Forgot your password?
typodupeerror

Governments, Beyond the Open Source Hype 180

Posted by ScuttleMonkey
from the hype-isn't-always-a-bad-thing dept.
An anonymous reader writes "ForeignPolicy.com takes a look at Open Source as it applies to governments and some of the reasons that a governing body may or may not like OSS. From the article: 'Governments around the world are enchanted by open-source software. Unlike proprietary software, for which the code is kept secret, the open-source variety can be copied, modified, and shared. [...] Trouble is, the benefits of open source are not always so clear-cut. Software is too complicated a creation to be captured in rhetoric, and assertions about some of the technical benefits of open source fail to tell the whole story.'"
This discussion has been archived. No new comments can be posted.

Governments, Beyond the Open Source Hype

Comments Filter:
  • by rob_squared (821479) <rob.rob-squared@com> on Tuesday May 30, 2006 @06:08PM (#15431496)
    Tell your citizens that its cheaper and they'll thank you for it. The details about where the saved monegy goes usually become obfuscated however.
    • Where does the tax-payers' money go? Well, I certainly don't want to see it supporting proprietary software while I'm 100% Free Software at home.
      • And you honestly believe a government will use OSS with no tech support?

        They will either pay someone like Red Hat to have a support contract, or spend hundreds of thousands hiring in-house techs. Tax money will still go on software, it will just be a less obscure licencing system (How many versions does Vista and Office 2007 come in?) and a nice warm fuzzy feeling from using OSS. Notice the lack of F/
        • Actually, some of us - http://dcphpconference.com/ [dcphpconference.com] - are working to demonstrate that there are many viable and useful projects out there and many of the most common/biggest projects out there have support available
        • Who cares if they pay for tech support? Then the democrats can call it a jobs program while the republicans (speaking in US terms) can call it building business and everyone will be heppy for one short minute. Then they'll be off for their next conquest.

          If it really works in the long run, which I believe that it would, it probably would boost business and it probably would put people to work in the long run as well. There are already many people employed to support the software that the government use
    • There's also the danger of them asking why the overall size of the budget is the same, taxes have increased, and schools and roads don't appear to be getting any more funding, if so much money has been saved. (Or rather, the danger of your opponent asking it in the next election year.
    • by Bogtha (906264) on Tuesday May 30, 2006 @07:07PM (#15431806)

      More importantly, not only is it cheaper, but the money that is spent on it goes back into the local economy rather than straight into the pockets of a foreign company, because the government have the option of hiring any local firms willing to do the work instead of simply whoever holds the copyright.

      • ... as are most of the body shops that install and implement these projects. There only foreign if you live outside the US. Following that logic shouldn't the US governments be supporting their own US economy and buying more software from the big boys?
        • There only foreign if you live outside the US.

          Erm, yes. What's your point? You do realise that most people live outside the USA? And that when the article talks about governments around the world, they aren't just referring to the USA?

          Following that logic shouldn't the US governments be supporting their own US economy and buying more software from the big boys?

          I don't see why. I identified an advantage that open-source has for most governments. If the advantage does not apply to a particu

    • by jbn-o (555068) <mail@digitalcitizen.info> on Tuesday May 30, 2006 @07:19PM (#15431855) Homepage
      Proprietors agree with you, which is why they're interested in cutting their prices or giving away gratis copies of their software to large-seat clients in exchange for locking government users into something that will pay off (both monetarily and in terms of control) in the future. Money is not and should not be the chief rationale by which these decisions are made or else more valuable points that pay off now and in the future will be lost.
      • You can give away all the cheap or free copies you want. If you are forcing your customers to keep track of licenses then it's still costing them lots of money in manpower to make sure they are not out of compliance. In fact it add even more of a burden because the company needs to keep track of which licences were full price, which came with computers, which they got for free and which they got at a discount for accounting purposes.

        It's a nightmare and one mistake can trigger an audit.

