[HN Gopher] Governments should adopt and invest in FOSS ___________________________________________________________________ Governments should adopt and invest in FOSS Author : nivenkos Score : 178 points Date : 2020-09-13 15:15 UTC (7 hours ago) (HTM) web link (jamesmcm.github.io) (TXT) w3m dump (jamesmcm.github.io) | eddietejeda wrote: | If you are interested in this topic, checkout https://code.gov/ | | "The Federal Source Code Policy (FSCP) called for the | establishment of the the Code.gov program office and | corresponding technical platform of a website and application | programming interface (API). The program office assists agencies | with policy, acquisition, and code inventory creation. We are a | small but mighty team with five members with expertise and | beliefs pertaining to discovering, sharing, and open sourcing the | People's code." | | You may also want to read up on 18f.gsa.gov. They publish and | share lots of open source code. | | I started at 18F and now run https://github.com/cloud-gov | petepete wrote: | Also have a look at the GOV.UK/GDS[0], which strongly | influenced the US Digital Service. Pretty much everything | digital that government departments do is open by default[1] | | [0] https://www.gov.uk/government/organisations/government- | digit... [1] https://github.com/alphagov | sien wrote: | Government does use and create a great deal of open source | software. | | Github has this list of government and community organisations | that use Github : | | https://government.github.com/community/ | | The organisation that I work for has over 200 Github | repositories. | | The Australian government alone from that Github list is | literally supporting thousands of open source repositories. It | looks like many other governments around the world are doing the | same. | | It would be worth going out and working out how many open source | repositories governments are supporting. | pkz wrote: | 1. I think many public sector organizations in Europe lack basic | knowledge of FOSS and have IT managers that don't even know what | it is. | | 2. In many ways it is surprising that generic software like cloud | office functionality in reality only have two suppliers, both | from the US, in the public sector. The amount of money that is | being paid by tax payers every year for that across the EU is | staggering. | | Maybe the Schrems 2 court decision will change #2 eventually but | for the time being I see very few alternatives. | GartzenDeHaes wrote: | Unfortunately, that isn't how government works. Whether it's | F35's or Microsoft Office, putting money into the pockets of | political cronies is what drives the purchase. FOSS doesn't | benefit anyone with power, so it's useless to the government. | prepend wrote: | I suppose it depends on the government, but my experience is | that it's more about familiarity and ease of maintenance. | | In the US there are few actual digital services/ engineering / | hackers who are employees. Mostly project managers and contract | admins. So it's frustrating to me seeing a mediocre commercial | solution purchased because it's easier to support than | equivalent OSS that requires just a single person who knows how | to admin something simple like Wordpress. | | The number of times I've heard that SharePoint is superior to | Wordpress for intranet and content management because it had | better support would boggle any reasonable mind. No one is | paying political cronies, just people trying to do their best | without any direct understanding of what it takes to run these | types of services. | | I think the solution is to require a rigorous analysis of OSS | in solution contracts. Then all the contractors supporting | SharePoint will just support WordPress and funnel the license | savings into more contractors. | an_opabinia wrote: | I've got news for you dude, cronyism is a lot worse when | selling to corporations. | extremeMath wrote: | No. With government the stakes are significantly higher as | governments don't go out of business. | xapata wrote: | When people complain about government inefficiency I always | wonder if they've ever worked at a large company. | [deleted] | fallat wrote: | So the reasons are: cost, contributions, and audits. | | I'm playing devil's advocate here and think this could be an | interesting thought exercise. | | There is no evidence or proof any of the above are advantageous | to governments. | | 1. Cost - Does it cost more for an existing solution, that maybe | other governments and companies have paid toward, than adding | features to a solution without all the bells and whistles? | | 2. Do you want other governments to receive the improvements? | | 3. Do you want other governments to be able to audit your ("you" | being the government) software? It is more effective to hire a | specialized audit team or have random code readings by random | people? | xapata wrote: | Open source software is a public good. The government is | responsible for creating and maintaining public goods. Where's | the dissonance? | spurdoman77 wrote: | My toughts: | | 2. Yes, in areas where other governments profit isnt your loss. | I think there are lots of these. For example, if you have | software which makes people more healthy, you wont lose if | people in other countries get healthier as well. | | 3. Yes, similarly in many areas others auditing the software is | harmless. | sjy wrote: | I have found that not everyone in the public sector would | agree with (2). By giving away the software you lose the | ability to sell it and recover some of the money you spent on | it. Similarly, funding the development of proprietary | software involves less capital expenditure because the | developer can charge less than they spend and still profit by | selling to