Skip to main content.
Friday, March 10th, 2006

Corporate Network Maverick

Or
How To Get Approval For A Linux Desktop In A Windows Server Environment

This week has been a busy one for me, both at work and at home, but I’m going to write about the work aspect.

I ended up getting permission, if only in an surreptitious way, to do something I’ve wanted to do for a very long time but never thought I could get away with – I’m going to install Linux on my computer at work.

This may be a long story, but for those of you out there who consider Bill Gates to be the AntiChrist, or who just plain chafe at having to work with a flawed and vulnerable operating system when there are so many out there that are much better, and against all better judgment suffer at work by using Windows, this might be inspirational, and a roadmap for affecting change.

About five years ago, corporate send out a network engineer to install our new server, to replace some of our older machines, and to dump our old peer-to-peer network and hook us into a real WAN with Internet access at every desk. I got a brand new, 700 MHz machine running Windows NT – not top of the line for the time, but one of the faster machines in our office, because I was authorized to have AutoCAD. I also got to meet with Dane Hershberger. I hung over his shoulder every chance I got, asked a lot of questions, and later, after he got everything set up and left, I found out that I had been flagged as the local IT guy, complete with local administrator permissions (which in my opinion, were more like a power user than an administrator.)

For years Dane and I had frequent conversations, particularly about the corporate computer policy (which he wrote), that placed strict limits on what software could be installed on a company machine. I got tacit permission to experiment with any software I found useful, as long as I observed the appropriate licensing requirements, and I ended up submitting quite a few examples of useful applications I had found, all freeware or open source, which Dane posted for download on our intranet. The corporate IT people knew me well. I was also regarded with some suspicion – having been placed in the “knows enough to be dangerous” category, and being relatively open about my password-cracking and network probing past. I may have been the only person who got away with installing a hex editor and disassembler on my machine. Along the way I also became acquainted with one of the other systems engineers – Rayna, initial last name unimportant because she ended up becoming the bride of Dane (that lucky bastard!)

For a long time everything was comfortable. Problems got solved, and I was tolerated. I tested my limits, sure, but I was bound by the knowledge that if anyone ever uncovered traces of serious network abuse, I was guilty until proven innocent. I probably knew enough to get into places or do things that I wasn’t supposed go to or do, but I wasn’t confident in my ability to hide all the traces of where I had been or what I had done. I remember well the time I came into my office and found the visiting Dane and Rayna sitting at my machine and just shaking their heads with mixed dismay and interest. I got the impression that if the machine had belonged to anyone else, it would have been immediately boxed up and sent in for an OS reinstall. One thing I established well – they were both totally opposed to anything Linux.

But about a year ago, in the midst of some serious corporate overhead slashing, Dane and Rayna quit and moved on, and corporate decided to outsource. I immediately researched the new IT company, and in particular the names of the few who showed up in our address book as belonging to IT – we not only got an offsite Help Desk, we got a few new employees working at corporate headquarters. I was particularly disturbed that I couldn’t find any poop on our new network engineer – no personal website, and no postings on technical message boards using her real name. She was either really, really tech-savvy, or she was a just a tool that I could dance around. I had to err on the side of caution (and a damned good thing I did, too.)

I tried to establish a rapport, sort of like the way two modems handshake. I included her in my now routine submissions – security advisories, workarounds and fixes I had discovered (like how to get VPN working in NT), and I knew she was party to the reviews and suggestions I occasionally sent to the IT Steering Committee. But not a peep out of her. So she remained The Big Unknown. I’m sure she has been busy trying to understand and fix the personal handiwork of Dane, who, although he was good, had his own personal quirks, and was pretty much obliged to patch things instead of going back and redoing the hasty network setup that had been thrown together.

Apparently, things are so nonstandard in our network that other outsourced employees have been deployed to headquarters. I found this out this week in the course of pursuing a fix for my now outdated and overloaded computer.

