Ask HN: Why not permit use Linux laptop for work
9 points by karthie 2 years ago | 18 comments- jve 2 years agoBecause you are a risk on their network.
Using their equipment they can ensure you are on isolated network if you have no updates applied and can push those updates to you. They can push security configurations, like restricting what office apps can or cannot do. Ensuring AV is configured to their liking. Configure logging so if you ever get owned, they can trace it back from where it came and what it did. They can ensure you are on some proxy server. They can alert you if your host accesses known bad site. They can run background penetration tests if necessary.
And so on.
MS world has the tools to do that. Supporting Linux in that kind of enterprise would need significant additional investment.
- not_your_vase 2 years agoTheir system, their rules. VPN alone doesn't make a system compliant, unless the client says so. Just as a random thing, imagine if you showed up with a machine that is running your own compiled kernel, with Spectre mitigations disabled. They would never see what hit them.
- db48x 2 years agoMaybe you’re working for the wrong clients. When I worked freelance it was expected that I would provide all necessary equipment myself. Access to servers and version control is usually by SSH, so it didn’t matter what OS I ran.
Also, using your own equipment is often a differentiator between contractors and employees, as is setting your own work schedule.
- csydas 2 years agoI wouldn't call it wrong clients, just ones with different concerns and liabilities to consider.
I work with a B2B product, and the client requirements when it comes to security are absolutely a labyrinth to navigate for my teams and our product, and I cannot imagine the nightmare they must deal with on a day to day basis.
The reality of the regulatory scope for IT is that it's chaotic. I've come to the understanding that regardless of the enterprise, likely any given business is failing to meet the requirements of _some_ regulatory framework because of some system in use that was never designed to be framework compliant, it was just made to solve a problem.
Typically there are means for exceptions to the frameworks, but IT teams are reticent to submit such requests as it's not well defined in the regulation "what happens if you submit too many requests?"
Very likely there is an audit script or something the businesses can run to quickly approve/deny a new machine. I get the GP's frustration and your statement over such restrictions/requirements, but I also understand it from the other side; it's much easier to just play it safe than risk an auditor in a bad mood deciding that you're non-compliant and the non-sense that goes with the path back to compliance.
- db48x 2 years agoA client with that much bureaucratic nonsense going on is the wrong client.
- db48x 2 years ago
- csydas 2 years ago
- gregjor 2 years agoIf your customers supply the equipment and dictate the hours and so on you get close to the IRS classification of employee. You (or your customer) can't just call the relationship freelance or contract, it has to meet some requirements that show an independent relationship.
I have freelanced for over a decade and never had a customer tell me I had to use their hardware. I don't doubt it happens -- I know f/t employees working remote who have to lug around a "work" laptop -- but I would just say no to a contract like that unless it had a lot of ofsetting benefits.
The policy may come from the IT security people rather than a policy enforced by the client company. I have had to jump through hoops with large company IT departments just to get access to their network.
- 0xbadc0de5 2 years agoMany companies have ISO, PCI, etc conditions that require them to maintain positive control over devices on their networks. This will include both security tools, like endpoint agents, but also policy controls like Active Directory and Intune (MDM). There are also a few oddball vpn services that only work under Windows (no clue why people buy them). Getting all that working under one operating system is difficult enough. Each additional OS generally requires a redo of those efforts, plus effort to maintain interoperability.
That said, there are efforts to get tools like Intune to work on Linux, but it's still early days.
Said as someone who vastly prefers working under Linux.
- gtsop 2 years agoAs others have mentioned, security is not just about connecting to a vpn. Bare in mind that the IT department has to take care of hundrends of techologically illiterate pc users in their organization and they need as much remote control as possible and as much standardization as possible. I am not saying it's undoable to plug in a linux pc in there, I am just describing some factors
Depending on what work you do exactly and how beefy your machine is, you can spin up a virtualbox with linux to do your job. I had such a case and did my work just fine.
- quicklime 2 years agoA lot of enterprises need to comply with regulations and security standards (e.g. PCI-DSS or SOC2) which often require them to implement systems and processes over their "control environment". They need to demonstrate that they can do things like enforce password requirements, or disable your device/account remotely (via MDM) if needed. It's not enough that you use their VPN.
- ssss11 2 years agoIn my experience with large corporates they architect their environment for the Microsoft ecosystem - windows, AD, M365 apps and so on.
This means they only have to worry about making stuff work and be secure for windows clients. This means they can easily save time and money by saying “only use windows clients”.
- abudabi123 2 years ago> This means they can easily save time and money by saying “only use windows clients”.
That claim needs to be annually tested and verified by independent blue and red teams written up in an official report that measures overall org. productivity as claimed and in actual reality.
- cronin101 2 years agoWho pays for the Red and Blue teams? Is their salary set by the amount (or lack) saved? What if the difference isn’t great? What hiring bar do you set for them (again, aligned with budget)?
What you’re saying makes 110% meritocratic sense, but there’s no way this would ever fly in a penny-pinching enterprise environment. There’s a reason that enterprise sales/support is a gigantic business constantly competing to win contracts.
- realusername 2 years agoIt's not about "productivity" but paperwork compliance, those old school companies live and die by the certifications and Microsoft has tons of rubber stamping of anything you would want which makes them happy.
Nobody in those old style companies are ever evaluating tech on it's merits.
There's always better solutions, sometimes even much cheaper in some categories but they really want the stamps.
- jve 2 years ago..or just companies that are serious about preventing data leaks and have some traceability to identify when or what happens in case of breach.
- jve 2 years ago
- cronin101 2 years ago
- abudabi123 2 years ago
- skyzyx 2 years agoOne word: support.
Support does not mean “it works“. Support refers to who is on the hook when something goes wrong.
If the company is not prepared to support Linux, there is your problem.
- johnea 2 years agoI've always used my own linux laptop in contracting work...
Get differrent clients...
- Saphyel 2 years agoProbably companies have actions with Apple so they buy and promote their sh#t.
In all the companies I had been so far I always requested a Linux and they came back with a lot of bullsh#t