Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bulgaria Got a Law Requiring Open Source (medium.com)

Posted by msmash on from the affinity-for-open-source dept.

All software written for the government in Bulgaria are now required to be open-source. The amendments to put such laws in motion were voted in domestic parliament and are now in effect, announced software engineer Bozhidar Bozhanov, who is also an adviser to the Deputy Prime Minister at Council of Ministers of the Republic of Bulgaria. All such software will also be required by law to be developed in a public repository. Bozhanov writes in a blog post:That does not mean that the whole country is moving to Linux and LibreOffice, neither does it mean the government demands Microsoft and Oracle to give the source to their products. Existing solutions are purchased on licensing terms and they remain unaffected (although we strongly encourage the use of open source solutions for that as well). It means that whatever custom software the government procures will be visible and accessible to everyone. After all, it's paid by tax-payers money and they should both be able to see it and benefit from it. As for security -- in the past "security through obscurity" was the main approach, and it didn't quite work -- numerous vulnerabilities were found in government websites that went unpatched for years, simply because a contract had expired. With opening the source we hope to reduce those incidents, and to detect bad information security practices in the development process, rather than when it's too late.

62 comments

  1. Cool by Anonymous Coward · · Score: 1

    This seems like something all open governments should do.

    Not because RAW RAW open source! but because it assures standards adopted by the government are open to competition

    1. Re:Cool by Anonymous Coward · · Score: 0

      it assures standards adopted by the government are open to competition

      Care to explain that? Open source can (and usually is) copyrighted. It has nothing to do with competition.

    2. Re:Cool by Alwin+Henseler · · Score: 5, Informative

      Care to explain that? Open source can (and usually is) copyrighted. It has nothing to do with competition.

      It does: you may regard the code itself as documentation. Describing a process, some method of calculation, a file format processed, etc. Which in turns makes it easy to write a competing implementation that does the same job.

      For closed source software that is much more difficult. It doesn't even matter whether the code is open in the "libre" sense: as long as you can inspect the code, you can figure out what it does. Same with copyrights: that serves to give author(s) some control over copy & paste style use of the code. But it doesn't prevent others from writing a competing implementation.

      Having code that's actually "libre" open source is still nice though for other reasons.

    3. Re:Cool by Anonymous Coward · · Score: 0

      and most open source code allows for derivative works

    4. Re:Cool by Anonymous Coward · · Score: 0

      really because it seems to me the most commonly used open source licences in no particular order are BSD, GPL and Creative Commons share alike

    5. Re:Cool by Anonymous Coward · · Score: 0

      For the user, competing solutions are good. The government, and the tax-payers are users. The only losers of this could be big foreign software companies who have not adopted open source yet.

    6. Re:Cool by RabidReindeer · · Score: 1

      You evidently haven't spent much time looking at other people's source code.

      Sometimes it can be literally easier to disassemble and/or reverse-engineer some people's code than it can be to make sense of their original source.

    7. Re:Cool by Anonymous Coward · · Score: 1

      Well the most useful technique for understanding code is to run it under a full system tracer like dtrace, find out what bits of the code actually run when, and then go and modify them to see what happens when changes are made. I don't get much from static analysis whether it's reading code or reading disassembly listings.

      It's like when you crack software, one very effective technique is to just nop out function calls by guessing, and then run the changed software, see what effect it has. Another one that works great on software that has symbols left in, is to just use the linker to delete symbols from the code and replace them with do-nothing functions. I do this so often, I wrote scripts and tools to pull out the type signatures and automatically noplicate candidate functions.

      My favourite "crack" that I've done recently, was to crack the "open source" GPL TigerVNC client for Windows. This thing is uncompilable, and has or had a bug where the bell would play a sound regardless the "audible bell" setting in the control panel. After utterly failing to make it compile, I just whacked it open, found the call to SomeWindowsMMEApiWithABadNameExW() and nopped it. Bye-bye annoying unconfigurable bell.

      Knowing how stuff works is more powerful than source code. I know how ABIs work, I know how to use debuggers, disassemblers and linkers and hex editors. I have no idea how some of these bizarre build scripts are supposed to work (they don't, so how to RE them?).

      So, Amen brother. RE for life. RE for justice.

