Response to the Government of Canada's RFI - NO CHARGE LICENSED SOFTWARE
Response to the Government of Canada's RFI - NO CHARGE LICENSED SOFTWARERobert Pogson2009-2-7
Abstract:
In response to this RFI, it is proposed to deal with “NO CHARGE
LICENSED SOFTWARE” in two streams:• Free Software which the government is free to use, examine
source code, modify source code and to distribute changes including
source code • Non-Free Software which may have a no-cost licence but
which does not allow copying, examination of source code or distribution. Free and Non-Free Software have different technological risks, levels
of reliability and flexibility. The Government should respect these
differences to make the best use of information technology.
Q1 In the Overview, the Crown provided a definition for No Charge
Licensed Software. Is this an appropriate definition?
“No Charge Licensed Software means Licensed Software that is available
at no charge for the Licensed Software and is typically made available
as a free download from the Internet. No Charge Licensed Software
may also have No Charge Software Support Services (NCSSS) available
at no charge from the Internet.No Charge Licensed Software categories would include software categories
such as Operating Systems, Office Automation Office Suites, Internet
browsers, Application servers, development tools and utilities.”
This definition is appropriate but vague in view of the myriad different
licences in existence. The government should add clarity to its definition
by discriminating between two major categories: -
Free Software[GPL] which includes the permission given in
the lic ence to use, examine source code, modify source code and
to distribute changes. This greatly reduces technological risks associated
with software because the government would acquire a degree of independence
from the supplier and assurance that the software could be fixed if
issues arise.
- Non-Free Software which does not include all of those rights with
the licence. This software has great risks similar to “proprietary”
software obtained by paid licences. The supplier can force, or deny,
upgrades causing the software to become less useful or more expensive
with time. This closed software may also contain hidden legal risks
of patent or copyright violation.
The Government of Canada is not like many ordinary businesses because
of its size. Free Software has special advantages for such a large
organization because the government can actually afford to acquire
and to maintain source code for software more cheaply than it can
pay commercial licences for some software. For example, OpenOffice.org
produces an office suite that is Free Software but it's entire budget
is much less than the government pays each year in licence fees for
office suites if they use Microsoft Office. Sun Microsystems bought
Star Office, lock, stock and barrel[Sun], which evolved into
OpenOffice.org, for less than it would have cost them for one round
of licence fees to Microsoft. For this reason, the government should
definitely treat Free Software as a special category and, indeed,
prefer it, especially for commodity, widely used and tested Free Software. The government should also consider, in lieu of paying for licences
for Free Software, to make a contribution to organizations producing
Free Software or employing software/documentation developers who would
work for these organizations. This would employ Canadians and give
the government a means of customizing, debugging, and fixing software
rather then depending on outside organizations with their own agendas.
Q2. What are reasonable criteria that the Crown should consider in
a decision process for acquiring No Charge Licensed Software? Are
there circumstances in which the acquisition of No Charge Licensed
Software would not be advisable?After the normal “Does it work?” kinds of criteria that should
be applied to all information technology systems and software, all
software used or considered for use by the government should be categorized
into FREE and NON-Free Software and preference given to Free Software
because of the unique benefits to the government. In particular, widley
used Free Software should be considered suitable for a fast-track
in acquisitions because millions of installations may already be tested