        It's better not to ha
      • I like the idea of "large-seat clients".

        "Mr Big, I presume?"
    • Because it works (Score:5, Informative)

      by porkThreeWays (895269) on Tuesday May 30, 2006 @07:51PM (#15432031)
      I work in municipal gov't in Florida. We use a lot of open source software in our organization. Why? Because it works. It has little to do with money. I've never been denied money for software if I can justify it.

      "Enterprise" software has never really impressed me. A great deal of the time, the guy on the other end of support is no more knowledgable than me of the product. That is when you are lucky enough to get someone who speaks english natively. So what's the point for lackluster support? (Hardware is the exception. Many service plans can guarantee you a new server in less than 4 hours).

      Highly specialized software generally has an unreasonable amount of bugs. We have one dept that has "enterprise level software", that I'm in the process of rewriting its so buggy. It's almost as if this company has no regression testing procedures in place.

      And it's always a lot of fun paying 2,000k a pop for marginal glue code between applications. God-forbid that gluecode break one side. You'll get thorwn into a fun blame game of each company blaming the other. You need complex glue code? That'll be $10,000 and 6 months. You'll also recieve a windows front end in tk with extremely complex install directions. Minor versions are incompatible. You can never patch that box because xp sp2 will break the very customized non-standard registry settings.

      People can spread all the FUD they want about open source, but I use it on a daily basis whenever I can. I have control over it and things just work. It's comical to see some of the rediculous things that go on in the closed source community. I like being able to change the ip address of a server if I have to. I don't need a license holding me back from doing that.
    • You might be able to show savings on a spreadsheet, but it is easy to put a spin on anything since it is not just straight costs, but perceived cost/benefit with disregard for hard facts. For example it would be easy in the current xenophobic paranoid USA climate to say "Sure we could save $200 million (or whatever) by switching from MS to Linux, but then we'd be using a Finnish operating system and they're communists! We can't have our Christian Nation being enslaved by dangerous Communist deviants and ope
    • It is the freedom to choose future vendors that follows with free software. You don't have a single vendor who is the only one who can inspect, modify and redistribute the code. Anyone can do that, which ensures competition, which ensures the lowest cost in the long run.

      The initial cost of free software is usually higher, as a vendor of proprietary software can sell the product below production cost, with the expectation of making the money back later in support and manitanence.

      Which again is why we shoul
    • Tell your citizens that its cheaper and they'll thank you for it. The details about where the saved monegy goes usually become obfuscated however.

      I work in a non-US government department. Our government has its own policy on Open Source (developed by another dept), which is non-committal but non-inhibiting, and little more than a document that describes the main issues with using open source. The public and politicians don't know whether we use OSS or not, and I doubt they care. (Except for one politic

    • Tell your citizens that its cheaper and they'll thank you for it. The details about where the saved monegy goes usually become obfuscated however.

      No no no, it is not about the money, you see, that is what made the Icaza's e-Mexico project fail, because he tried to sell "open source" as a cheaper alternative.

      The real benefits for open source software is in the freedom and openess, you see, with closed source, the taxes that people are paying can go directly to developers of OpenSource from the country OR the
  • by Anonymous Coward on Tuesday May 30, 2006 @06:09PM (#15431504)
    This article is written by a Ms. Caroline Benner.

    And if we look her up, we find... [washington.edu]
    Caroline Benner previously worked as policy researcher for Microsoft's Geopolitical Policy and Strategy Group
    ...as her only listed non-media job on at least one version of her bio.

