Ubuntu 12.04.1 Power Tweaks on a ThinkPad T430s

I configured power saving in two files.

/etc/rc.local

My /etc/rc.local looks like the following:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# runtime power management
for i in `find /sys/devices/*/power/control`; do echo auto > $i; done;
for i in `find /sys/bus/pci/devices/*/power/control`; do echo auto > $i; done;
# usb autosuspend
for i in `find /sys/bus/usb/devices/*/power/level`; do echo auto > $i; done;
for i in `find /sys/bus/usb/devices/*/power/autosuspend`; do echo 2 > $i; done;
exit 0

This takes care of several settings PowerTop refers to. I want these applied in all cases. Most of these are set by default, but I include these here to make certain.

/etc/pm/power.d/powertop

I created a new file /etc/pm/power.d/powertop with the following:

# Power saving tunables
 #
 # The true case will trigger when on battery, false when on AC power
case $1 in
 true)
 # nmi watchdog off
 echo 0 > /proc/sys/kernel/nmi_watchdog
 # vm writeback
 echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
 # dim screen brightness on battery
 echo 0 > /sys/bus/pci/devices/0000:00:02.0/backlight/acpi_video0/brightness
 ;;
 false)
 #nmi watchdog on
 echo 1 > /proc/sys/kernel/nmi_watchdog
 # vm writeback
 echo 500 > /proc/sys/vm/dirty_writeback_centisecs
 # brighten screen brightness on AC
 echo 10 > /sys/bus/pci/devices/0000:00:02.0/backlight/acpi_video0/brightness
 ;;
 esac
exit 0

Do a ‘chmod 755’ on the file. This will tweak some settings when on battery. It reverts to the default when on AC power.

Ubuntu 12.04.1 Unity 3D with NVIDIA Optimus on T430s

Adding on to my display issues in my earlier post, I’ve reinstalled Ubuntu 12.04.1 and 12.10 many times – somewhere between one and three dozen times.

First, I followed all of Jim’s steps from the T530.

Second, I allowed that ppa:ubuntu-x-swat/x-updates repository to update my other drivers including the xserver-xorg-intel driver. Note that ia32-libs was not installed when I installed this. On one of my previous iterations I installed ia32-libs before I did the driver stuff. Ubuntu-x-swat installed a number of additional i386 packages which may have messed up things.

Third, I followed the Bumblebee instructions.

I will need to remember to ppa-purge both repositories before upgrading to 12.04.2. I hope most of this will roll into that release.

Other Notes and Random Thoughts

From time to time lightdm, the login display manager, won’t start. I do a …

sudo service lightdm restart

… from the command line to have it restart. That works fine.

Moving icons on the side dock thing only works properly on the main display. In my case it’s the laptop’s display.

Three displays – two DisplayPort and the built-in – does not work yet.

I’ve tweaked my power settings. Here’s what my /etc/default/grub looks like:

GRUB_CMDLINE_LINUX_DEFAULT=”quiet nox2apic splash i915.i915_enable_fbc=1 i915.lvds_downclock=1 i915.semaphores=1 drm.vblankoffdelay=1″

Most of the grub settings I took from Ubuntu Wiki’s Power Saving Tweaks.

Ultimate Brew Pub Idea #7

If I ever start a brew pub, I have some ideas on how it should be done.

This is one of those ideas.

Number 7 : Any growler, our label

We will take any growler (with certain cost adjustments for over sized containers) within the law. But we will tag any outside growlers with one of our stickers.

So there.

Ubuntu on ThinkPad T430s (and W530)

About half of my team including me received refreshed laptops a few weeks ago. We made the push for Apple MacBooks again. Like the last time we have new Lenovo ThinkPads.

The team ordered Core i7 T430s ThinkPads while one team member, Jim, ordered the Core i7 W530. In retrospect I should have gone with the X230, but I’m stuck with what I got. I pulled the factory hard drive for a super fast SSD prior to powering up for the first time. I also maxed out the RAM with 16GB. My initial Windows 7 install was lackluster. Jim went straight to Ubuntu 12.04. He struggled with it a bit. Oddly it was roughly as much as I was struggling with Windows 7.

I decided to follow him down the Ubuntu 12.04 64-bit path. Here I’ll try to document what we’re doing on these two platforms. If this is useful to you and/or you have changes to submit, please comment here.

