UK Government Mandates 'Preference' For Open Source

An anonymous reader writes "ComputerWeekly reports that the U.K. government 'has, for the first time, mandated a preference for using open source software for future developments.' This comes from the newly released version of the Government Service Design Manual, which has a section about when government agencies should use open source. It says: 'Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.' The document also warns against vendor lock-in. This policy shift comes under the direction of government CTO Liam Maxwell, who said, 'In digital public services, open source software is clearly the way forward.' He added, 'We're not dogmatic about this – we'll always use the best tool for the job – but open source has major advantages for the public sector.'"

Is this real?

[rsilvergun]

anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

Re:Is this real?

[K.+S.+Kyosuke]

it's just another attempt to get discounted Microsoft software?

Of course it is! What else did you think?

-- Sir Humphrey Appleby

Re:Is this real?

More likely some MP's son / capita (delete as applicable) has just rolled a new linux distro and want to sell some 25 year service contracts.

Re:Is this real?

[Kjella]

My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway. Sometimes I've suspected vendor involvement, but in reality it seems to be mostly people on the inside who pick the system they already know and have competence with.

Re:Is this real?

[benilov]

You betcha. The Government Service Design Manual comes from GDS, a part of the Cabinet Office. GDS also created GOV.UK - the new single domain for the UK government. The GOV.UK stack is almost entirely open-source software, which can be found on Github under the Open Government License.

Re:Is this real?

Posting AC.

There are certain public services in the UK that have real issues at the moment, IT-wise, due to the general austerity measures in place to reduce the deficit.

There are large sections of the UK police force stuck using IE6 due to dependancies on ActiveX.
XP is being EOL'ed next year.
The money isn't there to deal with the situation.

There's a lot of people campaigning for a move to open-source so nothing like this happens again.

Re:Is this real?

[gmuslera]

Maybe this had something to do with it.

Re:Is this real?

[BasilBrush]

He's new in the job. It's possible he's naive enough to be serious about it.

Re:Is this real?

[ais523]

I think it's a response to most of their existing proprietary attempts to do things having been trainwrecks. I guess the reasoning is that at least this way, the trainwrecks will be less expensive on average.

Re:Is this real?

[Dr_Barnowl]

I like this trend, but I think Open Government License is counterproductive Not-Invented-Hereism. It's basically a BSD-style license, but also contains an exhortation not to break British law.

Well, British law is already an exhortation not to break British law. You don't need an extra one. They should just use Apache 2 if they want a BSD-style license ; everyone's IP legal department already knows it.

Re:Is this real?

[Dr_Barnowl]

Yeah, my lot have to manage the transition to Windows 7 for a whole bunch of bespoke applications. We got shot of IE6 and heavens, we were glad, because our stupid timesheet software used ActiveX so we had to ditch that too.

The only thing really holding us back from moving to Linux is MS Office. The NHS had an enterprise-wide license, which a back-of-napkin estimate says must have cost on the order of £100M per year. That got dropped a while ago, I'm guessing because it was a big fat line item in the budget and made a ripe target for people saying "hey, what if we spent some small fraction of that on LibreOffice development?".

A lot of our bespoke apps are Java and thus don't really need Windows to work. Web apps are web apps.

But we, like everywhere, I suspect, have a large number of things cobbled together from VBA and spit, not to mention the things people do with Access. Any coherent plan to move to Linux, or even LibreOffice, needs a department dedicated to migrating VBA and Access applications.

Re:Is this real?

I'd believe it's real. I work for Lloyds (40% owned by government) and we've been steadily replacing Windows with RHEL for some time. Maybe they saw it working for us and decided it was time they could do better.

Re:Is this real?

[julian67]

Yes it's real. If you can get past the partisan political bloggers and established media who don't usually notice anything in IT related tech beyond Apple, Google, MS and Samsung press releases then you can discover that the Conservative party (the larger partner in the coalition administration) has some well informed and rational policies in these areas. We've had several decades of IT school level education being no more than training people to use proprietary software for clerical tasks, while the government paid vast sums to middlemen for huge projects which failed to deliver while costs rose. Vast sums of money have been siphoned off to giant corporations like Microsoft, Serco and Fujitsu, for minimal benefit. Governments of all complexions have been guilty of terrible negligence and possibly corruption, but finally a few people who understand the severity of these problems and wish to fix them find themselves in government, and good luck to them. I'm not (so far) a Conservative voter, nor a member of any political party.

Re:Is this real?

