Slashdot Mirror
What To Do If Linux Sneaks Onto Your Network
BrentN writes: "Network World is running an article on how IT managers should deal with Linux "sneaking in" to their networks, or more precisely, being surreptitiously installed on workstations on their network. Opinions of the IT managers they interview range from 'Reformat the hard drive and fire the person who installed that renegade operating system' to 'Don't ask, don't tell.' The article's author (rightly) points out that this is probably an unstoppable phenomenon."
So it was until I was hired 2.5 years ago, at which point I commandeered a slightly below average machine (P166, 24 MB of RAM) and installed linux. (RH 5.2 at the time.) I just wanted something stable to use for my workstation and something to play with and waste time.
The boss wasn't really concerned 'cause he trusts me, so I got to keep the rogue OS installed when it was discovered. (A co-worker tried the same thing with SuSE and had to dump it for some reason -- a shame.)
After a few months, the boss wanted that machine back into regular service, WinNT and all. So I came up with a nefarious plan -- I set up apache and made the thing into a web server, serving a tech support FAQ for the labs I worked in. (I was a student support tech at a university, you see.)
Now the system had been transformed from my simple toy/workstation to a server that students could use for help. It became indispensible and is still running to this day. The boss and a few of his cronies were impressed with the fact that in 2 years, it has only crashed once and only been rebooted, like, 8 times.
Word got around work how seriously stable linux was and I was offered another job -- setting up linux and unix servers for the entire system there. What started off as a toy suddenly became a phenomenon at work. Recently, I've set up:
- a helpdesk system using MySQL, apache, PHP4 and IRM, a GPL'd helpdesk/tracking package. Gross cost of the system was $0, compared with the $20,000 for a package they were considering (for 2 seats!).
- slash on another system for the students and faculty to use.
- two weeks ago, I set up a Red Hat 6.2 box with apache/PHP4 on it for the frickin' web development department. These are the guys who are paid to know how set up servers and stuff on their own and they couldn't figure out how to get apache to compile.
- this past week, I set up OpenBSD on a box which starting next week will take over for the WinNT DNS piece of crap they currently have running.
There's even talk of replacing their Exchange servers with some linux SMTPs, but that won't be my concern as I'm moving away.The morale of the story is, businesses don't use linux because they assume because it is free and because it isn't Microsoft, it isn't worth their time. At my work, I showed them differently. My new boss is so impressed with linux and now OpenBSD that it's all he can talk about with his colleages. What was a predominantly WinNT environment has, over the past 2 years, slowly become more and more free, with many of their Internet servers making the jump from the crash-weekly NT to linux. None of the servers I've set up for them have crashed yet, and they simply cannot believe it, considering they didn't have to fork out big $$$ to Microsoft for any of the software, including the web servers, OS, etc, RDMBS, etc.
Show the management what it can do. Show them it's stable, affordable, reliable, roboust. I did, and it impressed the hell out them.
J
Well funny to see this article. Here we have the INVERSE of this... If we get anyone sneaking NT or Win00 servers then he may get a hot time with us... Windows servers are not allowed for major network task. Choose Linux, Solaris, BSD, Novell or the Hell. M$ is OUTTA HERE!
This is done for these reasons:
There are some piracy issues around here and we don't wanna take even the slightest risk of supporting a pirated platform, specially after the dumb M$ sneak-under-your-desk-for-pirate-soft campaign in Moscow.
We have a quite long experience with M$ platform soft. On servers the results were from bad to catasthrophic. The only thing we managed to do with such systems was to create small one-task servers for a very specific range of problems and conditions. Our specifics demand that servers should carry several tasks, generally process some terabytes per week and serve a few thousands of users. That is impossible to achieve under an M$ environment.
There is also the financial aspect. We have highly qualified experts. The TCO for *NIX soft is nothing to be compared with Windows. M$ support is frankly miserable here. Windows workstation support is the heaviest cost we have here. Our practical experience has shown that the support for NT reaches 10-60 hours week in a network of 70 machines and needs 2-3 people tied in their seats. On Linux it is an amazing 4 hour/week and requires only one person who doesn't need to stay 'round the clock in his place.
And, to end the financial aspect, we had a case when we paid Microsoft for nothing, just because they force OEMs to bundle soft in their machines. Probably only 10%-15% of this soft is really used here. The rest was humanitarian help from us to Bill Gates...
I fail to see how this is the fault of EITHER samba or NT. In fact, you even said it yourself - "a bad Samba configuration". I've read trough that portion to see about replacing NT PDC's with Samba PDC's, and it sure as hell can't happen on it's own. Somebody made a mistake. Slap his wrist, tell him to think twice the next time, and move on.
I'm a network admin for a large corporation and if anyone installed Linux on their box I could care less. As long as it doesn't cause problems for me (what problems could it possibly cause). Not only that but it shows the mindset the user who does so (installs linux) has. Thats a plus for me; IMHO an educated user is better than an ignorant one. It means I don't have to set up the users email or have them bug me about how their internet isn't working or something of the sort. Infact if all the users on the network were as educated I'd probably be out of a job but at least there'd be no more "It's not working" to listen to.
--Cheers
This should be obvious by now, from what I've covered above, but I'll say it again. It's not yours. You didn't pay for it, you didn't install it, you don't maintain it. The computer belongs to the company, and the company can do with it whatever it wants. How is it you don't understand this?
In some cases this is the case, in others not. For example, in universities, the machines that researchers use are in fact purchased with the researcher's grant money -- not university money. And the people using the computers -- the professors, postdocs, and grad students, generally know far more about computers than the typical community college graduate IT drone. If these researchers want to use Linux, they have probably have a damn good reason for it. The IT people, like the secretaries and the janitors, are only there to support the researchers, but for some reason IT people tend to forget their place in the scheme of things.
What many people don't realize is the troubles that most IT staff have to go through to maintain sanity in a typical company network. Many sysadmins I've met are responsible for keeping hundreds or thousands of machines on speaking terms with each other and the rest of the internet, within corporate policies, and ready to do work at all times. To do this, he uses scripts and other automated tools, and makes assumptions about how each machine is set up - it has the Company's OS, applications, network settings and security measures installed. Unauthorized OS's and applications break these scripts and tools, cause mayhem in the networks and drive sysadmins completely insane.
When some schmuck decides to install something unauthorized on his machine for gits and shiggles, he risks not only his own time and money, but he may be putting the entire network at risk. A misconfigured machine could break entire networks and cost the company thousands of dollars before it is fixed. When this happens, don't be surprised when the BOFH sysadmin rises up in righteous anger and takes his furious vengence upon the luser.
Some sysadmins do make allowances for staffers such as programmers to install Linux and other software on "sandbox systems". Presumably, there is a business need for this software, and it won't fight with present software. They always make it clear that if the software breaks, it is the user's problem to solve, not IT's, and if it causes problems for others, the user is expected to pull the plug and find a solution immediately.
Meldroc, Waster of Electrons
Fade in on IT Department..
A computer starts beeping and the operator looks at it with shock. He stands up and runs over to his supervisor to whisper a few words.
The supervisor runs toward the middle of the room and gets everyone attention..
"Break out the NT CDs! Bring our Exchange server online! Get those Bill Borgs out here in five minutes!"
There is a dramatic pause as the supervisor mutters in a low, gravelly voice.
"Someone's installing Linux on the network."
> Why does this war of words have to continue?
Presumably, Network World is worried about what's going to happen when a well-heeled advertiser goes the way of the Itanic.
Sheesh, evil *and* a jerk. -- Jade
Hello, anyone with a laptop taken to work on any given day.
The idea of 'keeping prying eyes from seeing the data' and enforcing that idea with draconian IT rules is ludicrous. Anyone who wants to see that data will be able to. If internal security is that big an issue, you've got WAY more problems than if linux is 'sneaking in', and probably need to do retinal identification to enter the workplace as it is. For the vast majority of COMMON workplaces though, it's real hard to enforce security-through-obscurity when people have physical access to the hardware.
Typically, companies with "very very strict rules" are those ones who's upper echelons are so totally in the pocket of some major vendor that they swallow EVERY bit of crap, no matter how outrageous, that is in that vendor's interest. If vendor says "Don't let any other operating systems on your network, it could destroy everything!" many policy makers are too ignorant/lazy/busy to know otherwise, and simply make that law. I'm not aware of any IT department who has a CTO/CIO who knows more about details than his/her subordinates.
