|
Volguus posted:Yes, you can install and start the hyper-v subsystem which will enable you to install other VMs on the OS and prevent you from installing other virtualization technologies but the main OS runs on the real hardware. It would be insane and fantastically stupid to do it otherwise Tell that to IBM. They basically invented virtualisation and theyve been running the main OS on top of a hypervisor since the early 70s. It's a perfectly viable strategy. But I dunno maybe you know everything and are smarter than the people who literally invented this technology before I was born 
feedmegin fucked around with this message at 00:14 on Nov 5, 2017 |
#
?
Nov 5, 2017 00:11
|
|
|
|
| # ? Apr 23, 2024 13:15 |
|
|
Munkeymon posted:I'm not sure if I'm using this right, but I put in the skills I regularly use and it said I'm underpaid by about 10k. Then I just heaped in everything I could think of that I've ever used/done professionally, even for smaller projects or maintenance and it's saying I'm 20k under :\ I added "PostgreSQL" to mine and it dropped my expected salary by $1k  On the other hand, it was nice to get to see the "years experience + location" bell curve. That was the way they decided salaries at my last office and the CFO treated those numbers like the world's biggest secret.
|
|
#
?
Nov 5, 2017 00:58
|
|
|
Volguus posted:This has nothing to do with the relationships. I have over 20 years of experience and I like to think I am a professional at work. All these roles are needed, but just like I do not go to the PM to tell him to switch to LibreOffice for his excel needs or tell the sysadmin to definitely only use OpenBSD for his servers (duh, he would be an idiot to do otherwise) or configure the internal network to a 10.0.0.0/8 subnet I also expect me and only me to be the decider of my tools. Ultimately in a company everyone supports each other and if you make my life miserable (nazi, daddy issues or whatever) everyone will loose. And yes, I can tell one to go gently caress themselves in a very professional manner too. I'm absolutely certain that the sysadmin is restricting what you use solely because he wants to mess with you. It can't possibly be for any other reason. There's no way he has a boss or anything. Or had a security audit. Or had some other issues with insecure software being used on the network. Or literally anything else. Organizations are bigger than 1 person. Get over yourself.
|
|
#
?
Nov 5, 2017 01:04
|
|
|
You sure do call your sysadmin a nazi a lot. Your tendency to massively and ridiculously exaggerate makes me think that maybe this whole VM thing isn't as big of an inconvenience as you're making it out to be.
|
|
#
?
Nov 5, 2017 01:20
|
|
|
On one hand, this virtualization thing doesn't matter much. On the other hand, this is exactly the kind of minor poo poo that bad companies lose their better developers to.
|
|
#
?
Nov 5, 2017 08:37
|
|
|
Blinkz0rz posted:I'm absolutely certain that the sysadmin is restricting what you use solely because he wants to mess with you. It can't possibly be for any other reason. There's no way he has a boss or anything. Or had a security audit. Or had some other issues with insecure software being used on the network. Or literally anything else. I thought the idea was that the developers work inside a VM sandbox where they can install things? But that wouldn't solve any of the problems you list here (especially "has a boss").
|
|
#
?
Nov 5, 2017 13:07
|
|
|
Mniot posted:I thought the idea was that the developers work inside a VM sandbox where they can install things? But that wouldn't solve any of the problems you list here (especially "has a boss"). That's the standard "I'll comply with the letter of the law" policy that I've seen in a whole bunch of places. The VM software is on the list of approved software to install on the official corporate machine and whatever the dev does with it is their business.
|
|
#
?
Nov 5, 2017 14:03
|
|
|
If I install rear end-loads of malware on my VM it's still going to flunk all your security audits (I mean, if they're worth anything). If you have a boss who makes random demands they can demand that the VM be equally locked-down. If I install an editor on my VM that copies all opened files to the cloud, you've still lost control of company IP. So if we don't gain any advantage from locking down developer machines, what's the point?
|
|
#
?
Nov 5, 2017 14:23
|
|
|
I kinda missed the beginning of this It's also always come with the caveat of "it's OK if you don't want to use the VM but you're on your own for support".
|
|
#
?
Nov 5, 2017 14:38
|
|
|
Mniot posted:If I install rear end-loads of malware on my VM it's still going to flunk all your security audits (I mean, if they're worth anything). If you have a boss who makes random demands they can demand that the VM be equally locked-down. If I install an editor on my VM that copies all opened files to the cloud, you've still lost control of company IP. Where I've been it's a policy that gets applied across all machines, including devs. The goal, of course, is to prevent random BAs, sales folks, etc. from installing whatever they want. I dunno, I just feel like raging out about having to use a VM and complaining about performance is one of those things that someone who doesn't think or care about the big picture does.
|
|
#
?
