• @[email protected]
      link
      fedilink
      English
      1445 months ago

      IMO this should be the case for everything developed using public money, looking at you, pharmaceutical companies…

      • Liz
        link
        fedilink
        English
        25
        edit-2
        5 months ago

        The issue becomes when things are developed with a mix of public and private money. I’m not saying we shouldn’t tackle the issue, only that it can’t be as simple as public money = public resource. If that were true, nearly all of us would be required to work for free, since we got the majority of our education through public funding.

        Edit: It seems everyone ignored the generalization I was replying to. Yes, in terms of code it’s actually relatively easy to require that a publicity funded project be open source and leave it at that. The business can decide if they want to write everything from scratch to protect their IP or if they want to open up existing code as a part of fulfilling/winning the contact.

        In terms of other partially government funded projects, like the pharmaceutical example given, it’s much more difficult to say how much of the process and result are thanks to public funding. That’s really the only point I was trying to make, that it can get very hard to draw the line. With code, it can be relatively easy.

        • @[email protected]
          link
          fedilink
          English
          21
          edit-2
          5 months ago

          You can still pay people to write public code, though. Just because you can use it for free doesn’t mean it always has to be written for free. In some cases, sure, it can make more sense to have it for free if it’s a fully non-profit volunteer-run project, but that is not the only way to write open-source software. Talented developers are still talented, open-source or not.

        • nfh
          link
          fedilink
          English
          125 months ago

          I don’t think anyone intends public funds to be quite that sticky; public education is itself a public good, and having once attended a public school really has nothing to do with developing a product 20 years down the road.

          Also, writing open source code can support a viable business. Not every example has been successful, and some have been sold to hypercapitalist owners who wanted to extract more profit, others have failed to keep up, but Canonical is doing alright with it, Red Hat did for a long time, among others. Plenty of bigger tech companies also employ people to write open source software, despite it not being the company’s main business, React, PyTorch, TensorFlow, and so many other projects. Those engineers definitely aren’t working for free.

        • @[email protected]
          link
          fedilink
          English
          65 months ago

          There’s the difference between individual knowledge (company training) and code licenses though.

        • @[email protected]
          link
          fedilink
          English
          15 months ago

          govts print infinite money. All of us are working for free. Their fiat is credits for the company store.

          If you think funding projects is bad then the response is to support lobbying project owners to put in malware until FOSS is publically funded.

          All we have to do is verbally support it. And cheerlead when it occurs. We don’t actually have to actively do it. It’s a threat which is done in politics all the time.

          • @[email protected]
            link
            fedilink
            English
            15 months ago

            If governments could print infinite money they would just pay themselves an infinite salary.

            Your fundamentals of economics is broken.

            • @[email protected]
              link
              fedilink
              English
              18 days ago

              They have paid and are paying themselves a never ending salary. The printing is gradual and then all at once.

              We will reach infinity, make sure you get your hands on the infinity or trillion dollar note.

        • @[email protected]
          link
          fedilink
          English
          15 months ago

          Maybe this lazy private money should get a real job if it wants to pay for things to profit off of.

    • @[email protected]
      link
      fedilink
      English
      355 months ago

      But it will be written in Schwiizerdütch, so no one outside of Switzerland will understand it. I think it’s a dialect of Perl.

      • Onno (VK6FLAB)
        link
        fedilink
        English
        115 months ago

        Your joke aside, which I thought was funny did remind me that as it happens, the Swiss do an amazing job in making things internationally accessible.

        Take for example their spectrum management system that not only allows you to search for categories of users, handles kHz to MHz data entry, gives access to the legal provisions and then the legislation itself, does so in four languages.

        https://www.ofcomnet.ch/#/fatTable

  • @[email protected]
    link
    fedilink
    English
    2285 months ago

    This is the way it should be. Governments around the world have spent decades enriching big tech with public money, when they could have pooled their resources and built FOSS software that benefited everyone.

    Same goes for science and everything else funded by tax payers.

