Hacker News new | past | comments | ask | show | jobs | submit login
Governments should adopt and invest in FOSS (jamesmcm.github.io)
362 points by _vbnz on Sept 13, 2020 | hide | past | favorite | 148 comments



Since its taxpayers money, any custom made software for gov MUST be FOSS or we can equally abandon any logic whatsoever - citizens payed for it, gov employees were working with implementation team on shaping it, so it belongs to them. This doesn't have to be so for supportive domains such as databases but I would personally prefer that also (i.e. Postgresql instead Oracle db).

There are many more reasons for this then mentioned, including keeping more IT experts locally, better connections with academia, higher salaries for gov IT guys, less corruption etc.

The MAJOR thing is actually that gov companies and their systems are usually quite complex and not something that can be easily (or at all) correctly done by external team of any kind - you need to be there, on the spot, and live that system for years to know how to program it, improve it, and make it good for the country and its citizens. I worked for gov 15 years, and did many huge projects with various companies - IBM, Microsoft, Oracle, Cisco etc... almost all being complete garbage, especially for the usual multi billion price that is payed to those corps yearly. There is an illusion that big names mean big and qualified team, good responsibility delegation (there is the 'nobody got fired for choosing IBM' thing) and that high price means quality, but in practice it never works like that, reality is quite the opposite (except responsibility delegation/dispersion which is totally true).

The major reason that proprietary software is so prominent in gov is corruption.


There are a few other real-world aspects to the development and use of open source in government that make it more complex in my experience.

First, priorities and roadmaps for collaborative software development tend to be captured by the biggest and best funded government organization involved. A famous version of this is that the US government effectively drives the roadmap of international software development collaborations by virtue of readily spending money that their partner governments can't or won't match. The effects of resource disparities in development collaboration often lead to the practical effect that smaller organizations are not having their needs met and what little resources they do have are consumed by the overhead created by the resource scale of the big partners.

Second, quite a lot of proprietary software development within government has strict dependencies on closed source software for which there are neither open source equivalents nor likely to be open source equivalents for the foreseeable future. In these cases, open sourcing the government code generates relatively little value for other contributors while incurring the significant operational overhead that is inherent in open sourcing software.

Third, even in cases where the government software is open sourced, the projects are frequently unusable by other orgs because the software is effectively unsupported. Under government rules, you generally aren't allowed to spend a couple hours helping any random dev that emails you on what is essentially a support issue -- you are expressly not being paid to work on unrelated projects. A lot of government code that is open sourced is de facto abandonware, including much of the software I worked on, because there is no framework to provide support for the user base either formally or informally. Unlike with non-government open source, which tends to be responsive to random questions from the ether, emailing devs on government open source projects often goes to /dev/null.

I agree that the big consulting primes do a terrible job at software delivery but government doesn't have a good track record of effective open source software development either, for other structural reasons.


What about continuing to rely on private contractors, but with a mandate to open-source everything they develop with public funds? Perhaps that would address the issues you describe?


This does not solve the issues because it often already works that way today. All of the code I've ever written under GPL was as a private contractor to the government.

The code I wrote is not supported by anyone and reflects the interests of those who paid for it. All of the most advanced systems work, even if not classified, is not open source and often not in literature and this is a condition of accessing that technology at all.

For the US Federal government, they are often dysfunctional when it comes to sustainable open source. And when it comes to the more interesting computer science tech, they have no leverage to make it open source nor any real interest TBH.


I've written some proprietary code and I know that my competitor contractors have written a similar thing.

I don't know whether it's the way to 'create more jobs'.

GPL frees individual developers from the companies. It changes the tempo of competition process because there is less of inertia.


> Since its taxpayers money, any custom made software for gov MUST be FOSS or we can equally abandon any logic whatsoever

This is why Free Software Foundation Europe created a petition to make all publicly paid code public: https://publiccode.eu.



When's the last time Bulgaria developed spy satellite or fighter jet software?


The spy satellite or fighter jet software doesn't have to be on Github, but it also doesn't have to be locked up in the vaults @ Boeing or Northrup Grumman, and only accessed or improved at a huge fee by a rent-seeking corporation, who will discharge developers who are experts, and for another obnoxious fee only offer to retrain them, if they happen to still have access to the source code that might have been lost in that fire years ago.


Whataboutism. There's a lot of non-militaristic software that could be FOSS.


That's a fair argument but it's definitely not "whataboutism" by any definition.


I mean, it's 'whaboutism' by some definitions, it's just that those definitions aren't the ones that the rest of the world uses. :~)


What about the code used in, for example, defence systems or intelligence agencies?


Every law has exceptions. (Although I'm not sure how much the secrecy helps here, see Snowden's leaks.)


How does this apply to militaries and intelligence agencies? I can understand wanting a lot of government software to be FOSS, but maybe the software on spy satellites shouldn't be available to everyone.


