How To Approve the Use of Open Source On the Job

New submitter Czech37 (918252) writes "If you work in an organization that isn't focused on development, where computer systems are used to support other core business functions, getting management buy-in for the use of open source can be tricky. Here's how an academic librarian negotiated with his management to get them to give open source software a try, and the four phrases he recommends you avoid using." "Open Source," "Free [Software]," "Contribute," and "Development" appear to scare managers away.

Nobody ever got fired for buying $big_corp

[Opportunist]

Old saying. Nobody ever got fired for buying IBM. Nobody ever got fired for buying Microsoft. Nobody ever got fired for buying SAP. It's a simple cover-your-ass game.

Managers, unless they have a very special bond with the company (like, say, they built it from the ground up) don't give a shit about the company. They care about their ass. And when the question is whether to blow a million of company money for software they don't know jack about but has a big name behind it, or to save the company a million bucks using software they don't know jack about but has no name to it, they blow them money.

Because they needn't explain why they did it. It's IBM/MS/SAP, how should he have imagined that it's no good?

Re:Nobody ever got fired for buying $big_corp

[icebike]

Unless you can find a written policy forbidding it, just do it.

Its easier to get forgiveness than permission.

Chances are you won't find any policy, unless you work for a big bureaucratic compartmentalized organization. Even then, in the absence of a written prohibition, cost savings can sell the day as long as you provide a support contract. (Some how bean counters become blind to expenditures on support contracts that never ever get exercised).

Re:Nobody ever got fired for buying $big_corp

[roc97007]

...Oracle...

Re:Nobody ever got fired for buying $big_corp

[Wintermute__]

Oh, plenty of people have been fired for buying Oracle. Their enterprise apps are a bad joke.

The joke's on the poor sap dumb enough to buy them.

Re:Nobody ever got fired for buying $big_corp

[roc97007]

Their enterprise apps are a bad joke.

...and always have been, to some degree. Yet people still believe that the way not to get fired is to specify Oracle.

Re:Nobody ever got fired for buying $big_corp

[Opportunist]

Getting forgiveness is only available from C-Level on. Below, they just kick your ass out on the street.

Re:Nobody ever got fired for buying $big_corp

Getting forgiveness is only available from C-Level on. Below, they just kick your ass out on the street.

In real life; almost never. You are going to have to check your own company carefully. Likely this will only happen in a really big company where you already had an explicit warning about open source. Make sure you read through all your IT policies. If there is an explicit one against open source in some way, then always act ignorant ask your manager before breaking it. "Hey, there's this really neat package Gimp which will let me make that special photo we need. It will save me thousands over buying Photoshop; is it okay if I use it. It's completely legal". If he says yes, then go ahead; after this is a widely established thing then go back and "revisit" the "outdated" policy. If he says no, then you wait for a good opportunity (normally just after they failed at something else or at a company efficiency conferece) and register a complaint against the policy with the boss of whoever wrote it.

For a small company there's normally no policy and nobody cares as long as it's more or less legal. Just go ahead and do it. Become the expert in your area and then teach others.

The companies which really might care are the truly unscrupulous consulting companies where the entire aim is to raise the cost base of the customers. Here the fact that the software is free would make the companies overpriced services more visible. Basically, if you work for such a company then god help you. The only good thing you can do for humanity is start planting voice recorders around the company and leak the recordings on WikiLeaks.

Re:Nobody ever got fired for buying $big_corp

[rioki]

I would fire someone buying SAP period. Interestingly their products are mediocre at best, but the real scam is everything surrounding the product. You don't buy SAP, you get a tailor made software. To find out what you need a a team of consultants will monkey around your business for a month or two, at your expense. Then a few developers will write 5 lines of custom business logic binding exciting modules together and swap a few logos and acronyms. On top of that you need to train all users in the most basic tasks, partly because the entire thing is totally convoluted and they assume that even tech savvy users do not know how to use a computer.

For the cost of deploying SAP, easily a couple millions upfront plus expensive maintenance contracts, you can straight up employ a small team of developers and build your custom apps on top of some common framework. Or better look around a little for existing tools.

Re:Nobody ever got fired for buying $big_corp

[rioki]

"But everybody else is using IBM/SAP/MS? They are successful!"

Re:Nobody ever got fired for buying $big_corp

[gbjbaanb]

d'uh - the people "buying SAP" are C-level people signing it off. And they never get fired, they simply leave to spend more time with their family due to the stresses of their incredibly stressful job.

Same applies if the company goes bust - they still get first dibs on whatever payoff cash is left over.

Re:Nobody ever got fired for buying $big_corp

[serviscope_minor]

Oh, plenty of people have been fired for buying Oracle.

Yeally?

Their enterprise apps are a bad joke.

Yes, but they're such an *expensive* bad joke that it is too embarressing to too many important people to write off the cost, so usually, the system is kept and forced to work and declared a success.

If you fuck up a $100k contract, you'll be fired. If you fuck up a $10,000,000, people will work very hard to find a way to make it not look like a fuckup, especially if they've been involved in any way at all.

Re:Nobody ever got fired for buying $big_corp

[u38cg]

Very much this. Once something is done and working, getting retrospective permission is typically a lot easier. Your industry may vary.

Re:Nobody ever got fired for buying $big_corp

[smooth+wombat]

Unless you can find a written policy forbidding it, just do it.

This is why you never give people admin rights. They'll randomly install shit and when something breaks, go to someone else and let them spend (potentially) hours of their time trying to figure out what went wrong.

If you think randomly installing shit is fine, I think it's fine to just reimage your machine without bothering to see if your stuff is backed up.

When you're at work, it's not your equipment. It's the company's and yes, almost every company out there has a policy explicitly stating the installation, or attempted installation, of unapproved software can get you fired.

