Earlier this week my company bought a LIDAR from Ouster. The LIDAR is a network device: it has an ethernet interface, it gets its IP from a DHCP server and then it talks to whichever machine runs the Ouster application.
The engineers and the marketing guy in charge of evaluating it installed the software on a Windows 11 laptop and tried to make it work for 2 days, to no avail. The software simply wouldn’t connect.
So they came to me, the unofficial company “hacker”, to figure it out. And I did: the culprit, as always, was the Windows firewall. Because of course…
But here’s the twist: because it’s Windows, you need some sort of additional antivirus on top of it. Our company uses WithSecure, which is phenomenally annoying and intrusive, and constantly gets in your way when you try to do any work in Windows that isn’t Word or Excel. And of course, WithSecure wouldn’t let me punch a hole in the Windows firewall, because of course…
Anyhow, after trying to work around Windows and the hateful compulsory antivirus, I called IT and told them I needed WithSecure disabled, at least temporarily. They told me to fuck off because they’re not letting an unsecured Windows machine on the intranet.
Fine. I pulled another, older Windows laptop without any antivirus, connected it to an air-gapped router, configured DHCP in the router, connected the LIDAR to the router, launched the Ouster app and… it didn’t work.
After 3 hours trying to figure out what was wrong, I finally found the problem: the stupid app is an Electron app built with an older version of Electron that had a bug in node.js that prevented it from working if it couldn’t resolve some internet address.
Sigh… Electron… Because of course…
This was getting too painful and annoying with Windows. So I blew away the Windows partition, installed Linux Mint on the laptop, configured the ethernet interface as a private interface, installed the DHCP server so I could do away with the router, connected the laptop to the guest wifi so the stupid Electron app could resolve whatever it needed to resolve to work, installed the Linux version of the Ouster app, and hey-presto, it worked rightaway.
So I made an account for the guys in Mint and handed them the laptop. They played with the LIDAR for a few hours without any problem, pulled records and files out of the machine on USB sticks without any problem, viewed some Excel files in Libreoffice without any problem.
Eventually the marketing guy asked me:
“So what was the problem then?”
“Windows of course” I said. “What else?”
“Wow. That Linux stuff is really good. We tried so hard to make this work but we never could. But it worked rightaway in Linux. That’s slick!”
“Well yeah, I keep telling you guys Windows is crap. There are reasons and this is one of them.”
“Yeah I can see why you don’t like it. And that Linux desktop is really nice actually. I might give it a spin at home.”
So hey, I managed to impress a marketing guy with Linux 🙂
It shows how polished Linux has become, if ordinary computer users can be convinced this easily now. It wasn’t like that for a long long time and it feels kind of rewarding to know you bet on the right horse all along and you’re vindicated at last.
What is that fanfiction headass conversation at the end lmao
Maybe it’s just how marketing guys talk haha they can’t turn it off
You need our brilliant product. It will save your business millions!***
*** licensing fees not included in calculation
How do you sell what you did as “it just worked”? Rightaway? You lied to them. You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking. Don’t oversell a workaround as a solution.
Simplifying the problem to “Windows” seems unfair, given how many problems you found. All of them still require a long-term solution for regular operation.
You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking.
Which, at any of my last few corporate jobs, would be grounds for termination, if not immediately throwing you out of the building and telling you if you come back we’re calling the cops.
You really don’t bypass controls in a corporate environment like this if you like working there.
(And yes, not EVERY job will react that way, but any that’s got any compliance requirements absolutely will.)
It is especially damming that they said they can’t turn off the security solution. If they won’t be flexible enough to add an exception then I’m pretty sure they definitely don’t what ghost IT. This could end up costing this company a lot of money down the road
Windows Defender is actually quite good these days. The main reason an enterprise would use a 3rd party AV/Firewall would be centralized management of said av and firewall. If IT needs to install apps and make them work, they also need the ability to manage the AV/Firewall.
Well I’m sure they have very good reason and I’m not questioning them. I’m just talking from a user’s standpoint (and I’m a very poor Windows users): whenever I try to port any of our tools to Windows, wham the damn antivirus kicks in and puts my stuff in quarantine. If I use an engineering application that talks to some device on an unusual port - and I’m talking outgoing traffic, not incoming, wham it’s blocked. And unblocking it requires making a formal request to IT, that whitelists the application, until WithSecure updates itself and forgets about it, and here we go again.
It’s just a complete PITA. You constantly feel like you’re fighting an algorithm with stupidity built in just to get normal, honest-to-goodness work done.
In my experience the over engineered solutions are often the least secure.
This story has nothing to do with why Linux would be any better than Windows. Sure, if you lie to people, then anything can be convincing. What if I had a firewall installed in Linux, wouldn’t you have had the same issues?
