Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Open Source Businesses

Eric S. Raymond Calls SaaS 'Dangerous', 'Worse Than Proprietary Software' (ibiblio.org) 341

After Salesforce warned it retailers to stop selling military-style rifles, a larger issue was identified by Eric S. Raymond: software as a service. If the provider decides it doesn't want your business, you probably have no real recourse. OK, you could sue for tortious interference in business relationships, but that's chancy and anyway you didn't want to be in a lawsuit, you wanted to conduct your business. This is why "software as a service" is dangerous folly, even worse than old-fashioned proprietary software at saddling you with a strategic business risk. You don't own the software, the software owns you.

It's 2019 and I feel like I shouldn't have to restate the obvious, but if you want to keep control of your business the software you rely on needs to be open-source. All of it. All of it. And you can't afford it to be tethered to a service provider even if the software itself is nominally open source. Otherwise, how do you know some political fanatic isn't going to decide your product is unclean and chop you off at the knees?

This discussion has been archived. No new comments can be posted.

Eric S. Raymond Calls SaaS 'Dangerous', 'Worse Than Proprietary Software'

Comments Filter:
  • by TigerPlish ( 174064 ) on Sunday June 02, 2019 @04:24PM (#58696758)

    Would that file have a pistol grip? Would it have a wood handle, or just a few twists of duct tape?

    Or is a military file somehow more dangerous than a civilian file? Is 'doc.txt' written by a military word processor somehow more lethal than 'doc.txt' written by notepad?

    Sweet cheese and crackers, the editing here alone is worth the price of admission. Such comedy!

    But dude has a point. He really does. This whole Salesforce thing is going to ignite a powder keg, no pun intended. I do hope they end up with major egg on the face and a few hundred million poorer.

    • major egg

      I see what you did there.

    • by Calydor ( 739835 ) on Sunday June 02, 2019 @04:33PM (#58696812)

      There's a very important difference between Notepad and military word processors. Notepad allows you to format the text pretty much however you want within the confines of ASCII, while a military word processor defaults to putting everything in bullet points.

    • by Anonymous Coward on Sunday June 02, 2019 @04:57PM (#58696922)

      Recently there was some problem with the Microsoft licence authentication servers. Most of the team suddenly couldn't open and run Visual Studio any more. We hadn't done an upgrade or anything....it worked yesterday and refused to work today. Our software development was completely paralysed.

      IT got it sorted it out. But it took a day. The department manager was frustrated and was complaining about how untenable it seemed that an error on Microsoft's part could have such an impact on our business. He clearly felt violated.

      As he should have. As the whole company should have. Such behavior is UNACCEPTABLE! But for some reason, the owners are willing to take it. We just put up with it.

      We could switch over to Linux. It would take quite a long time to recode our stack so that it would all work under Linux, not to mention updating our skill sets. That is too much of an inhibitor, so we are sticking with Microsoft and hoping it doesn't happen again.

      Needless to say, I run Linux at home.

    • by ceoyoyo ( 59147 )

      Considering what happened to Manning and Assange, not selling military style files might be a good idea.

  • by shanen ( 462549 ) on Sunday June 02, 2019 @04:29PM (#58696782) Homepage Journal

    Yes, he's making some good points, but without a solid financial model underneath OSS, no business can rely on it. At least SaaS may involve a reputable company that is making money from the business and wants to continue making money--even if the business model ultimately comes down to some form of extortion. What is a business going to do if the key people supporting some critical OSS just walk away? Take away their birthdays?

    As usual, I prefer to focus on solutions, which may qualify me as some sort of pariah on Slashdot. I think OSS should have at least one business model focused on (1) Cost recovery, (2) Fair compensation for work done, (3) Accountability for project completion, and (4) Success criteria accepted in advance by all of the involved parties. I think all of these objectives could be accomplished with a charity share brokerage, but if you disagree, then let's hear your better idea. Heaven forbid that you offer superior principles or thoughtful questions.

