# Corporate multi-user FreeBSD workstations



## byrnejb (May 9, 2020)

The present title is awkward, agreed.  The question is: Does anyone here currently work in a multi-user (~10+) corporate environment where all, or nearly all, users have workstations using some form of BSD?  If so, then how is central authentication and authorisation handled (single signon)?  How is file sharing handled: NTFS, WebDAV, other?


----------



## zirias@ (May 9, 2020)

I'd be very surprised if you find any. Although perfectly doable, why should an enterprise opt for such a solution, when you can just buy Windows workstations "off the shelf" and get volume licensing?

I currently have a private setup with 3 FreeBSD workstations (and a few Windows machines), central authentication is handled by a samba AD DC, shares are available via NFS (guess that's what you meant, not NTFS) for the FreeBSD clients and also CIFS for the Windows clients. The same would probably be feasible for a small business, but again, why would anyone want that? Someone also has to operate it, and you probably find enough people there if you just use Windows, plus you might have support plans as your backup in case of problems. Server installations could be a different story, but then, there's a tendency to just use more cloud services.


----------



## byrnejb (May 9, 2020)

As to why anyone would want that there are a few things that come to mind:
1. Unstoppable updates.
2. The requirement to have public internet access , even if only through NAT, for internal workstations, see 1.
3. The likelihood that Windows 10 security does not include Microsoft as an adversarial actor.
4. The possiblity that files on a Win10 machine might mysteriously appear in cloud storage after an update turns on a 'feature'. An update which cannot be prevented.
5. A general antipathy towards Microsoft licencing.


----------



## 20-100-2fe (May 9, 2020)

Microsoft's decision to force the upgrade to Windows 10 has decided some of my friends to ask me to install Linux on their PC.
They had nothing to loose, anyway: their PC no longer worked after the upgrade...
But in the corporate world, you're not going to see that for a simple reason: c8n.
Corporate and public investments are never decided on technical criteria - otherwise, we'd live in a very different world!


----------



## 20-100-2fe (May 9, 2020)

Thanks for the link, these stats are interesting.
I expected such a figure for Linux, but I didn't expect its pretty uncommon score of ca. 6% in India!


----------



## CoTones (May 9, 2020)

IIRC OpenBSD can be used


			A Puffy in the corporate aquarium


----------



## kpedersen (May 9, 2020)

pyret said:


> Essentially nil considering in April 2019, *1.63%** of all desktop operating systems worldwide ran on Linux*. That isn't just for corpoate environments, but all. Windows and Mac own the desktop.



1.63% is a fairly large market. I am guessing these are more scientific engineering posts such as CERN, Tesla, GSK (Research).

If I ran a business setting up corporate desktop environments, I might even consider targeting that 1.63 percent because I would have a much larger slice of that cake compared to the amount of competition I would get in the Windows world. Plus... it is more interesting and "correct"


----------



## PMc (May 9, 2020)

This cannot be done because it would work. And you cannot make money with things that do just work.


----------



## tingo (May 10, 2020)

Not as centralized as you think:
- gsuite (gmail) for mail, file sharing
- git (github / gitlab) for development / projects


----------



## byrnejb (May 11, 2020)

A the risk of being labelled with the 'tin-hat' moniker I point out that certain bodies, like accounting, engineering,  legal, and medical practices, insurance firms, and various levels of government, all have highly personal data on many individuals that has extreme commercial, social, and political value to various actors.  Placing ones confidence in the ethics of Google, MicroSoft, Amazon, or any other third party to refrain from taking advantage of possessing ones data on hosts to which their employees have physical access seems to me to be, shall I say, extremely problematic.  One does not need an external threat to be seriously compromised.

Open-source development aside I see no good reason to trust github, gmail, gitlab, hotmail, etc., or any 'cloud' based service with personal or client or technical information of any sort.  I see an awful amount of risk being taken by people who use these services without much consideration respecting the lack of legal protection or government enforcement capabilities for what little protection does exist.


----------



## Sevendogsbsd (May 11, 2020)

pyret said:


> Essentially nil considering in April 2019, *1.63%** of all desktop operating systems worldwide ran on Linux*. That isn't just for corpoate environments, but all. Windows and Mac own the desktop.


Windows doesn’t own the desktop because of quality, they own it because Microsoft flooded the market back in the early 90’s. People don’t know anything different.


----------



## tingo (May 11, 2020)

byrnejb said:


> Open-source development aside I see no good reason to trust github, gmail, gitlab, hotmail, etc., or any 'cloud' based service with personal or client or technical information of any sort. I see an awful amount of risk being taken by people who use these services without much consideration respecting the lack of legal protection or government enforcement capabilities for what little protection does exist.



Well, you don't have to. Git and the tools which gitlab / github are built on are open source; you can easily set up your own private gitlab-type server in your company that nobody else has access to.
Also, assuming that users of online services (whichever services they may be) do so without consideration of risks and consequences implies that you have very little faith in your fellow humans, and their competence, don't you think?

In the part of the business world that I work (and have worked) it is uncommon to add a new service to the business without first doing risk analysis, evaluation and mitigation planning.


