[HN Gopher] Governments should adopt and invest in FOSS
___________________________________________________________________
Governments should adopt and invest in FOSS
Author : nivenkos
Score : 178 points
Date : 2020-09-13 15:15 UTC (7 hours ago)
(HTM) web link (jamesmcm.github.io)
(TXT) w3m dump (jamesmcm.github.io)
| eddietejeda wrote:
| If you are interested in this topic, checkout https://code.gov/
|
| "The Federal Source Code Policy (FSCP) called for the
| establishment of the the Code.gov program office and
| corresponding technical platform of a website and application
| programming interface (API). The program office assists agencies
| with policy, acquisition, and code inventory creation. We are a
| small but mighty team with five members with expertise and
| beliefs pertaining to discovering, sharing, and open sourcing the
| People's code."
|
| You may also want to read up on 18f.gsa.gov. They publish and
| share lots of open source code.
|
| I started at 18F and now run https://github.com/cloud-gov
| petepete wrote:
| Also have a look at the GOV.UK/GDS[0], which strongly
| influenced the US Digital Service. Pretty much everything
| digital that government departments do is open by default[1]
|
| [0] https://www.gov.uk/government/organisations/government-
| digit... [1] https://github.com/alphagov
| sien wrote:
| Government does use and create a great deal of open source
| software.
|
| Github has this list of government and community organisations
| that use Github :
|
| https://government.github.com/community/
|
| The organisation that I work for has over 200 Github
| repositories.
|
| The Australian government alone from that Github list is
| literally supporting thousands of open source repositories. It
| looks like many other governments around the world are doing the
| same.
|
| It would be worth going out and working out how many open source
| repositories governments are supporting.
| pkz wrote:
| 1. I think many public sector organizations in Europe lack basic
| knowledge of FOSS and have IT managers that don't even know what
| it is.
|
| 2. In many ways it is surprising that generic software like cloud
| office functionality in reality only have two suppliers, both
| from the US, in the public sector. The amount of money that is
| being paid by tax payers every year for that across the EU is
| staggering.
|
| Maybe the Schrems 2 court decision will change #2 eventually but
| for the time being I see very few alternatives.
| GartzenDeHaes wrote:
| Unfortunately, that isn't how government works. Whether it's
| F35's or Microsoft Office, putting money into the pockets of
| political cronies is what drives the purchase. FOSS doesn't
| benefit anyone with power, so it's useless to the government.
| prepend wrote:
| I suppose it depends on the government, but my experience is
| that it's more about familiarity and ease of maintenance.
|
| In the US there are few actual digital services/ engineering /
| hackers who are employees. Mostly project managers and contract
| admins. So it's frustrating to me seeing a mediocre commercial
| solution purchased because it's easier to support than
| equivalent OSS that requires just a single person who knows how
| to admin something simple like Wordpress.
|
| The number of times I've heard that SharePoint is superior to
| Wordpress for intranet and content management because it had
| better support would boggle any reasonable mind. No one is
| paying political cronies, just people trying to do their best
| without any direct understanding of what it takes to run these
| types of services.
|
| I think the solution is to require a rigorous analysis of OSS
| in solution contracts. Then all the contractors supporting
| SharePoint will just support WordPress and funnel the license
| savings into more contractors.
| an_opabinia wrote:
| I've got news for you dude, cronyism is a lot worse when
| selling to corporations.
| extremeMath wrote:
| No. With government the stakes are significantly higher as
| governments don't go out of business.
| xapata wrote:
| When people complain about government inefficiency I always
| wonder if they've ever worked at a large company.
| [deleted]
| fallat wrote:
| So the reasons are: cost, contributions, and audits.
|
| I'm playing devil's advocate here and think this could be an
| interesting thought exercise.
|
| There is no evidence or proof any of the above are advantageous
| to governments.
|
| 1. Cost - Does it cost more for an existing solution, that maybe
| other governments and companies have paid toward, than adding
| features to a solution without all the bells and whistles?
|
| 2. Do you want other governments to receive the improvements?
