Comments on “Role of Open Source Software in Trinidad and Tobago” policy document

Note : this is a copy from the TTCS wiki originally at http://ttcsweb.pbworks.com/w/page/11098517/Role%20of%20Open%20Source%20Software%20in%20TnT which was used to  capture comments for the T&T Government’s proposed policy on Free and Open Source Software in November 2006. Hence the references to “editing the page”.

For reference. here are local copies attached to this blog post:

 

Contents

Background

The Ministry of Public Administration and Information has prepared a consultative document titled “The Role of Open Source Software in Trinidad and Tobago (PDF ; 187K).

From the Fastforward’s website :

The rapid adoption and interest in ICT within the government of Trinidad and Tobago and the business sector has been a driving force behind the wide spread use of “off-the-shelf” licensed software packages in the office place. Open source and open standards have started to challenge the norm. As a result this requires a review of the perceived benefits and pitfalls associated with licensed software products and their corollary: products developed through open standards and practices. The Ministry of Public Administration and Information has prepared a consultative document geared to facilitation and formalisation of such a review.

The deadline for comments is November 25, 2006

**November 25th, 2006 – TTCS comments submitted to MPAI on the “Role of OSS in TnT” : See ttcs_comments-on-role-of-open-source-software-in-Trinidad-and-Tobago.pdf

Edit this page to include any thoughts or comments about the paper.

 

Comments

 

— Richard Hamel-Smith

I’ve read through the document at least once. I note no mention of the GPL anywhere. Strange when the main difference between FLOSS and closed source is specifically the license issue. They mention everything except the terms ‘GPL’ and ‘EULA’.

They concentrate on issues like ‘risk’ and economic impact, but do not talk about ownership and licensing. I think they have not understood clearly that the point of FLOSS is freedom from licensing restrictions. They are seeing it only in terms of other benefits. They are, in fact, diverting the discussion away from the licensing issue. They only mention it in passing. I see only three places in the text where the word ‘license’ appears.

My particular concern is over whether we become a nation of software consumers or software producers. Licensing and ownership issues are key to fostering a climate where software development and production can take place. If there is ambivalence on this issue, there is no possibility of a local software development industry taking root. Neither open nor closed source can find encouragement in the absence of legislative protection of licenses. We will always have to import software in the presence of such ambiguity.

I would like fastforward to make mention of the GOTT’s specific stance on the license issue.

 

 

— Vasudev Seeram
“The United States federal government has a policy of neutrality; they choose proprietary or OSS programs simply considering costs and other traditional measures.”
Government’s focus should be on ensuring proper public policy is in place. These policies should include that public documents adhere to open standards and not be tied to proprietary formats, and are secured against theft, loss or unauthorized access. Whether the software is open-source or closed-source, it should meet these fundamental requirements.

For business/office requirements, software is merely a tool to accomplish the job. It is a means to create documents. The output generated is what is important, not the means to generate the output. Would it make sense, for example, to hire a carpenter and insist that he use Black & Decker or hire a groundsman and insist that he use Stihl? It would be absurd, because he is being hired to do a task. What matters is that he accomplishes the task, regardless of the tools used.

Neutrality is potentially advantageous because all options are considered before making a decision: cost of software, cost of implementation, time taken to deploy, cost of hardware, cost of training, security, ease of learning etc.

On the other hand, neutrality can be potentially disadvantageous because it relies on all options being considered. Because the majority of IT personnel are groomed in Microsoft-centric products and technologies, they will gravitate towards products that they are familiar with rather than examining all solutions. Many will avoid leaving their comfort zone because they fear change and having to learn new technologies.

A compromise to this situation would be for government to provide a list of recommended software that meets the policy. For basic work-processing needs, both Microsoft Word and OpenOffice.org Writer meet the needs. OpenOffice.org may be more cost-effective, but it may be easier to hire a clerk with Microsoft Word experience.

Ideally, because the documents adhere to open standards, users should be familiar with all recommended software packages. If the user has Microsoft word and the hard drive crashes, Ubuntu can be booted from a CD and the document loaded from a flash drive into OpenOffice.org. In this way, the user can continue work with minimum downtime.

In the final analysis, so long as a comprehensive analysis of the requirements is done, the government should be open to all options.
V.
p.s. Please bear in mind that I have not touched on union ramifications. Public servants may argue that they are being forced to do new work, and demand hire wages!
p.p.s ‘He’ should be read ‘he or she’.