Nov 5, 2017 14:44
|
|
|
Jaded Burnout posted:I kinda missed the beginning of this Vagrant is great (though Docker containers can also work as a replacement). But that's a method of controlling the execution environment so that you don't have to deal with stupid stuff like "I forgot that I put ~/bin in my PATH, that's why nothing works for you". You do all of your work on the host machine and you just go to the guest to compile and run, so it's headless. Volguus is talking about locked-down development machines where you can't install Sublime because it's not on the approved list. The presented solution is to give developers a VM to live in, presumably with a GUI and window manager and everything, and let them make a mess of things in there so that the host system can comply with IT rules. I feel like a company that want you to jump through pointless hoops because they're unable to write a policy like "some groups of users get root privileges and limited IT support" is probably not a company you want to be working at.
|
|
#
?
Nov 5, 2017 15:09
|
|
|
I think at this point most of us are just kind of baffled by Volguus' repeated reference to his coworkers as being nazis. Like, if they're that bad, why don't you leave and work somewhere else? Or is it that this is the only place that will employ someone who calls everyone they don't like a nazi?
|
|
#
?
Nov 5, 2017 15:33
|
|
|
TooMuchAbstraction posted:I think at this point most of us are just kind of baffled by Volguus' repeated reference to his coworkers as being nazis. Like, if they're that bad, why don't you leave and work somewhere else? Or is it that this is the only place that will employ someone who calls everyone they don't like a nazi? Perhaps he should stop working at the party offices of the National Socialist German Workers' Party. Industry pays better anyway tbh.
|
|
#
?
Nov 5, 2017 15:56
|
|
|
Mniot posted:Volguus is talking about locked-down development machines where you can't install Sublime because it's not on the approved list. The presented solution is to give developers a VM to live in, presumably with a GUI and window manager and everything, and let them make a mess of things in there so that the host system can comply with IT rules. I worked adjacent to a place which had dev laptops with two nested VMs. The dev team weren't allowed to install unapproved software, which included vagrant, so you had the physical laptop with an IT-controlled VM on it, and in that VM was vagrant running another VM for the reasons I mentioned above. This was acknowledged as ridiculous by all involved but far easier than affecting change in the organisation. In that sense the technology wound up mirroring the team itself.
|
|
#
?
Nov 5, 2017 16:26
|
|
|
TooMuchAbstraction posted:I think at this point most of us are just kind of baffled by Volguus' repeated reference to his coworkers as being nazis. Like, if they're that bad, why don't you leave and work somewhere else? Or is it that this is the only place that will employ someone who calls everyone they don't like a nazi? It was all a hypothetical since the place I work at is a startup with 3 people and we don't have an IT guy. Everything started from that post where the sysadmin has been locking all of their computers. The fact that I'm calling that sysadmin a 'nazi' is because that's what such a sysadmin is. He has a boss sure, he has requirements, that's true, but obviously no thinking has been done on the impact on others, namely the developers. If you don't think about me, why should I think about you? If one side of the company is actively sabotaging the other .. then wtf? Of course it would be time to just call it quits and wave them goodbye. Which is what normally happens in companies in situations like this. Said sysadmin has ways and tools to monitor and control said computers without the developers even noticing (so that you can see a malware being downloaded and executed), but that requires a bit of more work and knowledge about the system. Taking the easy way is, surprise, easier though. But i guess everyone just reads and remembers what they want to read and remember. Anyway, this dead horse has been beaten since probably 2 pages ago.
|
|
#
?
Nov 5, 2017 16:46
|
|
|
Funny, I always though that the Nazis were an early 20th century German political party who set up a totalitarian regime, waged war against all of their neighbors, and engaged in large scale ethnic cleansing. But I guess your sysadmin is pretty bad too.
|
|
#
?
Nov 5, 2017 17:09
|
|
|
I'm nazi-ing the problem here.
|
|
#
?
Nov 5, 2017 17:21
|
|
|
ultrafilter posted:Funny, I always though that the Nazis were an early 20th century German political party who set up a totalitarian regime, waged war against all of their neighbors, and engaged in large scale ethnic cleansing. But I guess your sysadmin is pretty bad too. This hypothetical sysadmin also killed millions of Jews, but that's not super relevant to making people use VM's.
|
|
#
?
Nov 5, 2017 18:03
|
|
|
Blinkz0rz posted:Where I've been it's a policy that gets applied across all machines, including devs. The goal, of course, is to prevent random BAs, sales folks, etc. from installing whatever they want. If you have a lovely job that has a bunch of stupid rules that they shrug off with 'well that's just the policy' and treats you like a child incapable of figuring out how best to do your job... a real positive change you can make in your life is finding a new job. Miss me with that 'big picture' poo poo -- obliviously making work harder for your employees is the quickest way to get rid of all the good ones. Mao Zedong Thot fucked around with this message at 19:16 on Jun 13, 2020 |
|
#
?
