Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source Software

Openwashing: Users and Adopters Beware 96

jenwike writes: With the success of open source software today, we are seeing organizations undertake more egregious marketing and promotion schemes that exaggerate their participation in, contributions to, and/or licensing of open source software. Their hope is to capitalize on the label of 'open source' and the success that goes along with it. The reality is that the responsibility is on the end-users to review the software and accompanying license to ensure it meets your expectations.
This discussion has been archived. No new comments can be posted.

Openwashing: Users and Adopters Beware

Comments Filter:
  • by C. Mattix ( 32747 ) <cmattix@@@gmail...com> on Wednesday December 03, 2014 @11:54AM (#48515327) Homepage

    From the End-User standpoint, really the only thing that they care about is that there is a "full featured" product that is free (as in beer) and they won't have to deal with marked-up license fees. Most of the time, if a company goes to a potential client and, for example, says they are going to use an Open Source CMS system, the client basically thinks "Great! My project will be cheaper because I won't have to pay additional license fees."

    In all reality, I would venture that the VAST majority of open source projects in the wild that are being used VERY RARELY have that source code looked at by anyone other than the developers that are building the system or those looking to exploit it.

    For most people who are more concerned with using a system than how it is built, "Open Source" just means they have to use Google for documentation instead of calling the vendor or reading a manual.

    • Openwashing? Is that actually a term now?

    • by Anonymous Coward

      TANSTAAFL. In general, with MS software, you pay the license fees, but there is a far greater pool of MCSEs to choose from so admin costs are lower. In general, Linux has fewer licensing costs, but it takes more manpower to configure and secure a network of 1000 Linux servers than it does a forest of 1000 Windows boxes.

      Take an admin task of blocking USB flash drives from desktops in receiving. With Windows, it is just creating an OU, creating a GPO, and pushing it out. With Linux, this is a lot more dif

      • by Anonymous Coward

        So if you purchase a product from Windows specifically for group policy it's better than linux where you might have to purchase a product specifically for group policy, despite the fact that openLDAP exists. Totally makes sense. And server monitoring..yeah no one has heard of Nagios which can monitor Windows and Linux servers. Don't get me wrong it requires more skill to have a good network, regardless of OS, but just because linux server administration proves that some people are better at computering than

        • You're arguing when you don't understand the basic proposition. First off, he's not "purchasing a product from Windows specifically for group policy"---that is part of the OS. Second, his primary point seems to be total cost of ownership rather whether or not certain functionality is available.

          He's saying those things are more expensive to implement on Linux---either you have to buy them or pay more in labor to get them. He's not wrong.

          From your own examples, OpenLDAP takes considerably more time and effort

      • by BronsCon ( 927697 ) <social@bronstrup.com> on Wednesday December 03, 2014 @12:57PM (#48515951) Journal

        With Linux, this is a lot more difficult and requires more third party add-ons.

        Only allow root to mount disks. Your users shouldn't have access to sudo, su, or the root login, anyway. Pretty simple, really; locate the mount binary for your system (/bin/mount is a good bet; if your mount binary resides elsewhere, you'll have to modify the commands below to reflect that), then do the following:

        chown root:root /bin/mount
        chmod 0750 /bin/mount

        Done. Now, only root can even execute the mount binary, so only root can mount disks, and that will include flash drives.

        It does get a little more complicated if you need to be able to mount network shares, but you should be able to add those to /etc/fstab and auto-mount them on boot.

        • Yeesh, anybody who can physically access the machine probably should be a sudoer on it, anybody who can get to the side door of a computer has ultimate root: he can plug in a different boor partition.

          I mean, use chmod, but don't fool yourself into believing you don't also need to use glue and a padlock and a tamper seal.

          • The post I was responding to claimed that this was easier to do in Windows than Linux, a claim which I countered. Are you, now, claiming that you don't need the same physical security on a Windows machine, or are you just being a pedantic dick?
        • Doing this on 2-3 workstations will take longer than creating and linking a GPO, nevermind a change that needs to go network-wide. Granted, the GPO may take an hour or two to propagate and you could finish quite a few machines by hand in that time, but the actual admin time required to implement it is much lower.

          Windows wins for enterprise. Yes, Linux is technically better at the things its developers focus on---no question there. But kernel development hasn't provided the same level of enterprise managemen

      • by Curunir_wolf ( 588405 ) on Wednesday December 03, 2014 @01:11PM (#48516073) Homepage Journal

        it takes more manpower to configure and secure a network of 1000 Linux servers than it does a forest of 1000 Windows boxes.

        No, it doesn't. I've done both (~820 Windows, ~900 Linux), and the Windows takes more administrator time. But then, the Linux servers were all Red Hat, so the "fees" really weren't any cheaper, but the vendor support was a hell of a lot better.

