[Bo102010]

A lot of my problems with IT departments would be solved if the IT folks recognized that people with degrees in computer engineering and computer science tend to be able to take care of their own machines.

Also, if they would quit telling me that I can't run VLC because it's not secure, when they have 3 year old versions of the Java Runtime Environment installed on everyone's PC.

[fuzzix]

"A lot of my problems with IT departments would be solved if the IT folks recognized that people with degrees in computer engineering and computer science tend to be able to take care of their own machines"

But that's not true. I work as a developer or an admin depending on my mood and the money, I would not consider one able to do the job of the other even though I have done each with the same degree in hand.

The discipline of designing stable, maintainable systems & networks or writing code to requirements precisely and accessibly are distinct and often wildly different. Little of it comes with your degree.

That said, my current gig is quite good in that regard: "We support A, B and C. If you want to use X and Z you're on your own. Here are the guidelines on security and patching."

[Bo102010]

I don't doubt that the skills that make a good system admin are distinct from those that make a good engineer.

I do doubt that the people making and enforcing IT policies that, e.g. lead to insecure versions of Java being installed on thousands of machines, are more capable than I am at managing the machine I need to use.

[mkopinsky]

It's not only a question of skills, it's a question of knowledge.

I am a good developer, but I don't have the slightest clue about e.g. ActiveDirectory. The IT department in my company is nothing spectacular, but when it comes to the kind of issues that I know nothing about, I am glad they have set policies that I just need to follow unthinkingly.

[samirageb]

CS/CE offer no discernable value to the IT scene, unfortunately. Define 'take care'. Not install spyware knowingly? Ok great. How about making sure that software you install don't conflict with regular updates that are made to all systems every month? Or what about making sure that you're not introducing problems in the areas of authentication or monitoring, by changing specific settings or services that are running for a purpose. Unless you have ever worked in IT, you likely have very little knowledge on the havoc you could cause for seemingly simple changes.

As for JRE vs. VLC, how do you JRE's status isn't simply a false negative? How many applications in your organization actually utilize the JRE? Is it a non-issue? Are you aware if there are any measures already taken to mitigate known JRE exploits? There is quite a large difference between exploits that exist in an environment vs. those that exist in an application that you actively execute.

Granted I'm not defending the specifics, I personally think VLC is likely fine. But that doesn't change the points made above. In IT, it's always better to go with the devil you know, than the devil you don't.

[petervandijck]

"Better to go with the devil you know, than the devil you don't." The devil you know. Better for you. Meanwhile I get sabotaged from doing my job well. And my job impacts the bottom line more than yours.

[samirageb]

"My job impacts the bottom line more than yours."

That couldn't be further from the truth. If I make mistakes, websites, phone systems, <insert service name here> become inaccessible for an unknown duration. That's best case. Worst case, data loss. Depending on the nature of the outage, it could ruin the company.

Try selling to a potential customer when their email domain continues to get bounced, or their voice mails never reach you and you'll find out very quickly who has a greater impact on the organization.

[oz]

Well that's fine, as long as you're willing to accept the blame when things go wrong. But most companies simply don't work that way.

[ryall]

Think of it like this: Why are people still coding in Python 2.x?