus drivers who would be happier if they didn't have to keep slowing down the damn bus to let passengers on and off."

Heh. To torture this analogy: it's more like a bus driver who has to stop whenever someone pulls the cord, and also gets yelled at when he doesn't meet the schedule.
posted by smackfu at 11:09 AM on September 1 [4 favorites has favorites]

Oh look, Richmond's still alive.
posted by robocop is bleeding at 11:11 AM on September 1 [4 favorites has favorites]

Boss: You're fired.

Exactly. Except the Boss is talking to the User.

At every office I've worked in if a user downloaded spyware they're be reprimanded at minimum.

in fairness, I've only ever worked at sofwate development companies so I'm biased
posted by GuyZero at 11:11 AM on September 1

After reading all of the rants in this thread agreeing with Welch, I'm even more happy that I don't work in a company with an IT department anymore.

I'm just guessing you're also happy that you don't work in a company with a legal department or an HR department. Because I have a hard time imagining a large company existing without those things.

You all sound like bus drivers who would be happier if they didn't have to keep slowing down the damn bus to let passengers on and off.

A closer analogy is that we sound like bus drivers who would be happier if they didn't have to keep explaining to passengers why they can't ride on the roof, leave through the windows and wrestle each other naked in the aisles.
posted by Edgewise at 11:12 AM on September 1 [11 favorites has favorites]

If allowing installing software raises a risk of something expensive and bad happening, your 'it insurance' costs are higher. Every employee has rights to basic it-care. If you want this more expensive it-care that covers your dangerous lifestyle, then your paycheck will be reduced to cover the difference. Everybody happy?

The problem with this is that auto insurance is a better analogy than healthcare, I think. If you do something to screw up your computer, you may well have also screwed up corporate data or others' computers. Withholding "treatment" isn't going to make that right, or prevent it in the future.
posted by me & my monkey at 11:13 AM on September 1

At every office I've worked in if a user downloaded spyware they're be reprimanded at minimum.

A lot of offices, the manager reaction will be more like, "Why are you bothering me with shit?"
posted by smackfu at 11:13 AM on September 1 [2 favorites has favorites]

I'm going to go ahead and say that yes, it is bullshit, and it deserves some mockery. Seriously, is this what you would ask your CEO about? Homeboy asked Hillary? Right there, that's mockable.

Hillary spent way more time answering that question than many other questions. She supported the deployment of firefox. She said if there's money being wasted supporting legacy IT services they should stop doing that and start putting money towards innovative IT services. The undersecretary spent two paragraphs talking about it.

She also answered questions about biking to the state department instead of taking the metro. She answered questions about how interns can stay in touch with each other. Her opening monologue talked about access to laptops, pds (mobile computing technology). She answered questions about workplace bullying.

I'm sure glad Hillary Clinton doesn't think like you.
posted by Non Prosequitur at 11:16 AM on September 1 [11 favorites has favorites]

In regards to the ranting IT blogger, why can't users have two browsers installed? I recognize that the Firefox (and possibly the NoScript extension) does weird things to some internal sites, so I have IE as the back-up. Then again, I can recognize when something isn't working in Firefox and when I should try IE, so I don't end up bothering IT with questions of this nature.

You can, of course. I'll try and provide some perspective from someone who works as a sysadmin and would love to roll out Firefox across the company. I've even tried to do this. It's a nightmare.

Now, you have to take a step back for a second and understand something about installing things in general. Let's take Office 2003 as a good example. If you've installed Office yourself, you know very well that there are lots of configuration options. This is no problem when you're installing it at home and know what you're doing, and have five minutes to spare to do the install. It quickly becomes a serious headache when you multiply the time commitment by 100 workstations in different physical offices.

Moreover, you don't expect or want people to change the options that work best for the company. You want to push out a specific set of options as the defaults. I'm not even talking about restricting user preferences at all. I'm just talking about making the default work for the majority of cases.

Now, with Office, Microsoft expects you to do this kind of rollout, so they've provided some tools so that you can build these customizations once and roll them out in a one-click installer, or even remotely install it without any user entry required. This is great, because you can now perform 100 installations, even across a WAN, fairly easily.

There is no good way to do this with Firefox yet. You need to babysit each installation, or pay a third-party to create a Firefox deployment package for your specific needs.

It's great once it's installed, but the installing part is where the rub is.
posted by odinsdream at 11:16 AM on September 1

link
posted by Non Prosequitur at 11:17 AM on September 1

You know why people don't pee on the toilet paper at home? Because they are the janitors.

I have been peeing, both at home and away, for decades now. It has never once occurred to me to pee on the toilet paper.
posted by Flunkie at 11:17 AM on September 1

That said, Welch comes across as an enormous asshole in just about *exactly* the way most non-IT people expect IT/sysadmins to react.

It's more tolerable if you imagine him reading it in Comic Book Guy's voice.
posted by jonp72 at 11:18 AM on September 1 [3 favorites has favorites]

I don't think anyone who reads/posts at mefi should consider themselves in the "most users" group; honestly, the people IT has to worry about are spending all their time on Facebook or sports-betting sites. Or trying to stream entire movies. Or store every single picture from birth to 4th grade of their child on the server. Or spamming the entire company with urban legends about gangsters driving around without headlights on.

There are many, many people out there who just don't know, or understand, or care, what kinds of problems they can cause to their company's networks. And I can't really blame companies who are damage controlling for that.

So if it were "mefi readers should be allowed to download at will" you might be able to make a case. But a lot of the people I work with....no.

the editorial director made IT ban some news and gossip site for everyone because it made fun of him.

Quoted for hilarity.
posted by emjaybee at 11:18 AM on September 1 [1 favorite has favorites]

A closer analogy is that we sound like bus drivers who would be happier if they didn't have to keep explaining to passengers why they can't ride on the roof, leave through the windows and wrestle each other naked in the aisles.

I don't wanna ride on your bus.
posted by lumensimus at 11:19 AM on September 1 [3 favorites has favorites]

Just make everyone use their own laptops, and provide tech support then bill them for it.
----------------------------------
I do support on family members computers, and they're pretty good with a few ground rules:

1. Anti-virus programs must be installed and running.
2. I will not touch your computer if you install Limewire
3. Do not download or install any applications unless you have heard of them in the "real world".
4. Run WindowsUpdate regularly.

With those simple rules, things get a lot simpler.
posted by blue_beetle at 11:19 AM on September 1 [1 favorite has favorites]

That's because you have to. HFS+ routinely forgets directory and file permissions, so users need to run Disk Utility on a whim to get the OS working again.

True, but it's a heck of a lot easier to tell them to fix their permissions with the disk utility, and have a 90% success rate on it, than to have to go and diagnose the problem of some messed up registry value or corrupted .DLL file or 20 other things that it might be, and play Sherlock Holmes for an hour. Macs are much less... confrontational when you're trying to fix them. It's the difference between helping your cute kid find his shoe vs. trying to give a bath to the neighbor's angry cat.

MS enterprise tools are a breeze to administer in comparison to the crap apple provides.
If you're in a company that has a history of investing in it's IT infrastructure and staff. I'm the only IT guy for about 300 computers over 30 different locations. I'm running about 12 servers, most of which are Windows 2000, with a couple Mac servers and a Novell server. The cost of upgrading the systems is more than the company ever wants to pay, regardless of the purported 'savings' in time and problems. So things are replaced piecemeal, when it's absolutely necessary. Our AP software still will only run and print on Win98 machines. But we've got everything from old DOS boxes to Windows XP machines trying to work between 30 locations over a VPN. It's amazing it works, but it can be a real pain to administer sometimes.

Like I said, with a good bit of money and a decent size staff, Windows machines can run just fine. If I could get a top of the line accounting software for the Mac, I'd phase out the PCs as soon as I could.
posted by chambers at 11:20 AM on September 1 [5 favorites has favorites]

Oh, and this discussion all rides on the fact that users even understand the concept of what a web browser is. Most don't, at least in my unlucky experience. Yes. I've tried diagrams, puppets and mnemonic devices.
posted by odinsdream at 11:22 AM on September 1 [1 favorite has favorites]

I'm going to go ahead and say that yes, it is bullshit, and it deserves some mockery. Seriously, is this what you would ask your CEO about? Homeboy asked Hillary? Right there, that's mockable.

