Gendo

Category: vendor-lock

Windows 8 does not have to be a disaster

August 14, 2012

Author: arjen

<originally a Webwereld column – in Dutch – also on HuffPo UK>

Klik voor grotere afbeelding

Gartner, IT-journalists and even former employees of Microsoft agree: Windows 8 will be a disaster. The Metro interface designed for tablets (a market that virtually does not exist in relation to MS-Windows) is unworkable on a desktop with a vertical non-touch screen, keyboard and mouse. Most office spaces still have this and most run legacy applications with interfaces that rely on a Windows PC using a keyboard and mouse. It is precisely the ongoing purchase of desktop PCs with the combination of MS-Windows and MS Office that has kept Microsoft financially afloat over the last 15 years

The combination of legacy applications (mostly proprietary) and familiarity with MS Office, led many IT organisations to automatically buy the new Windows platform, despite the high cost of licences and support. The inevitable result is a world of pain, with new interfaces, a lack of compatibility and the sudden cessation of support for critical components. IT policy is organised around coping with these problems instead of focusing on sustainable alternative solutions. And solving or mitigating these problems requires so much time and money that there is often little left over to plan further ahead. Thus, in many organisations the perfect vicious circle has existed for so long that many IT people can not even see it.

An important point here is that Windows 8 is only a disaster for those who buy it and those who are unsuccessfully trying to sell it. For the rest of us, it is irrelevant. So if you use a Windows7 PC, Mac or Linux machine, is very easy to just let all this misery pass you by. After a disastrous version of Windows is released, another (slightly less) catastrophic version (think ME/XP or Vista/7) will follow, and for those who still genuinely believe that they need a Microsoft operating system, they merely hope that a half-decent version will come along in a few years.

Organisations that (virtually) no longer have platform-dependent applications because they have (to) provide a web interface, have no reason at all to even think about purchasing proprietary operating systems. Organisations that do use these applications are better just sticking with earlier (already purchased) versions of MS Windows, so that all interfaces remain compatible and end users can continue working in their familiar environment. The IT department’s resulting spare time and money can be used to break the vendor lock between applications and platforms.

Most application vendors are now thinking about web interfaces, or APIs for tablet apps (even if it is just to keep company directors happily playing with their iPads). Application vendors who are not yet doing this should understand that in times of tough cuts IT euros can only be spent once, either with them or with Microsoft. Seems an easy choice, right? Fortunately, even company-specific applications do not last forever and when the time comes where there is something new to choose from it is useful to calculate the TCO of applications by including the underlying infrastructure costs (licences, management, security), and compare this to the TCO of applications that do not have such dependencies. Conversely, you can also say to your hoster: “I do not care what platform you run my applications on, but what would I have to pay you if it is an open source stack?”. A little negotiation is always possible in a stagnant market.

As with Vista, the main victims of Microsoft’s iPad-wannabe software are the basic PC consumers – those who buy a PC or laptop from a retailer and get a machine with a pre-installed disaster. In the coming years many IT professionals will have to deal with family, friends and acquaintances crying down the phone because they cannot find or use their favorite or essential PC applications. It will be Vista revisited. Do your friends a favour and downgrade them to Win7 if needed or upgrade them to Ubuntu if possible. The main reason why home users still want Windows is for gaming. Fortunately, people have worked hard on alternatives, including by previously mentioned former employees.

Although I dislike the iPad because of its extremely locked-down platform, tablets (with the first iPad) have presented to non-techies, for the first time in 20 years, a completely different platform to the Windows PC. So for the first time in aeons there is a widespread discussion about possible alternatives. Once we take that mental step, we open the way to discuss IT policy that really starts with the question of how best functionality is achieved at the lowest possible cost (which may also lead to discussing the underlying platform).

If Microsoft’s profit margins on the Windows/Office combo are cut back to 20% (it is currently 60-80%) the TCO figures will be more reasonable. Like IBM, over the years Microsoft will become an ordinary business providing rather boring-but-sometimes-necessary products at more normal profit margins. And that, except for the shareholders, is not a disaster.

Update: in the week after publishing this column a few dozen Dutch governments organisations promptly made my point with the total loss of network functionality from a nasty Windows virus. The infection is still going on and the dataloss and privacy implications of the breach is still being investigated. many sysadmins have been working overtime to contain the problem. Of course there will be another one of these six months from now and so on and so on. This has been going on for years.

