Linux sucks – Binary Compatibility

Using Linux in the real world can be exceedingly frustrating if your employer allows VPN access (or you use VMware).  Every time your kernel is updated, you have to recompile the Cisco VPN modules; frequently, kernel updates consist entirely of changes that are irrelevant to any given installation.  Occasionally they don’t actually change anything (“no-change rebuild“) but for some reason Ubuntu still needs to update.

Linux isn’t like Windows either.  On Windows, if you need to update a driver, you update that driver.  On Linux, if you need to update a driver, you usually* have to update your whole kernel (unless you want to play risky games with back-porting, which isn’t realistic anyway unless you’re a developer or know one).  My point here is that you’re going to be updating your kernel more frequently than someone coming from Windows might expect, so any consequences of kernel updates are magnified.

*The exception to this is a driver for esoteric or new hardware that hasn’t become part of the kernel yet; in those situations you usually have to use a manual process to update and recompile the driver.  Of course, you also get to recompile these drivers when you update your kernel.

It gets worse – not only do you frequently have to recompile the Cisco VPN module, but sometimes it breaks entirely.  When a kernel API used by the VPN module changes, you have to hack the VPN module’s code to get it working again (usually this involves extensive googling to find a patch someone else has already written).  Sometimes you just have to wait for Cisco to release updated software that supports the new kernel release.  This is really obnoxious.  Is it Ciscos’ fault?  Sure.  Is it a problem under other operating systems?  No.  Is putting some of the blame on Linux reasonable?  Yes.

Some might suggest not using VPN (a ridiculous solution that precludes working remotely) or using different VPN software, but if the IT support staff you deal with only supports Cisco VPN, those aren’t good options.

It occurred to me that I could work around this problem by running the VPN client with in a VMware virtual machine – and use a specific kernel release inside the virtual machine.  This almost works, but unfortunately VMware has its own kernel modules which also need to be recompiled when the kernel is updated.  Just to add to the fun, if you try to launch VMware Player after updating your kernel, it fails silently!  The only way to tell what went wrong is to launch it from a text console, in which case it tells you to rerun the setup scripts (which recompile the modules for you).

The whole philosophy that everything should be GPL-licensed and included in the kernel doesn’t acknowledge the real world.  Some companies do write proprietary software, and having a real job in the real world sometimes means using that proprietary software.

(I’m not even going to get started on the glibc version incompatibility issues… maybe in a future post).

Comments are closed.