My machine (yes, it’s still the same one I got those years ago, although I am next on the list for upgrade) has repeatedly butted up against the limits of its configuration. NT was installed on a front-end 2 GB partition of a 10GB hard drive. Long ago I decided to install any new applications on the second partition, but the first has gotten pretty full with security fixes (which I installed religiously while NT was still being supported), user profiles, Exchange folders, network monitoring software (now that’s a story in itself!), browser plugins, default-to-C-drive software, and the like. I’ve dealt with it on a patchwork basis myself, but finally it got to the point that Something More had to be done. I called the Help Desk, described my problems, and was astounded at their suggestion – use Partition Magic.

That’s funny – last year I saw PM on sale, $0 with rebate – and purchased it because I had heard such great things about it, and although I have addressed the same problem at home by reinstalling (I now have nine partitions on my main home computer), I had an eye on using it at work. I never tried it because I didn’t want to run software, especially privately-owned software, that performs such an elemental task without testing it first on something less significant than my primary work tool. The last thing I expected was a recommendation to use it from my own IT department. I eagerly set about doing so. I faithfully backed up my entire hard drive, loaded PM, and ran into a wall.

I’ve provided plenty of support for our network deployment of Norton (or Symantec) AntiVirus, so I was pleased and confounded to find that my client was now configured so that the user couldn’t turn it off. Someone’s been diligent – bringing our network machines under better management – but it didn’t help me, the somewhat talented maverick, when I needed to shut off all processes (I used to call them TSRs) that run in the background. So I called the Help Desk again. I re-enabled the corporate trojan (DameWare) to allow it to run, and reset the configuration to make it more interloper-friendly, and invited IT in to shut the antivirus client off. Our offsite office couldn’t do it, so I got referred to corporate, but the first person I talked to also couldn’t do it. (Did I undo everything I had done before to cripple it? Oops, better re-enable it in the hardware profile!) I was again referred, and soon got a message from The New Guy.

Said TNG send an email expressing his reservations for the whole scheme and making a few specific points. I answered him, addressing his concerns with great restraint, in a way that I hoped revealed my less-than-bumbling-idiot appreciation for the points he had raised. Apparently I was successful, and not totally offensive, because we ended up engaging in a dialog that lasted several days, whereby I found him accepting of me and my views. He expressed appreciation for my “going through the right channels regarding this issue.” (Hmmm… so my restraint was noted and encouraged – this is an adroit administrator.) He had also had read my IT Steering Committee comments, and echoed sympathy for my subtle push to rid ourselves of Microsoft hegemony. This was great – I was finally being treated with some respect and empathy from the new Powers-That-Be at corporate IT, but I was probably pushing it when, after my initial PM run, I noted ruefully that there was sufficient disk space left to install another OS, and spat off another email saying so, and included a mechanical (read: hopeless) justification for why testing a Linux workstation on a Windows network was a good idea:

I’ve often wondered, support issues aside, whether it was even possible to get a Linux desktop workstation to work with the Corrpro network – to interact with the Exchange Server, network partitions, centrally managed antivirus, etc. I was wondering if, just to answer such theoretical questions, I could be permitted to give it a try on my own time? Just think of it as a test bed. I could report on the difficulties I encountered, and then IT would know how practical the concept of running some clients would be. Think of the pace of software development right now – there are already applications that have been developed that are only available for Linux. In the future, or maybe even now, there could be specialized technical applications that we, as an engineering company with at least some R&D capacity, might want to be able to use. If anybody put in a request to try it to IT, right now all you guys can say is no, because you don’t know whether it’s even possible.

And think of the line you guys could put in your resumes:

“integrated Linux workstations into a native MS server environment”

Of course, my project would be entire self supported. If it doesn’t work, you’ve learned something right there.

To my surprise and delight, I got the following response:

I am ok with you trying this … My caveat being that your manager there is ok with this too. I don’t want to get put in an awkward situation where down the road someone gets pissed at IT cause they told you to load Linux and now you can’t get any work done. ;) From what you said before though, you have another machine you can use if need be so it should be ok.

As a longtime (4+ years) Linux user in a corporate environment, I can tell you where the big problems will lie:

* Getting your Linux box to use active directory for authentication is not easy, and doesn’t seem to always work well.

* Evolution isn’t Outlook, and you have to pay extra for the Exchange connector anyway so that is a net loss of $50.

