Why I Use Generic Computers and Open Source Software

OSNews ^ | 24 November 2012 | Howard Fosdick

[ShadowAce]

Do you depend on your computer for your living? If so, I'm sure you've thought long and hard about which hardware and software to use. I'd like to explain why I use generic "white boxes" running open source software. These give me a platform I rely on for 100% availability. They also provide a low-cost solution with excellent security and privacy.

People's requirements vary, so what I use may not be the best choice for you. I'm a support person for databases and operating systems. I also do consulting that involves research, presenting, and writing. I use my own computers and work from home. This article is about desktops and laptops, not handheld devices.

Replaceable Hardware

I need 100% system availability. If I don't have a functioning computer at all times, I can't do my job. I'm unhappily "on vacation" if I'm fixing my computers. My solution is to use only hardware I can fix or replace immediately.

One could adopt other strategies to meet these strigent hardware requirements. Some pay more for higher quality equipment, betting that this results in fewer failures. Some rely on vendors for support. They select a responsive company with a good reputation for service. Knowledgable help is vital. Many prefer local support staff who are easily accessible. Thom Holwerda wrote an excellent article explaining why he picks iMacs for high availability.

I take a different approach. I use generic white boxes with all stock parts. Since computers are inexpensive I keep several on hand, along with extra parts. It's easy to swap parts if necessary. PCs are highly standardized -- if you acquire them with an eye to non-proprietary components. I open up and inspect every machine before I use it. (Watch it with laptops. Some vendors will mold their DVD drives to non-standard shapes or add proprietary plastic you have to fit on your hard disk to properly connect it.)

For my self-service approach to work, you have to know how to perform basic hardware problem identification. You don't need to be hardware-trained. I'm not. The key is to be able to quickly identify common problems, because the hardware fixes are easy with a replacement strategy. A good problem ID procedure and a few rules of thumb are all you need. (I'll share mine in another article if people are interested.)

If a hardware problem requires more than a few minutes, use a backup computer. Once this was prohibitively expensive. Today cheap generic boxes make it feasible. Another change from years past is that you no longer need current hardware to run current software. I run resource-heavy apps like enterprise DBMS and website generators with a few gig of memory and a low-end dual core processor. That's a five year old machine. You can get a fleet of them for the cost of one hot new gaming box.

Critical to my approach is that you keep your work -- your data -- portable. Back it up and move it between machines with a USB memory stick. Don't ever get in a situation where your data resides only on a single machine. Same with software. If you depend on certain applications for your work, ensure they're available on more than one machine.

To do this just copy data directories or entire partitions between computers. If you need a certain application or configuration for your work, copy it. If a USB memory stick isn't big enough to hold your copies, use a USB hard disk. Or, perform network copies. I run them in the background while I do other work. Virtual machines are also useful. Just move guest OS files between VM hosts. Virtualization lets you easily, safely, and securely run multiple OS's on one computer.

Vendors are well aware that generic hardware and portable software threaten their profits. That's why most proprietarize any way they can. Unified Extensible Firmware Interface (UEFI) is the latest of many attempts to kill competition by an artificial barrier. The rationale for UEFI lockdown you often read about -- that it prevents boot viruses -- is intended to mislead. The last time secure booting was a major problem was back when people booted from floppies. It's not boot viruses you have to worry about, it's those within Windows that cause the problems.

Applying this Philosophy to Software

To apply this philosophy to software, I use stock parts that can easily be installed, copied, or replicated across machines and backup devices.

There's a name for such software: open source. While open source software (OSS) saves you money, flexibility and licensing are the big benefit. You control it, it doesn't control you.

Let me give you a single example: backup and recovery. In Windows World, there must be a dozen ways to recover a lost system (off-hand, I can think of the Recovery Console, System Backup and Restore, recovery partitions managed by OEM software from vendors like HP or Dell, the Last Known Good Configuration, Safe Boot mode, Registry Export/Import, and performing a Repair Install). Why so many different ways to solve a single problem?

The answer is that vendors want to control your backup and recovery. Otherwise they can't lock you in and make you a source of continuing revenue. Vendors claim "ease of use" -- but is it really when you face this tower of B/R babble? With OSS, I issue a single command to either backup or recover. I don't have to navigate a half-dozen different apps designed to "help" me.

Here's a real-world example. My motherboard died last summer. I removed the boot disk from the dead system and plopped it into another, then booted that Linux instance on the target computer. Problem solved! Windows won't let you do this. Its hardware-bound Registry, authentication procedures, and licensing all specifically prevent it. They're designed to. Why? So you don't steal Microsoft's software. Microsoft places its needs to protect its ownership of Windows software above your need to solve your crisis. (Remember, you do not own the copy of Windows you "bought," Microsoft owns it. You only licensed it.)

