Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bringing OSS Into a Closed Source Organization?

kdawson posted more than 5 years ago | from the teaching-a-stone-to-talk dept.

GNU is Not Unix 427

Piranhaa writes "At the major corporation I work for, there is currently a single person who decides what software to approve and disapprove within the organization. I've noticed that requests from users for open source Windows programs get denied, nearly instantaneously, on a regular basis. Anything from Gimp, to Firefox, even to Vim don't make the cut due to the simple fact that they are open source. Closed source programs from unknown vendors have a much better chance at approval than Firefox does. The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get. I'm a firm believer in open source code, but I also know closed source has its place. So what would be the best way for me to argue, with all the facts, to allow these people to come to their own conclusion that open source is actually good? Would presenting examples of other big companies moving to open source work, and if so what are some good examples? Or can you suggest any other good approaches?"

cancel ×

427 comments

Sorry! There are no comments related to the filter you selected.

Don't bother (5, Insightful)

nyet (19118) | more than 5 years ago | (#25429751)

Either live with your idiot bosses and stop complaining, or ditch that miserable excuse for an employer.

Re:Don't bother (4, Insightful)

dfetter (2035) | more than 5 years ago | (#25429835)

"Some men, you just cain't reach." http://www.youtube.com/watch?v=1fuDDqU6n4o [youtube.com]
Since you don't have the option of clubbing this guy, get your interview on and find a job where they're not insane. This won't be the only, or even the biggest, moronic decision these people are making.

Re:Don't bother (5, Insightful)

Kethinov (636034) | more than 5 years ago | (#25429939)

I'm inclined to agree.

The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get.

If someone important in the IT department at my company said something as grossly fucking stupid as that, then one of two things would happen. I'd either get him fired, or I'd quit and go work for a company that hires qualified people.

great advice! (5, Insightful)

lysergic.acid (845423) | more than 5 years ago | (#25429975)

so either learn to live with the problem, or just run away from it? you must be a real winner.

most socially/emotionally healthy individuals have a powerful tool at there disposable called "interpersonal communication." by honing your communication skills, you can exchange thoughts and opinions with other people, perhaps even persuading them that FOSS is a viable alternative to proprietary software. but this is generally not a tactic used by people who spend their entire lives as a powerless passive observer.

assuming you know to speak up for yourself, there are a lot of ways to introduce FOSS to a close source organization.

  1. start small. compile a list of FOSS software that you use at work to help you be more productive. personally, i use WinSCP, PuTTY, MySQL, PHP, YUI Library, etc. i would not be able to do the work required of me without these tools, at least no without paying much more for less efficient results.
  2. document all of the proprietary software your company licenses which could be replaced by FOSS equivalents providing equal or better results--this includes desktop applications and sever software. emphasize the TCO that could be saved.
  3. write a proposal. come up with some small non-vital applications that can be migrated to FOSS without disruptive business operations. for instance, set up an intranet site using FOSS software; perhaps a company wiki running on a LAMP server; or switch all IE browsers to Mozilla Firefox.

Re:great advice! (2, Insightful)

dfetter (2035) | more than 5 years ago | (#25430075)

so either learn to live with the problem, or just run away from it? you must be a real winner.

Some kinds of disagreement point to problems so fundamental in the higher-ups that it's not worth trying. Visceral rejection of free software is one of these.

Re:great advice! (1)

unlametheweak (1102159) | more than 5 years ago | (#25430217)

Addendum: As for your time consuming suggestions I would say it is a waist of time. One might as well just have a suggestion box (which is a euphemism for a garbage can). In my experience people don't get into Management because they are smart or hard working (willing to read and analyze these suggestions). A good Manager will smile and say thanks a lot before ignoring you. A bad Manager will just condescend.

Re:great advice! (5, Insightful)

unlametheweak (1102159) | more than 5 years ago | (#25430195)

most socially/emotionally healthy individuals have a powerful tool at there disposable called "interpersonal communication.

That only works if you are dealing with a socially and emotionally healthy individual that has interpersonal communication skills. I've seen very little of this in Management. In fact if management did have any type of skills in this situation they wouldn't have such unfounded biases towards open source software developers or the products they produce.

I don't get this (2, Funny)

Anonymous Coward | more than 5 years ago | (#25430203)

Sorry, I'm an outsider to the US, and I keep hearing this thing about the right to bear arms.

Isn't this the reason you own guns: to defend yourselves from utter tossers in the workplace? What's the point in all this gun ownership, if you can't kill middle-managers?

Re:I don't get this (4, Funny)

Kneo24 (688412) | more than 5 years ago | (#25430279)

The reason you don't get it is because you don't fully understand. "The right to bear arms" doesn't mean you have the right to hold a gun. It means you have the rights to wield arms of a bear. Unfortunately, they're a little cumbersome, so no one really uses them.

Re:I don't get this (5, Insightful)

jcr (53032) | more than 5 years ago | (#25430289)

Isn't this the reason you own guns: to defend yourselves from utter tossers in the workplace?

No, we own guns to prevent the government from having a monopoly on deadly force. Governments have different options available to them when the people are armed, than they do when the people are unarmed.

-jcr

Play the game or go to a higher authority (5, Informative)

Noksagt (69097) | more than 5 years ago | (#25429761)

Some people/companies just want a name to blame if something goes wrong. Rather than requesting the right to install Vim, request the ability to purchase a license for Vim. Many projects have already setup mechanisms to do this or are willing to do so.

If this doesn't work because:

A single person who decides what software to approve and disapprove within the organization.

then go to your manager and also the person or people who decide to how good of a job the "software evaluator" [single person] is doing. Point out a real business need for a particular application: "Vim has XXX feature. It is not available in any other software. If I had this feature, I'd be able to do YYY, which will [save/make] our company $[insert figure here]. Did I mention that it is written by a google employee, and that our competitor, ZZZ is probably going to use it if we don't? Here's a list of other companies that use Vim [insert fortune 100 here]. Can you please make [single person] justify why he is putting us at a competitive disadvantage?" Cost is rarely a concern. So save the fact that it is free as an additional argument that you can make if [single person] suggests some other app.

If you are passionate enough about your tools, you can always walk--some companies hire talented employees and understand that they will be more productive with their preferred tools. (If you find yourself in such a company, don't spoil it--produce results with your tools, so that the company will be rewarded for this wisdom.)

If you want to be a dick, point to comparisons of some no-name proprietary program that [single person] approved that turned out to have a security hole and that your app does not suffer this hole and try to pull other tricks to demonstrate that [single person] is incompetent.

Re:Play the game or go to a higher authority (3, Insightful)

Swift Kick (240510) | more than 5 years ago | (#25429869)

You know, sometimes these guys are above 'your manager'. Way above.

From what the OP says, it sounds like the person he's referring to is something like a Chief Compliance Officer [wikipedia.org] at his company. If that's the case, tough luck.

There is a possibility that the reason why open-source software is not approved for use is because it doesn't meet the compliance standards that were put in place, whether because of simpler and easier application support, patching, or just plain liability.

Open-source software often times as very poor support options. Forums and IRC are not substitutes to a dedicated phone support line that's manned 24/7.

User all the open-source software you want on your free time, OP. During work hours, play by their rules or find another job.

Re:Play the game or go to a higher authority (2, Informative)

Noksagt (69097) | more than 5 years ago | (#25429919)

We can speculate about his company's org chart forever. I did state that the poster should go to the boss of whoever is giving him grief. I disagree with your reading of the situation; I take the claim "programs from unknown vendors have a much better chance at approval" at face value. There might be some chance that an unheard of company is making "compliant" software, but I doubt it. Given that there is some mechanism in place to get some software approved, this doesn't really smell like a CCO to me (and if a CCO is making these decisions in a company that is large enough where the poster could not go above him, then he is micromanaging).

Open-source software often times as very poor support options.

