Should All Government IT Systems Be Using Open Source Software? (linuxjournal.com) 206
Writing at Linux Journal, Glyn Moody reports that dozens of government IT systems are switching to open source software.
"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..." One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.
Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.
He includes an inspiring quote from the Free Software Foundation Europe about code produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?
Should all government IT systems be using open source software?
"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..." One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.
Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.
He includes an inspiring quote from the Free Software Foundation Europe about code produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?
Should all government IT systems be using open source software?
sometimes (Score:1)
Re:sometimes (Score:5, Insightful)
The problem is that government systems tend to handle all kinds of really important information, and proprietary vendors have shown over the years over and over again that they simply are not trustworthy, and that the people responsible are not up to par WRT keeping them safeguarded.
Evidence? The massive hits by ransomware against various types of government agencies ranging from the NHS to the Alaskan administration, the latter I believe got hit so bad they were considering reverting to typewriters. And this is just the tip of the iceberg of the continual data leakage we never get to hear about.
Making sure the systems run on verifiable code were you don't have to trust external parties should be the starting point for every state run system. That would be intelligent spending. The government has a lot of information on all of us, and by collecting it it also collects the responsibility to protect it. Something which just isn't possible with proprietary software, Microsoft's latest offerings in particular.
Re: (Score:2, Insightful)
You don't have to trust an open source project, especially not when you have the resources of a national state behind you. It's all out there in the open, you don't have to take anyone's word for anything. All it takes is the actual will to shore things up.
Nobody said you should use any open source project for anything without vetting it. Remember, we're talking about governments here, different ballpark.
Re: (Score:2)
Pickett county Tennessee, population 5,100, does not have those resources. They are a very important government for the people that live there.
Re: sometimes (Score:2)
The skills are not there, and cannot be hired, because in most cases the US government does not compete with private industry on salary. While this is theoretically a solvable problem, in practice it isn't. Even the vast majority of private companies cannot compete with large tech vendors for top talent.
Re: (Score:2)
1. Salary isn't necessarily everything that counts. There are plenty of competent people who aren't necessarily mercenaries who will sell themselves to the highest bidder.
I must have hit a nerve there. While there are plenty of people who can command $250k in the marketplace but are perfectly happy making $125k, they are very rare. I haven't found any, but I'm only a couple decades into my career. I have found many people content with $125k who could make $150k elsewhere (one even works for me) because they like the company, team, location, etc. But the chasm between what the government tends to pay and what private industry does is far too great.
The government is filled wit
Re: (Score:2)
People will not accept lower wages but better job security and other less tangible benefits, because they could earn top talent wages were the top wages go to less than 20% of the workforce, and the rest is treated like crap with a huge turnover? Not to mention they might already have been kicked out of it once because they were "too old"? And these businesses have the lion's share of the top people? Gee, I wonder why since the alternative ATM is zero. I'm sorry, you make absolutely no sense, you're actively contradicting yourself.
I'm not sure what is confusing you. If any worker in question cannot make top wages (because they aren't in the top 20% or whatever), sure they could be convinced to work in the public sector. But they couldn't command the top salaries because they weren't the top talent. The government can probably get plenty of ex-Google/Facebook/etc workers, but not their best and brightest. Those individuals are either still at the top tech companies, have started their own private companies, or are working for other we
Re: (Score:2)
So it appears we aren't that far off on our opinions, and the difference is basically that I have less confidence in the government being able to access the personnel to ensure systems are trustworthy (regardless of open source or closed source). And I think the main reason we differ is you believe it doesn't take as significant level of expertise to do that as I do, which is basically just a judgement call. Nothing to really argue there except an agree to disagree.
Finally I'd like to repeat that the reason we're having this discussion is that I pointed out that it's the only way to resolving conflicts of interest associated with commercial actors, re-asserting control over the information stored in the systems, and ensuring the system is trustworthy, something which is as essential as it is impossible with proprietary software. You might endorse that or not.