Cybercrime; prevention vs. repression

March 15, 2012

Author: arjen

<originally a Dutch Webwereld.nl column>

Cybercrime and cyber-warfare are currently the trendy terms the government throws around to acquire additional laws and powers. If it can also link cybercrime to the distribution of images of child abuse (also known as child pornography), the government has hit political pay dirt and can do pretty much what it wants. What continues to puzzle me is how all this focus on the distribution of such images actually protects the child victims themselves.

Bart Schremer published his opinion piece recently, providing an overview of the issues that law enforcement agencies are facing. On the one hand society (or at least the media) expects law enforcement to solved all crime immediately, preferably on a modest budget. On the other hand most Dutch people would still prefer to avoid a police state along the lines of the North Korean or American model.

But in all discussions on permissible methods of detection, hacking police officers and crime-fight-using politicians is missing, is why cybercrime has grown so enormously. The fact that our reliance on IT is increasingly complex will certainly have contributed. But one other important factor is the huge digital illiteracy among the vast majority of citizens. Aside from some half-hearted campaigns, the government has done little to teach citizens anything of real use or value.

If you have been online for a while (ie more than 15 years), it is difficult to imagine that many Internet users today do not know how a URL is constructed or what is does – and with today’s browsers you don’t need to know. I often see people typing the name of a site into Google (which is set as the homepage) and then clicking on it. And so, without batting an eye, they click their bank details through to helpdesk.br.ru/ING, or something similar. Just because the logo was in the mail, is it still the help desk of the ING bank? If people could understand the difference between a top level domain and the rest of the URL, they could probably work out for themselves if the ING bank is really based in Russia.

One of the main causes of the proliferation of cybercrime is the profound ignorance of most computer users. This ignorance is partly caused by an education system that teaches handy computer tricks rather than real understanding. The "computer licence" is simply a course in MS Windows & MS-Office and provides no insight whatsoever into what a computer actually does or how networks function. Not that everyone needs to be a system programmer, but ensuring a bare minimum of understanding  (such as the ‘reading’ a URL) could avoid so much pain.

In addition, the vast mono-culture of computer systems is a major problem that the government is actively propagating. Thus, in the Netherlands, it is virtually impossible to finish high school without access to a system with MS-Windows and MS Office. Running a school  and getting it funded is even harder. Studying at many universities without a Google account is rapidly becoming  impossible, and a Facebook account is required to function in other institutions

The Lower House listening to the arguments, noted in 2002 that “software playes a crucial role in the knowledge society, and that the supply side of the software market at that time is highly monopolised.” It asked the government to fix this

These are the first sentences of the 2002 Vendrik Paralimentary Motion on the dysfunctional desktop software market. But this malfunctioning market aspect was soon forgotten in many discussions about various open standards and what open source web-system really is the best. But it did focus so primarily to a disturbance of the software market, not the internal management of secondary schools, municipalities and other public sector agencies

A lot of hot air is wasted discussing nebulous cloud systems, but interaction with these clouds still occurs primarily via desktop/laptop systems. And the market for these systems remains almost as monopolised as in 2002. Whoever has control over these desktops, has de facto control over most information processing in the Netherlands. To date mostly criminals seem to be interested in our desktops. And because the desktop landscape of the Netherlands is an extreme software mono-culture, and this makes us vulnerable, and yet for the last ten years the government has done virtually nothing to reduce this vulnerability

Meanwhile the role of IT in the minute-by-minute functioning of our society has greatly increased in recent years. What about hospitals, ports, airports, schools, police stations, and ambulance dispatchers? All of them can only function with working desktop PCs. And those PCs are often running Windows without the latest updates. Criminals or foreign cyber armies can take over these systems, gain a stranglehold on our society and unlike rumbeling tanks we would only figure this out after it was already done (or even much later than that).

If cybercrime and even cyber-warfare were really so vitally important, it would be logical for the government to institute a computer education that really teaches, to dismantle of our software mono-culture, and reduce our high dependency on foreign service-providers. Real advances in these areas would make so much more sense than abrogating yet more power to a government that displays ever more totalitarian tendencies and, at the same time, highly questionable competence.

