
“Use of open source software has been declining rapidly in the private sector” - bcantrill
https://github.com/GSA/modernization/issues/41
======
wyldfire
Background on the author (from [1]):

> Ken Glueck, Senior VP for government affairs, Oracle

> Bio: Based in Washington, Glueck has run Oracle’s Washington office for
> about 20 years, having built a career as a tech lobbyist before there was a
> phrase for it and running field operations for Connecticut Sen. Joe
> Lieberman.

[1] [https://www.recode.net/2015/8/18/11617800/meet-silicon-
valle...](https://www.recode.net/2015/8/18/11617800/meet-silicon-valleys-
political-power-brokers)

~~~
mcguire
" _False Narrative: In-house government IT development know-how is critical
for IT modernization. In-house government procurement and program management
expertise is central to successful modernization efforts. Significant IT
development expertise is not. Substantial custom software development efforts
were the norm at large commercial enterprises, until it became obvious that
the cost and complexity of developing technology was prohibitive, with the
end-products inherently insecure and too costly to maintain long-term. The
most important skill set of CIO’s today is to critically compete and evaluate
commercial alternatives to capture the benefits of innovation conducted at
scale, and then to manage the implementation of those technologies
efficiently. Then, as evidenced by both OPM and Equifax, there needs to be a
singular focus on updating, patching, and securing these systems over time._ "

Um. Yeah. 'Cause that's going to lead to a good end.

~~~
theyregreat
Every large org project I’ve seen fail does so for three large categories of
reasons: under-management (delegating too much authority, project management
and lack of accountability over to vendors), vague requirements (ie vendor
becomes more hesistant, less certain what to build and moves in tangents to
meet expectations) or too long of a feedback cycle (ie BDU).

~~~
201709User
Also outsourcing cheaply.

------
dahart
The commentary doesn't specify, but what private sector use of OSS might be
declining rapidly? Does this claim have any merit? It seems like almost all
web stacks rely heavily on OSS, but coming from Oracle, I assume they could be
talking about databases specifically. Would it be true to suggest use of OSS
databases, e.g., MySQL, is declining?

Oracle positioning themselves against OSS is interesting, and might be
telling. I would assume that a message to the govt that OSS is bad means that
OSS is actually winning, and Oracle is more scared of open source than it is
of other for-profit competition.

This is also in line with the government defining OSS as "commercial"
software. From the government's perspective, the line isn't whether they paid
money, it's more like whether the software comes with a license.
[http://dodcio.defense.gov/Open-Source-Software-
FAQ/#Q:_Is_op...](http://dodcio.defense.gov/Open-Source-Software-
FAQ/#Q:_Is_open_source_software_commercial_software.3F_Is_it_COTS.3F)

I feel like that's where Oracle's commentary trips up a bit, because they're
painting a picture of the fears of bad things that can happen when using OSS,
without realizing the government already figured out that most of the
implications and liabilities of any software come from the licensing, and not
the dollar costs.

~~~
cirgue
> The commentary doesn't specify, but what private sector use of OSS might be
> declining rapidly? Does this claim have any merit?

I'm an engineer at a fortune 50, and from where I am sitting this is claim as
no merit at all. Our dev shop is pretty much entirely open source excepting
databases. The rest of the company prioritizes open-source first for all new
development. Open source is alive and well in private enterprise, and I
suspect that's why Oracle (and some other companies) are diversifying their PR
strategies right now.

~~~
copperx
What closed-source db are you using?

~~~
tedmiston
I can’t speak for a Fortune 50, but in the data warehouse space especially at
massive scale, most options are closed source.

~~~
copperx
I just wanted to know if there's anything popular besides Oracle and MSSQL.

~~~
cirgue
Vertica and Teradata are two others that seem to be popular among really big
enterprises.

------
kovacs
Paying someone to offload things you shouldn't be doing is a sound strategy
when applied correctly. Unfortunately this message can't come from someone
like Oracle whose entire business depends upon companies choosing to buy
instead of build.

I used to work for Oracle in the field as an SE working on the largest
enterprise customers they sell in to. What's left out of the rebuttal is how
Oracle (or really any vendor), often sells solutions to problems that
customers don't have. And even the solutions that do solve the customers
problem on paper are often complicated, don't quite work right because of
implementation problems, and lower quality because they're more general
purpose. So you end up with a situation where it's dubious that you're any
better off at the mercy of a vendor whose interests aren't well enough
aligned.

