{"id":279,"date":"2012-01-10T22:34:10","date_gmt":"2012-01-10T22:34:10","guid":{"rendered":"http:\/\/www.scaine.net\/site\/?p=279"},"modified":"2012-03-27T21:11:24","modified_gmt":"2012-03-27T21:11:24","slug":"ubuntu-in-the-corporate","status":"publish","type":"post","link":"https:\/\/www.scaine.net\/site\/2012\/01\/ubuntu-in-the-corporate\/","title":{"rendered":"Ubuntu in the Corporate"},"content":{"rendered":"
<\/div>\n
<\/div>\n

I’ve been using Ubuntu 11.04 in the corporate environment for over a year now and this post will attempt to summarise the frankly disappointing state of affairs that is “linux in the corporate environment”.<\/p>\n

Thumnbnails<\/h4>\n

Such a little thing – getting a thumbnail for your images, videos or office documents.\u00a0 In Windows, once a directory has been thumbnailed, it creates a hidden file “thumbs.db” in that directory, so that when other people visit the directory, there’s no need to recreate every thumbnail from scratch.<\/p>\n

In Ubuntu, however, there is. Every user stores their own version of thumbnails .\u00a0 At work, my .thumbnails directory is a little shy of 40Mb.\u00a0 If you multiply that by 1000 employees, you’ve just wasted 39.96Gb of data creating the same set of thumbnails 1000 times.\u00a0 Bandwidth, Disk I\/O, wasted.\u00a0 Worse, if you make your staff’s home directories a network share, you’re now wasting 40Gb of storage across your home share.<\/p>\n

It’s a poor model and needs fixed.<\/p>\n

Encrypted Home Directories with Likewise<\/h4>\n

Wanted an encrypted home directory?\u00a0 Easy – tick the box when you install and you’ve got one.\u00a0 But wait.\u00a0 Logging with AD credentials after installing Likewise?\u00a0 Nope.\u00a0 Likewise creates a non-encrypted domain directory in your \/home and every user that logs in thereafter gets an unencrypted home.<\/p>\n

EDIT :<\/p>\n

The use case is simply theft.\u00a0 If a PC is stolen, then anything unencrypted on that device is going to be revealed trivially through the use of a USB boot key.\u00a0 User documents, settings or, worse, Dropbox installs are going to be readable.\u00a0 So I’d like to encrypt the home directories to prevent it.\u00a0 It won’t be as effective as a full-disk LUKS install, but it integrates with login so that only one password is required, so a slicker option in my opinion.<\/p>\n

If anyone knows a way around this behavior, please holler.<\/p>\n

Passwords<\/h4>\n

In Windows, every password you enter on the system is shown on screen by substituting asterisks.\u00a0 On Ubuntu, the same is true, but many of these entries have a tick box that says “Show password”.\u00a0 What the hell?\u00a0 Why?\u00a0 Why on earth, having entered my password would I EVER want it shown on screen??<\/p>\n

Basically what this means is that even a 2 minute slip up where you forget to lock your screen while you grab a packet of crisps or a coffee – you’ve possibly just let a colleague see what your password is.\u00a0 I raised with the Seahorse devs, but they argued that if you leave your laptop\/PC unlocked for two minutes then it’s compromised irretrievably and refused to acknowledge that the “show password” option was making things worse.<\/p>\n

What can you do, maliciously, in two minutes with a Windows laptop?\u00a0 Plenty, but I think it would be mostly obvious.\u00a0 I reckon it would be quite challenging to seriously compromise a user without his knowledge on a Windows computer.\u00a0 On Ubuntu – 20 seconds to reveal my WIFI password, which also happens to be my AD password, since we use PEAP authentication.<\/p>\n

“Linux is more secure.”\u00a0 Really?\u00a0 Depends, doesn’t it?<\/p>\n

EDIT:<\/em><\/p>\n

I should clarify my use case here.\u00a0 We have contractors coming onsite all the time to help with new product install, support cases, or training.\u00a0 Due to the nature of my job, a lot of what we access is protected by either firewall or ACL, so that only specific devices can access the service that contractor is onsite for.<\/p>\n

I trust these guys not be installing root kits or maliciously hacking my laptop while I grab us both a coffee, but in the case of Ubuntu, I literally can’t use it because while I do trust them generally, it’s just too easy for them to stumble upon a password box with a glaringly tempting “show password” button next to it.<\/p>\n

