Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Dealing with Corporate FUD About Linux? 300

Lumpy asks: "After this morning's IT conference call, Linux was once again attacked here in the company by the upper management as 'a threat' to our company security. With articles, like the recent one from Information Week, fueling the Upper management with outdated information and half truths, how does an IT professional defend his position and educate upper managers to take those articles with a tiny grain of salt and trust their experts? Should we as professionals expect to be attacked for our decisions, even though Linux has prooven itself (time and time again), for over 5 years in our company? How do you deal with all of the baseless claims, that your superiors may read in the mainstream media?"
This discussion has been archived. No new comments can be posted.

Dealing with Corporate FUD About Linux?

Comments Filter:
  • my advice (Score:5, Informative)

    by kebes ( 861706 ) on Thursday February 09, 2006 @05:51PM (#14681954) Journal
    Be honest and matter-of-fact about it. Tell them the truth and hope that they are smart enough to realize how this will help the company.

    You can say impressive things without lying. For instance, you can say (if it happens to be true): "I trust Linux for my home computer and all my important files." That alone means alot. Or you can say "if I were asked to place a $1000 bet on a computer OS that would run without getting infected with viruses or crashing for a whole year (while connected to the net!) I would place the bet on Linux instead of Windows."

    Or, you can point out other projects/companies. For instance, according to [], in 2005, 390 of the top 500 super-computers were using Linux. That means that 78% of super-computers run Linux. [] For instance, the world's most powerful computer is IBM Blue Gene [], and it uses Linux for its I/O nodes (more info here []). Also, Google's gigantic, powerful, and distributed search engine runs using over 60,000 Linux machines (more info here [], here [], and on Google's Research page []). The fact that big, complicated, and highly successful operations use Linux shows what it can do. In the case of Google, it shows that they trust it to deliver the security they need.

    You can urge them to get a second opinion. For instance, tell them to look over Secunia's [] report on Windows XP [] compared to Ubuntu 5.10 [].

    Ultimately, however, all you can do is provide them with an honest assessment of Linux' strengths and weaknesses, and point out in what ways the media reports are wrong. If they respect your opinion, then they'll make the right choice. If they refuse to listen to reason, then there is nothing you can do. People who are more interested in media sound-bites than expert discussion are essentially impossible to convince of anything they don't already believe. Don't waste your time, and don't buy company stock.
    • Re:my advice (Score:5, Insightful)

      by Captain Sarcastic ( 109765 ) on Thursday February 09, 2006 @06:01PM (#14682051)
      That's pretty much what I tried. The down side is when the boss asks, "OK, so if it's free, how do the people who build the distro make money?"

      This isn't quite as pointy-haired as it might sound. With some of the monkeyshines that went on during the dot-com craze, with various companies bragging about their respective cash burn rates, many managers want to have an idea that the company who is providing the software will be around in X number of years.

      Of course, another approach is to point out that, "Well, you know, MS-DOS worked just fine, and nobody had complained about the 80-by-25 character cell screen... so how come we aren't still using it? Because [at this point you will want to sigh - DON'T!] Windows 3.1 did things well that MS-DOS was only marginally capable of doing."

      Of course, depending on the manager, they might look at you funny when you mention "MS-DOS", but bear up...

      • Re:my advice (Score:5, Insightful)

        by NoMoreNicksLeft ( 516230 ) <john,oyler&comcast,net> on Thursday February 09, 2006 @06:23PM (#14682244) Journal
        It is pretty pointy-haired after all. You don't say "Home Depot" may go out of business in 5 years, and then use it as a reason that you will no longer be able to buy 2x4s.

        It's open, anything can be compiled for the version you use, even if there are no versions. Lack of a upgrade treadmill means your apps are safe, even if you have to use 2.6.x linux for the next 20 years. Computers always used we that static, at least until stupid people started using them.

        Open source. If push comes to shove, hire a person or two to fix what needs to be fixed, even if Torvalds is gored to death by angry reindeer. Or more likely, as yours wouldn't be the only company that needs this, the costs can be spread out among lots of different companies, probably in the form of a vendor appearing to take over.

        It's commodity parts people. Ford might go out of business, but we're always going to be able to buy parts to fix the engine and transmission. Linux is like that too. Microsoft is the one to be worried about, not because they will somehow die next year (I pray every night though), but because if they somehow did, we'd *ALL* be shit out of luck.

        That anyone can spin things in such a way contrary to reality is incredible.
        • I agree with you. Managers, on the other hand, see the distro labels of "Fedora" vs. "SUSE" vs. . I tried pointing it out, and the response was, "they've got to be different - otherwise, how do they stay in business?" When I tried to explain, they rolled their eyes and said, "We've got Windows, it's easier to stick with that."

          Of course, this was the manager (well, actually, business owner) who had only one computer hooked up to the internet for everyone's E-mail to come in through, citing the costs of anti-
          • Re:my advice (Score:5, Insightful)

            by Angostura ( 703910 ) on Thursday February 09, 2006 @07:06PM (#14682626)
            Let's face it, your managers gave you a perfectly correct answer when they said: ""We've got Windows, it's easier to stick with that."

            It *is* always going to be easier to stick with what you have already.

            It sounds to me as if the management are quite happy with what they've got, it works well enough and they have some annoying techie lobbying to change half their infrastructure software. Naturally they are going to be floundering around to find ways to get them out of their hair.

            So, what are your reasons for wanting the company to switch to Linux, really? Are you a groupie, or are there solid reasons that will translate to the company's bottom line that you can put to them.

            The security issue can be defused fairly easily - present some research into .mil adoption of Linux, for example.

            But the security issue is probably just a smokescreen. You need some damn good reasons that you can set out cooly and rationally, and hopefully with a spreadsheet attached that will convince them of the advantages. "But it's free" probably won't cut it. Factor in third-party support costs, or in-house support for them so that it is NOT free. That'll make them take you more seriously.
            • Re:my advice (Score:5, Interesting)

              by grcumb ( 781340 ) on Thursday February 09, 2006 @07:29PM (#14682833) Homepage Journal

              "It *is* always going to be easier to stick with what you have already."

