I’m just tired. On the last post about having Linux at our work, many people that seems to be an IT worker said there have been several issues with Linux that was not easy to manipulate or control like they do with Windows, but I think they just are lazy to find out ways to provide this support. Because Google forces all their workers to use Linux, and they have pretty much control on their OS as any other Windows system.
Linux is a valid system that can be used for work, just as many other companies do.
So my point is, the excuse of “Linux is not ready for workplaces” could be just a lack of knowledge of the IT team and/or a lack of intention to provide to developers the right tools to work.
I mean yeah it’s possible, but the reality is that most people in the company will likely want Windows anyway, and use things like Microsoft Office and a heap of other Windows only software. Probably not the developers, but accounting, HR, and so on. There’s also sales but nowadays they demand MacBooks because of status symbol and apparently it sorta matters, at least according to sales.
As an IT department, if you can get away with supporting only one platform and even one model/brand of computer, it’s much easier. Maybe two so sales and devs get their MacBooks. Adding a third is asking a fair bit from the IT department, and it starts adding up to a really rare skillset. I know very few that are absolutely proficient in all three main OSes.
There’s also the compliance aspect. The reason my current company can’t support Linux users is InfoSec/compliance. Not because Linux is insecure, but because all the standards are written for Windows. You can argue all you want about how Linux doesn’t need an antivirus, tough luck, SOC2, ISO and also insurance policies all explcitly require “controls against malware” and firewalls with every OS held to the swiss cheese security of Windows. So each OS basically requires the InfoSec and IT department to write out unnecessarily detailed procedures and policies about all the security measures, for every OS in use. What antivirus runs, is it a reputable brand, how do you validate that it runs, how do you test that it detects malware, how do you validate and ensures that the incident gets reported, what tooling does the software gives you to establish the root cause and entry point, what exact user action happened that led to the exploit chain, what was the exploit chain, how you’re going to mitigate and clean up after exploitation, how do you know exactly what data was compromised, and so on and on and on.
Right now most vendors support barely support the current version of Windows and macOS (especially macOS, I swear the AV software is always holding back major updates for several months every release). Very few support Linux. So either you have an entirely separate policy and audit for Linux, or you just don’t support Linux.
We’ll see companies open up to Linux when all the vendors also start supporting Linux, and even then, with those that do, it’s a shitshow of only supporting the last version of Ubuntu or RHEL with pinned kernel versions and blatant GPL violations and GPL condoms and binary only kernel modules with no hope of recompiling/adapting them to the current version. The ClamAV trick no longer works, auditors now want real AV software with the whole exploit chain tracking I described. Which is also why those company computers are so damn slow, much slower than you’d expect. They scanning everything and tracking everything, every process tree, what spawned it, what user action led to it. My MacBook started feeling like a Dell Latitude from 7 years ago once they loaded up all the crapware on it. We had to reserve a whole bunch of extra capacity on the Linux servers just for AV to exist and do nothing because it’s all locked up in containers and SELinux policies and it takes a pretty bad 0day to pwn those.
If I was the IT guy, I would also struggle to even begin to make a case for supporting Linux and justifying the time and cost. I don’t like my OS, but I do my work on it, cash my paycheck and move on to enjoy my Linux machines off work.