Management 'Scared' by Open Source

A discussion panel at EclipseCon exposed how managers are freaking out over open source. Apparently a disconnect exists between managers who set corporate open source policies and developers supposed to follow them, but who end up covering their tracks to make it seem like they are not using open source. Developers, though, end up using open source because of its ubiquity and not using it 'puts them at a competitive disadvantage because their competitors are.' And the Lawyers are in a panic.

The main reason is lack of clear knowledge

[freedom_india]

1) Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.
Many managers don't realize that just "using" Spring does NOT force you to open up your systems.
You only need to open up if and when you modify Spring framework with your own code.

2) Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

3) Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others. Much like SCO claimed. Developers are not fools.

It requires a maturity level beyond that exists today and i don't blame them since these managers were brought up an era where you pay good money for good things.

Re:The main reason is lack of clear knowledge

[tomstdenis]

Along the lines of #1, most folk I meet are fearful of the license issues in terms of "do we owe royalties or something?" Where I work, we use my public domain OSS projects, but we also use others (openssl, swan, the kernel, etc) and we have to be careful of how we distribute things. Fortunately, most of it is in source form which alleviates GPL/LGPL issues. But it's always in the back of our minds.

Tom

Re:The main reason is lack of clear knowledge

[pammon]

Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.

Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution? Suddenly, that company is legally vulnerable.

You only need to open up if and when you modify Spring framework with your own code

No, that is not correct - the Spring framework does not require you to distribute your changes. You just proved the point: licensing mistakes are easy to make. If you were developing a program that incorporated Spring, and mistakenly believed that it required you to license your source, you would cost your company a great deal of money by doing so. That is why the fear is legitimate.

Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

And that's a reasonable fear. If I sell code that violates a license to a client, that client becomes legally vulnerable and might sue me. Because open source software is so accessible, it becomes easier to inadvertently violate a license.

Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others.

I doubt very much that's a concern. No developer is going to risk their job for open source warm fuzzies, and conversely, no open source project is going to accept leaked patches. Any project that did would open itself up to huge legal liability. Corporate espionage and bribery is a much bigger worry.

You mentioned maturity, but I think you have it backwards - corporations have developed strict, mature processes for keeping themselves on firm legal footing, and licenses are reviewed and vetted by the legal teams. The wide availability of license-encumbered code means that engineers have the opportunity to play lawyer. That's bad, and if you're a manager, you should be scared by that.

Re:The main reason is lack of clear knowledge

[rlauzon]

The main reason is the lack of knowledge. Period. (At least for the companies that I've worked for.)

The people who makes these decisions are frequently ex-techies who don't realize that they have no useful knowledge anymore, simply because they've been living in management-land for so long. So they make decision based on simple rules. Back in the '80's, the rule was "no one got fired for going with IBM." Now, it's "no one got fired for going Microsoft."

Time and time again, they choose to pay for overpriced Microsoft products instead of going with an open source alternative. For example: when we "upgraded" to Windows XP, we also "upgraded" to Office XP. No one could give me a clear reason why we chose to pay $75 per license for Office XP instead of going to OpenOffice for free.

The only time non-Microsoft products enter the enterprise is when these people aren't part of the decision process. For example: our new PBX system runs Asterix and the "print servers" that we put in the remote locations are all appliances that run Red Hat.

Re:The main reason is lack of clear knowledge

[Kjella]

1) Managers are under the mistaken impression that if i just use spring or Jakarta Commons, the company MUST open up the whole project in which it is used (like a proprietrary trading system) to Open Source.

To be fair, I don't expect a manager beyond a certain level to understand the complexities of libraries and linking and 'derived work' and patent clauses or whatnot. In particular not if they're entering into a legal agreement on the company's behalf, which is exactly what a software license is. I certainly wouldn't want to take a developer's word that he knows what legal implications it has, any more than I'd take a lawyer's word that he can run networks because he's written SLAs. Depending on the beuraucracy of the organization, it might be a shorter and easier way to write it themselves than to go down that route with policies and legal and whatnot. Managers are rarely the ones to ask for foregiveness rather than permission.

To take one example from a client that shall remain nameless. I needed an SQL tool to do my job, and the only approved tool was Query Analyzer. At the same time they were in a process of migrating to a new platform, and everyone issued new PCs had to be on the new platform. Unfortunately, they had not certified Query Analyser (and Enterprise Manager) for use on the new platform. Could I have it installed anyway? No, against policy. Could I downgrade to the old platform? No, against policy. Could they make an exception to policy? Blasphemy. I could tell you how much time and money was wasted on that, but you'd swear I was lying.

2) Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

Half the reason Microsoft is so unpopular is because they deserve it. The other half is because Microsoft has been blamed for a million cock-ups by incompetent managers or their subordinates. Whenever there's a flaw in a product, the client is trying to grab the one closest to them and make it their responsibility to fix it. The further it gets passed up the chain, the less chance they'll get help. Once it's passed off to upstream support, the ball is sort of passed. In that respect, the fact that you *could* in theory fix an opensource tool is more of a disadvantage than anything else. In that sense, I think it might actually be legitimate. In addition, there's simply managers covering their ass.

3) Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others. Much like SCO claimed. Developers are not fools.

I don't think they're half as worried about that as the other way around, apart from blatant "let's post the whole products source code on the Internet", which has nothing to do with open source. If some odds and ends from lone developers leaks, it's a shame but they got pretty much a full arsenal of legal work to stop it. If SCO had any real claims, and those were pointed out specificly they'd be gone by the next point release, never to return in any official kernel. What I do think they're worried about is changes of context and ending up sued for copyright infringement themselves.

Let's for example say you've built up some internal tool based on GPL code, which is perfectly OK. But then you figure out that your partners, customers or something also should be able to use that tool. Suddently you're distributing that tool from one legal entity to another and the GPL is invoked. Parhaps the GPL'd bit is just some library or code that got thrown in sometime because it was useful and it's internal anyway, right? Again, there's also the personal angle and the company angle. It might not be a big thing for the company as such, but I swear: If your company gets sued it comes from legal, up to executive management and down on that manager like a ton of bricks.

