Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software Audits: How High-Tech Software Vendors Play Hardball (infoworld.com)

Posted by BeauHD on from the code-of-omerta dept.

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

23 of 162 comments (clear)

  1. After Microsoft forced us to buy... by Anonymous Coward · · Score: 3, Informative

    several times as many CALs as have employees, we're moving what we can to Linux.

    1. Re:After Microsoft forced us to buy... by MightyDrunken · · Score: 5, Funny

      In the Microsoft licensing scheme you have to pay both device CAL's and user CAL's. So for each device you buy a device CAL and per user you pay for a user CAL. Server's also have to pay per processor (which is a toss-up between physical processor, core and thread depending on product and vendor or a combination of them).

      I'm glad that Microsoft simplified their licensing at last.

      --
      The most dangerous drug
    2. Re:After Microsoft forced us to buy... by sexconker · · Score: 3, Informative

      Everything with separate user and device CALS I've ever seen lets you choose whether to buy a user CAL or a device CAL.
      Some things require you to license only one way or the other. For an RDS service you can't mix user CALs and device CALs. It's one or the other, so you have to determine which is cheaper overall.
      For server software like SQL, it was per socket for ages. Recently they started charging per core, and a typical license allows you to run on 2 cores, so you need to buy packs of licenses covering all the cores you need to run on.
      For Windows Server itself, you've got a similar situation as above, but you get to run 1 physical and 2 virtual instances per licensed copy of Windows Server. I believe you have to use their visualization shit, but I'm not sure if virtual instances have to run in the physical instance or not. We use VMware and our Windows servers are virtual already, with virtual CPU allocations mapping to physical CPUs. We're already virtualized, so I see no need in running additional virtualization layers.

      Making sense of MS's licensing schemes is a nightmare, especially when they keep changing them. Their sales people don't know what the licenses actually grant you, can't tell you what you need, and have no chance in hell of ever linking you to a place where you can buy a license that matches the name of what they said you should buy. The whole software industry is like this though. I can't buy a software license for an Adobe product and get an actual description of what I'm buying. Buying Acrobat DC got me Acrobat 2016, and I have no clue what type of license it actually is. It installed though, and I gave them money. If they want to audit anything they can read the email logs between myself and their own sales people.

  2. Open source is the solution by Anonymous Coward · · Score: 3, Insightful

    The only audits of open source software are to remove bugs. Ditch proprietary software and this isn't an issue.

  3. Freedom, not Price by Aighearach · · Score: 4, Insightful

    This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

    Freedom means some external entity can't interfere or try to pull the rug out. I have what I have, I know what it is, and nothing will change unless I accept change.

    1. Re:Freedom, not Price by Anonymous Coward · · Score: 3, Funny

      Keeping track of licenses is dead easy anyway.

      Found the guy who's never dealt with a Microsoft Server License.

    2. Re:Freedom, not Price by sjames · · Score: 4, Insightful

      You've obviously never tried to actually be compliant. When MS itself cannot tell you how many of what license you need and changes it's mind regularly, it is literally impossible to be certain of compliance (because they're not) short of buying an unlimited site license for everything.

    3. Re:Freedom, not Price by Aighearach · · Score: 4, Insightful

      Only works if you don't require any specialty software whatsoever, which is practically nobody. Anything specialized, like CAD tools, EDA tools,[blah blah blah]

      Hilarious, some of the most important software I use in my work is the EDA and CAD tools.

      What makes you think that people with software freedom don't have software? What makes you think that proprietary software gives you access to something nobody else does?

      "Specialized vertical market applications" like Tow Truck 2000, and shit. You don't have to buy that stuff to work in those industries. Software isn't Harry Potter magic spells, that proprietary software isn't a special sauce that enables work in those industries; it is just one way to organize your workflow.

      The examples where you really need special software are rare; they certainly don't include EDA or CAD. But if I wanted to be in the business of selling weather forecasts, I'd need specific software because humans can't predict the weather and there are very few engineers working in that field. Anything engineering-related, of course, has FLOSS alternatives already, and generally can be done without even using computers.

      Like in the 90s when people told us we "had to" have Microsoft Office, and kept repeating it even after we pointed out that we use something else... successfully. Or when people insist you "have to" use an IDE to write code, because more people use them than don't.

      If I was in a field where everybody is totally locked in to proprietary crap software in the whole "specialized vertical market," then I'd be in the perfect position to totally disrupt that market by offering a FLOSS alternative. That is the business reality in the real world; choices exist.

    4. Re:Freedom, not Price by phantomfive · · Score: 4, Interesting

      Or when people insist you "have to" use an IDE to write code, because more people use them than don't.

      My problem with this is when the IDEs become obsolete. I had a project I built for OSX. I didn't touch it for a few years, then came back, and XCode was unable to open it anymore.
      I had another project from the same era built with a Makefile. The same makefile still works today. So yeah, I'll be putting in extra effort to avoid IDEs that depend on proprietary file formats in the future.