> maybe the software on spy satellites shouldn't be available to everyone.

I would agree if I felt it made security stronger. I don't feel that way, given I know now that satellite is likely running windows.

OSS serving as a basis, not the end-implementation of a system is how it would work in practice. Just like it does now with contracted vendors.


It isn't just about security, it is about information gathering. If you give someone all the software used on and to communicate with your spy satellites, it reveals the capabilities of those satellites.


The development machines used to create satellite software are likely running Windows, but the satellites are more likely to be running a real time OS such as VxWorks, Rodos, RTEMS, etc.


Linux will soon be a real-time OS, the RT patchset is going to be fully merged in the next one or two releases.

https://lwn.net/SubscriberLink/830660/43f429fb1159435a/


I'd be surprised if satellites are running Windows. I'd guess VxWorks.


> Since its taxpayers money, any custom made software for gov MUST be FOSS or we can equally abandon any logic whatsoever

For the federal government, it would make more sense for it to be public domain (not subject to copyright), the same as federal works generally.

State government works are generally.copyright by the state just as if the state were a private actor, with no particular mandated licensing scheme, so arguably the same ought to be true of software.

OTOH, for software used in automating state administration, the source code is arguably a form of documentation of process that ought to be disclosable under sunshine laws even if the software isn't licensed in a way that allows use other than informational reference.


Public domain is a subset of FOSS.


This is not only true for software developed with public funds, but with any software that becomes critical for providing public services, communication in particular.

Take for example the recent 5G spying debacle. US claims that the Chinese can insert snooping tech in their hardware, which is of course true. But the same thing is true for gear produced by American or European companies, so we are expected to choose based on the respectability of the political regime or some such and keep our fingers crossed.

This whole issue goes away if all critical infrastructure services, regardless of origin, can only operate in "source available" mode, if full FOSS is not economically feasible.


How do I know that the cell tower I connect to is running the firmware I personally verified on github.gov?


The trust you have in the phone company is another target of attack than the one discussed here, the fact that operators need to trust closed source blobs in their networks, often times provided by other states with strategic interests in what goes on over their networks.


Maybe I wasn’t clear. Even if the government publishes the source of whatever I am interacting with how do I know the source they publish is the same source I am interacting with?

Nothing stops them from adding some malicious patch before deploying the open code. It’s all still based on trust.


You are talking about the full chain of trust. I'm an talking about a single link of that chain, the ability of the operators to know their hardware is not under the control of some foreign state actor. This is the topic of the 5G wars. It's a necessary but clearly insufficient condition for what you ask.


There could be regular random audits by relevant gov ministry.


One of the challenges is that FLOSS means so many different things.

You say that the minimum thing is source availability for auditing. Others will say that the freedom to modify the code running on your systems is the most important thing. Others will say that the freedom to copy the code into new contexts is the most important thing. Still others will say that the ability to run the code for free is the most important thing.

This makes it very difficult to navigate this topic.


> minimum thing is source availability for auditing

That is not FLOSS. Its normal and expected and usually required to give source code to stakeholder.


Take that up with OP, who merged these two concepts.


>US claims that the Chinese can insert snooping tech in their hardware, which is of course true.

Huawei have been caught doing this (e.g. with the African Union HQ where they set everything up). This very much isn't true for a lot of Huawei equipment, though, where the source code is loaded manually, Huawei are very willing to allow manual inspection and the equipment forms part of the "dumb" routing infrastructure rather than the clever bits (where hacks would be easier to hide).

Trump wants everything gone, though. This is more an economic war than it is a spying war. National security simply provides a very convenient excuse to sell domestically and an automatic exemption from WTO rules.


How many backdoor accounts have been found in Cisco products so far? Dozens?


I agree completely. It's ridiculous seeing different cities, counties, states, etc reimplementing the same stuff from scratch. I realize every region is different but not that different.


>Since its taxpayers money, any custom made software for gov MUST be FOSS

I don't follow this logic. I can't think of any case where I view the source code of software that I paid for.


That you paid for a copy of, or that you paid for being developed in the first place?


Well, too bad.


I gave up thinking the government believes they work for the citizenship about a decade ago.


The government isn't a monolith. It's people, each with different incentives and values.


Learned helplessness at its best.


We're working with Microsoft on a new data warehouse for analysts, and I'd say the biggest drawback is how everything's a committee decision.

We also have a data warehouse for our online public query system, but it's run in house. It's so easy to modify it or propose additions; I just email the guy in charge, CC his boss, and those two will decide if it's worth the time within a day.

The Microsoft warehouse? We still don't have it after a few years. Everything runs through multiple committees from multiple teams on our end before it's even brought up with the Microsoft rep. It's a terrible game of "whisper down the line," and too few players understand enough of the whole system. I don't know what's practical for the stack, Microsoft doesn't know what's practical for analysis, and the middlemen don't know how to prioritize anything. The public servants with access to all the info don't have time to coordinate this; that's why we contracted it out.