 

 

— Dev Teelucksingh

 

6. Background

The entire background seems to be based on a fundamental misunderstanding of software licensing. Software can be licensed in a variety of ways :

Proprietary licenses

http://en.wikipedia.org/wiki/Proprietary_software

Proprietary software is software that has restrictions on using and copying it, usually enforced by a proprietor.

The prevention of use, copying, or modification can be achieved by legal or technical means. Technical means include releasing machine-readable binaries only and withholding the human-readable source code. Legal means can involve software licensing, copyright, and patent law. Proprietary software can be sold for money as commercial software or available at zero-price as freeware. Distributors of proprietary software have more control over what users can do with the software than non-proprietary software.

Open Source Licenses

Open Source Software is software for which the “guts” of the program can be freely downloaded and altered to suit your needs (provided you can do the programming). There are many types of Open Source Software. The difference lies in the way altered versions of the software can be distributed, so if you customise the software for your own needs, then decide to distribute it, you may be bound by specific terms.

You can do the following with open source software :

  • install the software on any number of machines in any environment (home or commercial) without purchasing licence fees for each machine
  • obtain and modify the source code and distribute modified versions of the program together with the modified source code. Many open source licenses differ in how such source code can be distributed or licensed for others to also do what you have done.

Some examples of open source licenses :

– GPL – GNU General Public License http://www.opensource.org/licenses/gpl-license.php

– LGPL – Lesser GNU General Public License http://www.opensource.org/licenses/lgpl-license.php

– BSD – Berkeley Software Distribution http://www.opensource.org/licenses/bsd-license.php

– MIT – Massachusetts Institute of Technology http://www.opensource.org/licenses/mit-license.php

– MPL – Mozilla Public License http://www.opensource.org/licenses/mozilla1.1.php

 

Public Domain software

public domain software.

This section refers to licensed software being used in the marketplace

This is incorrect. *All software*, including open source software is licensed as we have explained above. The only exception is public domain software.

The explanation in paragraph four of “open standards” is incorrect.

[Wikpedia on “open standards”|http://en.wikipedia.org/wiki/Open_standards] :

Open standards are publicly available and implementable standards. By allowing anyone to obtain and implement the standard, they can increase compatibility between various hardware and software components, since anyone with the necessary technical know-how and resources can build products that work together with those of the other vendors that base their designs on the standard (although patent holders may impose “reasonable and non-discriminatory” royalty fees and other licensing terms on implementers of the standard).

Open standards which can be implemented by anyone, without royalties or other restrictions, are sometimes referred to as open formats.

Paragraph five also misstates the pros and cons of open source vs proprietary software. This will be expanded later on.

 

7.1 The common threats of Open Source Software (OSS)

Re: security threat

The security threat is lack of properly trained personnel to properly configure, maintain, and use computer systems, regardless of whether it is open or closed source.

– having source code alone does not make it secure for the person/company using it.

Poorly configured software, even open source software, can be vulnerable to security threats. This leads to the need for adequate numbers of properly trained personnel to administer such systems.

7.2 OSS and Market Share

Copied from http://www.dwheeler.com/oss_fs_why.html#market_share

7.3 Reliability

Copied from http://www.dwheeler.com/oss_fs_why.html#reliability

7.4 Governments and OSS

Copied from http://www.dwheeler.com/oss_fs_why.html#governments

 

 

— Richard Hamel-Smith

 

Issues, like training, cost of implementation, cost of data conversion are being focused on in this document, as though they are problems that affect open source only. I refer to the text

 

 

The argued advantage of licensed or closed source products is inimically tied to the perceptions such as :

– the ease of training in these licensed packages;

– the ability to seamlessly integrate with the commercial packages which public servants and consultants may already be using otherwise; and

– suggested cost and maintenance advantages.

 

 

Training

 

It is true that there is more training available in Trinidad/Tobago which focuses on commercial software. This is in response to the demand which exists for it. But to suggest that open source in particular has problems with training, is a red herring.

 

Just as the need for training on commercial software locally was answered by the rise of training centres such as SBCS and SITAL, once FOSS becomes more popular, those institutions will respond to the demand by introducing FOSS courses into their curriculums. Already, Bordercomm and SBCS provide some FOSS courses.