    Just saying.
    • by jmorris42 (1458) * <jmorris.beau@org> on Tuesday May 30, 2006 @06:14PM (#15431536)
      > Caroline Benner previously worked as policy researcher for Microsoft's Geopolitical
      > Policy and Strategy Group

      Ya know, I knew something like that was coming before I clicked into this article. The summary alone smelled of astroturf. But they do it because they realize while we will spot the paid 'independent scholarship' almost instantly the intended audience either won't.
      • by Bimo_Dude (178966) <bimoslash.theness@org> on Tuesday May 30, 2006 @06:23PM (#15431592) Homepage Journal
        FTA:
        Software, with its millions of lines of code, is so complicated that experts don't know for sure that open source has fewer bugs, nor can they say with certainty that having fewer bugs makes open source more secure.
        It seems to me that this may be all the evidence we need of astroturfing. While I don't really know for sure if this statement is true, there is a glaring omission in the article where the author neglected to compare the time-to-patch for bugs between FOSS and closed software.
    • Now it makes sense how everytime a benefit of FOSS was seemingly touted there was a "but" usually ending with "and proprietary software can also do this".

      Even with an obvious example like FOSS being easy to localize to one's local language it was asserted that "Microsoft makes a living out of making its software customizable while still closely guarding its source code". Sure it can but it doesn't, at least not until it's profitable. Which is understandable, but with FOSS speakers of unpopular languages d
    • by Anonymous Coward
      Absolutely. This is horseshit.

      I write proprietary software; and I write it primarily for government organizations (and maybe some private companies, but they have yet to express an interest). No, I'm not willing to ID myself here, hence the coward bit.

      Here's some more FUD for you: the article author makes an association between For-Profit Corporations and proprietary software, on the one hand, and no-corporation amateurs and F/OSS on the other.

      I see this association all the time, and it annoys the hell out

      • by cp.tar (871488) <cp.tar.bz2@gmail.com> on Tuesday May 30, 2006 @07:29PM (#15431915) Journal

        Good one.

        Governments could very well profit from Open source software, as well as the programmers hired to make it.

        Just because it is Open Source, it doesn't mean that the work the programmers put in is free.

        What it does mean is that:

        1. Governments pay a single fee for a piece of software.
        2. The source code of said software is also available, which makes the government vendor-independent.
        3. The money goes to the local economy instead of a company which could buy the country I live in.
        4. When you need something, you have someone do it. You don't wait for the next update & bugfix cycle.

        But because of the omnipresent FUD, very few people in governments worldwide have any idea whatsoever about these things.

        P.S.
        5. ???
        6. Profit!

  • Caveat at the bottom says it all.

    "Caroline Benner is a fellow at the University of Washington's Institute for International Policy. From 2001 to 2003, Ms. Benner was a consultant with the geopolitical policy and strategy group at Microsoft."
  • is not switching to OSS, until it works out of the box. Most people do not have the time or patience to work on getting NIC and video drivers working. Let alone the effort involved in getting mp3's, DVD's, and the what other have you.
    • by AuMatar (183847) on Tuesday May 30, 2006 @06:19PM (#15431573)
      THen they should be coming to Linux in droves. My last Windows install took 4 hours and required me to hunt for drivers all over the web, and reboot a dozen times. My last Linux install worked smoothly with all hardware recognized.
      • Your average windows user didn't install it.
      • Yeah, but Windows comes pre-installed on the computer. For your average computer user, that's a win. Zero installation time vs. an hour or two to find Linux, download it, and install it. Plus, the average user already knows how to run Windows. Why try anything else?

        Unless computers are your hobby or your profession, there is really very little incentive to try Linux, from a user point of view. The equation may be different for a government or corporate IT department. For Linux' sake, I hope so.
      • Are you including the time it takes to get Windows usable?

        The least demanding possible user will need to install and office suite and anti-virus.

        A lot of people will want some or all of: a good web browser, anti spyware, anti-adware, p2p software, messaging clients, graphics package, CD ripper, CD/DVD burder, PDF reader, etc., etc.
    • Is not your average computer user.

