Thursday, 26th June 2008 - 00:00CET
Open source software
Linux Mandriva and Open Office Write, two examples of open source software (OSS) which the Maltese government could consider to deploy as part of its new attitude towards OSS.
The Maltese government is ready to consider the adoption of open source software (OSS) which is developed in the public since its source code is made available for modifications before implementation. This translates into substantial cost saving when compared to vendor-specific software.
Taking the cure from the European Commission and national governments around the world such as the French government, the Ministry for Infrastructure, Transport and Communication (MITC) has just published a paper outlining its views on OSS and its possible adoption in the public service.
"The Maltese government will seek to identify and implement the most advantageous solutions for its operations," a spokesman for MITC said. "OSS is increasingly becoming more stable and polished. This is why we are extending our ongoing research for the most cost-effective ICT solutions to include OSS options."
Indeed the document mentions the financial savings as one of the major advantages of adopting OSS.
"At an educational level, one of the major reasons for the lack of technology use in schools is the cost of licensing. The lower capital cost for acquiring open source enable new opportunities for schools which often operate on very low budgets. At a business level, it is often observed that open source does not offer a 'lock-in' strategy where the company is confined to a particular product often dependent on one vendor through the partner network. Total cost of ownership for open source software, including the customisation to add new functionalities, can be much less expensive than proprietary alternatives. For large consumers, including government, this can translate to significant cost savings," the document says.
OSS is considered by many as directly opposed to vendor-specific proprietary software, with OSS earning the reputation of being a sort of freedom movement to liberate the computer users from the financial and technical shackles imposed by software giants like Microsoft. The document tries to dispel such a view.
"There is a pervasive impression that the two are not compatible. This is not the case and the two can co-exist. This is why the ministry's first job will be to test and prove the compatibility with existing vendor-specific applications and their ability to co-exist with OSS."
In recent years the Maltese government has signed several vertical strategic alliances with major software makers such as Microsoft, SAP and Oracle. However, the MITC spokesman confirmed that the introduction of OSS does not preclude commercial vendors such as these.
"We believe that commercial and free and open source software can very well co-exist together. This government will ensure that it will strive to obtain the best of breed whether vendor specific or otherwise when dealing with its systems. 'Best of breed' that is in so far as cost, functionality and business continuity," he insisted.
The issue here is one of interoperability, but the document reassures that initiatives exist to foster an open engagement mainly between proprietary-software and open source communities. It encompasses a broad range of facilities, events and resources supporting interoperability.
The document mentions by name OSS software that are valid alternatives to Microsoft's software that dominates the PC and server software market, such as Star Office and OpenOffice suites, and Linux operating system.
Malta's 'Smart Island Strategy' includes a number of initiatives which will be deployed by government in order to propagate the use of open source at community, economic and societal level. As part of its e-inclusion programme, a number of the new centres to be opened as part of the community technology learning centres network (which already includes 12 centres) will be based on open source software to foster an open source culture.
Furthermore, the MITC is preparing to engage in a public consultation on the use of OSS in terms of social opportunities they provide. There will be a pilot use of a number of OSS desktops and office productivity applications in a school environment. The pilot will seek to prove the opportunities OSS provide while instilling the concept that there exist alternatives to traditional desktop software.
i-Tech asked MITC whether this pilot in schools could disrupt the work of students whose ICT lessons, and even the ECDL certification, are still based on Microsoft software.
"It would be unwise if the OSS will be adopted with some shock Big Bang approach; government feels it should promote awareness among students of all the options available in the market. In this regard, as policy makers we should ensure that our ICT educational policy is, as far as is practical, not vendor specific," the ministry spokesman said.
The government's caution is also reflected in the fact that after 16 months following the launch of Microsoft's Windows Vista operating system, new computers in the public service still have to be purchased or hired with the older Windows XP. Now, with active interest in OSS alternatives such as Linux, options are wider but choices tougher.
"A new OS always poses a challenge when deployed on a large scale. We are by no means the only organisation in the world to hold on to the current Windows XP desktop environment for the time being, particularly because of its stability and merits. We'll take other steps when we feel this benefits the efficiency of our organisation," the spokesman insisted, refusing to commit himself with a target date.
Malta's small size can turn into an advantage even with OSS. The Maltese government is ready to look into projects that exploit our country as a test-bed for nationwide roll-out of OSS applications in other countries.
RSS
Comments
Software is bound to the language/platform it's written in. If the language/platform doesn't exist on a particular OS, it has nothing to do with whether it's properly written. All you have to do is look at the LONG list of software that doesn't work in Vista or 64-bit Windows. The OS is NOT backwards-compatible. Some will work, some won't, however well written.