      --
      "First they came for the slanderers and i said nothing."
  4. Ok, so how should it work? by ShooterNeo · · Score: 4, Interesting

    Software is immensely expensive to create. The bigger, real world systems actually in use cost a fortune in real money to create because the bigger and more complex they get, the more people are needed to try to increase productivity by increasingly small percentages.

    The money has to come from somewhere. If companies can't pay their programmers, the software stops being made. The open source model is an alternative in SOME cases - but not all.

    Software is pathetically easy to steal. Somehow the companies making the software need to get paid. Going after individual thieves is a waste of time, but targeting corporations with deep pockets makes perfect sense.

    Sue Joe Smoe for ripping off Microsoft Office, and you won't recover enough to pay your lawyers and the fees to file the lawsuit. Sue Exxon because they paid for 1000 copies of Office but used 10,000, and they will be able to pay any court judgement. You can ask the courts for your legal fees, the cost of the software they stole, and compensation for your trouble.

    Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal. This is just a pre-lawsuit bargain - they pay a lot less than they would pay if there were a court judgement, you get your money now. Sounds fair and reasonable to me.

    If companies don't want to face this risk, they can use open source software. Oh, it costs them more to have an in house programmer staff to customize the software for their needs? (since open source stuff tends to be a bit rough around the edges) Then pay the damn commercial license fees, and buy a few more than you need just to be on the safe side.

    1. Re:Ok, so how should it work? by Anonymous Coward · · Score: 3, Insightful

      Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal.

      Except in many cases, that isn't at all how it works.

      Someone will send an anonymous "tip" that a company is using unlicensed software. Often this is a disgruntled employee or ex-employee. Hell, BSA has been running ad campaigns on Facebook for a while now encouraging people to report companies in exchange for the possibility of a small reward.

      The software companies (Or BSA on their behalf) will start hassling the reported companies, whether or not it is true. This leads to either a voluntary audit of their licenses (Which still costs quite a bit in time and effort) or legal action. Every instance I've heard of companies going through with the voluntary audit has had the companies threatened with having trivial, honest mistakes punished with large fines and legal action. It's a losing proposition for them, even if they've done nothing wrong, or have small technical issues with their licensing that they've made a good faith effort to have in compliance.

      It is a complete shakedown.

    2. Re:Ok, so how should it work? by vux984 · · Score: 4, Insightful

      This isn't a company using software illegally.

      Isn't that exactly what is is though?

      This is Microsoft going after their small business customers that can't afford to pay the legal fees and threatening them with legal action just for the hell of it.

      I've been audited by microsoft; it took a couple hours to fill out. They asked a few follow up questions and were satisfied and went away. It wasn't a big deal because I had documentation. I mean, you do maintain a software inventory right? You know where your licenses are right? You do actually have enough licenses right?

      So that you know you are in compliance with your license agreement right?

      The only way I'd "true up" is if I knew the audit would find a lot of non-compliance's... and then truing up, like the other poster said... its sort of like an out of court settlement. I don't acknowledge any wrong doing for what I was doing, they get some extra money, we sort of agree how to square things off... end of story.

      But I don't need to true up because I'm clean. If they want to do a more thorough audit themselves, they're welcome to have at it. It's their money to burn.

    3. Re:Ok, so how should it work? by Anonymous Coward · · Score: 4, Insightful

      > I'll tell you what they do - they let you correct "trivial, honest mistakes"

      You're correct. I made a trivial, honest mistake on my taxes one year. They sent a form showing the correct calculation, and a bill for the difference, and I paid it. End of story.

    4. Re:Ok, so how should it work? by Anonymous Coward · · Score: 4, Interesting

      Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it.

      You'd think it would be that easy, except it isn't. Microsoft will not accept the unique license keys as proof of you having a valid license. That includes the Windows license sticker that's affixed to your computer, or the license key that's printed on the software. All this is is the certificate of authenticity, which verifies that it is a genuine copy of the software. It does not show that you have a license to use that software.

      Proof of the license comes in the form of proof of purchase from a valid reseller, who in turn must have proof that they purchased it from a valid distributor. If your reseller sold you an invalid licensed copy, you're on the hook for that. It is up to you to provide valid documentation that the license is valid and was purchased from an authorized reseller.

    5. Re:Ok, so how should it work? by mattventura · · Score: 3, Interesting

      The problem is that normally what allows the audit to begin with is entering a contract with the software vendor. So if someone strictly pirates everything, theyre at somewhat less risk of an audit than a company that buys some software but pirates here and there. And the "piracy" isn't always intentional - often it's just someone thinking "hey, this feature looks neat, I'll enable it" without realizing you have to pay extra. Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for. It could also be someone wanting to make a test environment of something, not realizing they would need more licenses for that. There can also be situations where a license lapses, but the system in question isn't centrally managed enough for someone to know that they need to uninstall some particulra piece of software from it.

      It's far from a "make pirates pay up", it's "make everyone who does a rolling stop or goes 1MPH over pay a 4-digit fine".

