Software Audits: How High-Tech Software Vendors Play Hardball

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

After Microsoft forced us to buy...

several times as many CALs as have employees, we're moving what we can to Linux.

Re:After Microsoft forced us to buy...

Did they make you buy per device CALs instead of per user? That's what they did to us in their "audit." I put audit in quotes because it wasn't really an audit. It was just a money grab for them. We had to pay per device that our employees used. If an employee had, for example, a desktop, a laptop, a phone, and a tablet, we had to buy four CALs for them.

Re:After Microsoft forced us to buy...

[guruevi]

In the Microsoft licensing scheme you have to pay both device CAL's and user CAL's. So for each device you buy a device CAL and per user you pay for a user CAL. Server's also have to pay per processor (which is a toss-up between physical processor, core and thread depending on product and vendor or a combination of them).

Re:After Microsoft forced us to buy...

[MightyDrunken]

In the Microsoft licensing scheme you have to pay both device CAL's and user CAL's. So for each device you buy a device CAL and per user you pay for a user CAL. Server's also have to pay per processor (which is a toss-up between physical processor, core and thread depending on product and vendor or a combination of them).

I'm glad that Microsoft simplified their licensing at last.

Re:After Microsoft forced us to buy...

[sexconker]

Everything with separate user and device CALS I've ever seen lets you choose whether to buy a user CAL or a device CAL.
Some things require you to license only one way or the other. For an RDS service you can't mix user CALs and device CALs. It's one or the other, so you have to determine which is cheaper overall.
For server software like SQL, it was per socket for ages. Recently they started charging per core, and a typical license allows you to run on 2 cores, so you need to buy packs of licenses covering all the cores you need to run on.
For Windows Server itself, you've got a similar situation as above, but you get to run 1 physical and 2 virtual instances per licensed copy of Windows Server. I believe you have to use their visualization shit, but I'm not sure if virtual instances have to run in the physical instance or not. We use VMware and our Windows servers are virtual already, with virtual CPU allocations mapping to physical CPUs. We're already virtualized, so I see no need in running additional virtualization layers.

Making sense of MS's licensing schemes is a nightmare, especially when they keep changing them. Their sales people don't know what the licenses actually grant you, can't tell you what you need, and have no chance in hell of ever linking you to a place where you can buy a license that matches the name of what they said you should buy. The whole software industry is like this though. I can't buy a software license for an Adobe product and get an actual description of what I'm buying. Buying Acrobat DC got me Acrobat 2016, and I have no clue what type of license it actually is. It installed though, and I gave them money. If they want to audit anything they can read the email logs between myself and their own sales people.

Re: After Microsoft forced us to buy...

You're wrong. You do not need both user and device CALs for the same product, except in very weird/niche scenarios. If you were audited, and this was what you were told, you should take legal action against the auditing company (not Microsoft) as they probably gave you incorrect information.

Do bear in mind that it is your responsibility to know the licensing terms and argue your side. The auditing company can often be clueless, or have an incentive to rip you off.

Re:After Microsoft forced us to buy...

That assertion is incorrect. You don't have to pay for both, but you do have to figure out what the role of the person/device will be.

User CALs for when a user needs to connect to (whatever) with more than one device - laptop, tablet, phone, etc.

Device CALs are best used in call centre type places. eg. 200 computers, and 400 people.

Re: After Microsoft forced us to buy...

[guruevi]

I think that was what this article is all about. It's cheaper to pay the licensing than to pay a lawyer in a suit. It's outside of the range of small claims so it's not like it's a simple case, this will be 3-5y in jury at least.

Microsoft has forced people to pay first user CAL's then later device CAL's and I've seen companies forced to pay per processor AND then later user CAL's AND to connect eg. SharePoint to SQL Server, a connector license. But hey, it's Microsoft, sue them and many (eg. Microsoft Partners) lose their "cheap" licenses and have to pay full price.

Re:After Microsoft forced us to buy...

*cough*Bullshit*cough*.

The entire reason for device and user CAL's is so that you don't have to buy both. Microsoft's own website even says so. They provide a handy "CAL tool" to calculate what you need.

https://www.microsoft.com/licensing/CalTool/

It plainly says that a user CAL "permits one user, using any device, to access licensed servers" (emphasis mine). "Any" device isn't the same as "any licensed device".

It also says that a device CAL "permits one device... used by any user, to access licensed servers" (emphasis mine). And again, "any" user isn't "any licensed user", or it would've said that instead.

You need either a user CAL or a device CAL to cover any accesses to a given licensed server at any time. If you have 10 accesses from 10 users, and you have 5 user CAL's and 5 device CAL's, you should be good to go.

The GP's company got screwed by people that don't know how CAL's work having to face-off against salesmen that know exactly how CAL's work and, more importantly, how people who don't know how CAL's work can be coerced into dropping huge sums of money to get out of what looks like potential legal action. But when was the last time a sales team actually brought legal action against a potential client? If you push back, they'll back off. They know it's bad for business to push too hard, but it's also their job to find out how hard is "too hard".

Open source is the solution

The only audits of open source software are to remove bugs. Ditch proprietary software and this isn't an issue.

Re: Open source is the solution

This 10000x over. I don't know why people put themselves thru this shit. We know they don't have our interest. $$$ rules the day. Pay up and shut up.

Freedom, not Price

[Aighearach]

This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

Freedom means some external entity can't interfere or try to pull the rug out. I have what I have, I know what it is, and nothing will change unless I accept change.

Re:Freedom, not Price

This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

Only works if you don't require any specialty software whatsoever, which is practically nobody. Anything specialized, like CAD tools, EDA tools, specialized vertical market applications, etc. and you're back to keeping track of licenses.

Keeping track of licenses is dead easy anyway. Any organization that can't keep track of its software licenses is probably not competent enough to keep track of its customer invoicing, tax obligations, or payroll either.

Re:Freedom, not Price

[ShanghaiBill]

This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

What do you use for accounting/bookkeepping/taxes?

Re:Freedom, not Price

Keeping track of licenses is dead easy anyway.

Found the guy who's never dealt with a Microsoft Server License.

Re:Freedom, not Price

[Aighearach]

[same as before computers but]... on a computer.

They don't have a special doohickey that enables those things. Though spreadsheets are pretty awesome compared to a ledger and a calculator.

Re:Freedom, not Price

[sjames]

You've obviously never tried to actually be compliant. When MS itself cannot tell you how many of what license you need and changes it's mind regularly, it is literally impossible to be certain of compliance (because they're not) short of buying an unlimited site license for everything.

Re:Freedom, not Price

This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

Freedom means some external entity can't interfere or try to pull the rug out. I have what I have, I know what it is, and nothing will change unless I accept change.

So you put your balls on the line for SOX or HIPAA?

Glad to see you're doing that.

Re:Freedom, not Price

[Aighearach]

Only works if you don't require any specialty software whatsoever, which is practically nobody. Anything specialized, like CAD tools, EDA tools,[blah blah blah]

Hilarious, some of the most important software I use in my work is the EDA and CAD tools.

What makes you think that people with software freedom don't have software? What makes you think that proprietary software gives you access to something nobody else does?

"Specialized vertical market applications" like Tow Truck 2000, and shit. You don't have to buy that stuff to work in those industries. Software isn't Harry Potter magic spells, that proprietary software isn't a special sauce that enables work in those industries; it is just one way to organize your workflow.

The examples where you really need special software are rare; they certainly don't include EDA or CAD. But if I wanted to be in the business of selling weather forecasts, I'd need specific software because humans can't predict the weather and there are very few engineers working in that field. Anything engineering-related, of course, has FLOSS alternatives already, and generally can be done without even using computers.

Like in the 90s when people told us we "had to" have Microsoft Office, and kept repeating it even after we pointed out that we use something else... successfully. Or when people insist you "have to" use an IDE to write code, because more people use them than don't.

If I was in a field where everybody is totally locked in to proprietary crap software in the whole "specialized vertical market," then I'd be in the perfect position to totally disrupt that market by offering a FLOSS alternative. That is the business reality in the real world; choices exist.

Re:Freedom, not Price

[innocent_white_lamb]

I own and operate a small business and I do my accounting with the Libreoffice spreadsheet. I print the spreadsheets out at the end of each year and give them to my accountant.

Nothing much to it, really.

Re:Freedom, not Price

Software isn't Harry Potter magic spells

Careful. Doth Wizards not wriggle fingers to produce software from thin air? Indeed, this is marked as true even the ancient scrolls of Hackerdom.

Re:Freedom, not Price

[mattventura]

You might lose out on certain perks or volume pricing, but smaller businesses can often just get away with boxed software. Generally it avoids the whole auditing kerfuffle, and also makes it much easier to never step out of compliance with the licenses - just keep track of which key is used for which PC. Doesn't scale up very well though, so you're still forced into volume licensing for larger businesses.

Re:Freedom, not Price

I don't know about SOX, but a lot of OSS is used in HIPAA software.

Re:Freedom, not Price

[Aighearach]

Sorry to reply twice, but I wanted to tell a funny short story about my taxes this year.

