a day ago
This really seems to be obvious. Brazil has such a legislation[0]. However, the code for the important payment service called Pix, developed by the Brazilian Central Bank, is nowhere to be seen. Laws alone are not enough.
[0]https://www.gov.br/governodigital/pt-br/plataformas-e-servic...
a day ago
Which is incredibly sad, there's nothing special about it, it is actually a bad sign this is not public.
a day ago
I dig the initiative. Unfortunately, I'm afraid the petition either will not fullfill its target number of signatures or gets denied to be acted upon. Our public sector is too corrupt to make public software contracts transparent like this. Overly expensive and prolonged projects would look even more suspicious with the code (and possibly progress) being publicly available.
4 hours ago
I remember a few years ago that an activist businessman started a campaign against a comically overpriced website for buying the highway stamps:
https://www.wmcgrey.cz/hackathon-znamkamarada/
Sure, it was a bit of a rant because said entrepreneur probably had his own bid rejected.
a day ago
I think libreoffice suffers from a branding style issue more than anything else. It's not like Office 365 is inherently superior, but it looks like it is straight out of 2006 and that negatively impacts the users perception of it.
My hunch is that if maintainers were to invest into making it look more like Office 365 (purely in a cosmetic way), the opposition to using libreoffice would reduce significantly.
And for the old timers that will run to "Office 2007/10/13 was the best version and had the old UI". I get it and agree, but the average person likes nice things that look up-to-date.
a day ago
Agree with the ‘Oldtimers’ with the exception of the recent additions of LET() LAMBDA() REGEXTRACT() XLOOKUP() etc..
a day ago
I'd argue this is not as big of a factor in governments as it is elsewhere (plus, they already use software that's way worse than LO in terms of UI/UX).
It's more that someone somewhere gets their % when selling them the commercial software, be it Microsoft or someone else.
a day ago
Are there government functions which CANNOT be done on Linux or LibreOffice?
a day ago
Yes if Microsoft can have a say, all of them.
Look at berlin / ms
a day ago
Amazing step towards saving tax payers money and avoiding foreign proprietary software. I hope to see more governments moving in this direction. The only problem is, certain systems may end up being a maintenance horror story.
a day ago
Realistically there's no reason government can't use open source software and open formats especially.
Last time I had to fill out a government form in Canada, it was a PDF that only opened in the Windows desktop version of Adobe Acrobat... Even the Android version couldn't open it. Super annoying and completely unnecessary.
Edit - I don't even care if they keep their server code proprietary. But just use free formats, save our taxpayer money on stuff like Windows and Office licenses, and make it easy for citizens to interact with them. I'd even rather they hire some more local devs than send money out of the country.
a day ago
> Realistically there's no reason government can't use open source software and open formats especially.
> Last time I had to fill out a government form in Canada (...)
Without any evidence, let me argue why maybe it shouldn't. In the past, a common opinion that I have heard is that open source is more secure because all the code is out in the open.
The recent xzutils backdoor attempt [1] kind of led me to believe it's not really true, it's only true if many good-actor eyeballs, which are willing to donate their time for public benefit, are on the code.
Almost all of the government's code that I interact with are web apps that are potential targets of foreign adversaries -- tax filing web apps, prescription + vaccination scheduling web apps, family benefit applications, and more. (This is not in Czechia, but close.)
Now, would I want to read that web app code? Not at all, I couldn't care less about it. However, foreign adversaries would love to immediately start analyzing it. Extracting the entire country's health data or tax data would be a goldmine.
And even though there probably are several people actively paid to maintain security of these systems, I feel that the foreign adversarial agents would be much more motivated (and better paid) than government employees/software developers.
You could make a opt-out for national-security purposes for the code, but I feel almost all the code a government works on would have such an impact when compromised.
[1]: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
(Disclaimer: I am a huge supporter of open source in general, contributed to the Linux ecosystem in the past and in my current job as an academic, almost everything I do is available out in the open in some way or another.)
a day ago
The xz backdoor was caught before anyone used it. This is typical of open source backdoors, but atypical of proprietary ones. History is full of proprietary software with backdoors which were discovered after years or decades of being actively used. Lotus notes, RSA corporation, Cisco routers, Juniper switches, Huawei everything.