        Take an admin task of blocking USB flash drives from desktops in receiving. With Windows, it is just creating an OU, creating a GPO, and pushing it out. With Linux, this is a lot more difficult and requires more third party add-ons.

        I think you're mixing things, here. At first you were comparing server OS's, but now it sounds like you're comparing deploying Windows desktops to deploying Linux servers. Yea, guess what? Managing a monolithic single-OS environment is easier than a mixed environment. If you're deploying Linux workstations you can do the same thing with the right tools. And don't get me started on all the issues you're going to encounter using GPOs in a complex environment. It works better these days, as long as your desktops are all "Enterprise" editions and you don't have any XP or 2003 servers sitting around (then it won't eve work at all).

        Or something as basic as performance monitoring. Windows has utilities (SCOM) which make it trivial to watch server performance via WMI. Yes, you can do the same with Splunk, but that doesn't come cheap.

        Wow talk about admin resources - have you ever set up a functional WMI infrastructure in a secure network. To say it's non-trivial is an understatement. It's easier if everything is the same version, from a well-tested image, but there are all kinds of snafus that mean your connections don't always work or some functionality goes wrong. SCOM, frankly, is a house of cards.

        Actually, I'm impressed with some of the functionality available using PowerShell and remoting in Server 2012 R2, especially being able to roll out a lot of headless stuff. But the learning curve for that, and getting the tools in place for what you want to do, is a major undertaking. Maybe after a few years with it I'd be able to do the same things I do with bash scripts now, but it seems a lot more verbose to me.

        • What I don't understand is why would someone want to use a log consolidator to do performance monitoring unless that is the only tool they own/know. Just use a real monitoring tool instead, you know something like Nagios or Zabbix. It is the old problem when the only tool you have is a hammer everything looks like a nail.
      • With Windows, it is just creating an OU, creating a GPO, and pushing it out. With Linux, this is a lot more difficult and requires more third party add-ons.

        yeah, thats easier than writing a udev rule, or chmoding /bin/mount 0700, right?

        its actually fairly easy to block USB flash drives in linux, and there are lots of really good ways of doing this, probably easier than windows, and the USB subsystem generally doesn't suck. Linux also doesn't automaticly mount far less run anything on a flash drive by default, which makes it a far lower security risk in default setups.

        as far "forrests of 1000 boxes", there are endless options from auto-run scripts with ssh

    • by tnk1 ( 899206 ) on Wednesday December 03, 2014 @12:57PM (#48515943)

      You're not wrong as a general rule, but there are plenty of organizations that do make use of the code to look at and having it be open helps even the people who just want the "free" aspect.

      For instance, independent security labs can and will look at code. They then release information which aids me, as someone who may not look at the code, in making a decision on if it is safe to buy.

      Open source is not about being free, it is mostly about the sharing of information with the goal of making it better and aiding everyone. Those who open source their software get the benefit of other people extending it, who then contribute back to the project in some manner. Those who use Open Source software can take advantage of the community and its work and oversight.

      Being free is mostly a side effect of the fact that if you give up the source code, the software can be copied easily, and it can be made difficult to control trade secrets or algorithms, so there is little point in charging for the code itself. Opening the code removes the ability to adequately charge for the "intellectual property" but as a side effect, being "free" is a huge motivator for adoption as well, so it is usually win-win.

      And although I agree that Open Source *can* mean reading a manual or Googling, that is *not* part of open source. Bear in mind, most people get support for Microsoft products in the same way... ie. Googling. You do have the option of buying certain support or developer resources from MS, but there are also service companies out there that operate services for Open Source software in the same way. Percona comes to mind for MySQL. If it is open sourced, you can have support and have it paid for. The question is whether anyone actually wants to pay for that when there is Google.

      • Open source is not about being free, it is mostly about the sharing of information with the goal of making it better and aiding everyone. Those who open source their software get the benefit of other people extending it, who then contribute back to the project in some manner. Those who use Open Source software can take advantage of the community and its work and oversight.

        Its not that simple. Your definition matches various commercial closed source libraries where you have the option to buy a binary license or a source license.

        Also you left out what is perhaps the greatest draw of open source or closed source licensing. Your project is not at the mercy of someone else. You have the convenience of using an existing library but if the vendor fails you have the source and can fix things yourself as a last resort. Not that having a community find/fix bugs isn't nice, its just

        • by tnk1 ( 899206 )

          I did leave out forking as a benefit, and that was an oversight, so thanks for bringing that up. I certainly don't undervalue that, because you can customize or ensure continuity if the original developer disappears.