              Damn, and I was going to mod this thread....

              I think you're almost on target, but not quite. The easier decision is to stick with what you've got, and it's often much safer to avoid changing horses in mid-stream, but it is not always easier to stick with what you've got.

              Case in point: A large government agency in the country where I live had incredible problems managing its Internet traffic, to the extent that sometimes messages would take over a day to cross from one department to the other. The delays were mostly due to a bottleneck caused by placing all the content, spam and traffic filtering on the same box. An acquaintance of mine quietly installed a(n experimental) Linux box on the network to take up some of the slack, and even though traffic problems were significantly reduced, the decision was made to spend USD 25,000 more to beef up the existing system, because 'That's what we know.'

              In other words, a conservative viewpoint with regards to technology is good, but it can lead to situations where the well-trodden path isn't nearly as efficient as clearing a new one. As a wise man once said, 'A foolish consistency is the hobgoblin of little minds.'

        • Re:my advice (Score:5, Informative)

          by Reality Master 101 ( 179095 ) <`moc.liamg' `ta' `101retsaMytilaeR'> on Thursday February 09, 2006 @07:01PM (#14682585) Homepage Journal
          To be honest, you're not really thinking like a businessman, you're thinking like a programmer.

          You don't say "Home Depot" may go out of business in 5 years, and then use it as a reason that you will no longer be able to buy 2x4s.

          That's because Home Depot doesn't support the 2x4s for the foreseeable future. A better analogy is using them for their contractor services -- if anything goes wrong with your floor installation, you know Home Depot will be around to complain to.

          Open source. If push comes to shove, hire a person or two to fix what needs to be fixed, even if Torvalds is gored to death by angry reindeer.

          OSS advocates bring this up a lot, but what a business person hears when this is said is, "Yeah, they're admitting this business will gone in a couple years, and then I'll have to go into the software business, and I don't freaking WANT to be in the software business. I want to sell my widgets. I'll go with someone that won't force me to be in the operating system business."

          Business types understand business, which comes down to money. If you want them to buy into something, then express how it either saves money, or produces more money. If you can't make that case, then maybe your argument isn't as strong as you think.

          • OSS advocates bring this up a lot, but what a business person hears when this is said is, "Yeah, they're admitting this business will gone in a couple years, and then I'll have to go into the software business, and I don't freaking WANT to be in the software business. I want to sell my widgets. I'll go with someone that won't force me to be in the operating system business."

            But proprietary widget vendors cannot guarantee they'll be in business either, so it's not an argument in favor of either open source
            • Re:my advice (Score:4, Insightful)

              by Reality Master 101 ( 179095 ) <`moc.liamg' `ta' `101retsaMytilaeR'> on Thursday February 09, 2006 @08:19PM (#14683219) Homepage Journal
              But proprietary widget vendors cannot guarantee they'll be in business either, so it's not an argument in favor of either open source or proprietary. It's not relevant to deciding which is better.

              Come on. Which is more likely to be in business in five years, Home Depot, or Joe's Contractor Shack?

              It's all about probabilities. Microsoft has a FAR higher probability of being around in five years than, say, Red Hat, which is the strongest player. How about Debian? Who knows? Manager Man sure the hell doesn't, and frankly neither does the OSS community.

              That's why the whole "but the source will never die!!" arguments come up in the first place. The paid companies are so small that it makes people nervous.

              Too bad IBM doesn't come out with their IBM-branded distribution that they promise to support forever. That would solve a lot of these problems. I'm not sure what kind of promises they make now on behalf of their Linux partners.

              • Come on. Which is more likely to be in business in five years, Home Depot, or Joe's Contractor Shack?

                Actually, 8 or 10 years ago I read a study by some economist (whose name I've forgotten) that tackled exactly this topic. It was a large "data dredging" study to determine what company characteristics were correlated with longevity.

                One of the study's results, which the authors admitted was a bit of a surprise to them, was that the correlation coefficient for company size was zero. Size wasn't useful in pre
                • Actually, 8 or 10 years ago I read a study by some economist (whose name I've forgotten) that tackled exactly this topic. It was a large "data dredging" study to determine what company characteristics were correlated with longevity.

                  I'd have to see that study to believe it. The failure rate for small businesses is incredibly high. It happens so often that we don't even blink at it. However, when a huge publically traded corporation fails, it's big news.

                  • That's because huge publicly traded corporations rarely go out of business. Usually they get bought out instead. Just another type of failure.
                    • That's because huge publicly traded corporations rarely go out of business. Usually they get bought out instead. Just another type of failure.

                      Not all buyouts are because of failure, in fact, I'd say that's relatively rare. Usually you do have one that's stronger than the other. Neither AOL nor Time Warner were on the edge of bankruptcy, though AOL was especially strong because of the Internet bubble, and Time Warner was a bit down. The AT&T and Verizon merger wasn't because one was failing. Same with

      • Define "free". (Score:5, Insightful)

        by jd ( 1658 ) <> on Thursday February 09, 2006 @06:52PM (#14682490) Homepage Journal
        Local phone calls are free, but AT&T and Bell aren't exactly poor.

        Google is "free" to use as a search engine, but any company that can "report revenue of $1.919 billion" [] for a single quarter can probably afford to pay the staff. I wouldn't advise asking your CEO when he last made almost two billion in a four month timespan, though.

        Linux is "free" (as in price) if you get no assurance and minimal support. If, on the other hand, you want EAL4-rated Linux (certified for commercially-sensitive and confidential information for Government use in Europe and the US) with 24-hour support, fine-tuning of hardware and software, etc, then you pay a bit more. Same software, different parameters.

        I'd argue that there are examples even the dimmest PHB can understand - some have been around long enough to just be accepted, others are so stinking rich that the arguments self-evidently don't hold.

      • > That's pretty much what I tried. The down side is when the boss asks, "OK, so if it's free, how do the people who build the distro make money?"

        I actually wonder, why does he care? But even then, he can buy RHEL or some other paid distro if he thinks it has to cost money...
      • "OK, so if it's free, how do the people who build the distro make money?"