> The major reason that proprietary software is so prominent in gov is corruption.

I'd like to see more open source software in government, but the main reason we select proprietary solutions where I work is support. If more open source tools had support staff, maintenance agreements, etc. more government organizations (and businesses) would consider them viable. I may be fairly code-literate IT, but I don't understand a given product as well as the support staff from the company that made it.


> If more open source tools had support staff, maintenance agreements, etc

Supply is surely not the issue, there is simply a lack of demand at a reasonable price.

The usual billion dollar failed proprietary IT project could pay for an equivalent open source implementation with equivalent support.

Most government simply doesn’t demand open source as a preference, and proprietary software suppliers overwhelmingly prefer to supply solutions that gift them vendor lock-in and monopoly rent extraction.

Edit: large software corporates demand open source suppliers, or they bring open source talent in-house: government should follow their example. Large software corporates do it right (e.g. I met someone working on PostgreSQL but getting paid by Microsoft the other day). Disclaimer: I am a co-founder of small proprietary software company with some government clients.


You can also hire local Linux enthusiasts to create an in-house support team. That keeps the money for the support costs within the local economy and potentially they could even give back to the open source projects and represent your local interests within the open source community.


So I can tell my boss we should hire a six figure salary employee instead of buying a four or five figure annual proprietary product?

Honestly, as a taxpayer, I'd hope not.

And that's the problem, for more open source products, the available support is "pull requests welcome".


Usually the costs for proprietary software in government are much larger, usually in the millions.


This is a very bad assumption. You are ignoring the fact that government includes municipal, county, state, and federal levels of government, and entirely forgetting that most of the software governments use isn't custom-built through super expensive contracts.

Many are purpose-built for government use but are sold to a large number of organizations at pretty ordinary pricing models.


That's common complaint. However, in my experience, proprietary support, especially on supportive technologies isn't that great either.

It also seems more likely to find local expert on FOSS technology given that barrier to entry is 0.


The barrier to entry is far from zero. Understanding a platform enough to make code fixes takes a fair bit of study beyond the most trivial project.

For businesses and government, support is often mandatory, and at the least, it gives administrators "people to blame" when something goes wrong.

I feel open source with paid support is a very viable route for government, given it's general expectation of having paid support for the products it uses, but there's still an extreme minority of businesses successfully monetizing open source software.


Code is a liability. Teams which can encapsulate complexity for others are an asset.


"Support" is the excuse, but it turns out to be a bad excuse in practice. It's easy for government organizations to become small fish in a PaaS provider's big ocean of customers. Even major providers in this space, like Accela, tend to be horrible at providing actual support.


I don't agree with this. The government should purchase software or services based on quality of the service provided and cost. It's nice if the software is open source, but it doesn't need to be just because tax payers pay for it. That's a total non-sequitur.

If the government buys Mercedes cars it doesn't demand Mercedes to hand over the engineering designs for the cars.

In fact in the entire military and intelligence space I don't even think this is practically possible due to secrecy and avoiding to give away software that is vital to national security.

Another obviously giant issue is that this would effectively prohibit companies which do proprietary work in the private sector to work with the government at the same time, because they'd be forced to open source their code. The likely result of this would simply be that the government has significantly less software to chose from, higher cost, or needs to start maintaining large engineering teams to replicate entire software stacks just for public use.


> I don't agree with this.

Probably because you missed the "custom made" part.

> secrecy and avoiding to give away software that is vital to national security.

This would obviously be an exception and the code wouldn't be publicized. But that doesn't mean it can't be open-source to the government itself.

> this would effectively prohibit companies who do proprietary work in the private sector to work with the government at the same time, because they'd be forced to open source their code.

Developing open-source code doesn't mean you have to open-source all your code. Windows is still closed-source despite Visual Studio Code being open.


So taking your example, the government could not use Windows unless Microsoft decides to open-source it? You realise how much infrastructure of the government runs on Windows right? And not just the operating system itself, but large parts of the software on top, you'd basically have to spend, I don't know dozens of billions to port it all to open-source software, just so you get the source code? Mind you that open-source software is not free, Redhat charges you money just the same for enterprise software

I don't think that's a reasonable use of taxpayer money.


Windows is supporting tech. There is no such requirement.

Custom made software is not, and requirement should be for it.

> this would effectively prohibit companies who do proprietary work in the private sector to work with the government at the same time, because they'd be forced to open source their code.

The company that does implementation work wouldn't be influenced IMO in any way whatsoever - they already have an active deal with gov, they are 100% on the topic, they have the best chance to offer quality support as they developed it etc. The other gov client who takes that software and does't pay development will pay support to the same company and additional development in majority of cases. First client could incorporate such changes without any additional price making entire ecosystem better. If third company now devotes its time to study, and improve the open code, so that they are now better at it then original company who developed it, then by all the logic they are the right team to continue with it. This effectually reduces lock in which is the major problem. Academia could research those open systems to look for bugs and other defects and provide stream of fresh minds already prepared to work on the gov systems. It looks like too good to be true IMO.


