Ubuntu On The Business Desktop

rchapman wrote to mention a Mad Penguin story about a consultant who installed Ubuntu on his work PC, and managed to use it for over a month before his boss even noticed. From the article: "This is not a typical review, because you've read enough of those. Instead, lets pretend I'm a typical worker, who just happens to have a soft spot for Open Source software. I want to use Linux, but I have a job to do. The price of Freedom should not be my salary. I don't have time to fiddle, all I care is whether or not it can do what I want, right now. So what do I want out of my system?"

I worked at a place one

[saskboy]

One time I went to fix someone's Windows computer at work. I found it to be very different from the standard machine image, it was missing something like Microsoft Word. He mentioned that he'd installed linux on the machine, and put Windows back on himself. I didn't know what to do, so I told my boss what I'd seen, and it turns out tinkering with the software in that way, at this company, was a big no-no. I don't know to know what happened to that employee, but thumb screws might have been involved.

Before you tinker with a work computer, ask! You won't like the answer, but there won't be any thumb screws.

Re:NT AD or Domain?

[paranode]

There's an app called winbind that is used with Samba and it can tie you into a Domain using Kerberos tickets. Pretty neat.

More info:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Co llection/winbind.html [samba.org]

Haven't used Windows...

[eno2001]

...on my desktop for about five years here at work now. To be honest, if you know what you're doing with computers, there's no reason to stick with Windows on your desktop in a Windows environment. For those apps that you HAVE to have, there is Wine and 'rdesktop'. When I need to do some Windows admin stuff, I just connect to one of our servers with 'rdesktop'. And I got most of the basic apps installed under Wine if there was no Linux equivalent. Linux gives you everything you need and more than Windows ever could. And of course uptime and reliability... we won't talk about that. Suffice it to say that when my Windows using co-workers are scrambling to apply critical updates, clean up worm/virus issues and griping about malware, I'm always up and running without a glitch.

Um, Well

[Anonymous Coward]

It should be noted that by default, Windows Server 2003 is configured to allow unencrypted connections.

Well, if you don't check the box that says 'require encrypted connections' when you set it up.

Now, lets rewrite that to the actual truth.

'It should be noted that by default, Windows Server 2003 does not allow VPN connections at all. Once you enable remote access, you actually have to spend 1.3 seconds to turn encryption on.'

http://www.multihack.org/downloads.html [multihack.org]

Re:2560x2048 ?

[Janek Kozicki]

2560x2048 spread across 2 monitors? I hope he means 2560 x 1024 .. Otherwise that'd be one helluva 17" LCD monitor!

I guess that he is speaking about virtual desktop. Probably he has two 1280x1024 monitors. But 2560x2048 would also work with two 800x600 monitors :>

Re:Ubuntu hype

[AKAImBatman]

In my experience, there is only one app that makes it impossible for the companies I've worked at to switch over to an alternative OS: Microsoft Access.

Love it or hate it (mostly hate it), it lets companies quickly create interfaces to larger databases. It's so simply and easy to do, that many developers don't realize (or perhaps care) that they'll be paying heavily for their choice later on when either their needs scale beyond Access, or Microsoft releases a new (usually incompatible) version.

Sadly, just about everyone I've spoken with has considered Access support to be unimportant to office conversions. "They should use a real database," they say. While that's a fine stance to take, that doesn't help companies that are already relying on MS Access. And if you take the emulation route to get Access support, you might as well just run Windows in the first place.

It's really too bad that the Access format is so widely ignored. Much of the groundwork [sourceforge.net] has already been laid for reading/writing the format, and StarOffice/OSS have a real chance to make Access work correctly. IMHO, managers given the opportunity to use their existing Access applications on a better platform would jump at the chance to save money and support calls.

I did the same thing last January

[digidave]

After installing it an IT guy noticed and my boss got a bit of shit for what I did and I was asked to justify using Linux. I'm a Linux programmer, so that got solved very quickly.

We use DeskNow (http://www.desknow.com/ [desknow.com]) for email and collaboration so Exchange connectivity was never a problem. Luckily we have a lot of sales reps who don't have a company computer, so at minimum we'd have to have OWA running for them even if we used Exchange. I still don't authenticate with the AD server, but that doesn't really present a problem for me and if it does, I'll figure out how to set that up. Because I'm on Linux I don't even have an AD user, so right now my only problem is accessing the shared drives, although I have never needed to do that. They won't let me dump several GB of server backups there anyway.