The problem that the Welch-supporting folks here don't seem to see is that there is an element of "the customer is always right" to being a good IT person. I don't mean that if State Department employees want Firefox, they automatically should get it, security be damned, but if wanting to use Firefox is consuming their thoughts sufficiently for one of them to ask Clinton about it, and the others to applaud, you don't get to mock them or call bullshit or whatever. The company has to deal with the problem to make the employees more productive. Maybe that's by explaining clearly and in good faith why they can't have Firefox, maybe it's by giving them Firefox, maybe it's something else. But just informing them that the thing that's weighing on their minds should not be weighing on their minds? Nope.

I suspect this problem, at its deepest root, comes from the fact that IT jobs require the kind of skills that tend to be found among the kind of people (in terms of social class, education, etc) who are least tolerant of the notion that they work in a purely service capacity.
posted by game warden to the events rhino at 11:22 AM on September 1 [4 favorites has favorites]

IT: Let me tell you what your job is: To HELP us. Not to FUCK US UP. To help men who are going out there to earn a living, you fairy, you company man.
posted by mattbucher at 11:28 AM on September 1 [6 favorites has favorites]

"talking about how frustrated Google is at at the lack of Chrome adoption"

I'd adopt it in a minute if I had a PC instead of a Mac, but since there's no Mac version, well, y'know, what am I supposed to do? Run bootcamp just to see Chrome?
posted by klangklangston at 11:31 AM on September 1 [1 favorite has favorites]

There's a Chromium build for the Mac - I'm using it fairly regularly. It works fine.
posted by GuyZero at 11:35 AM on September 1

A man is his job and IT are fucked at theirs.
posted by porn in the woods at 11:35 AM on September 1

Wow, the Bastard Operator From Hell is back? I haven't seen that column since the early 90's...

He's not as funny as he used to be though.
posted by PeterMcDermott at 11:36 AM on September 1

There's a different perspective on this - in many many ways, the average North American desk worker is radically under-trained to operate their computer and, more generally, to understand how to use their computer to accomplish their tasks in constantly improving ways.

For many, they have all sorts of subject-matter training that gives them an advanced ability to accomplish complicated tasks - but nothing more than a cursory understanding of THE fundamental tool they require to do their work, to put their subject-matter expertise into practice.

In the last BigCo that I worked at, I managed to work out a deal with IT in which I got "their" build of my company computer, which was quite a bit more liberal than the standard. It took me over a year to get this access, and countless discussions about why I might need a programmer's text editor or some other tools that I considered essential to my work. But we worked it out, and my life got a LOT better really quickly - because I could produce more, faster, and with WAY less hassle.

The trick is that I think that considering the general level of IT knowledge that I have seen, IT departments are probably (unfortunately) right to lock things down. But if I were hiring, if you didn't understand how to use your machine at a quite advanced level you probably would have difficulty convincing me that you're a true expert in your field. The idea that computer skills are add-on and not fundamental to work performance is radically out-of-date.

So rather than just arbitrarily liberalizing software policies I would mandate a lot of $$ to user training - if I could find a good enough program (doubtful - most office software training programs actually militate against users understanding how to better use their machines). And a lot of it I suggest should be taken care of by attrition - by specifying a higher standard of computer skills to be hired in any office function.
posted by mikel at 11:38 AM on September 1 [5 favorites has favorites]

I suspect this problem, at its deepest root, comes from the fact that IT jobs require the kind of skills that tend to be found among the kind of people (in terms of social class, education, etc) who are least tolerant of the notion that they work in a purely service capacity.

I'll dig deeper and say the fundamental problem is that IT and IT jobs are so new that an IT job ten years ago required such a different skill set that they would be obsolete today and ten years before that they'd be so different they would barely be recognizable. Can you imagine the same with accounting or any other business operation? An accountant today is an accountant ten years and an accountant since double book accounting was invented by da Vinci. In fact if you look at the general ledger one hundred years ago, the only difference is that it is on paper and in cursive. With such a history comes expectations and an understanding of how things work. Take any high level position in the company and explain that due to growth we've tripled the number of vendors we deal with despite increasing our revenue by only double. Still we are dealing with 3x as many vendors and we will need, according to the head of accounts payable, 4 more people to cover this. The decision makers will look at a couple of easily available metrics like vendors per AP person and say that yes, that makes sense and does not seem unreasonable. Now do the same thing and explain that our database is expected to grow to 18TB which means we can't use RAID5 because you run into issues with the possibility of restoration failure above 12TB or whatever the limit is and so we're looking at a couple of options to deal with this including moving to perhaps something like Hadoop or maybe split the databases up, but we really need to see how the data is used but the point is that no, we can't just add another hard drive to deal with the increasing demands.

You would not expect to go to HR and say that you wish to get paid daily and if it is the same rate as getting paid weekly what is the difference, why can't you just do it? And then you shoot off an email when HR denies you and suddenly HR gets e-mail from some high level boss that says "This is a good idea let's try it!"

It is all about expectations.
posted by geoff. at 11:42 AM on September 1 [4 favorites has favorites]

The problem that the Welch-supporting folks here don't seem to see is that there is an element of "the customer is always right" to being a good IT person.

But "the customer" isn't the end user. It's the company. In the case of website/network monitoring, it's the HR department. It's certainly not the guy in Accounting who wants to play "Mafia Wars" on Facebook or install Weatherbug or whatever.

I don't mean that if State Department employees want Firefox, they automatically should get it, security be damned, but if wanting to use Firefox is consuming their thoughts sufficiently for one of them to ask Clinton about it, and the others to applaud, you don't get to mock them or call bullshit or whatever. The company has to deal with the problem to make the employees more productive. Maybe that's by explaining clearly and in good faith why they can't have Firefox, maybe it's by giving them Firefox, maybe it's something else. But just informing them that the thing that's weighing on their minds should not be weighing on their minds? Nope.

And what happens when those clear, good faith explanations aren't accepted? What makes you so sure that no one at State Department asked for Firefox before, and already received those explanations? Unless your job is about web development, how exactly does Firefox make you more productive? How do you even measure that productivity? It's pretty easy, on the other hand, to measure the productivity cost of rolling out software.
posted by me & my monkey at 11:43 AM on September 1 [1 favorite has favorites]

mikel: You have it exactly. I'd love to have the resources to actually train users about basic computer functions and how the services they depend on work. Unfortunately nobody would ever pay what this would really cost.

Today I was asked by the guy who crashed the spam filtering appliance* last week, "So, if you send an e-mail with a link to a video, that e-mail is smaller than an e-mail with the video in it?"

There is a complete lack of knowledge of what computers are, how they work, and why they break. Even though I spent awhile explaining how his 400-recipient 4MB e-mail was equivalent to one person sending 60,000 normal e-mails, I have no faith that this will reduce or eliminate future problems.

Hell, some people shouldn't even have computers at the office. I'm probably one of the few sysadmins I know who regularly tries to find non-technical solutions to what are presented as IT problems, because even though there may be a cool technical solution, it would require everyone to at least have a basic understanding of it in order to use it effectively.

* Technically it would have recovered on its own after about eight hours of processing.
posted by odinsdream at 11:51 AM on September 1

I'm sure glad Hillary Clinton doesn't think like you.

Don't be so sure...you haven't heard my healthcare proposal!

Seriously, though, just because she answered the questions, doesn't mean that they were good ones. If I was the boss and I opened the floor for any and all questions, and someone asked me why we don't use firefox, I'd internally grimace and say to myself "well, that's what I get for saying 'no question is too dumb,'" and then answer the person's question as best as I could, with a bare minimum of sarcasm (they probably wouldn't even notice).
posted by Edgewise at 11:51 AM on September 1

And what happens when those clear, good faith explanations aren't accepted? What makes you so sure that no one at State Department asked for Firefox before, and already received those explanations? Unless your job is about web development, how exactly does Firefox make you more productive? How do you even measure that productivity?

All I'm saying is that if there is mass dissatisfaction in your organization, it's bad for business, bad for productivity, bad for morale, etc. That doesn't change just because the dissatisfaction is irrational or unfair from the point of view of the IT department. And you have to acknowledge and deal with the dissatisfaction somehow, not just yell in its face.
posted by game warden to the events rhino at 11:59 AM on September 1

There's one clear problem here: Windows.