  • @[email protected]
    link
    fedilink
    English
    1085 months ago

    Meanwhile my country’s apps don’t let you open them if you have Developer Options enabled on android :)

  • @[email protected]
    link
    fedilink
    English
    885 months ago

    Been contracting for the Swiss government for years, namely ASTRA. They have 0 concept of how that should happen. It’s their IP, but they don’t want to take it, host it, maintain it, or do anything else with it once the project is done.

    Do they just expect others to foot the bill? Sure, free GitHub exists, but everything else? Open sourcing without maintenance is abandonware and usually useless.

    • Onno (VK6FLAB)
      link
      fedilink
      English
      955 months ago

      In contrast, abandoned open source software can be picked up and updated by whomever gets paid to, where abandoned closed source software needs to be reimplemented from scratch at great expense to the tax payer.

      Not only that, open source software can be adopted by the community (who already paid for the development through their taxes) for their own purposes. Consider for example the productivity impact on business that starts using tools that it cannot afford to develop itself.

      Office things like document management, workflow management, accounting, but also tools used in the science community, transport and logistics, anything that government does is represented in some other way in society.

      This is a big deal and I hope that it will reverberate across the globe and become the new normal.

      Whilst we’re at it, consider the impact of open data, where government datasets are available to the community.

      • @[email protected]
        link
        fedilink
        English
        155 months ago

        I’ll gladly upload my stuff into some repo they allow me to. I’ve inquired about it in the past - I wrote a piece of sw that fills a requirement hole left by a widely used SCADA tool - but they outright forbid it. That was about a year ago.

        My point is less about open source and more about how they have no clue how to handle their IP even now. It’s a nice gesture at best (at least currently. Maybe there’s more on the way).

        • Onno (VK6FLAB)
          link
          fedilink
          English
          45 months ago

          Who is “they” in your statement?

          If it’s the company who is contracted by the government, it seems obvious (to me) that the requirements to make it open source provides the push to make it public.

          If it’s the government, then I don’t understand your point.

      • @[email protected]
        link
        fedilink
        English
        8
        edit-2
        5 months ago

        Whilst we’re at it, consider the impact of open data, where government datasets are available to the community.

        That sounds like it would be pretty useful to get better quality statistical research papers (well, I guess quality would depend more upon the researcher), doable by people without corporate backing.

        Isn’t it already available in a lot of cases?

        • Onno (VK6FLAB)
          link
          fedilink
          English
          75 months ago

          Here’s some of what’s happening in my country, Australia:

          Not sure where Tasmania and the ACT are at, but those links are the federal and most state government data portals.

          Behind that is much variety of data, from land use to baby names and everything in-between.

          The Australian Bureau of Statistics has its own site:

          • @[email protected]
            link
            fedilink
            English
            65 months ago

            NZ as well: https://data.govt.nz

            Though this it takes work for the different government departments to maintain. The team at data.govt.nz work with the different government departments to try to identify suitable data sources and get them into an update cycle, but there’s definitely not all data that can be released on there.

            • Onno (VK6FLAB)
              link
              fedilink
              English
              45 months ago

              Yeah, same kind of process in Oz.

              AFAIK, it was triggered by doing an annual event called GovHack where people were encouraged to create “hacks” with government data. It included software developers like me, data mentors from many different government departments, people with an interest and several departments with questions.

              • @[email protected]
                link
                fedilink
                English
                45 months ago

                I think NZ’s is a similar story. GovHack is run in NZ as well, though I haven’t personally been involved in an event.

                • Onno (VK6FLAB)
                  link
                  fedilink
                  English
                  35 months ago

                  A decade ago I participated in three and won several awards but was disappointed with the government response to all our collective efforts and stopped participating.

                  Specifically “not invented here” was prevalent as a response to projects that represented hundreds of man-hours of effort.

                  It was demoralising to say the least.

                  I’m not sure what the missing ingredient was, but two of our projects were directly related to government effort in relation to public transport and public housing. Neither went anywhere despite face to face presentations to senior stakeholders in the relevant departments.