The weird thing when I raise the “show password” issue is that no-one can give me a use-case for its existence.\u00a0 Or if you count “I forgot my password” as a use case, then they can’t explain the huge inconsistencies in Ubuntu – I can “show” my keychain password and my WIFI password but for some strange reason, I can’t show the password for my actual install, or my encryption password.\u00a0 Why?\u00a0 If physical access = “toast”, then why do I have to enter my previous password to change it to a new one?\u00a0 Why am I prompted for my password on login?\u00a0 Why am I prompted for my password on resume?<\/p>\n

Rhetorical questions obviously, but despite everyone seeing that passwords for logging in, decrypting and resuming are necessary, they lose all logic about a simple “show password” box.\u00a0 IT IS NOT NECESSARY.<\/p>\n

I just don’t understand it.\u00a0 It’s like a blindness.<\/p>\n

Proxy support<\/h4>\n

Very frustrating.\u00a0 The command line uses one environment variable, while GUI programs use another.\u00a0 The proxy configuration dialogue has an option to “Apply System-Wide”, but doesn’t appear to do anything.\u00a0 Bypass options don’t always work, or require a reboot to activate.\u00a0 Some downloads (flash-plugin for example) will use wget in the middle of the apt-get install, which fails, because apt-get doesn’t pass in the proxy option.<\/p>\n

Worse, why isn’t there an option to set the proxy by network?\u00a0 If I’m on our internet-only WIFI, I don’t want a proxy, but if I’m on our internal-WIFI, I do.\u00a0 Why can’t it set\/unset the proxy depending on what I connect to?<\/p>\n

Mapping Drives<\/h4>\n

In Windows, you map a drive, then there’s an option to “Reconnect at next login”.\u00a0 Not in Ubuntu.\u00a0 Or any linux distro I’ve tried in fact.\u00a0 No, you have to edit your \/etc\/fstab for this functionality.\u00a0 It’s 2012 and you have to edit text files to make samba shares persistent.<\/p>\n

Evernote<\/h4>\n

Finally, a non-O\/S specific issue.\u00a0 In fact, it’s a bit unfair to include this, because it’s not really Ubuntu’s fault… but it’s a big one for me, so :\u00a0 Evernote, which I use every hour of every day, doesn’t have an Ubuntu version.\u00a0 Some utter genius has coded the awesome “NixNote” in java and so I use that.\u00a0 But pretty frustrating that such a crucial tool (for me) doesn’t have a native client.\u00a0 And launching java to run NixNote is a drain – it takes about 30 seconds to start up and synchronisation isn’t quite as slick as the native version.<\/p>\n

Summary<\/h4>\n

It’s not all bad.\u00a0 Nautilus remains much better to use than Explorer, LibreOffice is getting better all the time, workspace shifting is a joy, start up is very quick and Xenapp covers the few programs I use that don’t have an Ubuntu version – Vsphere, I’m looking at you.<\/p>\n

What else?\u00a0 Network Manager makes setting up multiple networks a joy (overlooking, for the moment, the proxy issues above), external monitor support works well, and of course terminal access with built-in python is superb.<\/p>\n

But there’s so much wrong with Ubuntu in the corporate that it takes real determination to make it work, and many of the issues just shouldn’t exist in this day and age.\u00a0 Maybe 12.04, the Precise Pangolin will deliver a better experience, but nothing I’ve seen so far suggests that this will be the case.\u00a0 In fact, in many areas, I think there will be regressions due to the move to Gnome 3 – such as external monitor support.<\/p>\n

Time will tell, but I’m not holding my breath for the perfect corporate system.<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

I’ve been using Ubuntu 11.04 in the corporate environment for over a year now and this post will attempt to summarise the frankly disappointing state of affairs that is “linux in the corporate environment”. Thumnbnails Such a little thing – getting a thumbnail for your images, videos or office documents.\u00a0 In Windows, once a directory […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,3,4,16],"tags":[47,49,43,46,48,45,44],"class_list":["post-279","post","type-post","status-publish","format-standard","hentry","category-security","category-technical","category-ubuntu","category-work","tag-evernote","tag-password","tag-proxy","tag-samba","tag-seahorse","tag-thumbnail","tag-ubuntu-2"],"mb":[],"mfb_rest_fields":["title"],"_links":{"self":[{"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/posts\/279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/comments?post=279"}],"version-history":[{"count":11,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/posts\/279\/revisions"}],"predecessor-version":[{"id":308,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/posts\/279\/revisions\/308"}],"wp:attachment":[{"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/media?parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/categories?post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scaine.net\/site\/wp-json\/wp\/v2\/tags?post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}