> So taking your example, the government could not use Windows unless Microsoft decides to open-source it?

Incorrect. The government could use Windows, even closed sourced. That is why I pointed out the "custom made" part you again missed. The open-source mandate would only apply to new software, written specifically for the government.


For what it’s worth Microsoft regularly shares the source code for Windows with the American government.


>So taking your example, the government could not use Windows unless Microsoft decides to open-source it?

No, that's a strawman.


> If the government buys Mercedes cars it doesn't demand Mercedes to hand over the engineering designs for the cars.

> In fact in the entire military and intelligence space I don't even think this is practically possible due to secrecy and avoiding to give away software that is vital to national security.

The military is likely a case where the government does demand the engineering designs, production lines etc.

Open source doesn't have to mean public source, it means the user has access to the source and can modify the program if they want to. Seems like a perfectly reasonable approach for military or intelligence procurement.


The user, as the government agency getting the outcome of the contractors work, already has access to the source code most of the time.


Not really.


Yes, really, anecdote of one.

All the government projects I worked on, used SCM systems managed by government IT departments.

Also zero contributions were made back from the FOSS stuff that were used in the project, they were kept in their IT SCM repositories.


All the government projects I worked on, they had lost of contractors with proprietary software interconnecting between each other.


I love Postgres but it really does not do what Oracle does, even today and definitely not 15 years ago.

My tax dollars paid for the M1 Abrams and the USS Enterprise but they won’t let me take either for a joyride. I still derive utility from those expenditures. It’s the same with software.

If corruption is the problem I’m not sure how software licenses solve it.


>I love Postgres but it really does not do what Oracle does

Right, Postgres doesn't have aggressive salespeople trying to convince key decisionmakers in your enterprise to switch away from Oracle.


It also doesn't have an IDE experience that matches SQLDeveloper, including for debugging stored procedures, doesn't do distributed transactions, integrate with OLAP, provide a Web based framework for quick CRUD applications, bare metal deployment where the RDMS is the OS.


I for one am happy to never again have to use SQLDeveloper.


so, pgadmin?


A proof of never having used SQL Developer, pgadmin is quite basic in capabilities, and now being a Web based UI even less appealing.


I have, although not extensively.

I tend to find CLI tools more effective than GUI tools. Each to their own though, I suppose.


Even assuming that Oracle does indeed have some features that Postgres does not (even with some extension), one will still need to make the case that _that_ specific Oracle feature is indispensable to a given government project.


It's more likely that Oracle's flagship DB has been 'certified' in some way. Even if such certification is developed by Larry's own lobbyists on his dime.

Not that certification is bad generally. Just that it often becomes a tool if regulatory capture.


Requirements for large projects are always more than technical. The killer feature of proprietary software is the power of the purse.

Often, a reason large organizations buy proprietary software is because of the power structure created when you have a legally binding contract with the sole maintainer of the project.

The #1 customer of a proprietary product has quite a bit of power to influence and shape how the vendor spends their development cycles. For FOSS, you are often cooperating with (or at least partially reliant on) people who have no financial incentive to favor your priorities.


So although Government generated IP titles are prohibited except by one-off statutes, the government can engage in work-for-hire or any auto-acquire titles to accomplish the same thing, which is what it does.

So this is how it owns patents, copyrights, closed source software, etc


I agree, just don't make it into something stupid like GPL.

Also just because you've released the source after it doesn't make more secure, valuable or whatever. It should be developed in public to begin with.


It's the only way to avoid large companies turning it into their own projects and selling that for a large markup, with very little benefit to the taxpayer and some extra user freedom infringement sprinkled on top.

Even something like LGPL allows taking freedoms from users and it could be blatantly seen from the Polish eDowod software issue (that's still ongoing).


The GPL doesn't prevent large companies from selling software. Mobile phone vendors sell Linux based Android devices all the time and Linux is GPL.


Oh it absolutely does, it's like kryptonite to companies that want to keep everything theirs a secret. It's a secondary effect, but it's there.


Android is open source though.


Large parts of it that make it usable on modern devices are proprietary or weakly-licensed. There even isn't a way to sideload Android on a lot of the devices it runs on because of that.


I paid $24.99 for my first copy of Linux. Bought it on the shelf at Walmart, actually.


Does the GPL prevent someone from making money? I think it only forces everyone to publish their source code.


Roughly speaking that's correct. The GPL isn't hostile to paid means of distributing a program, but it's hostile to distributing binaries while deliberately obstructing access to source-code. [0]

An aside in the interests of precision: the GPL doesn't force 'everyone' to publish their source. If your fork is private and is never distributed at all, you aren't obligated to make your source-code available, and you don't even need to tell anyone you have your own fork. The Affero GPL licence differs from the standard GPL, on this point.

