Scanner Spots Open Source Installations 275
Mike writes "Information security firm OpenLogic has begun letting users download 'Discovery,' an application that scans Windows, Linux, and Solaris machines and attempts to identify open source software. The Discovery application claims to identify more than 5,000 versions of the top 900 open source packages. The scanning engine is able to detect open source installations whether they were installed explicitly or bundled with other software products. Kim Weins, vice president of marketing, says 'We developed it in response to customers not knowing what open source programs they were using.' I can't help but think that this a move to slyly demonize FOSS by scaring businesses into thinking they don't know what's on their PCs."
Doh (Score:5, Funny)
--
Censored by Technorati [blogspot.com]
Re:Doh (Score:5, Insightful)
So if it sucks, then the bulk of Vista users are going to think it sucks.
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Why anyone would bother to specify the Basic version when they could, with less effort, impugn the entire suite of versions, is beyond me.
Re: (Score:3, Insightful)
Objectively, if you had never used any prior version, the new stuff might make more sense.
However, the switching cost of figuring out where they, for example, they squirreled away the interface for changing an environment variable, is too high. "Retro or NO!," say I.
Re: (Score:2)
Two options (Score:4, Insightful)
2) It can be used to "root out" those 'evil' open source applications [bad].
Unfortunately I agree that option 2 is most likely as it is really used to search for applications and not code. Why you would want to search for explicitly open source, vs. just knowing what is on a corporate PC doesn't make a lot of sense to me.
Re:Two options (Score:5, Insightful)
Because many companies have explicit policies forbidding open source, period.
I've seen it get so stupid as to call it "shareware", ie: unlicensed software. The lack of a vendor really freaks out a lot of PHBs, and heck, a LOT of older IT folks who still are scared by open source. Don't forget, OSS is less secure because everyone can see the source code, and it's less reliable because you don't have a multi-billion dollar vendor backing you when things go wrong. (not sure if I really need the sarcasm tag with that last sentence or if it's obvious enough)
Re: (Score:2)
Yeah, I know what you mean! I really need a multi-billion dollar vendor backing my users 7zip and filezilla.
It *scans* *Linux* for open source software? (Score:2, Funny)
What will they think of next? Panning for dirt? Yes, I think you might find just a teensy bit of open source software on the average Linux install. Now what?
Re: (Score:2)
The single most powerful counter I've found to that incorrect mindset is one little commercial [google.com]. IBM says Linux is the future. That should be enough endorsement for the older crowd.
Re: (Score:2)
Re: (Score:2, Insightful)
Re:Two options (Score:4, Interesting)
All of our stuff is designed to run on 2k, 2k3, and Redhat, which as you are aware is essentially no different from Fedora (well, strictly speaking, it's no different from CENTOS) except that you buy support for it. That support is important. Large companies who pay $100m for a contract do not want to hear you say "I'll have this issue remedied just as soon as someone replied to my post on FedoraForums.org."
I happen to think that, for instance, sourcefire has a superior IDS solution to ours. I know a lot of competent guys with that company. I like those guys. So without any malice I can tell you that when we had a bake-off with them, the deciding factor was that we knew how to deploy and manage a thousand-node sensor grid and they had not clue one.
I say this just to illustrate that for, large corporate environments, it doesn't matter that FOSS solutions are "better." A lot of them are great, and I can think of plenty of situations where some Ubuntu workstations running OOo would suffice over Vista Business and Office 2007...except then you know down the road that company is going to want something out of left field, like encrypted home directories or , only, none of the techs they can afford know anything about setting it up. But they know that 5 years from now if they want some weird solution, probably one of the big vendors will be around to sell it to them, along with a consultant to walk the Remedy monkeys through troubleshooting it.
I do not think that most of the people cheerleading for FOSS appreciate this. They just know that $DISTRO is neat, so obviously everyone who doesn't agree that it's perfect for a 10,000 seat enterprise network must be an "idiot." Le sigh!
Re: (Score:2)
like encrypted home directories or , only, none of the techs they can afford know anything about setting it up. But they know that 5 years from now if they want some weird solution, probably one of the big vendors will be around to sell it to them, along with a consultant to walk the Remedy monkeys through troubleshooting it.
obviously everyone who doesn't agree that it's perfect for a 10,000 seat enterprise network must be an "idiot." Le sigh!
Yeah, it's really stupid to call someone an idiot because they spend thousands or even millions of the companies money to license someones proprietary solution to a simple problem that locks them to the whims and fate of the vendor providing that solution rather than teaching one of their own technical people how to do a "man cryptsetup" or "man losetup". Wow, I could even google "ubuntu encrypt home partition" and find all kinds of detailed information on a dozens of different ways to do it.
