Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Open Source Linux

Should All Government IT Systems Be Using Open Source Software? (linuxjournal.com) 206

Writing at Linux Journal, Glyn Moody reports that dozens of government IT systems are switching to open source software.

"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..." One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.

Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.

He includes an inspiring quote from the Free Software Foundation Europe about code produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?

Should all government IT systems be using open source software?
This discussion has been archived. No new comments can be posted.

Should All Government IT Systems Be Using Open Source Software?

Comments Filter:
  • by Anonymous Coward
    "Should All Government IT Systems Be Using Open Source Software? " where it makes sense sure. The primary thing I want government to do is spend intelligently, Open Source is definitely part of that, but don't use open source just because it is open source. I would rather them buy what is most efficient as the primary factor as those public servants are the costly inefficient piece and anything that makes there job slower is really bad for all of us.
    • Re:sometimes (Score:5, Insightful)

      by Anonymous Coward on Sunday February 10, 2019 @04:08AM (#58098008)

      The problem is that government systems tend to handle all kinds of really important information, and proprietary vendors have shown over the years over and over again that they simply are not trustworthy, and that the people responsible are not up to par WRT keeping them safeguarded.

      Evidence? The massive hits by ransomware against various types of government agencies ranging from the NHS to the Alaskan administration, the latter I believe got hit so bad they were considering reverting to typewriters. And this is just the tip of the iceberg of the continual data leakage we never get to hear about.

      Making sure the systems run on verifiable code were you don't have to trust external parties should be the starting point for every state run system. That would be intelligent spending. The government has a lot of information on all of us, and by collecting it it also collects the responsibility to protect it. Something which just isn't possible with proprietary software, Microsoft's latest offerings in particular.

    • Re:sometimes (Score:5, Insightful)

      by mrvan ( 973822 ) on Sunday February 10, 2019 @06:12AM (#58098204)

      I see the same in higher education. There's a number of things we all need (like an electronic learning environment) but we buy it from vendors like Canvas or Blackboard, which is expensive and inflexible. Same for grading systems, scheduling, course guides, human resource, etc.

      I think we should have moved to a cooperative structure for these things long ago and all pay into a group that develops the software and then releases it open source. Since this can be decided at the university system level there's less risk of freeriding, and since universities employ a lot of smart people who like tinkering there will be a lot of community contributions.

      • Re: sometimes (Score:1, Informative)

        by Anonymous Coward

        Canvas is open source under the AGPLv3 license and the source is on GitHub. They are nearly what you are asking for (a group we all pay into to manage updates and adding of new features). But the rest is a pipe dream. Who has time to tinker with their LMS? Iâ(TM)m a CS prof and I donâ(TM)t do it. Also, the software is necessarily web based, and I donâ(TM)t want somebody adding some patch to the system that brings it down. Better to let IT manage the thing.

      • Re:sometimes (Score:5, Informative)

        by i.r.id10t ( 595143 ) on Sunday February 10, 2019 @08:47AM (#58098514)

        Except Canvas is AGPL licensed.

        https://github.com/instructure... [github.com]

          Sure, you'll loose those nice integrations with Big Blue Button (conferences tool), some of the Speed Grader stuff, the equation editor, the "record from webcam" function in the HTML editor, etc. since those are licensed services or hosted via 3rd party contracts, but you can also replace them yourself.

        Strangely, what the college I work for pays for Canvas hosting and support (not a license fee) is about what we paid Angel/Blackboard for license and hosting, but the software is better and our support experience is better AND we get a LOT more resources.

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        universities employ a lot of smart people who like tinkering

        There was a time that you had universities producing nice things like pine (now alpine/realpine, because the UW stopped development). Nowadays, the smart people have too much work on their hands. Professors have to profess, which means lots of articles and books need to be written. Tech support teams have a lot more on their hands in the era of BYOD and not much more in the way of resources. I used to be a tinkery sort of person, and now I'm busy writing instead, so I have no time to tinker. Tinkering w

      • by Anonymous Coward

        Yes, universities need student worker jobs for experience, research grant funding to try out new ideas in support software, longer term planning which requires investing instead of short term cloud fees.

