I've been going to college for the past several years and have recently graduated. I've also just recently found a job - two weeks and counting - and I find myself in the surprising position of recommending Free software for use within the company.

I work as an IT Tech, which means I solve a lot of computer problems. But the higher ups have let me know that part of the reason I was hired, was not my experience (I have little working experience in this area), but that I could use some of my knowledge of free software and programming to help them make things better. I really enjoy my job, as I really enjoy making things work better and work well together; As well as exploring new technologies on the company dime, but let's keep that between us, shall we?

Recently I did some small work of making a proposal of getting Syslog working on all the Windows servers, to save them some money on buying a "log centralizer" suite. That sparked some interest in other Free software (either as in beer or as in speech). I dutifully whipped up a list of projects I knew were interesting to them and well maintained:

Samba
Snort (with associated projects)
Squid
MySQL
IpTables (Not really a project, but they could use it for interesting things)

So far I haven't heard back - as we're in the middle of some very tedious but time consuming projects - but I'd like to be able to make some good cases for Free projects that they could use. As a sort of primer, if you will, to moving over to a more hybrid Microsoft / Linux setup than they have now. I doubt it will be immediate, but they definitely need some different tools in some areas that I think the Free tools could help with.

So far I don't think pushing wholesale replacements of software is the right move (e.g. Replacing Office 2000 with Open Office or even Internet Explorer with Firefox), but a more gradual approach is warranted. Tools to fill in the holes of their current setup, so I build up my reputation with my boss and his bosses as someone who knows what he's talking about.

So with that in mind I tried to find some sort of "Top 20" of Free software projects via google, but I couldn't find anything very useful. There were plenty of ratings for distros, but that didn't help me. What I'm really looking for are mature, stable projects that can be had for little to no cost that I can deploy in their current configuration to help them "Get out of the Dark Ages", so to speak.

If you could reply with your favorite software projects, along with a brief overview (or not even that) or even point me toward a list with projects and user ratings with success stories, that would be perfect.

<Aside>
It occurs to me that such a suite of programs, that I'm trying to build here, might make a good distribution for Linux? A distribution targeted at businesses, free software to make them run better. It could come with installation instructions, deployment guide, manuals and other documentation to allow it to be seamlessly integrated into an existing setup. It seems so simple to me that I'm almost sure that someone has done it before. Has anyone heard of anything like that? BusinessLinux or some such?
</Aside>

--Pontifex

A quick google search didn't show much:

http://www.linuxforbusiness.net/
http://linas.org/linux/web-project.html
http://www.pclosbe.org/mwiki/index.php?title=What_is_BEL_Server-Basic

They seem to have the right idea, in general, but not exactly what I'm thinking of here. Not exactly a disc they could use to install linux and start playing around in it, but a collection of projects they could use to deploy in an existing setup. Which I think would be a good way to approach some businesses.

Because let's face it: Businesses are run by people. People usually don't like change, especially with computers because they're ill-understood by most. I'm sure most of you can attest to this if you've ever had to setup or debug a computer for an inexperienced or novice user. They're afraid to break things, but ironically often do things to their own detriment; And at the same time resist tools or practices that would change things for the better. And people in charge of large (or even small) businesses are more worried than most about screwing up anything related to computers, as it can be very expensive, time consuming and stressful. Computers essentially make their business go, but they understand very little about them.

Asking them to approve for spending on something besides Microsoft is often tenuous at best, because of these very reasons. Microsoft - with it's very powerful marketing engine - has made a name for itself as the defacto Operating System; People have come to expect it, even trust it in their working environments. Overcoming nearly a decade of this attitude can be very difficult. Which is where the strength of Open Source comes into play. With its variety of small, self contained tools and interoperability built into it's philosophy, it seems ideal to make inroads into this sort of situation. E.g. Take advantage of gaps in the coverage of existing Microsoft products to create a hybrid environment and then to supplant existing technologies during budget approvals ("Why Upgrade to the next version of Microsoft's XYZ technology, when we can use the free ABC technology instead?").

Reading back I realize that I outlined - essentially - guerrilla warfare tactics for integrating software into a business environment; But it seems to be as good a method as any.

Actually some sort of automated technology to do just that might be warranted, to help with the process of finding "gaps". For example: you boot up a CD of our theoretical distro on one of the servers and it spits back a nice report of Free software projects and collections of projects that could be used to either create functionality that you need or replace older technology already in place. Such a system could even be interactive, safe enough to demo to the CFO or IT Administrator to enlighten them on the possibilities of Linux.

