The company i work with allow any OS to be installed. With a caveat, because we are heavily invested in the Windows eco system using office 365 and Microsoft Dynamics Nav and sql server, Ms AD. With that said, if you use that software for more than 50% of your work time we recommend Windows. But otherwise it is still the employees choice and if you are completely comfortable running windows in a VM, go for it. IT won’t give you endless support if you have too many issues with your VM. If we loose to much time and you are not proficient enough in macOS or Linux then we just give you a windows machine.
we not only allow it, we enforce it. windows not allowed in my company
Same here. Linux only shop. It is fairly awesome and part of the reason I’m staying. I’ve never worked at a company that managed the compromise between following security procedures required by customers and not pissing off their engineers this well.
Same at my company.
My favorite bit was when the Microsoft rep sent a PDF explaining how much the company would save from tech support to the CFO, bypassing the CTO they were communicating with.
And the CFO shared the whole thing publicly for the entire company to laugh at.
I’ve had Linux 3 jobs in a row so I’ve been lucky that way, it usually helps to match production so that’s a good argument for it.
Our software is officially supported on Windows and Linux. For some reason our chief product uses a Mac, so we support that unofficially. It can be quite a hassle to keep our code compatible on those platforms and Build Bot often gets angry when I open a pull request, but boy is it nice to be able to use whatever OS I like for development!
90% of my work is done in WSL anyways… I would much rather have KDE as my DE than Windows 11. Please Microsoft, if you love Linux so much now, port Office to it, and maybe my employer would be ok with it.
I work with data management / data brokering at a university. I am not allowed to have a Linux machine. I have to use a virtual environment.
My solution is to host a virtual machine with my dev workstation, and use Windows or Mac for business admin stuff like email, slack, etc.
I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.
Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn’t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.
There’s also permission management through group policies on Windows to manage which kind of user can do what on their system.
Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality’s sake, it’s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.
I would love to hear if anyone can offer solutions to these problems.
Office 365 […] i know we can use the web version
tbf, this isn’t the only software related problem. a lot of companies also use specially developed software that doesn’t have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools
I should’ve mentioned I’ve been practically only in IT companies. We never really had speciality software of any kind. In fact I could’ve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasn’t ported to Linux yet.
But the things I’ve mentioned were what was holding the company back from giving me a Linux machine.
tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software
Oh yeah. That’s even worse because sometimes the machines outlive the computers and software and then you’re stuck maintaining a Windows 95 machine because the software was developed for that OS and the company has since came up with new machines with new software and they don’t support your machine anymore.
Depending on the company you work at you can actually still encounter testing equipment built during WW2 because “it still works”
KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)
Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?
selinux or alternative is your friend here.
Outlook owa pwa is 99%
The rest of the apps sans access work 99% in wine.
Google docs works great
Run NixOS don’t give em root or nix-shell. They can’t install anything you don’t allow.
Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.
Tailscale VPN.
My current employer is a first for me:
- engineering essentially have to use Macs. Windows is accepted but not supported
- all products are built and hosted on Linux, both cloud and on-prem
Workstations/laptops at my current job in order of popularity: nixos, arch, macos. Windows is around 2%.
I’m glad that I’ve never had to rely on windows at work. It’s been linux all the way even when it still had a lot of rough edges.
It was still way ahead of WfW or 95 though.
I’m still surprised people still use the term sysadmin.
What term would you use?
I miss the term sys admin.
Now it’s always something like “devops scrum hardware master” or some bullshit.
Techwizard
nerd
SRE is what all the cool kids are saying these days
I don’t have windows allowed on my job, thanks god
The build team will not allow a single line of Windows code to infect their pipelines
But they’ll use Azure devops 🧠
My employer allows Linux - only a customized version of Fedora that’s preconfigured to handle our environment, including certificates (802.1x, browser client certs, etc) with automated renewal, endpoint management software, deployment of settings using Chef, etc.
We have a few internal apps built using React Native though, which is only available on Windows and MacOS. There’s been some Github repos trying to port React Native to Linux but nothing that’s production-quality yet.
It’s funny working at a company that doesn’t allow Linux on a workstation, but is also actively developing and deploying tons of Linux-based products…
I think the real reason is that their MDM cant lock down a Linux machine the way it locks down a Windows or Mac machine…
We added a second disk and installed Linux on an encrypted partition. BIOS was not locked so we could dual boot.
When we return the machines we remove the disk.
We don’t even have Firefox at work.
Only options are Edge and Chrome.
Blame their DoH for killing FF deployment in the enterprise. Companies don’t like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.
Those are definitely acronyms.
(this is a bit of an oversimplification here to explain)
DNS over HTTPS and DNS over TLS.
UDP DNS (the original stuff) can be monitored and managed. DoT can be blocked and force UDP DNS.
DoH uses regular web traffic ports, so it can’t be blocked by admins easily to force an acceptable use policy. It poses risks to enterprise deployments.
Most use UDP DNS (some may use DoT plus another bit called DNSSEC for enhanced security, but it’s really uncommon IMHO).
So Firefox using DoH means it’s problematic for enterprise IT. Now if there are enterprise policies on the PC, it should be disabled in Firefox by default, and there are multiple ways to manage deployments…
But that also translates to extra work for IT vs other options.
Wait, are you saying there’s a way to tell Firefox to use a different DNS server than what’s specified in the interface configuration?
BTW, thank you for the explanation, makes sense now!
Exactly that. And it looks just like any other web traffic.
Quite a few things will use their own DNS servers, not the one specified by the system or handed out over DHCP. I know many apps on the fire stick and Roku devices do this. So you have to intercept their traffic and redirect it to control it. If their using DoH then you can’t do that and your pihole is useless against them.
Best you can do is maintain a list of well known DoH servers and block them outright. But that’s a constantly moving losing battle.
Right, it just downed on me that DNS is nothing more than another application layer in the OSI model. Thanks again!
Nah, companies can just disable DOH if they want using GPOs.
https://github.com/mozilla/policy-templates/blob/v5.8/docs/index.md
