Slashdot Mirror
Desktop Linux Sliding in Under the Radar?
Paul Johnson asks: "This article at ComputerWorld describes a sysadmin's discovery that many people in his company are installing Linux on their desktops without consulting IT. The writer is concerned with the security implications, but there is a wider issue. At present the 'official' penetration of Linux into the desktop market is something around 1%. The writer of this article doesn't give figures, but it sounds like he may have stumbled on several times that percentage of desktop Linux installations. If so then this is an important trend. Linux got its foot in the datacentre door in exactly the same way a few years ago, with unofficial installations doing odd server jobs.
If you are a sysadmin, in an organization that runs Windows on the desktop, have you stumbled on many unofficial Linux installations?"
If users will install random spyware and games on work machines, why wouldn't they do the same for an entire operating system? The only difference is that they have to insert a CD-ROM! And that seems to be what people are doing with their Linux installs as well as their Windows workstations too, according to the article.
Bash script for FP whores
I work at the comptuer science department of a major universtiy, we've got runaway LINUX everywhere. We've gone so far as to restrict our switches by MAC address and no longer allow anyone in our network unless they tell us what OS they are running and have installed all the security updates.
The article mentions VMWare. This is a truly
excellent application that runs in Windows and Linux and fully virtualizes
the hardware. You literally "switch on" a machine in a VMWare window and
you see a BIOS startup and then your favorite operating system starts.
You can do things like run Linux as your main operating and have Windows
as a Window within your window manager. Or you could run Windows as your
main operating system and have Linux in a window. In addition you can have
multiple versions of each OS. I have, for testing purposes, Windows 98,
Windows XP and RedHat Linux as VMWare images, at any time I can boot into
a clean version of them and test software. At the end of the session VMWare
asks me if I want to save the changes that have occurred in that session. If I
say "no" then none of the changes get committed to disk. For Windows that means
even the registry, so I am guaranteed a pristine environment next time.
At my company about 25% of people run Linux as their desktop with Windows in a
VM and the others the other way around. It's very cool...
John.
In a previous job I've found Linux and BeOS
desktop installations. While I was pro alternatives to Microsoft, there was the concern about security - e.g. open e-mail relays, unpatched servers. The company ended up with a policy of permitting Linux on the desktop, but not supporting it. If you had an application issue - you were on your own. The only users that ran it had a clue and we didn't run into issues. Being a research environment, Linux ended up replacing SGI systems as the scientific workstation standard.
Aside from my laptop and my desktop, we have no Linux desktops. I do network scans and such monthly, and aside from a few Linux-powered embeded devices, I've seen nothing interesting. Mind you, I work at a hospital. There are not very many technically inclined folks here.
Never eat more than you can lift -- Miss Piggy
Back in the old days when ummmm... a guy I know was at SCO, people were intalling linux on their systems without consulting IT. That was in 1999.
I don't have any figures for you though.
I wouldn't dare reformat a work machine with another OS. The feasibility isn't the problem - it's the wrath of an angry sysadmin that is. I would like to keep my job in this economy.
I DO, however, frequently boot my machine with knoppix. Most corporate IT environments prevent users from installing their own software - but Knoppix has pretty much every app I need. I sacrifice local file storage and some embedded data like PIM stuff, but its just more comfortable and doesn't raise the ire of the lesser IT geeks.
In the last infrastructure upgrade we did, all 60 machines were identical:
FreeBSD 4.7, autostart XFree86,
full-screen RDesktop to central Win2k Terminal Servers.
User's still think they have a windows
box(windows splash screen on boot).
Does this count?
The article is actually pretty good -- it's a reminder that if people are using a platform, that IT has to support it properly. This is a refreshing change from the traditional IT reponse that if IT hasn't decided to support it, it should be prohibited. I congratulate the author on realizing that IT's job is to facilitate people's jobs, not restricting them to what's convenient for IT. Help desks are always horribly overworked, so it's understandable that they start falling back on blaming users for breaking the rules, and refusing to support anything but the standard application set, instead of thinking more creatively to help users get their jobs done. The irony is that _every_ IT support person has tons of weird software on their machines that would cause them to refuse to support the machine if it were someone else's.
(and I say this as someone who's worked in IT, and managed IT departments, for _years_.)
Enable 3D printed prosthetics!