I decided to use one of the "free" options other than the fillable forms... big mistake! I went through their whole step by baby-step process, in the end provided the exact same information as the real form, in the same order, was asked a question in every place where the instructions instruct me to do one thing or another, and at the very end right before submitting it they pissed me off so bad with their bait-and-switch, click "free" 17 times nonsense that instead of making that last click, I wrote them an angry message demanding they delete my account, and just re-entered the same information into the raw form.

I'll never try to use "tax software" again, even when it's web-based. What a total pain in the ass. Taxes aren't even hard, if that is hard to understand my own code would never run. If I was so rich and trying so hard to avoid paying my taxes as to make it complicated... I'd hire a professional.

Business taxes... if you're used to reading the manual before you do a thing, and you were recording the correct things on a day-to-day basis, then it is the same there are just more instructions to follow. If you can't do it right on your own... you didn't do it right using the software, either. You either have to step through that same decision tree one way or another, or hire somebody else to.

Re:Freedom, not Price

[ShanghaiBill]

[same as before computers but]... on a computer.

Using a spreadsheet may be okay if you are a one person business or a Mom & Pop shop. We use Quickbooks, and it pays for itself with just the end-of-month bank reconciliation (a few seconds with the software, half a day for a human). Other than accounting and tax software which runs on a single dedicated Windows box, we are completely FLOSS. We tried GnuCash, but it is missing many crucial features, and even worse, the developers consider it "done" and are not open to suggestions for improvement. Please don't say "just fork it". That is not a reasonable alternative to paying $150 for Quickbooks.

Re:Freedom, not Price

Hi, I've been in the business of commercial weather forecasts.

Most of the pipeline is FOSS. All the support libraries are FOSS anyway and most of the client software was written on and for Linux clusters.

Non-FOSS is we buy the Intel Fortran Compiler, but could use GCC's gfortran if that became horribly expensive. And Matlab, but for the tasks which are just glue there's a push to replace that with Python. There are a few other things at the edges, but nothing that's going to break the bank or leave us at the mercy of a sole supplier for a critical part of the work.

Re:Freedom, not Price

[ogdenk]

Anything specialized, like CAD tools, EDA tools, specialized vertical market applications, etc. and you're back to keeping track of licenses.

Keeping track of licenses is dead easy anyway. Any organization that can't keep track of its software licenses is probably not competent enough to keep track of its customer invoicing, tax obligations, or payroll either.

EDA tools? Last I checked gEDA was free and actually nice and functional. And those tools will likely not be used by most office drones.

Even if you can't get rid of all the proprietary crap from vendors that have your organization by the short and curlies, you can minimize the problem and make audits much less lengthy and confusing. ALL organizations that depend on 100% proprietary software have something somewhere they slipped up on. Reduce the dependence, reduce the risk of being exploited and screwed over.

The biggest issue now for me with FOSS is xorg, Linux and BSD support for tablet hardware blows, so Windows is the only realistic option if you want to run desktop-class software on a lightweight tiny x86 tablet PC. VNC X11 kludge and chroot debian on Android doesn't count.

Re:Freedom, not Price

[dwywit]

I have NEVER found a FLOSS video production suite that works as well or as smoothly as Adobe's, and I've tried the half-dozen or so most-recommended packages listed on the forums.

There's much to complain about Adobe, and proprietary software in general, but calling it "just one way to organise your workflow" is simplistic. Film-making is pricey enough (and not rare), why would professional production companies spend even more $$$ on software like this unless it saves them money in the end?

Re:Freedom, not Price

[Aighearach]

Right, if you read the complaints carefully, they come down to words like "smoothly."

Don't know, don't care. It is probably true. My software has a square jaw and a slight speech impediment. It doesn't bother me.

Re:Freedom, not Price

[Aighearach]

forking gnucash is silly, that is personal budget software, not resource management.

There are indeed other ways of doing things than buying proprietary software licenses. This idea that we're crippled is absurd.

If your software license works for you, nobody is asking you to switch.

Re:Freedom, not Price

[phantomfive]

Or when people insist you "have to" use an IDE to write code, because more people use them than don't.

My problem with this is when the IDEs become obsolete. I had a project I built for OSX. I didn't touch it for a few years, then came back, and XCode was unable to open it anymore.
I had another project from the same era built with a Makefile. The same makefile still works today. So yeah, I'll be putting in extra effort to avoid IDEs that depend on proprietary file formats in the future.

Re:Freedom, not Price

[hankwang]

"What makes you think that proprietary software gives you access to something nobody else does?"

At the engineering company where I work, there are on the order of 10^3 engineers that need to do CAD design on different parts of the same product, recursively, in parallel, with tight version control, and multiple people doing sign-offs before the part goes in production. By 'recursively', I mean that one person is doing the layout of a big assembly that includes smaller components that are still being designed, each of which includes even smaller components that are still not final.

I highly doubt that there are FOSS alternatives that can handle that kind of workflow without extreme discipline of the users.

Fortunately, I don't do CAD. I only have to deal with the document management system that's part of it. (Rather crappy, I must say). I do my calculations exclusively in FOSS. Most of my colleagues use Matlab for some reason. (I believe that the real cause is that technical universities teach it because the educational licences are nearly free.)

Re:Freedom, not Price

[hankwang]

"Using a spreadsheet may be okay if you are a one person business or a Mom & Pop shop."

I did the accounting for a club with about 25 members for a couple of years. In a spreadsheet. Every year when I needed to close the books, I found myself sitting behind the screen until 3am because the numbers were not consistent, due to spreadsheet errors (inserted row that messed up cell ranges in formulas) and all the special cases of bills that were paid in a different year than the invoice date.

I shudder if I think about using a spreadsheet for a serious one-person business with more than 1000 transactions per year.

Re:Freedom, not Price

I work for a large computer hardware company. One of the few largest in the world. I use EDA software from Cadence for my work all day long. It's very expensive, I don't know how much exactly.

A few years back, the suits decided that we should save money by writing our own EDA software to use instead of Cadence's. So we did. And it turned out to be crap - limited functionality, unintuitive, weird bugs all the time. My productivity literally dropped by half when using this software. Our company has tens of thousands of workers, including innumerable programmers, and this is the best they could do. After a few years, the company realized their mistake and went back to Cadence.

Bottom line: it's not that easy to just leave the EDA companies.

Re:Freedom, not Price

Been there, did that. Practically had to install a legacy OS to run a legacy IDE to fix one line of code.

These days, all my projects do their production builds from command-line. Only development uses (but does not require) IDE.

Re:Freedom, not Price

Unless you have been considerably more fortunate than I have, the $150 - or was that $1500 - for Quickbooks software is only the "cash register" price.

That stuff is so cumbersome that the in-house manpower required to use it is considerable.

Incidentally, I have looked at the innards of Gnucash. While there are certain things about it that are pretty horrible, at least it's easy to set up your own data services for it.

Re:Freedom, not Price

[AmiMoJo]

The examples where you really need special software are rare; they certainly don't include EDA or CAD.

EE here. Show me a FLOSS app for schematic capture and PCB layout that is adequate for moderately complex boards. KiCad certainly isn't. Don't get me wrong, it's good for doing Arduino shields and maybe the odd four layer board, but compared to even Altium or Eagle it's severely lacking when you need to start doing complex boards with high speed digital on multiple layers, or complex RF, or massive auto-routed FPGA boards etc. And that's not even mentioning the really high end apps.

Re:Freedom, not Price

[Overzeetop]

I'm sorry - which OSS project intefaces seamlessly with Revit so that I can deal with three separate A/E offices (architect, electrical, mechanical) working simultaneously on the same project for a $10M project delivery in a month?

Yeah, didn't think so.

Re:Freedom, not Price

VNC X11 kludge

Eh? Real X11 has been available on Android for a while. Though personally I only use it for remote access (ssh X forwarding).

Re:Freedom, not Price

Only works if you don't require any specialty software whatsoever, which is practically nobody

Most "specialty" software is custom! It's not AutoCAD, it's this-weird-thing-CAD. It's not Bigcorp POS; it's our-POS. Etc. You're right that there are exceptions but it's mostly custom so there's little reason the copyright can't be held by the company that paid to have it written.

Re: Freedom, not Price

Keep paying rediculous fees then, nobody is forcing you to switch. There are OSS solutions out there if you would look. But you are now locked into 1 way of doing something, and if it doesn't work exactly that way, then it sucks to you. This is basically confirmation bias at its best.

Re:Freedom, not Price

any open source cad + git.

Re:Freedom, not Price

[Grishnakh]

That's why open-source software works better than trying to just roll your own internal crap. With FOSS, multiple companies who need the same thing can work together and pool their limited resources to produce something which works well for them. That's kinda the whole point to it all. Buying proprietary software is nothing more than outsourcing: instead of making your own tool, you're getting an outside vendor to do it for you. They profit because they sell the same tool to a bunch of customers. But they're greedy so they charge a lot for it when it's a niche application and you have no freedom when you use their tool. If you have enough resources in-house to make a comparable tool in a short enough time, then you should do that, but most places don't (as you found out). But when you pool resources with other like-minded firms, then you can do it.