      For one, its more likely to use a piece of software for decades and want to avoid concerns about the vendor end-of-lifing it, and have the resources (provided it has access to the source) to arrange its own support, so it has a lot more to gain than a consumer from OSS -- which, btw, is more than just Linux. While desktop Linux may not work "out of the box" as well as Windows (a debate for another time and place), plenty of OSS software does work out of the box as well as i
    • Many Linux distros already work better out of the box than does Windows. The only version of Windows that supports your hardware is the one that came with the computer--install from scratch with a plain Win-whatever disc and you'll be hunting for drivers all day, plus another half-day insstalling enough software to do anything other than surf the web.

      If my HD dies right, then I can't just go to the store, buy a new HD, and re-install, because Sony just installed a hidden partition on my HD, and didn'

  • by MarkEst1973 (769601) on Tuesday May 30, 2006 @06:14PM (#15431539)
    Why the hell would I want to entrust all my gov't operations, all my military, all my businesses' computing needs to a closed source, foreign (from my point of view) vendor... like, say, MS?

    Ok, so your military doesn't run windows. Our military runs (or at least used to) Solaris and HP-UX... but those are closed source, too, and owned by a foreign entity.

    In the end, open source provides me -- as a sovereign nation -- the ability to control the critical pieces of my own infrastructure.

    That's how I (as a person) see it, anyway. Whether or not foreign governments agree, I don't know.

    • Our military runs (or at least used to) Solaris and HP-UX... but those are closed source, too, and owned by a foreign entity.

      Sun has been providing OS sources to third parties for forever and a day. I realize it's BSD-derived but even I have access to the SunOS4 sources. Someone actually using SunOS5, especially a government defense entity, should have little trouble.

    • by khasim (1285)
      This isn't just about control. This is about jobs.

      With any closed source software not written in your country, you're importing it and sending your money to another country.

      If you pour some cash into your education system and train up your own programmers to modify the Open Source code to suit your needs, you're investing in your own people. The money stays in your country. Those programmers pay taxes to you on that money.

      And you've got to realize that this is going to be a very important field in the futur
    • But then again, would you want your government and military running something that anyone could change?

      I for one would rather have a closed source product, where people could be held accountable for their mistakes.
      • How does using open source software mean that anyone can change it? What, you think any member of the public can log on to a government server as root and start changing stuff?
        • Valid point.

          However, they can still examine the source to find bugs with it. Hard to spot Buffer-Overflow soon turns into a nuclear missile launch. Hyperbole, sure, but it shows the point.

          • Yours is also a valid point. In terms of intrinsic security I don't see much of an advantage either way; while it's theoretically possible to find a vulnerability in OSS that somehow no one else has ever discovered, it's also the case that if someone finds a vulnerability in closed-source software, they're not allowed to report it, so it never gets fixed. There are other issues with proprietary/closed source software, but I think that's the biggest one at present.
  • by Anonymous Coward
    From the "fine" article:

    To put it another way... M$ shill!!
  • by linvir (970218) on Tuesday May 30, 2006 @06:18PM (#15431568)
    In practical terms OSS is only relevant as a part of a wider policy. Brazil's Digital Inclusion [wikipedia.org] (Google translation [66.249.93.104]) is a good example. OSS barely even figures in the rhetoric for this. It's just one enabling factor.

    This is how it's always going to be as well. Example: People don't move to Firefox because it's open source. They move to it because they're told it's better than IE, and they then stick with it because it's demonstrably better.

    At the end of the day ideology is irrelevant to most people.

    • At the end of the day ideology is irrelevant to most people.

      You were talking about Open Source .... and then you switched to Free Software rhetoric.

