[TriLUG] If you had to choose: Windows vs Mac for Linux graphical VM

Sun Jan 4 09:25:57 EST 2026

Well, there is KeyCloak... but you did qualify your statement with "nice"
open source alternative, so I agree.  😉

On Sun, Jan 4, 2026 at 9:22 AM Stephen Wiley <swiley at swiley.net> wrote:

> Yup, it mostly comes down to Active Directory. That's Microsoft's last
> real product and there just isn't any nice open source alternative.
>
> -- Stephen
>
> On Sun, Jan 04, 2026 at 09:14:10AM -0500, Aaron Joyner wrote:
> > *Executive summary*:  My suggestion is to try to work somewhere without
> any
> > sensitive data, or with enough people who want to use Linux on the
> > desktop.  Otherwise it's hard to justify the risk and work to the various
> > corporate bean counters.
> >
> > *The longer asjoyner version:*
> > If it helps soften the blow of having to use Mac or Windows as the base
> OS,
> > consider the motivation for why most companies are pushing in that
> > direction.  It used to be about support cost, which you could often argue
> > against by saying you'll just accept that you can't call IT for help when
> > your workstation doesn't work.  Unfortunately, now it's mostly about
> being
> > able to install EDR software (Endpoint Detection and Response).  They
> want
> > to be able to detect and mitigate malware on the employee's computer, in
> > order to reduce the risk of compromise from the fact you're (typically)
> > allowed to browse the open internet (Google Search, Reddit, TriLUG email,
> > etc) from the same computer that you have access to corporate data, and
> > possibly customer data.  That solution is less expensive for the company
> > and less disruptive to your workflow than some of the alternatives, like
> > segmenting the computers and networks used for those tasks (think "low
> > side" and "high side" infrastructure, like traditional USGov networks for
> > classified information).
> >
> > Obviously, we all think we're sufficiently careful not to get phished or
> > otherwise do things that would lead to our workstations being
> compromised.
> > You might even be right, depending on the sensitivity of the data you're
> > working on and thus the level of adversary that might target you.
> > Realistically, at a company of more than a few hundred people, it's
> usually
> > not practical to spend the time to evaluate individual policy exceptions
> > and then implement the tooling that would enable you to have your
> corporate
> > credentials on a device that's not uniformly managed like the rest of the
> > corporate fleet.  Even if you and your productivity is worth it, do you
> > trust the corporate IT guy to make, track, and handle your exception case
> > correctly, without weakening the overall corporate security posture?
> >
> > That's the kind of calculus going into these seemingly very broad
> policies.
> >
> > Going a bit further into the details... why not just do all that on
> Linux,
> > too? Yes, if your corporate IT crew is using something like
> > Crowdstrike's Falcon for EDR, then there is a version of Falcon Sensor
> for
> > Linux.  It's not that the EDR software vendor isn't doing their part, but
> > the integration is where it typically falls down.  If you want to enforce
> > EDR you have to tie that credential acquisition, so when you log in an
> SSO
> > provider (eg. Okta) part of the authorization challenge is that you're
> on a
> > managed workstation that's up to date, using something like Okta Verify.
> > Unfortunately, that's not yet available for Linux
> > <
> https://support.okta.com/help/s/article/okta-fast-pass-on-linux-desktops?language=en_US
> >.
> > Satya continues to surprise me, and thus Microsoft Defender is available
> > for Linux so integrating with the largest SSO provider (ActiveDirectory /
> > EntraID) is actually possible for Linux Workstations.  Even in that case,
> > managing the extra glue and integration to ensure you've defined a proper
> > workstation configuration for Linux (and its wide variety of
> distributions
> > and variation) requires a certain critical mass of users who want to run
> a
> > Linux desktop, before IT can reasonably justify the overhead.
> >
> > Happy new year,
> > Aaron S. Joyner
> >
> > On Sun, Jan 4, 2026 at 8:39 AM Stephen Wiley via TriLUG <
> trilug at trilug.org>
> > wrote:
> >
> > > OSX has an X server and very nice VTE. If your company doesn't go out
> of
> > > its way to install malware like McAffe and Tanium it will probably
> > > perform better too. I would go with that.
> > >
> > > My issue in that kind of setup has always been that you have to use
> > > Outlook and Safari for all of the corporate infrastructure which means
> > > tolerating the borderline unusable non-free WM. Everything else you do
> > > works in tmux. I don't think there's really any way around that in most
> > > contemporary corporate environments. It's just one of those large scale
> > > coordination problems you run into in places like that.
> > >
> > > IMO these days they're almost paying you more to absorb stupidity like
> > > that then to produce technical solutions.
> > >
> > > -- Stephen
> > >
> > > On Sat, Jan 03, 2026 at 07:05:10PM -0500, Ed Blackman via TriLUG wrote:
> > > > My company is forcing me to give up my Linux development laptop for
> > > either a Windows 11 or Mac laptop.  I don't want to give up my Linux
> > > development environment, so I'm trying to figure out which would allow
> me
> > > to run a full screen Linux graphical desktop (presumably as a VM?) and
> > > ignore the underlying OS as much as possible.  But the last time I used
> > > Windows it was Windows 7, and I've never used a Mac, so I don't know
> what's
> > > possible currently.
> > > >
> > > > I'll need to use the underlying OS to turn my VPN on and off, and
> maybe
> > > a couple of other functions, but I'm explicitly not interested in
> switching
> > > to using WSL2 or the Mac shell environment within a mostly Windows or
> Mac
> > > environment.
> > > >
> > > > I don't do anything requiring a GPU: I run terminal vim to write
> Python
> > > and Go code and run Firefox.  If it matters, I'd strongly prefer to run
> > > Debian trixie with XFCE or LXQt.
> > > >
> > > > Please let me know if you do something similar and can tell me about
> > > Windows or Mac, especially if you have experience with both.
> > > >
> > > > --
> > > > Ed Blackman
> > > >
> > > > --
> > > > This message was sent to: Stephen Wiley <swiley at swiley.net>
> > > > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> > > that address.
> > > > TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> > > > Unsubscribe or edit options on the web        :
> > > https://www.trilug.org/mailman/options/trilug/swiley%40swiley.net
> > > > Welcome to TriLUG: https://trilug.org/welcome
> > >
> > > --
> > > This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> > > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > > address.
> > > TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> > > Unsubscribe or edit options on the web  :
> > > https://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> > > Welcome to TriLUG: https://trilug.org/welcome
>
>