There's likely already a FOSS EDA tool that does much of what you want from Cadence. Contribute to that and add in the functionality that it lacks that you need and fix it up.

Re:Freedom, not Price

[Grishnakh]

What kind of moron would run EDA software on a tablet?

Re:Freedom, not Price

[ogdenk]

No one I can think of, was just stating that my biggest issue with FOSS software right now is crappy support for hardware that is very commonplace now.

On the other hand, EDA software on a hi-rez large screen tablet with an active stylus, a real CPU and 8GB+ RAM might actually be a pretty interesting tool in some situations.

Re:Freedom, not Price

[Grishnakh]

I can't imagine what situations those would be. A 24" or 30" tablet would be completely infeasible to carry around. And using a screen less than 24" at a bare minimum for work like that makes no sense at all.

Re:Freedom, not Price

Wow you're spoiled. I've run EDA software on 19" 1280x1024 CRT's on 40MHz machines with 32MB of RAM.

Re:Freedom, not Price

[Grishnakh]

Yeah, and people used to drive around in cars with 40HP with no seat belts and hand-crank starters too. That doesn't mean anyone sane would want to go back to that.

Re:Freedom, not Price

[Aighearach]

blah blah blah "doubt."

That's all you said.

I personally have no doubt that the engineers, including ones working in large teams, who use open source EDA tools are not merely country bumpkins who are unable to come up with a work flow. Which is what you seem to imply.

I also have no doubt that whatever proprietary work flow you're locked into would cause difficultly to change. Other ways of doing things would be different, and you're already invested in the way you are already doing things. But that is circular, and tells nobody anything about what it would be like using different tools.

It is the same nonsense people were saying in the 90s, and it was already disproven for decades back then.

In the phrase, "I highly doubt that there are FOSS alternatives that can handle that kind of workflow without extreme discipline of the users" what the fuck do you mean by the word "handle?" Is that some kind of machismo no-true-scotsman bullshit, or do you think the CPU cores of the machines would overheat, or do you think the software would simply core dump if it had to do Real Manly Work? Because it sure as fuck doesn't sound like an actual technical problem.

Fortunately, though, you don't "do CAD" and don't actually have a clue about what you're claiming to have a clue about. So I won't have to wonder, "gosh, when I check my files into revision control so others have access to them, will the sky fall because I used CAD software to generate them?!" I also won't have to worry that maybe my automated documentation system isn't documenting anything, because the license might not be wearing the right type of fancy shoes.

And did you know that there is a thing called GNU Octave that is mostly compatible with matlab? Luckily I don't have to touch that shit, I use R, which is the open source version of S. Notice a pattern? For every proprietary thing that Important People have a Very Important Workflow based on, there is an open source alternative? Funny how that works. I wonder why it is that way? You don't wonder about that, though, because you don't even know about it.

And BTW, 10^3 is a pretty lame way to try to look smart. It is a fairly small round number. You can just say 1000.

Re:Freedom, not Price

[Aighearach]

Use google, find the one that EE's are using, and then you'll be ready to talk about it.

There is one. Or is this a no-true-Scotsman with moving goalposts where no actual board will be complex enough for you?

We design our boards, and they come back from the fab, same as with what you use. Your proprietary software is not a magic spell that enables you to do things that FLOSS users aren't doing. Everybody is doing the same things, with different tools. KiCad is not the main professional tool in use, it is the main hobbyist tool. So it is a specious point.

Just like, the tools I use would be "too difficult" for a lot of KiCad or Eagle users, but are not actually difficult at all. That you mention Eagle is hilarious, of course.

Start from the knowledge that other EEs are using FLOSS tools. There is no reason to have false presumptions going in. Knowing that, you don't have to wonder something silly like, "gosh are all their boards 1 or 2 layers?

If you don't know what the tool is, and you're skeptical that whatever it is can do work, then you're simply ignorant of something that you don't actually care about. There is no reason or benefit to tell you what it is, but it may benefit you to know that options exist and professionals use them. If you were interested, maybe it would be a different conversation.

Re:Freedom, not Price

[Aighearach]

Revit is proprietary, right? If you're interested in the FLOSS answer, it is don't give up your freedom in the first place; use a complete stack that respects your freedom.

If you already have a specific contract (or your employer does) that forces you to use proprietary software, and you're OK with that, then my advice is just use whatever is normal for you.

If you come to a place where you want to avoid the pains and restrictions and liabilities of that way of doing things, then change completely to freedom-respecting software, and don't worry about bidding on contracts that mandate use of specific packages.

Another point I'd like to make is that in work flows based on open tools, we don't value "seamlessness." We value the seams; those are the places where the automation happens! Those are where we attach hooks to do whatever it is we want to achieve. With "seamless" proprietary workflows, you just have to follow the cattle guards to wherever they take you, and rely on the good people at the software vendor to have not only anticipated your needs, but also decided that all your needs were important enough to include. Or just, do things their way.

With a seam, I can write a filter of some sort in a few hours to do something that otherwise might require waiting three years for the vendor to add it as a feature.

Re:Freedom, not Price

[AmiMoJo]

What a load of gas-lighting horseshit. The tool you allude to doesn't exist.

I wasn't arguing that proprietary software is magic either. That's a straw man. I was simply pointing out that nothing equivalent exists as FLOSS. Probably due to the decades of development that have gone into even mid range tools like Altium and Cadstar, to say nothing of the high end stuff. Apparently there just aren't enough people working FLOSS implementations.

Re:Freedom, not Price

[Aighearach]

Right, the tools I use don't exist, because you don't know about them!

Magical thinking at a whole new level.

You really underscore why I'm not interested in playing school-marm on command for you; you're not interested in the subject, and you've already decided that proprietary software is a magic spell.

There is a whole world of no-true-scotsman behind the word "equivalent" as you use it above. In the same way, proprietary software doesn't offer any equivalent to any of the open source tools.

Even Photoshop can't provide an equivalent plugin system to GIMP. Oh, well, it can, but only if you choose definitions of "equivalent" that include both! Gosh. What if we only used meanings of the word that implied professionals can get their work done? Then it would turn out that you're just full of shit; how would you know that a tool you've never heard of (the most popular open tool for the job being discussed) can or can't get a job done? Surely after being told that professionals use it, you'd know? Oh, no, even then you wouldn't know, because you choose not to know shit.

You're not an EE, you don't know what the tools of the trade are, and you're able to engage in very basic critical thinking. You're just some bullshit on the internet.

Re:Freedom, not Price

[AmiMoJo]

Name this electronic design tool you are talking about.

Re:Freedom, not Price

[Aighearach]

The tool is not named google. But google is the tool that you should be using to try to find your answer. But really, you should already know it before saying the things above; if you don't already know which tool I'm talking about, you have no idea if the things you said are true.

Re:Freedom, not Price

[AmiMoJo]

I called your bluff, and you had nothing.

Re:Freedom, not Price

[Aighearach]

There was no bluff to call; and you didn't say anything. Get a grip. Review the thread if you need to. You wanted to challenge that professionals even can use the tools that they use, and that's just an impossible argument to attempt. And then you couldn't even figure out which tool they can't use, as your way of proving the quality of your use case analysis.

Re:Freedom, not Price

The main advantage of using a tax program is that all the math dependencies are linked and automatic. If I change a number somewhere, the results flow through the whole tax program. The tax code is so complex that everything depends on everything. Change a number and you tax bracket might change; you might now have to figure Alternative Minimum Tax; the phase-out of your deductions might change; do you still qualify a Tuition tax credit; etc. Before personal computers, I had to wrestle with that on paper tax forms, although in those years the interdependencies were not so intricate. Of course, it is the advent of computers that made it possible for Congress to make the tax code so complex. Without computers, there would be a revolt.

Ok, so how should it work?

[ShooterNeo]

Software is immensely expensive to create. The bigger, real world systems actually in use cost a fortune in real money to create because the bigger and more complex they get, the more people are needed to try to increase productivity by increasingly small percentages.

The money has to come from somewhere. If companies can't pay their programmers, the software stops being made. The open source model is an alternative in SOME cases - but not all.

Software is pathetically easy to steal. Somehow the companies making the software need to get paid. Going after individual thieves is a waste of time, but targeting corporations with deep pockets makes perfect sense.

Sue Joe Smoe for ripping off Microsoft Office, and you won't recover enough to pay your lawyers and the fees to file the lawsuit. Sue Exxon because they paid for 1000 copies of Office but used 10,000, and they will be able to pay any court judgement. You can ask the courts for your legal fees, the cost of the software they stole, and compensation for your trouble.

Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal. This is just a pre-lawsuit bargain - they pay a lot less than they would pay if there were a court judgement, you get your money now. Sounds fair and reasonable to me.

If companies don't want to face this risk, they can use open source software. Oh, it costs them more to have an in house programmer staff to customize the software for their needs? (since open source stuff tends to be a bit rough around the edges) Then pay the damn commercial license fees, and buy a few more than you need just to be on the safe side.

Re: Ok, so how should it work?