Update, while writing this column a criminal (presumed to be from Russia) made my point by infecting 100.000 computers via a java vulnerability and a hack of the Dutch news website nu.nl around lunchtime. All infected computers ran MS-Windows. More details in the post-mortum rapport of Fox-IT.

It’s a trap!

September 5, 2011

Author: arjen

<originally a Dutch column for Webwereld>

What is a document? It started as a flat piece of beaten clay, onto which characters were scratched with a stick. 8000 years later it was found and after years of study, archaeologists concluded that it said: ‘You owe me three goats”. ??

Through papyrus and parchment scrolls we arrived at mass production of paper and book printing in Europe in the 15th century. Our sense of the nature of a document is still derived from this previous revolution in information capture and distribution. When computers became commonplace as a tool to create documents, there was therefore a strong focus on applications to produce paper document as quickly and nicely as possible. The creation had become digital, but the final result was not fundamentally different from the first printed book in 1452.

Most word processors in use today cling to this concept. There are hundreds of functions for page numbering, footnotes and layout to achieve a legible final result – on paper. Many IT tools around the management and access of documents are directed to the concept of a digital document as a stack of paper. Ready to print for ‘real’ use. The modern ways of working together for various reasons no longer apply to a paper-oriented way of recording and distribution. Paper is static, local, and now much slower and more expensive to transport than bits. It is this combination of restrictions has led to new ways of creating documents where both the creative process and the end result is digital. A famous example is Wikipedia, the world’s largest encyclopaedia with millions of participants continually writing and rewriting about the latest insights in technology, science, history, culture or even the biography of Dutch folk singer Andre Hazes.??

In this new form a document is a compilation of information at an agreed place online. The URL is the document.

Most editors show their age not only by focusing on paper, but also by focusing on the concept that documents provide a discrete all-in-one storage medium. Word processing began before computers could communicate naturally through networks, and that legacy continues to shape the concept of a digital document.

From the binary formats of Wordstar (.ws), via WordPerfect (.wpd) and Microsoft Office (.doc), we are now using XML-based formats such as ODF and OOXML. The original purpose of the ODF was to break the stranglehold of the Microsoft binary .doc format, which was changed regularly and was therefore was difficult to support on systems other than Microsoft itself. Of course, that was exactly the intention. Once you acquire market dominance, why would you be interested in whether other systems are  compatible with you when this gives you the competitive edge and profit margins of 65%?

To my amazement yesterday I read this report of a workshop designed to make OpenOffice compatible with the proprietary version of Microsoft’s OOXML file format. The operational wish for individual OpenOffice users to be compatible with .docx is understandable, as they are a minority in a landscape totally dominated by Microsoft Office, which now saves documents as .docx. If you choose not to use MS-office (for whatever reason) it can be a daunting task to save and read a document. Most users of word processors are unaware that, by using this format, they are making the lives of the minority difficult; they merrily continue to send out this digital asbestos.

For clarity, the .docx version of OOXML is not the same as the ISO version of OOXML – .docx is a proprietary file format, OOXML ISO is a standard. The certification of the ISO standard was itself nearly destroyed during the voting process by bribery and intimidation. The ISO standard has not been implemented by anyone yet, including Microsoft itself.

Solving problems of adoption of OpenOffice by pursuing the proprietary file formats of your opponent seems to me a disastrous path to go down. In the same way as .doc, the .docx format can be subtly changed with each version and servicepack ‘upgrade’ to avoid 100% compatibility. After all, actively tinkering with proprietary software to block alternatives not a new concept for Redmond.

Microsoft survives primarily on Windows and Office licences, even though it has doggedly been trying to conquer other markets such as mobile telephony.  It would be rather naive to assume that such an organisation, with such a history, will sit back quietly while its cash cow is dismantled.

If the predictions about digital documents are true, it means we need new ways of working along with new tools. Page numbering and footnotes are irrelevant in hypertext in terms of the document-standard. Since the majority of documents produced by most users in most organisations are no longer than 1-3 pages and are usually using templates, a browser with plug-ins would be sufficient. This means that PCs are less important for the end users, who increasingly work just as well on a tablet. Tablets are very different to Pcs, but that is no barrier to rapid adoption. Contrary to popular claims, ‘different’ is not a problem if it is also sexy.