        There are two answers:

        1. They charge for support
        2. In terms of how the support works, If I have an itch to scratch and fix an issue, I can then forward that fix to the people who maintain the 'cardinal copy' of that product. If they fold it into the official version, then I get free support for that improvement in the future. (( been there, done that, by the way ))
          If they don't fold in the fix, by the way, then I would still have to
      • Well, all you need to do is again answer with the TRUTH. Companies make their money in support contracts, and in assisting companies in migrating from their previous solutions. It's not easy to migrate from one UNIX to another, let alone from NT to Linux. Even if a company has human resources to run both Linux and Windows, migrating takes a specialized skillset, requiring you to know a lot about what people are doing with Windows, what the corresponding Linux architectures are, how to make up the gaps betwe
      • SAP says that Linux is their future, they are the huge ERP company, this means that they must think they can get the Fortune 500 to trust their most critical systems to Linux.
      • Re:my advice (Score:2, Insightful)

        That's pretty much what I tried. The down side is when the boss asks, "OK, so if it's free, how do the people who build the distro make money?"

        The same way the people who build Apache, Bind, and other key parts of the Internet make money. That's not a pointy-haired question, it's just incompetent. Nobody in a position of responsibility over IT staff should be asking a question like that. Even five years ago, it was barely excusable. Now it's as sure a sign of clinical brain death as a flat EEG.

        Update yo

      • The down side is when the boss asks, "OK, so if it's free, how do the people who build the distro make money?"

        How do any of the following make their money?

        IT Consultants

        OTOH, when your company gives all that money to Microsoft for product, what are they really getting for their money? And are they paying a maintenance contract on top of that? What do they get for that money?
    • Re:my advice (Score:3, Insightful)

      by PFI_Optix ( 936301 )
      Or, to save time:

      "Google uses Linux, and their stock price is $3xx."
      • Re:my advice (Score:4, Insightful)

        by crimethinker ( 721591 ) on Thursday February 09, 2006 @06:39PM (#14682379)
        The saddest thing is that this would probably work a lot better with a PHB than any amount of technical reasons about viruses, worms, security, cost of licenses, etc.


        • I'm with paul on this.
          Mod parent up.
        • Re:my advice (Score:4, Insightful)

          by LittleBigLui ( 304739 ) on Friday February 10, 2006 @03:59AM (#14685702) Homepage Journal
          The saddest thing is that this would probably work a lot better with a PHB than any amount of technical reasons about viruses, worms, security, cost of licenses, etc

          If you want your PHB to shell out money for a car so your techs can get around quicker, do you explain to him the inner workings of a combustion engine and the anatomical reasons for not being able to walk as fast as you could drive a car, or do you just tell him "we'll get there faster if we have one"?
      • ...might be, "If Linux is so bad, why do the NSA and US Army use it? Why are Intel shipping hundreds of millions of Farmer PCs based on it in China? Why are the Brasilian state bank's ATMs run on it? Why are Norway moving 100,000 students to it? Why is it used in Satellites and aboard Fred? Why are IBM and Novell switching to it across the board? Why is the European Union moving to Linux's most popular document standard (OpenDocument) across the board? Why is the $100 laptop project using it even though Mic
    • There are many reasons, but the one I've encountered most often is fear.

      Upper management, usually, did not get there by taking big risks. They don't want to lead the herd.

      They will take any excuse to avoid Linux until enough other companies and people they know are openly using it AND saving money.

      Until then, no matter what you say, they will focus on whatever "facts" and opinions "justify" their fear.
    • by Saeed al-Sahaf ( 665390 ) on Thursday February 09, 2006 @06:18PM (#14682196) Homepage
      Be honest and matter-of-fact about it. Tell them the truth and hope that they are smart enough to realize how this will help the company.

      Hahhaaaa... ha haaa... ha ha ha haaaaa.... Hahaaaha... ha haaaaa... haaha haaa ha ha ha... OH MY! Hahaha... Haaa ha haaaaaa ha ha ha ha...

      • Re:my advice (Score:5, Insightful)

        by sparkz ( 146432 ) on Thursday February 09, 2006 @08:22PM (#14683247) Homepage
        I'm with you on this one, Saeed.

        An interesting and useful thing a headhunter told me recently about looking for jobs - don't tell them what you know and what you're good at, tell them how much money you have saved, and how much income you have generated, in your current/previous jobs.

        If you can come up with figures, saying that (eg) "We spend $x per annum on Anti-Virus software for Wintel; we could reduce that to $y by moving to Linux", or "We lose x hours per annum with unscheduled downtime on Wintel servers, costing $XX; we could reduce that to y hours with Linux servers, costing only $YY", you are more likely to get the attention of the beancounters.

        A Ferrari is faster than a Volkswagen, but it costs more. It's down to the beancounters to sign-off the outlay. If you can show that you need a Ferrari's speed, and the benefits justify the cost, then they'll get the Ferrari. If you can show that the Volkswagen is quick enough, and is cheaper to buy/run, then they'll get the Volkswagen. Note that I've not gone into any details about the technical differences between the two manufacturers, but I've sold them on whichever option best suits the need.

        In some cases, the Ferrari is the best buy; in others, the VW is the best buy.

        If I'm in the high-end chauffeur business, then a Ferrari could win on the prestige alone; If I'm in the taxi business, the VW will win on TCO.

        I know - I'm using the traditional car analogy, and I am failing to specify which option is Wintel and which is Linux; sorry for going against the mould, but it doesn't work that way in the CEO/CTO/CIO mindset. There is no "best"... we all know that a Ferrari is "bettter" than a VW, but is it better in this situation? If the objective is security, *nix is likely to beat Wintel; If the objective is massive user-acceptance and low training costs, Wintel could beat *nix.

        Whether the criteria are right or wrong is a different issue; you could say that it doesn't matter that the users don't need retraining to use the *nix solution, because the Wintel solution is riddled with flaws; again, you can put that into CEO language by costing the (Wintel flaws) vs the (*nix (flaws + training)) to show that training on *nix, whilst an extra expense, is overall lower than the Wintel solution.

