German Foreign Office Dumps Linux

PogMoThoin

In response to a question on "the use of open source software in the Foreign Office and other Government departments" submitted in parliament by the SPD (Social Democrats, the main German opposition party), the German government has confirmed that the German Foreign Office is to switch back to Windows desktop systems. The Foreign Office started migrating its servers to Linux in 2001 and since 2005 has also used open source software such as Firefox, Thunderbird and OpenOffice on its desktop systems. Mobile systems use a Debian GNU/Linux based Linux and office PCs are configured with a dual Windows / Linux boot.

Back in 2007, the Foreign Office's IT department regarded the use of open source software on servers and desktop systems as a success story. IT costs per workspace were reported to be lower than in any other government department, despite the demands imposed by running a high security, globally distributed IT infrastructure. The use of Linux desktop systems in the Foreign Office also acted as a beacon for the use of open source software in other government departments.

Now the Foreign Office is back-pedalling. The government's response to the SPD's question states that, although open source has demonstrated its worth, particularly on servers, the cost of adapting and extending it, for example in writing printer and scanner drivers, and of training, have proved greater than anticipated. The extent to which the potential savings trumpeted in 2007 have proved realisable has, according to the government, been limited – though it declines to give any actual figures.

http://www.h-online.com/open/news/item/No-more-desktop-Linux-systems-in-the-German-Foreign-Office-1191122.html

Johnboy1951

The reasons for the decision seem to be well hidden so far.

open source has demonstrated its worth, particularly on servers, the cost of adapting and extending it, for example in writing printer and scanner drivers, and of training, have proved greater than anticipated.

They have been using it since 2007 on desktops.
Maybe they have not printed or scanned anything since then and now need to write drivers?
Why, wonder I?
Is that not the job of the device manufacturer?

So now it seems they will go back to XP and then upgrade it ..... wonder what the training and such will cost for that.

They have used Open Office since 2005.
Now they will buy licences for MS Office apparently and retrain their staff ... at no (immediate) cost it seems.

Based on the info provided, it is a strange decision indeed .........

croo

I agree with johnboy, there is always more to these stories than meets the eye... MS would seem inherently less secure if for no other reason that you can never check the binary code and ensure nobody has installed some "special code". And if you have already spent the money on the conversion, even if it cost more than you expected, it's done... how can it be cheaper to convert back. No, there are a potential myriad of political reasons and I very much doubt we've be given the full story.

On a good note... I was at an EU/Enterprise Ireland sponsored conference on Open Source in Business back Oct/Nov period and there were two County managers (Waterford & Limerick I think) there who said Ireland had dropped its enterprise licensing agreement with MS. Primarily because of the cost & complexity of managing the CALs. They had shifted the servers to Linux an nobody noticed and now they were looking to the desktops... was the gist of their presentation.

professore

There's less scope for extracting bribes from vendors with with Open Source ....

Johnboy1951

croo wrote: »

I agree with johnboy, there is always more to these stories than meets the eye... MS would seem inherently less secure if for no other reason that you can never check the binary code and ensure nobody has installed some "special code". And if you have already spent the money on the conversion, even if it cost more than you expected, it's done... how can it be cheaper to convert back. No, there are a potential myriad of political reasons and I very much doubt we've be given the full story.

On a good note... I was at an EU/Enterprise Ireland sponsored conference on Open Source in Business back Oct/Nov period and there were two County managers (Waterford & Limerick I think) there who said Ireland had dropped its enterprise licensing agreement with MS. Primarily because of the cost & complexity of managing the CALs. They had shifted the servers to Linux an nobody noticed and now they were looking to the desktops... was the gist of their presentation.

Thanks I had not heard about those servers moving to Linux .... seems to have been done properly if no one took any notice

Oracle

I suppose MS offered them free server/desktop licenses to switch back. Great, until the next buggy Windows/Office release comes along .... then its kerching .... kerching ..... kerching ....

kippy

This is almost definetly a political based decision.
Have Microsoft a base in Germany - perhaps they offered to create more jobs there rather than somewhere else if they moved back to windows.
I would not be surprised because of such motives.

ishotjr2

Hi

Maybe this is OT but read the posts.

