Friday, December 13, 2019

A Year of OpenSUSE Tumbleweed VM based Software Development, and thoughts on Security

I have now been using OpenSuse's Rolling Release (evergreen) Tumbleweed repositories for over one year.

I would like to reflect on a few things that I have learned.  First a bit of a backgroud on my Linux user history. 

My first Linux distribution that I used seriously in any way (as anything other than a toy) was Red Hat (not Red Hat Enterprise),  Linux version 5.0, in 1997.  I made some efforts to use Linux before that point, starting with Yggdrasil Linux back in about 1995 but did not achieve much success getting anything working that I would want to use as a daily working environment.



Just as modern RedHat/Centos and similar (OpenSUSE) distributions do today, it used the RPM package format..  In these early days you would install from one or two or three or four 650 megabyte CDs, and some people, in even earlier RedHat Linux days, installed from 1.44 meg floppy disks.   Just as now, Debian also existed, and the fork in the Linux world between ".deb" package and ".rpm" package systems was already well entrenched.  Ubuntu did not exist in these early days.

An early focus in Linux in the 1990s was in trying to get your X Window desktop system to work as smoothly as Windows did, on equivalent hardware.  The early desktops from that era were mostly trying as hard as possible to emulate Windows 95 or Windows NT, then the dominant Microsoft desktop operating systems.   Configuring networks (wired only, mind you, wireless networks weren't a big thing in 1995) was often confusing and annoying.   RedHat was one of the first I used that made getting a client PC's network connection (DHCP)  and connecting to the broadband and dialup internet connectivity options of the day, reasonably easy. Back then, SuSE linux also existed. 

Tumbleweed, the subject of this post, really is the bleeding edge version of SuSE in 2019, almost 25 years after I first started using Linux, many of the same challenges from 1995 remain. They are:

1. My professional work remains centered in Windows.

2.  Linux is a bit quirky to get working and you still often need to get good at editing configuration files, even in 2019.  And you certainly need to be good at reading logs and googling error messages.

3. Video cards are a shit-show in Linux, and this is the fault of the video card makers, not Linux.

4. Professional grade Audio workstation tools remains mythical creatures, more or less, in Linux.  I'm not talking about making your audio drivers work well enough that you can watch youtube on Linux, I'm talking about professional audio interfaces, and professional audio production work in Linux.  In 1997 the problem was getting your soundblaster to work properly. In 2019, the problem is that Windows and Mac are suitable platforms for VST instruments, DAW (Cubase, Protools, Etc), and other things.

However, one huge difference for me is the presence of free, open source virtualization platforms like QEMU/KVM, and the way that this allows me to run not just one but several Windows editions on my workstation (a big dell workstation class tower machine), with 64 gigabytes of memory.

I would like to note that aside from the flaws of Linux in various vertical markets (including audio production and 3D video driver performance for products like CAD/CAM), for most regular desktop and most regular professional software development duties Linux is incredibly capable.

During this time since 1995, something else has radically changed.  Security concerns.  Windows remains in my opinion a giant target, a great big red target that all kinds of people are trying to penetrate and get past.    In my opinion, running Linux puts you far ahead of the curve. Because only a small percentage of the population of computer users runs Linux,  it's not yet worthwhile for most hackers to specifically target Linux.    Note that Spectre style exploits, that rely on the actual architectural flaws of modern superscalar CPUs are a risk and a concern on Linux at least theoretically, the thing is that since Linux kernel memory layouts are different than Windows, and there are no stable ABIs that malware authors can target, the presence of a Spectre style exploit on an AMD or Intel CPU alone, does not result, in linux, in the same level of difficulty of building an actual exploit that could, say, lurk in the background and read your banking details while you browse.  I know someone's going to say that "obscurity isn't security", but obscurity is difficulty, and it's something.

I personally am going to continue running mostly in OpenSuse Tumbleweed and running Windows in a VM.

The most important platform attribute for professional software development are performance,  stability, and security.   For those three attributes, Linux is kicking Windows to the curb for me. Windows is not something I trust to give root level control of my computer.