Workplace is forcing me to switch back to Windows :(
After 4 years of using Fedora KDE as my main OS with 0 issues or drawbacks, my workplace is now requiring all computers to be on Windows 11. Any suggestions to make the transition back more bearable?
My dissapointment is immeasurable, and my day is ruined :(
225
Comments99
Do not, under any circumstances, conduct any private business on it. What isn't being logged by Microsoft and shared with your employer, advertisers, various governments will be screenshot'd every n seconds. Additionally, I highly suggest, if you haven't already, to setup a separate VLAN for this device if you ever bring it home and connect it to your home network. Defender absolutely does passive sniffing and active network scanning now. It will also be collecting and logging visible SSIDs as well. Enjoy!
My wife has had her dog shit work PC on the network all this time without any of my forethought about this. She has problems everyday with that stupid OS. Fuck.
This is true of any work device regardless of the OS
I'd like to add that you can setup Adguard or Pihole in your network to use microsoft telemetry blacklists to limit their sniffing. My work laptop constantly reminds me that I'm not connected to the internet although everything works fine, because it can't reach the captive portal 😄
Do you have links to those blacklists
I'm at work right now, but here is one I think I remember adding: https://github.com/pschneider1968/pihole-bl-msft-telemetry-bsi
My company PC (Windows 11 ) is set on the guest wi-fi when I work from home, is that enough?
It should but you can test that assumption by trying to ping any other device on the non-guest wifi. (and try ping in the other direction)
One could hope for a hardware kill-switch on WiFi, but those are increasingly rare. I don't necessarily trust toggling the WiFi slider off actually stops the scanning.
At home I have my PC behind a DMVPN router (being a former network engineer has its perks) and that DMVPN router's "external" link is further segmented on my home network.
Sorry for your loss :( Same thing happened to me about a year ago.
I was the sole IT admin for a small company. Used Debian with KDE on a snappy little Thinkpad. No issues managing all the infra with it, even though most of it was MS trash. I used Reminnia for RDP into the Windows servers, and the Browser for all O365/Entra administration. A Windows 11 VM for the rare times I needed to test Windows-only apps or configs.
Worked like a dream, but then we got bought out by a huge competitor. Their IT team took everything over. I had to decommission my on-prem Linux servers, Ansible automations, Open Project tracking and FOSS ticketing system. Finally, I had to give up my Sweet little Linux Thinkpad and use their standard-issue HP Windows 11 garbage laptop. They were slow, clunky, buggy, and ugly, it was awful.
I quit a few months later after securing the job I have now. It pays about 35% more, has twice as much PTO, and about 50% of my workload is Linux stuff. It's so much better.
My advice, if it's truly non negotiable, install WSL first thing. It's not nearly as good as having actual Linux, because it's running inside of Microslop's horrid OS, but it's better than nothing. Try to be an advocate for FOSS at the company, see if you can convince leadership to let you implement Linux-based solutions wherever they might fit, make yourself the de facto expert on them so you at least get to work on Linux and FOSS infra.
Aside from that, start job hunting. Try to find a job that will let you be more Linuxy.
the last time i used wsl on a work windows laptop, windows fucked up the virtual disk drive and everything in it was gone.
this was about 5 years ago, so hopefully it's gotten better.
It's alright now, does what it needs to do. It's kind of a pain because of the weirdness of running as a pseudo-VM, but better than no Linux at all.
what's this?
Sorry, typo, I fixed it now. Pseudo-VM is what I meant.
it's funny that you used psuedo-vm; i've always wondered if i would have been able to recover the disk image was qcow instead of whatever wsl uses.
Honestly WSL2 is pretty good now. I have Fedora running in it and use basically the same config files as my personal laptop. Neovim behaves exactly the same across both. The only problem I have is that CTRL+V get intercepted by the terminal before it get to vim. That means that block visual mode is not available to me.
That and multiple desktops feels REALLY clunky, even compare to Gnome.
this was was my biggest gripe with wsl because i do 95% of my work with the vim and bash and i'm saddened to learn that it hasn't gotten better.
Pressing F to pay my respects.
Sorry to hear that OP.
When old employer was bought out they tried to move us on to windows. It was shit. After non stop issues they gave in and let us keep linux.
I'm sorry to hear that. Our company recently got acquired, and every 4-6 months the new IT team tries to say, "but do you guys really need Linux? What for?". We answer them, in depth, every time, but then it just comes back up a few months later.
I'm scared one of these days they're just going to force the change on us, all productivity will grind to an absolute halt, deliverables will be missed, and eventually they'll backtrack but only after it's too late to recover the programs that got hosed in the process.
Just ask them why they want to waste the money on licensing. Money is the language managers understand
Although compliance is also a concern.
For us, on our Linux machines, they pay Canonical or RedHat for workstations 🤷♂️
Why is this a requirement? Commercial support?
Yes. But more importantly, an external company to point to in case something goes wrong.
I think [email protected] is right, but one other piece I've heard is that "unmanaged" desktops make things like randsomware insurance harder
I sometimes forget that I'm not the only kind of user who may run a Linux box. I'm not immune to compromise, but I'm not an "average" user like say... Peggy from accounting.
