I am fully in support of such initiative. So I am interested to hear what the possible downsides are? Please share your opinions on the matter as I can only see upsides to this.
I suspect many stakeholders would not like their dirty laundry aired so publicly, which is an obvious good outcome for most people but not the heads of departments and large consulting companies that get big contracts.
I am in support of it too, ultimately, but after working on federal government software projects, it is a very huge uphill battle.
Consider this: your trying to build a grants management system for Defense contractors in Afghanistan. You want to make sure that public money is not going to terrorists sanctioned by the US government. There is a forensic accounting software platform widely used by firms that audit the banking industry,but it is closed source and sold to firms commercially. Should the government spend money on making new software or license the existing software that works extremely well? Should the configuration for what the government creates on that software be open to the public, and open to competitors to imitate? Should they demand that the source code is released? Also what about national security?
Would AWS release all their source code to retain their largest customer, the US government?
I agree that the amount of closed source software used in government projects is staggering and a legitimate barrier to government IT working properly. But the broken process that governments spend money is a bureaucratic nightmare. I am not sure their would be technical downsides, but absolutely their are political ones.
The only thing that I could imagine being an actual downside is the retention of confidential information in the interest of national security or public trust. That is a political minefield already, and open source code can help with security, so I don't even think that is the largest hurdle.
Seems like in your example they should make or buy as they see best fit, but if they make they should make it public. If it could conceivably be a military secret then I expect it would be exempt.
I don't see anything about copyleft style policies here which you seem to be referencing heavily, where are you getting that from?
But that is how the government operates - what is the point of requiring the government to have all the software they develop be open source when they are contracting out all software development to contractors that develop on proprietary platforms? It's not like the government is hiring software engineers in a meaningful capacity, at least not the US government.
I don't know what to tell you (tried and failed to get a number for programmers employed by the USG, its enough that they have a reputation for not paying as well as private sector), but it sounds like you made up a requirement and got mad about it?
I'm not mad. But if your goal is to open source code and software developed with taxpayer money, its not as straightforward as this initiative makes it out to be.
They could sue, they could drop them as a client and not bid, they could offer reduced services like they already do with gov cloud, there are a lot of ways this could play out. Apple has shown that private corporations aren't ready to blindly comply with the US government if it doest suit their business interests.
The downside is public shame. Governmrnt code is no worse than private code and is usually of very low quality and hints at tought organisational problems and outright fraud.
I’ve been employed as a software developer for my state for almost 2 decades and just wonder what software should be included. I would guess 75% of what I develop is internal services and intranet garbage. The rest is one off tools full of garbage code and hardcoded credentials.
Should other divisions that are also publicly funded also have their work available to the public? Perhaps HR should have a GitHub repo for all of their communications?
It takes more effort to make internal code FOSS (i.e. upstreaming changes, protecting internal parts, etc.) - and often very few other people use it or contribute back anyway.
I think it'd make more sense as part of a unified effort - like all EU countries agreeing to provide one digital ID service. But that itself is a much bigger issue due to differing levels of digital services, bureaucracy, etc.
I still support it though, and donate to FSF Europe every year with my company donation.
For the common folk, there's no downside. For the people in power, more transparency means fewer avenues to exercise control, fewer places to hide activity.
There will be ignorant arguments against this due to cyber security concerns, enemy nations benefiting from the code, the copyrights of the people/companies who are being paid to write the code, etc., etc.
There are a lot of good reasons to do this, even if it's just better interop between different branches of the government, all cool.
However, you then realize that the military is funded by public money. I'd wager you don't want fighter jet or missile guidance software to be open source.
To communicate it and receive your commentary it had to be clear and simple. Of course there are caveats, and these are the kind of thing that makes law difficult and complex despite the overall objective being clear and straightforward.
They are still technically difficult to build, and making explosives is the easy part. If someone had wanted to explode you badly enough, they'd have done it without self guiding missile already.
That it be licensed with an open source license, yet folk are acting like they've never heard of security clearances, or that the license will somehow supercede all of our other laws regarding document security.
Then again I wouldn't be surprised if the same voices on hearing freedom of information being proposed to raise similar "but military secrets" objections that were completely divorced from reality.
Probably because the campaign this post links to puts forward a completely un-nuanced argument, and even trivialises or brushes over most of the reasonable criticism you could make about the case it’s putting forward.
I don’t know why so many activists fail to understand this. If you have a cause that you think is important, putting forward a shitty argument for it isn’t going to help in the long run.
If you’re trying to promote an idea that the public is largely disinterested in, then putting forward a strawman argument for it yourself is only going to empower its detractors.