        But governments which exist as a representation of the collective... is deeply aligned with the shared public work that open source is; with the biggest difference being it has an organized management with funding, power and the overhead of safe guards. That power and funding are what brings about most it's

      • by Monoman ( 8745 )

        I tend to agree. I see too many schools struggle to keep up with tech when they should be banding together to find solutions and share resources. Those solutions don't necessarily have to be open source.

    • by Anonymous Coward

      With the hundreds of billions of dollars available to the US government every year I'm rather surprised they haven't just developed their own OS from the ground up. Something that keeps everything locked down while having an easy to learn interface for the average worker.

      Hell, they don't even have to roll it out any time soon. But start WORKING on it with a healthy budget for R&D.

    • The primary thing I want government to do is spend intelligently,

      Tell me - what is life like in Cloud-Cuckoo land?

    • Re:sometimes (Score:5, Interesting)

      by nine-times ( 778537 ) <nine.times@gmail.com> on Sunday February 10, 2019 @08:43AM (#58098502) Homepage

      Honestly, I've come to think that's a bit of a cop-out. If the government can't use FOSS, then I think they should fund the software they need, which should then also be open source.

      That may sound excessive, but it's an investment. It accomplishes a bunch of stuff. First, over the long term, it does away with licensing costs. It also allows them to access the source code and verify its security, and then make modifications as needed. Also very importantly, it frees them from proprietary interests. They're not beholden to do things the way their vendor wants and serving their vendor's interests.

      Also, whatever improvements they make to the FOSS are likely to be needed somewhere else. Improving public software serves the public interest.

      The reality is, buying proprietary software may be "efficient" when looking at the short-term immediate cost, but it's much harder to say what will be efficient and cheap when viewed over the next several decades. I suspect that investing in public software now will pay off several times over in the next 50 years, and that's the sort of timeline the government should be considering.

      • But government is all about the next election, like business is all about the next quarter. Wise investing is ancient history.
  • Just having the sourcecode of software doesn't mean much. Quite some governments have access to source code of proprietary software. What is more important is the freedom of software to be used and changed by anybody for their own purposes.

    • If the risk assessment shows green, then this stuff would be in the federal enterprise more. When it's for federal purposes, support is one of the most important aspects. And I'm not talking about "jump on Stack Exchange and post a question", but the 3:00AM hyper-visor heartbeat failure that by 7:00AM has corrupted several critical VMs. I can pick up the phone, and have an expert team swarm down (virtually), and fix the problem, get the VMs back online, etc. Most government offices don't have large IT staf
      • ... you have a piece of software that doesn't work. You call in the highly expensive support from the vendor and they won't be able to do much more than shrug at it. It's something I have seen at large companies and very large vendors.

        "Free Software" means that you can change the software if you please. That implies that the software is simple enough for you to make meaningful changes to it. The simpler the software the more reliable and secure it usually becomes, that's why when hardening a system you thro

        • by Anne Thwacks ( 531696 ) on Sunday February 10, 2019 @08:13AM (#58098438)
          That implies that the software is simple enough for you to make meaningful changes to it.

          I think you missed the point: governments can afford to pay for a team with the necessary skills to maintain the open source software in the manner that most benefits them. However, they only need pay once.

          With closed source, they need to pay through the nose possibly repeatedly for different departments, and still don't get what they want.

          However, this does require a degree of sanity in government, and I am not holding my breath on that account.

          • Yeah, small businesses can't afford to support and maintain their own software, but an organization the size of the US government can. They could, at least theoretically, hire a team of programmers to develop and support the software they need. They can fix bugs and develop new features.

            And it's true that having software vendor support is overrated. For an awful lot of the problems you'll run into, when you contact support they'll tell you, "Oh, right, there's a bug. The thing you want to do can't be d

          • by eddeye ( 85134 )

            governments can afford to pay for a team with the necessary skills to maintain the open source software in the manner that most benefits them. However, they only need pay once.