It is relatively easy to find commercial support for any major open source packages. Red Hat provides support for cygwin (and that includes vim), for example. If there are no-name companies getting approved, I can guarantee that either the maintainers of the project or a third party will be willing to write a support contract.

Re:24/7 support (1, Insightful)

zmollusc (763634) | more than 5 years ago | (#25429991)

Honest question here, does the 24/7 support ever solve problems? The only time i ever bothered to complain about a faulty product ( a television set that was under guarantee ) all that happened was i got dicked around for 18 months while it got taken away, brought back, failed again, taken away etc. I assume the job of 'support' is to occupy the customer until they get bored of complaining/die/find a work-around/buy a different product.

Re:Play the game or go to a higher authority (5, Informative)

tr_x_data (686765) | more than 5 years ago | (#25429999)

Open-source software often times as very poor support options. Forums and IRC are not substitutes to a dedicated phone support line that's manned 24/7.

That is simply wrong. A wide used and successfull OSS Software (CMake, Subversion, Apache, Vim, Eclipse) to name just a few of those we use in our Company (a very Big Company with more than 700K Employees) have excellent support. It comes in forms of Forums, thousand of Google hit's on every problem and of course IRC and Mailinglists.
As main user or tool responsible person of some of those applications, I never encountered a Problem that I couldn't find quality problem solving information for.
CSS support via closed ticket systems that aren't even indexed by search engines simply can't provide a similar support in my eyes.

Open Source Software comes along with "open problem solving" and that is a big advantage over their closed source counter parts.

Re:Play the game or go to a higher authority (5, Insightful)

Bert64 (520050) | more than 5 years ago | (#25430143)

The problem is that large companies are packed full of people with little or no problem solving skills...
They either don't want to, or are incapable of trying to solve problems themselves, and would rather pay extra for someone else to do it...
Yes, they're basically not doing their jobs, and yet these blatantly incompetent people end up being paid a lot of money.

On the other hand, those people who are smart enough to solve problems (and it really isn't that hard) can set up support consultancies and employ people to do what you're doing on behalf of other companies.

I've seen countless situations where relatively simple problems were unable to be solved internally, and the people who's responsibility it was to fix them just wanted to hand them off to a third party as quickly as possible, and simply didn't have the skill to diagnose what was wrong.
The issue took a few seconds to diagnose, and a few seconds to fix once someone with the right mindset started looking at it.

Re:Play the game or go to a higher authority (5, Interesting)

mlts (1038732) | more than 5 years ago | (#25430011)

If a company has a chief compliance officer, they are likely bound under some corporate regulation like Sarbanes-Oxley, HIPAA, or something else. To keep the officers from going to prison, one of the things they need to do is "due diligence".

This is making sure that every product in a chain is certified by a vendor in some way. For example, operating systems must be FIPS and Common Criteria certified, encryption products must be listed in the US Governments certified AES libraries, and so on.

Yes, some open source products make this list. SUSE and RedHat Enterprise Linux both have the certificates. However, not many open source solutions do, which is why businesses just go with a Microsoft stack for their applications.

For example, if a business is running a MS stack, and there is a serious data breach, said business can show their policies in place, show that they have done due diligence by using commercial software everywhere, with certified configurations, they will not have to worry about civil stuff like stockholder lawsuits, or criminal stuff like the SEC coming in with audit papers and handcuffs.

Unfortunately, should a similar breach happen with a company that has an open source stack, and can't really prove due diligence by showing that every piece of their IT puzzle was certified by someone (usually a US government agency)... well, they are facing a world of civil and criminal liability.

To be honest, the chance of getting open source software into an environment that has to be so heavily audited and regulated is almost zero. Commercial, closed source software dost cost, but part of the cost is insurance and the ability to blame someone else other than the company or its officers and staff should something bad happen.

Another legal issue of why businesses choose closed source solutions is patent indemnification. If a software company doesn't have this protection for its customers, should a patent violation occur with the software, not just the software company, but all its customers can wind up being sued for obnoxious amounts of money, and possibly shut down. Again, RedHat is one of the companies that offers this protection for an open source product, but few others do.

None of this is related in any way to the quality of programming of open source software. Its all security theater, but its what keeps a company in business and its officers out of prison with the regulations in the US.

Re:Play the game or go to a higher authority (4, Interesting)

AndGodSed (968378) | more than 5 years ago | (#25430017)

In my case it is the owner of the company where I work.

While I cannot speak for the personality of the OP's boss - mine is at least a very decent person.

So I walk into work and inherit an old Dell Latitude D600 running WinXP.

A month into the job I trash it and install Linux. I am now the only person in our company using Linux/OSS for everything I need to do.

I inherited a desktop PC that still runs XP - our control software is written in MS Access so I could not run that on Linux.

One day my boss remarked in a meeting that "You know you need to be able to run Windows dependent software on your laptop" which is his roundabout way laying down a kind of challenge to me.

So I set up our proxy server to allow me to SSH in and rdesktop to my desktop when I am on standby. The other tech's needed to make an offline backup of the control DB and then merge it with the "live" DB.

A week later in another meeting he reminded me to merge the database. "No need, I run the DB live"

So two months ago I was offered part ownership of the company and promoted to tech manager in the interim.

Sometime you need to play on the ragged edge for a bit in order to get your point accross.

I still run Linux on my laptop, and my whole tech team goes for weekly training on Linux with our sister company who is a Linux solutions provider.

Re:Play the game or go to a higher authority (1)

Bert64 (520050) | more than 5 years ago | (#25430117)

Most open source products have 24/7 support available if you're willing to pay for it... If you don't want it, you pay nothing and still get to use the app.
Similarly, most closed source products come with little or no support by default, and you then have to pay even more to get a decent level of support.

But more importantly, closed source typically gives you one choice for support - the original vendor, third parties don't have sufficient access to the app to provide a proper level of support. Open source apps often have multiple vendors who can provide support, so you get choice and competition which improves quality and drives down prices.

Re:Play the game or go to a higher authority (1)

dwater (72834) | more than 5 years ago | (#25429903)

> Cost is rarely a concern. So save the fact that it is free as an additional argument that you can make if [single person] suggests some other app.

Was (fiscal) cost mentioned at all here? Sure, all the open source products mentioned also are cost free, but Open Source != Cost Free.

Also, Open Source doesn't mean anyone can 'just change the code'. You can *fork* the code and change that, but I don't see how you can change the code in, for example, Red Hat Enterprise Linux, to name but one, even though it is Open Source.

I wonder if the submitter actually tried asking for some Open Source s/w that is *not* cost free.

...or do I have this all wrong?

Convince or Quit (1)

BhaKi (1316335) | more than 5 years ago | (#25429765)

I would have resigned if I were you.

Open Source means there's LESS chance of malware (3, Insightful)

QJimbo (779370) | more than 5 years ago | (#25429767)

The fact is that because open source is open, if someone tries to put some hostile code inside it, it will be seen and stopped there and then. With closed source, if hostile code gets put in, you're relying on a much smaller bunch of people to spot it, and there is always the possibility they will all collude together to put something in.

With open source, you can evaluate it.

People use the same argument against wikipedia, "anyone can edit it, therefore it cannot be trusted", but the same counter argument can be applied to that as well.

Re:Open Source means there's LESS chance of malwar (1)

timmarhy (659436) | more than 5 years ago | (#25429779)

"With open source, you can evaluate it."

i question the wisdom of this. how many companies have the time to waste doing this vs going to a vendor and shelling out for an "assured" solution? it'd cost less in man hours to simply purchase windows than audit an entire linux distro for malware.

i think the "but you can read the code" retort is easily answered with "but who's going to pay to read it?"

Re:Open Source means there's LESS chance of malwar (5, Insightful)

setagllib (753300) | more than 5 years ago | (#25429813)

Purchasing Windows doesn't give you an "assured" version either. The industry has learned that hard lesson over and over. You're much better off just licensing an open distribution like Red Hat, because you get the corporate support side as well as the community audit side.