I would like to add that private companies
Re: Name them, then. (Score:2, Informative)
OpenSSL.
node.js last year
PEAR this year
Open Source also has some fairly substantial supply chain security problems. The delivery model, and update cadence can also be pretty terrible.
The requirements of using something at home are vastly different than for the government, and scale becomes an issue. Your either paying a closed source vendor to manage this, or your bloating the size of your IT team and paying for it that way.
Using open source to save money is a myth.
Re:sometimes (Score:5, Insightful)
I see the same in higher education. There's a number of things we all need (like an electronic learning environment) but we buy it from vendors like Canvas or Blackboard, which is expensive and inflexible. Same for grading systems, scheduling, course guides, human resource, etc.
I think we should have moved to a cooperative structure for these things long ago and all pay into a group that develops the software and then releases it open source. Since this can be decided at the university system level there's less risk of freeriding, and since universities employ a lot of smart people who like tinkering there will be a lot of community contributions.
Re: sometimes (Score:1, Informative)
Canvas is open source under the AGPLv3 license and the source is on GitHub. They are nearly what you are asking for (a group we all pay into to manage updates and adding of new features). But the rest is a pipe dream. Who has time to tinker with their LMS? Iâ(TM)m a CS prof and I donâ(TM)t do it. Also, the software is necessarily web based, and I donâ(TM)t want somebody adding some patch to the system that brings it down. Better to let IT manage the thing.
Re:sometimes (Score:5, Informative)
Except Canvas is AGPL licensed.
https://github.com/instructure... [github.com]
Sure, you'll loose those nice integrations with Big Blue Button (conferences tool), some of the Speed Grader stuff, the equation editor, the "record from webcam" function in the HTML editor, etc. since those are licensed services or hosted via 3rd party contracts, but you can also replace them yourself.
Strangely, what the college I work for pays for Canvas hosting and support (not a license fee) is about what we paid Angel/Blackboard for license and hosting, but the software is better and our support experience is better AND we get a LOT more resources.
Re: (Score:1, Insightful)
universities employ a lot of smart people who like tinkering
There was a time that you had universities producing nice things like pine (now alpine/realpine, because the UW stopped development). Nowadays, the smart people have too much work on their hands. Professors have to profess, which means lots of articles and books need to be written. Tech support teams have a lot more on their hands in the era of BYOD and not much more in the way of resources. I used to be a tinkery sort of person, and now I'm busy writing instead, so I have no time to tinker. Tinkering w
It makes more sense for Goverment (Score:2, Interesting)
Yes, universities need student worker jobs for experience, research grant funding to try out new ideas in support software, longer term planning which requires investing instead of short term cloud fees.
But governments which exist as a representation of the collective... is deeply aligned with the shared public work that open source is; with the biggest difference being it has an organized management with funding, power and the overhead of safe guards. That power and funding are what brings about most it's
Re: (Score:2)
I tend to agree. I see too many schools struggle to keep up with tech when they should be banding together to find solutions and share resources. Those solutions don't necessarily have to be open source.
Re: (Score:1)
With the hundreds of billions of dollars available to the US government every year I'm rather surprised they haven't just developed their own OS from the ground up. Something that keeps everything locked down while having an easy to learn interface for the average worker.
Hell, they don't even have to roll it out any time soon. But start WORKING on it with a healthy budget for R&D.
Re: (Score:1)
Tell me - what is life like in Cloud-Cuckoo land?
Re:sometimes (Score:5, Interesting)
Honestly, I've come to think that's a bit of a cop-out. If the government can't use FOSS, then I think they should fund the software they need, which should then also be open source.
That may sound excessive, but it's an investment. It accomplishes a bunch of stuff. First, over the long term, it does away with licensing costs. It also allows them to access the source code and verify its security, and then make modifications as needed. Also very importantly, it frees them from proprietary interests. They're not beholden to do things the way their vendor wants and serving their vendor's interests.
Also, whatever improvements they make to the FOSS are likely to be needed somewhere else. Improving public software serves the public interest.
