Slashdot Mirror
German Gov't, Free Software, and Secure E-mail
friday2k writes "There is a nice Article on Newsforge describing how the German Government moves ahead on looking into Free Software solutions for government agencies. And you need a standard, secure, email client for this." Basically, they are funding some good secure e-mail - but making sure that it works with stuff like Kmail.
Germany... Last bastion for open communcation? Give it twenty years... The U.S. govt. is doing it's best to shove the genie back into the bottle... Shouldn't this be a sign to them?
Project Ägypten will focus on making Open Source email programs KMail and mutt compatible with Sphinx
They're modifying KMail and mutt to work with Sphinx, not the other way around (as the post implies).
I would applaud this but would only suggest that open source developers not gravitate too closely to the governments of the world for cues and support in development of new security software.
They will order code they can understand and code they can master, and will want multiple accesses to encryption (such as back-doors) that truly render it useless in an intelligence capacity.
Give the government strong crypto controled by a single trusted admin. Distributing information and accesses simply opens the door to moles. The US government has seen several, such as Robert Hanssen and Aldrich Ames.
If an agent is communicating with a handler far away via encrypted email, not even the handler's supervisors should be able to override the encryption. Especially them.
Goat sex free since 2001
By doing this, they are saving their taxpayers a bundle (easily billions) by not spending so much on licensing fees from Sun or Microsoft. That money saved can go to greater things like making better schools, etc.
The article starts out saying that Congress wants to outlaw Open source via the SSSCA.
Perhaps congress should visit our German buddies and see how a switch to OSS can benefit the American public. A little bit of seeing what's happening abroad could go a long way.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
I would advocate that governments only use open source projects...
the fact that the DoJ was supposedly at war with M$, while at the same time handing over some of M$'s largest contracts seems insane...
I would almost call it a chuch/state issue...
So what is this 'Sphinx' email? Is it some propietary software or what??
The article seems to raise more questions that answers.
Will this going to help anyone that doesn't use Sphinx?
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
The best thing I see coming out of this is the possibility of an entire governmental agency switching over to solely free software. At that point you'll have all types of employees all using free destop productivity software. Whatever word processor they use, it'll have to work well and have everything they need and want it to. Same with presentation, spreadsheet, database, etc. applications.
One thing I've heard repeatedly from various places is that there's no set of free software applications that meet the above requirements, pretty much forcing people to use windows. Once an entire agency is using free software, the government is going to have to pay for some company to create exactly what it is that they need for the desktop, and since it's open source, it'll be available to everyone. So there'll be a standard install of a standard, easy to use desktop and it'll come with all the applications a person needs to be an engineer, statistition, executive, or even just a secretary.
I see this as possibly the only way free software will get a good business desktop in the near future, and I can't wait for it to happen.
Mr. Spey
Cover your butt. Bernard is watching.
Cover your butt. Bernard is watching.
It's great to see a government agency of all places supporting the GPL and open source.
I might be kind of shallow, but I think if you don't release your code, you are afraid of people looking at your poorly programmed code. If the "you" in the above sentence relates to a company, the company is essentially saying that your company is embarrased of the programmers.
I'm sure I'll have a change of heart once I enter the industry.
A mail program isn't the most complicated thing to program, I'm writing something in vis. basic right now (I know, I know - It's called schoolwork and I might as well challenge myself) The program is going to be um.. very highly customizable.
Anyways, these rfc's were really useful.
http://www.ietf.org/rfc/rfc0821.txt SMTP Spec
http://www.ietf.org/rfc/rfc2046.txt (w/Mime)
On a side note (and kind of in jest), what the hell is with europeans and super long agency names?
Bundesamt für Sicherheit in der Informationstechnik (damn!)
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
This project is great, since it hopes to create a universal module that can be plugged in easily to any MUA.
But for those of you who happen to run mutt, you don't have to wait for S/MIME support -- see this site for details. It's not universal or modular, but it exists now and it works.
--
Mod up a post Rob doesn't like and you'll never mod again
About 6 months ago I stumbled across an awesome GTK+ mail/news reader very similar in look to Netscape Messenger (and far superior to XFMail) called Sylpheed (http://sylpheed.good-day.net/). It'll handle as many accounts as you want, supports threading and image view through gdk-pixbuf, is extremely fast (and decently configurable), and I've never had it crash on me. Some distributions are starting to pick it up now, and it's included in Mandrake 8.1, though I usually compile myself from source. I'd suggest giving it a look.
Interested in open source engine management for your Subaru?
