[t90fan]

probably?

Every tech company I've ever worked at, normal devs have had administrator access on their own Mac or Linux workstations, its only usually the sales/product folks who have locked down Windows machines.

And most SRE folks have sudo access on production VMs too

[incomplete]

fwiw i think the article is talking about root on their lap/desktop machines, not production.

and regarding production, pure root access was revoked for everyone YEARS ago and replaced w/user and admin role accounts. admin was severely restricted, and could do most (but not all) things that root could do. this was for a server only, not accessing anything in borg/omega.

also, if a rando package was installed on a prod server there are safeguards in place that would detect a change and wipe it immediately. in my time that was called the 'assimilator'.

i'm sure that a very, very select few have actual root/sudo.

(disclaimer: i worked there 03-11, the role accounts were rolled out in 08 or 09 IIRC. things could be different now, and if so probably even more restrictive)

[dnr]

It wasn't quite immediately, it would take a few hours to detect+revert. And that was only the root fs, there were other places to hide things if you really wanted. But then there were other detection systems too. (Probably fairly different now, I left in '11 too)

[incomplete]

turtles all the way down...