Microsoft distributes constant opaque silent updates to all modern Windows systems. With Windows 10, some editions cannot even postpone installing those updates for long. An update deliberately bricking Windows computers, targeted to all of Europe, a country, an organization, or an individual's home. That is, quite literally, a digital killswitch.
Of course Microsoft the company wouldn't do such a thing as long as it's following its own interests. But, being an non-EU entity, it could conceivably be forced by US authorities. Or, of course, the secure distribution channel could be hacked. It's far more likely that an attacker would distribute an update that merely backdoors all systems; but if done as an act of war (or terrorism), bricking is a somewhat plausible goal.
As the article correctly notes, the same problem affects most other software; it's just that Microsoft Windows is both so widely used and so infrastructure-critical (you can't replace it with a different OS and keep running your native Windows applications). OSX and iOS have minority market shares and you can buy competing products. Android phones and Linux distributions don't have a single update channel for all of them. Non-operating-system software generally isn't installed on most computers and has alternatives for most of its users. Windows is in a pretty unique position.
We are slowly starting to realize how big these issues are. I hope.
The point is that it might not be appropriate to give someone the keys to the castle even if you trust them completely not to abuse that power, because people don't last forever in a position and that power will eventually pass to a successor who may be less trustworthy.
Specially one which has used nuclear weapons against civilians in the past.
Oh, wait, never mind ...
Doing the 'right thing' the wrong way just conditions the American public toward accepting an autocracy. While particularly bad for one party, it's not great for either of them, and certainly not for the citizenry.
If everyone abuses these loopholes anyway, then maybe there's a chance that they'll be closed in time. One can dream, right?
This is pretty much saying that, because an OS is open source, that means anyone can put it on almost anything and sell it, so the fact that the original developer can't control all possible distributions of the software that said software is untenable.
In practice, that is not how it works. You don't approach broad deployments of Android or, say, RHEL while getting supplied by a half dozen different OEMs. You pick one and stick to it. In much the same way Windows shops work - you normally either go with just Dell or just HP.
Hell, you can't lump Linux and Android in the same boat either. Vendors never guarantee perpetual phone OS updates on Android, because they always abandon their devices. The exception might be Google, maybe, with one of their device series from the last 5 years since the Nexus 4 which did get dropped, but you might be able to get a perpetual update contract with them for an extended support period. I have no idea.
But for something at Government scale, adopting Android is actually really trivial. At least it used to be - you could have just approached Cyanogen to support all devices with a guaranteed support period. Now I'm not sure if there is a corporate entity to barter with backing Lineage, but the same principal applies. There are ways around Android's horrible update model.
For desktop Linux, though, its no competition. You will always be going to one vendor, using that one vendor, and getting consistent updates from that singular vendor. Be it Dell or Red Hat or Canonical or whomever you plan to contract with. They aren't going to be throwing Gentoo randomly on a couple of your thousand Ubuntu boxes, and if you want they will certainly preconfigure the images to point the update servers to your own self hosted ones to control updates if you really want to.
If you're running Windows, you're getting it from Microsoft, end of story.
You talk as if nobody ever bootlegged Windows.
Presumably so that Microsoft doesn't get bad press, and maybe due to (shady but arguable) legal implications.
In terms of the "kill switch" threat, this pretty much removes it.
Additionally, desktop Linux systems are similar and open enough that it wouldn't be a big deal to move to Debian / others if Canonical went up in smoke or were compromised. It certainly wouldn't cost end users file compatibility.
Eh, Nexus 5x was The Phone for a while, released September 2015. EOL was announced in October 2016, software updates last until September 2017.
So it's still allegedly supported, but Android 7 update caused bootloops on a bunch of phones and Google determined it was a "hardware issue". Maybe it was, but I feel like Linux/Windows would work around this kind of issue, rather than shrugging and asking you to talk to the manufacturer.
Yeah, you need a Heavy Enterprise style vendor.
It is extremely crooked when you read the narrative as its unfolded over the last decade. Microsoft is extraordinarily aggressive in maintaining its monopoly in the public sector.
ps: hooray for liberal private business right :)
> With Windows 10, some editions cannot even postpone installing those updates for long.
Not saying that users will necessarily find the place to do it, or understand the implications of this action, but anyone can permanently postpone installing the updates by disabling the service.
I think you were referring to the "defer updates" feature which is only available in Enterprise (and maybe Pro, I'm not sure about that one.)
I make it a habit on my Windows 7 system to read each and every update's KB entry and determine if I want it. I wish I could do this with Windows 10.
In short, I don't think disabling the update service in Windows 10 is even remotely an ideal solution to this problem.
I wish I could remember the exact things they pushed but I have a feeling they were windows 10 related.