Just wondering why this the below true.

"MS would seem inherently less secure if for no other reason that you can never check the binary code and ensure nobody has installed some \"special code\"."

Surely you can
1) Do an MD5 of the binary and compare
2) See what DLLs (using depends) its loading and if its anything odd.
3) ProcessMon/WinDbg are a great tools, You can filter on the file opens or sockets to see what the process is doing.

Agreed for the above you need to know what you are doing and rootkit analysis is a indepth topic. But some of the above is done by AV vendors. Which on linux you do not need to do cause you have already invested in the learning cuve.

For what its worth:
I started being a very strong advocate of BSD, then linux became popular and packages were harder to port to BSD so moved to that. Now after over 15 years I am back to windows for some stuff. My opinion is different tools for different jobs e.g. I would never use MS 2003/2008 as a web server, too much debugging. And I would never give linux to a person for a desktop who was not interested in computers and hense willing to invest in the learning curve.

croo

ishotjr2 wrote: »

Just wondering why this the below true.

"MS would seem inherently less secure if for no other reason that you can never check the binary code and ensure nobody has installed some \"special code\"."

Surely you can
1) Do an MD5 of the binary and compare
2) See what DLLs (using depends) its loading and if its anything odd.
3) ProcessMon/WinDbg are a great tools, You can filter on the file opens or sockets to see what the process is doing.

MD5 can ensure you have downloaded the binary intended, but unless you can view the actual source code you do not know what that binary code is doing! And there are so many reasons why code might be injected; a sole developer planting a backdoor, a company looking to benefit itself (like MS coding the original windows to randomly crash when used with a DOS other than theirs!), a state wanting to keep tabs on their citizens or others.

Many software companies will show you the code, but software solutions are now so huge & complex that unless you have a lot of resources with very specific skills you cannot review to the same extent that opening the source code to world to verify (a variant of Raymond's Cathedral & Bazaar argument).

Am I being paranoid?
Let's not forget the Vodafone software on their Greek installations was compromised to provide unfettered access to eavesdroppers - to whom & for what purpose we know not.
Way back in in the early 00s, the EU Offices were found to be bugged and it is suspected this occurred during the actual building... again there was no mention of who did this and it's not software related but if you have the resourced to accomplish this you have the resources to place some developers in the right locations to infiltrate at the very source!

But even so perhaps I am being paranoid... but why take the chance when you don't have to?

Capt'n Midnight

ishotjr2 wrote: »

"MS would seem inherently less secure if for no other reason that you can never check the binary code and ensure nobody has installed some \"special code\"."
...
My opinion is different tools for different jobs e.g. I would never use MS 2003/2008 as a web server, too much debugging. And I would never give linux to a person for a desktop who was not interested in computers and hense willing to invest in the learning curve.

Big customers can access M$ source code. It's not easy and there are lots of forms to fill in etc. By big I mean someone like UK MOD wot has nukes and stuff.

Otherwise you have to trust that there aren't any easter eggs in the software. And that the company won't hand over info to their government. The Isrealies won't comment. The US have echelon and other intel used for commercial purposes.

The temptation to a third party to put a backdoor in or even view the source code of something like word is probably a lot. I'd be suprised if there weren't sleepers for many government agencies working in many of the big software companies.

Cool Mo D

croo wrote: »

MD5 can ensure you have downloaded the binary intended, but unless you can view the actual source code you do not know what that binary code is doing! And there are so many reasons why code might be injected; a sole developer planting a backdoor, a company looking to benefit itself (like MS coding the original windows to randomly crash when used with a DOS other than theirs!), a state wanting to keep tabs on their citizens or others.

Many software companies will show you the code, but software solutions are now so huge & complex that unless you have a lot of resources with very specific skills you cannot review to the same extent that opening the source code to world to verify (a variant of Raymond's Cathedral & Bazaar argument).

