Forgot your password?
typodupeerror
Government Open Source United Kingdom Your Rights Online

UK Government Mandates 'Preference' For Open Source 123

Posted by Soulskill
from the better-late-than-never dept.
An anonymous reader writes "ComputerWeekly reports that the U.K. government 'has, for the first time, mandated a preference for using open source software for future developments.' This comes from the newly released version of the Government Service Design Manual, which has a section about when government agencies should use open source. It says: 'Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.' The document also warns against vendor lock-in. This policy shift comes under the direction of government CTO Liam Maxwell, who said, 'In digital public services, open source software is clearly the way forward.' He added, 'We're not dogmatic about this – we'll always use the best tool for the job – but open source has major advantages for the public sector.'"
This discussion has been archived. No new comments can be posted.

UK Government Mandates 'Preference' For Open Source

Comments Filter:
  • Is this real? (Score:4, Interesting)

    by rsilvergun (571051) on Saturday March 16, 2013 @02:57PM (#43192145)
    anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?
    • by K. S. Kyosuke (729550) on Saturday March 16, 2013 @03:17PM (#43192253)

      it's just another attempt to get discounted Microsoft software?

      Of course it is! What else did you think?

      -- Sir Humphrey Appleby

    • by Anonymous Coward

      More likely some MP's son / capita (delete as applicable) has just rolled a new linux distro and want to sell some 25 year service contracts.

    • by Kjella (173770)

      My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway. Sometimes I've suspected vendor involvement, but in reality it seems to be mostly people on the inside who pick the system they already know and have competence with.

      • by Nerdfest (867930)

        ... or they pick the product whose sales-weasels give them vacations and golf outings.

      • Re:Is this real? (Score:4, Informative)

        by rtb61 (674572) on Sunday March 17, 2013 @03:25AM (#43195527) Homepage

        You have to consider that for other countries M$ is a dead loss, tons of money going out with no return. Pushing FOSS means that if an offshot of a major campaign contributing company sets up in that market you can readily funnel money to them and look really good in the polls when doing so. Basically FOSS in also going to be a double plus win for pollies.

      • by xaxa (988988)

        My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway.

        The previous position was than open source software was to be selected if it was equal (in other respects) with the proprietary system. There was a document showing examples of this, e.g. choose Apache over IIS, showing that many other government departments already used Apache.

        I'm not sure exactly what this changes. Possibly just giving a bit more push for the open source solution, but that's a welcome change.

        What would be really good is if the government could recognise that there are probably many, man

    • Re:Is this real? (Score:5, Informative)

      by Jake Benilov (2867501) on Saturday March 16, 2013 @03:44PM (#43192367)
      You betcha. The Government Service Design Manual comes from GDS [cabinetoffice.gov.uk], a part of the Cabinet Office. GDS also created GOV.UK [gov.uk] - the new single domain for the UK government. The GOV.UK stack is almost entirely open-source software, which can be found on Github [github.com] under the Open Government License [nationalarchives.gov.uk].
      • I like this trend, but I think Open Government License is counterproductive Not-Invented-Hereism. It's basically a BSD-style license, but also contains an exhortation not to break British law.

        Well, British law is already an exhortation not to break British law. You don't need an extra one. They should just use Apache 2 if they want a BSD-style license ; everyone's IP legal department already knows it.

        • by jonbryce (703250)

          "British Law", whatever that might be [1] only applies to people living in Britain. Having it in the licence means you aren't allowed to break it even if you are outside the country.

          [1] There's English/Welsh law, Scottish Law and Northern Irish Law. They are similar in many ways, but three different legal systems.

      • by Anonymous Coward

        So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in .doc or docx formats?

        To be fair Cameron was pro open-source before he became prime minister, so it may well be something he believes is the right thing, but I don't think he is competent to ensure this policy is effective.

        • So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in .doc or docx formats?

          Because not everything happens at once, especially in government. Nor is the public sector is famous for agile development.