      Open Source isn't an ideology. If Open Source isn't (as you say) demonstrably better for you (yes, in part because of freedom), then you shouldn't use it. We won't think the worse of you, either.
  • Nice to note that this is an ex-MS employee. But the person doesn't debunk a single claim, just throws out some "uncertainties" to muddy the arguement. And it's not just foriegn governments i'd worry about. I don't want MS or whoever having access to government records and information without anyone else's knowledge. Now it'd be product suicide if they did so, but it's still a risk i wouldn't want to take. The government, IMO, should use FOSS (or at least OSS) whenever they can unless a proprietary sol
  • by Angostura (703910) on Tuesday May 30, 2006 @06:21PM (#15431582)
    On the one hand the article summary claims:

    "Trouble is, the benefits of open source are not always so clear-cut. Software is too complicated a creation to be captured in rhetoric"

    While at the same time giving us a splendidly succinct piece of rhetoric:

    Unlike proprietary software, for which the code is kept secret, the open-source variety can be copied, modified, and shared. [...]
    • From the article: "Software, with its millions of lines of code, is so complicated that experts don't know for sure that open source has fewer bugs, nor can they say with certainty that having fewer bugs makes open source more secure."

      That argument proves too much. If it is impossible to be certain that any software is bug-free and/or in other ways insecure, it is all the more important that one be able to examine the source code.

  • Poorer Countries (Score:2, Insightful)

    by runlevel 5 (977409)
    I think poorer nations have the most to gain from employing open source software. The lower real cost of obtaining and updating computer systems (when using open source options) enables them to build infrastructures that would cost many times more to operate with closed source OS's and apps.
    • I think poorer nations have the most to gain from employing open source software.

      Immediately yes, in as much as there's a zero purchasing cost, so they can immediately obtain software, where they may not have been able to afford a proprietary equivalent.

      However, the real benefits of open source come with the ability to modify it to your own needs. Poorer countries are unlikely to have either the skilled developers nor the wage money to be able to make any concerted effort in this area. More affluent nat

    • ... except that qualified people to implement open source solutions cost more than those qualified to implement Windows solutions. Sure, the software's free, but the labor goes sky-high.
  • There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy.

    Use the best tool for the job, regardless of philosophical ideal.

    Which isn't to say that access to an application or platforms source code isn't a consideration when looking for whats best. Likewise budget is also a concern. But do not avoid a good solution, just because you feel that all software should be "free".

    • Use the best tool for the job, regardless of philosophical ideal.

      Bzzzt, wrong.

      Governments are based on ideals. Such as democracy, freedom, equality, whatever.

      A tool that blatantly violates these should not be used by a government, even if it is the best one. For example, many governments have strict quotes for minimum numbers of disabled employees even though they would probably "function" better without.

      Free Software is important because it prevents data lock-in. One of the main reasons for Free Software b
    • Sure, use the best tool for the job. Or, in the case of government, use the tool suggested by the largest corporate donor to the most influential Senator or Congressman in the subcommittee in charge of making the decision.

      Open Source has trouble making inroads into government because Open Source has no lobbying power. Certain large open source providers may have some lobbying power, but it pales in comparison to Microsoft's. You may see certain corners of the government using OSS in certain limited circu
    • Not enough room for the final "s" in the subject.

      Anyway, this "Use the best tool for the job, regardless of philosophical ideal" sounds nice ... and it may even be applicable for short term goals.

      BUT ... we build the tools we use. If the tools that suit your philosphical ideals are not sufficient to the task, then make them sufficient.

      It's only code. And governments have the money to hire the people to write the code that is the tools.

      If there isn't an Open Source tool that will work for the project due nex
    • There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy.

      You will understand that quote when you solve "what daddy is doing."

      Too obscure?
  • by burningion (936461) on Tuesday May 30, 2006 @06:34PM (#15431655) Homepage
    Open Source is really a threat to most governments. Open source software gives everyone equal access to the same tools, regardless of social class. It threatens the entire model of top-down hiearchy, as open source is a means for equalizing all access to information and exchange of information. Anyone can put together an Apache webserver and begin experimenting with having their own website, for free. No need for expensive schooling, as information is freely available to teach yourself. This will become a "problem" for places like the US, where we utilize the leverage of patents and trade secrets to maintain our superiority in the global marketplace. As places like India and China quickly become more technologically saavy, our economic model becomes threatened. One of the biggest keys in the future will be the regulation of the internet, and the censoring of information. I believe the best thing for the global society is free and anonymous access to all (public) information on the net.