[0] https://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMon...


The GPL doesn't force publication of source code, just distribution of source to the folks you distribute binaries to.


By selling those they are becoming a tax payer. You are basically arguing that there's limited amount of pie and we can't create more...


> By selling those they are becoming a tax payer.

Given the massive amount of tax-evasion there are doubts about that.

And I'm not arguing that there's limited amount of pie. I'm arguing that it's not okay to make people pay for pie, lace it with cardboard and ask them to pay for it again.


In one instance, I literally watched a government organization buy its own open source software from a vendor that added a few bells and whistles and turned it into a proprietary product. GPL is a pretty good defense against this kind of scenario. You need these kinds of checks against the transient nature of political appointees, etc.


I have a bold opinion. I believe it is to the benefit of a State that their software be kept secret or proprietary. Of the many reasons i have to believe this, I will say one is as a matter of national security.

I hope my public opinion opens a fruitful dialogue.


There was a top post on HN just the other day about "security by obscurity", and how the concept is often misunderstood.

You are invoking the age-old closed vs open source argument - essentially, security by obscurity, but I'm not convinced it's a boon in this case. I believe govs using OSS is a net positive for humankind: there are many more minds and eyeballs on the code, and many more beneficiaries of the code.


If you are interested in this topic, checkout https://code.gov/

“The Federal Source Code Policy (FSCP) called for the establishment of the the Code.gov program office and corresponding technical platform of a website and application programming interface (API). The program office assists agencies with policy, acquisition, and code inventory creation. We are a small but mighty team with five members with expertise and beliefs pertaining to discovering, sharing, and open sourcing the People's code.”

You may also want to read up on 18f.gsa.gov. They publish and share lots of open source code.

I started at 18F and now run https://github.com/cloud-gov


Also have a look at the GOV.UK/GDS[0], which strongly influenced the US Digital Service. Pretty much everything digital that government departments do is open by default[1]

[0] https://www.gov.uk/government/organisations/government-digit... [1] https://github.com/alphagov


I work for a government software development team (At least for the next week). I have other friends in other governments on other teams.

I can’t see a government being able to build generalized software or contribute effectively to it. Governments don’t tend to have people who say no to feature requests. The end result is not a generalized good solution, but extremely specific solutions built on a generalized platform of if statements and endless configuration setups with special cases weaved through.

Governments are used to getting to decree everything from the button shade to the location of the buttons (different departments might ask for different button placements and get it) to the database type used (for the same piece of software) to the cloud vendor to all manner of additional features that require threading them through the core software. They want piles of exceptions and special cases. They want every possible scenario from the paper based days to be included in the software or it is not sufficient for their purposes. They want to specify date formats. They want to have very custom reports.

To use OSS, you basically need a generalized thing many people can use. But each government department will rapidly make it far from generalized.


You're assuming the government controls the development process. That's not the objective (and frankly, FOSS licences works against control, as any party can fork the code). Rather, the suggestion is for governments to support FOSS developers, just as they do the arts community, without directly dictating what work they do. If they want a project extended in a certain way they can pay directly for that development, but they should do it on the back of an existing product that serves the general community and feed useful development of the software from their extension back into the general development tree.


Standards may help commoditize the more fundamental parts. It was the government that created ASCII and SQL after all. At least back when they cared about competition.


100% agree.

I do R&D in the defense industry and scope creep is an absolute nightmare. The only times I get to say no are when the laws of physics dictate so.


There are much more constructive ways government can help. They can for example fund the core devs of programming languages, databases and similar foundational systems. A lot of this work is now done part time on their free time.


A typical FOSS has already a lot of customizability.

Yes, they want to have a lot of specific stuff, but it isn't that dramatic.


Government does use and create a great deal of open source software.

Github has this list of government and community organisations that use Github :

https://government.github.com/community/

The organisation that I work for has over 200 Github repositories.

The Australian government alone from that Github list is literally supporting thousands of open source repositories. It looks like many other governments around the world are doing the same.

It would be worth going out and working out how many open source repositories governments are supporting.


Australia's CSIRO has their own bitbucket repo:

https://bitbucket.csiro.au/repos?visibility=public

(CSIRO also has quite a few repositories on Github as well)


"Citizen owned software."

Phrasing I used on the stump, both campaigning and as an activist.

Overwhelming support. One of those 90/10 issues.

People just get it. Resolutions, petitions, platforms practically write themselves.

Forewarning for any future advocates: Appeal directly to the rank & file, Jane Public, editorial boards. Organize bottom up. I can't recall any elected or appointed person supporting (publicly).

