Management 'Scared' by Open Source

A discussion panel at EclipseCon exposed how managers are freaking out over open source. Apparently a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it 'puts them at a competitive disadvantage because their competitors are.' And the Lawyers are in a panic.

The main reason is lack of clear knowledge

[freedom_india]

1) Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.
Many managers don't realize that just "using" Spring does NOT force you to open up your systems.
You only need to open up if and when you modify Spring framework with your own code.

2) Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

3) Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others. Much like SCO claimed. Developers are not fools.

It requires a maturity level beyond that exists today and i don't blame them since these managers were brought up an era where you pay good money for good things.

Re:The main reason is lack of clear knowledge

[rlauzon]

The main reason is the lack of knowledge. Period. (At least for the companies that I've worked for.)

The people who makes these decisions are frequently ex-techies who don't realize that they have no useful knowledge anymore, simply because they've been living in management-land for so long. So they make decision based on simple rules. Back in the '80's, the rule was "no one got fired for going with IBM." Now, it's "no one got fired for going Microsoft."

Time and time again, they choose to pay for overpriced Microsoft products instead of going with an open source alternative. For example: when we "upgraded" to Windows XP, we also "upgraded" to Office XP. No one could give me a clear reason why we chose to pay $75 per license for Office XP instead of going to OpenOffice for free.

The only time non-Microsoft products enter the enterprise is when these people aren't part of the decision process. For example: our new PBX system runs Asterix and the "print servers" that we put in the remote locations are all appliances that run Red Hat.

Re:The main reason is lack of clear knowledge

[Kjella]

1) Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.

To be fair, I don't expect a manager beyond a certain level to understand the complexities of libraries and linking and 'derived work' and patent clauses or whatnot. In particular not if they're entering into a legal agreement on the company's behalf, which is exactly what a software license is. I certainly wouldn't want to take a developer's word that he knows what legal implications it has, any more than I'd take a lawyer's word that he can run networks because he's written SLAs. Depending on the beuraucracy of the organization, it might be a shorter and easier way to write it themselves than to go down that route with policies and legal and whatnot. Managers are rarely the ones to ask for foregiveness rather than permission.

To take one example from a client that shall remain nameless. I needed an SQL tool to do my job, and the only approved tool was Query Analyzer. At the same time they were in a process of migrating to a new platform, and everyone issued new PCs had to be on the new platform. Unfortunately, they had not certified Query Analyser (and Enterprise Manager) for use on the new platform. Could I have it installed anyway? No, against policy. Could I downgrade to the old platform? No, against policy. Could they make an exception to policy? Blasphemy. I could tell you how much time and money was wasted on that, but you'd swear I was lying.

2) Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

Half the reason Microsoft is so unpopular is because they deserve it. The other half is because Microsoft has been blamed for a million cock-ups by incompetent managers or their subordinates. Whenever there's a flaw in a product, the client is trying to grab the one closest to them and make it their responsibility to fix it. The further it gets passed up the chain, the less chance they'll get help. Once it's passed off to upstream support, the ball is sort of passed. In that respect, the fact that you *could* in theory fix an opensource tool is more of a disadvantage than anything else. In that sense, I think it might actually be legitimate. In addition, there's simply managers covering their ass.

3) Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others. Much like SCO claimed. Developers are not fools.

I don't think they're half as worried about that as the other way around, apart from blatant "let's post the whole products source code on the Internet", which has nothing to do with open source. If some odds and ends from lone developers leaks, it's a shame but they got pretty much a full arsenal of legal work to stop it. If SCO had any real claims, and those were pointed out specificly they'd be gone by the next point release, never to return in any official kernel. What I do think they're worried about is changes of context and ending up sued for copyright infringement themselves.