    Make your own DemocraKey [travelingforever.com], and help spread the technology for free and anonymous access to all information.
    • No one opposes OSS because of the reasons you give. They aren't trying to hold down the proletariat by keeping them ignorant of computing. They distrust it because it isn't based on the greed model, so they can't fathom where it came from, what motivates it, etc. It's just too disorienting to be told that a bunch of hobbyists put all this together because they wanted to, and gave it away. All the rich people like Bill Gates and Ralph Ellison, the very people who govt goes to for "expertise" (because the
  • Foreign governments aren't necessarily embracing open source because its better, but rather it is not Microsoft or tied to any other US entity (Apple or Sun). It could because of nationalism, pragmatic foreign policy, or a national security issue. Whatever the reason, no government reasonably wants something as important has the operating system of their vital computers at the whim of company based in a foreign country and subject to its policy decisions. Open source is good because it is viable alternative
  • Trouble is, the benefits of open source are not always so clear-cut. Software is too complicated a creation to be captured in rhetoric, and assertions about some of the technical benefits of open source fail to tell the whole story.

    The story is pure FUD, full of trite generalities that are intended to create doubt in the reader's mind.

    In fact, the situation is quite simple: we have two kinds of software, free and open source one, and for-pay and closed-source software. Without further information, free and
    • by rewinn (647614)

      From the Article... it is misleading to say that open source empowers people in ways proprietary software does not. Both open source and proprietary software allow you to change the behavior of a software program in significant ways without touching the program's source code

      Those two sentences go beyond mere FUD to outright deception.

      • It equates empowerment to changing program behavior without changing the source code, as if source code inspection for security flaws were of no significance; +1 FUD
      • I
  • by orzetto (545509) on Tuesday May 30, 2006 @06:53PM (#15431749)

    Running a nmap -P0 -O foreignpolicy.com, you get among other things:

    Device type: general purpose|media device
    Running: Linux 2.4.X, Pace embedded
    OS details: Linux 2.4.18 - 2.4.27, Pace digital cable TV receiver
    Uptime 175.187 days (since Tue Dec 6 19:18:51 2005)

    So it's open source, Linux, and running continuosly for 6 months. Ahh, the coherence.

    • To be fair to Foreign Policy though, they mention this upfront in their blog entry [foreignpolicy.com].
    • From the fine Article:

      Caroline Benner is a fellow at the University of Washingtons Institute for International Policy. From 2001 to 2003, Ms. Benner was a consultant with the geopolitical policy and strategy group at Microsoft.

      Just what does a software company need a Geopolitical Policy and Strategy Group for anyway? Gobal FUD? Creepy, and she's got a long history of M$ apologies and FUD to her name [google.com]. Let's review,

      • I'll leave the bullet points that are not OS-specific as an exercise to the (unfortunate) reader. But I couldn't let this one go without rebuttal.

        M$ [sic] incompetence contributes to the biggest US blackout ever by disrupting critical company communications and overloading network [sic]. The whole thing could have been prevented.

        Wow, that's a lot of links, twitter. But where's the smoking gun that directly links Microsoft to the blackout? Oh, yeah. That's right. It doesn't exist. [slashdot.org] For the second time

        • From your little link:

          This NCS analysis supports the SWG's finding that viruses and worms prevalent across the Internet at the time of the outage did not have any significant impact on power generation and delivery systems.

          Their definition of "significant" should be examined, but that's not the conclusion I was quoting. It was entirely possible that the systems were overloaded by network traffic and that's what caused them to not trigger miss alarms. That's why the issue was investigated. Whether or

  • by dbarclay10 (70443) on Tuesday May 30, 2006 @06:58PM (#15431769)
    Caroline Benner is a fellow at the University of Washington's Institute for International Policy. From 2001 to 2003, Ms. Benner was a consultant with the geopolitical policy and strategy group at Microsoft.