I'm sure that demise has nothing to do with the change from unions literally fighting armed strike breakers on the streets to unions being heavily regulated bureaucratic entities that are on first name terms with the corporate owners that used to hire the armed strike breakers.
By legalizing narrow avenues for union conduct, we have also heavily disincentivized any behavior outside those avenues. The "fat cat" union reps that live off your dues without contributing anything meaningful to your rights are ultimately an intentional creation of this de-radicalization. Incidentally the Red Scare helped quite a bit by making unions scared of seeming "too leftist" when the existence of unions itself is born out of a leftist understanding of class conflict (not "class" as in how much money you have but "class" as in whether you have to work for a living or people pay you for what you already own).
It isnt a shitty argument - do you think that a permissive license supersedes security clearances?
I find it powerfully frustrating to see these sort of reactions where people act like the very first thing they can think of that might require nuance is this fatal flaw, or that even a robust critique represents some death blow. Critical feedback improves projects so it is bewildering to me to see people treat it as the last word.
This project isn’t in need of critical feedback. The fatal problems with the proposition they’ve put forward are plainly obvious. They’ve simply chosen to try and ignore them.
I also support making publicly funded code open source. But campaigning for all government licensed code to be made open source by legislation, especially with no indication of what reasonable limits you think that should include, is a fundamentally stupid idea. Microsoft isn’t going to open source windows to retain government licenses, and government orgs aren’t going to stop using windows. This position puts this project in the camp of ideological extremists who are simply disconnected from reality. Including scaremongering about the security of proprietary software is also an incredibly weak and unnecessary inclusion here.
If this campaign were to gain some traction with the public, the only thing it would achieve is attaching supporters of a more reasonable version of this idea, with a stupid and trivially easy to dismiss argument to support it.
The entire video on the front page advocates for public organisations to only use software that is open source.
> Mostly our administrations procure proprietary software, this means a lot of money goes into licenses that last for a limited amount of time, and restrict our rights. We aren’t allow to use our infrastructure in a reasonable way, and because the source code of proprietary software is usually a business secret, finding security holes, or deliberately installed back doors, is extremely difficult and even illegal. But our public administrations can do better, if all publicly financed software were to be free and open source, we could use and share our infrastructure for anything, and for as long as we wanted.
It seems like you missed how stupid this proposal is. Perhaps you simply assumed that it aligned with your own, less stupid, preconceived version of this idea? In which case you should consider that this campaign is clearly targeting people who are unfamiliar with the entire concept of open source software, in order to properly gauge how harmful it could be.
Missile guidance software isn't generally produced by public agencies, right? It's produced by private companies and licensed to the government. The same way Microsoft Windows is.
If it is actually produced by the federal government, it can’t be open source because it is already public domain.
“Public money, public code” either refers, in the US, exclusively to state governments, or it applies to software developed under government contracts (and possibly other software purchased by government), not just software developed by the government itself.
I did my research and the public domain mandate for federal works apparently doesn't apply to the states. Some states actually enforce their copyrights and have whole licensing systems for state government-produced works.
Isn't this a whole 1st Amendment violation? The law is intended for private parties and the 1st is incorporated to the states since a very long time. Has anyone sued over this?
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Where is the connection to requiring anything to be put in the public domain?
By enforcing copyright law, states restrict the freedom of speech of their citizens by prohibiting/going after certain kinds of expression (someone relying the state government's own speech is in itself speech)
In order to not be unconstitutional, therefore, copyright law should be interpreted as not protecting state works.
Correct, but the 1st is stronger. This is why fair use even exists. In order to coexist with the first amendment, the copyright clause must allow some wiggle room for freedom of expression and balancing the rightsholder's interests with society's.
Since these "safety valves" exist even for enforcement of the copyrights of private parties, a state government's enforcement would be even more, if not entirely thwarted by the free speech clause.
The Copyright Clause is explicit about the authority of Congress to grant exclusivity. You're not going to get anywhere with an argument that it contravenes the First Amendment. They were ratified almost simultaneously.
We could still have “Public money, public code” by having the government leasing planes from private companies, so the government would just be operating a service provided by the private sector, and wouldn’t be entitled to get the code delivered to us.
So if I am closed source SaaS solution and government pays monthly fee - my code should be public domain as well?
I don’t see this working other way than government spending money rebuilding each SaaS solution on their own. Then spending more running and operating it all from ground up.
Which would be very costly and no one would like to pay for it with their taxes.
> I'd wager you don't want fighter jet or missile guidance software to be open source.
Why not? I can think of some reasons but they mostly devolve to security by obscurity and a whole lot of assumptions to even get there. The actors who want to know are already in the know. At least open sourcing the rest would be a compelling lever to avoid accidentally escalating conflicts.