Free advice (and twice as valuable): You must have solutions. Real code. My topic was election admin. I couldn't resolve the chicken & egg problem. Any green field efforts would need $10m just to wage the legal battles (certifications, in every jurisdiction). So figure out a way to get existing code into the light.


How did you square this goal with nearly every election expert (I'm talking academics here, not politicians) being against using more technology in elections?


There's a lot more to elections than just the tabulators.

Maps, databases, candidate filings, calendars, ballot production, voter guides, signature management, poll books, reports, ballot tracking, translation services, etc.

Since the collapse of the touchscreen business, the new business model is rent seeking on steroids. Charging jurisdictions per unit prices for every single one of those tasks and artifacts. Every voter every election, whether the voter cast a ballot or not.

On the stump, I explained that "citizen owned software" applies to both the intellectual property and the business model.


No mention of what is the greatest government contribution which is SELinux from the NSA

https://en.wikipedia.org/wiki/Security-Enhanced_Linux

SELinux is what keeps an attacker contained after they exploit and break into the system.


See also the Dutch Ministry of Health has it's own GitHub account[1]

Their coronavirus tracking app is open source [2]

And their Minister for Health made the commit to send the app website live [3] (though he did push to master on a Friday. I guess you can do that if you're the Minister...)

[1] https://github.com/minvws

[2] https://github.com/minvws/nl-covid19-notification-app-ios

[3] https://github.com/minvws/nl-covid19-notification-app-websit...


In France this is exactly the goal of an association founded in 2002, see (in French) https://adullact.org/index.php/association


It seems they just focus on the cost while the real problem is of sovereignty, and need to include an European dimension. The US have been found spying on the whole world (including their own citizens), so it’s warranted Europeans push back against US hardware and software the same way it’s done with China (Huawei).


Disclaimer: I don't write on their behalf.

They don't neglect sovereignty, which is quite present in their communication (sample: https://adullact.org/21-espace-presse , https://adullact.org/65-actualite/agenda/854-colloque-sur-la... ).

My personal experience lets me suppose that the main challenge for the audience of this association is budget-related, and if so it is of paramount importance for it to (right off the bat) announce that free software reduces the TCO.

I'm more and more unconvinced by the present instance of the "Europe" thingie, and in any case an opensource project does not need gigantic bureaucratico-jacobinists organizations, in fact such ordeal will IMHO quickly derail it.


The problem is that to sort it out properly we need a complete EU based stack, starting from the hardware.


>starting from the hardware.

There's absolutely no need to start from the hardware. In fact, both hardware and software can and should be done in parallel.


I have said this for years: all the building blocks are here. What's missing is the integration, UX/UI polish, and of course, the resources to do so.

If enough public administrations are on board with this, then this could be game changer. We could have something that trickle down to the general population. Something on the same level of polish as Windows or MacOS.


I work as a government contractor. We've fixed bugs in OSS that we've used, but been unable to contribute the fixes back. This is a huge hassle because we are now on a fork and have to deal with merges from upstream, it will get worse over time.

More recently I developed a missing (in my view) extension to a piece of software. Too make this OSS-able would take a few extra hours and I wouldn't mind doing that step on my own time. But that's a nope.

So we can use OSS, we can modify OSS, but we can't contribute PRs or new software. At least for the three letter agency I work with. Lots of the type of applications being developed in the public sector aren't really any different then private sector. They take data in, they do something with it, and they output data. If the software doesn't require a security clearance, you should be able open source it IMO or at least contribute PRs.


Why are you unable to merge your changes upstream?


I was given some nebulous answer and well I have my own OSS projects on the side that I care more about so I don't care to push that. WTS. I would be happy to do the last mile on my own, but I am not going to fight for it. It should instead be encouraged buts its not. So here we are. I have good contributions to make but don't. Some good OSS projects losing out and by a thin proxy, many other three letter agencies.

The most I do is contribute to OSS documentation on gov time and just don't bring it up. Also fix issues by replying to issues since thats not code.


Well I'd say it would be totally worth it to push back on that and insist that you be allowed to merge your stuff upstream.

Even if it's for no other reason than ease of maintenance, so you don't have to keep merging upstream to your fork.


I have a question here. How do you combat lobbying when you have the likes of Microsoft so deeply entrenched in a government, the likes of Germany and Limux and the whole deal there. Same in India. The government has set aside a proper budget to spending towards buying Microsoft products for office use when 10% of that sum could build world class software but lobbying. I once pitched libreoffice to a head of a India government department and I was told in as many words "the central government gives us a proper budget for this. If we don't spend it, it will lapse. Let it be. "

Next, I use some taxation software provided by central government but its all excel based. Why cant they essentially switch to the likes of using Foss software because the chain effect of the cunsumers of these software have to stick to excel. On and on. If anyone can help pass the message, let me know


I think one easy mistake to make is thinking about this as an investment in software as a technical artefact. Which is more valuable for deterring war:

A. An $80 million fighter jet with dysfunctional communication among its maintenance, logistics, and air combat teams.

B. An organisation which can resiliently perform effective aerial interdiction and communicate the resulting intelligence clearly and swiftly.