I'm not a Mac/Linux/other fanboy particularly, but Windows was delivered with a complete disregard for security, has released features that were obviously massive security holes and were called out as such long before they were delivered, and only slowly moved toward a more secure posture when forced.

Simply the fact that probably 95% of the programs ever installed were installed with administrator privileges tells you most of what you want to know.

Similarly, such monstrosities as the Windows Registry and DLLs only encourage systems to get more and more brittle as you install more software, even if you never install any malware.

Aside from this, there's the invisible cost to your IT people of simply having to do much more work per PC, even if the users were as good as gold. *nix systems (which includes Mac OS) live and die from the shell; there's nothing you can't script! But many Windows maintenance tasks involve some sucker mousing and clicking...

Sure, no one gets to run IE any more, you might have to fix some tools, but over a three year horizon, your savings would be dramatic.

There are always some uses for Windows PCs, to run specific applications that do not yet appear on another platform (but these are fewer every year). PCs are cheap enough and IT is expensive enough it's entirely worth putting these applications onto specific PCs that are only used for this very purpose, where no changes are allowed to be made and no other applications are allowed to be run, a dedicated Microsoft Access box or whatever, that the user can access from his screen and keyboard (whether through some remote desktop or simply a KVM switch to another box under his desk).

All the Windows badness is confined to these few machines, they're disk imaged, actual documents are stored elsewhere, and if something goes wrong, you simply re-image the disk without even bothering to troubleshoot.
posted by lupus_yonderboy at 12:02 PM on September 1 [1 favorite has favorites]

Hillary spent way more time answering that question than many other questions. She supported the deployment of firefox. She said if there's money being wasted supporting legacy IT services they should stop doing that and start putting money towards innovative IT services. The undersecretary spent two paragraphs talking about it.

...

I'm sure glad Hillary Clinton doesn't think like you.

I am too, because she presumably wasn't chosen as Secretary of State for her encyclopedic IT knowledge. But it's worthwhile looking at the pullquote from your link.

MS. GREENBERG: Okay. Our next question comes from Jim Finkle:

Can you please let the staff use an alternative web browser called Firefox? I just – (applause) – I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn’t use this browser. It was approved for the entire intelligence community, so I don’t understand why State can’t use it. It’s a much safer program. Thank you. (Applause.)

SECRETARY CLINTON: Well, apparently, there’s a lot of support for this suggestion. (Laughter.) I don’t know the answer. Pat, do you know the answer? (Laughter.)

UNDER SECRETARY KENNEDY: The answer is at the moment, it’s an expense question. We can --

QUESTION: It’s free. (Laughter.)

UNDER SECRETARY KENNEDY: Nothing is free. (Laughter.) It’s a question of the resources to manage multiple systems. It is something we’re looking at. And thanks to the Secretary, there is a significant increase in the 2010 budget request that’s pending for what is called the Capital Investment Fund, by which we fund our information technology operations. With the Secretary’s continuing pushing, we’re hoping to get that increase in the Capital Investment Fund. And with those additional resources, we will be able to add multiple programs to it.

Yes, you’re correct; it’s free, but it has to be administered, the patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once.

SECRETARY CLINTON: So we will try to move toward that. When the White House was putting together the stimulus package, we were able to get money that would be spent in the United States, which was the priority, for IT and upgrading our system and expanding its reach. And this is a very high priority for me, and we will continue to push the envelope on it. I mean, Pat is right that everything does come with some cost, but we will be looking to try to see if we can extend it as quickly as possible.

It raises another issue with me. If we’re spending money on things that are not productive and useful, let us know, because there are tens of thousands of people who are using systems and office supplies and all the rest of it. The more money we can save on stuff that is not cutting edge, the more resources we’ll have to shift to do things that will give us more tools. I mean, it sounds simplistic, but one of the most common suggestions on the sounding board was having better systems to utilize supplies, paper supplies – I mean, office supplies – and be more conscious of their purchasing and their using.

And it reminded me of what I occasionally sometimes do, which I call shopping in my closet, which means opening doors and seeing what I actually already have, which I really suggest to everybody, because it’s quite enlightening. (Laughter.) And so when you go to the store and you buy, let’s say, peanut butter and you don’t realize you’ve got two jars already at the back of the shelf – I mean, that sounds simplistic, but help us save money on stuff that we shouldn’t be wasting money on, and give us the chance to manage our resources to do more things like Firefox, okay?

Yeah.

So, the guy wants to use Firefox because (a) he used it at his old job at a different (much smaller) agency, and (b) because it's "safer." And of course, it's "free." And of course, she didn't know anything about the issue - not that she should be expected to - and made vague reassuring noises (with peanut butter analogies) that maybe State Department can spend some stimulus money to make this happen.

I've got to concur with whoever said this was a dumb-ass question. "It's free!" Good luck pushing everyone to 3.5.2 to fix the TEN CRITICAL SECURITY ISSUES SINCE THE DATE OF THIS TRANSCRIPT.
posted by me & my monkey at 12:02 PM on September 1 [5 favorites has favorites]

These articles are why I've developed my own methods of dealing with IT and with users. I see both sides of it. Both sides are right and both sides are wrong, I think.

I sometimes desperately wish for two things:

- The ability to revoke a user's license to use a computer. I really, really wish this existed.

- The ability to punch an IT manager (or a business owner) in the face over the Internet.
posted by disclaimer at 12:06 PM on September 1

I'm an academic who also manages two student mac labs. I just put deep freeze on the machines and schedule them to shut down at night and reboot in the morning. The only service problems I've had are two machines stuck in an endless boot cycle.

The only downside to this is that my imaging tools no longer work, so I'm doing everything by hand.

After having sat on both sides of the fence, I would say that hiring more IT people would decrease their grumpiness considerably. I'm amazed at what our IT department is able to accomplish.
posted by mecran01 at 12:06 PM on September 1

>But "the customer" isn't the end user. It's the company. In the case of website/network monitoring, it's the HR department. It's certainly not the guy in Accounting who wants to play "Mafia Wars" on Facebook or install Weatherbug or whatever.

And Mafia Wars or Weatherbug is a problem how, exactly?

Jeebus, get some priority about yourself. Your job isn't to monitor every time they want to blow off steam through a harmless widget. You sound like the guy who removed our (Macs) landline internet access after a virus killed the PCs in the office. "Security risk" he said. While we were the only ones with outside access, and were processing incoming orders et al.

The stupid, it burns. The goggles, they do nothing.
posted by ChurchHatesTucker at 12:16 PM on September 1

I am too, because she presumably wasn't chosen as Secretary of State for her encyclopedic IT knowledge.

Why is it okay for her to talk about interns and laptops? This is confusing. It's a town hall for State department employees. They can't talk about workplace issues?

Why is it not okay to talk to the CEO about things?
posted by Non Prosequitur at 12:20 PM on September 1

>If allowing installing software raises a risk of something expensive and bad happening...

The problem with this is that auto insurance is a better analogy than healthcare, I think. If you do something to screw up your computer, you may well have also screwed up corporate data or others' computers. Withholding "treatment" isn't going to make that right, or prevent it in the future.

If something bad happens because of software or actions not accepted by your it-insurance, they'll still fix it, but you'll pay for the cost out of your own pocket. Even if it is a total network crash causing the whole company to lose days worth of business, you pay for the losses.

IT is serious business, it doesn't have to be fair or humane!

(I am playing devil's advocate here, I don't think there is any systematic cure or systematic problem in IT services, only like geoff. stated that it is still so young a field and needs are so different in different sectors that it is not easy to recognize when someone has gone over the top being a rigid asshole and when there is a legitimate issue—even harder is to draw general good practices or rules on how IT services should operate.)
posted by Free word order! at 12:23 PM on September 1

There are a lot of sysadmins way behind the times posting here. If you're not running your internet traffic through a filtering web proxy, and ruthlessly firewalling the rest (unless an exception is requested and the tools to monitor the connection are in place) you're doing it wrong. If you're not running HIDS/AV/DLP software on your user's PCs, and keeping it up to date, you're doing it wrong. If you're doing it right, they could download and run whatever the hell they like and not make so much as a ripple in the finance and legal departments.

