How To Approve the Use of Open Source On the Job

New submitter Czech37 (918252) writes "If you work in an organization that isn't focused on development, where computer systems are used to support other core business functions, getting management buy-in for the use of open source can be tricky. Here's how an academic librarian negotiated with his management to get them to give open source software a try, and the four phrases he recommends you avoid using." "Open Source," "Free [Software]," "Contribute," and "Development" appear to scare managers away.

Nobody ever got fired for buying $big_corp

[Opportunist]

Old saying. Nobody ever got fired for buying IBM. Nobody ever got fired for buying Microsoft. Nobody ever got fired for buying SAP. It's a simple cover-your-ass game.

Managers, unless they have a very special bond with the company (like, say, they built it from the ground up) don't give a shit about the company. They care about their ass. And when the question is whether to blow a million of company money for software they don't know jack about but has a big name behind it, or to save the company a million bucks using software they don't know jack about but has no name to it, they blow them money.

Because they needn't explain why they did it. It's IBM/MS/SAP, how should he have imagined that it's no good?

Re:Nobody ever got fired for buying $big_corp

[icebike]

Unless you can find a written policy forbidding it, just do it.

Its easier to get forgiveness than permission.

Chances are you won't find any policy, unless you work for a big bureaucratic compartmentalized organization. Even then, in the absence of a written prohibition, cost savings can sell the day as long as you provide a support contract. (Some how bean counters become blind to expenditures on support contracts that never ever get exercised).

Re:Nobody ever got fired for buying $big_corp

[Wintermute__]

Oh, plenty of people have been fired for buying Oracle. Their enterprise apps are a bad joke.

The joke's on the poor sap dumb enough to buy them.

Re:Nobody ever got fired for buying $big_corp

[roc97007]

Their enterprise apps are a bad joke.

...and always have been, to some degree. Yet people still believe that the way not to get fired is to specify Oracle.

Re:Nobody ever got fired for buying $big_corp

[rioki]

I would fire someone buying SAP period. Interestingly their products are mediocre at best, but the real scam is everything surrounding the product. You don't buy SAP, you get a tailor made software. To find out what you need a a team of consultants will monkey around your business for a month or two, at your expense. Then a few developers will write 5 lines of custom business logic binding exciting modules together and swap a few logos and acronyms. On top of that you need to train all users in the most basic tasks, partly because the entire thing is totally convoluted and they assume that even tech savvy users do not know how to use a computer.

For the cost of deploying SAP, easily a couple millions upfront plus expensive maintenance contracts, you can straight up employ a small team of developers and build your custom apps on top of some common framework. Or better look around a little for existing tools.

Re:Nobody ever got fired for buying $big_corp

[serviscope_minor]

Oh, plenty of people have been fired for buying Oracle.

Yeally?

Their enterprise apps are a bad joke.

Yes, but they're such an *expensive* bad joke that it is too embarressing to too many important people to write off the cost, so usually, the system is kept and forced to work and declared a success.

If you fuck up a $100k contract, you'll be fired. If you fuck up a $10,000,000, people will work very hard to find a way to make it not look like a fuckup, especially if they've been involved in any way at all.

Pet projects and the hidden skunk-works.

[raydobbs]

In small businesses - often the best foot in the door for open source software is a pet project, something you can do transparently to design something to show management about the advantage of the software has over more traditionally licensed fare. Being able to speak the language of IT management helps - Cost of Ownership, Return on Investment, being able to present facts based on license costs is also helpful - management listens to dollars and sense, followed by legality.

Of course, if your business deals with large vendors who have a stake in keeping things locked to Microsoft, Oracle, IBM or HP - you are fighting a steeply uphill battle.

With a small company, this is easy.

[MindPrison]

When I tried this with bigger companies, it was H*** on earth to try them to embrace Open Source. One of the business managers simply doesn't understand the concept of a free lunch.

However, with every SMALL company I ever worked for, introducing Open Source software...was a blessing from above to them, it's free, it's cheap...and the programmers are enthusiastic idealistic & proud of their work, so bugs gets fixed faster and new features are introduced frequently as opposed to the commercial bug ridden bloatware where companies are afraid to admit ANY wrong doings as they're afraid of liabilities and such.

I've been using Blender (3d Software) for over 10 years now, making a living of it, and all the commercial alternatives are slowly fading away with their fanboys. Long live Open Source, it really is true freedom.

Re:With a small company, this is easy.