Companies with FLEXIBLE arrangements are the ones who demonstrate at least some knowledge in what's going on, and a willingness to pad their bottom line through the optimizations and research (unpaid) of employees... or at least, it's a hallmark of a CTO/CIO who realizes that better answers come from employees than from vendors. True, sometimes these things fall down and go boom, but that sort of thing happens even with the most seasoned professional or group.
Any company living in fear of 'rogue OSes destroying the world' suffers from a lack of robust IS planning and needs an overhaul far more than it needs gestapo policies.
--
rickf@transpect.SPAM-B-GONE.net (remove the SPAM-B-GONE bit)
"People will pay big bucks for the luxury of ignorance."
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
Aren't the ones who know what they're doing. And they're not the ones who don't know what they're doing (although they suck alot of time)
They're the ones who think they know what they're doing. There are plenty of people out there (and even here on /.) that think they're the shit because they can install RedHat (really not trying to slam redhat here) off of a bootable CD, or they can extract an Apache RPM and now they know how to run a web server, or they know how to 'program' in perl. Or the guy who used to program Z80 assembly and needs direct access to your SQL Server. These are the people with the most potential to screw things up.
And judging the general responses here, alot of /.'ers are going to loose alot of credibility/ respect with the company and coworkers when they get busted and start ranting about M$ Windoze/Bill Gates/Closed Source. Fair or not, it will happen.
Trolls throughout history:
Jonathan Swift
I have routinely put Linux on my work machine. I dont use windows and never have. I think this is outrageous that someone could be fired for installing an OS on a computer. I work under IT, and I'm a System Administrator, I dont want NT on my desktop and I dont need it. I have always been given 2 machines to work with, an NT box and a Solaris workstation. And as always the first thing I do is put linux on the NT box.
"Destroy their servers and fire them," says Jeff Shapiro, director of technology for the Kingsport, Tenn., public schools.
Hey, if your network's virginity is so precious, install switches and turn on port security.
I have to laugh anyway, I was a teacher for a while, and the idea of an IT person getting anyone fired about anything in a public school system is beyond belief. Even the lunchroom ladies are laughing at this one.
On the other hand, I'm working in a hospital now-a-days. We have had someone more than once (doctors have unlimited self-funding) setup something unauthorized on the network with some poor choices that randomly killed access to something else that was mission-critical.
So now other doctors couldn't get to lab results, patient histories, etc. This is a Very Bad Thing.
The people who pay the IT managers' bosses' salaries did not _ask_ if it can be prevented from from happening again.
It's not Linux that's the problem. For everyone that got hurt with samba's NT pdc hijacking, there was someone that got buggered when an unauthorized WIN2000 server went up and tried to take over the network.
The problem isn't Linux or NT or "the unknown" per se, but rather risk assesment. If you are responsible in any way, when faced with making decisions you have to ask:
1)What does the organization gain from this?
2)What's the worst that can happen?
1) Having a policy of letting anyone setup their own servers is ludicrous. This is something that IT MUST be in charge of. If someone is smart enough to discover a way that Linux/BSD/AmigaDos can make the company run better, then they should understand Linux/etc well enough to make a formal presentation of the specific solution and its benefits. Most people can't do this because, frankly, they do not understand either Linux, WINNT, or Win95 well enough to explain it to someone else. This also means they don't understand it well enough to install or support it except in the most superficial way. Why should IT have to drop what they're doing to figure it out for you? And even if it's a great idea, some things can't go on the general network _today_ because the bandwidth isn't there - consider what a Napster infestation can do to your bandwidth
2)You figure it out next time you're in a hospital bed.
While I agree that it is the companies computer and their right - I still think its stupid.
People work differently. People who like linux and work best in linux, might not work well in windows.
Its like telling a person how to decorate their cubical walls. Sure - certain things would be very inapropriate (like say playboy centerfolds), and its the companies cubical. However - setting rigid standards and forcing people to work under them is just goin gto make the workplace less enjoyable of a place to be.
Making the place less enjoyable will just make people want to work elsewhere. Work already isn't fun, at least give a person the ability to "personalize" the place a little bit.
Now, if their use of linux interfeared with actual work and made it so they couldn't do their job - then certainly the company needs to step in.
However, if they can support the machine themselves, and they can get their job done - then why should it matter at all? I don't know about others but I am all for letting people do what they want - as long as they can get the job done then leave the details up to them.
As for IT support - its simple. You just need a policy that says "This is what we support. This is standard. Diviate from it at your own risk - we will not fix it for you."
--Steve
"I opened my eyes, and everything went dark again"
In a "regular office" the IT department is there to make sure the entire organization is able to work via their computers. That organization is often HUGE and is composed of a bunch of business people who don't know their computer from their butt.
Advanced users and programmers are treated differently in my organization since they display something special: competence. Anytime testing is necessary these people are the ones who we ask to test it, with our help. And although all programs not developed in-house must be approved by IT, there is a clear channel to request such installations. Users can always make a case with management for why they need a program; so what is stopping you?
Yeah, well, that says a lot about Slashdot, but it also says a lot about the nerd population and demographic as well.
Personally, I have *yet* to find GUIs "usable" in the first place, and I try to keep them as stripped-down as possible. If I find a powerful and useful metaphor that helps me out a lot from the GUI camp, I'll let you know, but so far, I'm not impressed, and I'll continue to program with a text editor, toss files around on a shell, and read my e-mail in text mode...
As for Windows 2000, I haven't used it much, but it sounds like a different set of trade-offs were taken in producing it, and it's getting closer to Unix. They must have made it more stable than '98, since they broke some games and applications that were probably using some buggy stuff in the first place.
Hopefully they'll clean up the API enough to make those apps fast *and* stable eventually, and maybe one day, they'll even keep track of their libraries correctly, or implement some real hard or soft links (i.e. at the filesystem level)! Until then, I'll continue to use Linux.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
There was litterally a policy "If you can't fix it in 15 mins, escalate the problem"
Do you why they have this policy? Because they know how much people get paid, how much the insurance and lighting and floorspace costs, lost productity costs due to IT issues, and what the work backlog looks like.
The fact is that the price of managing a corporate network is about 15% software licencing, 15% hardware costs, and 70% labor costs. If it takes 2 hours to fix someone's Pentium, the sad fact is that it would have been cheaper to just throw it away and drop a brand new $800 Celeron box on the person's desk.
Back in my sysadmin days, I was a decent troubleshooter. Yeah, I enjoy it too. I also had pride, I hated to admit defeat, but there was one thing I learned -- There is no such thing as 15 minute problem -- If you can fix it in 15 minutes, it really wasn't a problem to begin with. I also did most of my sysadmin work as a contractor, so I could hear the cash register bell ringing in my head while I was dinking with this stuff.
Files do not magically disappear from an AutoCAD setup. Finding the real problem and CHKDSKing to hell is probably going to take far longer than an FDISK and image dump. One place I worked had a sign in the technicians cage that read Thou Shall Not Open the Case. One of the smartest places I ever worked.
When I hear the word 'innovation', I reach for my pistol.
SHAPIRO: Heh, so, anyway, Trixie, anyway I says to the guy, I says, "You have installed Red Hat on your Optiplex. Prepare to FACE MY WRAFTH!" And then I whipped out my Windows 98 bootable CD and wiped his crappy installation clean off his hard drive. Then I told his boss on him. He's in for a heapin' helpin' of trouble come Monday morning!
TRIXIE: You smell like armpit.
TRIXIE'S FRIEND MARCIA: Good God, did you bathe in sweat this morning?
SHAPIRO: So, what say? Wanna go back to my van and screw?
TRIXIE knees SHAPIRO in the GONADS. MARCIA laughs to herself. TRIXIE and MARCIA leave with A LEET LINUX SYSADMIN.
---------- END
- A.P.
--
* CmdrTaco is an idiot.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
It doesn't take much knowledge to set up an insecure Linux box that will bring down the rest of the network.
It takes significantly more knowledge to set up a secure Linux box.
Something you are not likely to hear anytime soon:
"I worked at a place that gave me a company car. I didn't like that it used gasoline, so I spent the money and time and had it converted to use propane. Propane is not only cheaper, but is also better for the environment."
The problem isn't Linux, the problem is people who are overstepping their authority and possibly creating more work for someone else.