I can honestly say that using Linux hasn't caused me any trouble at all. I work with a lot of Excel spreadsheets, but while they're very large (one dataset often is split in several 65000 row files) they aren't very complicated. The one that is complicated works fine in OpenOffice 1.x and 2.0. From Linux it's much easier to manage my Linux servers and test my code. I use Wine to run IE so I can test application web front ends in multiple browsers for the apps that support a web front end.

All in all it's been a smashing success for me. Several people in the office have commented about how much they love my desktop -- how nice it looks and how easy it is to work with different types of files. Even the designers on Macs are impressed. I also got someone else from work to install Ubuntu at home. I just handed him an Ubuntu Live CD and he loved it. After installing the Windows apps like OpenOffice that came with the CD, he took the plunge and couldn't be happier.

Re:I worked at a place one

[meringuoid]

seems as though our network people think that using a Live Linux CD can import a virus to bring a Windows network down. Yes, that's exactly what I was told!

Well, they can. In theory. It would be insane to actually do it that way, mind...

I was also told that using Linux posed a problem in that they 'didn't have tracking tools for Linux so couldn't tell what web sites were visited or what was downloaded or uploaded.' That did sound more reasonable.

That actually sounds less reasonable. Surely they should be logging your internet activity at the network gateway? Isn't that a hell of a lot easier than maintaining spyware on every individual machine?

Re:OO2 separate package

[Anonymous Coward]

OO2 is a separate package from OO1 and the update manager wont automatically change it, I believe the current comes with both installed at the same time(at least the iso I downloaded did). You may need to uncomment the other repositories in /etc/apt/sources.list to be able to stat and apt them.

Re:Exchange integration

[Anonymous Coward]

Brutus [omesc.com] offers a cross-platform MAPI implementation that can connect to Exchange 5.5, 2000 & 2003. They have a screenshot of Evolution using Brutus to connect to an Exchange server via. MAPI, but I have no idea if any support is available for Thunderbird.

Re:I worked at a place one

[skribble]

I work for a rather large corporation. We run many different OS's around here (Well, Windows/Macs) as desktops (Our corporate email system is exchange so Lookou... Outlook I mean is necessary, at least until they update their exchange server) and they are all locked down fairly tightly. That said they have a DMZ for running test machines of whatever nature you need to run including Linux. Additionally I find that if you have a business case for something they are accommodating. For example the other day I wanted to install OpenOffice.org 2.0 (As more people work with OpenDoc, we need more effective way's to work with it, and OOo 2 seems to be a reasonable way to deal). I emailed the person in charge and was given the appropriate rights (temporarily) to install the software. The point being that:

A) Sometimes if you ask you actually can get what you want.

B) That said if you don't have a *real* good reason for doing what you want to do, then you will likely be denied.

Re:Ubuntu hype

[Mr. McGibby]

It's really too bad that the Access format is so widely ignored. Much of the groundwork has already been laid for reading/writing the format, and StarOffice/OSS have a real chance to make Access work correctly. IMHO, managers given the opportunity to use their existing Access applications on a better platform would jump at the chance to save money and support calls.

Decrypting the file format gets you about 1% of the way towards an Access work-alike. Even a working Access work-alike is only 5% of the way towards actually running all the Access-based apps out there. Most of these use a wide variety of COM objects only implemented on Windows. While this is fine for those running open source Access-work-alikes on Windows, it does nothing for us Linux fans living in a Windows based office. I'd love to run Linux at work, but it just isn't going to happen for this very reason.

Re:Ubuntu hype

[AKAImBatman]

Most of these use a wide variety of COM objects only implemented on Windows.

This is different from my own experience. The standard controls are usually the only ones used because:

1) Distributing ActiveX/COM controls is a PITA
2) Access doesn't correctly support the full range of controls. (I've seen plenty of controls that work fine in VB, fail miserably in Access.)

The real holy grail of Access support is the VBA language. All kinds of business logic tidbits are stuck into VBA.

Even if we do consider that ActiveX/COM controls are the real problem, making minor changes to use alternative controls is a lot less costly than rewriting the entire application. :-)

Re:Ubuntu hype

[ajs318]

Um. Have you tried phpmyadmin?

