Earlier this week my company bought a LIDAR from Ouster. The LIDAR is a network device: it has an ethernet interface, it gets its IP from a DHCP server and then it talks to whichever machine runs the Ouster application.

The engineers and the marketing guy in charge of evaluating it installed the software on a Windows 11 laptop and tried to make it work for 2 days, to no avail. The software simply wouldn’t connect.

So they came to me, the unofficial company “hacker”, to figure it out. And I did: the culprit, as always, was the Windows firewall. Because of course…

But here’s the twist: because it’s Windows, you need some sort of additional antivirus on top of it. Our company uses WithSecure, which is phenomenally annoying and intrusive, and constantly gets in your way when you try to do any work in Windows that isn’t Word or Excel. And of course, WithSecure wouldn’t let me punch a hole in the Windows firewall, because of course…

Anyhow, after trying to work around Windows and the hateful compulsory antivirus, I called IT and told them I needed WithSecure disabled, at least temporarily. They told me to fuck off because they’re not letting an unsecured Windows machine on the intranet.

Fine. I pulled another, older Windows laptop without any antivirus, connected it to an air-gapped router, configured DHCP in the router, connected the LIDAR to the router, launched the Ouster app and… it didn’t work.

After 3 hours trying to figure out what was wrong, I finally found the problem: the stupid app is an Electron app built with an older version of Electron that had a bug in node.js that prevented it from working if it couldn’t resolve some internet address.

Sigh… Electron… Because of course…

This was getting too painful and annoying with Windows. So I blew away the Windows partition, installed Linux Mint on the laptop, configured the ethernet interface as a private interface, installed the DHCP server so I could do away with the router, connected the laptop to the guest wifi so the stupid Electron app could resolve whatever it needed to resolve to work, installed the Linux version of the Ouster app, and hey-presto, it worked rightaway.

So I made an account for the guys in Mint and handed them the laptop. They played with the LIDAR for a few hours without any problem, pulled records and files out of the machine on USB sticks without any problem, viewed some Excel files in Libreoffice without any problem.

Eventually the marketing guy asked me:

“So what was the problem then?”
“Windows of course” I said. “What else?”
“Wow. That Linux stuff is really good. We tried so hard to make this work but we never could. But it worked rightaway in Linux. That’s slick!”
“Well yeah, I keep telling you guys Windows is crap. There are reasons and this is one of them.”
“Yeah I can see why you don’t like it. And that Linux desktop is really nice actually. I might give it a spin at home.”

So hey, I managed to impress a marketing guy with Linux 🙂

It shows how polished Linux has become, if ordinary computer users can be convinced this easily now. It wasn’t like that for a long long time and it feels kind of rewarding to know you bet on the right horse all along and you’re vindicated at last.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        You need our brilliant product. It will save your business millions!***

        *** licensing fees not included in calculation

  • gencha@lemm.ee
    link
    fedilink
    arrow-up
    45
    ·
    2 months ago

    How do you sell what you did as “it just worked”? Rightaway? You lied to them. You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking. Don’t oversell a workaround as a solution.

    Simplifying the problem to “Windows” seems unfair, given how many problems you found. All of them still require a long-term solution for regular operation.

    • schizo@forum.uncomfortable.business
      link
      fedilink
      English
      arrow-up
      12
      ·
      2 months ago

      You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking.

      Which, at any of my last few corporate jobs, would be grounds for termination, if not immediately throwing you out of the building and telling you if you come back we’re calling the cops.

      You really don’t bypass controls in a corporate environment like this if you like working there.

      (And yes, not EVERY job will react that way, but any that’s got any compliance requirements absolutely will.)

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        It is especially damming that they said they can’t turn off the security solution. If they won’t be flexible enough to add an exception then I’m pretty sure they definitely don’t what ghost IT. This could end up costing this company a lot of money down the road

  • Zeoic@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    2 months ago

    Windows Defender is actually quite good these days. The main reason an enterprise would use a 3rd party AV/Firewall would be centralized management of said av and firewall. If IT needs to install apps and make them work, they also need the ability to manage the AV/Firewall.