and performing well. Examples of Free Software that should be considered
a commodity like sheets of paper or pens: -
OpenOffice.org[OO] office suite which has more than 100 million
installations
- Apache[Apache] web server which runs about 2/3 of
the Internet
- MySQL[MySQL] database which is widely used with PHP to provide
dynamic web sites
- PHP scripts which run on Apache web servers to provide instant commodity/generic
social networking sites
- language processors such as C, C+, PHP, Perl and Python
- GNU/Linux operating system which runs most of the web and is used
on about 10% of desktop computers
Statistics on the presence of PHP on server sites is available in
the form of a MySQL database[PHP]. The results for .ca websites
gives: mysql> select libelle,nombre,pourcentage from stats
where type='canada' and date like '2008-11-04%';+———+——–+————–+ | libelle | nombre | pourcentage | +———+——–+————–+ | .ab.ca | 716 | 29.404517453 | | .bc.ca | 1819 | 37.343461301 | | .gc.ca | 72 | 7.392197125 | | .mb.ca | 371 | 28.148710166 | | .nb.ca | 140 | 32.786885245 | | .nf.ca | 39 | 11.079545454 | | .ns.ca | 524 | 41.853035143 | | .nt.ca | 7 | 7.291666666 | | .nu.ca | 11 | 47.826086956 | | .on.ca | 2265 | 30.921501706 | | .pe.ca | 44 | 24.858757062 | | .qc.ca | 3333 | 28.922249219 | | .sk.ca | 195 | 26.970954356 | | .yk.ca | 28 | 20.289855072 | +———+——–+————–+ 14 rows in set (0.01 sec) Thus, we see that the government is using PHP much less than most
websites in Canada on average. PHP is extremely useful for rapidly
developing interactive websites so this may be because the government
rarely changes their sites or it may be that the government feels
they should use more expensive technology. If a Free Software package is widely used and known to work and has
a published buglist, there are no reasons the government should not
promptly approve it for use. The only instance where such Free Software
should not be used is where a migration would be too costly or diruptive
to existing systems. This is a feature of existing systems, not a
negative for Free Software. Likely, the government uses closed/proprietary
file formats and protocols. That is a mistake of the past and should
not be repeated by continuing to acquire closed systems. There is
no security through obscurity and often very little efficiency. Open
systems, following publicly developed open standards are the way information
technology should be done and preference should be given to Free Software
because it usually follows open standards.
Q3. What factors other than price should be considered as part of
an evaluation guideline for No Charge Licensed Software? Are there
other factors beyond those outlined in Appendix A & B that the Crown
should consider?Widespread use, published bug lists[bugs] and open source code
should be the minimum standards by which No Charge Licensed Software
should be considered. Closed source code and no published bug lists
should count against any software, not only No Charge Licensed Software.
Q4. How should existing Government Furnished Equipment, Services,
Service Level Agreements and internal resources be considered when
evaluating the usage of No Charge Licensed Software?Any equipment, service, agreement or resource that is in any way incompatible
with Free Software should be modified/replaced. The purpose of information
technology is to use computers, networks and storage to create, modify,
find and present information in the fastest and most efficient manner
possible. Free Software often is the best way to do any of these things
and any system that excludes Free Software in its file format, protocol,
licence or the skill sets of staff should be considered an indication
that the information technology system is far from optimal and should
be changed. When Free Software was not well known and certain suppliers
had a monopoly on information technology, many mistakes were made
locking-in the monopolistic practices leading to inefficiency, high
prices and inflexibility. The sooner these mistakes are corrected
by converting all systems to open standards and Free Software, the
better. The cost of monopoly is large and on-going[mono]. The
cost of changing a system to use Free Software is mostly a single
charge and manageable for commodity systems.
