J_K9 @ Linux

Support For Open Source Should Be Better

February 26, 2006 on 10:02 pm | In Linux |

There is nothing that irritates me more than when developers or administrators make something OS-, and in particular Windows-specific. They know that they can just as easily make whatever they are doing work on other Operating Systems as well, yet they persist on making it functional for Windows alone. Yet, funnily enough, I encounter this kind of thing every day.

In the March 2006 issue of Linux Format, a columnist complains about how when he was trying to use a client’s call recording system (which records all incoming calls and saves them as WAV files), because the code which operated it used ActiveX controls to play the WAV files within the browser (instead of linking to each WAV to play externally), this could only run on Windows. Therefore, the developer subconsciously made his program Windows only.

I am in a similar but even more complex situation. I am a student at one of the best schools in the UK, but all non-Windows Operating Systems do not work on the school network. ‘Why not?’, you ask? The excuse I received in reply was that ‘the administrators do not know enough about UNIX to allow them onto the network’.

To be quite frank, that is pathetic. I find it hard to believe that with all the funds this school has tucked away, it cannot afford to send one of the technical engineers on a couple of courses to learn about UNIX - or even hire a UNIX administrator. In fact, you don’t even need a UNIX admin; you don’t need anyone who knows the slightest about UNIX. My reasons for this are because UNIX/Linux is no more or less harmful to other users on the network than Windows is.

Sure, with a Linux system I can do more than just a good penetration test. However, if given a Windows system and the ability to download the right tools I can perform an almost equally good one - although it will be more difficult. There may be some malicious people on the network, but whether they are using UNIX or Windows does not make a difference in the slightest - if they are set about cracking someone’s computer and have the knowledge to do so, they will have their way.

Windows users can even run Linux ‘emulators’ like Cygwin or VMware Player and can do exactly the same. The network sees them as a Windows client, but they are actually using Linux even though using the Windows connection. My point is that just because someone has a Windows system does not mean that they can be any less harmful to the network.

Then comes the issue of access restrictions. The network admins may say that because they do not know how to restrict *nix systems on the domain, it would be a huge hole and a potential threat. Are they really oblivious to the fact that any idiot could just log out of their domained account, log in as admin and get rid of the restrictions? Not to mention workgrouping themselves and still being able to access all the network resources, without having the restrictions imposed by the domain. So, as we can see, the access restriction argument is also a ‘crash and burn’.

What else is there left? UNIX-based systems work differently on the network to Windows ones, and therefore wouldn’t be able to access the servers? Rubbish. UNIX-based systems would not be able to receive our daily patches or anti-virus updates, so they could be threats to the network? If the gateway is configured at all well, the viruses would be detected upon entry to the network and stopped. As for the updates - either filter the gateway ports required to do the update downloads on the Linux systems, or just forget this - Linux-users aren’t exactly going to be prime malware targets if they do not update their computers until the weekend.

However, the local admins do not seem to realise this. They have recently made it even more difficult to connect a Linux system to the network. Before, I could have a Linux system installed, correctly domained and working like a charm within an hour. Now, I still don’t know how to domain it using the newly-implemented certification system, so I’m looking for a workaround (I think leaving it workgrouped and setting the gateway’s IP as the browser proxy might work).

All this rant is because I do not understand why the admins could not have made the network secure and simple, instead of making it use security certificates which I do not have the slightest clue how to make work with Linux. Maybe this is something complicated which I need to learn how to do - and I will willingly do so if it is possible - but at the moment it is out of my grasp, and I’m not sure if it is even possible. Having a secure network does not mean making it Windows-only.