Signatures are carefully protected and used for targeting.
If you disclose everything about how a targeting system or sensor system operates, it becomes easier to defeat.
But I think there’s a happy medium where the framework and general missile/sensor code is disclosed — but truly critical information like the sonar signature of enemy submarines is protected.
That kind of nuance seems implicit, and isn't something that needs to be mentioned in a campaign to get the basic idea across. Remember that this is aimed to people are not really familiar with these sort of ideas at all.
Great, now use that clearly specialized use case to drive public policy for every single common use case. There is such a thing as bad faith arguments. By default everything public paid should be open sourced, if there are cases exception is needed like military then exceptions can be made on application basis.
> The idea is way too simplistic and lacks nuance.
and you wrote
> There is such a thing as bad faith arguments.
Why is it a bad faith argument? GP clearly admitted that no straight forward solution that treats every case the same is going to be good. That is the same you argued for.
Because pointing out that a slogan is simple and in-nuanced is unhelpful, and in bad faith. They're supposed to be simple. Slogans in a democracy are calls to action towards a general idea, and the more complicated they are the less people they can rally. Obviously the nuance will come when lawmakers actually put the thing into writing.
Yes there is nuance, but public policy is not defined by the extreme. In the vast majority of digital-services-for-public it _should_ be public code as well. The areas where nuance exists can be discussed further. The extreme doesn't define the rule.
The video says that it's accurate that every night proprietary software is stealing citizen's healthcare data and that the solution is for the government to locate all of the software it needs from scratch and open source it. Why stop at rebuilding all software from scratch? You will also want to rebuild computers from scratch, light bulbs from scratch, etc. The government doesn't need to invent everything from scratch. It can be cheaper and more effective them to buy goods and services from public companies.
The website has another message that publically funded software should be open source, but that's not always possible. The government may not have the rights to even do so if they outsourced some of the development. The software is often niche and would not benefit others. In fact it can be a security risk because attackers can look for security vulnerabilities or weaknesses in systems. Attackers have a much bigger insensitive to look for security problems than security researchers because there won't be a bug bounty, it isn't software they personally use, and it could be some rare piece of software no one knows or cares about. If most talented developers are working at private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices. If attackers know the supply chain of the software they can attack it. If these are open source in the sense they take contributions attackers can contribute vulnerabilities. Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
>Tax savings
>Similar applications don't have to be programmed from scratch every time
Buying existing software means you don't have to program it from scratch. Sharing projects with other agencies doesn't require open source.
>Collaboration
>Major projects can share expertise and costs.
This doesn't require open source either. The government if they didn't have an income stream from leaching off it's population would be incentivized to figure this out.
>Serving the public
>Applications paid by the public should be available for everyone.
Most of the software will be useless to the public.
>Fostering innovation
>With transparent processes, others don't have to reinvent the wheel.
This is just the collaboration point. The government isn't innovative in the software field.
> If most talented developers are working private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices.
This is a fallacious logic.
> Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
Not if there is an established standard and practice of writing code in an open source way.
> > Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
> Not if there is an established standard and practice of writing code in an open source way.
I've worked on closed source corporate software most of my career and then primarily corporate-sponsored open source in the last two years. In my own limited experience, it is strictly less work to have closed-source software. There's less concern / hesitations / hand-wringing over mover quickly when you have the illusion of privacy, and relatedly having a requirement that (almost) everything (eventually) becomes public only adds steps. Certain things always have to happen privately (examples include: internal discussions that include organizationally privileged information, certain CVE handling steps, fully secured builds with proper corporate attestations, and internal project-tracking) so you wind up with a private set of systems to maintain as well as the public ones.
Maybe there's some orgs out there that "do it right" in terms of having OSS projects not add overhead, but I doubt it's possible in orgs with as much need for privacy and security as most fortune 1k co.s and governments.
> Maybe there's some orgs out there that "do it right" in terms of having OSS projects not add overhead, but I doubt it's possible in orgs with as much need for privacy and security as most fortune 1k co.s and governments.
To the contrary, governmemt is where the need for transparency should be at its highest. Putting "efficiency" or "speed" above transparency about the inner workings of publicly-funded and publicly-made (by government employees) software is insane.
There should not be any expectation of privacy for government employees in the field of records and information.
The vast majority of code written the for Australian government is, and I think will remain, closed, though there's certainly support for contributing to or publishing open source. But the reality is, most government software isn't particularly interesting, and what is would most likely not be approved to be open sourced.
There are already processes in place to make code developed from tax payer funded R&D available to American companies with a licensing agreement. To protect my anonymity I cannot elaborate more.