Q5. How practical is No Charge Licensed Software? Are there hidden
costs that need to be considered as part of the process of evaluating
the alternatives available?I use Free Software in education and it does everything the students
need done and 90% of what the teachers need to do because the employer
is locked into some proprietary databases that do not use a web interface
but must install a client application on the proprietary operating
system on a commodity PC. There is no technical reason that Free Software
could not be used for everything in education or government if there
is the will to change and to make the best use of information technology
in the future. There are those who spread fear about Free Software claiming that
it is more expensive to manage than proprietary software but that
is only true if one keeps the lock-in provided by purveyors of proprietary
software and the Free Software must be given complex configuration
to comply with deliberately obscure protocols. That can easily be
seen in the two open standards for office file formats. ODF was defined
in less than 1000 pages and is widely supported. Microsoft promoted
OOXML in 6000 pages and no one, not even Microsoft can comply with
it[iso]. Consider commodity desktop systems. The most common model is one desktop/one
licence/one hard drive costing thousands of dollars to install and
to maintain each year. A promising model is the thin client/terminal
server where the client PC has no hard drive, no installed software,
no fans, is tiny, and shows the pictures and receives the clicks for
a powerful server. With Free Software, one system administrator can
manage thousands of desktops and rarely has to visit the PC. With
Microsoft Windows XP, one system administrator can barely keep up
with the maintenance on a few hundred machines because the disks fail,
the hard drives fail, the machines pick up malware, and if the server
keeps the user's files, the network gets congested. One can use thin
clients with Windows but Microsoft charges a huge licence fee for
the server and another fee for each PC connected, nullifying much
of the capital cost savings. In addition, Windows does not used shared
memory so a terminal server can only run half the users that a terminal
server running GNU/Linux can. Thus, for 80% or even more of desktop
PCs, it makes no sense in terms of cost of acquisition or operation
to use Windows but many do because they are locked-in. The government
should fight this. It is difficult but the annual savings forever
afterward are much larger than the short-term costs[largo].
Q6. What are the general financial, technical and security risks
associated with acquiring and using No Charge Licensed Software?Closed software whether the licence is paid or not is inherently risky.
The maker has no need to make the software secure if the customer
will buy it whether it is secure or not. Free Software, on the other
hand, is open to inspection and the world can examine it in detail
for flaws and report them in public forums. Serious flaws can be fixed
in days with Free Software software because there is no restriction
on changing the source code. Non-Free Software changes have only one
source and the end-user has to wait until the developer gets around
to it. For example, when Microsoft released its latest operating system,
Vista, it was discovered that a feature, deliberately introduced 15
years earlier was a serious security flaw[wmf]. Recently,
the beta of their next operating system was found to have a security
feature which could be trivially turned off by malware[uac].
I have used Free Software for eight years and never seen malware on
it. I see malware on Windows weekly. The risks the government should
be examining should include non-Free Software. There are far more
risks to using that.
Q7. How do Open Standards and interoperability factor into evaluation
considerations?No software that uses closed standards should be considered for use
in governmental systems. The purpose of government is to serve its
people not the monopolistic purposes of corporations. Closed software/closed
standards serve others purposes and unless the government is privy
to the purposes and methods it is foolish to depend on them. Closed
systems could involve espionage, sabotage, hidden faults or anti-competitive
measures[IE]. The government should avoid all closed systems.
Q8. How does the technology factor into the evaluation consideration,
such as ability to maintain and evergreen?Free Software is obviously maintainable by an organization the size
of the government and fits well into these factors. Closed standards,
and non-Free Software, whether with paid licence or not interfere
with maintenance. For example, I worked at a place where we had an
e-mail system that had worked well for many years. The latest version
of the software had a feature the employer wanted so we looked into
upgrading to the newest version. If we wanted to keep our data, the
accumulated e-mail of five years, we had to pay for and install each
version of the software between our old version and the new one. The
supplier held our e-mail for ransome so we paid about ten times more
for the software than a new installation of the current version and
it cost half a day of labour. That does not happen with Free Software
because there is no motivation to change file formats with each release.
Software with annual licences can just expire and data can be lost.
The government should not use any closed systems.
Q9. How does the Crown evaluate the flexibility of the licensing
models for No Charge Licensed Software?It would save many difficulties with licences to use a standard software
licence like the GNU GPL for Free Software. It is obviously possible
to do this but some change of suppliers would be needed. The government
should set a target date for converting all software to Free Software.
Paid licence software should offer the four freedoms of Free Software
or be excluded from consideration. In systems that have a common licence
there is never a legal worry about installing one more system, making
changes or combining software in any combination, things that are
often forbidden by other licences. The Product User Riights of Microsoft
is so restrictive it takes 94 pages[EULA]. The GPL takes only
12 pages for Version 3 because it gives rights, and does not take
rights away except for violations of a few simple principles. The
government should look at licensing Free Software as a huge simplification
of the legal structure of the government's IT system.