Am I being paranoid?
Let's not forget the Vodafone software on their Greek installations was compromised to provide unfettered access to eavesdroppers - to whom & for what purpose we know not.
Way back in in the early 00s, the EU Offices were found to be bugged and it is suspected this occurred during the actual building... again there was no mention of who did this and it's not software related but if you have the resourced to accomplish this you have the resources to place some developers in the right locations to infiltrate at the very source!

But even so perhaps I am being paranoid... but why take the chance when you don't have to?

Just because you have the source code, does not mean you can easily check it's doing what you think it is - for examples see the the Underhanded C Contest. It is possible that some common open-source code has subtle backdoors in it right now. It would be fairly easy for a developer to submit a patch to some open source project with a subtle flaw, like buffer overflow, which could escape notice by a code review, which they could then exploit at their leisure. Even if they were caught, it would look just the same as an innocent mistake.

The value of seeing the source code is that you can modify it yourself if necessary - it is basically impossible for any one person to have a deep understanding of a full linux distribution - a standard install of Ubuntu has about 50 million lines of code in it. In the end, security comes down to how much you trust the source of the software, it is not feasible to do it yourself, even if you are a big government agency.

Johnboy1951

Cool Mo D wrote: »

Just because you have the source code, does not mean you can easily check it's doing what you think it is - for examples see the the Underhanded C Contest. It is possible that some common open-source code has subtle backdoors in it right now. It would be fairly easy for a developer to submit a patch to some open source project with a subtle flaw, like buffer overflow, which could escape notice by a code review, which they could then exploit at their leisure. Even if they were caught, it would look just the same as an innocent mistake.

Yes .... easy to submit.

How many such flaws have been discovered after years of existence?

The value of seeing the source code is that you can modify it yourself if necessary - it is basically impossible for any one person to have a deep understanding of a full linux distribution - a standard install of Ubuntu has about 50 million lines of code in it. In the end, security comes down to how much you trust the source of the software, it is not feasible to do it yourself, even if you are a big government agency.

I doubt anyone would imply that one individual would be capable of proving out all code in a distro.

You appear to deliberately ignore the fact that there are many individuals, each with their own area of expertise, who have the facility to check open code.

So, no it is not a matter of trusting the software or an individual's competence (or good behaviour), but it is a matter of trusting that the 'collective' has a much better chance of picking up on something bad, publicising it and correcting it, than any other scheme that has so far been proposed.

Lots of things are 'possible' ...... but there is little indication that many of those 'possibles' have been successful in popular open source code.

Cool Mo D

Johnboy1951 wrote: »

Yes .... easy to submit.

How many such flaws have been discovered after years of existence?

Lots and lots of security holes have been discovered in code commited to open-source projects. The vast majority are accidental coding errors. But there is no way to tell the difference between a genuine error, and a malicious one. I would not stake my life on no-one slipping a deliberate hole into a program or library.

Johnboy1951 wrote: »

Yes .... easy to submit.

I doubt anyone would imply that one individual would be capable of proving out all code in a distro.

You appear to deliberately ignore the fact that there are many individuals, each with their own area of expertise, who have the facility to check open code.

So, no it is not a matter of trusting the software or an individual's competence (or good behaviour), but it is a matter of trusting that the 'collective' has a much better chance of picking up on something bad, publicising it and correcting it, than any other scheme that has so far been proposed.

Lots of things are 'possible' ...... but there is little indication that many of those 'possibles' have been successful in popular open source code.

The collective has a very good chance of picking up mistakes. But if some malicious member of the collective spots a mistake, it is very easy to take advantage.
There is little indication that this has happened, but could well be because it would be almost impossible to detect if it did happen.

In fact, this very thing has been seen at least once in the linux kernel: http://www.securityfocus.com/news/7388. There are many open-source projects with less scrutiny than the kernel.