I don't understand the argument. Municipalities / counties have many common software needs. If they collaborated on open source software we would likely get higher quality services at lower cost, what's bad about that?
Is them cooperating on open source software a realistic outcome?
Or will there be many small, unmaintainable, slightly different, open projects?
Why are they not already collaborating on closed source software?
Looking at the mess of customizations asked for software by companies doing the same thing, I can't imagine it would be different for counties/municipalities.
(edit: Please don't misunderstand, I am not against publicly funded open source, I am just not sure if all the arguments for it hold up that well)
They are currently using closed sourced software, because it was sold to them, on god knows what terms, and how many people paid off. As with many other things in life, it's not about the thing itself, but about the people involved.
If they collaborated today that would mean a lot of active coordination required.
And only municipalities in the collaboration can benefit. If they just open sourced what they have this collaboration could grow more organically.
Of course large scale software collaboration isn't impossible without open source. But my impression is that it greatly simplifies it.
Besides, if the software is open source, other non public actors can also benefit from it.
Sharing America's Code
Unlock the tremendous potential of the Federal Government’s software.
Code.gov is the federal government's platform for sharing America's open source software. Our mission is to help agency partners and developers save money and increase quality by promoting code reuse and educating and connecting the open source community.
> In 2016, then-President Barack Obama’s Federal Source Code Policy pushed agencies to use open source software. Among other things, the policy included a pilot program requiring agencies to publish 20 percent of code written by the government.
> The U.S. Department of Defense (DoD) faces unique challenges in open sourcing its code. Unlike most software projects, code written by U.S. Federal government employees typically does not have copyright protections under U.S. and some international laws. This can make it difficult to attach an open source license to our code. The Defense Digital Service (DDS) has been working with DoD and the open source community since early 2017 to develop a guideline for supporting open source software (OSS) within the Department.
> This page is an educational resource for government employees and government contractors to understand the policies and legal issues relating to the use of open source software (OSS) in the United States Department of Defense (DoD).
David Wheeler (now at Linux Foundation working on software supply chain security via OpenSSF), "Open-Source and the Department of Defense" (2009), https://dwheeler.com/essays/dod-oss.pdf
DoD memo “Clarifying Guidance Regarding OSS” (Oct 16, 2009)
OSS is commercial, commercial must be preferred
DoD must develop/update capabilities faster; OSS advantages
Source code is “data” per DODD 8320.02; must share in DoD
DoD-developed software should be released to the public under certain conditions
This is one of the best initiatives to promote open source. We should all support it as much as possible - particularly if working in IT. If you are: Keep in mind you are making the decisions & you can decide for better options than Google & Microsoft!
this has always puzzled me. Companies gets millions from the taxpayers to certain projects to develop their (something)
Then another company get another million to develop same or similiar thing.
Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
and the worst:
taxpayers' 99% funded organizations for example for traveling or some other area make the same sh*t as another orgs already did 3 times, yet they do not share any of the information.
Because that would be bad for society. It's important that money moves around as much as possible--every time it does, value is created. Think of it like the water cycle. By increasing the output of the sun (enacting laws to keep publicly-funded code private), we cause lots more money to evaporate from the taxpayer oceans (by solving the same problem repeatedly), and that in turn creates lots more fiscalonimbus clouds in the upper ten percentosphere (where you can find, e.g., large consulting businesses and shareholders). Before long, all that evaporated money (it's actually stock now, the most interesting property of which is that its value expands and contracts to fit whatever everyone thinks it should be worth) will start to precipitate when it's liquidated again, see? From there it rains on unspecified economic mountains and valleys, and eventually trickles back down into the ocean again.
You might point out that increasing the output of the sun in the real world actually result in a scorched, uninhabitable earth, and that also that's not how any of this works but hey, no analogy is perfect. And this one is plenty good enough to convince voters.
But the issue here is that taxpayer's money is never sufficient. If not used on software projects it could always be used to speed up public infrastructure building, increase salaries in important public jobs like healthcare or teaching, or any one of a billion things that would be far less wasteful and still put that money back into the economy.
I kinda hoped that by the time people got as far as "fiscalonimbus" they would have caught on that this is a send up of economic conversations in internet comment threads.
> Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
Probably depends on the development in question, but in general the ability to resell something to someone else changes the calculations for contract work. If you want me to develop something and then own it is not the same deal as me developing something that I get to sell to someone else, too.
Some might also consider it undermining their own industry. Instead of building up software companies, it is essentially the government building a huge software department.
It also depends on the nature of the software. Administrative software can usually be exported without issue because it doesn't threaten the administrative service. But certain technology is a strategic investment to create a domestic industry that can self-fund expensive R&D, so you may need a moat if it's inexpensive to copy the result.