The reality is, buying proprietary software may be "efficient" when looking at the short-term immediate cost, but it's much harder to say what will be efficient and cheap when viewed over the next several decades. I suspect that investing in public software now will pay off several times over in the next 50 years, and that's the sort of timeline the government should be considering.
Re: (Score:3)
Not "Open Source" but "Free Software" (Score:2)
Just having the sourcecode of software doesn't mean much. Quite some governments have access to source code of proprietary software. What is more important is the freedom of software to be used and changed by anybody for their own purposes.
Re: (Score:2)
Yeah but in real life... (Score:3)
... you have a piece of software that doesn't work. You call in the highly expensive support from the vendor and they won't be able to do much more than shrug at it. It's something I have seen at large companies and very large vendors.
"Free Software" means that you can change the software if you please. That implies that the software is simple enough for you to make meaningful changes to it. The simpler the software the more reliable and secure it usually becomes, that's why when hardening a system you thro
Re:Yeah but in real life... (Score:5, Insightful)
I think you missed the point: governments can afford to pay for a team with the necessary skills to maintain the open source software in the manner that most benefits them. However, they only need pay once.
With closed source, they need to pay through the nose possibly repeatedly for different departments, and still don't get what they want.
However, this does require a degree of sanity in government, and I am not holding my breath on that account.
Re: (Score:3)
Yeah, small businesses can't afford to support and maintain their own software, but an organization the size of the US government can. They could, at least theoretically, hire a team of programmers to develop and support the software they need. They can fix bugs and develop new features.
And it's true that having software vendor support is overrated. For an awful lot of the problems you'll run into, when you contact support they'll tell you, "Oh, right, there's a bug. The thing you want to do can't be d
Re: (Score:3)
Spoken like someone who's never worked in govt. In reality most govt agencies can't do that, for a variety of reasons:
Re: (Score:2)
It is not like this has not been tried. Governments have been spending billions developing their own software since software has existed. I have yet to see a single one that even worked and did the job it was designed to do. And I can assure you it was many times more expensive than leasing existing systems.
Take for example my latest foray into the government system. First I had to sign up for a ONE-key account, to enable me to sign up for a service Ontario account on a second website, which allowed me to
Re: (Score:2)
...these government sites only function if viewed through Chrome on Windows
So they've finally ditched the IE6 requirement?!? Now that's progress.
Sarcasm aside, government core business function almost everywhere is unrelated to OS development, and application development is usually business specific. I'm sure that certain security related agencies could be set as responsible for developing a secure core OS for use across all government sectors, but you're also running against corporate interests in regards to some pretty large US based companies out there. Considering this is
Re: (Score:2)
Re: (Score:3, Informative)
>"... you have a piece of software that doesn't work. You call in the highly expensive support from the vendor and they won't be able to do much more than shrug at it. It's something I have seen at large companies and very large vendors.""
THIS
I can attest that "support" by major proprietary software companies is just as hit-or-miss as it is in the FOSS world. There is support that is great, and support that is expensive as hell and yet practically useless. So it is hard to generalize.
One of the best mo
Re: (Score:2)
Re: (Score:2, Insightful)
Open standards yes, since you avoid lock in. Open source maybe. Does it save money over the long term?
"Millions for defense, but not one cent for tribute."
This isn't a question of efficiency. It's a question being able to know 100% what the government is doing. There are proprietary breathalysers that sent people to prison and then turned out to be buggy. The manufacturers wouldn't let people see their source code so the defendants will often have never found out about this. If your town is not having it's road built because the Office356 regression function has a bug you will never be able to see tha
Considering how utterly Shiite Propietary software (Score:1)
Has become, I’m surprised the switch hasn’t happened earlierly.
It seems most proprietary software preempts the end-user or administrator in a myriad of ways, knowing “better” at best (I grew up luckily in an era where computers still took direction) or is just malware/spyware/adware at worst.
Which is why I loathe smartphones so. Such great potential. So utterly wasted. It’s a shame what the net turned into as well though.