In the May 9th 'Security Rollup';
"Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed." 
I cannot disentagle this update from the other ACTUAL security updates.
However, if you make a practice of not installing any security updates at all, you create a bunch of other not easily solved problems for yourself.
(most of the Windows deployment under consideration would be enterprise edition, and they don't take updates automatically)
File under: garden variety EU chest beating.
If the US declared war on part or all of Europe, and caused Microsoft to send updates bricking legitimate Windows installs within that region, the victims could still use pirated Windows to run their native Windows applications. I doubt there would be any legal repercussions.
Meanwhile, many very critical systems that happen to be implemented on Windows would shut down for weeks or months. Look at the current ransomware attack on the NHS. Now imagine taking down all health services, ISP services, maybe electricity or gas or water companies, supermarkets, distribution and shipping management, police and government records...
Yes, these things usually have non-Windows components on big iron or Linux servers. But if you take out all the Windows clients, and however many Windows servers do exist, then the system as a whole cannot function.
This could be a part of a (cyber)war effort. Instead of, or before, sending in the army to attack, you cripple the enemy's economy and civil infrastructure. You even have a chance of maintaining plausible deniability if you attack the MS update distribution channel, or serve them a sufficiently secret order that doesn't get leaked.
When...a month after ? Too late. Damage's done. War's over.
WSUS might delay or stop an attacker who takes over the MS distribution channel from publishing an update telling all target computers to shut themselves down right now. But a smarter attacker will distribute a time bomb as part of a legitimate update, that people will install for legitimate reasons, and that will be triggered after enough computers have installed it. The trigger may not even come via the Windows Update channel.
And to quote, "there's another theory that states that this has already happened."
* Microsoft does not disclose what (most) updates do and it's not feasible to reverse engineer all of them to check.
* Multiple updates, including critical security patches, are published as a single monthly rollup and cannot be (easily) separated from one another.
* The Windows 10 Update client doesn't officially support cherrypicking some updates and delaying others indefinitely; if you let it connect to the (real) Microsoft update server it will try to install all available updates.
* You're not downloading individual per-update executables and checking their hashes; you're running a program (the Windows Update client) that, once it trusts the server it connects to, uncritically runs any code the server sends to it.
Now consider all of that when the adversary controls not just individual update contents but the whole update server or delivery channel...
Granted, the DNS blackhole is more about blocking the spyware than isolating single updates.
It's not a long-term solution, though:
1. You need to know the KB article ID of the update you're looking for. And again, the individual update descriptions or KB articles frequently just say "something was fixed" but not what.
2. Some updates will probably fail to install because previous updates to the same component weren't installed. Conversely, updates that just give you the latest version of a file or application might auto-install the older updates you wanted to skip.
In any event, even if you successfully skip most updates, the main outcome will be that your system will be that much less secure and easier to take over using published vulns even without a backdoor...
I don't think you need to worry about the number of people wanting to replicate your configuration exceeding the load your micro instance can handle.
Where'd you get that from? My "micro instance" is clearly not on my Windows machine. My Windows box is behind a pretty over-the-top firewall (which isn't even necessary on a private network for the exploits that are public). Not every vulnerability makes you remotely vulnerable behind your NAT, and I wish more of the people obsessed with update-hygiene understood that.
Is my solution good for a corporate network? Obviously not, because you can't control the attack surface.
Personally, I'm glad more people don't use it or I'm sure Microsoft would resort to hard-coded IP's and other methods, which require a very configurable router to block (like OpenWRT).
Any network communications that the OS is allowed (or that a Microsoft program or driver that the OS trusts is allowed) can be used to carry extra data about which IPs to talk to in order to exfiltrate "telemetry" or download updates. DNS and WHOIS queries (where MS can publish arbitrary queryable records), peer to peer DHT-like networks (ditto), Tor (designed not to let your router/firewall know who the OS it talking to), the list is endless.
TV downloading updates? it'll probably work
trying to stop MS from spying on you? they have engineered parts of the stack to avoid things like firewall and hosts file blocks, so presumably they have an IP hardcoded in case you block all their hostnames at the DNS level
> IT systems of European governments mostly run on Microsoft software and OS [...] that means that almost all of the data of European citizens — tax information, health records, etc. — along with security related data, are in proprietary file format...
> The problem with the proprietary file format is that Microsoft’s software is made to be incompatible with open source, which effectively forces all communicating departments within a government to use the company’s products, in order to ensure compatibility of files and ease of communication.
The operating system that runs on a system has no bearing on how the data for various applications is stored. As far as I know, Microsoft isn't providing the applications that store "tax information, health records, etc.", unless the governments are using Excel and Word to keep all that information rather than a database.