The fact is that even if you don't have time to read the source, other people do, and a complete distribution has the unique level of multi-party quality assurance money can't buy.

Microsoft is probably the worst possible example anyway. They regularly put in their own malware. There's no audit required to know that WGA is pure and simple malware. It's absolutely moronic to name them as an example of an "assured" solution vendor.

Re:Open Source means there's LESS chance of malwar (-1, Troll)

timmarhy (659436) | more than 5 years ago | (#25430293)

wow talk about a swing and a miss. WGA is not malware, it's totally retarded to even suggest it. And give me one example of a copy of windows from a ms genuine partner that contained real malware (not just the annoying stuff from hp etc)

i can think of 2 - 3 examples of OSS repositories being infected with virus code in the last couple of years, most notably debian.

the only valid point you make is paying for red hat. it's a great product, but it's hellishly more expensive than windows.

Re:Open Source means there's LESS chance of malwar (3, Insightful)

smilindog2000 (907665) | more than 5 years ago | (#25430295)

My sister-in-law worked for a huge company, one very similar to Dilbert's employer. She was at least partly, if not fully, in charge of the decision to reject all open-source software. I had a long debate with her on this topic, but she's completely unwilling to move. She firmly believes software is worth no more than what you pay for it, and those promoting free software are dangerous socialists, anti-free-market crusaders trying to tear down America.

I've also tried to convince her over the years that George Bush is a poor president, who has in fact made some mistakes. While she's a super-bright energetic well educated woman, my sister-in-law is incapable of thinking any republican president has ever done any wrong.

I think people like my sister-in-law are firmly planted in important corporate positions throughout our country, insuring that Dilbert-Land will continue unimpeded. To them, free-as-in-speech is a silly concept for children. You give it lip-service, but never put any money there! What counts is free-as-in-market. These free-as-in-speech programmers are just more Vietnam protesting nit-wits who will ruin the country.

Re:Open Source means there's LESS chance of malwar (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25429839)

And your assured solution could be, say, have a glaring security issue.

Fortunately, software companies aren't asses that sue people for disclosing things, want all bug reports public so companies can take precautions against problems, and definitely will fix bugs in a timely manner,

If the company goes under or is largely unresponsive, we'll simply use a different software. Any data that we may have used, we'll just convert away from them. This will be a walk in the park too, since we'll definitely have an option to export to many other programs (to avoid vendor lockin, of course), or we'll simply read the proprietary data file format ourselves using a script to convert the data!

There are so many examples of such honourable companies, like... uhm...

err... :D

Open Source means there's NO chance of malware (0)

Anonymous Coward | more than 5 years ago | (#25429927)

>i question the wisdom of this. how many companies have the time to waste doing this vs going to a vendor and shelling out for an "assured" solution? it'd cost less in man hours to simply purchase windows than audit an entire linux distro for malware.

>i think the "but you can read the code" retort is easily answered with "but who's going to pay to read it?"

I'd question your sanity. The argument is not "but you can read the code" ... the argument for open source is this: "but everyone can read the code".

"Everyone can read the code" is a far different argument to "I can read the code" or "you can read the code" or "our company can read the code". The position that open source takes is in fact "everyone can read the code". Everyone and anyone who wants to.

"but who's going to pay to read it?" you ask? There are an estimated 1.5million open source developers right now. So at least 1.5 million people already do read it. I suggest then that the answer to your question is "whoever pays those 1.5+ million million people".

Finally, since 1.5+ million developers already read the code, and they use that selfsame code themselves (this is the killer point, BTW), it is already audited for malware. Those developers simply aren't going to use code if they see malware in it. Who would be stupid enough to submit malware into an open source project in plain sight, with 1.5+ million developers looking at what you are trying to do to them?

That job of "audit an entire linux distro for malware" ... it is already done for you. It is an automatic part of the service.

Re:Open Source means there's NO chance of malware (0)

Anonymous Coward | more than 5 years ago | (#25430231)

Yeah and those 1.5 million people are enough to catch bugs like the OpenSSL bug in Debian withing days... or years... Yeah it really breathtaking how quick bad code gets reviewed by those million developers.

But what to do if you are really affected by the OpenSSL bug? What if you installed Debian and some hacker used this weakness to harm your company? Then you are just fucked. Most open source software comes without warrenty, and this is the main issue here.

Re:Open Source means there's NO chance of malware (0)

Anonymous Coward | more than 5 years ago | (#25430287)

> Yeah and those 1.5 million people are enough to catch bugs like the OpenSSL bug in Debian withing days... or years... Yeah it really breathtaking how quick bad code gets reviewed by those million developers.

Mis-perception on your part. The OpenSSL bug was introduced as a regression by a well-meaning Debian maintainer who tried to "clean up" the code by initialising some variables that were un-initialised.

The fact that it was a debian-only bug shows this ... SSL was not adversely affected in any other distribution.

The fact that it was a regression meant that existed in Debian only as long as the time between the ill-advised "cleanup" and the next time that SSL was updated by another party. Discrepancy was noted in the Debian initialisation compared to everywhere else. Fixed straight away, as soon as it was spotted.

It didn't exist in the code base for years.

It didn't have any observable effect ... all that it meant was that the Debian SSL layer was not as secure as it should have been.

The fact that even though it had no observable effect, and at no point was the Debian SSL layer actually compromised by anybody ... yet still the bug was spotted and promptly fixed ... just goes to show that the open source code is actively audited by many eyes, and the open source system is effective.

forget it (0, Flamebait)

timmarhy (659436) | more than 5 years ago | (#25429771)

don't stick your neck out like that OSS people won't thank you and ALL mistakes in any software you somehow get approved will be your own personal fault. it sounds like your too low in the food chain to be steering the direction of the company

Find out who this person is and why they deny stuf (4, Insightful)

Antique Geekmeister (740220) | more than 5 years ago | (#25429773)

Seriously, you need to find the person and find out what their concern is. Is it a maintenance cost? A desire to avoid mixing and merging tools in-house? Are they concerned about who will be responsible, or liable, for problems with open source tools?

If their concerns aren't justified, and they can't be negotiated with, then they may need to be fired, or you may need to leave in order to get the tools you need. But their concerns are sometimes well founded: I've seen people who need a 99.999% uptime who were absolutely terrified of open source tools, had implemented closed source and very robust tools, but didn't realize that it absolutely prevented new development. That was OK, their requirements were very stable indeed. But it meant that they could not support projects from other parts of the company.

Follow the Money (4, Interesting)

mdm42 (244204) | more than 5 years ago | (#25429811)

Sounds like this person has a deeply vested interest. I would guess that the real problem with open-source software is that it's free (as in "beer"!) so no chance to cash-in by playing favourites.

Find out where the kickbacks are coming from and blow the whistle.

Re:Follow the Money (1)

Antique Geekmeister (740220) | more than 5 years ago | (#25429847)

It doesn't take kickbacks. Simply avoiding blame for a new tool failing and being held responsible for approving it can cause someone to be very, very cautious about approving new and unfamiliar tools. Take the example of Firefox: will the website servers be forced away from their favorite Microsoft authoring tools because they violate the HTML and Javascript specs, and Firefox correctly refuses to render the resulting broken debris? Then that's a hidden cost of supporting Firefox.

Re:Follow the Money (3, Insightful)

Alain Williams (2972) | more than 5 years ago | (#25430301)

The other money aspect is look at how big a budget I control. Using OSS would reduce that, something that he might not like for a variety of reasons:
  • It reduces his status within the organisation
  • maybe he wants to impress the wife/golf_buddies
  • maybe he is looking to a better paying job within/without the organisation; you tend to be better paid if you control larger budgets

Ditch them (0)

Anonymous Coward | more than 5 years ago | (#25429775)

Ditch the fuckers. That's what I did.