Certainly, that's not something new and you can get sued by others too. But paid licensed code has usually been through a whol

Re:The main reason is lack of clear knowledge

[Alex]

No one could give me a clear reason why we chose to pay $75 per license for Office XP instead of going to OpenOffice for free.

I use openoffice all of the time - and the answer to your question is "open office is only an acceptable replacement for basic users of office applications" - have you tried opening a complex spreadsheet in openoffice ? it'll take ages. On my 3 year old windows laptop similar spreadsheets open in 20% of the time in Excel.

Openoffice is very good - but for a small % of users it is a very poor replacement, 75$ is also a bargain for MS Office.

Alex

Re:The main reason is lack of clear knowledge

[Mateo_LeFou]

I don't know much about Spring in particular, but depending on the license it's perfectly legal to download it, learn how to build it, and make someone pay you to install it. Charge whatever you can get; try to keep a lid on how easy it is. Attributing it to yourself would break the license, but it would be *your breach, not the client's.

"If you use any open source code in your company's software, your failure to comply with the legal conditions for doing so (such as the GPL) can and will put you in close communication with your lawyers if the original coder ever finds out you've ripped his code in secret."

The good news is that policy from the highest levels at the free software foundation is "never let a request for damages interfere with a settlement for compliance." So if a manager finds that they are noncompliant, they will get guidance (from Moglen) about how to get back into compliance, rather than a lawsuit.

On the whole, it seems like a much friendlier proposition that having a team of attorneys crawl over every vendor's EULA with a microscope.

Re:The main reason is lack of clear knowledge

[CastrTroy]

There's a big difference between using openoffice, and altering open office and trying to sell it to someone else as a product. If the developers and management can't understand that, then there are other issues. Of course there are a couple issues with packages like MySQL, where simply calling the API can require you to open source your product, but that's just something the company has be aware of. I don't think dealing with open source licences is any more difficult than dealing with the closed source licenses that Microsoft et al give you with their product.

Re:The main reason is lack of clear knowledge

[l0ne]

Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution? Suddenly, that company is legally vulnerable.

Oh, come on! The dev community has worked twenty years to get to the point where you can reuse existing code without having to copy and paste it. We were calling this inheritance if I'm not mistaken.

Also, it's common sense that other people's code is other people's. If your developers are not intelligent enough to understand that and actively research the license for the code they're taking, they should not be your developers. I can do it, and I'm just a Slashdot-reading moron!

No, that is not correct - the Spring framework does not require you to distribute your changes. You just proved the point: licensing mistakes are easy to make.

They're also easy not to make. Not as easy as they are to make, but easy enough. Think safe sex.

If any contributions are properly documented (it's easy with a proper source management system), and made by a group of competent developers, as above, things work out correctly. If you cannot keep your devs in check, you have more to worry than just licensing problems. Google does this, Apple does this, Microsoft (!) might be even doing this, and none of them ever had licensing problems of any kind.

Open source hacks is another fear they have: the fear that somehow using open source tools will make their client sue them.

And that's a reasonable fear. If I sell code that violates a license to a client, that client becomes legally vulnerable and might sue me. Because open source software is so accessible, it becomes easier to inadvertently violate a license.

Using an open source tool and modifying it are two deeply different things. No FOSS tool that I know of limits what you can do with its output. OS X is compiled with GCC, but it's a commercial OS, for instance.

Re:The main reason is lack of clear knowledge

[rlauzon]

I use openoffice all of the time - and the answer to your question is "open office is only an acceptable replacement for basic users of office applications" - have you tried opening a complex spreadsheet in openoffice? it'll take ages. On my 3 year old windows laptop similar spreadsheets open in 20% of the time in Excel.

Yup. Just did it. Opened quicker than Excel for me.

Openoffice is very good - but for a small % of users it is a very poor replacement, 75$ is also a bargain for MS Office.

I would agree that for a small percentage of users OO is probably a poor replacement.

But I would argue that those people are using the wrong tool for the job and that the only reason they are using MS Office is because it's the only tool they know about (or the only one that their IT dept will let them have).

And we are back again to letting the wrong people make technical decisions.

Re:The main reason is lack of clear knowledge

[LaughingCoder]

No one could give me a clear reason why we chose to pay $75 per license for Office XP instead of going to OpenOffice for free.

Here's a clear reason. Open Office is a toy. I am actually not a power user of Excel, but every time I try Open Office Calc (spreadsheet) it is very disappointing. Just the other day I wanted to graph 2048 data pairs contained in a CSV file. I am using a dual core machine with 2GB of RAM, and nothing else is running. In Open Office's spreadsheet program it takes 15 seconds just to create a simple line graph (default parameters) and then for some bizarre reason it simply hangs, unresponsive for another 12 seconds before it accepts UI commands again - 27 seconds in total!. I tried this on two different machines, not believing what I was seeing. And for reference, the memory footprint of Open Office with the data loaded and the graph displayed is 74MB. In Excel, by comparison, on the same machine the graph is displayed in less than a second (a blink of an eye actually). That's a factor of about 50 faster! And the memory footprint is 4MB (a factor of 18 less than Open Office). I don't know about you, but I won't wait 30 seconds for a simple graph to be displayed - that would drive me nuts. One more thing. The default graph in Open Office is poorly formatted and requires some tweaking before being usable. In Excel the default is quite acceptable so I don't have to fiddle to get it to look decent.

Open Office may be an alternative someday, but at least as far as the spreadsheet goes (which is arguably the key application in office for business users), it seems still to be a long way off. And I have yet to try Office 2007 wherein Microsoft presumably raised the bar yet again (though maybe not, they do have an unfortunate tendency to sometimes take steps backwards).

Re:The main reason is lack of clear knowledge

[init100]

No FOSS tool that I know of limits what you can do with its output.

One category of programs that may cause such issues are lexical and syntactical analyzers (also known as lexer and parser generators), since they often include parts of themselves in their output.

Re:The main reason is lack of clear knowledge

[TobascoKid]

So because OO.org is not suited to some business users it's unsuited for all business users?

Looking at your post, why are you using a spreadsheet to do that kind of graphing in the first place (even Excel)? You seem to be claiming that your particular use of spreadsheets shows that OO.org is not suitable for all business use, even though you are using it in a way that is non-representative of typical business use cases.