VMware's part of my plan in the event the Network Nazi faction of IT gets its way in my organization. One thing I have yet to figure out is how to patch the executable to allow an arbitrary MAC address, rather than that telltale 00:50:56:xx:xx:xx (00:50:56 being VMware's OUI).
CEE5210S The signal SIGHUP was received.
Where in my post did I say I was not following the rules? I have the good fortune to work in an environment where eye-tee doesn't (successfully) dictate terms to the people they serve.
While there are often legitimate reasons to constrain operating environments, rhetoric (to steal your word) about firing people who dare to install a "non-standard" operating system or application is inflammatory and, in most shops, unenforcable as well. (Often, IT has a job to do other than micro-monitor the users--if they have time for that, they're ripe for downsizing and/or outsourcing.)
While there's an awful lot that can be read into what I posted, the fact is that I only said open source tools that are useful will displace closed source tools that aren't as much so, whether IT likes it or not. Ultimately people with the best interest of the whole organization are in control, not the self serving people in some IT departments that want to follow some particular vendor's line because it makes their jobs easier.
Translation: IT would often like to dictate platform and get paid for mindlessly implementing a single (or few) vendor system to the exclusion of better tools. The people forced to use inferior tools will, (in organizations that aren't dysfunctional, within and outside of the "rules") get around having to use them. Then the rules will change.
(Also, your reference to Brezhnev is quite appropriate--the Soviet Union didn't make a profit, and other organizations run that way won't be making much money in the long run, either. (Although Shapiro is more like a wannabe Stalin, but I digress.))
I wonder if Mr. Shaprio would feel the same way if someone installed Office 2000 on one of their machines. I'm sure they would be more than willing to allow for that infraction. Give me a break, Jeff. Buy a clue and do your homeowrk before you ban anything and fire the individual responsible. Dumbass.
"Klaatu, verada, necktie!" -Ash
What has slashdot come to when the post stories who sources are freaking net-admins for publics schools. ""Destroy their servers and fire them," says Jeff Shapiro, director of technology for the Kingsport, Tenn., public schools." You've got to be kidding me. What power does this guy have. Just because he controls 50 Windows boxes in some lame Novell network in Bumsville, Idaho doesn't mean his opinion has any crediblity or is slashdot worthy.
int func(int a);
func((b += 3, b));
If an IT manager stumbles on to a Linux box on the network that he's never noticed before then is it really worth the extra effort to change it?
I realize some companies have rules about this sort of thing, but maybe it'd take someone being surprised to learn they are really using Linux to get them to wake up to the possibility of using Linux as a viable alternative.
This is not an issue about letting users use the tools they need to work in my company - the issues are ones of security, costs and management. To allow employees to install whatever they want, where they want is basically making any attempt at a security policy futile. I expect most of you have got nice, cushy dot-com startup jobs in Silicon Valley where there is so little of commercial value held on your machines, that this point doesn't matter. Where I work though, we make profits, like to protect them, and therefore take security seriously.
In addition to that, if a user installed NT on my network, I would be reluctanct, because I don't know NT. If the employee goes, I'm shafted. It's the same as an NT admin being concerned about me walking onto a site with *BSD CD in my hand.
Lastly the costs of running a multi-OS environment are much higher due to the fact that you either have to pay somebody who knows all the OSes (very expensive) or hire multiple people to support them (also, obviously, very expensive).
You might think it's all good fun sneaking your favourite OS onto your work machines (I couldn't give damn what OS it is, just that it's not corporate policy), but in my company it goes strictly against the security policy, and therefore as a result, you're looking at a bare minimum of a verbal warning, and possibly immediate dismissal depending on the circumstances.
The company's machines are just that - the company's. They're not yours, you have no right to alter the OS on them, and if you have a legitimate claim for another OS, perhaps you should suggest it and let the people responsible for looking after your network (and therefore your jobs) make an informed desicision. In other words - grow up!
The main gripe I have against IT people is that they think the point of computers and networks is to serve their interests. No! The point of IT is to enable employees to best get their work done, not to provide the most elegant and tractable system for the admins to preside over.
If you're barring employees from using tools that would make them more productive because they don't serve your interests, you're falling short, not them.
You can take my Mac when you pry it from my cold dead fingers ;-)
If Windows Sneaks Onto Your Network
| Ceci n'est pas une pipe.
Addmittedly this is in the hands of the IT department and of the IT manager is all pro-Microsoft there isn't much you can say or do.
But for many it IS posable to turn this around on a grand scale.
Basicly talk the IT into certifying a Linux setup.. maybe a inner office build using Linux From Scratch (optomised to the standard hardware used in the office).
Talk em into a "clean sweep" of the office.. Not just one machine but the whole department.
This will more than cover for the few ITs who say "NO" and refuse to install anything but an approved NT system.
Don't look at all thies situations as a roadblock to getting Linux implemented. It may be a bit of durty pool to get whole departments to drop NT but then this IS how Microsoft plays it and it's not wrong if an intelegent IT dose it for the benifit of the busness. You simply need to sell him on some key points.
(Do some net research I don't really feel to good right now and really can not provide a good rundown of keypoints for selling Linux at this point in time)
Once you have whole IT departments changing over to Linux you pritty much kill all the MsFUD.
I think this may be the short road to getting Linux compleatly into the mainstream.
From there it's a short road to premoting BSD and Solarus as well.. "Linux is just one of many *nix solutions"...
I don't actually exist.
I'd also address why they hadn't felt comfortable talking to me about it. Communication problems can bite you in the ass later on. Mostly, though, I'd be proud, and a little bit scared, to have a fellow geek on board.
>therwise all-closed-source company (yes, official company policy, set by the legal department not IT, forbade the use of GPL'd software.)
So?
Load up BSD then the NEXT time you run into such a road-block.
If they don't like BSD licensed code, point to the BSD copywrites in Windows and ask when they will get rid of that.
Stop thinking the Open Soruce OS world is all Linux.
If it was said on slashdot, it MUST be true!
The scene: an office, filled with cubicles. An IT worker walks down one of the rows, takes a look down a perpendicular line of cubicles, and then, satisifed, turns around, and wlaks in the opposite direction.
A lone penguin comes out of a nearby pool of water (connected directly, of course, to the Alaskan sea). THe annonymous bird leans up against a cubicle, and checks down the corridor. Seeing an IT worker, he ducks back behind cover, and quickly runs up behind when his back is turned, and then ducks down another way. he eventually makes it to the elevator, and presses 'up'.
The penguin removes his infiltration gear, and the words blare across the screen:
METAL GEAR LINUX
Tactical Operating System Installation Action!
----
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
Sorry, I just got done watching Forest Gump.
;)
Yes, I feel for you. I'm one of those programmers that "illegally" installed Linux on my machine. But I was able to prove my productivity due to it.
But....
One day trying to set up a Lab NT machine to verify users to a global account through my Samba/Linux box, I tried a few configurations, and later gave up on it. But what I didn't realize is that I left "local master = yes" and work group equal to my companies domain. Opps!
It took our IT department three days to find my machine. ALL windows machines in my subnet were not able to access net drives or printers. I came in on a Monday morning to see a piece of paper on my machine that read:
ATTENTION: one of your machines is preventing all Windows machines on this floor from accessing the network. We have disabled your port. To be reconnected, call the help desk
Lets just say, they don't like me very much
I don't agree with all that you say, but I do feel your pain!
Steven Rostedt
Steven Rostedt
-- Nevermind
Write a gratuitously inflammatory story about Linux and submit it to Slashdot. Make sure your servers can take the load, though.
. .
"We sat down with them and agreed that they could use their Linux box as long as our phone didn't ring when they had critical problems," Maday says. "So far, we haven't heard one thing from them since the meeting we had a few months ago."
Could this be the second (see MS advert article)inadvertent admission of the day by a Windows IT zealot that Linux has advantages? Or am I missing a trend?
== Idle Random Thoughts. Usual Disclaimers Apply ==
I'd like to see more TV commericals for Linux (not that I watch TV often, but still ...)
... heh, how about MS-backed Corel?);) ...
...)