The open source business model works just fine. Companies like IBM and Redhat use it with no problem. The source is open and free, but they make money by selling complete systems and providing support. Those things are valuable enough to businesses to pay for. There are a lot of corporate contributions to open source software as as result. It's in the interests of those businesses to maximize the quality of the software so more people purchase support and enterprise systems.

Re: Ok, so how should it work?

[ShooterNeo]

Yes, but for companies who steal commercial software, how else SHOULD it work?

Companies who have the choice of paid open source, free open source, and commercial software still extremely frequently choose commercial. Must be a reason.

Re:Ok, so how should it work?

Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal.

Except in many cases, that isn't at all how it works.

Someone will send an anonymous "tip" that a company is using unlicensed software. Often this is a disgruntled employee or ex-employee. Hell, BSA has been running ad campaigns on Facebook for a while now encouraging people to report companies in exchange for the possibility of a small reward.

The software companies (Or BSA on their behalf) will start hassling the reported companies, whether or not it is true. This leads to either a voluntary audit of their licenses (Which still costs quite a bit in time and effort) or legal action. Every instance I've heard of companies going through with the voluntary audit has had the companies threatened with having trivial, honest mistakes punished with large fines and legal action. It's a losing proposition for them, even if they've done nothing wrong, or have small technical issues with their licensing that they've made a good faith effort to have in compliance.

It is a complete shakedown.

Re:Ok, so how should it work?

[guruevi]

This isn't a company using software illegally. This is Microsoft going after their small business customers that can't afford to pay the legal fees and threatening them with legal action just for the hell of it. They then sell them a higher costing licensing scheme just because they can regardless of whether they were covered by the initial terms.

Re: Ok, so how should it work?

You say you are using open source and not stealing our stuff? Prove it. Do an audit or we'll see you in court (in which case the court will do the audit on our behalf anyway). And it will cost you a bunch in lost time and inconvenience.

So, you were NOT stealing our stuff. This time. See you next month to go through the whole process again. Until you give up on that open source idea and buy our stuff.

Re:Ok, so how should it work?

trivial, honest mistakes

Yeah, right. Try making some "trivial, honest mistakes" on your taxes and see what the IRS does to you.

With all the other routine record keeping that's necessary to run a business, "keeping track of licenses is too hard, boo hoo" is a lame excuse and always has been.

Re:Ok, so how should it work?

trivial, honest mistakes

Yeah, right. Try making some "trivial, honest mistakes" on your taxes and see what the IRS does to you.

I'll tell you what they do - they let you correct "trivial, honest mistakes", without the anal dilation that accompanies a software audit.

Re:Ok, so how should it work?

[meerling]

As software technical support on various corporate products, we take notes on everything, but if it isn't relevant to the issue, we tend not to care.
As such, I've had plenty of people freak out because when talking to me they realized they are using a few more seats than they have licenses for. As an example, licensed for 800 seats, but using 835. It just goes in the notes that 835 are in use so any techies working with them know what they have to look at.
On the other hand, if you get situations where somebody is licensed for 30 seats and is using 500, that will get forwarded to another department at some point after the call is resolved.
The only places I know of that had software audits done on them were on average around only 50% compliant. That's totally secondhand, so take it with several grains of salt. Of those, most were just told to get compliant in a period of time. It wasn't used for marketing, though with the cheap stunts marketing weasels use, I wouldn't put it past them. I'm just glad our company didn't give that info to the marketing weasels. (With the number of times I was down there yelling at them for lying to our customers when all they had to do was use the internal line to check it with support, I don't much like them, as some of them will do anything for a sale.)
And yes, by seats, I mean the warm kind that are being used. We didn't care how many machines it was installed on, or who the operator was, just so long as the total in use didn't exceed the client at any particular time. We also understood that sometimes things slip no matter how much you tried, and that's why we also used auditing software on our own network on a regular basis to find any issues and deal with them ourselves. Nobody writes all the software they use, and if you want to be part of the market, you really have to play fair. (That doesn't mean roll over and be a mat, but definitely to obey the same restrictions you expect your customers to.)

Re:Ok, so how should it work?

[vux984]

This isn't a company using software illegally.

Isn't that exactly what is is though?

This is Microsoft going after their small business customers that can't afford to pay the legal fees and threatening them with legal action just for the hell of it.

I've been audited by microsoft; it took a couple hours to fill out. They asked a few follow up questions and were satisfied and went away. It wasn't a big deal because I had documentation. I mean, you do maintain a software inventory right? You know where your licenses are right? You do actually have enough licenses right?

So that you know you are in compliance with your license agreement right?

The only way I'd "true up" is if I knew the audit would find a lot of non-compliance's... and then truing up, like the other poster said... its sort of like an out of court settlement. I don't acknowledge any wrong doing for what I was doing, they get some extra money, we sort of agree how to square things off... end of story.

But I don't need to true up because I'm clean. If they want to do a more thorough audit themselves, they're welcome to have at it. It's their money to burn.

Re:Ok, so how should it work?

[sjames]

It wouldn't be so bad if they could tell you exactly how many of what license you need and then not change their minds during a disruptive audit. It's quite hard to guess what licenses they may require you to have from day to day.

Re:Ok, so how should it work?

The IRS has it spelled out exactly what you need to do to be compliant. It's in a book form, that tells you exactly what you need to do. It's extremely complicated, but when it comes down to it you know if you're compliant or not.

Try getting a straight answer out of Microsoft as to whether you're compliant or not, let alone have a single written source of information from them on whether you're complaint or not.

Re:Ok, so how should it work?

> I'll tell you what they do - they let you correct "trivial, honest mistakes"

You're correct. I made a trivial, honest mistake on my taxes one year. They sent a form showing the correct calculation, and a bill for the difference, and I paid it. End of story.

Re:Ok, so how should it work?

[ShooterNeo]

Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it. I'm just saying, if you really want to be above reproach, you can do this. Try to pinch pennies and get exactly the bare minimum licenses you need? Well, this is a risk you take.

Re:Ok, so how should it work?

Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it.

You'd think it would be that easy, except it isn't. Microsoft will not accept the unique license keys as proof of you having a valid license. That includes the Windows license sticker that's affixed to your computer, or the license key that's printed on the software. All this is is the certificate of authenticity, which verifies that it is a genuine copy of the software. It does not show that you have a license to use that software.

Proof of the license comes in the form of proof of purchase from a valid reseller, who in turn must have proof that they purchased it from a valid distributor. If your reseller sold you an invalid licensed copy, you're on the hook for that. It is up to you to provide valid documentation that the license is valid and was purchased from an authorized reseller.

Re:Ok, so how should it work?

[mattventura]

The problem is that normally what allows the audit to begin with is entering a contract with the software vendor. So if someone strictly pirates everything, theyre at somewhat less risk of an audit than a company that buys some software but pirates here and there. And the "piracy" isn't always intentional - often it's just someone thinking "hey, this feature looks neat, I'll enable it" without realizing you have to pay extra. Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for. It could also be someone wanting to make a test environment of something, not realizing they would need more licenses for that. There can also be situations where a license lapses, but the system in question isn't centrally managed enough for someone to know that they need to uninstall some particulra piece of software from it.

It's far from a "make pirates pay up", it's "make everyone who does a rolling stop or goes 1MPH over pay a 4-digit fine".

Re:Ok, so how should it work?

[UnknownSoldier]

> Software is pathetically easy to steal.

You keep using this word "steal". It doesn't mean what you think it means.

When you steal something you deprive the original owner the ability to use it.

When you "illegally copy" something the original owner _still_ has the ability to use it, if just means you've also gained the ability to use it.

Stop hijacking words in an attempt to redefine them, all you've done is fallen for the propaganda of the delusion of ownership of numbers.

Re: Ok, so how should it work?

That is your cherrypicked definition. Here's mine from dictionary.com and it seems to apply to software to me-

steal
[steel]
verb (used with object), stole, stolen, stealing.
1.
to take (the property of another or others) without permission or right, especially secretly or by force

Re:Ok, so how should it work?

[sjames]

Above and beyond what AC said, you can also get in trouble if you install any web based services or similar.

Re: Ok, so how should it work?

Except when you copy software, nothing is taken. It is duplicated. It's a subtle but distinct difference. Unless you're referring to someone walking into a store, grabbing a copy of a program and walking out without paying for it. That would be correctly called stealing.

Re:Ok, so how should it work?

[dbIII]

Four years ago I was sent some audit paperwork (Microsoft SAM) as part of a shakedown with the excuse that the business I work for bought an NT server licence and 10 CAL licences in 1998. That was the last licence purchase from MS apart from OEM licence since the place was a *nix shop and moved to SAMBA around 2000 (no point having a single MS server - should have at least a backup domain controller anyway since MS server is so fragile). So in 2012, FOURTEEN YEARS after buying licences the vultures turned up.
I took a look at it, it had dozens of pages of things unrelated to the actual licences including questions about the number of android, mac and linux devices. I decided that it was a very offensive fishing expedition and marketing exercise and that I had no desire to ever be in the situation where they could legally inflict this upon me. so I told them the licences were not current and not in use so I was not their customer - several times, and eventually they stopped contacting me.
It was a whole lot more than just sending them details of current licences (of which I had none) and clearly was designed as a combination of shakedown and very intrusive marketing information aquisition.
So it's not just about satisfying them that you have current licences, they want to know about what else you have from other vendors, number of employees, company income etc which is none of their business.

