I'm both amused and very concerned that my policy of "If I am responsible for a system, then I must have the authority to make any changes" is revolutionary/controversial.

This isn't anything special.

Having the responsibility but not the authority; means you will get paged ad-nausea, and you can't fix bugs. This drives burn-out, both temporary and permanent.

Having the authority means you will take more responsibility for the system. It also means the system will become better and more reliable.

@phessler well, I regularly have huge arguments with developers who "need root/Administrator" but then refuse to be held responsible for the security of their systems.

It really bites both ways: you want root? Then you take the responsibility which comes with it w.r.t. the company you work for. No responsibility? No root.

@cynicalsecurity exactly.

I'm not talking about developers (who should mirror end-user machines as much as possible); but about sysadmins/netadmins. Those who carry the pager.

@cynicalsecurity developers should have to use a 3 year-old system, with a *single* 1280x768 monitor. No more than 4G of ram.

@phessler @cynicalsecurity you know what I want? As a SOC senior who has to gather evidence and find shit on end-user systems, I want Enterprise admin creds. I should have the ability to remote on to any user's box to pull tasklists, memory, etc. as required.

@phessler developers mirror end-user machines with Gbit connectivity to the server, over a local LAN, 16 cores and 64Gb RAM. Oh, and a 27" screen :p

But yes, responsibility comes with access and vice-versa.

@phessler The hole MA(Mastodon) concept is revolutionary, its understandable that people might have a hard time adapting to this new social media reality. Corporate power and the ideology it carries with it is the dominant ideology in our society.

The real social media regolution will come IF places like Mastodon become popular and gain a wright, which I really hope it happens.

@la_torre I was more thinking about and people that have to carry the On-Call Pager.

I am amused that it fits this situation as well :).

@phessler I had to learn this from experience in my career. If your boss wants to give you responsibility for something, demand authority over it. If they say no, then politely refuse the responsibility. It's a setup for failure.

@trondd yea, I do this during job interviews as well. and make it clear, I am quite serious about it.

@phessler @trondd
For sure is the way to go. Responsibility and authority go hand in hand.

@phessler @phessler Oh, I've got stories about this.

I work at a casino. Our local regulator wants us to pull logs off servers our state regulator specifically prohibits us from touching... even though we're responsible for them.

Yeah... fun times.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!