...
that scenario you named would be hiliarious. Imagine 15 seconds of that followed by a quick, funny blurb on Red Hat (or VA or anyone else with the money to make TV commericals
gentle humor is a good tactic. Portray the particuloar kind of Windows-centric IT bureaucrat who's autocratic, stuck in the past and narrow-minded, and contrast the open minded, creative, dynamic Linux guy. (There are both types in both camps, actually, but the perception I have is certainly the other way
MS has lots of people in marketing, remember. If companies like Red Hat and VA are to survive, they have to at least defuse the MS marketing bomb
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
They always have to mark their territory and demonstrate that the computer I use is their property to do with what they want.
Prepare for a perceptions-shattering revelation: those computers are their responsibility! If you bring in your own box and keep it off of the company network, then go ahead and do whatever you want. But until then don't treat someone else's property as if it were your own.
They are the enemy for anyone trying to get work done.
No, they're the ones who enable stuff to get done. You think the people in accounting and HR know how to configure a network? Hah!
As a programmer I need to install programs all the time. Programs the IT monkey can't even grasp what they are. So he'll say no.
Then segment your network. But all programmers on their own net and let them configure away! Then when you take down the network you only have your peers pissing on you, and not the people who sign your checks.
but in a programming environment, the programmers can usually run the network better in their spare time.
Hee, hee! That's the silliest thing I've ever heard. Please don't remain anonymous. Let us know who you are, so when you get canned by IT we don't hire you by mistake...
A Government Is a Body of People, Usually Notably Ungoverned
Our company did something that I've never seen before; we merged the IS and NetOps into one department. Now you would think that this would cause a great war but it's turned out to be wonderful. When they needed to setup a file server that would talk to all the OS's we showed them how to build a samba box. When Exchange was having problems with open relays and mail floods, we showed them how to have a sendmail box in front of it as a kind of mail spool/firewall. And when I needed to run visio or outlook, they set me up with a switchbox and a windows box. All the sysadmins and programmers are available to ISNOC and input on all projects. That way the best solution (NT/BSD/Mac/Linux/Sun/Cisco/etc) gets implemented. We also act as our own ISP since we push about 1Gb/s out to the net. We have a wide body of knowledge that can deal with anything the users need. Each user is allowed to use the OS that they feel will let them get thier job done.
If you are a large firm that has lots of programmers, admins and IS gurus, get them together and let them rock.
-- I have a private email server in my basement.
First of all, if I were a manager, and another manager from another department tried to fire one of my own employees, I would probably tell them to go take a long walk off a short pier.
However, if the IT department isn't keeping on top of things like this, then they suck. If they don't, today, October 21st 2000, already have a policy on Linux, I would wonder, probably aloud, about where the hell they've been for the past five years, whether they had developed a plan to deal with the release of Windows 3.1 yet, if they'd heard of this newfangled thing called the "Inter-net", and how their horseless carriage has been working out for them.
Thirdly, I think most people understand the need for IT departments to have control over their networks, and that it is important to get permission to modify settings on a machine on the network. However, what many IT departments don't realize is that many of them have no clear path for getting said permission, and it usually comes down to a purely political decision by someone who doens't understand or even care about the user's needs.
So, IT people, before you start flaming people for complaing that it sucks that they don't have any control over their computers, pose as an average employee and see if it's possible, using the resources an average employee would have (IE, not being able to just log in as root and do it) to, for example, switch operating systems, or even just get something installed that would make their lives easier.
I just love the verbage here - making Linux sound like a "renegade", having it "sneak" into an IT department on people's *GASP* workstations! So we are obviously not dealing with a server or production system here - we are talking about workstations.
It is my understanding that most IT departments are SO lax that they don't have the time to worry about what people are running except for those who are always asking the questions - usually these people do not want to run Linux. In most places Linux is ran by Administrators and people who need a real X server or something with a REAL terminal program. Hell half of the people in the Operations Department where I work run Linux with VMWare simply for Outlook.
That said, there's no reason to actually take steps to see if Linux can be installed on a box. Write your IT department or supervisior, explain what benefits you *and* the company will get from installing Linux on that one machine. Make sure you explain you'll be completely responsible for that box from technical support to making sure it works with any priopritary protocols on the current network to making sure that it's secure. The latter point is probably most important; your job will be riding on the security of that box, so *you* need to be willing to take the risk and responsibilty to lock it down to the best of your ability. (This brings up the point how much more secure a well-maintained linux box is even compared to a expert NT person -- but you need to define how secure is secure.)
If they don't agree, then there's probably no reason to stay at that company, if they don't understand why different people need different tools to work. Particually if they are in the IT business.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Network World is running an article on how IT managers should deal with Linux "sneaking in" to their networks, or more precisely, being surreptitiously installed on workstations on their network.
Is this a trick question?
Well, hell, break out the Jolt and pepperoni pizza and party! Next, someone'll be asking you if you have any clear idea of what you'd do if Natalie Portman made a play for you. Geez ....
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
It has always been my impression that the users of the network are the customers of the IT department. Thus, it is the duty of the IT department to make the customers happy or the customers should seek another source for their services. The arrogance of those IT departments who state that they are the Holy of Holies and know all is beyond the pale. They should be given their walking papers because they display a conflict of interest that will destroy the organization that employs them. If I were in the upper management of a company and Linux started to appear, I would start to make inquiry as to why. Things like this just don't happen for a lark. They come about because some need of the customers is not being satisfied. Linux may not be the answer either, but it is a symptom of such a need. To have a IT department that states that they will be unresponsive to that need, is a IT department that will sink a company.
I've put linux at a lot of workplaces, and found that IS is very scared of it at first, but tend to forget about it until they *don't* have to worry about it - i.e. when the latest virus, os update, etc. comes through.
However, there are times when linux has presented valid problems - having samba set up and declare itself the master browser in such a way as to disrupt windows systems from connecting to shares on the domain, etc. (this may no longer be a problem, but it has happened). However this just points to the need to document how new elements must behave, and make it clear that new things must be tried in an environment that is not critical to production. This can teach real lessons and improve networks a lot.*
IMO an IT department that resists change above all else is one that will resist itself out of existance. It's the users that try new things for themselves, and from these evaluations learn new things, that make systems and networks useable.
-Peter
* Anyone else remember when doom first hit big novell networks? Networks were being crashed by the flood of ipx broadcast traffic. Even though this killed business in many places, in the end it fixed configs across the world to keep private networks private. Disruptive events like that, and like linux have to be evaluated and lessons learned. They can't be squashed.
== Just my opinion(s)
Hell, this doesn't just apply to programmers. I'm the sysadmin. My users use a variety of operating systems, both because of personal preference (the animator loves SGIs, the programmers love NetBSD and Linux, the engineers have settled pragmatically for Windows, and the managers are, well, managers -- except for the CEO, who's a Unix weenie just for the sake of Emacs) and because we write software for a variety of platforms. It's not hard to maintain a diverse system like this, and it's certainly not insecure -- it's easier to break physically into our office than it is to steal the appropriate passwords or keys to SSH/PPTP past the firewall, and we trust each other.
So I think that the problem you think you're solving with a fascist policy of "The Company [i.e., the managers or their IT toadies] decides what you get, and you'll damn well use it, even if it's like hammering in a screw with a fish" is actually a problem of either management's misplaced distrust of the programmers, or of actual incompetent programmers and accurately placed mistrust. Either way, the people are the problem; with the right people, fascism can only make things harder.
As for this crap about "It's not yours. It's the company's. They can make you use it however you like.": yes, it's literally true. If my company were run by idiots, I could be ordered to use the wrong tool for a job, and to fuck it up in whatever they please. But you know what? I'm better than that, and I've got a no-notice contract and a year's rent set aside in savings, so I can damn well tell them to fuck off and find a company that will treat me with respect. And you know what else? They know that, and they're good and smart people themselves, and they're not going to do that. They don't consider it worthwhile to hire people they don't trust and respect, and I don't consider it worthwhile to work for people who don't trust and respect me.
<flame> I'm glad I don't work with you. I hope that some day you will grow up and go to work for a company with a future. Do you get off on timesheets, too?
I especially love that comment about how you wish the poster luck finding a job that fits this "skewed outlook". It sounds like you've found your way into an unsatisfying job, and rather than being sensible and getting another job, or being considerate and committing suicide, you're lashing out at others who have some self-respect and have spent the minimal effort to get jobs at places that treat them as the valued assets that they are. Remember: down, not across. </flame>
I respectfully disagree. I happen to believe that the VAST majority of today's Linux users are indeed less than skillful at administering Unix. Inept, if I may say so.
I see it everyday. People who claim to be Linux masters because they've been using this lesser-known distro for so many months/years.
