State of Play: Linux on the Desktop for an ordinary Business

Posted 23 May 2004 at 13:49 UTC by lkcl Share This

Recently I began a process to convert a small office of ten staff over to Linux, after implementing two servers and a shop floor machine for over a year. Three desktop machines are in use already, one is ready to swap over, and two Windows machines remain to be done.

This article describes my experiences, decisions so far, the issues the users faced, and how and why I chose the default Window Manager (KDE 3.2.2) and Display Manager (wdm). Also described is why I have removed OpenOffice in favour of Crossover Office (Wine) and Microsoft Office.

The article may be of use to people considering converting a company to Linux, and also to those people who believe Linux to be "ready for the desktop".

How I got Involved, and What They Had

When I knocked on this company's door two years ago looking for a metal-working shop a few doors down, they had Windows 95 machines and a Windows NT File Server that nobody had the password to, files everywhere, no Internet Access, no web site: basically they were living in the Dark Ages of the early 1990s, where the computers were glorified calculators.

The users' attitude was, and to some extent still is, that each machine was (is) "owned" by the person using it, and therefore in order to access the machine you have to give your username and password to your colleague in order for them to use your machine. They were (are) afraid of the server, and, incredibly, despite having a network and a file server, still pass files around between members of staff on floppy disks (!!).

Migrating to Linux

The decision to install Linux on the Desktop stemmed from a "Because I Can" attitude and also because I had heard of CrossOver Office from a friend. Without the possibility to migrate the users via Microsoft Office I simply could not take the risk of making two distinct and radical operational changes. With CrossOver Office I can at least say "hey, you're running Word and Excel, what more do you want?" but more on that later.

I have had two servers plus a shop floor machine running at this company for eighteen months now. One server is the email (Exim4, Cyrus21, SpamAssassin, SA-Exim) server, firewall (hand-built rules), Internet Proxy (Squid, Frox); the other is the File Server (Samba, NFS), Login Server (Samba, NIS), Sales/Ordering and Web Server (Custom), and Print Server (lprng). Other than a complete reinstall on both these machines due to them both being rootkitted last year - by a rootkit that ISN'T on the detected list (chrootkit) - these two machines, both approximately Pentium III 400s with 128mb RAM and 20gb drives - have been very reliable.

So why am I putting an office full of incredibly stupid and bigotted users onto Linux? Why am I putting up with the hate phone calls and having to hunt the warehouse for a machine that I was taking away for the weekend for a Linux install, which one of the users had hidden so that when I left he could put it back on the network?

There are several reasons. The first is because it is convenient to me. The second is cost of licensing. The third is easy roll-out. The forth is policy enforcement.

Administrative Convenience

By introducing NIS and Samba onto the File and Print Server, I can remotely log in, add a new user account, then I can ssh tunnel X-windows back over to my machine at home (edit my x-windows config to allow TCP connections; ssh -v -R 6001: gavinpc; set DISPLAY=localhost:1.0), run an xterm and from in that xterm, then run any programs that need configuring, such as kmail and mozilla. Over an ADSL connection, it's a little slow - but I can live with it, especially as the site is 90 minutes drive away.

This is compared to having to maintain several different machines: some Windows 95, some Windows 2000 where the Administrator Password has been forgotten. Each time a new member of staff joins, or even if someone wants to use someone else's computer, it's a nightmare. I have to configure the Mozilla settings PER COMPUTER, PER PERSON, and on some of the machines, that's not even an option without a reinstall of Windows (yes I know about the Linux boot floppy which can edit the SAM database). Yes, I also know about how to set up Samba as an NT Domain Controller and then have the machines join the domain, and No, Windows 95 and Windows 2000 profiles are NOT compatible, so it still wouldn't solve the problem.

Plus, I would have to ask them to pay for Terminal Server Licenses in order for me to Remote Desktop login. Plus, I would have to work out how to ssh tunnel that because I wouldn't trust it. Plus, I would have to deal with my own psychological sickness of remotely managing a Windows Machine on my Linux laptop, and that's NOT a prospect i fancy greatly.

In other words, I know full well what the options are for Windows Setup and Administration, and I'd rather learn how to replace that same functionality with Linux Software and tools rather than face dealing with my own resentment and guilt at having forced a company to fork out money and then STILL have to learn how to work the Microsoft tools, knowing FULL well that if it didn't work, the chances of fixing it myself are ZERO, and the chances of _microsoft_ fixing it are very very slim.