I used to work for a backbone isp as a *nix admin. Our internal IT said we MUST use M$ on our laptops. I think maybe 30% dual booted, the rest of us just running our choice of linux/bsd. It's not like we needed tech support for getting network printers to work or something.
I was laughing as I read, waiting for the punchline, it never came. Either the guy is a master of dry wit, or just about completely witless.
Realize FIRST that you are there to SUPPORT the users NOT stick your nazi baton up their ass. Instead of getting pissed at them for trying something new (unless you are just a jerk and can't help it), pre-empt them by handing out knoppix cd's and have them boot to it. A 5min education and they are off and running. Tired of linux? pull the cd and boot back into windoze. Everyone is happy.
Sick of stupid ass admins who think that they are important. Without users, we would NOT have jobs...
they almost certainly would have no antivirus software
:)
Oh, for the miniscule number of Linux viruses?
no agents for our desktop license management
Since *most* software that requires license management is either Windows-only or hard for Joe User to come by, I don't see this as a huge problem either.
and almost certainly wouldn't be keeping up with security updates.
Ah, now this is a real concern. I would hope that your company has firewalls, but I can certainly understand not wanting them to be your *only* line of defense.
the users don't own their machines - the company does. if they want to piss around with _any_ os, let them do it on their own time, on their own network, and on their own equipment.
I can certainly understand this. When you're responsible for eleventy jillion desktops, you can't have people going rogue on you. At least not without knowing that if you have to come fix their PC, it's getting reimaged.
Now, I personally happen to run a stealth RH install, dual-booting to Win2K for when I just have to do something in Windows. My workstation, however, is well-secured, and has updates applied regularly. I have *never* had to bug the IT department, and my workstation is exceedingly well-behaved on the network. If the IT department decide to be real hard-asses about it and reimage me, I'll understand. Doesn't mean I won't be cranky, though.
49 20 68 61 76 65 20 74 6F 6F 20 6D 75 63 68 20 66 72 65 65 20 74 69 6D 65 2E
Where I work (part of Harvard University), Linux is definitely growing, but is a distant third behind Windows and MacOS. The IT department here is pretty strict about what they say you can and cannot do (kind of odd in an academic environment, if you ask me); as an example, one is not supposed to deploy ethernet hubs without seeking permission first. This just to give you an idea about them.
I've been here 3 years. Last year and the year previous to that, all of the IT web pages said that the only officially supported OSes were Windows and MacOS, with a stern implication that that was it (and don't you think about using anything else, grrr!). This year, they've acknowledged that Linux exists, and are giving some support for it. The IT folks are at least aware of Linux now, a change for the better.
Why is this happening? Because there are a few researchers (including me) who have installed Linux on their desktop/analysis machines, and are doing their own system administration. But, these users still need to fit into the global IT picture, for example, communicating with the email servers. As we have migrated from one email system to another recently, the IT folk have visited every single user (no, not kidding) to move their email system over. The fact that I was running Linux was not only no big deal, but they even correctly guessed which mail client I was using, given that I was running Linux. We are, slowly, winning.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
would kind of count as a security risk in itself, wouldn't it?
> --- All Of The Above --- >
I am not a member of IT in my company... though heaven knows I should be... I work for a support organization and I'm a field service engineer (but not part of corporate IT), and they (IT) get in our way all the time...which is amazing considering they have no on-site personnel (3000 miles away in CA) and their only domain controller is an underspec PPro 200 with 128MB of RAM running Windows 2000 AS (yes it is always out of memory and functionally useless).
As part of my job I set up the office G4 (OS X...which they thought was Linux... probably because of Smb) for training... I am in charge of Apple desktop support for our largest client in the area, an HP 9000 D class for my support of the 9000's in the data center (24/7 on-call), a Windows 2000 AS box for training (Citrix Metaframe XP, etc.) and the box I interface it all with... my Powerbook Pismo. I was told to shutdown and remove these from the network... they have a point about security holes and unauthorized access points...but I kind of chuckle because their infrastructure is very poorly built and my machines are 10 x as secure as theirs (case in point I run only SSHd for the most part and lock down everything)
They decided to send us a switch and give us an external IP... (IP only after bitching that a lab environment is useless without an internet connection) which is fine except we can't use the local printers... so instead I built a NetBSD firewall and put everything us techs use behind it and then configured it to never respond to any outside services nor pings. So yes I have unofficial non-Windows and technically oriented OS's... and I had Gentoo Linux on my last laptop... but I probably don't count because I am an admin just not by job this time around (I've been director of IT before)
I can see where there might be some security concerns, but I think the real concern for IS (IT, whatever) is being in control.