Just use the shovel your boss gives you. Back to your own preferences once you clock out.
Meh, does "the boss" pay you to use a shovel or to dig stuff up?
It's obvious OP is going to be miserable and less productive on Windows, it's not to their employer's benefit for that to happen.
Boss has different people for different functions within the company. A monoculture is more susceptible to systematic flaws, but it is also less expensive to maintain. It is not OPs place to decide how the company manages is computing facilities, so if WSL or Cygwin are not accepable compromises (OP and company have to both agree) then OP has to decide whether they are willing to go along with Windows or find another job.
Something to talk about during the exit interview anyway.
You assume a whole lot of thought and strategy from "the boss" :)
I dont disagree though, fundamentally.
As a form of protest create README txt files everywhere that say things like "I wish I was using linux" and "friends don't let friends use windows".
or only write instructions for Linux if you're really evil
No amount of HRT would make this transition any easier my dude.
lmao
Start doing a job search?
Virtualize windows lmao
Winboat looks nice. I'm planning to play with it today. I'm also going to try distro box etc. Wish me a happy Virt-day. (yeah, yeah, I know where thee door is.)
I think the problem with Linux in the workplace is that it's hard (read harder than Windows and MacOS) to setup to be managed devices. Especially if the company is a Microsoft shop to begin with. The IT security teams just don't know how to enforce the company policies on Linux machines. Enforce password policy, network credentials and managed apps. It easy with Intune for Windows and Mac. Much harder on Linux.
That's the reason I was given by my work place, when I was "forced" to switch from Linux to Windows.
I'm hearing similar complaints from our IT leadership as well regarding Linux PCs. However, Linux is accepted in R&D labs and the cloud because those are network-segmented spaces with additional perimeter controls.
If true zero-trust ever comes to my company, perhaps they'll be a bit more receptive.
Nonsense, MS has an Intune client for Linux.
Too bad. Skill issue. They need to learn how to manage Linux just like any other new tech.
I know, I have used it. But it does not enforce any policies. Just tells you if you are compliant or not.
And that's my point. They could do it. Some do. But most companies, in my country at least, pick the easy solution, which is to not support Linux.
Not only a skill issue, but also a time issue. Our security team is plenty of skill and COULD learn how to manage Linux, but they do not have the time to do so. Everything has to be prioritised and they choose to support Win and Mac and move on to something else.
Switch workplace.
There are countless ways to bypass that (e.g. https://docs.linuxserver.io/images/docker-webtop/ running on a server) but honestly if a workplace does not value your expertise to hone your own tools, they don't really value you as an employee.
At workplace, use whatever OS and tools allowed by company policy.
At home, use whatever OS and tools you like.
At least that is how I’m managing it.
Yeah exactly. Although it's also totally understandable that OP is unhappy with their decision. At the end of the day any reasonably large workplace just wants all their IT to be as manageable as possible, which means as uniform as possible in hardware and OS. But using windows for many jobs just kinda sucks.
Uh. My condolences. Do they also force you to use the software installed on Windows? Otherwise you could just image Fedora and run it in a virtual machine inside of Windows 11. Technically, I guess that'd fulfill the requirement with Windows 11 on the computer... Just that you don't use it for more than log in, start the Linux VM and expand it full-screen.
What if you do the reverse?
Good luck getting an admin to register your Windows VM with Active Directory.
Yes, that will be an issue. I guess not a technical one, Linux is perfectly able to fetch a token and connect to network shares etc. Not sure how that works with Email and the modern cloud office stuff. But likely, the IT department will have to enforce that policy as well. That's why I asked if OP has to use software on Windows (11)... Otherwise, if it worked 4 years without issues... maybe there is no issue with Active Directory...
Don't run an unsanctioned VM on your work PC. Good way to get fired.
Thanks for the info guys, good stuff!
Those of you who are telling me to look for a new workplace over an OS change are a bit crazy though lol. It's not quite that bad.
Clearly I was not the first with that call to action.
But seriously, Windows is awful. I've had to use it lately, and it's comically bad. Like the OS shows me ads! Wtf!? In Fahrenheit 451, it describes the billboards as longer so you can read them while driving fast on the highway, and I feel like the ads Windows shows are basically a similar type of dystopian. And like, now you can disable more with menus, but then the disable option is like buried somewhere hard to find.
And as soon as you get an update all their shit is turned back on, and re-enabled, and edge (🤮) is back on the taskbar.... I hate microsoft so, so much.
There are programs that control your internet access and if you use one of those programs to say, block almost every windows service, a lot of problems go away.
I didn't do it because windows sucks but it is a nice benefit. Edge auto opens? Cool, it fails because it's barred from internet access. Ads? But no internet so no ads.
Also deals with auto updates from companies that need to fuck off. I guess that's still windows.
Think about it the other way around; you could use Linux on your work pc for the time being and your workplace was fine with that? that's awesome. it's a bummer things changed, but... that's corporate life, bro.
Depending on your computers specs & if it's allowed or not by your company.. You could always continue to use Fedora & run win-11 inside a VM with pass through enabled....