    8. Re: Cool by Anonymous Coward · · Score: 0

      Interesting. Could you provide some links showing how to learn this stuff? Linux debugging seems to be a secret known only to a select few and hidden from the masses.

  2. FOSS in Bulgaria by Anonymous Coward · · Score: 0

    "Linux is cancer"

          -- Steve Ballmer

    1. Re:FOSS in Bulgaria by matbury · · Score: 2

      "Linux is cancer" to proprietary closed source charge per seat-based business models ;)

    2. Re:FOSS in Bulgaria by RabidReindeer · · Score: 2

      "Linux is Communism".

      Oh wait, so was Bulgaria.

  3. Not for long. by Anonymous Coward · · Score: 0

    TTIP will take care of that and pretty much everything else.

    1. Re:Not for long. by HiThere · · Score: 1

      Not so. The TTP is trans pacific. The one being negotiated with the EU is separate.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    2. Re: Not for long. by pjabardo · · Score: 2

      That is why the parent Said TTIP, notice the I.

    3. Re: Not for long. by Anonymous Coward · · Score: 0

      He is mixing them up completely, the Trans Pacific Partnership is TPP, not TTP.

    4. Re: Not for long. by HiThere · · Score: 1

      O, thank you.

      I had remembered the names as being more different. (As the other poster noticed, I even got the name of the TPP wrong.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  4. Go Bulgaria! by Anonymous Coward · · Score: 0

    Hopefully more countries will follow!

  5. MS Swoops-In... by Anonymous Coward · · Score: 1

    Ironically MS is open-sourcing their stack bit by bit anyway. No other company can support software so well, in critical moments, or produce software as functional. It may be pretty, and may even involve fundamentally incompatible paradigms, but it does work well for non-techies much of the time.

    I rather think they have the potential to be both a largely-open-source company...and dominate still, because nobody moves as fast yet produces software the still works so well, with the ability to support software so well. They have, after all, not just been supporting their own, but software for thousands of other companies while they are at it (to maintain compatibility, MS actually has access to code for many other critical applications).

    Stuff like this freaked-out the Balmer's of the company, but I suspect the typical engineers there are like "when this becomes near-universal we'll be fine."

    1. Re: MS Swoops-In... by Anonymous Coward · · Score: 0, Interesting

      Microsoft O365's SharePoint Online is broken as fuck. It's so buggy and under constant changes that it's impossoble to build anything reliable on top of it. I've losst my faith in MS on that part as they don't even fix reported issues known to be globally affecting its customers.

    2. Re:MS Swoops-In... by chipschap · · Score: 5, Insightful

      No other company can support software so well, in critical moments, or produce software as functional.

      Whatever you're smoking must be really, really good.

    3. Re:MS Swoops-In... by sciengin · · Score: 2

      >Ironically MS is open-sourcing their stack bit by bit anyway. No other company can support software so well, in critical moments, or produce software as functional.

      Hahaha, let me tell you a little story about the support and functionality of MS software:

      A couple of years ago I attended a week long training course at Siemens in Germany, where they taught us how to use their CNC systems, Sinumerik mostly.
      Now in the decades past CNC was very primitive, one could implement it with punchcards. Today's CNC is a completely different beast: Its a full computer stuffed with ASICs and other high tech stuff to be able to come close to the hard realtime requirements that you need when you control a multi-kW mill mounted on a 12 axis robot going as fast as the drive allows because every second shaved of the manufacturing process is worth money.

      (Just to set the scene)

      This is something the trainer there told us when I asked him how it came to be that Linux was running on those devices, which for an ultra-conservative corporation like Siemens, seemed a bit odd to me:

      Siemens apparently used Windows XP on those boxes, modified of course. In fact to ease the communication with Microsoft, Siemens even has/had some of its employees working directly on site at Microsoft.
      Apparently however even that level of cooperation was not ideal when it came to implementing new features and working around the weaknesses of Windows.
      What really caused them to drop Windows was that one day the Engineers wanted to know if a certain feature could be implemented on Windows and how (The trainer did not say what feature it was).
      For six weeks Microsoft said nothing, only to eventually tell them that it was not possible at all.
      On a whim and mostly for fun, one engineer asked the same question about this feature on a Linux discussion board.