Re:Nobody ever got fired for buying $big_corp

[JaredOfEuropa]

Very true. It's not a reason FOSS will not work in your organisation, but it is an issue that needs to be addressed. If something goes bad, who is accountable? Make sure it is not the manager signing off on it. Companies like RedHat do not just exist to package and provide support on Linux installations, they also exist as a "blame buffer". Start with a low risk project that will not have huge repercussions if it fails, be honest about both short and long term risks in using FOSS, and address these risks. For instance: don't assume 100% effective and timely community support, and don't leave maintenance to Ted in the boiler room either; get a real support team in place. Treat it like you would in-house developed software, but without the risks associated with development. Once you have demonstrated the benefits, work with management to arrive at a sensible policy for FOSS.

Another area that management may be particularly sensitive to is liability for IP infringements. If Microsoft steal someone else's software, the IP owners go after MS. In case of FOSS, the IP owners go after the users with deep pockets. I could name a few cases where this has happened. This is a manageable risk, but again: it needs to be addressed up front.

Re:Nobody ever got fired for buying $big_corp

[roc97007]

> Yes, but they're such an *expensive* bad joke that it is too embarressing to too many important people to write off the cost, so usually, the system is kept and forced to work and declared a success.

> If you fuck up a $100k contract, you'll be fired. If you fuck up a $10,000,000, people will work very hard to find a way to make it not look like a fuckup, especially if they've been involved in any way at all.

This. Generally true, I think, of any ridiculously expensive fuckup. What generally happens is that the vendor helps you to save face with management and/or the board of directors, and helps you to sell them on solutions that involve giving the vendor more money.

"Nobody got fired for buying IBM". Partly because when IBM puts in the screws, they also have very experienced sales managers who can help you sell the idea that yes, being kneecapped really is a good idea. Who needs knees? (I used to work for IBM professional services, saw this first hand. Not the knee part, but the bait and switch part.)

Oracle has the same modus. They get you too deep into a project, and then dangle a solution at an increased price. It seems to be their entire business plan.

Same true for companies that provide outsourcing. (a) Having us take over your IT will save you millions a year. (b) It's a disaster because your departing employees didn't document their procedures well enough. (c) We can fix this by bringing in more level 3 and 4 admins, at an additional cost. (4) We can't support your servers because they didn't come from us. All servers are now on 3 year retirement, and you are required to buy our hardware. (5) After six years, you're still paying more for less but we'll help you spin it for upper management.

The idea is to get the decision makers complicit in the crime. After all, to them it's just a job -- it's not like they own the company.

Re:Nobody ever got fired for buying $big_corp

[david_thornley]

Yeah, and I find it really funny that people think that way about Open Source. Who has managed to pin blame on a software company in any meaningful way? Who gets support that is guaranteed better than community support without paying for it? You can usually find consultants for any important OS software.

Re:Nobody ever got fired for buying $big_corp

[Opportunist]

Experience? No. MS/IBM/SAP are certainly NOT to blame when their product don't run well in your company.

For some odd reason, C-Levels tend to be kind religious. Not in the orthodox sense, more in the sense that they follow some creed from some consultant, some "management standard", some other holy book that tells them how they should be. That these holy books all ignore the fact that humans are humans is something I'll never quite grasp, but so be it.

Since MS/IBM/SAP are certified to follow those creeds to the letter (that's some kind of mark of being blessed in those religions), they can't do no wrong. They have been certified to be high priests of the religion. And how could little you question the wisdom of your holy leaders?

So, the reason must be that back when we used their crap before, we made some mistakes. But this time it will be so much better!

Re:Nobody ever got fired for buying $big_corp

[Opportunist]

I do have a job. Let's say it deals with security.

The main reason why I have a hard time greenlighting the use of OSS is simply that very few of it comes with the relevant certs, something the relevant commercial software will almost invariably have. We could of course audit the living shit out of the OSS packages ourselves... which we actually celebrated once with the result that it's more expensive.

This is admittedly a very, very specific case and I don't think I'd cite it as a reason to avoid choosing OSS since nearly no organizations are limited by this special little tidbit.

OSS is not unacceptable from a licensing standpoint for most managers. It's simply "I prefer the horrors I know to the ones I don't" for most managers.

Re:Nobody ever got fired for buying $big_corp

[Opportunist]

That's not even a requirement. I was puzzled by the same when I asked my first boss (back in the early 90s) why no chance to try Linux for some of our lesser important systems. His answer was, in all sincerity, "but who do we sue if it goes wrong?" I was sitting there as puzzled as you are, thinking "You want to sue MS over their crappy OS? Good fucking luck, idiot!"

Later I learned that this isn't even the point. The point is that you COULD sue them. You won't, of course, but you have someone to shift the blame on. You can say that you made the decision and now MS fucked up, so your recommendation for legal is to sue them. Legal will reply (not to you, you're not important enough for that, the reply will go to your superior) that suing MS is fucking nuts. And that's where this will end. It's not your fault that the company decided against suing MS.

You need a scapegoat. That's all. You need someone that you could in theory sue. That's all you need to not be slaughtered.

Pet projects and the hidden skunk-works.

[raydobbs]

In small businesses - often the best foot in the door for open source software is a pet project, something you can do transparently to design something to show management about the advantage of the software has over more traditionally licensed fare. Being able to speak the language of IT management helps - Cost of Ownership, Return on Investment, being able to present facts based on license costs is also helpful - management listens to dollars and sense, followed by legality.

Of course, if your business deals with large vendors who have a stake in keeping things locked to Microsoft, Oracle, IBM or HP - you are fighting a steeply uphill battle.

Re:Pet projects and the hidden skunk-works.

[rioki]

And in what way do you think you are doing a better job with ISS + C# and MSSQL? The Apache + PHP5 + PostgreeSQL stack is in par with the MS stack and the primary fault lies with the developer of the application. That same developer would have botched the ASP site equally well.