        If you cannot show that, then you are not actually benefitting the company.

        As a simple example, if the proposal is a stand-alone workstation with no external I/O devices, does it really matter (for security) if it runs Windows 95? The security argument doesn't hold up as strong in this case, as compared to a publically-accessible web server.

        Think about what it costs, and what it delivers. Don't bother telling non-technical people about technical details - they don't understand, and it's not their place to understand (if they did understand, we'd be out of a job!). We have to translate the technical details into costs.

        So if replacing a Wintel server with a Linux server is "better", you have to define "better", even (especially!) when it's obvious. If it's better because the Wintel server was a security issue, then work out the total cost for keeping the Wintel server secure, and the cost to the company if it was breached, along with the likelihood of that occuring. Do the same costings for your proposal, along with any additional costs incurred (new hardware, licenses, training, etc). If it turns out that there's a very low risk if the Wintel server is compromised (eg, it's not connected to the internal network, contains no sensitive data, and is blocked by the firewall from doing anything nasty), and there'd be a large cost in migrating to Linux (eg, retraining, HW changes, etc), then Wintel is the right answer, and all the "but Linux is better than Windows" arguments are ignored, and your credibility is reduced. That reduced credibility will carry on to the next time you propose something, like the boy who cried "Wolf!".

        Cost. That's all the business people care about. If they can spend $10k on a

        • by jc42 ( 318812 ) on Thursday February 09, 2006 @10:35PM (#14684205) Homepage Journal
          A Ferrari is faster than a Volkswagen, but it costs more.

          Not a good comparison re computer systems. If autos were like computers, the Ferrari would be both faster and cheaper than the VW (and would use less fuel). But most businessmen would still insist that the company fleet be VWs. In fact, they'd order a fleet of VW Golf convertibles to handle heavy shipping, and complain that they can't get a Golf with the capacity of a semi-trailer, while ignoring the suggestion that they talk to a truck dealer.

          Aren't similes and metaphors fun?

    • Tell them the truth and hope that they are smart enough to realize how this will help the company.

      There are offices where people are not content to merely not be interested in F/OSS, but outright hostile to it.

      Having been in the same world as the original poster, sometimes you just have to face up to it that some companies are never going to come around. There's no point sticking your neck for a group that doesn't appreciate it. Such effort is pearls before swine. Find a shop more in line with your I

  • by Profane MuthaFucka ( 574406 ) <> on Thursday February 09, 2006 @05:58PM (#14682018) Homepage Journal
    These were the other topics on the conference call

    -Reminder to keep up with the latest COBOL and FORTRAN standards. Sharpen those programming skills.
    -A notice that the Data General minicomputer is going to have its batches put onto the new IBM System 36.
    -A work crew is going to be on floor 3 pulling Arcnet cable through the walls. Since there's asbestos in the walls, it may be disturbed. Hint: a lint brush can take asbestos right off your suit if some should land on you.
  • One word... (Score:5, Funny)

    by Ustice ( 788261 ) on Thursday February 09, 2006 @05:58PM (#14682025) Homepage
    Powerpoint. Like it or not, if upper-management sees it in Powerpoint then it is the God's truth.
  • by PFI_Optix ( 936301 ) on Thursday February 09, 2006 @05:58PM (#14682028) Journal
    Title from TFA: "A report warns of security vulnerabilities, raising the question of whether the open-source model can provide bullet-proof software"

    What you might say: We get reports of security vulnerabilities on Microsoft products on a weekly basis, and there is unfortunately no such thing as bullet-proof software. Just recently Microsoft opted not to release an automatic update related to a virus before the virus went active, which would indicate that, contrary to what comes out of the PR department, Microsoft's commitment to security is not significant.

    (I know the last sentence can be somewhat deceptive and there's more to the story, but if they're going to flap their lips when they're clueless, I doubt they'll catch it).

    Wrap up with: No, Linux isn't perfect. There is a risk of vulnerability in every product. Microsoft, Apple, Unix, Linux, all of them carry some risk. It's our job to assess the risks and find the safest, most secure software that meets the company's productivity needs. It's what we do every day.
  • by egarland ( 120202 ) on Thursday February 09, 2006 @05:59PM (#14682031)
    Hold your ground and respectfully disagree. Then seek out reputable reports backing up your position. If you are right and you respectfully, calmly and clearly explain why to others you will almost always prevail.
  • Superiors? (Score:3, Insightful)

    by ka9dgx ( 72702 ) on Thursday February 09, 2006 @06:00PM (#14682046) Homepage Journal
    I know it's all semantics, but first off, stop calling them your "superiors"... they might be your management, but YOU are the technical expert. All else derives from that course of action.


  • Ignore them (Score:5, Interesting)

    by Vellmont ( 569020 ) on Thursday February 09, 2006 @06:04PM (#14682086) Homepage
    If your upper management is still believing FUD about linux after all this time, there's nothing you're going to say to them to disuade them. These guys just like believing garbage. You say you've been using linux for 5 years in the business, so someone must believe in it. Just ignore what the upper management is saying since it doesn't sound like they're micro-managing things down to the level of "we aren't using linux, period". Continue to make the right decisions about what OS to use and justify them with good evidence. Don't worry about the personal opinions of upper management, since they shouldn't be making those technical level decisions, and they should know that.

    On a personal note, at one job I had the CTO once said "we'll never use Linux in the Enterprise". About one year later we were running ten low end linux servers to replace a single, very poor performing AIX machine. The CTO ate his words and admited the mistake. A lot of these guys just like to talk big just so people think they know what they're talking about.
    • I had a frined whose CIO told him we are the state of the art Microsoft shop. I supose he didn't kow that he was a linux and solaris admin for 15 out of 25 boxes in the server room.

    • by toby ( 759 ) * on Thursday February 09, 2006 @08:15PM (#14683184) Homepage Journal
      one year later we were running ten low end linux servers to replace a single, very poor performing AIX machine

      I know it takes 10 times as many 'doze boxes to do the work of one UNIX server, but 10 Linux boxes? That must have been a heck of an AIX machine.