    • by Solandri ( 704621 ) on Sunday June 02, 2019 @05:16PM (#58697002)
      I don't have a problem with either proprietary software or OSS. But I completely agree with ESR on software as a service.

      At least SaaS may involve a reputable company that is making money from the business and wants to continue making money--even if the business model ultimately comes down to some form of extortion. What is a business going to do if the key people supporting some critical OSS just walk away?

      In the OSS case, you can continue to use the software as-is for as long as you like. Presumably you will search for and find a replacement at your leisure, before the software becomes obsolete And because it's open source, if you wish you can hire your own developers to update the source for you (you can even post your updates back to the OSS repository if you like).

      In the proprietary software case, you can continue to use the software as-is for as long as you like. Presumably you will search for and find a replacement at your leisure, before the software becomes obsolete. Or not (FORTRAN and COBOL code is still in use).

      In the SaaS case, you're completely screwed. Your software either stops working immediately (if the software provider completely shut down), or it stops working at the end of your subscription (if for some reason the software provider doesn't like you anymore and refuses to renew your license). Both leave you with little to no time to find alternatives.

      I've even seen a couple cases where a small business was shut down for a few hours or a day because their Internet happened to go down the exact day the SaaS decided it needed to phone home and re-validate that the computer it was running on was in fact authorized to run it. I always advise businesses reliant on the Internet (cloud or subscription services) to pay for a second form of Internet as a backup, even though it seems like you're throwing away money as long as your primary Internet stays up. But few business owners heed that recommendation.

      • by shanen ( 462549 )

        Really stretching to imagine any connection between what you wrote and what I wrote, notwithstanding your click on the "Reply..." option. By really stretching my imagination, I think your suggestion is that, in addition to having the expertise to run a business in a competitive manner, the business owner must also become an expert programmer who can maintain any OSS that the business depends upon.

        If that interpretation is anywhere close to your intentions, then I refer you to David Ricardo and his explanati

      • by Sigma 7 ( 266129 )

        In the proprietary software case, you can continue to use the software as-is for as long as you like.

        Almost true - most of them can run as-is, but there's a few that somehow break down.

        The most common issues appear in the video game subset. Aside from systems no longer being available (countered by types of emulators), some of them had poor programming or a deprecated dependency that cause problems in the future. If you happen to have an old system or configuration that works, that's great, but hardware mi

      • In the OSS case, you can continue to use the software as-is for as long as you like.

        Right but who is maintaining it? Who's patching the latest openssh vulnerability in the system? Small businesses don't want to employ developers to do that, they want to contract that out to a specialist firm who can provide the functionality to them as a service. Just as an example look at Square's payment and point-of-sale system, I can definitely see why businesses use that, I'm not even sure what the OSS alternative is (if one even exists).

      • If the product you use has 83-odd percent of the market, they can do anything they like to you, good or bad, and you have to eat it. if you switch to the competition, you lose 83% of your customers. Bye!

        PS: duopolies like Rogers and Bell work too, as do oligopolies

    • by guruevi ( 827432 ) on Sunday June 02, 2019 @05:33PM (#58697052)

      With OSS you can pay/hire someone to do the job if the key developers go away. With SaaS, if the company goes away so does your application, your platform AND your data.

      Imagine all the HR databases in the world that are currently being migrated to things like SalesForce or Workday or any of the other big players and they suddenly go poof because one of those companies forgot to pay Amazon or is so far in debt they can no longer pay their Azure instances and some disgruntled tech that hasn't gotten a paycheck in 3 months simply pulls the plug. Companies don't just disappear overnight, they run massive debts both internal and external, not just financial but also technical, often hidden from investors and customers and then one day they simply close shop and if you're lucky, you'll get a 'sorry, we failed you' note.