|
| 3. Do you want other governments to be able to audit your ("you"
| being the government) software? It is more effective to hire a
| specialized audit team or have random code readings by random
| people?
| xapata wrote:
| Open source software is a public good. The government is
| responsible for creating and maintaining public goods. Where's
| the dissonance?
| spurdoman77 wrote:
| My toughts:
|
| 2. Yes, in areas where other governments profit isnt your loss.
| I think there are lots of these. For example, if you have
| software which makes people more healthy, you wont lose if
| people in other countries get healthier as well.
|
| 3. Yes, similarly in many areas others auditing the software is
| harmless.
| sjy wrote:
| I have found that not everyone in the public sector would
| agree with (2). By giving away the software you lose the
| ability to sell it and recover some of the money you spent on
| it. Similarly, funding the development of proprietary
| software involves less capital expenditure because the
| developer can charge less than they spend and still profit by
| selling to others. I don't believe that either of these
| arguments are sound, but it's hard to respond to them when
| the experts on how software development should be done are
| the contractors who benefit from these arrangements.
| fouc wrote:
| Let's go further than this though. Governments should all follow
| the China model and have their own firewalls, support their own
| software industries, and splinter the internet.
|
| Also support institutes that do work in FOSS.
| just-juan-post wrote:
| No mention of what is the greatest government contribution which
| is SELinux from the NSA
|
| https://en.wikipedia.org/wiki/Security-Enhanced_Linux
|
| SELinux is what keeps an attacker contained after they exploit
| and break into the system.
| MattGaiser wrote:
| I work for a government software development team (At least for
| the next week). I have other friends in other governments on
| other teams.
|
| I can't see a government being able to build generalized software
| or contribute effectively to it. Governments don't tend to have
| people who say no to feature requests. The end result is not a
| generalized good solution, but extremely specific solutions built
| on a generalized platform of if statements and endless
| configuration setups with special cases weaved through.
|
| Governments are used to getting to decree everything from the
| button shade to the location of the buttons (different
| departments might ask for different button placements and get it)
| to the database type used (for the same piece of software) to the
| cloud vendor to all manner of additional features that require
| threading them through the core software. They want piles of
| exceptions and special cases. They want every possible scenario
| from the paper based days to be included in the software or it is
| not sufficient for their purposes. They want to specify date
| formats. They want to have very custom reports.
|
| To use OSS, you basically need a generalized thing many people
| can use. But each government department will rapidly make it far
| from generalized.
| salimancer wrote:
| 100% agree.
|
| I do R&D in the defense industry and scope creep is an absolute
| nightmare. The only times I get to say no are when the laws of
| physics dictate so.
| 29athrowaway wrote:
| IMO, essential FOSS projects should be seen the same as
| infrastructure. It is not unheard of to see millions spent on
| bridges, highways, etc.
|
| Well, office suites, operating systems, and the myriad of FOSS
| projects used every day are as useful as that physical
| infrastructure. Especially in this day and age.
| majkinetor wrote:
| Since its taxpayers money, any custom made software for gov MUST
| be FOSS or we can equally abandon any logic whatsoever - citizens
| payed for it, gov employees were working with implementation team
| on shaping it, so it belongs to them. This doesn't have to be so
| for supportive domains such as databases but I would personally
| prefer that also (i.e. Postgresql instead Oracle db).
|
| There are many more reasons for this then mentioned, including
| keeping more IT experts locally, better connections with
| academia, higher salaries for gov IT guys, less corruption etc.
|
| The MAJOR thing is actually that gov companies and their systems
| are usually quite complex and not something that can be easily
| (or at all) correctly done by external team of any kind - you
| need to be there, on the spot, and live that system for years to
| know how to program it, improve it, and make it good for the
| country and its citizens. I worked for gov 15 years, and did many
| huge projects with various companies - IBM, Microsoft, Oracle,
| Cisco etc... almost all being complete garbage, especially for
| the usual multi billion price that is payed to those corps
| yearly. There is an illusion that big names mean big and
| qualified team, good responsibility delegation (there is the
| 'nobody got fired for choosing IBM' thing) and that high price
| means quality, but in practice it never works like that, reality
| is quite the opposite (except responsibility
| delegation/dispersion which is totally true).