[Nerdfest]

... or they pick the product whose sales-weasels give them vacations and golf outings.

Re:Is this real?

[Skapare]

Are you talking about West Virginia?

Re:Is this real?

[rtb61]

You have to consider that for other countries M$ is a dead loss, tons of money going out with no return. Pushing FOSS means that if an offshot of a major campaign contributing company sets up in that market you can readily funnel money to them and look really good in the polls when doing so. Basically FOSS in also going to be a double plus win for pollies.

Re:Is this real?

So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in .doc or docx formats?

To be fair Cameron was pro open-source before he became prime minister, so it may well be something he believes is the right thing, but I don't think he is competent to ensure this policy is effective.

Re:Is this real?

[jonbryce]

"British Law", whatever that might be [1] only applies to people living in Britain. Having it in the licence means you aren't allowed to break it even if you are outside the country.

[1] There's English/Welsh law, Scottish Law and Northern Irish Law. They are similar in many ways, but three different legal systems.

Re:Is this real?

It turned out that some "independent expert" had to admit being paid by Microsoft. One thing I like about UK officials that their reaction to finding out they are getting screwed by the powers who pay is not bending over. British humor is renowned, but more impressive is when they are not amused.

Re:Is this real?

[xaxa]

My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway.

The previous position was than open source software was to be selected if it was equal (in other respects) with the proprietary system. There was a document showing examples of this, e.g. choose Apache over IIS, showing that many other government departments already used Apache.

I'm not sure exactly what this changes. Possibly just giving a bit more push for the open source solution, but that's a welcome change.

What would be really good is if the government could recognise that there are probably many, many cases of "OSS-X can do everything except feature Y, so let's buy Z", where everyone has the same Y. Paying for Y to be added would be very good value for money.

Re:Is this real?

[Xest]

It really does depend on the public sector service in question though.

My local council thought it'd be amusing to blow £2million upgrading every computer to Office 2010 from Office 2007 at the same time as cutting useful services and doing nothing about inept services.

Because of course there was some pressing feature that Office 2010 offered that 2007 didn't that the whole entire council's network required at a time when they were supposed to be streamlining and making efficiency gains.

To be fair, I'm not convinced there isn't enough money to deal with the problem, there certainly is, it's just that public sector in it's almost entirety is ineptly managed so rather than making real actual savings, they'd rather cut things as a hole without a shit for the impact on their customers (the public), in some places that will be IT, in others it will be frontline staff. Pet projects still seem to get funded no matter the idiocy and pointlessness of them, so even in our time of "austerity" there's still more than enough money to go round if large proportions of it weren't just outright being thrown away.

Re:Is this real?

[lsatenstein]

anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

====
I believe your conjecture is very wrong. With the cyberfraud, the keyloggers and all kinds of espionage, the governments will insist on using open source and in doing the final inspections and compiles. The security of the critical infrastructures, such as electrical grid, water, etc. is too important to not know what is in the code that is executing.

Open Source does not necessarily mean free source.

And with the proliferation of software due to Apple, Google (Android) and everyone else, document interchange will become the norm. Microsoft will just be one of the vendors, and not the exclusive vendor.

Re:Is this real?

[starfishsystems]

So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in .doc or docx formats?

Because not everything happens at once, especially in government. Nor is the public sector is famous for agile development.

Government, by its nature, is bureaucratic. When we're on the the receiving end of government services, we often perceive the bureaucracy as ponderous and inefficient. That's because accountability is a big part of the system. I've worked in government IT alongside some really progressive, dedicated and talented people where we had a clear mandate, ample funding and few political enemies. I figure in this best case scenario we spent 80% of our time on project tracking and accountability.

See, you never have to turn a profit in government. But you will be audited. You'll be asked to show the work you've done and justify it. Knowing that the audit is coming, you make friends with the auditors and ask them what controls need to be put in place. Since you have to be in compliance eventually, that's the most efficient course of action, but it adds a chunk of overhead up front. There may be several auditing bodies: one for finance, one for security, one for privacy, one for ethics, one for affirmative action. And of course there are other controls to make you accountable to your boss, and he to his boss and so on.