--Pontifex

I would have thought someone would have replied to this thread before now, if only show off their own wit!

Is this forum dead?

I would appreciate a reply, if only in the form of a 'bump' so I could know whether or not to move this thread to a more active forum.

Thanks.

While doing some work for my company, a thought occurred to me about administration. It's a big part of making a business go, in general. You can't usually have a small or medium sized company without decisive leadership in most if not all areas important to the company. Administrators are usually very busy people - if they're doing their job right, that is - and finding time within their schedule to do anything but the essentials can be very difficult.

Thus the dominance of Windows. Because really Windows is very easy to administer, it takes very little know-how to click through "Setup Wizards" and as long as it works that's all your users expect. They don't expect security (wait a second, I'll get to that in a moment) or even reliability, only that there is a system in place that allows them to use computing infrastructure in some manner to do what they need. Because really a computing infrastructure that works very badly, also makes doing business very easy and a lot less fricative. Now when things break or a virus breaks out, our hypothetical Windows admin (who left defaults and didn't patch) is going to catch hell, but with a little more effort that too is addressable.

Because there is a staggering wealth of information available for the Windows administrator. I ran into this when I was working to get my project (outlined above) up and running on our test server. Not only were there Knowledge Base articles and manuals to help me setup and configure my software, when I ran into problems there were also a dearth of unofficial forums / articles / blogs / mailing list posts / newsgroup posts / random angelfire hosted sites that I could use to diagnose my problems. If there wasn't a solution from the official (and very exhaustive) Microsoft support system, there's an O'Reilly article, or something in the manual somewhere, or a forum post, etc. My point is that there is a surprising and intimidating amount of information available to help the Windows administrator. As a former Unix administrator and Linux dabbler (in my youth), I found the amount of information available at my finger tips for any conceivable Windows related issue very thrilling as well as depressing. Depressing that I really had to dig for similar documentation and support for most *nix projects / tools.

Most of you are passably familiar with the issues that are common to *nix solutions. There's a learning curve associated with most anything we do on *nix and it can be pretty steep. Sure Windows solutions usually have a learning curve of their own, but usually it isn't until the product is installed and working when the learning comes into play. This right here is where a lot of Linux adoption issues come into play. It's not that Microsoft works better or that it has better marketing. No. A big part of the reason is simply because that *nix solutions are more difficult to administer out of the box.

Now don't stop reading there, listen to what I have to say.

I have seen very comprehensive and interesting packages that are easy to install, administer and integrate into existing setups. But for the most part it is very difficult - compared to Microsoft - to find out about them. Thus we see the second part of the problem, the administrator has to go digging for comparable *nix tools to use for any project he wants to deploy. Microsoft with its wealth of information is "common knowledge" you can find mention of solutions to common problems using Microsoft tools everywhere, but can you find the superior *nix solution without more digging? Once you find the *nix solution, can you implement it as easily as the Windows solution? No, probably not. The vast majority of such cases are solved by the Windows solution first and then perhaps augmented and / or replaced by the *nix solution later, if you're lucky.

It's this disconnect that needs addressing. Microsoft doesn't need superior market share or to out maneuver *nix through better products or superior marketing strategies; No. It just needs to have more "mindshare", it needs people talking about it and thinking about it more. It needs the free publicity that comes from their products and people using them. Can *nix compete? Sure, Firefox does it wonderfully. But do you know why? It's easy to use, everyone talks about it, it works better than IE (that's really the easy part), it has many people talking about solving problems with it and it just works. It works very well. It works out of the box to address all the issues a browser should address and the project leads understand some of the issues of adoption.

How about Splunk (www.splunk.com)? I know several IT Administrators that would love this thing, but I was only able to find as a reference while I was actually implementing my project. I know these *nix admins and hybrid Windows / *nix admins are not afraid to deploy free software, but none of them had heard of it. I know for a fact that at least one was actively searching for something just like this to fulfill his log searching needs. But he couldn't find it or didn't have it. Why? Because in order to find it, you need to know where to find it. I can't even find it using the search string 'IT log file searching' on Google. This should come up with Splunk on the first hit...if people were talking about it.

Splunk and many other Free Software Companies have half the right idea. They address the issue of documentation and support, their learning curve from testing to deployment is very small. They're well written and very useful applications and very reasonably priced; But how do we find out about them? I was lucky. I found it by accident. But that's really not good enough. The *nix community as a whole needs a way (or ways) to publish information about awesome projects like this. Splunk doesn't fit everyones needs, but it sure needs a chance for exposure. It needs to be pushed, to be published, it needs mindshare. It needs people talking about it, it needs a way to get out there. It needs people to know about it.