|
| The major reason that proprietary software is so prominent in gov
| is corruption.
| ocdtrekkie wrote:
| > The major reason that proprietary software is so prominent in
| gov is corruption.
|
| I'd like to see more open source software in government, but
| the main reason we select proprietary solutions where I work is
| support. If more open source tools had support staff,
| maintenance agreements, etc. more government organizations (and
| businesses) would consider them viable. I may be fairly code-
| literate IT, but I don't understand a given product as well as
| the support staff from the company that made it.
| afarrell wrote:
| Code is a liability. Teams which can encapsulate complexity
| for others are an asset.
| robocat wrote:
| > If more open source tools had support staff, maintenance
| agreements, etc
|
| Supply is surely not the issue, there is simply a lack of
| demand at a reasonable price.
|
| The usual billion dollar failed proprietary IT project could
| pay for an equivalent open source implementation with
| equivalent support.
|
| Most government simply doesn't demand open source as a
| preference, and proprietary software suppliers overwhelmingly
| prefer to supply solutions that gift them vendor lock-in and
| monopoly rent extraction.
|
| Edit: large software corporates demand open source suppliers,
| or they bring open source talent in-house: government should
| follow their example. Large software corporates do it right
| (e.g. I met someone working on PostgreSQL but getting paid by
| Microsoft the other day). Disclaimer: I am a co-founder of
| small proprietary software company with some government
| clients.
| majkinetor wrote:
| That's common complaint. However, in my experience,
| proprietary support, especially on supportive technologies
| isn't that great either.
|
| It also seems more likely to find local expert on FOSS
| technology given that barrier to entry is 0.
| ocdtrekkie wrote:
| The barrier to entry is far from zero. Understanding a
| platform enough to make code fixes takes a fair bit of
| study beyond the most trivial project.
|
| For businesses and government, support is often mandatory,
| and at the least, it gives administrators "people to blame"
| when something goes wrong.
|
| I feel open source with paid support is a very viable route
| for government, given it's general expectation of having
| paid support for the products it uses, but there's still an
| extreme minority of businesses successfully monetizing open
| source software.
| verisimilidude wrote:
| "Support" is the excuse, but it turns out to be a bad excuse
| in practice. It's easy for government organizations to become
| small fish in a PaaS provider's big ocean of customers. Even
| major providers in this space, like Accela, tend to be
| horrible at providing actual support.
| mulmen wrote:
| I love Postgres but it really does not do what Oracle does,
| even today and definitely not 15 years ago.
|
| My tax dollars paid for the M1 Abrams and the USS Enterprise
| but they won't let me take either for a joyride. I still derive
| utility from those expenditures. It's the same with software.
|
| If corruption is the problem I'm not sure how software licenses
| solve it.
| RobRivera wrote:
| I have a bold opinion. I believe it is to the benefit of a
| State that their software be kept secret or proprietary. Of the
| many reasons i have to believe this, I will say one is as a
| matter of national security.
|
| I hope my public opinion opens a fruitful dialogue.
| GordonS wrote:
| There was a top post on HN just the other day about "security
| by obscurity", and how the concept is often misunderstood.
|
| You are invoking the age-old closed vs open source argument -
| essentially, security by obscurity, but I'm not convinced
| it's a boon in this case. I believe govs using OSS is a net
| positive for humankind: there are many more minds and
| eyeballs on the code, and many more beneficiaries of the
| code.
| vharuck wrote:
| We're working with Microsoft on a new data warehouse for
| analysts, and I'd say the biggest drawback is how everything's
| a committee decision.
|
| We also have a data warehouse for our online public query
| system, but it's run in house. It's so easy to modify it or
| propose additions; I just email the guy in charge, CC his boss,
| and those two will decide if it's worth the time within a day.