[drolli]

i have been working in two of theand really big companies (both > 100k employees), one Japanese, one german.

  in the Japanese company there was no strategy regarding software and "whatever works" was fine, which included open source.

the German company had the strategy to explicitly manage the obligations from open source. effectively the rules were:
Apache style, bsd style licenses and LGPL where white listed
GPL 3 was blacklisted
GPL needed special consideration (so kind of blacklisted)

Re:With a small company, this is easy.

[EmperorArthur]

Considering that those licenses all cover distribution I don't see the difference for an in company product. Especially since the difference between GPL and GPL 3 deals with preventing locked bootloaders. Now if you're doing embedded development or selling software, it's a completely different story. I don't agree with it, but I can see why companies want complete control of their products.

Re:With a small company, this is easy.

[davydagger]

There IS no such thing as a free lunch.

Free as in speech, not as in beer.

There are many advantages to Free software, such as Freedom, being the microsoft doesn't have leverage over you. If your a large enough corp, you can write whatever features MS will never give you, or pay red hat to make them for you.

Re:With a small company, this is easy.

[tlhIngan]

the German company had the strategy to explicitly manage the obligations from open source. effectively the rules were:
Apache style, bsd style licenses and LGPL where white listed
GPL 3 was blacklisted
GPL needed special consideration (so kind of blacklisted)

A company I worked for had the exact same policy. Though it was a bit more formalized in that if you want to use a not-previously-approved piece of software (commercial or open-source), the license and justification must be sent to Legal in order to vet it. And for open-source, they had the same criteria - except GPL (all) was blacklisted and you needed a Really Good Reason(tm) to have it considered.

And they needed to know if it was a tool for inhouse use or to go to customers, as well.

Considering that those licenses all cover distribution I don't see the difference for an in company product. Especially since the difference between GPL and GPL 3 deals with preventing locked bootloaders. Now if you're doing embedded development or selling software, it's a completely different story. I don't agree with it, but I can see why companies want complete control of their products.

The problem is that "distribution" may occur inadvertently. It's generally considered that if the software is used on premises by employees, it's not distribution. But it gets murkier if there are external contractors involved - if the contractors work onsite, then no, it's not really distribution. But what if the contractor then works offsite? Or if you agree to take on more contractors, and they exclusively work off-site? That could be considered distribution to those people since the software has no gone offsite to other people.

And I believe a case was decided, or the FSF has decided that yes, that is distribution and triggers the GPL.

And it makes sense - let's say they hire you to solve an issue they have, and then they send you the build tools they use so you can build the code base. Oops, that IS distribution since they sent you the tools. It's just like they sent you the tools in a regular way, you're not an employee and it's no longer on site, so it's distributed to you and you have a right to the source per the GPL.

And then there's the whole compatibility issue - GPLv2 is NOT compatible with GPLv3. Some GPLv2 code is marked as "upgradable" (i.e., GPLv2 or later, or GPLv2+) so it can turn into GPLv3 code. But GPLv2-only code cannot be mixed with GPLv3. And in a somewhat mixed and large code base, this could happen quite inadvertently. Especially if someone is upgrading from one version to another, and the old was GPLv2, while the new is GPLv3.

Companies are paranoid these days, and legal obligations can be inadvertently created so they're wanting to be extremely careful.

hidden advantage to open source

[roc97007]

It seems like the best bet is to not raise the question in the first place. Management doesn't need to know that Apache is free, for instance. And there are commercial and free versions of Nagios, Tripwire, Sendmail, and so forth. We have over half of our prod servers running Red Hat, for which we buy maintenance, but in the lab we run CentOS. The Open Source community realizes that companies have a compulsion to spend money, and there are companies that will sell you free software (think about that phrase for a minute...) to satisfy this requirement.

Don't sell Open Source, just present the options

[Dynedain]

So in other words, put Open Source on the table just like any other software. Don't try to differentiate it as "Open Source", because if you do, decisions makers and stakeholders will wonder why you're putting extra effort into justifying it.

Put it up with a support contract and necessary consultants just like any other piece of software and you'll get approval.

Generalize much?

[mi]

"Open Source," "Free [Software]," "Contribute," and "Development" appear to scare managers away.

Not where I'm working (a giant company). On the contrary, we are rather suspicious of commercial solutions — because their costs tend to run up pretty quickly (we have a large user-base) and their license terms often enough turn out to be rather enslaving (Oracle is particularly scary in this regard, from what little I've overheard from the company lawyers).