Re:The main reason is lack of clear knowledge

[shaitand]

Funny you should mention that. I just got my first chance to work with excel in Office 2007. I can certainly say that it was a nightmare.

I am not an excel user nor am I tied to a UI scheme. I am a frequent game player (each UI unique with different levels of quality) and also commonly use various new open source tools (again, many have unique UI's of various quality levels). I can truly say that I have never seen anything quite so horrid as the user interface in 2007. It took a full 10 seconds just to figure out how to print my spreadsheet. The standard File, Edit, View, etc menubar that is found in every windows application known to man no longer exists. The set of toolbars that is used instead is an absolute clusterfuck. There are options scattered about. You might have two options on top of one another and then the next option is skinnier but as tall as the two before; a third segment will again have two elements but that are as thick as 1.5 of the first elements. It hurts just trying to find an element in that.

I couldn't tell you how quickly you could graph data in office 2007 because I'll be damned if anyone could ever figure out how to do such a thing.

Re:The main reason is lack of clear knowledge

[drooling-dog]

Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution? Suddenly, that company is legally vulnerable. That's basically a non-issue, because those "snippets of code" are out there and readily available to your developers whether your organization actually uses the software or not. You might as well argue that they shouldn't have access to any programming manuals, because they might appropriate some of the (copyrighted) example code.

Open source licenses are more permissive than those for proprietary software in all respects that I can think of, including distribution. But no, you can't simply modify it and sell it as your own under a more restrictive (e.g., closed source) license. But that's about it.

Re:The main reason is lack of clear knowledge

[g2devi]

> Use how? What if one of the engineers needs a snippet of code, copies it from Spring, and incorporates it into their product without attribution?

This is a valid concern, but it goes deeper than you think. It's been a few years since I programmed for Win32 and MFC, but back then, it was quite common for Windows programmer to google for hacks^H^H^H^H^H solutions to problems or copy code from book CDs to solve problems and to cut and paste them into code. In web programming, it's even more common to look for libraries or snippets that solve a problem rather than reinvent the wheel.

Years of blindly clicking book-long EULAs or online EULAs that change silently on you without your notice have taught people that licenses don't matter and are things to be ignored. Most developers who do this don't seem to be aware of licensing issue and assume that if it's on the internet or if it came with or on a book, then it must be public domain and fair game. In a large number of case, this is not the case, and a stricter license ("you may use this code in non commercial code" or "you may use this code but not modify it" or even "this code is for demonstration purposes only, do not use it") is attached. Shared source muddles the issue further since it leaves you to SCO-like "you looked at the code so anything you write is contaminated" type lawsuits.

This is what managers are really afraid of.

What many managers haven't clued in on is that open source makes managing this concern easier because most open source software falls into 10 or so licenses that can be divided into three or so categories "share quid pro quo" (e.g. GPL), "library quid pro quo alike" (e.g. LGPL), "attribution" (e.g. BSD, MIT). So it should be easy to define a policy for them and provide a mechanism for new licenses to be added. If you enforce the policy to make your developers actually *look* at the license and *care*, there's little reason to fear and reason to be more confident than you aren't accidentally setting yourself for IP lawsuits from *non-open source* publishers since your developers will be avoiding those like the plague in favour of open source software of the appropriate type.

Re:The main reason is lack of clear knowledge

[multipartmixed]

What the hell is wrong with using Excel to do graphing?

I regularly generate reasonably complex CSV files with *nix tools, usually out of prof, truss, dtrace or syslog output. A couple of quick clicks in excel, up pops a graph which contains useful visual information. Why, just the other day I solved a multi-process race condition with a floating bar chart derived from a log file...

Excel is really great for that sort of stuff, lots of built-in graph types you can quickly try, it understands things like dates and floats, and if you wind up with something really cool you can take a few more minutes to add some labels and colours and bang it into a PDF.

Compared to what.. What other tool allow that? Hmm. I'm thinking here. Whatever tool that might be, it sure as hell isn't installed on my desktop and I don't know how to use it.

So, in your magic neverland where Excel is not the right solution.. What is? And why should I spend time+money on it, when Excel already does what I want it to?

(And, for the record, I use Excel '97...)

Re:The main reason is lack of clear knowledge

[gitarman]

drsmithy wrote

"Added to which, the GPL - probably the most popular OSS license - does not require "modification" to apply its restrictions, it merely requires "inclusion"."

IANAL and it has been a while since I even read the GPL, But IIRC I am free to use / modify any GPL program completely unrestricted up to the point I redistribute, because really, who would care whose programs I use privately (assuming I am not pirating a proprietary code)?

So as I understand it Spacely Sprockets can build whatever system using Spring or whatever, modify it so that it works the best (for them!) and can only redistribute the modified code under GPL. What is less clear (to me) is what if they only wanted to distribute patches of their own code without distributing the Spring source. I suspect that the same rules apply, but again IANAL.

Re:The main reason is lack of clear knowledge

[NickFortune]

No FOSS tool that I know of limits what you can do with its output.

One category of programs that may cause such issues are lexical and syntactical analyzers (also known as lexer and parser generators), since they often include parts of themselves in their output.

Got any examples?

The most common lex and yacc tools distributed with Linux are Flex and Bison - or at least they were when last I had occasion to use such things. It's not true in either of those cases.

Flex, if you look at its sourceforge page is distributed under the BSD licence. So there are no problems with flex.

Bison is more problematical, since it's released under the full GPL. The problem is acknowledged by the FSF

Some programs copy parts of themselves into the output for technical reasons--for example, Bison copies a standard parser program into its output file. In such cases, the copied text in the output is covered by the same license that covers it in the source code. Meanwhile, the part of the output which is derived from the program's input inherits the copyright status of the input.

However the same FAQ entry continues:

As it happens, Bison can also be used to develop non-free programs. This is because we decided to explicitly permit the use of the Bison standard parser program in Bison output files without restriction.

So Bison isn't a threat either.

Which tools were you thinking of, specifically? I'm sure the authors of such tools don't intend to lay traps for proprietary developers, and I expect they'd be happy to make the relevant changes if it meant wider use of their tools.

