>> the operating system is painful to use and never stops being painful to use.
But this is regretful, and slows down everything by orders of magnitude. One of the big problems is lack of EFFICIENT documentation/Quick Starts. The guides are labrynthine in layout, looping and colliding spiders' webs of wtfness.
Access to production and its data should be highly regulated. Ideally no dev machine has any kind of write access to prod - instead it's commit access to a (non-master) branch which needs multiple approvals to be merged into a release branch.
Access to dev environments and their local code? Who cares, let them explore. As long as all code is reviewed prior to deploying, they could even be developing on a compromised machine and the live system will still be secure.
Practically, if your dev machine was compromised by a targeted attacker, they could create commits using your identity and if they compromised another dev machine could approve those commits using their identity. Then the attack would only be visible in commit logs with low odds of discovery before release to prod.
But this is regretful, and slows down everything by orders of magnitude. One of the big problems is lack of EFFICIENT documentation/Quick Starts. The guides are labrynthine in layout, looping and colliding spiders' webs of wtfness.