I work for a company that was heavily Unix (and X-terms) until the LAN somehow became all MS PCs. Now people and projects are insisting on replacing not only MS but Sun and SGI stuff with Linux. We are meeting heavy resistance from IS.
They are claiming that it costs more to administer a Linux box, even though we've been in meetings and showed that it wasn't true, based on recent experience. They refuse to give even knowledgeable users superuser privileges on their own machines, although Windows users can install anything or delete everything on their boxes at will.
To me it appears that some of the people in IS are afraid of being made less powerful, less needed, and less relied upon.
when I was promoted/transfered from help desk to engineering was add a 2nd drive and install linux on the box that came with the cube I moved to.
Months later, I walked away after initiating an (infrequent) reboot. After making the rounds, I came back to an NT login. WTF I thought - then realized I'd set NT as the default in lilo in case someone needed to use the copmuter.
Personally its not God I dislike, its his fan club I cant stand (bash.org)
I am not a sysadmin.. but I can tell you that there are MANY MANY "rogue" Linux desktops within HP... including mine. Using Crossover Office, I have completely eliminated the need for Windows at work altogether. We also have an "authorized" internal distribution network for doing network installations of Linux for whatever purpose you may need. I am confident, that if you queried our site system administrators as to what percentage of desktops they have running Linux, they would be off by at least a factor of 10.
-K.
I'm not running Linux under the radar, I'm running FreeBSD. I'm so much more productive with FreeBSD/KDE than with the mandated Win2K. Especially since the network is Solaris. (Why we're supposed to use Windows on a UNIX network is something I still haven't figured out).
But IT doesn't know about it. I don't have their permission. But guess what? IT doesn't own this computer, my department does, and I got my boss's permission, his boss's permission, and the permission of the VP above him. I would have told IT, but then they would have a cow and it would become a big pile of political crap. But IT doesn't know, so they're happy, I'm happy and my boss is happy.
I'm certainly not going to tell them about the development lab being switched over the FreeBSD, the Dicom lab running Mandrake, or any of the internal websites running Redhat and SuSE.
A Government Is a Body of People, Usually Notably Ungoverned
I work at one mega-monolithich US international -- though we're mostly nerds here (R&D).
.....
I'm not a sysadmin, but I'm one of the people that has installed Linux (I didn't blow away the corporate windows install, for accounting sakes) on his own at work.
How did I get the corporate mail client (MS only) and other ends to work? I downloaded custom-wrapped wine rpms created (on their spare time) by other coworkers on the other side of the country at another research facility. This was hosted on a un-official internal "Go Linux!" website, for all of the company's employees to see (we're allowed to have personal and "club" websites) and download (they have all of MS Office 2K running smoothly, along with Notes, the corporate e-mail client).
I got a couple of coworkers excited about Linux -- mind you, we're not just another corporate center, this is a hardware R&D filled with geeks (the sort of people that aren't sysadmins, but might play them on slashdot!) so I imagine we're at one end of the scale in the corporate world. But, thanks to Knoppix (try out a recent Linux distribution with zero liability on the company's computer to see if all your stuff is recognized! What a sale!) I've managed to get even some of the "old crusties" excited about Linux.
Anyways, my sneaking suspicion (and my hope! so this probably biases my "suspicion") is that there is a large number of uncounted Linux installs, and growing.
I was concerned about security, but who are we kidding? I know to not rest on laurels and all that (keep this RH73 as up to date as possible), but the alternative for my machine is Win2K, and we've been through the wringer with updates, worms, reboots and virus infected computers on *that* platform
Dont install KDE? For a user? are you expecting them to use X? or maybe the CLI? or should i dictate them to simply use my preferred manager? Once again... poster said these would be boxes i didnt set up.... so theyd probably install whatever they wanted. Support contracts are certainly cool... but even still... my job is to fix things quickly ... not to wait on the phone.
if you think supporting linux amongst a bunch of users looking for ease of use and smooth inter-operability with a windows world (especialy in sales and buisness app's) your out of your freaking mind. While i certainly do agree ssh is a powerfull tool for remote support (though i prefer VNC) your totaly missing the point.... resolving issues QUICK. the amount of variables involved with a *nix are much greater than windows.... this is the power of *nix. And also why support can be problematic.