The largest branch of the Norwegian government, Labor and Welfare Administration (NAV), have adopted this this policy since 2018 and now we have over 2000 public repositories on https://github.com/navikt and https://github.com/nais (last one is our platform organization)
I read uninteresting as not very very useful for an external party in general. It was likely developed for an organization's fairly unique needs, is probably not very well documented, and there's no community in the sense that most genuinely useful open source projects have. Dumping a big one-off repo of code is fine but probably no one's going to put the work into seeing if this project that was never intended to be general-purpose is worth trying to adapt for something else.
Exactly this. It's like our websites and some other tools for our particular needs. We have, on rare occasion, gotten PRs from earnest supporters but they have no idea what our product needs are and we can't just merge in stuff that nobody asked for and hasn't been tested.
Whether you want all data the government has to be public depends heavily on whether you want private security forces to have all the same power as a police force.
I’ve heard those exact words from a government developer in Berlin and it felt really good to hear. Imagine making pull requests to improve government services! Some people would gladly do it.
Why bother when KGB hackers can already find a dozen of vulnerabilities just by looking sideways at a closed source project built by the most well-meaning team?
that's true, but, to be fair, it might be easier to order an anti-hacker CIA background check for a contracted company of 100+ employees, than for a 10,000 pseudo-anonymous github users.
Yeah, but how often do you perfom that check? In the end it is all about the code and whether it can be checked.
And I have to say my personal confidence in the quality of governmental code is higher if it is open source than if it wasn't — because I know some pretty paranoid people who would for sure check that could better than any contractor ever would.
Valid risk [0], but that shouldn't keep the gov from making the code public. Open source / free software has its unique challenges, but it's a more fair model to people, and also it doesn't have challenges that arise from the code being "secret".
alphagov is GOV.UK and shared services which are part of the "Government as a Platform" service line. Things like GOV.UK Notify (Twilio), GOV.UK Design System (Bootstrap), GOV.UK Service Manual (Ops manual), GOV.UK PaaS (Heroku, now defunct), and so on.
Every major UK government department has their own GitHub orgs:
The Labor and Welfare Administration (NAV) of the Norwegian government is doing exactly that, we have been opening up our code since 2018 and are accepting pull requests across our 2000 public repositories from those who want to improve government services https://github.com/navikt this has also enabled a much more close collaboration between new and existing partners that was previously unheard of!
I think the main reason why this is not done actively in Germany, is missing people with expertise. Lots of old guys from the pre-internet era taking care of the technical systems. Unfortunately, the gov is not doing much to make at least official positions attractive to young programmers. And of course, if it's done by a contractor, they do not wat to share any code with the public.
This might be because the government is a really unattractive employer both in terms of culture and remuneration.
However I have met some truly brilliant people working for the city of Berlin. They're just limited by red tape and diffusion of responsibilities, not to mention the amount of work that needs doing.
Opening the code up to pull requests could give the city IT a free boost from motivated citizens, I think.
This website should start with an explanation of what free software is. Yes there's a link, most people won't click on it and assume that it means "free as in beer".
Public money, public open source and lean code. Don't forget "open source" is not enough anymore, and "open source" can be private between a coder and its users, not public (that's why it is fine with defense related work).
I don't want public information systems to be dependent on open source bloat and kludge.
I wish my home country current mindset wasn't that just suggesting that certain government code should be published as open source will paint you as a far right conspiracionist who doubts and attacks democracy. Yeah it's Brazil.
I remember a long decade spanning thread about the Brazilian government trying to shoehorn their super ca root into Mozilla cert database. Lots of arguments like "we audit ourselves and cherry pick a very strict number of academics to see our code and security methodologies".
I am in favour of the principle and certainly wouldn't oppose such legislation. However I think it's worth being aware that publishing and licensing the code only gets you an open-source project in the most narrow sense.
To actually get meaningful benefit from it you need to design it with multiple use-cases and deployment models in mind, document it, and build a community around it.
If you have a bunch of publicly-funded teams that are desperate to do that work but held back by rules saying their code has to be private then forcing it public is a huge win.
But actually I think most such teams are just trying to get their project off the ground or keep it alive. If you make them publish the code they'll do so and then carry on developing an undocumented system that solves their exact usecase and none other, and is tightly coupled to their particular production environment.
I think to really get open-source happening successfully you actually need to foster a culture that values and incentivises the extra work it entails.
Nonetheless, this would be a great first step. So bravo!