    Yeah. Take a look at the source. I wonder if maybe she's still freelancing for them.

    Really all the article does is point out that there's no silver bullet. She does so by pointing out that there are "claims" about open source. That's it. She doesn't dispute the claims. She just says they're claims. Unsurprisingly, she also doesn't point to the evidence of the claims.

    FUD stands for "fear, uncertainty, and doubt." This may very well be a simple, subtle form of doubt-sewing. Nothing actually inaccurate in the article, that I saw, but also called into question some faily well-proven FOSS benefits (such as a lower cost of ownership).

    About the worst I saw was:

    For example, they believe that the total cost of ownership of open-source software is lower than that of proprietary software because they avoid the expensive licensing fees that companies like Microsoft charge.

    Actually, most people I know don't consider "Total Cost of Ownership." That's a term made up by Microsoft in an attempt to make FOSS proponents look like they're narrow-minded and that their conclusions were incomplete and "irrelevant to business." Everybody I know looks at "cost" - period. "Cost", by definition, without any modifiers, *must* mean total cost. "Partial cost" or "license cost" may mean something other than Cost, capital C.

    Likewise, relatively few people I know think Microsoft licensing is the main cost in a Microsoft shop; the legions of sysadmins and helpdesk staff, as well as the lost productivity and downtime cost quickly outweight the (relatively benign) up-front cost of Microsoft software. Take a look at Red Hat's licensing - it's actually more expensive than Microsoft on most fronts. You make it up tenfold in reduced operating expenses, however, and you can save even more in operating expenses if you go with a more technologically advanced flavour such as Debian GNU/Linux (you also reduce the up-front procurement costs as well).

    Bah. I can't believe I wasted five minutes debunking this Microsoft-shill fluff piece.

    • Actually, most people I know don't consider "Total Cost of Ownership." That's a term made up by Microsoft ...

      The IT services department at the university where I work did consider precisely that, specifically and explicitly, using that exact phrase, and chomped on the MS bait -- hook, line, and sinker. And, purely by-the-by, now they specifically and explicitly refuse to support Linux or BSD. (Oh, they support OS X; that's somehow "OK" -- it's just Linux that's not "OK". I wonder what kind of dealing wen

  • by i am kman (972584) on Tuesday May 30, 2006 @07:08PM (#15431810)
    No, No, No! The headline and much of the article is extremely misleading).

    Sure, governments are starting to use Linux as the ONLY viable alternative to the hated Microsoft.

    But that's it. While Linux is open source, open source is not defined by using Linux.

    Much of the US government explicitly bans open source and I've supported 2 foreign government contracts that also had explicit anti-open source requirements. And they ban open source specifically because it is a potential security risk. In fact, it seems quite reasonable to question why the US (or European) countries would want to use open source code that may have been developed in China or even France (or others countries well known for their industrial espionage).

    In any case, who the hell actually believes open source is MORE secure simply because they publish their millions of lines of code? Like ANY customer is actually going to look at the code.

    Ok, before flaming, I agree some, well tested, well accepted, and well controlled open source with blessed versioning is more secure (probably MUCH more secure) because of exhaustive testing and support by real companies, but that's VERY different than arguing it's more secure governments can peek at the source code.

    As a side note, open STANDARDS are a completely different topic and all governments want, love, and support open standards. Unfortunately, Open Source and Open Standards are very often confused by governments and government contracts.

    That said, some countries like open source because it providesa competative advantage. For instance, China is rapidly excelling in HW production so open source acts to undermine the competative advantages more developed countries have built up in their commercial software industries. (That, and open source allows the Chinese government to insert all sorts of filters in place, but that's a different story).
    • In fact, it seems quite reasonable to question why the US (or European) countries would want to use open source code that may have been developed in China or even France (or others countries well known for their industrial espionage).