As to your "no" policy... i seriously laugh at you. If your in the buisness of shooting down your users ... your not a very good sysadmin. While you most certainly shouldn't encourage or offer active support for non-approved SW... Users are users, and simply want their shit to work. The more you can facilitate that with ease the better the admin you are. thats "support".
People who hold the above attitude are very BAD admins.... our role in general is to make people happy as best we can without going over-board. I suppose that's why my company has gone through 8 admins until they found me... your job security is BASED upon your user satisfaction. In which case ease of support IS important.
--Idiots, Every single one of YOU, A flaming mass of conglomerated morons, hey wait a second, isnt that how RAID works?
Company shall remain nameless for my protection -
.
The home office has a special network security "swat team". Last year, they did a security audit of our site, which consisted of trying to hack into our network, from the inside.
They found several rogue Linux boxes, and were able to hack into them through ftpd. Holy hell was raised. All Linux was purged from our network. Oddly enough, here it is, 8 months later, and nearly every developer has a second box on his or her desk, with, you guessed it, Linux. However, it's a distribution and configuration, approved and controlled by IT.
It's all about control with these guys. .
You'd think that black leather keyboards with spikes and clamps would be popular with these freaks.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
now that i can see the point of, but perhaps instead of viewing linux has a second teir "problem" he should talk to the people who installed it and find out what they can do.
i have a local gentoo build server with 2 python scripts, and some cron jobs my systems are updated daily on my home network (14 machines. varying from athlons, to mips, to alpha) (not running gentoo on the mips, that runs irix [octane])
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
Are you seriously implying that the default install of Windows XP is less secure than say Redhat 6.1? I seriously doubt it.
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
got it. so here goes
:D
i work for a large bank in network administration. of 350 users at our site i am the only one to install linux. on a laptop. my boss showed me a memo that forbid installing linux because it was a hacker os - i shit you not. this was a couple of years ago, i think it was redhat 6.0
so i installed freebsd
when our shitty ms dhcp server stopped handing out ip addresses for two subnets i built a freebsd dhcp server but was never allowed to implement it
dumbasses
That isn't entirely a joke. When I was there for an interview about a year ago, one of my interviewers had a Red Hat Linux retail box on his desk. I asked him about it and he told me that he was going to be using it to do some security testing on some portions of Windows. His justification was that there are more cracking tools available for Linux/*nix than there are for Windows.
Strange but true.
At the government lab where I work, Linux has penetrated much more than IT knows. We have an extremely braindead IT staff, and the five-year-old unpatched Groupwise servers simply don't work. The email system is completely bogged down with the viruses everyone trades. The people in my research group got fed up, so we finally just set up our own network. It's mostly Ethernet, with some patchy WiFi. The cables are hidden in PVC piping. This is a lab, so nobody notices when new pipes get put up. We have a few Linux servers doing mail, a website with a Tiki, Jabber, and a few other assorted tasks, as well as a bridge to the real network. IT has no idea, but I can't help feeling that in a few years, they're going to notice that all the scientists are using Linux.
Litigious bastards
The weaknesses from the rogue installs ...come from the installation of third-party applications and utilities, which can leave a desktop or server vulnerable to attack if set up incorrectly.
Huh? What total Microsoft brain washing! What is a "third party application" in the free software world? This dude has his head shoved so deep into the M$ world that he confuses all the crap and spyware that accumulates on windoze boxes and runs as root with free software. I don't know how he's transfered his complete lack of control over Windoze onto software that works. I don't get it.
He goes on, after mentioning that he might be man enough to run Red Hat. He thinks it could do his company good to replace the hideous pile of Word Docs that is their QA tool because it sucks to have to do a "word search" to find information in the 300 reporst/year they generate. So true, just putting those things on a Samba server so you can use grep and find would be really helpful. Imagine how nice his life would be with a nice little mySQL/PHP webform for entry and search instead of a Word template. Progress, forge on brave man!