Look at it this way: if the management are stupid enough to believe that any old code can be included in an Open Source project, then the company is going down the shitter anyway.

Also make sure you tell HR, in your exit interview, what a bunch of useless cunts the management are. Am venting here, obviously when I was in your place I was far more tactful, informative and business-orientated.

Leaveve it alone (1)

pembo13 (770295) | more than 5 years ago | (#25429777)

It likely isn't worth the effort. I really like FOSS myself, but one needs to have some perspective. This isn't getting food to the hungry, or getting some medicine to the poor. If upper management has an irrational hatred of OSS, so be it. Live with it, or resign. Based on what you're saying, the person doesn't seem open to reason -- and there is no point of using open source for non rational reasons.

Re:Leaveve it alone (5, Insightful)

turgid (580780) | more than 5 years ago | (#25430109)

I used to work for BNFL (now the Nuclear Decommissioning Authority) and this was exactly their attitude. I tried very hard to explain things and not over-step my authority or sound like I was trying to undermine my superiors but the reply was always patronising, "We'd rather pay for a software license and have support when things go wrong." Note I'm not talking about nuclear safety-related software, merely office and programming tools.

After a few years, I got sick of the stifling environment and lack of direction and left for a better paid job.

I went to work for a big US computer company. Things were totally different there.

After another few years, the office close and I had to get a new job with a smallish British company. They were very open-source friendly although the Director of Software really admired Microsoft. There really was trouble there since as the skill base left due to fascist management, and the Director of Software tightened his grip, things went the other way. I quietly, discretely and politely offered to save the company £1000 that they were going to spend on some backup software for servers that essentially just did a dd of the root disk. I got a flame back telling me to keep my pathetic little minion mouth shut and I resigned like the 16 others before me. Two more resigned during my month's notice.

I'm much happier at my new place. It's a big company again with lots of rules and process, but their hearts are in the right place - the right tool for the job - and they appreciate ideas from their technical staff.

The moral of the story is be prepared to move on if the company doesn't suit you. It may take many months to find something new, but it's worth it. Work is a substantial part of your life. That time is too valuable to waste on something that makes you miserable.

You've Already Lost (5, Insightful)

TheWanderingHermit (513872) | more than 5 years ago | (#25429785)

I'm sorry for posting as an AC, but the /. login doesn't seem to be working (no matter what I type in to the captcha, it doesn't let me verify my password!).

This guy is God as far as software at this company goes. He can do what he wants and unless there's a major catastrophe, his supervisors will let him continue to do so. If what you say is accurate, then he's made up his mind and there is no reason to change it at all.

You ask for "the best way for [you] to argue..." That's it right there. As long as you argue, you lose. He doesn't want to argue, he wants to be right and that, by definition, is what he is for anything he says at this company. He doesn't want to hear from you, doesn't care, and in any argument, if he so much as listens, he is indulging you.

True, he's an idiot, but that doesn't matter. He has no reason to change so he won't.

If you want him to change, remember he's like electricity: He takes the path of least resistance. For him to change or even look into change, then that path has to be made easier than him not even bothering to look.

When you can make it easier for him to look at FOSS than it is to ignore it, he'll start looking, but not until then -- and likely not even then if he has a grudge against it and doesn't want to admit it.

Get the roadblock out of the way (4, Funny)

somanyrobots (1334451) | more than 5 years ago | (#25429787)

with a hooker and a camera!

Find another job (2, Insightful)

pmontra (738736) | more than 5 years ago | (#25429795)

It sounds like a bad environment for a programmer. I'd leave them with their closed source programs and look for a job in a better company.

Get support agreements in place (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25429799)

I've worked in several large corporations, and was faced with similar challenges.

Often times, open source software is not viewed as a serious option because (depending on what software you're looking at) there isn't a singular reliable source of support, and due to legal reasons, a large corporation just cannot afford to take a 'gamble' with open source. You need to pick your battles and pick them well.

I'm not implying that open-source software is better or worse than commercial software, but the dedicated support definitely is lacking in the open source world.
The last thing a pointy-haired boss wants to hear is that you're waiting for someone to reply to your post on the forums, or that you're getting on IRC to find out if someone ran across the same problem and what the solution was.

For example, ZenOSS is a great monitoring tool, but the documentation is complete garbage, filled with errors, omissions, and even broken sentences. Mind you, this also includes their Enterprise version, and their support is also lousy. You'll be lucky if you get a response within 24 hours from when you submit a trouble ticket as a Enterprise customer.

Redhat, on the other hand, is much more responsive. You'll get a reply or at least an acknowledgment that they got your email within 20 minutes, which at least is enough to give management the 'warm fuzzies'. They're really just another Linux vendor, but they have a support line, and they have the fancy brochures and certifications, and that adds legitimacy. It tells the business world that they mean business, and are not just some long-haired smelly CS grads with a pet project.

Re:Get support agreements in place (1)

Bert64 (520050) | more than 5 years ago | (#25430189)

The idea of a singular source of support is pretty offputting to me...
A single source of support is a monopoly, they can provide half assed support at premium prices and you have no choice but to suck it up.
ZenOSS is a good example here, does anyone else provide support for it? Do you think their enterprise support would improve if someone did?
RedHat is also a good example, many other companies provide a supported Linux distribution, if RedHat provided lousy support they would lose customers very quickly.

compiling binaries for the CSS paranoids (1)

Denihil (1208200) | more than 5 years ago | (#25429819)

if you want to be a real stickler about security with OSS software, why not compile the binaries yourself? Bam, no reason for OSS

Other concerns: OSS creep into commercial code (5, Interesting)

bboxman (1342573) | more than 5 years ago | (#25429841)

While I was working for a former employer, we were engaged in negotiations with a very large company that would act as a distributor (to a certain market) of our products. Said unnamed company in the distribution contract wanted us to sign off that "no open source software products were used in the development process, and that no OSS was present in the product".

Why?

Frankly, I understand the concern. If you are a development shop, then if OSS creeps into your product (due to a careless (and thoughtless) developer copy-pasting code, for instance) then the legal ramifications may be grave. Potentially, depending on the license, you are required to disclose the entire source of your product, and provide a usage/distribution license to whomever receives that code -- basically, a single minute action can sign off your rights to your software. your distributors have also violated copyright, and are in similiar hot water (e.g. their efforts in promoting your product are now potentially worthless).

The result? Some companies are so afraid of this "poison pill", that they simply don't let any OSS in their gates. Does this promote OSS? Maybe. IIRC, I recall that some friends working for the dark side (M$) report that no OSS is allowed there (or in some parts thereof).

I use OSS extensively. The former company I worked for had a whole heap of OSS in its development process (but not in the developed chip/product). Actuallly, considering that a non-OSS company (Altera) used OSS in its supplied development chain (gcc, for instance) that we were using, there really was no conceivable way that the company I worked for could've signed off on the "no OSS" bit of the contract.

Addendum: OSS hunts in commercial products (2, Insightful)

bboxman (1342573) | more than 5 years ago | (#25429877)

As a small addendum, remember those fellows that found OSS in the infamous sony rootkit (by various strings present, IIRC). A week or two later the same guys (or someone else) found OSS in some other commercial software product. IIRC, there was some legal action (from FSF?) following this.

It used to be, that if you screwed up and placed OSS in your product that the chances of being caught in the act of theft were fairly low. Currently, the chances of being caught (even if your act was inadvertent) are significantly higher.

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25429951)

There are plenty of open source license that would not change the distribution model of proprietary code substantially (e.g. MIT, BSD, Apache, often LGPL).

There are also plenty of proprietary modules that could be linked against and/or accidentally redistributed, bringing far greater liability than borrowing code from a tiny GPLed project that lacks the resources to stand up for their license rights.