                  The third was a search engine with a completely different approach to that in use by the popular engines.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        Whilst we’re at it, consider the impact of open data, where government datasets are available to the community

        *imagines Moscow* You still would need more trees and fix old rain drain system.

    • @[email protected]
      link
      fedilink
      English
      105 months ago

      Step 1: all software has to be open source

      Step 2: governments, required by law, to fund FOSS projects in their tech stacks. Helped by organizations which trace project funding and lobbying to promote FOSS security by providing funding; a huge incentive to not insert malware

      Step 3: coders are afforded dignity (UBI); given funds geared towards affording a maintenance team. Regardless of country of origin. Vital infrastructure is vital infrastructure. Talent is talent.

      I support this move to Step 1

      Where is the list of pauper gov’ts which force talent to get a job rather than be a talent and then maintain their projects with dignity!

      Those jobs are mostly nonsense. Geared towards wasting our time building:

      • yet another stupid web site

      • yet another stupid smartphone app

      • yet another stupid cloud base server instance

      • Citizen
        link
        fedilink
        English
        25 months ago

        Yup and then they move the spyware/malware/etc into a layer below where nobody knows what is inside…

        How is your baseband modem in your smartphone doing, by the way?

        • @[email protected]
          link
          fedilink
          English
          35 months ago

          Separated over the PCIe bus with an IOMMU between it and system memory, as well as hardware switches to disable it if I’m not reachable

          I haven’t found a way to remove it entirely. It’s the only option I’ve found so far, but if you know of a better designed option, I’m certainly interested

        • @[email protected]
          link
          fedilink
          English
          18 days ago

          this is why FOSS community goes ahead and removes untrustworthy blobs and replaces them with open source alternatives.

          The open hardware is an issue, but there are efforts there as well.

  • @[email protected]
    link
    fedilink
    English
    605 months ago

    “unless precluded by third-party rights or security concerns”, so this bill does nothing

    • @[email protected]
      link
      fedilink
      English
      205 months ago
      1. I imagine that the company would have the burden of proof that any of these criteria are fulfilled.

      2. Third-party rights most likely refers to the use of third-party libraries, where the source code for those isn’t open source, and therefore can’t be disclosed, since they aren’t part of the government contract. Security concerns are probably things along the line of “Making this code open source would disclose classified information about our military capabilities” and such.

      Switzerland are very good bureaucracy and I trust that they know how to make policies that actually stick.

      • @[email protected]
        link
        fedilink
        English
        35 months ago

        It is written like that, so that MS 365 still can be used. Some worker here go literally crazy, if they have to work with alternatives to MS 365…

        • @[email protected]
          link
          fedilink
          English
          185 months ago

          This is not what the law is about. They can use closed sourced software just fine.

          This is a law about software developed for the Schweiz government. If they needed a new CRM system or database system for medical records, it would be open source.

          And they can use Outlook to inform everyone about it without problem.

        • @[email protected]
          link
          fedilink
          English
          55 months ago

          While there might be some truth to that, I don’t think MS 365 would qualify as “developed for the government.”

          • @[email protected]
            link
            fedilink
            English
            25 months ago

            Ah, i see… The „Security“ is used for the digital ID that is coming. Sadly, the part about Security of the ID is closed source to be “secure”. Someone has to teach them that security through # obscurity is no security…

    • deaf_fish
      link
      fedilink
      English
      35 months ago

      I still think a good chunk of the code will be visible. You can have all the code up to the point where you call the proprietary function. Obviously you won’t get to see what’s inside that function but you can guess. Also, a lot of proprietary libraries have that functionality really well documented.

  • @[email protected]
    link
    fedilink
    English
    595 months ago

    Open source will always be the best option, especially with a government supporting it! Imagine what government funding could do to accelerate improvements to Linux

  • @[email protected]
    link
    fedilink
    English
    55
    edit-2
    5 months ago

    I work for a company which creates software for the government. Super exited for more OSS projects.