Aping your opponent is never a good idea. As a great strategist once said long ago (in a galaxy far away)::it’s a trap!

 

Unsuitable

July 7, 2011

Author: arjen

<originally a webwereld column in Dutch>, <also on HuffPo UK>

Over nine years ago, I was talking to Kees Vendrik <Dutch MP) about the broken Dutch software market. Not only was it impossible to buy a top brand laptop without buying a Microsoft Windows licence, it was also impossible to visit many websites (municipalities, Dutch railways and many others) without using Internet Explorer. The latter area has greatly improved and I can lead my life using my OS and browser of choice. Only occasionally do I have to just swallow a Windows licence when buying a new laptop. Not much has improved in that area. Our national dependence on products such as MS Office has not really diminished either, despite all the wishes of our Parliament and its related governments policies.

Meanwhile, the technological seismic shift that frightened Bill Gates so much back in ’95 (the web makes the operating system irrelevant) is fast becoming reality. Almost all new developments discussed by IT power players and specialists are web-based or based on open specifications and the most commonly used applications are running quite well as service in a browser.

So while the 15-20 year old problem of software dependency is not yet solved (our government, with its tens of thousands of IT workers, is  still unable to wean itself off the familiar Microsoft technology stack) its impact is becoming less relevant. Meanwhile, new dependencies based on cloud providers are promising to be even more detrimental.

While excessive use of proprietary software creates the risk of foreign manipulation and potential attacks on critical infrastructure (eg Stuxnet). But at least if your systems are attacked in this way, there are some ways to track this. If you are working on the computer that does not belong to you, that is based in a foreign country and is managed in ways you cannot know,  it will be very difficult to have any control over what happens to your data.

The old assumption, that using local servers could be part of the solution, seems unfortunately to be an illusion. All cloud services offered by companies based in the US are subject to US legislation, even if the servers are physically in another country. And US law is now somewhat, shall we say, problematic. With no evidence, but with an allegation of involvement in "terrorism", systems can be closed down or taken over – without any warning, or the possibility of adversarial judicial review. The term ‘terrorism’ has been stretched so far in that anyone who allegedly breaks US law, even if they’re not a US citizen and even if they’re not in the US can still a deemed "terrorist", just on the word of one of the many three-letter services (FBI, CIA, NSA, DIA, DHS, TSA, etc.). The EU is not happy about this but does not want to go so far as reccomending its citizens and other governments to no longer use such services.

The long arm of the US Patriot Act goes even further than merely the servers of US companies on European soil. Thus domains can be "seized" and labelled: "this site was involved in handling child pornography". Try explaining that as a business or non-profit organisation to your clients and (business)partners. Just using one .com, .org or .net extension as your domain name now makes you liable under US law. All Europeans can now be seized from their homes for breaking US law. So a .com domain name makes your server effectively US territory.

We were already aware that proprietary platforms like Windows and Google Docs were not suitable systems for important things such as running public or critical infrastructure. However, now it turns out, that every service delivered through a .com / .org / .net domain places you under de facto foreign control.

Solution? As much as possible, change to open source software on local servers.  Fortunately there quite a few competent hosting companies and businesses in the Netherlands and Europe. Use local country domains like .nl/.de./.fr or, if you really want to be bullet proof, take a .ch domain. These are managed by a Swiss foundation and these people take their independence seriously. Wikileaks today is running on wikileaks.ch after its domains such as .org got a one-way ticket to Guantanamo Bay.

If you still want to use Google Docs, Facebook, Evernote, Mind Meister, Ning.com, Hotmail or Office 365 – please do so with the awareness that you no longer have any expectation of privacy or any other form of civil rights. Good for the administration of the tennis club but completely unsuitable for anything that really matters.

Doctor, doctor …

March 15, 2011

Author: arjen

<webwereld column>

Actieplan Heemskerk

A MP stumbles, coughing, into the doctor’s surgery. There is blood pouring from the ears and nose and left eye. “Doctor, doctor, I’ve just had a bad fall and I think I’ve broken my wrist” gasps the MP. The doctor has a look and briefly feels the pulse. “Does that hurt?” “A little bit” mumbles the MP. “I don’t think it’s that bad” says the doctor. Unfortunately I can’t check it today as the digital X-ray machine is broken”. The MP is swaying back and forth. “It’s probably just a bruise, the nurse will give you a sling. Take it easy for a couple of days and come back if it’s still painful.”  The MP staggers out of the surgery, still bleeding from the ears, nose and eye. The doctor is already focused on the file of the next patient, because doctors are very busy.