One forgotten cost -- suppport (Score:3)
Re: (Score:3)
At my work, we are having to implement AppLocker and other mitigation because one of our core "business critical" applications needs Admin to run. And this is a paid-for application that has been around for many years, with a very deep support structure; but getting them to be 800-171 c
Re: (Score:3)
most people forget that part of the cost of retail software is the built-in cost of maintaining a support center, normally with a 1-800 number for question,
We're talking about large organisations though. I've never encountered a large organisation that wants you to call some vendor's support. They expect all IT support stuff to be handled through the organisations IT department.
Re: (Score:2)
Who develops it? (Score:5, Interesting)
Re: (Score:3)
>> unfair competition
That's B.S.
The thing about free Open source software, is everybody can use it under the exact same conditions.
So it's fair, because that same company can just sell it also.
Re:Who develops it? (Score:5, Interesting)
PROTIP: We are part of "the market" too! (Score:3, Interesting)
Yeah, the commercial offers sucked. And the market decided. For a better product and a better deal. Made by the "corporation" called "government", which is the "corporation" that we're all shareholders, employers and employees of.
The commercial suppliers simply hated an actual free market (and especially it balancing itself out). Like apparently all corporations and businesses without exception always do. Because they prefer unfair competition, but only if it's them doing it, e.g. in the form of a monopoly
Re: (Score:2)
Yeah, the commercial offers sucked. And the market decided. For a better product and a better deal. Made by the "corporation" called "government", which is the "corporation" that we're all shareholders, employers and employees of. The commercial suppliers simply hated an actual free market (and especially it balancing itself out).
That's like saying that if the voters voted for universal healthcare it's a free market solution. Heck, it would make communism a free market solution. It's totally okay to say that the free market doesn't always deliver and that you're sometimes better off funding it through taxes so you don't have to worry about revenue, margins and profits. It's called socialism, look it up.
Re: (Score:3)
>> the proper way to solve this is via a tender
Nope. That's the old way from the last millenium for governments to waste money. Welcome in 2019.
Still, the field is level, the commercial companies can pick up the FOSS and sell it with good support. Everybody wins, it's good for fair competition.
Re: (Score:2)
>"Here the government puts in resources to compete with a market activity - even if they completely hate the product"
Another way to solve that is for the government agencies to pay COMMERCIAL companies to develop the FOSS code that is needed. Then the tax money of the people is not used against the commercial sector. It supports it AND provides FOSS code that reduces later costs and provides options to other government entities AND the public, which lowers taxes and provides more services. It also pre
Re: (Score:2)
Re: (Score:3)
Other municipalities started to use this software, and one of the commercial suppliers of a competing plugin was not amused.
The city wasn't amused by the incompetence of the commercial supplier.
The currently legislation prevents unfair competition by provision costs,
There is no unfair competition because the commercial vendor is free to distribute the open source product as well.
Unfair competition (Score:2, Interesting)
And this "unfair competition" doctrine is the result of years (decennia!) of neoliberal lobbying. Why should be a government be prohibited to do what's best for its citizens and cater first to corporations which, in return try to avoid taxes as "cleverly" as they can?
I mean: corporations /can/ be the government's allies in fostering the citizen's well-being, but they can be also its enemies. It should be up to the government to decide when and how.
Lobbyists should be scrutinized much more closely. IMO half
Re: (Score:1)
'And this "unfair competition" doctrine is the result of years (decennia!) of neoliberal lobbying. Why should be a government be prohibited to do what's best for its citizens and cater first to corporations which, in return try to avoid taxes as "cleverly" as they can?'
Prisons are washing thousands of tons of hotel bed-wares every day, thereby being unfair to those businesses too, but those don't have any lobbyists.
Re: (Score:2)
It's not about the best tool or what is most cost effective, it's about lobbyist and the revolving door. When managers don't even consider the open source option they know a job may be waiting for them when they leave government service. That's how the Military/Industrial complex works. As for lobbyists, if there is any talk about open source it's certain that the campaign contribution tap will open wide.