But you're also accountable to your colleagues. Unlike in the private sector, there's no such thing as "good enough". As a business owner, I can decide to launch a product at any moment I decide the time is right. No matter how broken it may be and no matter whether the market is ready for it or not, that's my exclusive decision. Not so in government. All it takes is someone at a meeting to raise the idea of a unit test that could possibly be done and suddenly you're on the hook to do it. This is not because your colleague can tell you what to do, but because his comments were minuted and those minutes were circulated to all the stakeholders - which includes your department head, who is now responsible to ensure that if anyone in future ever asks about that unit test, you will be able to give him the test logs. And let me tell you, half of all government workers are worry warts. They sincerely think that coming up with new things to worry about is a positive contribution to a project. To be fair, sometimes it is.

See how it works? Now, along comes a new mandate which says not merely to "evaluate" open source but to "prefer" it. People who are running projects that have already done their initial requirements gathering and compliance controls and are now onto architecture and design, what are those people going to do? Their first reflex is not going to be to go back to the drawing board. Not in a million years. Their first reflex is going to be to hold a series of meetings to show due diligence in evaluating whether or not the project now underway is subject to the new open source mandate.

On the other hand, any new project to come along is going to be subject to the open source mandate. People who don't like it will privately grumble but they'll go along. People like me who've been waiting for the mandate will happily embrace it. And then it's payback time. We'll be the people in the meetings raising the questions about due diligence in respect of open source compliance. We'll be the ones suggesting cost and performance controls for existing projects so that in future we can measure their value against comparable open source projects.

Open source will win out. Open Document Format will eventually win out. On merit, mind you. You just have to understand that government moves very slowly and cautiously. But once it becomes a matter of policy you can take it to the bank that these things will happen.

Re:Is this real?

[Shimbo]

anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

It's mostly not about Microsoft. It's about trying not to roll everything up into one huge 'too bug to fail' IT project, and having a choice of the same few firms to contract out to. It's having something of value delivered even if the main contactor walks away halfway through the contract. Open source is one facet but it's as much about agile development as it is about FOSS.

Having flicked through it, it's actual quite well written. Government moves slowly though, so be prepared for reversals. Actually, I think we already had a 'government breaks open-source IT promise story.'

If you're cynical: the thing it's really about is not having the National Audit Office deliver another damning report about wasted public money on poorly managed IT Projects, while the current government is in power. And really, the best answer, "how do I prevent a huge IT project failing?" is "don't have any huge IT projects." For once, I think trying to prevent government being embarassed is actuallygoing in the same direction as the public interest.

Re:Is this real?

HM Submarines also locked into IE6 and XP, Oh!
(Coward I am, so also posting AC)

Re:Yet another government mandate!

[Immerman]

Amen Brother! Tell it like it is!

Good thing we have Microsoft to fight against such totalitarian overreach. Freedom from choice! Freedom from excess money! Freedom!

Cost for software vs skill set

[DigiShaman]

As I know, programmers and Linux admins cost twice to three times as much as their Windows admin counterpart. However, OSS is free.

Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value? On that front, which set of admins is likely to engage in such dishonest practices? Or is it a out the same for both sets of admins?

And yes, there are many Windows/Linux admins that can do both with an indepth skillset and experience, but they command a premium salary as I know.

Re:Cost for software vs skill set

[DamonHD]

Things have changed for the better for Windows I am quite sure, but back in the days when I was a UNIX sysadmin for a living you needed 10x as many Windows admins as UNIX admins for the same number of machines / user seats, so a simple salary ratio would be misleading!

Rgds

Damon

Re:Cost for software vs skill set

[mjwalshe]

Unfortunately HMG tends to employ loads of pogramme managers and far to few people in house who actualy get stuff done

Re:Cost for software vs skill set

[icebraining]

OSS is free

Not necessarily; I write OSS for a living, but only a fraction is free.

Re:Cost for software vs skill set

[Immerman]

By definition, if it's OSS your first customer can give it away for free and nobody need ever pay for it again. Therefore if your customers are paying for it it means one of three things:
1) They're idiots, or locked in to an acquisition model that doesn't account for non-purchased assets.
2) They believe in paying a fair price for a fair product, regardless of the legal necessity and effect on their bottom line. (don't we all wish)
3) You actually provide worthwhile additional value for the price: Support, customization, responsive adaptation to feedback, etc.

Re:Cost for software vs skill set

[Dr_Barnowl]

Because GPP is living in an imaginary world where there are no Linux drivers for smartcards.

Or in a real world where the integrated authentication is some kind of horrible proprietary thing that doesn't follow standards, which would rather prove the point about lock-in...

Re:Cost for software vs skill set

[icebraining]

You forgot one thing: it's not possible to get the software for free if it doesn't exist yet ;) A big part of our business is development of new software.