Sure enough, free software has its rough edges, but so does the commercial kind. And we have enough bright people to fix the problems (bugs or missing features) in the open-sourced packages, whereas with the proprietary stuff you are usually at the mercy of the vendor. We still use some commercial programs, but, when choosing a software solution, the program being proprietary is a negative, rather than a positive factor.

I wish, it remained possible to get the source for the commercial packages as well, but with modern attitudes towards theft of intellectual property as well as the wide-spread propensity to use the terms "free" and "open source" interchangeably, this is not an option...

Cost is irrelevant, support is everything

[petes_PoV]

While reading the article I instantly recognised the situation the guy was describing. However, I believe he has misinterpreted the concerns of his employers.

Most managers who have had any dealings with a software rollout know two things:

First is that they won't actually get what they think they have specified
Second is that there will be problems (see point #1), overruns, differences between what's required and what's delivered and that getting the software functional is only a small part of the job. The rest is integration, training the users, supporting the thing for 5+++ years, implementing upgrades and bug-fixes

These managers also know that once a project has been signed off, the money has, just that moment, been spent. Companies don't think of money, they think of budgets - so once you have gone through the approvals process and got your budget and your go-ahead the project is effectively a sunk cost, but one that has not yet delivered anything. As a consequence the manager in charge of the project will be deemed to have failed if he/she needs to go back and ask for more, in order to deliver the project.

So, in their minds they want insurance - and indemnity - above all else. Even above cost savings. They want to know that in return for $<megabucks> that when things start to go wrong, their commercial relationship with "the vendor" entitles them to get support, advice, expertise, fixes, customisations, training, documentation and upgrades. Those will all form part of the cost-case and whoever approves the case will expect, maybe even require, that those items are included and form part of the contract. As they know that there will be the need to call upon those services. If all they get for using "free" software is a pile of code, then that is usually the smallest part of the project and often the least expensive, too. The real cost, over the project lifetime comes with all the extras and services they get from their vendor - but which "free" software is very poor at providing, and absolutely does not guarantee.

If you go to get approval for a project of any significant size, not having included those items will mark you out as, at best, a newby and at worse: completely unsuitable to be managing a project. It's like if you buy a car. The cost of the vehicle is only one aspect. The cost of servicing, fuel, taxes and depreciation are major factors that should be included in the plan. That they aren't is just an indication of how poorly most people approach a major purchase - and why they'd never make a project manager.

Re:YMMV

[arth1]

My first instinct when a geek summons up a Slashdot meme to make his case is to do precisely the opposite of what he suggests.

But it isn't a slashdot meme - it is a Grace Hopper quote well known long before Slashdot existed, and rarely encountered on slashdot.

GPLv3 != AGPLv3

[tepples]

The web service stuff is in AGPLv3, and GPLv3 and AGPLv3 are separate licenses. The only ways they're connected are that most of AGPLv3's wording is copied from GPLv3 and that the GPLv3 has an explicit exception for linking to AGPLv3 code.

Re:GPL

[arth1]

.Avoid terms with negative connotations, such as "GPL" and use the more acceptable term, BSD. As a hiring software developer, I know of what I speak.

That wouldn't work with my old boss, who would take any unfamiliar word and enter it in Google, and then hit the "Images" link for screenshots or easy to understand slides.
Suggesting BSD would then be career suicide.

The best way I know of suggesting free (as in breasts) software is to present it with the pricing for someone who sells support. If you can buy the support through the hardware vendor,all the better.
Which is one reason why there are so many IBM / Red Hat systems out there.

Managers read that as...

[hessian]

"No support contract."

Thus what they see is the possibility of problems that take days or weeks to resolve, while getting told STFU NEWB on some mailing list.

That's the experience many clients have had with FreeBSD, for example.

MOD PARENT UP!

[Brett+Buck]

Particularly the STFU NEWB part. This is exactly the reputation open source software has.

Re:MOD PARENT UP!

[bool2]

Except often it goes like this:

NEWB: I have . How do I solve it?
List doesn't reply within 10 minutes.
NEWB: Look, I have to have this fixed by Monday. How do I solve it? If you don't solve it for me then I have to move to .
List doesn't reply within 10 minutes. NEWB gets angry
NEWB: Its such a simple issue. I can't belive nobody can solve it. (Oh the irony). Bump bump bump.
List: STFU NEWB.

Don't expect support-contract-like behaviour from a list - remember they're volunteers, there's no "SLA" and they don't work for you.