The process described above resembles the way the Court of Audit went about answering MPs questions about our national IT strategy. The MPs asking those questions were not experts and the Court provided simplistic answers without providing any context or stopping to consider whether the symptoms might be part of a broader problem. The newly-published report failed to respond  even to the superficial questions and, moreover, based its answers on minimal data.  Which is a disgrace, as it is precisely the role of the Court to delve into the deeper issues.

Instead of focusing on the 88 million euros spent on licence fees (less than 1% of the total annual licence expenditure), the Court could and should have explored why a different approach can work in other European countries, but fails in the Netherlands. Is this country really so different from Finland, Germany, France or Spain? As their colleagues in the Central Planning Bureau had done in 2009, the Court could have produced its own qualitative analysis of the macro-economic effects of large-scale, open source implementations. This as a viable alternative to  annual imports totalling of more than 8 billion, primarily from the USA. The macro-economic demand alone is relevant since the VAT and profit tax of this trade ends up predominantly in the Irish treasury, because of inter-EU trade regulations.  (I ‘m not necessarily against bailing out Ireland but this can surely be done more efficiently). Also the figures of the 2004 SEO study are still current enough to be indicative for order of magnitude estimates.

As one of the ‘experts’ consulted by the Court, I am very disappointed by the minimalist approach it took. But perhaps I shouldn’t have been surprised – after all, in a previous report, the Court had also dithered, even after they had determined the government really had no insight whatsoever into its own IT spending. It is beyond me why a subject such as IT, where so many aspects can go so terribly wrong, is not more thoroughly and strategically overseen. In my written input to the Court last year I proposed several clear ways to frame the fundamental questions. For those who, like doctors, are very busy here is a summary:

Dear MPs, the Netherlands is a modern western country with access to the same knowledge, technology and IT budgets as Germany, France, Spain and Finland. Today all these countries  have already achieved widespread adoption of open source and open standards in government. The work of the Dutch government is also very similar to these countries – certainly generic aspects such as office automation. So, eight years after the original and unanimous vote by parliament, surely the only reason that the Netherlands cannot implement this policy is our administrative culture and our Atlanticist political orientation. There is certainly no fundamental reason why the results of the other countries I mentioned cannot be replicated in the Netherlands, particularly because those same countries have already done all the preliminary research for us. But in recent years potential obstacles for migration have been elevated to norms, rather than being correctly identified merely as part of a problem to be solved.

Parliament should no longer accept high dependence on a supplier being invoked as an excuse for not making progress towards becoming less dependent on that supplier (as the government did in response to parliamentary questions in in 2004, 2006 and 2008). The high dependency is the problem that must be solved, not an immutable law of nature where IT departments are the powerless victims.

Parliament should no longer accept the acknowledged lack of technical and organisational expertise of the 60,000 government IT professionals (and its suppliers) as a valid excuse for the lack of progress. It is implausible that the Dutch state cannot find the requisite skills to replicate the results of its European neighbours. Any IT staff and management found lacking in the necessary skills to carry out the very reasonable requests from parliament should be retrained  or replaced. Incompetence is grounds for dismissal, not a valid excuse to refuse to do the work.

Of course there will be problems in unravelling this gigantic Gordian knot, created by decades of accumulated proprietary software. But the most frequently cited excuses for not making a start with OSS and OS are similar to those used by asbestos manufacturers: "yes, but it is handy", "we have been using it for so long", "we are comfortable with it", "we know nothing else". All factually correct statements, of course, but certainly not valid excuses to prevent us from finding an alternative solution.

If the government had started making these changes way back in 2002, as parliament voted to do, the cutbacks we’re now suffering in education and health care would have been more than covered.

On this issue, the Netherlands seems  to have been reduced to providing the frightening role for the rest of Europe on “how not to do it….”. Too bad.