      And their customers ALL currently have 'ironclad' contracts. The same contracts that are worthless in bankruptcy proceedings because the first to get paid back is the bank and your data has now become an 'asset' of the bank ready to be monetized with or without you, but none of their data or code is in any sort of escrow. I'm just waiting for a company like Workday with a half-baked product (if you think PeopleSoft is bad, you have never had to work with them) and I can tell you from experience at least a dozen very large institutions will be officially bankrupt when that happens because they won't be able to run payroll, they won't be able to trace any of their income, contracts, expenses etc.

      • by shanen ( 462549 )

        There seems to be a LOT of confusion around here. I am certainly NOT defending SaaS, though some of your [guruevi's] criticisms are poorly aimed. Anyone who signs up for SaaS without some data export capability is truly too foolish for words.

        My focus is on the failure of OSS to offer a superior business model. I have offered one constructive suggestion for an alternative approach to funding OSS to make it more effectively competitive. No one has offered any recognizable improvement over my suggestion. Actua

    • by ceoyoyo ( 59147 ) on Sunday June 02, 2019 @05:58PM (#58697172)

      If an open source project does something you don't like, you've still got the software, can keep using it, and can fork the project and go your own way if you want to.

      If a proprietary software vendor does something you don't like (like making their software all SaaS....) then you've still got the software and can keep using it. You can't fork it though.

      Companies like Red Hat effectively do what you've suggested: they provide someone you can sue if promises aren't kept. But your real security is that you can do your own damned development if someone decides they don't want to do it for you.

      • by shanen ( 462549 )

        No, my suggestion is different. The project proposal should be checked and in a sense "certified" by the CSB (Charity Share Brokerage) before the shares go on sale. The proposal (which might be for a new feature, for support, for ongoing costs, or something else) would include the schedule, the resources (including people), the budget (including fair payment for the people who do the work), sufficient testing (and other aspects that might get overlooked), and, perhaps most importantly to my way of thinking,

    • Or you know, if you're a business that wants to be able to count on an open source product continuing to be developed, you could pay for it in the form of donations, and encourage others to do the same. Just because you're allowed to use it for free doesn't mean that you can't give the developers some incentive to keep at it.

      There are a number of projects that manage to operate that way quite well. It is an area that could use a lot more work though.

      • by shanen ( 462549 )

        I basically agree with this, though within the CSB context, I think share matching might be a better way to go. It can actually be problematic if a company has too much control over the project, but the CSB should be careful of protecting the degree of independence of each project for all the donors. I even think the donors should be limited to one share per project, at least in principle.

    • by sjames ( 1099 )

      What is a business going to do if the key people supporting some critical OSS just walk away?

      Keep using the software. Possibly hire someone to improve it if needed.

  • by doubledown00 ( 2767069 ) on Sunday June 02, 2019 @04:30PM (#58696788)
    One never knows where the next faux outrage or twitter cause du jour will come from. Today it is a camping store that sells firearms. Tomorrow it could be phones or computer gear judged to have been made using irresponsible labor practices (which would be most of it).

    This can of worms got opened when the United States Supreme Court decided Hobby Lobby was a business entity that somehow also had religious beliefs. That seems to have emboldened management and shareholders to be much more bold about impressing their beliefs within the stream of commerce. Once more conservative groups get into the act (and they will), businesses will have to choose which competing groups to placate. This will be a disaster for everyone.
    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Sunday June 02, 2019 @05:33PM (#58697048)
      Comment removed based on user account deletion
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Contraception, not abortion. HL had a first amendment right to restrict employee health plans despite state laws and regulations requiring the coverage of contraceptives in group health plans.

        • by RoccamOccam ( 953524 ) on Sunday June 02, 2019 @08:38PM (#58697808)

          The four contraceptive methods challenged by Hobby Lobby were emergency contraceptive pills, Plan B and Ella, and intrauterine devices, ParaGrad and Mirena. The Hobby Lobby owners argued that under their religious beliefs, life begins when an egg is fertilized and that emergency contraceptive pills and intrauterine devices both have the potential to prevent a fertilized egg from implanting in the uterus. Hobby Lobby argued that those methods induced abortions by terminating fertilized eggs, which the owners objected to on religious grounds.