Nov 5, 2017 18:19
|
|
|
InfrastructureWeek posted:If you have a lovely job that has a bunch of retarded rules that they shrug off with 'well that's just the policy' and treats you like a child incapable of figuring out how best to do your job... a real positive change you can make in your life is finding a new job. I mean, you're not wrong. It's just that I can think of a whole bunch of cases where you need to have stringent security controls applied to everyone who works at the company. This is usually the case in companies that deal with sensitive data and/or where software is not the primary product rather than companies that produce the next great fart app.
|
|
#
?
Nov 5, 2017 18:41
|
|
|
Jaded Burnout posted:This was acknowledged as ridiculous by all involved but far easier than affecting change in the organisation. In that sense the technology wound up mirroring the team itself. This should be the title of either the "working in development" thread or the coding horrors thread.
|
|
#
?
Nov 5, 2017 22:08
|
|
|
Blinkz0rz posted:I mean, you're not wrong. It's just that I can think of a whole bunch of cases where you need to have stringent security controls applied to everyone who works at the company. I worked in a secure environment where there was no internet access, and there was another machine (that I did not have access to) that was not allowed to have any external storage attached. The developers who did work there had to write sensitive code directly on the machine, and when they had non-sensitive code they had to print out the source, take it into the secure room (no more than 50 pages at a time), and type it in. That was a huge pain in the rear end, but everyone knew what they signed up for and the place was honest about doing security in a paranoid way. What you're describing is like if you weren't allowed USB key-drives, but you did have an internet connection and then other devs were like "yeah, just go to the command line and do 'curl koolkode.ru | bash' why're you acting so angry? This is how we do security compliance "
|
|
#
?
Nov 6, 2017 00:39
|
|
|
Munkeymon posted:A local VM with device passthrough isn't going to be noticeably slower unless you're running on some really crappy hardware or have hosed up your VM/container settings. oh hey thats me. i really enjoy it because it gives me tons of flexibility over how many and what kind of machines i have available for development, and makes it relatively trivial to migrate to new distros or hardware as i see fit in a sane manner. i can also anecdotally say its made our it support's life 100% better now that they don't have to janitor dev machines. one thing i'll say is that running a vm on ec2 is an entirely different experience compared to running a vm on a local development machine because of all the work people in ec2 have put into it as well as the context in which that vm is running. i see objectively better performance compared to some other setups i've had on top of the benefits described above.
|
|
#
?
Nov 6, 2017 07:33
|
|
|
FamDav posted:oh hey thats me. i really enjoy it because it gives me tons of flexibility over how many and what kind of machines i have available for development, and makes it relatively trivial to migrate to new distros or hardware as i see fit in a sane manner. i can also anecdotally say its made our it support's life 100% better now that they don't have to janitor dev machines. This is really interesting, I hadn't thought about this approach and now I'm starting to think about it, having an isolated dev VM per client would be an interesting take for me. I don't use VMs on my laptop because I chose portability over power, and have generally found the whole vagrant approach something of a clusterfuck. Could you talk more about your workflow / mechanisms on this, either here or elsewhere if not apt for this thread? Are you limited to vim etc since you don't have local disk access? (most approaches I've seen use local NFS mounts so GUI editors can be used). I have lots of questions. Jaded Burnout fucked around with this message at 10:25 on Nov 6, 2017 |
|
#
?
Nov 6, 2017 10:22
|
|
|
Jaded Burnout posted:I'm nazi-ing the problem here. It's me. I'm the Nazi dick that's suggesting devs might not be any better about security than the dirty unwashed salesmonkeys and I'll go to the gallows at Programmer Nuremberg without declaiming my position.
|
|
#
?
Nov 6, 2017 15:26
|
|
|
Jaded Burnout posted:This is really interesting, I hadn't thought about this approach and now I'm starting to think about it, having an isolated dev VM per client would be an interesting take for me. I don't use VMs on my laptop because I chose portability over power, and have generally found the whole vagrant approach something of a clusterfuck. Same. Detail on what kind of apps you're building/what type of work you've found smooth in this workflow would be awesome.
|
|
#
?
Nov 6, 2017 16:53
|
|
|
Jaded Burnout posted:Could you talk more about your workflow / mechanisms on this, either here or elsewhere if not apt for this thread? Are you limited to vim etc since you don't have local disk access? (most approaches I've seen use local NFS mounts so GUI editors can be used).
|
|
#
?