Those are some very good reasons for creating or supporting a project as I've outlined, business Linux. Something to increase mindshare. It's rather impractical to push all of the interesting projects separately , but with a project / distro that could push them all collectively; We could see some real progress in getting projects - like Splunk - into the mainstream IT mindshare.

--Pontifex

I subscribed to this thread when you first started it. I was hoping to get some insight into this as well. Where is everyone? :lolflag:

It seems you need linux software that runs on windows that might be useful in a business setting I will use my awesome googlefu and probably waste your time.

http://osswin.sourceforge.net/#business_software

oss for windows dated but still a good place to start

http://www.intersectalliance.com/projects/EpilogWindows/index.html

some sort of oss system logger

It seems you need linux software that runs on windows that might be useful in a business setting I will use my awesome googlefu and probably waste your time.


Good! Thank you. I missed the OSSwin project in my ramblings. It does look a bit dated, You're right.

I'd already found the InterSect web page on some previous research, that's actually how I found Splunk. But I only found both via articles, not through their web pages. Which is the issue.

And to address your supposition, I'm not looking specifically for OSS software (Is that a good name GNU and Free Beer software?) that runs on Windows, but rather interesting OSS software in general with an emphasis for Windows software. I'm trying for software that can supplant Windows technology, if it's interesting enough, or fill "holes" in the software repertoire of my IT department; Of which there are many.

Is there some genuine interest in building a list from scratch? I could work through the OSSwin business listings in a few days as well as list other interesting things. I don't know how I'd feel about maintaining something like that, in a long term fashion, but it looks like it needs doing.

It almost seems like this is a "critical mass" sort of thread. People won't start posting their brief reviews and "best picks" until there's some content to look at.

Looking to the future, there seems to be some market for a review site for OSS software. I'm sure there already exists some, but perhaps not in the depth or focus of what I'm looking for now.

Edit: Fear my googlefu:
http://www.ossnewsreview.com/

Really it would also be nice to know some of the functions of system administration in a more detailed manner than I'm being or have been exposed to. I have my eye on the ubiquitous O'Reilly book (http://www.oreilly.com/catalog/esa3/), but for now I have to content myself with what I can remember from college and what I'm learning now.

--Pontifex

Not to sound like a hypocrite, here are some interesting projects I've run across in the last few days.

Snare
http://www.intersectalliance.com/projects/Snare/

The free product is a very useful Syslog client; Snare Agent. Web based configuration very simple and exactly what you're looking for if you want your servers to report their logs to a central server.

Works very well on Windows and I can assume it works equally well on other platforms.

I've used it in conjunction with Kiwi to make a Syslog infrastructure on my Windows domain.

Also useful tools by the same company:

Snare Server (Custom Syslog implementation, not free)
Snare for Squid
Snare for Apache
Snare for IIS
Snare for ISA
Snare Generator (Syslog event generator, mostly used for testing)

Not so useful, but still made by Intersect Alliance:

Snare BackLog (legacy freeware that became Snare Server)
Epilog Agent (eventually evolved into Snare Agent)

--Pontifex

Kiwi Syslog Daemon
http://www.kiwisyslog.com/

This is a wonderfully well rounded Windows based Syslog server. It provides a subset of features of the full version, but is useful none the less. You'll probably want to purchase a license for the support and the ability to log to SQL.

Other useful software from Kiwi:

Kiwi Secure Tunnel (Encrypted tunnel for Syslog messages)
Kiwi CatTools (network device backup and management)
Kiwi Log Viewer (does what it says, pretty colors! I like splunk better)
Kiwi SyslogGen (Syslog event generator)
Kiwi Logger (KLog) (Syslog integration API, at first glance)

Splunk
http://www.splunk.com/

The IT search engine, just like it says. It learns your logs and indexes them with a very speedy algorithm. It allows sharing of logs and related information with a community, to allow pin pointing problems more readily (Many eyes...).

Nessus
http://www.nessus.org/nessus/

The comprehensive security vulnerability scanner. A must for any IT department looking to increase the security of their clients and servers.

Very cool operation and a must as a basic level of defense against intrusion. A first step in hardening your network.

Other interesting software:

Security Center (Your basic unified security and auditing central management)
Log Correlation Engine (Like Splunk, centralizes and beautifies logs, detects patterns, does alerts, etc)
Passive Vulnerability Scanner (Network sniffer, scans traffic throughout a network looking for vulnerabilities)

Nagios
http://www.nagios.org/

In depth monitoring of assets around your network. Deploy an agent, hook it up to a server and watch as everything goes wrong. For any computer monitored by it Nagios can: Monitor the physical state, the state of network services resident on the computer, execute external scripts / programs in response to events and initiate contact on events (emergencies).