But, oh no, he shrinks from the fear of vulnerability:
For example, there always seem to be vulnerabilities associated with programs such as file transfer protocol, sendmail and Apache. And other open-source software is vulnerable, especially when the developer hasn't written the program with security in mind.
Poop. Plain and simple poop. Sendmail handles most email. Apache handles most web sites. Who needs ftp when you've got ssh? Well, anonymous ftp is a nice way to share big piles of files and programs like proftp are plenty secure. This is total shit to scare people who don't know what file tranfer protocal is, but like the ease of windoze file sharing. It's ignorant if not intentionally misleading. This line says volumes:
We can't eliminate Linux
No, but some fools wish they could. Other people everywhere are learning all the good things free software can do for them.
Anyone who's worried about security should use Debian's stable distribution. Not only is it all field tested, upgrades can be applied everyday from http://security.debian.org via shell script. Unlike the windows world, these updates install easily and don't break other "third-party" applications.
You say:
This could make the case for desktop Linux look worse, if people are not securing their dektops and/or keeping up with security updates.
That seems to be the intent of the article. Fortunately, only the very ignorant will pay attention to such nonsense and it can easily be deflated. Microsoft is going to have to try much harder than this to keep people away from superior software. Then again, I'm not sure how they can do that. The thing that makes the best case against the Windows desktop is it's record. That now including the author's laborious treck around his company caused by yet another Windows failure. There is not software anywhere with such bad performance.
Friends don't help friends install M$ junk.
When they connect that second device to their stealth hub or switch, your switch will cut them off (Seeing a second connected MAC address disables the switchport).
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
well... heh... I actually haven't stumbled over any installations of Linux... when I was first hired on, there was no linux... So I helped ... er... "introduce" linux to a couple of useless windows boxes. Actually I've been very active in encouraging the switching over from Windows to Linux within our organization, and am happy to say that it's giving the 'MS certified - legit' SA's of the organization fits. Funniest thing is watching their faces when the users tell them they don't want Windows re'installed... Windows Purchase = $300, Hardware Purchase = $3000, Looks on SA's faces when told their jobs are going to go away because the users like Linux = Priceless.
Then I installed Linux at work on a spare server (supposed to be for DRP but what the hey!). The best part is that I set it up with PXE support. I have about 25% of the company running linux without touching their OS on their systems. Just set the workstation to network boot and presto Linux (similar to Knoppix). They like it alot better 'cause they are sharing a 2.8Ghz Xeon with 4GB of RAM. Most were used to PII300's. They can always skip the network boot and boot into Windows but they are doing it less and less now Especially since I have really cool games on the server =).
I hope to have the whole company converted by christmas!
From excellent karma to terible karma with a single +5 funny post...
Very few large corporations have the time or the tools to patch hundreds of MS desktops. As a result in every corporation there are hundreds if not thousands of vulnarable windows desktops and cluless IE users merrily surfing the web and getting hacked by script kiddies.
War is necrophilia.
Running FreeBSD as the primary and only OS on three machines at work, I have a really hard time with these forms. What further investigation revealed (as I wanted to give them the CORRECT information despite their problematic form) was that their bonehead Access database required a primary OS from the list, with an optional secondary OS from the secondary list - no other options could be entered. So my three computers were registered as Win 2000 primary OS and Linux for secondary OS. Despite repeated pleas by me, we're paying Microsoft for three unnecessary liceses.
What annoys me most is that when ever I say "FreeBSD," my supervisors always hear "Linux." They aren't against Linux (or FreeBSD for that matter) as it seems many of your bosses are. Linux is a keyword in marketspeak, so it's acceptable. When asked about why they hear "Linux" when I say "FreeBSD," I was told that the "Free" in "FreeBSD" makes it sound cheap (in quality) to administration and potential customers. Using it is OK, but not to the outside world (or department).
I installed Red Hat on my Thinkpad two years ago and bought Crossover Office so I could run Outlook to connect with the Exchange server. I never authenticated on the domain, so I'd login to somebody else's computer once a month for the mandatory password change so I could still get my email and use the network shares.
All worked beautifully until IT migrated to Active Directory and EVERYTHING stopped working. Well, actually only the shares and Outlook stopped working, but not having email is enough to end my Linux using days. IT wouldn't help at all on the AD server so my options are running low. SCO actually has software that would help, but I shiver at the thought of using a SCO product.
