this post was submitted on 07 Mar 2024

544 points (96.7% liked)

linuxmemes

25111 readers

1075 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".

Don't get baited into back-and-forth insults. We are not animals.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn, no politics, no trolling or ragebaiting.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.

5. 🇬🇧 Language/язык/Sprache

This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸

Comments written in other languages are allowed.

The substance of a post should be comprehensible for people who only speak English.

Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.

6. (NEW!) Regarding public figures

We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.

Keep discussions polite and free of disparagement.

We are never in possession of all of the facts. Defamatory comments will not be tolerated.

Discussions that get too heated will be locked and offending comments removed.

Please report posts and comments that break these rules!

Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

founded 2 years ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world

rtxn@lemmy.world

544

Don't have this problem to be honest, I'm the sysadmin 😁 (lemmy.dbzer0.com)

submitted 1 year ago by 0x4E4F@lemmy.dbzer0.com to c/linuxmemes@lemmy.world

53 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] cyborganism@lemmy.ca 30 points 1 year ago (3 children)

I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.

Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn't want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.

There's also permission management through group policies on Windows to manage which kind of user can do what on their system.

Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality's sake, it's best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.

I would love to hear if anyone can offer solutions to these problems.

[–] troyunrau@lemmy.ca 8 points 1 year ago (1 children)

KDE had a policy editor back in v2.0... honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I'm not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder... Someone with more network admin experience probably knows this :)

[–] cyborganism@lemmy.ca 3 points 1 year ago

Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn't possible to installs Snaps or Flatpaks without root permission?

[–] linearchaos@lemmy.world 6 points 1 year ago

Outlook owa pwa is 99%

The rest of the apps sans access work 99% in wine.

Google docs works great

Run NixOS don't give em root or nix-shell. They can't install anything you don't allow.

Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.

Tailscale VPN.

[–] knorke3@lemm.ee 4 points 1 year ago (1 children)

Office 365 [...] i know we can use the web version

tbf, this isn't the only software related problem. a lot of companies also use specially developed software that doesn't have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools

[–] cyborganism@lemmy.ca 3 points 1 year ago (1 children)

I should've mentioned I've been practically only in IT companies. We never really had speciality software of any kind. In fact I could've done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasn't ported to Linux yet.

But the things I've mentioned were what was holding the company back from giving me a Linux machine.

[–] knorke3@lemm.ee 2 points 1 year ago (1 children)

tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software

[–] cyborganism@lemmy.ca 2 points 1 year ago (1 children)

Oh yeah. That's even worse because sometimes the machines outlive the computers and software and then you're stuck maintaining a Windows 95 machine because the software was developed for that OS and the company has since came up with new machines with new software and they don't support your machine anymore.

[–] knorke3@lemm.ee 2 points 1 year ago

Depending on the company you work at you can actually still encounter testing equipment built during WW2 because "it still works"

[–] steventhedev@lemmy.world 23 points 1 year ago (1 children)

$previous_job allowed us to pick. One of my coworkers had to replace his laptop, and I convinced him to try out Linux this time. I handed him the bootstrap script and he was back to working by the afternoon.

Our CEO got wind of this and said as a matter of policy everyone is switching to Linux unless they have a good reason (needing excel for financial reports is a good reason). The two new hires who had been setting up their dev environment for over a week at that point were the trigger for this.

[–] lemmesay@discuss.tchncs.de 5 points 1 year ago

keep spreading the good word!

[–] sederx@programming.dev 19 points 1 year ago (2 children)

we not only allow it, we enforce it. windows not allowed in my company

[–] Potatos_are_not_friends@lemmy.world 10 points 1 year ago

Same at my company.

My favorite bit was when the Microsoft rep sent a PDF explaining how much the company would save from tech support to the CFO, bypassing the CTO they were communicating with.

And the CFO shared the whole thing publicly for the entire company to laugh at.

[–] TheBat@lemmy.world 16 points 1 year ago (1 children)

We don't even have Firefox at work.