Even so, if they are using Excel/Word, the Office Open XML file formats are ISO/IEC standards, not proprietary.
There may be some problem of vendor lock-in here, but this article seems to have no idea what the real problem is.
This article seems to originate from the Netherlands, drumming up anti Microsoft rhetoric that was very prevalent a few years ago here.
It is important to understand with these types of articles, that Microsoft and their local partner companies (disclosure: such as the one I work for) has competitors who stand to benefit from stories like these. Other companies (like IBM, Oracle working with local ISV's and service companies) want to sell their, also propriety, but non-Microsoft based solutions. They promote independence from Microsoft as a feature of their software, and have budget to hire PR firms and run a lobby too, just like Microsoft.
But their solutions often come with a worse type of vendor lock-in. The Oracle type. In the Netherlands, most public backend administrative software is not based on Microsoft technology, and it is completely closed, unable to integrate with (Microsoft based) front end systems or web api's.
The article states that Microsoft makes 2 billion in the EU public sector, I don't know if that is true, but in the Netherlands spending on Microsoft software is somewhere around 1-2% of total public IT spending, and I'd say they provide relatively good value for that.
It's not 1992 - Oracle databases can integrate with all sorts of web APIs and front end systems. You may not like how its done or how much it costs, but it's a little over the top to claim that it can't be done.
It can't be done in a business if the vendor decides it costs too much or will be done in a way unsupported for good reasons. Whereas, with FOSS, they might pay someone to fix that or someone might do it themselves. The arbitrary costs and limitations the proprietary vendors can force on locked-in users is an important risk of their model for users.
Of course, however the problem is not a technical one. IT suppliers simply use their ownership of the software and support/maintenance contracts as leverage to claim a stake in any project connecting to 'their' software, and make their customers pay through the nose for anything they want.
This is a very valid point.
> This doesn’t only weaken Europe’s ability to stop the US snooping around, it also leaves security flaws for anyone with the know-how to exploit.
I agree that it is not a very precise technical article. But the main issues hold true.
Android phones run Linux and get hacked to get root access. Routers, IoT devices, and lots of other hardware run Linux variants and get hacked all the time.
This idea that people hold that if only we didn't run Windows we'd all be more secure is silly and naive.
There's been multiple attempts. Linus has even been directly asked to put backdoors in Linux.
There is even a contest to make code look normal, but do something malicious
I'm sure the NSA is very good at that.
To put this into perspective, there's CPU modifications that can make a Linux or FreeBSD system mostly safe and secure against known classes of attack instantly just at the compiler and CPU level with a certain performance hit. Anyone wanting improved security could then use Linux with those CPU's probably buying some extra chips, too, to cover performance loss. You don't have that option with Windows.
Once a vulnerability is used it is likely to be patched. A group that cannot be coerced to do something for you will close vulnerabilities as it learns of them because they are liabilities.
Also, moving away from microsoft will likely lead to the end of software monoculture. You need to research those vulnerabilities for each target. Oh, and it it would be much more than a fewer hours of research.
The software monoculture exists because of USERS. The vast majority of users don't want to have to learn three different OS, look+feel, GUI rules, etc. They just want the goddamn excel file that the CPA sent over that they need for their accounts receivable report to OPEN. Trying to convince governments to go to FOSS doesn't well work because the users slip back to things so that they can do their job the way they know how.
See, e.g. the city government of Munich, which after a decade of trying never got above about 60% of their users to switch to Linux, and is considering abandoning the effort.
Using new software today isn't like it was in the 90s, the OS is much less important. UIs can be delivered by web and all the user friendly UIs (all mobile OSes, and no desktop OSes) area ll similar enough that many users can't tell the difference. If this is the barrier to someone's national security...
It's not impossible for a motivated user to go against every UI (dark) pattern to keep work on an open format, but it's so unlikely as to be irrelevant.
While the file formats may be open, it's widely known that MS keep enough secret sauce in Office so that an MS Excel nightmare won't open correctly in LibreOffice. Being able to decompress and parse the contents of the file (the open part) is not the same as humans being able to interactively retrieve information from it.
The user's intuition is to blame LibreOffice, but as technologists we should recognize that if you won't ship a working reference implementation for effective use of your 'open standard', then it's just malicious marketing.
It is getting harder to remember, but only 10 years ago, having Microsoft as the only supported platform was easily justifiable in most organizations. Even if your software was customer facing!
This was an article for Microsoft haters to upvote each other for saying the same thing they have been saying for years.
It looks like SQL Server import and export file formats are defined, but I am not aware that the native format is standardized.
You aren't serious about that, are you?