By contrast, problems reported with Debian's "reportbug" actually stand a chance of being fixed within a couple of months, as long as you ask politely and provide the Debian Maintainer with a really useful report.

As an aside which may be of interest, I did investigate using WinBind instead of NIS. WinBind provides pam_winbind and libnss_winbind which give you, amazingly, a much better "Unified Login" than anything else that is available for Unix. The trouble is that since its initial development in 2000, it hasn't progressed or been properly integrated into Samba. What should have been a trivial setup (especially for someone who used to work on Samba for nearly 10 to 12 hours a day for four years) turned into a really frustrating two-day reminder of why I gave up working on Samba - not least because Winbind (in Samba 3.0) is actually incompatible with the implementation of the NT Domain protocol in Samba 3.0!

In the end, I made one final search on the Internet for NIS and one more apt-cache search nis, and found, after about my tenth attempt to locate it over the past two years, that yes, you CAN do apt-get install nis (duh). Two hours later, I had an operational remote login and, despite the security risks (which, frustratingly, Winbind would alleviate) I have a working and centrally manageable login system.

Cost of Ownership

Every desktop I roll out is one less license fee to worry about. The cost of desktop machines is being kept artificially high by Windows being pre-installed, and I object very strongly to that. Also, Microsoft Office costs a staggering FIVE HUNDRED POUNDS in PC-World. I can buy three NEW machines for the same cost of two Microsoft Office Licenses.

Easy Roll-out

Roll-out is easy. What I've done is to partition the drive into five: hda2 is /, hda1 is /boot, hda3 is swap, hda4 is an extended partition containing hda5 which is /usr and hda6 which is /var. the root partition I make 512mbyte; the boot partition 40mbyte; the /usr partition is 1400mbyte; the /var partition is 512mbytes... and if you add that all up there's approx 200 mbyte left on a 4.3gbyte drive for a small emergency /home partition or extra swap partition, if needed. Ridiculously, I can't even get less than 40gbyte drives these days, so literally 90% of the drive is wasted. MS-Office and CrossOver Office (see later) ended up on the Server, via NFS - an Install Once, Access Many implementation.

Then, on one of the machines on which I performed the first install, I tar'd up each of the partitions (uncompressed), and then booted from David Kimdon's excellent 2.4.18-bf2.4 Debian Network Install, repartitioned each new machine and then untarred the partitions. The two things that got me - several times - was that /dev doesn't tar up: I have to do a cp -a /dev/* into the new root partition. This Is Really Annoying To Forget About :)

Other things to remember, if you too are going to recreate this path, is to remember to do an apt-get clean to remove as much from the /var partition as you can. The size of boot.tar is about 10mbytes; root.tar is 80mbytes; usr.tar is 1gbyte; var.tar is 100mbytes. Compressed, these are definitely small enough to fit onto a CD but I cannot be bothered: the number of machines doesn't fully justify the effort.

On reboot, I then run lilo, edit /etc/hostname, edit /etc/network/interfaces (no, I haven't set up DHCP), edit /etc/hosts (no, I'm not using the full capabilities of NIS or DNS :) to change the name of the machine and its IP address, and then take it down to the customer's site for some test logins and for installation of the user's local DeskJet Printer (CUPS foomatic-gui: the only thing to remember is to make the queue name the same on all machines for all users even if the printer manufacturer or model is different, otherwise users move from machine to machine and find that the printer doesn't work because the queue name is different).

Now, yes I have of FAI (Fully Automatic Install) and yes I have heard of Knoppix and Morphix (Live CD Linux) - but only recently. If this was an Office of twenty members of staff, I'd seriously investigate setting up an FAI server (which the company could likely pay for) and I would seriously investigate setting up a Module for Morphix to do CrossOver Office, and to do various other customisations. I would then be able to order machines with more memory and NO HARD DRIVE. But, I am stuck with 128mb RAM, 4.3gbyte drives in most cases, and to be honest, only seven machines? Not worth the extra effort.