      Result:
      30 minutes later he had the answer that this feature was possible on Linux, along with detailed step-by-step instructions how to do it.

      Ever since then the Sinumerik boxes use Linux and the engineers at Siemens could not be happier about it.

    4. Re:MS Swoops-In... by wertigon · · Score: 1

      Sorry to burst your bubble, but Microsoft is slowly fading away, being replaced by Chromebooks, Androids and yes even Linux. They once had an iron grip on the desktop market - still has one actually - but everywhere else they are slowly fading away. Mobile is a joke at this point, tablets were never a big seller. The Enterprise they still rule and the consumer market follows that lead... For now. However, Android/Chrome is making some fierce inroads there as well.

      And before you ask, Apple platforms like OSX will never move outside their niche since Apple isn't interested in catering to everyone, only those with money and purchasing power. Which, long-term, will get them on a slowly shrinking 10% market share... :)

      --
      systemd is not an init system. It's a GNU replacement.
  6. Like Bolivia, Bulgaria to get a million chickens.. by jkrise · · Score: 1

    unless they chicken out, like Edgar Villaneuva in Venezuela etc.

    --
    If you keep throwing chairs, one day you'll break windows....
  7. Bulgaria Got a Law Requiring Open Source? by martinX · · Score: 1

    Surely it wouldn't be difficult to create a more informative, and grammatically imaginative, headline that "Bulgaria Got a Law Requiring Open Source"?

    --
    When they came for the communists, I said "He's next door. Take him away. Goddam commies."
    1. Re:Bulgaria Got a Law Requiring Open Source? by bkmoore · · Score: 2

      there, fixed it: "A Law Requiring Open Source, Bulgaria Got"

  8. In other news.. by Anonymous Coward · · Score: 0

    This just in: nobody gives a shit about Bulgaria.

    1. Re: In other news.. by Anonymous Coward · · Score: 0

      Found the USian.

  9. Software are...? by zennyboy · · Score: 2

    "Software ... are"

    I was under the impression that as an 'uncountable', software became singular, like sand.

    You wouldn't say "sand are..."

    1. Re:Software are...? by John.Banister · · Score: 2

      Instances of software are like grains of sand.

    2. Re:Software are...? by Anonymous Coward · · Score: 0

      Brits talk that way. You should reorientated your grammar and spelling.

    3. Re:Software are...? by Threni · · Score: 1

      Well, I wouldn't say "Bulgaria Got a Law Requiring Open Source" either.

      Incidentally, re:

      ---
      Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.
      ---

      I've been using Slashdot for maybe 15 years and I don't think i've never had the inability to post a comment bear any resemblence to that error message. It's usually because I've typed what I wanted to say in less than 20 seconds. I mean, I'm always behind a firewall. Isn't everyone? What's that got to do with anything?

  10. Only For A Short Time by Anonymous Coward · · Score: 0

    Once they start ordering new custom software instead of using what's already available but closed source, lobbiests will likely start complaining that the law is costing the government $$$ and should be repealed because the cost of Adobe or whatever is only $100 (nicely ignoring the amount of users allowed to use it).

  11. And how much software is that? by jader3rd · · Score: 2

    How much bespoke software is custom written for the government of Bulgaria?

    1. Re:And how much software is that? by invictusvoyd · · Score: 1

      Wordpress

    2. Re:And how much software is that? by Anonymous Coward · · Score: 4, Informative

      A lot. Every god damn ministry or government agency have their own information systems, IRS got several huge ISs, every relatively big municipality has its own ISs. All-in-all calculated in US prices accumulated worth(?) of all the ISs is probably more than $500mil. For a small country like ours this is a lot..
      And the biggest problem is not the price but the quality and maintainability of the bespoke software. Recent example: IRS is distributing free software for reporting VAT by the companies. This software trough the years was notoriously buggy and caused a lot of trouble for the business. Currently it is not even able to run on Windows 10 and there is no indication when it will available.

  12. Why didn't by Anonymous Coward · · Score: 0

    ... simply because a contract had expired.

    Why didn't the government get a new contract, or even better, a new vendor? If the government didn't know how to fix it's old problems, a purchasing guideline may not be the answer.

    ... to detect bad information security practices in the development process.

