> Ken Glueck, Senior VP for government affairs, Oracle
> Bio: Based in Washington, Glueck has run Oracle’s Washington office for about 20 years, having built a career as a tech lobbyist before there was a phrase for it and running field operations for Connecticut Sen. Joe Lieberman.
"False Narrative: In-house government IT development know-how is critical for IT
modernization. In-house government procurement and program management
expertise is central to successful modernization efforts. Significant IT development
expertise is not. Substantial custom software development efforts were the norm at
large commercial enterprises, until it became obvious that the cost and complexity of
developing technology was prohibitive, with the end-products inherently insecure
and too costly to maintain long-term. The most important skill set of CIO’s today is to
critically compete and evaluate commercial alternatives to capture the benefits of
innovation conducted at scale, and then to manage the implementation of those
technologies efficiently. Then, as evidenced by both OPM and Equifax, there needs
to be a singular focus on updating, patching, and securing these systems over time."
Um. Yeah. 'Cause that's going to lead to a good end.
Every large org project I’ve seen fail does so for three large categories of reasons: under-management (delegating too much authority, project management and lack of accountability over to vendors), vague requirements (ie vendor becomes more hesistant, less certain what to build and moves in tangents to meet expectations) or too long of a feedback cycle (ie BDU).
Well there is a mix, the majority of companies shouldn’t waste their developers time on writing an inventory management system or writing an accounting system. Instead they should focus their efforts where they can build a major competitive advantage.
Then pay contractors to blow torch rip-replace the tip of the screwdrivers after each screw turned. See also: scrap-heap piles of new engines and wheel rims left in Afghanistan that were billed to the US military, the metal of which was sold cheap by local scrap merchants to make weapons for the Taliban in Pakistan.
The commentary doesn't specify, but what private sector use of OSS might be declining rapidly? Does this claim have any merit? It seems like almost all web stacks rely heavily on OSS, but coming from Oracle, I assume they could be talking about databases specifically. Would it be true to suggest use of OSS databases, e.g., MySQL, is declining?
Oracle positioning themselves against OSS is interesting, and might be telling. I would assume that a message to the govt that OSS is bad means that OSS is actually winning, and Oracle is more scared of open source than it is of other for-profit competition.
This is also in line with the government defining OSS as "commercial" software. From the government's perspective, the line isn't whether they paid money, it's more like whether the software comes with a license. http://dodcio.defense.gov/Open-Source-Software-FAQ/#Q:_Is_op...
I feel like that's where Oracle's commentary trips up a bit, because they're painting a picture of the fears of bad things that can happen when using OSS, without realizing the government already figured out that most of the implications and liabilities of any software come from the licensing, and not the dollar costs.
> The commentary doesn't specify, but what private sector use of OSS might be declining rapidly? Does this claim have any merit?
I'm an engineer at a fortune 50, and from where I am sitting this is claim as no merit at all. Our dev shop is pretty much entirely open source excepting databases. The rest of the company prioritizes open-source first for all new development. Open source is alive and well in private enterprise, and I suspect that's why Oracle (and some other companies) are diversifying their PR strategies right now.
Same here, except I'm not working at a Fortune 50 (though probably only because SAP is not US-based). Our team runs OpenStack on Kubernetes for our internal infrastructure, and most development is happening in the open at https://github.com/sapcc
>>>The commentary doesn't specify, but what private sector use of OSS might be declining rapidly? Does this claim have any merit? It seems like almost all web stacks rely heavily on OSS
The trend for Open Source has been for a long time to Open Source Tools, Libraries, and other code that is used to create propriety closed source software for companies and individuals to consum
This is why you see a massive decline in GPL and other copy left licenses and a Huge increase in Apache, BSD and MIT licensed code as there are no legal issues with including Apache, BSD or MIT code into your Proprietary end user application
SaaS, and PaaS (aka Cloud) are also leading the downward use of Open Source as most of these applications are at best Freemium where the supported version of the Software is closed source paid for and they might have a "community edition" that is open (if you are lucky)
If you are the copyright holder, you can do whatever you want with the software. You don't need to obey any license since you're the counterparty for anyone accepting the license. If your premise is correct, and open source projects have become dominated by tools, libraries, etc that support a proprietary end product, it would make more sense to me that most of those tools would be released under the GNU GPL so that the original author can incorporate it into their own proprietary software but no one else can do the same and the original author gets back any improvements contributed by outside parties.
