Slashdot Mirror
NYC Councilman (and Open Source Developer) Submits Bill Establishing Open Source
NewYorkCountryLawyer (912032) writes "New York City Council Member Ben Kallos (KallosEsq), who also happens to be a Free and Open Source Software (FOSS) developer, just introduced legislation to mandate a government preference for FOSS and creating a Civic Commons website to facilitate collaborative purchasing of software. He argues that NYC could save millions of dollars with the Free and Open Source Software Preferences Act 2014, pointing out that the city currently has a $67 million Microsoft ELA. Kallos said: 'It is time for government to modernize and start appreciating the same cost savings as everyone else.'"
I guess we should be glad there are no Visual Basic programmers on the City Council.
You just wait and see how much funding he gets in his re-election campaign (plus how much more 'the other guy'(tm) will get).
How dare he break free from his corporate overlords.
This reads like the right bill for ten years ago.
When Microsoft decided to turn it's back on desktop style operating systems to focus mainly on tablet-based interfaces, the only logical conclusion was for organizations that depend on the old systems to jump ship and go elsewhere.
I'd be satisfied with a preference for whatever actually works for the given requirement, for the least amount of money. FOSS, proprietary, whatever.
Money saved by the government never translates into money put back in the pocket of the tax payers.
From the proposed amendment:
I agree that we should use the right tool for the right job, but why should that exclude FOSS?
No, no, you're not thinking; you're just being logical. --Niels Bohr
I know it's the default in NYC (and NY in general), but I still wish some of these smarter guys would rebel and throw off the chains of the Party of Slavery. It forces me to question everything you do, even if it sounds interesting and benificial.
6th Street Radio @ddombrowsky
I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.
Slashdotters shouldn't be paying with their time for you to push your agenda.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Open standards is extremely important. I'd hate for all that data to be locked into Microsoft Excel format, or what have you.
While I agree that sometimes the FOSS is buggy or missing features, I do not think in this situation we should let that stop us. In fact, I would love to see NYC (and other cities across the country) agree to sponsor/contract a couple of developers each to work on whatever we need: data formatting and conversion, word processing, accounting, voting software, etc. In this way, while the FOSS is maybe not up to spec today, we can all work together on making it up to spec soon. In this way, we all pool resources, get it done correctly ONCE*, and enjoy the savings and philosophical warm and fuzzies.
(* yes I understand that long term we would probably need to continually hire developers on a contract basis to fix problems that come up, or add new features or support for new operating systems, etc., but generally speaking it would be much less impact on the budget long term -- though I also understand the political pressure currently to cut budgets rather than spend a little extra for a perk down the road.).
I'm sorry, but while technical merits should be paramount, they are not the only consideration. Public contracting is not an exact science, and it is entirely appropriate to have non-technical considerations tip the scales in close cases. So while Free Software should not be mandatory, legislating a preference for it makes perfect sense.
Furthermore, there are considerations beyond the needs of a specific project and tender. Free Software has an externality: when the government (as a customer) requests modifications and improvements (and pays for them to be created), everyone benefits. For example, when my university has Blackboard Inc fix a bug (or improve the software) only Blackboard captures the value (when they sell their software to the next customre). If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.
dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.
I'm not even going to bother trying to reference all the recent events involving Adobe, MS, or Apple having quite serious bugs in their proprietary code.
A similar bug could have just as easily have happened to a closed source shop. As long as humans are writing the code, it's a possibility.
The thing is, companies with licensing revenue have every incentive in the world to machinate lock-in. And with lock-in comes higher prices, both for support and the software itself.
By all means use the best tool for the job, but retaining some optionality for the future is a valuable thing.
I'd rather keep the risk of another bug like heartbleed than deal with vendor lock-in, ever increasing licensing costs, compliance costs, potential BSA raids, and frequent zero day exploits. =/
I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.
Agreed. All government documents should be written with LaTeX and/or XML to get away from any proprietary or screw-ball formats.
...except you always have the costs of integration and maintenance anyways. Hiding from Free Software won't change that. Those costs can be considerable and ongoing for commercial proprietary solutions.
Your argument only works if you try and pretend that integration and maintenance of commercial software is free.
A Pirate and a Puritan look the same on a balance sheet.
No, just no. The quality of OSS is too bad. Well, let's not say bad per se, but it varies a lot. What you win in software licensing costs, you lose in fighting all the bugs. Too many of your support calls will be wasting your time with silly glitches.
OK, who let the Microsoft Shill out of its cage?
The government has a responsibility to utilize open source, so they can know exactly what the software is doing, hire anyone to modify it to meet their needs, and give the public the ability to do the same. It's in the public interest, regardless of how well the software works or how much money they save; those are only bonuses.
OpenSSL suffered from bit rot and competing implementations unique to various hardware and software platforms. Should an audit of OpenSSL happened years ago? Yes. Who was going to fund the resources necessary to conduct the audit and clean-up? That is the underlying issue which led to the vulnerability in OpenSSL.
While I admit that there are real potential benefits of some proprietary software (namely availability of training, & experienced work force in some cases), I would be happy to at least see FOSS be at least given the opportunity to be considered. Enterprise licenses can be wasteful, and governments like private organizations are starting to realize that "having someone to sue" doesn't help all to often. when things go bad.
Adobe.
Open source != free beer.
In fact, being "gratis" is not a requirement for being open source.
Open source is, amongst more familiar aspects, about stuff like accountability.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
So what? Saying that does not still make open source any better.
No, it doesn't. But applying the bullshit logic above to proprietary software would mean that no software can be used. Pay attention.
We can just wonder how many more "hidden garbage cans" there are lurking among OSS projects.
Lots of government workers use proprietary software, so why aren't you wondering the same thing about that?
This is not a valid objection to using FOSS; not at all.
Of course, but the company would lose their reputation and customers if that happens.
You do realize, of course, that you could hire developers to work on the code?
In fact, you don't have to depend on one organization to write the code; you could fire some company that you had developing the FOSS code and hire someone else. It gives you more options.
Being locked in to one company is never any good. And with the number of companies who worked with the NSA, the public (and the government, since not necessarily everyone in the government is filled in on those things) has a right to know exactly what the software is doing.
This "Pet Cause" is actually a conflict of interest and is illegal. He is part of an organization that may benefit from the decision, and should thereby recuse himself from the discussion.
The City Council could benefit? I guess that any law that might improve the lives of NYC residents could benefit the members of the City Council. By your logic, City Council members should recuse themselves from all legislation unless it harms NYC, right?
No, no, you're not thinking; you're just being logical. --Niels Bohr
Saying that does not still make open source any better.
Indeed. Nor does it make open source any worse.
when the source was inspected further by the OpenBSD team, a lot of more dragons were found.
How about when the source of [random closed source application] was inspected? Oh right, you can't.
Just because closed source dragons aren't publically disclosed, doesn't mean they aren't there.
Of course, but the company would lose their reputation and customers if that happens.
Most of these bugs aren't publically disclosed. The few that are, rarely have any significant impact for the company. Not even for severe data breaches.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Have to love the new slashdot.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
My apologies if your post was sarcasm. Projects are at Launchpad for a reason, the packages are not ready to be included in the repositories.
I have converted many machines from Windows 8 to Mint over the last several months, leaving my contact information. Not only have I had zero calls for support, I am getting references to switch even more people over.
Willful ignorance of what the above person said is not a good thing. An open source software developer stands to (quite probably) make money for either himself or his friends directly from going to open source because government likes being supported. Thus pushing this into law as a legislator is a direct conflict of interest, and ethically questionable. This has nothing to do with indirect benefits, like you imply.
Is proposing a bill to the council illegal (when there is a conflict of interest)? If it came to a vote and he didn't recuse himself I could understand the conflict. I don't know how the ethics laws are written.
If I had to choose between open source where I have to have more people hammer on stuff to get things going versus closed source where a couple H-1Bs can be hired on the cheap and down-low, in a non-profit organization where PR is everything, I'd take the open source, since it would get more people employed and skilled, even though it has more rough edges.
As part of a city, if you pay a person, they buy stuff in the city, so you get part of the money back from sales tax, and other items. A licensing fee just flies to the company at hand, and likely out of the country into some tax haven.
Of course, each situation is different. Do anything with 3D printing or CAD/CAM, and AutoCAD is a must by name because it is the lingua franca for the industry. Same with Acrobat and professional press. However, there are a lot of tasks that Libre Office and a Linux desktop can do well on a small scale.
Open source != free beer. In fact, being "gratis" is not a requirement for being open source. Open source is, amongst more familiar aspects, about stuff like accountability.
Indeed, and this is also an excellent example of where we can use the canonical /. automotive simile: There is a long tradition of government agencies (and some corporations) requiring that all purchased vehicles come with complete shop manuals. This is a direct parallel to requiring the source code for software. In both cases, such a requirement makes it possible for the purchasing organization to set up their own repair shop to fix the products when something fails. It also allows the purchaser to make their own mods to handle their special needs.
Many US states (and a good number of other countries) require that shop manuals be available for all vehicles sold in their jurisdiction, not just to the government. This is done to guarantee that independent auto shops can exist, and the vendor can't have a monopoly on repairs and spare parts. The same argument applies to software. With open source, you can hire local independent software contractors to debug (and/or extend) purchased software. Without this, both government agencies and private purchasers are at the mercy of the vendor when problems or special needs arise.
Of course, we can expect to hear from the usual corporate shills (paid or ideologically motivated ;-), pushing their usual misleading claims. But note that nobody much ever claims that open-source software is bug-free. The argument is that, when bugs are discovered, people not working for the vendor can study the code and fix the code. And they can also publicize bugs and fixes, unlike what happens all too often when dealing with secret, proprietary software. This also applies to both software and vehicles.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Slashdot was always like this. It hasn't changes since I've been visiting here, for 20 years.
Willful ignorance of what the above person said is not a good thing. An open source software developer stands to (quite probably) make money for either himself or his friends directly from going to open source because government likes being supported. Thus pushing this into law as a legislator is a direct conflict of interest, and ethically questionable. This has nothing to do with indirect benefits, like you imply.
I'll quote the original poster, so you know what I'm referring to:
Since the summary and the attached link make only one assertion as to which "organization" this guy belongs, that is the NYC Council, I questioned the validity of his point. Unless there's some shadowy "Open Source Developer" organization that I've never heard about. I suppose it's possible that the Councilman is a member of some organized group of FOSS developers, but without a reference, the OP's statements are nothing but unsubstantiated mud-slinging.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Your initial assumption is wrong "...have more people hammer...". Open source requires fewer people.
Munich did the conversion with about 9, for about 19,000 platforms. Ongoing support required no more people added.
Vs giving money to out-of-state contractors and companies.
Much better to keep it in the state, and in the city.
What makes it better is that the fix was available within days... not months.
Even the person that identified the bug provided the fix. Can't do that with proprietary software...
So he can't suggest that, because he makes some software under open source license? It's not like he's saying let's use my and my buddies software only. There is no interest of conflict, because he might not make a penny out of this. He might not make software, that's useful to government and there are most likely other options anyway and also he might not get paid anything anyway, because it's open source. The government can compile their own versions and what ever.
I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.
Agreed. All government documents should be written with LaTeX and/or XML to get away from any proprietary or screw-ball formats.
... and I can't tell if that's heavy sarcasm or not. Well played. :P
> Proper action would be to mandate the government to use the best software for the task at hand.
> That might be open source software. It might be Microsoft software. Let the technical merits decide.
Freedom and cost are technical merits.
Closed source software is not forbidden, just not preferred. If other factors outweigh freedom and cost, then so be it. But if other factors are the same, then freedom and cost seem to be reasonable factors upon which to have a preference.
I'll see your senator, and I'll raise you two judges.
That argument works both ways. Microsoft has had some very serious security bugs. Therefore, using your logic, all Microsoft software should not now or ever again be trusted. Think Code Red and others. In 1999 on a fully patched NT box you could compromise it with regular HTTP requests to IIS by just using pathnames with dot-dot-backslash and then working your way down the WINDOWS System CMD.EXE and then using it to run TFTP.EXE which was a standard part of the install. You could make the server TFTP down a bad exe from your own server, and then a second carefully crafted Http request to CMD.EXE could execute it for you. Game over.
Microsoft then fixed this by not allowing IIS to accept the dot-dot-backslash business. But you could use percent-sign-hex characters to represent the dot-dot-backslash. Microsoft then fixed that in IIS, but the filesystem would still accept the percent-hex-code characters. So you could double-escape them to get the filesystem to walk you to the CMD.EXE. Eventually they got this right and it was fixed. But there were many other holes. And who's stupid idea was it to run a server process, basically with root privileges?
I could go on. Even recently there was a major IE vulnerability that affected current and past versions.
Heartbleed was one instance of a lapse in security.
I'll see your senator, and I'll raise you two judges.
dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.
No I think his point is that if the government starts developing and using FOSS then we are going to end up with a horrible solution that costs a fortune and takes forever, have you seen the monumental fuckups and cost blow-outs of government IT projects? You really want to entrust them with the software development aspects as well?
It's one thing to say they should use a distro like Ubuntu in place of Windows or LibreOffice as opposed to MS Office but a sweeping move to the government adopting and contributing to FOSS across the board is an awful idea.
Yes because governments have proven themselves so capable of efficiently and cost-effectively completing IT projects in the past, why not give them even more responsibility in that area.
I live in Oregon, Oracle was working on our ACA portal, it has cost a fortune and is taking forever.
At any rate though, I think that transparency in government is a good thing. With a bridge or a road, we see the budget, and we see the final results. We see the relative quality, and where it's breaking down.
With software, we see a price tag (loosely based on reality) and we see superficially how it performs -- otherwise it's a black box (or in Oracle's case, a black hole). With FOSS, whatever code the government produces could be vetted, improved, forked -- and/or reused on other projects. We, the public paid for it, shouldn't it be publicly available?
Overall it doesn't seem so much like a horrible idea to me.
Assume you won't keep the software forever. Can you get your data out of it?
This is something that needs to be reconsidered with version upgrades as well. Do the new features prevent data export? Did data export go away?
Agree. It's just giving "prefered supplier" status to OSS rather than a specific company, large IT firms get similar preferential treatment because of the "nobody gets sacked for picking IBM" factor. This is why it is important to be seen as a "teir 1" provider, you don't have to look for government tenders you automatically get an invite. Someone still has to integrate all the "free" software bits into a system, IT firms will still be hired to do that and they won't miss out on a penny, they just get a "uses OSS" box to tick in the tender, however the less competent firms won't like it because it means the grip of vendor lock-in is just that little bit looser. Conceptually no different than putting "may contain nuts" on something edible.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Well, almost all government documents are written with LateX (Academic papers) or XML (docx).
Unless there's some shadowy "Open Source Developer" organization that I've never heard about.
Turn out the lights, I think he's on to us...
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
With FOSS, whatever code the government produces could be vetted, improved, forked -- and/or reused on other projects.
It's a nice idea but the reality is governments are paranoid and it's naive to think that contributions wouldn't ultimately have to go through a lengthy and expensive oversight process.
We, the public paid for it, shouldn't it be publicly available?
Another nice idea but I think it's pretty obvious that "We, the public" pay for a lot of things that aren't publicly available.
I'm not opposed to your idea in principle, it's just pretty clear that in practice the government would need a significant shift in the way it does things for those arguments to be particularly compelling and valuable.
> If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.
Moodle sure has worked well for us. Many of the custom modules we have wanted have been written by devsat other universities. When I write stuff, everyone benefits as you say. Two additional benefits with Moodle specifically are quality control and maintenance. Any patches I make to the core Moodle are QAed quite a bit through the Moodle process, so my employer (the taxpayers) have assurance that they are getting quality work for the money they pay me. The custom work on the previous LMS which ended up being unsustainable wouldn't have passed Moodle QA. Also, where we share modules with other schools, that means multiple developers at multiple organizations are able tomaintain the package over time. If I get hit by a bus and Moodle HQ gets hit by a meteor, someone at Binghamton University will still be maintaining the scantron module we use.