Re:Other concerns: OSS creep into commercial code (1)

bboxman (1342573) | more than 5 years ago | (#25430079)

Two problems:
1) Your legal people need to be able to distinguish between all these various licenses. However, less informed people tend to lump all of these together (and assume a GPL like behavior). Someone might even be informed, but not want to deal with the various ramifications of various licenses -- if this is not the core of the development project.
2) You're still in hot water if someone copy-pastes code into your product, without telling anyone about it (something that a less legally minded developer might do without second thought). This is really what scares organizations. You've spent years and years developing this product, and whoops, someone figures out that you're violating GPL or some other license.

Wouldn't it be wonderful if someone would find GPLed code in Windows? Full source disclosure, and the right to copy without cost. Pretty nice (and legal wrangling for years). This is a serious threat to a company like M$. So they button down the hatches and try to not let anything what so ever inside the organization if it is remotely OSS.

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25430215)

> Wouldn't it be wonderful if someone would find GPLed code in Windows? Full source disclosure, and the right to copy without cost.

That's just complete bullsh*t. Really, try to understand how things work. Exactly the same things happen as if they had copied the code
from some commercial app - they may end up paying damages. The GPL just means they _had_ an _additional_ option, namely to publish the code.
With GPL v2 they actually do _not_ have that option anymore _after_ infringing, they _must_ negotiate for reinstantiation if they
want to use the code that way.
One "disadvantage" is that Open Source projects are more likely to go the "make a public relations disaster" instead of suing for damages,
look here for how "horrible" the results usually are: http://ffmpeg.org/shame.html [ffmpeg.org] (and those certainly can't be "accidential").
Btw, the Windows code is "available" as well, so someone might copy-and-paste that, too. Not to mention
all the code in various forums.

Re:Other concerns: OSS creep into commercial code (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25429957)

And this kind of viral infiltration has been the intention of Richard Stallman and the OSS leadership all along. The intention is to increase the hurdle cost so that developing commercial, proprietary software up to the standard of OSS code will be prohibitively expensive, because development must be done from the bottom up, while OSS is based on marginal improvement, making it impossible to compete and killing off the proprietary software business. Once the complexity of OSS is at a certain level the only development in the area of that software will be the marginal improvement of hobbyists, again because the hurdle cost is too high to enter.

It's no coincidence that Gandhi's saying, "First they ignore you, then they laugh at you, then they fight you, then you win" has such a high profile in the OSS environment. The strategy is designed 100% in line with it.

If the OSS advocates were really acting in the public interest, they would permit resale of open source code. This would not damage OSS, but would increase the variety and quality of software on offer, either free or not free. Instead they have progressively taken the licence in the opposite direction. Embrace, extend, extinguish indeed.

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25430001)

they would permit resale of open source code.

Even code that uses the strongly copylefted GPL is able to be resold--the only requirement is that all licensing terms are followed. (and there are, of course, non-copyleft licenses that have fewer such requirements.)

Re:Other concerns: OSS creep into commercial code (2, Insightful)

loonycyborg (1262242) | more than 5 years ago | (#25430031)

If the OSS advocates were really acting in the public interest, they would permit resale of open source code. This would not damage OSS, but would increase the variety and quality of software on offer, either free or not free. Instead they have progressively taken the licence in the opposite direction. Embrace, extend, extinguish indeed.

IMO killing proprietary software is a Good Thing so they're acting in public interest. Nothing prevents current proprietary software businesses from embracing FLOSS model and sell support instead.

Re:Other concerns: OSS creep into commercial code (1)

Bert64 (520050) | more than 5 years ago | (#25430257)

Yes, killing proprietary software would be good...

Proprietary vendors have time and again proven they cannot be trusted, getting their customers locked in to proprietary formats so they can't leave rather than competing with a better product.

We'd gain the ability to modify code, switch to other providers at will, choose who we want to provide support or even choose not to have paid support if we have the skills and save the money.

OEMs would gain the ability to customise the software as much as they wanted to for their hardware.

And development would progress faster, as anyone could reuse existing code and make incremental improvements rather than having to reinvent the wheel constantly, and people wouldn't be wasting their time trying to reverse engineer proprietary formats.

It would be better for pretty much everyone,with the exception of the fat cats at purely software companies.

Resale of Open Source (and GPL) code is permitted (1)

Rix (54095) | more than 5 years ago | (#25430205)

There's absolutely nothing in any OS license I'm aware of that restricts resale of code.

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25429987)

>Said unnamed company in the distribution contract wanted us to sign off that "no open source software products were used in the development process, and that no OSS was present in the product".

On the other hand, I have worked on projects where the customer pays for the development, and wants all of the source code delivered at the end of the project (so that the system can be maintained).

In such a situation, you use as much open source as possible. The customer gets the open-source from you just as you got it yourself in the first place.

It is no harm to you (since you didn't write the open-source code anyway, and your customer could have obtained it from the same place you got it from).

That part of the project which is unique to the project ... you are required to deliver the source code for that to the customer anyway, since that is what the customer paid for.

So by using as much open source as possible, the customer pays less (only pays for the original part that you write), the project takes far less time, and the whole thing is far better tested since a good part of it is tested by the open source community for you.

Re:Other concerns: OSS creep into commercial code (1)

bboxman (1342573) | more than 5 years ago | (#25430097)

Very different situation -- but you're really acting as an outsourced software house in such a case, you don't own the product, the customer does. The customer still might have issues with OSS if he plans to sell the product onwards -- but this typically isn't a concern, as such customers often commision one-off projects (i.e. DMV database for some state or something like that).

Plenty of companies own their product. The company I used to work for wasn't even a software company (though we had plenty of software) -- we sold a device. Some of the software/algorithm was very much a trade secret -- something we wouldn't want to hand over to customers (he might hand this over to the competition).

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25430187)

>Very different situation -- but you're really acting as an outsourced software house in such a case, you don't own the product, the customer does. The customer still might have issues with OSS if he plans to sell the product onwards -- but this typically isn't a concern, as such customers often commision one-off projects (i.e. DMV database for some state or something like that).

>Plenty of companies own their product. The company I used to work for wasn't even a software company (though we had plenty of software) -- we sold a device. Some of the software/algorithm was very much a trade secret -- something we wouldn't want to hand over to customers (he might hand this over to the competition).

It all depends on the product, doesn't it? If the code is for an embedded controller as part of an car, why would the author need to own the code? If the car manufacturer pays for the developer's time, in what way would the developer have any legitimate claim to own the code anyway? Finally, if the developer uses unmodified open source code for part of the project (say an embedded Linux real time kernel) where the source code is publicly available anyway, then the actual embedded application can still be closed source.

In this scenario, the car manufacturer is on-selling the code ... and so publishes the source code for the Linux kernel as used in the car. How does that requirement in any way harm either the car manufacturer or the developer of the embedded application itself?

There is no problem with on-selling code as long as you publish the open source code you used in the product. Since the code was already public, how are you harmed by that requirement?

Re:Other concerns: OSS creep into commercial code (0)

Anonymous Coward | more than 5 years ago | (#25430219)

Potentially, depending on the license, you are required to disclose the entire source of your product, and provide a usage/distribution license to whomever receives that code

Posting AC as I've already moderated...

The usual IANAL applies, but AFAIK, you are incorrect. It's your product, you can't be required to disclose it, and no legal decision can require you to do so.

HOWEVER, you CAN be required to stop distribution if the code infringes someone else's rights and you cannot come to a negotiated deal. Of course, you may also be required to pay a penalty for past distribution without the right to do so as well. But, if you are prepared to rewrite (and verify as necessary) the code in question so it doesn't infringe, your down-time will be only the time required to do so. The moment the code no longer infringes you may start distribution once again (well, subject to any order by a court of law, but that can and will be lifted if it's demonstrated you're no longer infringing).