Re:Ok, so how should it work?

[ewhac]

But I don't need to true up because I'm clean.

Surprise! We unilaterally changed the EULA terms (paragraph 69 lets us do that). Because of reports of loading issues, running our software on 1 gigabit or faster networks requires a mandatory subscription to our Premier-III support tier. Also, an Intel "hyperthread" now counts as a full core. You can still run on a virtualized host, but only using virtualization software we've vetted and approved for use (surprise! There's only one, and it's our own).

Are you clean now? Didn't think so. Enjoy the shakedo^H^H^H^H^H^H^Haudit.

Re: Ok, so how should it work?

[west]

It's a subtle but distinct difference

It's a semantic point meant to obfuscate the crime. We're talking English, not the criminal court system.

I get you are a good person, so what you're doing can't be stealing, because stealing is bad and good people don't do bad things.

But even a 5 year old knows that copying without permission is stealing (try copying her homework and submitting it with your name. "It's not stealing! You still have your homework!")

Anyway what you're taking is the sellers opportunity to economically exploit his or her work. Probably less than list price, still theft of some value.

Re:Ok, so how should it work?

I've been audited by microsoft; it took a couple hours to fill out. They asked a few follow up questions and were satisfied and went away. It wasn't a big deal because I had documentation.

That's great for you, but in many non-trivial enterprise scenarios, software licensing becomes so complex that it is impossible to definitively say whether you are compliant or not. What are your rights with SQL Server Enterprise on VMWare, with hyperthreading enabled. Do you know passive node rights with and without SA? Define "internal use" for me and give me examples. If you run SQL 2012 but purchased 2014 licenses, what are your downgrade rights, and do you follow 2012 or 2014 rules? What are the licensing rule changes between 2012, 2014, 2016? When 2016 is released, does your silver competency licenses for 2012 invalidate immediately, or how long do you have to upgrade? How many devices connect to your server? How does DR work, and what are the differences with SA and 2016? I assume you checked your core factor table?

You can do a cluster node failover and go from compliant to non-compliant in 30 seconds. The whole thing is ridiculous. Even the auditors don't understand the rules.

Re:Ok, so how should it work?

[guruevi]

No, you can perfectly legally buy your licenses today and then a year later be out of compliance with another internal, parallel licensing scheme without you changing anything. Microsoft then claims you're doing something illegal and it's cheaper for you to pay up than to fight it.

Even internally Microsoft has no clue what licensing scheme is correct, you get as many answers as people you ask and when audits come along, it's typically whatever is more expensive.

Re:Ok, so how should it work?

[ayesnymous]

Except in many cases, that isn't at all how it works.

Someone will send an anonymous "tip" that a company is using unlicensed software. Often this is a disgruntled employee or ex-employee. Hell, BSA has been running ad campaigns on Facebook for a while now encouraging people to report companies in exchange for the possibility of a small reward.

The software companies (Or BSA on their behalf) will start hassling the reported companies, whether or not it is true. This leads to either a voluntary audit of their licenses (Which still costs quite a bit in time and effort) or legal action. Every instance I've heard of companies going through with the voluntary audit has had the companies threatened with having trivial, honest mistakes punished with large fines and legal action. It's a losing proposition for them, even if they've done nothing wrong, or have small technical issues with their licensing that they've made a good faith effort to have in compliance.

It is a complete shakedown.

It wasn't like that in my experience 15 years ago. I was a disgruntled employee, I sent an anonymous tip to BSA.org, but nobody showed up at my company.

Re: Ok, so how should it work?

But even a 5 year old knows that copying without permission is stealing (try copying her homework and submitting it with your name. "It's not stealing! You still have your homework!")

Anyway what you're taking is the sellers opportunity to economically exploit his or her work. Probably less than list price, still theft of some value.

Close, but no cigar.

Copying is not stealing, full-stop. Even your hypothetical 5yo knows that copied homework is copied, not stolen.

The problem you're having and that software (and entertainment media) companies are reinforcing is that of an absolute position of "wrong is wrong". The situation isn't black and white, however. Wrongness covers a spectrum. Copying is "light wrong"; stealing is "dark wrong".

Smacking someone's face is "light wrong"; sticking a knife in them is "dark wrong". The software/media companies are trying to convince people that a slap is at least as bad as, if not worse than, a stab.

Re: Ok, so how should it work?

It's not a semantic point, they're completely fucking different. Calling copyright infringement stealing doesn't make it stealing no matter how much you think it does. And no where did the parent say that copyright infringement is OK, they just pointed out that that they are different things.

Re:Ok, so how should it work?

[imac.usr]

Oracle, is that you?

Re: Ok, so how should it work?

[Bert64]

If you demand an audit and the results of the audit find that your accusations were false, the court should be making you pay for the costs of the audit...

Re:Ok, so how should it work?

[vux984]

including questions about the number of android, mac and linux devices

If you are using them to access a windows or exchange server resources for example, and you are using device CALs then they need CALs. So its not completely irrelevant.

So it's not just about satisfying them that you have current licences, they want to know about what else you have from other vendors, number of employees, company income etc which is none of their business.

number of employees is a barometer on whether you have enough CALs etc. but go ahead and leave it blank. not every question is relevant to every product. its like a tax audit... there's lot schedules that only really apply if you are claiming a specific deduction.

You can leave them blank if they aren't relevant to the licensing you are using.

I put n/a in lots questions that weren't relevant, and they didn't seem to much care.

Re: Ok, so how should it work?

But even a 5 year old knows that copying without permission is stealing (try copying her homework and submitting it with your name. "It's not stealing! You still have your homework!")

Actually, that's not stealing either. It's plagiarism.

Re: Ok, so how should it work?

According to your definition if someone walks up to a famous painting and starts copying it as best they can (on their own canvas) then they have just "stolen" the painting.

Re:Ok, so how should it work?

[dbIII]

There were questions about phones - zero relevance apart from marketing purposes. I cannot recall how many pages of questions since I gave up in anger even flicking through the first 20. The guy who contacted me spoke as if I was some sort of criminal before he even inflicted the survey on me and it had conditions about being willing to submit to audits at any time just by filling the thing out. It was an attempted shakedown.

Re: Ok, so how should it work?

[jabuzz]

It's not a cherry picked version, and dictionary.com *DOES* not apply to legal definitions.

English common law has centuries of precidence that you only steal something if you "have the intention to permanently deprive". As you cannot permanently deprive someone of a copy of piece of software by making a copy it is not legally theft, and never will be. That's why it is under a whole bunch of different statutes and is called "copyright infringement". You will never see a competent lawyer file a court action claiming theft for an unauthorised copy of something under copyright.

Re: Ok, so how should it work?

An audit is based on a clause in the license that says they have the right to do so. With only open source software, there will be no such license, and thus no audit.

Without a license granting them the right to do an audit, what they are looking for is called a search warrant. Getting one of those is lawyer work on a whole new level.

Re:Ok, so how should it work?

I've been audited by microsoft

Ah, there's there difference. Plenty of sources say that a BSA audit is a lot worse than a Microsoft one, and some have even reported that calling Microsoft and asking them to tell the BSA to back off tends to work (assuming that you are a Microsoft customer).

Microsoft gets paid by you, the BSA gets paid by Microsoft (and Adobe etc). If a Microsoft audit causes them to lose a customer, they don't get paid. If a BSA audit causes Microsoft to lose a customer, the BSA still sends an invoice to Microsoft.

Re: Ok, so how should it work?

It's a semantic point meant to obfuscate the crime.

Yes, that's exactly what calling it "stealing" is. Young people nowadays don't even know that copyright laws exist, because they've always been told that it's stealing, but can see that it doesn't have anything in common with stealing. So they come to the conclusion that it's "almost kinda like" stealing, and thus "almost kinda like" illegal, but not really.

Try arguing copyright with someone who refuses to believe that copying is actually illegal because people like you have been working hard to hide the truth from them. Not easy, I tell you.

Re:Ok, so how should it work?

I don't think this is legal - .
In particular 2nd hand used software bought from Germany may attract equally ginormous EU fines.Just carefully document the heritage.
Buying licenses at auction / eBay etc. So if you don't BUY why are you not paying rental tax ?

Secondly, for expensive software, set up a server in India/China/Russia /Pakistan - if the license prices are different . by all means let the reps go over there to do an audit (and never be seen again). Remote in to a paid service provider - is cheaper .Lawyers can make this 'blind' with redundancy.

There should be ONE global price. Why do you need the latest version? Why are extortionists invited in?
FOSS is better. Once you take the google cloud stack, and combine it with VPN's to a range of international servers - there is nothing to be found.

Re:Ok, so how should it work?

[Derwood5555]

This is Larry Ellison. I need a new island.

Re:Ok, so how should it work?

[dgatwood]

The difference plus interest, but otherwise, yes.

Re:Ok, so how should it work?

