Ask Slashdot: Does your Employer have an OSS Policy?

osjedi submitted this tidbit for your toughts: "I have heard from a few people that the companies they work for have issued a statements to the IT departments stating that they are forbiden to utilize any open source software. Obviously this is short-sighted. I would be interested to know from fellow Slashdoters what stance (if any) their employer has taken regarding the use of OSS. I would like to compile a list of the companies forbiding the use of OSS. It would be fun to create a "Open Source Users" stock index, and a coresponding "Open Source Refusers" index." It would be interesting to know which companies actively promote Open Source as these might be good places for those OSS Coders who are currently looking for day jobs. What do you all think?

My experience with OSS at the Workplace

[EvlG]

Disclaimer: these opinions are my own, and are not indicitive of those of my employer.

I work at Ericsson US (our design center is based in Richardson TX) and they are just beginning to understand the benefits of Linux. I installed it on my workstation, and use it here and there to get stuff done. We are split between NT and Solaris (with the NT people pusing it slowly but surely to replace Solaris), so I can't really use it for everything.

The main problem is, many people (my group included) see Linux only as a cheap way to breathe life into older hardware. While we all know that Linux can run reasonably well on older machines, we also know that it just rocks on modern stuff. However, our design center is of the belief that if we want to run Linux, lets do it on some old hardware so we can save money. They aren't really looking at Linux as an alternative to other solutions with the same hardware; rather, they are looking at Linux as a way to put off buying new hardware.

I see this as a problem in the community at large; many times we emphasize the ability of Linux to use legacy stuff. Perhaps we should put more emphasis on just how awesome Linux is on modern stuff.

On a side note, I am definitely glad that my employer sees Linux as useful. Count Ericsson among the Enlightened :)

big companies need vendors to beat on

[garver]

A lot of companies are scared of OSS for a legitimate reason: They need a vendor to answer for any problems.

First, I don't believe in this, so don't hurt me. I'm just trying to get you into their head so you can understand a non-OSS policy that doesn't need a religious foundation.

For OSS: You can change the code yourself (or audit it) when there are problems without waiting on the vendor.

Big company: Then we have to train people to know the code. And we feel obligated to audit the code to gaurantee some hacker (sic) didn't put a back door into it. Training is expensive.

For OSS: Outsource your OSS support to a third party company. In other words, get a Linux support company to support your linux boxes.

Big company: If they didn't write the software, how can they know it well enough to fix it? Linux support companies are too small to handle our large accounts.

The company I'm currently working at kind of treat their vendors like black boxes. They send money and out pops a product. They aren't equipped (logistically and mentally) to dig into the code. I'm not saying that you have to dig into code to run Linux, but if something happens, a big company is not going to be content sending email to the package maintaner.

The building I work in has more SUN guys (100 or so) crawling around supporting our SUN boxes than RedHat has employees, I think. So, I think the large company mixing with a small company thing is a legitimate argument.

That said, having a strict non-OSS policy is stupid. That just falls into the "don't limit your options" category. My company has a come aways in the last couple years. Perl (gasp!) is being used and I know of a Linux box and someone hacking with MySQL. I see these as cracks in the non-OSS policy and instead of leaving the company, I'm staying to widen these cracks.

My employer...

I'm posting this as anonymous, not because I want to, but because I feel I have to.

Last year we went from UNIX and VMS to NT. All workstations were removed from our desks. They were usally Sun SPARCstation LXs, 10s, or 20s or SGI Personal Iris 4D/30(/35), Indigos, Indys, or Indigo2s depending on the dept. and the job you did. The SGIs were generally used in the mechanical engineering departments and the Suns in the electronics engineering departments. Now everyone is stuck using Windows98 with crummy design tools. This cost a fortune... trust me. The place is horridly unstable and we have problems all the time. I'm on the system administration team and let me tell you it's a nightmare. We replaced 3 VAX 6000s,7 Sun 630MPs, and a Challenge S with NT. That in itself is disgusting. We are forbidden from using any OSS. They claim it's unreliable and unstable and there's no one to sue which is basically what my supervisor told me. The place is Unix free now. The management claimed they needed a "solution" to the aging computer equipment we had here... so they in their infinite wisdom *cough* went totally microsoft.