>open source projects have become dominated by tools, libraries, etc that support a proprietary end product,
One look at Github proves this to be fact
> it would make more sense to me that most of those tools would be released under the GNU GPL so that the original author can incorporate it into their own proprietary software
No infact it would not, because if they accept code contributions those would be GPL with a copyright attached to the 3rd party developer, and if they then incorporated those into their closed code base they would be in violation of GPL and the 3rd party dev could sue them, This has happened many times
Some organization attempt to get around this is CLA's but CLA's are universally frowned upon and completely kill contribution from 3rd parties as such most Open Source projects that operate with CLA's end up having very few contributors that are not being paid directly by the primary company behind the project.
CLAs are frowned upon by some, but they don't completely kill contribution from 3rd parties. I've signed plenty, and I've encountered plenty of projects that use them that continue to have a good community of outside unaffiliated contributors.
Tools might be fine as GPL, but companies don't want to touch strong copyleft with libraries and subcomponents for fear of needing to disclose the proprietary additions. And one of the larger reasons to open source something is to get external involvement and funding in the project. So you don't want to license it in a way that will disincentivize contributions. Copyleft protects you from proprietary forks, but if your building common infrastructure with peer companies across different industries this isn't a concern, instead maximizing involvement is the objective.
Where I work, our open source stuff is released under fairly liberal licenses because we want it incorporated into other companys' proprietary software. If they adopt our code and our standards that makes it easier for us to interoperate with them. Improvements tend to be upstreamed anyway, regardless of license, because it makes maintenance easier and reduces fragmentation.
If you release your tools under GPL it is less likely anyone will get paid to improve them. If you release under MIT, commercial users will try to upstream their changes so they can continue to benefit from trunk development as well as avoid the maintenance burden.
I'm a big fan of GPL but I don't think it's appropriate for libraries. In that page they give the example of readline, which is GPL because there are no alternatives and it is supposed to boost the GNU community. What happened is that there is at least an alternative now, the BSD-licensed libedit/editline http://thrysoee.dk/editline/
My argument about licensing with GPL is that I want all the modifications back and not blackboxed in some software a company is making money from. They can make money out of my work (anyway it's more about marketing than sw development) but at least they have contribute back the improvements. Libraries are usually a small brick in the building. If they patch a LGPL library they must contribute back the patches and I think it should end there. The author shouldn't have any claim about all the other software they're linking it to. So LGPL, not GPL.
LGPL also contains the re-linking requirement as a wrinkle. This makes a LGPL library impossible to use in mobile apps. The walled garden ecosystems are in conflict with it.
> The commentary doesn't specify, but what private sector use of OSS might be declining rapidly? Does this claim have any merit?
Given that his claim has no citations or data to back it up, I think the default position is to reject it as anecdotal at best and bad faith at worst.
Microsoft and Apple are busy open sourcing huge swathes of their software. (.NET alone has huge enterprise penetration). So I cannot see how it can be true whatsoever.
Paying someone to offload things you shouldn't be doing is a sound strategy when applied correctly. Unfortunately this message can't come from someone like Oracle whose entire business depends upon companies choosing to buy instead of build.
I used to work for Oracle in the field as an SE working on the largest enterprise customers they sell in to. What's left out of the rebuttal is how Oracle (or really any vendor), often sells solutions to problems that customers don't have. And even the solutions that do solve the customers problem on paper are often complicated, don't quite work right because of implementation problems, and lower quality because they're more general purpose. So you end up with a situation where it's dubious that you're any better off at the mercy of a vendor whose interests aren't well enough aligned.
The real trick is figuring out where the line should be drawn in buy vs. build for any given initiative and the underlying technology required to satisfy those requirements. Can a homegrown software org. handle the entire lifecycle of building and maintaining the products they build? The ideal place for these teams is at the margins and leveraging highly used products where there's as little custom code ownership as possible. Open source or otherwise. There's certainly a tipping point beyond which an open source project has better quality but it's not clear where that lies.