|
| The Microsoft warehouse? We still don't have it after a few
| years. Everything runs through multiple committees from
| multiple teams on our end before it's even brought up with the
| Microsoft rep. It's a terrible game of "whisper down the line,"
| and too few players understand enough of the whole system. I
| don't know what's practical for the stack, Microsoft doesn't
| know what's practical for analysis, and the middlemen don't
| know how to prioritize anything. The public servants with
| access to all the info don't have time to coordinate this;
| that's why we contracted it out.
| jandrewrogers wrote:
| There are a few other real-world aspects to the development and
| use of open source in government that make it more complex in
| my experience.
|
| First, priorities and roadmaps for collaborative software
| development tend to be captured by the biggest and best funded
| government organization involved. A famous version of this is
| that the US government effectively drives the roadmap of
| international software development collaborations by virtue of
| readily spending money that their partner governments can't or
| won't match. The effects of resource disparities in development
| collaboration often lead to the practical effect that smaller
| organizations are not having their needs met and what little
| resources they do have are consumed by the overhead created by
| the resource scale of the big partners.
|
| Second, quite a lot of proprietary software development within
| government has strict dependencies on closed source software
| for which there are neither open source equivalents nor likely
| to be open source equivalents for the foreseeable future. In
| these cases, open sourcing the government code generates
| relatively little value for other contributors while incurring
| the significant operational overhead that is inherent in open
| sourcing software.
|
| Third, even in cases where the government software is open
| sourced, the projects are frequently unusable by other orgs
| because the software is effectively unsupported. Under
| government rules, you generally aren't allowed to spend a
| couple hours helping any random dev that emails you on what is
| essentially a support issue -- you are expressly not being paid
| to work on unrelated projects. A lot of government code that is
| open sourced is _de facto_ abandonware, including much of the
| software I worked on, because there is no framework to provide
| support for the user base either formally or informally. Unlike
| with non-government open source, which tends to be responsive
| to random questions from the ether, emailing devs on government
| open source projects often goes to /dev/null.
|
| I agree that the big consulting primes do a terrible job at
| software delivery but government doesn't have a good track
| record of effective open source software development either,
| for other structural reasons.
| choward wrote:
| I agree completely. It's ridiculous seeing different cities,
| counties, states, etc reimplementing the same stuff from
| scratch. I realize every region is different but not that
| different.
| fsflover wrote:
| > Since its taxpayers money, any custom made software for gov
| MUST be FOSS or we can equally abandon any logic whatsoever
|
| This is why Free Software Foundation Europe created a petition
| to make all publicly paid code public: https://publiccode.eu.
| slg wrote:
| How does this apply to militaries and intelligence agencies?
| I can understand wanting a lot of government software to be
| FOSS, but maybe the software on spy satellites shouldn't be
| available to everyone.
| Supermancho wrote:
| > maybe the software on spy satellites shouldn't be
| available to everyone.
|
| I would agree if I felt it made security stronger. I don't
| feel that way, given I know now that satellite is likely
| running windows.
|
| OSS serving as a basis, not the end-implementation of a
| system is how it would work in practice. Just like it does
| now with contracted vendors.
| LukeShu wrote:
| I'd be surprised if satellites are running Windows. I'd
| guess VxWorks.
| majkinetor wrote:
| Bulgaria seems to have it:
|
| https://thepolicy.us/bulgaria-got-a-law-requiring-open-
| sourc...
| jpxw wrote:
| What about the code used in, for example, defence systems or
| intelligence agencies?
| fsflover wrote:
| Every law has exceptions. (Although I'm not sure how much
| the secrecy helps here, see Snowden's leaks.)
| deelowe wrote:
| I gave up thinking the government believes they work for the
| citizenship about a decade ago.
| xapata wrote:
| The government isn't a monolith. It's people, each with
| different incentives and values.
| fsflover wrote:
| Learned helplessness at its best.
| yholio wrote:
| This is not only true for software developed with public funds,
| but with any software that becomes critical for providing
| public services, communication in particular.
|
| Take for example the recent 5G spying debacle. US claims that
| the Chinese can insert snooping tech in their hardware, which
| is of course true. But the same thing is true for gear produced
| by American or European companies, so we are expected to choose
| based on the respectability of the political regime or some
| such and keep our fingers crossed.