The real trick is figuring out where the line should be drawn in buy vs. build
for any given initiative and the underlying technology required to satisfy
those requirements. Can a homegrown software org. handle the entire lifecycle
of building and maintaining the products they build? The ideal place for these
teams is at the margins and leveraging highly used products where there's as
little custom code ownership as possible. Open source or otherwise. There's
certainly a tipping point beyond which an open source project has better
quality but it's not clear where that lies.

And if you're getting into bed with any software vendor without transparent
pricing and good vendor management you risk subjecting yourself to renewal
conversations that answer the question of "How much?" with "How much you got?"

~~~
CrossWired
>> What's left out of the rebuttal is how Oracle (or really any vendor), often
sells solutions to problems that customers don't have.

I interviewed at Microsoft for a field position and the Director I interviewed
with basically said this in response to an answer I gave "We don't ask them
what they need, we tell them what they need."

It just feels dirty coming from the guy they called to help with their
technical problem. I'm there as Technical Consultant to solve your problem,
not upsell you a different set of problems.

~~~
kovacs
To be fair the director in charge of my group said to me at the start "You
should help the customer. If it's not an Oracle solution that's fine. We'll
eventually sell them something, we're too big with too many products not to."
So at least he had the right intention. I did see the friction surface with
reps though because they don't have the same agenda :-)

------
anonacct37
> Substantial custom software development efforts were the norm at large
> commercial enterprises, until it became obvious that the cost and complexity
> of developing technology was prohibitive

Pardon me but this is one of the most bullshit things I've read in a long
time.

I work for the fortune one. The idea that open source is in any way decreasing
is a dangerous lie. I can think of one closed source app that's any good right
now. Splunk. Everything else I interact with is garbage that slows our
business down.

I am shocked that in the same document Oracle is pushing back on technical
competence in the government. I shouldn't be but I am.

Closed source is the Cobol of a fortune 50. It exists, it's going to be a
while before we get off it, and basically nobody is happy to be running Cobol,
Oracle, or Tibco.

~~~
ams6110
COBOL is just a programming language. Many companies used it to develop good
sofware for internal use. Of course a lot of pretty bad software was developed
with it also, mostly by big consultancies. But the goodness or badness of
software doesn't have much to do with what language was used.

~~~
AnthonyMouse
> But the goodness or badness of software doesn't have much to do with what
> language was used.

To a certain extent it does. COBOL is in the same category as Visual Basic in
the sense that they make it easy for novices to quickly create programs that
half work, but getting the other half right then takes far more effort than
would have been required when using a better language to begin with.

The result is that people using those languages tend to give up at that point
and subject the users to their half broken programs.

~~~
WorldMaker
Plus the companies still most highly invested in COBOL and VB are likely the
same companies that live and die by the sunk cost fallacy. COBOL and VB had
nearly as much good as bad _in their time_ , but to some extent the companies
with good COBOL or VB programs more often than not have moved on with the
times to greener pasture.

Meanwhile, it's harder and harder to argue that the companies still using
COBOL or VB for core business processes care about investments into good code,
and as the good programmers move on to other languages it's hard to argue that
much good code is _currently_ written in those languages (except at great
expense to retain good programmers in bad situations).

------
wyldfire
> The actions of 18F and USDS plainly promote open source solutions and then
> propagate those mandates across government with the implicit endorsement of
> the White House. The USG’s enthusiasm for open source software is wholly
> inconsistent with the use of OSS in the private sector.

I think we can objectively say that the current administration places a
priority on undoing the legacy of the previous administration. Since IIRC
18F/USDS were spawned by the previous administration, I worry about their
longevity. They're really in danger if they're called out by business leaders
like Oracle.

It's very easy for people who haven't worked in software to hear "socialist"
when told about "Open Source Software". This message from Oracle seems to try
and evoke that sentiment.

~~~
emmab
> It's very easy for people who haven't worked in software to hear "socialist"
> when told about "Open Source Software". This message from Oracle seems to
> try and evoke that sentiment.

I think FOSS is more socialist. Isn't that a good thing?

~~~
splintercell
Socialism and Capitalism isn't really applicable on non-tangible things.

If Cars can be duplicated like software, then sure calling FOSS socialism
makes sense. But since that's not the case, it isn't.