Let's for example say you've built up some internal tool based on GPL code, which is perfectly OK. But then you figure out that your partners, customers or something also should be able to use that tool. Suddently you're distributing that tool from one legal entity to another and the GPL is invoked. Parhaps the GPL'd bit is just some library or code that got thrown in sometime because it was useful and it's internal anyway, right? Again, there's also the personal angle and the company angle. It might not be a big thing for the company as such, but I swear: If your company gets sued it comes from legal, up to executive management and down on that manager like a ton of bricks.

Certainly, that's not something new and you can get sued by others too. But paid licensed code has usually been through a whol

Re:The main reason is lack of clear knowledge

[Mateo_LeFou]

I don't know much about Spring in particular, but depending on the license it's perfectly legal to download it, learn how to build it, and make someone pay you to install it. Charge whatever you can get; try to keep a lid on how easy it is. Attributing it to yourself would break the license, but it would be *your breach, not the client's.

"If you use any open source code in your company's software, your failure to comply with the legal conditions for doing so (such as the GPL) can and will put you in close communication with your lawyers if the original coder ever finds out you've ripped his code in secret."

The good news is that policy from the highest levels at the free software foundation is "never let a request for damages interfere with a settlement for compliance." So if a manager finds that they are noncompliant, they will get guidance (from Moglen) about how to get back into compliance, rather than a lawsuit.

On the whole, it seems like a much friendlier proposition that having a team of attorneys crawl over every vendor's EULA with a microscope.

Re:The main reason is lack of clear knowledge

[drooling-dog]

Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution? Suddenly, that company is legally vulnerable. That's basically a non-issue, because those "snippets of code" are out there and readily available to your developers whether your organization actually uses the software or not. You might as well argue that they shouldn't have access to any programming manuals, because they might appropriate some of the (copyrighted) example code.

Open source licenses are more permissive than those for proprietary software in all respects that I can think of, including distribution. But no, you can't simply modify it and sell it as your own under a more restrictive (e.g., closed source) license. But that's about it.

Re:The main reason is lack of clear knowledge

[multipartmixed]

What the hell is wrong with using Excel to do graphing?

I regularly generate reasonably complex CSV files with *nix tools, usually out of prof, truss, dtrace or syslog output. A couple of quick clicks in excel, up pops a graph which contains useful visual information. Why, just the other day I solved a multi-process race condition with a floating bar chart derived from a log file...

Excel is really great for that sort of stuff, lots of built-in graph types you can quickly try, it understands things like dates and floats, and if you wind up with something really cool you can take a few more minutes to add some labels and colours and bang it into a PDF.

Compared to what.. What other tool allow that? Hmm. I'm thinking here. Whatever tool that might be, it sure as hell isn't installed on my desktop and I don't know how to use it.

So, in your magic neverland where Excel is not the right solution.. What is? And why should I spend time+money on it, when Excel already does what I want it to?

(And, for the record, I use Excel '97...)

Re:The main reason is lack of clear knowledge

[fourchannel]

"Who retains what rights to which code" can become a sufficiently complicated question without bringing the umpteen F/OSS licenses out there into the mix. If the developers can duplicate what already exists in F/OSSland for less money than the legal team can unravel the rights, then staying proprietary is the right decision. I bet a better decision would be to say "fuck it!", and let Humanity retain the rights to the code.

The license issues

[mi]

And the Lawyers are in panic

And for good reason. Just listening to all the talk on whether or not Novell is violating GPL (perhaps by simply partnering with another vendor - Microsoft) should make a lawyer's skin crawl...

If more code was released under BSD-type license, we would've seen wider adoption.

So, GPL was used to wrestle a few vendors into releasing their own code. And what? Who has looked into that code or used it for anything else? And how many other vendors have (foolishly) decided to avoid "open source" and come up with their own (usually inferior) re-inventions of the wheel, because of that?

It is hard enough to use an outside solution because of the NIH syndrome. Restrictive licenses exacerbate the problem...