    • Managers get promoted by being political competitors and impressing others. Sometimes it will happen that
      >The CTO ate his words and admited the mistake
      but don't count on it.

      Maybe a good tactic is to leave them room to change their minds without having to admit error. You could say something truthful like "Linux is evolving almost too fast to follow and we might find a different landscape if we look again in six months". Or maybe schedule a review for when they're looking down the barrel of Vista upgrade
  • Show the proof (Score:4, Interesting)

    by truthsearch ( 249536 ) on Thursday February 09, 2006 @06:05PM (#14682092) Homepage Journal
    Linux has prooven itself (time and time again), for over 5 years in our company? How do you deal with all of the baseless claims, that your superiors may read in the mainstream media?

    Show them the proof within your own company. If it's proven itself within the company already, then don't direct them to outside reports showing how great Linux is. Gather data proving how great it's been within the company. If you can show remote breaking statistics, for example, and no one has ever gotten in, you can show it's great at preventing breakins. Management will care most about what's happening at their own company. Show exact proof that it's working there.
  • by AJWM ( 19027 ) on Thursday February 09, 2006 @06:05PM (#14682097) Homepage
    Ask them if they've ever read a media story about something they knew a lot about. Ask them how much of it the media got right. Ask them why they think it would be any different with respect to IT.

  • Dealing with FUD (Score:5, Interesting)

    by db32 ( 862117 ) on Thursday February 09, 2006 @06:08PM (#14682119) Journal
    Honestly I have never really had a problem with the FUD. There are so many articles and studies surrounding Linux that its fairly simple to dig up better studies, or facts showing why the biased ones are biased. Or you can simply do demonstrations. The tricky one for me is the more experienced/educated users. Windows admins that have been doing it for some years are much harder to convince of the merits of any *nix based OS. I know alot of /. folks don't like to think about it...but there really are some very sharp people that only use Windows. Most of the ones I run into latch on to one little gem of Windows knowledge and tout they are experts, but I have run into quite a few that really do understand the ins and outs of that operating system very well and can get it to impressive things through registry manipulations and other things.
    • You pretty much are hitting the nail on the head. What information can any of us trust, when the security agencies and companies that we use to trust on matters of security themselves are either biased or use outdated methods of security reporting.

      There has to be a way to set a 'required' reporting that breaks down security information that doesn't get lumped into any bias, just numbers.

      When you look at security reports and see the 'experts' don't even properly discern the differences between OS level poten
  • by filesiteguy ( 695431 ) <> on Thursday February 09, 2006 @06:11PM (#14682138) Homepage
    Of course, the facts won't be found in your average MS website. Simply add to your blog, journal or whatever. Also, I'd suggest start hosting "open source" and "Linux" seminars during lunch. I've done it. In the past year or so, weve gone from zero linux servers (out of several hundred) to twelve full-time production RHE servers. I know it is a small amount, but it is a start.
  • by Spy der Mann ( 805235 ) <spydermann.slashdot@ g m> on Thursday February 09, 2006 @06:18PM (#14682198) Homepage Journal
    The so-called analysts are NOT. Plus, there's the SELinux distribution promoted by the NSA, and it's as secure as Fort Knox. (well that's what you can say. And certainly your boss can't contradict the NSA, can he? ;-) )
  • by danmart ( 660791 ) on Thursday February 09, 2006 @06:18PM (#14682206) Homepage Journal
    Fight the FUD with benefits to the company for switching to linux. Here is a nice list of 25 reasons to use linux [] in your organization from the linux information project. They also have a list of success stories with links for companies that successfully switched to linux [].
  • by dtfinch ( 661405 ) * on Thursday February 09, 2006 @06:19PM (#14682212) Journal
    There's more to security than just using Linux. Did they see an example of something that was configured insecurely? Or are they truly just quoting stuff they read in magazines and on the internet? If showing them how they're mistaken doesn't work, maybe they'll shut up if you start tossing some FreeBSD servers into the mix. Or maybe you can just boldly state that Linux has given you far less trouble than Windows as far as security, flexibility, performance, scalability, and reliability are concerned.

  • "Could be..." (Score:3, Informative)

    by techno-vampire ( 666512 ) on Thursday February 09, 2006 @06:22PM (#14682232) Homepage
    From TFA:

    Even that doesn't mean a business is completely out of the woods regarding Linux security. Customers could be using an unpatched Linux-based network-connected multifunction printer or have on their network an obscure tool that a programmer found on a Web site and is using unbeknownst to anyone, leaving the door open to problems. "All it takes is one mistake to open the entire enterprise up," warns Alan Paller, research director at the SANS Institute.

    There's a lot here about how something "could be" going on that's a security hole on a Linux box, but no mention that the same thing could just as easily be a security hole on a Windows box. There's also not one, single word about all the other things that could be security holes on Windows that don't affect Linux, such as opening attachments from strangers, browsing to the wrong website and so on. FUD, and nothing else.

  • by no_pets ( 881013 ) on Thursday February 09, 2006 @06:26PM (#14682272)
    At the company I used to work for there is no way any IT managers would mention Linux to their peers and no way that we would ever get any budget money for anything "Linux". But, as old servers were replaced or other PCs became available our department slowly started creating small, useful web apps, MySQL databases, etc. Eventually these apps made their usefulness expand beyond the IT department into the other departments.

    As these users (managers, etc.) began to see the usefulness and robustness of these solutions eventually they learned that they were low cost, very stable and flexible solutions that helped the corporation. Oh, and BTW they eventually learned that they were Linux servers. They immediately gained respect.
  • by LWATCDR ( 28044 ) on Thursday February 09, 2006 @06:27PM (#14682281) Homepage Journal
    Nobody ever got fired for buying from IBM.
    Simple as that IBM is pushing it. Linux is so not fringe anymore that anyone with a brain knows that it is a viable alternative for servers.
    Companies that sell Linux distributions and offer support.

