Posts by theOtherJT

Re: Minimal installation...

You know, I got somewhat curious so I decided to do a little experiment.

For entirely different reasons I found myself needing an Ubuntu machine that booted straight to a browser window - basically for digital signage, but we're going with Ubuntu as the base for a bunch of tedious policy reasons that I won't get into here. Firefox, as downloaded from their own website in deb form, and then installed onto a base version of Ubuntu server with just enough xorg on it that it's possible to target a single GUI application directly at the one running X session, comes out at just about 330M installed. In fact, from apt we see:

Need to get 80.2 MB of archives.

After this operation, 327 MB of additional disk space will be used.

A quick check of how big Firefox is running on my machine as a snap right now

du -sh /snap/firefox/current/

Further inspection shows 222M of /snap/firefox/current/usr/share/hunspell which is a spellchecking library that's been included as part of the Firefox snap. I actually already have that installed on my machine in /usr/share/hunspell where it's taking up a grand total of 800K because I have only the single dictionary installed, seeing as I only really speak English. The Firefox snap has decided to include 138 others just in case I need them.

I'm sure that Firefox is far from the only example of this sort of thing so I don't want anyone to take this as me explicitly calling out Mozilla, but this pretty much encapsulates my problem with snap packages. I can't get rid of those dictionaries. They're utterly useless to me, but because they're pushed in as part of a larger package I'm stuck with them and even the one dictionary I do use is a useless duplication of one that's already in my systems /usr/share. 221M of wasted space right there.

Sure, the snap itself is a squashfs so it doesn't take up all that space on disk when it's not running, but in a way that's worse because now it has to waste cpu and memory duplicating things I don't need as well as disk space.

Every thing that's packaged in this way is going to be duplicating libraries and other shared-only-now-they-arent-shared type files to one extent or another. That sort of thing seriously adds up over time.

Re: Minimal installation...

This is true, but "Hey, at least it's not worse" isn't the most compelling argument against something.

I wouldn't mind it using a lot of space - if you can even call 5.6G a lot of space these days when even the cheapest of machines come with 256G SSDs in them - if I understood what the hell it was using all that space for. I'll trade space for features, or stability, or speed or... well, basically anything really, since I have a lot of space to spare but I cannot for the life of me work out what I'm actually buying with all the space I'm spending.

Re: Laminate everything

We tried the "laminate a sheet with the common options" but it was deemed "untidy" and the conference booking staff kept making us take it down.

See, the problem was that the main theatre had both a left and a right projector, the idea being that it could be used as a video conference room where you could put the screen showing all the other participants on one side, and the screen showing your presentation on the other side. It also came with a pair of PCs in it - a Linux one and a Windows one. We were a technical type institute, so a lot of people had fairly esoteric custom software and needed Linux to run it. We also had a socket in the lecturn to plug a laptop into, if you had some particular reason to bring your own.

Now we have the case where you can have:

Windows Screen1 left, Screen2 right.

Linux Screen1 left, Screen2 right.

Laptop left

Laptop right.

Windows left, Laptop right

Linux left, Laptop right

Linux left, Windows right

And then there was the "overflow" and "screen cast" features that let you use the other theatres as overflow seating, so you could _also_ decide to PiP any combination of the above and send it to the IP streaming device that would encode it and send it to one of the other rooms, or to either of the screens or - if you were feeling really fancy - have the AV techs up in the control room mix it with another stream from one of the half dozen cameras that captured different angles of the theatre:

Tight shot on lecturn for presenter,

wide shot of stage,

wide shot of audience,

regular stage focus left screen only

regular stage focus right screen only,

ultra wide from back of hall capturing audience and stage

These could also be sent to either projector and streamed to another room, and streamed to the internet.

The overall matrix of what inputs could be sent to what outputs numbered comfortably in the hundreds. The spectacular complexity of the thing necessitated a whole full-height rack in the projection room full of HDMI switches, mixers, amplifiers, video-to-ip encoders and decoders... It was absolutely impossible for anyone to use that room without an AV technician running it from the big mixing desk at the back.

Of course the booking team would very happily rent it to people without a technician on the grounds that "They don't need to use all that". Which of course they didn't, but given that it was there it just confused the absolute shit out of everyone.

We would have been much better served with a big button on the lecturn that just put whatever was showing on the machine there up on one of the projectors and turned everything else off. Since, you know, that's what everyone actually did with the room anyway.

Re: Shocked I tell ya !

...and I'm certain that going to the cloud will help with that.

On prem we ran our estate with 4 people. In the cloud we now need 11, and we have had to dump a ton of responsibility onto individual businesses units to manage their own infra and those new cloud people are getting paid more than the old sysadmins were.

Managing cloud is different. Sometimes better, sometimes worse, but almost always different and paying for people who know how to do it isn't cheap.

Re: the only way...

Sure, but the internet doesn't exist only in Europe. Europe (or for that matter any other legislative body) can issue all the laws they want about the internet, but since it spans the entire planet by design you really can't trust that the specific place this particular bit of the internet is located gives a shit about laws where you happen to be.