How about Public Money, Public Data? For instance, there’s a whole industry around finding public legal information about companies. State’s websites offer throttled database access, some offer data for free, but most selling it for dozens of thousands of dollars (officially)
There should be a fee, but a fee equal to how much storage and access cost, so a very small one.
If you put no fee, some big actors will create non optimize crawlers and call the service in a loop, wasting your tax money.
A small fee means people will take care of only get exactly the data they need, cache what they need to cache, and refresh only if they really need to, and what they really need to.
In Sweden most government data is public which includes individuals tax records.
That generates things such as news articles "The 50 people in your area that had the highest income last year" with home address and everything and that you can look up income instantly on the web.
Some level of privacy for this would be nice to have.
155 comments
[ 6.9 ms ] story [ 225 ms ] threadConsider this: your trying to build a grants management system for Defense contractors in Afghanistan. You want to make sure that public money is not going to terrorists sanctioned by the US government. There is a forensic accounting software platform widely used by firms that audit the banking industry,but it is closed source and sold to firms commercially. Should the government spend money on making new software or license the existing software that works extremely well? Should the configuration for what the government creates on that software be open to the public, and open to competitors to imitate? Should they demand that the source code is released? Also what about national security?
Would AWS release all their source code to retain their largest customer, the US government?
I agree that the amount of closed source software used in government projects is staggering and a legitimate barrier to government IT working properly. But the broken process that governments spend money is a bureaucratic nightmare. I am not sure their would be technical downsides, but absolutely their are political ones.
The only thing that I could imagine being an actual downside is the retention of confidential information in the interest of national security or public trust. That is a political minefield already, and open source code can help with security, so I don't even think that is the largest hurdle.
I don't see anything about copyleft style policies here which you seem to be referencing heavily, where are you getting that from?
Yes. Companies would comply with whatever requirement to have the US government as a customer.
Completely different situation.
Should other divisions that are also publicly funded also have their work available to the public? Perhaps HR should have a GitHub repo for all of their communications?
I think it'd make more sense as part of a unified effort - like all EU countries agreeing to provide one digital ID service. But that itself is a much bigger issue due to differing levels of digital services, bureaucracy, etc.
I still support it though, and donate to FSF Europe every year with my company donation.
However, you then realize that the military is funded by public money. I'd wager you don't want fighter jet or missile guidance software to be open source.
The idea is way too simplistic and lacks nuance.
I'd be OK with that.
Then again I wouldn't be surprised if the same voices on hearing freedom of information being proposed to raise similar "but military secrets" objections that were completely divorced from reality.
I don’t know why so many activists fail to understand this. If you have a cause that you think is important, putting forward a shitty argument for it isn’t going to help in the long run.
Governments routinely propose policies that are clearly “too far” and then “compromise” to their actual goals — eg, restrictions on civil rights.
Why wouldn’t the same tactic work for activists?
By legalizing narrow avenues for union conduct, we have also heavily disincentivized any behavior outside those avenues. The "fat cat" union reps that live off your dues without contributing anything meaningful to your rights are ultimately an intentional creation of this de-radicalization. Incidentally the Red Scare helped quite a bit by making unions scared of seeming "too leftist" when the existence of unions itself is born out of a leftist understanding of class conflict (not "class" as in how much money you have but "class" as in whether you have to work for a living or people pay you for what you already own).
I find it powerfully frustrating to see these sort of reactions where people act like the very first thing they can think of that might require nuance is this fatal flaw, or that even a robust critique represents some death blow. Critical feedback improves projects so it is bewildering to me to see people treat it as the last word.
I also support making publicly funded code open source. But campaigning for all government licensed code to be made open source by legislation, especially with no indication of what reasonable limits you think that should include, is a fundamentally stupid idea. Microsoft isn’t going to open source windows to retain government licenses, and government orgs aren’t going to stop using windows. This position puts this project in the camp of ideological extremists who are simply disconnected from reality. Including scaremongering about the security of proprietary software is also an incredibly weak and unnecessary inclusion here.
If this campaign were to gain some traction with the public, the only thing it would achieve is attaching supporters of a more reasonable version of this idea, with a stupid and trivially easy to dismiss argument to support it.
> Mostly our administrations procure proprietary software, this means a lot of money goes into licenses that last for a limited amount of time, and restrict our rights. We aren’t allow to use our infrastructure in a reasonable way, and because the source code of proprietary software is usually a business secret, finding security holes, or deliberately installed back doors, is extremely difficult and even illegal. But our public administrations can do better, if all publicly financed software were to be free and open source, we could use and share our infrastructure for anything, and for as long as we wanted.