With a small company, this is easy.

[MindPrison]

When I tried this with bigger companies, it was H*** on earth to try them to embrace Open Source. One of the business managers simply doesn't understand the concept of a free lunch.

However, with every SMALL company I ever worked for, introducing Open Source software...was a blessing from above to them, it's free, it's cheap...and the programmers are enthusiastic idealistic & proud of their work, so bugs gets fixed faster and new features are introduced frequently as opposed to the commercial bug ridden bloatware where companies are afraid to admit ANY wrong doings as they're afraid of liabilities and such.

I've been using Blender (3d Software) for over 10 years now, making a living of it, and all the commercial alternatives are slowly fading away with their fanboys. Long live Open Source, it really is true freedom.

Re:With a small company, this is easy.

[gewalker]

Well, if free is the problem, you can always cut a big check and send it me when you adopt such software. Of course I will channel all such funds received into furthering the benefit of mankind (or at least 1 man). I will even gladly give you a receipt for your "purchase"

Re:With a small company, this is easy.

[drolli]

i have been working in two of theand really big companies (both > 100k employees), one Japanese, one german.

  in the Japanese company there was no strategy regarding software and "whatever works" was fine, which included open source.

the German company had the strategy to explicitly manage the obligations from open source. effectively the rules were:
Apache style, bsd style licenses and LGPL where white listed
GPL 3 was blacklisted
GPL needed special consideration (so kind of blacklisted)

Re:With a small company, this is easy.

[EmperorArthur]

Considering that those licenses all cover distribution I don't see the difference for an in company product. Especially since the difference between GPL and GPL 3 deals with preventing locked bootloaders. Now if you're doing embedded development or selling software, it's a completely different story. I don't agree with it, but I can see why companies want complete control of their products.

Re:With a small company, this is easy.

[davydagger]

There IS no such thing as a free lunch.

Free as in speech, not as in beer.

There are many advantages to Free software, such as Freedom, being the microsoft doesn't have leverage over you. If your a large enough corp, you can write whatever features MS will never give you, or pay red hat to make them for you.

Re:With a small company, this is easy.

[Bite+The+Pillow]

Until a data issue means you have to ship a database backup or large data file to the developer to reproduce and fix the issue, and you have no company to make a data confidentiality agreement with. Or the main developer is outside the company, because international law is a bitch.

Want to fix it yourself? Now you've signed up for internal maintenance unless you can get it accepted upstream. And without a repro, and bad data to test with, the need for the fix is not obvious.

As always, your circumstances will determine what you can and cannot use. Ignoring certain situations means your choice is an uninformed one. I'm not surprised to see that larger businesses want to cover situations they have experienced or read about, and smaller companies are fine with taking changes they don't even know they are taking. Chances that history has created a flowchart or checklist in that company that says we need this data in order to even consider operating third party software. And open source doesn't have it, unless you buy with a support plan like red hat or oracle.

Re: With a small company, this is easy.

[AvitarX]

Doesnt gpl3 also have effects on web services? I thought it folded in agpl.

Re:With a small company, this is easy.

When I tried this with bigger companies, it was H*** on earth to try them to embrace Open Source. One of the business managers simply doesn't understand the concept of a free lunch.

There is no free lunch. There's just economies of scale, and sometimes a free ride.

It's like hitch hiking. If someone stops and picks you up, and is going the same way, you might get a free ride, otherwise it's "cash, ass or grass". If someone's already made some OSS that does exactly what you need, you get a free ride, otherwise you still have to put the work in or pay someone else, to turn it from what it is, to what you need. Sometimes that's a short walk, and sometimes it's a year long trek.

I've been on the other side of this argument, working for OSS obsessed managers, trying to convince them of the merits of buying a commercial product rather than engaging in a year long project to modify some OSS into what we need. And I won that argument.

I tend to favor BSD and MIT licensed software over GPL or commercial software, all things being equal. If I use PostgreSQL
and I need some fancy feature like horizontal partitioning or synchronous multimaster replication, I can buy one of the commercial forks of Postgres that has added those features. If I use NetBSD, and I need lockstep execution, again, there are commercial vendors who provide that. And if my company begins some great work on a BSD project, we can make an intelligent business decision on whether to open that work up, or productise it. We can even have a version that we release as BSD, to capture the value of third party contributions, and make money on the value-added components that people are prepared to pay for.

I can't see anyone buying PostgreSQL if it was a commercial product, unless it was nearly give-away prices. It's a good database but so are Firebird and MSSQL, the first being OSS, and the second being nearly give-away prices. What sets Postgres aside is the large community of commercial editions that could not exist in a GPL community.

I agree that Blender is awesome, being an avid Blender artist myself, but it's important to remember that Blender's genesis is not in OSS and especially not in the GPL, but as a commercial product for IRIX, which became a commercial freebie for multiple platforms, and there was an enormous fundraiser ($1M IIRC) to buy Blender from NaN and release the source code as GPL. I'm not totally sure "all the commercial alternatives are slowly fading", as while my personal opinion is the UI and usability of Maya totally sucks, there is a huge community of commercial extension vendors around Maya, and it's not clear the GPL license of Blender allows commercial (not GPL) extensions, and I can't see all these vendors turning around and releasing all their extensions under a GPL license. More simply, I don't see the huge number of extensions for Blender that Maya or AutoCAD have.

Re:With a small company, this is easy.

[tlhIngan]

the German company had the strategy to explicitly manage the obligations from open source. effectively the rules were:
Apache style, bsd style licenses and LGPL where white listed
GPL 3 was blacklisted
GPL needed special consideration (so kind of blacklisted)

A company I worked for had the exact same policy. Though it was a bit more formalized in that if you want to use a not-previously-approved piece of software (commercial or open-source), the license and justification must be sent to Legal in order to vet it. And for open-source, they had the same criteria - except GPL (all) was blacklisted and you needed a Really Good Reason(tm) to have it considered.