As fo
Re: (Score:3)
That Gartner report is, obviously, quite pro-for-profit. According to the summary contributing to OSS is not allowed due to the requirement by law to be able to charge somebody for the made costs.
The made costs are listed as (time spend on):
1) Making code readable.
They agree that readable code has it's benefits either way. But making code readable for temporary solution is not. They forget the principle that nothing is more permanent than temporary solutions.
2) Performing security audits
Security through obs
Re:Who develops it? (Score:4, Interesting)
Requiring the work done to be made OSS is unfair to the companies which do not want to do that. (But now allowing small companies to bid on the tender isn't an issue)
The government is allowed to set requirements on what they want to receive, and how they want it be be delivered. So technically speaking they can request a can of developers for 10.000 hours, and want to have a fair price in a tender for that. Or you can ask for a software license to allow you to do this and that. Hence if a solution company does not want to deliver such, they will not participate in the tender, but they have been allowed to participate and with a lot of experience might have been able to do so under a reduced cost (much experience in the field, able to reuse previous work). Less money spend is good for the tax payer. But this would still only be able to be used inside the government. Because there is a limitation [rijksoverheid.nl] a public body could act as a private body by the legislation of competition [overheid.nl]. Imagine the government buying all ground, developing real estate, there couldn't be any competition. The article is about should government require open source software to be independent of suppliers. There are quite a lot of examples where government software development is not about the next "Office" software but in CAD, geospatial, photogrammetry, simulation, urban planning where this software might benefit others. If the government would build a new OS-kernel we would likely all agree this is stupid, what about a competitor to ArcGIS/QGis?
Re: (Score:1)
There are parallels in the construction industry. One of the difficulties of comparison is the way buildings are not copyrightable but the design documents are. Is the open source code considered a design document, or the end product? Still the documents are archived and the updated designs archived as the building evolves. The government regulates, inspects, controls, audits and buys design and construction services. But they don't design or construct new buildings in the normal conditions.
So the governmen
Re: (Score:2)
One can choose to view small patches as extremely crisp bug reports. Governments don't charge the private sector for bug reports (governments generate bug reports by the thousand almost entirely at their own expense).
And what about the case where government contracts out to the private sector to have a new module developed for a large, open-source framework, with the bidders informed in advance that the source code will be contributed back to open source so as to protect the government's future interests?
T
All IT systems should be using open source softwar (Score:5, Insightful)
>> Should all government IT systems be using open source software?
All IT systems should be using open source software.
Re: (Score:2, Insightful)
Nope, Windows is not open source, but users and developers are cheaper. I'd rather not pay the taxes needed to support all OSS.
In an ideal world where faries get you off daily? Sure. But in reality, no.
You actually believe that PR? (Score:1)
I guess you haven't ever looked into it, and just swallowed it whole.
No, for-profit is, by its very definition, never cheaper. Since it's the cost of doing the work, plus the profit, plus the training that you have to pay.
And even non-profit closed-source is also not cheaper, since it's effectively still a (imaginary) monopoly combined with artificial scarcity. You know... those things that are major crimes in any non-imaginary-property industry.
Finally, even training is easier for open-source software, as
Re:All IT systems should be using open source soft (Score:5, Informative)
Windows is not open source, but users and developers are cheaper.
You're ignoring the cost of running Windows. Not just the up front costs, but the maintenance costs, and the lost opportunity costs when closed source makes something difficult or impractical.
I'd rather not pay the taxes needed to support all OSS.
OSS supports YOU at the same time you support IT. It's not all outlay, you get the software back, and you get improvements from others.
Re: (Score:2)
Windows is not open source, but users and developers are cheaper.
You're ignoring the cost of running Windows. Not just the up front costs, but the maintenance costs, and the lost opportunity costs when closed source makes something difficult or impractical.
