I have made no secret over the years of how the words “please advise” as a sentence by themselves make me reach for my revolver. And I don’t even have a revolver, despite my insistence over the years that tech support staff should be dressed like the Stig and armed to discourage random grabbing in hallways or cafeterias or bathrooms (not kidding). The warning for IT staff should be like the warning posted behind MUNI drivers in San Francisco: “Information Gladly Given But Safety Requires Avoiding Unnecessary Conversation.”
The use of words and jargon outside their industry goes beyond the annoyance of people who say things like “a software”, though. Take actual laboratory science, for instance, where the word “theory” has a very specific meaning. Unfortunately, the rest of the world uses “theory” like scientists use “hypothesis” and that’s how we get the disdain of the holy rollers and their anti-intellectual enablers for things like “evolution is only a theory” or “global warming is only a theory.”
One problem we’ve experienced in every place I’ve ever worked stems from the rise of Mac OS X, a UNIX-alike multiuser system (as opposed to the old-style MacOS/DOS/BeOS single-user turn-it-on-and-go model). We always run into problems over the fact that users invariably want “administrative rights.” Now, in UNIX, the word “rights” has a very specific meaning in terms of defining what any given user (itself a word fraught with meaning, as it refers to an account rather than an individual) is capable of doing to a file or directory on a specific UNIX system. I argued for years at my first job that we should avoid using the word “rights” simply because it was idiotic to provide any sort of nurture to the idea that any randomly selected person behind a desk should have final say over a company-owned resource, including the ability to lock out the IT department tasked with the support of the system.
Now, we find ourselves in a similar spot, a continent away: the combination of company policy and federal privacy and data security requirements will probably require us, at some point in the near future, to start messing around with the constellation of privileges for end-user accounts. The problem is, this toothpaste is surpassing difficult to get back into the tube. For one thing, there’s the prospect of laptop users running into problems while out and about that can’t be solved without administrative access (oddball networking issue? Weird printer driver install?) For another, there’s the added layer of difficulty with having to invoke support for heretofore routine tasks (are we going to have to walk around and run Software Update every week now? Or do it through Remote Desktop? Are we going to staff up to meet the demand?)
The real problem, of course, is that there are occasional users who are very capable and self-sufficient and can be trusted not to do anything stupid to burn their computer down. There are also people who call you up asking for “a software” that somebody told them will solve all their problems – you know, the ones who tend to have four toolbars installed in Internet Explorer. Crafting a one-size-fits-all policy isn’t particularly good, but even more difficult is creating a mechanism by which the right people can get the right privileges while the people with their hands in the paste pot are prevented from doing anything foolish. And worst of all are the toy-boys who want to run things like private VPN and remote control software and then put them on other folks’ computers as well.
Like it or not, if you’re going to run an IT environment with a limited support budget and staff, your only resort is to go full-on black shirt. Lock everything down beyond belief and start unlocking only the things people need as they need them, until you hit some sort of equilibrium. And ideally put folks on Macs with ARD, to make your life easier in terms of malware and stupid-ware.
Or you could just start handing out revolvers.