Microsoft has every right to protect its property. But that's not our problem. Our problem is fixing our motherboard failure. Because of their agenda, Microsoft makes our life more difficult. Their software limits your flexibility -- on purpose. Heck, you can't even move an installed app from one disk to another without special software. The Registry -- Microsoft's control choke point -- prevents it.

OSS lets you easily move software across machines or disks or operating systems with just a command or two. I replicate operating systems, applications, and data how and when I need to. No Registry, licensing, authentication, hardware binding, or other artificial barriers make my job more difficult.

Here's another tip: Don't use an operating system you don't install. There was a time when a vendor-installed OS meant peak performance and a malware-free system. Those days are gone. Major incidents have shown that preinstalled malware is now a reality, ranging from spyware to rootkits to adware to craplets. This problem will get worse before it gets better.

Security and privacy require that you control your computer. If you use an OS someone else installed, you don't control it.

Compatibility

Most of the business world uses Microsoft's desktop software. So a big issue for those using my strategy is compatibility. How will you fit into Windows World? The answer depends on the kind of work you do.

For some IT professionals, this means running Windows and the Microsoft stack. "Use what your clients use." I hear you and agree 100%. Do what you need to do.

For most people, however, compatibility merely requires file interchange. I'm in this group. All we need for compatibility is the ability to create, update, send, and receive Microsoft Office files.

Using LibreOffice, I've encountered very few problems in exchanging word processing and spreadsheet files. Just stick to the features common to both LibreOffice and MS Office and avoid complex formats and layouts. The web has many articles on how to use LO and MS Office compatibly. (Ironically, LO is often more compatible with older versions of MS Office than is the current version of MS Office!)

The compatibility picture isn't quite as rosy when it comes to presentation graphics. Move a 40-slide PowerPoint file between office suites and you'll see many minor changes (spacing and fonts, for example). I circumvent this by presenting to clients with my LibreOffice laptop and handing out hardcopies of the foils.

Years ago, I used to double-check how my OSS-produced files looked on Windows XP. For example, I'd check that a Word document I created with OpenOffice looked the same in MS Word, or I'd verify that web pages created with Kompozer and Firefox rendered properly on Internet Explorer. I don't know whether it's because OSS compatibility has improved, or that I've learned how to avoid incompatibilities, but I haven't bothered with double-checking for a long while.

Applications availability is another concern. Do all the products you need run under Linux? Everything I need runs natively. For some folks Microsoft products are an important exception, since all are Windows-only. You can usually solve this problem with Wine, a compatibility app that runs nearly 20,000 Windows programs on Linux.

Business Savings

I'm an independent consultant. What works for me may or may not work for you. Or for small or large businesses. Still, when I see how some companies operate, I wonder if they're wasting money. Many could remain on Windows while strategically replacing components to their great advantage. This avoids a disruptive platform change while capitalizing on open source tools and apps.

Office suites are the perfect example. Microsoft Office licenses are not cheap, especially for smaller companies that can't swing the big discounts. LibreOffice and OpenOffice are functionally very competitive. You really have wonder why more companies don't even evaluate them.

Some would answer: support. But what kind of support do you get from a vendor that you can't get from the Internet? I'm old enough to remember when vendors created bug fixes for customer problems. Today they just tell you to wait for the next release (which they always insist you install, whether or not it fixes your problem). Support consists merely of work-around's and how-to's. You can get that online for free.

Another possibility is to keep Windows but replace Microsoft's proprietary development environment. Leave the ever-shifting sands of Microsoft's frameworks in favor of open source IDEs, programming languages, tools, and databases. Some companies score good savings while producing excellent apps with WAMP (Windows + Apache + MySQL + PHP/Perl/Python ).

These ideas aren't for everyone, but it always amazes me that some IT pros are so tightly wrapped in the vendor security blanket that they don't even evaluate alternatives. Some security blankets are well worth the money. Others only represent inexperience or inertia. Only you know which statement applies to your organization.

The Bottom Line

Inexpensive stock parts work well for my hardware and software needs. They're easily replaceable so I enjoy 100% availability. Low cost, high security, and good privacy are extra benefits. What are your requirements and what desktop strategy do you use?

[Ernest_at_the_Beach]

Google has done a poor job with Android....RE : Secutiry.

[Ernest_at_the_Beach]

Maybe Microsoft with there phone and tablet systems will do something good regarding security....we will see.