What's so wrong about this? Sure the government has to hire some coders to write some free software for them, but they'll easily make up the returns by not having to pay licensing fees to Microsoft or Sun.
This is a very good move by their government to put up a relatively small fixed cost up front to reap potentially huge savings in the future. Who is it who said a penny saved is a penny earned?
Things you think are in the Constitution, but are not.
http://www.ietf.org/rfc/rfc0821.txt SMTP Spec
This one has been superceded by many later RFCs (1123 comes to mine immediately). However, if you adhere to it, you'll be miles ahead of many commercial programs.
Edith Keeler Must Die
Hi,
Living in this country that "supports open source" I am rather sceptically about the whole issue.
The German parliament was also "looking into alternatives for Windows especially Linux", they said. And a few weeks later it was announced that they had made a new deal with Microsoft who gave them some better conditions than originally offered. Linux was no longer an option after that. What do we learn from that: Linux makes a good argument when you want a good deal from Microsoft.
twm
The problem is of course that standardization in software is a good thing - but too much is a bad thing. I don't know that anyone has figured out where the golden mean is between the two poles. We obviously need some sort of standard software to run our computers, and we need some sort of quality assurance. Open Source certainly is a candidate to develop a standard (think RFC) - but in its present form the quality of software offered is uneven. (Some is extraordinary, some is crap.)
Perhaps the real way to develop a vendor agnosticism would be to actively support and have people on the goverment payroll contribute to the open-source development model. That way the goverment is actively looking out for its own interest, but in a way which supports communal development.
Which of course sounds good, but I have no idea what it would look like... or how it would play out.
In illa quae ultra sunt
Also, too many people are not reading into the bill enough; there is a grandfather clause that does state that 'unsecure' hardware and software before the end 12month discussion period mandated by the proposed bill would be legal; sure, this kills the development of linux, so it's still scary, but preexisting linux boxes on the net could not be taken down by this.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
http://www.glreach.com/globstats/ -- according to them German is 5th (based on how many people are online that speak it). It goes English (still less than half of all internet users, even though top spot), Chinese, Japanese, Spanish, German. There is also this site which has the information based on web site language : http://www.et.com.mx/mgb/dmoz/stat/
:)
But as far as non-internet languages go, German isn't even top ten. So unless you've already mastered Chinese, Hindi, Spanish, Russian, and Arabic-- I'd wait to learn German later, unless you've already learned some German, in which case you might as well go for fluency.
I do not have a signature
Perhaps the real way to develop a vendor agnosticism would be to actively support and have people on the goverment payroll contribute to the open-source development model.
Hey, we could put Government funds into education and get the professionals there to develop open source software. I'll call up the Regents of the University of California, Berkley. Oh... Wait a minute...
In my opinion, if the government continues to fund software development then it should ensure it isn't under the GPL (BSD license springs to mind). After all, everyone who helped fund that software should have a right to it and not just those who also agree with the philosophy of GNU.
Fear: When you see B8 00 4C CD 21 and know what it means
The German government isn't too happy about the fact that at least of couple of the companies that write utilities used in Windows are associated with the "Church" of $cientology.
And given $cientology's record of infiltrating government offices in the US, Canada, Greece, France, etc, the thought of proprietary code gives them the creeps.
xenu.net
One line blog. I hear that they're called Twitters now.
The City of Turku, the oldest and one of the largest cities in Finland, is planning on a switch to Linux + OpenOffice in order to save the XP license money. Links here and here.
Escher was the first MC and Giger invented the HR department.
Why do you think thats insane? The DOJ case is about some illegal business practices microsoft has been using in the past. The DOJ wants to punish microsoft for the damage this has caused (rightfully since it's illegal) and make sure it doesn't happen again.
Valid points, yet I guess my ethical (if certainly not legal) reasoning would be: Because in this instance, Microsoft is being rewarded.
If it has been, or is in the process of being, established that Microsoft used unfair and illegal means to advance itself into a position that they have become a (the?) predominate supplier of software to the U.S. government, then perhaps that relationship should be re-evaluated.
The fact that it goes on un-inspected is, yes, a bit insane to me.
But then who cares what I think? Just another schmuck voter am I.
One of the tactics of the black hats seems to be to dig around for information from places, and perhaps in ways, which might not be quite so easy for them to get access to, when the white hats learn to use encryption as well as "they" do.
For example, consider mining an airline booking site to see which flights have special prices. This type of information retrieval might become better protected, because such information could lead to speculation about the human-density on the flight.