Of course, rewriting (and reverifying) the code may not be easy or considered practical, and if it's a money-maker, there's certainly a reluctance to stop shipping, making the most practical solution in many cases a negotiated settlement, and if the owner of the infringed code won't negotiate anything other than disclosure at anything close to a "reasonable" price, well, that's the barrel you chose to be bent over when you shipped his code. However, you still have that choice if the code is yours, impractical tho the other choices may be. If you are willing to stop shipping the code, that ceases the violation, and you don't have to ship the sources. The accepted settlement or fine for past infringement may then be higher, pretty hard to take if you are killing the product, but it's a choice that remains yours to make.

slash.duncan

Re:Other concerns: OSS creep into commercial code (3, Informative)

Richard W.M. Jones (591125) | more than 5 years ago | (#25430237)

If you are a development shop, then if OSS creeps into your product (due to a careless (and thoughtless) developer copy-pasting code, for instance) then the legal ramifications may be grave.

Why do you think this problem is unique to OSS? What if one of your developers has access to a Microsoft source license and starts copying and pasting code from there. Do you think the "legal ramifications" of that action would be more or less serious?

Compared to using an LGPL library, this could leave you open to huge liabilities.

If you don't control what your developers are up to, and have frequent, in-depth code reviews, then you're asking for trouble, OSS or not.

Rich.

Just tell his boss the cost (4, Insightful)

AYeomans (322504) | more than 5 years ago | (#25429843)

Doubt you will be able to change your control guy's mind with reason, so you have to play politics. Find an example where expensive software was bought instead of OSS and tell his/her boss how much the policy (note not "the person" - bosses can work it out) is costing the company. Of course, if the guy IS the boss or is related to the boss, just find another employer if it's that important to you.

Re:Just tell his boss the cost (1)

cheros (223479) | more than 5 years ago | (#25430067)

You're absolutely correct. If someone excludes options it means they have their reasons for it, political, imposed policy, vendor goodies or maybe just being nervous to go unchartered waters (in itself not a bad thing as long as it occasionally involved re-evaluation of the underlying decisions).

Plus, the guy may not have the mental strength or clout to get into a battle he can't win [boycottnovell.com] because companies are presently as little controlled for their abuse and malfeasance as bank and politicians are (and we know the mess that made).

However, creating Open Source awareness can happen in different ways. You may not want to use it, but it can still form part of your negotiation tactics [computerweekly.com] and missing that trick almost amounts to negligence..

Open source issues (1)

Skapare (16644) | more than 5 years ago | (#25429871)

The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get.

That's why open source has source. You can examine the source code to see if there are any strange patches. Compile it yourself and then you know what kind of binary you're going to get.

That's also the big benefit of open source. There are thousands of eyes looking through it for the larger projects. You also get the benefit of customizing the source for your own purposes (and if you don't distribute the end results, you don't need to distribute the source of your changes, either, for the software under GPL).

I might worry about the projects where anyone in the world has CVS/SVN/GIT/HG commit access. Most don't do that. It's not like Wikipedia. And if you wonder if some project may have some nasty patches applied by less than honorable people, just look through the revision history or download some older tarballs, and look through the changes.

Doesn't matter. (0)

Anonymous Coward | more than 5 years ago | (#25429875)

Attack me all you like, but to me, and to probably a lot of other users, it doesn't matter whether something is open-source or not, as long as it does it's job well, and it's (hopefully) free.

That's not to say I don't support open-source where I can, since it usually has a more vocal and readily available community to help you when the program goes belly up.

Start at the bottom, and top (1)

gringer (252588) | more than 5 years ago | (#25429885)

1) Convince his superiors that a particular open source program is the best available for the job. If this works, try with another one, but make sure you point out the open source nature of the program.

2) Talk to your workmates about open source software that you use, and try to get them to request some of this software to be available to them. For bonus points, try to get them to complain (with email evidence) when software is rejected to the people who evaluate the performance of staff.

It'll take a long time, and you'll have better success (and more likelihood of him being replaced) with the top-down approach, but the bottom-up approach is probably more likely to develop good word-of-mouth links to OSS.

What's in it for the company? (2, Insightful)

ClosedSource (238333) | more than 5 years ago | (#25429895)

As with any idea you want to sell, you have to pitch it in terms of what the company wants. Most companies aren't going to be motivated by a philosophical argument. You have to ask yourself: If the company started using open source software, would it have a significant postive effect on the bottom line? If not, your unlikely to succeed.

Politely tell him how the real world works... (1)

cyberjock1980 (1131059) | more than 5 years ago | (#25429897)

Open source...is about the user.
Closed source...is about the company producing the software.

Open source is often written by the very people that will use the software, and they don't want crap in their software.

Closed source is often written by people that will use it, but they need it to sell money. So is it cheaper to push crap out the door or gold plated jewelry?

Re:Politely tell him how the real world works... (1)

Bert64 (520050) | more than 5 years ago | (#25430265)

I know several people who work for companies that sell proprietary software, and most of them don't use that software themselves, even tho they could get it for free (without pirating it).

You really have to worry about the quality of software when even it's authors don't want to use it (and forcing them to use it doesn't count). They say programming is like an art, but there's no passion involved when you've no interest in what your working on, it becomes purely a mundane 9-5 job.

Fuck 'em, leave. (0)

Anonymous Coward | more than 5 years ago | (#25429909)

Vote with your feet, and when asked in your exit interview why you left, tell them the truth.

If I ever ended up working at a place like that somehow, I'd quit the same day I found out about this policy.

They can suffer with less than optimal software.

They probably already use OSS anyway (5, Funny)

nexu56 (566998) | more than 5 years ago | (#25429917)

At my previous job, I heard some really crazy reasons, from non-technical PHBs, for outlawing free software. All kind of nonsense up to and including Russian hackers planting backdoors/trojans in OSS apps.

In the end, the best way to make these non-technical PHBs see sense was to simply point out all the OSS they were already using, without even knowing it.

Those HPUX servers? Running Samba shares.

That F5 SSLVPN network appliance? FreeBSD!

The most priceless moment was when I discovered the main OSS opponent was an avid Firefox user. He referred to it as "Microsoft Firefox".

Create OSS adoption guidlines (2, Informative)

iceco2 (703132) | more than 5 years ago | (#25429931)

In my organization I wrote up a risk analysis for Open source and closed source software,
detailing the risks in each.
How does malicious or dangerously buggy code get into each type of project. how do you assess the threat in both types of software:
What is the review process?
How big is the project?
did you compile the software yourself? who did?
how did you get the software/source code. etc.
This document was picked up by other people who eventually turned it into company guidelines for OSS adoption.

    Me.

Re:Create OSS adoption guidlines (0)

Anonymous Coward | more than 5 years ago | (#25430023)

Did you include in the risk document that if any programmer within the company inadvertently linked to an OSS library, or saw some code and copy-pasted it in something your company distributed, it would at an unpredictable time in the future kill off the entire company and make everyone redundant?

I have the tantalizing sensation you did not, although that may just be my breakfast.

Re:Create OSS adoption guidlines (0)

Anonymous Coward | more than 5 years ago | (#25430051)

How would linking against an open source library be any different than linking to a closed source one that had a license that disallowed linking?

Re:Create OSS adoption guidlines (0)

Anonymous Coward | more than 5 years ago | (#25430113)

In a few meaningful ways:

Linking to a closed-source one would be highly unlikely to be met with legal demands that they publish the entire source code of their product, effectively killing that part of the company. In the event that there is a _lawsuit_ by a closed-source counterpart, such a demand would be struck down as unreasonable by the judge, and the damages awarded would be proportionate to the importance/complexity of the library (giving a positive effect that more core and higher liability components have a higher probability of being vetted). In the event that there is a lawsuit by an open-source ideologically driven player, the only goal and the only demand they will make is effectively that your company be dead.