Besides, most of our costumers are not technologists, so the idea of going around setting up public source repositories is kind of foreign to them. We're significantly cheaper than the alternatives (mainly SAP), so they're happy to pay.

That said, we do offer additional value: hosting, support, custom development and training.

Re:Cost for software vs skill set

[marcosdumay]

Scripting involves simplifying or automating a process using pre-existing functions in whatever software you're scripting against. Programming involves creating new functions where previously such a module or action did not exist in the first place.

Hum, I take from this that the computers that run your programs don't have an instruction set, and you don't program in a language... As those are pre-existing functions that most people use to automate stuff.

One involves creating limited functionality with the elements given to you. The other is creating whole new elements from the ground up.

Yeah, limited to the turing complete shells available.

Ok, you can't write device drivers in Bash. But it seems that you have no idea what you are talking about.

Re:Cost for software vs skill set

[Nerdfest]

That's not the definition of open source software. Isn't that 'libre' software? Open source just means that you have the source. Personally, I'd prefer it if they mandated FOSS. Question though ... if MS made their products open source, could you maintain it yourself ... or would that be something that could be restricted by licence? The way I see it you could do anything you wanted with it within your own business. Anything else would be against copyright laws.

Re:Cost for software vs skill set

[lennier]

>Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value?

I'm not an IT director but as a Windows sysadmin who uses Linux for preference at home, there's still a huge gap in manageability for Linux. Linux has taken out some very small, specific niches, mostly in the server and mobile device space. But there's simply no Linux equivalent of Active Directory and Group Policy (there's Open Directory, which OSX uses, but there's a whole missing layer of policy control on top of that which isn't there).

I wish Windows had an equivalent of deb/rpm package management. MSI and SCCM are atrocities. But, like Apple but even more so, Linux desktops aren't even trying to play in the enterprise desktop space. If no other contestants bother to turn up, Microsoft wins the game by default.

Re:Cost for software vs skill set

[thetoadwarrior]

That might have been true due to the rarity but I expect that is actually Microsoft FUD. Job listings in the UK show that Linux sys admins aren't getting £60k over some Windows guy getting £30k. They're getting £30k too.

Re:Cost for software vs skill set

It's a factor of 3, these days. The Active Directory admins hate it when they see me coming, because I wind up educating them in the newb errors they've made in DNS, DHCP configurations, and password management. The Exchange managers also hate it when they see me coming because I *warn* them about the spam problems coming down the pike and how they can avoid it, and have consistently reversed that web of spit and duct tape they call a network map and pointed out the single points of failure.

They hate it worse when I walk them back around to the solutions I proposed 3 years ago, in the midst of their "incident" meetings after yet another system failure. This has happened repeatedly in my career: I've learned to show up with the printouts of my emails and the trouble tickets they've closed as "completed" but which were not, or which are still outstanding for the last 3 years.

And yes, I did this in London for a few years. The settled in middle managers who drew Gant charts for their projects *hated* me, but the people who actually wanted the email to work and to keep working loved me to pieces and tried to get me to emigrate.

Re:Cost for software vs skill set

[Local+ID10T]

Scripting involves simplifying or automating a process using pre-existing functions in whatever software you're scripting against. Programming involves creating new functions where previously such a module or action did not exist in the first place. In other words: One involves creating limited functionality with the elements given to you. The other is creating whole new elements from the ground up.

Thank you for that summary explanation. I will be appropriating it for explaining why I do not program, but do script.

Re:Cost for software vs skill set

[Bert64]

People who are competent at their job cost three times as much as people with very little skill or experience...

Many people *claim* to have windows knowledge, but in reality they are terrible and often their "experience" is limited to using msoffice in school and reinstalling windows for friends who got malware infections.

Much fewer people claim to have unix knowledge, largely because the class of people mentioned above aren't even aware that it exists. So most people claiming to have unix knowledge do actually have a decent level of skill.

Now here's the thing... Modern systems, and this includes most linux distros, are superficially simple enough that someone of low competence can generally muddle through. However do you really want someone who's just muddling through running your business? The results will be extremely sub optimal, stability and security will both be poor, they will do less in more time and thus require more staff, they will require more hardware because they haven't configured it so well, they will be unable to troubleshoot properly and will resort to time consuming reinstalls or costly replacements. The costs of the individual staff members might be low, but you need more of them, and more hardware.