Nov 6, 2017 16:54
|
|
|
Munkeymon posted:It's me. I'm the Nazi dick that's suggesting devs might not be any better about security than the dirty unwashed salesmonkeys and I'll go to the gallows at Programmer Nuremberg without declaiming my position. It's at least 80% true. minato posted:I've seen sshfs used to mount remote directories for local editing, but as I recall it wasn't very performant I've vaguely heard the same thing, though less "performance" and more "stability" since I live in Ruby world where there's not much background file access.
|
|
#
?
Nov 6, 2017 17:26
|
|
|
Trying to do security like you’re in a big corporate environment when you’re in a start-up is pretty bad honestly because almost all security measures in those environments are culturally more about protecting loss of information to adversaries than oh... making sure you guys get work done to not be loving homeless. I like my security decently tight but there’s a lot bigger fish to fry at a company with less than 30 people unless you are literally a contractor in the government where your job is fundamentally to do government work for less pay (aggregately).
|
|
#
?
Nov 6, 2017 17:48
|
|
|
necrobobsledder posted:unless you are literally a contractor in the government Bingo. That's where the matryoshka VMs were. Jaded Burnout fucked around with this message at 18:01 on Nov 6, 2017 |
|
#
?
Nov 6, 2017 17:56
|
|
|
necrobobsledder posted:Trying to do security like you’re in a big corporate environment when you’re in a start-up is pretty bad honestly because almost all security measures in those environments are culturally more about protecting loss of information to adversaries than oh... making sure you guys get work done to not be loving homeless. I like my security decently tight but there’s a lot bigger fish to fry at a company with less than 30 people unless you are literally a contractor in the government where your job is fundamentally to do government work for less pay (aggregately). Oh agreed, but, if you have a goal involving growth rather than, say, getting acquihired by GooFaceZonSoft ASAP, you'll want to at least start off being somewhat safe because it'll just get harder to lock stuff down once people are used to just downloading and installing whatever whenever. I've seen how long it can take to clean up after that kind of thing and how much people resist. Thankfully, I was mostly a spectator. "What do you mean we're getting sued because someone noticed 100 home licenses registered to a series of consecutive ####@nextgenfart.app addresses?!" is a threat to your business just the same as not getting enough work done. Balance the concerns as needed, but please don't assume developers are special snowflake security experts. Also please don't mandate AV on their machines - it doesn't deal well with that sort of workload and gets real suspicious about legitimate tools 
|
|
#
?
Nov 6, 2017 18:20
|
|
|
When I started at my previous company they were just getting out of a four year period where there were two networks, one isolated from the internet with the Perforce server and one not. Each dev was issued two desktops, so to code while reading online documentation meant switching between two keyboards. Of course the isolated network was only aspirationally so, since ultimately that code had to get compiled and out into production, so all the build servers and other release tooling hosts had to bridge both networks. Luckily I arrived right at the end of that, when the new head of IT had been on the scene for a year and cleaned that poo poo up.
|
|
#
?
Nov 6, 2017 18:28
|
|
|
Munkeymon posted:It's me. I'm the Nazi dick that's suggesting devs might not be any better about security than the dirty unwashed salesmonkeys and I'll go to the gallows at Programmer Nuremberg without declaiming my position.
|
|
#
?
Nov 6, 2017 18:33
|
|
|
Does giving notice to a boss you like ever get easier over time?
|
|
#
?
Nov 6, 2017 18:47
|
|
|
piratepilates posted:Does giving notice to a boss you like ever get easier over time? Nope. It helps if you know they're also trying to get the hell out, though.
|
|
#
?
Nov 6, 2017 18:48
|
|
|
New Yorp New Yorp posted:Nope. It helps if you know they're also trying to get the hell out, though. drat I was really hoping you wouldn't say that. Its a move I need to make, and we both know it's just business. Doesn't make it feel less awkward though.
|
|
#
?
Nov 6, 2017 19:05
|
|
|
piratepilates posted:drat I was really hoping you wouldn't say that. Try liking them less?
|
|
#
?
Nov 6, 2017 19:46
|
|
|
Skandranon posted:Try liking them less? Can confirm, felt great to quit my last job. Boss was not only lovely but also smug as poo poo.
|
|
#
?
Nov 6, 2017 19:46
|
|
|
piratepilates posted:Does giving notice to a boss you like ever get easier over time? Your feeling of guilt for abandoning your old boss will go away as soon as you get your first bigger paycheck at the new company
|
|
#
?
Nov 6, 2017 20:05
|
|
|
|
| # ? Apr 23, 2024 13:15 |
|
|
piratepilates posted:Does giving notice to a boss you like ever get easier over time? Nope. But it goes both ways. A boss I loved had to lay me off, and he had to leave the room because he didn’t want to get emotional. We later got drunk and talked poo poo about work.
|
|
#
?
Nov 6, 2017 20:56
|
|