* Network drives aren’t quite as easy to use as they are in Windows.

* Network printing can be a bitch, or can be simple … depends on the printer really.

* Won’t be able to integrate any Anti-Virus, which in the short term I’m not that worried about, but long term I’m not sure what the solution would be.

Now that said, things are probably much better since they were 2 years ago when I had this setup at my previous job. I basically ended up requiring VMWare and to always be running an XP box inside my Linux environment. Of course a lot of that was because I had to be able to support the Windows network.

So give it a try, but lets keep this between us and your manager for now since I am out and haven’t spoken to anyone else on the team about this yet. :)

Assuming we ever get the backlog of tasks needing to be complete in IT to a much smaller number, I will be doing something similar. There is just so much going on right now and in the foreseeable short term future that I just can’t afford to do it yet. So I’ll be curious to hear your results!

What distro are you thinking of starting with?

Longtime Linux user? Pointers? Doing something similar? What distro??? I’m in heaven! I’ve found a kindred soul!

My PM repartitioning, run in DOS mode straight from the CD, seemed to work fine – I now have some room to breathe, and 4 GB of unformatted space on the tail end of my hard drive. A backup machine spent most of today downloading the FC4 iso’s, which should by now be stored on the network drives. Unfortunately, I can’t just bring in my copy – it’s on DVD, which my machine can’t handle.

You know, looking back at my past posts about Corrpro, there’s no way of evaluating just how much my feeling of disassociation that I had with the new IT guys colored my disaffection. I never mentioned it during that chaotic period between my finding out that my boss was leaving and the formalizing of our new organizational structure, but now that I’ve seen the light, it must have had a big impact. Just watch how I knock down the obstacles in my way, and see my morale improve!

Oh – hope posting all this doesn’t sour me.

Posted by Greg in Networking, OS, Posts About Me

6 Comments »

This entry was posted on Friday, March 10th, 2006 at 16:05 PST and is filed under Networking, OS, Posts About Me. You can follow any responses to this entry through the comments RSS 2.0 feed. Both comments and pings are currently closed.

6 Responses to “Corporate Network Maverick”

  1. Michael says:

    Greg,

    I’m a young guy that just started working and don’t want to work for the man my whole life.

    I’ve always been interested in investing, but am trying to be more speculative with a portion of my relatively small investments. I think the pipeline and anti-corrosion business should grow substantially over the next five years and would like to you know your opinion about it if you have the time. I would really appreciate any of your knowledge that you may share.

    I was wondering if you though Corrpro offered an investment opportunity… It is an extremely banged up stock? And I was wondering if you also thought it was a banged up company? It appears that way at the moment, but will it turn around.

    Is Corrpro the best in the corrosion business? Especially with spills and leaks that recently occured in Alaska and the growing pipeline business, is Corrpro a turnaround story that will bring it’s stock’s value and company’s market cap back from the dead to a high flier once again?

    Otherwise, I would like you ask about your expertise in the industry and find out what company’s you think have the brightest future in the growing pipeline business (that is bursting in Canada at the moment)…

    Please let me know what you think…

    Thank you very much,

    Michael Koether
    contact info provided

  2. Greg says:

    If you’re looking for some sort of insider evaluation of Corrpro as a potential investment, I’m afraid you’ve come to the wrong place. I’m just not qualified to speculate, and even if I had information not available to the public, do you think I could reveal it, or even the willingness to reveal it, on a publicly-accessible website with my name emblazoned all over it?

    I can talk about my perspective on the corrosion control industry in general, which is very positive towards growth. Thanks to increasing awareness, more stringent regulations and enforcement, a significantly aging US infrastructure, and the patently obvious fact that maintaining structures is generally cheaper than the capital investment involved in replacing them, corrosion control seems to be breaking free of its previously relegated role of routine, and deferrable, maintenance, and ascending to the forefront of long term, strategic investment. In that regard, Corrpro, with its size, talent pool, experience and established contacts, ought to do well.