And they needed to know if it was a tool for inhouse use or to go to customers, as well.

Considering that those licenses all cover distribution I don't see the difference for an in company product. Especially since the difference between GPL and GPL 3 deals with preventing locked bootloaders. Now if you're doing embedded development or selling software, it's a completely different story. I don't agree with it, but I can see why companies want complete control of their products.

The problem is that "distribution" may occur inadvertently. It's generally considered that if the software is used on premises by employees, it's not distribution. But it gets murkier if there are external contractors involved - if the contractors work onsite, then no, it's not really distribution. But what if the contractor then works offsite? Or if you agree to take on more contractors, and they exclusively work off-site? That could be considered distribution to those people since the software has no gone offsite to other people.

And I believe a case was decided, or the FSF has decided that yes, that is distribution and triggers the GPL.

And it makes sense - let's say they hire you to solve an issue they have, and then they send you the build tools they use so you can build the code base. Oops, that IS distribution since they sent you the tools. It's just like they sent you the tools in a regular way, you're not an employee and it's no longer on site, so it's distributed to you and you have a right to the source per the GPL.

And then there's the whole compatibility issue - GPLv2 is NOT compatible with GPLv3. Some GPLv2 code is marked as "upgradable" (i.e., GPLv2 or later, or GPLv2+) so it can turn into GPLv3 code. But GPLv2-only code cannot be mixed with GPLv3. And in a somewhat mixed and large code base, this could happen quite inadvertently. Especially if someone is upgrading from one version to another, and the old was GPLv2, while the new is GPLv3.

Companies are paranoid these days, and legal obligations can be inadvertently created so they're wanting to be extremely careful.

Re:With a small company, this is easy.

[drolli]

inadverted creation of obligations:

-the matlab compiler signs code for execution. no GPL3 is compatible with it (even if they never mention the term "DRM" in the manual).

-what happens if a part of your software sits in controllers owned by your customer (for whom you develop) which logs data as a service offered to his customers? as long as you own the controller they dont need to pass the code on, but at whuch point should that happen?

-assume that you develop software to be delivered to a daughter company. is it enough to create builds and give them access to the repository to enable them to fulfill their obligations?

Re:With a small company, this is easy.

[david_thornley]

There is no free lunch.

Except that every fork produced has a free Lunch Replication System built in nowadays.

hidden advantage to open source

[roc97007]

It seems like the best bet is to not raise the question in the first place. Management doesn't need to know that Apache is free, for instance. And there are commercial and free versions of Nagios, Tripwire, Sendmail, and so forth. We have over half of our prod servers running Red Hat, for which we buy maintenance, but in the lab we run CentOS. The Open Source community realizes that companies have a compulsion to spend money, and there are companies that will sell you free software (think about that phrase for a minute...) to satisfy this requirement.

Don't sell Open Source, just present the options

[Dynedain]

So in other words, put Open Source on the table just like any other software. Don't try to differentiate it as "Open Source", because if you do, decisions makers and stakeholders will wonder why you're putting extra effort into justifying it.

Put it up with a support contract and necessary consultants just like any other piece of software and you'll get approval.

Generalize much?

[mi]

"Open Source," "Free [Software]," "Contribute," and "Development" appear to scare managers away.

Not where I'm working (a giant company). On the contrary, we are rather suspicious of commercial solutions — because their costs tend to run up pretty quickly (we have a large user-base) and their license terms often enough turn out to be rather enslaving (Oracle is particularly scary in this regard, from what little I've overheard from the company lawyers).

Sure enough, free software has its rough edges, but so does the commercial kind. And we have enough bright people to fix the problems (bugs or missing features) in the open-sourced packages, whereas with the proprietary stuff you are usually at the mercy of the vendor. We still use some commercial programs, but, when choosing a software solution, the program being proprietary is a negative, rather than a positive factor.

I wish, it remained possible to get the source for the commercial packages as well, but with modern attitudes towards theft of intellectual property as well as the wide-spread propensity to use the terms "free" and "open source" interchangeably, this is not an option...

Re:Generalize much?

[Bite+The+Pillow]

3 Fortune 150 companies, and we always had someone who could get a support ticket opened to major vendor. I had to push a bit to find the contact, since this information is usually kept close to the chest.

Basic vendor rules are:
1) Be running the latest version
2) Be ready to upgrade to the next patch in order to have your bug fixed
3) All of the other patches, improvements, and bugs will be in the next version

These can be very limiting, and I would prefer to have the source even if all I do is submit a diff. But "mercy of the vendor" isn't even a thing, if you understand your your support contract works, and your upgrade plans accommodate the rules. If you choose to operate differently, you are probably better off using something more flexible.

You mention having people who can fix the bugs from open source. Most business does not operate this way. You are shifting costs and beta testing onto your own employees. Not all of it, but this is a risk.

I'm happy your company has found enlightenment. For other companies to make the same switch, they need to shift around their infrastructure to support this model of internal ownership. That takes a huge leap of faith, or a rogue division willing to take a risk to make a name in management.

I sound like an apologist, I give you that. But equally plausible is the concept of "know your enemy".

I will contribute this - there are many proprietary tools where you get the source if you buy it. These examples are great places to start, if you want to start supporting availability of source code. Many are development tools, where the benefit is obvious. There are others.

Re:Generalize much?

[thegarbz]

Of course it's generalised. Why? Because that's what people do, we generalise.

Why is a cheap Chinese product automatically assumed to be worse quality than an expensive USA made product?
Why are cheap games automatically assumed to be garbage compared to $80 titles?

Now given that inherent bias that fuels the many generalisations on cost, why should a free word processor be anywhere near as good as MS Word? It can't be, otherwise it would cost as much as MS Word right? People don't give away something for nothing so the quality must be crap.