            Spoken like someone who's never worked in govt. In reality most govt agencies can't do that, for a variety of reasons:

            • Agency budgets fluctuate year to year. Unpredictable funding can doom the project.
            • Agencies change leadership quite frequently. Look at the massive changes in policy and priorities at DOE, HHS, State, and other
          • It is not like this has not been tried. Governments have been spending billions developing their own software since software has existed. I have yet to see a single one that even worked and did the job it was designed to do. And I can assure you it was many times more expensive than leasing existing systems.

            Take for example my latest foray into the government system. First I had to sign up for a ONE-key account, to enable me to sign up for a service Ontario account on a second website, which allowed me to

            • by jezwel ( 2451108 )

              ...these government sites only function if viewed through Chrome on Windows

              So they've finally ditched the IE6 requirement?!? Now that's progress.

              Sarcasm aside, government core business function almost everywhere is unrelated to OS development, and application development is usually business specific. I'm sure that certain security related agencies could be set as responsible for developing a secure core OS for use across all government sectors, but you're also running against corporate interests in regards to some pretty large US based companies out there. Considering this is

          • So, open source products never do any updates, change libraries, new dependencies...your install of Debian is forever set in stone and is never updated? You personally vet every new dependencies that comes up when you yum update, and go in to and review all 50+ package's code to make sure it's all complaint with the Application Security and Development Secure Technical Implementation Guide [disa.mil]? You can verify that absolutely none of the code violates V-70363? This requirement here is why Open Course isn't widel [stigviewer.com]
        • Re: (Score:3, Informative)

          by markdavis ( 642305 )

          >"... you have a piece of software that doesn't work. You call in the highly expensive support from the vendor and they won't be able to do much more than shrug at it. It's something I have seen at large companies and very large vendors.""

          THIS

          I can attest that "support" by major proprietary software companies is just as hit-or-miss as it is in the FOSS world. There is support that is great, and support that is expensive as hell and yet practically useless. So it is hard to generalize.

          One of the best mo

        • I'm sorry you've had such horrible support before, sounds like you should have vetted your vendors better. I've had pretty excellent results with real warranties from large companies, including Dell, VMWare, HPE, and so forth. I've had VMWare rebuild VMs pretty much by hand (we had VMware 6, not 6.5 with more advanced rebuild features), HPE support for blade servers, often they will open up support tickets FIRST when they see potential issues in various subsystems before we have time to go over the logs.
  • Has become, I’m surprised the switch hasn’t happened earlierly.

    It seems most proprietary software preempts the end-user or administrator in a myriad of ways, knowing “better” at best (I grew up luckily in an era where computers still took direction) or is just malware/spyware/adware at worst.

    Which is why I loathe smartphones so. Such great potential. So utterly wasted. It’s a shame what the net turned into as well though.

    • One forgotten cost when using open source software is support. Every time an open source project adds or removes features it prompts a surge in support requests from users. Firefox is one example. When Firefox removed support for legacy add-ons everyone wanted to know how to replace their lost functionality. The removal of bookmark descriptions instead of just limiting their size caused another rash of questions. The removal of the Never Check for Updates means that every user is nagged to update to the
      • Every new feature must also be evaluated if it makes baseline configuration changes. The software also needs to be able to have granular controls, and allow IT staff to BLOCK any upgrades that aren't vetted and authorized.

        At my work, we are having to implement AppLocker and other mitigation because one of our core "business critical" applications needs Admin to run. And this is a paid-for application that has been around for many years, with a very deep support structure; but getting them to be 800-171 c
      • most people forget that part of the cost of retail software is the built-in cost of maintaining a support center, normally with a 1-800 number for question,

        We're talking about large organisations though. I've never encountered a large organisation that wants you to call some vendor's support. They expect all IT support stuff to be handled through the organisations IT department.