 

In addition to local training, several organisations offer courses and certification in FOSS, including :

 

 

Integration

 

There are problems with integration. But this is true of all software. Open source approaches these issues by promoting open document formats (ODF) to improve integration. It is, in fact, the commercial software vendors who refuse to support such initiatives. See a discussion of this issue at Wikipedia (http://en.wikipedia.org/wiki/OpenDocument) and an analysis of the software available which supports ODF (http://en.wikipedia.org/wiki/OpenDocument_software).

 

The reason that integration problems still exist, is the refusal of large commercial software vendors to co-operate with existing standards or to release the information necessary for FOSS producers to co-operate with their standards. See the judgment by the European Commission against Microsoft concerning this (http://tinyurl.com/4ds4f).

 

The position taken by commercial software vendors is similar to the idea of the big kid hogging the sandbox in the kindergarten playground. The problem exists because commercial software vendors create it, in order to “protect their turf”. Even so, FOSS producers have responded by reverse-engineering the closed formats and protocols. OpenOffice.org both reads and writes Microsoft formats. The Samba networking suite provides connectivity between Windows networks and non-Windows networks.

 

Some commercial vendors provide at least partial support for FOSS software by providing binary-only drivers, eg. ATI and Nvidia provide video drivers for Linux systems.

 

It is not to be supposed that integration problems are insurmountable. The local Trinidad & Tobago Computer Society provides at a nominal cost, a entire CD full of FOSS software which works perfectly under the Microsoft Windows environment, including the major products like Apache, OpenOffice.org, MySQL, PHP, the excellent Firefox browser, Mozilla Thunderbird and the Mozilla Seamonkey internet suite.

 

There are serious issues associated with FOSS software. Ease of use is a problem which have been identified and is being aggressively tackled. It is an understatement to say that the harshest critic of FOSS is the FOSS community itself. It is *precisely* this constant self-criticism which has improved FOSS to the point where it is having such a world-wide impact. For a recent example of relevance see this Asa Dotzler blog post :http://weblogs.mozillazine.org/asa/archives/008499.html

 

Footnote:(Asa Dotzler is the community coordinator for several Mozilla projects. He is the founder and coordinator of Mozilla’s Quality Assurance (QA) and Testing Program, which has grown from just a few contributors when Asa joined the project to tens of thousands of volunteers today. As the Quality Assurance lead, Asa works with Mozilla’s volunteer QA and testing community to ensure excellence and to certify applications for release.)

 

Opportunities and Obstacles

 

In Trinidad currently, there is a small software development industry. It is limited to niche markets like payroll software, customs brokerage software, local websites etc. There is also rampant copying of commercial software and little if no enforcement of software licenses.

 

The growth of the local software development is hampered by the lack of protection which should be provided by the enforcement of copyright and licensing on software. FOSS in particular, is based on copyright and the rights conferred by the GPL and similar licenses. See the GPL (http://www.gnu.org/copyleft/gpl.html)

 

http://www.publicsectoross.info/index.php

 

Brazil adopts open-source software

http://news.bbc.co.uk/1/hi/business/4602325.stm

 

The Villanueva letter to Microsoft

http://www.theregister.co.uk/2002/05/19/ms_in_peruvian_opensource_nightmare/

 

Article re: Bruce Perens’ “Sincere Choice”

http://www.sfgate.com/cgi-bin/article.cgi?file=/gate/archive/2002/08/29/osgovt.DTL

 


 

Conclusion/summary

 

With the stated initiative of capacity development and wider developmental opportunities, the use of Open Source software by the Government of Trinidad and Tobago would be the best choice. By adopting Open Source software the GOTT can legally pursue this objective without fear or foul of licensing costs.

 

Open Source meets the needs of government and business users and home users. It promotes open formats. Open formats ensure data longevity (the ability to access data years in the future) and avoid vendor lock-in.

 

Open Source software applications are multi-platform meaning such software can run on proprietary operating systems such as Microsoft Windows and MacOS X as well as open source operating systems such as Linux and FreeBSD. Such multi-platform open source applications can thus be deployed in existing IT infrastructures without requiring significant hardware and software changes.

 

Also to note that a lot of business applications which typically require installation on individual PCs connected on a Local Area Network. However a significant interest and software development is taking place today which allows users with a standards-based web browser to access a website which offer many if not all of the features of stand-alone applications. This trend is collectively known as “Web 2.0”

 

Many such web 2.0 websites are built with open source software and run on web servers running open source software. This could mean significant cost savings when compared to proprietary applications installed on each machine on a LAN.