    6. Re:Ok, so how should it work? by dbIII · · Score: 5, Informative

      Four years ago I was sent some audit paperwork (Microsoft SAM) as part of a shakedown with the excuse that the business I work for bought an NT server licence and 10 CAL licences in 1998. That was the last licence purchase from MS apart from OEM licence since the place was a *nix shop and moved to SAMBA around 2000 (no point having a single MS server - should have at least a backup domain controller anyway since MS server is so fragile). So in 2012, FOURTEEN YEARS after buying licences the vultures turned up.
      I took a look at it, it had dozens of pages of things unrelated to the actual licences including questions about the number of android, mac and linux devices. I decided that it was a very offensive fishing expedition and marketing exercise and that I had no desire to ever be in the situation where they could legally inflict this upon me. so I told them the licences were not current and not in use so I was not their customer - several times, and eventually they stopped contacting me.
      It was a whole lot more than just sending them details of current licences (of which I had none) and clearly was designed as a combination of shakedown and very intrusive marketing information aquisition.
      So it's not just about satisfying them that you have current licences, they want to know about what else you have from other vendors, number of employees, company income etc which is none of their business.

    7. Re:Ok, so how should it work? by ewhac · · Score: 4, Insightful

      But I don't need to true up because I'm clean.

      Surprise! We unilaterally changed the EULA terms (paragraph 69 lets us do that). Because of reports of loading issues, running our software on 1 gigabit or faster networks requires a mandatory subscription to our Premier-III support tier. Also, an Intel "hyperthread" now counts as a full core. You can still run on a virtualized host, but only using virtualization software we've vetted and approved for use (surprise! There's only one, and it's our own).

      Are you clean now? Didn't think so. Enjoy the shakedo^H^H^H^H^H^H^Haudit.

      --
      Editor, A1-AAA AmeriCaptions
  5. Thanks, Adobe by sk999 · · Score: 5, Interesting

    The only audit I ever ran into came from Adobe, and it was for some product that I had signed off on the requisition for someone who ended up never using it anyway, but it was still my job to track down the original P.O. Not a huge deal, but it was a waste of a few hours along with accompanying anxiety. My solution to prevent a recurrence in the future: I will never approve a requisition for any product from Adobe ever again.

  6. Two words: by Anonymous Coward · · Score: 3, Interesting

    Ernie Ball

  7. I was once an Oracle "guru" by EmperorOfCanada · · Score: 5, Interesting

    In my distant past I was the guy who would made Oracle things happen for clients. But as I got more and more into dealing with clients I realized that Oracle is just a mean thing to do to people. One interesting part of the Oracle sales process seems to be to delay giving a final price. This way the project is well underway or even done before you present the client with some sticker-shock.

    Then there were the prices themselves. I deployed quite a number of systems and could never predict the price. Would it be $30,000 or $300,000.

    Then there were the end runs. Once Oracle got ahold of your client they were perfectly happy to see you swapped out and replaced with another consultancy who would slather the entire client with Oracle products. It was bordering on Oracle Doorbell for all your ding-dong needs.

    There is no way I would ever use a solution that results in a company like that able to mess with my clients. No Microsoft, no Oracle, no IBM, or SAP.

    My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

    When they put it all together they realise that their previous consultant hadn't been working for them but effectively for a company like Oracle.

    It has been over a decade since I dumped everything Oracle and will never go back.

    1. Re:I was once an Oracle "guru" by irrational_design · · Score: 4, Interesting

      We have been using Oracle (legally) for 15 years, but are in the process of switching to Postgres. Postgres has been such a breath of fresh air after Oracle that we keep asking ourselves why we didn't do this years ago?! I have tons of experience with Oracle, but I honestly can't understand why 99% of Oracles current uses can't use Postgres.

  8. One of the many reasons we went to Google Apps by zerofoo · · Score: 4, Interesting

    Boxed software licensing stupidity pushed us into the cloud.

    We are a private school, and we got tired of constantly tracking our licensing status. Do we have enough AV seats? Do we have enough Exchange and SQL cals?

    Enough is enough.

    We put our staff on Mac OS and we put the kids on Chromebooks and Google Apps. Our experience with Microsoft's crazy licensing schemes was one of the reasons we didn't even consider their "cloud" solutions. Yes, an E1 Office 365 is free for schools, but Google Apps and Chromebooks are dead simple and the staff and students really like them.

    We kicked Adobe to the curb for the same reasons. The licensing and compliance costs, even for Edu, were absurd.

  9. It's a trap by dbIII · · Score: 4, Interesting

    As an example, licensed for 800 seats, but using 835

    While much of the software used in my workplace has some very annoying licence management software to punish the honest, it at least does not trap people by letting them go into non-compliance so the legal vultures can come in and feast.
    If your software allows 835 seats when you are only allowed 800 it's either a deliberate trap or incompetence on the part of the vendor or whoever they have bought their licence management software from.

    If seat 801 can start up then someone on the vendor side has fucked up, or it's a trap.