    Here's the real plan: To have other people fix the problems for the government, for free. Of course, if the government won't update it's IT services in a timely manner, the problem remains.

  13. Resume pumping by Anonymous Coward · · Score: 0

    The actual text of the law says software requires "opensource-like licensing". So, nope.

  14. Would love to see a file sharing haven country. by Anonymous Coward · · Score: 0

    I'd love for some country to go,"The Internet is a giant library. Anything that can be copied and shared is free to do so." Barring getting invaded, it'd provide your country with ready access to media, educational books, and maybe even new social media sites where you link all the media you like.

    1. Re:Would love to see a file sharing haven country. by wertigon · · Score: 1

      Iceland might be that country, seeing as their Pirate Party is poised to become the biggest member of parliament... :)

      --
      systemd is not an init system. It's a GNU replacement.
  15. the US should have a law like this. by Gravis+Zero · · Score: 3, Interesting

    seriously, having the government locked into proprietary standards does not help anyone but the makers of the proprietary software and the congress critter that made it happen.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:the US should have a law like this. by ArchieBunker · · Score: 1

      Until RedHat can write bigger checks than Microsoft not much will happen.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    2. Re:the US should have a law like this. by Gravis+Zero · · Score: 1

      MS only put $1.5M into politics, so RedHat could actually top that. that means what you have written is false.

      --
      Anons need not reply. Questions end with a question mark.
    3. Re:the US should have a law like this. by Anonymous Coward · · Score: 0

      It also doesn't make sense to lock the government into maintaining expensive code simply to maintain openness. A governments has to balance cost with openness and sadly it looks like they have gone too far one way, not everything is better with opensource.

    4. Re:the US should have a law like this. by CronoCloud · · Score: 1

      The US has this:

      https://en.wikipedia.org/wiki/...

    5. Re:the US should have a law like this. by wertigon · · Score: 1

      MS only spend $1.5M because that is what they need to spend right now. Why pay more than you must?

      If Redhat were to engage in spending wars, you can be sure that MS will follow.

      --
      systemd is not an init system. It's a GNU replacement.
  16. Microsoft are guilty of crimes against humanity by Anonymous Coward · · Score: 0

    Aiding and abetting the United States spy agencies to put the entire global public on surveillance under false assertions and events.

    The spy agencies create the fear then pretend to protect you from it but obviously it doesn't work except in news media fiction.

    They also do this whole thing on the public's dime.

  17. Domestic parliament? by manu0601 · · Score: 3, Informative

    laws in motion were voted in domestic parliament

    "Domestic" parliament? A better word have been "National" Parliament. Bulgaria is still a sovereign state, not a province of a kind of EU Empire.

    1. Re:Domestic parliament? by Shimbo · · Score: 2

      laws in motion were voted in domestic parliament

      "Domestic" parliament? A better word have been "National" Parliament. Bulgaria is still a sovereign state, not a province of a kind of EU Empire.

      Domestic is a perfectly good synonym for national. For example, in the phrase, "I will support and defend the Constitution of the United States against all enemies, foreign and domestic."

    2. Re:Domestic parliament? by John+Allsup · · Score: 1

      The more general one is of rights without obligations. One has rights to own property and resources, but not the obligation to use those resources for the best of everybody. This tacitly encourages people to use them for selfish gain, in line with our inherited caveman psychology. The results in the modern world are plain to see, and we are turning in to a race of overdressed cavemen running around with magic toys.

      --
      John_Chalisque
    3. Re:Domestic parliament? by WallyL · · Score: 1

      Bulgaria is still a sovereign state, not a province of a kind of EU Empire.

      For now.

    4. Re:Domestic parliament? by manu0601 · · Score: 1

      Except that in that case you you use "domestic" to distinguish local and foreign enemies.

      If Bulgaria has a "domestic" parliament, it implies that there is another "non domestic" parliament that is relevant (and EU parliament is not relevant as it cannot even draft a directive on its own).

  18. Murica! by Anonymous Coward · · Score: 0

    Let's hope that microcrap and friends don't complain to their employees at the White House and make then deliver freedom to Bulgaria.

    Murica fuck yeah!

  19. Microsoft and Apple can soon sue by Anonymous Coward · · Score: 0

    Thanks to TTIP and TPP, Bulgaria will soon be sued for damages to future profits.