Failing that, it would be a worthwhile exercise to publicise any such tools that are incompatible with proprietary development processes. As opposed to just going "Open Source! Be Very Afraid!" which doesn't seem to contribute anything of value to the debate

Re:The main reason is lack of clear knowledge

[Presence1]

Lack of knowledge may sometimes be the cause, but not always.

I use the OO apps every day on my machines. They are pretty good, the price is right, and I prefer to avoid the MS tax where possible. I also think MS Word sucks because it tries to do WAY too much for me (turn off all that crap, and just let me write!), and I think Excel 3 was the best version (very nice but still lean).

Yet, in most recent software company I co-founded and served as CTO (building self-service web apps), we made a decision to use MS Office instead.

Why? Compatibility. The business-side partners, while sympathetic to the open source cause, and certainly liking the price, were emphatic that they needed to frequently exchange files with suppliers and customers. I would have liked to make the case for OO, but I could easily find files in Word, Excel and PowerPoint that OO would fail to properly display or edit. So, with these inconvenient facts, I agreed that MS Office was the way to go.

Am I disgusted with MS practices in making compatibility so difficult? Absolutely. But I still needed to make decisions based on the actual facts on the ground, not the ideal that OO will (someday) be fully compatible. We had a company to build and needed the best, most cost-effective tools to get the work done, even if we are being oppressed by a monopoly compatiility issue.

A few years later, my current startup is in development and fabrication of high-performance composite products. We are starting out with OO, and compatibility is better, and MS Office is even more bloated, but I have a suspicion that the same decision will ultimately be made again.

Either way, neither decision will have been made from ignorance, and certainly not from any kind of "nobody got fired for buying XYZ" attitude.

Re:The main reason is lack of clear knowledge

[paeanblack]

From the GP:3) Leak Back: Managers fear developers, in their zeal to promote open source, will incorporate company's code into open source for 'benefitting' others. Much like SCO claimed. Developers are not fools.

Developers are not legal experts either. "Who retains what rights to which code" can become a sufficiently complicated question without bringing the umpteen F/OSS licenses out there into the mix. If the developers can duplicate what already exists in F/OSSland for less money than the legal team can unravel the rights, then staying proprietary is the right decision.

Along the lines of #1, most folk I meet are fearful of the license issues in terms of "do we owe royalties or something?"

Exactly. The trouble is that answering their question can cost more than what incorporating F/OSS will save.

Re:The main reason is lack of clear knowledge

[Tassach]

A little reducto ad absurdum here... Suppose I release the following program under GPL:

#!/usr/bin/perl -w
use strict;

Does that now mean that any Perl script that "includes" mine is now subject to the GPL? How big does an "inclusion" have to be to trigger the GPL? One line of code? Ten? One hundred?

Re:The main reason is lack of clear knowledge

[gnasher719]

'' Does that now mean that any Perl script that "includes" mine is now subject to the GPL? How big does an "inclusion" have to be to trigger the GPL? One line of code? Ten? One hundred? ''

No matter what the size, it doesn't "trigger the GPL".

Lets say I have written an identical two liner and published it, but without GPL, so nobody is allowed to duplicate it. What's the difference between including your code and mine? Each one is copyright infringement and treated identically. The only difference is that the person copying your code has one more way to make his copying legal (by publishing everything under GPL) which someone who copies my code doesn't have. But nobody can ever be forced to publish their code under the GPL.

Re:The main reason is lack of clear knowledge

[jelle]

'Using OO, I invite you to create 2 columns of 2048 numbers, select them, and create a line graph. Nothing fancy or exotic. Then tell me graphing is "easily well done" using OO.'

Ok, I had never used openoffice spreadsheets to make a graph, but I took your challenge and it was surprisingly easy, with most time spent on the 'pg dn' key going down to row 2048.

So here it is: "Graphing is easily well done using OO".

It took me longer to make this post than to startup openoffice (without quickstart), open a spreadsheet, make two columns, the second the sqrt() of the first, make aline graph of it, and resize it a bitto appreciate the curve.

Re:The main reason is lack of clear knowledge

[fourchannel]

"Who retains what rights to which code" can become a sufficiently complicated question without bringing the umpteen F/OSS licenses out there into the mix. If the developers can duplicate what already exists in F/OSSland for less money than the legal team can unravel the rights, then staying proprietary is the right decision. I bet a better decision would be to say "fuck it!", and let Humanity retain the rights to the code.

Heard that

[tomstdenis]

When big enough companies use [or acquire companies that use] my software, I usually get a call from a manager or legal dept. Turns out big companies are not only scared of OSS but also public domain software. The idea that I give out something for anyone to use without license seems to scare them.

It's like a fiver you leave on a bus for anyone to have, people are always skeptical if they can in fact take it.

On the plus side, it's fun explaining the public domain to folk :-)

Tom

Re:Heard that

[teh+kurisu]

I think I understand their concern. Technically you still have copyright over your works, as copyright is automatic, but it's what you do with that copyright subsequently that makes it de-facto public domain work.

Also, it's not strictly true that you're passing it on without licence - you are entering into a verbal contract with your clients (which I believe is binding in most legal systems, but don't quote me on that) which gives them certain rights over your copyrighted work. A good lawyer would probably prefer a written contract, so that they have some form of proof in the event of a dispute.

Re:Heard that

[DRichardHipp]

I've actually *sold* a few of licenses to the public domain SQLite library. Companies call me up and say they want to license the product. I carefully explain that no license is necessary and that they can use it forever for free for anything they want. But they still want a license. So I sell them one. So far, I've sold them cheap. Maybe I should charge more....

This appears to be more of an issue in Europe where, apparently, the concept of "public domain" is less well defined than in the US.

Re:Heard that

[Speare]

And then there's the guy in IT who uses the phrase "public domain" for things that are open sourced, licensed with sources, published in textbooks, or anywhere in between. Even if he knows the difference, he's poisoning the well by callously disregarding the important distinction of "the owner makes the source available" and "the source has no owner."

Re:Heard that

[modeless]

I'd like to take this opportunity to thank you for the awesomeness that is SQLite, and especially for putting it in the public domain. It's been the perfect base for the C# application I'm writing at work (via the equally excellent and also public domain System.Data.SQLite wrapper). The public domain license means I can use it without worrying about maintaining lists of attributions (such as required with the BSD license, and which, as a lowly developer, I can't guarantee will remain with my code forever, inevitably causing legal problems down the road).