It's something no government has managed to get it's head around. The internet makes international boundaries basically invisible and irrelevant. It's the unregulated wild west out there, and we can all pretend that laws apply to it but they just don't because anyone who doesn't like said law can simply host their service somewhere where that law doesn't exist. I mean do you check that every service you're using is hosted in a jurisdiction where your rights are respected?

Re: Repeat after me:

Trust no one. No one can be trusted. It only takes one moment of carelessness or a single malicious employee to do catastrophic damage.

I have a user who has, because he has local root on a shared GPU cluster, managed to force us to send his entire team home multiple times because he's totally hosed the cluster by playing with things he doesn't understand to the point where we've had to actually go into the server room and rebuild the thing from the local console.

He's not a bad person, but he's absolutely not qualified to be administering a Linux system. He's a software developer. Presumably he's a good software developer, because despite the number of times he's done things like this and we've not let him go, but he can't be trusted with local root.

It only takes one fuckup to seriously ruin everyone's day.

Re: Repeat after me:

I totally take your point. We had full time 5 (it was meant to be 7, but for all the time I worked there, we never managed to have the complete set due to staff churn caused by the shockingly low pay given the complexity of the work) members of IT staff to support a company with about 1000 employees.

Personally, I think that's pretty impressive. That means that each one of us was handling all the support requirements of 200 people, and this was definitely only possible because 90% of those people were using Linux systems that were basically impossible for them to break - and if they did break, due to hardware failure or something, they were all effectively identical and we could just swap in one from spares and have them going again in a matter of minutes. Compare and contrast where I work now where we have effectively 14 proper IT staff and another 4 help-desk technicians to support about 400 people and still provide what I see as a much worse user experience, but can't do anything about it because our management absolutely insist that all users must get local root.

I think what @cyberdemon was getting at in their "Lazy IT" comment was that it's a matter of training the IT staff to be able to run a thing like this, and not just relying on people who are just about good enough at their jobs to click through the list of GPOs and it'll probably work, most of the time, for most people, maybe.

I'm not sure it's fair to call those people "Lazy" perhaps so much as "low skilled" and you do get what you pay for. It seems like the barrier to entry for managing Linux at scale is much higher than it is for Windows, but that itself has upsides as well as down. Basically any idiot (including myself, back when I was responsible for the Windows desktops) can click through the GUI and find a bunch of GPOs that sound about right and apply them to the fleet and get a "sort of good enough on a clear day" level of management, but it takes a much more skilled Windows specialist than I ever was to be on the ball about which of those were deprecated in the last release, which don't work for the "Education" edition but require "Enterprise", which just plain don't work any more... I got caught out by AD an awful lot of times. That's before we get into the problems caused by someone clicking though a UI rather than using something like Desired State Configuration (is that still a thing?) because a lot of the Windows admins I've met over the years don't even know that's something Windows can do.

But then again I'm not a Windows admin, and if that were my job full time I'd expect to be expected to know that sort of thing and design things accordingly. As a Unix admin I was required to know a very different set of things, and I don't actually think there's a massive difference in the number of good Unix and Windows admins out there, there's just a fuck ton of bad Windows admins available because of the ubiquity of Windows devices.

When it comes to managing Linux at scale the answer seems to be "You can do it properly or you can't do it at all." where as Windows is totally possible to do badly.

Re: It is the UI

I'd give you the full list, but I'm afraid I can't find it. It's a bit like the rules for the badges. I've definitely seen it, but I have trouble finding it any time someone asks about it. The things I know work are i b strike code a sub sup q ul li blockquote but there might be others.

Re: It is the UI

I was informed (in a way that I think was intended as an insult, but never mind) that for those of us with enough comment history to prove we're not bots that El Reg supports a small set of HTML tags. In this instance the one you want is code.

And yes, there's plenty of weird arcane shit in Windows, but Linux has a reputation for this stuff. Probably not really deserved at this point, but it's definitely there - especially amongst people who perhaps flirted with the thing a bit back in the early 2000s and were traumatized by being expected to occasionally do things in bash and swore "never again".

I personally love it, but bash is very much a product of a different era and to the average person it looks like fucking voodoo.

Re: Repeat after me:

| And what if you have 200 laptops scattered here, there and everywhere and need to make a configuration change?

I had a puppet agent running as root (which the users were not allowed to have) on the laptops with a public endpoint that it would poll for changes every 15 minutes. If I needed to change a machine I'd update the manifest and the next time the thing checked in it would update the machine config accordingly. This had the double benefit of the fact that if someone changed something I didn't want them to change but it wasn't practical to completely lock (Common ones like the VPN config where the username was something people might realistically need to update, but the host address absolutely was not) it would simply change it back.

It was, in fact, the same system we used to update the desktops and servers - even the switches by way of a switch management bastion. Everything was IaC. Everything was version controlled. All endpoints could be swapped from the "Prod" to "Test" branches as required. It even managed major version upgrades entirely remotely. We offered a "Things done fucked up" boot option that would connect to a sftp site, validate the machine certificate for your host, and download you the correct and pre-configured installed should something go terribly wrong. It was - in short - a metric fuck ton more reliable and convenient than AD was, where Microsoft had a nasty tendency to change what settings did between one version and the next, and occasionally just plain take them away from me.