    However, I and others have been starting to notice that there is more work piling up than there are corrosion engineers to deal with it. We’re talking about an extremely complex process in scientific and engineering terms, and I haven’t seen any great push from the academic community to propel talented young engineers into this field. Hell, the few states that issued PE licenses in Corrosion Engineering quit doing so just a couple of years ago, and despite the gains that NACE has made in making their education and certification programs more rigorous, a NACE certification still does not hold the same prestige as other engineering credentials, which makes corrosion a less attractive career for new blood.

    So we’re starting to feel a crunch in talent. It takes at least three years to turn an engineering or materials science graduate into a capable field engineer and more than five to produce an insightful technician. To interpret the results of their work, and to spot the anomalies that could lead to serious problems, requires ten or twelve years of experience, if not a couple of decades, and although the market has grown, I’m not seeing people enter the field in greater numbers than before.

    This is going to lead to a real crunch. Hopefully, we in the industry can keep ahead of the curve through outreach and advances in technology, both in detection and remediation, but if we have to resort to slapping standard answers on all the problems we encounter, the exceptions, which could be disastrous, will turn around and bite us in the ass. People can die when we screw up, and the public won’t tolerate that – not that they should.

    With a limited pool of qualified personnel, companies are going to encounter a lot more problems than strategic business planning and clawing for market share. If internal conditions grew too bad at a largish corrosion control company (and I really mean that in an unspecified way – it’s not a dig at my employer), management could come in one day and realize that they’ve lost half their critical personnel and can’t fulfill their contracts.

    So if you’re looking for an interesting, even challenging, career, with good potential for steady advancement if you want to apply yourself, and excellent opportunities for starting your own company, by all means, jump into corrosion. If you want to sink what’s left over from your grocery money into a quick-get-rich opportunity, I’d suggest starting a private law enforcement company over in Iraq.

  3. Ramblings » Blog Archive » And The Walls Came Crashing Down says:

    […] I guess I had anticipated the reaction to even trying to use Linux. I had been thinking that I needed to put it all above-board; to file an official project request for a pilot project, and had been thinking about how to paint the whole thing as minimal or no cost to the company, offering substantial potential reward, and as sure to increase shareholder value as the sun will rise tomorrow. I have worried that I was going to get my new friend into trouble, and that our reckless tinkering was going to get the entire blame the next time the stock price took any dip, and that we would reinforce any reluctance to entertain the idea. **Sigh** […]

  4. Dane Hershberger says:

    My dearest Greg,

    Sigh…you’re still the same lovable Greg. Long-winded and rebellious. Since you found occasion to mention my bride and I, I feel compelled to offer my own perspective on my tenure at Corrpro, thestate of the network when I left it, and the learning I’ve done since then.

    First, I’m glad you have found a flexible IT person at corporate willing to indulge your fantasies. Having someone to at least relate to your skill level and interests is a boon, and finding someone that knows (and cares about) Linux is delightful. You’re right; as a general rule we were opposed to Linux, but I’d like to clarify the “why” behind that. It came down to cost: We were a relatively small IT department, with a very small budget (and no, Linux isn’t *really* free after support and deployment costs are taken into consideration. You know that, Greg.). As such, we needed to play to our strengths. When I came on board, there was no network to speak of, no e-mail system at all, and at best a hodge-podge of peer-to-peer or “fiefdom” domains. Phase I of the network involved rolling out point-to-point frame relay, Exchange servers at all but the smallest offices, and an NT 4.0 deployment that was architected with Windows 2000 in mind. Phase II replaced NT 4 with Windows 2000, and frame-relay with PPTP (yuck!). Phase III abandoned PPTP altogether and resulted in a partial mesh VPN configuration using IPSec and SonicWall firewall/routers. With the changes in the network, the opportunity to learn Linux didn’t present itself. The question I always asked was: can it be done using a Windows solution. If the answer was yes, then introducing Linux was probably not going to happen simply because it didn’t match our skillsets/staffing/budget.