|
| This whole issue goes away if all critical infrastructure
| services, regardless of origin, can only operate in "source
| available" mode, if full FOSS is not economically feasible.
| mulmen wrote:
| How do I know that the cell tower I connect to is running the
| firmware I personally verified on github.gov?
| yholio wrote:
| The trust you have in the phone company is another target
| of attack than the one discussed here, the fact that
| operators need to trust closed source blobs in their
| networks, often times provided by other states with
| strategic interests in what goes on over their networks.
| mulmen wrote:
| Maybe I wasn't clear. Even if the government publishes
| the source of whatever I am interacting with how do I
| know the source they publish is the same source I am
| interacting with?
|
| Nothing stops them from adding some malicious patch
| before deploying the open code. It's all still based on
| trust.
| yholio wrote:
| You are talking about the full chain of trust. I'm an
| talking about a single link of that chain, the ability of
| the operators to know their hardware is not under the
| control of some foreign state actor. This is the topic of
| the 5G wars. It's a necessary but clearly insufficient
| condition for what you ask.
| vmception wrote:
| So although Government generated IP titles are prohibited
| except by one-off statutes, the government can engage in work-
| for-hire or any auto-acquire titles to accomplish the same
| thing, which is what it does.
|
| So this is how it owns patents, copyrights, closed source
| software, etc
| atakiel wrote:
| I think the largest barrier for FOSS is still that the greater
| public doesn't know about FOSS, at all, and even less at the
| concept level. Because FOSS largely is still not on the daily
| political agenda, there's no actual talk among the wider masses
| about the reasons why FOSS is important, or what it actually
| means. Without wider discussion it's harder for it to gain
| foothold, as it is very much a political question, when it comes
| to use of FOSS in government.
|
| Although, this seems to be slowly changing. In Finland, YLE (the
| national broadcasting company) has recently been systematically
| bringing up the open source nature of the national Covid app in
| their reporting.
|
| I think there's a larger cultural revolution waiting for its
| turn, behind the current open source revolution that has been
| happening so far mostly in the software field.
|
| In its core, open source is a cultural thing, and maybe a
| political one, one that due to reasons that were, did found
| rooting and cultivation initially in the field of software.
| Regardless of its origins, it's a wider movement that could
| disrupt every aspect of content creation, if realized as such.
| E.g. the same discussion that is being had in this thread and in
| the original article, about FOSS in government, largely applies
| to a wide field of other types of content created by governments.
|
| One of the larger, self created obstacles for open source lies in
| the definition itself. Open source is still being defined
| primarily in the realm of software, and through software. Names
| and definitions such as FOSS (Free and Open Source Software)
| reprise this problem by anchoring the concept to the world of
| software, and in this case, it happens already in the name.
| Instead of FOSS, maybe we should be talking about FOS software?
|
| I think the world could do well with a concept of open source
| that could be unleashed on all types of content created [1]. FOSS
| could probably do well, with the larger umbrella concept of FOS
| hitting daily discussion.
|
| Interestingly, open source as a term doesn't have this package,
| as source can mean more than just source code.
|
| [1] Creative commons already exists, but that's mainly a license,
| to be used in certain fields of content creation, not a wider
| definition for the concept.
| MrsPeaches wrote:
| See also the Dutch Ministry of Health has it's own GitHub
| account[1]
|
| Their coronavirus tracking app is open source [2]
|
| And their Minister for Health made the commit to send the app
| website live [3] (though he did push to master on a Friday. I
| guess you can do that if you're the Minister...)
|
| [1] https://github.com/minvws
|
| [2] https://github.com/minvws/nl-covid19-notification-app-ios
|
| [3] https://github.com/minvws/nl-covid19-notification-app-
| websit...
| remir wrote:
| I have said this for years: all the building blocks are here.
| What's missing is the integration, UX/UI polish, and of course,
| the resources to do so.
