Or
How To Get Approval For A Linux Desktop In A Windows Server Environment

This week has been a busy one for me, both at work and at home, but I’m going to write about the work aspect.

I ended up getting permission, if only in an surreptitious way, to do something I’ve wanted to do for a very long time but never thought I could get away with – I’m going to install Linux on my computer at work.

This may be a long story, but for those of you out there who consider Bill Gates to be the AntiChrist, or who just plain chafe at having to work with a flawed and vulnerable operating system when there are so many out there that are much better, and against all better judgment suffer at work by using Windows, this might be inspirational, and a roadmap for affecting change.

About five years ago, corporate send out a network engineer to install our new server, to replace some of our older machines, and to dump our old peer-to-peer network and hook us into a real WAN with Internet access at every desk. I got a brand new, 700 MHz machine running Windows NT – not top of the line for the time, but one of the faster machines in our office, because I was authorized to have AutoCAD. I also got to meet with Dane Hershberger. I hung over his shoulder every chance I got, asked a lot of questions, and later, after he got everything set up and left, I found out that I had been flagged as the local IT guy, complete with local administrator permissions (which in my opinion, were more like a power user than an administrator.)

For years Dane and I had frequent conversations, particularly about the corporate computer policy (which he wrote), that placed strict limits on what software could be installed on a company machine. I got tacit permission to experiment with any software I found useful, as long as I observed the appropriate licensing requirements, and I ended up submitting quite a few examples of useful applications I had found, all freeware or open source, which Dane posted for download on our intranet. The corporate IT people knew me well. I was also regarded with some suspicion – having been placed in the “knows enough to be dangerous” category, and being relatively open about my password-cracking and network probing past. I may have been the only person who got away with installing a hex editor and disassembler on my machine. Along the way I also became acquainted with one of the other systems engineers – Rayna, initial last name unimportant because she ended up becoming the bride of Dane (that lucky bastard!)

For a long time everything was comfortable. Problems got solved, and I was tolerated. I tested my limits, sure, but I was bound by the knowledge that if anyone ever uncovered traces of serious network abuse, I was guilty until proven innocent. I probably knew enough to get into places or do things that I wasn’t supposed go to or do, but I wasn’t confident in my ability to hide all the traces of where I had been or what I had done. I remember well the time I came into my office and found the visiting Dane and Rayna sitting at my machine and just shaking their heads with mixed dismay and interest. I got the impression that if the machine had belonged to anyone else, it would have been immediately boxed up and sent in for an OS reinstall. One thing I established well – they were both totally opposed to anything Linux.

But about a year ago, in the midst of some serious corporate overhead slashing, Dane and Rayna quit and moved on, and corporate decided to outsource. I immediately researched the new IT company, and in particular the names of the few who showed up in our address book as belonging to IT – we not only got an offsite Help Desk, we got a few new employees working at corporate headquarters. I was particularly disturbed that I couldn’t find any poop on our new network engineer – no personal website, and no postings on technical message boards using her real name. She was either really, really tech-savvy, or she was a just a tool that I could dance around. I had to err on the side of caution (and a damned good thing I did, too.)

I tried to establish a rapport, sort of like the way two modems handshake. I included her in my now routine submissions – security advisories, workarounds and fixes I had discovered (like how to get VPN working in NT), and I knew she was party to the reviews and suggestions I occasionally sent to the IT Steering Committee. But not a peep out of her. So she remained The Big Unknown. I’m sure she has been busy trying to understand and fix the personal handiwork of Dane, who, although he was good, had his own personal quirks, and was pretty much obliged to patch things instead of going back and redoing the hasty network setup that had been thrown together.

Apparently, things are so nonstandard in our network that other outsourced employees have been deployed to headquarters. I found this out this week in the course of pursuing a fix for my now outdated and overloaded computer.

My machine (yes, it’s still the same one I got those years ago, although I am next on the list for upgrade) has repeatedly butted up against the limits of its configuration. NT was installed on a front-end 2 GB partition of a 10GB hard drive. Long ago I decided to install any new applications on the second partition, but the first has gotten pretty full with security fixes (which I installed religiously while NT was still being supported), user profiles, Exchange folders, network monitoring software (now that’s a story in itself!), browser plugins, default-to-C-drive software, and the like. I’ve dealt with it on a patchwork basis myself, but finally it got to the point that Something More had to be done. I called the Help Desk, described my problems, and was astounded at their suggestion – use Partition Magic.

That’s funny – last year I saw PM on sale, $0 with rebate – and purchased it because I had heard such great things about it, and although I have addressed the same problem at home by reinstalling (I now have nine partitions on my main home computer), I had an eye on using it at work. I never tried it because I didn’t want to run software, especially privately-owned software, that performs such an elemental task without testing it first on something less significant than my primary work tool. The last thing I expected was a recommendation to use it from my own IT department. I eagerly set about doing so. I faithfully backed up my entire hard drive, loaded PM, and ran into a wall.

