Announcement

Collapse
No announcement yet.

"We don't use free software"

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • "We don't use free software"

    So a co-irker called me over because of a strange case that came in. He pulled it up, and I read it over. It was from one of our South American resellers. They forwarded us a message from their client:

    Ran the command "uname --v" and observed the following output:


    uname (GNU coreutils) 8.13
    Copyright (C) 2011 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.


    This is very concerning to us, we are a bank and do not use free and unwarranted software.
    First: yes you do. It's damn near unavoidable if you use anything running any sort of linux (which our appliance does, and so does a lot of other networking gear). Even Windows contains free code. Hell the smart thermostat for your air conditioner probably contains some free code.

    Second: our appliance, with its own custom version of linux and our software on top, is most certainly not "free and unwarranted." You paid tens of thousands of dollars for it, and tens of thousands more for support (that's your warranty, there).

    Third: Okay, fine--don't run uname then. Or mv. Or cp. Heck, just don't log into the bloody thing at all. Or at least, don't look at the version information for uname.
    Supporting the idiots charged with protecting your personal information.

  • #2
    Have they never heard of Linux, the most popular server system in existence? (See, for example, Wikipedia's page on usage share of OS's.) If it's good enough for the military, it should be good enough for a bank. And unless you're running Windows, it's almost impossible to have a system that is 100% non-"free" (and I'm not sure about Windows, for that matter).

    FFS, free (libre) is often better than commercial software! Given a choice between open source vs closed source, I'll take open, as long as it works.
    Fool me once, shame on you. Fool me twice, you speak with the Fraud department. -- CrazedClerkthe2nd
    OW! Rolled my eyes too hard, saw my brain. -- Seanette
    she seems to top me in crazy, and I'm enough crazy for my family. -- Cooper
    Yes, I am evil. What's your point? -- Jester

    Comment


    • #3
      There's a scare meme running around (rumored to have been started by Microsoft) that "free" software isn't really free, that it has license agreements that can infect the entire contents of your computer, including your proprietary data, and encumber your whole organization! Free software is BAD!

      Comment


      • #4
        Quoth TheSHAD0W View Post
        There's a scare meme running around (rumored to have been started by Microsoft) that "free" software isn't really free, that it has license agreements that can infect the entire contents of your computer, including your proprietary data, and encumber your whole organization! Free software is BAD!
        The phrase you're looking for is FUD: Fear, Uncertainty, and Doubt about a given thing. Originally used about IBM, but for the past 20+ years it's been almost exclusively associated with Microsoft's tactics.

        An interesting read re: this topic would be the Halloween Documents, a series of leaked MS memos (from 1998-2004).

        Oh, and yes, the GPL is "viral"... but only for those who write software, not for those who just use it.
        Fool me once, shame on you. Fool me twice, you speak with the Fraud department. -- CrazedClerkthe2nd
        OW! Rolled my eyes too hard, saw my brain. -- Seanette
        she seems to top me in crazy, and I'm enough crazy for my family. -- Cooper
        Yes, I am evil. What's your point? -- Jester

        Comment


        • #5
          Quoth Deserted View Post
          If it's good enough for the military, it should be good enough for a bank.
          Well, it is sort of understandable from a certain point of view. One of my coworkers who used to work at a bank explained it thusly: they used closed-source, proprietary stuff--eg, Microsoft--because they could then have someone to blame when things go horribly wrong.

          Notice for instance how none of the major banks were affected by HeartBleed. They're all very likely running IIS, and very happy about it when news of HeartBleed broke. If they'd gone with any setup using OpenSSL, they wouldn't have had anyone to scream and yell and hurl threats at.

          Incidentally despite our product being built on Linux and using OpenSSL, it only affected a version of it that we hadn't yet released.
          Supporting the idiots charged with protecting your personal information.