Policy Enforcement

The final reason for installing Linux on the Desktop is easy policy enforcement. These users are genuinely... well... stupid. I tell them till I am blue in the face not to give out their passwords. I tell them to ring me when a new member of staff joins. The Reception PC nobody knows the Administrator password so what do they do? In order for the new receptionist to do some work, they give her someone else's username and password.

They put files on the local drive when I tell them that I am going to be wiping the machine over the next few months. So they put files on floppy disk instead, rather than put them on the server. I tell them that floppy disks and Windows 95 machines I am in no way going to back up, and this makes no difference (well, they get two floppies instead of one).

Now that is all fine and dandy, and quite amusing from a techie point of view, but in light of the UK Data Protection Act, it's not in the least bit funny. If one of those Windows 95 machines with no password protection gets pinched from Reception by either a thief walking in off the street, or by one of the minimum wage part-time members of staff (some of whom cannot read or write), then any customers whose details get made public can result in the Directors - and Managers - being PERSONALLY prosecuted.

In all, this helps determine my strategy for setup and machine purchasing. Firstly, the servers are locked in the Director's office. Secondly, the Linux Desktop machines have an NFS mounted home directory, so that EVEN if they save files on the "Desktop", they are in fact plonking them on the server. Thirdly, I have started ordering machines without a floppy drive. I don't know of a way to get Windows to do the equivalent of an NFS mounted home directory, and I have heard of nightmare management issues by Lehman Brothers in enforcing a ban, by NT Security Descriptors, on write access to the C drive (the problem they then ran into was that Stupid-Applications required write access to C:\windows\system...)

OpenOffice vs CrossOver Office

... which brings me neatly onto installing CrossOver Office and Microsoft Office. Stupidly, I installed MS-Office over an NFS partition, which is something to behold: at a write speed of 20 KILOBYTES per second, you can expect the install to take overnight. But, once achieved, I have banned write access by ordinary users to the entire fake_windows directory. This did initially cause some problems with the template (which didn't exist) on Word, so I reactivated access to that file, created one, and then deactivated write access again: problem solved.

As mentioned once before, the reason why I have kept the users on MS-Office is to make my task of convincing them to use Linux a lot easier. Plus, they use Mail-Merge and I sure as hell ain't gonna get involved in 1) OpenOffice "oh you have to do file save-as and save it as a word document" 2) explaining or supporting OpenOffice mail-merge 3) explaining to some users why the document looks different and why they can't do black backgrounds and borders and boxes).

Not least of all is that on a 128 mbyte of RAM and only a Pentium III 300 machine it takes five seconds to load a Word Document on CrossOver Office, and a full MINUTE to load OpenOffice. Now, I know full well that OO QuickStart cuts that time down to a couple of seconds, but it's at the expense of boot-up time.

All of these reasons lead me to believe that I would be genuinely stupid to make these people swallow two bitter pills at once, especially when one of them would permanently disrupt the day-to-day operation of the company (OpenOffice).

Which Desktop?

The decision on which desktop to use was quite tricky. I have put 60 and 70-year-olds on Fvwm2 only to find that they were perfectly capable of finding the Games menu all by themselves. I have put Fvwm2 onto Compaq Armadas with only 16mbyte of RAM (it takes well over 5 minutes from switch on to actual typing on "ted" - the only editor small enough to fit onto a 1Gbyte hard drive and still leave the machine operational). So my first experiment was to place one particularly low IQ member of staff (don't laugh: she is a GREAT telesales worker, is a genuine and friendly but not very bright individual) on Fvwm2. The other reason for doing this was because KDE and Gnome came up on the screen with Fonts reduced to single pixels! I still, to this day, have not managed to track that one down but I have a vague suspicion that it was to do with there being only 128mb of RAM and me forgetting to add any swap space).

I also placed Wings Display Manager (wdm) on the machine in a desperate attempt to get rid of this font problem (xdm is _too_ basic). Plus, KDM and GDM are too complicated, and they also force a dependency on their respective environments. Both KDM and GDM suffered from this weird font issue: wdm didn't. Issue sorted.