Re:The license issues

[init100]

Granted, you can create a discussion about the commercial value of it all

I'd say it could have a lot of commercial value. After all, the WRT54 series is recommended all over the 'net just because of the moddability of the product and the community around those mods. This could certainly bring in more sales.

Of course they're scared

[imroy]

If people are wondering why managers are scared of Free/Open Source Software, just look at Rob Enderle's recent story posted here on Slashdot yesterday. Managers are the targets of these schill reporters (Enderle, O'Gara, Lyons) and their efforts are clearly working. We might not fall for their FUD, but managers and other non-techies do. And that's why they get paid.

Re:Heard that

It's not clear that that's stupid. The GPL license is a very specific commitment that subsequent users have a set of rights. Whilst PD software is clearly much safer than most proprietary software, where the license may just change in the next release, it doesn't have the guarantees of GPL software.

E.g. If I get your software from a downstream distributor, I've got no guarantee that their code is also PD. If your code was under the GPL then there would be real problems for the down stream distributor if they later try to change their mind (look at the problems SCO has got into by trying to steal Linux, for example).

Not all management and lawyers

Only incompetent management and lawyers.

Okay I digress, most management and lawyers.

Truth

[jawahar]

People make money out of others ignorance.
People make money by adding value to others.

Broad generalizations are always so useful

[ArmchairAstronomer]

Look at the context of this post, it was a pannel discusion at a conference. It means they didn't have anybody to speak about something infromative so they got bunch of so called experts to talk about something "controversial" to fill the time. It treats the groups discused as monolithic morons. Developers, Managers and the always popular "Lawyers". We are "Freaking Out", "Scared", "in a panic" all very informative descriptions for how people deal with complicated problems. News flash! There are clueless "developers" who don't understand the conequences of their actions on the orgaizations that pay them. There are clueless "managers" who have never read a EULA of any kind. There are clueless lawyers, nuf said. How about the report of a real discusion between thoughtfull people about trying to balance Stallman's la la land philosophy with Ellison and Gates' Ferengi capitalism.

Commercial Licences

[TobascoKid]

And even if you ban all open source software, you can still violate the license of a commercial package

Which a point rarely made about proprietary software. Practically every piece of proprietary code comes with a different license, with an entirely different set of restrictions. It's a lot easier to make a misstep with proprietary software than it is with open source, and your risk of being taken to court (as opposed to just some public shame restricted to tech circles) is far higher.

Sounds familiar

I work in a large (Fortune ???) company and official policy is "no open source" as far as I know.

Unfortunately, one of our group's work products is essentially a OS distribution. We take a base (Unix-like) OS load, add our internal applications that run ALL the time, create install CDs, and send them out to our internal and external customers.

(I'm being intentionally vague here, because I actually like my job....)

Now, I don't know how you do anything modern with a Unix-like OS without open source. Neither does anyone else.

Perl. Apache. Samba. OpenSSH and OpenSSL. zip. unzip. Those are just the ones that immediately spring to mind, and we've been using them all for years as part of that CD.

My manager knows and understand. My director knows and understands. Not sure about my senior director. But there's a real lack of understanding of reality somewhere in our food chain.

But the legal department - who has to review and sign off on things - is probably the most clueless. We're not really a technology company, and it really shows over there.

Re:disempowerment

[motek]

Ahh... the moderation! This is rather silly, not 'interesting'. We weren't talking about IT, but development, in the first place. I have been running a software R&D group for a long while. In the long run, all costs are marginal comparing to personnel expense.
And besides - if you really must see me as an evil person - the power to refuse somebody something is not much of a thrill. Comparing to the simple fact I can just fire him...

1995 called-they want their obsolete managers back

[tomhudson]

"I believe that another important fear is that of disempowerment. Open source is usually free of charge, which means that their budgets and thus their importance decreases."

How many of us read this, and are saying "Hey, if they're worried about the consequences of reduced budgets, they can always throw me another $50k a year ..."? :-)

Its not about budgets, and its not about power - its about managers who aren't really right for the job - because the JOB has changed.