B, right? So too with peaceful investments.

Governments should invest in teams with the capability to:

1. Understand the needs of the public, prioritised through some healthy democratic-representative process.

2. Write and refactor high-quality software as that nourishes the public good.

3. Empower members of the public to educate themselves on how to contribute to this public commons.

Open-Source code itself? Eh, writing code is fun. When you take care of the team, the team takes care of the code.


1. I think many public sector organizations in Europe lack basic knowledge of FOSS and have IT managers that don't even know what it is.

2. In many ways it is surprising that generic software like cloud office functionality in reality only have two suppliers, both from the US, in the public sector. The amount of money that is being paid by tax payers every year for that across the EU is staggering.

Maybe the Schrems 2 court decision will change #2 eventually but for the time being I see very few alternatives.


> 1. I think many public sector organizations in Europe lack basic knowledge of FOSS and have IT managers that don't even know what it is.

Confirmed. Source: I teach these topics in University, including in post graduate courses for public officials, and most of the students don't have a clue of what OSS means (the whole words), and don't even realize why the F matters. I usually explain what source code is, and from there all they way down to that F.

I am deeply convinced that one, if not the the most, worrying problem of our times is a general lack of proper education in all levels of societies, except for a small portion of the population.


I clicked the upvote on your comment but wanted to put a sad emoji...


FOSS is a Commons, in my opinion every organization, government and company should use it as much as possible and invest in it a fraction of their IT budget, even if just 1%.

This would add up to resolve the current FOSS funding problems and the FOSS ecosystem would thrive.

They could do it by hiring developers or FOSS companies and/or funding targeted to the projects they use with a subscription like Tidelift.


Wanted to share that my province, British Columbia, is pretty good about this. My team was hired to build BC’s Digital Marketplace (https://digital.gov.bc.ca/marketplace), which procures teams to build software for government that is licensed under the Apache 2 License!


I agree. I’ve seen a few models work in other industries. MIT’s OpenCourseWare (OCW) and edX initiatives relied on partnerships with other universities and institutions. They all pay in to fund the development of the underlying platform. OpenEdX has individual and institutional contributors that help improve it.

Smaller credit unions join forces to form credit union service organizations (CUSOs) that provide a service (e.g., IT support, or lending services) to all member credit unions.

I would love to see US state and local governments do something similar. Start with everyone’s favorite state office: the DMV. I’ve lived in three states. The DMV experience for all three has been pretty bad. This is more frustrating as an software engineer because it is painfully obvious where a bit of software could have a huge improvement. It makes no sense that 50+ states and territories have 50+ systems for the DMV, business registration, taxes, etc. when the basic functionality is most likely the same across all of them.


> It makes no sense that 50+ states and territories have 50+ systems for the DMV, business registration, taxes, etc. when the basic functionality is most likely the same across all of them.

While this is likely true, this being the US, you are also very likely going to end up in an ideological (for the lack of a better word) rabbit hole about freedom and state's right to do their own thing.


This is why the open source angle is so crucial. If the expertise is distributed well between the stakeholder states, it can produce more state sovereignty, because it is at least plausible to fork.

It serves the best arguments of both nativism and globalism, without really harming the values of either.


This is exactly what happened to Common Core.


IMO, essential FOSS projects should be seen the same as infrastructure. It is not unheard of to see millions spent on bridges, highways, etc.

Well, office suites, operating systems, and the myriad of FOSS projects used every day are as useful as that physical infrastructure. Especially in this day and age.


GDS, a department of the UK government already advocates the use and creation of open source software: https://www.gov.uk/guidance/be-open-and-use-open-source

Including publishing a lot here: https://github.com/alphagov

A lot of the philosophy of their approach on this is around making the code public and inspectable given it was funded by tax payers. Not to say reuse isn't part of it but it is an interesting angle on why some code should be open sourced.


So the reasons are: cost, contributions, and audits.

I'm playing devil's advocate here and think this could be an interesting thought exercise.

There is no evidence or proof any of the above are advantageous to governments.

1. Cost - Does it cost more for an existing solution, that maybe other governments and companies have paid toward, than adding features to a solution without all the bells and whistles?

2. Do you want other governments to receive the improvements?

3. Do you want other governments to be able to audit your ("you" being the government) software? It is more effective to hire a specialized audit team or have random code readings by random people?


My toughts:

2. Yes, in areas where other governments profit isnt your loss. I think there are lots of these. For example, if you have software which makes people more healthy, you wont lose if people in other countries get healthier as well.