When it came to cloning the machine for another member of staff, they complained bitterly about the lack of desktop. I enabled KDE for them and that complaint stopped (and the fonts were okay, bizarrely enough). I don't know why I picked KDE 3.2.2, but Gnome just didn't seem to cut it. KDE I find painful and over-busy, and it is very difficult to find configuration tools and then even more difficult to use them. I keep looking on the menus for "Email Settings", only to find that it's actually called "Configure Kmail". Only recently did I actually find out how to add a printer - not for lack of looking. I use foomatic-gui instead, even though it depends on Gnome for some bizarre reason, simply because it's REALLY straightforward. Big Stupid Buttons With Really Obvious Words like "Add Printer".

Under KDE, It took ages to work out how to put CD-ROM and Server links onto the desktop: you have to left-click drag-and-drop (I was expecting right) and then a little menu comes up "copy or link". Under Gnome's Oroborus Desktop, you just right-click and select "Drives" from the context menu, or select "Link" to create a shortcut.

I should have installed them on Gnome, because Gnome, by being slightly behind in functionality, is actually easier to use. But KDE 3.2.2 is a lot faster (snappier) than Gnome 2.6, and on these older machines, mostly Pentium 300s, it makes a difference.

I can't really explain it, but I have put my dad's machine on Gnome, and his 55-year-old former business partner on Gnome, but I wouldn't put an Office full of people on Gnome.


Let's recap. I have a bunch of windows-users who think they each own the company machines they use. I have nightmares about how much it would cost this little company to have Windows do all of the things I am doing for them, and how much they would have to pay an MCSE certified person to do it for them. I can sit at home and wait for phone calls. I can remotely log in and sort things out. I have hand-held some of the members of staff through the process of clicking on their desktop in order to access the Server and to work with Excel and Word. I have shown them that printing works. I've stopped them from saving stuff on machines that aren't locked away.

There are things that I could have done differently: there are things that I could have done better. If I had thought in advance about what I wanted to achieve, and had the hindsight of some of my own experiences, I would have done things differently. But instead, I have experimented, and found what works reasonably well - for me - having got there in a roundabout route.

Wish List

What would make my life easier?

Well, Winbind working correctly, for a start. Samba being as easy to configure and set up as a Windows NT Domain Controller is, and a Winbind-enabled system being as easy to configure as a Windows NT Workstation (on installation of Winbind I was never asked to type in the Domain name nor asked for the Administrator username and password, which is all that is required for an NT workstation to join an NT domain).

I must investigate OpenOffice alternatives, or at least it would be great if OpenOffice could actually be a viable alternative. an 80 mbyte download, and all the implications for developers thereof, and it still isn't good enough (makes you wonder why we have commercial software products, doesn't it?) I must try my CorelOffice stuff out on them, and also that port of Office to Linux by a German company, plus there's also a Chinese company that's done an Office Suite written in Java...

Debian running SE/Linux would alleviate some of my fears about the servers, and then consequently the entire network, being rootkitted. Yes I know Redhat do Fedora Core (by way of employing Russell), but I don't like Redhat (the management, the funding, the IPO nor the Package Manager). Yes I know about Gentoo (Hardened by default), but the prospect of downloading everything as source code I can't entirely justify _quite_ just yet :)

KDE having easier-to-look-at configuration options, and having more intuitive use of the Right Mouse Button (it's the one on the right :) for context-sensitive options such as, on the Desktop, pulling up a menu that includes "Mount Drive e.g. CD or Floppy on Desktop" and "Create Link" rather than having to run the file manager.

Gnome and KDE having cross-application support so I can expect to install Evolution or any othe application under any desktop, or I can build myself my own Desktop Manager from the BEST of both environments. I expect to be able to install a Gnome Desktop running Oroborus and to have KDE's Kmail and its better applications, and to have KAddressBook... or vice-versa. I expect to replace Kmail and KAddressBook with Evolution, or vice-versa, and for the configuration setup involved to be ZERO WORK, a confident no-brainer exercise.

In short...

Linux on its own isn't quite ready for the Desktop for Businesses: in key areas, it simply doesn't stack up. That won't stop me from throwing this company in at the deep end and seeing if the staff don't quit in disgust, but I'm definitely NOT prepared to cut the dependency on commercial software completely.

I can't tell you what the best direction to go from here is: all I can really say is that the "Not Invented Here" syndrome of stubborn developers that keeps Linux away from the ordinary Business User has got to go.