Remember often when you try to explain open source software to people you are explaining to people who make purchasing decisions but know nothing of the principle behind OSS, the economics behind it or anything else. When presented with the options you risk looking like a TV Shopping network salesman. "But wait, there's more! Call now and we'll give it to you for an incredible 99.99999% off and I'll throw in my wife absolutely free!"

Open source has many merits other than price which don't carry such a stigma.

Re:Don't sell Open Source, just present the option

[DoofusOfDeath]

Agreed. I take a dim view of managers that demand I "sell them" on what I think is the right choice.

It's their job to make decisions wisely, not my job to force what I consider wise decisions down their throat. I try to be honest about the pros and cons. If the choice lies within my authority, I try to make the best choice. If it's within their authority, then I hope they make the best choice. If they don't, that's their problem.

I guess this response must reek of someone who has little patience for foolish managers, and other job prospects if necessary. So be it.

YMMV

[westlake]

Its easier to get forgiveness than permission.

Not always. Not everywhere.

My first instinct when a geek summons up a Slashdot meme to make his case is to do precisely the opposite of what he suggests.

Re:YMMV

[arth1]

My first instinct when a geek summons up a Slashdot meme to make his case is to do precisely the opposite of what he suggests.

But it isn't a slashdot meme - it is a Grace Hopper quote well known long before Slashdot existed, and rarely encountered on slashdot.

My experience

In my experience, showing a side-by-side demonstration of performance followed by the price will get your foot in the door. From then on, deliver and keep foot out of mouth. The low cost of setting up a demonstration of FLOSS makes this fairly simple with no need for a line-item on any budget.

For instance, in one school, I discovered the paid ILS was not working two years after it had been bought. The supplier just didn't bother to fix the problems. I installed KOHA in 15 minutes and showed it to the librarian. Within days, the supplier of the paid system made its stuff work. Several years later, that same supplier was doing the same with another school. It's software would not accept the supplied "key" after weeks of discussion. I installed a FLOSS ILS and in short order the paid supplier fixed its problem. The sad thing is that both schools paid $thousands more to get similar performance to a FLOSS application that didn't let closure of the source code or anything else get in the way of performance. It's just so much simpler to use FLOSS from one end to the other.

In another school, the CD that bore the "key" was missing/lost and an expensive bit of software could not be made to run and the supplier would not bend. He wanted to be paid again for the same performance. We replaced the OS and the application with GNU/Linux and Moodle and several other FLOSS applications and had better and more agile IT thereafter. FLOSS is the right way to do IT for education. We are in the business of educating, not making monopolists rich. We don't owe them an extravagant living.

Cost is irrelevant, support is everything

[petes_PoV]

While reading the article I instantly recognised the situation the guy was describing. However, I believe he has misinterpreted the concerns of his employers.

Most managers who have had any dealings with a software rollout know two things:

First is that they won't actually get what they think they have specified
Second is that there will be problems (see point #1), overruns, differences between what's required and what's delivered and that getting the software functional is only a small part of the job. The rest is integration, training the users, supporting the thing for 5+++ years, implementing upgrades and bug-fixes

These managers also know that once a project has been signed off, the money has, just that moment, been spent. Companies don't think of money, they think of budgets - so once you have gone through the approvals process and got your budget and your go-ahead the project is effectively a sunk cost, but one that has not yet delivered anything. As a consequence the manager in charge of the project will be deemed to have failed if he/she needs to go back and ask for more, in order to deliver the project.

So, in their minds they want insurance - and indemnity - above all else. Even above cost savings. They want to know that in return for $<megabucks> that when things start to go wrong, their commercial relationship with "the vendor" entitles them to get support, advice, expertise, fixes, customisations, training, documentation and upgrades. Those will all form part of the cost-case and whoever approves the case will expect, maybe even require, that those items are included and form part of the contract. As they know that there will be the need to call upon those services. If all they get for using "free" software is a pile of code, then that is usually the smallest part of the project and often the least expensive, too. The real cost, over the project lifetime comes with all the extras and services they get from their vendor - but which "free" software is very poor at providing, and absolutely does not guarantee.

If you go to get approval for a project of any significant size, not having included those items will mark you out as, at best, a newby and at worse: completely unsuitable to be managing a project. It's like if you buy a car. The cost of the vehicle is only one aspect. The cost of servicing, fuel, taxes and depreciation are major factors that should be included in the plan. That they aren't is just an indication of how poorly most people approach a major purchase - and why they'd never make a project manager.

GPLv3 != AGPLv3

[tepples]

The web service stuff is in AGPLv3, and GPLv3 and AGPLv3 are separate licenses. The only ways they're connected are that most of AGPLv3's wording is copied from GPLv3 and that the GPLv3 has an explicit exception for linking to AGPLv3 code.

Fictitious data to trigger a misbehavior

[tepples]

and you have no company to make a data confidentiality agreement with

Why can't you execute a data confidentiality agreement directly with the main developer as an individual contractor?

And without a repro, and bad data to test with, the need for the fix is not obvious.

If a patch is made with the intent to correct misbehavior, this implies that a cause of the misbehavior has been found. And once a cause is found, it shouldn't be too hard to generate fictitious data that likewise trigger the misbehavior.

Re:Fictitious data to trigger a misbehavior

[tlhIngan]

and you have no company to make a data confidentiality agreement with

Why can't you execute a data confidentiality agreement directly with the main developer as an individual contractor?

And what if the developer says no? There may be many reasons for it - including legal obligations elsewhere (day job, say) that may prevent said developer from "commercializing" their work or even accepting money for the task.

Or even a non-compete, if you happen to be with a competitor of whom the developer works for (you probably won't realize this until it's too late).

At which point you've got a broken piece of software and are scrambling to find something to help you fix it. Meanwhile, your company is losing money from loss of access to that software.

And without a repro, and bad data to test with, the need for the fix is not obvious.