Honestly the best desktop system for linux I've seen is Deepin https://www.deepin.org/en/ , which is produced by a Chinese based group and marketed mainly at Chinese audiences.
It installs updates on reboot, which removes many corner cases for desktop users. It has a nice dedicated admin panel that feels like a single interface rather than 20 different panels glued together. It focuses on efficient desktop use rather than some new hotness UI concept which Unity and Gnome3 both got infatuated with. The desktop interface is fast and gets out of your way, but providing useful quick tools to open, close, and switch apps.
Sorry, that was kinda a rant. But seriously, checkout the deepin desktop. New users can be really productive in it quickly and maintain it themselves.
But it's moot anyway. Browser apps will continue to displace desktop apps, and they don't really care which operating system you're running. European governments would be well served to somehow supply their administrations (as well as the general public) with a first-class alternative to Google Docs. Extra requirements: self-hostable, (even more) extensible.
This is not true for many (most?) large governments. Again, my main point is that developers often miss what users actually need and care about.
The problem with that is that there are not only a series of widgets, but also separate programs/libraries made to do what was designed to be done from a shell.
For example, in the file manager, you can right-click a file, and decide what program it opens with. That might mean the file manager has emulated some sort of registry. Alternatively, to better integrate with the system, it might be using xdg-open.
The goal should not be to make a closely integrated system, but a loosely coupled set of consistent, simple programs that let the user control specific aspects of the OS.
KDE and GNOME have improved a lot in this respect, but they still seem to have the wrong goals.
So why is it then impossible to use that on the desktop?
I would say, this is actually the way to go. Because there are MANY good UI-Designers now, because of the web. And they know Web-technologys. If there will be a easy way, to integrate that into the desktop(native apps in general), then there will be better and more consistent UI's over time, that "newbs" can use.
But deepin looks interesting.
edit: and quite ironically, deepin is based on Webkit und HTML5 ... (or used to be until recently, don't know for sure yet, why does deepin does not even have a english Wiki page?)
but the deeper I look into it, the more it looks flawed unfortunately
So until there are just enough of a certain kind of user who can adapt, but still complain and insist on software becoming more usable, things can change.
And face it, both macOS and Windows have had persistent crappy UI/Ux of their own, it's just not as such a critical mass that people say f it, I'm going back to pencil and paper (which when it comes to proprietary voting systems, we should sooner be on pencil and paper).
I always thought the whole systemd thing was a clown car joke. Nobody actually cared, right? Anyone that mattered?
The vast majority of enterprise software is being written in one of the following nowadays:
* Java. Ugly as fuck, can be slow when written poorly (and it will be written poorly). Huge clunky codebase, giant memory footprint.
* React / Electron / Just a webapp. Super slow, super clunky, super painful to write because you break the browser metaphor in a dozen ways trying to make it work. It is putting plane wings on a VW Beetle and hoping you get somewhere in one piece.
* Mobile apps, ignoring the desktop, and pissing everyone off in the process. Some businesses I know have tried putting their Android APK business app they use on ipads in the field in ARC on Chrome for the Desktop to get their office staff using it, its insane.
None of these are good. It is all shit. All the native APIs are colossal shit. Cocoa is awful, Objective C is awful. C# is... ok. But its awful. UWP is horrifyingly bad with some mutant C++ dialect and the promise of eternal lock-in.
Compared to everything else, GTK and Qt are the best development environments for user software by far. I personally might significantly prefer the modern QML style Qt programming over GTK3, but they are still leagues beyond the usability of any other platform, and that is without even considering that they are cross platform.
That is about the worst criticism of the Linux desktop ecosystem, because that is also the best thing the ecosystem has produced, two really good toolkits. GTK not so much for stability, but just using it is much less painful than any first class alternative.
If we can get something to Qt's standards and API coverage written in, say, Rust, that would be the golden miracle. But PyQT right now isn't that bad. It is pretty bad, having to put C++ metaphors in Python, but its only as bad as GObject metaphors in Python, and way better than anything on .net or the awful NDK on Android.
Right now, if you use flatpak based applications on Fedora, they get updated without reboots. And that's the way forward, including for the desktop environment itself eventually.
I am all for entrepreneurship and I do think that companies and competition create progress. But when one company reaches the level of Microsoft, where every year we learn how many billions Bill Gates' bank account increased —I do know that he helps with his money but still, his bank account does increase—, it just takes money off the market. Hoarding is bad.
Like anyone with significant wealth, Bill Gates's wealth is mostly in non-cash investments, whereby the capital is used for enterprise.
A more sensible argument might be that Microsoft is successful because of anti-competitive practises / exploiting a monopoly, rather than adding value.
There is a strong case for redistribution of wealth on its own terms and social good.
