Response to the Government of Canada's RFI - NO CHARGE LICENSED SOFTWARE Response to the Government of Canada's RFI - NO CHARGE LICENSED SOFTWARERobert Pogson2009-2-7 Abstract: In response to this RFI, it is proposed to deal with “NO CHARGE LICENSED SOFTWARE” in two streams:
• Free Software which the government is free to use, examine source code, modify source code and to distribute changes including source code
• Non-Free Software which may have a no-cost licence but which does not allow copying, examination of source code or distribution.
Free and Non-Free Software have different technological risks, levels of reliability and flexibility. The Government should respect these differences to make the best use of information technology.
Q1 In the Overview, the Crown provided a definition for No Charge Licensed Software. Is this an appropriate definition? “No Charge Licensed Software means Licensed Software that is available at no charge for the Licensed Software and is typically made available as a free download from the Internet. No Charge Licensed Software may also have No Charge Software Support Services (NCSSS) available at no charge from the Internet.
No Charge Licensed Software categories would include software categories such as Operating Systems, Office Automation Office Suites, Internet browsers, Application servers, development tools and utilities.”
This definition is appropriate but vague in view of the myriad different licences in existence. The government should add clarity to its definition by discriminating between two major categories:
The Government of Canada is not like many ordinary businesses because of its size. Free Software has special advantages for such a large organization because the government can actually afford to acquire and to maintain source code for software more cheaply than it can pay commercial licences for some software. For example, OpenOffice.org produces an office suite that is Free Software but it's entire budget is much less than the government pays each year in licence fees for office suites if they use Microsoft Office. Sun Microsystems bought Star Office, lock, stock and barrel[Sun], which evolved into OpenOffice.org, for less than it would have cost them for one round of licence fees to Microsoft. For this reason, the government should definitely treat Free Software as a special category and, indeed, prefer it, especially for commodity, widely used and tested Free Software.
The government should also consider, in lieu of paying for licences for Free Software, to make a contribution to organizations producing Free Software or employing software/documentation developers who would work for these organizations. This would employ Canadians and give the government a means of customizing, debugging, and fixing software rather then depending on outside organizations with their own agendas.Q2. What are reasonable criteria that the Crown should consider in a decision process for acquiring No Charge Licensed Software? Are there circumstances in which the acquisition of No Charge Licensed Software would not be advisable?
After the normal “Does it work?” kinds of criteria that should be applied to all information technology systems and software, all software used or considered for use by the government should be categorized into FREE and NON-Free Software and preference given to Free Software because of the unique benefits to the government. In particular, widley used Free Software should be considered suitable for a fast-track in acquisitions because millions of installations may already be tested and performing well. Examples of Free Software that should be considered a commodity like sheets of paper or pens:
Statistics on the presence of PHP on server sites is available in the form of a MySQL database[PHP]. The results for .ca websites gives:mysql> select libelle,nombre,pourcentage from stats where type='canada' and date like '2008-11-04%';
| libelle | nombre | pourcentage
| .ab.ca | 716 | 29.404517453 |
| .bc.ca | 1819 | 37.343461301 |
| .gc.ca | 72 | 7.392197125 |
| .mb.ca | 371 | 28.148710166 |
| .nb.ca | 140 | 32.786885245 |
| .nf.ca | 39 | 11.079545454 |
| .ns.ca | 524 | 41.853035143 |
| .nt.ca | 7 | 7.291666666 |
| .nu.ca | 11 | 47.826086956 |
| .on.ca | 2265 | 30.921501706 |
| .pe.ca | 44 | 24.858757062 |
| .qc.ca | 3333 | 28.922249219 |
| .sk.ca | 195 | 26.970954356 |
| .yk.ca | 28 | 20.289855072 |
14 rows in set (0.01 sec)
Thus, we see that the government is using PHP much less than most websites in Canada on average. PHP is extremely useful for rapidly developing interactive websites so this may be because the government rarely changes their sites or it may be that the government feels they should use more expensive technology.
If a Free Software package is widely used and known to work and has a published buglist, there are no reasons the government should not promptly approve it for use. The only instance where such Free Software should not be used is where a migration would be too costly or diruptive to existing systems. This is a feature of existing systems, not a negative for Free Software. Likely, the government uses closed/proprietary file formats and protocols. That is a mistake of the past and should not be repeated by continuing to acquire closed systems. There is no security through obscurity and often very little efficiency. Open systems, following publicly developed open standards are the way information technology should be done and preference should be given to Free Software because it usually follows open standards.Q3. What factors other than price should be considered as part of an evaluation guideline for No Charge Licensed Software? Are there other factors beyond those outlined in Appendix A & B that the Crown should consider?