If a patch is made with the intent to correct misbehavior, this implies that a cause of the misbehavior has been found. And once a cause is found, it shouldn't be too hard to generate fictitious data that likewise trigger the misbehavior.

Again, you run in to the issue of what if the goals conflict? What if the reason for the broken behaviour is by design?

Really, the best solution is to not contract with individual developers (face it - there are way too many of them), but with a services company like Red Hat, IBM, or many other Linux support companies where if you do have a problem, they can support you directly rather than trying to get back to the original developer. And if the patch is something the developer rejects, that company can still support you.

Of course, if you've priced Red Hat, you realize they aren't cheap, either. And that's intentional because it is a lot of work. Which I don't have a problem with because when your company experiences a problem with any software, having someone to call up is VERY worth it. Doesn't matter that instead of being able to call a developer directly, you call Red Hat instead and they'll support you. Confidentiality and all.

Re:GPL

[arth1]

.Avoid terms with negative connotations, such as "GPL" and use the more acceptable term, BSD. As a hiring software developer, I know of what I speak.

That wouldn't work with my old boss, who would take any unfamiliar word and enter it in Google, and then hit the "Images" link for screenshots or easy to understand slides.
Suggesting BSD would then be career suicide.

The best way I know of suggesting free (as in breasts) software is to present it with the pricing for someone who sells support. If you can buy the support through the hardware vendor,all the better.
Which is one reason why there are so many IBM / Red Hat systems out there.

Managers read that as...

[hessian]

"No support contract."

Thus what they see is the possibility of problems that take days or weeks to resolve, while getting told STFU NEWB on some mailing list.

That's the experience many clients have had with FreeBSD, for example.

MOD PARENT UP!

[Brett+Buck]

Particularly the STFU NEWB part. This is exactly the reputation open source software has.

Re:MOD PARENT UP!

[bool2]

Except often it goes like this:

NEWB: I have . How do I solve it?
List doesn't reply within 10 minutes.
NEWB: Look, I have to have this fixed by Monday. How do I solve it? If you don't solve it for me then I have to move to .
List doesn't reply within 10 minutes. NEWB gets angry
NEWB: Its such a simple issue. I can't belive nobody can solve it. (Oh the irony). Bump bump bump.
List: STFU NEWB.

Don't expect support-contract-like behaviour from a list - remember they're volunteers, there's no "SLA" and they don't work for you.

Some simple steps for success: Make the effort to properly describe your problem and the steps you took to try and solve it. Make doubley sure you're posting to the correct list - many projects have development and user lists. And always be polite.

Re:MOD PARENT UP!

[petes_PoV]

Some simple steps for success ...

I agree. Most lists and forums take a dim view of repeated questions, ones that are "obvious" and ones that the small minority of helpful posters feel are irrelevant. As you say, there is no guaranteed response time - if you get any response at all - and no guarantee that the responses you do receive will be correct or even on-topic.

Those are why people pay for support. Those are the factors that companies value and the time (equates very closely to money) taken to both supply the requested information, try out all the dead-end, time-wasting, misdirections or re-setting the question can run into $$$-thousands, especially when the replies given are wrong.

Contrast that with the support you get from a reputable organisation: "Oh yes, I'll just call up your configuration ... OK, The error log shows ... which means ... So you need to do .... to fix the problem. You can download the software to do that from our website, here's the link ... Goodbye".
Provided you have chosen your suppliers wisely, not based on headline cost, that level of interaction will be entirely familiar to you. Sadly, very few customers are used to, or expect, such high standards.

Re:MOD PARENT UP!

[Shados]

You're absolutely right. However on a lot of high profile projects, that won't get you anywhere.

I remember a while back I was using a very high profile/popular data access library which shall remain nameless.

I found a fairly breaking bug in a semi-common scenarios. I poke at the mailing list, not asking for it to be fixed, but simply if it was a known issue, as again, it was a fairly common case, and I could pin point the exact snippet of code in the source where the issue was (but, being unfamiliar with the code base, couldn't easily fix it myself).

Instead of a simple "yes or no", I was more or less told to write a failing unit test or shut it, in not so nice words.

So I write the unit test, after taking several hours to find the exact guidance on how to write it (making a test for a database access framework that stays within the realm of unit test and not integration test differs wildly from project to project), I do so, submit it...all around half a day of work.

In the meantime, I patched up something on my end that worked (but it was a hack, so I couldn't really submit a patch) in a few minutes.

2 _years_ later, I see in my email that my bug report just got rejected because of a small mistake in my unit test (that still didn't change the main code path it was testing), and to this day the bug is still present, and whenever this is raised in on Stack Overflow or whatever, people just say its a scenario that isn't supported, even though you can see in the code that it should be, and its just a naive sort order mistake when looping through some array.

I wish it was an isolated case, but it basically is always like that unless you're inside the project's "clique" or you happen to find a bug that is particularly interesting to fix. Yes, they're just volunteers, but if they don't want their project to be of world class interest, then don't promote it as such.

TL&DR: Big projects with a lot of marketing pushes saying they're great for real production use, then don't support it as such, are far too common.

Re:MOD PARENT UP!

[jones_supa]

Particularly the STFU NEWB part. This is exactly the reputation open source software has.

It's kind of understandable though. What if you went poking the Windows Kernel Team with questions like "how do I get this printer to work"? They would say "we don't have the time to help with that". Then you would contact a Microsoft support engineer and his response would instead be "I'm happy to help you, let's get started".

In open source world, commercial distros like Red Hat do have proper customer support in place, but various random open source projects do not have that kind of support options. You can contact the developers directly, and that's it.

Re:MOD PARENT UP!

[Brett+Buck]

Well, that's about right, however, that's also the problem. In a professional setting, you expect support, and not just "when and if we feel like it". NEWB in this case may not have ever even heard of a message board or listserv. Someone says "support is here", he goes there, no one answers.