Gates isn't hoarding anything, and in any case, all his wealth is going to charity.
Since when is $11.3 billion held by one person in one company, not a lot? It's one of the largest single positions held by any person on the planet in a given company. That position is so large, by itself it would nearly qualify a person into the top 100 richest list globally.
Top Microsoft mutual fund position: Vanguard Total Stock Market Index Fund, 155 million shares.
Bill Gates: 167 million shares.
He'd be the seventh largest institutional holder in Microsoft - a $528 billion company.
Incidentally, Yahoo Finance reckons The Vanguard Group owns 525,395,707 Microsoft shares. The Vanguard Total Stock Market Index Fund is just one of its funds.
YF doesn't mention Ballmer so presumably he sold off his 333 million shares without it making news. It's a while since I looked....
I don't think the problem is with how fast Bill Gates' money is increasing or whether the money is being hoarded. "Hoarding is bad" - some folks say this is a somewhat dubious economic proposition because in theory hoarding reduces the overall cash supply with fewer currency units chasing the same number of goods and services. This is actually really good for savers until the hoarding exceeds a certain threshold where it starts interfering with the velocity of money and all that good stuff. (and frankly, the US GDP is something like 18 trillion, the M2 money supply is apparently 10 trillion, and Bill Gates, despite his enormous pile of money, does not even have 1% of it. I don't think he would make much of a dent even if he hoarded every single penny).
The real problem is the propagation of unchecked power. Be it governments. Be it corporations. Be it dictators or whatever. At least, in theory, well designed governments already include checks and balances. Even the most corrupt banana republic is rarely beholden to the power of such a small group of people like we have in the top tech companies. I mean, how the fuck does Microsoft have the temerity to sneakily upgrade OSes even if people don't want to? Why is there no lawsuit against them of any significance? (And I am sure you can find equally bad examples of abuses of power from all the tech giants).
And while we were all told that competition is supposed to cause the checks and balances and will prevent power from accumulating in any one business - it is probably time to ask if that actually holds true in the technology sector, especially at the bleeding edge? It is probably time to legislate the dismantling of these tech giants.
Not only this wealth would be better distributed, but also FOSS would be widely accepted and a sought after career path. Additionally, in my experience at least, FOSS leads to better professionals. My limited sample, says that a junior developer that can read the source of the library he uses, grows to be a better senior developer than the one that can't.
Question: If governments could inspect and audit MS source code, would the concerns brought up in the article be addressed?
This is a clarifying question, not a loaded one. To avoid any surprises: governments, including the EU can and do audit MS source code (public source, for example: https://forums.anandtech.com/threads/microsoft-lets-eu-gover...)
The way those are done now, they are Valium for politicians and a cash cow for those doing the "audits".
That's what the Chinese government does internally. Ba-dum-tssh.
Critically it must be possible to utilize the data without proprietary products. Government records need to stand the test of time. Just like we can read ink on paper today, in the future preserved records need to remain readable. Libre formats ensure that there is a known, implementable solution. However they also make it more likely that someone will already have that solution.
No. The problem is not the existing code, but the potential for forced updates with new code.
This has put us a head of a lot of other municipalities and a lot of private companies. We've had to send ADFS and Azure consultants back because our crew was better, as an example.
Those people live and breathe Microsoft. Those people are the reason we didn't have to renew our server room, when we decided to go own-cloud in a major hosting center instead, and they are they reason we'll soon be able to move our cloud from rental to Azure.
Sure we could have used other technologies for it, but it would cost an unimaginable amount of money to replace the entire IT-workforce. I'm certain we could retrain our current staff, but a lot of them wouldn't want to, because the truth is, if they wanted to be working with non-Microsoft technologies then they would have been snatched up by our "competition" already.
I think open source should play an important role in government, and I think that role should increase steadily going forward, but I also think people and reason should come before an ideology.
With 370 different IT-systems of various magnitude we already have some that run on Linux. JBOSS and Wildfly are big in government, but out of our entire system portfolio only a fraction of the systems even have non-Microsoft alternatives. Other systems are on 8 year contracts, making it impossible to swap them out overnight even if we wanted to. Which we don't because we would need to replace every system, and get every employee on board with open source alternatives in order to save the insignificant Microsoft licensing fees which make up less than 1% of our IT budget.
Sure, Europe is bound to Microsoft and that can be problematic. What if Trump truly goes apeshit for instance? Then we would be royally fucked. The truth is that there is no viable alternative that won't be ridiculously exoensive and take up to 50 years to fully implement.
With everything heading for the cloud it might not even make sense. The only cloud options for a huge part of the European public sector are labeled with Google, Amazaon or Azure - and none of them would make the legislative challenges or licenses any less of an issue. At least with Microsoft, we have a company who has been really open to quickly and efficiently meeting European demands.