That's all I can think of for now. I hope some of you, gentle readers, will deign to add to the list.

Thanks.

--Pontifex

well here's a few more links to evaluate I will keep an eye open for you

http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

http://www.itmanagement.com/features/10-open-source-network-tools-052407/

http://www.windowsdevcenter.com/pub/a/windows/2007/01/19/the-case-for-freeware-and-open-source-windows-tools.html

http://www.opensourceforensics.org/tools/windows.html

http://www.opencountry.com/products/products_ocm-suite.html

http://www.mysql.com/products/maxdb/

http://otrs.org/

this ought keep you busy for a bit I'll look more if you need more so let me know

The current fashion is off-site backups

Now that broadband is cheap small business owners are putting computers at home as part of a disaster recovery plan.

Check out http://samba.anu.edu.au/rsync/

Doesn't that open a can of security worms

Responses! Awesome.

A few more things before I reply...

VMWare
http://www.vmware.com/

Machine virtualization. Emulate all your key Windows infrastructure needs on BSD, reboot virtual machines as necessary and never reboot your big server ever again. Very nice deployment strategy, they'll send a partner to come to your Data Center with a tool called VMware Capacity Planner (http://www.vmware.com/products/capacity_planner/) and figure out what kind of hardware you need to virtualize your environment. They also have tools that will push virtualized environments out to workstations, tools that are specialized to run Windows on Intel Macs, etc.

You can use it to model clusters, do deployment testing, test LiveCDs, etc.

Very cool and very flexible software.

ClamAV
http://www.clamav.net/

Freeware virus scanning. It speaks for itself mostly. It's used most commonly as a server side virus scanner.

There are some sources that inspect its reliability compared to more mainstream Anti Virus solutions, but the responses are mixed and spartan; That is there aren't very many obvious comparisons and formal reviews, but there are some.

The current fashion is off-site backups

Now that broadband is cheap small business owners are putting computers at home as part of a disaster recovery plan.

Check out http://samba.anu.edu.au/rsync/


I've heard a great deal of good things about rsync, but I've never actually seen a business level implementation of it before. I read through the 'resources' link, but I didn't see anything I would term "business level".

It's very useful and it should be in everyone's "tool box", but I wonder if we need to revise my aim a bit with this thread. So far I've been posting products and projects that are in some sense "finished". They're under active development, but they have some sort of ineffable sense of "polish". Like the basic function of the tool has been rounded out and fully implemented. The companies / projects I've mentioned still expand on the basic principle and invent new complementary tools, but have infrastructure in place for helping people adopt and use their products. That's really what I look for in a solution: something with an established user base, lots of documentation and an established (in)formal help system. I think that's what companies in the business world look for too, perhaps with most importance placed upon the various support options available. Because they want it to "just work".

Rsync in this case does not exactly match the definition above, but it is a very useful tool. It's a piece of a product, rather than a complete product in and of itself. Backup software would not exactly be a fancy front end to rsync, it would implement a variety of features that would implement various strategies and techniques that use rsync. Encrypted symmetric incremental backups are a very good idea and many companies do them, but where's the support?

I will note the tool in this thread, but there will have to be a special label affixed, such that when people browse the thread they can see that rsync is a not a solution, but a tool.

Tool: Rsync
http://samba.anu.edu.au/rsync/features.html

A tool used for incremental backup and mirroring. Support transport over a variety of encrypted protocols for added security.

Doesn't that open a can of security worms

This addresses security concerns nicely:

http://www.netbits.us/docs/stunnel_rsync.html

Nagios
http://www.nagios.org/

In depth monitoring of assets around your network. Deploy an agent, hook it up to a server and watch as everything goes wrong. For any computer monitored by it Nagios can: Monitor the physical state, the state of network services resident on the computer, execute external scripts / programs in response to events and initiate contact on events (emergencies).

Also along those lines: Zenoss

When your a little further down the line you could save costs by using http://www.ltsp.org/ to supplement aging hardware if thats an issue and use http://www.2x.com/applicationserver/application-server.htm
this to serve windows applications to your new Linux thin clients. Thus saving windows licenses, getting more life out of old hardware and using more open source.

:guitar:

Sorry for my absence, I'll be giving this more focus a bit longer down the road. Some more pressing issues have come up and I need to deal with those before I sit down to the heavy researching this demands.

Stay tuned.

--Pontifex