~~~
sounds
I was very pleased this distinction was already posted. Here's my stab at the
same point:

Socialism redistributes _limited_ wealth to those whose labor actually
produces it, since the capital which owns the means of production is not
motivated to distribute things evenly.

Capitalism leaves the limited wealth in the hands of the owners of production
and lets economic realities distribute the wealth.

Bluntly, the Free Software movement just states the axiom: let me copy your
software, and the only cost is to make the copy.

The Free Software movement argues that charging for copies is a good idea.
(So, not socialist? There is a non-zero cost to making a copy.)

However, the Free Software movement argues against all limits on that copy
after it is made! (So, not capitalist? The owner of that first production
cannot limit the copy.)

Not capitalist, not socialist, software is quite different:

John Perry Barlow: ([https://www.eff.org/cyberspace-
independence](https://www.eff.org/cyberspace-independence))

Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind. On behalf of the future, I ask you
of the past to leave us alone. You are not welcome among us. You have no
sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address you
with no greater authority than that with which liberty itself always speaks. I
declare the global social space we are building to be naturally independent of
the tyrannies you seek to impose on us. You have no moral right to rule us nor
do you possess any methods of enforcement we have true reason to fear.

Governments derive their just powers from the consent of the governed. You
have neither solicited nor received ours. We did not invite you. You do not
know us, nor do you know our world. Cyberspace does not lie within your
borders. Do not think that you can build it, as though it were a public
construction project. You cannot. It is an act of nature and it grows itself
through our collective actions.

You have not engaged in our great and gathering conversation, nor did you
create the wealth of our marketplaces. You do not know our culture, our
ethics, or the unwritten codes that already provide our society more order
than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this
claim as an excuse to invade our precincts. Many of these problems don't
exist. Where there are real conflicts, where there are wrongs, we will
identify them and address them by our means. We are forming our own Social
Contract. This governance will arise according to the conditions of our world,
not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself,
arrayed like a standing wave in the web of our communications. Ours is a world
that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice
accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her beliefs,
no matter how singular, without fear of being coerced into silence or
conformity.

Your legal concepts of property, expression, identity, movement, and context
do not apply to us. They are all based on matter, and there is no matter here.

Our identities have no bodies, so, unlike you, we cannot obtain order by
physical coercion. We believe that from ethics, enlightened self-interest, and
the commonweal, our governance will emerge. Our identities may be distributed
across many of your jurisdictions. The only law that all our constituent
cultures would generally recognize is the Golden Rule. We hope we will be able
to build our particular solutions on that basis. But we cannot accept the
solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications
Reform Act, which repudiates your own Constitution and insults the dreams of
Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams
must now be born anew in us.

You are terrified of your own children, since they are natives in a world
where you will always be immigrants. Because you fear them, you entrust your
bureaucracies with the parental responsibilities you are too cowardly to
confront yourselves. In our world, all the sentiments and expressions of
humanity, from the debasing to the angelic, are parts of a seamless whole, the
global conversation of bits. We cannot separate the air that chokes from the
air upon which wings beat.

In China, Germany, France, Russia, Singapore, Italy and the United States, you
are trying to ward off the virus of liberty by erecting guard posts at the
frontiers of Cyberspace. These may keep out the contagion for a small time,
but they will not work in a world that will soon be blanketed in bit-bearing
media.

Your increasingly obsolete information industries would perpetuate themselves
by proposing laws, in America and elsewhere, that claim to own speech itself
throughout the world. These laws would declare ideas to be another industrial
product, no more noble than pig iron. In our world, whatever the human mind
may create can be reproduced and distributed infinitely at no cost. The global
conveyance of thought no longer requires your factories to accomplish.

These increasingly hostile and colonial measures place us in the same position
as those previous lovers of freedom and self-determination who had to reject
the authorities of distant, uninformed powers. We must declare our virtual
selves immune to your sovereignty, even as we continue to consent to your rule
over our bodies. We will spread ourselves across the Planet so that no one can
arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more humane
and fair than the world your governments have made before.

~~~
splintercell
> Socialism redistributes _limited_ wealth to those whose labor actually
> produces it, since the capital which owns the means of production is not
> motivated to distribute things evenly.

I don't believe HN is the place for this discussion. Yes, we do talk politics
here, but mostly what is related to case in hand.

Also your post is a textbook example of Gish Galloping[1].

1\.
[https://rationalwiki.org/wiki/Gish_Gallop](https://rationalwiki.org/wiki/Gish_Gallop)

------
syshum
One can safely assume that the opposite stance to Oracle on any given policy
is what is best for Humanity, one can also safely assume that taking a polar
opposite position to Oracle on any subject will be the Ethical and moral
position.