These also apply for running OSS. I'm sure it's possible to ultimately replace Active Directory with some implementation of LDAP on CentOS, but a virtually any sysadmin with a pulse can go from bare metal to multiple domain controllers with checkbox-compliant GPOs, DHCP, DNS, shared folder permissions, and server clustering in an afternoon or two. I've yet to come across a drop-in replacement for that sort of core functionality in an OSS package. Additionally, a whole lot of closed source software only runs
Re: (Score:2)
First off; In a world without Windows, why would you need AD?
I'm not asking to be mean, but IMO this is one of the bigger problems with switching out proprietary software, specifically Microsoft's offerings. People are so indoctrinated, that they keep trying to solve Microsoft problems, the Microsoft way, which invariably leads to anything different being deemed "inferior". If you look at it that way, your question is the perfect example.
Let's look at a handful of things AD does that would likely apply to Linux clients:
1.) Centralized authentication. Users should be able to have their password apply to any computer in the environment. LDAP does this particular part pretty well.
2.) Failover/Replication. LDAP supports this. LDAP does not support this in less than an hour from a bare metal install unless you have a bunch of scripts already written.
3.) Group policies. How do you ensure different departments can only print to their own printers
Right solution for the problem, what's wrong here? (Score:2, Interesting)
..."If it is public money, it should be public code as well..."
No, dude...
"If it is public money, it should be public code as well only if it works and does work well..."
But I am almost embarrassed to say that in my little world, apart from the browser, open source desktop software sucks big-time. It just does not cut it.
One has to "fight" with a situation where you have the same library named differently, installed in different locations, installed with older versions of the same depending on distribution...The arrogance in the open source world simply makes matter
Re: (Score:2)
I've not had this problem. But I have not used anything other than Windows for most of 26 years. Every attempt, no library issues.
Of course I gave up each time so it was not long lived. So what are these libraries?
Re: (Score:2)
I've not had this problem. But I have not used anything other than Windows for most of 26 years. Every attempt, no library issues.
Of course I gave up each time so it was not long lived. So what are these libraries?
That kind of depends on the distribution you are using, some of them are crap when it comes to this but there are enterprise distributions that do some good and proper quality control. However, if you pick some thing like the Ubuntu or Fedora community distributions you are going to have this problem because those people have no issues with backwards compatibility, a lot of them just don't understand what all the fuss is about. The people running the enterprise distributions do understand it because they ge
Re: (Score:2)
One has to "fight" with a situation where you have the same library named differently, installed in different locations, installed with older versions of the same depending on distribution...
Unix supports that scenario just fine. It was only Windows where it was ever a problem (DLL hell) though even Microsoft has largely solved it now.
Yes. (Score:1)
Not a failure of open source community, but greed. (Score:1)
The software has been more than good enough for a decade, or more if you have actually competent admins.
Not admins and users that are mentally stifled by having been treated like morons and unable to adapt their software to their actual needs for decades. Who had to settle for the dumbest common denominator, and eat whatever is put down their throat. (Yes, Windows 10 and macOS, I'm talking about you. Oh and don't think I forgot you, Gnome. You too.)
E.g. writing a shell script that gets triggered by a shortc
Yes, anything else is insanity (Score:2)
Sure, everyday insanity that is prevalent in software selection, but insanity nonetheless. The waste of money and the sheer dependency on a single or small number of companies is not acceptable.
Liability, integration etc. (Score:2)
It's too blanket a rule.
if the reason for NOT (Score:5, Insightful)
is security, then that would be just an example of security hy obscurity.
Re: (Score:2)
is security, then that would be just an example of security hy obscurity.
Three examples where I think open-sourcing software used by the government would be insane:
(1) Offensive cyber weapons. If they are even allowed to exist at all, I don't want my government supplying script kiddies with scary dangerous zero-day exploits.
(2) Software used in weapon systems. Why should we make it easier for adversaries to clone our tech? And why should we make it easier for them to come up with countermeasures for those systems?
(3) Some software used in the criminal justice, law enforcement
Re: (Score:3)
(1) Offensive cyber weapons. If they are even allowed to exist at all, I don't want my government supplying script kiddies with scary dangerous zero-day exploits.