Mozilla or Konqueror, posted 23 May 2004 at 14:08 UTC by lkcl » (Master)

despite being less functional (and not coping with frames that satisfy both IE and Mozilla properly), Konqueror is very snappy. Mozilla takes almost as long as OpenOffice to load on these machines, and I must remember to replace it with Mozilla-Firefox sooner rather than later, because the proxy settings and bookmarks and passwords don't get transferred from Mozilla to Mozilla, which is geniunely stupid.

HDD, posted 24 May 2004 at 14:45 UTC by Malx » (Journeyer)

You really should consider using IDE-Flash drives instead of real 40Gb HDDs :) They consume less power and more silent. You could use 256Mb or 512Mb Flash. There are thin clients for sale with Linux embeded - see Siemens site.

``Not Invented Here'', posted 24 May 2004 at 15:48 UTC by tk » (Observer)

Hmm. Someone forks a certain project because he didn't like the way the original project was maintained. Then he turns around and says that developers should be working on One Single M$ Office Clone Suite, rather than dispersing their efforts among OpenOffice, CrossOver Office, AbiWord, etc. Well, well.

By the way, I wonder if LyX has mail merge?

apologies, posted 24 May 2004 at 21:20 UTC by lkcl » (Master)

once again i apologise to people reading now and in the future for tk's behaviour, for attempting to misdirect you in my name. he is directed to belittle and does not think of (or is compensated well enough to ignore) the consequences for himself, myself, or for advogato and its readership. i am forced to feel ashamed on his behalf.

i have taken a close look at his comment and considered what he is implying, thoughtfully, and, whilst i am still extremely upset with what happened in 2000, and there are hints of that still in the above article, i believe that i impartially explored the technology available to me in order to solve a business customer's need, and found it lacking in significant ways, for both myself and my clients.

my past experience with samba leads me to be specific _about_ the failings of that project, whereas on other projects, i can only write a wish-list just like any other technical user (reportbug is your debian friend).

i wrote the article in order to enlighten people who may be faced with a similar venture, and also indirectly to solicit other people's experiences - which i myself might also happen to benefit from or be goaded into guilt-ridden action to fix (proper use of a dhcp server springs to mind :)

for example, malx's suggestion of using a flash-ram disk and to clone it.

the specifics of the situation that my clients face is that i wish to convert their windows-spec'd machines to linux desktop machines with the minimum of aggro, and without (unfortunately) spending significant irreversible cash - i.e. if they _do_ decide to reverse the decisions i have taken on their behalf, they _do_ actually have the option to do it and/or sell the hardware later (hence, all new machine purchases still have CD-ROMs).

by the way: tk, please ask your paymasters to change your remit, because your comments are getting out of hand.

Re: apologies, posted 25 May 2004 at 02:19 UTC by tk » (Observer)

lkcl, you're not just writing a wish list. You're telling people how they should organize themselves. That is out of hand.

I think there's nothing wrong with what you want, a good M$ Office Clone Suite. But regarding how to accomplish this, why can't you for Pete's sake just leave other people to decide that, instead of hard-selling a method which even you yourself don't follow?

As often said: Separate the "what" from the "how".

Some comments, posted 26 May 2004 at 17:20 UTC by ralsina » (Master)

* You don't need to do that weird invocation of ssh. Just use ssh -X (it is probably even the default!).

* It only took ages to add the server or CD on the desktop because you already knew how GNOME (or windows) do it, not because it's harder, IMHO.

* You should really look into KDE's Kiosk mode.

* You should learn a lot more about how to use KDE before you make others use it, if you expect to be able to support them. A desktop is not a simple system.

Doesn't stack up??, posted 27 May 2004 at 08:38 UTC by Mysidia » (Journeyer)

Linux on its own isn't quite ready for the Desktop for Businesses: in key areas, it simply doesn't stack up. That won't stop me from throwing this company in at the deep end and seeing if the staff don't quit in disgust, but I'm definitely NOT prepared to cut the dependency on commercial software completely.

You've just given advantages of the distributions using the Linux kernel... why windows doesn't stack up...

  • With Linux Don't need to purchase a lot of expensive software
  • Easier rollout with Linux
  • Greater flexibility in policy enforcement options... With Windows, it's a nightmare
  • Better remote management (costly and complicated in windows)
  • With Linux you were able to run CrossOver-office well on your very low-end 128Mb ram Pentium III 300 machines (try doing that with Office XP on Windows XP Home!).