Re: (Score:2)
http://www.openlogic.com/partners/index.php [openlogic.com]
Clearly OpenLogic has certain ideas about what constitutes "good" open software.
Re: (Score:2)
But, alas, not a supporter of GPL.
Microsoft: Open Source, as long as we can steal it.
Re: (Score:2)
All, or almost all, their OSS-like licenses have that as a clause.
Re: (Score:2)
"The Microsoft Developer Network provides a set of online and offline services designed to help developers write applications using Microsoft products and technologies."
Not a word about open anything or even "interoperability". Color me unsurprised.
Re: (Score:3, Interesting)
Re: (Score:2)
As with anything else, just be sure to give credit =]
http://www.jameshollingshead.com/writing/publishe
Re: (Score:2)
Just what I'd want... (Score:2)
Re: (Score:2)
If you want that, isn't it simpler just to use a Linux distribution that doesn't include non-Free software (and not enable any non-Free repositories)?
Yeah, I was mainly just being snarky (Score:2)
Re: (Score:2)
Uh, the grandparent post wanted to "get rid of everything that's not open source" (emphasis added). Unless you're already using a Free operating system, it's not possible to do that without switching.
An interesting point (Score:2, Insightful)
Re: (Score:2)
Re:A good thing (Score:2)
2) It can be used to "root out" those 'evil' open source applications [bad].
This is actualy good. First they fear it. Then they learn about GPL and LGPL. Publicity about GPL is a good thing. Then they compare that with any other EULA. At that point, they start noting much of their free to obtain free software has EULA's. Quick, is it easer to track GPL for 20 application
The Backfire. (Score:3, Informative)
FTFA:
Customers would guess that they had 15 or 20 open source products on their networks only to discover that workers were using 200 or more open source applications, she said.
Knowledge is your friend. If their intention is to root the applications out, they will discover how expensive non free software really is. Awareness always leads to more free software use.
Re: (Score:2)
Re: (Score:2)
How? I have never heard of an open source-compliant license that restricts the act of running the software.
Free download but a form to fill prior download (Score:5, Informative)
Re:Free download but a form to fill prior download (Score:5, Informative)
Re: (Score:2)
Re:Free download but a form to fill prior download (Score:4, Funny)
Re: (Score:2)
Not only that, but we all know how viral the GPL is, everything that Firefox touches must become GPL too. Dare visit your company's website with Firefox, and you have to give away the whole source and content of the website. Visit your private intranet, and it's even worse...
Re: (Score:2)
Indemnification is merely som
Re: (Score:3, Interesting)
I have to disagree with you there. The installer for many windows versions of OSS software have a clickwrap style page where you have to agree to the conditions of the GPL before you can install the software.
As you said, the GPL (and others) only apply when you want to distribute the code. You shouldn't have to "accept" the GPL to merely use the software. At least that's how I understand it.
Re: (Score:2)
Actually, the main goal of the anti-OSS FUD campaign is to convince people of exactly this possibility. If you read that "Why Is Indemnification Important?" paragraph critically, you'll see that its entire point is to insinuate that people are being sued for using open-source software. While the text never actually states this, that's how most people will understand it. Such misleading cal
Re: (Score:2)
Re: (Score:2)
It's not FUD. If your company holds a lot of patents and starts to use (meaning, for some: internally distribute) GPLv3-licensed software or, even worse, starts using L/GPLv3 libraries, you don't have any choice but to give up litigation rights or stop using the software.
If your company depends on GPL'd software, it's even worse, as you'll need a lot of investment (and time) to make the transition to another software set.
Re:Free download but a form to fill prior download (Score:4, Informative)
You can use OSS all you want and your IP is safely yours. It's only when you want to incorporate OSS software and code in your own code that you are then bound by the OSS terms.
For example, you can:
use OpenOffice to write all your documents
use Gimp to do your image processing
use vi/emacs to edit your source code
use gcc to compile your program (be careful what you link to)
use PDFMaker to generate PDFs from your programs
use Firefox to browse the web
use Thunderbird to handle your e-mail
use apache to serve your web pages
and so on
and your code and works are still completely your own, free to distribute in any way you see fit.
You are free to use OSS in any way and for any purpose. It's only when you want to redistribute it in some way (including incorporating it into your own work) that you incur any restrictions.