In the event of a _settlement_ with a closed-source counterparty you would be dealing with someone who is primarily interested in making money through business and maintaining a positive business reputation, meaning that you can expect them to behave like rational money-interested people who will simply ask a sum that is high, but not ridiculously high. In the event of settlement with an open-source counterparty, you are dealing with people who, again, know they have your balls in a vice, however they are not interested in money, all the pleasure they derive is from squeezing hard and seeing blood.

If I was in the shoes of any proprietary-software company, I would _far rather_ have incurred liabilities towards a different company than towards the OSS movement.

Have Him Fired (1)

ewhac (5844) | more than 5 years ago | (#25429941)

This is the kind of moron who gets written up on TheDailyWTF [thedailywtf.com] , and derisively laughed at for years to come. Such a person is a liability to the firm, and needs to be dismissed.

Seriously, after all these years of success and reliability, anyone claiming Open Source software is an organizational threat is simply in the tank for Microsoft. Firefox, a threat? VIM, a threat? While Internet Explorer and MS Word are paragons of safety? The man is provably out of his fscking mind.

Schwab

Travel the official Software Acquisition Path (2, Insightful)

mverwijs (815917) | more than 5 years ago | (#25429959)

In my experience, your best bet in these cases is to walk the company's official path for software acquisition.

If no such path exists, your first step is to convince management to create it. Your common goal is to get the best sollutions for the problems at hand.

Here is a very usefull link of the dutch government on making FLOSS a viable option for software acquisition:

  --> http://www.ososs.nl/files/acquisition_of_open-source_software_-_text.pdf [ososs.nl]

Defence Department (1)

flyingfsck (986395) | more than 5 years ago | (#25429969)

If it is good enough for the Department of Defence then it should be good enough for a any corporation. However, if IBM, Sun, SGI, Hewlett Packard, AOL and Dell are not good enough to convince your bosses, then I don't think anyone will.

excuse me where does closed source have a place (2)

CHRONOSS2008 (1226498) | more than 5 years ago | (#25429973)

the gpl allows you to bring open source inhouse and keep it closed if you do not use publically

so where do i need closed source to begin with?
to pad my lawyer buddies?

stupid is as stupid does and go ahead waste peoples money, fraking noobs are everywhere and ya wonder why the world economy is going turdy

all the greed has done its work

Give up and/or move on (1)

melted (227442) | more than 5 years ago | (#25429997)

These folks usually need a near death experience to change their mind. You won't change it. It's only when competitors are closing in, that's when folks like these give up their superiority complex and do what the engineers say. But by then it's already too late.

Use your enemy (1)

clarkkent09 (1104833) | more than 5 years ago | (#25430003)

Step 1. Convince him to buy an expensive, complex and impossible to manage closed source program that he will approve, Lotus Notes or anything by SAP comes to mind, preferably for a totally inappropriate purpose.
Step 2. Maneuver yourself into being next in line for his job.
Step 3. Encourage end users to complain about the software as much as possible. Plot behind the scenes to make sure his bosses know he is responsible.
Step 4. Once he is fired, take his job and replace the closed source software with open source.

Good luck!

Ask Slashdot (1)

bonch (38532) | more than 5 years ago | (#25430009)

Shouldn't this have been in Ask Slashdot instead of News?

Ask them to make an in-house version (1)

Beefpatrol (1080553) | more than 5 years ago | (#25430013)

What I mean by "make an in-house version" is that if they are concerned about new binaries causing problems, they could, in the case of something like Vim, which doesn't connect to outside machines and pose a direct security risk, simply scrutinize the source for and then build a binary and store that binary on-site and permit people to use only that one. This means that some of the benefits of open source are lost, but at least you get to use the software for the most part.

They don't necessarily have to scrutinize source -- presumably the notion that software might be dangerous is also true in the case of commercial software and if that is true, then they should have methods of qualifying specific installations of a program as safe, regardless of the type of transaction through which they would acquire the software. I realize that companies often do not have such qualifying methods and instead rely on the implied threat of a lawsuit to prevent commercial software vendors from selling them malware, (either intentionally malicious or not,) but the legal recourse is usually far inferior to just having software that does only what the users think it does. Legal recourse is an expensive and risky endeavor that often doesn't really make up for all the damage done; there are, of course, examples of where the suing entity made a killing from their victimization, but there are a lot of far less exciting outcomes where the victim still ended up taking various types of loss even if they won the lawsuit. You could point that out to them, but keep in mind that you will be essentially pointing out that their usual arguments are incorrect and that you know they are actually just engaging in ass-covering. This may go over badly.

You can still suggest that they qualify a binary, though. That is reasonable, in my opinion, if you can justify the utility of the software you want in monetary terms regardless of what arguments you may present as to why their no-open-source policy doesn't make sense.

Closed Source often uses Open Source (0)

Anonymous Coward | more than 5 years ago | (#25430027)

Just tell your boss that many closed source software uses open source software libraries, for example, libraries that do compression or image processing (e.g. PNG, JPEG). So he is already living with the risk.

Re:Closed Source often uses Open Source (0)

Anonymous Coward | more than 5 years ago | (#25430065)

> So he is already living with the risk.

What risk?

With open source software, everyone on the planet can read the code. If there is anything bad in it ... someone would complain.

With closed source software ... that is the only way you can have such a thing as "malware" even exist. Only when the users of the code (most people) cannot see what is in the code can there be any such a thing as malware. Therefore, only using closed source software carries any real risk.

However, it must be noted ... there could be unintentional bugs, if not actual malware, in open source code. Using open source software thus means that you are exposed to exactly the same risk as everyone else using the code ... including your competitor who is using the same open source code (such as linux, for example).

If your competitor uses closed source code, and you use open source code, then you are both exposed to the risk of unintentional bugs, but only your competitor is exposed to the risk of malware and to the risk of being sued for not having the requisite licenses.

Re:Closed Source often uses Open Source (0)

Anonymous Coward | more than 5 years ago | (#25430183)

Ok, let's say "theoretical risk".

Cluetrain boarding now... (1)

0WaitState (231806) | more than 5 years ago | (#25430043)

Your open source software blocker is being paid off by the vendors. Maybe not in cash, might be just in dinners, trips to "conferences", or perhaps just in building his ego.

This is one of the barriers to OS software adoption that is not yet recognized.

Re:Cluetrain boarding now... (0)

Anonymous Coward | more than 5 years ago | (#25430145)

Some OSS vendors seem to realise it... I keep getting what looks like automated email (i.e. corporate spam) inviting me to MySQL conferences, which I have absolutely no interest in, but someone somewhere seems to think I do.

oh hai (2, Funny)

spintriae (958955) | more than 5 years ago | (#25430045)

At the major corporation I work for, there is currently a single person who decides what software to approve and disapprove within the organization.

Give Mr. Jobs my regards.

Address the facts (4, Informative)

davide marney (231845) | more than 5 years ago | (#25430061)

It sounds like his argument against FOSS is fact-based, not political. Address the facts.

He believes that anyone can change the source of an open source application and recompile it. That is TRUE. He is right to identify that as a vulnerability. The mitigation is to only download binaries from trusted sources and verify them with checksums, or to download the source, inspect it, and recompile.

His conclusion that applications from proprietary sources are therefore inherently more secure because they cannot be recompiled, however, is INCORRECT. From a security standpoint, using a binary file requires a higher level of trust because it is more opaque. It is far easier to to hide an attack in a binary file precisely because one cannot inspect it as easily as one can a source file.

The threat order, from most threatening to least, is:

  1. Binary from an untrusted agent, no checksum
  2. Binary from untrusted agent, with checksum
  3. Binary from trusted agent, no checksum
  4. Binary from trusted agent, with checksum
  5. Source code from untrusted agent, with no checksum, scanned for security, recompiled
  6. Source code from trusted agent, with checksum, scanned for security, recompiled with a new checksum.

The point is, NOTHING should be accepted without verifiable trust. Being able to personally inspect the source code provides an additional level of protection, and is therefore SAFER from a security standpoint.

