I’ve run a small business for over 10 yeas. I use linux. I’m grateful to the community and I use FOSS where possible.
I have had some issues over the years, but have always been able to get around them (except CAD in 2013), but recently I’ve had issues with my government (UK). First they introduced ‘making tax digital’ and told me for years that I would have to buy windows only software (there was no legal option on linux until a few weeks before the deadline (https://www.comsci.co.uk/100PcVatFreeBridge saved the day). The UK Government didn’t create a free solution or any route to that as they don’t want the source to be open for making tax digital so accounting software companies have made a killing!
This week my internet banking stopped allowing payments, it no longer works in firefox (I’m guessing). On the telephone they asked me ‘what search engine I was using’+ and advised to use google.
What is the best UK business bank to use if you use linux to run a small business? Do I have to use Chrom(e)ium? Does anyone else use linux for business admin? Is anyone (Freesoftware foundation, etc) thinking about the creeping legislative changes that make it literally illegal to use FOSS and linux?
I wanna be an ally, but its so tiring.
+ browser ≠ search engine. Yes, I’m pedantic, at least I didn’t confuse them by saying ‘quant’ or ‘duck duck go’, OK!?
When you say it doesn’t work in Firefox, does it not work in Firefox or does it say it doesn’t work in Firefox? In the later case and sometimes in both, I have found that just changing the user agent string to something chrome based is sufficient to get it working again.
I’m also based in the UK. I don’t run a business but have occasionally encountered problems trying to use Librewolf on the web, especially with Noscript on.
I tried to use Qubes to separate my activities into VMs but I found it difficult. So I did my own, less extreme, approach using KVM.
I created a virtual machine which only has Chrome on it. This is what I use for accessing my bank, Paypal and doing online shopping.
I have a second machine I use for Whatsapp and email and finally a third with Librewolf for general web browsing.
Each uses the same VPN service but different servers.
I only use Freetube and Retroarch on my main machine.
This is on a very beefy Thinkpad I essentially use as a desktop in my office. I use a smaller machine downstairs with VNC on it as a remote when I’m sat on my sofa.
This sounds smart
This sounds ridiculous. So much work and overhead just to usea web browser?
It’s not that much work. I created a VM which is running the same distro as the host. I removed all of the apps except for the terminal. Then I cloned it for each VM I need.
The Whatsapp/ email client VM and the Librewolf VM start with my OS so it’s like having them in separate windows. The others I only start if needs be.
It’s a lot of effort for the benefit you get, which is practically nothing. Especially considering there are even easier ways to get the same result
Such as?
Just use tabs they can’t access each other’s data. Or use a tab session manager. Or separate Firefox profiles.
I don’t trust Chrome, Zoom or Teams, but sometimes have to use them. I will keep them in a separate VM but will look into Firefox profiles.
It’s not just browsing discussed there. Re-read that again with cybersecurity in mind… online banking shouldn’t be done whilst you’re sharing a browser with tiktok (as an example)
Yep, there’s private / incognito modes, but they just drop all the local session data, they’re not any more secure.
online banking shouldn’t be done whilst you’re sharing a browser with tiktok (as an example)
Why? Be specific because unless something has gone horribly wrong sites can’t access data from other sites or tabs unless they’re cooperating. In which case they do so with session data.
And you could simply have a separate Firefox profile rather than spinning up an entire virtual machine.
Neat, Mozilla’s VPN supports setting servers on a per-container basis.
Though gotta watch for DNS leaks apparently.
XSS springs to mind.
And spinning up a VM (or container) is not that hard nowadays.
This does absolutely nothing to defend against XSS.
This is the problem with paranoia-based security. You create needless overhead thinking you’re “more secure,” but you’re not. Not in any way that really matters, at least.
So if i spin up a container to run just that browser for just that site i do nothing against XSS? Interesting.
This is what Firefox containers are for. Put the predatory sites in a container so they can’t see out of it.
They can’t “see out” of their own tab either. Websites can only access data in the browser that they create.
Sure they can, with cookies or tracking pixels for example.
What? No. Just… No. My god - the misunderstanding around cookies is ridiculous. I blame the EU - they put a ‘warning label’ on them an now eveyone thinks they’re just evil.
Firstly - Cookies are only allowed to be read/written by the site you requested from. If they could read all cookies that would be a MASSIVE security problem and the internet would be fundamentally unusable for business.
Secondly - This has nothing to do with tabs. Nothing. … Nothing.