          Government, by its nature, is bureaucratic. When we're on the the receiving end of government services, we often perceive the bureaucracy as ponderous and inefficient. That's because accountability is a big part of the system. I've worked in governm
    • Re:Is this real? (Score:5, Insightful)

      by Anonymous Coward on Saturday March 16, 2013 @03:49PM (#43192389)

      Posting AC.

      There are certain public services in the UK that have real issues at the moment, IT-wise, due to the general austerity measures in place to reduce the deficit.

      There are large sections of the UK police force stuck using IE6 due to dependancies on ActiveX.
      XP is being EOL'ed next year.
      The money isn't there to deal with the situation.

      There's a lot of people campaigning for a move to open-source so nothing like this happens again.

      • Re:Is this real? (Score:5, Interesting)

        by Dr_Barnowl (709838) on Saturday March 16, 2013 @06:11PM (#43193199)

        Yeah, my lot have to manage the transition to Windows 7 for a whole bunch of bespoke applications. We got shot of IE6 and heavens, we were glad, because our stupid timesheet software used ActiveX so we had to ditch that too.

        The only thing really holding us back from moving to Linux is MS Office. The NHS had an enterprise-wide license, which a back-of-napkin estimate says must have cost on the order of £100M per year. That got dropped a while ago, I'm guessing because it was a big fat line item in the budget and made a ripe target for people saying "hey, what if we spent some small fraction of that on LibreOffice development?".

        A lot of our bespoke apps are Java and thus don't really need Windows to work. Web apps are web apps.

        But we, like everywhere, I suspect, have a large number of things cobbled together from VBA and spit, not to mention the things people do with Access. Any coherent plan to move to Linux, or even LibreOffice, needs a department dedicated to migrating VBA and Access applications.

      • by Xest (935314)

        It really does depend on the public sector service in question though.

        My local council thought it'd be amusing to blow £2million upgrading every computer to Office 2010 from Office 2007 at the same time as cutting useful services and doing nothing about inept services.

        Because of course there was some pressing feature that Office 2010 offered that 2007 didn't that the whole entire council's network required at a time when they were supposed to be streamlining and making efficiency gains.

        To be fai

      • by Anonymous Coward

        HM Submarines also locked into IE6 and XP, Oh!
        (Coward I am, so also posting AC)

    • by gmuslera (3436)
      Maybe this [ariasprado.name] had something to do with it.
    • He's new in the job. It's possible he's naive enough to be serious about it.

    • by ais523 (1172701)
      I think it's a response to most of their existing proprietary attempts to do things having been trainwrecks. I guess the reasoning is that at least this way, the trainwrecks will be less expensive on average.
    • by Anonymous Coward

      I'd believe it's real. I work for Lloyds (40% owned by government) and we've been steadily replacing Windows with RHEL for some time. Maybe they saw it working for us and decided it was time they could do better.

    • by julian67 (1022593)

      Yes it's real. If you can get past the partisan political bloggers and established media who don't usually notice anything in IT related tech beyond Apple, Google, MS and Samsung press releases then you can discover that the Conservative party (the larger partner in the coalition administration) has some well informed and rational policies in these areas. We've had several decades of IT school level education being no more than training people to use proprietary software for clerical tasks, while the gov

    • by Anonymous Coward

      It turned out that some "independent expert" had to admit being paid by Microsoft. One thing I like about UK officials that their reaction to finding out they are getting screwed by the powers who pay is not bending over. British humor is renowned, but more impressive is when they are not amused.

    • anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

      ====
      I believe your conjecture is very wrong. With the cyberfraud, the keyloggers and all kinds of espionage, the governments will insist on using open source and in doing the final inspections and compiles. The security of the critical infrastructures, such as electrical grid, water, etc. is too important to not know what is in the code that is executing.

      Open Source does not necessarily mean free source.