Locking down a PC is not a security measure, it's laziness that will bite you in the ass when something or someone figures out a way through the lockdown. Modern tools mitigate that risk by recognizing and countering malicious behavior, and lets your users have the leeway they need at the same time. User education as a matter of HR policy is good, too - even tho I've been in the biz since wooly mammoths roamed the server room, I still have to take a web seminar twice a year on how to recognize malware sites and social engineering hacks. If I don't take the webinar and pass the quizlets, then my manager whines at me.

PC wonks should not be in charge of IT if they can't see past the PEBCAK, or be bothered to talk to a firewall guy now and again to see how the technology has progressed since, say, 1998.
posted by Slap*Happy at 12:27 PM on September 1

Why is it not okay to talk to the CEO about things?

Which things? Department strategy or paperclip shortages?

Obviously, she set a different tone in this meeting than a CEO of a large company typically would, evidenced by the very fact that they asked her this. On the other hand, if you think she's going to spend more than three seconds on these issues, and this wasn't just internal PR...then I think you're wrong. I'm sure her immediate underlings were there, taking notes to follow up on these issues. She didn't really need to be there, I'm guessing.

People like secretaries of state and chief officers of large companies tend not to get bogged down in day-to-day details. That's precisely why they aren't directly managing every person in their employ. Sure, she can put a happy face on your big stapler issue, but she's got to talk to Putin tomorrow to get his support in pressuring North Korea to multilateral talks. Firefox? Is that a new weapons program? No? Then maybe there's someone else you might want to talk to...
posted by Edgewise at 12:32 PM on September 1

And Mafia Wars or Weatherbug is a problem how, exactly?

By themselves, nothing, although one might be leery of a program that needs a third-party tool to remove it. But companies have plenty of good reasons to block access to the sites of their choice, or prevent users from having the ability to install anything they like. Being able to install anything you like means being able to inadvertently install things you don't want, and the history of malware demonstrates how easy it is to get people to do this.

Your job isn't to monitor every time they want to blow off steam through a harmless widget.

Fortunately for me, my job isn't to manage IT, really. But if it were, I might be required to determine what people can do with company property. And I've worked with enough corporate IT departments to be intimately familiar with the crazy, stupid things that people can do with their computers, and the constraints of limited budget and sometimes-opposing goals: keeping systems running and making sure people can get their jobs done using those systems.

The stupid, it burns. The goggles, they do nothing.

You've got to wash the stupid out of the goggles BEFORE you put them on.
posted by me & my monkey at 12:35 PM on September 1

Oh sure, there’s a point that the site should be upgraded, but right now, it costs zero dollars to maintain, while upgrading it solely so that another browser can use it will cost...not zero dollars.

Here's the real reason. IT are too lazy to do their job -- which is to provide up-to-date, functioning services.
posted by mr. strange at 12:36 PM on September 1

IT are too lazy to do their job

As others have mentioned, IT are often not funded to "do their job". IT budgets have a lot of zero-operation-cost items in them, regardless of how unrealistic this is.

THis is why I think that there should be a greater onus on users, so IT can do the real work of updating apps to work with modern browsers, etc.
posted by GuyZero at 12:40 PM on September 1 [1 favorite has favorites]

He's not as funny as he used to be though.

clickty-click.
posted by YoBananaBoy at 12:41 PM on September 1 [1 favorite has favorites]

Why is it not okay to talk to the CEO about things?

I didn't write that it's not ok to talk to the CEO about anything. Someone could have asked "why do I need to wear pants on casual Fridays?" Both would be dumb-ass questions.
posted by me & my monkey at 12:43 PM on September 1

Right now I am so glad I'm a freelancer, I'm weeping.
posted by furiousthought at 12:44 PM on September 1

>...the constraints of limited budget and sometimes-opposing goals: keeping systems running and making sure people can get their jobs done using those systems.

Yeah, and that's the definition of the dance. I've seen my GF spend days trying to figure out how to modify the appearance of her folders, since that was deemed off-limits. She did it, but she could probably have spent her time doing something else if that was simply deemed NOT A SECURITY RISK.

As far as I've seen, there's only two types of IT guys. Those that want to be your overlords, and those that want to help you do your job.

Guess which one I think is helpful.
posted by ChurchHatesTucker at 12:51 PM on September 1

As far as I've seen, there's only two types of IT guys. Those that want to be your overlords, and those that want to help you do your job.

Maybe you should take off those goggles. They're not helping any.
posted by me & my monkey at 12:58 PM on September 1 [1 favorite has favorites]

Aside from this, there's the invisible cost to your IT people of simply having to do much more work per PC, even if the users were as good as gold. *nix systems (which includes Mac OS) live and die from the shell; there's nothing you can't script! But many Windows maintenance tasks involve some sucker mousing and clicking...

This isn't the case at all. In every corporate environment I've worked in, if there's a problem with a PC that doesn't have an immediate fix that machine is reimaged. If the problem persists, the machine is replaced. You can do that with *nix systems, but there aren't as many tools and they aren't as easy to use.

The big reason MS owns the corporate workspace is because Active Directory is awesome. The only other tool that works nearly as well is Novell Netware, but even at that, AD grants superior power over the other crappy half of IT - user and asset managment. You can push out apps, enforce updates, reboots, log collection and so on, all from one set of tools. You can grant very granular privelges, and manage file permissions very easily.

Apple's Workgroup/Server manager sucks donkey balls in comparison. It doesn't scale well, and doesn't even do much of what you need it to do. Sure, if it's you and 4 buddies doing font kerning, Apple is a great solution. If you're managing 3000 users across the state of Wisconsin, it's beyond lame.

To be clear, this situation doesn't exist because of some inherent suckiness of apple products - it's because the business market is a market segment Apple doesn't really want to compete in. (No more Xraid, lack of updates to Xsan. and so on). At least they made the dock translucent, I guess.

Back on topic, the main failure between users and IT in my experience is that users don't understand is that IT is an iterative process - sometimes you have to take several tries to solve an issue. Even at that, a perfect solution may not be cost or effort effective. A solution that works for user A may not work for users B through Z, and so solutions need to scale or they are unmanageable. And so perfect becomes the enemy of the good.

As an IT admin, I have no idea how it is that many people do their jobs. But it's my job to reasonably make it as easy as possible while saving the company or department money. But it's frustrating to tell someone that they can't have an iPhone because the company standardized on Blackberries, even if they pay for it themselves. It's even more frustrating for them to take it personally, or worse accuse me of being lazy or inept because I don't really want to support yet another system.
posted by Pogo_Fuzzybutt at 1:00 PM on September 1 [2 favorites has favorites]

Technorati Tags:
New Media Douchebags

Love it.
posted by LarryC at 1:01 PM on September 1

Maybe you should take off those goggles. They're not helping any.

Hands off my Goggles, overlord!!
posted by mattbucher at 1:07 PM on September 1

Those goggles are useless anyway, they do nothing.
posted by grouse at 1:18 PM on September 1 [1 favorite has favorites]

I've seen this argument happen in various forms in several organizations now. It's always interesting to watch it play out. Unfortunately, in many places, the BOFHs win, the non-clueless users lose, and the workplace suffers in some difficult-to-estimate way as a result.

However, I've also seen some good compromises.

On the most extreme side, some IT-centric shops put all the burden on the users. If you're too stupid to install your own software and maintain your machine in a way that lets you be a productive employee, without burdening IT and causing problems, you're just too stupid to work there. The responsibility of the IT infrastructure department is just to provide you a desk, a power socket, a live network jack, the settings for the company email server, a new laptop every couple of years, and to coordinate warranty service if your issued hardware fails.

I'm a big fan of this approach, and I think it's not unreasonable that—particularly in technical fields—the ability of each employee to operate and maintain their own PC is sort of like an infantryman's ability to operate and maintain his rifle. The future has no place for computer illiterates. (Or rather it does, but it's with the people who are actually illiterate; hopefully in training courses to rectify the situation.) PCs are the pencils and yellow legal pads of the 21st century.