And then I watch them login to their home machine (using telnet no less).
And this is one of the brighter ones who knew to disable remote logins by root. It scares the hell out of me thinking that these people consider themselves knowledgeable. The problem is that these are the people who will go around installing Linux overtop of Windows machines at work without asking because they presume that the sysadmin doesn't know how or (even worse) they believe that they don't need to ask permission.
An intelligent, well-informed Linux user will understand that control over what is deployed on a network is not just a luxury for a sysadmin. He will understand that he's treading on somebody else's toes by installing another OS where it shouldn't be.
For one thing, it's called common courtesy. For another, it's common sense. Unless your job is to maintain the workstation you're given, what the hell right do you have to mess with it? It's a tool, supplied to you by your employer in order for you to perform your work, not a God-given right.
I feel bad ranting like this, because I know there are some very knowledgeable people out there who are locked in by some short-sighted contract signed by even more short-sighted managers. But the reality is that it's not your call. Installing Linux without permission isn't going to help the cause 99% of the time.
--
It depends all on dominant and recessive genes. You'd have a period where there would be a battle for survival of the fittest where linux would triumph.
The only problem is, deep in the back of your subconcious, you'd know that sooner or later, those recessive genes will pop up at the most inopportune time.
With your kind of logic, what's the point in locking doors? An experienced thief can pick the lock anyways, right? Or break it down.
Not to mention you missed the point entirely. I never said nobody should be allowed to have Linux. I only said that sysadmins have good reason to be pissed when someone goes and installs Linux on a workstation without telling them.
--
There's a few rules of using more than one operating system...
FIRST: The mail machine is holy, and must not be used for experimentation or installing insecure or unstable (development) software. If the IT dept issues you your email machine running NT (blah) then keep it that way. And don't take your chances repartitioning and adding linux on the back of the current drive.
*** SEE HERE: the IT guys issue you a machine that they can support, and are required to support, no matter what. When you change that to something other than what it was issued with, they no longer need to support you.
SECOND: When running more than one OS, keep one secure, and stable. if the experimental one goes down, you have the stable one to fall back on.
In my office, my mail machine is NT 4 sp5. I requisitioned two other boxen, one runs TurboLinux and the other has Debian 2.2 Potato (Espy!)
Our mail app runs on Lotus Notes (when will they write a client for linux?!) which runs (slowly) in WINE.
The site is networked with Token Ring, and I have to socksify to use anything outside the intranet.
None of these things would, or SHOULD be supported by IT. They were hired to decide what will be issued, and are bound to support what they issue, not what I decide I would rather run.
I can understand their hesitation at Linux creeping onto the network, they didn't issue it, and will be derided, guilted, and profaned at for doing their jobs and refusing to support it.
A host is a host from coast to coast, but no one uses a host that's close
In my world, it is IT's job to make technology work for the company. Period. If it has to do with Information, and Technology, then it's IT's responsibility to provide expertise.
That said, if someone just ignores policy and installs something over their workstation, of *course* something needs to be done; but not because they installed 'linux'.. simply because they trashed their workstation!
On the flip side.. the guy who says, in the article, 'we allowed our Finnish group to continue to use Linux as long as we could manage it with NDS' is bunk. If you purchase a company that does all their work on linux, you evaluate the total cost of switching them to a different (preferred) system, or supporting their current one. EITHER is a viable option; as the IT manager, it is up to you to provide that support.
SImply saying 'fuck you, install NT' is *NOT* providing support. Showing the boss how the cost of switching to NT & making this fit with your current support structure, and the rest of the organization's devleopment -vs- the downsides of changing the office over, THAT is the way to show it.
The key thing people are blowing out of proportion here....
When Mr. Schapiro-whatever is asked 'what would you do' he responds with what he woudl do if *anything* outside of what people are *clearly informed* is allowed is installed. He does not say 'oh, well normally we wouldn't care, but if it was linux, we'd fire them'. Sheesh.
Communication is absolutely the key. I expect that if the developers need to hook a bunch of linux boxes up to my network, they come to me and say 'Hey, we need to get access to the file server and shit from these LInux boxes, because that's what we're doing our code on now'. As the IT manager, it's my *JOB* to accommodate this (preferably, they tell me BEFORE they make this decision to switch platforms, so I don't have to make a bit of a fuss. The fuss is because the cost of me supporting it must be factored in to the cost of switching over, and may reflect badly on my own budget otherwise.)
Procedure aside.. this is one reason that linux installations sneak (unintentionally usually) past IT: The lack of licensing.
The chief reason that IT departments (well, mine, anyway) wants to approve all software (well, the first reason.. there are two), is because of licencing. We must not open the company up to liability. With linux, the common user thinks (rightly so) there is no licensing, so doesn't need to tell us.
The second reason is, of course, support. Support, as in making sure all our infrastrucutre works as well as possible.
You miss the boat too. Nobody is saying that Linux should be outlawed. I'm talking about employees going behind admin backs and installing Linux (or any other OS for that matter, NT is just as capable of f-ing with a network) without asking permission.
--
In my department we allow Linux systems, but people who intend to install it must notify a computing committee, and they are expected to run only ssh, and possibly smtp and a small, secure, non-cgi capable httpd like djb's publicfile (intended to serve a Java ssh client or test pages, not as a production server). We had a box rooted before this went into place; the user of the box was running an old version of Redhat, and the box was running a buggy, absolutely unneeded amd daemon. The attacker transferred a rootkit and a sniffer using ftp-- the ftp daemon had not been used for anything else in that box, ever...
"The horrors! The insanity!"
Don't be hypocritical by trying to turn the situation around.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Really though, this is just one more piece of software that people are bringing in from home because of a personal preference. In my last company we had people bring in copies of Corel Office suite because they were sick of Word crashing on them so much. We install Netscape on all of the computers we deploy so people can make a choice, and generally make it so that the employees can be the most productive.
Besides, at least Linux is free... How many rogue copies of Quake do you have running around in your company? Most places have at least one guy who has the quake cd sitting in their desk, to be passed around when new people come in or computers get moved around ;)
"Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
Users should not be allowed to install whatever they feel like they want to install without permission. I am at a tech company that is trying really hard to standardize on a platofrm and one type of machine. Do any of you realize what a huge pain it is when someone either has a server running on the network that interfers with other network operations? For example I had a user set up Win 2000 adv server as a desktop operating system, the DHCP server was active. This caused massive headaches and very angry executives. Who got in trouble for this? The user ? NO , IT Client Services did! I can name tons more experiences that I Am sure you have all faced if you are in IT like this. Please, user community just ASK 99% of the time it will be ok we just want to make sure everything will run ok and nothing critical will be interfered with. However, IT is my job dont think you know more than me and even if you you dont have a place to do what you want. I dont tell accountants how to do their jobs, I dont tell programmers how to write programs. I am there to help you so please have the consideration to please ask us beofre thinking your workstation/PC belongs to you, it doesnt ..I am responsible for it.
I'm speaking here with my IT manager hat on, not my Linux geek hat in order to provide a little perspective. We don't hate Linux - in fact, probably the majority of us have a favorable opinion of Linux, too. Some of us even use it in our home/hobby lives, like I do (and have been since '94).
.exe files that people e-mail to each other? We block them at the SMTP gateway. Yes, we're pains in the ass about it, but we have a stable network with very little downtime - and when the latest .VBS virus goes sweeping the Net we're safely locked away with no downtime. On the other hand, we don't filter or monitor e-mail content or web sites. We don't care about speech at my company (which a lot of companies restrict), just reliability and safety.
The problem we have is with unauthorized anything on our networks, not just Linux. You see, planning and running the corporate network is what we're paid to do. In most structured environments, nothing gets installed without IT's thumbs-up. Period. The business (and our jobs) depends on the network's being as stable and predictable as possible, and even though Linux is wonderful stuff, workers are required to use what the company provides because we know it. It's not just Linux that can get a worker fired at my shop. It's any software that didn't come in through our department's OK. And all those cute little
That's an important distinction. Some IT folks just reflexively hate that which they do not know. That's the wrong way to go about their job, but it covers the butt well. My attitude (and our policies are derived from it) is that the company provides the PC, so we get to decide what it runs, based on what you need to do your work. You don't get to decide unilaterally what runs on it - we do.