I refer you to:
http://www.gnu.org/licenses/gpl-faq.html#GPLOutpu
and
http://www.gnu.org/licenses/gpl-faq.html#TOCWhatC
Re: (Score:2)
It probably runs better on windows. The market is bigger, and rarely does anyone know what really is running on a windows machine.
Even if the software is from Microsoft.
Re: (Score:2)
Re: (Score:2)
Crickey (Score:5, Funny)
Re: (Score:2, Funny)
Inventorying OSS can help OSS (Score:5, Insightful)
Looks to me that this is just a simple inventory tool so business has an idea of what's on their machines, and perhaps if they see that people, having appropriate account permissions on the PC, are voluntarily installing open source alternatives, say OpenOffice instead of MS Office, businesses may be more conducive to migrating to OSS, or at least openly accepting it.
Business have no clue what's on their machines. That's why you have staff workers running around as admin all the time, and picking up literally thousands of instances of spyware/adware/malware. They just can't get enough toolbars and cute fluffy pointers.
Re: (Score:2)
To add to what the parent poster said, I actually think this could help OSS. Businesses might be surprised to find out how much FOSS software they're using and to realize how dependent they already are on it. That might actually ease some of their concerns about choosing FOSS options in the future.
I agree. (Score:2)
Re: (Score:3, Interesting)
If they started using that scanning tool here, I'd probably resign; I rely on Open Source tools pretty heavily to do my job.
Re: (Score:3, Funny)
* Low Slashdot UID
Re: (Score:2)
Re: (Score:2)
(Commercial apps) = (Installed apps) - (Free Software apps)
But yeah, you're right that it would be better if the program could do this explicitly. I would go a long way towards making it seem less biased against Free Software.
Re: (Score:2)
What's with the paranoia? (Score:3, Insightful)
Re:What's with the paranoia? (Score:4, Informative)
http://www.openlogic.com/products/indemnification
They're selling indemnification insurance. Open Logic is a capitalist enterprise, not some FOSS charity. They're in the business of monetizing FUD.
Not FUD. (Score:2)
Indemnification isn't FUD, it's a fact of life in many real world businesses. Ever heard of Sarbanes-Oxley [wikipedia.org] for example? Or the privacy laws surrounding medical information? Etc... Etc...
Paranoia is caused by who their customers will be. (Score:2)
"I'll bet their best customers will be high-ranking, low-technical knowledge PHBs looking to eliminate any non-MS solutions in their shop that techies might've installed behind the backs of upper management."
Basically, the only people who will want to buy a tool to ferret out unknown FOSS apps (and not any commercial apps) are the kind of people who are afraid of their presence lurking in their enterprise. If it was a general purpose inve
Bad wording (Score:2)
Re: (Score:2)
Unless you mean OpenSolaris -- not really.
Solaris doesn't puke shit all of the place like Linux does; the vast majority of Sun-distributed FOSS (which is not Sun-originated) lives in either
On the more useful side (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Are you just failing at reading comprehension? He was talking about copyleft software included within* other third-party software. In other words, when he said "see who is using GPL software without compliance" what he meant was "see [which third-party developer] is [distributing copyleft software as part of their proprietary app] without compliance."
(*Yes, it's also possible to interpret his sentence as referring to "mere aggregation," i.e., bundling, but it's obvious from the rest what he really meant.)
Re: (Score:2)
I could've used this the other day... (Score:4, Interesting)
I had to make a list of
More interested in a scanner for proprietary stuff (Score:2)
1. Free AND lousy - many only checked the "Add/remove programs" list in Control Panel, which is practically useless if a package was installed just by copying to c:\program files.
2. Expensive AND horrific license - most of the commercial software auditing tools which claim to do everything but make the tea seem to be licensed with rather nastier licenses than the software they're meant to be auditing.
Is there
Virtual Richard M. Stallman (Score:2)
It reports any non-free software that you have installed.
...What? (Score:2)
I was always of the opinion that reverse engineering was more about determining how a program works, which checksumming is pretty darned useless for.
Re: (Score:2)
Comparing checksums is a common element of anti-virus and intrusion detection tools. Such clauses would cause a public stink because they'd make the use of such products a violation of your license, and I can't find any articles suggesting this has ever been considered a problem before.
Who needs a scanner? (Score:2)
$ uname -rs
FreeBSD 7.0-CURRENT
$ pkg_info | wc -l
1630
So, subtract 1 for nvidia-driver. Subtract 1 for linux-flashplugin. Subtract 1 for acroread7. That's still a helluva lot of open-sores software... I hope the BSA doesn't come after me!!!