      I'd say inserting code in open-source software for industrial espionage purposes would be very risky - you have no way of knowing who's looking through your code and might spot it and embarrass you by revealing it. On the other hand, doing the same thing with closed-source
  • Ok, so I see the new tags under each story. Now, how do I actually browse by tag? For example, how do I find all the stories tagged as web20? Isn't that the point of tags? I'm probably just not doing something right, but when I click a tag, it just pops up a little window allowing me to enter more tags.
  • by grcumb (781340) on Tuesday May 30, 2006 @07:34PM (#15431951) Homepage Journal

    Benner's article states:

    'In a 2002 letter to Microsoft, Peruvian Congressman Edgar David Villanueva Núñez noted that, "Relative to the security of the software itself, it is well known that all software (whether proprietary or free) contains 'errors' or 'bugs' (in programmers' slang). But it is also well-known that the bugs in free software are fewer." Yet, ask computer security experts and they'll tell you that's not necessarily true. Software, with its millions of lines of code, is so complicated that experts don't know for sure that open source has fewer bugs, nor can they say with certainty that having fewer bugs makes open source more secure.'

    This statement is true, as far as it goes. But it ignores something that's far more important than the opinion of a computer scientist: empirical evidence. No matter how you measure it, FOSS software is successfully exploited far less often than proprietary software. In many cases, the differences are striking. There are, for example, effectively no Linux viruses in the wild.

    Even in cases where FOSS is the dominant application (like the Apache web server, for example) the number of successful attacks are so much lower that there is no effective competition from the alternatives.

    So the key here is not whether software is provably secure (i.e. auditable) but that it's effectively secure. The difference here is subtle, especially to those who don't understand software. It's something crucially important, however.

    There's another issue here that's at the core of the Free Software philosophy: process. The FOSS software development process is based entirely delivering quality software. In fact, development cycles and processes often sacrifice convenience for IT folks in favour of solid code. Proprietary software is almost always driven by business priorities which sometimes - but not always - put a low priority on software quality.

    Another quotation from the article:

    'There are really two reasons that it is very difficult to know whether software is secure [....] The first reason is that even the simplest software program consists of hundreds of thousands to millions of parts, and potentially all of these have to be correct, or the system may have security vulnerabilities. The second reason is that we have no technology for systematically checking that the parts are correct and fit together in a way that ensures security."'

    Both of these points (that even simple software is hopelessly complex, and that there is no systematic way to test intereactions between software) are inaccurate. It's like saying that human bodies are composed of billions of cells, so we'll never be able to measure a person's health.

    Unix-inspired systems usually use a 'toolkit' approach, in which a number of small, special-purpose tools are brought together to perform complex tasks. The result is that each individual part is very well understood and performs its task(s) in a clear fashion. So, while it may be true that it's hard to document every possible interaction between software elememts, that's not nearly the problem the writer makes it out to be.

    The article concludes:

    'Software becomes more interesting--indeed, rhetoric-worthy--when it promises a better future. Open source may well deliver that promise, but computer science is too young a discipline, and there is too much we do not yet know about software to be so sure.'

    This is a silly argument, especially in an article that claims to compare two alternative approaches to software. Computer science is not a young discipline, even if you compare it to physics and mathematics. The fundamentals of computing were understood even before we had computers to test with. The assertion that we just don't know enough is just plain wrong-headed.

    Furthermore, even if it is true that we don't know enough, shouldn't that be an argument in favour of open source, where at least nothing is deliberately hidden?

  • It's impossible to tell how many bugs pieces of software have because they're so complex. In other news, it's impossible to tell which animals are smarter because brains are so complex.

    "auditing any source code in order to ensure there are no security vulnerabilities is nigh on impossible"

    True, if the auditor is a government, even a large, well-funded government. If the auditor is the entire computing population of the earth, it's easier.

    Which gets us full circle: the way you find faults an exceedingl

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser

Working...