However, we're not entirely closed off to running "other" things or operating systems. If someone came to us and had a reason they needed Linux to do their job instead of NT, I'd test to make sure it didn't interfere with anything else on the LAN (like a misconfigured Samba could), and they'd get their Linux after we tested it. But the important point here is that we are flexible, provided you follow the "right way" of making sure your software is OK. When people do that, and give us the chance to test things, we approve things unless we find a specific technical reason not to.
But if someday Linux became our standard desktop OS at my company, you know what? We'd fire people who used Windows without authorization. Wouldn't that be an interesting turnabout?
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
This is one of the reasons that I left my old job (Ok that and I was tired of frontline tech support for windows machines and got offered a Unix system programer position)
They didn't want to FIX machines. There was litterally a policy "If you can't fix it in 15 mins, escalate the problem". Anytime the problem required more than a scandisk or running some IT-aproved simple fix - then it was "rebuild" (which used a system much like ghost)
It made the job boreing and unbearable. I ENJOY finding problems. I don't want to have to look at a problem and "blow it away" just to have it surface again in a few months.
As for linux - I was one of those "Insurgent linux users". What was IT policy? Simple..."If its not standard software and hardware - we don't touch it" That was it - anyone can run whatever they want - if it breaks, don't come crying to us (unless its "100% aproved").
Was a very sensible policy, and it worked. Those who were able to manage linux boxen ran them. Those who could manage NT (which was unsupported for Users) could run it. Those who had Macs - could run them (though macs were unsupporte dbut we fixed them - was kind of a weird grey area for political and practical reasons).
Personally I think that what a person uses on their desktop machine doesn't need to be much of an issue. As long as they can handle any issues that come up, and they can get their work done - why does it matter? (other than some people feel a need to feel like they are in control of everything - I never did understand that mentality)
-Steve
"I opened my eyes, and everything went dark again"
Don't be angry. Imagine being in charge of a department wide MS network that constantly has problems from the users up to the servers. The poor souls are killing themselves trying to get things working reliably, and so when someone suggests an OS they don't know or understand, they freak. Don't be angry, pity them.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
I stuck it out for around 8 years at one place doing 3rd line support. I knew just too much about our core product, and was able to resolve more problems than the UK office of the software manufacturer. I was irreplacable - they just couldn't find anyone else who both understood the product and was able to fix it quickly when things went badly wrong, as was proved when I was off sick and confined to bed for a week.
Unfortunately the product we sold began to die off a couple of years ago, and my employer went into publishing their own product, which was clearly inferior to competing products. I ended up doing first line support for this junk, and I also had all kinds of *crap* landed on me by the head of this software team, such as trying to get document conversion libraries to to what they were clearly not designed to do.
After 3 months of this new regime I just walked out of the place, never to return.
This is a pretty ambitious statement, but the real cost in software is support, not the shrink wrapped box. IT departments spend a lot of money on training their staff and supporting their users. That said, they would rather stick with a bad solution that people can use without increased support costs than a better solution with more support costs. This is all about the short term versus long term issue. Sure, these other apps would be better after a few years of usage, but they don't want to pay the support cost now. Making the software free has nothing to do with this.
Besides, who really cares if Linux gets on the desktop or has more installations. It is scarcely different from AOL gaining market share. If you use it an enjoy it, great, but it adds nothing to your user experience if every Tom and Joe uses it as well.
-- Solaris Central - http://w
Lord, if only I had anyone with the nous to do this. I think the worst it would ever get from me is a bollocking for not telling me first so's we could get the thing set up right for the rest of the firm. And anyone I catch installing NT anywhere on my nice shiny network has not long thereafter to live. It's soooo nice being in a firm where the IT policy is "Andrew sorts it all".
-- AndrewD
A Maze of Twisty Little Laws, All Different.
Hey, there's nothing wrong with that, the feeling is mutual.
... :-)
After all, we fire anyone that brings Microsoft onto our network
Well, not really, becauses we'd lose all the fun of the instant bluescreens from the regular background radiation of death packets.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Yeah, because it makes IT obsolete. MSCEs are terrified of the day that they end up in the unemployment line because the users don't need them anymore.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
In fact, at several companies I worked for, where Linux was definitely disapproved and IT was pissed off that I was running it, if the IT manager had pulled the stunt suggested by that quote (reformatting my hard drive), I likely could have gotten the IT manager fired, since I could have easily shown that such an act resulted in the destruction of valuable company property.
A good IT manager does not view the users as the enemy. If an employee is running an unapproved operating system (or any unapproved software), but does not cause a disruption for anyone else, a good IT manager will let that employee (and perhaps his or her manager) know that he can't expect any support out of IT, but that as long as he doesn't cause problems he can keep running it. If the employee's use of unapproved software does cause problems, or prevents that employee or other employees from doing their jobs effectively, then IT can get the employee's manager to intervene.
At one company I've worked for, every time anything went wrong on the network, IT tried to blame it on my machine, but in every case it was in fact determined to be a configuration error on their NT servers. For instance, at one point my machine was getting the same IP address as someone else's, so neither of us could use the network. IT claimed that the DHCP client in Red Hat Linux was broken, and assigned me a static IP address (becase they knew my manager wouldn't let them force me to run Windows). Afterwards, however, the same problem occurred with other people who were only running Windows. It turns out that in the interest of redundancy they were running two DHCP servers, but they were serving up overlapping ranges of IP addresses.
Then, months later, another IP address conflict occurred between my machine and a Windows machine. They were all set to blame Linux again, when I found out that they had expanded the DHCP pool to include several previously assigned static IP addresses.
After that they seemed to realize that I knew what I was doing, and that rather than trying to blame me for network problems, they should have me help out.
I can't stand people like yourself who sit around all day congratulating themselves over how above everyone else they are. You sit in your little cube gritting your teeth because IT won't instantly give you everything you want. You don't give a rat's ass if your freeware Backstreet Boys screensaver f*cks with the network, because you're the only one in your entire office who matters anyhow. They just must not understand it.
It's not your job to dick with your computer. Get back to fucking work.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Who cares.
What's important is how YOU would respond, not someone you don't even know, or care about.
Rich...
Ignore Alien Orders
They are in support positions. It's their job to make sure everyone can work and it's their ass when anyone can't. On the other hand, it's the programmer's job to punch out code all day, not to be spending time messing with your system. You tell me who ought to be dictating network policy.
It's not fair to the IT people to make them fully responsible for all of the computers on the network and then not give them carte blanche in systems management. They have every right to do what they need to to keep the systems running.
Of course, it's also IT's job to be responsive and give the developers what they need -- not doing so is like having the janitor refuse to wash out the restrooms twice a day. Still, recognize that IT still has to strike a balance between their budget, systems stability, the demands of other people and your needs.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
In the case of the second example you have better chances of achieving 'your' ambitions on the workfloor. If your willing to go this 'hard' way you can explain the power of OSS, the different license models and the business-risk reduction it brings in the longterm for your customers.
Remember to also pay attention to the functional requirements of your managers, services and your team members(probably in that order
Personally I'm in this second stage at the moment, I've installed about 10 boxes with Debian GNU/Linux ranging from critical production servers to desktops and test-environments for developers. I'm also gonna do a presentation about the methods and consequences of OSS methods for inhouse software. Eventhough I don't consider myself an expert on opensource software(TM) development or the GPL or any other license, I still feel I can teach my co-workers (and offcourse managers) something about this wonderfull (but slow) revolution called free software.
My presentation will be made available next month on: DebianLinux.Net
> range from 'Reformat the hard drive and fire
>the person who installed that renegade
> operating system
I've worked at companies that made software, and at Research and Development departments where there was an IS/IT department that assumed our computers were not to be tocuhed.
Sometimes it got silly--like we were trying to ship a product that ran on WinNT 4.0, but IS would prohibit us from running WinNT 4.0! And if we'd complain to management (in this case it was John Warnock and Chuck Geschke) they wouldn't have a clue why were were trying to make life hard on the poor IS department!
We had to _sneak_ in operating systems that we were required to support for our product!
Currently, I work for a Research and Development group and I've learned to just humor the IS department. I let them set up my PC with Windows 98 and Norton Antivirus, etc, and as soon as they're gone I wipe it clean and install what I need to get my job done.
IS departments should support the engineers, not the other way around!
--- Speaking only for myself,
I'm involved with this struggle on a daily basis where I work.