Obviously this isn't always practical. So as a stopgap, I've seen some places create multiple classes of users. Employees come in to the organization as basic "users" and have locked-down machines. But those who want to have the option of becoming "power users," which gets them additional privileges—like install or administrator access to their own machines—but comes with a signed agreement that outlines their responsibilities: being subject to disciplinary action if they create problems that requires IT intervention, and perhaps even demonstrating that they understand enough about networking and infrastructure so that they don't do anything that will adversely impact anyone else.

It's always unfortunate when organizations get locked into the "priesthood" paradigm, where there's nothing between the high holy order of professional IT, and the unwashed masses of users. Multi-tiered schemes can work out pretty well, and done right, the "superusers" can even take some of the low-level tech support burden off of the dedicated IT department.
posted by Kadin2048 at 1:22 PM on September 1 [5 favorites has favorites]

A lot of people seem to lose sight of something pretty basic.

The computer, and the internet, that you use at work aren't YOURS. They are corporate tools. The laptop is not given to you to help your child learn to type, or to entertain them on long trips. That computer was given to you to facilitate the deal: Exchanging your time and effort toward the company's goals, in exchange for money.

It's not for you to "blow off steam" with. Honest.

I don't mean to suggest that some corporate tools and rules can't be stifling. Personally, I wish I could work from home more. But, hey, they pay me to come here and work. Sometimes, I can try to work out a happy medium. Sometimes I succeed, sometimes I don't. But at the end of the day, they pay me, I do the work they ask.
posted by Richat at 1:22 PM on September 1

I started off in IT and migrated to jobs in operations. Tech Ops at most companies is means for getting around the IT sandbox. Businesses demand that IT keep costs down so IT picks a few standard solutions (Windows, MS Office, Cisco) and then tells the business types that whatever they want to do outside of that is too expensive or impossible. So, a parallel organization is created that makes whatever the business types dream up happen and everyone is happy till the kludged together solution fails at an inopportune moment. Then, a vendor is sought out to take the blame when bad things happen. It understandable that IT doesn't want to be on the hook if your favorite application breaks something or just doesn't work. But not supporting Firefox is lame. I suspect sometimes that there are people who have a real bias against open source that is just as strong as that of GNU/FSF crowd.
posted by Tashtego at 1:27 PM on September 1 [1 favorite has favorites]

This sort of thing goes both ways.

On the one hand, I do some technical support and have seen the idiocy that users can provide. I really do understand the need to keep people from breaking stuff.

On the other hand, I've been the user who got to listen to the IT manager rant "Don't tell me what you need to do your job... I will tell you what you need to do your job!" Which was great, except that I was doing transcription, and actually kind of did need the ability to play sound files into my headphones. (He'd forbidden anyone on the floor from having sound drivers of any kind, because some idiots had installed that screensaver that croaked like a frog.)
posted by Karmakaze at 1:34 PM on September 1

As far as I've seen, there's only two types of IT guys. Those that want to be your overlords, and those that want to help you do your job.

Wow, that sounds like the two types of marketing guys I ran into yesterday. AND the two types of software developers. You're right: some people want to help, and some people want power. That is one way you can divide up one group of people into two groups. I can't argue with logic like this, it is too irrefutable. Unfortunately, it just doesn't contribute much to the conversation. It's like saying "As far as I can tell, there are two types of janitors: good janitors and evil janitors."

Try this one out for size: As far as I've seen, there are two types of non-IT guys. Those that are capable of understanding that there are legitimate constraints on what they can do with their computers, even when they don't comprehend the technical and business issues involved. And then there are those who don't understand why they can't have everything that they want right now, and assume (just as they did with their parents) that IT just wants to control their lives.

The computer, and the internet, that you use at work aren't YOURS. They are corporate tools. The laptop is not given to you to help your child learn to type, or to entertain them on long trips.

That's (part of) what I thought was so loopy about Manjoo's complaint that evil IT techies just want to ruin your fun.
posted by Edgewise at 1:35 PM on September 1 [1 favorite has favorites]

"As far as I can tell, there are two types of janitors: good janitors and evil janitors."

Have you not seen Scooby Doo?
posted by Artw at 1:43 PM on September 1 [3 favorites has favorites]

The computer, and the internet, that you use at work aren't YOURS. They are corporate tools. The laptop is not given to you to help your child learn to type, or to entertain them on long trips.

That's (part of) what I thought was so loopy about Manjoo's complaint that evil IT techies just want to ruin your fun.

I'm not sure where either of you work, but the idea that employees should get to have (some) fun at work and enjoy some autonomy — the idea that treating them as human beings might be a) the ethical thing to do and b) good for business — is actually quite prevalent these days. Some places even give you free coffee!
posted by game warden to the events rhino at 1:49 PM on September 1 [3 favorites has favorites]

I suspect sometimes that there are people who have a real bias against open source that is just as strong as that of GNU/FSF crowd.

And I suspect there are end-users that completely disregard every valid reason there is for not maintaining two disparate browsers in an enterprise setup and instead just trot out the old "you're just biased against open source" canard at every opportunity.
posted by splice at 1:52 PM on September 1

Bullshit. That is the precise word for this. Bullshit. Oh, the joys of firefox, until you have to deal with an internal site with old code that has sat there running fine, doing its job for years, but Firefox can’t use it. Oh sure, there’s a point that the site should be upgraded, but right now, it costs zero dollars to maintain, while upgrading it solely so that another browser can use it will cost...not zero dollars.

Oh hey, guess what, I heard you can have firefox and IE on the same machine now. Even run them at the same time!

Seriously, both these people are idiots. This guy is defending the fact that people can't use firefox because internal IT wrote garbage web apps and are too lazy to fix them.

The thing is, yeah 90% of users are idiots when it comes to computers. The problem is that 50% of IT people are also idiots.

I think the idea of making end users responsible for messing up their computers is absurd, though. Because many would if they had admin rights. I mean come on, do you really think many companies could afford to replace every single worker who didn't know how to properly administer a windows box with ones who do?

I think Manjoo's article was sadly written in a fantasy world, because there is a lot of crap out there if you let people run whatever programs they want. On the other hand, competent IT people would make people's work much less of a pain then incompetent ones.

There is a surprising amount of browser unawareness (there was a article about this in the WSJ today which I can't find the link to, talking about how frustrated Google is at at the lack of Chrome adoption).

Was it this article?

I don't get what's so exciting about chrome. Separate instances for separate threads is nice, and occasionally firefox will freeze loading a PDF or something and I'll kind of wish firefox had the option of doing the same thing. But not very often. And Firefox's autocomplete is still better then Chrome's.

But really, why would I want to give google even more control of my online experience? They already have enough and unlike, say gmail vs. hotmail, Firefox is already a great product. And it's free and produced by a nonprofit.

You would not expect to go to HR and say that you wish to get paid daily and if it is the same rate as getting paid weekly what is the difference, why can't you just do it? And then you shoot off an email when HR denies you and suddenly HR gets e-mail from some high level boss that says "This is a good idea let's try it!"

LOL.
posted by delmoi at 1:52 PM on September 1

Jesus, after reading this thread I'm so glad I've (sort of) transitioned from IT to software development.

Working in an IT department is the tech equivalent of being a janitor. Actually I think being an actual janitor might be less stressful.
posted by kableh at 2:03 PM on September 1

The problem that the Welch-supporting folks here don't seem to see is that there is an element of "the customer is always right" to being a good IT person.

I hate that phrase so fucking much. Seriously. The article I linked to is absolutely correct. "The customer is always right" is pretty much the cause of the ridiculous sense entitlement felt by so many Americans.

Your whim is not a mandate.

Right now I am so glad I'm a freelancer, I'm weeping.

I am too.

Except for not being able to find any work these days.
posted by Netzapper at 2:05 PM on September 1

Jesus, after reading this thread I'm so glad I've (sort of) transitioned from IT to software development.

At my very small company, I get to enjoy the best of both worlds!
posted by kmz at 2:06 PM on September 1

Oh hey, guess what, I heard you can have firefox and IE on the same machine now. Even run them at the same time!

Sure you can! However, many people who use computers don't really know anything about browsers, much less understand the concept of using different browsers for different sites. So, even forgetting about the costs of distributing and maintaining additional software, there are still potential costs for simply having two browsers. Even in a relatively tech-savvy environment, it can be hard to get across the simple message "you can use Firefox for everything except a specific set of crappy but business-critical web apps." And, again, unless you're a web developer it's really hard to justifiably say you need Firefox to do your work.