It seems like you missed how stupid this proposal is. Perhaps you simply assumed that it aligned with your own, less stupid, preconceived version of this idea? In which case you should consider that this campaign is clearly targeting people who are unfamiliar with the entire concept of open source software, in order to properly gauge how harmful it could be.
https://fsfe.org/activities/publiccode/brochure.en.html
“Public money, public code” either refers, in the US, exclusively to state governments, or it applies to software developed under government contracts (and possibly other software purchased by government), not just software developed by the government itself.
Isn't this a whole 1st Amendment violation? The law is intended for private parties and the 1st is incorporated to the states since a very long time. Has anyone sued over this?
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Where is the connection to requiring anything to be put in the public domain?
In order to not be unconstitutional, therefore, copyright law should be interpreted as not protecting state works.
Since these "safety valves" exist even for enforcement of the copyrights of private parties, a state government's enforcement would be even more, if not entirely thwarted by the free speech clause.
I don’t see this working other way than government spending money rebuilding each SaaS solution on their own. Then spending more running and operating it all from ground up.
Which would be very costly and no one would like to pay for it with their taxes.
Why not? I can think of some reasons but they mostly devolve to security by obscurity and a whole lot of assumptions to even get there. The actors who want to know are already in the know. At least open sourcing the rest would be a compelling lever to avoid accidentally escalating conflicts.
If you disclose everything about how a targeting system or sensor system operates, it becomes easier to defeat.
But I think there’s a happy medium where the framework and general missile/sensor code is disclosed — but truly critical information like the sonar signature of enemy submarines is protected.
Your comment makes little sense.
> The idea is way too simplistic and lacks nuance.
and you wrote
> There is such a thing as bad faith arguments.
Why is it a bad faith argument? GP clearly admitted that no straight forward solution that treats every case the same is going to be good. That is the same you argued for.
If I can't exercise my 2nd amendment right to open source cruise missiles, am I really free? (fnord)
The website has another message that publically funded software should be open source, but that's not always possible. The government may not have the rights to even do so if they outsourced some of the development. The software is often niche and would not benefit others. In fact it can be a security risk because attackers can look for security vulnerabilities or weaknesses in systems. Attackers have a much bigger insensitive to look for security problems than security researchers because there won't be a bug bounty, it isn't software they personally use, and it could be some rare piece of software no one knows or cares about. If most talented developers are working at private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices. If attackers know the supply chain of the software they can attack it. If these are open source in the sense they take contributions attackers can contribute vulnerabilities. Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
>Tax savings
>Similar applications don't have to be programmed from scratch every time
Buying existing software means you don't have to program it from scratch. Sharing projects with other agencies doesn't require open source.
>Collaboration
>Major projects can share expertise and costs.
This doesn't require open source either. The government if they didn't have an income stream from leaching off it's population would be incentivized to figure this out.
>Serving the public
>Applications paid by the public should be available for everyone.
Most of the software will be useless to the public.
>Fostering innovation
>With transparent processes, others don't have to reinvent the wheel.
This is just the collaboration point. The government isn't innovative in the software field.
This is a fallacious logic.
> Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
Not if there is an established standard and practice of writing code in an open source way.
> Not if there is an established standard and practice of writing code in an open source way.
I've worked on closed source corporate software most of my career and then primarily corporate-sponsored open source in the last two years. In my own limited experience, it is strictly less work to have closed-source software. There's less concern / hesitations / hand-wringing over mover quickly when you have the illusion of privacy, and relatedly having a requirement that (almost) everything (eventually) becomes public only adds steps. Certain things always have to happen privately (examples include: internal discussions that include organizationally privileged information, certain CVE handling steps, fully secured builds with proper corporate attestations, and internal project-tracking) so you wind up with a private set of systems to maintain as well as the public ones.
Maybe there's some orgs out there that "do it right" in terms of having OSS projects not add overhead, but I doubt it's possible in orgs with as much need for privacy and security as most fortune 1k co.s and governments.
To the contrary, governmemt is where the need for transparency should be at its highest. Putting "efficiency" or "speed" above transparency about the inner workings of publicly-funded and publicly-made (by government employees) software is insane.
There should not be any expectation of privacy for government employees in the field of records and information.
https://www.gov.uk/service-manual/technology/making-source-c...
https://www.dta.gov.au/help-and-advice/digital-service-stand...
Labor has value and needs rewarding, not just capital.
Looking at the mess of customizations asked for software by companies doing the same thing, I can't imagine it would be different for counties/municipalities.
(edit: Please don't misunderstand, I am not against publicly funded open source, I am just not sure if all the arguments for it hold up that well)
Of course large scale software collaboration isn't impossible without open source. But my impression is that it greatly simplifies it.
Besides, if the software is open source, other non public actors can also benefit from it.