Q10. What impact will No Charge Licensed Software have on Government
Licensed End-User Networks?If the government switch to widespread use of thin client with GNU/Linux,
network traffic would fall because data will largely be off most of
the network leaving only key clicks and screen updates. Except for
full-screen video which is not a part of many roles in government,
the end-result is a much more responsive network. For example, in
my school, machines running Windows XP Pro, take 45s to give a log-in
screen and another 90s to give a usable desktop because the machines
transfer many user files over the network. With a GNU/Linux terminal
server, those files stay on the server and do not traverse the network.
The difference is remarkable. My GNU/Linux clients take 45s to boot
and from log-in to usable desktop is 2s. Loading my largest application
takes 1.5s because the files are already in the shared memory of the
GNU/Linux terminal server and little disk access is needed to open
the application. If the government uses network standards that are open, Free Software
will give the best performance at lowest cost. Any supplier of networking
who insists on non-Free Software being used should be excluded from
consideration.
ConclusionIt is good to see the Government of Canada taking FLOSS seriously.
It is about time. GNU/Linux has been very usable for more than ten
years. The cost of IT being more than twice as much using Windows
as GNU/Linux, that has been a huge waste. There is still a problem
with this initiative. It appears that the government is considering
treating FLOSS as a risky venture with limited utility. The opposite
should be true. Non-Free Software should be considered as a huge risk
to security and our viability as a nation. Microsoft, in particular,
should not be allowed to provide software to the government. The Windows
EULA prevents the Government of Canada from fulfilling its duty to
provide services to Canadians reliably and at lowest cost. In education,
I have installed whole-school systems that run trouble-free for years
at half the cost of using Windows. There is no justification for the
widespread use of Windows in education or government. Further, the government should note that in countries where FLOSS
is promoted, BRIC countries, IT is growing at a great rate while in
North America many technology firms are laying off thousands of employees.[BRIC] This document was produced entirely with Free Software: FireFox web
browser, Lyx type-setter, pdf utilities and Debian GNU/Linux.
References
[GPL]The GNU organization formed in 1984 to promote
Free Software. see http://www.gnu.org/[Sun]”The number one reason why Sun bought Star
Division in 1999 was because, at the time, Sun had something approaching
forty-two thousand employees. Pretty much every one of them had to
have both a Unix workstation and a Windows laptop. And it was cheaper
to go buy a company that could make a Solar is and Linux desktop productivity
suite than it was to buy forty-two thousand licenses from Microsoft.”
http://en.wikipedia.org/wiki/StarOffice#History[OO] OpenOffice.org is a Free Software office suite
originally designed to be equivalent capability to Microsoft Office
but it uses open standard file formats as well as closed, can produce
PDF. It has had more than 100 million downloads and is included in
many GNU/Linux distributions of software running on many millions
of PCs. It is available for several operating systems. see http://OpenOffice.org[Apache] The Netcraft Survey shows Apache runs 52%
of all websites but only half of all websites are active. Many are
place-holders. 50% of the top performers are Apache while only 15%
are Windows. see http://news.Netcraft.com/archives/web_server_survey.html
http://uptime.netcraft.com/perf/reports/performance/Hosters?tn=january_2009[MySQL] MySQL is database widely used by itself and
as part of the LAMP stack (Linux, Apache, MySQL ans PHP/Perl/Python).[PHP]see http://www.mysql.com/why-mysql/marketshare/
and http://www.nexen.net/images/stories/stats.200810.sql.bz2[bugs]Sales agents for non-Free Software rarely publish
their bugs. Free Software organizations have different motivation,
to produce the best software. see http://bugs.debian.org/release-critical[mono]”CyberInsecurity: , The Cost of Monopoly”
see http://www.ccianet.org/papers/cyberinsecurity.pdf[iso] “Google's Position on OOXML as a Proposed
ISO Standard ... If ISO were to give OOXML with its 6546 pages the
same level of review that other standards have seen, it would take
18 years (6576 days for 6546 pages) to achieve comparable levels of