Your statements about GS shows a misunderstanding of the GPL. You CAN use GPL software in a commercial environment. You CANNOT integrate the GPL software in your closed-source products. If you're a user you're fine. If you're a developer you need to read all licenses carefully. Besides I never said OSS=freeware. Freeware does not include the source code or the ability to modify it.
Your comments about patent infrigement also shows a lack of understanding. A patent holder controls ALL rights to the invention. They can make royalties prohibitively expensive, or can demand unrealistic terms, or simply prohibit all use. If a product infringes, they can sue the producer or anyone who uses it. The fact that it's more profitable and easier to go after the producer is a different issue.
"I worked more than 3 years for Computer Associates on large projects usually Unix based (Sinix, Solaris, Linux, etc)."
Well, I think I see the issue here. The last release of Sinix (based on a Microsoft version of UNIX) was in 1995. That's a long way off from the Linux of today, in the same way that Windows 95 so far removed (some would argue) from XP.
"So believe me I know the pros and cons of both worlds pretty good."
Personally, I've only been dealing with Linux from RedHat v5.2 and Windows since NT v3.5.
"The Problem with the Linux community is that it takes everything religious instead of looking which solution is best for which task! "
Nothing religious about it, this is technology, these are facts. BTW, got those sources?
Once again, I ask you, please, join in the MLUG discussions, you really will find a warm welcome.
Iain.
Well, if "your" library does not work on the 64 Bit machine then because it is not properly written at all. If it would be written correct it would work on the 64 Bit machine!
Regarding Ghostscript I just advice you to contact always Artifex before you roll it out in an commercial environment. You will be suprised how easy it is to breach the GPL license and in that case you need the commercial license. I myself had a long email conversation with them about 3 years ago!
But that was not the issue here. Ghostscript is just an excellent example that you cannot simply say open source = freeware!
Regarding whom to sue for patent infringements in commercial software I suggest you check a bit about product liability (which you cannot limit via EULA, etc)
Ghostscript is free to download, free to use, and - for other OSS - free to integrate into other products. It was written by one L. Peter Deutsch for the GNU project and released under the GPL. Artifex currently own and administer it and profit from licensing it for commercial distribution, among other things. Many serious commercial organisations and governments use Ghostscript-based PDF creators. It's only to integrate it with your own closed-source products that you need to buy the commercial license.
If any product infringes a patent, the patent owner decides whom to sue, and can sue ANYONE using it - open-source or not. If the infringing software was made by a rich fat company, that's the likely target - because it's more likely to produce a big payoff than Joe Schmoe at his computer desk at home.
I worked more than 3 years for Computer Associates on large projects usually Unix based (Sinix, Solaris, Linux, etc). CA is still doing nearly half of their revenue with such projects. So believe me I know the pros and cons of both worlds pretty good.
The Problem with the Linux community is that it takes everything religious instead of looking which solution is best for which task!
Well, it is not the fault of VB6 or 64 Bit if your device does not work properly. It seems the producer of that library just did not know how to do the job right!
Of course Ghostscript is higly expensive. If I remember right it cost a 5 digit dollar sum. There are just to many people around which think opensource=freeware.
If you do not belive me just contact the owner (Artifex) of Ghostscript: http://www.artifex.com
That is exactly one of the reasons why serious commercial organisations do not use free PDF Creators based on Ghostscript!
Patents: If a Maltese company uses an opensource product which has a patent infringement the maltese company can be sued directly. If a Maltese company uses commercial products not the Maltese Company will be sued but the producer of that commercial product. That is a huge difference! What you find in EULAs does't matter in case of a patent infringement since not the end user will be sued but the producer!
Unfortunatly I get the feeling you still do not understand the issue. Sure certificates have a revocation feature. But webbrowser do not download the revocation list fully automatic because it can be extremly large! The better mechanism OSCP is supported only by IE7 and Fireforx 3. Besides that lots of certifictes do not contain an OSCP link and most CAs do not support OSCP anyway.
Currently it is estimated that still 5% of HTTPS Server are still running on weak debian certificates. Do you know how many hundred thousands that are? (http://www.heise.de/security/suche/ergebnis/?rm=result;q=debian;url=/security/news/meldung/108528/;words=Debian)
But not only HTTPS Server are effected. Just imagine that ALL your legal electronic documents of the past 2 years just became invalid. Wouldnt you call that a disaster?