> In 2016, then-President Barack Obama’s Federal Source Code Policy pushed agencies to use open source software. Among other things, the policy included a pilot program requiring agencies to publish 20 percent of code written by the government.
https://code.mil/
> The U.S. Department of Defense (DoD) faces unique challenges in open sourcing its code. Unlike most software projects, code written by U.S. Federal government employees typically does not have copyright protections under U.S. and some international laws. This can make it difficult to attach an open source license to our code. The Defense Digital Service (DDS) has been working with DoD and the open source community since early 2017 to develop a guideline for supporting open source software (OSS) within the Department.
U.S. DoD Open-Source Software FAQ (2021), https://dodcio.defense.gov/Open-Source-Software-FAQ/
> This page is an educational resource for government employees and government contractors to understand the policies and legal issues relating to the use of open source software (OSS) in the United States Department of Defense (DoD).
David Wheeler (now at Linux Foundation working on software supply chain security via OpenSSF), "Open-Source and the Department of Defense" (2009), https://dwheeler.com/essays/dod-oss.pdf
Then another company get another million to develop same or similiar thing.
Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
You might point out that increasing the output of the sun in the real world actually result in a scorched, uninhabitable earth, and that also that's not how any of this works but hey, no analogy is perfect. And this one is plenty good enough to convince voters.
That money isn't disappearing, it goes to the company but also to its employees.
They then return it to the economy.
What you're suggesting is that the tax payers spend their money and get nothing in return - it's corporate socialism.
Probably depends on the development in question, but in general the ability to resell something to someone else changes the calculations for contract work. If you want me to develop something and then own it is not the same deal as me developing something that I get to sell to someone else, too.
Some might also consider it undermining their own industry. Instead of building up software companies, it is essentially the government building a huge software department.
Especially if that industry has evolved into suckling at the government's teat. Taxpayer milk is the sweetest milk.
/a
In reality though it would be possible to share code between cities, regions and even countries. Some use cases are fairly generic.
Local newspapers, for instance, use CMSes too but there’s still a lot of random bespoke work that goes into them.
https://i.imgur.com/up6yu.jpeg
And I have to say my personal confidence in the quality of governmental code is higher if it is open source than if it wasn't — because I know some pretty paranoid people who would for sure check that could better than any contractor ever would.
[0] example with the Linux kernel: https://www.theverge.com/2021/4/22/22398156/university-minne...
many bug fixes open new bugs anyway due to poor architecture, this is what we should focus on
the prc is a greater threat than Russia anyway
Every major UK government department has their own GitHub orgs:
- Healthcare, NHS: https://github.com/nhsuk/
- Education, DFE: https://github.com/DFE-Digital
- Justice, MOJ: https://github.com/ministryofjustice
- Taxes, HMRC: https://github.com/hmrc
And on and on the list goes.
Many things are private, but the 10th UK Government Design Principle is "make things open: it makes things better" https://www.gov.uk/guidance/government-design-principles#mak...
Only somewhat positive example from the recent past is the Corona warning app: https://github.com/corona-warn-app
However I have met some truly brilliant people working for the city of Berlin. They're just limited by red tape and diffusion of responsibilities, not to mention the amount of work that needs doing.
Opening the code up to pull requests could give the city IT a free boost from motivated citizens, I think.
I don't want public information systems to be dependent on open source bloat and kludge.
I remember a long decade spanning thread about the Brazilian government trying to shoehorn their super ca root into Mozilla cert database. Lots of arguments like "we audit ourselves and cherry pick a very strict number of academics to see our code and security methodologies".
To actually get meaningful benefit from it you need to design it with multiple use-cases and deployment models in mind, document it, and build a community around it.
If you have a bunch of publicly-funded teams that are desperate to do that work but held back by rules saying their code has to be private then forcing it public is a huge win.
But actually I think most such teams are just trying to get their project off the ground or keep it alive. If you make them publish the code they'll do so and then carry on developing an undocumented system that solves their exact usecase and none other, and is tightly coupled to their particular production environment.
I think to really get open-source happening successfully you actually need to foster a culture that values and incentivises the extra work it entails.
Nonetheless, this would be a great first step. So bravo!
If you put no fee, some big actors will create non optimize crawlers and call the service in a loop, wasting your tax money.
A small fee means people will take care of only get exactly the data they need, cache what they need to cache, and refresh only if they really need to, and what they really need to.
Otherwise, it's the tragedy of the common.
see https://github.com/italia
In Sweden most government data is public which includes individuals tax records.
That generates things such as news articles "The 50 people in your area that had the highest income last year" with home address and everything and that you can look up income instantly on the web.
Some level of privacy for this would be nice to have.