We have more or less immutable history of every change leading to every release of open source software. Any backdoors you previously created under an identity could burn that identity forever. That history is not available for proprietary software. If someone adds a backdoor in proprietary software for two years and then removes it in later versions, it's totally likely it'll never be noticed.
Thinking that open source software is at greater risk of being backdoored is akin to thinking most trees in the world grow along the road, just because you drive everywhere and have never been inside a forest.
a day ago
Every country already has a special government agency that deals with keeping stuff protected. In fact you tend to think the people who know most about this are in government, don't you?
And it's not like there haven't been vulnerabilities found in proprietary software, despite them paying people to keep things safe.
a day ago
Crowdstrike is a recent example that comes to mind. I don't see how paying for CrowdStrike made it more secure or reliable.
I would also argue that you could take all the $$ paying for proprietary software and contribute it to people who are making the open source software, making the reliance on "free" eyeballs less of an issue.
a day ago
Microsoft has literally been hacked multiple times by Russia in the last few years. Our government lost hundreds of thousands of CRA (tax agency) credentials to hackers and had to lock millions of accounts. Other agencies have also been breached.
Meanwhile the XZ backdoor was found in Sid, Arch and pre-releases of Fedora and openSuse. It never actually made it into any numbered release of Fedora, openSuse, Ubuntu, Debian, Red Hat or Suse distro. It's actually a pretty big win and the system worked as intended.
Open source and Linux are doing just fine security-wise.
Also, none of this has anything to do with using offline tools like a word processor to make documents.
a day ago
>Meanwhile the XZ backdoor was found in Sid, Arch and pre-releases of Fedora and openSuse. It never actually made it into any numbered release of Fedora, openSuse, Ubuntu, Debian, Red Hat or Suse distro. It's actually a pretty big win and the system worked as intended.
I would maybe not go quite that far. That it got caught was mostly a confluence of lucky breaks and accidents. The second version of the exploit would likely have not been detected if not for the fact that the first version of the exploit had a couple of programming mistakes that attracted some attention to itself.
a day ago
The entire thesis behind the open source security model is to have lots of eyes on the code/program, since more eyes = more likelihood of catching it. Even if you say it's accidental, let's say the odds of catching it are 0.00001. Repeat that enough times and you get 1.
It was caught before any distro released with it. The system worked.
a day ago
If one of the Debian or Fedora developers had immediately caught on to what they were looking at when their attention was drawn to it by the failures, I would say the system worked. It's certainly true that open source saved the day here, but that's maybe different from saying "the system" worked. It easily could have gone unnoticed, or been noticed a few weeks later.
19 hours ago
It could have also been noticed earlier. Maybe it was luck it was detected so late?
19 hours ago
As a Czech, how do I sign the petition?
5 hours ago
Click on the link and you will find the button for signing with Identita Občana
a day ago
See also: https://publiccode.eu
a day ago
Really wish this was a EU-wide directive. Code produced with the public's money really should at the very least be public, but even better with a permissive license.
FOSS is already in the blood of Europeans, now we just need the legislators to realize this is a good thing, and foster the ecosystem even more!
a day ago
Why only code?
Anything funded with public money should have same proportion going back to the public (the organization running the area which funded it).
For example: a 100% EU money funded innovation should be free for everyone to use within EU and outsiders should license a patent.
50% public funding from state of Norway, then state of Norway has 50% ownership.
And so on.
a day ago
I guess software is a good enough start.
a day ago
I wonder there is not already such a petition in the EU or Germany. I searched, but didn't find any. Somebody who wants to create one? I'm not that good in writing such texts:
Europe: https://www.europarl.europa.eu/petitions/de/home
Germany: https://epetitionen.bundestag.de/epet/startseite.nc.html
a day ago
> Germany
Ongoing discussion:
Digital Minister wants open standards and open source as guiding principle (heise.de)
a day ago
Was going to mention the same. I do feel like there is some connection there.
The new digital minister seems to be doing well. He used to be CEO of an electronics retailer with mixed to negative reputation in nerd circles, but he also has a physics degree and has software experience in the trenches, so I wasn't sure what to think of him.
a day ago
I'm keeping my fingers crossed! Hopefully it won't just remain at the announcement stage.