Whereas I work in the Math-Based Manufacturing Technology dept. for GM Vehicle Operations, corporate IS&S wants to maintain a sane network environment.
For that reason, I'm in charge of our dept's Windows 2000 engineering CAD pilot. We have sandbox Win2K boxes installed for testing of locally-developed applications.
Furthermore, the company is slowly moving to ONE domain for engineering (corp.gm.com). They've been told to eliminate compilers, eliminate locally-developed applications, etc. Yet, we have a business-need for those same locally-developed apps.
So IS&S has had no choice but to admit that, since we have a real business case, they need to allow us to KEEP those locally-developed applications and locally installed software, provided that testing is done in a locked-down sandbox area.
If we wanted to install Linux on a box or two, once again, they wouldn't have any choice. We would be ready with business case in hand, and they just wouldn't have a choice. They'd have to let us have our sandbox systems.
My journal has hot
There once was a man from IT
Linux sneak'd to his desktop PC
The OS, not supported
His boss so purported:
"You're fired, we run FreeBSD!"
Linux is an unstoppable operating system
Oh god.
With applications like StarOffice
You're not helping your cause.
Open source methods create the best software. BIND - 95% of the market. Apache - 69% of the market. Sendmail - 90% of the market.
And Office? Mathematica? Non-free software stands quite well on its own.
GNOME is an ideal replacement for it under Linux, and is actually more advanced.
...when it works. Maybe nautilis will be better, but gmc is crap. I believe even Miguel has send so in not so blunt terms.
Ease of use.
Completely subjective. I know many people who find the MacOS UI infinitely superior to Gnome/KDE/Windows
You've got a case of the "blinded-by-obession"s. Remember, what's best for you may not be best for another. Remember, Linux is all about freedom...some people choose to use non-free OS/software because they feel its better.
--------------------------
No, the logic is that you _should_ be locking your doors (ie, using crypto) rather than just nailing some of them shut but leaving the others open and unlocked on the grounds that they are too small for a thief to find.
Trying to secure a network that spans more then a single room through physical security is monumentally stupid.
You can argue all you want about power bases and all the other rhetoric of liberationist politics, but we're talking about the workplace and not about a democracy. You're at work to use your skills within the constraints of the policies and procedures established by management. It's that simple.
Do I particularly care for it? No. In many ways its a bullshit structure. It makes work like some kind of proft-making bastard child of the Brehznev-era Soviet Union. It stifles innovation. But a corporation is an organization that relies on a coherent, structured and standardized environment to be effective.
If you don't like the rules, don't play by them. Go someplace else and make your rules/declare there's no rules. But don't break the rules that you voluntarily agreed to follow and then declare that the rules are unfair and that they don't apply to you.
When a sysadmin installs an OS such as Linux, Solaris, or even NT usually administrative privileges are withheld from the workstation user - with good reason.
However, if someone comes along and installs their own Linux distro suddenly you've got someone other than the admins with root privileges on at least one machine in the network. Hello, nmap. Hello, packet sniffers. Yes, you can encrypt everything to death, but it's better to keep prying eyes from ever seeing the sensitive data in the first place.
If I'm the sysadmin and you go and replace the OS you were given, you're damn right I'll be pissed. There goes all my planning. You are using the company's equipment and messing with something that it's not your business to mess with.
If Windows is handicapping you so much, tell me. If your sysadmin is so ass-backwards that he doesn't recognize a good explanation of the benefits you'll get from using Linux, then he's an idiot and what are you doing working in an IT department with this guy managing your systems? Chances are he's missed the boat on more than just this one issue.
If you work for a company with very, very strict rules in place about changes to the network, there's probably a reason for that. You should know better than to mess with stuff that 1) is not your responsibility and 2) others probably know more about than you do.
Why is it assumed that if the person is running Linux they must be some Unix god incapable of messing up their system (and possibly the services provided for others) quite royally?
--
IT Managers should be more concerned with Unlicensed Commercial Software on their network than people finding and installing Linux.
:-))
I'm a Sys Admin, I know of several boxes on our network running Linux (dual-boot or not), some of which are very useful boxes that we installed ourselves, some are ones that non-IT staff installed.
I work for a software company, however, and some of the software we produce works on Solaris, so people playing around with Linux isn't a big thing. We're not 100% Micros~01 here... At my last company, however, I had to set up a Linux box "behind the scenes" without letting my manager know. When I left they and they discovered the box they pulled out the network cable, and threw the machine out. (It was an old P75 - ideal for Linux
At my current work they gave me machine with NT 4 taking 4 gigs and 9 gigs of empty space. They said I could install anything I want, but they would only support NT and, surprisingly, FreeBSD up to some extent. I decided to go for BSD since I wanted to learn it. So I fixed NT in a usual fassion (mkfs) and had no problems with IT anymore. I also have Linux on laptop, use it in company. I know that almost every tech in my company uses either Linux or BSD, or Solaris for those with Sun boxes, graphic designers use Mac. The only thing they require is for you to be compatible (SAMBA to access printers, have to be able to read .DOC, etc). And officially IT is not supposed to help you if your Linux box is screwed - I know my bos got about 5 different Linux distros from IT when he asked for it - but officially they aren't responsible. Beyong that - who cares what you use as long as you do your work ?
On my previous work, when I was admin myself, I used Linux as universal troubleshooting tool - had it work as print server for Macs and reroute all print jobs to Netware server, etc. Had to fix couple of linux boxes for professors - it was a college work - I know that most other admins never bothered to fix Linux, or for that matter anything that they had any excuse not to fix. That's probably why some IT managers dislike Linux or anything else that is new - they don't know what security measures are needed for system, how to support it, would it interfere with anything (one of my friends used Linux with Netware, named machine/share or smth like that using Russian characters, half of their windows boxes started crashing when trying to browse network).
Obama 2012: our incompetent asshole is slightly less of an incompetent asshole than the other incompetent asshole !
Ads what ads? My hosts file blocked all of them except one. Everyone should have some ad blocking option either on or ready to be activated when we come across articles like these.
I can almost hear them on the phone to accounting, "Yes, yes, we did get 20,000 hits on that one but the ad people said their server only sent 1,000 ads!"
In general I agree with the consensus here, leave em alone or even complimenting them on their choice but in my work i come accross some reasons why the more radical negative approaches are sometimes preferable and even necessary:
Support
A lot of organisations have to deal with lusers or even worse: self proclaimed power users who regularly make a mess of their workstations, and the organisation spends money to keep everything going. Allowing ppl to use something different can set a precedent. How are you going to explain to a user that (s)he can't use this application when another user installs a different OS ? (anyone who's ever been a sysadmin knows what i'm talking about)
Security
Some organisations have security requirements. Some are even required to be able to prove that they are secure. This is usually done by getting certification from experts who will create a setup that has been configured and tested to be secure. Linux isn't secure, nor is WinNT, but they might be when they're run in a specific setup. Allowing users to do things differently means you cannot guarantee security on your whole system, simply because you don't know how it's been set up.
Compatibility
In some organisations software is used that's not compatible with non MS OSes. My current client requires me to use Outlook to plan my days so they can see what i'm up to. Even though i might not like using Windows, I don't know a way to do this on Linux (yes i know about Outlook web access, but you need a server for that). Other organisations have custom applications, same story.
This is all I can think off right now, but there is probably a lot more.
Bottom line is that a lot of organisations are Windows based, and it might not always be possible to do anything sensible with a Linux box in those.
beauty is only a light switch away
My sysadmin got a call from a higher level manager recently.
Manager: "This new server -- why are you ordering it with Linux?"
Admin : "We use linux increasingly for all our servers, and a few programmers are using it as well."
Manager: "Shouldn't we just use NT?"
Admin: "Nope. My calcs show about $10,000 in software licensing if we use NT, but only about $500 if we use Linux."
Manager: "Okay."
[Actually, the fact that she let us do it was a ray of light in an increasingly gloomy workplace]
PS: We need permission to install Linux -- I got some heat awhile ago when I put a linux box on our net without approval. After I explained why, they left it up.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
Additional systems are ANNOYING to support. I am responsible for IT and Development at my company, (i.e. a very small technical team), and we use Linux exclusively for development. We are developing PHP and Java code for web deployment, so Linux is the natural environment, the user has his own web server, etc.
Our network infrastructure is NT 4 w/ Exchange, so everyone has a Windows box. The developers have two boxes, NT and Linux, and they are responsible for their own Linux boxes.