~~~
ocdtrekkie
I downvoted this not because I like Oracle, but because this is a terrible way
to think. If you're not qualified to determine the value of a statement based
on it's contents, either ask someone else more qualified, or start learning.

Evaluating a company to equal good or evil and then judging all statements
from them based on that rule leads to a lot of faulty thinking. There are
people who have for the last two decades automatically assumed everything
Google says is good (false), and everything Microsoft says is bad (also
false).

It leads people to fail to recognize that corporations act in self-interest as
a whole, as they have one real mission: Profit. It leads people to fail to
recognize that corporations are made up of people, who, while influenced by
their compensation and bias and culture, do have their own views and opinions.
And most importantly, it leads people to fail to recognize that corporations
change over time, as their people, culture, and priorities shift.

~~~
syshum
>Evaluating a company to equal good or evil and then judging all statements
from them based on that rule leads to a lot of faulty thinking

I am not evaluating a company. I am evaluating Oracle.

>It leads people to fail to recognize that corporations act in self-interest
as a whole, as they have one real mission: Profit

and I already address why this is different for Oracle

~~~
ocdtrekkie
Oracle is a company. And your sole statement of why "Oracle is different" is
because in your personal opinion, Oracle has never been on the right side of
an issue, which is a very subjective view. (Not to mention the fact that it's
near impossible for you to know of or evaluate every view ever expressed on
any topic by Oracle as a company or any representative of Oracle.)

~~~
QAPereo
Oracle is a company like a tick is a person.

~~~
WorldMaker
Oracle is a software company like a law firm practices medicine.

------
phkahler
Had me up until this:

>> There is no such principle that technology developed or procured by the USG
should be available free for all citizens, in fact that would present a
significant dis-incentive to conducting business with the USG.

Conflating software developed with software procured. And this is a section
where he pointed out a tendency to conflate some other things. I wonder if
that was a subconscious confession ;-)

~~~
0xcde4c3db
That conflation is particularly slimy because works produced by the US
government are explicitly, statutorily ineligible for copyright (17 USC 105).
In other words, not only _is_ there such a principle with regard to USG-
produced works, it's been actively expressed in US law for decades.

------
gibrown
Even a cursory look at some stats says that is completely untrue:

\- 6 of top 10 "DB-engines" are open source: [https://db-
engines.com/en/ranking](https://db-engines.com/en/ranking)

\- web servers are 83% nginx+apache:
[https://w3techs.com/technologies/overview/web_server/all](https://w3techs.com/technologies/overview/web_server/all)

\- all top content management software is open source:
[https://w3techs.com/technologies/overview/content_management...](https://w3techs.com/technologies/overview/content_management/all)

~~~
tedmiston
It’s weird that the DB Engine list conflates OLTP and OLAP databases into one
category when they are used completely differently. Would be nice if they had
subcategories or filters for something like this.

~~~
lukaslalinsky
The line between OLTP and OLAP is getting more and more blurred. There are new
databases that sit in between, so I think letting those categories go away is
a good idea.

------
sheeshkebab
The irony - most of oracles propriatary software has large chunks of open
source (not theirs) code. If they ever looked at all the jar files of their
“fusion middleware” and similar things they’d know.

A bunch nonsense from oracles sales drones.

~~~
horusthecat
Absolutely, truly hilarious to point to the Equifax breach when the same
Struts vuln is present in Oracle products.

------
microcolonel
> _Here there is an inexplicable conflation between “open data,” which has a
> long legacy in the USG and stems from decades old principles that the USG
> should not hold copyrights_

It is explicit that the United States Government _can not_ hold U.S.
copyrights on government works, that's not a "false narrative", that is _the
law_ [0].

[0]:
[https://www.law.cornell.edu/uscode/text/17/105](https://www.law.cornell.edu/uscode/text/17/105)

~~~
fourthark
Wow, so open sourcing is the only way they can be sure to hold onto the
software they pay to have made for them...

------
samsgro
Unsubstantiated, self-serving FUD from Oracle.