others. I don't believe that either of these | arguments are sound, but it's hard to respond to them when | the experts on how software development should be done are | the contractors who benefit from these arrangements. | fouc wrote: | Let's go further than this though. Governments should all follow | the China model and have their own firewalls, support their own | software industries, and splinter the internet. | | Also support institutes that do work in FOSS. | just-juan-post wrote: | No mention of what is the greatest government contribution which | is SELinux from the NSA | | https://en.wikipedia.org/wiki/Security-Enhanced_Linux | | SELinux is what keeps an attacker contained after they exploit | and break into the system. | MattGaiser wrote: | I work for a government software development team (At least for | the next week). I have other friends in other governments on | other teams. | | I can't see a government being able to build generalized software | or contribute effectively to it. Governments don't tend to have | people who say no to feature requests. The end result is not a | generalized good solution, but extremely specific solutions built | on a generalized platform of if statements and endless | configuration setups with special cases weaved through. | | Governments are used to getting to decree everything from the | button shade to the location of the buttons (different | departments might ask for different button placements and get it) | to the database type used (for the same piece of software) to the | cloud vendor to all manner of additional features that require | threading them through the core software. They want piles of | exceptions and special cases. They want every possible scenario | from the paper based days to be included in the software or it is | not sufficient for their purposes. They want to specify date | formats. They want to have very custom reports. | | To use OSS, you basically need a generalized thing many people | can use. But each government department will rapidly make it far | from generalized. | salimancer wrote: | 100% agree. | | I do R&D in the defense industry and scope creep is an absolute | nightmare. The only times I get to say no are when the laws of | physics dictate so. | 29athrowaway wrote: | IMO, essential FOSS projects should be seen the same as | infrastructure. It is not unheard of to see millions spent on | bridges, highways, etc. | | Well, office suites, operating systems, and the myriad of FOSS | projects used every day are as useful as that physical | infrastructure. Especially in this day and age. | majkinetor wrote: | Since its taxpayers money, any custom made software for gov MUST | be FOSS or we can equally abandon any logic whatsoever - citizens | payed for it, gov employees were working with implementation team | on shaping it, so it belongs to them. This doesn't have to be so | for supportive domains such as databases but I would personally | prefer that also (i.e. Postgresql instead Oracle db). | | There are many more reasons for this then mentioned, including | keeping more IT experts locally, better connections with | academia, higher salaries for gov IT guys, less corruption etc. | | The MAJOR thing is actually that gov companies and their systems | are usually quite complex and not something that can be easily | (or at all) correctly done by external team of any kind - you | need to be there, on the spot, and live that system for years to | know how to program it, improve it, and make it good for the | country and its citizens. I worked for gov 15 years, and did many | huge projects with various companies - IBM, Microsoft, Oracle, | Cisco etc... almost all being complete garbage, especially for | the usual multi billion price that is payed to those corps | yearly. There is an illusion that big names mean big and | qualified team, good responsibility delegation (there is the | 'nobody got fired for choosing IBM' thing) and that high price | means quality, but in practice it never works like that, reality | is quite the opposite (except responsibility | delegation/dispersion which is totally true). | | The major reason that proprietary software is so prominent in gov | is corruption. | ocdtrekkie wrote: | > The major reason that proprietary software is so prominent in | gov is corruption. | | I'd like to see more open source software in government, but | the main reason we select proprietary solutions where I work is | support. If more open source tools had support staff, | maintenance agreements, etc. more government organizations (and | businesses) would consider them viable. I may be fairly code- | literate IT, but I don't understand a given product as well as | the support staff from the company that made it. | afarrell wrote: | Code is a liability. Teams which can encapsulate complexity | for others are an asset. | robocat wrote: | > If more open source tools had support staff, maintenance | agreements, etc | | Supply is surely not the issue, there is simply a lack of | demand at a reasonable price. | | The usual billion dollar failed proprietary IT project could | pay for an equivalent open source implementation with | equivalent support. | | Most government simply doesn't demand open source as a | preference, and proprietary software suppliers overwhelmingly | prefer to supply solutions that gift them vendor lock-in and | monopoly rent extraction. | | Edit: large software corporates demand open source suppliers, | or they bring open source talent in-house: government should | follow their example. Large software corporates do it right | (e.g. I met someone working on PostgreSQL but getting paid by | Microsoft the other day). Disclaimer: I am a co-founder of | small proprietary software company with some government | clients. | majkinetor