It didn't take you 50 years to get here, why would it take 50 years to to get somewhere. You also have the benefit of knowing what a successful system looks like, so you can avoid many pitfalls from the first attempt.
It's not that we don't want to know how they work. The political administration has simply decided upon a decentralized strategy in which any one can buy anything because there is a belief and trust in localized knowledge.
As a central unit we don't support android because it's impossible to keep safe enough to meet EU law. This, however, doesn't mean that the system to handle electronic locks we bought last year doesn't run on android. It also doesn't integrate with our data warehouse, meaning that 800 user profiles has to be maintained manually but hey.
I have 250 examples like that, but the point is that it's complicated and that there are no easy black and white solutions.
Maybe it hadn't taken exactly 50 years to get where we are now, but it's certainly taken 25. We couldn't just unravel it over night, even if we wanted to.
Well that doesn't seem like a good starting for any but the smallest ventures. National governments have a special interest in safety and security. Fixing this, even in a piecemeal way is surely a step in the right direction.
The attitude of the your post and the higher GP post sound more like people lamenting something some natural disaster that can never change. Instead you could be looking at a system built by people and maintained by people and on some level understood by people and choose to make it better.
Progress is slow though, and it's not like we couldn't do better if the politicians wanted it.
That's the thing about public administration though, citizens genuinely don't care about IT, and bottom up management simply doesn't produce fast changes in organizational culture.
It's worth doing it, to get rid of the sick MS lock-in. Breaking the catch 22 needs to start from somewhere.
We're a medium sized municipality in Scandinavia sitting next to the largest one in the country, meaning that getting good tech staff is already extremely hard with the popular technologies.
The staff who work here now do so because of benefits or ideals, not the pay, where we will never be able to compete. On top of that it's taken more than 25 years and five different middle managers to build the right kind of culture.
I'm sorry, but why would we ever want break that? And why on earth would we do it to possible break free from the Microsoft lock-in 25 years from now, when Microsoft licenses are less than 1% of our IT spending?
And that's just the tech perspective. We'd also have to reschool 7000 employees on everyday software considering how integrated the office365 platform is here. And where is the open source alternative to 365?
(I'm sorry for the wall of text if you were being sarcastic)
I'm confused did you educate them in using office365, or even in using Office 2007 (which was a big change)? I.e. were there courses they all attended? Or did you just update them and them and they had to learn? Similar with the OS, did they go on Windows 8 and windows 8.1 and windows 10 courses or did they just get the update?
I agree that FLOSS lacks a great office suite alternative. I totally disagree with the concept that if there were your users would need to be re-schooled.
You can't imagine how many man hours teaching one drive for business cost us.
We did a comparrison of open office and google docs vs ms office when we did our business case of course. Open office lost by around 1400% with some employees never learning it.
We don't just use office365 though, we use addons. Like automatically sending electronic mail through APIs that integrate with the national platform while using a custom template and journalizing into our record system.
Hell, we've build two word adding ourselves allowing citizens to digitally sign documents with their public identification.
As in actual classes? How did this work? This sounds like an epic waste of money and everyone's time.
> We did a comparrison of open office and google docs vs ms office when we did our business case of course. Open office lost by around 1400% with some employees never learning it.
Yeah we've all done reports like this. They are usually an epic waste of time as usually everyone knows the answer they want before they start... I'm surprised that you managed to get results that were that favorable for the desired answer though - openoffice.org and the more recent Libre Office kept a similar UI to MS office 2003.
> We don't just use office365 though, we use addons. Like automatically sending electronic mail through APIs that integrate with the national platform while using a custom template and journalizing into our record system.
Sounds like 10-30 LOC each if you ran on FOSS systems (although obviously it is hard to tell without knowing what your exact requirements were) - I'm sure office365 saves you time/money in other ways though.
> Hell, we've build two word adding ourselves allowing citizens to digitally sign documents with their public identification.
Did you build libreoffice extensions as well? Or do you expect citizens to subscribe to your software choices? I don't mind what you do for internal software but forcing everyone to use the same software as you is a bad use of tax money.
That means they have a two-factor identity and an secured electronic mailbox hosted by us in the cloud.
So what our addons do is it allows a caseworker to send a document as a PDF directly to a citizen, who can then follow a link to our document signing server and sign it online. They don't need any kind of software to do so, because everything is supplied by us.
If they don't have a computer they can use one at a library our at our town hall. (Which run ubuntu by the way)
I get that you think we wanted office to win in our business case. That's not true, we simply show the political level the facts and they act accordingly.
I'm not sarcastic. For the government organization, it can be just a matter of principle.