In the future, I see many more C# applications using SQLite, especially after Microsoft releases C# 3.0. SQLite combined with C# 3.0's language-integrated query features will be killer.

Gifted Peasant (got) Lawyer

[AHuxley]

In Capitalist West management scared about your lawyer exposing code theft.
In Soviet Russia KGB scared about not stealing enough code for you.

The license issues

[mi]

And the Lawyers are in panic

And for good reason. Just listening to all the talk on whether or not Novell is violating GPL (perhaps by simply partnering with another vendor - Microsoft) should make a lawyer's skin crawl...

If more code was released under BSD-type license, we would've seen wider adoption.

So, GPL was used to wrestle a few vendors into releasing their own code. And what? Who has looked into that code or used it for anything else? And how many other vendors have (foolishly) decided to avoid "open source" and come up with their own (usually inferior) re-inventions of the wheel, because of that?

It is hard enough to use an outside solution because of the NIH syndrome. Restrictive licenses exacerbate the problem...

Re:The license issues

[imroy]

So, GPL was used to wrestle a few vendors into releasing their own code.

I'm sorry. What did you just write? Give me one example of a company being forced to release previously proprietary software under the GNU GPL. One. I dare you.

Re:The license issues

[mvdwege]

[...] all the talk on whether or not Novell is violating GPL (perhaps by simply partnering with another vendor - Microsoft) [...]

Stop spreading FUD. Novell was doing more than simply partnering with Microsoft. They took out what amounted to a patent license in all but words, which would call into question their ability to distribute GPL code. The patent clause in the GPL is quite clear: if you have a patent license to code under the GPL, you must be able to transfer that license along with the code, or you can't distribute under the GPL.

Novell's problem is caused by the fact that they are hemming and hawing around whether or not they actually do have a patent license agreement with Microsoft and what its exact terms are.

Mart

Re:The license issues

[mi]

Give me one example of a company being forced to release previously proprietary software under the GNU GPL. One.

Do a Google search will ya?

How about Cisco for example, uhm? Or Linksys:

In June 2003 some folks on the Linux Kernel Mailing List sniffed around the WRT54G and found that its firmware was based on Linux components. Because Linux is released under the GNU General Public License, or GPL, the terms of the license obliged Linksys to make available the source code to the WRT54G firmware. As most router firmware is proprietary code, vendors have no such obligation. It remains unclear whether Linksys was aware of the WRT54G's Linux lineage, and its associated source requirements, at the time they released the router. But ultimately, under outside pressure to deliver on their legal obligation under the GPL, Linksys open sourced the WRT54G firmware in July 2003.

Now, you could say, the open-sourced firmware was never proprietary to begin with somehow, but that's just semantics — clearly, Linksys thought of it as proprietary and weren't planning to release the sources until the outside pressure made them do it. I'm not aware of anybody benefiting from this open-sourcing, however, and this lack of benefits (from vendors being wrestled into releasing their "GPL-tainted" code) was my main point.

I dare you.

Now that I've successfully responded to your dare, what will you do? If you are a female, you can scratch my back for 5 minutes. If you are a male, you can take out my garbage — once, this Monday. Make your pick.

Re:The license issues

[LinuxDon]

Quote: "I'm not aware of anybody benefiting from this open-sourcing, however, and this lack of benefits (from vendors being wrestled into releasing their "GPL-tainted" code) was my main point."

There are a lot of people benefiting from this actually.
Ever heard of http://www.hyperwrt.org/ and http://openwrt.org/ ?

Now you can actually run a webserver on this device.

Granted, you can create a discussion about the commercial value of it all, but it certainly has a very high educational value. Also, this code (with some modifications) could be used on other/similar devices as well.
The way I see it, this is a big win. Instead of reinventing the wheel people can now start off with the already existing code. And I bet Linksys is actually selling more devices because of openwrt instead of less, so Linksys has won too.

Re:The license issues

[imroy]

Now, you could say, the open-sourced firmware was never proprietary to begin with somehow, but that's just semantics

How is that semantics? I thought that was the whole point - PHB's are afraid of having to release all or part of their precious proprietary software. But that's not what happened with Linksys/Cisco and the WRT54G routers. It was a striped down Linux distro. Ok, they had to put it together, perhaps write some shell scripts. I'm not sure where the web interface came from. But did they have to release any super-secret proprietary source code? I doubt it.

So really, has there been any actual cases of a manager's worst nightmare, the scenario that Microsoft has been FUD'ing us with for years - having to "open source" their internally developed software because a developer in some way used Open Source Software? That's what I'm after. And I don't believe it's ever happened. It's just FUD but the managers don't know any better.

Re:The license issues

[Bent+Mind]

It was a striped down Linux distro. Ok, they had to put it together, perhaps write some shell scripts. I'm not sure where the web interface came from. But did they have to release any super-secret proprietary source code? I doubt it.

Just off the top of my head, it's been a while.

They took the Linux kernel and patched to support a Broadcom wireless NIC. They then sold the compiled version as their own software. Someone found a bug in the interface that dropped them into a shell and discovered it was Linux. Linksys responded by offering the Linux kernel source without the patch. People complained when it didn't work and legal again was threatened. So Linksys rewrote the patch to use a binary blob. Nothing proprietary was lost.

Open Source developers then used the patch and blob to reverse engineer a Broadcom driver for BSD, and latter, Linux.

My memory of the events is hazy. I'm sure there is a Wiki article somewhere with more/better details.

Re:The license issues

[init100]

Granted, you can create a discussion about the commercial value of it all

I'd say it could have a lot of commercial value. After all, the WRT54 series is recommended all over the 'net just because of the moddability of the product and the community around those mods. This could certainly bring in more sales.

Re:The license issues

[Frumious+Wombat]

You're forgetting the BSD copyright issues. About the time Linux was becoming public, the various BSD releases had been held back to AT&T owned code, which meant you had to buy an expensive license to get your own copy. If you were a Uni, it wasn't bad, but for an individual, somewhat daunting. When they finally factored the last of the proprietary code out (during the 386BSD days), people were still worried that it wasn't really gone, and therefore waited for someone else to be the first to be sued. I knew Comp-Sci grad students at that time who thought it was great, if it was really clean, but with Muppet-Labs just up the Jersey Turnpike from us, didn't want to contribute to the project, and be the test case for AT*T's lawyers. It wasn't the BSD license, but the licensing of BSD by AT&T that held it back.