    • ExtremeDullard@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      2 months ago

      Well I’m sure they have very good reason and I’m not questioning them. I’m just talking from a user’s standpoint (and I’m a very poor Windows users): whenever I try to port any of our tools to Windows, wham the damn antivirus kicks in and puts my stuff in quarantine. If I use an engineering application that talks to some device on an unusual port - and I’m talking outgoing traffic, not incoming, wham it’s blocked. And unblocking it requires making a formal request to IT, that whitelists the application, until WithSecure updates itself and forgets about it, and here we go again.

      It’s just a complete PITA. You constantly feel like you’re fighting an algorithm with stupidity built in just to get normal, honest-to-goodness work done.

  • killabeezio@lemm.ee
    link
    fedilink
    arrow-up
    21
    ·
    2 months ago

    This story has nothing to do with why Linux would be any better than Windows. Sure, if you lie to people, then anything can be convincing. What if I had a firewall installed in Linux, wouldn’t you have had the same issues?

    This is sort of the problem I have with a lot of Linux enthusiasts, when you have a hammer, everything is a nail.

    Compared to Windows and MacOS as a client desktop, Linux still severely falls behind, but it is getting better. For a server, Linux is just far superior.

    • GSV_Sleeper_Service@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      You think linux doesn’t have a firewall? I’m fairly certain every distribution has one installed and enabled by default.

      The real reason linux worked so well in this situation was the local admin rights that came from being a rogue, unmanaged device on the network. I’m sure they could have made windows work if all the group policies weren’t being enforced.

      • killabeezio@lemm.ee
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        2 months ago

        Yes, you have iptables and nftables, but it’s not always enabled. So, when I said installed, I really meant enabled. I 100% agree with what you are saying though.

        Unfortunately a lot of places just have shitty IT and people go rogue because of it. Some people are just impatient though as it sounds like in this case.

        You also have things like apparmor and selinux. If those are enabled, you might be chasing your tail trying to figure out why something is not working. You would need to know where to look and how to fix it.

    • ulterno@lemmy.kde.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      What if I had a firewall installed in Linux

      A previous company of mine, required an “AntiVirus” installed on the Linux computers too.
      The one the IT guy installed, ran in the background all the time, doing nobody-knows-what and and slowing down every thing and having multiple segfaults in a minute, shown in the journal.

      Long after I left, I also saw an RCE vulnerability related to it. So essentially, my system would have been more secure without the app.

    • Nibodhika@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      As much as I disagree with your last statement (I think Linux for client is on par with Windows for the vast majority of users), I strongly agree with everything else. This wasn’t a Windows problem, but a “your IT is cockblocking you” problem, it could have happened in Linux too if it wasn’t because he used a rogue device, he could have fixed it on Windows too doing the same.

      Personally I would have gone straight to Linux because I’m out of the loop on how to do these sort of stuff on Windows. If it had to be Windows, let IT figure that out, their firewall, their anti-virus, their problem.

  • some_guy@lemmy.sdf.org
    link
    fedilink
    arrow-up
    17
    ·
    2 months ago

    It shows how polished Linux has become

    Did you read what you wrote?

    configured the ethernet interface as a private interface, installed the DHCP server so I could do away with the router

    Yeah, you and I can do this. Most people can’t. Yes, Linux has become more accessible. Most people still can’t do this.

    • Tlaloc_Temporal@lemmy.ca
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      And the alternative to doing that is what? This whole story was started because of windows and windows antivirus being inflexible.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 months ago

    Your IT department sounds awful. I have never heard of “withsecure” but it sounds like a pain in the ass.

    Anyway its better not to do ghost IT as that never ends well. Next time you should get the explicit approval of the IT department and document everything.