When we buy systems open source isn't as important to us as ownership, but it's still relatively important.
Operations is a different story though. As mentioned we use Jboss, and we run it on CentOS. We tried hiring a sysadmin to run our Linux farm, but we've yet to find someone qualified.
So all our Linux servers are supported remotely by a consultant company.
You're correct of course. If the political will is there we could change it. It would be a nearly impossible task, requiring us to rebuild our entire infrastructure from scratch, retraining or replacing 50 staff members and rescooling 7000 as well as rebuilding around 200 systems, of which 50 are major and would have a replacement cost exceeding our entire yearly budget each.
If the government decided to take the country down that road, it would be a different and much more manageable story, and they kind of have. Open source is a priority in the official strategy of digitization, at least in Denmark.
But it'll take a looong time to implement, and we won't be starting with Microsoft because no one really wants to replace Microsoft with uncertainty.
Migration costs are just the costs of switching from one solution/product to another.
Lock-in is when you are in some form dependent on a monopoly.
Insofar as lock-in causes high migration costs, that is mostly because it forces you to migrate in the first place, unless you want to stay dependent on the monopoly. If you are using some software, say, and it's lacking a feature that you need, in a lock-in situation, you have to either buy that feature at the price the copyright owner of that software asks, or you have to switch to different software (which in turn is expensive because your data is, presumably, stored in some proprietary format and the company that knows how to read it is not keen to help you with migrating it to a different software). If you were using free software instead, or proprietary software that you yourself hold the copyright to, the migration would be cheaper because you would have the code to help you with migrating away from it--but more importantly, you probably won't have to migrate at all, because you can just hire any competent software development company from the market to implement your features, and if one company is overcharging you, chances are, you'll find one that is not.
This article made me think: Do I really need MS Office? Occasionally I use Word for 1 to 10 page documents. Then there is MS Excel. I used to use it to do data analysis with it, used Pivot Tables extensively. But now I mostly use it for simple tables. Finally there's PowerPoint. I have created many businesses plans with it. (I used MS Access as well, to create quick line of business solutions, but I'm trying to do this in Python + Django now.)
Now I'm considering trying to move away from MS Office as well. Because actually all that keeps me using it is a vague feeling that I might miss something if I don't. Or others expecting me to send them Office documents (instead of Libre Office) - Germany is MS Office land.
> European children are educated in Microsoft Office, which is given to schools and universities for free, which some call the “crack model” — getting people hooked for free and then start charging them.
God this is so true. Every year emails go out "you can get office for free via $ourSchoolName!" What do you mean indoctrination and free advertisement? I wanted to reply to all with a message in a similar tone (about libreoffice being free and not a trial) but never found a good phrasing that would do anything beyond provoke a backlash (also when discussing it with like-minded friends).
> Security risk
All eggs (not just "all your eggs", no, all eggs) in one basket is a terrible idea for obvious reasons.
90% of the devices that are bought require windows. Every single microscope, ID reader, card reader, access system, detection system, defence devices, advanced cameras, radars, etc. provide drivers and/or software, that I know, offer drivers/apps only for windows.
Even they make a plan to move from windows, it will take years, in this time, every acquisition will be made for windows. A common use for these devices/pc's is more than 5 years. Heck i've seen tools that are used even after 15 years because they worked and no money/desire to replace them.
Of course you can negotiate, or request support for other operating systems, but that means extra money, training, etc. Even in the current state it's hard to get good IT people, programmers, sysadmins, etc. It will be harder to get linux admins. Also it will take years to teach people to use another OS.
And to end: have you seen custom software made for governments? 50% just slap a program that requires x version of .net, some c++ redistributable and requires to run only as admin or only xp, 40% just slap a java abomination or applet and call it a day, 9% make a nice piece of software but just like everyone else after they deliver the software they forget about the support or patch 1-2 things and they are gone. ALL OF THIS is happening mainly because the state doesn't have trained people and they don't know what to ask from devs & because they don't give a shi*t about they money they spend.
It seems every time a contractor gets involved the tax-payer gets a good fucking, think of all the accrued billable hours taken up by redundant layers of manglement pontificating, the endless reworks and finally the extortionate support contract to keep the end product limping along.
Normal accessories like card readers work fine under Linux.
But on the other hand, there were many flaws in the system, but many in the OSS-community did not want to acknowledge, because it is easier to shift the blame to evil conspiring microsoft, than to admit, that linux and libre office is not perfect. Which is really, really stupid, because how can it be technically as good and polished as microsoft products, given there is so much more money behind them. And even though the linux kernel might be now even better than microsoft - that is not at all the case for Desktop, Drivers, Stability, Programms, etc.