Now, this was not cheap - at least in terms of man-hours spent getting the thing to that state. Basically the entire infra was totally custom and there were effectively two full-time members of staff to support it, but then I don't recall AD being particularly cheap in that respect either - although I imagine it would be easier to hire people for.

Re: It is the UI

Indeed. I'm typing this from a Dell XPS15 running Ubuntu 22.04. It's without a doubt the best machine I've ever had, but it was issued by the company I work for and it arrived in the office with Windows 10 on it, and we had to re-build it. Dell actually do offer Linux on the XPS13, but go to this page and look at the "operating systems" list on the left, it's not there. You have to select the machine with Windows and then customise it to chose Linux. What's more they only let you do that on one specific machine! Despite the fact that Ubuntu works perfectly on the XPS15, they won't sell it to you.

Re: Linux Mint

Sure, any distro can but steamOS is a product. It's a thing people can just buy and use without thinking about it. It changes the perception, and the perception of Linux has been more important than the reality for a long time. Linux has been "good enough" for a long time, but the perception doesn't match that. I personally like mint. It was my daily for a couple of years before I decided that stock Ubuntu was now good enough that I was happy to go back to that - but people really like a thing they can buy and don't have to think about. The major benefit is that it comes on the device and once it's gotten it's foot in the door that way...

Re: It is the UI

UIs are important, but TBH I think that Gnome has been a "good enough" desktop for quite a while now. Certainly for the last 4 years. Even my eighty-something year old parents are just fine with it. In fact they like it better than Windows because it has fewer buttons. They just pin the four or five apps they ever use to the Ubuntu taskbar and get on with their lives and it isn't constantly asking them to sign into things or do updates. Those I set to happen automatically in the background and they never thought about them again.

Here's why I think they wouldn't have bought machines with Ubuntu on if I'd not bought them for them:

They had no idea that such a thing existed.

And that is probably the biggest blocker to people taking up Linux as a desktop these days. Most people have either no clue there is such a thing, or if they do know about it, they think that's some nerd thing for nerdy nerds that they can't imagine themselves wanting because they're normal people who don't cast magic spells that look like this ${array[${#array[@]}-1]^^}.

Even for me - who is very aware that Linux exists and would very much like to be able to buy computers with it pre-installed - it's remarkably hard to do so. Most vendors will sell you Windows or Windows, and if you try and convince them to sell you a machine with no OS at all, because you don't want Windows, they just plain won't.

Re: Linux Mint

I'm going to have to disagree.

I reckon it'll be steamOS or whatever it is that Valves supports. Why do I think that? I think that gaming is a hook. Kids will own Steamdecks to play games, and then they'll get used to the idea that they can sort of use this thing as a PC too. Then as they get older they'll need an actual PC for work, but now - and here's the kicker - they're already comfortable with the idea of steamOS, and of course they still want to play games too, so why not stick with what they know?

It's the same way that the 8 bit micros completely dominated the 80s. Gaming drove adoption. Yeah, they got killed off in business by the IBM PC, but they didn't die in the home until the PC was also capable of playing games so it could supplant them and do both. Games is a really powerful driving force.

Re: Repeat after me:

Curious what it was that was missing in 2005, and what's still missing now?

The biggest blocker everywhere I've worked was always MS office. Specifically Outlook and Excel. My feelings about those two particular abominations and the way that so many office workers are suffering what I would best describe as Stockholm syndrome regards to them are well documented at this point, but those have been the big blockers for me.

I have worked somewhere where we very successfully managed nearly 1000 Linux desktops and that was the case as far back as 2012 - but even there, which I still remember extremely fondly because of how incredibly easy managing Linux desktops at that scale actually was - we had another 100 or so Windows desktops explicitly to provide MS office to specific members of staff who refused to couldn't work without it.

Re: "We've always sought to give users helpful, accurate, and unbiased information in our products"

You and I might be fortunate enough to see it that way, but ask any of the hundreds of people who get pulled over in the US* for "Driving while black" and I suspect they'll feel differently - and that's just the ones who got pulled over and then sent on their way.

Much like you skin colour doesn't really play a big part in my life so I don't tend to think about it much, but it is a big part of a lot of people's lives. We can debate endlessly that it shouldn't be, but if we're going to be honest we need to acknowledge that for a lot of people it is.

In that context history matters and correct historical representation matters. It's not OK to say "Everything is all fine and well with the world we live in now, no one thinks about things like that any more, isn't this a lovely civilized society we live in!" While ignoring the fact that for a lot of people, no it isn't, and for the vast majority of our history, no it wasn't. No problem ever got fixed by pretending it doesn't exist, and no problem that ever was fixed stayed that way if people started pretending it had never existed in the first place.

*and I imagine in a lot of other places, but literally every black person I know who has been to the US has gotten pulled over for as far as they could tell no reason at least once, and this is not true of all the white people I know.

Re: I support him

"Do not" seems fair. I don't see any evidence of it.

"Cannot" however is a stretch. To quote(ish) Captain Jean Luc Picard:

"We took are machines, only of a different construction"

I don't see any reason we couldn't make a machine that thinks in theory.