For personal use, I trust everything at level 3 and higher (binary from trusted agent, no checksum). That's fairly risky, but acceptable for a single machine. If I were in charge of the corporate desktop, I would elevate to level 4 (binary from trusted agent, with checksum). This is the level that Microsoft products are distributed at, for example. If I really were concerned about the security of an application -- say, if I were in charge of writing voting machine software -- I would insist on elevating all the way to level 6 (source from trusted agent, with checksum, scanned by me and recompiled with a new checksum.)

Clueless... (2)

Bert64 (520050) | more than 5 years ago | (#25430081)

The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get.

What, and all the viruses that can attach themselves to existing binaries clearly have never existed?

If you have the source code, then you have the opportunity to compile your own binary and be sure what's in it.

even to Vim... (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25430095)

Frankly, banning vi and its ilk is huge productivity gain.

This will no doubt be modded down as a troll.

Don't bother. (1)

DiSKiLLeR (17651) | more than 5 years ago | (#25430107)

Don't bother. Go get another job elsewhere.

Or as someone posted earlier, "Either live with your idiot bosses and stop complaining, or ditch that miserable excuse for an employer."

We use OSS almost exclusively where I work... the only commercial software we use is Microsoft, and even that we try to avoid as much as possible.. (there's only a very few window's pc's with MS office for example.)

Just do it (0)

Anonymous Coward | more than 5 years ago | (#25430111)

You've put yourself in a vulnerable position by having asked for permission. Now that the answer is 'no', installing those specific packages anyway is being disobedient, and you'll have a much harder time convincing them otherwise.

Otherwise I'd recommend you to just install firefox etc. already. There can't be any objections to this from a financial, legal or security perspective; in fact, as your company pretends to be worried about security, why not go with the browser that has the better security track record, rather than sticking with the closed-source browser (which has proven to have the worst security track record of all)?

As for the random changes, when you get the sources 'at the source' (i.e. firefox from mozilla.org, mysql from mysql.com etc), any potentially unsafe third-party changes will have been reviewed (and an MD5 checksum guarantees that the sources have not be tampered with). The risk in using it is no bigger than the risk of accidentally installing closed-source malware.

But as other posters have pointed out, for your company it's probably the bottom line that counts. I agree with the poster mentioning that you should take care of your 'software approver', as he seems to care more about his power-trip than about the company.

Finally, I think you'll have a better time at a company that embraces open-source. Start looking around for something better, you'll be glad you did.

Arguing against malicious code pollution... (1)

tonzack (695120) | more than 5 years ago | (#25430149)

The author of the article says:

"The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get."

Not if you can prove to your superiors that the source code you want to use is managed and moderated by code maintainers in order to review the code prior to it being submitted into a code branch...

... and that your superiors have a policy of only obtaining code from said moderators and code maintainers at officially announced places of acquisition of stable code branches.

This covers many popular free and open-source software from many organisations such as the Free Software Foundation, Mozilla, the Linux Kernel Organisation, and others, whereby the contributor base is large enough for the code to be peer-reviewed and managed in ways that will prevent such malicious attempts at code pollution from ever becoming a reality. If you can show that the project belongs to an organisation that honours its reputation for the production of quality software, then it would make the rejection of the use of such software due to this argument much more difficult to justify.

While this doesn't cover every free or open-source project under the sun, it does cover many of the more popular major projects where a Windows build is available or supported.

--tonza

Firefox. (1)

crhylove (205956) | more than 5 years ago | (#25430175)

If they don't know that Firefox is the best browser existent, than they are uneducated. You have two choices, then:

1. Educate them.
2. Give up and use IE or whatever crap.

This is also true of other FOSS programs, but Firefox is certainly step one, in my opinion.

Buy it through a dummy company (1)

mr.e (182543) | more than 5 years ago | (#25430177)

Look for someone who'll happily charge you for doing nothing, let's call them dummysoft.
Then put in your request for vim from dummysoft for x hundred dollars.
Dummysoft can then send you a link to their download site at, say, vim.org, and take the money.
If you can't find any volunteers then I'll happily do it.

It's not about malware, support, or quality... (4, Informative)

JaredOfEuropa (526365) | more than 5 years ago | (#25430191)

I have implemented a high-profile system in a large multinational, using open source. I too found it hard to get OSS accepted, but not for the reasons I first expected. Most of the initial arguments were quickly countered.
- Malware? We were confident enough to see there were sufficient controls around code changes.
- Support? Easily handled by our existing channels, even for elaborate changes and additions.
- Quality? Millions of users can't be wrong...

The one thing we struggled with was: liability. Our own, our manager's, the software approval guy's. The problem is this: what if that bit of open source software contains proprietary code, and the owner of that code suddenly starts asserting his rights? At best, we will be forced to stop use of that software.

You can argue that this is also a possibility with commercial software, which is true. But with commercial software, the owner of the infringed code will go after the creator of the software. Better yet, we too get to sue his pants off. In the case of open source, they are likely to sue not the creators or distributors of the software, but the people using it. That means us, and the legal eagles don't like that, oh no. Remember the old maxim "No one has ever been fired for buying IBM"... that goes doubly for OSS. OSS exposes you to lawsuits, and when the stuff does hit the fan, the buck stops with you.

In the end, OSS was allowed in our corporation, provided that it isn't used for mission critical purposes if no commercial drop-in replacement exists. If the software develops issues, there's still no vendor to blame for me, but I can live with that, personally.

Re:It's not about malware, support, or quality... (2, Insightful)

1u3hr (530656) | more than 5 years ago | (#25430229)

Better yet, we too get to sue his pants off.

Why is that "better"? Very likely a software developer (anyone smaller than IBM) in that position will declare bankruptcy, or just disappear. You're very unlikely to get a cent back, no matter if you win your case or not.

Anyway: what if that bit of open source software contains proprietary code, and the owner of that code suddenly starts asserting his rights? At best, we will be forced to stop use of that software.

No. At best, after a brief hiatus the infringing code will be replaced by non-infringing code. You could even pay someone to do that for you if it was a priority. Unless the whole project is blatantly stolen code, which you probably would have noticed already when comparing it to similar offerings.

Hello... World financial meltdown calling! (0)

Anonymous Coward | more than 5 years ago | (#25430193)

You need to get a sense of perspective here. In the past month we've been experiencing the very start of what people are comparing with The Great Depression. You're living in the US where your unemployment benefit/insurance has a fixed time limit, homelessness was already out of control in the boom time (with large numbers being unable to secure a place in what would be short-term emergency accommodation anywhere else in the developed world in "trailer parks"), and you're bitching about not having access to some favourite Windows apps?

My advice to you: don't make waves, treasure what you have, and pray to your deity that you aren't forced into looking for work in the next 12-36 months.

I have a deja-vu (0)

Anonymous Coward | more than 5 years ago | (#25430243)

You have 2 types of people, advocates of open source and the governance types. Clearly, you will fit within the first group and your boss in the second. This is a religious fight and one that cannot be won by convincing the other type of your right.

I have done this battle and lost every time, until I understood the system. The governance type often has much less knowledge than you for making a balanced choice. He wants to be assisted by some technical teams to get a second opinion. The way they report will include terms such as open source etc... and thus the proposal will get refused.

Try to organise a software evaluation team for problem x that will report to the governor. Try to make sure you have a large part in the written end report. Try to make sure that there is a paid support option in the open source solution.

In the end, they will not pay support, take the open source and there will not be a second voiced opinion that can be interpreted any way.

We all know that open source will win in the long term, because the support of many will always be more important than the financial gain of a single company. The fight will always continue because the gain of some will always inspire unfounded opinions. I just hope that you win this battle.

The other way around (0)

Anonymous Coward | more than 5 years ago | (#25430267)

"The whole mentality here is that anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get."

That's closed source, in open source you know what code is in the binary...since it's..well...open?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>