Parliament’s questions to the Court of Audit

December 4, 2010

Author: arjen

Actieplan HeemskerkPreamble
The Lower House of the Dutch Parliament has asked the Court of Audit to investigate the problems and opportunities related to the adoption of open standards and open source software for the government’s information systems. The Court has invited various experts to give their views. This blog post is my contribution.

The questions are being asked to the highest supervisory body of the country, rather than the departments responsible for implementing this policy – the Ministries of Home Affairs, and also Economic Affairs, Agriculture & Innovation – eight years after the government’s first unanimous vote on this issue and the expenditure of about 5 billion euros on licensing fees. The impression given to the outside world is that Parliament is not impressed with the progress of the last eight years and believes that the relevant government departments could benefit from the external scrutiny of a neutral and objective body.

Each of the following five questions implies a series of unspoken assumptions. In order to answer the questions, it is necessary to identify and, where neccesary, challenge these underlying assumptions in order to reach a sensible answer.

The five questions
Here are the answers to the questions raised by Parliament. There is so much interdependence that subsequent responses will sometimes refer back to earlier parts.

“You cannot solve a problem with the same thinking that created it”

1.What possibilities and scenarios exist for the reduction of closed standards and the introduction of open source software by the central government (ministries and related agencies) and local authorities?

The Netherlands is a modern western country and has the same access to knowledge, skills, technology and comparable budgets for IT as Germany, France, Spain and Finland. It is a fact that all these countries have already implemented large-scale adoptions of open source and open standards in government. The implementation requirements of the Dutch government are also very similar to these countries. The reason that The Netherlands has not moved further in this area, eight years after the original, unanimous Parliamentary vote, can therefore be attributed to nothing more than the administrative culture and our Atlanticist political orientation.

There is no fundamental reason why the achievements of these other countries cannot be replicated in The Netherlands, especially as the  groundwork has already been done. Barriers to migration have often been treated as immutable laws of nature rather than just a problem to be solved.

  • Parliament should no longer accept that a high dependence on one supplier is an adequate excuse not to move away from that very dependency (as the Cabinet did in response to parliamentary questions in 2004 and 2006 and 2008). The dependency itself is the problem that must be addressed, not an enshrined principle that IT departments must endure.
  • Parliament should no longer accept that the acknowledged lack of technical or organisational knowledge amongst the 60,000 government IT professionals (and their suppliers) is an excuse for the lack of progress. It is implausible that the Dutch government is incapable of replicating the successful work of its European counterparts. Any governmental IT or management staff who do not have the requisite skills to carry out the very reasonable requests of Parliament should be replaced or retrained. Incompetence is grounds for dismissal, certainly not an excuse for refusal to do the necessary work.
  • Intrinsic motivation works better than coercion. Administrators and IT staff who understand the wishes of Parliament can embrace it with real conviction and are likely to want to produce better results than those who only work under duress.  Such an approach will select and promote suitable people to the right jobs. The staff whose policies and  behaviour have caused our current problems are probably not going to the ones who find the necessary solutions.
  • The link between HR and remuneration policies for IT professionals and achieving technical certification related to proprietary software from a handful of suppliers must be completely severed.

“When you find yourself in a hole, stop digging”

2. What part of closed standards and software can be replaced by open standards and open source solutions and what cannot?

This question has yet another unspoken assumption: that central government has a realistic oversight of all systems, applications and related standards. It does not. As a result, questions about the number of systems that can be replaced are very hard to answer and have little relevance to achieving lower costs and greater independence in the foreseeable future – primarily because of the very large differences in costs that are associated with different standards. The government would do well to focus on the most common, generic issues, for which proven alternatives already exist. The original 2002 Vendrik Parliamentary motion already asked for this.

Key points to identify: what are the most expensive closed source areas where functional open source alternatives already exist and are already being used successfully elsewhere? What are the closest functioning areas that can result in successful migrations?

Migration plans should be drawn up in these areas as a matter of high priority – and this means halting or delaying other projects that may block these migrations and accelerating projects that play a supporting role.

For instance, in 2005 the former Ministry of Economic Affairs produced a document management system which has made it virtually impossible for years for the Ministry to use other web browsers, word processors or desktop operating systems. This is particularly surprising as, in 2004, the government itself announced that such closed systems in the work environement were harmful and undesirable, and were therefore going to be actively addressed as per the wishes of Parliament.