 

It is possible for a business idea to be developed by locals for a “web 2.0” site which could be used by anyone in the world with internet access.

 

Open source software does offer significant cost savings when compared to proprietary software. This should be considered especially if computers are to be deployed to

communities and schools throughout Trinidad and Tobago.

 

The discussion of the use of open source and open standards raises some very important issues which have either not been raised in this paper or have been mentioned only in passing. We believe that these areas deserve greater focus.

 

– Industry development

– Training

– ICT 4 Developement (http://www.ict4d.org.uk/) – access; localisation- ability to customise, etc

– integration with other software (use open source on proprietary OSes like Windows)

– Patents, copyrights and national security

 

 


Richard Hamel-Smith

 

To me, the two things that separate open source from closed applications are

 

– the license

– the development model

 

Given that the open source license allows users full access to the source code and the right to re-distribution, the question really becomes “Why would anybody want to use closed applications?”

 

The only “real” reason becomes support issues. Businessmen, and governments, in particular, like to have someone else to blame. Open source has addressed this need with a variety of options :

 

– paid support, such as service contracts

– free support, such as mailing lists, user groups

– mixed mode licensing options, ie. offering products both under open source licenses and commercial licenses (eg. MySql, Qt, RedHat) It should be noted however, that these commercial licenses do not normally restrict re-distribution and modification.

 

The development model

 

The open source development model has been discussed in depth in Eric Raymond’s famous essay “The Cathedral and the Bazaar” (http://catb.org/esr/writings/cathedral-bazaar/cathedral-bazaar/). The main idea is that program modifications are accepted into the main core of source code based solely on their intrinsic merits, not on any other considerations. Is the modification valid? Does it introduce bugs? Does it eliminate bugs. Does it add a useful feature?

 

This idea leads to the understanding of the open source community. The open source community sees itself as a ‘meritocracy’. Contributions that are of little or low value are discarded. Open source projects which do not attract a community, end up as ‘orphan code’. Only projects which are seen as of great value, attract sufficient numbers to ensure their survival.

 

This approach may seem disconcerting at first glance, but it is, in fact, the willingness to abandon a project and start in a new direction (known as ‘forking the code’), that leads to the high value of open source versus closed applications. Open source project leaders care passionately about the value of their code. They mercilessly reject modifications which they see as reducing the quality of the finished product. Some projects like FreeBSD and Apache, are relentless in their hunts for bugs. Consequently, the stability of these systems approaches the highest standards for software on the planet.

 

The freedom from commercial considerations allows project leaders to take the time necessary to eliminate bugs from their projects. It is practically an open source standard that projects maintain a database of bugs that any user can add to. This transparency allows the user base to participate in the improvement of their favourite software. The installation list of Bugzilla (http://www.bugzilla.org/installation-list/) reads like a Who’s who of the open source movement.

 

(In the software world, it is generally acknowledged that the absolute best programmers in the world work for NASA. It is interesting therefore to see that NASA also uses open source software. One would imagine that NASA could afford to purchase any software package available. NASA not only uses open source, NASA produces open source. See http://opensource.arc.nasa.gov/)

 

 


 

-rij

Department of Defense

 

According to the DOD Open Technology roadmap (http://www.acq.osd.mil/actd/articles/OTDRoadmapFinal.pdf)

 

 

Software code has become central to the warfighter’s ability to conduct missions. If this shift is

going to be an advantage, rather than an Achilles’ heel, DoD must pursue an active strategy to manage

its software knowledge base and foster an internal culture of open interfaces, modularity and reuse.

This entails a parallel shift in acquisitions methodologies and business process to facilitate

discovery and re-use of software code across DoD.

The national security implications of open technology development (OTD) are clear: increased

technological agility for warfighters, more robust and competitive options for program managers, and

higher levels of accountability in the defense industrial base. DoD needs to use open technology design

and development methodologies to increase the speed at which military systems are delivered to the

warfighter, and accelerate the development of new, adaptive capabilities that leverage DoD’s massive

investments in software infrastructure.

To summarize: OSS and open source development methodologies are important to the National Security and

National Interest of the U.S. for the following reasons:

* Enhances agility of IT industries to more rapidly adapt and change to user needed capabilities.

* Strengthens the industrial base by not protecting industry from competition. Makes industry more

likely to compete on ideas and execution versus product lock-in.