Of course you as a private person can just re-create the certificates. But imagine the costs for a large enterprise. Besides that the signatures of all your signed documents, emails remain invalid!
Regarding MS01-017. Please note that that was a desaster as well and EFFECTED ALL OSes. A company (not Microsoft) issued certificates with the Name Microsoft in them but NOT for Microsoft. This is somethin OS independent!
"Believe me. I know linux and other Unixes very good [sic]". I have serious reservations in believing that statement! Certainly you are not up to par when it comes to knowledge of the mechanics of open source software development.
It appears what you are really saying is "My mind is made up, stop confusing me with the facts". I would, however, like to invite you to learn about Linux and open source software by heading over to the Malta Linux User Group and perhaps joining their mailing list: http://www.linux.org.mt/
Knowledge is power, come and learn.
Keep in mind that SSL certificates have inbuilt revocation features. I myself use Ubuntu, which is Debian-based. Before I even knew about the bug it had downloaded a fix, as well as regenerating my login SSH keys and the machine key. I don't use OpenVPN but I believe that also had some automated method to regenerate keys. If you're a CA you'd have to revoke and reissue your certificates - definitely annoying, but again - not the end of the world.
By the way.... it's not just Debian which had similar security issues. This affected every version of Windows and MacOS... but not Linux :)
http://www.microsoft.com/technet/security/Bulletin/MS01-017.mspx
No system is 100% perfect. Both Windows and Linux issue security fixes and updates. The difference is apparent if you count the cases of ACTUAL security breaches. And, where internet servers are concerned, Linux boxes are very numerous, yet they're still safer.
I've just encountered this VB6 issue myself: a VB6 component necessary to operate a device, and it can't work in 64-bit Windows. VB6 doesn't do 64-bit, and will never be upgraded. Ever.
OSS (not Linux) only produces abandonware if everyone - including all its users - lose interest. If there's ANY product that you still need, you can maintain it yourself, or get together with other interested users. With closed-source software you can't, period.
How is Ghostscript "highly expensive"??? I use gs-based products all the time and have never paid a cent.
As far as patents are concerned, it's an equally worrying issue for open-source and closed-source software. Can you imagine what would happen to any Maltese software company if it were sued by a software giant like Microsoft? They don't have to be using OSS. They probably don't even have to be guilty - such a lawsuit can, and has, bankrupted many companies before, guilty or not. And, considering that Microsoft even own a patent to "double-clicking the mouse", it's impossible to produce software that does not infringe on any patents. If you read closed-source EULAs you'll find out they're not liable.
Who learned VB6 can still use it. Nobody will stop the person of using it. In fact it is still a very popular programming language in many commercial projects.
Well, that Linux produce more abandonware is just logic. Someone looses interest and thats it. As soon you have commercial products you cannot just abondon since you are still liable, have contracts etc.
And why is open source cheaper? I know lots of commercial and highly expensive open source procducts. One example is the very populare Ghostscript.
Linux might be a very good product for home usage. But imagine a commercial organisation uses it and there is somewhere a patent infringement in the open source. That commercial organisation will be liable! So besides the training, maintaining, QA etc for opensource a commercial organisation has to check every package for patent infringements!
Believe me. I know linux and other Unixes very good from my past at some large IT companies. They all have their good points. But for a broad desktop rollout they are just not usable.
Unfortunalty you are showing with your comments that you have not understood how serious this Debian bug is. In fact it is a disaster and it will take ages and huge amounts of money till all effects are removed.
Of course the bug was fixed right away. But during a period of 2 years those debian systems produced millions of certificates with guessable keys! It is not difficult to imagine what that means! All those systems which are "protected" by those keys are now unprotected against a various amount of attacks. It does not matter if the the bug was fixed! The certificates are still around! At the moment you cannot even trust one https website since you do not know what system issued the certificate!
All documents which have been digitally signed during the past 2 years with such certificates just become invalid! Do you know what that means if you signed contracts which are not valid anymore?
So thanks to that bug we have huge liablility issues, invalid signatures, insecure https server, open SSL server, and of course the huge costs of tracking and replacing all those certifictes.
Stefan
Closed source does not maintain backwards compatibility - consider those who learned Visual Basic and suddenly found themselves with VB.NET. Oops, sorry guys. Same name, totally different product. Scrap your code and start anew. What's more, you can be forced to upgrade whether you like it or not. With open source, if they don't maintain backwards compatibility you can keep your old copy, or get together with other users and fork a new version.