        • by jythie ( 914043 )
          Large and small though. The US government is huge, but it is made up of nearly uncountable groups, institutions, and offices, some of which are pretty tiny.
  • Who develops it? (Score:5, Interesting)

    by Skinkie ( 815924 ) on Sunday February 10, 2019 @04:01AM (#58097990) Homepage
    Recently a Gartner report on open source in The Netherlands [rijksoverheid.nl] made an interesting case why with the current legislation the Dutch (and likely European) governments could not contribute to open source software. Governments may use it, but a software developer disguised as civil servant must never be provide patches or features back to the open source project, nor is the government allowed to publish their work in public, publication should be strictly limited to other governments. This would be prohibited due to unfair competition with software suppliers that build closed source software not having the advantage of government support. Now the case of no-vender-lockin still remains, but unless we first change these kind of laws, harnessing the true power of open source: collaboration, is legally not possible.
    • by stooo ( 2202012 )

      >> unfair competition

      That's B.S.
      The thing about free Open source software, is everybody can use it under the exact same conditions.
      So it's fair, because that same company can just sell it also.

      • Re:Who develops it? (Score:5, Interesting)

        by Skinkie ( 815924 ) on Sunday February 10, 2019 @04:20AM (#58098026) Homepage
        Considering the following real case. The City of Amsterdam created a new CAD plugin allowing to the export to contain all properties required for a government exchange. Everything they had seen on the market had issues, hence they developed something new. Other municipalities started to use this software, and one of the commercial suppliers of a competing plugin was not amused. Here the government puts in resources to compete with a market activity - even if they completely hate the product - the proper way to solve this is via a tender, which can obviously request all software assets to be available. The currently legislation prevents unfair competition by provision costs, hence the development costs (labor fees of the civil servant) should be balanced over all private users, unless legislation is made to prevent this. For open data this is for example the European Public Sector Information act.
        • by Anonymous Coward

          Yeah, the commercial offers sucked. And the market decided. For a better product and a better deal. Made by the "corporation" called "government", which is the "corporation" that we're all shareholders, employers and employees of.

          The commercial suppliers simply hated an actual free market (and especially it balancing itself out). Like apparently all corporations and businesses without exception always do. Because they prefer unfair competition, but only if it's them doing it, e.g. in the form of a monopoly

          • by Kjella ( 173770 )

            Yeah, the commercial offers sucked. And the market decided. For a better product and a better deal. Made by the "corporation" called "government", which is the "corporation" that we're all shareholders, employers and employees of. The commercial suppliers simply hated an actual free market (and especially it balancing itself out).

            That's like saying that if the voters voted for universal healthcare it's a free market solution. Heck, it would make communism a free market solution. It's totally okay to say that the free market doesn't always deliver and that you're sometimes better off funding it through taxes so you don't have to worry about revenue, margins and profits. It's called socialism, look it up.

        • by stooo ( 2202012 )

          >> the proper way to solve this is via a tender
          Nope. That's the old way from the last millenium for governments to waste money. Welcome in 2019.
          Still, the field is level, the commercial companies can pick up the FOSS and sell it with good support. Everybody wins, it's good for fair competition.

        • >"Here the government puts in resources to compete with a market activity - even if they completely hate the product"

          Another way to solve that is for the government agencies to pay COMMERCIAL companies to develop the FOSS code that is needed. Then the tax money of the people is not used against the commercial sector. It supports it AND provides FOSS code that reduces later costs and provides options to other government entities AND the public, which lowers taxes and provides more services. It also pre

        • Other municipalities started to use this software, and one of the commercial suppliers of a competing plugin was not amused.

          The city wasn't amused by the incompetence of the commercial supplier.

          The currently legislation prevents unfair competition by provision costs,

          There is no unfair competition because the commercial vendor is free to distribute the open source product as well.

    • Unfair competition (Score:2, Interesting)

      by Anonymous Coward

      And this "unfair competition" doctrine is the result of years (decennia!) of neoliberal lobbying. Why should be a government be prohibited to do what's best for its citizens and cater first to corporations which, in return try to avoid taxes as "cleverly" as they can?

      I mean: corporations /can/ be the government's allies in fostering the citizen's well-being, but they can be also its enemies. It should be up to the government to decide when and how.

