Recession Turning Software Auditors Into Greedy Traffic Cops

judgecorp writes "As the recession bites, software auditors are cracking down, and some are simply exploiting loopholes and technicalities to meet their targets, according to analyst Forrester. They may be within their rights, but they aren't endearing themselves to users; Steve Ballmer faced weary customers in London last year, and admitted Windows licenses have deliberate 'gotchas.'"

I just don't even open the door

[GNUALMAFUERTE]

I don't use ANY proprietary software at my company. I own a software development company in Argentina. If I get an auditor (Auditions here are done by ARBA, the state-wide equivalent of the IRS in Buenos Aires) I just won't even open the door. Sue me if you want. I use NO privative software, and no one has any right to log in into my servers or workstations (We have ~40 machines at our offices).

Fuck them in the ass.

Re:I just don't even open the door

[GNUALMAFUERTE]

I agree with that. Actually, there are many screwed up views on the US about many subjects. Argentina is far from being a paradise. We are a mess in many areas, but we are much more free. I have many friends from the states (Being a coder, you just make friends in all parts of the word), and I hear many talk about the land of the free. Freedom in the US is a scarce value. We are a lot more free down here. You can use drugs without the cops bothering you, People are not suing each other all the time, and you can actually live without a credit card, a bank account, and financial records. You can live in cash, without being chased, and just say 'fuck the government, I want my own little Anarchy". If you leave everyone alone, and don't expect anything from the government, they have no way of bothering you. That's the way I choose. I stay out of their way, and they stay out of mine. Sure, if you are into the game, they will fuck you up. But if you decide to play alone, you stand a chance.

About your questions, the weather is very nice, the place is beautiful (sort of European-looking, but with virtually unlimited natural resources, less people, lots of cheap land, and the best food in the world). About internet access, I'm paying 33 Dollars for unlimited 3G access anywhere in the country [coverage is pretty good, i have signal everywhere, even outside the cities], and 42 Dollars for a 4MB Cablemodem, that works pretty well.

Cheers.

Re:I just don't even open the door

[pclminion]

The civil justice system has NEVER been an "innocent until proven guilty" system. Unlike criminal justice, civil justice is about "preponderance of evidence." Roughly, this means that whoever's case is more impressive, wins. You don't have to prove anything, you just have to be more convincing than the other guy. And if you don't try to defend yourself? You lose by default. This isn't new. It's always been this way.

Ernie Ball

[bmo]

I'm sure that Sterling Ball over at Ernie Ball (guitar string manufacturer) is sitting with a big grin on his face every time he reads something like this.

For those who forgot:

http://news.cnet.com/2008-1082_3-5065859.htm

In 2000, the Business Software Alliance conducted a raid and subsequent audit at the San Luis Obispo, Calif.-based company that turned up a few dozen unlicensed copies of programs. Ball settled for $65,000, plus $35,000 in legal fees. But by then, the BSA, a trade group that helps enforce copyrights and licensing provisions for major business software makers, had put the company on the evening news and featured it in regional ads warning other businesses to monitor their software licenses. Humiliated by the experience, Ball told his IT department he wanted Microsoft products out of his business within six months. "I said, 'I don't care if we have to buy 10,000 abacuses,'" recalled Ball, who recently addressed the LinuxWorld trade show. "We won't do business with someone who treats us poorly."

Re:Greedy traffic cops?

[LostCluster]

In the town next to the one I sit... there's a old police officer who has a "quota" of traffic fines he needs to collect in the budget. Miss his income number, and he's unemployed. The budget number is public record as and in as a separate line item in the official budget. He's authorized to put up a "Speed Limit 30" sign at any intersection because that's the state law at all intersections marked or not.

Now, on the way out of this town, there's a highway interchange. That's an intersection, but the state highway people don't want you going as slow as 30 miles per hour there... you won't be up to 55 on the short ramp to the highway if you do. So they've rigged this intersections with enough signs that the traffic officer is locked out... if he puts his sign up, it's not properly displayed because it's either blocked from view or too far from the intersection. He still writes tickets there, and if you take him to traffic court you can get it kicked. He's hoping you confess or just send in the check. There's even a state website where you can pay your fine with a credit card.