The part that really jerks my chain today is that when they got rid of the old equipment they had it crushed and shredded. No one was allowed to have any of it. Knowing what happened to all those workstations and servers is sickening. I don't know why did it either. Selfish assholes.

Misc. thoughts.

[Black+Parrot]

Here's some general commentary after reading most of the posts that have appeared so far.

"No Linux" /= "anti-Linux", or at least not necessarily. At the big scale it makes perfect sense for a company to limit the variety of systems its support staff has to deal with.

Also, the entire phenomenon doesn't (necessarily) have anything to do with Linux and/or OSS. I once worked for a hugemongous company where the computing was mostly split between one mainframe per site vs. many departmental VAXen at the site. There was a never-terminating feud between them what wanted to get rid of the mainframes and them what wanted to get rid of the VAXen. (Among the support staff it was mostly a matter of friendly badgering, but among management it was apparently a matter of making and breaking careers.) The policy swung back and forth every few years, apparently as a function of who was retiring and who was moving up to fill the void.

To elaborate on what another poster said: corporate bureaucracy is a pyramid. Five people want to move into that single slot above them. If you do what all the others do, you've got 1/5 chance of success. If you do something different, you can avoid the luck of the 1/5 chance, and rise or fall depending on how your decision works out. This undoubtedly accounted for a certain number of managers who pushed their company to all-NT, and will undoubtedly account for a certain number of managers who will push their company to all-Linux. In other words, sometimes it's a matter of internal politics rather than of technology.

Never underestimate the power of salesmen bearing expense accounts. I've seen some incredibly stupid decisions made by people under salesmen's thumbs.

The license worries may be based on lack of knowledge, but they aren't entirely unreasonable for all that. The Software Pwhatever Association has companies terrified about getting keelhauled over unlicensed software. (Irony is, the SPA behaves rather like pirates when they do catch an offender.) The only solution here is educating decision makers about the GPL and other OSS licenses. This should happen automatically as they start seeing their peers in other companies adopt OSS, but it would be nice to get a favorable precedent-setting court case or two behind us. (IANAL, but the good thing is, apparently, that the more companies start using OSS, the less likely it is that a court will strike the GPL down as a quirky, unsupportable document. The fact that Fortune 100 companies are buying in to it more or less gives it a Common Law status. Also, if big companies rely on OSS, it will be easier to raise money for any defense funding that may be needed in the future.)

A number of posters have indicated that their management has swallowed the FUD hook, line, and sinker. This is another problem that should evaporate as more and more companies publicly acknowlege using OSS. How will the PHB reconcile "hacker's toy" with "Boeing uses it to design airplanes" ? (I'm sure the true PHB will pop his head into the Management Zone, but lots of other bosses will undoubtedly snap out of it.)

BTW, thanks to everyone who has posted. This discussion has been a really interesting peak behind the curtains.

Open Source OK for Flight Management

[WSH]

I work for a medium size engineering firm, Smiths Industries Aerospace in Grand Rapids, MI.

We develop Flight Management Systems for various types of aircraft (if it's bigger than a Cessna, odds are the pilot isn't really flying the plane, after all). We've been a VAX/VMS shop for a long time, and we still do a fair amount of devel on that platform, but with the decline in PC prices and the increase in PC power, we've been searching for a new approach.

Of course, the powers that be decided the future was in a Microsoft solution, but a number of us lowly engineer types were too revolted not to try and find something else. Solaris was the first choice, but since we write the majority of our code in Ada (no comments from the peanut gallery), we were limited in our choice of compilers between one by Rational and one by VADS. Well, neither of these produce very good code on the PowerPC considering how expensive they are.