This is what I did. They get to manage a Windows machine and I get to continue being more efficient at the job they hired me to do.
https://gist.github.com/camullen/0c41d989ac2ad7a89e75eb3be0f8fb16
Just cut Windows out as much as possible and run everything in WSL. Setup everything to boot straight to all your WSL layers, and aside from the absolute shit Base OS, it should be the same.
WSL is reasonable bearable, you can install Fedora instead of the default Ubuntu/Debian too. My work PC started out on 10 and is now on 11. I think I changed the terminal program, but the one I use may be the default in Win11. Honestly, I think the only programs I run outside WSL are a browser, DaVinci Resolve and Reaper (replaced Kdenlive and Ardour, both of which I prefer).
I am able to use the same neovim config on both my home (fedora) and work laptops, which is pretty handy.
At the end of the day it is their computer, not yours.
Doesn't having WSL under the hood negate Linux's inherent security?
I'd much rather have Windows shit containerized within Linux.
It is a VM so fully sandboxed. All the sharing is smoke and mirrors (often in pretty cool ways).
Truth is that security is not OP's problem. Someone else (likely well above their pay grade) is shouldering that responsibility and they have decreed Windows for everyone.
It depends what you mean by 'security'. Obviously, by introducing more layers, you have more places where exploits can life. However, the biggest threat by orders of magnitude is being tricked into giving stuff up, and that risk will remain constant.
Quit
You may run Fedora in WSL2. This is what I do. My work is largely command line based. Use Wezterm. If you must, launch GUI apps from there. I'm running graphical Emacs daily just fine this way. My coworkers don't have half the gas for our kubernetes pods that I do and that's by in large the fact that I refuse to lose my Linux chops
Ask your IT to install Virtualbox (or vmware if that's what you have) and go on using Linux inside a VM.
That's what I did. I don't do absolutely everything on Linux because, for example, using MS Office directly on the PC instead of the web version in the VM is much more practical, but I do most things.
Edit: to add: work PC is provided by the company, not my own.
If they're a Microsoft shop you'd have better luck asking for hyperv
If they want you to use something specific on your own device then you should be able to request a new device from them
It was on a work issued device already, so I can't complain too much. Still sucks though after using it for so long.
Gotcha. Yeah that sucks
Just in the right moment when windows got so reliable and safe /s
Run MS OS like an app, inside a VM. Retain your Linux install.
Can't do that if it gets enrolled in active directori or intune. Most likely a VM doesnt meet the requirements.
OK, then run Linux in a VM on the work MS box.
Well, why? Compliance? ISO certification requirement? Any chance of providing the requirements to Linux?
WSL?
How big is said workplace? Can you respectfully ask for an exemption? Don't say Windows will make you miserable (it makes everyone miserable, apart from a few Microsoft bootlickers), talk about loss of productivity, reduced security and increased risk, and – if you can – challenge the grounds on which the change is being made.
Often, they are incapable of providing proper justification for the change. May not help, but you'll have the minor satisfaction of knowing it is bullshit.
If it's your computer that you bought and legally own, tell them where they can install their Winblows 11. (The nice way to say this is to tell them to requisition you a computer or think of an alternative, because you are not going to use a personal device for company business anyway)
If it's their computer that they own, grin and bare it.
Get a separate device for work. You shouldn't be working on your personal computer anyway.
It is a work device. I was just allowed to use fedora until now.
New job time!
Depends on what access you have on your PC.
My two steps are always the same
Then, depending on your work requirements, I would deactivate OneDrive if not used.
Leave it at the office.
Install Powertoys if you can, this at least makes windows usable (funcionality-wise, its still going to be slow as shit)
Install Fedora in a VM if you can?
https://github.com/ChrisTitusTech/winutil has some nice and simple buttons for reducing the bullshit.
On my work PC i have windows 11 which is a mess and keeps getting worse. I installed a Debian VM on it to have at least some freedom and pleasant PC experience.
@ISolox Don't let them take your freedom to use linux at your home. Use for them, and send the thek to hell after the work.
Oh I'm using Fedora KDE on my home system already. Issue is I'm unable to sign into email or basically anything that uses my work's SSO due to it requiring the device to be entra enrolled :(
Use VMs. Depending on their setup/requirements depends on which OS can be in the VM.
What is the reasoning there?
If possible, maybe get a separate machine to throw Windows on and then keep your personal rig on Linux?
Get a good KVM switch or stream-access the Windows machine with VNC or similar (beware of clipboard sharing). I have the same issue at home and just use a KVM switch at the moment.
Since my work involves sensors, I set up a continuous testing setup on a raspberry pi and got its IP whitelisted. I ssh into it when something is annoying to do in the Windows laptop.
Can't you just boot straight into a VM running windows, in your Fedora? Passthrough the hardware.. who's gonna know?
Issue is I won't be able to sign into my work's SSO due to it requiring the device to be entra enrolled after the change :(
Laaaaame. Sorry for your loss
Sure it does, you can even join Linux to the domain. It's probably more that setting up tooling to manage it is not worth it when only one person is using Linux.
Big oof, time to start applying else where imo.
Definitely not worth it over and OS change. It does suck though
Are you sure?
This to me feels like the first of many bad decisions