      Lobbyists should be scrutinized much more closely. IMO half

      • by Anonymous Coward

        'And this "unfair competition" doctrine is the result of years (decennia!) of neoliberal lobbying. Why should be a government be prohibited to do what's best for its citizens and cater first to corporations which, in return try to avoid taxes as "cleverly" as they can?'

        Prisons are washing thousands of tons of hotel bed-wares every day, thereby being unfair to those businesses too, but those don't have any lobbyists.

      • Exactly. It's not a level playing field, it's biased in favor of corporations. Because Politics!

        It's not about the best tool or what is most cost effective, it's about lobbyist and the revolving door. When managers don't even consider the open source option they know a job may be waiting for them when they leave government service. That's how the Military/Industrial complex works. As for lobbyists, if there is any talk about open source it's certain that the campaign contribution tap will open wide.

        As fo

    • That Gartner report is, obviously, quite pro-for-profit. According to the summary contributing to OSS is not allowed due to the requirement by law to be able to charge somebody for the made costs.
      The made costs are listed as (time spend on):

      1) Making code readable.
      They agree that readable code has it's benefits either way. But making code readable for temporary solution is not. They forget the principle that nothing is more permanent than temporary solutions.
      2) Performing security audits
      Security through obs

      • Re:Who develops it? (Score:4, Interesting)

        by Skinkie ( 815924 ) on Sunday February 10, 2019 @06:37AM (#58098248) Homepage

        Requiring the work done to be made OSS is unfair to the companies which do not want to do that. (But now allowing small companies to bid on the tender isn't an issue)

        The government is allowed to set requirements on what they want to receive, and how they want it be be delivered. So technically speaking they can request a can of developers for 10.000 hours, and want to have a fair price in a tender for that. Or you can ask for a software license to allow you to do this and that. Hence if a solution company does not want to deliver such, they will not participate in the tender, but they have been allowed to participate and with a lot of experience might have been able to do so under a reduced cost (much experience in the field, able to reuse previous work). Less money spend is good for the tax payer. But this would still only be able to be used inside the government. Because there is a limitation [rijksoverheid.nl] a public body could act as a private body by the legislation of competition [overheid.nl]. Imagine the government buying all ground, developing real estate, there couldn't be any competition. The article is about should government require open source software to be independent of suppliers. There are quite a lot of examples where government software development is not about the next "Office" software but in CAD, geospatial, photogrammetry, simulation, urban planning where this software might benefit others. If the government would build a new OS-kernel we would likely all agree this is stupid, what about a competitor to ArcGIS/QGis?

    • by Anonymous Coward

      There are parallels in the construction industry. One of the difficulties of comparison is the way buildings are not copyrightable but the design documents are. Is the open source code considered a design document, or the end product? Still the documents are archived and the updated designs archived as the building evolves. The government regulates, inspects, controls, audits and buys design and construction services. But they don't design or construct new buildings in the normal conditions.

      So the governmen

    • by epine ( 68316 )

      One can choose to view small patches as extremely crisp bug reports. Governments don't charge the private sector for bug reports (governments generate bug reports by the thousand almost entirely at their own expense).

      And what about the case where government contracts out to the private sector to have a new module developed for a large, open-source framework, with the bidders informed in advance that the source code will be contributed back to open source so as to protect the government's future interests?

      T

  • by stooo ( 2202012 ) on Sunday February 10, 2019 @04:06AM (#58097996) Homepage

    >> Should all government IT systems be using open source software?
    All IT systems should be using open source software.

    • Re: (Score:2, Insightful)

      Nope, Windows is not open source, but users and developers are cheaper. I'd rather not pay the taxes needed to support all OSS.

      In an ideal world where faries get you off daily? Sure. But in reality, no.

      • by Anonymous Coward

        I guess you haven't ever looked into it, and just swallowed it whole.

        No, for-profit is, by its very definition, never cheaper. Since it's the cost of doing the work, plus the profit, plus the training that you have to pay.
        And even non-profit closed-source is also not cheaper, since it's effectively still a (imaginary) monopoly combined with artificial scarcity. You know... those things that are major crimes in any non-imaginary-property industry.
        Finally, even training is easier for open-source software, as

      • Windows is not open source, but users and developers are cheaper.

