Worked for a company that had a similar policy against free software, but simultaneously encouraged employees to use open-source software to save money. I don’t think upper management was talking to the IT department.
Everyday my misnathropy is justified
Print the fucking t-shirt man. I’ll buy one for every day of the week.
I majored in Anthropology in college. I should have done Misanthropology.
You did; just need to apply it.
I’ll try that. Fuck you.
They grow up so fast sheds tear
This pisses me off
Nice. My response is my 2-week’s notice.
this is supposed to be more secure because it costs money
It makes blaming someone really easy though and that’s all that matters in a corporate world.
Would be really funny if they still get fucked over because of some fine print in the disclaimer
Or maybe the vendor goes with “take the money and run”.
The greentext reminds me of this FAQ entry: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-vendor
A.9.17 As one of our existing software vendors, can you just fill in this questionnaire for us?
We periodically receive requests like this, from organisations which have apparently sent out a form letter to everyone listed in their big spreadsheet of ‘software vendors’ requiring them all to answer some long list of questions […]
We don’t make a habit of responding in full to these questionnaires, because we are not a software vendor.
A software vendor is a company to which you are paying lots of money in return for some software. They know who you are, and they know you’re paying them money; so they have an incentive to fill in your forms and questionnaires […] because they want to keep being paid.
[…]
If you work for an organisation which you think might be at risk of making this mistake, we urge you to reorganise your list of software suppliers so that it clearly distinguishes paid vendors who know about you from free software developers who don’t have any idea who you are. Then, only send out these mass mailings to the former.
This is legitimately it. The same reason corporations often pay for Linux (e.g. RHEL)—the people in charge want to be able to pick up a phone and harass someone until they fix their problem. They simply can’t fathom any alternative approach to managing dependencies.
Not just pick up the phone and harass someone but to also have someone to press a lawsuit against if things go really wrong. With free software the liability typically ends at the user which means all they can do is fire the employee and eat the loss. Suppose now corporate paid for it, well now there is a contract and a party that can be sued.
I hear that a lot but would that actually work? Sure, you will get a redhat level 1 support employee within the hour for a severity 1 ticket. But does the actual contract (which I don’t have access to) make any legally binding guarantees regarding the time-to-resolution? I seriously doubt it. Which is to say – your legal team will be SOL.
They also won’t take responsibility for any fuckup on your part if you install a bad driver or deviate from the admin guides in anyway (which is why Legal says for a minor issue you can’t apply a patch from StackExchange, you must raise a ticket and wait 3 business days for RedHat to tell you to apply the patch from StackExchange).
Getting phished definitely falls in this category BTW. Vendors may or may not help you but they certainly won’t accept any liability.It’s still a good enough safety net to have for corporations with no trustworthy in-house expertise as vendors do have an incentive to keep their customers happy and most will help to the best of their abilities (which often isn’t as much as one might think…), but it’s hardly a legal panacea. If you need guarantees against catastrophic financial losses, that is what insurance is for.
As if the Eulas don’t make it all arbitration?
What software company allows liability for mistakes in a EULA?
Most do, but limited to the amount of the contract.
Companies and individuals play by different rules.
When a big company purchases software a team of people from both parties (whose entire job and career are based on doing this) negotiate with each other to decide exactly who is liable for what and to what degree.
When you purchase software you agree to let the company fuck you over at their leisure because you literally do not have enough hours in the day to even read everything you agree to, let alone understand it, let alone argue with it. And even if you did you don’t have enough bargaining power to make a large company care.
So corporations are just The Gang in It’s Always Sunny In Philadelphia?
It’s “more secure” because there’s a specific company to blame when it goes wrong.
That would make some sense if the company was purchasing a solution, not a tool. Or a contract/SaaS model or something. Instead, it’s like banning known screwdriver brands and expecting people to still have no problem loosening and tightening screws…
Yeah, i worked briefly at multinational japanese motor company and this was their logic. I was hired as a software developer contractor and HQ had rules stating, no open source software, no free software and the one that puzzled me the most no in house executables (WHY THE FUCK DID THEY HIRE ME?)
Honda?
Nope.
Security through liability
The bigger you get the more this is a thing actually.
My old boss called that “one neck to choke”.
There is an entire sub-industry and probably thousands of jobs being propped up by this stupid way of thinking about software. I can’t be mad at it because it pays the bills for a few of my friends…
I could really see companies just fork open source and give it a tweak like UI or new switches…
Terrible.
New wealth redistribution method?
I could really see companies just fork open source and give it a tweak like UI or new switches…
They should not be able to do that if it comes under non commercial licence
Won’t stop some people.