  • The fact that you have setup systems using Linux desktops, and the people can actually work in them... Windows... as you said, lost passwords to servers, and ... Blue Screen of death, anyone?

Not least of all is that on a 128 mbyte of RAM and only a Pentium III 300 machine it takes five seconds to load a Word Document on CrossOver Office, and a full MINUTE to load OpenOffice.

What you need is better hardware, say Athlon >= 800 Mhz, >= 256 Mb of RAM if you're using a bloated desktop like KDE. And OpenOffice should run more than acceptably. As for the difficulties for MS Word users, those are migration issues that don't indicate anything about the merits of OpenOffice or the Linux desktop. [As if CrossOver made it a non-Linux desktop (bleah)]

The reduction in boot time from Windows 9x to Linux should make the increase for OO quickstart more than manageable.. many Linux distributions are starting more services than needed and not launching them in parallel. If you didn't make changes already, you can probably reduce the time to boot significantly.

Whether a Desktop is good or not needs to be evaluated based not on migration but on first use (IE: for users that don't have expectations that they got from years of using Windows and MS Word), and you can't really expect miracles out of the box with Linux (yet), especially out of Debian or Gentoo: the person setting up the machines will need to do extra work, writing scripts/conf files, tailoring menus/preferences/resources/etc.

People had to learn how to use Windows and Word fully/efficiently, they will need to learn some things through training, support, and experience in order to fully and efficiently use OpenOffice or KDE or Gnome or Linux too.

The expectation that everything will be exactly the same as a person's already used to from a different OS, is, well, unreasonable, IMO.

Samba? Why this if you're moving to Linux... NFS and NIS/PAM/LDAP/Kerberos/whatever.. you have a lot of choices other than Samba for both authentication and file shares. With all the Windows Machines moved to Linux, there's no reason to bother with the headache of running Samba / Winbind as a domain controller... targetted at an OS you aren't using :)

Time for a little offtopic rant...

The users' attitude was, and to some extent still is, that each machine was (is) "owned" by the person using it ...

So when an employee has a certain office, or a desk, don't you say that's (Such and such)'s office, or that's (Such and such)'s desk?

While an employee's not the legal and ultimate owner/controller of their work computer systems.. the setup of the space or their computer can have a profound effect on how they do their work... in a very real sense, it is theirs, in this sense that they have very good reason to be concerned and be notified about other people mucking around with it, or changes that others have suggested to be made to the equipment, etc, etc.

Certainly it's not yours either [eg] Esp. Without someone around to help maintain their systems, it's only natural... it's a thing they put work into/part of their work space.

It's rather sensible that other people need to get a password (like a BIOS password) from the primary user to muck around with the working configuration of the machine they have to use on a daily basis.. of course if the person's replaced, or some supervisor needs to get at their work-related docs, the contingency always needs to be prepared for, so it can be handled swiftly. :)

There's something bad to be said about "enforcing policies" technologically. It's a bad idea.. it limits flexibility. Get a bunch of machines without floppy drives... then suddenly users may find they could use floppies for some other perfectly legitimate reason: like exchanging files; moving some documents from a laptop to their workstation, or whatever, there are lots of things floppy drives can be used for.

Users should be involved directly in making policies.. should understand why they are there, and explicitly what kind of special efforts they need to make to ensure things go smoothly. Going around them and simply silently stripping capabilities out of their systems is not very nice.

As for people giving out their passwords... You might ditch password authentication? Get something like the RSA tokens where authantication is based on something the person has (token) and something they know (Pin#)... or use biometric ID.

Forget it though, they can always have another employee login and turn the console over (EG)

More appropriately provide people on site with instructions on how to manage the user accounts: adding and deleting users should not ever involve making phone calls to the person who set up the network originally. There are definitely graphical tools like linuxconf (for instance) available for that. People on location should know how to handle routine things.

[No wonder people would hide their boxes, sounds as if you made it hard for them to administer their own machines. And dropped a bunch notions on their heads that they could easily view as quite bureaucratic/irrelevant... truly individual usernames, passwords, but they have to call you from afar (kind of like asking your greatness) just to let the new person in...]

