Hacker News new | ask | show | jobs
by bongodongobob 494 days ago
I've done IT support for a number of devs across multiple companies and they all expect local admin and admin access to everything. So no, I don't believe they feel it is risky. I believe they don't get it/don't care. It's just not their wheelhouse.
3 comments
idiotsecant 494 days ago
No, it's because the average IT infrastructure is abysmal and getting things done without admin is it's own full-time job filing and following up on tickets and trying to plead your case for the ten thousandth time to the exalted security dieties that you just want to do your job gets old.

Am i bitter? Nah

link
bongodongobob 494 days ago
Totally get it dude.
link
bilekas 494 days ago
This is a different case, if I don’t have permission to talk to the graphics card, sound card, even ram, I’m a restricted engineer.

> I believe they don’t get it/don’t care.

You’re right, anything that’s not obstructive is never worried about.

To me that says you’re doing a good job giving permissions, it’s also your job to manage those permissions, not the developers..

> It's just not their wheelhouse.

Your absolute bang on. And I can say from experience, it’s good you guys are there.

link
bongodongobob 494 days ago
Right and that's the thing, you don't need local admin for that. It can be done granularly or set up a dev env vm etc. It's a pain for everyone to be sure and some routes are easier than others.
link
maccard 494 days ago
I use a company managed machine. If my machine is compromised even in user space, my AWS credentials (which AWS stores in %UserProfile%/.aws) are hosed. Source code? Gone. Cookies from chrome? Gone. Files on the network share that everyone has mounted? Compromised.

If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.

link
bongodongobob 493 days ago
Yeah, that's why you don't do it that way. You're making my point.
link
maccard 493 days ago
In your original comment you said:

> they all expect local admin and admin access to everything

It practically doesn't matter on a single user system. You're screwed whether you're running as an admin or not. My machine has credentials in AppData stored to basically every internal service of my company. On a linux machine, they're all in my home dir - even my ssh keys are compromised.

link
lelanthran 493 days ago
>>> I've done IT support for a number of devs across multiple companies and they all expect local admin and admin access to everything.

>> If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.

> Yeah, that's why you don't do it that way. You're making my point.

I have to admit, I don't get your point here. If I am correct (and, if I am not, I welcome a correction):

1. Your original point was "Devs want local admin or admin access to everything.

2. GP's response was that even without any admin access of any type, he's hosed if his machine is compromised.

How does #2 above support or prove #1 above?

link
bongodongobob 493 days ago
IT does things that piss off devs like not allow python to be installed on the laptop because, yes, having python installed can be exploited. So we lock down the laptops and have isolated dev envs that you use instead.
link