          Hobby Lobby's health insurance plan offered other types of contraception that did not operate as abortifacients. Interestingly, that does not seem to have been widely reported.

      • by doubledown00 ( 2767069 ) on Sunday June 02, 2019 @09:28PM (#58697956)

        Your little zing against religious freedom neglected two key differences:

        1. Hobby Lobby wasn't forcing its views on its customers or suppliers that I am aware of, it was opposed to providing abortions as part of its health benefits. 2. What Salesforce is doing is directly dictating that otherwise legal commerce shall not happen through its services without any sort of compelling argument that it imposes unacceptable risk to them.

        It is downright offensive to our intelligence to argue that these cases are comparable. Salesforce is doing this to paying customers who aren't even imposing a meaningful liability risk to them, FFS.

        Then consider your intelligence insulted. You don't believe that it fits because your thinking is narrow and you miss the broader application.
        Hobby Lobby is a corporation. A legal fiction. It doesn't exist except by fiat of government. Yet it has religious beliefs somehow and can exercise those beliefs under the 1st Amendment.
        Saas is also a legal fiction that also doesn't exist except through fiat of government. It is now choosing to exercise broader 1st amendment rights to free association.

        Previously much of this exercise within the stream of commerce was banned due to a string of Supreme Court decisions from the 1960's that said the stream of commerce was content neutral.

        Should you actually care to educate yourself on the topic, start with Heart of Atlanta Motel v. United States.

    • Jennifer Government.

  • He's right, but it's more convenient. Salesforce may be better and cheaper than the alternative. If you don't know how to hire good programmers, you're not going to have a good custom solution.

    So imagine you are a business owner, and you have a choice:

    1) Choose the option that will cost you more (make you uncompetitive) now, so you go out of business now.
    2) Choose the option that will keep you in business for the next five years, but after five years cost you a lot.

    Which one would you choose? No busi
    • If you don't know how to hire good programmers, you're not going to have a good custom solution.

      Unless you know how to hire people who know how to hire good programmers. Or can search the internet for how-to's on hiring good programmers. Or post to stackoverflow for recommendations. Or, you know, 'learn to code'!

    • He's right...

      Eric said:

      This is ground I covered twenty years ago, do I really have to put on the Mr. Famous Guy cape and do the rubber-chicken circuit again? Sigh

      SaaS can be dangerous, it also can be the public library allowing web search and showing the availability of a text along with the results. Or Wikipedia. Which is imperfect, to be sure, but also reasonably useful.

      I'm not sure Eric Raymond doing cosplay is going to be enough to convince business leaders to understand "staying in control of our business."

      Some of them might not even comprehend that if they don't physically control their tools, they can't guarantee availability of those tools. How do

  • are the wurst. (Yeah I read the previous article about rifles)

    SaaS is only moderately better than purchasing and licensing and managing software that will soon be in need of a costly upgrade or complete data structure changes.

    Imagube is MS-Word or vim or emacs wouldn't allow you to edit files based on content...

  • "..These types of rules are âoecorporate-policy virtue signaling..."

    Yes, yes they are. That's kind of the entire point. One thing about Benioff, he has a bit of a code. Good for him. More than you can see about most Silicon Valley companies nowadays.

    You don't like it, go elsewhere. No one is forcing you to do business with Benioff.

  • But in the real world, you often don't have a choice. Some of our clients are trapped using software and websites that are required by their vendors. Software and websites that they cannot conduct their business without. Software that requires old, insecure versions of Java and that breaks with newer versions. Websites that require Internet Explorer. Business partners/clients that will not accept anything unless it is created in WordPerfect or Adobe Acrobat or Microsoft Office. Business is not about fightin
    • Trapped? Or unwilling to change?

      • by HiThere ( 15173 )

        Trapped, as in "It would cost more than we're willing to pay now to avoid going out of business later.".