      And with the proliferation of software due to Apple, Google (Android) and everyone else, document interc

    • by Shimbo (100005)

      anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

      It's mostly not about Microsoft. It's about trying not to roll everything up into one huge 'too bug to fail' IT project, and having a choice of the same few firms to contract out to. It's having something of value delivered even if the main contactor walks away halfway through the contract. Open source is one facet but it's as much about agile development as it is about FOSS.

      Having flicked through it, it's actual quite well written. Government moves slowly though, so be prepared for reversals. Actually, I t

  • by DigiShaman (671371) on Saturday March 16, 2013 @03:17PM (#43192247) Homepage

    As I know, programmers and Linux admins cost twice to three times as much as their Windows admin counterpart. However, OSS is free.

    Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value? On that front, which set of admins is likely to engage in such dishonest practices? Or is it a out the same for both sets of admins?

    And yes, there are many Windows/Linux admins that can do both with an indepth skillset and experience, but they command a premium salary as I know.

    • by DamonHD (794830) <d@hd.org> on Saturday March 16, 2013 @03:33PM (#43192313) Homepage

      Things have changed for the better for Windows I am quite sure, but back in the days when I was a UNIX sysadmin for a living you needed 10x as many Windows admins as UNIX admins for the same number of machines / user seats, so a simple salary ratio would be misleading!

      Rgds

      Damon

      • by Anonymous Coward

        It's a factor of 3, these days. The Active Directory admins hate it when they see me coming, because I wind up educating them in the newb errors they've made in DNS, DHCP configurations, and password management. The Exchange managers also hate it when they see me coming because I *warn* them about the spam problems coming down the pike and how they can avoid it, and have consistently reversed that web of spit and duct tape they call a network map and pointed out the single points of failure.

        They hate it wor

    • by mjwalshe (1680392)
      Unfortunately HMG tends to employ loads of pogramme managers and far to few people in house who actualy get stuff done
    • > Linux admins cost twice to three times as much as their Windows admin counterpart

      Where did you get this information? Please make sure you do an apples-to-apples comparison.

      For example: don't compare somebody who does admin for 5 servers to somebody who does admin for 2000 servers.

    • OSS is free

      Not necessarily; I write OSS for a living, but only a fraction is free.

      • by Immerman (2627577)

        By definition, if it's OSS your first customer can give it away for free and nobody need ever pay for it again. Therefore if your customers are paying for it it means one of three things:
        1) They're idiots, or locked in to an acquisition model that doesn't account for non-purchased assets.
        2) They believe in paying a fair price for a fair product, regardless of the legal necessity and effect on their bottom line. (don't we all wish)
        3) You actually provide worthwhile additional value for the price: Support, c

        • You forgot one thing: it's not possible to get the software for free if it doesn't exist yet ;) A big part of our business is development of new software.

          Besides, most of our costumers are not technologists, so the idea of going around setting up public source repositories is kind of foreign to them. We're significantly cheaper than the alternatives (mainly SAP), so they're happy to pay.

          That said, we do offer additional value: hosting, support, custom development and training.

        • by Nerdfest (867930)

          That's not the definition of open source software. Isn't that 'libre' software? Open source just means that you have the source. Personally, I'd prefer it if they mandated FOSS. Question though ... if MS made their products open source, could you maintain it yourself ... or would that be something that could be restricted by licence? The way I see it you could do anything you wanted with it within your own business. Anything else would be against copyright laws.

    • by lennier (44736)

      >Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value?

      I'm not an IT director but as a Windows sysadmin who uses Linux for preference at home, there's still a huge gap in manageability for Linux. Linux has taken out some very small, specific niches, mostly in the server and mobile device space. But there's simply no Linux equivalent of Active Directory and Group Policy (there's Open Directory, which OSX uses, but there's a whole missing layer of policy control on top of that which isn't there).