And if you're getting into bed with any software vendor without transparent pricing and good vendor management you risk subjecting yourself to renewal conversations that answer the question of "How much?" with "How much you got?"
>> What's left out of the rebuttal is how Oracle (or really any vendor), often sells solutions to problems that customers don't have.
I interviewed at Microsoft for a field position and the Director I interviewed with basically said this in response to an answer I gave "We don't ask them what they need, we tell them what they need."
It just feels dirty coming from the guy they called to help with their technical problem. I'm there as Technical Consultant to solve your problem, not upsell you a different set of problems.
To be fair the director in charge of my group said to me at the start "You should help the customer. If it's not an Oracle solution that's fine. We'll eventually sell them something, we're too big with too many products not to." So at least he had the right intention. I did see the friction surface with reps though because they don't have the same agenda :-)
> Substantial custom software development efforts were the norm at large commercial enterprises, until it became obvious that the cost and complexity of developing technology was prohibitive
Pardon me but this is one of the most bullshit things I've read in a long time.
I work for the fortune one. The idea that open source is in any way decreasing is a dangerous lie. I can think of one closed source app that's any good right now. Splunk. Everything else I interact with is garbage that slows our business down.
I am shocked that in the same document Oracle is pushing back on technical competence in the government. I shouldn't be but I am.
Closed source is the Cobol of a fortune 50. It exists, it's going to be a while before we get off it, and basically nobody is happy to be running Cobol, Oracle, or Tibco.
COBOL is just a programming language. Many companies used it to develop good sofware for internal use. Of course a lot of pretty bad software was developed with it also, mostly by big consultancies. But the goodness or badness of software doesn't have much to do with what language was used.
> But the goodness or badness of software doesn't have much to do with what language was used.
To a certain extent it does. COBOL is in the same category as Visual Basic in the sense that they make it easy for novices to quickly create programs that half work, but getting the other half right then takes far more effort than would have been required when using a better language to begin with.
The result is that people using those languages tend to give up at that point and subject the users to their half broken programs.
Plus the companies still most highly invested in COBOL and VB are likely the same companies that live and die by the sunk cost fallacy. COBOL and VB had nearly as much good as bad in their time, but to some extent the companies with good COBOL or VB programs more often than not have moved on with the times to greener pasture.
Meanwhile, it's harder and harder to argue that the companies still using COBOL or VB for core business processes care about investments into good code, and as the good programmers move on to other languages it's hard to argue that much good code is currently written in those languages (except at great expense to retain good programmers in bad situations).
The bigger concern is the risk inherent in modifying big legacy COBOL projects and their maintainability, if you can even find programmers willing to work on a codebase that old.
> The actions of 18F and USDS plainly promote open source solutions and then propagate those mandates across government with the implicit endorsement of the White House. The USG’s enthusiasm for open source software is wholly inconsistent with the use of OSS in the private sector.
I think we can objectively say that the current administration places a priority on undoing the legacy of the previous administration. Since IIRC 18F/USDS were spawned by the previous administration, I worry about their longevity. They're really in danger if they're called out by business leaders like Oracle.
It's very easy for people who haven't worked in software to hear "socialist" when told about "Open Source Software". This message from Oracle seems to try and evoke that sentiment.
I don't think President Trump has any particular interest in undoing 18F. It's not a highly visible project by any stretch of the imagination, and if anything enhancing it would help him with his platform.
He’s not a tech guy but he thinks he’s good at deals and wants to burn Obama’s legacy. I’m pretty confident predicting how that’ll go when one of the big contracting companies buys a membership at one of his golf clubs and gets a chance to talk about how much money he can save the government by getting rid of all of those expensive Silicon Valley types Obama brought on as federal staff. Convince the top executive and it’s really hard for staff to correct the salesguy’s misinformation (i.e. Oracle’s business model).
There’s also no way that Congress doesn’t have money pouring in, since that’s legal for contractors but not government agencies.
In either case, the actual results don’t matter: even if it costs more for worse results, a certain percentage of people think of privatization as magic and will support the image even in cases where it’s costing them money. You can see this frequently in businesses where the CEO sees only the savings in reduced headcount and is blind to the extra delays and failures.