wrote: | That's common complaint. However, in my experience, | proprietary support, especially on supportive technologies | isn't that great either. | | It also seems more likely to find local expert on FOSS | technology given that barrier to entry is 0. | ocdtrekkie wrote: | The barrier to entry is far from zero. Understanding a | platform enough to make code fixes takes a fair bit of | study beyond the most trivial project. | | For businesses and government, support is often mandatory, | and at the least, it gives administrators "people to blame" | when something goes wrong. | | I feel open source with paid support is a very viable route | for government, given it's general expectation of having | paid support for the products it uses, but there's still an | extreme minority of businesses successfully monetizing open | source software. | verisimilidude wrote: | "Support" is the excuse, but it turns out to be a bad excuse | in practice. It's easy for government organizations to become | small fish in a PaaS provider's big ocean of customers. Even | major providers in this space, like Accela, tend to be | horrible at providing actual support. | mulmen wrote: | I love Postgres but it really does not do what Oracle does, | even today and definitely not 15 years ago. | | My tax dollars paid for the M1 Abrams and the USS Enterprise | but they won't let me take either for a joyride. I still derive | utility from those expenditures. It's the same with software. | | If corruption is the problem I'm not sure how software licenses | solve it. | RobRivera wrote: | I have a bold opinion. I believe it is to the benefit of a | State that their software be kept secret or proprietary. Of the | many reasons i have to believe this, I will say one is as a | matter of national security. | | I hope my public opinion opens a fruitful dialogue. | GordonS wrote: | There was a top post on HN just the other day about "security | by obscurity", and how the concept is often misunderstood. | | You are invoking the age-old closed vs open source argument - | essentially, security by obscurity, but I'm not convinced | it's a boon in this case. I believe govs using OSS is a net | positive for humankind: there are many more minds and | eyeballs on the code, and many more beneficiaries of the | code. | vharuck wrote: | We're working with Microsoft on a new data warehouse for | analysts, and I'd say the biggest drawback is how everything's | a committee decision. | | We also have a data warehouse for our online public query | system, but it's run in house. It's so easy to modify it or | propose additions; I just email the guy in charge, CC his boss, | and those two will decide if it's worth the time within a day. | | The Microsoft warehouse? We still don't have it after a few | years. Everything runs through multiple committees from | multiple teams on our end before it's even brought up with the | Microsoft rep. It's a terrible game of "whisper down the line," | and too few players understand enough of the whole system. I | don't know what's practical for the stack, Microsoft doesn't | know what's practical for analysis, and the middlemen don't | know how to prioritize anything. The public servants with | access to all the info don't have time to coordinate this; | that's why we contracted it out. | jandrewrogers wrote: | There are a few other real-world aspects to the development and | use of open source in government that make it more complex in | my experience. | | First, priorities and roadmaps for collaborative software | development tend to be captured by the biggest and best funded | government organization involved. A famous version of this is | that the US government effectively drives the roadmap of | international software development collaborations by virtue of | readily spending money that their partner governments can't or | won't match. The effects of resource disparities in development | collaboration often lead to the practical effect that smaller | organizations are not having their needs met and what little | resources they do have are consumed by the overhead created by | the resource scale of the big partners. | | Second, quite a lot of proprietary software development within | government has strict dependencies on closed source software | for which there are neither open source equivalents nor likely | to be open source equivalents for the foreseeable future. In | these cases, open sourcing the government code generates | relatively little value for other contributors while incurring | the significant operational overhead that is inherent in open | sourcing software. | | Third, even in cases where the government software is open | sourced, the projects are frequently unusable by other orgs | because the software is effectively unsupported. Under | government rules, you generally aren't allowed to spend a | couple hours helping any random dev that emails you on what is | essentially a support issue -- you are expressly not being paid | to work on unrelated projects. A lot of government code that is | open sourced is _de facto_ abandonware, including much of the | software I worked on, because there is no framework to provide | support for the user base either formally or informally. Unlike | with non-government open source, which tends to be responsive | to random questions from the ether, emailing devs on government | open source projects often goes to /dev/null. | | I agree that the big consulting primes do a terrible job at | software delivery but government doesn't have a good track | record of effective open source software development either, | for other structural reasons. | choward wrote: | I agree completely. It's ridiculous seeing different cities, | counties, states, etc reimplementing the same stuff from | scratch. I realize every region is different but not that | different. | fsflover wrote: | > Since its taxpayers money, any custom made software for gov | MUST be FOSS or we can equally abandon any logic whatsoever | | This is why Free Software Foundation Europe created a petition | to make all publicly paid code public: https://publiccode.eu. | slg wrote: | How does this apply to militaries and intelligence agencies? | I can understand wanting a lot of government software to be | FOSS, but maybe the software on spy satellites shouldn't be | available to everyone. | Supermancho wrote: | > maybe the software on spy satellites shouldn't be | available to everyone. | | I would agree if I felt it made security stronger. I don't | feel that way, given I know now that satellite is likely | running windows. | | OSS serving as a basis, not the end-implementation of a | system is how it would work in practice. Just like it does | now with contracted vendors. | LukeShu wrote: | I'd be surprised if satellites are running Windows. I'd | guess VxWorks. | majkinetor wrote: | Bulgaria seems to have it: | | https://thepolicy.us/bulgaria-got-a-law-requiring-open- | sourc... | jpxw wrote: | What about the code used in, for example, defence systems or | intelligence agencies? | fsflover wrote: | Every law has exceptions. (Although I'm not sure how much | the secrecy helps here, see Snowden's leaks.) | deelowe wrote: | I gave up thinking the government believes they work for the | citizenship about a decade ago. | xapata wrote: | The government isn't a monolith. It's people, each with | different incentives and values. | fsflover wrote: | Learned helplessness at its best. | yholio wrote: | This is not only true for software developed with public funds, | but with any software that becomes critical for providing | public services, communication in particular. | | Take for example the recent 5G spying debacle. US claims that | the Chinese can insert snooping tech in their hardware, which | is of course true. But the same thing is true for gear produced | by American or European companies, so we are expected to choose | based on the respectability of the political regime or some | such and keep our fingers crossed. | | This whole issue goes away if all critical infrastructure | services, regardless of origin, can only operate in "source | available" mode, if full FOSS is not economically feasible. | mulmen wrote: | How do I know that the cell tower I connect to is running the | firmware I personally verified on github.gov? | yholio wrote: | The trust you have in the phone company is another target | of attack than the one discussed here, the fact that | operators need to trust closed source blobs in their | networks, often times provided by other states with | strategic interests in what goes on over their networks. | mulmen wrote: | Maybe I wasn't clear. Even if the government publishes | the source of whatever I am interacting with how do I | know the source they publish is the same source I am | interacting with? | | Nothing stops them from adding some malicious patch | before deploying the open code. It's all still based on | trust. | yholio wrote: | You are talking about the full chain of trust. I'm an | talking about a single link of that chain, the ability of | the operators to know their hardware is not under the | control of some foreign state actor. This is the topic of | the 5G wars. It's a necessary but clearly insufficient | condition for what you ask. | vmception wrote: | So although Government generated IP titles are prohibited | except by one-off statutes, the government can engage in work- | for-hire or any auto-acquire titles to accomplish the same | thing, which is what it does. | | So this is how it owns patents, copyrights, closed source | software, etc | atakiel wrote: | I think the largest barrier for FOSS is still that the greater | public doesn't know about FOSS, at all, and even less at the | concept level. Because FOSS largely is still not on the daily | political agenda, there's no actual talk among the wider masses | about the reasons why FOSS is important, or what it actually | means. Without wider discussion it's harder for it to gain | foothold, as it is very much a political question, when it comes | to use of FOSS in government. | | Although, this seems to be slowly changing. In Finland, YLE (the | national broadcasting company) has recently been systematically | bringing up the open source nature of the national Covid app in | their reporting. | | I think there's a larger cultural revolution waiting for its | turn, behind the current open source revolution that has been | happening so far mostly in the software field. | | In its core, open source is a cultural thing, and maybe a | political one, one that due to reasons that were, did found | rooting and cultivation initially in the field of software. | Regardless of its origins, it's a wider movement that could | disrupt every aspect of content creation, if realized as such. | E.g. the same discussion that is being had in this thread and in | the original article, about FOSS in government, largely applies | to a wide field of other types of content created by governments. | | One of the larger, self created obstacles for open source lies in | the definition itself. Open source is still being defined | primarily in the realm of software, and through software. Names | and definitions such as FOSS (Free and Open Source Software) | reprise this problem by anchoring the concept to the world of | software, and in this case, it happens already in the name. | Instead of FOSS, maybe we should be talking about FOS software? | | I think the world could do well with a concept of open source | that could be unleashed on all types of content created [1]. FOSS | could