      • @[email protected]
        link
        fedilink
        English
        125 months ago

        Yep, the swiss government. Complicated is probably the best word to describe it. We are a very decentralized country (which makes sense for a country that was founded as a coalition to fight the royals that oppressed its people, none of those partners want someone to rule them) so every canton (state) does a lot of things differently than the other ones. But it is nice to see that after years of neglect they try to actually push digitalization by establishing common standards and systems.

  • CaptainBasculin
    link
    fedilink
    English
    485 months ago

    Hopefully more governments will follow this. At the very least, the taxpayer should have the right for whatever software’s source code that it funds development.

  • @[email protected]
    link
    fedilink
    English
    425 months ago

    This makes me curious in the US on whether or not government app source code would be provided via a FOIA request.

    • John Richard
      link
      fedilink
      English
      485 months ago

      You’d think so, but the answer is no. They’ve employed companies like Microsoft, Oracle, etc. to write up the security handbooks that says proprietary software is more secure. Heck, even electronic voting systems in the US is closed-source.

      • @[email protected]
        link
        fedilink
        English
        415 months ago

        Security by obscurity the 100% least effective security measure! Wait what? MS left the government knowingly vulnerable for years for the shareholders?! That’s some good security right there!

        • @[email protected]
          link
          fedilink
          English
          55 months ago

          I don’t agree with the generalization here. Sure, it is generally advisable not to rely on security through obscurity, but depending on the use-cases and purpose it can be effective.

          I dislike DRM systems with a passion, but they, especially those for video games like denuvo, can be quite effective, if the purpose is to protect against copying something for a short time until it gets cracked.

          Otherwise I agree that software developed in the open is intrinsically more secure, because it can be verified by everyone.

          However, many business and governments like to have support contracts so want to be able to sue and blame someone else than themselves if something goes wrong. This is in most cases easier with closed source products with a specific legal entity behind it, not a vague and loose developer community or even just a single developer.

          • @[email protected]
            link
            fedilink
            English
            45 months ago

            However, many business and governments like to have support contracts

            What i don’t get is that governments can have their own in-house IT and can moderately large companies and up, so why the blame-shifting game?

            If i’m a customer and your software blows up in my face i will not care that It’s not our fault, it’s our contractors.

            • @[email protected]
              link
              fedilink
              English
              35 months ago

              They don’t care about what their customers think. It’s about criminal and civil liability.

      • @[email protected]
        link
        fedilink
        English
        205 months ago

        Heck, even electronic voting systems in the US is closed-source.

        How can elections even be trusted to be fair in that case?

        • John Richard
          link
          fedilink
          English
          145 months ago

          Simply, you can’t. I’m personally all for an open source alternative for electronic voting. I can bank online, but not vote online. I’d trust an open source online voting platform more than I’d trust poll workers to not skew some votes. I’d also like to be able to track my vote and ensure it was cast for the person I voted for.

          • @iknowitwheniseeit
            link
            English
            65 months ago

            Banking is completely different from voting from a security point of view. None of the parties in a bank transaction are anonymous, and there are numerous ways to retry or roll back a transaction. Computerized voting is more like crypto currency. 😝

          • @[email protected]
            link
            fedilink
            English
            5
            edit-2
            5 months ago

            you can’t have secret ballot and have a secure, auditible online vote. One of the problems of social media is it has created enemy lists for authoritarian states.

            • @[email protected]
              link
              fedilink
              English
              25 months ago

              You kind of can. Depends how fully auditable you want, but you can have cryptographically anonymized entries, that (I believe?) could even allow the original voter to track their vote, without enabling anyone else to track the vote back to the voter.

              It’s a different project, but GNU Taler have some interesting work on anonymized but not forgeable money transactions.

              • @[email protected]
                link
                fedilink
                English
                15 months ago

                The issue with online voting, no matter what you do, is that someone can force you under threat of violence to vote for a specific candidate, and watch to make sure you do it. Complete privacy in the voting booth is paramount to ensuring that everyone can vote freely.