Only options are Edge and Chrome.

[–] blackstrat@lemmy.fwgx.uk 8 points 1 year ago (2 children)

Blame their DoH for killing FF deployment in the enterprise. Companies don't like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.

[–] acockworkorange@mander.xyz 13 points 1 year ago (1 children)

Those are definitely acronyms.

[+] CurbsTickle@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

[deleted]

[–] acockworkorange@mander.xyz 3 points 1 year ago* (last edited 1 year ago) (1 children)

Wait, are you saying there's a way to tell Firefox to use a different DNS server than what's specified in the interface configuration?

BTW, thank you for the explanation, makes sense now!

[–] blackstrat@lemmy.fwgx.uk 5 points 1 year ago (1 children)

Exactly that. And it looks just like any other web traffic.

Quite a few things will use their own DNS servers, not the one specified by the system or handed out over DHCP. I know many apps on the fire stick and Roku devices do this. So you have to intercept their traffic and redirect it to control it. If their using DoH then you can't do that and your pihole is useless against them.

Best you can do is maintain a list of well known DoH servers and block them outright. But that's a constantly moving losing battle.

[–] acockworkorange@mander.xyz 2 points 1 year ago

Right, it just downed on me that DNS is nothing more than another application layer in the OSI model. Thanks again!

[–] lud@lemm.ee 3 points 1 year ago

Nah, companies can just disable DOH if they want using GPOs.

https://github.com/mozilla/policy-templates/blob/v5.8/docs/index.md

[–] danikpapas@lemm.ee 11 points 1 year ago (1 children)

I don't have windows allowed on my job, thanks god

[–] SpaceNoodle@lemmy.world 5 points 1 year ago* (last edited 1 year ago) (1 children)

The build team will not allow a single line of Windows code to infect their pipelines

load more comments (1 replies)

[–] gentooer@programming.dev 9 points 1 year ago

Our software is officially supported on Windows and Linux. For some reason our chief product uses a Mac, so we support that unofficially. It can be quite a hassle to keep our code compatible on those platforms and Build Bot often gets angry when I open a pull request, but boy is it nice to be able to use whatever OS I like for development!

[–] AA5B@lemmy.world 8 points 1 year ago (1 children)

My current employer is a first for me:

engineering essentially have to use Macs. Windows is accepted but not supported
all products are built and hosted on Linux, both cloud and on-prem

[–] tty5@lemmy.world 3 points 1 year ago

Workstations/laptops at my current job in order of popularity: nixos, arch, macos. Windows is around 2%.

[–] AnUnusualRelic@lemmy.world 8 points 1 year ago

I'm glad that I've never had to rely on windows at work. It's been linux all the way even when it still had a lot of rough edges.

It was still way ahead of WfW or 95 though.

[–] Crashumbc@lemmy.world 7 points 1 year ago (3 children)

It's simple, cost. Supporting multiple DE's is expensive. And provides little or no benefit to the company.

It may work at a small company with tech savvy users (like the ones commenting here). But ultimately at a normal large business, is nothing but a hassle that at best makes a few employees happy.

[–] Fal@yiffit.net 4 points 1 year ago (1 children)

Cisco now supports developers running Linux feiw

[–] NateNate60@lemmy.world 8 points 1 year ago

Yes because developers don't call tech support when they've accidentally deleted the Outlook icon from their desktop.

[–] Hestia@lemmy.world 1 points 1 year ago (2 children)

Those few employees are probably going to all be developers, and despite there being a bunch of mathematics and engineering involved, being a developer is very much a creative process. Similarly, I wouldn't begrudge a digital artist for wanting to use a Mac to do their work.

If a developer is asking for a thing, they're not asking for it because they've suddenly developed a nervous tic. There's typically a reason behind it. Maybe its because they want to learn that thing to stay relevant, or explore it's feasibility, or maybe it's to support another project.