This is sort of the problem I have with a lot of Linux enthusiasts, when you have a hammer, everything is a nail.
Compared to Windows and MacOS as a client desktop, Linux still severely falls behind, but it is getting better. For a server, Linux is just far superior.
You think linux doesn’t have a firewall? I’m fairly certain every distribution has one installed and enabled by default.
The real reason linux worked so well in this situation was the local admin rights that came from being a rogue, unmanaged device on the network. I’m sure they could have made windows work if all the group policies weren’t being enforced.
Yes, you have iptables and nftables, but it’s not always enabled. So, when I said installed, I really meant enabled. I 100% agree with what you are saying though.
Unfortunately a lot of places just have shitty IT and people go rogue because of it. Some people are just impatient though as it sounds like in this case.
You also have things like apparmor and selinux. If those are enabled, you might be chasing your tail trying to figure out why something is not working. You would need to know where to look and how to fix it.
As much as I disagree with your last statement (I think Linux for client is on par with Windows for the vast majority of users), I strongly agree with everything else. This wasn’t a Windows problem, but a “your IT is cockblocking you” problem, it could have happened in Linux too if it wasn’t because he used a rogue device, he could have fixed it on Windows too doing the same.
Personally I would have gone straight to Linux because I’m out of the loop on how to do these sort of stuff on Windows. If it had to be Windows, let IT figure that out, their firewall, their anti-virus, their problem.
What if I had a firewall installed in Linux
A previous company of mine, required an “AntiVirus” installed on the Linux computers too.
The one the IT guy installed, ran in the background all the time, doing nobody-knows-what and and slowing down every thing and having multiple segfaults in a minute, shown in the journal.Long after I left, I also saw an RCE vulnerability related to it. So essentially, my system would have been more secure without the app.
It shows how polished Linux has become
Did you read what you wrote?
configured the ethernet interface as a private interface, installed the DHCP server so I could do away with the router
Yeah, you and I can do this. Most people can’t. Yes, Linux has become more accessible. Most people still can’t do this.
And the alternative to doing that is what? This whole story was started because of windows and windows antivirus being inflexible.
All they have to do is learn, like we did. What’s the big deal?
Not everyone has a career where dedicating time to learn this stuff is helpful or worthwhile. There’s a ton of “useful” skills that all of us don’t bother to learn because our time is better spent elsewhere.
Yeah, that includes me. My career has absolutely nothing to do with technology. So, what’s your point?
Maybe the point is that you cannot demand that the whole world knows the same set of concepts as you do. Otherwise just learn to remove cancer by yourself instead of forcing a person that studied decades to get down their trone and do their job
That’s my point. They learned to remove cancer, and yet, can’t remove them all. I learned to use GnuLinux, to make it work, regardless of distro, yet some things just fail. So, again, what’s your point?
What’s keeping anyone from learning anything other than the desire and effort?
You chose to bring up that ridiculous comparison only to confirm what I said. Ran out of hentai to watch or something? 🤣🤣
helpful or worthwhile
Ok, you’re right. I have to agree that it being worthwhile for me doesn’t make it so for others. Can’t disagree with you on that. I’ll down vote myself for not reading your comment with the intent to understand before I replied. And, honestly, thanks for pointing out that I did not really get it, for real.
Hey no worries, sorry for assuming you were taking past me instead of just missing my point! No need to download yourself haha
Sure the front desk secretary can’t but the engineering team can if they use chatgpt and their brain.
The alternative is yielding to the techno priesthood and giving up on your dreams.
Great story. I have found that pretty much everyone I have shown Linux is pleasantly surprised with how nice it is. I think people have an idea of it being a hacker person OS with code running on the screen.
Your IT department sounds awful. I have never heard of “withsecure” but it sounds like a pain in the ass.
Anyway its better not to do ghost IT as that never ends well. Next time you should get the explicit approval of the IT department and document everything.
It was named f-secure before.
Sodomizing IT is always mandatory unless you want to waive the white flag. They will never help you. IT is an invincible enemy, you just have to seal them up in a infinite bureaucratic loop and try to do your work while they are tangled in that web of logic.
And you left the building to a crowd cheering. What a crock of shit
Not cheers, no. But it increased my problem-solving reputation within the company and it made Linux more appealing to key people in the company.
What’s wrong with that? What’s your butthurt? Are you bitter about something?
It just reeks of bullshit.
Also, I can almost guarantee your company IT department thinks you’re a twat lol.
Well if you say so, I defer to your higher authority on bullshit.
This is a beautiful story. Thank you for sharing that!
rightaway
Not a word. Spell-check should have told you.
Twice.