Too hasten to the point, someone had the bright idea of trying a GCC cross-compiler with NYU's Ada front end, GNAT. You wouldn't believe how much better code it produces (30% - 50% better) on our benchmarks. Now we're looking at a linux based development environment to go with it.

I just goes to show how sneaky you have to be to get management to even try open source stuff sometimes. First you let them spend a pile of money on a poor solution, then you step in and replace it with a vastly better solution for -- what was that price again? -- oh, yes, for FREE. The suits are usually in such hot water at the time, they can't do anything about it anyway.

All right so I said more than I had too, but it's a kind of interesting story, isn't it?

wsh

Large Credit Card Company

[Neuronix]

MBNA, our second largest credit card company here in the US strictly forbids anything that is not provided from a manufacturer with a specific support contract.

They're so strict that they have even banned perl because Sun/HP do not "officially" support it. Of course everyone in the UNIX department uses perl anyways :)

This is probably confidential info actually, but they turned me down for a job, so I don't care :)

Solution to the problem

[TheInternet]

This is a quite disturbing idea, but is also quite easy to solve -- in concept, at least. Compile a blacklist of anti-OSS/Linux companies. Give the list a prominent position on Slashdot. Mail the list around to opt-in participants on a weekly basis. Encourage mirroring and reposting of the list. I'm sure open source developers would be willing to participate -- Apache, PHP.net, OReilly.com, Perl.com.

What this will do is prevent talented inviduals from applying to the blacklisted companies. This scares the heck out of recruiters. They ability to attract new talent is based largely on how well the environment will suit their needs. And something this drastic would certainly attract mainstream media attention in fairly short order.

Perhaps even Microsoft-only shops (no Solaris, Mac, Apache etc) would get dinged even more.


But there would be some things to consider:

1) Need to verify and rate the claims of anti-OSS situations. Moderators would be a must. Abuse of power could potentially be a problem.

2) Make it clear that this is a positive thing. Explain how companies can take advantage of the benefits of open source, and get themselves un-blacklisted at the same time.

3) Make it clear that you don't have to use /only/ open source software.

4) Possibly inform/advocate OSS software that has commercial software qualities -- support contracts, shrinkwrapped packages, established support sites, sample code. Anything to ease the transition.


I would be willing to lead this charge. If anyone is interested, contact me. Maybe we can start a list to discuss our options.

Finally, I wonder how many of these companies are using open source software and don't realize it? If they're using Apache, Perl, Sendmail -- they're at least part of the way there, right?

More statements on company sites noting the use of open source software couldn't hurt, either, could it?

- Scott

------
Scott Stevenson

My cat likes cat food

[coredog]

I look at the thread, and the subject appears
to be why would a company have a "no OSS" policy?

However, the thread quickly degenerated into
"I use Perl and it works, NT sucks, blah blah blah"

There were a few posts that mentioned what is the probable reason (IMHO) for the no OSS policy. A no OSS policy means that you have to get approval to install software. This lets legal check the license and avoid any problems where someone installs something that is not freeware in a corporate setting (Applixware anyone?).

BTW, the subject was a poke at those who quickly
took this thread off topic. Why not post some relevant comments about how to create a business case to get OSS software approved?

Speaking as an Employer...

[hazeii]

Speaking as an employer, and as part of a company that shipped Windows-based products, we probably do what a lot of small companies do - use Free software extensively internally but ship products containing nothing but proprietary code (as that's where the money is)

The point is, companies that do use free software should recognise their debt to the Free software community and contribute back to it. Human nature being what it is, though, I suspect a lot of companies will just take take take and not Do the Right Thing and give the appropriate amount back to the community. We do what we can, because we don't want to live in a world dominated by BSOD's (I hate to think how much of my life has been wasted because of Microsofts policy of shipping shoddy code).

Also as an employer, when we're hiring coders (which we always are, so mail if you're interested) we'd take people with C and Linux over someone with C++ and MFC anyway....

