Slashdot Mirror
Openwashing: Users and Adopters Beware
jenwike writes: With the success of open source software today, we are seeing organizations undertake more egregious marketing and promotion schemes that exaggerate their participation in, contributions to, and/or licensing of open source software. Their hope is to capitalize on the label of 'open source' and the success that goes along with it. The reality is that the responsibility is on the end-users to review the software and accompanying license to ensure it meets your expectations.
From the End-User standpoint, really the only thing that they care about is that there is a "full featured" product that is free (as in beer) and they won't have to deal with marked-up license fees. Most of the time, if a company goes to a potential client and, for example, says they are going to use an Open Source CMS system, the client basically thinks "Great! My project will be cheaper because I won't have to pay additional license fees."
In all reality, I would venture that the VAST majority of open source projects in the wild that are being used VERY RARELY have that source code looked at by anyone other than the developers that are building the system or those looking to exploit it.
For most people who are more concerned with using a system than how it is built, "Open Source" just means they have to use Google for documentation instead of calling the vendor or reading a manual.
So, you'll excuse me if my first response is "not everyone gives a damn, and many people do not want to hear the screeching weasels which come along with this discussion".
No, I'll not excuse you. Stallman sounded like a loon, yes, but so many things he mentioned in the past have come true, especially regarding school books and DRM. The screeching is necessary because people are stupid and won't listen to calm tones of voice.
Back in the early 90s "open systems" were the big thing. Everybody jumped on the bandwagon. For example, DEC renamed VMS to "OpenVMS" when they added some posix compliance stuff (God help anybody who had to use posix on vms).
See here:
http://en.wikipedia.org/wiki/O...
I went through many teeth-gnashing episodes at the university with people using "open systems" as their new favorite buzzword and of course treating vms as such. While I preferred vms to the mainframes of the day and it was far easier to deal with (had tcp/ip, for example) it wasn't really "open" in the way that I and many others saw as open.
See also here:
http://en.wikipedia.org/wiki/O...
This was the silly crap we were dealing with before FLOSS became popular. Of course, we have our own silly crap to deal with now but I assure you it's less mind-numbing.
Do you have ESP?
Rabid ideological open source are the vegans of the technology world -- mostly they piss people off and cause a lot of eye rolling as they foam at the mouth.
Being a poor communicator helps nobody. Give those people a Dale Carnegie book - they're just hurting the "cause".
But the ideology does have value - from it the community ethos is generated which results in transparency, helpfulness, and quality, all highly valuable qualities for a mission-critical software package. Those points are worth explaining in a reasoned and effective manor - one does not need to drop the passion to engage in a polite conversation.
It would be nice if it weren't only rich kids who had a choice to attend a school which taught logic, reason, persuasion, and rhetoric.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
You're not wrong as a general rule, but there are plenty of organizations that do make use of the code to look at and having it be open helps even the people who just want the "free" aspect.
For instance, independent security labs can and will look at code. They then release information which aids me, as someone who may not look at the code, in making a decision on if it is safe to buy.
Open source is not about being free, it is mostly about the sharing of information with the goal of making it better and aiding everyone. Those who open source their software get the benefit of other people extending it, who then contribute back to the project in some manner. Those who use Open Source software can take advantage of the community and its work and oversight.
Being free is mostly a side effect of the fact that if you give up the source code, the software can be copied easily, and it can be made difficult to control trade secrets or algorithms, so there is little point in charging for the code itself. Opening the code removes the ability to adequately charge for the "intellectual property" but as a side effect, being "free" is a huge motivator for adoption as well, so it is usually win-win.
And although I agree that Open Source *can* mean reading a manual or Googling, that is *not* part of open source. Bear in mind, most people get support for Microsoft products in the same way... ie. Googling. You do have the option of buying certain support or developer resources from MS, but there are also service companies out there that operate services for Open Source software in the same way. Percona comes to mind for MySQL. If it is open sourced, you can have support and have it paid for. The question is whether anyone actually wants to pay for that when there is Google.
With Linux, this is a lot more difficult and requires more third party add-ons.
Only allow root to mount disks. Your users shouldn't have access to sudo, su, or the root login, anyway. Pretty simple, really; locate the mount binary for your system (/bin/mount is a good bet; if your mount binary resides elsewhere, you'll have to modify the commands below to reflect that), then do the following:
/bin/mount /bin/mount
/etc/fstab and auto-mount them on boot.
chown root:root
chmod 0750
Done. Now, only root can even execute the mount binary, so only root can mount disks, and that will include flash drives.