This guy is defending the fact that people can't use firefox because internal IT wrote garbage web apps and are too lazy to fix them.

Maybe internal IT neither has the time or money or expertise to rewrite crappy but business-critical web apps. It may be hard to believe, but to this day there are still vendors selling applications that only run in IE, and there are people buying them. And internal IT doesn't always have veto power over those things.

I don't get what's so exciting about chrome.

It's certainly better at handling AJAX-heavy apps, in my experience - such as Google Apps. Coincidence? I think not! And, it's not next to impossible to set up application shortcuts that use Greasemonkey scripts with Chrome, although it's not nearly as easy as it should be.
posted by me & my monkey at 2:13 PM on September 1

A ha ha hah hah hah hah. Hah hah hah.......
posted by Lynsey at 2:47 PM on September 1

Man, I would love to see one of these famous internal web apps that don't work on Firefox.
posted by Jimbob at 4:43 PM on September 1

Man, I would love to see one of these famous internal web apps that don't work on Firefox.

Really? Get a job at practically any big company, or at many small companies for that matter. Many of these apps specifically check for certain browsers, and don't work if you're not using something "approved" by the developer. Many use ActiveX controls, and the Firefox ActiveX plugin options don't really work that well if said ActiveX controls interact with the browser content through JavaScript. I've used two of these applications today! And they suck. Suck, suck, suck. Both are apps purchased from vendors, rather than apps built in-house. But it's not like these companies are going to pay to redevelop them just so their users can run Firefox, or switch to another product, etc, etc. Did I mention these apps suck?
posted by me & my monkey at 5:17 PM on September 1

This guy is defending the fact that people can't use firefox because internal IT wrote garbage web apps and are too lazy to fix them.

This line of thinking is (typically) wrong. It's wrong because it makes an assumption: that IT (the people responsible for the computers) and Development (the people responsible for the software the business uses) are the same people.

Usually they're not. Begging IT to use Firefox is about as productive as a 17 year-old pestering Ford because he wants a car for his birthday. Wrong audience. Typically you have to bug Development because it's their shitty software that's preventing a pointy-headed person from green-lighting a browser upgrade.

To which Development will then reply, "We'd love to fix our code. Go hire some more developers to handle the backlog of crap our users have been demanding while we go fix the problem. To which pointy-head will either reply, "I'm not authorized to allow that" which means no or will reply, "The shareholders… [something-or-other]" which also means no.

Sometimes it seems like the only reason anything ever actually gets done in development is when someone gets fed up and decides to spend a few 100+ hour weeks staying up late into the mornings coding for the greater good. As the best developers are inherently lazy (necessity being the mother of invention and all) that usually means it takes ages for real progress to rear its ugly head. The larger the company, the longer it takes. Not because the code is that much more complicated, but because there are that many more levels of "Yes" you have to go through.
posted by Civil_Disobedient at 5:18 PM on September 1 [1 favorite has favorites]

Man, I would love to see one of these famous internal web apps that don't work on Firefox.

Hah. I actually inherited one at a job once. And actually me and my co-worker were responsible for maintaining it. It was a HUGE mess. Actually it was this big portal that had been doing in ASP.net some of the sub-apps had been written with the ASP.net's visual designer. The only problem was that some of the layout was non-standard garbage get screwed up of rendered 'properly'.

And actually you could do most of your work in firefox if you wanted too, but sometimes things would appear wonk in some cases.

But, we would just tell users to use IE for the app, and plenty of people used firefox for everything else. I never met a user who couldn't tell the difference, or couldn't handle switching.
posted by delmoi at 5:23 PM on September 1

The computer, and the internet, that you use at work aren't YOURS. They are corporate tools.

Let's run with this, shall we? Same lab, different instrument, I'm still a local admin. User logs in but can't actually use the instrument because the THEY'VE decided that users don't get enough permissions to actually interact with the instrument that the WORKERS are being PAID to DO WORK with. So after screwing around with this for about $100 worth of pay check (with benefits and such, I'm sure it cost the company more than that). Finally, I break down and call the IT people, explain the problem and am told that nothing can be done, or, well, DOOM!

So I made everyone a local administrator. Problem solved.

I'd say we've got a few to many corporate tools calling the shots.
posted by Kid Charlemagne at 5:27 PM on September 1 [1 favorite has favorites]

You could have just let him use your local admin account. Or is that a security policy you like?
posted by smackfu at 5:38 PM on September 1

I don't think there's a lot of IT guys that are super against Firefox, it just doesn't make a lot of sense in a large environment. Most of the time there is at least one application that will only work with IE therefore at least a handful of people NEED IE. If that's the case then you keep IE for everyone. It's not good business to have two different browsers, two different sets of updates, two different apps to adminster.

Also, IE updates are pushed down with all other windows updates at the server level. This makes maintaining IE over Firefox much more efficient, no matter what some schmuck was usesd to in his old job.

As far as IT guys being jerks. It happens. I'm a network engineer and I mostly work with other IT Managers and Admins helping them design and run their network. I am always amazed at how quick they are to tell me WHAT this person should be allowed to look at, or customizations are allowed to make, etc...In not so many words I try and explain to them that they are NOT the people who make money for the company and that you need to enable the people who do. The good ones take my advice, the not so good ones don't allow you to change your desktop background.
posted by LouieLoco at 6:03 PM on September 1 [1 favorite has favorites]

Jimbob: "Man, I would love to see one of these famous internal web apps that don't work on Firefox."

It doesn't even have to be an internal app. We only support Firefox at my company, and make sure that all of our internal stuff works across all browsers.

Then the HR folks changed our health insurance plan. The insurance company's web site that everyone had to log into to administer their benefits wouldn't work in Firefox. I figured out that it was just because of a couple of errors in their javascript (literally typos) that broke the formatting in Firefox, but were ignored by IE. The problem worked it's way up the food chain until I was able to communicate to their development manager what the problem was, and how to fix it. Instead, they changed the main portal page to say in big red letters that you could only use the site with IE6. I started developing what amounted to a cross-site scripting hack to get around the errors, but thought better of it.

Everyone, everywhere assumes you have access to IE6. Why spend time and money making your site work for some weirdos doing something weird? You just can't win.
posted by team lowkey at 6:29 PM on September 1 [1 favorite has favorites]

Man, I would love to see one of these famous internal web apps that don't work on Firefox.

You know how web developers test on all the browsers to make sure stuff works? Bet you would save some money if you didn't do that. It's often that simple.
posted by smackfu at 7:04 PM on September 1

Okay, okay, I believe you. I just confuses the hell out of me, and I can't help feel that the people who should be punished on this issue are not the general workers who want Firefox, not the IT staff who don't want to give them Firefox, but the fuck-ups who developed those applications in the first place.

Here's a tip - if you're developing some mission-critical web app to be used by companies, try to avoid Javascript, just don't go anywhere NEAR ActiveX, try to do all the processing server-side, and feed the client simple fucking HTML. It will make everyone happier.
posted by Jimbob at 7:12 PM on September 1

" It will make everyone happier."

No, it won't. There will always be someone in management who wants a bunch of extraneous UI slathered on, and the request will always be to make it exactly like something they saw elsewhere that was built on some fragile, proprietary platform. This manager will always refuse to budge until "simple fucking HTML" at the same time as "meeting the requirements as stated" is an impossibility.

Really. That's how the real world is, as idiotic as it sounds.
posted by majick at 7:28 PM on September 1

Oh man. I've just remembered that I am evil myself. Many years ago, I managed (through a friend of a friend) to land a job developing a web app for a document archival and management company.

They wanted, essentially, a browser-based version of their normal Windows application, which basically viewed and searched large multi-page TIFF files and their metadata.

What I made was ugly. I used ActiveX controls. There was no way that sucker was ever going to work in anything other than the browser they told me they wanted it to work in.

And while I was developing it, I was thinking "What is the point of this? Why do they want this? This is awful. This will cost them in the future."

But I took the money and ran. I'll bow out of this debate now.
posted by Jimbob at 7:39 PM on September 1 [2 favorites has favorites]

Honestly.