~~~
tetromino_
It's self-serving, but I wonder if it might true. Locally hosted applications
are a varying mixture of open-source and closed-source, in different
proportion in different places. But when they get replaced with SaaS, as is
now the fashion, that replacement is almost always commercial closed-source.

~~~
eikenberry
Though every SaaS is 99% Open Source software with 1% proprietary sprinkled on
top to create the value add. So really these are much more open source than
the old vendored solutions where they installed the proprietary software
onsite.

------
shmerl
Oracle being Oracle. What's new?

And they were especially annoyed with the idea that taxes supported software
should be open source. I think it's a great idea, and Oracle should get lost
for opposing it. Taxes surely should not be used to support someone who pushes
copyrightability of APIs.

------
asah
There's some good points, but of course neglects the true comparison with
closed source, which has a terrible track record in all of the stated claims.
"Tail costs" are hilarious coming from an Oracle executive.

Notably, given identical budgets, I'd be shocked if FOSS couldn't delivery
faster, more feature-rich and more secure solutions.

Is the success of healthcare.gov an example?

I, for one, would love to see a mix of the two methods across 100+ projects,
then a GAO post mortem.

------
thomastjeffery
The only thing that makes proprietary software popular is the fact that
proprietary software _depends_ on _more_ proprietary software.

If you use closed-source software, and you want a new feature, you _must_
create entirely new software that is compatible with it, and usually that
means hiring the same companies (who can read the original code) or hiring new
"professionals" that have made themselves comfortable with the ecosystem.

Free software, on the other hand, allows the application of _less_ software
for the same amount of work. You can add features, and those who work with
free software don't waste everyone's time with proprietary software if they
can avoid it.

The US government is incredibly inefficient, especially in IT, and its
solution thus far has been "throw more money at the problem". This is clearly
a detrimental non-solution. Those of us with clear heads should be _adamant_
that proprietary software _does not_ belong in our government.

~~~
noncoml
Customer support is what makes proprietary software popular.

~~~
thomastjeffery
While ironically being the most proven business model for free software.

------
asveikau
> The USG can never develop, support or secure products economically or at
> scale.

I guess we should stop using the [government developed] internet then.

------
NeutronBoy
I know a few years ago when I was working on a government procurement project
for some software, the (very good) lawyers were very weary of any OSS included
in the proprietary product we were buying. Their reasoning was, we were buying
the product from the vendor. If the vendor had incorporated the OSS code into
their product and it was found that they'd breached the license conditions,
then we essentially lost the license to run the software - otherwise we'd be
in breach as well. Not what you want when you're spending hundreds of millions
on a project.

~~~
thyrsus
Totally false. A lot of open source software is MIT style, which effectively
means there are no consequences to infringement. If the infringing code is
GPL, then as customer you've won the lottery, because now you've got an
irrevocable free license to everything tightly coupled to that code, and the
vendor is limited to charging you for ongoing labor or for adjunct products.
You have no responsibilities as customer except to refrain from preventing
others access; if you choose to (re-)distribute the code, then you cannot
constrain the recipients of the code. The vendor, on the other hand, is now
required to charge no more than copying fees for infringing code, and must do
so for any customer. They can charge for development labor and support fees
(see: Red Hat), but derived code is available to you in perpetuity.

~~~
taktoa
Since when does the GPL stipulate anything about how much you can charge for
GPLed software (wrt your statement about "copying fees")?

~~~
thyrsus
The vendor can, of course, charge whatever they like for copying fees. The
customer would be wise to get source from the beginning, and keep track of it
for themselves, but that's a matter of "physical" access, not legal right.
From GPL 2:

3\. You may copy and distribute the Program (or a work based on it, under
Section 2) in object code or executable form under the terms of Sections 1 and
2 above provided that you also do one of the following:

    
    
        a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, 
        b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, 
        c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

------
jcstryker
This is concerning if true, would like to see more data.

This modernization initiative is an opportunity to set a standard of OSS
software in the USG. It would be disappointing to see this pass, securing
another round of lock-in.

------
RickJWag
Hmmmm.

Red Hat's marketshare (and stock price) have risen steadily forever.

Microsoft just gave up and open sourced .NET.

Open Source stacks run _everything_.

Kubernetes is running rampant.

I don't think OSS is declining rapidly. I'm pretty sure it's winning.