A current, concrete example within national government is the introduction of SharePoint. There is a significant risk that this investment, once made, will be (ab)used yet again as an excuse not to migrate to open and available alternatives. That would take us up to 2016 (14 years after the initial Parliamentary decision!) before any real work could begin on migration.

“Not everything that can be counted counts, and not everything that counts can be counted.”

3.What are the current costs? What are the predicted up-front and structural costs costs of moving from closed standards and the introduction of open source software? What are the projected savings?

NL software importThe Dutch government currently spends about one billion Euros on proprietary software licences annually.  These licences are mainly foreign, and the income tax and VAT on this expenditure flows into the Irish exchequer, because most European branches of American software companies are based there. The total Dutch expenditure is eight times more. Both governmental and general software expenses grow by about 10% per annum and are therefore unsustainable.

A significant portion of these annual costs can be saved or ploughed back into the local economy through Dutch SMEs, and so this cost will be an investment in the Dutch knowledge economy. With the government as the leading customer in this new market structure, it is feasible that The Netherlands could save billions per year.

In addition to these direct costs, various indirect savings could increase this amount many times over: the costs of management and security for vulnerable mono-cultures; the cost of merging old legacy systems and new applications; and social costs caused by security failures and easily avoidable software security problems. Every month there are Dutch hospitals whose primary processes are severely disrupted by computer viruses – a direct result of monoculture.

Moving beyond the financial, it becomes more difficult to quantify the social impact of the high dependency level of Dutch society on certain foreign, privately-owned companies.  However, if more than 80% of the PCs in The Netherlands can be remotely controlled or even switched off, what does that say about Dutch national sovereignty? Is it politically acceptable for foreign software suppliers or government bodies to have an On/Off switch for ministries, municipalities, police, hospitals, water works, supermarkets, schools etc…?

“The best moment to plant a tree is 25 years ago, the next best moment is now.”

4.How would the reduction of closed standards and the introduction of open source software be realised?

With not only the right mandate (which Parliament actually voted for eight years ago!), but also the right expertise significant results are attainable within 24-36 months. This requires making this area a priority issue and a break from the old attitudes, excuses and methodologies of recent years (see answer to question 1). Successes abroad can serve as templates for our projects.

One area where we could make a rapid start would be primary education. Currently we are actively strengthening existing monopolies via this sector with public money. If by 2011/12 the first two years of primary school use open systems and then a higher class is switched each year, The Netherlands will have the first generation of citizens who are trained in vendor-neutral systems entering the workforce in 12 years, easily capable of working with multiple systems and applications. De ‘Rosa Boekdrukker’ primary school in Amsterdam clearly shows how this can be done.

Dutch hospitals in The Netherlands could follow the example of the Antonius Hospital in Nieuwegein.  Many other hospitals can share in this success.   And because it’s already been shown to work, the risks and costs for the next 100 hospitals are much lower.

It will take at least a decade before the full potential of open source and open standards can be utilised.

“Go out on the limb, that’s where the fruit is”

5. Beyond the cost, what other advantages, disadvantages, risks and opportunities should the Court of Audit factor in? What conditions must be met to make possible the implementation of open standards and open source software?

Benefits & Opportunities

  • Savings of billions per year in direct costs for all citizens and IT-using organisations in The Netherlands.
  • Redirecting a stream of funds from Ireland / USA into Dutch society as a huge and permanent investment in our knowledge economy.
  • Government investment in software will result in free, reusable software and knowledge available to our whole society, rather than controlled by privately-owned and usually foreign companies.
  • Security is strengthened through greater diversity of IT, competition, and the possibility of custom code audits.
  • National sovereignty is reinforced when the government has complete control over its systems.
  • General IT competence will dramatically improve, ensuring fewer spectacular and expensive failures such as the 2006 ‘Walvis’ Tax project, national medical records, public transit chip cards and, most recently, the new police system to name but a few.

Disadvantages and risks

  • The current, fragmented IT policy of the Dutch government means that a thousand little fiefdoms may need to be broken up.
  • The apparent lack of skills amongst IT management may have consequences for personnel. No doubt there will be resistance.
  • Significant investment is probably needed in re-training government IT professionals.
  • Angry phone calls from Washington DC when the flow of licensing money is shut off.