Consider also, that Europe, as Us, is devastated by every new MS worm that comes around. But if they'd only use SSL server encryption more widely, they'd be unbothered by such simple virusen. Managers will buy more servers, because SSL takes more horsies, (as every other form of encryption), users will share information in a more sensible way, the economy will rebound, etc., etc.. :)
I contend that the most interesting authorities built out of X.509, in any case objCA, sslCA, and objsign (from openssl docs and Netscape definitions), should continue to be widely encouraged. emailCA, perhaps is for the more mature organization, but an organizations email can sometimes be the biggest "hole" of all. It should be closed-up, in any good business activity, anywhere, eventually.
The point is, everyones already got this stuff. The playing field is even, and we have to fight dishonesty with the same tools as are being used to hide it.
Not to worry unless someone tells you to put your certificate on your head or your hand (right). Right?
*cough* Last item right here. *cough*
Could someone explain to me what this postercomment compression filter is in I'm violating (which this sentence was added to work around)?
Interested in open source engine management for your Subaru?
Mutt is already standard (i.e. works on any terminal, including text-only), and secure (PGP/GPG/choose-your-flavour).
It seems to me the free software movement has stalled in the USA. Witness the harsh laws, government and corporate comingling, etc.
I've often thought the only way for open source to succeed is for "other-than-USA" countries to embrace it...the USA just has too many influence peddlers and special interests involved in government to make the proper decisions...not to mention a population of dullards who know little of law and less of history. Harsh, but I beleive it true.
It's really looking like it will be the forward-thinking countries outside the USA who are going to turn the tide against "zero choice" monopoly software.
Even though I might have to watch, rather than participate, I'd really enjoy seeing Germany (and hopefully others!) give Bill Gates and his illegal corporation a "boot to the head".
I hope the Germans decide to do this...it's very impressive to see people standing up and demanding freedom, liberty, and choice from their government.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
Living in this country that "supports open source" I am rather sceptically about the whole issue.
Well, you should know then that the German federal government has already sponsored the development of one widely-used Open Source project: GnuPG.
Details are available in English und auf Deutsch.
This is for real. The German government has realised that it has no confidence that its internal communications are secure and it cannot have that confidence if the communications infrastructure is run by Microsoft software - because they have no way of telling if there are or are not US government-controlled backdoors in Microsoft software. They also cannot be sure that the encryption systems built-in to Microsoft OSes and applications do not have unintentional subtle flaws that make them much easier to crack.
With all the (understandable) paranoia over the Echelon system, it is easy to see why they want a solid encryption solution that is entirely under their control.
It has nothing to do with price or better license conditions from Microsoft. It is about having an encryption system that is widely-used, rock-solid and verifiably free from backdoors.
Even if Microsoft offered the German government a source license, how can they be sure that the released version of Windows and the source code that they are offered are equivalent? Quite apart from anything else, there are significant chunks of Windows that Microsoft do not own the rights to, and thus cannot provide under a source license.
So, let me repeat again: this is not about Linux vs Windows. It is about having a solid, secure, verifiable communications channel that the German government can have confidence in - confidence that they cannot have with Microsoft software.
Why do all government projects seem to involve S/MIME and X.509? What's wrong with PGP and PGP certificates? They actually have some users and software support.
-- Ed Avis ed@membled.com
A good Joke about that is "gang und gäbe" with IT professionals: "If we (the germans) wanna take a wordwide lead in IT, we shouldn't try do so by focusing on the lousiest propritary american OS we can lay hands on."
Quite my position
OSS is cool, '133+, democratic and modern, and the density of tech savy people, due to the high education level (compred to USA) reaches critical mass well enough. Which means politians don't wanna out themselves as 'not tech savy' by not joining in the "oss is the future" policy.
I wouldn't be suprised if Europe realy takes the lead in IT tech by doing a solid amount of OSS lobbying.
BTW: IMHO, succes of Linux in Germany is also widely based on the famos SuSE Distro.
We suffer more in our imagination than in reality. - Seneca
Bundesamt für Sicherheit in der Informationstechnik
Loosely, that's "State Office for Information Technology Security." It's not an especially long German bureaucratic name.
BTW, the WWII Nazi spycatcher agency was the SD, an acronym for "Sicherheits Dienst." Try saying that three times, fast.
The German security agencies are puckering up and paying more attention lately. It seems they weren't concerning themselves much with immigrant international terrorists, but were concentrating on homegrown neo-Nazis instead. They're scrambling to catch up now (and doing a fairly credible job).