        You're ignoring the cost of running Windows. Not just the up front costs, but the maintenance costs, and the lost opportunity costs when closed source makes something difficult or impractical.

        I'd rather not pay the taxes needed to support all OSS.

        OSS supports YOU at the same time you support IT. It's not all outlay, you get the software back, and you get improvements from others.

        • Windows is not open source, but users and developers are cheaper.

          You're ignoring the cost of running Windows. Not just the up front costs, but the maintenance costs, and the lost opportunity costs when closed source makes something difficult or impractical.

          These also apply for running OSS. I'm sure it's possible to ultimately replace Active Directory with some implementation of LDAP on CentOS, but a virtually any sysadmin with a pulse can go from bare metal to multiple domain controllers with checkbox-compliant GPOs, DHCP, DNS, shared folder permissions, and server clustering in an afternoon or two. I've yet to come across a drop-in replacement for that sort of core functionality in an OSS package. Additionally, a whole lot of closed source software only runs

  • ..."If it is public money, it should be public code as well..."

    No, dude...

    "If it is public money, it should be public code as well only if it works and does work well..."

    But I am almost embarrassed to say that in my little world, apart from the browser, open source desktop software sucks big-time. It just does not cut it.

    One has to "fight" with a situation where you have the same library named differently, installed in different locations, installed with older versions of the same depending on distribution...The arrogance in the open source world simply makes matter

    • I've not had this problem. But I have not used anything other than Windows for most of 26 years. Every attempt, no library issues.

      Of course I gave up each time so it was not long lived. So what are these libraries?

      • I've not had this problem. But I have not used anything other than Windows for most of 26 years. Every attempt, no library issues.

        Of course I gave up each time so it was not long lived. So what are these libraries?

        That kind of depends on the distribution you are using, some of them are crap when it comes to this but there are enterprise distributions that do some good and proper quality control. However, if you pick some thing like the Ubuntu or Fedora community distributions you are going to have this problem because those people have no issues with backwards compatibility, a lot of them just don't understand what all the fuss is about. The people running the enterprise distributions do understand it because they ge

    • One has to "fight" with a situation where you have the same library named differently, installed in different locations, installed with older versions of the same depending on distribution...

      Unix supports that scenario just fine. It was only Windows where it was ever a problem (DLL hell) though even Microsoft has largely solved it now.

  • Next question please.
  • The software has been more than good enough for a decade, or more if you have actually competent admins.
    Not admins and users that are mentally stifled by having been treated like morons and unable to adapt their software to their actual needs for decades. Who had to settle for the dumbest common denominator, and eat whatever is put down their throat. (Yes, Windows 10 and macOS, I'm talking about you. Oh and don't think I forgot you, Gnome. You too.)

    E.g. writing a shell script that gets triggered by a shortc

  • Sure, everyday insanity that is prevalent in software selection, but insanity nonetheless. The waste of money and the sheer dependency on a single or small number of companies is not acceptable.

  • Who would deal with the inevitable liability suits? What about integration with vendor systems which are often proprietary or under NDA? What about vendor-derived systems full stop (not shrink-wrap, more thinking vendor has a core product which they then customise for each client)....

    It's too blanket a rule.
  • by mapkinase ( 958129 ) on Sunday February 10, 2019 @05:51AM (#58098164) Homepage Journal

    is security, then that would be just an example of security hy obscurity.

    • is security, then that would be just an example of security hy obscurity.

      Three examples where I think open-sourcing software used by the government would be insane:

      (1) Offensive cyber weapons. If they are even allowed to exist at all, I don't want my government supplying script kiddies with scary dangerous zero-day exploits.

      (2) Software used in weapon systems. Why should we make it easier for adversaries to clone our tech? And why should we make it easier for them to come up with countermeasures for those systems?

      (3) Some software used in the criminal justice, law enforcement

      • (1) Offensive cyber weapons. If they are even allowed to exist at all, I don't want my government supplying script kiddies with scary dangerous zero-day exploits.