------
malchow
I thought this was perceptive:

"False Narrative: Government should attempt to emulate the fast-paced
innovation of Silicon Valley. [...] The USG is not a technology vendor nor is
it a start-up. Under no circumstance should the USG attempt to become a
technology vendor. The USG can never develop, support or secure products
economically or at scale. Government developed products are not subject to the
extensive testing in the commercial market. Instead, the Government should
attempt to emulate the best-practices of large private-sector Fortune 50
customers, which have competed, evaluated, procured and secured commercial
technology successfully."

~~~
sitkack
Bullshit. The USG has a the ability to leverage scale like no business ever
could. The government consumes of tech are balkanized and sold billion dollar
contracts over and over again when they could pay industry wages and still
come out ahead.

~~~
malchow
I mean, I think reality intrudes on your fanciful theory. When GSA was hacked
and life-threatening personal information on security-cleared government
employees was leaked, the public reaction was: eh. Compare this to Equifax,
where the intrusion was less successful than at GSA, but which may
nevertheless cease to exist, and whose entire leadership will likely be
replaced.

I think the reality is: people have seen and therefore expect government tech
systems to be awful and vulnerable. And people have seen and therefore expect
private tech systems to be relatively better.

~~~
WorldMaker
I think this is more an anecdotal case of "I'm not a security-cleared
government employee, so why should I care". I see as much or more of the
opposite viewpoint from what you are espousing: the GSA is forced to be
accountable with giant audits and meetings and red tape until the problems are
found and root causes discovered and mitigations (even token mitigations) in
place. Meanwhile, Equifax was hardly punished in the stock market, the one
place that supposedly gets any sort of accountability out of publicly traded
private corporations these days (since they only seem to care about quarterly
profits rather than employees or customers or people in general). There was a
lot of anecdotal resignation among my friends that no one is or can hold
Equifax accountable and we'll never leave the status quo of Equifax making
millions of dollars in profits warehousing data that they have no right to
own.

------
jackpot51
Welp, that was locked quickly. Not looking good for us, is it bcantrill?

------
makecheck
In the past I’ve seen that free software licenses make companies nervous, and
they _will_ inject Legal in the middle of your project schedule. This creates
_at least_ weeks or months of nontechnical dependencies in order to obtain
approvals for even the simplest things (and you have no control over the
activities of the Legal departmentc at all so good luck with your promised
timeline for completion). In addition, GPL can practically translate to an
automatic “No” in some organizations.

The wording of licenses also matters, which is why coming up with “cute
license that is mostly well-known license but different” is a sure way to
severely delay or prevent corporate adoption of your project. At this point,
you should really just pick a well-known license.

Given these thorns in the side of company code, it is not at all surprising
when engineers consider just coming up with some code themselves.

~~~
microcolonel
Yeah, but most new code (especially frontend javascript, desktop application
libraries, mobile application libraries) is 2-clause BSD, ISC (which is
formally equivalent to 2BSD), MIT, or Apache 2.0. I guess there are goons
going around slapping WTFPL on things, but oh well, doesn't seem to be
stopping anyone.