So, some of Linux's success was timing, and BSD being held back by fear of lawyers. Had Linus waiting another year or two to make his public release, you might all be running *BSD on your home machines, and arguing why it hadn't taken over the desktop yet. You'll also notice that the early user environment wrapped around the Linux kernel was heavily BSD flavored, which made an easy transition from the other cheap Unix of the day, SunOS.

open source is exactly what?

[OffTheLip]

Managers may be afraid of unknown open source packages but much of what they do is governed, managed if you will, by open source software. As has been said time and again here the internet and much of the global communication grid is dependent on open source offerings. It what they don't know that they fear. Nobody ever got fired for choosing Microsoft.

Strange conceptions indeed

[thsths]

I had a problem with the BSD three clause license once. If you every read commercial software documentation, there is usually a section full of advertising clauses for contributed software. But no, management deemed this not acceptable. Of course there was no time either to remove the BSD code, so we just left it there.

On the other hand the leaking of GPL code is a reasonable concern. It happens all to often with common software such as MySQL. And you here statements such as "but if we use Perl, we are not linking against the MySQL code", which are dubious at best. Or "if the customer downloads the library himself, we are not responsible".

Of course banning open source is not the solution. Actually most commercial software packages have some content of open source code (Windows has the BSD network stack, Matlab has BLAS, Adobe uses the JPEG library...). And even if you ban all open source software, you can still violate the license of a commercial package :-). The only solution is to be careful with what you ship, period.

Of course they're scared

[imroy]

If people are wondering why managers are scared of Free/Open Source Software, just look at Rob Enderle's recent story posted here on Slashdot yesterday. Managers are the targets of these schill reporters (Enderle, O'Gara, Lyons) and their efforts are clearly working. We might not fall for their FUD, but managers and other non-techies do. And that's why they get paid.

Re:Of course they're scared

[LinuxDon]

I don't know what kind of manager everyone has, but I can't think of any manager having the time to read such crap like Rob Enderle has produced.
In my experience managers can actually be educated quite fast/well on open source if you know how to sell it to them. The main keywords are 'cost savings', 'reliability', 'significantly less downtime', 'scalability', 'flexibility', 'performance'.
And big company's like Novell, IBM and RedHat selling opensource/linux make a very strong case.

Actually, in my experience management doesn't care what is running on the servers as long as it -just works 24/7 and saves them money-. It's not like they will actually have to fix it should any problem arise. Please note that you will have to take full responsibility for the product your are recommending, anyone will back out immediately when you have any doubt. In contrast to commercial software, 'finger pointing' games cannot be played with open source, so if anything goes wrong you'll be shot on the spot. But in my experience everything will go just fine and expectations will often be exceeded.

If you take the time to make an alternative cost calculation for the next project and invite a company that can sell it to you, chances are good a manager will change his mind.
Also, make it very clear that it's the manager's budget and you are just trying to make their life easier. In the long run, your manager will become your friend.

The main problem are engineers without any Linux/Unix experience fearing for their jobs, they will do anything to sabotage the whole thing and start shouting like the world is coming to an end.

Best Buy

[Hadlock]

This amuses me greatly, as my good friend is a manager of a Geek Squad department and they're not allowed to use open source tools, although he frequently sees them being used (and lets it slide for obvious reasons). I forget the exact reasoning, but it does involve liability to some extent. Apparently stand alone geek squad "stores" in strip malls and the like are allowed to use "more advanced" tools for some reason.

Re:Best Buy

[chill]

That's amusing. Wasn't it Geek Squad just had their pants sued off for distributing and not paying for internal copies of Winternals software? They licensed ONE copy and made it, and other tools, available on an internal FTP server for everyone.

WTF then is the problem with FOSS? At least it would have made what they were doing legal. Or do they WANT to be criminal scum?

disempowerment

[ex-geek]

I believe that another important fear is that of disempowerment. Open source is usually free of charge, which means that their budgets and thus their importance decreases. Also, there is no need for developers and IT staff to go to their superiors to ask and beg in the first place. They can just download, evaluate and use free software right away.

Free software is also not advertised unlike commercial products, which means that managers can't even communciate, what is going on, to their kin.

Compare: "I recently negotiated a licencing deal with <known software company> for <known software product>, which i deemed to be the best solution because of <list of buzzwords>"
To: "Well, my IT guys implemented a working system on their own, using some software I can't pronounce and really don't understand."

Re:disempowerment

[motek]

Ahh... the moderation! This is rather silly, not 'interesting'. We weren't talking about IT, but development, in the first place. I have been running a software R&D group for a long while. In the long run, all costs are marginal comparing to personnel expense.
And besides - if you really must see me as an evil person - the power to refuse somebody something is not much of a thrill. Comparing to the simple fact I can just fire him...

Truth

[jawahar]

People make money out of others ignorance.
People make money by adding value to others.

Scene One: Staff Meeting

[natrius]

Manager: So you're telling me that someone already wrote code that performs a task we need done in our software, and they're letting anyone use it for free?
Coder #1: Yeah, I think it's cool that—
Manager: AIEEEEEEEEEEEE!!!
[Manager faints.]
Coder #2: That's the last project on SourceForge that we hadn't used yet. How are we going to get out of work tomorrow?
Coder #1: Hmm... Wanna go grab a beer and start yet another Python web framework?
Coder #2: You're a genius.

Broad generalizations are always so useful

[ArmchairAstronomer]

Look at the context of this post, it was a pannel discusion at a conference. It means they didn't have anybody to speak about something infromative so they got bunch of so called experts to talk about something "controversial" to fill the time. It treats the groups discused as monolithic morons. Developers, Managers and the always popular "Lawyers". We are "Freaking Out", "Scared", "in a panic" all very informative descriptions for how people deal with complicated problems. News flash! There are clueless "developers" who don't understand the conequences of their actions on the orgaizations that pay them. There are clueless "managers" who have never read a EULA of any kind. There are clueless lawyers, nuf said. How about the report of a real discusion between thoughtfull people about trying to balance Stallman's la la land philosophy with Ellison and Gates' Ferengi capitalism.