Widespread use, published bug lists[bugs] and open source code should be the minimum standards by which No Charge Licensed Software should be considered. Closed source code and no published bug lists should count against any software, not only No Charge Licensed Software.Q4. How should existing Government Furnished Equipment, Services, Service Level Agreements and internal resources be considered when evaluating the usage of No Charge Licensed Software?
Any equipment, service, agreement or resource that is in any way incompatible with Free Software should be modified/replaced. The purpose of information technology is to use computers, networks and storage to create, modify, find and present information in the fastest and most efficient manner possible. Free Software often is the best way to do any of these things and any system that excludes Free Software in its file format, protocol, licence or the skill sets of staff should be considered an indication that the information technology system is far from optimal and should be changed. When Free Software was not well known and certain suppliers had a monopoly on information technology, many mistakes were made locking-in the monopolistic practices leading to inefficiency, high prices and inflexibility. The sooner these mistakes are corrected by converting all systems to open standards and Free Software, the better. The cost of monopoly is large and on-going[mono]. The cost of changing a system to use Free Software is mostly a single charge and manageable for commodity systems.Q5. How practical is No Charge Licensed Software? Are there hidden costs that need to be considered as part of the process of evaluating the alternatives available?
I use Free Software in education and it does everything the students need done and 90% of what the teachers need to do because the employer is locked into some proprietary databases that do not use a web interface but must install a client application on the proprietary operating system on a commodity PC. There is no technical reason that Free Software could not be used for everything in education or government if there is the will to change and to make the best use of information technology in the future.
There are those who spread fear about Free Software claiming that it is more expensive to manage than proprietary software but that is only true if one keeps the lock-in provided by purveyors of proprietary software and the Free Software must be given complex configuration to comply with deliberately obscure protocols. That can easily be seen in the two open standards for office file formats. ODF was defined in less than 1000 pages and is widely supported. Microsoft promoted OOXML in 6000 pages and no one, not even Microsoft can comply with it[iso].
Consider commodity desktop systems. The most common model is one desktop/one licence/one hard drive costing thousands of dollars to install and to maintain each year. A promising model is the thin client/terminal server where the client PC has no hard drive, no installed software, no fans, is tiny, and shows the pictures and receives the clicks for a powerful server. With Free Software, one system administrator can manage thousands of desktops and rarely has to visit the PC. With Microsoft Windows XP, one system administrator can barely keep up with the maintenance on a few hundred machines because the disks fail, the hard drives fail, the machines pick up malware, and if the server keeps the user's files, the network gets congested. One can use thin clients with Windows but Microsoft charges a huge licence fee for the server and another fee for each PC connected, nullifying much of the capital cost savings. In addition, Windows does not used shared memory so a terminal server can only run half the users that a terminal server running GNU/Linux can. Thus, for 80% or even more of desktop PCs, it makes no sense in terms of cost of acquisition or operation to use Windows but many do because they are locked-in. The government should fight this. It is difficult but the annual savings forever afterward are much larger than the short-term costs[largo].Q6. What are the general financial, technical and security risks associated with acquiring and using No Charge Licensed Software?
Closed software whether the licence is paid or not is inherently risky. The maker has no need to make the software secure if the customer will buy it whether it is secure or not. Free Software, on the other hand, is open to inspection and the world can examine it in detail for flaws and report them in public forums. Serious flaws can be fixed in days with Free Software software because there is no restriction on changing the source code. Non-Free Software changes have only one source and the end-user has to wait until the developer gets around to it. For example, when Microsoft released its latest operating system, Vista, it was discovered that a feature, deliberately introduced 15 years earlier was a serious security flaw[wmf]. Recently, the beta of their next operating system was found to have a security feature which could be trivially turned off by malware[uac]. I have used Free Software for eight years and never seen malware on it. I see malware on Windows weekly. The risks the government should be examining should include non-Free Software. There are far more risks to using that.Q7. How do Open Standards and interoperability factor into evaluation considerations?
No software that uses closed standards should be considered for use in governmental systems. The purpose of government is to serve its people not the monopolistic purposes of corporations. Closed software/closed standards serve others purposes and unless the government is privy to the purposes and methods it is foolish to depend on them. Closed systems could involve espionage, sabotage, hidden faults or anti-competitive measures[IE]. The government should avoid all closed systems.Q8. How does the technology factor into the evaluation consideration, such as ability to maintain and evergreen?