[vux984]

There were questions about phones - zero relevance apart from marketing purposes.

Smartphones that access server resources need CALs.
IP phones that integrate with AD / Exchange and use unified communications features etc need CALs.

If you are using device cals, you can run into needing cals for this.

If you are using user cals than you don't, but then the questions about how many employees you have become relevant.

I cannot recall how many pages of questions since I gave up in anger even flicking through the first 20

It was an attempted shakedown.

Of course it was. The guy probably has quotas to meet too.

BUT that doesn't mean the audit was somehow unreasonable. You did agree to them as part of your VLA license.

And as other posters have mentioned, there is a lot of grey area; I prefer to avoid it myself as much as possible. But if you are organized and in control of your network, you should be on solid ground arguing with them.

Re: Ok, so how should it work?

[david_thornley]

I've had items stolen from me. What bothered me was that I didn't have them any more, not that someone else had them. If you copy software from me, I still have the software. I'm not saying it's right, I'm saying that it is not stealing or theft.

I fail to see why we should use 5-year-olds to determine the meaning of words. Being an adult and knowledgeable about English, copying the homework is plagiarism. Don't feel bad about it; I didn't know nearly as much about the language I speak when I was 5 either.

I take it you believe that giving bad reviews on Amazon is theft of some sort, since it reduces the seller's opportunity to economically exploit that work. If not, why would unauthorized copying be theft?

Re:Ok, so how should it work?

[dbIII]

You did agree to them as part of your VLA license.

On a product unused for more than twelve years and twelve years since the licence expired? No - such obligations ended in 2000 when the licences expired. They don't get to own your soul forever kids. It works both ways, if you are not permitted to use their product beyond a certain date then they are not permitted to inflict extra obligations on you beyond that date.

But if you are organized and in control of your network, you should be on solid ground arguing with them.

And sit through a time consuming marketing exercise after revealing a lot of information that should be confidential? After letting them get their grubby paws over laptops of the top level execs and waste their time as well? The only way to win is not to play.

Re:Ok, so how should it work?

[vux984]

On a product unused for more than twelve years and twelve years since the licence expired?

Agreed. If you aren't using anything then you aren't auditable. I'm not arguing otherwise.

And sit through a time consuming marketing exercise after revealing a lot of information that should be confidential?

Nevertheless, it is what an active VLA user has agreed to. Its a bit naive to think they'd never exercise these terms.

The only way to win is not to play.

Sometimes yes. Other times no. Perfect is the enemy of good. And using MS products is often the quickest and most efficient solution to the problem at hand. Sometimes even Oracle is the right move.

Re: Ok, so how should it work?

[west]

I'll fully agree with almost everything you're saying, but "he stole my place in line" is perfectly valid usage - everybody knows what is meant, and it's definitely a light wrong, but stealing is the right term.

And yes, the software/media companies are of course intent on making copying akin to murder. But that doesn't mean the reverse is just hunky dory. I expect companies to lack a strong moral compass. I expect better of people.

Re: Ok, so how should it work?

[west]

Look, your at war with pretty much the entire English speaking world here.

"He stole my place in line."
"He stole second base."
"They stole my idea."

Look, I understand that you're upset that people use "steal" to mean taking what is owned by someone else. But quite frankly, "steal" communicates perfectly well what is happening to both speaker and listener. I know its an affront that people are communicating in a manner you don't approve of, but it's one of those tragedies of life that one has to learn to endure.

And yes, stealing an idea is less bad than stealing a tangible object. Stealing my place in line less worse still. But the word steal is understood no matter how "wrong" the usage.

Re:Ok, so how should it work?

[dbIII]

And using MS products is often the quickest and most efficient solution to the problem at hand

At this point I'm arguing against their audit methods such as overstepping reasonable bounds and not their products.
IMHO however their complex scheme requiring a CAL for a users phone in addition to their computer just to check email is yet another of the long list of reasons why MS Exchange is very well named - trade it in for something else :)

When I saw an "MS licensing for Dummies" book a few years ago I thought it was a joke, but it really is such a mess that a book is required to untangle it beyond the OEM licence level. Personally I think it is deliberately vague and confusing to facilitate audits since MS could not have lasted so long if they were really as incompetent as their licensing tangle implies.

Re: Ok, so how should it work?

[west]

And no doubt you the next time someone tells you that they ran for the bus, you can point out that they weren't running, it was really more a trot.

When everyone understands what's occurring, standing on semantics inevitably means a clear agenda.

And yes, I'd be rolling my eyes at the industry calling piracy "software murder" or the like. Is there anyone who doesn't consider piracy = supporting terrorism ridiculous?

But companies are soulless entities who do not command my respect. From human beings, I expect better. Not to be perfect, or even good. But at least have enough guts to not spend their time justifying their actions. Do the crime? Fine. Just prattle on about how it's not really a crime. (And yes, I am speaking metaphorically, not legally, and quite possibly not about you specifically.)

Re: Ok, so how should it work?

[west]

Sure, it's theft, in the same way someone brushing past you is assault. You're now so far down the scale of seriousness that it's pretty much not worth the word as it's usually used.

Re: Ok, so how should it work?

[west]

I fail to see why we should use 5-year-olds to determine the meaning of words.

I use common parlance, and stealing and theft are are commonly used to mean taking possession of something that isn't yours.

"He stole my idea", "She stole my place in line", etc.

Language is about communication, and in these cases, the word steal or theft is clearly understood by all parties. In fact, it's *so* well understood, that even a 5 year old understands it. There's not a lot of subtlety to what is meant by theft and it covers quite a wide variation of "take", "property" and the like. It also covers a huge variation is seriousness, from looting millions to the aforementioned place in line.

Avoiding the use of the word here is mostly semantic cover so that people who are pirating don't have to feel bad. "Bad people steal. I'm good, so what I'm doing is not stealing."

Quite frankly, I don't care if people pirate or not. I'm certainly not impressed with media companies claiming stealing software is murdering kittens.

But I really hate people trying to diminish moral responsibility for their actions. It's unpleasant when they're children, and it's really quite toxic when they're adults, and the "it's not stealing" paradigm is a big part of that. If you want to pirate, go ahead. But be enough of an adult to acknowledge that it makes you just that much less of a good person.

Can't handle the idea that you are not quite that wonderful? Then behave in a way you think is better. Voluntarily pay for something you could have stolen.

Mostly, once you're a grown up and (with luck) have some money and a stronger moral compass, actually pay people and companies for the stuff that you think is good enough that you use or enjoy it.

(The "you", in case it's not obvious, is general, not specifically the poster or reader.)

Re: Ok, so how should it work?

[david_thornley]

Except that the moral responsibility is different. If you steal something from me, I don't have it. If you infringe on my copyright, I suffer no immediate loss, and in many circumstances I suffer no loss at all. I'm not defending copyright infringement here, and I rarely do it, but something that does direct harm is different from something that doesn't.

"He stole my idea." This implies that I had an idea, and someone else exploited it in a way that prevented me from doing so. At least arguably direct harm. "She stole my place in line." Direct harm, since I have to take more time to do whatever I'm waiting in line for.

I think this is an important distinction, and not to be obscured.

Re:Ok, so how should it work?

[vux984]

IMHO however their complex scheme requiring a CAL for a users phone in addition to their computer just to check email is yet another of the long list of reasons why MS Exchange is very well named - trade it in for something els

Its a trade off. If you have a lot of users with multiple devices, it makes more sense to get user cals, and then one user is licensed and any devices he uses are licensed and you don't need separate cals for computers and phones etc. I think most companies these days are finding user cals starting to make more sense. I'd be interested in microsoft sales stats.

But there historically at least, and even today, still lots of businesses where a 100 people shared a few computers on a factory floor or something, and licensing each user using the same device is unreasonable... so device licensing still makes sense. But then yes, if you do go that route, then the CEOs 5 devices each count separately.

Re: Ok, so how should it work?

[west]

Indirect harm isn't morally different, it's simply easier for the harmer to psychologically excuse himself.

After all, he doesn't see the target, it's pretty hard to calculate the actual loss, he makes up narratives about why the owner doesn't deserve it, he ignores the cultural effects, etc.

Psychologically, I consider it pretty much in the same class as tax evasion. The same moral thought process "Paying for something I don't have to is just stupid" applies to both, except the opportunities for working under the table are fewer.

In my opinion, this comes down to the point that most of us will steal at least something when there is essentially no chance of us getting caught and owner is faceless. How *much* we steal depends mostly on whether we feel bad about our theft.

And personally, I find find the psychological defense mechanisms that we employ to justify the harms we cause somewhat annoying, so I'm happy to strip them away. So in the end, no, the harm is not huge, but it is a harm.

Re: Ok, so how should it work?

[david_thornley]

Tax evasion means that the government must raise taxes, provide fewer services, or borrow more with financial effects coming later. Infringing copyright doesn't necessarily do anything harmful. Money is scarce, and has to be, because it represents claims on finite amounts of stuff. Bits don't have to be scarce, since they're so easily reproducible.