Arguably this very comment thread started by an Oracle executive is a step in that direction, a feeling of tentacles by Oracle if they can shut up some of this open source competition they've been seeing.
This administration is going to listen to guy who shows up to the golf club, an Oracle sales dude, not the policy wonk nerds in the basement of the GSA with good ideas and ideals that understand the government is not a business, and everything about this Oracle guy's comments are wrong.
> It's very easy for people who haven't worked in software to hear "socialist" when told about "Open Source Software". This message from Oracle seems to try and evoke that sentiment.
I think FOSS is more socialist. Isn't that a good thing?
This comment breaks the HN guidelines by taking the thread further on a generic ideological tangent. That leads to informational heat death. Please don't do that.
FOSS is a philosophy of making source code available to people to do as they please in the confines of their homes. It's far more rugged individualism than collectivist, standardized one-size-ism.
The EFF should read up the NRA playbook - "only defense against bad OSS is good OSS".
> Socialism and Capitalism isn't really applicable on non-tangible things.
I agree, but that may not hold when we go out of our way to make things tangible with inventions like "intellectual property". FOSS is a continuation of this within the legal framework, it's trying to take the non-tangible software and make it something more solid that we can "touch" and play with.
That said, I'd say it's more like philanthropy, no one is being forced to give anything away.
I was very pleased this distinction was already posted. Here's my stab at the same point:
Socialism redistributes _limited_ wealth to those whose labor actually produces it, since the capital which owns the means of production is not motivated to distribute things evenly.
Capitalism leaves the limited wealth in the hands of the owners of production and lets economic realities distribute the wealth.
Bluntly, the Free Software movement just states the axiom: let me copy your software, and the only cost is to make the copy.
The Free Software movement argues that charging for copies is a good idea. (So, not socialist? There is a non-zero cost to making a copy.)
However, the Free Software movement argues against all limits on that copy after it is made! (So, not capitalist? The owner of that first production cannot limit the copy.)
Not capitalist, not socialist, software is quite different:
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.
Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.
You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.
You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.
Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.
We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.
Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.
In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.
You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.
In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.
Your increasingly obsolete information industries would perpetuate themselves by proposing laws, in America and elsewhere, that claim to own speech itself throughout the world. These laws would declare ideas to be another industrial product, no more noble than pig iron. In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish.
These increasingly hostile and colonial measures place us in the same position as those previous lovers of freedom and self-determination who had to reject the authorities of distant, uninformed powers. We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies. We will spread ourselves across the Planet so that no one can arrest our thoughts.
We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.
> Socialism redistributes _limited_ wealth to those whose labor actually produces it, since the capital which owns the means of production is not motivated to distribute things evenly.
I don't believe HN is the place for this discussion. Yes, we do talk politics here, but mostly what is related to case in hand.
Also your post is a textbook example of Gish Galloping[1].
No, socialism is not a good thing; but it doesn't apply to software licenses anyway because there is effectively no natural scarcity in software distribution.
One can safely assume that the opposite stance to Oracle on any given policy is what is best for Humanity, one can also safely assume that taking a polar opposite position to Oracle on any subject will be the Ethical and moral position.
I downvoted this not because I like Oracle, but because this is a terrible way to think. If you're not qualified to determine the value of a statement based on it's contents, either ask someone else more qualified, or start learning.
Evaluating a company to equal good or evil and then judging all statements from them based on that rule leads to a lot of faulty thinking. There are people who have for the last two decades automatically assumed everything Google says is good (false), and everything Microsoft says is bad (also false).
It leads people to fail to recognize that corporations act in self-interest as a whole, as they have one real mission: Profit. It leads people to fail to recognize that corporations are made up of people, who, while influenced by their compensation and bias and culture, do have their own views and opinions. And most importantly, it leads people to fail to recognize that corporations change over time, as their people, culture, and priorities shift.
Assuming the worst of Oracle is a pretty good heuristic in my experience, and the origin of this heuristic is Oracle's terrible treatment of everyone - customers, employees, competitors, etc..
In this case a leopard certainly has not changed its spots.