    Companies that sell servers with Linux installed.

    Companies that use Linux

    The idea that Linux is some kind of hippie hacker commune is so 90s...

    There might be good reasons for your company not to use Linux but security really isn't one of them. If it is you should probably be running OpenVMS or OS/400. I dare someone to hack that :)

    • The idea that Linux is some kind of hippie hacker commune is so 90s...

      Unless, of course, your rationale for wanting to use Linux in your business is straight out of the hippie-hacker playbook. I'm not saying this is necessarily the case in this guy's organization, but it's entirely possible that the strongest advocates for Linux within a company might not have the best reputation for professionalism, nor the strongest grasp on business needs and objectives. For example, if I wanted to raise the profile o

  • by DaedalusHKX ( 660194 ) on Thursday February 09, 2006 @06:34PM (#14682334) Journal
    Enough time has passed, I can now freely say this out loud about my previous employer :)

    Seems now, the fellow wanted me back, but was offering shitty pay, a few months ago that is.

    Overall, man said he was switching to linux, and they got contracts, where I'd have to even have TS clearance. I'd love to help move an entire half of a state's government machines to Linux but sadly, I'm NEVER working for that outfit again. I fear being entangled by contracts far too much. I also have bills to pay, taking a pay cut to go back to all the stress is simply not worth it. He wanted me bad enough to offer a raise, but he still couldnt match or promise me guaranteed employment.

    In regards to the topic at hand.

    Let them know about security, let them also know that what you hear from M$ salesmen is not necessarily true. Also, remind them TWO KEY TOPICS.

    Closed Source vendors only reveal the holes they are FORCED to reveal because they've received publicity, via exploits or proof of concept exploits. Open Source projects see note1, on the other hand, publicize any holes and POSSIBLE holes and they usually have a MUCH faster turnaround for a patch and one that works, as we can all remember how well some of the M$ patches work.

    note1 notice I said projects vs vendors, OSS ppl don't sell you anything, you CHOOSE to use it, and nobody takes your lunchmoney because of it.

    Remember that the biggest issue with windows is that it was a one user system, non network aware, and designed for absolute integration. You cannot remove a component easilly without breaking several (if not the entire system). Remind them also that the biggest issue with integration is that an attack only needs to target the lowest trusted component. This is why "userland" apps in linux behave differently than desktop apps in windows. Linux is, at heart, a Unix and so is BSD, and thus the apple os X, but that is another subject. Which means Linux is inherently a capable server, designed as such, and also designed to be modular, which means you can kill the front end, all of its subprocesses, and restart it, without rebooting the machine and killing any work any non front end users might have been doing via SSH or some other custom app you might have.

    Since most users have to work as local machine administrator, as opposed to domain administrator, Windows automatically allows the user to install software and modify any non domain specific settings. As should be obvious to anyone, the moment a user runs a virus or trojan, or spyware and what have you, the local machine admin has been compromised. Windows XP, even after many "fixes" to the well known "Shatter Attack" see note2 STILL suffers from this vulnerability.

    note2 a windowed program with even a guest account with NO privileges can hijack any root process running inside another window. To this day winlogon is a system/root process that still suffers from this problem, and you cannot disable it and STILL use windows, there are slipstreamed cds with NO graphics console, but they are pure servers, and have to be command or remote administered, no pretty front end for users.

    In the end while Linux and BSD may have their flaws, at the very least they are more quickly fixed, the fixes are more than just a port block, like the Microsoft solution to Winnuke (which was a popular script kiddie port 139 icmp attack) or just plain lies (as is the case, apparently with the Shatter Attack. Granted for Shatter attacks to work, the user running the trojan must have guest access or better to the machine, or trick a legitimate user into running a compromised app but, heh, use your imagination. How often do foolhardy users run things they are not supposed to such look at porn, download "bonzi buddy" or "weatherbug" or any such crap? Spyware and trojans get around via users themselves since real hackers have better things to do, like write code for linux ;-)

    • Is a CEO qualified to understand any of these statements?


      S/He won't understand, it'll come across in the same way as the garage mechanic saying "... ooh, your Big End's gone, that's gonna cost ya". It's some mumble-mumble jargon with no real meaning, just a huge bill.

      The CEO doesn't get that kind of stuff from the Wintel team, they just say "It's okay, MS produce patches, we'll check them out an install them".

      The CEO, not understanding any of this, will have more faith in the Wintel team than in the

      • The business are only concerned about money (it's called Capitalism, it's fairly common in the western world, you might have heard of it - it pays your salary). They don't care about "better", they care about "cost-effective". Show them that, make sure that you can deal with the details (because that's your job, and it's not their job (you know they'd fsck it up!)), and propose the best solution, in simple terms which the CEO will understand. That will improve your credibility, which is a virtuous circle. I
  • by smash ( 1351 )
    Point to google.

    Ask them if they realise that most of the ISPs on the planet use it for various tasks, ranging from proxy servers, to DNS servers to authentication servers.

    Or just quit and get a job somewhere where "management" listens to the suggestions made by the people who are paid to know this shit.


  • ...I got the hell out of there.

  • Looks like it is time for you to find a new employer.

    If they are completely clueless (believing everything your read or see on TV probably fits the bill), you are jeopardizing your long-term financial security by staying on with a company that is obviously moving towards bankruptcy.
  • Every business exists for one, and only one, purpose. To make money for the owner. (not as cynical as it sounds. Even in non profits, if they run out of cash, they go away.) In all my years of gainful employment, everytime I argued for something because it would be 'better quality' pretty much fell on deaf ears. If I framed the argument that 'we'll make more money' or 'we'll spend less money' ears perked up. Frame the quality argument in 'reduced support costs, reduced maintenance costs, greater server
  • Try this (Score:3, Funny)

    by SnarfQuest ( 469614 ) on Thursday February 09, 2006 @07:27PM (#14682823)
    Ask them to install Windows on a machine while it is connected directly to the internet.