You also seem to be assuming that the reason for copyright infringement is always to use something without paying for it. There are other reasons. Some people simply don't have the opportunity to buy something, and in that case their piracy does not affect sales in the least. Some people don't have money now, but will pay for things when they do, and that doesn't affect sales either. Some people use piracy as a try-before-you-buy technique, and they may well spend more on the product since they're getting more good stuff per dollar spent. Around the turn of the millennium, Baen Books found that sales went up when electronic copies of books were freely available (by that I mean that you could read them on the Baen website, download them, and pass them around freely).

Since copyright infringement does not necessarily harm anyone, and can help the copyright owner, it's stupid to call it "theft". It appears to be an attempt to make something sound worse by giving it a worse name, cheapening the original term. It'd like there to be a simple way to describe the act of taking something from me so that I don't have it any more, and you're trying to take that away from us.

Thanks, Adobe

[sk999]

The only audit I ever ran into came from Adobe, and it was for some product that I had signed off on the requisition for someone who ended up never using it anyway, but it was still my job to track down the original P.O. Not a huge deal, but it was a waste of a few hours along with accompanying anxiety. My solution to prevent a recurrence in the future: I will never approve a requisition for any product from Adobe ever again.

Re:Thanks, Adobe

Almost all their products you can only use via a cloud subscription now, if you stop paying they software stops working. I would not worry about Adobe these days.

Re:Thanks, Adobe

Almost all their products you can only use via a cloud subscription now, if you stop paying they software stops working. I would not worry about Adobe these days.

In my experience, Adobe software had a tendency to stop working long before "cloud subscriptions".

Re:Thanks, Adobe

[Overzeetop]

"if you stop paying their software stops allowing you to update or modify your work, but allows you to view and export essentially all of your data"

FTFY

Re:Thanks, Adobe

As The Domain Butler, Adobe is the family to which I would first deny invitation.

Don't forget VMware.

[Myria]

VMware has a software audit clause in all their license agreements, all the way down to the VMware Player.

Don't use VMware; It's just not worth it.

Re:Don't forget VMware.

[erp_consultant]

That's one of the reasons I switched to VirtualBox. The other reason was that VMWare pushed me to a new version that would not work on my upgraded Mac unless I paid again to upgrade the VMWare license. It's been on the shelf ever since :-)

Re:Don't forget VMware.

[swb]

I think VMware is actually pretty generous with their licensing terms. I don't think their licensing is *inexpensive*. But every fresh install of VMware and most major version upgrades (eg, 5.5 to 6) enable ALL features for something like 60 days. And AFAIK, they don't do any phoning home for license verification.

A common license used in SMB is their Essentials Plus, which doesn't give you storage vMotion. Many is the time where a customer has upgraded storage/servers and versions simultaneously and I've used the eval license for a week or something to utilize storage vMotion to move VMs between storage devices without downtime then punched in the actual keycode they own.

And it's not like you could necessarily "overinstall" VMware without either a lot of work (constantly wiping and reinstalling hosts) or not investing in actual hardware and storage. And in most cases it would be less headache to just add RAM to hosts to up your density than to scale your node count out. Rare is the site where CPU consumption is maxed out while RAM and storage bandwidth is unused.

I suppose there could be some hardcore cheaters setting up multiple parallel clusters with identical keys but this would have a lot of management headaches and you'd still be dealing with an organization willing to drop at least some of the licensing money onto hardware, which would be kind of an unusual setup.

Two words:

Ernie Ball

Microsoft

[SirSmiley]

I did some work for a local government and Microsoft went back and forth with me on licensing. They wanted photos of all 75 computers product keys to prove they had OEM licenses for Win 7 Pro. Those that didnt have were covered by about 30 Windows 8 licenses I purchased with downgrade rights (Same price as Windows 7 and we dont use Windows 8). It went back and forth about 4-5 times and he really haggled over the most minute workstation licenses. I had sent proof on multiple occasions and they couldnt even verify my windows workstation licenses from a large reseller (I think Compugen). I eventually told the Microsoft licensing rep to stop bothering me and send me the finalized audit that showed i had valid licenses or go away. That was in 2013 I believe. We get them every 5 years. Also, online activation compared to licensing can lead to audits on corporate keys.

Re:Microsoft

[ScentCone]

the most minute workstation licenses

I don't understand what that means. Was the OS on that workstation licensed, or not? Is that more or less of a license than the one needed on another (bigger?) workstation?

Re: Microsoft

He won't be able to explain because his story is riddled with half truths, key omissions and outright lies. I know this, having worked for Microsoft, they will not waste the time of Microsoft staff getting involved with companies and agreements this small.

At best you were approached by a 3rd party licensing reseller and Microsoft was never involved except in his imagination.

Re: Microsoft

I work for a small MSP, most clients 20 to 200 users. In the last 2 years I've been involved in about 8 MS audits. Maybe they are outsourced, but the email contacts are all MS support email addresses. They haven't been "that bad",but they do indeed require proof of OEM COA's for workstations/laptops, O365 office licensing, OB/VL office licensing, server licensing, server CALs, RDP CALs, Exchange CALs, etc. Even for a 3-4 VM shop with 15 computers. It is a pain in the arse, and we now charge clients for our time to compile, present, and eventually argue with them to prove we're covered. We keep our clients up to date on licenses, although new clients may be behind and take a while to get "trued up" through new purchases/projects "naturally".

People complaining about 14 year old agreements are full of shyte though. VL agreements only last a few years and once the agreement is over, you are under no obligation to participate. Doesn't mean they can't take you to court with evidence, but they can't go fishing without permission.

Re:Microsoft

[thejynxed]

Microsoft tends to not only charge a license for the OS, but in the case of workstations (and servers), per physical CPU (and in certain cases, per CPU core), per virtual machine, and per seat fees on top of all of that. If your workstation meets a certain set of criteria, you may only license this version, but not that, etc, etc, etc.

Phony FUD story.

[ScentCone]

Because if you actually pay for the licenses that the people who create the software you want say you need to buy if you want to use the things they've created, it's a non-issue. How is it a "shakedown" to require people who want your product to act according to the agreement required before they can use it? Is it a "shakedown" when you order three sandwiches and the chef asks you to actually pay for all three, instead of one? If you work 40 hours and expect your employer to pay for all of those hours, per your contract, is that you "shaking down" the employer?

If someone wants to show examples of (for example, Adobe) forcing a customer to pay for licenses to which they did not agree to purchase, representing seats they're not using, that's another matter. So let's see one of those (verified) stories, instead of characterizing the expectation that people honor their contracts as a shakedown.

Re: Phony FUD story.

I agree.

But, having done many myself, what actually happens is that the Chef will try charging you for 6 sandwiches. You will say, hey, look, I only got 3. And he will say, prove it. So you have to measure your feces to prove it is only the weight 3 sandwiches would produce. He will then reply, maybe you are constipated, so that isn't proof. You then take a laxative, and show him that your bowels were empty, and indeed only received 3 sandwiches. He will then agree over the phone, and send you an updated license position statement, clearly showing you received 3 sandwiches, but only paid for two. You then have to go through the whole exercise again before the Chef understands. Meanwhile, you spend 30+ unproductive hours convincing some "sandwich artist" you aren't a thief.

I think for every hour over 2 spent on an audit that doesn't result in "fines", the client should be reimbursed at market rate for IT in that area. VL are more expensive than advertised when you include the audits! From my recent experiences, it looks like MS is making them more frequent now too, closer to every 2-3 years instead of 5-8 like it used to be!

I was once an Oracle "guru"

[EmperorOfCanada]

In my distant past I was the guy who would made Oracle things happen for clients. But as I got more and more into dealing with clients I realized that Oracle is just a mean thing to do to people. One interesting part of the Oracle sales process seems to be to delay giving a final price. This way the project is well underway or even done before you present the client with some sticker-shock.

Then there were the prices themselves. I deployed quite a number of systems and could never predict the price. Would it be $30,000 or $300,000.

Then there were the end runs. Once Oracle got ahold of your client they were perfectly happy to see you swapped out and replaced with another consultancy who would slather the entire client with Oracle products. It was bordering on Oracle Doorbell for all your ding-dong needs.

There is no way I would ever use a solution that results in a company like that able to mess with my clients. No Microsoft, no Oracle, no IBM, or SAP.

My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

When they put it all together they realise that their previous consultant hadn't been working for them but effectively for a company like Oracle.

It has been over a decade since I dumped everything Oracle and will never go back.

Re:I was once an Oracle "guru"

They fucked us by not having so many records, maybe 200k tops, but having thousands of tables, and tens of thousands of views.

we actually had to buy mapping software to find our data.

Re:I was once an Oracle "guru"

When they put it all together they realise that their previous consultant hadn't been working for them but effectively for a company like Oracle

Fast, cheap, accurate. Pick two.

These days "cheap" is always on the list. So pick fast or accurate. Assuming you are going for "cheap + accurate" - never get a single quote. Always get two quotes - preferably three - before finalizing.

Added note - I'm referring to a quote for a contractor coming out to my house - not software.