They shouldn't exist at all. The responsible thing for an agency tasked with securing the nation's communications (like the NSA) to do is to report vulnerabilities to vendors, so that holes can be patched, and the nation's communications can be made more secure. That's literally their first job.
Software used in weapon systems. Why should we make it easier for adversaries to clone our tech? And why should we make it easier for them to come up with countermeasures for those systems?
Agreed.
Some software used in the criminal justice, law enforcement, and federal court system. This is a bit more ambiguous, but it is plausible to me that someone could use that software to either game the court system and make sure their cases only came before judges who would rule more favorably towards them, or could use them to make it more difficult for law enforcement to detect and combat criminal activities.
It sounds like you're advocating security by obscurity...
Re: (Score:2)
Here's an interesting option for controlling cyber-weapons without taking them entirely off the table. Instead of banning them or allowing unlimited secrecy, instead the following rules have to be followed:
1. The cyber-weapon has to be completely declassified within 1 year of becoming operational. (Perhaps a somewhat longer time could be mandated, such as 3 years or 5 years, but if the countdown becomes too long then the situation becomes more and more like unlimited secrecy)
2. The cyber-weapon has to be de
Of Course (Score:2)
How will I easily find exploitable flaws if they use closed source software?
Re: (Score:2, Insightful)
If you need the source code to find an exploit, just give up, kid. The black hat doesn't fit you.
Open data standards and open APIs (Score:5, Insightful)
No.
Public/government IT systems should use open data standards and open APIs so that data is not tied to one vendors system.
Having that you can use whatever licensed software that does the job and is economically viable.
Re:Open data standards and open APIs (Score:4, Informative)
If you had an invention, you had to licence it to a competitor, or it would not be bought Typically, government procurement would buy from multiple suppliers, quantities in inverse proportion to price, to ensure that multiple suppliers would always be available.
I am not sure when this practice stopped - but it seems that things are no longer done this way - and as a result, we get Microsoft, Oracle, and Intel (or, to use the technical term: "totally shafted").
If that is not the decline and fall of civilization as we know it, I don't know what is.
They probably should (Score:2)
It's whether they're able to or not. There will be custom and proprietary software and hardware running on a variety of Unix, Windows and posiibly even mainframe systems. There will no doubt be plenty of OSS in there as well but until there's an easy and cheap migration path then the proprietary software isn't going anywhere.
All? Stupid question. (Score:2)
In a number of cases no, no it should not. FedWire being one.
Re: (Score:2)
Re: (Score:2)
Apparently the submitter - and editors - fail to realize that many IT systems in the government are not PCs.
The non-PC systems are waning, though. These days, the government is more likely to use cloud services, or otherwise employ a cluster of PCs.
Meh (Score:2)
Theory vs practice (Score:2)
IN practice, open source may not be compatible with legacy systems, or missing critical functionality. And support can be a nightmare, with no vendor to provide updates or respond to bug support.
And before you say do it yourself, that adds more cost than the licences, for programmers, managers, testers, etc.
Re: (Score:2)
Re: (Score:2)
Government/Software Inside Baseball Stuff (Score:2)
(Note: This applies to most U.S. Government agencies, but not all.)
O.k., here is some "inside baseball" stuff. Every bit of software, from major applications, application helpers, plugins, drivers, etc. must be tested and accredited and supported. In a number of agencies, there are U.S. origin requirements.
The large corporations, for example, Microsoft, host government employees, to include DOD civilian and uniformed, to be part of the testing process. A few years ago, Microsoft implemented changes to W
Direct experience: OSS is not a panacea (Score:2)
I worked on a large program (that you probably heard about) with a lot of embedded and command & control software. We made extensive use of both COTS products and open source.
Here are some of the impediments to using OSS we observed
1. The plethora of licenses! We kept 2 lawyers (one government, one prime contractor) busy nearly full-time for several years evaluating open source licenses. Each project had a different license, that needed to be understood for its impacts on procurement, use, distribut
Re: (Score:2)
4. Related to #3: control of the evolution. With COTS products, there's a commercial entity that you can influence (including pay) to get the changes you need. With OSS, there's no guarantee the OSS product would migrate the direction you needed.