    That should be fun.
  • I have had lengthly discussions with some of my old workmates at Microsoft, and my new ones here (at a "Microsoft zomby") and they always try to laud how Microsoft OS is so much better and more secure. We even have some Linux servers here.
    When I start hearing about all this, I simply say, "See Secunia ( []) and then come talk to me."
    Basically, Secunia breaks it all down to # of vulnerabilities. Then they break that number down to # of critical, etc.
    While some versions of Linux have more v
  • by guruevi ( 827432 ) <evi AT evcircuits DOT com> on Thursday February 09, 2006 @07:48PM (#14682971) Homepage
    STATISTICS!!!! They all love statistics, don't they.

    Well, I proved it this way:
    We were using el-cheapo boxes for serverhardware, I created a reporting feature for hardware breakdown with the possible reporting of OS, kind of hardware (Maxtor IDE disks of 40G or 80G) and RAID configuration.
    The Software RAID-1 configuration for Windows had 200% more harddisk breakdown with permanent data loss (backup or no recovery) over the same period of time over the same amount of boxes. Actually only 10% of the Windows boxes had their RAID setup intact after a crash of a single harddrive while for the Linux boxes it was over 90%.

    Then I pulled statistics of the ticketing system for trouble reports and it concluded that tickets connected to Windows servers were 500% higher and that the resolution time was about 60% longer compared to the tickets connected to the same amount of Linux servers.

    Although results for your company might differ, it is going to be similar to my conclusions.
  • by couch_warrior ( 718752 ) on Thursday February 09, 2006 @07:48PM (#14682973)
    When selling Linux to corporate america, you just CAN'T do it using geek speak.
    Managers use the same english words, but when you are a manager, your goal is to confuse and misdirect. NEVER take what a manager says literally, or try to respond to it logically. Managers make decisions based purely upon gut feeling and emotional reaction, then rationalize the decisions with vaguely related reports and misapplied studies.

    Here are some simple translations:
            Management Speak(M) to Engineerish(E)
    1M) I'm concerned about linux security
    1E)I dont understand linux and it makes me feel insecure
    2M) I've heard that linux has security problems
    2E) A rival vendor's sales rep in an expensive suit told me linux has security problems, I need someone in a more expensive suit to tell me he was wrong
    3M) No one supports linux
    3E) If a linux server crashes there is no linux sales rep to yell at and blame it on
    4M) I need more data
    4E) I want the information reduced to powerpoint slides and presented by someone with a nice butt in tight fitting clothes(gender varies)
    5M) Lets discuss the issues involved
    5E) I'm afraid to make a decision until the whole industry stampedes in that direction
    6M) Is this the right business decision?
    6E) Can I be fired for doing this?
  • I recently started building up a server here. Our system network is predominantly Novell with a good portion of Active Directory. We have one RedHat server as a SPAM filter and this new box would have been only the second official Linux server.

    There were cost concerns so I recommended Suse Linux 10.0 Pro as Novell owns Suse. The stakeholder in the project thought that was great, it allowed her to avoid a Windows licensing hit.

    Well, I am in the Web Development area and not the Network Support area. I do
    • This makes it sound as if only the Enterprise servers are secure and reliable enough for business applications, which is not the case.

      Novell is right. Take a look at the SLES life-cycle (7 years), which is extremely important in an enterprise environment. BTSTMT.
    • Well - I'm not sure if I agree with 'misleading' but the real issue is that Novell Technical Support will not support SUSE Pro, only SLES. SUSE is community support (forums) only. If I am putting a distro in production in any kind of real application, I want a supported version. I also think Novell has a program where if you are paying maintenance on Netware you get some amount of SLES for free, so cost should not be an issue.
  • no one ever got fired for buying M$.

    "Gentlemen. We have to protect our phoney-baloney jobs."
                                                                        Mel Brooks, "Blazing Saddles"

    Some people won't notice the truth even if it bites them on the ass!

    Good luck!
  • by Infonaut ( 96956 ) <> on Thursday February 09, 2006 @08:28PM (#14683276) Homepage Journal

    Winning the argument depends on first explicitly defining the terms in a way that is advantageous to your position.

    Start out with a proposition that everyone can agree on, like, "We depend on our operating system to do the following things: Minimize support costs through superior uptime, minimize hardware costs by providing more computing power per CPU cycle, realize long term cost benefits by providing superior computing resources throughout the company at a lower cost per seat." This is just an off-the-cuff example.

    Then use metrics from your own organization (if they're not available, guesstimate), comparing the cost of meeting each of those goals. Historical data presented in a before and after comparison format can be quite valuable in showing people that you're not advocating Linux because you have an ideological attachment to it, but because it does the same job less expensively. Arguments about quality will go right over their heads. Intangibles such as, "It makes us all happier to use Linux because we don't have to run around fighting fires all the time," don't register with most O-level folks. Stay focused on apples to apples comparisons, and always compare costs.

    As many others have pointed out, some managers simply won't listen. However, giving up isn't the answer either. At least present your case firmly, without rancor, and in as broad a forum as possible. Don't go behind the manager's back, but try to get other people in on the meeting. That way even if this knucklehead doesn't listen to you, you'll probably convince a few people. When they run off to other companies after the knucklehead brings the company crashing to its knees, you'll have a decent chance of connecting up with one or more of the smart ones who listened to your pitch and understand what you were conveying. The way I look at it, you're playing a long-term game here. It's not just about convincing the knucklehead, or saving your company's IT department from waste and annoyance. It's also about clearly establishing that you know what you're talking about, and you're able to clearly and professionally articulate your knowledge.

    Regardless of whose advice you take, I wish you good luck! It's never fun trying to manage up.

  • Simple solution (Score:4, Insightful)

    by WindBourne ( 631190 ) on Thursday February 09, 2006 @08:34PM (#14683323) Journal
    5 years ago, when Bush came into office, he shut down the FBI from giving out information about cracked system except where required by law (basically, if a customer's CC is stolen). Just before that, a friend and I were going to start a web site that tracked these and then showed the relative risk to users. Since 40% of the https space was windows, then you should expect somewhere around 40% of all the stolen CCs. But it turned out that Windows accounted for more than 99 % of all stolen CCs (and this was in 2002; I think that windows now accounts for about 1/3 of https space).