I use it all the time. Of course, you need Apache, MySQL and PHP; but they are all in the package repositories. And once you have them all working, and you are satisfied that your database schema is correct, you can just write your own front-end in PHP, that accesses through a web browser {if it's a corporate environment, you have the advantage of knowing which one} and has your company logo in it and everything.

Apps, maybe, but not OSes

[Brunellus]

The official line at my workplace (an all Windows 2000 shop) is no unauthorized installations, period.

I understand that this greatly simplifies the IT department's user-support tasks, and it certainly helps their security. Too many clueless users adding malware/spyware around here, anyway.

That said, I do run a number of "unauthorized" apps on my desktop:

• Firefox, so I can actually be productive while using the 'net for work. Having one window with lots of tabs is easier than being compelled to use IE (the only "authorized" choice)
• GAIM, for IM. No ads or spyware on GAIM, no worries there.
• PuTTY, so I can ssh to my home computer (handy)
• GIMP, for when I have to clean up drawings

. I think I've been fairly responsible with my choice of software. All are probably more secure than their "authorized" counterparts, and all make me more productive. Some--notably GIMP--I installed without asking anyone because it let me get the job done quickly, on time, and with a minimum of fuss.

I draw the line at installing Linux without permission, though. I'd have to defragment, repartition, install, set up shares and whatnot....it's a hassle, and too much to do undetectably. Never mind the fact that this office uses several proprietary apps that I can't run in Linux, anyway.

Re:I worked at a place one

[daikokatana]

Yes, but this guy had the sense to install a spare HDD for the experiment, thus "Undo" was fairly easy.

While this may very well be, I've worked for a client where the policy did not tolerate you even thinking about installing another HDD.

At said client's workplace, you get a Windows machine, with a default software kit necessary for your job. All other software/tools/utilities you want to install must be cleared by a) your boss, b) boss of the department and c) the internal IT department and will be installed by party c.

Installing your own software, tinkering with machines/hardware in any way has ALWAYS resulted in getting yourself fired on the spot.

Not a very friendly environment, you might think. True, but it helps avoid situations like the one I've seen at another client, where the manager runs around the building screaming "we've gotten word the BSA is coming - delete all your junk right now!!!", after which just about everyone frantically tries to rid their machine from said junk. Half an hour later, the BSA arrived.... oops.... You don't want to know the fine. Or the fine the company which tipped us off got.

Re:I worked at a place one

[networkBoy]

True enough about the BSA. We have automated software audits that run as system, thus as a user (even with admin rights as us devs have) you can not bypass or cancel the audit. If the audit sees software not in it's list of approved software (known freeware &&|| OSS, Site Licensed software, or software the system knows you should have), you are asked to confirm you have a licence. Perodically a LivePerson (TM) checkes that you did not lie, if you did you get your pee-pee whacked (officially, and perminant record). Do it too many times and you will be fired. The rule even extends to shareware. You can't use it if you've passed your free trial (those with unlimeted use, but reduced functinality are fine). All that I agree with, it's a legal issue.

As to Linux, my company does not mind if you install a second HDD and run linux (unless you violate security policy). They assume if you are smart enough to get Linux running on the network to the point of logging in and connecting to the servers, you are smart enough to adhere to the common sense security policy we have. You do, however, loose IT support if you install Linux on the same drive as the IT build of Windows. As it is I've had issues with some security patches killing CygWin, and I was on my own for that as well.
-nB

Re:NT AD or Domain?

[cojsl]

The article references Winbind: "Two hours of installing Kerberos packages, messing around with Samba and Winbind, editing Pluggable Authentication Module [PAM] configuration files by hand, 'net mapping' groups, and more."

My Ubuntu review...

[kronocide]

I had to install some Linux dist on an old laptop with a 700MHz PIII and 64MB of RAM recently. Ubuntu froze at 52% when starting the disk partition program. (End of review.) SuSE, my old favorite, said I had too little memory to run the installation program. (WTF?) I went back to my first dist, Slackware, and discovered to my infinite delight that absolutely nothing has happened to its installation program the last 10 years. :-) It runs like clockwork, and apparently it should run on a 486 with 4MB of RAM as well. _That's_ Linux.

Re:Exactly

[nequeo]

As the author of this article, I'd just like to clarify a few points.