IT is now going to open up Outlook Web Access... I thought this would solve everything, but they are somehow locking it down so every client that connects to OWA will need to be running some sort of Windows-only Symantec software (we also use a Symantec firewall... maybe this is some sort of PPTP client, but IT wouldn't say). This makes me doubtful of getting it to work under Linux unless I can emulate the Symantec software.
Where I am going with this is that I used Linux on my work desktop for two years and some helpdesk guys even knew about it, but I was out on my own when IT went to AD, so this sort of thing sure isn't going to get any support from many IT departments. Good luck to you in running Linux at work. I wish I had more luck.
The global economy is a great thing until you feel it locally.
Parent post is overrated nonsense, with some FUD thrown in for good measure. While there are some valid reasons for unifying desk tops (easier maintenance), msot points mentioned were not amongst them. The right option is to say "ok, you run it but we won't support it", not "no you run Windows as its secure".
Well, my employer allows virtually any os that a given user might need to run (we're a research facility). The IT people do regular vulnerability scans of the network and the linux users that I know (myself included) have never failed to pass the scan. The same can't be said for most of the MS users, or event the Solaris users for that matter. I don't hear much from the MAC users.
I guess my point is that it is not so much what os a person runs as it is the IT policies and how well they're enforced. Keep up with security patches, don't install untrusted software, good password policy, etc. These things aren't unique to any particular desktop OS and any user could potentially violate them. However, any user that depends on their system for everyday tasks isn't going to intentionally munge it up since they lose the use of it while you may be inconvenienced with rebuilding it. There is always the danger of the 'malicious insider' and we risk it every summer with an influx of student help that always includes some idiot that will try 'bad things'. Deal with them swiftly and harshly and make sure everyone knows about it and you can keep it to a minimum, but you can never eliminate the risks completely.
Now this is a big bank, with thousands of desktops, and very strict policies on what you can run on your desktop (ie: you can run the heavily modded and locked down corporate build of Windows 2000, or you can work elsewhere), and this guy, global head of one of the two network security bits flaunted the rules - talk about setting an example.
He ran VMWare on his Red Hat box, and had the corporate build of Windows 2000 running on that.
He took great delight in quietly telling the story that he ran up Red Hat, and ran up the virtual machine with the corporate build on it and asked the 'corporate build' team to check it out and tell him if they found anything up with it. They didn't.
When you consider that around 50% of this particular corporate's network security is in the hands of someone who behaves like this, you start to wonder how secure some of these large corporates can possibly be!
The problem of installing desktop Linuxes on corporate networks isn't whether Linux is secure or not. The real issue is that IT needs to know that 1) is it secure 2) what do they need to do to make it secure 3) how can they keep it secure 4) how they will help users with other problems (altough this would not be so important if only a bunch of Linux enthusiasist would want to install Linux). However they do need to be sure about security, otherwise they are not doing their job.
Supposing IT is not full of Linux specialists, they would need to learn quite a lot about Linux, take courses, hire more people etc. etc. If you are just managing to control your current 1000 - 8000 or what ever number of desktops, you do not want to make the extra effort without pretty good reasons. Given that the current staff probably knows Windows but not Linux, it would be pretty difficult to find these reasons.
It's a bit different thing to have Linux servers (maintained by your trusty Linux knowledgeable part of your staff) on your network than to have (by definition) inexperienced users try and install Linuxes all around your network.
Also, the above does not necessarily apply to your average University etc. With corporate IT, it would be more like this...
It depends a great deal on what kind of shop you're talking about, doesn't it. I'm guessing in the situations you're talking about, the computers were used as basically two things: a replacement for typewriters, pads of paper and filing cabinets; and as terminals for accessing big centralised business applications. This is still what business computing is for most people.
In that situation, you're not in the business of running a computer network, you're in the business of supplying electronic stationery. You could theoretically replace every machine with a green screen terminal linked in to a big ol' mainframe, and productivity would barely dip. (okay, in some graphics-intensive environments, such as engineering drawing, laying out newspapers, etc., maybe you'd have to use X terminals, or similar, but the effect is the same).