[zeugma]

I'd say it's largely the implementation. Any system can be hacked if basic design decisions are mishandled. There have been hacks launched against platforms that had installed bases of 15,000 total hosts, (google: witty worm) so market share doesn't seem to be an impediment to dedicated hackers. Apparently, being closed source hasn't help Microsoft avoid being a target at all.

Some types of software such as crypto systems shouldn't be even considered by professionals because the devil of such things is in small niggling details that needs lots of eyes to locate potential vulnerabilities.

Security needs to be designed in from the ground up, and then implemented correctly in order to work. I am constantly amazed at how poorly even large companies that should know better implement security. Here's a great example. Cicso makes a VPN client for windows. Many companies deploy it with a group-level password set that isn't disclosed to the users so they can't set it up themselves on non-company approved devices. Unfortunately, the configuration file contains a 'encrypted' copy of the password. The 'crypto' used for this purpose is so laughably weak that a python script can break it trivially in so little time, that there is not a noticeable delay. Granted, their stupidity made my life easier, but it is criminally dumb IMO for them to actually depend upon such stuff.

[CodeToad]

Anyone relying on hardware and software for a living that doesn’t have a business continuity plan to include extra copies of said software is a cheap idiot. I have been using Microsoft software for over 30 years without the problems described in this article. Not a hitch.

[roamer_1]

Closed Source versus Open Source does not in and of itself make for better security.

While technically true, reality must somehow be taken into account: There is a reason why all the big iron runs on 'nix. And if there is anything that hackers would love to hack, it is that big iron. There's your 'credz'. Not being some script kiddie whackin' at Android. And by-and-large, that simply doesn't happen.

I am not conversant with Android, as I am still fighting vainly against moving into the handheld world. But I can guarantee that it is not the underlying 'nix that is at fault. In order to control a 'nix box, one must gain root - and left to it's native design, that is next to impossible from afar (it really IS impossible, but like a scientist, one has to leave room for an impossibility to be possible).

If root is gained on Android, I can nearly guarantee it is something Google has done in it's interface, or in it's config.

That it persists would suggest to me that whatever is wrong is not in an OSS part of the OS, or it would have been found out almost immediately and corrected - as the OSS community's record on such things plainly evidences... IOW, the culprit is probably a closed-source addition.

But then again, that is just my opinion on the general matter - I don't know Android at all. Even so, any OS has a loooong way to go to catch up to what, 3/4 of a million virii that have exploited MS...

That isn't because MS is popular - It is because it is inherently exploitable and promiscuous by nature... Else that big iron, which has always been Linux or some brand of Unix, and precedes Windows by a decade would have comparable numbers. How many nix virii have ever been? But a handful, by any comparison. A negligible amount.

But that being said, I am not defending 'nix - I am speaking to the greater OSS community... including application level software too. Even on my Windows boxes, I tend toward OSS software. Especially on Win boxen because they tend to be portable and avoid the registry. They also tend to be quicker at their function, less intrusive, more intuitive, and more precise in function... not to mention weight.

The upshot tends to be that a programmer doing OSS is not doing it for $$, but for love of programming and a peculiar dedication to whatever function the software performs. it is an art to him. A labor of love. And that, FRiend, is hard to find in the chunked and formed production of for-money software by it's very nature.

That doesn't preclude a certain amount of eccentricity however (GIMP springs immediately to mind). but even that eccentricity becomes a beautiful thing, once one learns to expect it at times. GIMP, a tool like photoshop, is one of my very favorite apps, but it took me years of intimate use to understand it well, and I still freely admit I don't understand it fully. By now though, it's eclectic nature is almost as endearing as it's function... And I would hate it if it changed.

[LifeComesFirst]

Oh I didn’t know you were talking about systems being used by idiot end-users who download whatever, the ultimate security hole.

[5thGenTexan]

A plain vanilla install of Red Hat Linux does not default to a high secure configuration. That covers the usage model for a lot of non-idiot computer users who are not themselves experts, but simply people who use computers to do their actual work. Not everyone can or should have to be a computer expert. Some people have a business to run and just need to computer to work.

[EyeSalveRich]

here are some facts to jugle in your computer religion wars

http://www.microsoft.com/hk/windowsserver/compare/reports.mspx
http://www.microsoft.com/hk/windowsserver/compare/linux/server-security.mspx

[ShadowAce]

Those aren't facts. Those are propaganda. In the five minutes I spent (total) looking at those links, I spotted at least a dozen flaws.

Find something from a source that is at least *apparently* unbiased.