  20. Bulgaria? by Anonymous Coward · · Score: 0

    I am from Bulgaria, I work in IT, in other words i am interested in those kind of news.... but slashdot is the first media that covers such news. I think this is some kind of mistake or WIP project. This is not yet true!

  21. Horrible idea by Anonymous Coward · · Score: 0

    Open source is not a silver bullet. Many eyes make shallow bugs only works when you have many eyes. Making something open source isn't going to attract many eyes if there's no interest in it...if it can be used for identity theft or financial robbery it will however attract criminals who will spend a lot of time analyzing every bug until they find a number of exploits and launch an attack.

    1. Re:Horrible idea by wertigon · · Score: 1

      This is not a "Open Source will fix everything!!!11!1!1One" suggestion.

      Ponder this.

      1. Government writes software.
      2. Government is elected by the people and should therefore be held accountable by the people.
      3. The only way a Government can be held accountable would be if the people can inspect what it's doing as much as possible (some areas like national security may make this problematic).

      Would it not, given these three facts, then be logical to say:

      If the government writes software, or hires someone to write software for the government, then the software SHOULD be open for inspection.

      --
      systemd is not an init system. It's a GNU replacement.
  22. Expect this to end soon by GeekWithAKnife · · Score: 2


    Huge corporations and political interests of other countries will do a lot to crush this initiative.

    This is practically communism ruining capitalism.

    Big money will look at what their market is worth (considering piracy not much) but the precedent and perception is far more expensive. I expect palms to start getting greased right about the time the growing pains of this new method reach a peak.

    Next they will want to invalidate software patents. Must be shot down quick.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
    1. Re:Expect this to end soon by Anonymous Coward · · Score: 0

      You are a total cunt.

      You can see some other cunt with mod points liked your notion that the public has less say than corporations and politicians.

      You are on a website that runs on Linux. If you run closed source you are at the mercy of the license holders for support. With open source you need to pay somebody who can code unless they do it for free. You can see the code.

      What a market is worth doesn't matter vs. the quality of the software. Marketshare is a buzzword and can be acquired by either being really good, or bundling it with devices at distribution time then pointing at headcount.

      You allude that piracy destroys market "worth". Piracy is actually called sharing unless you have a boat and actually remove the possessions of somebody else. When something is copied nobody lost anything except "hoped-for-revenue".

    2. Re:Expect this to end soon by Anonymous Coward · · Score: 0

      Right, if you read a book and let somebody else read it did you pirate it? No. They wish you both bought one but since no boats and eye patches you are more likely just a scurvy dog than a pirate. Jewish lawyers, Jewish RIAA and MPAA, along with Jewish mass media monopoly pushed this pirate buzzword along a long time ago as if getting Da-doo-run-run Da-doo-runrun stuck in your head was new.

      867-5309

      So it goes with buzzword terrorism too.

  23. Nope by Anonymous Coward · · Score: 0

    Re: "With opening the source we hope to reduce those incidents, and to detect bad information security practices in the development process, rather than when it's too late."

    This is a classic case of misdiagnosing the problem and thus coming up with the wrong solution. Open Source does nothing, repeat NOTHING, about initial build quality. Proprietary source and FOSS have all the same attributes in this respect. Fixing software bugs may be more achievable in FOSS, at least in principle.

    No, the problem here is actually that Bulgaria was not maintaining support. Witness the statement that "... went unpatched for years, simply because a contract had expired." Note that contracts expire all the time, everywhere. If you maintain support you renew the contract. In fact I'll go farther and suggest that even without contracts, internal support will often be viable, but I'll bet that Bulgaria didn't have/hire/retain internal IT personnel in lieu of contractors. These sites weren't simply without contractors, they were likely suffering from systematic neglect.

    Ultimately this is about being Bulgaria. Bulgaria doesn't have a lot of money and was likely trying to run their IT systems on a shoestring. FOSS doesn't correct that problem and mandating FOSS will do nothing to make sure that Bulgaria's IT systems stay up to date. So what if they are FOSS? If no one is looking at maintaining Bulgaria's tech infrastructure, FOSS isn't a solution.

    You can be "open" and still neglected. That's Bulgaria's problem, in the end. Neglect.