|
| If enough public administrations are on board with this, then
| this could be game changer. We could have something that trickle
| down to the general population. Something on the same level of
| polish as Windows or MacOS.
| specialist wrote:
| "Citizen owned software."
|
| Phrasing I used on the stump, both campaigning and as an
| activist.
|
| Overwhelming support. One of those 90/10 issues.
|
| People just get it. Resolutions, petitions, platforms practically
| write themselves.
|
| Forewarning for any future advocates: Appeal directly to the rank
| & file, Jane Public, editorial boards. Organize bottom up. I
| can't recall any elected or appointed person supporting
| (publicly).
|
| Free advice (and twice as valuable): You must have solutions.
| Real code. My topic was election admin. I couldn't resolve the
| chicken & egg problem. Any green field efforts would need $10m
| just to wage the legal battles (certifications, in every
| jurisdiction). So figure out a way to get existing code into the
| light.
| edoceo wrote:
| Oof, see the disaster that is regulated cannabis software. $3M
| for stuff that was hacked the day after launch and still
| routinely fails two years later. And the government has simply
| changed the definition of success so it looks like it wasn't. All
| the while the agency is rebuilding the reports the taxpayers paid
| for, and we're supposed to be delivered 24 months ago with Excel
| - and training LEOs how to ignore and filter out garbage data
| from the system to do their job.
| afarrell wrote:
| I think one easy mistake to make is thinking about this as an
| investment in software as a technical artefact. Which is more
| valuable for deterring war:
|
| A. An $80 million fighter jet with dysfunctional communication
| among its maintenance, logistics, and air combat teams.
|
| B. An organisation which can resiliently perform effective aerial
| interdiction and communicate the resulting intelligence clearly
| and swiftly.
|
| B, right? So too with peaceful investments.
|
| Governments should invest in teams with the capability to:
|
| 1. Understand the needs of the public, prioritised through some
| healthy democratic-representative process.
|
| 2. Write and refactor high-quality software as that nourishes the
| public good.
|
| 3. Empower members of the public to educate themselves on how to
| contribute to this public commons.
|
| Open-Source code itself? Eh, writing code is fun. When you take
| care of the team, the team takes care of the code.
| BlueTemplar wrote:
| jamesmcm.github.io
|
| The author criticizes a lot Microsoft and hypes FLOSS, while
| being hosted on a closed source, Microsoft-owned platform.
| waldohatesyou wrote:
| This has nothing to do with his point
| clintonb wrote:
| I agree. I've seen a few models work in other industries. MIT's
| OpenCourseWare (OCW) and edX initiatives relied on partnerships
| with other universities and institutions. They all pay in to fund
| the development of the underlying platform. OpenEdX has
| individual and institutional contributors that help improve it.
|
| Smaller credit unions join forces to form credit union service
| organizations (CUSOs) that provide a service (e.g., IT support,
| or lending services) to all member credit unions.
|
| I would love to see US state and local governments do something
| similar. Start with everyone's favorite state office: the DMV.
| I've lived in three states. The DMV experience for all three has
| been pretty bad. This is more frustrating as an software engineer
| because it is painfully obvious where a bit of software could
| have a huge improvement. It makes no sense that 50+ states and
| territories have 50+ systems for the DMV, business registration,
| taxes, etc. when the basic functionality is most likely the same
| across all of them.
| shadowfox wrote:
| > It makes no sense that 50+ states and territories have 50+
| systems for the DMV, business registration, taxes, etc. when
| the basic functionality is most likely the same across all of
| them.
|
| While this is likely true, this being the US, you are also very
| likely going to end up in an ideological (for the lack of a
| better word) rabbit hole about freedom and state's right to do
| their own thing.
| bobthepanda wrote:
| This is exactly what happened to Common Core.
| microcolonel wrote:
| This is why the _open source_ angle is so crucial. If the
| expertise is distributed well between the stakeholder states,
| it can produce _more_ state sovereignty, because it is at
| least plausible to fork.
|
| It serves the best arguments of both nativism and globalism,
| without really harming the values of either.
___________________________________________________________________
(page generated 2020-09-13 23:00 UTC)