First off, a lot of things worked out of the box: wired network, wireless network, camera, sound, microphone, bluetooth, keyboard backlight, keyboard light, sleep, power management, screen brightness, driving two displays, touchpad, usb3.

UPDATED: Hibernation works. Hybrid sleep, too!

Things known not to work yet: fingerprint reader, Ricoh MMC/SD reader, 3G/4G activation (doesn’t work on Windows, either)

Not yet tested: smartcard reader, thunderbolt, 3G/4G, hibernation (I read it’s broken)

Jim and I have the advantage of our old laptops. They still work so we can experiment a bit without it impacting our ability to work.

BIOS

We did a few BIOS changes.

Under Config, Network make sure that Wake on LAN is disabled.

Under Config, Display make sure the Graphics Device is “Integrated Graphics” unless you plan on a three headed display.

Under Config, Power enable “Power On with AC Attach”

Under Security, Virtualization make sure both options are enabled.

Ubuntu Install

The installer errored when I asked it to encrypt my home folder during install.

If you have an Internet connection go ahead and have it install updates during install. You’ll still want to check for updates after you reboot to complete the install.

Work Apps: Juniper NSM

We use Network Security-Manager and NetScreen Security Manager (NSM) to manage Juniper devices. They require the ia32-libs metapackage to run. Well, they don’t need all of them but I’m not identifying each and every library manually.

After installing ia32-libs, do the following:

sudo ln -s /lib/x86_64-linux-gnu/libc-2.15.so /lib/libc.so.6
sudo ln -s /usr/lib/x86_64-linux-gnu/libXp.so.6.2.0 /usr/lib/libXp.so.6

Work Apps: IBM Lotus Notes

While installing Notes in Ubuntu is an option, I decided to install it in a Windows VM guest. You’ll need the ia32-libs if you chose to run Notes in Ubuntu.

Work Apps: Juniper SA & Network Connect

We also use the Juniper SA for remote access, so we need Network Connect. I followed the instructions here to get Juniper SA Network Connect working. I used the OpenJDK 7 JRE and icedtea 7 plugin for the browser.

UPDATE: I also installed …

sudo apt-get install zlib1g:1386

Work Apps: VMWare Workstation

We’re both evaluating VMWare Workstation for the few apps we need a real Windows instance for. Version 9 installed perfectly. Windows 7 and 8 both install just fine. Unity, the VMWare mechanism for making a guest app look like a host app, works well.

However, in Windows 8 the Windows/super key is indispensable. Ubuntu Unity wants to pop-up and overlay with keyboard shortcuts, obscuring the stuff behind it. If you have the CompizConfig Settings Manager (CCSM, not recommended by Ubuntu), select Ubuntu Unity Plugin, go to the “Experimental” tab and disable “Enable Shortcut Hints Overlay”.

UPDATE: I had to add myself to the floppy group to get at my CDROM drive. For some reason Ubuntu mounts it as /media/floppy0.

Power

I travel for work. If I carry this unfortunately heavier-than-my-last laptop I want to maximize the battery life when detached. I want strong performance when I’m powered.

In the Power settings under “On Battery Power” I suspend when inactive for 10 minutes, power off when power is critically low, and suspend when the lid is closed. When plugged in, I don’t suspend when inactive and do nothing when the lid is closed.

I install powertop, thinkfan, thinkpad-acpi-dkms, and ethtool. Note that powertop gives you the best information when you’re on battery.

From the Ubuntu Wiki:

Enable ALPM:

echo SATA_ALPM_ENABLE=true | sudo tee -a /etc/pm/config.d/sata_alpm

I installed thinkfan for improved cooling with some help from here:

echo options thinkpad_acpi fan_control=1 | sudo tee -a /etc/modprobe.d/thinkfan.conf

UPDATE: I’m now using thinkpad-acpi-dkms as thinkfan doesn’t seem to work any more. More information here.

I disabled Wake-on-LAN on my ethernet interfaces: go here and scroll down to “For Ubuntu 12.04 (and up) users …” and step 5.

