Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smuggling Open Source Past The Boss

Posted by ryuzaki0 on from the how-*dare*-you-extend-my-budget? dept.

Saint Aardvark writes: "CNN has an article on software engineers sneaking open source software past the boss -- and how the smart boss doesn't look too closely." A nicely balanced article (originally from Computer World).

6 of 136 comments (clear)

  1. Strange... by Matts · · Score: 4
    Still, he says that his company is thinking seriously about converting its mail server back from Linux to Windows NT. Group Logic has documented several cases where the sendmail program running on the Linux server lost an e-mail message. While it's had few other problems with Linux, he says the software is still difficult for much of the staff to manage; Windows NT is just easier for most of them to use and reconfigure. According to Newberry, saving the cost of a Windows NT license just isn't worth it.

    I don't understand this attitude. If one package is broken you don't install a whole different OS! Get a mail server that guarantees mail delivery, like QMail!

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.
  2. Re:Accountability by the+eric+conspiracy · · Score: 4

    Because there is simply no legal recourse for companies who use it.

    What makes you think there is legal recourse for commercial software? The DMCA and recent court rulings (see yesterday's /. article on shrink wrap liability disclaimers being upheld by the WA supreme court) pretty much put an end to any recourse by software purchasers.

  3. Tricking the boss...... by DanaL · · Score: 4

    It seems rather risky. Deliberately hiding stuff from your boss just isn't a good way to run a business.

    It's one thing if s/he takes the attitude if it works, he doesn't care about the guys. It's another thing when he says, "I want an NT mail server" and you give him a Linux server, you're asking for trouble. In the really large organizations I've worked in, there is usually a push to standadize stuff. What happens when you get transfered and some MCSE suddenly has to maintain your BSD box?

    On the whole though, I like the article. It seemed much more like actualy reporting than hyping one thing or another.

    Dana

  4. What about...security? by DeepDarkSky · · Score: 4
    I liked the article, pretty clear and balanced. It made me think, though, about a couple of things.

    Open Source is good for both developers and users alike. It's good for developers when they need to write programs or applications and might need to know how certain things work, or if they need to change or extend certain things in the open source software. It's good for users because of all the common reasons that we hear about all the time, about how it is secure because a backdoor would be spotted and how bugs can be spotted easily because the source is available.

    But the story also talked about how someone in IT decided to use open source software, sometimes without knowledge of their supervisors and the company at large, to provide a solution. While it sounds like heroics, it also trigger thoughts of potential problems.

    Imagine if one of these guys was a programmer who was able to put in a backdoor in the software source that was consequently compiled and put into production. Granted, someone with that kind of access would have other ways of putting in backdoors, not just in programs. But I think that to some extent this may be an issue. Companies may buy software from closed source vendors secure in the knowledge that at least the software doesn't have backdoors in it that was put in by someone who may have specific interest in doing so to break the company's security.

    Put another way, if there's a security problem like a backdoor, it's better that it's a disinterested third-party than an employee who may or may not remain within the company, and many times, may even end up at a rival company. Besides, with a backdoor, who's liable? If it's closed source, it's obvious. With open source, there wouldn't be backdoors, but depending on the company's policy, there may be backdoors put in that they wouldn't know about, sometimes they wouldn't even know who might have put it in.

    Granted, the potential of such a scenario is small if the company's IT policies are consistent and clear and actions well-documented. But, I still think that such things can and may have happened, and it's due to the availability of source.

    So all I'm saying is, the company must decide clearly what they are going to do and strictly enforce it. If better solutions are available, they should be clear about all the possibilities. Politics, of course, will just throw it off completely. But IT professionals 'sneaking' open-source into their company just doesn't jive too well with me, even if the open source philosophy produces superior software.

  5. Ask your boss; he might surprise you. by daviddennis · · Score: 5

    I work for a mid-sized company of about 100 employees. The contract house I worked for had produced a Windows-based web site for them; I started with a Linux-based system that did a small part of their site.

    The owner of the company noticed that I was far more responsive than the other people at the contract house, so he hired me as a programmer/manager to straighten things out.

    The first thing I did was to propose that we change the web site from Windows to Linux. The original site was taking 4.5 seconds to pull up a page with no load. I did a demonstration that was instantaneous, and Windows' doom was sealed.

    I will treasure the moment forever where I was in the room with my former boss and the owner of the company. The FB was claiming that I could get my neck wrung if Linux wasn't good enough for the job. I said that I'd used it elsewhere, and I knew it was. "Microsoft provides a level of acceptable mediocrity," saith the FB in a tone that made it clear that this was something good.

    The owner exploded: "Our company does not seek mediocrity."

    We've been running the Linux system for about a month, and so far it's exceeded company expectations and I've become a corporate hero for the first time in my life.

    So don't underestimate bosses. Sometimes you can convince them to do the right thing.

    D

    ----

  6. Legit Channels by darial · · Score: 5

    I once tried to get a Linux box past the boss through "legit" channels, and had a major success. We were replacing an older-than-god Sun mail server, and I suggested a Linux box. At the time I think it was Slackware. Got it all set up, we moved it inot the network, and it worked fine. However, the boss decided to cover his ass, and bought an NT server and a commercial mail program that will remain nameless (you'll see why in a bit). I was miffed, but rather than sulk or smuggle, I got out the hex editor and disassembler. Two hours later, I had found 10 unbounded str* functions that lead to buffer overflows. Wrote up an exploit, and showed it to the boss. He didn't really believe it, but let me run the thing, and sure enough, it worked. Two hours and a little help from me and the now-classic AlephOne article later, he had written his own exploit on a different hole. At that point he sent the mail program back, demanded a refund, and there's a linux server there to this day.