      NEWB doesn't know or care about the theory of open software, building relationships with the list members, doing research on the code base, etc. He found a problem and wants it fixed, and wants someone to fix it or help him fix it. There's no trouble ticket number, tracking to closure, or in fact any reason to think it will ever get fixed.

          What does he do? He has a problem, someone at his work is going to expect it fixed, or at least get a schedule to get it fixed. It gets fixed on the whim of someone who decides to do it, or not.

        This is the problem with open source. It's for geeks by geeks, anyone else will have no chance of ever tracking down a problem, or even getting basic functionality assistance, because by design, no one person or group will take responsibility for it. This may seem to be a minor problem to you, but I assure you, it is the biggest issue by far for anyone outside the cult.

Re:MOD PARENT UP!

[hessian]

Don't expect support-contract-like behaviour from a list - remember they're volunteers, there's no "SLA" and they don't work for you.

Ah, the old "bad behavior exists, therefore your example must be of the bad behavior"!

No.

I've (repeatedly) seen people go on to these lists, ask a polite question, and receive STFU NEWB or analogue response very quickly.

Generally, the more difficult the question the more likely it is to receive this response.

Ever wonder why Stack Overflow is so popular? Volunteers there get imaginary internet karma points and so have incentive to answer questions.

You usually get a better answer at Stack Overflow than from the official lists.

But few businesses want to rely on a software plan that begins "And if there's a problem, we know this INTERNET FORUM..."

Investors will panic and flee the room, with good reason.

Re:MOD PARENT UP!

[Bacon+Bits]

A standard support contract with Microsoft is for them to provide security and bug fixes, not to research any random issue. Your issue sounds like a random issue.

If your situation isn't repeatable on different hardware, then it's probably not a Windows bug and certainly isn't a critical bug. If it's repeatable on hardware from the same vendors, then it's probably a bug with the firmware on one of the two pieces of hardware or poor configuration on your part. If it's repeatable on hardware from different vendors, then it *might* be a Windows issue. Even then it's unlikely, because the install base of Windows is so large that's it's grossly unlikely that the bug you're discovering is a new bug with Microsoft code. The fact that it works with Linux is not particularly relevant because that doesn't mean your hardware isn't incompatible: it just means Linux knows how to work around it or the driver you have on Linux is different or you're doing something really stupid like running custom firmware.

Your problem is exactly why Microsoft wanted $300 to listen to you.

Re:GPL

[rioki]

It depends. In my experience they have heard of freeware, which often comes with a "non commercial" clause and the legal department said that is evil. Free software is freeware right? The better educated managers know about the GPL and that makes all our software free software, but we wanted to sell that software. All free software is GPL right?

Re:Don't sell Open Source, just present the option

[jones_supa]

exactly lay out the facts:

product A is owned by commercial company with billions of dollars and developers backing the product

product B is written by some really smart people in their free time that may help you on a forum or in an IRC chat room if they can

You hit the nail on the head. That is one of the big problems indeed.

Re:Don't sell Open Source, just present the option

[DoofusOfDeath]

exactly lay out the facts:

product A is owned by commercial company with billions of dollars and developers backing the product

product B is written by some really smart people in their free time that may help you on a forum or in an IRC chat room if they can

You hit the nail on the head. That is one of the big problems indeed.

There is sometimes overlap between the two groups. For example, Linux.

Zero budget usually helps, plus have a fall-back

[RuffMasterD]

Project leaders usually come to me with a vague and changeable list of requirements, a very short turnaround time, and no budget for anything other than wages.

- Writing from scratch takes too long, plus the requirements change too late in the game
- Buying off-the-shelf means squeezing blood out of someones stones, and is not customisable
- Evaluating several open source solutions and taking the best, then modifying as needed hits the sweet spot

The only time I really needed to put a strong case forward to switch to open source was when I took over an in-house solution just after I started this job. The new requirements were simply too much, the deadline too close, and I had too many other things to do to realistically change the custom written code on time. I found a mature open source solution with an active developer and user community which was far more capable and customisable than anything I could single handedly accomplish. I told management that if it didn't do what we needed then in the worst case we could always fall back to the old in-house solution (god help me). Best decision ever, saves me hundreds of hours ever year. I still add the odd feature or bug fix when needed and submit back to the community, but usually by the time we think if it someone else has already done it for us.

Having basically no budget means I couldn't accomplish half my job without free or open source software.

Re:Don't sell Open Source, just present the option

[jones_supa]

True. Those are good pieces of software.

Re:oh noes

[rioki]

Wait, so they do work, and you have to pay them? What a scam!

Except for the really edge cases most SAP installations cover the exact same grounds. What are the chances that, for example the accounting, which is strictly governed by laws, is radically different from one shop to the next? In few cases a shrink wrapped solution would have done the job too.

And provided it works, what's wrong with that?

Except that you are billed around half a million for the "integration" efforts.

What SAP sets itself apart from shrink wrapped solutions, is integrating with existing legacy or non administrative systems. For example the sales order triggering an entry in the production system. But in the case of SAP that definitely will not be cheap and you are effectively contracting software development work out to SAP. This is all fine and well when you are a shop that has totally no background in software development. But then you can also contract it out to a different and cheaper developer.

I assume you wouldn't have to train users when implementing other system, either made in-house or bought?

Yes you need to provide some guidance. But wasting a day of a room full of IT professionals on how to fill out a spread sheet like form, so they can log their hours. This includes on how to install the application, log into the SAP, typing in values and hitting submit. With the added excourse why basics of account and why logging hours is useful. You know something that one page e-mail would have done with a "I mananger comand you to log your hurs" and here is the step by step explanation. The entire thing at the tune of 10 thousand bucks to train something like 200 people. Not to mention the fact that hours where logged beforehand.

and remodel your business processes around the paradigms those tools are designed

Except that deploying SAP also meant that most processes where changed around anyway, so yea whatever.