Some simple steps for success: Make the effort to properly describe your problem and the steps you took to try and solve it. Make doubley sure you're posting to the correct list - many projects have development and user lists. And always be polite.

Re:MOD PARENT UP!

[Shados]

You're absolutely right. However on a lot of high profile projects, that won't get you anywhere.

I remember a while back I was using a very high profile/popular data access library which shall remain nameless.

I found a fairly breaking bug in a semi-common scenarios. I poke at the mailing list, not asking for it to be fixed, but simply if it was a known issue, as again, it was a fairly common case, and I could pin point the exact snippet of code in the source where the issue was (but, being unfamiliar with the code base, couldn't easily fix it myself).

Instead of a simple "yes or no", I was more or less told to write a failing unit test or shut it, in not so nice words.

So I write the unit test, after taking several hours to find the exact guidance on how to write it (making a test for a database access framework that stays within the realm of unit test and not integration test differs wildly from project to project), I do so, submit it...all around half a day of work.

In the meantime, I patched up something on my end that worked (but it was a hack, so I couldn't really submit a patch) in a few minutes.

2 _years_ later, I see in my email that my bug report just got rejected because of a small mistake in my unit test (that still didn't change the main code path it was testing), and to this day the bug is still present, and whenever this is raised in on Stack Overflow or whatever, people just say its a scenario that isn't supported, even though you can see in the code that it should be, and its just a naive sort order mistake when looping through some array.

I wish it was an isolated case, but it basically is always like that unless you're inside the project's "clique" or you happen to find a bug that is particularly interesting to fix. Yes, they're just volunteers, but if they don't want their project to be of world class interest, then don't promote it as such.

TL&DR: Big projects with a lot of marketing pushes saying they're great for real production use, then don't support it as such, are far too common.

Re:oh noes

[rioki]

Wait, so they do work, and you have to pay them? What a scam!

Except for the really edge cases most SAP installations cover the exact same grounds. What are the chances that, for example the accounting, which is strictly governed by laws, is radically different from one shop to the next? In few cases a shrink wrapped solution would have done the job too.

And provided it works, what's wrong with that?

Except that you are billed around half a million for the "integration" efforts.

What SAP sets itself apart from shrink wrapped solutions, is integrating with existing legacy or non administrative systems. For example the sales order triggering an entry in the production system. But in the case of SAP that definitely will not be cheap and you are effectively contracting software development work out to SAP. This is all fine and well when you are a shop that has totally no background in software development. But then you can also contract it out to a different and cheaper developer.

I assume you wouldn't have to train users when implementing other system, either made in-house or bought?

Yes you need to provide some guidance. But wasting a day of a room full of IT professionals on how to fill out a spread sheet like form, so they can log their hours. This includes on how to install the application, log into the SAP, typing in values and hitting submit. With the added excourse why basics of account and why logging hours is useful. You know something that one page e-mail would have done with a "I mananger comand you to log your hurs" and here is the step by step explanation. The entire thing at the tune of 10 thousand bucks to train something like 200 people. Not to mention the fact that hours where logged beforehand.

and remodel your business processes around the paradigms those tools are designed

Except that deploying SAP also meant that most processes where changed around anyway, so yea whatever.

I have seen 3 SAP deployments, two first hand and one second hand. There is some benefit in using SAP as a one stop solution, but it will definitely not come cheap.

Re:Don't sell Open Source, just present the option

[orasio]

Good idea, but incomplete:

exactly lay out the facts:

product A is owned by commercial company with billions of dollars and developers backing the product

product B is written by some really smart people in their free time that may help you on a forum or in an IRC chat room if they can

Product C is free, maintained by a mid sized company, and they sell support contracts
Product D is proprietary, owned by a company that might be bought by the competitors, who may or may not keep supporting your product
Product E is a great software product, proprietary, but your company is not in the target market, so licensing and support don't match your needs
Product F is proprietary, and you might need small development tasks on top of the product. Only can buy from the owner.
Product G is free, and you might need small development tasks on top of the product. You can buy from the developer, build your own, contract, whatever.

Add to that, whether there is an easy way out should the unthinkable happen (end of life for products). Does the software support industry standards? Are there alternative implementations of these standards? Have you tested compatibility?

I'm not hiding the technical or strategic advantages some proprietary products might have over free ones, but they are stated everywhere, only trying to lay out more aspects you need to care about.

I think regarding the article you just need to do your job, and lay out all the things you consider. Free software is almost always better in the long run, but it's only sensible to lay out everything you considered, so others can make the best decision.