One of the mid-sized corporations I worked for did not allow admin access to developers on production machines. The reasons for this has been outlined by some other posts already, but mainly because the server team was responsible for the servers. It was also part of a strategy to meet Sarbanes Oxley requirements for servers touching financial data.

In order for it to work smoothly, an exact development copy of the production server is required. This is pretty resource intensive in both servers and admins. Second, the deployment of new applications needs to be communicated to the administrators. This took some time depending on the difficulty of the change. Finally, any issues that popped up in the production server that wasn't seen in the development server required "emergency admin access". It usually meant that a server admin and developer sitting at the same terminal working out an issue.

This method, while not being efficient, forced a couple of best practices. First, because development had to be done a replica of the server, the code was already tested on a server that was identical(as possible) to the original server. Second, because the deployment had to be done by server admins, the developer had to document all the steps required to deploy their application. It let the admins know the changes being made, allowed auditors to see the change, and forced the developer to make an application that was reasonably easy to deploy.

Overall, I think it lead to a pretty clean production environment with much fewer "surprises". However, any code you want to put into production takes twice as long and cost twice as much (approximately). To truly evaluate if it monetarily makes sense, the cost of a failure/fraud in a production environment needs to be calculated. I don't think it is always better one way or another. Although, as a developer it sure was a pain in the ass.

BASH can do pretty much anything you need it to do. Windows PowerShell scripting is nice, and provides access to things that are already accessible in "UnixVille". The statement about nothing in UnixVille like it in terms of integration really has no meaning at all. It's like a dumb statement....on steroids. Being a system admin for nearly every operating system around, they all pretty much do what you need them to do as long as you are fairly intelligent and understand them. Almost all arguments I hear otherwise are based on ignorance, elitism, or both.

I couldn't agree more with your comment. This article is a complete waste of time and has no interesting or useful content. It bothers me that technical magazines these days feel like they can get away with writing something with so little substance. It really is an article equivalent of a troll. I wonder if NASCAR magazine writers write about the differences between Ford, Chevy and Dodge just so they can get people fired up. Absolutely not slashdot worthy.

GoDaddy does have the right to terminate my service at any time for any reason. Although stating this is inappropriate for making any argument at all. Using your logic, everyone is potentially violating their policy so no one should ever bitch no matter what they do. If someone said "Hey, Godaddy deleted every account that has any pro/anti democrat/republican materials." You'd say "Don't bitch, they're allowed." If this were the case, I would expect to see an article on slashdot letting people know so they could avoid their hosting service.

As for clause viii, I believe my actions are in the spirit or intent of the agreement. This is again a completely overly broad statement that protects them in all situations. See above why this is a bad argument.

I have looked at clause ii already and it doesn't apply at all to my site. I am storing photos from my wedding, which are not available on any anyone else's site. This is the first argument that is specific, but doesn't involve me.

If indeed the first two clauses incriminate me, then they incriminate every other GoDaddy user. The third clause doesn't pertain to me. Case closed. Thanks for clearing that up.....

I'd expect a smackdown for blatant usage, and am totally reasonable about the issue. I talked to their staff and explained to them the files and the reason I had them. They were unwavering in upholding, what I believe, to be a misrepresentation of their policy.

It is explicitly stated in GoDaddy's contract that I can do anything I would like with files besides "You shall not use the Services as: ((i) a repository or instrument for placing or storing archived files." There are other clauses in the contract forbidding hosting copyrighted works, blatantly offensive things, and viruses. In my situation, and the situation that balsamic moon states, there is no violation of their Terms of Service. If you believe that the use case specified is in violation then just show me where and I won't complain about it.

Your style of development is certainly one way to go about it, but the issues you imply occur with other peoples development methods are rooted in your ignorance of their methods. I can infer this, because if you did understand it you wouldn't be making such statements. Bottom line is that it doesn't effect you, due to the awesome and perfect way that you "make web pages". However, some of us have more complex development issues that require us to put files on servers before explicitly sharing them in a way that is not "stupid and unprofessional".

I appreciate the response to my question. Had I known that GoDaddy was going to interpret their policy in such an obtuse way, I don't think I would have gone with them in the first place. Unfortunately, it is a significant time commitment to move my 18 domains and 2 hosting accounts from their services. So, now I'm required to do something patently stupid (serve all of my content in directory listings) so that I don't violate their TOS.

I wanted to post this so that others could avoid their hosting service if they don't want to be harassed for doing, in my opinion, normal web development.

Your argument makes sense except that I have multiple people contributing to the content on my site. They are uploading photos to the site so that I can load a web album when the photo collection is complete. I don't feel like this use case labels me "incompetent", although I appreciate the criticism. In fact, some very competent people have multiple contributors to content on their site that is uploaded asynchronously. While the content is not available for public consumption that exact moment, it still doesn't make sense to keep this information any place other than where it will eventually reside. It is my contention that this process of web development should be allowed.

Another thing I think should be pointed out, most web albums consist of server side code that process photos on the server's folders. So, "making an album on my hard drive" doesn't make a whole lot of sense in most contexts.

This problem is a non-issue and has been for years. Every Windows, Mac and Linux desktop I have had the pleasure of administering over the last 10 years had an automatic computer lock after x minutes of non-use. It is easy to set up for both enterprise and home users. The idea that this password is "set by the end user and less secure" is just plain silly as it *should* just use the credentials of the logged in user. If this is in the enterprise, it will follow whatever the password policy is corporate wide. If this is an end user, they need to make a secure password, which is their responsibility if they care about safe computing.

For web resources, require re-authentication (the idea that re-authorization plays any part in this scenario is making it needlessly more complicated) after x amount of time. All web frameworks have a built in time out for this reason. You actually have to go out of your way to write something that doesn't automatically time out after a period of time.

To put this bluntly, if you're having a problem with this sort of issue.....you're doing it wrong.

The fact that he is possibly targeting minors, creating risk to them through emotional trauma, and making academic claims about the information he is gathering on online subjects definitely means he should have IRB approval. Any reasonable academic would state that, especially given the risque nature of the study. In fact, given my experience with the IRB, I doubt he would even get approval. It really saddens me that so many graduate students spend their time following the rules just to watch misguided faculty members ignore them. I like the message this sends. Below is a link to their own policy for online research. It does not deviate much from the policies I have seen at the multiple institutions I have attended. To the best of my reading, his research is in flagrant violation of the policies. http://www.luc.edu/ors/irbonlinesurveys2.shtml