          Comment


          • #6
            Quoth otakuneko View Post
            Well, it is sort of understandable from a certain point of view.
            I'll have to take your word for it, Obi-Wan.
            Fool me once, shame on you. Fool me twice, you speak with the Fraud department. -- CrazedClerkthe2nd
            OW! Rolled my eyes too hard, saw my brain. -- Seanette
            she seems to top me in crazy, and I'm enough crazy for my family. -- Cooper
            Yes, I am evil. What's your point? -- Jester

            Comment


            • #7
              Quoth otakuneko View Post
              Notice for instance how none of the major banks were affected by HeartBleed. They're all very likely running IIS, and very happy about it when news of HeartBleed broke. If they'd gone with any setup using OpenSSL, they wouldn't have had anyone to scream and yell and hurl threats at.
              But you CAN scream and yell and hurl threats at your Linux support provider. (And you can hurl extra screaming at a company that included OpenSSL in a proprietary product.) Sure, you can't sue them for screwing up, but you can't sue MS either. (Which is good for MS, considering what a sieve Windows has been over the years.)

              Comment


              • #8
                Just curious, but why can't you sue MS?
                Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

                Comment


                • #9
                  Well you can try to sue MS, but when a lot of the laws you would try to sue them under were actually made by MS lobbyists and you consider the army of lawyers they have, you'd realize it's more cost effective to not even try.
                  I AM the evil bastard!
                  A+ Certified IT Technician

                  Comment


                  • #10
                    Also worth noting that patches to fix the Heartbleed bug were available and widely deployed within a few hours of news breaking - and AFAIK it was news to the devs, too, making such a rapid response even more impressive. This is, incidentally, routine practice for security bugs in high-profile open-source software; a simple fix can be written, tested, packaged and distributed *very* quickly.

                    Similar bugs in other SSL libraries recently (I'm looking at you, Apple) took days and days before a complete set of patches was made available. That is routine practice for "proprietary" software - the sort that the bank in the OP said they wanted. Note also that Micro$oft has "Patch Tuesday" on a *monthly* basis, which is when they roll out security patches - unless a particularly embarrassing one warrants an out-of-turn hotfix.

                    I know what sort of software I'd prefer *my* bank to use.

                    Comment


                    • #11
                      Regardless of how quickly a vendor can make a patch available, many companies--and banks especially--have some wicked draconian change control policies. You'd hope they'd make an emergency exception for something of Heartbleed's magnitude, but hey, we have a Morons in Management section here for a reason.

                      I seem to recall several IDS vendors (Snort etc.) had signatures out for Heartbleed PDQ, and a reverse proxy running an unaffected version (which our product could be configured to do) would be bullet-proof protection against it as a stopgap measure.
                      Supporting the idiots charged with protecting your personal information.

                      Comment


                      • #12
                        Warranty??? What Warranty?

                        Really, I have never seen software with a real warranty like I get with my car.

                        Look at GM today, they found faults in their car. Then send out notices and fix them for free and they keep on do that. They also promise if I run their maintenance schedules that my car will run from point A to point B.

                        Aside for software for medical devices, airplanes and space craft I never see those levels of quality promised with the paper-work that comes with any software I buy.

                        Plus, in most cases if something major is discovered wrong with software I either have to pay to get the software fixed or I am already paying a large maintenance contract.

                        And PS, what are they going to do if it turns out their machines use OPEN-CORE-BOOT to startup.

                        Comment


                        • #13
                          Quoth earl colby pottinger View Post
                          Look at GM today, they found faults in their car. Then send out notices and fix them for free and they keep on do that.
                          You mean the company that found the problem, chose to ignore it because it calculated the lives of the dead a less than the recall and only issued the recall when the US government ordered them to?

                          Not really the best example there.
                          I AM the evil bastard!
                          A+ Certified IT Technician

                          Comment


                          • #14
                            Quoth lordlundar View Post
                            You mean the company that found the problem, chose to ignore it because it calculated the lives of the dead a less than the recall and only issued the recall when the US government ordered them to?
                            That company would be Ford about 35 years ago with the Pinto gas tank recall.
                            "I don't have to be petty. The Universe does that for me."

                            Comment


                            • #15
                              Quoth Ironclad Alibi View Post
                              That company would be Ford about 35 years ago with the Pinto gas tank recall.
                              The only thing that changes is that GM thought they wouldn't get caught. Still doesn't help earl's argument.
                              I AM the evil bastard!
                              A+ Certified IT Technician

                              Comment

                              Working...
                              X