      • In some of our client's cases, it is well and truly trapped. All of these are from my personal experience. If you ship a lot of stuff you need to use UPS Worldship or FedEx Ship Manager. Two sides of the same coin and there are no reasonable ways around it. Neither is very reliable in my experience and you have to provide admin rights every time they want to update. If you are a car dealership you aren't about to turn around and tell Ford, Toyota or VW to modernize their stuff or you won't work for them any
        • If you are a car dealership you aren't about to turn around and tell Ford, Toyota or VW to modernize their stuff or you won't work for them anymore.

          It's a stretch, but if none of the suppliers that dominate an industry are willing to integrate with a business that chooses to use only ethical software, and you lack the capital to start a competing business that uses only ethical software, you could choose to liquidate your business and retrain for a different industry. For example, if no car maker is willing to work with a dealership that uses only free software, get out of the car industry and become a butcher, as bingoUV recommended [slashdot.org]. Comments by theja [slashdot.org]

  • historically (Score:5, Insightful)

    by argStyopa ( 232550 ) on Sunday June 02, 2019 @04:51PM (#58696894) Journal

    Companies understood that expressing a political viewpoint was toxic to likely half their customer base and so most (smart) companies avoided.

    Today, where anything-is-justified-if-you're-of-a-certain-side-of-poltics, that rule seems to have gone out the window. It seems to be more important to signal virtue to your side, than simply be a business that provides (X). And it's clear that certain internet mega-entities subscribe to this viewpoint: the political bias of google, facebook, twitter are all abundantly obvious. Whether they allow this bias to affect the services they provide is an open question (I think one side is convinced it already is, and one side would refuse to admit it no matter what evidence would be presented anyway).

    Personally, even if I agreed with the politics of my supplier, there's no fuckin' way they're telling me how to run my business. Ever.

    If you think this has nothing to do with the start of the US antitrust investigation of google, you're naive.

  • by Old Man Kensey ( 5209 ) on Sunday June 02, 2019 @05:08PM (#58696972) Homepage
    So Raymond finally figured out on his own what Stallmanâ(TM)s been screaming about at the top of his lungs [slashdot.org] for almost ten years now?
    • Do you think we could get someone a little more photogenic to do videos for this cause? My vote's for Felicia Day, but she might not be available. How about someone from Big Bang Theory? I hear those people will be available soon, and their star recognition is still pretty good [youtube.com] for the time being.

    • by davecb ( 6526 )
      Yup: they're both aware of different aspects of the elephant. The trunk (a hose) and the leg (a tree), in this case
    • by ron_ivi ( 607351 )

      Exactly.

      Nice to see ESR come around.

      But it's worth remembering that since the 1990's he's been bashing RMS and the FSF in favor of his watered-down-business-friendly Open Source Initiative which lead exactly to the problems he's complaining about now.

    • That link, of course, should be to the SaaSS page on gnu.org [gnu.org].
  • by account_deleted ( 4530225 ) on Sunday June 02, 2019 @05:19PM (#58697010)
    Comment removed based on user account deletion
    • by HiThere ( 15173 )

      Perhaps it depends on your use case, but I found The GIMP to be more satisfactory to use for cel animation than the commercial alternatives. Many of which I tried.

      OTOH, I've got to admit that I've never tried either FOSS or proprietary bookkeeping software, so you might be right there. And for tax software...yeah, you need to pay someone to keep the tax tables up to date, and unsure compliance with laws that change randomly.

      • Like Apache OfBiz, for example: it has everything an accountant would need to run the books of a medium sized company, the sort of company that the little guys would see as "big."

        But it doesn't have the ability to walk a non-accountant through all the steps to achieve some accounting task where all you know is the name of the thing you need to do. For that, you need Brandybrand(TM) bookkeeping software.

      • Comment removed based on user account deletion
    • Gimp's not good enough? There's even a lookalike/workalike Photoshop theme [omgubuntu.co.uk] for it.