In my opinion, the biggest problem was UI and design. LiMux and all its programs just look like something that has been thought up in the 90s. No modern UI, no sleek design.
In addition, the interoperability is horrible. Its just not fun to work with something like that, not when you come home to an iPad oder a Windows 10 machine.
If there was any chance to roll out something other than Microsoft (or Apple, for that matter), government bodies must invest into the UI. If people have to fight with the OS and its applications every step of the way, it will never be accepted.
For example, another headline could be: the US is living under ASML's digital killswitch
I'm not familiar Linux support. Not sure what Red Hat has going on for desktop support.
If you are a reasonably large government body with a budget, I am pretty sure that Red Hat will provide desktop support if you pay them.
Moreover, it is likely that desktop support will become more and more trivial as administrative applications will probably move towards web apps as well.
"February 2017 - Politicians discuss proposals to replace the Linux-based OS used across the council with a Windows 10-based client."
In short, there are no technical problems whatsoever. It's just a strong lobbying...
Same applies to China, to Russia, and any other nation with a well funded cybersecurity division.
A nation could order a software producer under their jurisdiction to write an automatic updater pushing malware to collect:
Access to critical systems
And who knows what else if we are being creative. We use our computers for everything. Coded source software, especially with automatic updates, is systemic risk and it's going to bite a lot of people really badly if a cyber-competent nation ever decides to initiate WW3
If the US wanted to take out all EU computers, presumably they'd use an airburst nuke, and target all the electronics, not just the Windows boxes. Of course, if things got that bad, presumably the "logical" course of action would be to scour the continent, rather than let a pissed off high skilled population live to join Putin.
It would immensely benefit the US in a war with Europe to silently snoop on all those systems and act like we couldn't. Use the information to perform lower cost higher gain military operations.
Killing the populace En masse makes nothing but enemies, but leveraging information can make you friends. Imagine if the US used is massive infiltration to find people sympathetic to its cause and gave them guns and bombs with Russian labeling. Those people do most of the damage in the country and we swoop in with targeted precision bombing and cost effective troop deployments to arrest huge amounts of heads of states and legislatures. We could defeat Europe in a year and at least some portions of Europeans would thank us. Then we move on to the part the US sucks at, occupying.
(Though I guess it requires a broader umbrella of 'MS dickery with networks' as the Xbone debacle was you being forced to be online at MS' behest, and this is sort of the opposite)
Companies 'stuck' on old-fashioned Microsoft Office also have to present information to customers and internal stakeholders, so they hire a 'web department' that then becomes the new typing pool. Instead of dictated or hand-written things that get typed up on 'Wordperfect' (MS Office killed the typing pool for good), we now have Word documents or Excel spreadsheets that some 'web person' has to then copy onto some CMS or other system powered by a SQL database.
I did open a 'legacy spreadsheet' today so I appreciate that there is still some life in having data that way, however I cannot remember the last time I had a use case for a wordprocessor, Microsoft or otherwise.
I also know Microsoft do 'sharepoint' and a few other web things but not many 'real' websites have gone for the Redmond solution, 10% according to the survey I just Googled:
Although 10% isn't quite into Windows Phone territory of pointlessness, I can't imagine setting out today with a new project and instantly thinking 'Microsoft'.
I think the Microsoft problem will cure itself much like how the old typing pool died - people get old, they retire, new people come along and learn how to do stuff with the new tools, the more efficient processes and the demands of the time.
There are no true alternatives in my opinion. Everything else just does not cut it. Websites are slow and more often than not come with all kinds of garbage. Such as advertisements and the latest and greatest font or version 126.96.36.199 of whatever.js (that developers insist must not get cached because they use continuous integration! (note '&t=' parameters when GETting a script)).
No please, PLEASE, let me keep my efficient clean familiar office applications. They are everything I need, I think it's great not much has changed about the basics since they were introduced. I love the fact that I can sit down behind office 2016 and office 2000 and be just as productive when working with simple documents. I love the fact that my dad, whom I often support with computer related stuff, did not even notice the update from word 2003 to 2010.
I find that sharing files between them is huge pain and that the UI is totally different.
Have you considered LibreOffice, it is at least as fast as ms office, but can work with files from any version of ms office or other programs. It also doesn't cost money, which you didn't mention, but is a concern for most people.
As for letting "your software", as the article made clear it is not yours. You keep them at the pleasure of microsoft. If they ship an update that breaks them you are screwed. If they decide that your version of office is too old for your new version of windows they can ship an update that breaks it and they are financially incentivized to do so.
There was also a time when typing pools were totally essential, we don't defend typing pools and insist on having them now though.
Excel gives a lot of 'compute power' to non-developers. Nothing else is as good and flexible for so called 'end users'.