I used to get the old "we don't support thing because nobody uses thing" a lot. The problem with that thinking is that unless support for whatever thing immaculates out of nowhere it'll just never happen. And that's a tough sell for a developer who needs to stay relevant.

I remember in like 2019 I asked for my company to host git repos on the corporate network, and I got a hard no. Same line, there wasn't a need, nobody uses git. I was astounded. I thought my request was pretty benign and would just sail right through because by that point it was almost an industry standard to use git. I vented about it to some devs in another department and learned that they had a system with local admin attached to the corporate network that somehow IT didn't know about. They were using that to host their repos.

I guess what I'm trying to say is that if keeping employees happy is too expensive, then you gotta at least be aware of the potential costs of unhappy employees.

[–] sin_free_for_00_days@sopuli.xyz 5 points 1 year ago (1 children)

My last employer had several thousand employees. Some of the IT guys knew Linux, but it wasn't anywhere in the organization. I managed to convince them to let me install Linux on my desktop. They said sure, with the provision that I was not allowed to have a single issue. If I had an issue, they'd format it back. It was a fantastic last 8-9 years at work, as far as computer use went.

[–] 0x4E4F@lemmy.dbzer0.com 2 points 1 year ago* (last edited 1 year ago)

My usual reply to said employees is "if you know how to install and configure a Linux distro, you probably also know how to solve your own problems". Everything else is pretty much deployed over AD, so if you can get to the point where you need admin creds to hook to the DCs, then do whatever you like.

Eventually, all of them failed to even get close to being a part of the AD DC and that is where the story ended.

[–] lud@lemm.ee 4 points 1 year ago (1 children)

learned that they had a system with local admin attached to the corporate network that somehow IT didn't know about. They were using that to host their repos.

That's called shadow IT and is a huge security risk.

load more comments (1 replies)

[–] BreakDecks@lemmy.ml 5 points 1 year ago (1 children)

It's funny working at a company that doesn't allow Linux on a workstation, but is also actively developing and deploying tons of Linux-based products...

I think the real reason is that their MDM cant lock down a Linux machine the way it locks down a Windows or Mac machine...

[–] Flyswat@lemmy.ml 2 points 1 year ago

We added a second disk and installed Linux on an encrypted partition. BIOS was not locked so we could dual boot.

When we return the machines we remove the disk.

[–] dan@upvote.au 4 points 1 year ago

My employer allows Linux - only a customized version of Fedora that's preconfigured to handle our environment, including certificates (802.1x, browser client certs, etc) with automated renewal, endpoint management software, deployment of settings using Chef, etc.

We have a few internal apps built using React Native though, which is only available on Windows and MacOS. There's been some Github repos trying to port React Native to Linux but nothing that's production-quality yet.

[–] BetterDev@programming.dev 4 points 1 year ago

My solution is to host a virtual machine with my dev workstation, and use Windows or Mac for business admin stuff like email, slack, etc.

[–] polygon6121@lemmy.world 2 points 1 year ago

The company i work with allow any OS to be installed. With a caveat, because we are heavily invested in the Windows eco system using office 365 and Microsoft Dynamics Nav and sql server, Ms AD. With that said, if you use that software for more than 50% of your work time we recommend Windows. But otherwise it is still the employees choice and if you are completely comfortable running windows in a VM, go for it. IT won't give you endless support if you have too many issues with your VM. If we loose to much time and you are not proficient enough in macOS or Linux then we just give you a windows machine.

[–] ipkpjersi@lemmy.ml 2 points 1 year ago

I've had Linux 3 jobs in a row so I've been lucky that way, it usually helps to match production so that's a good argument for it.

[–] sleep_walker@discuss.tchncs.de 1 points 1 year ago

I have reinstalled Ubuntu 22 today and I hate it. Only supported release (you can have derivates). And after that, Chrome is the only supported browser, Workspace One for maintenance, Carbon Black as spying blackbox. Evrything what makes Linux the best is crippled for me by incompetence of the admins. My loophole is that Guix is in distribution :)

load more comments