----------



## kpedersen (May 11, 2020)

tingo said:


> Also, assuming that users of online services (whichever services they may be) do so without consideration of risks and consequences implies that you have very little faith in your fellow humans, and their competence, don't you think?



Possibly not the sort that visit these forums but... yes, oh so little faith.

As you probably know, there are "IT" people who would actively defend the worse solution because it has the biggest poster. The allure of "the cloud" is basically an unlimited sized poster


----------



## 20-100-2fe (May 11, 2020)

There are several reasons for choosing the "biggest poster", an important one being that at a high decision level, you don't invest your own money, so you don't care about the consequences. Moreover, you're backed by market analysts and audit firms.

However, spending others money in "bad" investments is socially esential: the global population is ever increasing, so for everyone to eat and have a home, the economy must also grow. And how can you possibly achieve a constant economic growth in a finite world? My grandpa already knew the only solution to this problem: "doing and undoing is still working" did he say.

Open source cannot play that role because:
a) it is efficient, reliable, dependable
and b) it does not require spending money.

This is why, unless some open source projects help big companies to increase their margins, "worse" solutions will always be chosen. They are not "worse" in every regard, and certainly essential to our survival (at least in the short term).



kpedersen said:


> As you probably know, there are "IT" people who would actively defend the worse solution because it has the biggest poster.


----------



## kpedersen (May 11, 2020)

20-100-2fe said:


> Moreover, you're backed by market analysts and audit firms.



Whilst I certainly see what you are saying, phrases such as "No-one ever got fired for choosing IBM" and "The only way is Microsoft" has held back the industry for years!

Yes, following market analysts and audit firms is safe but it will never allow you to become a market leader and really stand out. Almost by definition.

And that is fine, but there are a lot of cases where upper management hold back the innovations of their team because they read too much of what "the other guy is doing" XD

(I guess my view is mainly coming from University IT and mid-sized game development studios. IT stagnation is rampant in these areas (possibly related to the fact that Microsoft also happens to have a big foothold))


----------



## sajigol919 (May 11, 2020)

iXsystems at one point sold PC-BSD work stations. May be worth contacting them to see if they were involved in any large roll-outs.


----------



## byrnejb (May 11, 2020)

tingo said:


> In the part of the business world that I work (and have worked) it is uncommon to add a new service to the business without first doing risk analysis, evaluation and mitigation planning.



Well, I worked for Nortel in a senior technical position and what passed for risk analysis amounted to little more than the best marketing presentation and the lowest price / greatest discount.  And we know where they ended up.

The point I wish to make clear is that there is exactly one form of security: physical.  The rest is wishful thinking.  If somebody other than your own personnel has access to your facilities, in your office or through a service provider, cloud based or otherwise, you have no security.  All you have is faith.  And faith is ofttimes baseless, or betrayed.


----------



## Jose (May 11, 2020)

byrnejb said:


> ...Placing ones confidence in the ethics of Google, MicroSoft, Amazon, or any other third party to refrain from taking advantage of possessing ones data on hosts to which their employees have physical access seems to me to be, shall I say, extremely problematic.  One does not need an external threat to be seriously compromised.


I'm not worried about the companies or their employees. Any little man with a badge and a subpoena can get access to any data any cloud provider has. Nowadays that's everything for most people.



20-100-2fe said:


> However, spending others money in "bad" investments is socially esential: the global population is ever increasing, so for everyone to eat and have a home, the economy must also grow. And how can you possibly achieve a constant economic growth in a finite world? My grandpa already knew the only solution to this problem: "doing and undoing is still working" did he say.
> 
> Open source cannot play that role because:
> a) it is efficient, reliable, dependable
> ...


This is just a re-telling of the broken windows fallacy. That was debunked 170 years ago:








						The Broken Window Fallacy: Definition and Examples in Economics
					

The broken window fallacy is a parable that is sometimes used to explain the problem with the notion that waging war is good for a nation's economy.




					www.investopedia.com


----------



## byrnejb (May 11, 2020)

Jose said:


> I'm not worried about the companies or their employees. Any little man with a badge and a subpoena can get access to any data any cloud provider has.


If no-one has access to your data other than you then those little men will have to show up on your doorstep with a subpoena for you. Otherwise, you will not even know that anything happened.

The 'evil maid' gambit is a classic security dilemma. Access is everything.


----------



## Hakaba (May 12, 2020)

Why I read this post ?
I am working in the «web industry» and what ton off mess...
HTTP / HTML do not need Kubernetes, Babel (javascript transpiler... This concept is incredible ), ABTasty (javascript handled by other company to inject messy code in all page), ...
And not only technically. What is «scrum methodology» ? With evangelists, former, ton of tools and reports...

What a mess...

Just because «digital marketing» has money.
My guess for the future :
Stop trying to reduce our carbon footprint. Each liter of petrol you will save will be consume by your neighbor...

Sorry for my pessimistic post. Tomorrow, I will continue to «produce» in that mess to be payed. That is not always a sufficient motivation.


----------