UPDATE: The post is a little confusing and non-linear, so do the following:

sudo cp /usr/lib/pm-utils/power.d/disable_wol /etc/pm/power.d
vi /etc/pm/power.d/disable_wol

… and change line 14 to look like …

enable) ethtool -s "${d##*/}" wol d>/dev/null 2>&1;;

I remounted my root partition to turn off atime tracking:

sudo vi /etc/fstab

and add ‘noatime’ to make your root entry look like …

UUID=4ba02cd9-d3c4-4dd1-9a30-6535fcba5290 /               ext4    noatime,errors=remount-ro 0       1

Display

Jim’s W530

Jim dove into driving two external displays and the built-in display with an extended desktop. He did a number of steps on his W530 from here.

sudo add-apt-repository ppa:ubuntu-x-swat/x-updates
sudo apt-get update
sudo apt-get install nvidia-current
sudo gedit /etc/default/grub

… and on the line with “quiet splash” add “nox2apic” after “quiet”. Then do a …

sudo update-grub

… and then reboot.

UPDATE: Enter the BIOS. Enable “Discrete Graphics” or “NVidia Optimus”. Jim has to log in twice to his desktop, which is odd.

Paul’s T430s

I am trying to get the T430s to drive the displays without making the GRUB changes. I know from the Windows 7 experience on this laptop that you have to use DisplayPort for both of the external displays to drive all three. When I did this with my initial install, I could run three displays. However, the would all blank out then restore every 30 seconds or so.

Digging around a bit I found an article that discussed the Intel 4000 graphics chipset. The recommendation is to upgrade the kernel to the version in 12.10. I decided to go straight to 12.10. Unfortunately my work on getting some of my security tools installed made the upgrade not work as it should have. I decided to reinstall fresh and immediately upgrade to 12.10.

I noticed an immediate improvement after rebooting. The login screens for the two displays I had connected – an external and the built-in display – ran the correct (or close to) resolution for both. I made the usual post-install display adjustments to turn off mirroring and drive the external display at it’s native resolution.

Bolstered by the good look I decided to plug my second external display into the other DisplayPort. The mouse remained on the first two displays but they were blank otherwise. I switched to a terminal (Ctrl-Alt-F1) to do a ‘sudo unity –reset’ which unfortunately did nothing. The option is depreciated. However, the terminal did display on all three monitors. I rebooted, and all three displays showed the login screen. I logged in, and all three had the desktop in mirror mode.

I turned off “Mirror Displays” and they all show. When I tweak the external displays’ resolution I find I can’t quite drive them at their recommended resolution – 1680×1050 for one and 1920×1080 for the other. Even redoing the displays at a lower resolution while maintaining the aspect ratio didn’t help. I replaced the larger display with one that matches the other one.

After more experimentation I found that one of the DisplayPort to DVI cables is bad. I’ll have to test this out in the office on Monday.

UPDATE 25 Oct 12: I followed Jim’s steps above on 12.04 and it worked! For a while it worked, that is, and without the change to grub. I undocked the laptop and re-docked but the displays wouldn’t restore properly. Then they would black out. No amount of rebooting or powering off would bring it back.

UPDATE 31 OCT 12: I made changes to grub detailed here. These changes stabilized things.

Miscellaneous

Emacs

I’m an Emacs fan, especially of version 24. Follow the instructions here. Unfortunately Emacs 24 isn’t available by default.

Firefox

Of course I followed my own advice and set up my Widescreen Firefox. One note is that under Ubuntu with the default Ubuntu add-ons installed you do not need the “Hide Forward/Back Buttons When not Needed“ Stylish script.

I keep looking for a way to make the Alt Text in Firefox, where you mouse over a link in a web page and the full URL is displayed above the status bar at the bottom of the Firefox window, much lighter than it is by default. Out of the box it is black text on a dark gray background. If anyone has a solution, please share.

Other

I’m a big EverNote user. They do not have a Linux client yet, so I wanted to use NixNote. However, it required 32-bit Java. I’m trying EverPad instead.

To keep Ubuntu from popping up a window to upgrade,

gconftool-2 --set --type bool /apps/update-notifier/auto_launch false

I also use aptitude, synergy, and a bunch of other tools. I write about them from time to time.

Drafting Social Computing Guidelines

I was working on social computing guidelines. I have several examples from IBM, Intel, and others. Its interesting but not surprising that they take a company-centric approach.

Equally important is for employees not to use their company resources for personal business. Maybe it falls under a privacy policy I have yet to find, but there should be wording that protects employees when using corporate resources.

My team and I are building a remote access infrastructure that proves as useful for work as for personal time. Here’s the thinking:

If we build an infrastructure for work only it will assume employer-owned equipment. However, if we build an infrastructure for Bring-Your-Own-Device (BYOD) then we can accommodate both personal and professional on the same device. Such a binary system demands either modifying every device to allow both personal and professional or build a corporate infrastructure to accommodate both.

Why try to accommodate both?

In many corporate environments its increasingly hard to keep new technologies at bay. I like IT staying ahead of the curve, implementing technologies and configurations that account for the broadest audience.

How does that work?

If you’re company has a BYOD program or one that has personal devices, build an infrastructure that encourages connecting to the corporate infrastructure.

Pro Business:

  • Having as many devices that might connect into your network connect through that network as often as possible helps mitigate the risk of malware introduction.
  • As such, malware and antivirus and software versions can be enforced on the devices
  • It encourages users to use the security measures, making them more likely to use them in a work environment

Pro User:

  • Wherever you log in and via whatever device (within IT’s capabilities) your communications will have the benefit of enterprise-level encryption and security
  • If IT implements optimization/acceleration, making use of that over the VPN client
  • Access to work resources when needed

On-Line Banking Inadvertant Insecurity

I was in Canada for work. I needed to make an on-line payment for one of my credit cards. I found it odd that the bank’s web page, Citi Bank, showed a different landing page than I was used to. I went to another bank’s page, HSBC, and it was different, too.

I assumed the hotel I was in was compromised or I was. It wasn’t until I returned home and fired up a known good PC that I found the bank web pages were legitimate.

This is a problem the banks need to resolve. Often I find banks change their landing page or authentication methods without notice. It makes it really hard for customers to know when they have a compromised connection versus a cosmetic restyling of their site.

I think banks and financial institutions should make and keep their pages as simple as possible. They can implement methods to verify the page’s authenticity by displaying a custom user image, for example. Banks can reasonably verify users by implementing two-factor authentication

I like Google’s Authentication method for its balance of the transitory to the more permanent. Would I recommend banks implement Google’s solution? Maybe not. But I like the two-factor option for “normal” access and super complex random strings for financial tools like mint.com. If you add in custom reset questions and GeoIP restrictions, it could be effective in most cases.

What are your thoughts? How can banks in the US and other countries improve their security while making their sites more flexible?

 

Buenos Aires, EZE to ATL to DTW

[ed: if this is a repeat post, my apologies.]

The Aerolineas Argentinian lounge was really nice once I found it. They had snacks, drinks of various varieties, free wifi, and comfortable seats. I grabbed some sandwiches and a beer and camped out. The occupants were me and one other guy all the way at the other end of the lounge. It was 2 hours to boarding.

Just as I settle in a family from the US came in, louder than a flock of geese. The spread themselves out across seating for twice the number then proceeded to talk with each other. They’re obviously southerners, and not accustomed to the lounge scene. I snacked some more, but eventually I just packed up and left.

Yes, they were on my flight.

After buying some chocolate I headed to the gate. The area was crowded and poorly laid out. The boarding lanes were basically right up to rows of seats. There was a lot of staff there but no one seemed to run the show. They started letting some folks board before they made the boarding call. Then they did pre-boarding. Finally they did business class.

Flights originating overseas for the US requires yet another review of your papers and riffle through bags before you board the plane. As usual this is cursory and I few through.

Once on board it was clear the cabin crew was no better organized than the gate crew. They kept getting in each others way. They came around with coffee and tea before anyone had any cups, and it took that guy a few minutes to realize it. Different parts of the business class cabin got fed before others, or drinks before others, but in no rhyme nor reason I could fathom other than randomness.

I tried to give the cabin crew a box of chocolates but I couldn’t get and keep anyone’s attention long enough, so I gave up.

The plane itself was an old-style 767-300ER. The overhead bins were the old flat small kind. The seats were not lay flat. I don’t fit those seats very well when trying to sleep. It’s like I’m both too tall and not tall enough. Shen I shift to make my legs and knees have good support it hurts by back. When I shift down to help my back my feet hang over the end making them hurt. And forget about turning on your side. And it was warm in the cabin for the whole flight. Turning the air vent on did little to ameliorate.