Free Software is obviously maintainable by an organization the size of the government and fits well into these factors. Closed standards, and non-Free Software, whether with paid licence or not interfere with maintenance. For example, I worked at a place where we had an e-mail system that had worked well for many years. The latest version of the software had a feature the employer wanted so we looked into upgrading to the newest version. If we wanted to keep our data, the accumulated e-mail of five years, we had to pay for and install each version of the software between our old version and the new one. The supplier held our e-mail for ransome so we paid about ten times more for the software than a new installation of the current version and it cost half a day of labour. That does not happen with Free Software because there is no motivation to change file formats with each release. Software with annual licences can just expire and data can be lost. The government should not use any closed systems.Q9. How does the Crown evaluate the flexibility of the licensing models for No Charge Licensed Software?
It would save many difficulties with licences to use a standard software licence like the GNU GPL for Free Software. It is obviously possible to do this but some change of suppliers would be needed. The government should set a target date for converting all software to Free Software. Paid licence software should offer the four freedoms of Free Software or be excluded from consideration. In systems that have a common licence there is never a legal worry about installing one more system, making changes or combining software in any combination, things that are often forbidden by other licences. The Product User Riights of Microsoft is so restrictive it takes 94 pages[EULA]. The GPL takes only 12 pages for Version 3 because it gives rights, and does not take rights away except for violations of a few simple principles. The government should look at licensing Free Software as a huge simplification of the legal structure of the government's IT system.Q10. What impact will No Charge Licensed Software have on Government Licensed End-User Networks?
If the government switch to widespread use of thin client with GNU/Linux, network traffic would fall because data will largely be off most of the network leaving only key clicks and screen updates. Except for full-screen video which is not a part of many roles in government, the end-result is a much more responsive network. For example, in my school, machines running Windows XP Pro, take 45s to give a log-in screen and another 90s to give a usable desktop because the machines transfer many user files over the network. With a GNU/Linux terminal server, those files stay on the server and do not traverse the network. The difference is remarkable. My GNU/Linux clients take 45s to boot and from log-in to usable desktop is 2s. Loading my largest application takes 1.5s because the files are already in the shared memory of the GNU/Linux terminal server and little disk access is needed to open the application.
If the government uses network standards that are open, Free Software will give the best performance at lowest cost. Any supplier of networking who insists on non-Free Software being used should be excluded from consideration.Conclusion
It is good to see the Government of Canada taking FLOSS seriously. It is about time. GNU/Linux has been very usable for more than ten years. The cost of IT being more than twice as much using Windows as GNU/Linux, that has been a huge waste. There is still a problem with this initiative. It appears that the government is considering treating FLOSS as a risky venture with limited utility. The opposite should be true. Non-Free Software should be considered as a huge risk to security and our viability as a nation. Microsoft, in particular, should not be allowed to provide software to the government. The Windows EULA prevents the Government of Canada from fulfilling its duty to provide services to Canadians reliably and at lowest cost. In education, I have installed whole-school systems that run trouble-free for years at half the cost of using Windows. There is no justification for the widespread use of Windows in education or government.
Further, the government should note that in countries where FLOSS is promoted, BRIC countries, IT is growing at a great rate while in North America many technology firms are laying off thousands of employees.[BRIC]
This document was produced entirely with Free Software: FireFox web browser, Lyx type-setter, pdf utilities and Debian GNU/Linux.References [GPL]The GNU organization formed in 1984 to promote Free Software. see http://www.gnu.org/[Sun]”The number one reason why Sun bought Star Division in 1999 was because, at the time, Sun had something approaching forty-two thousand employees. Pretty much every one of them had to have both a Unix workstation and a Windows laptop. And it was cheaper to go buy a company that could make a Solar is and Linux desktop productivity suite than it was to buy forty-two thousand licenses from Microsoft.” http://en.wikipedia.org/wiki/StarOffice#History[OO] OpenOffice.org is a Free Software office suite originally designed to be equivalent capability to Microsoft Office but it uses open standard file formats as well as closed, can produce PDF. It has had more than 100 million downloads and is included in many GNU/Linux distributions of software running on many millions of PCs. It is available for several operating systems. see http://OpenOffice.org[Apache] The Netcraft Survey shows Apache runs 52% of all websites but only half of all websites are active. Many are place-holders. 