Re:I was once an Oracle "guru"

[irrational_design]

We have been using Oracle (legally) for 15 years, but are in the process of switching to Postgres. Postgres has been such a breath of fresh air after Oracle that we keep asking ourselves why we didn't do this years ago?! I have tons of experience with Oracle, but I honestly can't understand why 99% of Oracles current uses can't use Postgres.

Re:I was once an Oracle "guru"

[phantomfive]

My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

I'll bet it feels really good to help a client like that switch.

Re:I was once an Oracle "guru"

[EmperorOfCanada]

The reason is that I could probably find 1000 white papers that would fear monger about either open source being a security risk "The source code has been leaked to hackers." or something along the lines of "Good luck without enterprise support." as if this means that a bug found in Oracle tonight will be fixed just for you by tomorrow.

The few times I ever called Oracle were disappointments, and pretty much all my support was from google searches. With MariaDB, Postgres, etc my support is from google searches.

The other is when people dismiss open source data stores as toys and not meant for corporate data. They usually just start making up arguments when I point out that the companies with some of the largest databases in the world use opensource. Things like, "Well they have heavily modified them." to which I will point out, yes, and the commonly useful modifications or fixes were pushed into the open source project.

I think it all boils down to, "My database is better than your database because I paid so much for it."

Re:I was once an Oracle "guru"

[cstdenis]

Postgres wasn't very good 15 years ago.

It's a great solution now tho -- it's come a long way.

Oracle is the best, no doubt!

I loved how they put into writing that we could run their shite DB on VMware with our existing licensing.

Then they do this 'audit' bullshit, and hit us up for another 2 million, lol the 2 million that was the discount to make the sale. And why does Oracle feel we cheated them out of 2 million? Yeah, us running it virtually.

Fuck Oracle.

Just say no

An attorney told me that those audit clauses in contracts are effectively unenforceable and you should just refuse to let them audit you.

Re:Just say no

Good afternoon, sir! We see that it's now time for your three-year site license agreement to be renewed. Oh, look. You refused an audit six months ago. Well, I'm afraid that means that you no longer qualify for your Super Special Extra Loyal Platinum discount, so your licensing costs have just gone up two orders of magnitude. And as a thank you for being a valued customer, we'll throw in an extra jar of lubricant, just for you. Thank you so much, have a lovely day..

Yes, true, they won't say that in so many words, but there are so many ways that software vendors can shaft you without referring to that audit that you refused six months ago that my advice would be: you get to refuse the audit once, provided that you're prepared to get off that vendor's software at the first opportunity. And that opportunity had better be three months before the audit request came in...

One of the many reasons we went to Google Apps

[zerofoo]

Boxed software licensing stupidity pushed us into the cloud.

We are a private school, and we got tired of constantly tracking our licensing status. Do we have enough AV seats? Do we have enough Exchange and SQL cals?

Enough is enough.

We put our staff on Mac OS and we put the kids on Chromebooks and Google Apps. Our experience with Microsoft's crazy licensing schemes was one of the reasons we didn't even consider their "cloud" solutions. Yes, an E1 Office 365 is free for schools, but Google Apps and Chromebooks are dead simple and the staff and students really like them.

We kicked Adobe to the curb for the same reasons. The licensing and compliance costs, even for Edu, were absurd.

Re:One of the many reasons we went to Google Apps

[jezwel]

We kicked Adobe to the curb for the same reasons.

I'm curious what you replaced the various Adobe products with. I have about 12 months to either fully commit to Adobe subscriptions or find suitable alternatives....TIA

It's a trap

[dbIII]

As an example, licensed for 800 seats, but using 835

While much of the software used in my workplace has some very annoying licence management software to punish the honest, it at least does not trap people by letting them go into non-compliance so the legal vultures can come in and feast.
If your software allows 835 seats when you are only allowed 800 it's either a deliberate trap or incompetence on the part of the vendor or whoever they have bought their licence management software from.

If seat 801 can start up then someone on the vendor side has fucked up, or it's a trap.

Re:It's a trap

[Lehk228]

it should not prevent seat 801, or even 8001 from starting, but it should make lots of noise about the problem (splash warning on every excess startup) if a piece of software is critical for a business to function, a wise customer will look elsewhere if the license server going sideways can bring operations down.

Re:It's a trap

[jezwel]

This method is commonly used where you can procure after deployment, which allows your business to be productive whilst the licences are bought as per the agreement. Many of the bigger companies use this true-up after deployment method.

For managing compliance (literally my job) I would prefer that excess usage is not allowed, but that stops productivity. You can guess what type of licensing is typically available and used...

Re:It's a trap

[dbIII]

What does the fine print say about exceeding the licence? I very strongly suspect there are harsh penalties and it's a bit of a trap, even if it's only selectively sprung.

People in #nesdev on EFnet dislike KiCad

[tepples]

The examples where you really need special software are rare; they certainly don't include EDA or CAD.

The people I talk to online tell me KiCad is crap compared to even Eagle.

Re: People in #nesdev on EFnet dislike KiCad

Not true, switchover is hard for the first day or two but after that it's plain sailing. KiCad has a push and shove router which gives beautiful layouts and a sack of other features, so much that I now groan when I have to do something on an old project in Eagle.

Re:People in #nesdev on EFnet dislike KiCad

[goose-incarnated]

The examples where you really need special software are rare; they certainly don't include EDA or CAD.

The people I talk to online tell me KiCad is crap compared to even Eagle.

KiCad is crap. I use the Geda toolchain (note: not a single package, a *toolchain*) and that works well enough for me - has more features that I need than Eagle. It does miss one piece of functionality I would like (although, maybe that is now fixed: it's been years since I used 'em).

Re:People in #nesdev on EFnet dislike KiCad

[serviscope_minor]

The people I talk to online tell me KiCad is crap compared to even Eagle.

Funnily enough the people I talk to online tell me the opposite. That includes the exchange between me and my board house, which went something like:"

"How do I get you to make those slots plated"

"er, are you using eagle?"

"yeah..."

"Put it in as chain drilling of plated through holes, and I'll fix it up before sending it to production. But if you want a lot, you should consider switching to KiCad. It's better anyway. Have you seen the push routing?"

Re:People in #nesdev on EFnet dislike KiCad

[jabuzz]

At this juncture I would point out that Eagle is good enough for the mind blowingly impressive amplifiers used in LIGO. That is they have linearity and noise figures several orders of magnitude better than anything you can buy commercially. (They where designed and built in the Physics department where I work and the workshop uses Eagle for all it's EDA work).

The point being that Eagle is clearly good enough for cutting edge EDA work. Personally I dropped Eagle for KiCad a while back for my hobby work as KiCad was good enough and a lot cheaper.

That would be laughed out of court

[dbIII]

Getting sued for starting up seat 801 and violating the licence can do a lot more than temporarily "bring operations down" - and if not starting up seat 801 can even temporarily "bring operations down" or come remotely close to it then there is a long chain of serious fuckups leading to that point.

I'm not a fan of restrictive commercial software but I don't see a circumstance where your excuse would hold water with the vendor. If you haven't paid for it and the condition for using it is paying for it - then don't use it!

Plus there are usually workarounds. If user 801 needs it then it's likely that one of the 800 isn't even on premises let alone using the software so their copy of that application can be closed for how ever many hours, or maybe a day (vendors usually make it very convenient when they want you to give them money so it never takes long) that it takes to get extra licences.


The "we needed to use software we were not licenced to use for business critical reasons" excuse would get laughed out of court and cost quite a few dollars as extra punishment.

Re:That would be laughed out of court

[prefect42]

The nicest setup allows 801 (and by that I mean *legally* allows), but notifies you that you've got seven days grace, after which you'll only be able to run 800. If you want to maintain access to these extra licenses, click here / phone this number and have a chat with the vendor.

Laches

[tepples]

Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for.

Intentionally delaying legal action is called "laches" and can limit the damages that a plaintiff can collect.

Well that's a relief

[Archtech]

When I first saw the title of this article, I thought it might be about software vendors auditing their software for bugs and deficiencies. Silly me! Of course, bugs and deficiencies don't matter - the legal small print has all that covered. No liability, whatever happens.

No, the software audits are all about customers paying full whack for every single copy of the software - whether it works or not.

Which one is missing from this list?

[tetraverse]

Slashdot: "Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing"

Actual article: "The most frequent requests come from the usual suspects: Microsoft, Oracle, Adobe, IBM, and SAP."

How often is this used for workplace revenge?

[swb]

If you assume that many organizations violate software licenses for a variety of reasons -- either outright dishonesty, poor record keeping or something else -- I wonder how often this gets used for workplace revenge by disgruntled employees?

I would expect the dishonest employer factor and the disgruntled employee factor to correlate pretty well.

RTFA

Before commenting

Adobe replacements

[zerofoo]

We only used Adobe for photo editing and PDF software.

Our Chromebooks and Macs have native PDF capability and Gimp filled in as a photoshop replacement. Apple Photos also does some photo work for us.

Our websites are built with a number of cloud based tools - like Google sites.

There is no "drop-in" replacement for Adobe's entire suite that I am aware of, but there are many stand alone tools that can replace many of the pieces.

MSFT -4%

[vandamme]

... when this came out. Coincidence? I think not.