Dev: "We still have this bug so it doesn't work right in Firefox."
Manager: "Oh, well, we don't say we support Firefox in our specs so that's great, we can meet the date and my boss will be happy."
Dev: "But, but, but..."
posted by smackfu at 7:40 PM on September 1

the fuck-ups who developed those applications in the first place.

Also, I don't think people appreciate how slow corporate apps move. We have XP on all our work machines. They run IE 6. IE 6 came out in 2001. Stuff developed back then had to support IE and Netscape. Firefox didn't even exist. Now you want to spend good money to get it to support Firefox? Where's the business case for that? It works fine in IE, so people can just use that.
posted by smackfu at 7:44 PM on September 1 [1 favorite has favorites]

I am certainly willing to concede that it's pretty absurd for a company to restrict the users to one browser. Hell, none of the companies I've worked for had any such limitations. Sure, firefox might not work with some internal pages, but that's easily fixed -- just switch browsers. If you don't know what you're doing, just use IE.

But the example in the article is no ordinary company; it's the state department! Their security concerns must be, and should be, exceptionally severe. It's a very stupid example to give, since it is such an exceptional case. But those of you railing against this kind of restriction might want to consider these special circumstances.
posted by Edgewise at 8:15 PM on September 1

Where I work, I'm not permitted to adjust the length of the Quick Launch bar. I can put shortcuts there, sure, but I can't make it any wider to permit additional shortcuts to be displayed. When I called IT and asked them if they would unlock this for me, they said "no." When I asked why, they said it was due to "security concerns."

...

I'll just let that sink in for a minute.

...

In my former career, I was a self-employed IT consultant. Maybe it's because I was self-employed, and therefore not insulated from the necessity of adopting an appropriately customer-service attitude, but the arrogance and apathy of most lower level IT technicians is, in my experience, stunning.

But I think there's an explanation for this. In three of the last four places I've worked, almost everyone that I knew working the help desk didn't actually like technology. They usually fell into it because it pays reasonably well, but they don't exactly go home and play with computers for fun. Personally, I think that's often the source of their bad attitudes: they're in a job they're not actually suited for.
posted by gd779 at 8:26 PM on September 1

In three of the last four places I've worked, almost everyone that I knew working the help desk didn't actually like technology.

I hear this. I think it also explains a lot of the Microsoft-centric attitude I get from IT people. They are, surprisingly, often people who actually aren't that into computers, and therefore don't know about all the options that are out there. They're just people who've done the prerequisite training course.

The IT department called a meeting of the general academic staff at a university I used to work for, to announce their new web information management strategy. They were moving over to Microsoft Sharepoint, at great expense. All us academics who needed to post information on the web would have to undergo new training. It would be fantastic. Of course, the move to Sharepoint would mean that resources in some other areas would be stretched, due to the expense. But it was fantastic.

A lecturer raised his hand to ask a question - "Had they considered any Open Source options before moving to this system?"

The IT guy replied "Oh, freeware might be fine for your home computer, but it's hardly something we should use at a university!".
posted by Jimbob at 8:41 PM on September 1

Y'know, one subject I have not seen brought up here is the wall/fence/moat/chasm/cloud thing that exists when computers slither their way onto the factory floor. All sorts of applications that people use on their desktops suddenly become part of a manufacturing environment... web-based production control systems, excel spreadsheets deployed without any protection, networked programmable controllers, PCs controlling industrial equipment (serious industrial equipment- 250 horsepower electric motors, hydraulic systems with 10,000 PSI pressures) - and support from an IT group that wants to implement a lockdown-and-require-a-logon-after-15-minutes-with-no-keypress on a system that's running data acquisition and controlling the operation of a 24-hour automated test operation. (THAT came out of Sarbanes-Oxley.)
Comments?
posted by drhydro at 8:44 PM on September 1 [1 favorite has favorites]

And don't get me started on the subject of Windows in machine control!!!!
posted by drhydro at 8:47 PM on September 1 [1 favorite has favorites]

In three of the last four places I've worked, almost everyone that I knew working the help desk didn't actually like technology.

In college, I set the curves in my compsci classes on tests. I would complete our lab assignments before our professor had even finished answering questions about them--and then he'd assign me more lab problems, which I also usually finished before lab was over.

People would ask me, "Aubrey, how did you get so good at this? How do you know this stuff? Is there, like, a book or something?"

And I'd reply, "Well, I do have a bookshelf full of programming books. But, mostly, I just play with my computer. You know, just program stuff that interests me."

"What do you mean?" they'd then ask.

Invariably, these kids were not interested in computers. They were in the compsci program because they had an uncle who'd told them that "computers are where the money is." They graduated with the same degree I hold.

A lecturer raised his hand to ask a question - "Had they considered any Open Source options before moving to this system?"

The IT guy replied "Oh, freeware might be fine for your home computer, but it's hardly something we should use at a university!".

My buddy told me this story, word-for-word a couple months ago. So much so that I thought you must be my buddy. Or in the same meeting. Of course, you're across the country from him.

This must be the argument that the Microsoft sales rep uses when asked the same question. They brainwash the local IT execs into parroting it back when they get asked.
posted by Netzapper at 9:15 PM on September 1 [2 favorites has favorites]

but the fuck-ups who developed those applications in the first place

Developers don't write asinine requirements. That's the users.
Developers don't constrain development time. That's the managers.
Developers don't tell you the code is good to go. That's the testers.

Who's fault is it again?
posted by Civil_Disobedient at 3:42 AM on September 2

The issue is that time and time again those freeware programs go unsupported for years, or abandoned all together. Not only that when the guy who set the whole thing up leaves no one understands the administration of it because no one has ever worked on it before. There usually is no hard documentation, no training classes, no consultants that can help you out. It's usually only a couple people who you will be able to escalate issues to. If you never had to figure out an issue with a major system that is almost completely undocumented, and badly put together then you have no idea what you are talking about. These problems when there is no one to escalate to can delay for days and sometimes weeks. This by far out weighs the cost of a industry supported product.
posted by LouieLoco at 5:03 AM on September 2

ChurchGuy, I was you about ten years ago. Then I got a job in a bigger company, and then an even bigger one. And now we have web-based applicaitons that simply blow up when the user has loaded WeatherBug or the Yahoo!Tool!Bar! or some cursor-animation program.

It's against the policy they were handed when they were hired. It's against what the Help Desk staff told them. And it's their own damn fault. But we get the calls and the shouting and the wsted walkign across campus when they do it.

Can I fix it? Why, no: it's in two widely-used programs from some of the biggest software companies in the world, and it runs on arguably the most popular web browser [IE, though it can work in Safari and Firefox, too] on the planet. And it's not something that we can change.

Computers are tools, and like many tools, when improperly handled they can hurt you. (Ever hit your thumb with a hammer? Did you swear at the hammer? Later on, would you really blame the hammer, or the hardware clerk who rang it up for you?)

So, you know, ssshhh, the grown-ups are talking.
posted by wenestvedt at 6:07 AM on September 2

Developers don't write asinine requirements. That's the users.
Developers don't constrain development time. That's the managers.
Developers don't tell you the code is good to go. That's the testers.

Who's fault is it again?

Ain't support's fault. Support has to pick up the pieces for all four of you fuckers.
posted by grubi at 7:46 AM on September 2

Invariably, these kids were not interested in computers. They were in the compsci program because they had an uncle who'd told them that "computers are where the money is." They graduated with the same degree I hold.

QFT
posted by kableh at 8:06 AM on September 2

Let's not lose sight of a simple truism here as well...IT people, like all groups of people, aren't homogenous. There are assholes in pretty much EVERY group you can imagine. And there are slackers.

I chose IT as a career, in my late twenties, because I realized I really did poorly in a job that involved a lot of repetition. I also realized that I had strong troubleshooting skills, independent of the issue at hand, so figured with some learning, I could excel at that in IT. I'm quite good at my job, if my career path tells me anything.

Still though, I don't go home and goof off with computers. Forty hours a week is good enough for me. I don't buy the argument that this makes me a poor IT worker though.