      I wish Windows had an equivalent of deb/rpm package management. MSI

      • by Bert64 (520050)

        Active directory is an absolute nightmare from a security perspective... Most of the supposed security related policies just amount to arbitrary restrictions on workstations which are implemented client side anyway (and thus trivial to bypass), and then you have design flaws like hash passing and storing the plaintext password in memory (google for mimikatz) which combined with typical setup practices make it laughably easy to compromise the average active directory setup from only a single insecure host.
        If

    • That might have been true due to the rarity but I expect that is actually Microsoft FUD. Job listings in the UK show that Linux sys admins aren't getting £60k over some Windows guy getting £30k. They're getting £30k too.
    • by Bert64 (520050)

      People who are competent at their job cost three times as much as people with very little skill or experience...

      Many people *claim* to have windows knowledge, but in reality they are terrible and often their "experience" is limited to using msoffice in school and reinstalling windows for friends who got malware infections.

      Much fewer people claim to have unix knowledge, largely because the class of people mentioned above aren't even aware that it exists. So most people claiming to have unix knowledge do actu

  • by menot (2583945) on Saturday March 16, 2013 @03:25PM (#43192285)
    "We're not dogmatic about this – we'll always use the best tool for the job".
    That's one of the most interesting points in the article. More people should think like that. In the end, software is just a tool.
    • by Anonymous Coward

      In the end, software is just a tool.

      This is both a tautology and besides the point. Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children. Detergent is just a tool, but maybe you should choose one that won't destroy the environment. Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

      • by Bert64 (520050)

        Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children.

        Or you'd buy them from a really expensive manufacturer who still employs children but works very hard to disguise the fact. Their production costs are likely the same or lower than the cheap manufacturer, they just make considerably more profit per sale.

        So which is worse?

        Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

        And you'd have thought this would be the most basic thing, one of the first rules of running is a business is not to get yourself in a position where the actions of any single supplier can exert any form of control over you. You should alwa

  • It's not enough (Score:5, Insightful)

    by Stormwatch (703920) <rodrigogirao@noSPaM.hotmail.com> on Saturday March 16, 2013 @03:37PM (#43192333) Homepage

    Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

    • by cobbaut (232092)

      Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

      Mod parent insightful.

    • by Anonymous Coward on Saturday March 16, 2013 @04:19PM (#43192609)

      Governments should be forbidden from using non-Free software.

      Here's another reason which underlines your point:

      - A government has no mandate to entrust the country's data to a corporation nor to allow it to leak. It is therefore simply not permissible to allow that data to be processed by closed source software which by definition cannot be trusted.

      The above should be self-evident, but in case it's not, objectors would do well to ponder the acknowledged backdoors in Skype and in a variety of Chinese routers. With open source, this cannot easily happen.

    • Re:It's not enough (Score:5, Insightful)

      by whoever57 (658626) on Saturday March 16, 2013 @04:20PM (#43192615) Journal

      Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

      No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

      Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

      • Re: (Score:3, Insightful)

        by maxwell demon (590494)

        Another requirement should be that the supplier allows the government to inspect the source code in order to make sure there are no backdoors in the code. With Open Source, this is automatic; for Closed Source solutions, it would be an additional requirement in the contract.

        • I'm not sure even this is enough. Surely the only way you can be sure the source code you are inspecting belongs to the binary is to compile it yourself.
      • by Anonymous Coward

        No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

        That's not nearly good enough, not by a mile.

        Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

        A company has the luxury to risk its data to closed-source software if it wants to

        • by dkf (304284)

          Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

          As a very large customer, a government can ask to see the source code of the software they use for the purpose of a security audit. For commercial software, this would be under some kind of NDA (though it wouldn't be a very strict one; governments don't and shouldn't compete with software companies!) but it would be entirely enough to allow checking for risks. This could well be made a condition of awarding the contract, announced at the time that the process for bidding was started, so it would be just par

      • by tlhIngan (30335)

        Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

        No, that's insufficient.

        Make the penalty forced open-source, under a modified BSD license that includes patent licensing. Because you canno

    • Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

      If it's the data in question, then it's irrelevant whether the software is free or not. It only requires that the data be in some open standard format.

  • by walterbyrd (182728) on Saturday March 16, 2013 @04:21PM (#43192621)

    And by that I mean actually open, not OOXML.