Unfortunately, a lot of places do just that, so they have a crudely hacked together windows network that cost a fortune to build and is a constant source of problems, being managed by a large number of barely competent people who are always complaining they are understaffed and under budget.

For the same cost, you could hire a smaller number of highly competent staff, who would get much better results with cheaper software running on much less hardware.

And here you have another problem... The people hiring generally don't know anything about the subject, so they are unable to recognise someone highly competent.

Re:Cost for software vs skill set

[Bert64]

You have to plan your migration to take place over time.. You don't throw everything out over night, you just ensure that any new deployments are platform agnostic (and most apps get refreshed periodically anyway). That usually means apps being web based and standards compliant whenever possible, authentication systems being based on standards etc. After a while you no longer need the old proprietary junk and can easily get rid of it.

And this is already happening, applications are moving towards being browser based and the vast majority these days work in most browsers.

Re:Cost for software vs skill set

[Bert64]

So a program written in C which uses functions present in libc is actually a script?
You're generally not creating anything from the ground up these days, you are using functions provided to you by the OS and its core libraries...

But anyway, his point was that the average linux admin has some programming skill while the average windows admin does not, so the linux admin will generally automate common functions to make his life easier and more productive.

Re:Cost for software vs skill set

[Bert64]

Active directory is an absolute nightmare from a security perspective... Most of the supposed security related policies just amount to arbitrary restrictions on workstations which are implemented client side anyway (and thus trivial to bypass), and then you have design flaws like hash passing and storing the plaintext password in memory (google for mimikatz) which combined with typical setup practices make it laughably easy to compromise the average active directory setup from only a single insecure host.
If you want to prevent that happening you have to go to extreme lengths, manually updating and hardening every single member system and ensuring there are no shared local passwords among other things.

By contrast on a unix environment you wouldn't bother with such trivialities as "command prompt restriction" and "folder view restrictions" because they provide no benefit anyway. You ensure that your network is a sensible hierarchy, such that compromise of one unimportant host cannot lead to compromise of others. You use ssh keys so that compromise of a system someone is logging in to doesn't compromise their credentials, and you use file system permissions and mount options implemented at the kernel level to prevent users running any programs you didn't provide them (either intentionally or otherwise).

And finally with unix you have a system that was actually designed to be multiuser, unlike windows where most of the gui layer and applications came from the 9x series which had no concept of security whatsoever, which is why you have such delightful "features" as the ability of msoffice to embed and execute arbitrary binaries in documents (with the added benefit that such files pass through most http/mail filters)

It's only a suggestion, not a mandate

[menot]

"We're not dogmatic about this – we'll always use the best tool for the job".
That's one of the most interesting points in the article. More people should think like that. In the end, software is just a tool.

Re:It's only a suggestion, not a mandate

In the end, software is just a tool.

This is both a tautology and besides the point. Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children. Detergent is just a tool, but maybe you should choose one that won't destroy the environment. Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

Re:It's only a suggestion, not a mandate

[Bert64]

Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children.

Or you'd buy them from a really expensive manufacturer who still employs children but works very hard to disguise the fact. Their production costs are likely the same or lower than the cheap manufacturer, they just make considerably more profit per sale.

So which is worse?

Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

And you'd have thought this would be the most basic thing, one of the first rules of running is a business is not to get yourself in a position where the actions of any single supplier can exert any form of control over you. You should always have a second source, a backup plan.

It's not enough

[Stormwatch]

Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

Re:It's not enough

[cobbaut]

Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

Mod parent insightful.

Re:It's not enough

[Stormwatch]

Open Source cannot compete on bribes with proprietary software

Fix'd.

Re:It's not enough

[whoever57]

Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

Re:It's not enough

[maxwell+demon]

Another requirement should be that the supplier allows the government to inspect the source code in order to make sure there are no backdoors in the code. With Open Source, this is automatic; for Closed Source solutions, it would be an additional requirement in the contract.

Re:It's not enough

[BasilBrush]

Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

If it's the data in question, then it's irrelevant whether the software is free or not. It only requires that the data be in some open standard format.

Re:It's not enough

[bigmadwolf]

I'm not sure even this is enough. Surely the only way you can be sure the source code you are inspecting belongs to the binary is to compile it yourself.

Re:It's not enough

[tlhIngan]

Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

No, that's insufficient.

Make the penalty forced open-source, under a modified BSD license that includes patent licensing. Because you cannot be sure there's some oddball part of the spec they've overlooked (and EVERY standard that's complex has corner cases and little known side effects) or other thing. It's forcing the standard to be open by releasing reference code, effectively.

Why not GPL? Because the threat of BSD means that competitors are free to use that code in their closed-source implementation, and have patent licenses for that.

The loss of the crown jewels, forced patent licenses, AND breaking of 3rd party licensing agreements should put enough fear into closed source companies competing to be on the straight and narrow with respect to the standards.

Re:Not dogmatic?

[Jorgensen]

Ahem... Good analogy, bad conclusion...

A good analogy is if the UK government mandated that fleet vehicles have their design and manufacturing processes laid bare, or they wouldn't buy the vehicles. I really don't care about the processes documentation - buy the best car at the best price.

If the government did this, it would be in trouble as soon as the vehicle needs maintenance. Or if you wanted to modify the vehicle later. If you MUST go back to the vendor for this, you have just accepted the fate of a captive customer - good luck in the negotiations.

Openness is the customer requirement

You are clearly not basing this on what is the best tool (even if the open source happens to be the best tool).

You're contradicting yourself.

Openness has clear and undoubted benefits for the public sector, and so not surprisingly this customer made openness a default requirement. He's not mandating against proprietary software, but if a software company can't give him the desired openness then it's not fulfilling his requirement. Given his requirement, open source tools are the best tools by default, but not the only ones.

The customer decides the requirements, not the provider. Live with it.

citation needed

[walterbyrd]

> Linux admins cost twice to three times as much as their Windows admin counterpart

Where did you get this information? Please make sure you do an apples-to-apples comparison.

For example: don't compare somebody who does admin for 5 servers to somebody who does admin for 2000 servers.

Also, closed source and backdoors

Governments should be forbidden from using non-Free software.

Here's another reason which underlines your point:

- A government has no mandate to entrust the country's data to a corporation nor to allow it to leak. It is therefore simply not permissible to allow that data to be processed by closed source software which by definition cannot be trusted.

The above should be self-evident, but in case it's not, objectors would do well to ponder the acknowledged backdoors in Skype and in a variety of Chinese routers. With open source, this cannot easily happen.

Open file formats should be mandatory

[walterbyrd]

And by that I mean actually open, not OOXML.

Re:Open file formats should be mandatory

[BasilBrush]

In fact it's probably a good idea if open formats are designed in the public sector. Either by quangos or by universities. Commercially standards by industry bodies are too easily bought.

Re:Open file formats should be mandatory

[Dr_Barnowl]

I have to disagree. Most of the formats I see developed this way end up horrible messes because they hire a whole bunch of consultants to do the work.

The difficulty with that is that contractors are paid by the hour, so you don't get

* Re-use of other standards where appropriate

I've seen people reinvent the wheel so many times it's not true. This is true from simple little things like time values in XML (xsd:time sensibly uses ISO8601, this lot made up their own format, with ensuing hilarity when implementers think that their standard XML tool kit date / time types will produce valid documents), diagram formats (they just copied another standard verbatim into their documents rather than saying - "Hey, lets use this standard and say so"), and document formats (they didn't like the ability of XHTML to have script tags in it, so they copied THAT as well).

* Simplicity

Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

* Implementations

Implementations are essential for the development of standards. If you don't implement them, you don't get any kind of feel for the actual needs of the problem domain and how well your design is solving them. Alas, standards developed by publicly funded committee in my experience don't bother with this, and typically don't include any actual software engineers to tell them what problems they might be causing for implementers down the line.

Things like pretending an identifier is an integer when all the handling means you have to treat it like a string (it consists of four separate fields, one of them optional, but as a stream of digits and not bytes). Or taking a set of metadata that you have to understand to read the data, and .. embedding that data inside the data itself. Or creating an abstract data type with a contract and then insisting that people store it without thinking about it's concrete requirements.

Formats thought up by corporations at least have the benefit of their creators not wanting to spend as much time as possible debating the finer points of the thing. They want something that works, but as evidenced by MOO-XML, practicality often means they end up with a real mess as well - but at least it's a real mess, and not just a theoretical mess.

I think "Open" is more important than "Standard". "Standard" gives the appearance of authority, but "Open" means you have a chance of things being useful.

MOO-XML is a horrifying mess. Not even MS Office implements it. It's a "standard", having been ratified by ISO, but nothing about it's development was "open".