Commercial Licences

[TobascoKid]

And even if you ban all open source software, you can still violate the license of a commercial package

Which a point rarely made about proprietary software. Practically every piece of proprietary code comes with a different license, with an entirely different set of restrictions. It's a lot easier to make a misstep with proprietary software than it is with open source, and your risk of being taken to court (as opposed to just some public shame restricted to tech circles) is far higher.

In a manager's budget, developers time are free

[khchung]

Developers, though, end up using open source because of its ubiquity and not using it 'puts them at a competitive disadvantage because their competitors are.'

See the problem here? Using open source give an advantage in the minds of the developers, but not the managers? Why? Because developers' time are free for managers of most in-house IT dept! Developers' salary is fixed cost in the budget, once hired, a manager rarely have to justify it every year. On the contrary, developers viewed as having little to do would have caused more problems for their manager!

So for a manager, a developer's time is a free resource that happens to have a "use it or lose it" property.

Now, give him a choice of (1) buying a piece of software for a given price, (2) use a comparable open source software with a license he do not understand so he can (2a) try to understand it himself and thus open himself to any future problems or (2b) send the license to legal dept and gets charged to his budget, or (3) tell his developer to re-implement the software themselves, no further expense claim or budgeting needed. Guess what a lazy manager will do?

So when the manager chooses option (3), and the developers see months and months of unpaid overtime and endless bug fix headaches coming from re-inventing the wheel, they covertly downloads an open source library and plug it in, with a custom wrapper to hide their tracks. Is that a surprise?

No amount of education will not cause a manager to take any amount of risk choosing open source instead of using a "free" resource to achieve the same thing (a resource that cannot be saved and use later in any case). The developer's time and effort is an externality in the manager's consideration.

The only way you can bring the manager to use open source is to add the developer's time into the manager's accounting, either when developers are "pooled" and any effort spent will be charged to the manager's budget, or when the developers have other things to do so there is an opportunity cost to have them do other things.

This makes perfect sense.

[FriendlyPrimate]

This makes perfect sense though. Business want a paper trail that they can go back on if problems arise later. You may now say "no license is required...it's public domain". But what if 5 years from now, you decide to sue them for copyright infringement? How do they defend themselves without the paper trail? From a legal perspective, it's an order of magnitude easier to go back to the license and show that you're not infringing than to try to prove that your software used to be in the public domain 5 years ago.

Another problem with open source software is that patent liability is placed on the user of the software, not the creator. The SCO/IBM lawsuit shows that. License a piece of Microsoft software, and the patent trolls go after Microsoft. Use a piece of open source software created by Ted in his garage, and the patent trolls go after you.

IBM is VERY strict with open source now. Nobody is allowed to use open source or public domain code in their projects unless it's gone through a very rigorous screening method to make sure there isn't any copyrighted code in there. And they provide a 'whitelist' of software that has been prescreened and is allowed to be used by developers. This list is rather small though. It requires alot of effort to remain safe from a legal perspective, and I doubt that few companies outside of IBM have the resources or expertise to do it.

Re:FUD

[wrook]

I'm not sure I read your comment right, but if I did I just can't agree with you.

There are lots of places where you can legally use open source and Free software in a closed source environment. To cut that out of your arsenal is cutting off your nose to spite your face. Of course it depends on the license and what you are willing to give up. But as previous posters have said, you can use public domain software anywhere. You can use BSD licensed software almost everywhere as long as you don't mind telling people that's what it is. You can use LGPL software as long as you don't mind distributing the source for the LGPL software. You can use GPL software as long as you don't mind distributing the source for the GPL software and you have a good separation between the GPL software and your closed sourced software.

I've worked primarily in closed source companies. I should be clear that I think such business practices are stupid. They hurt the customer and they hurt the competitiveness of the company using them. I can't tell you the number of times I've spent a company's money writing features that help achieve lock in without giving the user anything in return (or even make the customer's experience worse). I think that's dumb. It pisses off the customer and wastes money.

Management (and legal) tend to have this idea that they *must* "control" the market otherwise they will lose. They optimize their strategies into tricking customers into locking-in rather than focusing on executing better than their competition. A typical closed source software company does speculative development, spending money up front and then trying to sell what they have already built to customers. In such a company, R&D makes up 10-15% of costs while Management, Sales/Marketing and legal make up the other 85-90%. *This* is why they get freaked out over using open source or Free software.

Their entire focus is on bamboozling and coercing their customers. Saving even 25% of R&D costs (4-6% of total expenses) is not worth it if they have even a small chance of "losing control" of their market. They basically don't care if the solution will be better. Even an "advertising" clause is usually unacceptable since it shows the user that the company's precious "IP" is actually partially derived from something that anyone can acquire at zero cost. It destroys the illusion that one *must* buy from that proprietary company.

It's strange to be a Free software advocate working in the "closed software" world. I've mostly spent my time just trying to understand what makes "closed software" tick. In the end, these companies are trying to win the lottery (and if they already have, they are trying to turn the lottery into their own private mint that churns out tonnes of cash on demand). They spend money up front and are looking for a return down the other side. Generally speaking they aren't particularly interested in "building a business" -- i.e. creating a stable revenue flow and making a living off of it.

Especially with small companies, there is a need to generate some "worth" in the non-people aspects of a company. After investing $2-10 million up front, they are looking to sell the company (not the software) for $100 million to $1 billion. You can't sell a team of people for that kind of money (or so they think -- in other industries people pay significantly more for a portfolio of satisfied customers). "Owning" all the non-people assets of the company is paramount to their strategy. Using open source or Free software to reduce costs is not an attractive position for them.

However, I've noticed as more and more "up front payment" companies have started to chip away at the "back end payment" companies' market. Instead of selling software as a "fait accompli product", these "up front payment" people sell customization to an organization. They offer the customer more choice at the same price. Slowly, this business model is starting to make an impact (although the potential market

OpenOffice

[bjackson1]

I work in IT at a medium sized organization. We recently ran out of Office licenses. I came up with the brilliant suggestion to use OpenOffice on non-essential personnels computers who would not be needing advanced features. Essentially on most of these machines, Office was used only to type letters in Word, or perhaps excel.