    So, pick up the report from Netcraft that shows the % of OS on the https sites (you have to pay for it). Then go to and look for all the past stories of stolen CCs. All of the ones that I check for the last couple of years, turned out were Windows (more than hundred over the last 5 years).

    Here is one other interesting test. Look at the netcraft of all the major banks and CC shops. Then look at all the CC processing sites that lost 100's of thousands of CC's. A few of the processing sites that were cracked (one in arizona, Florida, and nebraska) were running MS. Yet the CCs companies run *nix. Says a lot right there.
  • Tell them ok let's open the firewall for 24 hours and see who is left standing.
  • by constantnormal ( 512494 ) on Thursday February 09, 2006 @09:28PM (#14683764)
    ... will never listen to anyone beneath them in the corporate food chain.

    Making a lot of obstructionist noise will only paint a bulls-eye on yourself, as a malcontent and troublemaker -- probably a security risk as well.

    How to distinguish between ignorant top management and the clued-in variety

    Good top management would have asked down the org chart to the IT group whether there was anything to the issues raised in those articles, and would have done so off-line rather than during a conference call. After all, they should have confidence in the abilities of their IT staff, and should reasonably expect them to know more about this area than they do. Ignorant doofus top managers assume that they are the ultimate in every regard, and have no need to consult anyone -- after all, that's why they're paid the "Big Buck$".

    In the words of Roy Schieder (Chief Brodie in Jaws), "You're gonna need a bigger boat."

    Go and get an IBM marketeer (or a pack of them) to educate your top management about the virtues of Linux in the corporate environment. They have credibility that you will simply never possess, and are well-trained in the fine art of "Account Control". Just ask your top management for an opportunity to bring in a representative from a Fortune 50 company to put on a small presentation about Linux, in order to get a "business perspective" on the matter.

    The downside is that you will give up any voice in what kind of hardware you run. But that's not such a big downside, as IBM makes good stuff. And with the sort of management you have, any thoughts you might have about your influence is an illusion, anyhow.

    I expect that some sales minions have already managed an end run up the org chart, and the source of all the anti-Linux FUD propaganda is either Microsoft, or some Microsoft-oriented consulting firm plotting to seize a firm grasp on your company's IT budget.

    You need to fight fire with nuclear weapons. Bring in IBM.

  • Do the same -- it will be much more in volume...

    Every time you see a [Microsoft Windows] article telling of some new flaw found -- save it. Every time they release a bulletin [and a patch] -- save a copy of those too. I did this for years for just such a defense in "my logic". The sheer volume you throw back at them may make them think twice -- and do it diplomatically when you do. Even suggest going over their article to understand the half truths, lies, and it will help eliminate their FUD.

    I've been doing
  • They are arguing against Linux (and for Windows) based on the fact that Linux is open source and *MIGHT* be open to vulnerabilities? Are they saying Windows IS secure?

    Someone hit these guys with a cluestick.
  • I think your approach is a lose-lose proposition. Its bad enough, but not untypical, that management is making inherently technological decisions without understanding their business ramifications. Making the debate with management on your technology turf might let you "win" a battle but you've already lost the war. An approach with a far better liklyhood of long term success would be to push those technical decisions down to the IT level with clear business directives that would help drive those directions
  • I'm your competitor. (Score:4, Interesting)

    by NullProg ( 70833 ) on Thursday February 09, 2006 @11:11PM (#14684411) Homepage Journal
    By using Linux, I'm saving money on installation costs, CACLs and registration fees. I've trimmed down my development costs by using eclipse. No more helpdesk ADO/MDAC version issues that cost money to support.

    I've also saved a boatload of cash by switching the sales/marketing team to OpenOffice. We output all our client documentation using the OpenOffice PDF print driver.

    With the savings, we hired two new programmers and have doubled our marketing budget so more people know about our products. We have one Windows machine left in accounting for Quicken :(

    Food for thought.
  • Switch to Windows. (Score:3, Insightful)

    by JWSmythe ( 446288 ) * <jwsmythe@jwsmy[ ].com ['the' in gap]> on Friday February 10, 2006 @12:08AM (#14684799) Homepage Journal


        I've played this game before. Twice actually.

        The first time, the boss wanted to convert from BSDi to WinNT. Bad choice, I said, but I was a lowly tech then.. I ended up leaving after the migration was done. Not too long afterwards, they started migrating back. The company, on the verge of failure, sold.

        The second time, we had a decent size network running Linux. I was happy with my happy network. It did it's thing very well.. One of the boss-type people wanted Windows. He likes Windows. We should have a Win2k AS network.. I refused. I refused. I refused some more. Luckly, I was in more of a position to refuse now.. It was a battle of wills. I gave all the reasons not to. I gave the few reasons to switch. In the end, I grew tired of the battle. "Fine, we'll switch over to Windows. Licensing will cost $xxx. We'll need x extra techs, and y more boxes, and z more space."

        You know, all those damed x's y's and z's add up. He was reconsidering.

        "We can have everything migrated over in a month, and stable sometime after that. I strongly recommend against it, but we can start the migration as soon as you get the licenses, and hire staff to do the migration and support the whole mess."

        It never migrated.

        Sometimes you just have to give them exactly what they want, and let them realize the mistake all on their own. If the company fails because of it, but you had given strong reservations against it, it's not your fault. When the company dumps, buy the machines from them for pennies, and start your own hosting company. :)

        Just kidding about the hosting company. Get on board with the next company, and see if they're any smarter. At very least, you can use your experience as a warning to them.

        "Oh, you want to migrate to Windows? That's why the last company I was at failed. Here's all the reasons....."

  • by Anonumous Coward ( 126753 ) on Friday February 10, 2006 @01:54AM (#14685328)
    First they hire you as a professional, then they treat you as an ignoramous. This can't be. Tell the suit that if he doesn't trust your judgement, the very one he hired you for, he should resign giving his own bad judgement as the reason.

One can't proceed from the informal to the formal by formal means.