Johnboy1951

Cool Mo D wrote: »

Lots and lots of security holes have been discovered in code commited to open-source projects. The vast majority are accidental coding errors. But there is no way to tell the difference between a genuine error, and a malicious one. I would not stake my life on no-one slipping a deliberate hole into a program or library.

There is though accountability ..... the coder who submitted flawed code which was discovered would have his future submissions more closely scrutinised.
So yes I could see a one-off having some chance, but once discovered I see very little likelihood of repeats.

The negative affect on a coders career could be huge ....

The collective has a very good chance of picking up mistakes. But if some malicious member of the collective spots a mistake, it is very easy to take advantage.
There is little indication that this has happened, but could well be because it would be almost impossible to detect if it did happen.

..... assuming only one - and malicious - person spotted it. Given the number of eyes that look at such things that seems unlikely .... but anything is possible of course.

In fact, this very thing has been seen at least once in the linux kernel: http://www.securityfocus.com/news/7388. There are many open-source projects with less scrutiny than the kernel.

A site got hacked, the file altered, and an automatic integrity check flagged it.
Yes the 'flaw' was apparently well disguised, but it is also apparent that the person who put it there did not have access to submitting such through the 'proper' channels.

No matter what system is adopted, it still has to deal with people. While people can eventually earn trust, it is possible that a long term 'plant' could manage to do this unnoticed.

The alternative of course is to use proprietary code .... where the morals of a corporation are what you are depending upon, and then the morals of each individual working for that corporation who contributes code.

We both know which is the more likely to produce back doors in their released code. .... the proprietary code possibly never to be examined again ....

croo

Cool Mo D wrote: »

Just because you have the source code, does not mean you can easily check it's doing what you think it is....

And I wrote

software solutions are now so huge & complex that unless you have a lot of resources with very specific skills you cannot review to the same extent that opening the source code to world to verify (a variant of Raymond's Cathedral & Bazaar argument).

So I agree, that is precisely my point and I think your argument just supports my point. Just because it is closed source does not remove any of the threats you highlight... even if the supplier provides me the source under an NDA it doesn't help because nobody has the resources, and all the skills needed, to review it all. No one body, but if the code is opened to the world the chances are only improved.

L

croo wrote: »

So I agree, that is precisely my point and I think your argument just supports my point. Just because it is closed source does not remove any of the threats you highlight... even if the supplier provides me the source under an NDA it doesn't help because nobody has the resources, and all the skills needed, to review it all. No one body, but if the code is opened to the world the chances are only improved.

Well, to be fair, much as I love Open Source, the easy available code does cut both ways - it's a lot easier to spot a potential vulnerability for both developers and someone looking to exploit it. This problem only grows when you consider the number of forked open source packages out there.

When a government (or company) buys compiled software under license, they have someone to hold responsible when things hit the fan (and a contract behind it). When they use something Open Source *shrug*.

croo

L wrote: »

Well, to be fair, much as I love Open Source, the easy available code does cut both ways - it's a lot easier to spot a potential vulnerability for both developers and someone looking to exploit it.

I think the fallacy of "security via obscurity" is long debunked.

L wrote: »

When a government (or company) buys compiled software under license, they have someone to hold responsible when things hit the fan (and a contract behind it). When they use something Open Source *shrug*.

Well they would buy Open Source too... though one would expect at a much reduced cost but what you are buying is support. When you look at the typical license that comes with closed proprietary systems, they usually (and I've never seen one to the contrary), absolve the provider of any issue with the software so I don't believe someone is held responsible. For a yearly recurring additional fee the provider will offer support that I am sure government can (and does) buy. So in my view there is no real difference from the end users perspective. The only difference I see is the management has a better choice over who to buy the support from when they go open source (plus they don't have to pay the initial upfront license fee).

PS. I seem to have copy&pasted part of my post into itself and jumbled it all up ... I have corrected in italics.