The idea of OSS is: you hire people to make the changes/evolution you want. So you actually have much more influence over an OSS project than over a closed source project. However you rather pay the $130/h to a company which might make some changes in time instead o
Re: (Score:2)
That depends, of course, on finding competent workers and companies (even body shops) to contract with. For my project, that included all the overhead and pain of doing contract work for the US government. Usually, defense work requires be performed in the US by US citizens, so that rules you out :-(
Re: (Score:2)
Perhaps I can masquerade as one :D
Anyway, such jobs I would do remote, so it rules me out, as I don't plan to live in a mayour US city. Country side would probably be ok. But honestly I'm to old to do this green card shit and follow all the regulations, I would not even work for Apple or something like that. Oki, Space X ... that I probably could not resist.
Open Standards are the most important part. (Score:5, Insightful)
It seriously offends me when I download something from a government Web site and discover that I cannot read it without buying a copy of Microsoft Word or some other proprietary software. It is not my government's job to guarantee Microsoft a market for their products.
no, but (Score:2)
No, they should not exclusively use Free Software (sorry, "Open Source" guys, I never hopped on that bandwaggon) but they should have a strong preference for it.
Sadly, there are many areas where no Free Software of adequate quality exists. Areas that are vital for government work, and a government should not restrict itself. However, if an adequate Free Software exists, the government should strongly prefer it.
Security? Let's not forget two things: a) Free Software isn't bug-free, either, and especially tri
No, (Score:2)
It's not always feasable. However every government contract for non open source should include a provision for data export in an open format.
I'd go further... (Score:2)
They souldn't only be using Open Source, they should be using Free Software, preferably under some GPL or BSD license, with the weighing tilted towards GPL. And if they can't find it available, they should build it themselves (and publish it).
There may be a very few small instances where they shouldn't publish it, but in those cases the software shouldn't be distributed in object form either.
Re: (Score:2)
An example: Bioresearch (Score:2)
In many cases, they already do (Score:2)
For example,Biowulf, 100th fastest supercomputer on the planet, at the NIH, mostly runs Linux. And many peopel use R, rather than paying the licensing for Matlab.
Now, whether management wants to support Linux and OSS, or repeats in their sleep "THE WORLD BELONGS TO M$" is another story... but it's heavily used.
Just for fun, slashdotters, look up https://www.spi.dod.mil/lipose... [dod.mil] - a lightweight secure distro of Linux, can run from a flash drive.
Put out by the US Air Force.
Use the best tool for the job (Score:2)
Re: (Score:2)
Except Windows isn't a good tool for anything on its own merit.
Re:unrealistic (Score:4, Insightful)
That is nonsense. Nonsense often repeated, but still untrue.
Re: (Score:2)
Re: (Score:2)
An exotic example does not make a valid argument here. Incidentally, this will often be interbank agent owned software that they developed in-house and that is a trade secret. You only get the client side or the interface spec and that you may not even be able to buy.
Re: (Score:2)
I work in tech support at the IRS. Billions each year are thrown in fire for Microsoft software that is unreliable, and broken worse by every "fix" they send out. The Windows 10 Upgrade is a disaster. The ticketing system from HP is a waste of billions that gets in the way of doing our work. Adobe Acrobat is an unjustifiable expense now the PDF is no longer a patented technology. I could go on forever about the awful software billions have been wasted on, and how tech support is stretched way to thin trying to babysit all the junk. Instead of that, I will talk about something good. The VA's Vista system. It is the only electronic medical records system developed hand in hand with the doctors and nurses who had to use it, and the only one in the industry medical professionals don't hate. It was developed in house by the VA on the sly, as the bureaucrats never would have authorized its development. Government should stop wasting taxpayer dollars on commercial software, period.
I feel your pain.