But they already use OSS, and don't know it!

[jsm]

There aren't many comments that point this out. Virtually every company already uses a fair amount of open source software, if they use email, domain names, or develop in C/C++ (most of the time). The OSS underlying most systems that is so pervasive that it gets taken for granted. Any effort to remove all OSS from a company would probably fail, because a) the systems would fail, and b) they couldn't find all the OSS in their system, anyway, even if they thought they had. Those who thought they were successful would probably be quite ignorant, and OSS would merrily continue doing work on their systems.

Here's a good writeup of a world without free software.

What does active promotion mean?

[JordanH]

I would like to compile a list of the companies forbiding the use of OSS. It would be fun to create a "Open Source Users" stock index, and a coresponding "Open Source Refusers" index." It would be interesting to know which companies actively promote Open Source as these might be good places for those OSS Coders who are currently looking for day jobs. What do you all think?

From what we're hearing in this thread most companies will allow OSS to be used. Is this what is meant by "actively promote Open Source"?

It seems like there are several overlapping types of "active promotion" that would be possible.

An organization tolerates the use of OSS. From what we're hearing, this is most organizations.

An organization actively encourages OSS to be used. Such an organization would have a statement of policy which encourages and fosters OSS use and development. This would be similar to what the Clinton Administration has just announced (This link is the Slashdot story that references a story in Federal Times Online, the "topstory.html" link at Federal Times Online that it refers to has changed and this story doesn't seem to be referenced in their on-line archives. Is this story still on-line anywhere? I couldn't connect to whitehouse.gov this morning to check there).

An organization not only encourages OSS, but releases software that they have developed as Open Source, or perhaps unencumbered Freeware that could be re-released as Open Source when modified by the Open Source Community. There are many examples of companies like this, IBM, SGI and Cygnus come to mind immediately, but there are certainly a lot of others. There are many issues related to almost-Open Source releases, software essentially Free-to-use and modify, but you don't have the same license on the modified software that you had on the original. This is the model with Sun/Star Office/SCSL. I'm not sure if this is "active promotion" of OSS, but it's in some ways supportive of the goals of OSS.

Organizations that release only Open Source. These are relatively rare. The Linux distribution vendors (RedHat, SuSe, et al) are examples. The FSF is the archetype.

If you wanted to promote OSS through investment funds or boycotts, you would have a lot of different things to consider.

Some seem to believe that OSS is not only the most socially conscientious, but also the best business model. The idea is that a company that releases only OSS is going to be the best able to support it and will be the best able to take advantage of any community modifications that are made. Such a company gets the best software to sell, and has to keep sharp in it's support and updates or it can be overtaken by others with the same business model. At this time, this would be a somewhat speculative investment, I think, as it's largely untested as a business model.

I note Cygnus seemed to have has as their original business model to only support OSS, but lately they have been making Closed Source releases. This may be saying that Cygnus has determined that supporting OSS only is not a good business model, or it may just have been due to insecurity in Cygnus' management with the business model. I'd sure like to hear something from "the Open Source leader" (which is what Cygnus calls themselves) about this. Of course, if Cygnus learned this through market research, they may not be willing to share their analysis with potential competitors.

A different case can be made for investing in only those companies that allow or even actively encourage the use and release of OSS. This is a risk-adverse investment policy based on the observation that if an organization is unwilling to take advantage of the great store of value in OSS, then they will not compete as well.

Similarly, an OSS coder may have a difficult time finding employment at the "purist" OSS supporting organizations - those that only develop OSS software - the FSF and Linux distribution vendors only have so many jobs available, after all. Perhaps in the future, there will be more such options. Today, such a coder may wish to set their standard at no "OSS forbidding companies" (of course), or somewhere between this and the "pure" OSS supporting organization.

This brings up another potential competitive advantage to a "pure" OSS supporting organization. They might have more qualified applicants.