Thirdly - There are “third party” cookies which happen when a site coordinates with a third party for things like advertising and allows them to track hits when their ads are displayed. This requires both sites to cooperate. But also see “firstly” as it won’t allow that third party access to, say, your authentication information.
Lastly - This still has nothing to do with tabs.
If you use Mettle, the phone based bank, you get FreeAgent for free. FreeAgent is a really good web based accounting package that works in Firefox. They gave a useful accompanying API and can do payroll, VAT, end of year and director self assessment. It’s great.
The UK Government didn’t create a free solution
You mean you must use their software to do taxes or what?
Back in my neck of the woods you either do them on paper (almost no one) or you submit online… They have well-defined APIs and you can use whatever you want (the IRS submission does use some java crap underneath but it’s fluid and you can save your progress in an XML file).
Although for most people it’s just a matter of logging in, checking that everything is in order, and clicking submit.
Can’t speak to the specific sites that you use but I’ve personally found firefox user agent spoofing results in almost every site that didn’t work on firefox suddenly magically working if they think you are on chrome.
I’ve found this to be the case a lot, too. I also spoof my OS because a lot of government sites will refuse to work unless it says Windows. It’s stupid, but here we are.
Librewolf does this out of the box
yes it is. I have tried messing with user agent now. Chromium works on linux, not firefox. :(
I think the key part here is that it’s a guess on your part whether using Firefox is the cause. Do you get any specific error when using the website? Or does something just “not work”, such as you click a button and it does nothing?
Also, I’ve run into stuff like this before, and my best bet has been to be flexible about using other browsers to work around issues. I would suggest testing the banking website with Chromium (or even Chrome). If it works, file a bug with Mozilla (https://support.mozilla.org/en-US/kb/file-bug-report-or-feature-request-mozilla) and just use Chromium/Chrome for only that website until the bug is fixed.
This will allow you to still do business, while still participating in open source via a helpful bug report that could end up benefitting others as well.
It works on chromium, not firefox. I guess I should be more flexible. It is likely that the bug is in the bank’s site, so I wasn’t sure about putting in a bug report. The website pauses on the ‘loading’ animated icon, when you try to navigate away, it tells you ‘Your session has expired’. It hasn’t been fixed by changing the user-agent (assuming I got it right). I don’t know if the bank would give them a dummy account for testing, but I’ll file a report anyway.
My bank blocked “firefox” at some point on debian. Then it was because the version of firefox presented it self to be too old (because debian) to the bank so they blocked me. Firefox was up to date on security pathes, but the bank did not understand that and blocked.
Slam an Edge user agent up in there.
If it works on chromium I’d consider that even if it is a quirk on the bank website, chromium is handling it cleanly and allowing you to use the site. That’s something we probably want incorporated in Firefox. I’d encourage submitting the bug report to Mozilla, and don’t assume too much about what they can/cannot do!
Do you use an ad blocker or privacy extension? I’ll just throw out there I don’t think it’s right, but I’ve had to disable adblock to get some banking site stuff to work
Governments should not require the use of proprietary software. If they try to refuse. I don’t live in the UK but in the US I think you could easily make the case.
The US has a couple of laws and executive orders that is supposed have government stuff (development and purchases) default to opensource but overal enforcement sucks on it and there it little carrot or stick
refuse.
That’s just not practically possible.
OP said they’re running a small business. It’s great that they want to fly the flag for FOSS, but they’re not in the business of promoting and advocating for FOSS. They still need to do the things they need to do.
Refusing to file your taxes on the grounds that the software provided is not open source is a great way to no longer be in business.
I think in that case they would say they accept paper.
Always use a separate Firefox profile for banking needs.
Or Firefox Containers?
Firefox Containers are for Cookies and Storage separation. Profile, on the other hand, is a COMPLETE separation in all aspects of Firefox’s user data, setup , add-ons.
try winapps
Damn, you got a lot of replies and no one said to just use paper forms.
Idk if the uk allows it still, it’d be surprising if it didn’t though.
Surprise! :D The project was called ‘making tax digital’ it was expressly to remove paper forms for VAT.
I’m grateful to the community and I use FOSS where possible.
Ok, but do you give anything back?
Tangential:
I‘m running my own IT company since recently and am transitioning to exclusively using FOSS. I still have some things I need to work around like my iOS phone. It already has a linux successor but its not finished yet. Pretty promising though. My plan is to put a fixed percentage of profits to open source projects.
What is the Linux successor?