          As for the selling of the code.... I think that leaving the code out there is a huge negative for being able to sell the code itself. You can still go the copyright route, of course, but its harder to detect and then prove, and for a smaller developer, probably a barrier to serious enforcement

      • I absolutely agree with your statement here:

        Open source is not about being free, it is mostly about the sharing of information with the goal of making it better and aiding everyone.

        I think the phrase "open source" has gotten overly politicized over the years and for many people is approaching the level of an "-ism." I think the shift to calling it "community driven" software (or the like) better represents the meaning and intent of most projects. Things start to go awry when the that goal gets pushed to the

        • Community-driven is more of a development approach, and does not imply an ability of the community to take code, change it, repurpose it, and sell it. It doesn't imply that the project can be forked, since it can be done with a proprietary/non-OSI-open-source license. In esr's "Cathedral and the Bazaar", community-driven would be "Bazaar", and as he points out there are Free/OS-Open-Source projects that do take the cathedral approach.

          The concepts aren't quite orthogonal, but they aren't anywhere near i

    • From the End-User standpoint, really the only thing that they care about is that there is a "full featured" product that is free (as in beer) and they won't have to deal with marked-up license fees.

      Which isn't necessarily a given. To give a concrete example, at the 24th International Conference on Field Programmable Logic and Applications, there was an award given to Jason Anderson for his 'contributions to open source high-level synthesis', in particular the LegUp project [toronto.edu]. Now, given this award and the fact that the front page of the web site starts with the phrase 'LegUp is an open source high-level synthesis tool', you might be forgiven for thinking that LegUp is open source. If you go and read

      • That's why you look for some indication that the license is what OSI considers open source. They couldn't trademark or otherwise protect "open source", so anybody can claim it and put whatever restrictions they like on their software.

    • If that was true, why could companies capitalize on Open Source. Seems to me it has giant marketing value which wouldn't matter unless people care.

      Truth is FOSS apps work better. Truth hurts the 5-year-old mentality of "DERP OPAN SOORES", who generally lost out and no one gives a fuck about them, any more than anyone in FOSS gives a fuck about some loudmouth with an anger fork.

  • by Anonymous Coward

    I love open source and software freedom, but there really have been too many scams as of late. Here are a few:

    The "anonabox"- a re-badgered junk wifi device with software someone *else* wrote and was poorly implemented lacking sources and violating license agreements of utilized code (ie, the projects a scam, not the real developers whose code was utilized by the project).

    "Librem" 15 from "Purism" - "“a laptop that respects your freedom" yet ships with chipsets including NVIDIA that are dependent on n

  • by Anonymous Coward

    I will fess to being ignorant and ask for my (and others') sake: how does one "review the software and accompanying license to ensure it meets your expectations"? Can you ELI5?

    • by Anonymous Coward

      If it says anything regarding commercial use or anything about retaining rights to your personal information, it's probably not cool. It's especially bad if it mentions your derived genetic offspring. Open Source and FOSS are different in that one is done to allow others to work on it and audit it openly, where as one is a political statement and philosophy regarding personal freedom and software freedom. Some projects include both.

  • by Trailer Trash ( 60756 ) on Wednesday December 03, 2014 @12:49PM (#48515863) Homepage

    Back in the early 90s "open systems" were the big thing. Everybody jumped on the bandwagon. For example, DEC renamed VMS to "OpenVMS" when they added some posix compliance stuff (God help anybody who had to use posix on vms).

    See here:

    http://en.wikipedia.org/wiki/O... [wikipedia.org]

    I went through many teeth-gnashing episodes at the university with people using "open systems" as their new favorite buzzword and of course treating vms as such. While I preferred vms to the mainframes of the day and it was far easier to deal with (had tcp/ip, for example) it wasn't really "open" in the way that I and many others saw as open.

    See also here:

    http://en.wikipedia.org/wiki/O... [wikipedia.org]

    This was the silly crap we were dealing with before FLOSS became popular. Of course, we have our own silly crap to deal with now but I assure you it's less mind-numbing.

  • Scumbags (Score:4, Informative)

    by wiredlogic ( 135348 ) on Wednesday December 03, 2014 @01:08PM (#48516035)

    I've seen a few "open source" projects where the open code is out of date and nothing like what is shipped in the current binaries. That's a pretty scummy way to abuse the label.

  • It seems there's a lot of confusion over the term "open source". All it means is that the end-user gets to review the source code. It doesn't mean that the source code gets to be re-used in someone else's project under the GPL: the original developer(s) still hold the copyrights subject to whatever licenses apply.

    What we seem to have hear is a bunch of bloggers speaking to a certain audience who wish to redefine "open source" to mean "everybody gets all rights for free". Their invention of the pejorative "o

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...