  • I'm not sure how this is supposed to be worse than proprietary software, vendor lockin is incredibly powerful already. If a company buys an on premise solution and the vendor cuts them off from upgrades and support its incredibly expensive to switch to another solution just ask all the folks stuck on Oracle. Many software titles over the years have included language which says it cannot be used to create nuclear weapons, its not a stretch to add a clause about military style weapons.
  • by mamba-mamba ( 445365 ) on Sunday June 02, 2019 @06:04PM (#58697190)

    Firearms can't be sold online anyway (in the USA). You have to go to the store and do your background check. So this really only affects parts. As a pro-2A person, I think the whole thing is despicable and disgusting, but people may be over-estimating the impact.

    "Worldwide, customers may not use a Service to transact online sales of any of the following firearms and/or related accessories to private citizens..."

    [omitted long list of firearms which, since they are firearms, can't be sold online in the USA anyway]

    "Firearm Parts: magazines capable of accepting more than 10 rounds; flash or sound suppressors; multi-burst trigger devices; grenade or rocket launchers; 80% or unfinished lower receivers; blueprints for ghost guns; blueprints for 3D printed guns; barrel shrouds; thumbhole stocks; threaded barrels capable of accepting a flash suppressor or sound suppressor."

    Note that they can still sell telescoping stocks and pistol grips. But most likely that is an accidental omission, and they will eventually amend it. As written, this will prevent them from selling a lot of AR accessories, but they can still sell AR-15's in store, just not online.

    Also note that transfers to Federal Firearms Licensees (FFL) appear to be allowed. It is only transactions to "private individuals" which are barred by the new terms.

    https://www.salesforce.com/con... [salesforce.com]

  • "If the provider decides it doesn't want your business, you probably have no real recourse. OK, you could sue for tortious interference in business relationships"

    Uh no, you can't. That's not what tortious interference in business relationships is for.

    As for SaaS, it's a tough one. On the one hand there are so many reasons why I think it's a bad idea. On the other hand, if Eric Raymond is against it maybe I should give it another shot?

  • I can remember when GPLv3 was being drafted people were pointing out that the current leadership working on it mostly consisted of consultants and SaaS people who wanted to keep their jobs and thus neuter the GLP for their case, while at the same time consumers of embedded devices that they also wished the full force of the GPL ensure that the things they buy they could tinker with.

    So yeah, kinda makes sense that the market panned out exactly like they wanted it to.
  • Of course software as a service is worse. Was that supposed to be secret? It's probably the clearest example imaginable of rent-seeking substituting for actual economic contribution.

  • by SpaghettiPattern ( 609814 ) on Monday June 03, 2019 @12:39AM (#58698416)

    Businesses tend to adhere to contracts. Draw them up correctly and don't do business with shady shops. That's a no-brainer.

    My company delivers SaaS. Clients submit workloads we process. Either because of incompetence or because of political reasons, our clients tend to reinvent the wheel every five years or so. We respect their rights of doing so and we never ever hold them hostage even when there's a dispute. The moment we'd cripple one of our clients, we'd start to see aggressive migrations away from our SaaS offering.

    IANAL but I expect contracts for delivering physical goods and SaaS contracts have similarities when it comes to adhering to adhering to them by delivering good and services.

    SaaS setup well allows for services to be outsourced like you'd do in any other type of business.

    I once attended a speech by RMS where he vilified SaaS and my impression was that he had very little experience in how business run thier operations with partners. If we take the anti-SaaS POV to the extreme for physical processing then we should expect car makers to produce every single component of a car from raw materials. Pretty unrealistic for rather obvious reasons.

  • ... you're royally screwed. This is obvious to anyone with 2 cents worth of IT knowledge. Manage your own dependencies. At every level. Especially if they are mission critical to your business.

    This is IT infrastructure 101. ESR is basically stating the obvious, but sadly, that needs to be done repeatedly from stopping people running into disasters.

  • expected more from the person who wrote cathedral and the bazaar, which was a very important OSS document when it was released.
    how could he not have realized what SaaS is?

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...