50% of the top performers are Apache while only 15% are Windows. see http://news.Netcraft.com/archives/web_server_survey.html http://uptime.netcraft.com/perf/reports/performance/Hosters?tn=january_2009[MySQL] MySQL is database widely used by itself and as part of the LAMP stack (Linux, Apache, MySQL ans PHP/Perl/Python).[PHP]see http://www.mysql.com/why-mysql/marketshare/ and http://www.nexen.net/images/stories/stats.200810.sql.bz2[bugs]Sales agents for non-Free Software rarely publish their bugs. Free Software organizations have different motivation, to produce the best software. see http://bugs.debian.org/release-critical[mono]”CyberInsecurity: , The Cost of Monopoly” see http://www.ccianet.org/papers/cyberinsecurity.pdf[iso] “Google's Position on OOXML as a Proposed ISO Standard ... If ISO were to give OOXML with its 6546 pages the same level of review that other standards have seen, it would take 18 years (6576 days for 6546 pages) to achieve comparable levels of review to the existing ODF standard (871 days for 867 pages) which achieves the same purpose and is thus a good comparison. Considering that OOXML has only received about 5.5% of the review that comparable standards have undergone, reports about inconsistencies, contradictions and missing information are hardly surprising. see http://www.odfalliance.org/resources/Google%20OOXML%20Q%20%20A.pdf[largo] “We noted on our last Largo visit, and note once again, that these are the least harassed, least worried, calmest sysadmins we have ever met. They have one of the smallest and least-worked help desks we have ever seen – five people who support 450+ client units and over 800 users, and it is all done without any fuss, muss or hurry. The desktop units, remember, have no moving parts or applications software on them. They rarely break, and if they do it is only a moment's work to swap one out. Monitors eventually get old and dim, but they have a stack of $150 Compaq 17" monitors ready to go, plenty of spare keyboards and mice, and lots of CAT-5 cable. Everything in the server room is backed up and redundant (and neat, with all cables marked) so maintenance there is as under control and worry-free as it is on the client side of things. ... Harold, Mike, and Dave all note that when they go to technical conferences and other sysadmin get-togethers, they are usually the only ones in the place who are not getting a steady stream of frantic interruptions. ... So what do they do with their time? They research, plan, and think of yet more ways to save Largo taxpayers money on IT while making the city's IT services more efficient and useful.” see http://www.linux.com/articles/26827[wmf]”Windows Metafiles are extensively supported by all versions of the Microsoft Windows operating system. All versions from Windows 3.0 to the latest Windows Server 2003 R2 contain this security flaw. However, versions from Windows XP onwards are more severely affected than earlier versions, since they have a handler and reader for the WMF file in their default installation.” see http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability[uac]”malware authors can exploit the fact that rundll32.exe is allowed to automatically elevate by separating their malware into two pieces ? a proxy application and a payload (in the form of a library). The proxy application?s job is to invoke rundll32.exe, with the payload library as a parameter in a way that ?requests? elevation. Windows will intercept the request and automatically elevate the process to High Mandatory Level, executing your payload wearing an administrative hat.” see http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/[IE]”Nevertheless, Microsoft tied the two together, refusing to sell Windows 95 or Windows 98 without Microsoft's browser or to permit OEMs to remove the browser before selling their PCs loaded with Windows. With Windows 98, Microsoft also unnecessarily "welded" the browser to the operating system, so that using another browser would be a "jarring experience," further excluding rival browser suppliers. ” see http://www.usdoj.gov/atr/cases/f2600/2613overview.pdf[EULA]see http://www.google.com/url?q=http://download.microsoft.com/download/b/e/9/be9929eb-298e-4636-907c-70216f5f6f90/MicrosoftProductUseRights(Worldwide)(English)(January2008)(CR).doc&ei=3hCOSdmwHpLQsAP3ztj-CA&sa=X&oi=spellmeleon_result&resnum=1&ct=result&cd=1&usg=AFQjCNFMdSdCtr2olJWfXGceGDK8BhVRMw[BRIC]”A deep global recession and a radical industry transformation are at the core of IDC's predictions for the IT industry in 2009. With economists forecasting dramatically slowing global GDP growth, IDC predicts that global IT spending growth will slow by half or more, effectively stripping more than $35 billion of potential revenue out of the market. To survive, it will be critically important for vendors to reorient their businesses and offerings toward market segments with above average growth. The latter will continue to include emerging markets, such as the BRIC countries (Brazil, Russia, India, and China), as well as the small and medium-sized business (SMB) sector. Although spending will slow significantly in these markets, it will outperform the overall market. In addition, government initiatives to spur economic growth and financial stability will include outlays for new technology, making this an important market sector for the first time in many years.” see http://idc.com/getdoc.jsp?containerId=prUS21556508&pageType=PRINTFRIENDLY