In my job, I often have to make accommodations for the security desires of my clients. That can be a massive pain in the ass, but it’s better than working in an office.
So when I started this new job, I worked on my Linux box and my Mac laptop, with a massive preference to my Linux box because it’s got two nice big monitors, a really nice clicky keyboard, and I have all the ergonomics dialed in. I had Postgres running on both systems already for other purposes, and it wasn’t hard to install the software we were using as the base system on both. I kept the software in sync between both of them and the client’s dev server using git. Everything was beautiful. For accessing things like time sheets and corporate email, as well as connecting to their dev server, I had to use Citrix, which was a minor pain, but fortunately I didn’t have to do it very often.
But then the client said “oh, that test database we gave you has real employee ids and the like, and so we need you to take some security precautions with it. Specifically, you need to turn on full disk encryption on your laptop, and purge the copy of the database on your desktop.” It took a bit of work, but I managed to get it so that my software would still run on the Linux box and connect with PostgreSQL on the laptop over an SSH tunnel, and so I’m in compliance with their wishes – I do have to remember to shut down the test server on my Linux box and the SSH tunnel before removing my laptop from the LAN, but that’s ok. That’s what you’ve got to do in this brave new work of computer security.
But now we’re entering a new phase of the project, where my code has to talk to a web service that a different group at the client site provides. And that web service is only available inside their firewall. That gives me a few choices for development:
- Do my local development without benefit of the web service calls, “comment them out” or the equivalent, and only test them when I “git pull” the code down to their dev server. Not a great option, because the code I’m testing locally is even further away from their code.
- Write a dummy web service on the Linux box or my laptop or both, and use that for testing. Probably feasible, but more trouble than I’d like to go through.
- Get a VM on their site where I can do development and testing both.
The last option is probably the easiest. It also means I can get rid of my copy of their database, and therefore get rid of full disk encryption on my laptop (which means no more typing my password every time the display blanks). The downside is that the VM will probably be Windows, which is nowhere near as nice to do development on as Linux or Mac, especially if you don’t have admin privs and so you can’t install the stuff you like. (I’m guessing I can’t install Sublime Text, not sure even if I can install gvim.) The real clincher is whether I’m going to be able to install a version of the base software or not, because if I can’t do that, I can’t work. If I can install it, then I probably can work that way – it’s a simple as that.
But if I’m going to do that, I’m going to want to log in from Linux because of the ergonomics I mentioned earlier. I’ve been using my MacBook Pro (or even this shitty Dell laptop I have for testing purposes) to log into Citrix because I didn’t want to install the Citrix client program on Linux. But needs must, etc. I looked on the Citrix web site and they have a .deb “for 64 bit Linux”. I downloaded it and clicked on it, and it said that it needs to install 246 other packages to satisfy dependencies, including 32 bit versions of nearly every major library out there. Sorry, Citrix, that’s not my definition of a version “for 64 bit Linux”. Ok, I thought, I know a way around this! I’ll install a 32 bit version of Linux in a VirtualBox VM, install the Citrix client in that, and use that to log into the work site.
Well, that turned out to be an adventure in itself. Mostly because I’m using Kubuntu (which is Ubuntu with KDE instead of the god-awful Unity Desktop), which is a little too resource hungry to run in a VM. So I was installing vanilla Ubuntu, Unity Desktop and all. But there was something weird about Ubuntu – I would install it and it was fine, but then it would download the required security updates, and suddenly the “VirtualBox Guest Extensions” stopped working and they refused to re-install. And what that means is that I could share any directories between the host OS and the guest, and more importantly, I couldn’t get the guest to expand to use the entirety of my beautiful 2560×1440 IPS monitor. And that’s a deal-breaker. I tried installing from scratch, and I tried using a pre-built Ubuntu image, and both times if failed after installing upgrades. But I tried a Debian pre-built image, and that worked fine, even after installing upgrades. The only drawback of Debian is that they don’t have proper Firefox, they have their weird-ass IceWeasel browser, which lags way behind the current version of Firefox. So I had to install real Firefox from a tar file, which is like a throwback to the bad old days of Slackware. But that worked fine, and the Citrix 32 bit client installed without any drama, I was able to log into Outlook and Putty on the client side, and so I’m ready for when they get the VM set up for me.