If enough people do get his tickets kicked, he'll be done.

What about this?

[pclminion]

Suppose I'm a healthcare company. Software auditors show up at my door, waving contracts in my face. I let them in. They insist that they must inspect ALL machines running, say, MS Office. Some of these machines contain sensitive health information for ten thousand patients. I have now committed 10,000 willful HIPAA violations, and could go to jail, in theory, for up to 10,000 years (maximum jail time for willful but non-malicious breach is 1 year per instance).

Or what about SarbOx? Any possibilities for violation there?

I think a strong case could be made that if you are a HIPAA covered entity who uses software which is subjects to such agreements, and you abide by the agreements, then you are committing a felony. Thus, using Microsoft software is a felony. QED

Re:The article was actually nice.

[MightyMartian]

B.S. Nobody wants Microsoft licensing to be that complex, except the SAM contractors and other licensing Nazis that Microsoft and a good chunk of the proprietary software world has let loose upon us all.

I had a SAM review last February and March, that started with a letter from a Microsoft "partner" (read: contracted henchman) that, once you got passed the bullshit about them being hear to help me, was clearly a software audit.

I was given 30 days (with an extension if I needed it) to put everything together. That part wasn't too bad. We had largely inherited the licenses from the firm that we had taken over, and it was a bit of a mess. Of our three copies of Server 2003, one was an inherited Small Business Server 2003 OEM edition that I had applied the Transition Pack to to turn into proper Server 2003, one was an OEM copy of Server 2003 R2 bought by us and one was a Server 2003 that we had inherited, purchased through Software Assurance. As well, there were about 15 Office Pro licenses, as well as 13 or 14 Office OEM copies sold with the Dells that we had inherited. On top of that, I had a backup server running Windows 2000 server, plus CALs both purchased by us and by the people we had bought everything from.

I first smelled trouble when they asked me to verify that 22 of our workstations (all running OEM copies of XP) were not running Office (they were running OpenOffice). I found the question more than a little accusatory. Then came the seeming inability for them to count CALs. At one point they had us in the red 15 CALs, despite the fact that I had invoices, both of my purchases and of the previous organization's, showing the CALs. This literally went back and forth for two weeks, until finally I had had enough, and sent off a very angry email to the contractor accusing him and his "team" of severe arithmetic disabilities, and explicitly using the phrase "you are harassing me".

Then, as if unwilling to declare defeat, they came back with a final number of -5 Server 2003 CALs, because, and get this, though I had enough CALs to cover everything, I hadn't bought this 5 CAL pack via Software Assurance, and wasn't permitted to use it as a User CAL on the Server 2003 machine installed via the single copy of Server 2003 bought via Software Assurance. I sent back a very angry letter, CCed to my manager, asking them if they seriously thought that I was going to pay $150 bucks again for CALs I already owned, because I bought them from a reseller as opposed to Software Assurance. I think at that point they got the hint that they weren't going to be getting any money out of us, and sent back a letter saying that as long as I agreed to change them into Device CALs, I'd be in the clear with them.

Now, I guess from one perspective one could say that we got off in the end, we were totally legit. But this probably consumed about $500 to $700 of my wages (my employer's money) on pointless back-and-forths as they tried to probe to find any way to make money off of us.

At this point, we are looking to abandoning Microsoft, and indeed proprietary software wherever we can. It won't be easy, and it won't always be pleasant (though it can't be any worse than the three weeks of hell that happened when we bought new Dell workstations with Vista). We're stuck with Exchange-Outlook for the medium term, but should have enough licenses to cover a small expansion that may be happening in a year. But all the new file servers are running Samba, we're set to expand OpenOffice installs, and while Office 2003 will be around for a while, there will be no upgrades to later versions, save as we replace workstations. The long-term plan is to roll more and more server operations on to open source solutions, with a set goal that when we hit 95% of our Exchange CALs, we will take the plunge and go with an open source groupware solution. I don't anticipate that we will ever be Microsoft free, but we can certainly reduce our footprint, and our exposure to the nonsensical and self-serving whims of Micro