Go on, try that with Windows XP. Try convincing them to keep it up to date (security fixes etc) post-Vista. Closed source IS abandonware because if the owner chooses to abandon the product will never move again. I've seen countless open-source projects created by one person/team, adopted by another, forked off by some other group.
As far as device compatibility is concerned, in most cases Linux finds every device AND already has its drivers built in. At the time of writing, Vista fares much worse in the drivers category.
Linux has come a LONG way in the past few years.
The bug that Debian found shows the difference: It was found BEFORE it was exploited BECAUSE it's open source. With Windows you'd find out when your PC mysteriously starts sending out thousands adverts for a little blue pill. Your statement that "everybody can change the source" is incomplete. Sure, anyone can change it on their own PCs but putting it back requires some scrutiny.
"google a bit you will find a loot[sic] about the desaster[sic] this bug caused."
Translation: "I cannot provide sources but will continue to cry wolf".
Again, show instances (or even one) where this bug was exploited. I suspect you cannot as the bug was fixed before it was even made public. Whilst you're at it, please also provide sources asked for previously against prior statements.
Iain.
Fritz!Box-Router (very popular in germany) Modell: 7170 are 7270 are also "poluted" with debian certificates and completly open to "man in the middle attacks". The producer AVM is urging everyone to update the firmware......
I can already imagine courses spring out of nowhere to teach the Linux OS. People already have problems in using the current Windows OS which is the most taught at the moment. Imagine using the Linux OS, where even to install a pnp device you have to do some command line work. For me it is still not a complete OS. Mac OS is even much better for crying out loud.
Having said that, the problem I foresee for Maltese government is that it has not even embraced the digital age to the full, how can they change to an OS that is still quite difficult to use?
I see failure.
do you really think OpenSSL was installed on those systems and not used to issue certificate? In private and non commercial environments it might be easy to just replace all issued certificates. In other environments all issued certificates have to be tracked down and replaced.
Furthermore do you really think that a commercial certifiaction authority acknowledges in publich that it used Debian, Ubuntu etc to generate the certificates?
If you use google a bit you will find a loot about the desaster this bug caused.
Would you buy currently something in an online store with your credit card knowing that the store might use an insecure certificate and maybe someone can decrypt the traffic to get your credit card?
Would you use currently your online banking knowing that maybe the certificate is weak and someone records your traffic with your bank?
etc, etc, etc.
The reality remains that it is very hard to find professionals that are experienced in OSS implementations, and serious efforts to address this shortage need to be taken. Hopefully this document, which i cannot seem to get my hands on, addresses the training element. If any of you know who is offering OSS training pls do drop me a line on brian.restall@pim.com.mt
So this bug has demonstrated that the argument of opensource is being cheaper it not valid. The frequently used argument that the code is better since everybody can see/change the code has been proven wrong. The fact that everybody can change the code has been proven a huge danger. Like that the bug came in and even though it is opensource nobody saw it for two long years!
1. Vienna "usablility [sic] was not given": Sources, please.
2. Debian "Problematic systems stayed issueing [sic] millions of certificates over the past 2 years": Sources, please.
the Problem of Vienna City was not only ActiveX but also user accpetance! The user simply did not accept linux as a desktop because the usablility was not given.
But much worse is the Debian Bug. It is not true that only Debian is affected and it does not matter that the bug was fixed. Problematic systems stayed issueing millions of certificates over the past 2 years. Those certificates are used by ADSL Modems for remote maintenance via https, by system administrators to access systems via SSL, shop systems to protect credit card payments etc. So even though patched systems do not issue bad certificates anymore the old and dangerous certificates are still around. I know even of one certificatation authority which has to contact all customers that they have to change their certificates. This costs of this alone a multiple of that what they saved of using Debian.
And what about the customers of this certification authority? All their digital signatures of the past years suddenly became invalid and the certification authority is liable! Who will be able to calculate that damage?
You have evidently not read/understood the articles, or are simply trying to spread FUD.
Vienna City requires ActiveX for an application, which is a Microsoft proprietary plugin, working only on their software. Please read the end of the article where Vienna also say that they have for many years used, and will continue to use open source software.
As for the Debian issue, this was a Debian only issue. In fact, Debian fixed the issue before it was exploited.
http://www.theinquirer.net/gb/inquirer/news/2008/06/13/city-vienna-dumps-linux-vista
Another issue of concern would be lacking security in Opensource. Just recently a very serious and two year old security bug was found in Debians SSL Lib: http://www.theinquirer.net/gb/inquirer/news/2008/05/14/openssl-bug-found-debian-linux
Kind Regards
Stefan Engelbert