I have seen 3 SAP deployments, two first hand and one second hand. There is some benefit in using SAP as a one stop solution, but it will definitely not come cheap.

Re:Don't sell Open Source, just present the option

[jones_supa]

Don't try to differentiate it as "Open Source", because if you do, decisions makers and stakeholders will wonder why you're putting extra effort into justifying it.

Well, why put the extra effort into justifying it, then? What's the real answer? Is it because I have been brainwashed to like it, and must turn everything into OSS just because it's so awesome?

Re:Again: There's routers out there w/ Linux

[Ash-Fox]

Sense tells me you could sell a router cheaper using Linux onboard than licensing ones to raise the per unit cost of said routers.

While cost is often a reason for many things in big corporations, certifications and training are too. There is no universal "Linux router", many specialized Linux distributions for routing purposes do a lot of configuration and setup vastly different from each other. IOS on the other hand is pretty uniform and will likely have a wider selection of employable candidates with Cisco certification than Linux Router specific certification.

Re:Don't sell Open Source, just present the option

[orasio]

Good idea, but incomplete:

exactly lay out the facts:

product A is owned by commercial company with billions of dollars and developers backing the product

product B is written by some really smart people in their free time that may help you on a forum or in an IRC chat room if they can

Product C is free, maintained by a mid sized company, and they sell support contracts
Product D is proprietary, owned by a company that might be bought by the competitors, who may or may not keep supporting your product
Product E is a great software product, proprietary, but your company is not in the target market, so licensing and support don't match your needs
Product F is proprietary, and you might need small development tasks on top of the product. Only can buy from the owner.
Product G is free, and you might need small development tasks on top of the product. You can buy from the developer, build your own, contract, whatever.

Add to that, whether there is an easy way out should the unthinkable happen (end of life for products). Does the software support industry standards? Are there alternative implementations of these standards? Have you tested compatibility?

I'm not hiding the technical or strategic advantages some proprietary products might have over free ones, but they are stated everywhere, only trying to lay out more aspects you need to care about.

I think regarding the article you just need to do your job, and lay out all the things you consider. Free software is almost always better in the long run, but it's only sensible to lay out everything you considered, so others can make the best decision.

link should be retitled to

[PJ6]

'academic librarian doesn't know how to proofread or use spell-check'

Re:Money talks (the loudest)

[Ash-Fox]

As far as certs go, if something gets the job done and the person adminning it has proven himself, why bother with a cert that costs the company money sending an employee to get it if they don't need it since they understand it fully!

Because decreasing the risk in employing more people to handle the systems is fairly important. Especially in today's corporate climate where people tend don't tend to stick around and have a long term career in a single company. You also generally want it to be easy to look for replacements and understand that the person is capable without having to be an expert in the matter yourself. Also depending on your industry, you may have compliance requirements that require certain types of certifications to prove eligibility.

Ash-Fox: What are corporate bodies out to do and make?

In my experience, red tape.

Re:Don't sell Open Source, just present the option

[Dynedain]

Consider the scenario:

Product A has technical features X,Y,Z
Product B has technical features X and Y (not Z).... but it's OSS!

Most decision makers will then ask, what's OSS? And when you get into the weeds of explaining nuanced differences in licensing, they'll quickly decide that the features outweigh the license benefits.

Re:Don't sell Open Source, just present the option

[david_thornley]

One of the big problems is that people actually believe that stuff. In this reality, "backing the product" doesn't mean accepting blame or necessarily fixing your problems with it, or in fact anything guaranteed useful.

Re:Money = answer (causes 99% of issues too)

[Ash-Fox]

Yea, well - I know PLENTY of "paper MCSEs" in my day - all the certs in the WORLD didn't make them experienced hands-on or even GOOD @ problem solving... yes, it happens, & I am SURE You know that.

Generally speaking, I haven't met someone with a CCNP, CCIE, Novell Certificated Linux Engineer, MCSE that didn't have the know how to do their job. But maybe that's because those certification also have a practical element to them. I suspect you're confusing MCSE with MSCE, which is deprecated and previously had no practical element to them.

See subject-line: Since you've got 1 thing absolutely right - what CAUSES most of the hassles in this world? Money... there's a reason "Follow the Money" exists as a phrase (it's true).

If I follow the money, I find that in corporate culture, very few appear to be using alternative non-corporate vendors. Most of the time in large enterprises, you end up with companies almost exclusively buying from one company due to having a support contract that pretty much covers everything they provide. This does come at the detriment that other solutions might be better in various circumstances, but because support is already paid for, approval is automatic, you still go ahead with company X's offering.

"Management NEEDS THAT BONUS" is usually who gets the biggest slices of the pie

And they still get it, even when the company is doing poorly.

Re:GPL

[rioki]

How is my reproduction of incohesive rambling of managers relevant to the TFS. I get away with allot of Free Software libraries (Apache/MIT/BSD licensed) integrated in commercial products. But each time I have new manager it takes a while to get them up to speed with the realities of licensing free software. All libraries used in out software needs to cleared with legal, so in the end it does not matter what the manager thinks.

Re:I have & I've been in this field since 1994

[Ash-Fox]

I definitely HAVE seen guys with paper certs NOT be able to solve problems I could

As have I, but the specific certifications I noted haven't disappointed. Some certifications are more equal than others, maybe?

They told me they were out to take MY job & those of my fellow workers... I could have NO GREATER INCENTIVE & never failed

What do you do exactly?

As far as how outright crookery goes in companies for bonuses and such? Well - personally, I don't feel that anyone who doesn't DO THE ACTUAL JOB IN DESIGN & PRODUCTION should get a cent (as they didn't DO any REAL ACTUAL WORK...).

World doesn't revolve around what we want sadly.