        • @[email protected]
          link
          fedilink
          English
          12
          edit-2
          5 months ago

          I think we’re well past the open/closed discussion when hackers have repeatedly shown how easy it is to compromise the voting machines.

          We know they’re trash, it’s not theory.

    • @[email protected]
      link
      fedilink
      English
      125 months ago

      Generally, works of the US government are public domain.

      However, most apps are produced on contract with development companies, and I expect the contract specifies that the rights remain with the developer.

      • @[email protected]
        link
        fedilink
        English
        9
        edit-2
        5 months ago

        They explicitly do not, at least with every US federal contract I’ve ever seen. The govt owns the code that is written full stop.

        • @[email protected]
          link
          fedilink
          English
          35 months ago

          As someone who works with and knows several military contractors, I’ve never heard of the US taking ownership of any code written. In fact, most of what they’re paying for is for companies to extend software they’ve already written to better fit the governments use case, such that even if the government owned the new improvements, that code wouldn’t function without the base application that pre-dates a government contract.

          • @[email protected]
            link
            fedilink
            English
            3
            edit-2
            5 months ago

            It depends on the software and situation of course, but if you are paying a contractor to develop/write a solution for you aka “government built” then the contractor that writes the code owns 0 of that code. It’s as if it was written by Uncle Sam himself.

            Now, if the government buys software (licenses), the companies will retain ownership of their code. So if Uncle Sam bought Service Now licenses, the US doesn’t “own” service now. If service now extended capability to support the govt, the US still doesn’t own the license or that code in most cases.

            Sometimes the government will even pay for a company to extend its software and that company can then sell that feature elsewhere. The government doesn’t get any benefit beyond the capability they paid for–ie they don’t own that code. That can work to the governments benefit though, because it can be used as a price negotiation point. “we know you can sell this feature to 50 different agencies if you develop it for us, so we only want to pay 25% of what you priced it at”.

            But like it said, if it’s a development contract and the contractors build an app for the government, all of the contracts I’ve ever seen, have Uncle Sam owning it all. The govt could open source it if they wanted and the contractor would have no say.

            That’s what we call GOTS products https://en.m.wikipedia.org/wiki/Government_off-the-shelf#:~:text=Government off-the-shelf (,for%20which%20it%20is%20created.

            Vs COTS:

            https://en.m.wikipedia.org/wiki/Commercial_off-the-shelf

            With COTS, that’s where you’d see the ownership (depending on the contract/license agreement of course) remain with the vendor.

    • @[email protected]
      link
      fedilink
      English
      65 months ago

      Short version: no

      Long version: I’m pretty sure; no. I believe that; tools used like apps would not be subject to FOIA.

      I deal with public records requests at work… email, documents etc. sure thing, but I’m pretty sure that the AG would laugh at you requesting the source code for apps we use.

      —- I could only wish that we were mandated to use only open source software

  • @[email protected]
    link
    fedilink
    English
    36
    edit-2
    5 months ago

    I guess it’s not convenient to have Microsoft and Apple scan your company images and employee emails. Even take screenshots automatically if they can get away with it.

    Appearently other countries are fine with this, which surprises me much more.

    I guess the corpo version of windows have these sort of things turned off? But ms can turn them on whenever they want.

    • @[email protected]
      link
      fedilink
      English
      145 months ago

      This is specifically about software developer for the government. Microsoft office is then not included.

  • @[email protected]
    link
    fedilink
    English
    225 months ago

    I hope more governments do this, especially after how unsurprisingly shit (read: insecure) microsoft has become.

      • @[email protected]
        link
        fedilink
        English
        3
        edit-2
        5 months ago

        Yeah it’s always been shit but I do think they may have been referencing how the number of exploits and malware has only gotten worse over the years

      • @[email protected]
        link
        fedilink
        English
        15 months ago

        Specifically I was referencing the recent Russian cyberattack on US government servers that were/are run by microsoft. The flaw was known about for years but no one did anything about it because profit.