There are situations where the computers on desks aren't just document-editing dumb terminals, though. They are genuinely used by the employees who work with them as general purpose bits of hardware that help them solve problems. Research groups, software developers, tech support shops, labs, hell, even creative places like design studios, visual FX teams and so on. In shops like that, you're supplying every user with computer equipment to help them do their job. If they want to replace the OS to do their job better, woe betide any sysadmin standing in their way. If an ad agency's client wants a particular visual effect, and the cheapest way to do it is to install Linux, so you can run some bit of software off sourceforge, then you're not going to make yourself popular if your first reaction is to cut the guy's network access off mid download, and send down the two heaviest helpdesk guys to cart the computer away.
I worked for a long time in a company where I felt the sysadmins had a near impossible job. Half the staff in the company were running multi-boot systems with development Linux kernels, betas of MS operating systems, and running their own web servers, SMTP servers, hell, even setting up their own NT domains. If the sysadmins had stopped people from doing this, then the company's main activities would have come to a grinding halt. That the sysadmins managed to run a network that allowed this kind of anarchy on one level, while ensuring the email always got through and the finance guys could access their SAGE system, was a source of some amazement to me.
Not every company can treat the computers as dumb terminals and dictate how they're used from a helpdesk console in the sky.
The mob I work with is a very large organisation that has ongoing severe financial problems. Think national air carrier for .uk here. Desktops are pure MS with *nix and MS servers in abundance.
Some one in IT has realised the beauty of Opensource, it's cheaper than MS. Cheap is good, saving money is good. Where an open source solution exists that can replace a commercial solution, it is on the desktop. Out went eXceed, in came Xfree 86 on Cygwin. Out went Reflections, in came Putty. And so on.
Several servers are already running Linux and I've heard they are trialling a rack of blades using Linux for something or other. I envisage more servers going over to Linux to save money and more of the desktop converting to Linux or at least Cygwin/Opensource for the same reason.
I want your job...
Windows sucks and it's all they know.
Is General Motors, North American Operations, big enough? Because they are exactly the idiot you describe with only three options for software.
Funny thing is, they run a ton of Sun Servers, most of which break at a fantastic rate, and yet they tell me that Perl is not an approved programming language and I'm not allowed to use it.
I asked them to let me know when they were going to remove Perl from all the servers so I could stay home that day.
They are considering the possibility of allowing some perl installations to exist even though they consider it to be inherently insecure, unstable, non-practical, and not of enterprise grade
Most companies are that stupid and few allow any flexability in the software you choose to use. If you think otherwise, then you haven't been around enough in the entire spectrum of industry in America.
Through the crazy fortunes of the New York IT industry these last couple of years, I find myself heading up a QA team in an office in Midtown Manhattan. They're basically a bunch of out of work actors moonlighting as online product reviewers. So, I untangle the mess my predecessor left (who got fired because it was a mess) and I figure the reviewers should be able to get through X number of products a day. But they're not. I can't figure it out. Then I catch them chatting on AIM or Yahoo IM all day.
So I'm thinking, and decide to wipe their machines and install a nice RH distro on all of them. Set them up with StarOffice, Mozilla, and Samba and hey presto they're doing 50% more products per day now (I'm not naive--I know they're gonna write emails, but it's not the time sink IM-ing is). Furthermore, their old Pentium machines are faster, and I can SSH into their boxes to fix anything that's wrong.
That last bit is key, because the tech dept. at this company is so bad they don't even know what an IP address is. But, they like to spy. There are cameras everywhere, and believe me, they ain't protecting national secrets at this place. So I figure, if they like to spy on you with cameras, they probably also like to spy on your computer. So with linux, no more spyware.
Yep, stealth linux works for me.
Do what you can, with what you have, where you are.
While I agree that the previous poster is overzealous, there is a kernel of truth in some of what he says.
You are IT. You are present to help workers get their damn work done, not to push some random personal agenda. If you wipe an entire system and kill that employee's work, you are a serious impediment to getting work done
In most companies, the standard OS is hardly a "personal agenda" - and the worker that installs a new OS on his/her computer without authorization is hardly "getting work done".
Most large companies I know don't allow you to keep your work on your local machine, as it makes all kinds of problems for backups, upgrades, and hardware trouble. Instead employees save all of their work to a central fileserver, which gets backed up on a regular basis. Re-imaging a machine is not a big deal. Even the place I work now (total of 20 employees) does this.
WTF does the OS have to do with this?