    Since leaving Corrpro I’ve moved on to a much larger company and learned more in 13 months than I did in my last three years at Corrpro. Reflecting back, are there things that I’d do differently at Corrpro if I had the opportunity? Absolutely. Certainly:

    1.) I’d’ve moved heaven and earth to upgrade our e-mail system and consolidate mailboxes onto far fewer servers. For instance, in my current role I’m part of a team responsible for two mail servers, each with 2600 mailboxes (and tight mailbox size limits). No way I’d’ve been comfortable with that without actually seeing it done.
    2.) I’d’ve deployed a more robust firewall configuration at headquarters.
    3.) I’d’ve been much more accommodating to deploying third-party products on servers to meet business needs. Where I’m at now, we have 80 Windows servers, about half of which are application servers, and each of those application servers has multiple apps on it. In large environments, having to contend with apps on servers beyond basic file and print is a way of life. At Corrpro I wasn’t experienced or mature enough to handle it.
    4.) I’d’ve pushed to get Windows XP deployed universally so that we could fully manage (with GPOs) the desktop environment.
    5.) I’d’ve replaced the PPTP VPN solution with SonicWall IPSec.
    6.) I’m sure there are more…

    But there are things I wouldn’t change:

    1.) I still would have chosen a VPN network solution because of the cost delta as compared to frame-relay.
    2.) I still would have chosen SonicWall firewalls. Cost is dramatically lower than VPN and the capability met Corrpro’s needs.
    3.) I still would have insisted on a relatively high bar to justify Linux-based solutions.
    4.) There’s no way I’d’ve knowingly allowed a typical end-user whose primary job is not IT to tinker with a workstation to the point of installing Linux. ;>

    Do I miss Corrpro? Yes, absolutely. I miss being able to travel, I miss being responsible for so many different facets of IT, I miss working with my wife. Would I go back tomorrow if given the chance? Not on your life. First of all, you can never really go back. Second, the company culture inhibited my ability to grow my career; as such, it was time to move on. In the year since I left, I’ve been able to deploy SharePoint, virtual servers, 64-bit Windows, and help develop new standards for server management, among other things. I like where I’m at.

    Even given the things I’d change, I’m very proud of my accomplishments at Corrpro. I have always felt that our entire IT department was able to drag the company kicking and screaming into the ’90s, and that we did it the right way with the tools and constraints we were given. I make no apologies.

    Respectfully,
    Dane Hershberger
    http://www.greatmountain.net

  5. Rayna says:

    Greg, Greg, Greg,

    Well, I’m glad to hear they brought in someone to the lonely IT department that sounds as if they have a clue – because the “Big Unknown” did not…which is probably why they had to get TNG.

    While our friend out in San Diego vilinizes us for “holding to standards” and his crappy system (which I did not configure initially) you do understand that what we let one do, we must let all do and EVERYONE except those perceived to “walk on water” had an old dog for a system thanks to the higher ups.

    Our network was a well oiled machine (more than you know – having worked other places and also being a consultant fixing other’s networks, I can say this with extreme confidence) and would have stayed that way had we not been forced to run on hardware as old as the first CEO himself, to the point where we had to buy parts to sustain them from eBay. It was so bad that I recall our lovely Help Desk Admin shaking the toner cartridge in our printer for the 10th time hoping to get a little more ink out because we couldn’t buy another.

    In regards to someone finally humoring your Linux infatuation, I say shame on him. You can’t go off and let users do their own thing. Like it or not. The only way to keep things uniform (and OMG, believe me, this is SOOO important) is to lay down the law. If you don’t like the law, then apply for a job in Corporate’s IT dept and PROVE there is a better way. So far, I haven’t seen anything about Linux to say it is a better way. I’ve been exposed to it enough in my post-Corrpro endeavours to see how completely unpredictable and unstable Linux really is. While you may think old Bill is the antiChrist, he gives me time to pursue my other responsibilities because the shit just works. There aren’t 10 home-grown flavors for good reason. Results are predictable. Drivers and applications are almost always supported and easy to install, uninstall, and just plain use.

    With that said, we do miss our Aussie friend and rogue user on the East Coast. Hope you’re doing well, man.

    Laters,

    Rayna, the Bride-of-Dane

  6. Ramblings » Blog Archive » Supplicating to the Hershbergers says:

    […] Dane and Rayna Hershberger found recent posts on my blog that seemed to get them mightily indignant, based on his and her comments, which absolutely horrified me, because they’re my favorite IT people on the face of the planet, and I would never want to offend them. […]