However, that didn't stop a bad Samba configuration from causing nightmares. Samba is getting close to being banned.
It decided to claim to be the Master Browser, but the PDC was and knew it was right. Faulty election code, and the Samba box forced enough elections to crash my PDC.
Is this buggy code on MS's part? Absolutely. Was I annoyed? Absolutely.
Linux creates new headaches if SAMBA is installed. Without SAMBA, there really isn't much of a reason to worry about it. Let it do its own thing.
It is likely being used as a workstation, and you are not going to have licensing issues (normally), so there isn't a problem.
If someone is setting up an unauthorized server... well that person may need to be fired.
Now, a tolerant IT staff will have a policy on unsupported systems. They should allow them without support, but if they disrupt others, they need to be decommissioned. Rediculous overreactions are stupid, but having no policy and allowing a free-for-all is asking for spending Friday nights at the office debugging...
Alex
as a programmer i have to say - that HAS got to be the worst and most draconian policy ever.
Did you actually read the post you're now slamming? His comments were, imho, quite reasonable. If you consider them Draconian, I wish you luck finding an employer that meets your requirements of an IT department.
its the people who USE those workstations that make money for your company - not you or that IT department.
This narrow minded view is about enough to invalidate your entire post. Does the concept of a team effort mean anything to you? The presence of programmers, marketers, customer service reps, etc. wouldn't be worth five cents without a solid IT department keeping it all running. Don't think for a moment a qualified group of network admins doesn't help a company make money.
Indeed, one of the biggest concerns when a company is being considered for a contract is the quality of their network. Speaking as a programmer for a company that's been scrutinized and approved by more than a few large corporations, I assure you that one of the key factors of our getting contracts is the quality of our network and the reliability of the systems.
by definition people who use workstations should be allowed to do whatever they like assuming that they dont interfere with the network in any way.
By definiton? Oh, please. The definition of a workstation is not "You can do whatever you want with it, as long as it doesn't hurt the network". Your workstation is not your responsibility when it breaks, or when it acquires a virus. It's IT's responsiblity. They're the people who will be held accountable for your workstation's functionality, not you. Therefore, it is most certainly not yours to do with as you please.
'd be really horrified to work at a company which didnt let me install the OS i liked on the machine i have for my exclusive use.
Again, I wish you luck finding an employer that meets your somewhat skewed outlook on reality. I'll also assume you didn't read his entire post, because he explicitly stated that if somebody presented a good reason to install an alternate OS, it would be considered, tested, and approved or disapproved. It's not Draconian as you'd like to scream and wail, it's the protection of their time and their responsibilities.
Another point. It's not your box, it's not yours for exclusive use, and it's certainly not your property. If you're home sick one day, the company has every right to let somebody other than you use the system, or log into it to look up something in your mail. It's a reality check: The computer isn't yours.
if i want to be my own admin what rights does the IT department have to fiddle with my personal workstation or fire me ?
This should be obvious by now, from what I've covered above, but I'll say it again. It's not yours. You didn't pay for it, you didn't install it, you don't maintain it. The computer belongs to the company, and the company can do with it whatever it wants. How is it you don't understand this?
you must be at some really brain dead firm to be considering policies like that.
Well, the rest of your post isn't worth responding to, so I'll just leave it at that.
Hmmm. The titillating question one cannot help from deriving from your statement is "WHAT'S NEXT????"...
--
Americans are bred for stupidity.
I know that most of the /. readers aren't old enough to remember this, but it sounds exactly like what happened with the PC revolution. (Yes I know the article mentioned it slightly)
Back when (say, Pre IBM PC, or the early PC days), there was a lot of "We can't do that" that came from the people in the Glass house. The way thing changed was that people BOUGHT their own PCs, and snuck them into work!
So, the Lan Admin says "You can't do that, it's a company PC" (Strains of the "Who" playing here - Meet the New boss, same as the old boss. We won't get fooled again) - What to stop you from setting up your own PC in the office (or for that matter, carrying a laptop), and even (gasp) setting up (Totally bootleg) your own LAN? The company doesn't own it That's how PCs snuck into the Fortune 500 to begin with
Charlie
(feeling old)
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Ah, yes, preventing people from running their own Linux machine will keep sniffers from your network.
Well, except for your Win 9x clients. Oh, and any machine with a floppy (which can boot a DOS floppy). Oh, or laptops. But except for those, you're perfectly safe.
Fire anybody in IT who won't give me the tools I need?
It is my considered opinion that if IT won't let me have the tools I NEED TO HAVE to do the job, they should be fired from the top down, and their boatware should be destroyed. For what it's worth.
sulli
RTFJ.
In reality, the unauthorized installation of Linux or any other open-source operating system on the corporate network would be a non-issue in any half-sane company, for the simple reason that it's almost entirely only the more competent techies that mess around with these things at work so openly.
However brain-dead management may be, it does not fire its top techies in any tech-based business. The repercussions of doing so should be obvious. It's far better and cheaper to fire the managers that object.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
What all this comes down to is that IS in some organizations (like "Mr. 'Destroy their servers and fire them'," a top flight CIO from a Tennessee school district) is on a power trip.
As someone here pointed out, the glass house saw PC's as a threat to their power base, and IT created policies against them. They're doing the same thing with Linux--it's something they don't understand, don't want to learn, that cuts into their power base.
The article chronicles Netware sneaking in when mainframes dominated. Then NT slithering in when Novell dominated. Now Linux is permeating (currently) NT dominated shops.
Anyone else see a pattern here? Ultimately, Linux, FreeBSD, or other open source tools will come to dominate because they meet the needs of the organization.
Just like computing managers saying things like "PC's are just a fad, big iron and dumb terminals are where it's at" adapted or left, those saying "Linux is non-standard, unauthorized, and a fireable offense" won't be able to stay in denial forever.
Obviously, users shouldnt be adding software without IT getting a chance to test possible behavior in a network... but if your users feel that they can be more productive with a different tool, IT depts shouldn't be stopping them. An IT managers job is to keep users productive and to manage the tools that they use. It's sort of disappointing that the 'you\'re on your own' view pervades so many managers. If your users want to use Linux more than Windows, it suggests that your users know more about it than you do. If that's true, then you're probably not doing the best job as an IT manager. Why should users have to support their IT tools when you're being paid to do it for them? Come on! The only problem is not that users are adding untested software to production environments; its that IT departments are forcing them to do it without testing.
Well...
1) The entire corporate network is properly firewalled; this is a key point. They don't open up a 'security risk' by using linux on their workstation.
2) I won't support it, unless they ask appropriate questions.
3) I won't freak out.
4) I ask why they did it. Usually it's because they actually need it to do their work (programmers). I am not there to tell them what tools they need to do their job; I am there to assist with making those tools work for them.
Really. The only reasons IT should get pissed are:
1) License violation
2) Security violation
Period.
I make it clear that I can't support it to the same degree as the 'official' software, that they better be able to deal with it on their own. THis is never a problem.
"Destroy their servers and fire them," says Jeff Shapiro, director of technology for the Kingsport, Tenn., public schools.
...
Reality shudders a bit and suddenly Shapiro is wearing a black cloak and a shiny black plastic helmet. The evil Sith Lord then turns and returns to his meditation chamber where he contemplates his plan to turn not only his estranged jedi son, but indeed all the children of Tennessee to the dark side.
Suddenly a report from his fleet admirale comes in - some rebel spies have installed Linux on a deathstar console in the computer room of the local public school. Holstering his lightsaber, Darth Shapiro takes a shuttle down to the location where the insidious rebels are being held. "It is pointless to resist, soon the rebellion will be crushed and all you Linux users will be one of us!"
...
Anyone else find this guy's perspective just a touch wacked? Maybe I was mistaken, but I was under the impression that the whole point of having IT departments in any organization was to help other employees and users of the organization to do their work more efficiently? not to be the software police. If someone finds it easier to use linux than IT dept. policy software isn't this a good thing? aren't productive happy employees a good thing? maybe I made a mistake somewhere - perhaps the real point of IT is as a shelter for those poor tortured control freaks who failed in successful careers with the thought police and ended up in public education instead and need to take some kind of petty sadistic revenge upon others to fill their hollow lives with anything even remotely resembling purpose. Oops - getting a bit personal here am I? How about firing people - that's not very personal is it?
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin