Slashdot Mirror
NYC Councilman (and Open Source Developer) Submits Bill Establishing Open Source
NewYorkCountryLawyer (912032) writes "New York City Council Member Ben Kallos (KallosEsq), who also happens to be a Free and Open Source Software (FOSS) developer, just introduced legislation to mandate a government preference for FOSS and creating a Civic Commons website to facilitate collaborative purchasing of software. He argues that NYC could save millions of dollars with the Free and Open Source Software Preferences Act 2014, pointing out that the city currently has a $67 million Microsoft ELA. Kallos said: 'It is time for government to modernize and start appreciating the same cost savings as everyone else.'"
I guess we should be glad there are no Visual Basic programmers on the City Council.
This reads like the right bill for ten years ago.
I'd be satisfied with a preference for whatever actually works for the given requirement, for the least amount of money. FOSS, proprietary, whatever.
From the proposed amendment:
I agree that we should use the right tool for the right job, but why should that exclude FOSS?
No, no, you're not thinking; you're just being logical. --Niels Bohr
I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.
Slashdotters shouldn't be paying with their time for you to push your agenda.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Open standards is extremely important. I'd hate for all that data to be locked into Microsoft Excel format, or what have you.
While I agree that sometimes the FOSS is buggy or missing features, I do not think in this situation we should let that stop us. In fact, I would love to see NYC (and other cities across the country) agree to sponsor/contract a couple of developers each to work on whatever we need: data formatting and conversion, word processing, accounting, voting software, etc. In this way, while the FOSS is maybe not up to spec today, we can all work together on making it up to spec soon. In this way, we all pool resources, get it done correctly ONCE*, and enjoy the savings and philosophical warm and fuzzies.
(* yes I understand that long term we would probably need to continually hire developers on a contract basis to fix problems that come up, or add new features or support for new operating systems, etc., but generally speaking it would be much less impact on the budget long term -- though I also understand the political pressure currently to cut budgets rather than spend a little extra for a perk down the road.).
I'm sorry, but while technical merits should be paramount, they are not the only consideration. Public contracting is not an exact science, and it is entirely appropriate to have non-technical considerations tip the scales in close cases. So while Free Software should not be mandatory, legislating a preference for it makes perfect sense.
Furthermore, there are considerations beyond the needs of a specific project and tender. Free Software has an externality: when the government (as a customer) requests modifications and improvements (and pays for them to be created), everyone benefits. For example, when my university has Blackboard Inc fix a bug (or improve the software) only Blackboard captures the value (when they sell their software to the next customre). If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.
dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.
I'm not even going to bother trying to reference all the recent events involving Adobe, MS, or Apple having quite serious bugs in their proprietary code.
A similar bug could have just as easily have happened to a closed source shop. As long as humans are writing the code, it's a possibility.
The thing is, companies with licensing revenue have every incentive in the world to machinate lock-in. And with lock-in comes higher prices, both for support and the software itself.
By all means use the best tool for the job, but retaining some optionality for the future is a valuable thing.
I'd rather keep the risk of another bug like heartbleed than deal with vendor lock-in, ever increasing licensing costs, compliance costs, potential BSA raids, and frequent zero day exploits. =/
...except you always have the costs of integration and maintenance anyways. Hiding from Free Software won't change that. Those costs can be considerable and ongoing for commercial proprietary solutions.
Your argument only works if you try and pretend that integration and maintenance of commercial software is free.
A Pirate and a Puritan look the same on a balance sheet.
No, just no. The quality of OSS is too bad. Well, let's not say bad per se, but it varies a lot. What you win in software licensing costs, you lose in fighting all the bugs. Too many of your support calls will be wasting your time with silly glitches.
The government has a responsibility to utilize open source, so they can know exactly what the software is doing, hire anyone to modify it to meet their needs, and give the public the ability to do the same. It's in the public interest, regardless of how well the software works or how much money they save; those are only bonuses.
Adobe.
Open source != free beer.
In fact, being "gratis" is not a requirement for being open source.
Open source is, amongst more familiar aspects, about stuff like accountability.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
This "Pet Cause" is actually a conflict of interest and is illegal. He is part of an organization that may benefit from the decision, and should thereby recuse himself from the discussion.
The City Council could benefit? I guess that any law that might improve the lives of NYC residents could benefit the members of the City Council. By your logic, City Council members should recuse themselves from all legislation unless it harms NYC, right?
No, no, you're not thinking; you're just being logical. --Niels Bohr
Saying that does not still make open source any better.
Indeed. Nor does it make open source any worse.
when the source was inspected further by the OpenBSD team, a lot of more dragons were found.
How about when the source of [random closed source application] was inspected? Oh right, you can't.
Just because closed source dragons aren't publically disclosed, doesn't mean they aren't there.
Of course, but the company would lose their reputation and customers if that happens.
Most of these bugs aren't publically disclosed. The few that are, rarely have any significant impact for the company. Not even for severe data breaches.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Have to love the new slashdot.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Is proposing a bill to the council illegal (when there is a conflict of interest)? If it came to a vote and he didn't recuse himself I could understand the conflict. I don't know how the ethics laws are written.
Open source != free beer. In fact, being "gratis" is not a requirement for being open source. Open source is, amongst more familiar aspects, about stuff like accountability.
Indeed, and this is also an excellent example of where we can use the canonical /. automotive simile: There is a long tradition of government agencies (and some corporations) requiring that all purchased vehicles come with complete shop manuals. This is a direct parallel to requiring the source code for software. In both cases, such a requirement makes it possible for the purchasing organization to set up their own repair shop to fix the products when something fails. It also allows the purchaser to make their own mods to handle their special needs.
Many US states (and a good number of other countries) require that shop manuals be available for all vehicles sold in their jurisdiction, not just to the government. This is done to guarantee that independent auto shops can exist, and the vendor can't have a monopoly on repairs and spare parts. The same argument applies to software. With open source, you can hire local independent software contractors to debug (and/or extend) purchased software. Without this, both government agencies and private purchasers are at the mercy of the vendor when problems or special needs arise.
Of course, we can expect to hear from the usual corporate shills (paid or ideologically motivated ;-), pushing their usual misleading claims. But note that nobody much ever claims that open-source software is bug-free. The argument is that, when bugs are discovered, people not working for the vendor can study the code and fix the code. And they can also publicize bugs and fixes, unlike what happens all too often when dealing with secret, proprietary software. This also applies to both software and vehicles.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Willful ignorance of what the above person said is not a good thing. An open source software developer stands to (quite probably) make money for either himself or his friends directly from going to open source because government likes being supported. Thus pushing this into law as a legislator is a direct conflict of interest, and ethically questionable. This has nothing to do with indirect benefits, like you imply.
I'll quote the original poster, so you know what I'm referring to:
Since the summary and the attached link make only one assertion as to which "organization" this guy belongs, that is the NYC Council, I questioned the validity of his point. Unless there's some shadowy "Open Source Developer" organization that I've never heard about. I suppose it's possible that the Councilman is a member of some organized group of FOSS developers, but without a reference, the OP's statements are nothing but unsubstantiated mud-slinging.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Your initial assumption is wrong "...have more people hammer...". Open source requires fewer people.
Munich did the conversion with about 9, for about 19,000 platforms. Ongoing support required no more people added.
My apologies if your post was sarcasm. Projects are at Launchpad for a reason, the packages are not ready to be included in the repositories.
My apologies if your post was sarcasm.
If not, you seem not to be aware that Launchpad is also the main bug tracker for Ubuntu.
I have converted many machines from Windows 8 to Mint over the last several months, leaving my contact information. Not only have I had zero calls for support, I am getting references to switch even more people over.
Well, good for you. What kind of tasks are your customers performing on those machines?
I would argue that having any government move to open source is good for everyone. I don't know if it will be cheaper but I do think it will like give the people more bang for their buck. Instead of those dollars going into one person's pockets, they can not only still be used to solve the government's software problems but also provide software libraries and frameworks for other to bulid off of.
Agreed. All government documents should be written with LaTeX and/or XML to get away from any proprietary or screw-ball formats.
... and I can't tell if that's heavy sarcasm or not. Well played. :P
> Proper action would be to mandate the government to use the best software for the task at hand.
> That might be open source software. It might be Microsoft software. Let the technical merits decide.
Freedom and cost are technical merits.
Closed source software is not forbidden, just not preferred. If other factors outweigh freedom and cost, then so be it. But if other factors are the same, then freedom and cost seem to be reasonable factors upon which to have a preference.
I'll see your senator, and I'll raise you two judges.
> Money saved by the government never translates into money put back in the pocket of the tax payers.
So instead of saving it, the money should just go to vendors?
The money may not go into the pocket of taxpayers, but some or all of it may go into other government expenses. So that $67 million to Microsoft could either lower the budget by $67 million, which you say never happens, and it might not, or it could be spent on other items in the budget. That seems better than wasting it.
I'll see your senator, and I'll raise you two judges.
That argument works both ways. Microsoft has had some very serious security bugs. Therefore, using your logic, all Microsoft software should not now or ever again be trusted. Think Code Red and others. In 1999 on a fully patched NT box you could compromise it with regular HTTP requests to IIS by just using pathnames with dot-dot-backslash and then working your way down the WINDOWS System CMD.EXE and then using it to run TFTP.EXE which was a standard part of the install. You could make the server TFTP down a bad exe from your own server, and then a second carefully crafted Http request to CMD.EXE could execute it for you. Game over.
Microsoft then fixed this by not allowing IIS to accept the dot-dot-backslash business. But you could use percent-sign-hex characters to represent the dot-dot-backslash. Microsoft then fixed that in IIS, but the filesystem would still accept the percent-hex-code characters. So you could double-escape them to get the filesystem to walk you to the CMD.EXE. Eventually they got this right and it was fixed. But there were many other holes. And who's stupid idea was it to run a server process, basically with root privileges?
I could go on. Even recently there was a major IE vulnerability that affected current and past versions.
Heartbleed was one instance of a lapse in security.
I'll see your senator, and I'll raise you two judges.
dude. your argument is basically this : "hEartbleed was a serious bug in FOSS. therefore FOSS is bad". So periodically FOSS has a serious bug. okay.
No I think his point is that if the government starts developing and using FOSS then we are going to end up with a horrible solution that costs a fortune and takes forever, have you seen the monumental fuckups and cost blow-outs of government IT projects? You really want to entrust them with the software development aspects as well?
It's one thing to say they should use a distro like Ubuntu in place of Windows or LibreOffice as opposed to MS Office but a sweeping move to the government adopting and contributing to FOSS across the board is an awful idea.
I live in Oregon, Oracle was working on our ACA portal, it has cost a fortune and is taking forever.
At any rate though, I think that transparency in government is a good thing. With a bridge or a road, we see the budget, and we see the final results. We see the relative quality, and where it's breaking down.
With software, we see a price tag (loosely based on reality) and we see superficially how it performs -- otherwise it's a black box (or in Oracle's case, a black hole). With FOSS, whatever code the government produces could be vetted, improved, forked -- and/or reused on other projects. We, the public paid for it, shouldn't it be publicly available?
Overall it doesn't seem so much like a horrible idea to me.
Agree. It's just giving "prefered supplier" status to OSS rather than a specific company, large IT firms get similar preferential treatment because of the "nobody gets sacked for picking IBM" factor. This is why it is important to be seen as a "teir 1" provider, you don't have to look for government tenders you automatically get an invite. Someone still has to integrate all the "free" software bits into a system, IT firms will still be hired to do that and they won't miss out on a penny, they just get a "uses OSS" box to tick in the tender, however the less competent firms won't like it because it means the grip of vendor lock-in is just that little bit looser. Conceptually no different than putting "may contain nuts" on something edible.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Well, almost all government documents are written with LateX (Academic papers) or XML (docx).
Unless there's some shadowy "Open Source Developer" organization that I've never heard about.
Turn out the lights, I think he's on to us...
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
With FOSS, whatever code the government produces could be vetted, improved, forked -- and/or reused on other projects.
It's a nice idea but the reality is governments are paranoid and it's naive to think that contributions wouldn't ultimately have to go through a lengthy and expensive oversight process.
We, the public paid for it, shouldn't it be publicly available?
Another nice idea but I think it's pretty obvious that "We, the public" pay for a lot of things that aren't publicly available.
I'm not opposed to your idea in principle, it's just pretty clear that in practice the government would need a significant shift in the way it does things for those arguments to be particularly compelling and valuable.
> If we were using Moodle, every other Moodle user would automatically benefit. Had we opted for Moodle, we'd also benefit from fixes made by other universities.
Moodle sure has worked well for us. Many of the custom modules we have wanted have been written by devsat other universities. When I write stuff, everyone benefits as you say. Two additional benefits with Moodle specifically are quality control and maintenance. Any patches I make to the core Moodle are QAed quite a bit through the Moodle process, so my employer (the taxpayers) have assurance that they are getting quality work for the money they pay me. The custom work on the previous LMS which ended up being unsustainable wouldn't have passed Moodle QA. Also, where we share modules with other schools, that means multiple developers at multiple organizations are able tomaintain the package over time. If I get hit by a bus and Moodle HQ gets hit by a meteor, someone at Binghamton University will still be maintaining the scantron module we use.
I keep seeing these types of stories, with people screaming about how much "Cheaper" OSS is vs. Closed Source. But very few people look past the cost of the licensing. I challenge you to replace a fully-working Microsoft environment with something OSS that provides full feature parity. Removing Exchange/Outlook is always the sticking point. You can piss and moan about standards, and Outlook client issues all day long, but the fact remains that Outlook/Exchange "just works", scales incredibly well, and integrates with Active Directory, Sharepoint, Office, Lync, etc. And yeah - companies USE these things. Users don't give a fuck about standards, about freedom, about a 'cause'. They want to do their work and come home. Active Directory group policies. Software deployment/installation. Roaming profiles. Automatic print driver installation. Recognizing and installing a plethora of "WTF" hardware for at least basic functionality (old peripherals, printers, etc.). While I applaud the efforts of the OSS community and the desire to build enterprise software, Microsoft rules the desktop for a reason. People know it. It wasn't a huge change from 95 to 98 to 2K to XP to Win7. The basic paradigm was there. Start, Programs, whatever. The application software and the "open standards" underneath simply do not matter to most organizations, because they and nearly every one of the agencies they interact with ALSO use Office formats, or PDF. They don't give a damn about Open Document formats. They don't care about sendmail standards. They don't care about RFCs. They care that they can do their job, to use the information they need, and then deliver it to their colleagues, bosses, etc. Replacing Win7/WIn8 with Mint is great. Install OpenOffice/LibreOffice. Fine. Get your email client connected, and you can even use DavMail to connect to Exchange. But you cannot force users to lose functionality in the name of a cause. Want to dethrone MS? It's not the damn desktop OS - it's the ecosystem that allows modern business to use one common toolset, one user name, and have stuff "just work". Hacking together Mint, sendmail/postfix, some webapp here, some kludgy mess here, a mashed up Kerberos/eDirectory ... that isn't going to get it done. What about when you go past about 50 users, and need to install new software for everyone? How about for 10,000 users? How about users that move from desk to desk, or office to office?
The costs of adminstration, upkeep, training, and the requisite specialist for the infrastructure quickly outweigh any upfront costs. Yes, Windows admins can be had cheap. A desktop admin is less spendy than a full server admin; that's fine. He can handle a large # of desktops via GPO, AD, and the tools provided.
Move out of the 90's, people. Microsoft desktops and servers aren't the BSOD shitboxes you remember. For the most part, Windows Server is stable. The desktop OS (Windows 7, I too have not totally embraced Win8) is rock solid, works well, and runs pretty much anything, with no hassle. Blaming hardware drivers, blaming users, blaming people for 'not wanting to care' - so what? Do you get worried about if your GM car uses a proprietary data bus? Do you care about the intimate details of your plumbing? No. You just want it to work.
Make F/OSS "just work" - make an easy migration path - and you'll have something.
Until then, it will continue to be purpose-driven (servers, appliances, etc.), and for those of us on the 'edges' of IT.
That model has worked very well with various universities and other agencies pitching in on Moodle, which is a framework that hosts online courses. It takes care of things like enrollments, grade reporting, etc. - everything that isn't course-specific. After a couple of years of open widespread contributions, Moodle is as good as any commercial competitor.
I think you would agree that Office 365 meets approximately none of the requirements. Consider Adobe recently decided to make all of their software subscription / cloud only. Microsoft _could_ therefore do the same with Office. Knowing that, reread this sentence:
> be independent of the goodwill of the city's computer system suppliers and the conditions imposed by these suppliers.
Or they just hide the errors, present them as someone else's fault, or it's "not on the tasklist" and thus never gets addressed. I've certainly seen all of these, with both open source and closed source. But closed source is more prone to pretending the problems do not exist, especially when the major security groups have agreed not to publish flaws that there is not yet a patch for.
"Didn't read everything..." And so you have no idea WTF I'm talking about.