My employer refused to use it, because as a free piece of software, it would not have enough features, would be insecure, etc.

Well, I decided to repackage it as OfficeLite, I told them it'd cost an extra $15 dollars to install per machine (I did NOT say it cost this per license), and now they love it! They checked it out and thought it was a brilliant piece of software. I have since told them how I duped them, but eh, I get to keep the first 120 I made from it.

1995 called-they want their obsolete managers back

[tomhudson]

"I believe that another important fear is that of disempowerment. Open source is usually free of charge, which means that their budgets and thus their importance decreases."

How many of us read this, and are saying "Hey, if they're worried about the consequences of reduced budgets, they can always throw me another $50k a year ..."? :-)

Its not about budgets, and its not about power - its about managers who aren't really right for the job - because the JOB has changed.

Look at it this way - 1st-rate people hire 1st-rate people. 2nd-rate people hire 3rd-rate people, probably because they're intimidated by anyone being "as good as" or "better" than them.

Any IT project manager who doesn't have a clue about the GPL, LGPL, and BSD licenses should be fired. He or she is obviously not willing to do their homework, and hasn't been, for about a decade.

Additionally, you should probably go up the food chain one more rung and fire whoever hired/manages them. After all, they let this piece of deadwood contine in their slot for god knows how long.

So they blocked sourceforge, and they banned thumb drives, to prevent open source code from "leaking into" the company. I'm sure I'm not the only one with a cell phone with tons of free space - its not *just* for music and videos. And most of us can write a proxy server in one line, run it on our home machine or another server, and get around any site bans just fine.

Proprietary software frightens *me*

[mkcmkc]

I guess I can understand being scared by the unfamiliar, but what really frightens me is proprietary software, or rather the licenses thereof. There's some really scary shit in there about what you can and cannot do, and the penalties for running afoul. Not to mention the stuff (which you may know as "software patents") that you only get to hear about after you're in trouble.

Just another successful Microsoft FUD campaign?

[walterbyrd]

I'm surprised nobody has mentioned this before.

The entire scox-scam is nothing but a small part of msft's ongoing fud campain. The entire scam will cost msft well under $100M - pocket change for msft.

Now that the scox-scam is winding down, msft has bought a new bitch - Novell.

Msft message to corrupt users is crystal clear: "F/OSS is a legal mine-field. If you even use linux you risk a lawsuit. If you substantially contribute to linux a lawsuit is nearly inevitable. If you even think about touching a F/OSS produce, you will be legally forced to open all of code." Msft has pounded on that message for years and years. Lots of msft shills scream hystical warnings, all kinds of fake lawsuits, fake studies from msft owned "think tanks" and so on.

I think msft's fud campaign has been smart, and successful.

NMAP

[brunes69]

No FOSS tool that I know of limits what you can do with its output.

NMAP does.

Try integrating NMAP with yoru commercial product. You won't be allowed to distirbute it if you use it's output to integrate into your own stuff.

Check out their wacky addition to the GPL:

* Note that the GPL places important restrictions on "derived works", yet * it does not provide a detailed definition of that term. To avoid * misunderstandings, we consider an application to constitute a * "derivative work" for the purpose of this license if it does any of the * following: * Integrates source code from Nmap * Reads or includes Nmap copyrighted data files, such as * nmap-os-fingerprints or nmap-service-probes. * Executes Nmap and parses the results (as opposed to typical shell or * execution-menu apps, which simply display raw Nmap output and so are * not derivative works.) * Integrates/includes/aggregates Nmap into a proprietary executable * installer, such as those produced by InstallShield. * Links to a library or executes a program that does any of the above

Re:NMAP

[Dhalka226]

Despite what they claim, it'd be a tough row to hoe to get a court to agree that parsing factual information from NMAP's output constitutes a "derivative work".

Are you sure? Because it seems to me that you would have a tougher row to hoe to get a court to agree that they are forced to use the terms of the GPL itself rather than the terms that they explicitly laid out for their product.

Are their terms 90% GPL? Yes. Did they add/modify/clarify (depending on your view) a term? Also yes. What makes you think the court's going to say "no no no, this is GPL and you're wrong, sorry" and not "they created their own license, what makes you think the condition is not valid?"

Re:NMAP

[darkwhite]

"Their wacky addition"? Interesting.

Please don't be obtuse. The parent poster was referring to running the program at development time, then incorporating its result as part of the product. The restriction you cite does not forbid that.

Even professors don't always get it.

[Lord+Kano]

A year and a half ago, I had a professor state matter of factly that Linux was less secure than Windows because anyone can look at the source code and find exploits.

Involuntarily, I screamed "WHAT?!" He paused and gave me a chance to speak, my response was to take the example of OpenBSD, it's Open Source too(different license, I know but that's not the point) and in the previous 8 years there had been exactly one remote exploit on a default install. Microsoft dreams of that kind of security.

He really had no response for that. What bother me though is how many times did he give that exact same speech to students who didn't know any better and just assumed that it was true because a high ranking professor had said it? So as these people leave college and become managers in IT, they'll carry the misconceptions that Professor Dvorak had placed in their heads.

LK

Nice one, Bill

[Bloke+down+the+pub]

The trouble is that answering their question can cost more than what incorporating F/OSS will save.

Perhaps if you were distributing the code. IANAL(IAOSBDTP), but I thought internal use within an organisation doesn't count as distribution.

Educational campaigns are needed.

[jbn-o]

Then this is no different than any other irrational horror story; we can point blame at both the teller and believer of the story, but we're better off educating people instead. A good educational campaign would ask these managers if they believe every report they write with Microsoft Office is co-owned by Microsoft, thus giving Microsoft the power to change or override anything they say in the report. Or if their proprietary OS from Apple compels them to get Apple's approval before distributing any file they make with it. Nobody actually behaves as if these things are true so it's a very hard argument to make that anyone believes these things to be true.

The manager's "fear" is obviously irrational and their issues don't seem to translate to the real problems of uninspectable, unmodifiable, and unsharable software which they have entrusted to run their business. Perhaps handing their business over to unaccountable monopolists (as all software proprietors are) should be more disturbing to them than software they can shape to meet their needs.