I keep seeing these types of stories, with people screaming about how much "Cheaper" OSS is vs. Closed Source. But very few people look past the cost of the licensing. I challenge you to replace a fully-working Microsoft environment with something OSS that provides full feature parity. Removing Exchange/Outlook is always the sticking point. You can piss and moan about standards, and Outlook client issues all day long, but the fact remains that Outlook/Exchange "just works", scales incredibly well, and integrates with Active Directory, Sharepoint, Office, Lync, etc. And yeah - companies USE these things. Users don't give a fuck about standards, about freedom, about a 'cause'. They want to do their work and come home. Active Directory group policies. Software deployment/installation. Roaming profiles. Automatic print driver installation. Recognizing and installing a plethora of "WTF" hardware for at least basic functionality (old peripherals, printers, etc.). While I applaud the efforts of the OSS community and the desire to build enterprise software, Microsoft rules the desktop for a reason. People know it. It wasn't a huge change from 95 to 98 to 2K to XP to Win7. The basic paradigm was there. Start, Programs, whatever. The application software and the "open standards" underneath simply do not matter to most organizations, because they and nearly every one of the agencies they interact with ALSO use Office formats, or PDF. They don't give a damn about Open Document formats. They don't care about sendmail standards. They don't care about RFCs. They care that they can do their job, to use the information they need, and then deliver it to their colleagues, bosses, etc. Replacing Win7/WIn8 with Mint is great. Install OpenOffice/LibreOffice. Fine. Get your email client connected, and you can even use DavMail to connect to Exchange. But you cannot force users to lose functionality in the name of a cause. Want to dethrone MS? It's not the damn desktop OS - it's the ecosystem that allows modern business to use one common toolset, one user name, and have stuff "just work". Hacking together Mint, sendmail/postfix, some webapp here, some kludgy mess here, a mashed up Kerberos/eDirectory ... that isn't going to get it done. What about when you go past about 50 users, and need to install new software for everyone? How about for 10,000 users? How about users that move from desk to desk, or office to office?
The costs of adminstration, upkeep, training, and the requisite specialist for the infrastructure quickly outweigh any upfront costs. Yes, Windows admins can be had cheap. A desktop admin is less spendy than a full server admin; that's fine. He can handle a large # of desktops via GPO, AD, and the tools provided.
Move out of the 90's, people. Microsoft desktops and servers aren't the BSOD shitboxes you remember. For the most part, Windows Server is stable. The desktop OS (Windows 7, I too have not totally embraced Win8) is rock solid, works well, and runs pretty much anything, with no hassle. Blaming hardware drivers, blaming users, blaming people for 'not wanting to care' - so what? Do you get worried about if your GM car uses a proprietary data bus? Do you care about the intimate details of your plumbing? No. You just want it to work.
Make F/OSS "just work" - make an easy migration path - and you'll have something.
Until then, it will continue to be purpose-driven (servers, appliances, etc.), and for those of us on the 'edges' of IT.
That model has worked very well with various universities and other agencies pitching in on Moodle, which is a framework that hosts online courses. It takes care of things like enrollments, grade reporting, etc. - everything that isn't course-specific. After a couple of years of open widespread contributions, Moodle is as good as any commercial competitor.
I think you would agree that Office 365 meets approximately none of the requirements. Consider Adobe recently decided to make all of their software subscription / cloud only. Microsoft _could_ therefore do the same with Office. Knowing that, reread this sentence:
> be independent of the goodwill of the city's computer system suppliers and the conditions imposed by these suppliers.
Take a good look at what happened in Massachusetts with OpenOffice. The CIO of Massachusetts tried to switch all state offices to open standards about 10 years ago, especially for documents, because frankly not even Microsoft can reliably read old Word or Excel or other documents. He tried to swith the state offices to OpenOffice, which at least *documents* their formats.
Microsoft then invented "OOXML", and rammed it through the ISO committees, an "open" document format that does not work and which is impossible to follow, even for Microsoft, so they could *pretend* to have an open format when filling out checklists for such govenmental guidelines. The forced adoption was so horrid that many ISO members resigned in protest.
Microsoft then tried to "dead agent" the guy, leaking information to the Boston Globe about how the CIO was involved in personal trips at taxpayer expense to cast rumors and doubt about his honesty. It turned out he was completely innocent, he paid for his own vacations and the taxpayers paid for Mass. project business trips, and he was very careful to separate them. But it was a plain old rumor mongering smear campaign, as described at http://www.infoworld.com/d/developer-world/cio-who-brought-openoffice-massachusetts-resigns-903.
So if you're the one looking to get taxpayers off of the Microsoft monopoly, look out. They play *dirty* when it's affecting their bottom line.
Or they just hide the errors, present them as someone else's fault, or it's "not on the tasklist" and thus never gets addressed. I've certainly seen all of these, with both open source and closed source. But closed source is more prone to pretending the problems do not exist, especially when the major security groups have agreed not to publish flaws that there is not yet a patch for.
Didn't read everything you said, but look at the city of Munich.
"Didn't read everything..." And so you have no idea WTF I'm talking about.
No, just no. The quality of OSS is too bad. ...
No, just no, yourself. Most commercial software quality is atrocious. All glitter with no substance. The rare exception doesn't change that. At least with OSS you have third party options to fix it.