        They shouldn't exist at all. The responsible thing for an agency tasked with securing the nation's communications (like the NSA) to do is to report vulnerabilities to vendors, so that holes can be patched, and the nation's communications can be made more secure. That's literally their first job.

        Software used in weapon systems. Why should we make it easier for adversaries to clone our tech? And why should we make it easier for them to come up with countermeasures for those systems?

        Agreed.

        Some software used in the criminal justice, law enforcement, and federal court system. This is a bit more ambiguous, but it is plausible to me that someone could use that software to either game the court system and make sure their cases only came before judges who would rule more favorably towards them, or could use them to make it more difficult for law enforcement to detect and combat criminal activities.

        It sounds like you're advocating security by obscurity...

      • by urusan ( 1755332 )

        Here's an interesting option for controlling cyber-weapons without taking them entirely off the table. Instead of banning them or allowing unlimited secrecy, instead the following rules have to be followed:
        1. The cyber-weapon has to be completely declassified within 1 year of becoming operational. (Perhaps a somewhat longer time could be mandated, such as 3 years or 5 years, but if the countdown becomes too long then the situation becomes more and more like unlimited secrecy)
        2. The cyber-weapon has to be de

  • How will I easily find exploitable flaws if they use closed source software?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If you need the source code to find an exploit, just give up, kid. The black hat doesn't fit you.

  • by kosmosik ( 654958 ) <kos@kosmoMONETsik.net minus painter> on Sunday February 10, 2019 @06:37AM (#58098252) Homepage

    No.

    Public/government IT systems should use open data standards and open APIs so that data is not tied to one vendors system.

    Having that you can use whatever licensed software that does the job and is economically viable.

    • by Anne Thwacks ( 531696 ) on Sunday February 10, 2019 @08:31AM (#58098464)
      In the "olden days" (when NASA was going to the moon) it was common for engineering procurement to require a "second source" - before aerospace would buy anything, there had to be an alternative source.

      If you had an invention, you had to licence it to a competitor, or it would not be bought Typically, government procurement would buy from multiple suppliers, quantities in inverse proportion to price, to ensure that multiple suppliers would always be available.

      I am not sure when this practice stopped - but it seems that things are no longer done this way - and as a result, we get Microsoft, Oracle, and Intel (or, to use the technical term: "totally shafted").

      If that is not the decline and fall of civilization as we know it, I don't know what is.

  • It's whether they're able to or not. There will be custom and proprietary software and hardware running on a variety of Unix, Windows and posiibly even mainframe systems. There will no doubt be plenty of OSS in there as well but until there's an easy and cheap migration path then the proprietary software isn't going anywhere.

  • Apparently the submitter - and editors - fail to realize that many IT systems in the government are not PCs. How many open source projects are there for IBM mainframe, Tandem and other architectures? How many of those that *do* exist (show me they do first, of course) perform the specialized functions the feds need and use, like FedWire to name one.

    "If it is public money, it should be public code as well.

    In a number of cases no, no it should not. FedWire being one.

    • Most of the IBM hardware supports Red Hat and SUSE, but you still have a good point because I couldn't see anyone buying a pseries machine and not putting AIX on it. You would be losing so many capabilities such as being able to dynamically resize partitions etc.
    • Apparently the submitter - and editors - fail to realize that many IT systems in the government are not PCs.

      The non-PC systems are waning, though. These days, the government is more likely to use cloud services, or otherwise employ a cluster of PCs.

  • Government has an obligation to make our data as safe as possible for as cheaply as possible and it ends there. If an open source solution fits those qualifications than use open source; but it's usually going to be a bad idea.
  • In theory, open source should be a no brainer to save money. Using open source can save tons of licence fees.

    IN practice, open source may not be compatible with legacy systems, or missing critical functionality. And support can be a nightmare, with no vendor to provide updates or respond to bug support.

    And before you say do it yourself, that adds more cost than the licences, for programmers, managers, testers, etc.

    • by CRB9000 ( 647092 )
      Unfortunately, you are wrong. The U.S. Government requires all software purchases come with maintenance and support. When looking at software, the acquisition may be free, but we must purchase support licensing and the developer must be providing maintenance. This can be as costly as commercial closed source.
  • (Note: This applies to most U.S. Government agencies, but not all.)