It does get a little more complicated if you need to be able to mount network shares, but you should be able to add those to
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
From the End-User standpoint, really the only thing that they care about is that there is a "full featured" product that is free (as in beer) and they won't have to deal with marked-up license fees.
Which isn't necessarily a given. To give a concrete example, at the 24th International Conference on Field Programmable Logic and Applications, there was an award given to Jason Anderson for his 'contributions to open source high-level synthesis', in particular the LegUp project. Now, given this award and the fact that the front page of the web site starts with the phrase 'LegUp is an open source high-level synthesis tool', you might be forgiven for thinking that LegUp is open source. If you go and read their license, you will discover that it doesn't meet the open source definition. The license contains the phrase 'Only non-commercial, not-for-profit use of this software is permitted'. Given previous legal issues surrounding the definition of 'non-commercial', this license basically means 'don't use it if you care about legal liability at all' and is worse than no-warranty proprietary freeware from a legal perspective.
I am TheRaven on Soylent News
I've seen a few "open source" projects where the open code is out of date and nothing like what is shipped in the current binaries. That's a pretty scummy way to abuse the label.
I am becoming gerund, destroyer of verbs.
it takes more manpower to configure and secure a network of 1000 Linux servers than it does a forest of 1000 Windows boxes.
No, it doesn't. I've done both (~820 Windows, ~900 Linux), and the Windows takes more administrator time. But then, the Linux servers were all Red Hat, so the "fees" really weren't any cheaper, but the vendor support was a hell of a lot better.
Take an admin task of blocking USB flash drives from desktops in receiving. With Windows, it is just creating an OU, creating a GPO, and pushing it out. With Linux, this is a lot more difficult and requires more third party add-ons.
I think you're mixing things, here. At first you were comparing server OS's, but now it sounds like you're comparing deploying Windows desktops to deploying Linux servers. Yea, guess what? Managing a monolithic single-OS environment is easier than a mixed environment. If you're deploying Linux workstations you can do the same thing with the right tools. And don't get me started on all the issues you're going to encounter using GPOs in a complex environment. It works better these days, as long as your desktops are all "Enterprise" editions and you don't have any XP or 2003 servers sitting around (then it won't eve work at all).
Or something as basic as performance monitoring. Windows has utilities (SCOM) which make it trivial to watch server performance via WMI. Yes, you can do the same with Splunk, but that doesn't come cheap.
Wow talk about admin resources - have you ever set up a functional WMI infrastructure in a secure network. To say it's non-trivial is an understatement. It's easier if everything is the same version, from a well-tested image, but there are all kinds of snafus that mean your connections don't always work or some functionality goes wrong. SCOM, frankly, is a house of cards.
Actually, I'm impressed with some of the functionality available using PowerShell and remoting in Server 2012 R2, especially being able to roll out a lot of headless stuff. But the learning curve for that, and getting the tools in place for what you want to do, is a major undertaking. Maybe after a few years with it I'd be able to do the same things I do with bash scripts now, but it seems a lot more verbose to me.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Extremist views like RMS's are necessary, lest the moderate view appear extreme.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
You're arguing when you don't understand the basic proposition. First off, he's not "purchasing a product from Windows specifically for group policy"---that is part of the OS. Second, his primary point seems to be total cost of ownership rather whether or not certain functionality is available.
He's saying those things are more expensive to implement on Linux---either you have to buy them or pay more in labor to get them. He's not wrong.
From your own examples, OpenLDAP takes considerably more time and effort to setup.
MS Active Directory is one command, five minutes of installation, and a reboot. The defaults work---as in, nothing else to configure manually---it even opens the necessary ports in the Windows firewall. It includes the group policy functionality he indicated, and it works out of the box with every version of Windows anyone has any business running anymore. Yes, the OS license costs money, but intelligent deployment really makes this a minor per-server expense (i.e., buying Datacenter licensing with decent virtualization density).
Nagios and SCOM both cost money---it's either licensing fees for the packaged version of Nagios or labor for the source/DIY version. Puppet costs money to do for Linux what Group Policy does for Windows. The labor to sustain the Linux solutions will probably cost more even if it is as simple as SCOM/GP because MS has a huge pool of labor to support their product. I can probably find dozens of competent AD admins within a reasonable commute distance---the number of competent OpenLDAP, Nagios, and/or Puppet admins is going to be significantly lower.
Microsoft is actually very good at catering to small businesses and enterprises---this is where known costs, straightforward deployment, quick and effective configuration management, and simple sustainment are important.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.