FreeMind is a small java mind-map program. FreeMind format isn't a "standard", but it is "open". And it is useful - useful enough that most of the other mind-map programs will import it. You can open the files up in a text editor, or feed them through XSLT, or consume them with a program and do interesting things with them. And if you want a feature implemented in it, you can patch the sources, and even feed the patch back upstream.

I think collaboration on trying to solve a problem benefits from some actual problem solving, rather than just talking about what the problem might be and how it might be solved if so.

Re:Open file formats should be mandatory

[Bert64]

Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

So don't hire by the hour, hire an organisation to design something for a fixed set of requirements for a fixed price. If they make it overly complex and waste their time then that's their problem. If they make it simply and save time then they make more from the deal, obviously the requirements need to be strict enough to prevent them producing something lacklustre.

Re:Open file formats should be mandatory

[BasilBrush]

I have to disagree. Most of the formats I see developed this way end up horrible messes because they hire a whole bunch of consultants to do the work.

Then that is outsourcing to the private sector. Which is the opposite of what I'm suggesting. I'm suggesting standards created by employees of public sector organisations.

We have of course seen plenty of good open standards created by universities and publicly funded scientists. Much of the internet is built on it.

TCP/IP - DARPA.
HTML - CERN.
SMTP, DNS and lots of other Internet standards = University of South California etc.

And yes, it has to be "standards" and not just "open" to be suitable for use by the public sector. Otherwise you could be almost as stuck with OOS implementations as you can be with proprietary ones. If OOXML had evolved with an open source Word Processor, it would be just as overblown and impenetrable. And whilst you would at least have the advantage of going back to the source, that is no substitute for having a reasonably sensible format with documentation.

Re:Yet another government mandate!

[kelemvor4]

Amen Brother! Tell it like it is!

Good thing we have Microsoft to fight against such totalitarian overreach. Freedom from choice! Freedom from excess money! Freedom!

Actually, MS is not excluded here. Nothing's stopping them from releasing their products as open source. Well, nothing other than greed.

Lets see how this really pans out.

[prowler1]

I work at a place that has a similar policy. Doesn't stop us from using way to many proprietary solutions that are actually worse than the Open Source solution. A lot of that is down to OS religion and people not actually understanding what Open Source is. We have managers (and directors) that believe the software needs to be a shrink wrapped solution from a proprietary vendor like Microsoft to be a decent solution and to be able to get 'Enterprise' level support. Many don't realise that just because you can get an Open Source solution for free that; It is just as good as the non Open Source solution and if you really feel you need to pay for 'Enterprise' support and if this is something you need then for a large number of the solutions you would be realistically looking at, that is supplied as well. For the ones I have investigatedt, support has usually worked out to be cheaper than the closed source solution as well.

Just my $0.02.

Re:Not dogmatic?

[maxwell+demon]

You just mandated open source. You are clearly not basing this on what is the best tool (even if the open source happens to be the best tool). I am a fan of open source, but we shouldn't be mandating EITHER way. The best tool is the best tool, the type of source code is irrelevant.

As I understand it, it means "if two products are equally suitable for the given purpose, but one is open source and the other isn't, then choose the open source one." Not too different to the rules for employing women or people with disabilities, where you also are not disallowed to employ men or people without disabilities.

Not good enough

No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

That's not nearly good enough, not by a mile.

Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

A company has the luxury to risk its data to closed-source software if it wants to, and to fail if its trust is misplaced. A government does not have this luxury.

Re:Not good enough

[dkf]

Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

As a very large customer, a government can ask to see the source code of the software they use for the purpose of a security audit. For commercial software, this would be under some kind of NDA (though it wouldn't be a very strict one; governments don't and shouldn't compete with software companies!) but it would be entirely enough to allow checking for risks. This could well be made a condition of awarding the contract, announced at the time that the process for bidding was started, so it would be just part of the reasonable rules of this particular game; no objection possible.

The data of government needs to be in open formats and to follow open standards, so that it can remain readable and usable for long periods of time. The particular software used to actually do the work at any time is much less important. The license on the software? That's just a means to an end. (Moreover, when someone proposes mandating a "Free" license, they're trying to exclude not just commercial software but also other types of open source licensed software too. Tricksy, but no.)

Re:OS OR FS

[maxwell+demon]

Open Source and Free Software differ in the philosophy, but not in the licenses. The government should not decide on the philosophy of the developer, because that's none of the government's business and would be contrary to the freedom of opinion (it would not be much different to e.g. a Democratic US president deciding that only software produced by Democrats should be used by the government). Therefore "Open Source" would in this case the more appropriate term.