3. Yes, similarly in many areas others auditing the software is harmless.


I have found that not everyone in the public sector would agree with (2). By giving away the software you lose the ability to sell it and recover some of the money you spent on it. Similarly, funding the development of proprietary software involves less capital expenditure because the developer can charge less than they spend and still profit by selling to others. I don’t believe that either of these arguments are sound, but it’s hard to respond to them when the experts on how software development should be done are the contractors who benefit from these arrangements.


Open source software is a public good. The government is responsible for creating and maintaining public goods. Where's the dissonance?


A lot of this discussion is thinking about government procurement, and yes absolutely, custom software that the government commissions should be OSS unless national security prevents it, and in that case, they and not the contractors should retain the copyright.

But there’s another issue: government should approach funding OSS like funding scientific or medical research. If you want to cure cancer, you find a government grant, write up a proposal, get your proposal scored, and if all goes well get to conduct your research. The exact same process should apply for OSS.


This is exactly how Europe (and other parts of the world) can avoid having their IT services monopolised by US American companies. And build up ecosystems of expertise around the free software projects.


Oof, see the disaster that is regulated cannabis software. $3M for stuff that was hacked the day after launch and still routinely fails two years later. And the government has simply changed the definition of success so it looks like it wasn't. All the while the agency is rebuilding the reports the taxpayers paid for, and we're supposed to be delivered 24 months ago with Excel - and training LEOs how to ignore and filter out garbage data from the system to do their job.


Iceland is doing this (in a big way). TypeScript stack, 18 teams from different companies working together in the same open source code base and design system. HMU if you want to know more. Was an advisor on it.


Let's go further than this though. Governments should all follow the China model and have their own firewalls, support their own software industries, and splinter the internet.

Also support institutes that do work in FOSS.


Lots of software commissioned by Italian govt is open sourced: https://developers.italia.it/en/


I think the largest barrier for FOSS is still that the greater public doesn't know about FOSS, at all, and even less at the concept level. Because FOSS largely is still not on the daily political agenda, there's no actual talk among the wider masses about the reasons why FOSS is important, or what it actually means. Without wider discussion it's harder for it to gain foothold, as it is very much a political question, when it comes to use of FOSS in government.

Although, this seems to be slowly changing. In Finland, YLE (the national broadcasting company) has recently been systematically bringing up the open source nature of the national Covid app in their reporting.

I think there's a larger cultural revolution waiting for its turn, behind the current open source revolution that has been happening so far mostly in the software field.

In its core, open source is a cultural thing, and maybe a political one, one that due to reasons that were, did found rooting and cultivation initially in the field of software. Regardless of its origins, it's a wider movement that could disrupt every aspect of content creation, if realized as such. E.g. the same discussion that is being had in this thread and in the original article, about FOSS in government, largely applies to a wide field of other types of content created by governments.

One of the larger, self created obstacles for open source lies in the definition itself. Open source is still being defined primarily in the realm of software, and through software. Names and definitions such as FOSS (Free and Open Source Software) reprise this problem by anchoring the concept to the world of software, and in this case, it happens already in the name. Instead of FOSS, maybe we should be talking about FOS software?

I think the world could do well with a concept of open source that could be unleashed on all types of content created [1]. FOSS could probably do well, with the larger umbrella concept of FOS hitting daily discussion.

Interestingly, open source as a term doesn't have this package, as source can mean more than just source code.

[1] Creative commons already exists, but that's mainly a license, to be used in certain fields of content creation, not a wider definition for the concept.


You're looking for Germany and Suse Linux.


Starting with voting machines!


jamesmcm.github.io

The author criticizes a lot Microsoft and hypes FLOSS, while being hosted on a closed source, Microsoft-owned platform.


This has nothing to do with his point


I hope some governments adopt my FOSS remote browser isolation product: https://github.com/dosyago/OuterShell


Unfortunately, that isn't how government works. Whether it's F35's or Microsoft Office, putting money into the pockets of political cronies is what drives the purchase. FOSS doesn't benefit anyone with power, so it's useless to the government.


I suppose it depends on the government, but my experience is that it’s more about familiarity and ease of maintenance.

In the US there are few actual digital services/ engineering / hackers who are employees. Mostly project managers and contract admins. So it’s frustrating to me seeing a mediocre commercial solution purchased because it’s easier to support than equivalent OSS that requires just a single person who knows how to admin something simple like Wordpress.

The number of times I’ve heard that SharePoint is superior to Wordpress for intranet and content management because it had better support would boggle any reasonable mind. No one is paying political cronies, just people trying to do their best without any direct understanding of what it takes to run these types of services.

I think the solution is to require a rigorous analysis of OSS in solution contracts. Then all the contractors supporting SharePoint will just support WordPress and funnel the license savings into more contractors.


I’ve got news for you dude, cronyism is a lot worse when selling to corporations.


When people complain about government inefficiency I always wonder if they've ever worked at a large company.


No. With government the stakes are significantly higher as governments don't go out of business.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: