Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Government Microsoft Open Source Software The Almighty Buck United States

NYC Councilman (and Open Source Developer) Submits Bill Establishing Open Source 105

Posted by timothy from the say-fellas-we-could-give-the-money-back dept.
NewYorkCountryLawyer (912032) writes "New York City Council Member Ben Kallos (KallosEsq), who also happens to be a Free and Open Source Software (FOSS) developer, just introduced legislation to mandate a government preference for FOSS and creating a Civic Commons website to facilitate collaborative purchasing of software. He argues that NYC could save millions of dollars with the Free and Open Source Software Preferences Act 2014, pointing out that the city currently has a $67 million Microsoft ELA. Kallos said: 'It is time for government to modernize and start appreciating the same cost savings as everyone else.'"
This discussion has been archived. No new comments can be posted.

NYC Councilman (and Open Source Developer) Submits Bill Establishing Open Source Preference More

NYC Councilman (and Open Source Developer) Submits Bill Establishing Open Source Preference

Comments Filter:

  • Some Reasonable Arguments (Score:4, Informative)

    by NotSanguine ( 1917456 ) on Thursday May 29, 2014 @03:00PM (#47122113) Journal

    From the proposed amendment:

    It is necessary for the functioning of the city that computer data owned by the city be permanently available to the city throughout its useful life. To guarantee the succession and permanence of public data, it is necessary that the city's accessibility to that data be independent of the goodwill of the city's computer system suppliers and the conditions imposed by these suppliers. It is in the public interest to ensure interoperability of computer systems through the use of software and products that promote open, platform-neutral standards. It is also in the public interest that the city be free, to the greatest extent possible, of conditions imposed by parties outside the city's control on how, and for how long, the city may use the software it has acquired. Finally, it is not in the public interest and it is a violation of the fundamental right to privacy for the city to use software that, in addition to its stated function, also transmits data to, or allows control and modification of its systems by, parties outside of the city's control.

    I agree that we should use the right tool for the right job, but why should that exclude FOSS?

  • Re:I'd be satisfied with... (Score:4, Informative)

    by swv3752 ( 187722 ) <swv3752.hotmail@com> on Thursday May 29, 2014 @03:31PM (#47122397) Homepage Journal

    About the only way to get open standards is to use FOSS. There are also benefits that will spur the local economy as proven with the recent story on Munich. Plenty of FOSS projects are best of class. It is not just about up front costs or installation and configuration. What are the ongoing support costs? For a given number of servers, it usually means more Windows admins that Unix/Linux admins. Unix/Linux can do more on given hardware than Windows. When Microsoft transitioned Hotmail from BSD to Windows Server, they had to more than double the amount of servers to achieve the same performance.

    Plenty of Government uses FOSS- http://leeunderwood.org/linux/... [leeunderwood.org]
    There are even more undocumented cases, but I am not at liberty to divulge that information.

  • Re:Call it the hartbleed act (Score:4, Informative)

    by DickBreath ( 207180 ) on Thursday May 29, 2014 @05:42PM (#47123781) Homepage
    That argument works both ways. Microsoft has had some very serious security bugs. Therefore, using your logic, all Microsoft software should not now or ever again be trusted. Think Code Red and others. In 1999 on a fully patched NT box you could compromise it with regular HTTP requests to IIS by just using pathnames with dot-dot-backslash and then working your way down the WINDOWS System CMD.EXE and then using it to run TFTP.EXE which was a standard part of the install. You could make the server TFTP down a bad exe from your own server, and then a second carefully crafted Http request to CMD.EXE could execute it for you. Game over.

    Microsoft then fixed this by not allowing IIS to accept the dot-dot-backslash business. But you could use percent-sign-hex characters to represent the dot-dot-backslash. Microsoft then fixed that in IIS, but the filesystem would still accept the percent-hex-code characters. So you could double-escape them to get the filesystem to walk you to the CMD.EXE. Eventually they got this right and it was fixed. But there were many other holes. And who's stupid idea was it to run a server process, basically with root privileges?

    I could go on. Even recently there was a major IE vulnerability that affected current and past versions.

    Heartbleed was one instance of a lapse in security.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close