this post was submitted on 21 Sep 2023
60 points (95.5% liked)

Linux

48145 readers
1029 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello everyone, my company (our department is of around 150+ developers/machine learning people/researchers) is currently considering switching from Windows to Gnu+Linux for company devices (as in the machines we use in our daily work) and we are currently in the phase of collecting requirements. I'm not in charge of the process or involved in the decision phase, but as an enthusiast I'm curious about it. We handle data and other sensitive resources, so the environment should remain managed by the IT department (what's possible to install, VPNs, firewalls, updates and similar). What do companies generally use in this kind of scenario? I'm assuming they generally do some stuff with either Canonical or Red Hat, but are there alternatives? Are there ways to do something that works across distributions by using flatpak or the nix package manager? What are your experiences?

you are viewing a single comment's thread
view the rest of the comments
[–] _edge@discuss.tchncs.de 7 points 1 year ago* (last edited 1 year ago)

so the environment should remain managed by the IT department

For the domain you are describing

developers, machine learning people, researchers, Linux

having personal machines maintained by "IT" is not a typical setup. A ML engineer is more IT savy than your average IT department, especially on Linux when they use Linux for work.

An alternative to a centrally mentioned solution can be a reasonable set of rules with allows more freedom for the individual. For example, you could provide every new-joiner with a pre-configured laptop, but they can take over 'root' privileges if they want. It's not so hard to keep a Linux machine secure if the users doesn't intentionally screw it up. You don't need IT to run updates, it happens automatically. You don't need a personal firewall, they are no open ports per default anyway.

IT may want to install an agent that helps detecting security breaches (or misconduct). Or remote-support. Of course, you may require VPN. You may require that sensitive data does not leave the server. You should. A personal device is an attack vector and Linux has security holes all the time, but remote exploits are nowhere as common as in a Windows, Outlook, AD world.

The upside of allowing users to tinker with their machines is that IT only needs to provide a reasonable starting point, not a perfect solution for everyone. If you expect support from IT, you will want to standardize the distribution and maybe some applications or tools, but you don't need everyone in the company to be on the same version of Solitaire.