I got maybe two hours of sleep on the plane.

The food and wine were great. I’ll do a write up and post pictures later.

A good illustration of the disorganized flight was as we were about to land. I don’t mean as they announced that we’d started our descent. I mean we were a few hundred feet off the ground and one of the cabin crew shouts, “Sir! You have to take your seat for landing!” The fellow dropped into his seat two beats before the wheels hit the tarmac.

I saw the flight attendants walk down the other isle twice, but no one walked down ours.

In ATL, the Global Entry/Global Traveler worked better than it ever has. There are 10 to 20 of the kiosks ready to go when you hit the immigration section. This was great because several other oversees flights arrive just before and just after our plane. I was through and waiting for the bags when our carrousel  kicked in.

My bag came off early, so I went to the transfer point, checked in for my flight, and tried to drop my bag where the woman told me to. Another staffer said, “You can’t do that here”. She said it while handing other peoples’ bags.

“You have to take it to the counter over there”, pointing to where I had just checked in.

The check-in kiosks are cordoned off in such a way that intuitively anyone would do the same thing I did. There was no direct path from the machine to the counter. And when I walked up no one was at the counter.

Anyway, I dropped my bag off and wandered in. I asked how to get to the new international terminal and was pointed up the escalators.

Terminal F looks nice. Nothing much was open at 6 AM yet, but I followed the signs up another escalator the the new Delta Sky Club.

This place is nice. There is a lot of room, a lot of light, and it is all brand new.

After I checked in I made my way to the showers. An agent was there to check me in to one of the rooms. She loaded me up with toothbrush and paste and mouthwash and a razor (much needed) and shaving creams and lotions and stuff. Shampoo and conditioner and body wash were waiting for me in the room, number 8.

As a note, number 7 apparently is the biggest one since it is made for handicapped use.

I took a shower, shaved, cleaned my teeth, and redressed. I felt so much better! I found a place to sit then grabbed some oatmeal and yogurt from the counter, some coffee from the machine, and a New York Times.

After that the lack of sleep started to catch up with me so I moved into the “Beats Lounge”, some co-branding thing that I think isn’t fully up and running yet. The chairs are big and recline somewhat with swivel work tables. I plugged in then took a 2 hour nap.

I woke to the sound of a loud southern woman talking. She sat with her friend just outside of my area. She talked on the phone, she talked to her friend, then the other friend, and her husband, and more on the phone.

Uncondescending TV

I like TV shows smartly written and well executed. When a show shows me a dead body and an actor says “He’s dead”, its condescending at best and insulting at worst.

And its a waste of time. The show content window keeps dropping. Smarter, wittier content in the constrained time will perform better.

So save us the observations of the obvious.

Widescreen Firefox

One of the reasons I still use Firefox as my primary browser is because of the reconfigurability of it. Intrigued by articles about Firefox on widescreen displays I read years ago, one from lifehacker.com and another here I implemented their recommendations. Today you’ll find some of their tips out of date but the concept remains sound. Here’s what I’ve done since then.

Wide screen usage with Firefox is superb. With it I can reduce the horizontal and vertical space taken up by tabs and menu bars. Thus I maximize the space for what I want – the content. I also make extensive use of keyboard shortcuts, so extra menus and bars aren’t needed. I also don’t want extra windows popping up or blank pages when downloading attachments.

Here’s the recipe so you can make use of it this way, too. Many of these tips work on Windows, Linux, and Mac OSX. Windows has the full widescreen experience. I’ve used variations on this for the last two or three years. I’m running Firefox 15 at the time of writing.

Widescreen Firefox Recipe

First, install the latest Firefox. I make it my primary browser everywhere except on my work laptop where “the job” requires IE.

Next, install the following add-ons:

Download Statusbar

Turn on “Mini Mode” to replace the Downloads pop-up window. I move the icon into Nav Bar toolbar at the top of the Firefox window.

Nav Bar on Titlebar

This Windows-only add-on (at the time of writing) moves the main Nav Bar to the window’s title bar. There are a few settings one can configure but I keep it to the default.

Stylish

Stylish allows for script installs, scripts that alter web pages’ appearance as well as configuration elements to change the overall appearance of the Firefox interface. The one I use for maximizing Firefox is “Hide Forward/Back Buttons When not Needed“.