If the sysadmins don't know Linux, then they won't be able to fix the breakin.
I agree. Most users do not like to waste time on a piece of machinery when they know that they have legitimate work to do. Frankly, as you pointed out, most of them do not have what it takes to install, configure, and support it.
I am the network engineer for a manufacturing firm, and I can tell you that (not counting the guys in production lines) our office workers could probably handle cut-and-paste on a good day. So I get to teach them how to add a printer while doing other system and network admin stuff.
This is a guesstimate, but I have installed Linux (and some *BSD) boxes at various job sites without managements knowledge or permission, often on 'surplus' hardware (someones old PC sitting in a closet), for about 8 years now. Only about 1 in 60 of these was in some way countable by outsiders.
/etc/hosts file -- which was a comment. I think it was every 30 or 60 minutes or something. Years later, I was talking to a friend of mine who worked at a site that housed one of the root servers, and he was in a position to count how many of these queries came in...there were HUGE numbers. What is interesting is that we found that older versions of Red Hat also had this odd DNS behavoir, but that newer versions of RH and Slackware did not. So this was an interesting method of counting older installs of a few types of linux, but in the end not effective.
This starts to be the question, how is Linux counted? Three broad categories: media sales, net scans, and installation reports.
Media Sales - simple count up the sales reports from major vendors. Using this method alone, one would get an unrealisticly low estimate of Linux users. Though I have installed Linux on over 250 machines, I have only purchased CDs from a vendor twice (OpenBSD 2.7 and Slackware 3.3). I have purchased CDs from other sources: flea markets, computer stores, etc - but these are not 'official' pressings and probably are not counted.
Net Scans - Netcraft does a srvey to see what OS / web server various sites are using. WHile this is handy, a lot of the servers I have installed have not been accessible to the outside world, for security reasons. Ones that are available to the outside world have a limited number of services running, and a firewall (usually the Linux machine itself) for access control. So this still isn't accurate.
Installation Reports - Various OSs request permission to inform a central location of a new Linux installation upon the installs completion. The ease of this process varies quite a bit. I used to never report, out of general paranoia, but I have started to in the past few years. I think we all should. I also think that there needs to be a standard method on installtion counting and reporting: some way to determine if a specific install is actually an upgrade, a switch, or whatever, and a way to protect users' privacy, but give some good statistics about the install. For instance, it would be great to report the platform (including CPU type & speed, memory, HD space, peripheral cards) and even the package selections. I know this is what redhat does with their RH network stuff, and though some people may find it annoying and opt out it does provide useful information to help developers and businesspeople in their decisions about where to concentrate support resources.
Here's an interesting bit of historical trivia: Back years ago, mayb 1996 or so, I was running tcpdump and noticed some very strange DNS queries. Every so often my Slackware machine would query to root servers for what turned out to be the last line of my
Where I work (big shop 4000+)there is a "cold turkey" project that is a pilot for those interested in running linux. This is to work out any kinks in the original linux on the desktop plan. The bean counters here understand that buying windows and MANY other microsoft products is costing them A LOT of money. Of course you can't do everyone "cold turkey" but a SMART CIO Cxx has a OSS game plan.
this sig is deprecated
honestly... we don't have 100k desktops and those
desktops we have are, yes, w2k... but I am allowed
to run virtualpc. I load up freebsd and put it into full screen mode. 200 days uptime and I get all the stuff I want *and* I'm (local/virtual) root. I'm happy, the w2k standard is still in place, etc.
Yes, some places are more open to alternatives... because they are scientific, research, educational, etc... other places are businesses where w2k cybercops think pushing policy is better than sex.
I don't care if anyone else runs unix/linux -- but I *do* care about MS trying to make open source / unix / linux be illegal (ie: legislation, drm, licensing, etc).
This whole line about having to buy a license if you use linux to access terminal services or citrix is very very very very very wrong.
I have been using Linux for years on the desktop. I started by moving my Windows needs to a VMware session and lately, moving to CrossOver Office.
Now the developers are starting to ask how to create the same setup.
Our company is only about 300 users...but I have worked for Fortune 500s before - and while they tend to be slower in implementation of good technologies, the fact that we are starting to see users outside of the Infrastructure group want to run a *nix as their desktop tells me that it should not be long before the larger companies follow suite.