I’ve provided plenty of support for our network deployment of Norton (or Symantec) AntiVirus, so I was pleased and confounded to find that my client was now configured so that the user couldn’t turn it off. Someone’s been diligent – bringing our network machines under better management – but it didn’t help me, the somewhat talented maverick, when I needed to shut off all processes (I used to call them TSRs) that run in the background. So I called the Help Desk again. I re-enabled the corporate trojan (DameWare) to allow it to run, and reset the configuration to make it more interloper-friendly, and invited IT in to shut the antivirus client off. Our offsite office couldn’t do it, so I got referred to corporate, but the first person I talked to also couldn’t do it. (Did I undo everything I had done before to cripple it? Oops, better re-enable it in the hardware profile!) I was again referred, and soon got a message from The New Guy.

Said TNG send an email expressing his reservations for the whole scheme and making a few specific points. I answered him, addressing his concerns with great restraint, in a way that I hoped revealed my less-than-bumbling-idiot appreciation for the points he had raised. Apparently I was successful, and not totally offensive, because we ended up engaging in a dialog that lasted several days, whereby I found him accepting of me and my views. He expressed appreciation for my “going through the right channels regarding this issue.” (Hmmm… so my restraint was noted and encouraged – this is an adroit administrator.) He had also had read my IT Steering Committee comments, and echoed sympathy for my subtle push to rid ourselves of Microsoft hegemony. This was great – I was finally being treated with some respect and empathy from the new Powers-That-Be at corporate IT, but I was probably pushing it when, after my initial PM run, I noted ruefully that there was sufficient disk space left to install another OS, and spat off another email saying so, and included a mechanical (read: hopeless) justification for why testing a Linux workstation on a Windows network was a good idea:

I’ve often wondered, support issues aside, whether it was even possible to get a Linux desktop workstation to work with the Corrpro network – to interact with the Exchange Server, network partitions, centrally managed antivirus, etc. I was wondering if, just to answer such theoretical questions, I could be permitted to give it a try on my own time? Just think of it as a test bed. I could report on the difficulties I encountered, and then IT would know how practical the concept of running some clients would be. Think of the pace of software development right now – there are already applications that have been developed that are only available for Linux. In the future, or maybe even now, there could be specialized technical applications that we, as an engineering company with at least some R&D capacity, might want to be able to use. If anybody put in a request to try it to IT, right now all you guys can say is no, because you don’t know whether it’s even possible.

And think of the line you guys could put in your resumes:

“integrated Linux workstations into a native MS server environment”

Of course, my project would be entire self supported. If it doesn’t work, you’ve learned something right there.

To my surprise and delight, I got the following response:

I am ok with you trying this … My caveat being that your manager there is ok with this too. I don’t want to get put in an awkward situation where down the road someone gets pissed at IT cause they told you to load Linux and now you can’t get any work done. ;) From what you said before though, you have another machine you can use if need be so it should be ok.

As a longtime (4+ years) Linux user in a corporate environment, I can tell you where the big problems will lie:

* Getting your Linux box to use active directory for authentication is not easy, and doesn’t seem to always work well.

* Evolution isn’t Outlook, and you have to pay extra for the Exchange connector anyway so that is a net loss of $50.

* Network drives aren’t quite as easy to use as they are in Windows.

* Network printing can be a bitch, or can be simple … depends on the printer really.

* Won’t be able to integrate any Anti-Virus, which in the short term I’m not that worried about, but long term I’m not sure what the solution would be.

Now that said, things are probably much better since they were 2 years ago when I had this setup at my previous job. I basically ended up requiring VMWare and to always be running an XP box inside my Linux environment. Of course a lot of that was because I had to be able to support the Windows network.

So give it a try, but lets keep this between us and your manager for now since I am out and haven’t spoken to anyone else on the team about this yet. :)

Assuming we ever get the backlog of tasks needing to be complete in IT to a much smaller number, I will be doing something similar. There is just so much going on right now and in the foreseeable short term future that I just can’t afford to do it yet. So I’ll be curious to hear your results!

What distro are you thinking of starting with?

Longtime Linux user? Pointers? Doing something similar? What distro??? I’m in heaven! I’ve found a kindred soul!

My PM repartitioning, run in DOS mode straight from the CD, seemed to work fine – I now have some room to breathe, and 4 GB of unformatted space on the tail end of my hard drive. A backup machine spent most of today downloading the FC4 iso’s, which should by now be stored on the network drives. Unfortunately, I can’t just bring in my copy – it’s on DVD, which my machine can’t handle.

You know, looking back at my past posts about Corrpro, there’s no way of evaluating just how much my feeling of disassociation that I had with the new IT guys colored my disaffection. I never mentioned it during that chaotic period between my finding out that my boss was leaving and the formalizing of our new organizational structure, but now that I’ve seen the light, it must have had a big impact. Just watch how I knock down the obstacles in my way, and see my morale improve!

Oh – hope posting all this doesn’t sour me.

Posted by Greg as Networking, OS, Posts About Me at 16:05 PST

6 Comments »