One other one I like is “Google Reader Readable” as I’m a heavy Reader user. It’s not required.

Head to UserStyles.org to see a huge collection of scripts you may find useful.

Tab Mix Plus

This extension possesses configuration options about tabs, sessions, and a multitude of tweaks. Spelling them out or even attaching screen shots of every possible tab would push this post even longer than it already is.

Instead, my config is here: TMPpref. You can import it into your TMP. Adjust for your own tastes.

Tiny Menu

UPDATE: Windows has the orange Firefox button. Ubuntu Unity embeds the menu in the top menu bar. Mac OS X does something similar. In all other cases or if you disable those you want Tiny Menu. With it and some toolbar customization you can minimize the vertical space you’d otherwise waste, putting the navigation and tool bars onto one while keeping the horizontal usage in check.

Vertical Tabs

This moves the tab bar from along the top horizontally to along the side vertically. You can drag the tab bar to the left which is where I prefer it. You can also resize the width, which I do. I make it wide enough to see the tab icon.

Final config

Move icons around so the few add-ons you need and some informational icons are on the one title/nav bar. Some might be on the status bar at screen bottom.

Close the status bar when you’re done.

Result

Here’s the final look. Note I have other add-ons installed.

If you’re able to make use of this and it works for you, please leave a comment below. I’d also love to hear about other tips and tricks to maximize browser space.

Six Weeks of MacBook Air use in a Wintel Corporate World

My trusty ThinkPad X301 running Windows 7 Enterprise was dying. It wouldn’t shut down. It had a hard time starting up. It might Blue Screen of Death (BSoD) while reading email or editing documents. It might decide to not charge either of the two batteries in the case. It might forget that it has a wifi and bluetooth adaptor.

I handed it off to the appropriate internal technical support team. Unfortunately the loaner laptops were all in use. I had three options.

  1. Use my own laptop until my work laptop was fixed
  2. Demand a new laptop without knowing if my current laptop is fixable
  3. Go without a laptop until mine is fixed

Option 3 doesn’t work. I travel too much to go without a laptop. Mobile devices are a gray area, but I shudder to think about editing my budget spreadsheets in an iPad.

Option 2 is within the realm of possibility, but I don’t know what I would take to replace my X301. It doesn’t have the biggest RAM footprint or a current CPU or even competitive graphics. It does have a good display and good battery life and it is light. I’m not due for another laptop until 2013. The longer I can wait the better the hardware will be.

Option 1 is workable. There is only one problem: my laptop is an Apple MacBook Air (late 2011).

My European colleagues can use Apple products. My Asia Pacific colleagues can as well. In the Americas it is a different story. I’ve written about this before.

Nevertheless, things came to a head. I could adhere to the unwritten policy or I could keep working. I chose the latter.

So far the only folks that even care are those in my organisation that would like an Apple option and our VP. I hung a sign on my laptop while using it that told folks: “Don’t Get Your Hopes Up: This is Temporary” for the VP’s benefit. She laughed but also asked how it was working for me.

I told her it’s working well.

The thing is, it’s actually working better than I expected. Here’s why and how.

First, I have a corporate copy of Windows 7 x64 Enterprise running in a Parallels 7 Desktop session. It is on the Active Directory (AD) domain. All of my business applications, even those I could run in OS X, run in the VM. I use Coherence mode to better integrate the Windows apps. It works really well for me.

For the network I carry a USB to 100MB Ethernet adaptor. I assign it to the VM only and use guest wireless access for the MBA. If physical ethernet isn’t available I will fire up a VPN from the VM guest to get it on-line. I can use a USB wireless adaptor as well if I want.

As my team manages the VPN environment, it is a good idea for me to drink our own champagne (as it were). As the head of IT security, the separation of work from personal in a functional way is a powerful example.

I expanded my environment with an Ubuntu guest VM for some GNU and F/OSS tools not available for native Windows for work. I added some of the tools in the MBA via MacPorts just in case.

The other stuff? Being on the domain means links I open in the email client open in IE 9. I can view and edit MS Visio and Project files that can’t be opened in OS X without expensive third-party software using software licenses already assigned to me. I can be permissive and allow opening of files in either environment. I can be restrictive and allow opening files only in one environment.

From the user experience angle, after logging into the VM guest I don’t think much about it. It works really well.