GPL doesn't cause problems unless you're distributing. If you're just
compiling and running it as part of your service, it's no biggie. I ran it by
legal pretty quickly. I've worked on plenty of projects with GPL stuff in
them.

~~~
flukus
> GPL doesn't cause problems unless you're distributing

Or if you might want to distribute in future, what is good now might become
impossible because a client wants an on premise install for instance. Or if
the software department ever get's spun out to a separate legal entity. I'm a
big fan of the GPL, even the AGPL, but I wouldn't use a GPL library in a non-
GPL product.

------
wmf
"Use of open source software has been declining..." is a clickbait headline
that is a pretty minor part of the document. It should be no surprise that
Oracle doesn't like open source and I don't think there's much benefit to
getting into the mud on that topic.

------
dannyrosen
What's confusing is that Oracle just announced a partnership with Cloud
Foundry [1]

[1] - [https://blogs.oracle.com/developers/cloud-foundry-arrives-
on...](https://blogs.oracle.com/developers/cloud-foundry-arrives-on-oracle-
cloud)

------
archildress
Don't underestimate the impact of the SaaS model causing this to shift. Most
on-prem, whether FOSS or commercial, has large startup cost associated with
it.

Conversely, more are choosing the (mostly commercial) SaaS alternatives to
avoid those startup costs.

Source: corporate finance and work with IT purchasing.

------
nickbauman
Filed under "Claims made with no citation or data to back it up from a
lobbyist."

------
danjoc
From Oracle's vantage point, that's probably true.

[https://www.youtube.com/watch?v=LrDnuvHfBr4](https://www.youtube.com/watch?v=LrDnuvHfBr4)

------
agentultra
I don't necessarily agree with him but I do sympathize on the security front.
I know we all do our best in the OSS world but governments collecting all that
data and not paying engineers to do formal verification and security auditing
seems pretty scary.

Maybe this is a little backwards but there's something comforting about a
massive beauracracy filled with paper forms and legions of administrators. It
makes it quite difficult to run off with a billion records, doesn't it?

------
sitkack
Thank you to the person that inlined the text to the PDF. Without this,
Oracles FUD would have been tucked away as an attachment.

------
existencebox
Private sector dev checking in: (Very grumpily checking in, after reading some
of TFA)

This really couldn't be more untrue, and I say this both as an eng in my day
to day, and as a washed up data scientist who was once tasked with
investigating this exact question.

Open source continues to be an extremely compelling option (and oftentimes THE
idiomatic option) for large swaths of common tasks.

I could really only believe his assertions if his data is so twisted out of
the realm of a kind interpretation.

I tried to read through but at every paragraph I was met by a wall of
handwaving which aligns far more strongly with Oracle's incentive to sell
support packages than any reasonable interpretation of reality.

Some snippets:

\- "Government should attempt to emulate the fast-paced innovation of Silicon
Valley. Silicon Valley is comprised of IT vendors most of which fail. "

Do they fail because of their tech choices or their strategic choices?

\- "Instead, the Government should attempt to emulate the best-practices of
large private-sector Fortune 50 customers, which have competed, evaluated,
procured and secured commercial technology successfully."

In my experience, the most technologically savvy F100's are all VERY familiar
with utilizing in-house dev, and as recent releases from AWS/Azure might
suggest (SQL Server on linux, Aurora support for postgres/mysql, etc) OSS is a
key part of this as well.

\- "Significant IT development expertise is not. Substantial custom software
development efforts were the norm at large commercial enterprises, until it
became obvious that the cost and complexity of developing technology was
prohibitive, with the end-products inherently insecure and too costly to
maintain long-term. "

Exactly, so we started moving to _OPEN SOURCE_, but not in exclusion to the
in-house expertise. (HN has seen lots of the murmurs about when this
transition went south and believed that too much outsourcing at the cost of
domain expertise and stability was the path to success) He later goes on to
cite equifax's failure as an example of this, which I find especially
entertaining because that suggests a privately developed piece of software
would somehow have more eyes on it or guarantees of safety than a product as
widely used as most things Apache.

\- "The most important skill set of CIO’s today is to critically compete and
evaluate commercial alternatives to capture the benefits of innovation
conducted at scale, and then to manage the implementation of those
technologies efficiently."

Translation: "We don't like the alternatives CIO's have been finding, because
they aren't Oracle".

I'm getting a bit snippy here as one might tell, so I'm going to stop reading
before I start screaming at my monitor.

~~~
horusthecat
"The COTS industry is under an anti-commercial attack". Oh no, not the COTS
industry!

> In my experience, the most technologically savvy F100's are all VERY
> familiar with utilizing in-house dev, and as recent releases from AWS/Azure
> might suggest (SQL Server on linux, Aurora support for postgres/mysql, etc)
> OSS is a key part of this as well.

Ding ding ding fries are done! Oracle is deeply concerned with losing
customers to PaaS and Saas providers. Part of Oracle's current model is to
push its mixed and private cloud offerings for their customers--AWS and Azure
have a huge share of that market already.

It's Oracle, though, and they have a huge presence in the gov't sector...
They're trying to reclaim that as much as possible by moving in on the Trump
Administration's transparent give-aways to favored parties.

------
microcolonel
Bad faith dealing, blatant disregard for the truth, misrepresentation of the
law.

Sounds like Oracle to me.

------
gerdesj
RLY? The OP is a GH issue report with a really long winded thread, with lots
of long comments.

I've scanned through the lot - what the blazes am I missing?

------
tomrod
Yeah... at least at $LARGEBANK I work at, FLOSS has been massively adopted in
my tenure there. I do my part to evangelize as well.

------
thanatropism
One word: Heartbleed.

It spread far and wide the idea that open source infrastructure was a temerary
proposition.

~~~
pritambaral
Does closed source not have security issues?

~~~
thanatropism
Hey, don't shoot the messenger.

~~~
pritambaral
That was a question. It's neither provocative nor aggressive, unlike its
parent.