At one point my company made us buy Eclipse from a vendor because free software was not allowed. It had no tweaks or support, just out of date Eclipse that I had to wait for purchasing to get
Whenever I hear about shit like this I wonder if I should just start a company and package free software lol. Could like donate a bunch of the profit to the actual projects.
The issue here is you’d be selling it to morons who, when shit inevitably happens, would sue your pants off. So that means having lawyers that can protect you, probably on staff. Not sure it’s worth it. You’d need to do the maths I guess
Now I wonder if one could pull a scam by selling some packaged software and closing the company the next month, simultaneously announcing End of Support
“If you’re not paying for the product, then you are the product.”
The phrase has its uses, but shit like this is what happens when it’s taken to the extreme.
Digital security education in schools actually give people brain tumour ffs
Often times when you pay for the product, you are still the product.
That is just a fact at this point
I’m the product in the sense that poo is the product of the intestines.
Every day I wake up I thank God I’m not an MBA 🙏
Sometimes I wish I was a piece of shit so I didn’t need to worry about money.
“This fucking paycheck! What am I going to do with all this money?”
MBAs would just buy an LLM software subscription to fix it
Anon works for my company? Because they did exactly this with the same excuse.
Yeesh. I would find a new job immediately. Absolutely unhinged behavior.
Yup, my boss would get my 2-weeks notice immediately. Like same day. I’m not putting up with that BS.
how thoroughly was it followed through? how was ensured that no free beer software was used?
That’s a great question. In my experience (15 years at MSPs and several years as a freelance consultant where I’m mostly in house one place but take side jobs) I’ve been the one who had to make this change.
Some companies are very serious about it. Laptops end up on some device management solution that can tell every program you’ve got installed and flag anything not pre-approved. Then take away everyone’s ability to install outside of device management.
Some companies want to scare the users into compliance but want IT to be able to do their own thing. So they’ll install some easily bypassed thing or enroll everyone but not keep an eye on their network to find rogue devices.
Some companies threaten it, pay money for a consultant to put together a plan, don’t like the price, threaten to go elsewhere, and the exec who championed it finds a new job while nothing of note was done, but they’re sitting on a handful of licenses for software no one is using.
I used to carry a toolkit of free software in portable format on a thumb drive and another thumb drive with a full Linux environment in case I had to do something at the first kind of company.
I’ve had some workplaces where they instituted overly heavy-handed crackdowns through IT Policy then rolled them back after a couple of weeks because someone in upper-manglement needed to see the impacts in the real world that they already were already warned of before they could be convinced that their genius new policy wasn’t such a good idea
I am becoming increasingly more appreciative of the fact that I have root access to “my” company provided work device.
My boss went so far as to buy Macs because we have “special needs” (we don’t) because otherwise we’d be forced to use the corporate locked down crap. I’m not a big fan of macos (prefer Linux), but root access sure is nice.
Wait till they learn about Jamf Pro and Mosyle 😜 (Well… granted they also have to deploy it correctly after…)
They did make us install Crowdstrike after 3-ish years of no spyware. We still have root access, they can just see every time I update my packages.
I had to move to a Mac because of iOS development. Now I’m stuck with a Mac because the fucking thing refuses to break.
This has nothing to do with security, and everything to do with liability.
You can’t really sue an open source project using a proper license, they disclaim any liability or warranty, meaning the buck stops with you.
If you hire a software development firm and pay for them to build software for you, you will have a different license, the software company can just repackage open source software into their own UI and branding, take the money and declare bankruptcy if their customers try to sue them.
The customers are mostly happy, they get to tick the box that they have a support contract for the software and a company is liable if shit hits the fan. The software development company is happy, they get money for doing very little actual work.
The open source project probably doesn’t know about the abuse of the license and thus mostly doesn’t care.
I’ve been in these meetings and you’re on the money. Insurance (the concept, not necessarily the product) is almost always the reason any time you see some stupid policy.
When I was young and naive I thought the technologically correct way to do things was the best. In the business world that’s seldom the case, though.
At one place I worked we couldn’t use eclipse licensed things because the license mentioned indemnification or something. I don’t really understand what that meant because I think some other licenses mentioned it too. Plus literally all of us used Eclipse IDE.
Had that discussion before. Was attacked because I use a f&os lib from GitHub instead of a paid and licensed one, the latter somehow meaning it’s error free. Spoiler alert: it wasn’t. Or at least their usage wasn’t.
Oh my god. My colleagues were making fun of postgres users. They didn’t bother doing a Google search.
deleted by creator
Fork vim, rename it, sell it back to your company
Donate cost back to vim
That sounds like a vim-vim situation for everybody, to me