* Adoption recognizes a change in our position with regard to balance of trade of IT

 

 

The only special requirement that the US DoD has regarding the use of OSS (http://www.egovos.org/rawmedia_repository/822a91d2_fc51_4e6e_8120_1c2d4d88fa06?/document.pdf) is that

 

“DoD Components acquiring, using or developing OSS must ensure that OSS complies with the same DoD policies that govern Commercial off the Shelf (COTS) and Government off the Shelf (GOTS) software.”

 

The policies include

 

 

  1. compliance with evaluation and validation requirements of US national security telecommunications and information systems security policy; and

 

  1. configuration of software in accordance with DoD-approved security configuration guidelines.

 

In addition, acquisition, usage and development of OSS by the DoD must be in compliance with lawful licensing requirements, as is the case for COTS and GOTS.

 

 

National Security argument.

 

http://www.terrybollinger.com/index.html#open_source_reports has a link to the original DoD debate on the use of OSS, including the Mitre Report (debate summarized on Wikipedia athttp://en.wikipedia.org/wiki/Use_of_Free_and_Open_Source_Software_(FOSS)_in_the_U.S._Department_of_Defense)

 

  • The main conclusion of the analysis was that FOSS software plays a more critical role in the DoD than has generally been recognized. FOSS applications are most important in four broad areas: Infrastructure Support, Software Development, Security, and Research. One unexpected result was the degree to which Security depends on FOSS. Banning FOSS would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to—and overall expertise in—the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DoD groups to defend against cyberattacks.

 

 

For Infrastructure Support, the strong historical link between FOSS and the advent of the Internet means that removing FOSS applications would result in a strongly negative impact on the ability of the DoD to support web and Internet-based applications. Software Development would be hit especially hard for languages such as Perl that are direct outgrowths of the Internet, and would also suffer serious setbacks for development in traditional languages such as C and Ada. Finally, Research would be impacted by a large to very large increase in support costs, and by loss of the unique ability of FOSS to support sharing of research results in the form of executable software.

Neither the survey nor the analysis supports the premise that banning or seriously restricting FOSS would benefit DoD security or defensive capabilities.

 

 


 

— Richard Hamel-Smith

 

I just want to insert some stuff from a site. Normally, I just put the link, but I find it’s so well said that it begs to be quoted.

 

http://www.egovos.org/Resources/Testimony

 

 

Governments have special obligations to protect the integrity, confidentiality and accessibility of public information throughout time like no other entity in society. Therefore, storing and retrieving government data through secret and proprietary data formats tied to a single provider is especially problematic, since the usability, maintenance and permanence of government data should not depend on the goodwill or financial viability of commercial suppliers.

Furthermore, citizens have a right to transparency in public acts, which may be hampered by secret, proprietary software. A clear example of this is e-voting software. I expect no one would seriously defend the right of proprietary software companies to prevent political candidates from inspecting the software that tallies the votes in elections. There are many other public acts that fall into the same category. So many in fact that the onus should rightly be placed on companies to justify the use of proprietary software in purely governmental settings.

Privacy

There is a constitutional right to privacy, and it is incumbent on government to set rules to protect the privacy of its citizens. Software that may transmit private data to, or allow control and modification of computer systems by, third parties without the explicit consent of the user is a violation of the citizen’s right to privacy. It is disingenuous to argue, as Open Source opponents often do, that the market will sufficiently protect the rights of citizens in these circumstances. Software follows the principle of “network effects” where, after a certain tipping point, all consumers lose their freedom of choice and are herded into using the same product for the sake of interoperability. The existence of monopoly situations in software also work to restrict freedom of choice, further limiting the protective effects of a purely market-based solution. As a result, government intervention is appropriate to protect the privacy rights of its citizens.

Education

Open Source is a superior way to educate the next generation of IT professionals. With Open Source, the developers see and study the actual code running real world systems, rather than working with stripped-down “toys” designed merely for educational purposes. Many developers have recounted that they learn best by trying and watching what happens in the program as it runs. This should not be surprising at all, since this was how developers learned the craft before the 1980’s when the closed software industry arose. Open Source is just returning software to its free and open roots.

 

The Four Freedoms

 

from http://www.gnu.org/philosophy/free-sw.html

Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:

* The freedom to run the program, for any purpose (freedom 0).

* The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.

* The freedom to redistribute copies so you can help your neighbor (freedom 2).

* The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.