Yes, there are draconian approaches at times. But people seem to consistently fail to understand the concept of Total Cost of Ownership. Yeah you are all individual snowflakes, but NO organization of any size can write policy that incorporates all your individuality into POLICY. So, as a result, sometimes you can't do what you'd like with your computer. Fixing the machines you mess up, or dealing with security breaches brought on by you using unmanaged software, etc etc, is too expensive. People can do enough damage as it is. Also, as someone else mentioned, most mefi users, wouldn't fit the profile of the scary ones in my office. The scary ones, likely wouldn't be reading this site. Although, sometimes the ones who know a little bit are a LOT dangerous. All the amateur haxors can be a real pain the in ass.

I'm sure some organizations are too strict, for example the idea that you quick launch bar width is sacred, and changing it is a security risk? WHOA. That's nuts. But sometimes you end up securing too much in order to make sure you've secured ENOUGH. Too lax an approach, and we, and the organization end up paying for it in the long run.

As I said previously, even in a fairly restricted environment, I find some users are able to fuck up their machines...if they had admin rights, we'd be imaging machines weekly, so that they could install e-card spyware? Fuck that. Our department DOES try to facilitate WORK, we really do, we try not to be an obstruction. But at the end of the day, this organization can't risk exposing our PHI (Personal Health Information) via an unrestricted environement. So, no, you can't install firefox. If you can give me a reason why it would help our business, we'll consider it. But, come on people, to expect unrestricted freedom with something so laden with attack vectors*? No way.

Boy that sounds dramatic eh?
posted by Richat at 8:16 AM on September 2 [2 favorites has favorites]

not only that but when you get to a high level the work you do you would NOT play around with at home. Its one thing when you are in a compsci class and you have a my-sql database that you set up at home to keep your muffin recipes. It's another thing to play around with a core switch, or a high level san. Most high level guys don't mess around too much at home. There's no time, considering any real productive IT time at home is spent studying for a certification.
posted by LouieLoco at 9:09 AM on September 2

Developers don't write asinine requirements. That's the users.
Developers don't constrain development time. That's the managers.
Developers don't tell you the code is good to go. That's the testers.

Hi! Welcome to 1980 where developers get paid a lot of money to do... nothing?

All those points are absolute bullshit.
posted by GuyZero at 9:21 AM on September 2

heh. I worked on plenty of IE only intranet projects back in the day. Not that there was anything in them that would explicitly break NS, we just didn't test it on there or put in any of the hacks youy;d need to make stuff work on both.

Standards based development? What are you talking about?

Anyway, I don't worry too much about those sites - if I'd have coded them to work on Netscape 4 as well they'd be double broken today.
posted by Artw at 9:25 AM on September 2

Please cancel Google from my computer.
posted by game warden to the events rhino at 11:37 AM on September 2

Please cancel Google mail from ~~my computer~~ the Internet.

So that was you!
posted by It's Raining Florence Henderson at 12:37 PM on September 2

> That's because you have to. HFS+ routinely forgets directory and file permissions, so users need to run Disk Utility on a whim to get the OS working again. AFS works well enough, but Apple's file server, again, routinely forgets its permissions leaving you to "propagate permissions" on your file server to fix random "user joe can't access this file he made yesterday even though the permissions say he can" bugs. ACLs are a kludge on top of a decades old file system HFS+ that doesn't really work that well to begin with, and the server tools are slow, and oftentimes useless to address your needs if anything bad happens.

Totally off topic, but since I do this for a living:

HFS+ doesn't 'forget permissions', another system tool, app, or installation may have changed them for you, but it isn't actually flaking out. This was a major problem when most developers weren't taking the time to read up about umask and understand that os x was running on a unix system with permission models adapted from it, or even to bother to read how to make a .pkg. Apple has gone a long way to provide more developer tools and resources to clean that up.

I have spent a lot of time locking down machines and getting close to the same level of group policy management that Windows users have, in fact I was asked to do just that a few weeks ago, because they wanted parity with their Windows Desktops. There are still some tools and resources lacking that Windows has just out of being in corporate space for a much longer time. But to say you have to leave macs completely open and not locked down speaks more to not knowing how to lock one down than lack of features (or presence of bugs and inconsistencies) in OS X.

Yes, it is sad that apple still does not have a way to role back updates, and their server admin tools are still extremely immature compared to something from Microsoft, but you don't need to use them if you know what you are doing. You can do a lot of it the same way you can dig into a *nix box, just using a different subset of tools to manage it.

And their enterprise support is kind of a joke, but that also keeps me employed, so I can't complain too much about that. Trust me, myself and coworkers can give you a list of everything we know is wrong about Apple and their space in IT, but at times they are also just a really good fit for the tasks at hand, and they can actually integrate into other systems fairly well (fun fact: OD is LDAP and Kerberos and some special sauce, AD is LDAP, Kerberos and some special sauce, if you really know how one works, you can read the diff and know most about the other as well).
posted by mrzarquon at 10:16 AM on September 3

Make users fix their own damn mistakes. It reduced productivity? Dock pay.

Boss: You're fired.

Exactly. Except the Boss is talking to the User.

At every office I've worked in if a user downloaded spyware they're be reprimanded at minimum.

About half my job involves opening attachments emailed to me from people I've never met. These are .pdfs, Word docs, jpegs, ppt slides, and so on.

I don't get to decide what kind of virus software gets installed on my particular machine or on our network, and I don't get to decide to not do the part of my job that involves wrangling attachments from strangers.

I'm really fucking glad you're not the boss here.
posted by rtha at 11:46 AM on September 3

Good grief. If your job is to clean sewers no one is going to hassle you for coming home covered in shit. Most people don't have a job requirement to handle the electronic equivalent of infectious biowaste.
posted by GuyZero at 12:08 PM on September 3

All those points are absolute bullshit.

Yes, the corporate world is filled with it.
posted by Civil_Disobedient at 5:51 PM on September 3

Since I'm catching up on all my metafilter, I made it all the way through here in a go, and currently doing IT, I figured I may as well weigh in. Later than is relevant.

IT/Helpdesk- Like janitors. Yes. Nearly thankless, dealing with leavings and issues other people wave their hands ineffectually at, and bound by restrictions and protocols that were put there by people who 'have looked very closely at this problem' (I suspect once, in 1976). But, of course, they are still interested in what 'you people on the front lines are doing.'

Users/Employees/Workers- Just trying to do the job. Stupid restrictions put on the system make it hard, and when things go down, making a tough day worse, who wants to talk to some surly misanthrope who's going to berate you for breaking your damn computer. (Especially when it ISN'T your fault.)

I've done both, and while it is fun to play bait the technician/user because they won't do what you want, it is, as we all know, ultimately futile.

Tech Support, like any sort of maintenance work is counted as a loss. That the technologies of computers were so widely adopted, and so quickly, meant that a user-support role was added into upkeep, and made it necessary. By quickly, I mean within the work-lifetime of a single person.

A problem, as I see it, is that machines more complicated than can be generally understood get ran until they break. I know I don't follow the instructions printed by serious-minded people at the car factory as to the upkeep and maintenance of my vehicle. I'm damn sure that the computers I set up for people are not being taken care of according to my little sheet either (though I could flatter myself as 'serious-minded', I know I'm a hack). When I get called in to 'fix' their computer none of the little things have been done for some time, and, while they may not have prevented whatever problem they're having, it would have mitigated the effects.

Corporate rules, as much as I chafe under their reins, are usually there because someone did something in the past to warrant it. Whether at that location, or in the memory of the people who are devising the mandates. This doesn't excuse the excesses, but just like in law, the core principle theory is one of prevention; a sort of never-again.

Outside of being (hopefully) fair- When those users say that their computer is broken, and say no nothing's changed recently, no new hardware, no new software, and then you see one of those fake anti-malwar programs. And that you know they will be the sixth one today who will swear up and down they didn't install it, while all you want to do is swear at them, because you know damn well that this one only installs when you click through the installer process. But you have to be polite; 'ah yeah, that does happen. It just gets through. let's see if we can get rid of it.'

I'll regret that last part, I'm sure, but it's good to gripe sometimes. I'm trying not to blog, really. :D
posted by LD Feral at 5:55 PM on September 8

« Older Out of the Shadows:... | In the next few weeks, NASA wi... Newer »

This thread has been archived and is closed to new comments

Loosening up locked-down corporate IT September 1, 2009 9:40 AM Subscribe

Loosening up locked-down corporate IT
September 1, 2009 9:40 AM Subscribe