Oracle is a company. And your sole statement of why "Oracle is different" is because in your personal opinion, Oracle has never been on the right side of an issue, which is a very subjective view. (Not to mention the fact that it's near impossible for you to know of or evaluate every view ever expressed on any topic by Oracle as a company or any representative of Oracle.)
For most companies you are correct, they are simply amoral profit seekers. Oracle however is a different breed that cross from simply being amoral to something decidedly different
Even a cursory look at how they treat employees, customers, vendors, or anyone really will show this in clear detail that they operate differently then other amoral companies.
Oracle is a special kind of evil IMO
>>>They might occasionally be on the right side.
Name one time they have been on the "right side" I can not. You are correct that a traditional amoral company will sometimes be on the "right side" and sometimes not. Oracle has a perfect record on being on the "wrong side" proving my point above
>> There is no such principle that technology developed or
procured by the USG should be available free for all citizens, in fact that would
present a significant dis-incentive to conducting business with the USG.
Conflating software developed with software procured. And this is a section where he pointed out a tendency to conflate some other things. I wonder if that was a subconscious confession ;-)
That conflation is particularly slimy because works produced by the US government are explicitly, statutorily ineligible for copyright (17 USC 105). In other words, not only is there such a principle with regard to USG-produced works, it's been actively expressed in US law for decades.
It’s weird that the DB Engine list conflates OLTP and OLAP databases into one category when they are used completely differently. Would be nice if they had subcategories or filters for something like this.
The line between OLTP and OLAP is getting more and more blurred. There are new databases that sit in between, so I think letting those categories go away is a good idea.
The irony - most of oracles propriatary software has large chunks of open source (not theirs) code. If they ever looked at all the jar files of their “fusion middleware” and similar things they’d know.
> Here there is an inexplicable conflation between “open data,” which has a long legacy in the USG and stems from decades old principles that the USG should not hold copyrights
It is explicit that the United States Government can not hold U.S. copyrights on government works, that's not a "false narrative", that is the law[0].
It's self-serving, but I wonder if it might true. Locally hosted applications are a varying mixture of open-source and closed-source, in different proportion in different places. But when they get replaced with SaaS, as is now the fashion, that replacement is almost always commercial closed-source.
Though every SaaS is 99% Open Source software with 1% proprietary sprinkled on top to create the value add. So really these are much more open source than the old vendored solutions where they installed the proprietary software onsite.
And they were especially annoyed with the idea that taxes supported software should be open source. I think it's a great idea, and Oracle should get lost for opposing it. Taxes surely should not be used to support someone who pushes copyrightability of APIs.
There's some good points, but of course neglects the true comparison with closed source, which has a terrible track record in all of the stated claims. "Tail costs" are hilarious coming from an Oracle executive.
Notably, given identical budgets, I'd be shocked if FOSS couldn't delivery faster, more feature-rich and more secure solutions.
Is the success of healthcare.gov an example?
I, for one, would love to see a mix of the two methods across 100+ projects, then a GAO post mortem.
The only thing that makes proprietary software popular is the fact that proprietary software depends on more proprietary software.
If you use closed-source software, and you want a new feature, you must create entirely new software that is compatible with it, and usually that means hiring the same companies (who can read the original code) or hiring new "professionals" that have made themselves comfortable with the ecosystem.
Free software, on the other hand, allows the application of less software for the same amount of work. You can add features, and those who work with free software don't waste everyone's time with proprietary software if they can avoid it.
The US government is incredibly inefficient, especially in IT, and its solution thus far has been "throw more money at the problem". This is clearly a detrimental non-solution. Those of us with clear heads should be adamant that proprietary software does not belong in our government.
Really? Because the largest Proprietary Software vendors have the very very worst reputation for their support, and often sky high prices to even get that support above and beyond the cost of the license to use the software
So no I do not believe Customer support is what makes it popular.
I know a few years ago when I was working on a government procurement project for some software, the (very good) lawyers were very weary of any OSS included in the proprietary product we were buying. Their reasoning was, we were buying the product from the vendor. If the vendor had incorporated the OSS code into their product and it was found that they'd breached the license conditions, then we essentially lost the license to run the software - otherwise we'd be in breach as well. Not what you want when you're spending hundreds of millions on a project.
