Earlier this week my company bought a LIDAR from Ouster. The LIDAR is a network device: it has an ethernet interface, it gets its IP from a DHCP server and then it talks to whichever machine runs the Ouster application.
The engineers and the marketing guy in charge of evaluating it installed the software on a Windows 11 laptop and tried to make it work for 2 days, to no avail. The software simply wouldn’t connect.
So they came to me, the unofficial company “hacker”, to figure it out. And I did: the culprit, as always, was the Windows firewall. Because of course…
But here’s the twist: because it’s Windows, you need some sort of additional antivirus on top of it. Our company uses WithSecure, which is phenomenally annoying and intrusive, and constantly gets in your way when you try to do any work in Windows that isn't Word or Excel. And of course, WithSecure wouldn’t let me punch a hole in the Windows firewall, because of course…
Anyhow, after trying to work around Windows and the hateful compulsory antivirus, I called IT and told them I needed WithSecure disabled, at least temporarily. They told me to fuck off because they’re not letting an unsecured Windows machine on the intranet.
Fine. I pulled another, older Windows laptop without any antivirus, connected it to an air-gapped router, configured DHCP in the router, connected the LIDAR to the router, launched the Ouster app and… it didn't work.
After 3 hours trying to figure out what was wrong, I finally found the problem: the stupid app is an Electron app built with an older version of Electron that had a bug in node.js that prevented it from working if it couldn’t resolve some internet address.
Sigh… Electron… Because of course…
This was getting too painful and annoying with Windows. So I blew away the Windows partition, installed Linux Mint on the laptop, configured the ethernet interface as a private interface, installed the DHCP server so I could do away with the router, connected the laptop to the guest wifi so the stupid Electron app could resolve whatever it needed to resolve to work, installed the Linux version of the Ouster app, and hey-presto, it worked rightaway.
So I made an account for the guys in Mint and handed them the laptop. They played with the LIDAR for a few hours without any problem, pulled records and files out of the machine on USB sticks without any problem, viewed some Excel files in Libreoffice without any problem.
Eventually the marketing guy asked me:
“So what was the problem then?”
“Windows of course” I said. “What else?”
“Wow. That Linux stuff is really good. We tried so hard to make this work but we never could. But it worked rightaway in Linux. That’s slick!”
“Well yeah, I keep telling you guys Windows is crap. There are reasons and this is one of them.”
“Yeah I can see why you don’t like it. And that Linux desktop is really nice actually. I might give it a spin at home.”
So hey, I managed to impress a marketing guy with Linux 🙂
It shows how polished Linux has become, if ordinary computer users can be convinced this easily now. It wasn’t like that for a long long time and it feels kind of rewarding to know you bet on the right horse all along and you're vindicated at last.
This story has nothing to do with why Linux would be any better than Windows. Sure, if you lie to people, then anything can be convincing. What if I had a firewall installed in Linux, wouldn't you have had the same issues?
This is sort of the problem I have with a lot of Linux enthusiasts, when you have a hammer, everything is a nail.
Compared to Windows and MacOS as a client desktop, Linux still severely falls behind, but it is getting better. For a server, Linux is just far superior.
You think linux doesn't have a firewall? I'm fairly certain every distribution has one installed and enabled by default.
The real reason linux worked so well in this situation was the local admin rights that came from being a rogue, unmanaged device on the network. I'm sure they could have made windows work if all the group policies weren't being enforced.
Yes, you have iptables and nftables, but it's not always enabled. So, when I said installed, I really meant enabled. I 100% agree with what you are saying though.
Unfortunately a lot of places just have shitty IT and people go rogue because of it. Some people are just impatient though as it sounds like in this case.
You also have things like apparmor and selinux. If those are enabled, you might be chasing your tail trying to figure out why something is not working. You would need to know where to look and how to fix it.
A previous company of mine, required an "AntiVirus" installed on the Linux computers too.
The one the IT guy installed, ran in the background all the time, doing nobody-knows-what and and slowing down every thing and having multiple segfaults in a minute, shown in the journal.
Long after I left, I also saw an RCE vulnerability related to it. So essentially, my system would have been more secure without the app.
As much as I disagree with your last statement (I think Linux for client is on par with Windows for the vast majority of users), I strongly agree with everything else. This wasn't a Windows problem, but a "your IT is cockblocking you" problem, it could have happened in Linux too if it wasn't because he used a rogue device, he could have fixed it on Windows too doing the same.
Personally I would have gone straight to Linux because I'm out of the loop on how to do these sort of stuff on Windows. If it had to be Windows, let IT figure that out, their firewall, their anti-virus, their problem.