Re: (Score:2)
1100
Now I feel inferior... Maybe I should pull in KDE or GNOME to compensate...
can see it now! (Score:3, Informative)
IT Guy: which computers should we start with?
CEO: Start with the people who file the most computer complains and go downward
(IT guy comes back next day)
IT Guy: Sir all of the Vista machines who had problems reported 0 infections, and at the bottom of the list the department running OS X and Linux development machines. They had tons of the stuff.
Doesn't seem like anti-open source to me (Score:2)
another use of this... (Score:2)
Could be a Good Thing (Score:4, Insightful)
the irony ... (Score:3, Funny)
I wonder if it detects itself?
Re: (Score:2)
It (ironically) isn't Free Software itself, so, no.
Re: (Score:2)
I wonder if it detects itself?
This is a GOOD thing (Score:2)
BUT I know users don't stop there. Everytime I touch a user's laptop I find some extra software I don't want to support. Most of the time I don't remove the software, I just deliver the customary warning: "If this software causes a problem with your system I will reimage your PC rather than waste time diagn
Free Scanner to eliminate Free Software? (Score:2)
Okay. Let me see if I have this straight:
We can use a free scanner to eliminate free software inside my anti-free software organization???
Re: (Score:2)
Nope, you got it wrong. It should read thus:
"We can use a proprietary "freeware" scanner to eliminate Free Software [note capitalization] inside my anti-Free Software organization."
How does it know? (Score:2)
And what about something like this:
/* Released as open source. Free to copy, redistribute or whatever you want */
#include iostream.h
main()
{
int myint;
cout << "Enter a number: "
cin >> myint
p0f Anyone? (Score:2)
OT Question: is p0f the cat's meow or has it been bested?
Why not .... (Score:5, Insightful)
What about MS use of Open Source? (Score:2)
Scan for Commercial Software Instead (Score:2)
VRMS would not approve. (Score:3, Funny)
Non-free packages installed on localhost
doom2-wad IWAD from ID Software's DOOM 2 computer game
iozone3 Filesystem and Disk Benchmarking Tool
nvidia-glx NVIDIA binary Xorg driver
Reason: Proprietary license
nvidia-glx-dev NVIDIA binary Xorg driver development files
Reason: Proprietary license
openlogic-discovery Tool for locating installed open-source software packages
Reason: Who needs this - when you've got me?
5 non-free packages, 0.3% of 1519 installed packages
Since they quoted me.. (Score:5, Informative)
Licensing (Score:2)
> the scan s/w itself is not FOSS.
> OpenLogic, who issued the press release (it's NOT a news story) seems to be focussed on managing FOSS dists in the enterprise.
> According to their website, OpenLogic is a Microsoft "technology partner" ("indentured servant"). ditto with Novell. But they're also partners with redhat. Tainted, but there's hope.
They do seem to be paying for and building up a developer community, but I didn't see a list of what projects they're working on or who's helpi
Paranoia, anyone? (Score:2)
I don't think that would be in their interests. From the company's website: [openlogic.com]
OpenLogic is a leading provider of open source solutions that enable enterprises to safely acquire, support, and control open source software. OpenLogic provides enterprises with a certified library of open source software that encompasses hundreds of the most popular open so
Download link (Score:2)
http://www.openlogic.com/discovery/new_download_n
At a previous employer... (Score:2)
Silly (Score:2, Insightful)
Perhaps I am dense, but this just doesn't seem to make any sense, even as a direct attack on the open s
Some outfits disallow Open Source applications. (Score:3, Interesting)
This could just as easily work in favor of Open Source applications. If typical scans reveal popular apps, and those popular apps are the ones people use with great success, and there are eyes that open to the fact that they too, use Open Source applications, that they are among their favorites, and exactly what Open Source applications are.
In the event that a corporate IT manager looks at some such report, and says to a CTO, "Look, CTO - I told you our Open Source software initiative would work". "Our users are spending 75% of their sanctioned computer time in such applications as Open Office, Thunderbird, and GAIM." "The supplemental reports I have generated show the remaining 25% divided between other Non-Open applications; iTunes, Spybot Search and Destroy, AdAware, ClickMeFun2000.exe, Solitaire.exe, and these commercial products to allow Windows users to our UNIX services."
That's a conversation I'm looking forward to having, because I'm anxious to deliver the punchline!
Persistant home folders on a SAN, with an imaged Linux Desktop! Yes, we can even have anti-virus..
Re: (Score:2)
Re: (Score:2)
MOD PARENT UP (Score:2)
Re: (Score:2)