    • Re: (Score:2, Interesting)

      by BasilBrush (643681)

      In fact it's probably a good idea if open formats are designed in the public sector. Either by quangos or by universities. Commercially standards by industry bodies are too easily bought.

      • by Dr_Barnowl (709838) on Saturday March 16, 2013 @06:48PM (#43193477)

        I have to disagree. Most of the formats I see developed this way end up horrible messes because they hire a whole bunch of consultants to do the work.

        The difficulty with that is that contractors are paid by the hour, so you don't get

        * Re-use of other standards where appropriate

        I've seen people reinvent the wheel so many times it's not true. This is true from simple little things like time values in XML (xsd:time sensibly uses ISO8601, this lot made up their own format, with ensuing hilarity when implementers think that their standard XML tool kit date / time types will produce valid documents), diagram formats (they just copied another standard verbatim into their documents rather than saying - "Hey, lets use this standard and say so"), and document formats (they didn't like the ability of XHTML to have script tags in it, so they copied THAT as well).

        * Simplicity

        Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

        * Implementations

        Implementations are essential for the development of standards. If you don't implement them, you don't get any kind of feel for the actual needs of the problem domain and how well your design is solving them. Alas, standards developed by publicly funded committee in my experience don't bother with this, and typically don't include any actual software engineers to tell them what problems they might be causing for implementers down the line.

        Things like pretending an identifier is an integer when all the handling means you have to treat it like a string (it consists of four separate fields, one of them optional, but as a stream of digits and not bytes). Or taking a set of metadata that you have to understand to read the data, and .. embedding that data inside the data itself. Or creating an abstract data type with a contract and then insisting that people store it without thinking about it's concrete requirements.

        Formats thought up by corporations at least have the benefit of their creators not wanting to spend as much time as possible debating the finer points of the thing. They want something that works, but as evidenced by MOO-XML, practicality often means they end up with a real mess as well - but at least it's a real mess, and not just a theoretical mess.

        I think "Open" is more important than "Standard". "Standard" gives the appearance of authority, but "Open" means you have a chance of things being useful.

        MOO-XML is a horrifying mess. Not even MS Office implements it. It's a "standard", having been ratified by ISO, but nothing about it's development was "open".

        FreeMind is a small java mind-map program. FreeMind format isn't a "standard", but it is "open". And it is useful - useful enough that most of the other mind-map programs will import it. You can open the files up in a text editor, or feed them through XSLT, or consume them with a program and do interesting things with them. And if you want a feature implemented in it, you can patch the sources, and even feed the patch back upstream.

        I think collaboration on trying to solve a problem benefits from some actual problem solving, rather than just talking about what the problem might be and how it might be solved if so.

        • by Bert64 (520050)

          Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

          So don't hire by the hour, hire an organisation to design something for a fixed set of requirements for a fixed price. If they make it overly complex and waste their time then that's their problem. If they make it simply and save time then they make more from the deal, obviously the requirements need to be strict enough to prevent them producing something lacklustre.

        • I have to disagree. Most of the formats I see developed this way end up horrible messes because they hire a whole bunch of consultants to do the work.

          Then that is outsourcing to the private sector. Which is the opposite of what I'm suggesting. I'm suggesting standards created by employees of public sector organisations.

          We have of course seen plenty of good open standards created by universities and publicly funded scientists. Much of the internet is built on it.

          TCP/IP - DARPA.
          HTML - CERN.
          SMTP, DNS and lots of other Internet standards = University of South California etc.

          And yes, it has to be "standards" and not just "open" to be suitable for use by the p

  • I work at a place that has a similar policy. Doesn't stop us from using way to many proprietary solutions that are actually worse than the Open Source solution. A lot of that is down to OS religion and people not actually understanding what Open Source is. We have managers (and directors) that believe the software needs to be a shrink wrapped solution from a proprietary vendor like Microsoft to be a decent solution and to be able to get 'Enterprise' level support. Many don't realise that just because you ca

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...