Re:Yet another government mandate!

[BasilBrush]

Making a product by supplying a product is "greed" now is it, comrade?

Re:Yet another government mandate!

[BasilBrush]

Marking a *profit*...

Re:FOSS Healthcare Tools - Mirth Connect

[Kalriath]

Sadly, I doubt it will. Healthcare providers are still too stuck on solutions based on Oracle Fusion, BizTalk, or Rhapsody. Getting them to try something new - especially one without a commercial support contract on it - is nigh impossible.

Oh, wait, just noticed that Mirth also has an insanely expensive support contract. I guess all they need to do now is get out there with some fancy stationery, good looking sales girls, and start inviting some execs to sporting events and they'll be right in there!

Re:Yet another government mandate!

[fido_dogstoyevsky]

Marking a *profit*...[by supplying a product is "greed" now is it, comrade?]

If the product is designed to maintain and abuse a monopoly, yes it is.

Re:Yet another government mandate!

[Zemran]

I am sure that you can understand the word 'greed' and already know its definition so you are obviously trolling as it is quite appropriate in this context whereas your definition is inaccurate.

Re:Color me dubious...

[Bert64]

Many of those certifications were pushed through by proprietary vendors looking to create themselves a cartel. Also most of the certifications are pretty worthless to anyone who understands what they mean. When a product gets certified it's done in a specific configuration, and any change to configuration means that it's not certified anymore. Usually the certified configuration is not terribly useful, and actual use cases never match the certified config.

Also the certification processes themselves are expensive to keep small vendors and open source out, while being very shallow (eg they don't inspect any sourcecode) to make it easier for larger vendors to get their crufty junk through.

Re:Not dogmatic?

[nukenerd]

I am a fan of open source, but we shouldn't be mandating EITHER way. ..... A good analogy is if the UK government mandated that fleet vehicles have their design and manufacturing processes laid bare, or they wouldn't buy the vehicles. I really don't care about the processes documentation - buy the best car at the best price.

Wrong car analogy. Unlike software, it is easy to replace one type of car with another if the first is unsatisfactory.

Nevertheless, I once worked in ship design for the Royal Navy and every detail of the design WAS required. We needed (among other things) to be damn sure that the ships were maintainable by any dockyard - not just the one that built it for example.

Re:Color me dubious...

[xaxa]

How much of it can claim that no part of the software was written by non-US citizens?

That would seem irrelevant for the UK.

There's a document somewhere on the gov.uk website showing examples of where open source software has been used. It's been encouraged for a while, I think this latest change is just a little more emphasis.

Re:Not dogmatic?

[unixisc]

Why would the government get specific and suggest that 'operating systems, networking software, web servers, databases and programming languages' be open sourced in particular? How does it matter whether the databases or programming languages be 'open' (and what do those mean, anyway?) Yeah, it helps for the OS to be open sourced, so that someone like HP can't pull an Itanium over you, making you dump perfectly good Alphaservers. It helps for networking to be standard, say IPv6, so that people working w/ this won't need to learn a brand new protocol. It helps for programming languages to be well known languages and not something arcane, such as Ada. But other than that, why does it matter whether those things are open sourced or not? It's more important that the applications that will be primarily used be open source, so that the government can buy whatever hardware it finds most suitable, independent of the software, and just ports everything to that. That's what will help them realize all the advantages of open source.

Re:Not dogmatic?

[Insanity+Defense]

Document formats. If you change suppliers later can you use all the files you created or are they locked in to your current supplier? Also are you dictating that those you send documents use the same software to read it that you used to create it thereby as government giving a defacto monopoly to your supplier?

Re:Not dogmatic?

[unixisc]

From what I understand, most document formats can be converted into other formats, and once that's possible, there isn't a real lock-in to the supplier. MS in particular - both Libre Office and Calligra can read Word format documents, and once documents are saved in their native formats, they are good to go. But it would be more important that open source software be used, so that they can be ported to any future platform, and that government IT personnel can go for the most cost effective hardware without having to factor in whether the required software runs on them.

On the OS aspect of this, though, I'm not sure that Linux would necessarily be the right solution here, although for now, Linux & PC-BSD may well be the only solutions. I think that in the long term, something like osFree would be ideal, since it is based on a portable - and ported - microkernel such as the L4. The other option - if a lock-in to x86 is acceptable - would be something like ReactOS, which has enough perfectly good XP software available for it, which would largely eliminate the need to buy new software licenses.