    O.k., here is some "inside baseball" stuff. Every bit of software, from major applications, application helpers, plugins, drivers, etc. must be tested and accredited and supported. In a number of agencies, there are U.S. origin requirements.

    The large corporations, for example, Microsoft, host government employees, to include DOD civilian and uniformed, to be part of the testing process. A few years ago, Microsoft implemented changes to W

  • I worked on a large program (that you probably heard about) with a lot of embedded and command & control software. We made extensive use of both COTS products and open source.

    Here are some of the impediments to using OSS we observed

    1. The plethora of licenses! We kept 2 lawyers (one government, one prime contractor) busy nearly full-time for several years evaluating open source licenses. Each project had a different license, that needed to be understood for its impacts on procurement, use, distribut

    • 4. Related to #3: control of the evolution. With COTS products, there's a commercial entity that you can influence (including pay) to get the changes you need. With OSS, there's no guarantee the OSS product would migrate the direction you needed.
      The idea of OSS is: you hire people to make the changes/evolution you want. So you actually have much more influence over an OSS project than over a closed source project. However you rather pay the $130/h to a company which might make some changes in time instead o

      • That depends, of course, on finding competent workers and companies (even body shops) to contract with. For my project, that included all the overhead and pain of doing contract work for the US government. Usually, defense work requires be performed in the US by US citizens, so that rules you out :-(

        • Perhaps I can masquerade as one :D

          Anyway, such jobs I would do remote, so it rules me out, as I don't plan to live in a mayour US city. Country side would probably be ok. But honestly I'm to old to do this green card shit and follow all the regulations, I would not even work for Apple or something like that. Oki, Space X ... that I probably could not resist.

  • by biggaijin ( 126513 ) on Sunday February 10, 2019 @11:04AM (#58098956)

    It seriously offends me when I download something from a government Web site and discover that I cannot read it without buying a copy of Microsoft Word or some other proprietary software. It is not my government's job to guarantee Microsoft a market for their products.

  • by Tom ( 822 )

    No, they should not exclusively use Free Software (sorry, "Open Source" guys, I never hopped on that bandwaggon) but they should have a strong preference for it.

    Sadly, there are many areas where no Free Software of adequate quality exists. Areas that are vital for government work, and a government should not restrict itself. However, if an adequate Free Software exists, the government should strongly prefer it.

    Security? Let's not forget two things: a) Free Software isn't bug-free, either, and especially tri

  • It's not always feasable. However every government contract for non open source should include a provision for data export in an open format.

  • They souldn't only be using Open Source, they should be using Free Software, preferably under some GPL or BSD license, with the weighing tilted towards GPL. And if they can't find it available, they should build it themselves (and publish it).

    There may be a very few small instances where they shouldn't publish it, but in those cases the software shouldn't be distributed in object form either.

    • FUCK that. government don't exactly have the best developers to start with. The last thing I want is them building it. It will mean $100,00 piece of commercial software will instead cost $10 million in development and then be ditched 2 years later for being unusable
  • A possible example is in federally sponsored bioresearch. If money from the Feds are used, the data needs to be made public. Why not software? The fact that some is bad could be an opportunity to fund it to make it better. I don't really buy the idea that only FOSS software can be bad, while all paid one is worth. The former can be held accountable for its quality but not the latter...
  • For example,Biowulf, 100th fastest supercomputer on the planet, at the NIH, mostly runs Linux. And many peopel use R, rather than paying the licensing for Matlab.

    Now, whether management wants to support Linux and OSS, or repeats in their sleep "THE WORLD BELONGS TO M$" is another story... but it's heavily used.

    Just for fun, slashdotters, look up https://www.spi.dod.mil/lipose... [dod.mil] - a lightweight secure distro of Linux, can run from a flash drive.

    Put out by the US Air Force.

  • If one of those tools is Windows and one of those tools is Linux, who cares? As long as it's the right tool.

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...