Preconditions

  • See answers to question 1.
  • Be realistic about the positioning and motivation of software companies. Companies seek to maximise profits, control markets and will therefore exploit any leeway that the government offers them. We do not invite the turkey to discuss the Christmas dinner. Therefore why do we accept “advice” from software companies and their interest groups about the best software strategy?
  • We need to break away from the idea that  extensive outsourcing is necessary, effective or desirable. The raison d’etre of government is to justly serve the legitimate needs of its citizens; it should therefore have detailed and inherent control over information systems. Stop the corporate-speak and ‘playing business’ by civil servants. Government is not a business, nor should it pretend to be. Outsourcing the control of information processing systems is contrary to the very principles of a democratic state for exactly the same reasons that outsourcing the military forces or the judiciary would be.
  • Make a clear distinction between political and administrative goals and the means of achieving them. Cutting costs can be realised in many ways, regaining national sovereignty in only one.
  • As long as desktop projects implemented under the guise of “efficiency through economy-of-scale” result in each desktop costing 6600,- Euros per annum, this kind of bullshit-bingo is completely risible. Keep IT managers and other decision makers who don’t know the difference between desktop-standards and a "standard-desktop" away from such projects.

Cloud computing, from the frying pan into the fire

October 17, 2010

Author: arjen

In a recent column (Dutch), Frank Benneker of Amsterdam University explored the consequences of the rapidly growing use of cloud computing. The shift of computer applications from PCs and servers to a single "service" provided through a worldwide network is probably as fundamental a shift as the earlier one from mainframe computing to PCs.

Given the objectives of the Dutch Open standards and interoperability policy plan, cloud computing seems the quick and easy-to-implement solution: I hear Web 2.0 enthusiasts say “put everything on Google Docs and we are all interoperable”. But just as in the case of the "liberation" of PCs from mainframe managers/suppliers, there are problems with cloud computing – potential snakes in the grass.

In December 2004 the Dutch government decided that the dependency on dominant software providers was a problem and had to be addressed. The Dutch action plan from 2007 was the first, tentative step in dealing with this.

The Dutch government wants to use open standards for interoperability, and open source to foster independence, lower costs and strengthen local development (services instead of licences). Open standards are fundamentally essential for interoperability. The Dutch ‘standard’ government desktop plan demonstrates to governments that interoperability can also be achieved with an imposed, top-down mono-culture. Give everyone the same software, and information can be conveniently exchanged.

However, the price of a mono-culture is high, both directly in money and in less quantifiable aspects such as security problems and an extreme dependence on a few foreign private companies. The latter is especially difficult to reconcile with the idea of a sovereign nation and a government that is democratically accountable. Surely our governments would wish to avoid relying on foreign companies to control the connectivity of our information databases in some nebulous “computer cloud”?

The crucial point is that even in this cloud, the hardware does not belong to the government nor is it possibly even on Dutch soil. The hardware can be located anywhere in the world, and therefore subject to multiple legal regimes beyond the Dutch government’s control (or indeed, accountability).

Much of the Web 2.0 knowledge for the Dutch government and discussions about this are held on ning.com servers, and the consensus is that it would be pretty difficult to migrate away from there. Even NOiV, the Dutch open standards and opensource implementation bureau also holds regular discussions on LinkedIn instead of its own XWiki environment. It is only natural that people use what they know. However, bearing in mind not only the objectives of the Policy Document, but also the various Parliamentary Motions on the subject and the earlier decisions of the government itself, cloud computing is a major IT problem. To expect cloud computing to rid us of the issue of  “lock-in” that has been a problem for the last 20 years creates a classic example of ‘out of the frying pan; into the fire ‘.

Our current problems arise from not foreseeing the long-term consequences of our IT choices. We need a separate government IT programme to ensure the freedom of choice that we see as entirely natural in other markets. Unless the cloud computing servers are on Dutch soil and we have access to the code under an open source licence, we shall only go from bad to worse.

The Free Software Foundation has the solution for these problems, a distributed cloud that we can all access. Servers that provide free software designed to guarantee our digital freedom. After all, this is the original intention of the Internet: all equal players in their own cloud.