Its a oneplus 6 with postmarketOS.
Oh I have another question. How do you deal with those elevated Java apps on the sim? If you’re privacy focused I mean.
Sorry, no idea what you mean. I use the phone the same way I use my computer. I’m sticking to stuff that would probably pop up if it were to get compromised, otherwise I dont bother.
Ah I mean when you buy for example an Intel CPU it has IME enabled. Some vendors turn this off for you, because doing it at home can brick it. For phones you have some kind of micro Java running on the sim chip and it has full system access and can be patched remotely. I haven’t looked into a real solution yet, but you can also use a solution where the sim is connected via USB. Or don’t use one. There might be other hardware vulnerabilities, but that’s one I know of.
Yeah, thats not what I‘m going for. I know about ime and that some disable it which makes sense imo. But I have to look for business opportunities so I dont focus on hackers with a freedom knack. I go for small businesses that can be swayed for healthier decisions, making them money and preserving an isle of control around them.
I‘m talking nextcloud instead of m365, open source crms and erps, on premise solutions. I am very low level compared to other IT firms but going that deep will destroy my momentum.
Sweet
This is not tangental - I am heartened, my hope is that this would become normal. Despite my moan, it isn’t that bad and I’m sure I would have had different IT headaches on windows - security comes to mind.
I still use proprietary android software on my phone, but I try not to do anything secure on my phone (this is also getting harder as banks are insisting that I convert to apps)
Thanks! I‘m currently working with a customer who uses microsoft cloud stuff and windows. Honestly, I would have been done with my work after 20 minutes if he were on linux. Instead I‘m at 8 hrs and a full blown storage solution just because his hardware is incompatible with each other die to windows/microsoft BS.
I can not stress this enough: there are lots of issues on windows which require costly support while the issues on linux usually require a search engine or a friend with some linux experience.
The downside of postmarketOS at this point is the camera functionality. We need to get that working and we‘re golden. On the oneplus 6 I‘m working, its the only major thing that doesnt work. Otherwise the phone is pretty ready.
I’ve been Linux in the desktop for years. You really don’t have any choice other than to be a little bit flexible.
More times than not it turns out to be a plugin that screws over the site. Here’s my general path:
Won’t load in Firefox? Disable privacy badger and ublock origin
Still won’t load? Try it in a private window with no extensions loaded
Still won’t load? Move over to brave.
Still won’t work? Disable Shields
Still won’t work? Straight to a vanilla copy of edge, (a vanilla copy of Vivaldi would also be reasonable)
Just last night I ran into a problem with my ADP work portal. Things worked fine for ages, All of a sudden my password wouldn’t work. I went into private mode My password now works but loading the actual page netted me a blank page
I opened it up in brave and it just worked outright.
Fuck ADP, same problem here. My company has moved away starting this month, good riddance.
I am not in the UK, but wound up biting the bullet and using QubesOS for my business machine. It’s kind of like a more straightforward to use everyday set of VMs. I have the windows qube there for running CAD/CAM and the sadly sometimes necessary Chrome install. I know this isn’t an ideal solution, but it is the best that I personally have been able to come up with without going through the headache of dual booting, especially when dealing with either govt stuff, need Chrome for crappy websites my clients sometimes force me to use, or actually needing proprietary software that I have licensed for my business (MasterCam in my case).
I think what you can do is just get a separate computer running Windows for all your business stuff and business stuff only. I’d also recommend ALWAYS using a VPN on it if legally possible.
I went a step further and am paying an accountant to handle this mess, using my favourite libre email client to contact her. I know, it’s a privileged position.
That is exactly what he doesn’t want to do and why he is using Linux.
The point of getting a separate device is similar to using a VPN - to use proprietary and invasive software without getting the personal data stored on the main devices sent to third parties. The business device still can send some data (like WiFi connection info, approximate location and microphone recordings) but the personal data should be safe. It may not be a viable option for very high threat models though since Windows can have backdoors that the government might use to inject malware into all the devices connected to the same network.
That only works if the main reason someone uses Linux is personal privacy.
Aren’t we talking about privacy and freedom as the main concerns here?
They are major concerns, but they aren’t the only reasons people would use Linux, and also not everyone who uses Linux does it for these reasons. For example, while I care about them, my most important reason for using it is utility features such as my tiling WM.
I’m not worried about privacy, it’s a business not a person. If the government want to look through my business data, they just need to arrange an audit. I like good security, but am a small target.
It’s about free as in freedom.