probably do well, with the larger umbrella concept of FOS | hitting daily discussion. | | Interestingly, open source as a term doesn't have this package, | as source can mean more than just source code. | | [1] Creative commons already exists, but that's mainly a license, | to be used in certain fields of content creation, not a wider | definition for the concept. | MrsPeaches wrote: | See also the Dutch Ministry of Health has it's own GitHub | account[1] | | Their coronavirus tracking app is open source [2] | | And their Minister for Health made the commit to send the app | website live [3] (though he did push to master on a Friday. I | guess you can do that if you're the Minister...) | | [1] https://github.com/minvws | | [2] https://github.com/minvws/nl-covid19-notification-app-ios | | [3] https://github.com/minvws/nl-covid19-notification-app- | websit... | remir wrote: | I have said this for years: all the building blocks are here. | What's missing is the integration, UX/UI polish, and of course, | the resources to do so. | | If enough public administrations are on board with this, then | this could be game changer. We could have something that trickle | down to the general population. Something on the same level of | polish as Windows or MacOS. | specialist wrote: | "Citizen owned software." | | Phrasing I used on the stump, both campaigning and as an | activist. | | Overwhelming support. One of those 90/10 issues. | | People just get it. Resolutions, petitions, platforms practically | write themselves. | | Forewarning for any future advocates: Appeal directly to the rank | & file, Jane Public, editorial boards. Organize bottom up. I | can't recall any elected or appointed person supporting | (publicly). | | Free advice (and twice as valuable): You must have solutions. | Real code. My topic was election admin. I couldn't resolve the | chicken & egg problem. Any green field efforts would need $10m | just to wage the legal battles (certifications, in every | jurisdiction). So figure out a way to get existing code into the | light. | edoceo wrote: | Oof, see the disaster that is regulated cannabis software. $3M | for stuff that was hacked the day after launch and still | routinely fails two years later. And the government has simply | changed the definition of success so it looks like it wasn't. All | the while the agency is rebuilding the reports the taxpayers paid | for, and we're supposed to be delivered 24 months ago with Excel | - and training LEOs how to ignore and filter out garbage data | from the system to do their job. | afarrell wrote: | I think one easy mistake to make is thinking about this as an | investment in software as a technical artefact. Which is more | valuable for deterring war: | | A. An $80 million fighter jet with dysfunctional communication | among its maintenance, logistics, and air combat teams. | | B. An organisation which can resiliently perform effective aerial | interdiction and communicate the resulting intelligence clearly | and swiftly. | | B, right? So too with peaceful investments. | | Governments should invest in teams with the capability to: | | 1. Understand the needs of the public, prioritised through some | healthy democratic-representative process. | | 2. Write and refactor high-quality software as that nourishes the | public good. | | 3. Empower members of the public to educate themselves on how to | contribute to this public commons. | | Open-Source code itself? Eh, writing code is fun. When you take | care of the team, the team takes care of the code. | BlueTemplar wrote: | jamesmcm.github.io | | The author criticizes a lot Microsoft and hypes FLOSS, while | being hosted on a closed source, Microsoft-owned platform. | waldohatesyou wrote: | This has nothing to do with his point | clintonb wrote: | I agree. I've seen a few models work in other industries. MIT's | OpenCourseWare (OCW) and edX initiatives relied on partnerships | with other universities and institutions. They all pay in to fund | the development of the underlying platform. OpenEdX has | individual and institutional contributors that help improve it. | | Smaller credit unions join forces to form credit union service | organizations (CUSOs) that provide a service (e.g., IT support, | or lending services) to all member credit unions. | | I would love to see US state and local governments do something | similar. Start with everyone's favorite state office: the DMV. | I've lived in three states. The DMV experience for all three has | been pretty bad. This is more frustrating as an software engineer | because it is painfully obvious where a bit of software could | have a huge improvement. It makes no sense that 50+ states and | territories have 50+ systems for the DMV, business registration, | taxes, etc. when the basic functionality is most likely the same | across all of them. | shadowfox wrote: | > It makes no sense that 50+ states and territories have 50+ | systems for the DMV, business registration, taxes, etc. when | the basic functionality is most likely the same across all of | them. | | While this is likely true, this being the US, you are also very | likely going to end up in an ideological (for the lack of a | better word) rabbit hole about freedom and state's right to do | their own thing. | bobthepanda wrote: | This is exactly what happened to Common Core. | microcolonel wrote: | This is why the _open source_ angle is so crucial. If the | expertise is distributed well between the stakeholder states, | it can produce _more_ state sovereignty, because it is at | least plausible to fork. | | It serves the best arguments of both nativism and globalism, | without really harming the values of either. ___________________________________________________________________ (page generated 2020-09-13 23:00 UTC)