Had I known I was going to be mentioned on Slashdot, I would have left out the speading fonts over my body line (but don't knock it till you've tried it!), thrown in an 'Inconcievable!' or two, and perhaps criticsed KDE, so that the opposing camps of Trolls would tear into each other, and let me quietly slink off back to work with my pride more or less intact.

I wish to say:

You have probably been thinking of cublicles. I saw a reference or two to the PHB. Luckily, I don't have one.

Yes, I have previously worked in the IT departments of large, international companies who run Windows desktops with an iron first. I cannot doubt the efficiency of this system, nor the intelligence of the people who implement it. In fact, one of these companies had an in-house software dev team, and their 'senior developer' was only 19 years old - having been hired at 17.

And certainly, in such an environment, I wouldn't dream of messing with their precious RIS-imaged desktops. Except to add certain users to the Local Admins group when their company-bought Palm Pilots refuse to work with 'limited' Windows accounts. But as nice as the money is, I do prefer a little more freedom in my work place.

So my 'company' is now a 'boutique' IT consultancy. There are two employees. Me, and the 'boss'. My job description is more or less to innovate. I have absolute lisence to do whatever I want to my desktop, and one of the developement servers, so long as I can continue to support our existing clients - who through historical accident mostly use Windows machines. As mentioned in the article, I do this using VNC and 'rdesktop', which is just as good as looking over their shoulder and pointing out where to click.

Since switching my desktop to Linux I have managed to successfully press for LAMP-type projects over IIS/ASP, and convinced several companies who were previously balking at the cost of putting in a Windows server to at least use a Linux machine to centralise and organise their data and backups. Our costs are down, which means client costs are down, which means more business and good will all-round.

Saying the Boss didn't notice for a month was a bit of artistic licence. Yes, the words are true, but I should mention that's because our office is in a converted wharf facility, and we have our meetings in a cafe overlooking Sydney Harbour, rather than in a cubicle or meeting room. Provided he could read all the documents I sent him, and none of our clients suddenly started complaining that I couldn't solve their problems, or administer their servers, there was no reason for him to care what OS I was using.

2506x2048 desktop was a typo. I did mean 2506x1024.

Windows Server Small Business Edition 2003, (I apologize for not specifying), ya know, the Crippleware version, does in fact automatically set up RRAS for you on first install and allow unencrypted connections by default.

Yes, the Slashdot posting was a little one-sided. I was not advocating large scale enterprise adoption of Linux. I was saying that despite a few hassles, Linux could be co-oerced into doing what I needed on a PC, and that perhaps other small start-up companies, who don't currently have any IT infrastructure, might want to consider Linux. As long as they dont need Access, that is.

Nonsense

[Anonymous Coward]

The myth that it's impossible to run Windows without admin privs is just that: a myth.

Yes, I will admit that there are many incorrectly coded 3rd party apps which balk at running in a nonadmin account. But once you know the trick, making almost all of them run nonadmin is easy.

The trick is a basic understanding of the Windows permissions system, and two utilities from sysinternals.com: FileMon and Regmon. Logon as a nonadmin account. Using RunAs (the Windows equivalent of sudo), get these running with admin privs, then fire up your balk 3rd-party app. When it burps, scan your FileMon/RegMon output for ACCESS_DENIED errors (and don't worry when you see BUFFER_OVERFLOW, it does not in this context mean what you were thinking it meant - google Russinovich's blog for details). Alter the permissions on those files such that the nonadmin account has the proper access.

Once you know this trick, it rarely takes more than 15 minutes per app to get things humming along happily in a nonadmin context. Once you understand the basics of Windows' permission system (too many *nix people just get mad and give up when they see it's not exactly the same as their beloved user/group/other read/write/execute system), you'll find this is a snap.

Toss in a little savvy documentation of your findings, and you'll find you have a secure and configurable Windows system. This is no harder or more complex than properly administering linux desktops.

Re:Me too

[Anonymous Coward]

FWIW, one of the developers has finished Breezy (5.10) packages of the final release version.

Stick "deb http://people.ubuntu.com/~doko/OOo2 [ubuntu.com] ./" in your sources.list and it'll upgrade your pre-release to final (with one small bitch about a package being needed, but since its just replacing pre-release with release counterparts, I ignored it :-)

Found this on the Ubuntu Backports forum, don't know if it'll be included in the Breezy Backports repository when it starts up properly or whether it'll just stay as a developer package.