review to the existing ODF standard (871 days for 867 pages) which
achieves the same purpose and is thus a good comparison. Considering
that OOXML has only received about 5.5% of the review that comparable
standards have undergone, reports about inconsistencies, contradictions
and missing information are hardly surprising. see http://www.odfalliance.org/resources/Google%20OOXML%20Q%20%20A.pdf[largo] “We noted on our last Largo visit, and
note once again, that these are the least harassed, least worried,
calmest sysadmins we have ever met. They have one of the smallest
and least-worked help desks we have ever seen – five people who support
450+ client units and over 800 users, and it is all done without any
fuss, muss or hurry. The desktop units, remember, have no moving parts
or applications software on them. They rarely break, and if they do
it is only a moment's work to swap one out. Monitors eventually get
old and dim, but they have a stack of $150 Compaq 17" monitors
ready to go, plenty of spare keyboards and mice, and lots of CAT-5
cable. Everything in the server room is backed up and redundant (and
neat, with all cables marked) so maintenance there is as under control
and worry-free as it is on the client side of things. ... Harold,
Mike, and Dave all note that when they go to technical conferences
and other sysadmin get-togethers, they are usually the only ones in
the place who are not getting a steady stream of frantic interruptions.
... So what do they do with their time? They research, plan, and think
of yet more ways to save Largo taxpayers money on IT while making
the city's IT services more efficient and useful.” see http://www.linux.com/articles/26827[wmf]”Windows Metafiles are extensively supported
by all versions of the Microsoft Windows operating system. All versions
from Windows 3.0 to the latest Windows Server 2003 R2 contain this
security flaw. However, versions from Windows XP onwards are more
severely affected than earlier versions, since they have a handler
and reader for the WMF file in their default installation.” see
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability[uac]”malware authors can exploit the fact that
rundll32.exe is allowed to automatically elevate by separating their
malware into two pieces ? a proxy application and a payload (in the
form of a library). The proxy application?s job is to invoke rundll32.exe,
with the payload library as a parameter in a way that ?requests? elevation.
Windows will intercept the request and automatically elevate the process
to High Mandatory Level, executing your payload wearing an administrative
hat.” see http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/[IE]”Nevertheless, Microsoft tied the two together,
refusing to sell Windows 95 or Windows 98 without Microsoft's browser
or to permit OEMs to remove the browser before selling their PCs loaded
with Windows. With Windows 98, Microsoft also unnecessarily "welded"
the browser to the operating system, so that using another browser
would be a "jarring experience," further excluding
rival browser suppliers. ” see http://www.usdoj.gov/atr/cases/f2600/2613overview.pdf[EULA]see http://www.google.com/url?q=http://download.microsoft.com/download/b/e/9/be9929eb-298e-4636-907c-70216f5f6f90/MicrosoftProductUseRights(Worldwide)(English)(January2008)(CR).doc&ei=3hCOSdmwHpLQsAP3ztj-CA&sa=X&oi=spellmeleon_result&resnum=1&ct=result&cd=1&usg=AFQjCNFMdSdCtr2olJWfXGceGDK8BhVRMw[BRIC]”A deep global recession and a radical industry
transformation are at the core of IDC's predictions for the IT industry
in 2009. With economists forecasting dramatically slowing global GDP
growth, IDC predicts that global IT spending growth will slow by half
or more, effectively stripping more than $35 billion of potential
revenue out of the market. To survive, it will be critically important
for vendors to reorient their businesses and offerings toward market
segments with above average growth. The latter will continue to include
emerging markets, such as the BRIC countries (Brazil, Russia, India,
and China), as well as the small and medium-sized business (SMB) sector.
Although spending will slow significantly in these markets, it will
outperform the overall market. In addition, government initiatives
to spur economic growth and financial stability will include outlays
for new technology, making this an important market sector for the
first time in many years.” see http://idc.com/getdoc.jsp?containerId=prUS21556508&pageType=PRINTFRIENDLY
This document was translated from LATEX by
HEVEA.
|