Yes, individual usernames/passwords are commonplace now, especially on the internet.. But just because users aren't familiar with all the nuances of computers that geeks are does not mean they are stupid blind sheep or don't deserve every bit of consideration that anyone else does.

thank you to tk, posted 27 May 2004 at 14:15 UTC by lkcl » (Master)

tk, thank you very much: your point is a good one, made clearly. yes, i appreciate what you are saying: i have missed out a few steps between what i have experienced (difficulties for business users with linux on the desktop), and what i believe is the solution (benefit from microsoft's R&D and useability studies and MakeItLookLikeWindowsTM), and yes i realise that there is nothing that i can, at this time, do about it - except to write articles like this one. i have a little catch-up to do and i promise i will get back to you with either some logical steps or a better way to express what i believe.

small office, mixed computer literate and illiterate individuals, posted 27 May 2004 at 15:55 UTC by lkcl » (Master)

in some ways i am quite lucky, in that the requirements of this particular company are simple: they are still using excel to do invoices, they do mail merges to send out letters for prospective business, and they have a mixture of staff who _have_ worked at large corporations with full-time windows admin staff, one person who knows how to upgrade Outlook and know what voodoo invocation to do when it then crashes on adding a new contact, and some staff who phone me up whenever their HP deskjet has a paper jam and automatically disables its own print queue.

that they haven't objected and over-ruled my endeavours to convert the entire office from fully windows to fully linux is leaving me slightly confused and bewildered, rather than impressed with myself.

the person who hid his old machine was an early victim: i had cloned the machine that had fvwm on it (that my really nice telesales lady was quite happy with but mr machine-hider wasn't). when i explained to him that he was getting a nice pretty desktop and yes, if you click on the XLS document it just works, he capitulated and then grudgingly told me where the hidden machine was.

adding users

hm, having a script to allow users to be added. to be honest, i so don't trust these staff to not screw things up that it hadn't even occurred to me to have a pretty program that does the work. and being even MORE honest, i sincerely believe that even if i DID provide them with such a script, unless i was there to hit them with a Big Stick they STILL wouldn't actually use it!

on the flip side, however, it would make my job easier, and also for other companies with more computer literate staff, such a tool would likely also prove invaluable.


No wonder people would hide their boxes, sounds as if you made it hard for them to administer their own machines.

dude, i thought it was fairly obvious from what i described: until i came along there WAS no administration of machines! the only thing protecting them from not having their computers destroyed by viruses was that they didn't even have any internet connectivity - AT ALL!

i've had to deal with the lack of anti-virus software and other safety measures by restricting internet access, by insisting that they use mozilla and mozilla mail, banning outlook and internet explorer, etc. what i REALLY want is to move off of windows-dependence and risks altogether, but that's not going to happen until things like openoffice or alternatives work properly and save by default to word documents.

but seriously, the problems faced are caused by users administering their own machines - some of whom have now left, taking the administrative password with them, having made copies of hundreds of files onto their local machine, editing some of those files and then NOT COPYING THEM BACK TO THE SERVER (meanwhile other users continue to edit the same documents on the server and other files in the same subdirectory as the one copied).

i mean, it's a complete nightmare: there are several thousand documents, with about three copies of around five to seven hundred of those, because someone "didn't trust the server". that's what leaving users to "administer their own machines" results in, in this case, and it's why i am enforcing some of the decisions that i am, drastic as they may seem.


the employees at this company use the computers they have, at work, to do administrative tasks (typewriting, effectively) and then they go home. they _certainly_ aren't paid enough to afford laptops, and that only about three of the eight full-time staff have their own home computer.

i've repeated several times that files should be copied via the network, and remain on the network server, and each time i come in i find 1) a new member of staff using someone else's password 2) they don't know what they are doing 3) checking the machines i find files all over the remaining windows machines or on floppy disks. there's only so much repeating i can take until i have to decide to take capabilities away from them in order to enforce policies that, ultimately, reduce the risk of data loss etc.

i know this all sounds like really drastic, but not all companies contain technically savvy employees with a corporate infrastructure to whom the responsibility for enforcing and drumming in IT policy can be pushed. anyway, this is all background material to the goal of getting these people moved over to Linux, and it's been a bit touch-and-go so far, and that's what i really wanted people to know.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page