I am going to ask if I may use linux for work. We are using windows but there is nothing that couldn’t be done on linux. Privately, I am mainly a fedora user but I’d be happy with any OS and DE or wm. What do I need to look out for when I suggest an OS? What does a computer/ linux/DE need in order to be ready for enterprise workstation? Will I only have a user and no sudo rights? May I install all flatpak apps? Does the admin have to be able to remote ssh?
If you work for a larger company, they will likely want you to keep using what they already have, not because Linux can’t do the job but because it’s a PITA to maintain different devices.
Also, they will likely not appreciate having a lone user with a unique attack surface.
Also most Windows-centric companies hire Windows-centric sysadmins who’ll hide behind any excuse not to show their linux ignorance.
Also most Windows-centric companies hire Windows-centric sysadmins who’ll hide behind any excuse not to show their linux ignorance.
my favorite line they like to use is something to the effective of: we have to use something that can handle many users; implying that linux cannot handle thousands to millions of users, completely ignoring that it’s the most widespread server os on the planet handling billions of users.
Depends, every tech company I’ve worked at has had Windows machines for project managers, account managers etc, and Mac for developers and designers. So it is possible to support two OSs as standard. I’ve always just picked the Mac but when my next laptop is due I may ask if anyone uses Linux
if it’s a large enough company, expect them to have systems administrators (sometimes called systems engineers nowadays) to exert control over their windows systems using either active directory or azure iam policies.
there are multiple ways to get a linux system to comply with those policies; but that doesn’t matter since they’ll make the case to management that the extra operational costs of either getting your system to become compliant or providing you with support will hurt the budget and/or suck up extra bandwidth for support.
your best bet in such cases are to offer written agreements that you will never seek out IT’s help and you will take full responsibility if you’re not able to get your work done because your linux system and provide a plan written down for each eventuality you can think of when your linux system doesn’t work as expected.
i would also expect your manager to reject your request despite these efforts unless you’re a highly enough paid individual contributor or have a special enough relationship with upper management.
Honestly the only hope will be if there is a Linux nerd in the IT shop who is willing to make the case for OP from the sysadmin side of the fence. If you don’t have someone batting for you in that corner, there’s basically no hope.
Source: I’ve been using Linux at work in a Windows centric org for 5 years. Only reason is because a blessed nerd in my local IT support shop was on my side when I started there.
You probably will be told no. However, it never hurts to ask. I would go for bring your own device as that will allow you to set it up in a way that works for you.
Many orgs mandate this. You’ll be fine.
I used to roll out mint xfce edition or Qubes to our staff laptops, unless an employee asked for a specific distro. I think some used fedora.
Don’t use flatpak; its a security risk.
Why is flatpak a security risk? The applications run isolated and offer higher security, unless I’m missing something?
Because it doesn’t verify the authenticity of code it downloads before it installs it
I don’t think that that’s true. At least not more than for any other community maintained packages.
Neither does dnf/apt/pacman. You are always at the mercy of the package maintainer(s).
Most startups I’ve applied to are Linux friendly.
I currently work for a fortune 100 and managed to get a Linux machine purchased as a “lab” machine.
I’m fully in control. IT doesn’t even know it exists. I’m not allowed on the corporate network, but I managed to get some internal corporate access through another department’s lab network (IT sanctioned) that has a VPN with a few routes to things like ticketing, time cards, and our internal wiki. Most of the stuff I need to do my job is in AWS and we are allowed to add home IPs to the security groups.
IT still gives me a MacBook. I use it like once every 6 months.
nixos-unstable is the only thing I will use currently.
I’m running bleeding edge stuff like the latest kernel, Hyprland nightly, my own “shell” built from Gnome components and lots of custom stuff using GJS (Gnome JavaScript).
If you get one, and you are free to do whatever on it, encrypt your drives like your job depends on it. I have a memorized passphrase, pin protected hardware key, and a key in TPM. No biometrics.
As far as other nice things to have:
- VPN: https://www.infradead.org/openconnect/ supports some common enterprise VPNs.
- Communication tools (Teams, WebEx, Zoom, Slack, etc.). I tend to have access to 90% of what I need. My team is thankfully accommodating for the couple features I have issues with. Make sure you test things like Screen Sharing especially in Wayland if you use it.
- VM: If you can get a corporate licensed image to run a corporate licensed version of Office, I recommend it. Office365 for web is missing a few features and often renders differently from native.
- Password Manager and encrypt everything. System is encrypted as previously stated. My home volume (BTRFS) is encrypted with a different key/passphrase. My work’s sensitive files are encrypted yet again using rclone with different keys. I try to minimize attack surfaces by unlocking only what I need when I need it.
- Backups. I use rclone to backup to our corporate OneDrive. Nixos is immutable and I have it setup with impermanence where every reboot is like a fresh install if I didn’t codify it my nixos-config which is tracked in git. I persist a few cache and setting directories in my home directory, but not much. I can restore my setup in like 20 minutes if I ever lost my machine.
- Virtual mic and camera for noise suppression and blurring for communication tools that don’t have it built in.
- Evolution EWS works okay as an Exchange email client. I had to hunt some weird settings like tenant ID to get it to work. I’ve been using Webmail or Outlook in a VM more often though as of late.
I work in software dev as FYI. For the few issues I have, my team has more issues getting stuff working consistently on macOS for our project. I used that as a justification when requesting the laptop: my dev environment should closely match our runtime environment. Most of that is moot now since we use Nix flakes in our repos for local dev envs.