BostonB

I'd have assumed, perhaps incorrectly, since the numbers using open source would be a lot less then those using say MS, that there would be less people doing support and thus less choice?

croo

BostonB wrote: »

I'd have assumed, perhaps incorrectly, since the numbers using open source would be a lot less then those using say MS, that there would be less people doing support and thus less choice?

In Ireland perhaps, because MS is pretty ubiquitous here. I guess it depends on what we mean by "support" which could cover a wide range of services. With the code available the support effort can be greatly reduced as anybody who can code can look at it. From my own experience there is not a lot of open source used commercially here in Ireland and all my foss work is coming from abroad. The few projects here I have been approached for are from US companies who are already using foss and opening offices here. The thing about foss is there is a near zero cost of entry for those wishing to get into the market, so I think it is fair to assume that if there was a need those offering the services would (& could) quickly adapt.

BostonB

Is it not the same worldwide?

croo

I don't believe so no.
In Asia and South America foss seems to be a very very popular choice.

And as I say it depends on the type of support required. If it were technical support you would be comparing those with MS coding experience versus those with just coding experience. If it were user support then because foss is not as common here I agree with you.

Now in some areas, notably a majority of what is on the web, foss is probably much better supported... even here in Ireland.

But in Asia & South America the acceptance of foss seems to have moved much quicker up the chain, i.e. from the techie backend to the user's desktop. Though, I based this just on anecdotal evidence from my experiences working with people around the world I know from working on foss. Those working in Asia & S.America cannot keep up with the volume of business. The Germans & Americans seem busy too, though not to the same extent. But as I say, purely anecdotal.

BostonB

Good to know. Always curious about it.

As a .Net VB/VBA MS SQL, programmer, can you tell me What sort of skill sets are in demand? I've done a lot of VBA integration in the past, never really seen that replaced by FOSS. I assume it can be done.

croo

re: what skills...
Well there is no reason that an open source app could not be .NET, but I know little about that area myself. Honestly, if someone is a good developer I think the language matters little.. though it always helps if the framework concepts are understood.

Likewise there are many people working with open source tools that do not develop open solutions.

For example, I don't work for any, but I would bet that most of the hosting companies here are running Linux. Even their windows based hosts I would think are running in VMs managed by a linux host.

Likewise looking around the web you see many sites built on Apache webservers running PHP and MySQL databases. Again all open source tools and middleware but not necessarily open solutions being developed.

I guess all the googles, facebooks etc based here are using open development environments - even if they are not creating foss per se... but every little helps!

Myself, my development environment of choice is java enterprise and I work on business apps like Compiere/Adempiere/OpenBravo ... I've done a little with Apache's OfBiz (Open for Business) but have not yet implemented it - though I would like to find a project where I could.

With databases I could be working with anything... Postgresql, Oracle are common but recently I've been doing some work around MS SQL too! :eek:

L

croo wrote: »

I think the fallacy of "security via obscurity" is long debunked.

Yes and no. Relying on secrecy of information as your sole form of security is dumb as toast (your program should be secure regardless of whether someone has the design in their hand or not). That much is pretty basic.

Unfortunately that's never the reality. There's that old joke about the only secure system being turned off, plugged out and buried under concrete on the moon. Security by obscurity isn't strong but it's a valid measure when combined with a proper system design.

It's hard to blame a government for preferring a setup where code sitting in full view complete with whatever inevitable vulnerability it contains isn't running on the computers containing their citizens information/confidential reports.

croo

Wasn't the windows code released into the wild a few years back?
Certainly I remember back in the early 90s working for a German company who had access to MS Code. So the likelihood is, anyone who is engaged in illegal practices and really wants it can get access. While those who play by the book cannot. I personally would much prefer my data to be held by systems and software that are open for inspection by all... the chances are if there are issues they'll be found and reported.

It scares me that without access to the code so many security flaws have been found in MS OS code - If that's what can be done without the code I would hate to think what access those who do have the code can achieve.

I do agree thought that no code is 100% secure - just like no system is bug free. But I fail to see how having less people look for security risk can be better!