Look at it this way - 1st-rate people hire 1st-rate people. 2nd-rate people hire 3rd-rate people, probably because they're intimidated by anyone being "as good as" or "better" than them.

Any IT project manager who doesn't have a clue about the GPL, LGPL, and BSD licenses should be fired. He or she is obviously not willing to do their homework, and hasn't been, for about a decade.

Additionally, you should probably go up the food chain one more rung and fire whoever hired/manages them. After all, they let this piece of deadwood contine in their slot for god knows how long.

So they blocked sourceforge, and they banned thumb drives, to prevent open source code from "leaking into" the company. I'm sure I'm not the only one with a cell phone with tons of free space - its not *just* for music and videos. And most of us can write a proxy server in one line, run it on our home machine or another server, and get around any site bans just fine.

Re:Heard that

[Speare]

And then there's the guy in IT who uses the phrase "public domain" for things that are open sourced, licensed with sources, published in textbooks, or anywhere in between. Even if he knows the difference, he's poisoning the well by callously disregarding the important distinction of "the owner makes the source available" and "the source has no owner."

Proprietary software frightens *me*

[mkcmkc]

I guess I can understand being scared by the unfamiliar, but what really frightens me is proprietary software, or rather the licenses thereof. There's some really scary shit in there about what you can and cannot do, and the penalties for running afoul. Not to mention the stuff (which you may know as "software patents") that you only get to hear about after you're in trouble.

Just another successful Microsoft FUD campaign?

[walterbyrd]

I'm surprised nobody has mentioned this before.

The entire scox-scam is nothing but a small part of msft's ongoing fud campain. The entire scam will cost msft well under $100M - pocket change for msft.

Now that the scox-scam is winding down, msft has bought a new bitch - Novell.

Msft message to corrupt users is crystal clear: "F/OSS is a legal mine-field. If you even use linux you risk a lawsuit. If you substantially contribute to linux a lawsuit is nearly inevitable. If you even think about touching a F/OSS produce, you will be legally forced to open all of code." Msft has pounded on that message for years and years. Lots of msft shills scream hystical warnings, all kinds of fake lawsuits, fake studies from msft owned "think tanks" and so on.

I think msft's fud campaign has been smart, and successful.

Re:Heard that

[modeless]

I'd like to take this opportunity to thank you for the awesomeness that is SQLite, and especially for putting it in the public domain. It's been the perfect base for the C# application I'm writing at work (via the equally excellent and also public domain System.Data.SQLite wrapper). The public domain license means I can use it without worrying about maintaining lists of attributions (such as required with the BSD license, and which, as a lowly developer, I can't guarantee will remain with my code forever, inevitably causing legal problems down the road).

In the future, I see many more C# applications using SQLite, especially after Microsoft releases C# 3.0. SQLite combined with C# 3.0's language-integrated query features will be killer.

Re:NMAP

[darkwhite]

"Their wacky addition"? Interesting.

Please don't be obtuse. The parent poster was referring to running the program at development time, then incorporating its result as part of the product. The restriction you cite does not forbid that.

Educational campaigns are needed.

[jbn-o]

Then this is no different than any other irrational horror story; we can point blame at both the teller and believer of the story, but we're better off educating people instead. A good educational campaign would ask these managers if they believe every report they write with Microsoft Office is co-owned by Microsoft, thus giving Microsoft the power to change or override anything they say in the report. Or if their proprietary OS from Apple compels them to get Apple's approval before distributing any file they make with it. Nobody actually behaves as if these things are true so it's a very hard argument to make that anyone believes these things to be true.

The manager's "fear" is obviously irrational and their issues don't seem to translate to the real problems of uninspectable, unmodifiable, and unsharable software which they have entrusted to run their business. Perhaps handing their business over to unaccountable monopolists (as all software proprietors are) should be more disturbing to them than software they can shape to meet their needs.