Then you shouldn't buy software from anyone but a natural person who is the original author of 100% of the code, because the same logic applies to any license regardless of the terms.
It's just as easy for proprietary software to be a derivative of some other proprietary software which the seller screwed up and didn't acquire the appropriate license for.
Totally false. A lot of open source software is MIT style, which effectively means there are no consequences to infringement. If the infringing code is GPL, then as customer you've won the lottery, because now you've got an irrevocable free license to everything tightly coupled to that code, and the vendor is limited to charging you for ongoing labor or for adjunct products. You have no responsibilities as customer except to refrain from preventing others access; if you choose to (re-)distribute the code, then you cannot constrain the recipients of the code. The vendor, on the other hand, is now required to charge no more than copying fees for infringing code, and must do so for any customer. They can charge for development labor and support fees (see: Red Hat), but derived code is available to you in perpetuity.
Be careful with assumptions. You might end up using MIT components to which you don't have the patent rights. This is one of the reasons why Microsoft adopted the MIT instead of the Apache license that is legally safer for enterprise.
In regards to Red Hat, you don't get the code available in perpetuity (time is three years for GPL portions) and you can't distribute that code to others when it still contains logos and other trademarks from Red Had inside (CentOS is often the alternative). Effectively you are paying them for a time-limited subscription to use their logo. That's on the fine print inside Red Hat license agreements.
I know this because my job is to make sure open source can be used without bobby-traps.
The vendor can, of course, charge whatever they like for copying fees. The customer would be wise to get source from the beginning, and keep track of it for themselves, but that's a matter of "physical" access, not legal right. From GPL 2:
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
This is concerning if true, would like to see more data.
This modernization initiative is an opportunity to set a standard of OSS software in the USG. It would be disappointing to see this pass, securing another round of lock-in.
"False Narrative: Government should attempt to emulate the fast-paced innovation of Silicon Valley. [...] The USG is not a technology vendor nor is it a start-up. Under no circumstance should the USG attempt to become a technology vendor. The USG can never develop, support or secure products economically or at scale. Government developed products are not subject to the extensive testing in the commercial market. Instead, the Government should attempt to emulate the best-practices of large private-sector Fortune 50 customers, which have competed, evaluated, procured and secured commercial technology successfully."
Bullshit. The USG has a the ability to leverage scale like no business ever could. The government consumes of tech are balkanized and sold billion dollar contracts over and over again when they could pay industry wages and still come out ahead.
I mean, I think reality intrudes on your fanciful theory. When GSA was hacked and life-threatening personal information on security-cleared government employees was leaked, the public reaction was: eh. Compare this to Equifax, where the intrusion was less successful than at GSA, but which may nevertheless cease to exist, and whose entire leadership will likely be replaced.
I think the reality is: people have seen and therefore expect government tech systems to be awful and vulnerable. And people have seen and therefore expect private tech systems to be relatively better.
I think this is more an anecdotal case of "I'm not a security-cleared government employee, so why should I care". I see as much or more of the opposite viewpoint from what you are espousing: the GSA is forced to be accountable with giant audits and meetings and red tape until the problems are found and root causes discovered and mitigations (even token mitigations) in place. Meanwhile, Equifax was hardly punished in the stock market, the one place that supposedly gets any sort of accountability out of publicly traded private corporations these days (since they only seem to care about quarterly profits rather than employees or customers or people in general). There was a lot of anecdotal resignation among my friends that no one is or can hold Equifax accountable and we'll never leave the status quo of Equifax making millions of dollars in profits warehousing data that they have no right to own.
It reads to me like warmed-over old propaganda about how The Government uniquely sucks at doing anything useful and The Market has already optimized everything into the best of all possible worlds anyway.
In the past I’ve seen that free software licenses make companies nervous, and they will inject Legal in the middle of your project schedule. This creates at least weeks or months of nontechnical dependencies in order to obtain approvals for even the simplest things (and you have no control over the activities of the Legal departmentc at all so good luck with your promised timeline for completion). In addition, GPL can practically translate to an automatic “No” in some organizations.
The wording of licenses also matters, which is why coming up with “cute license that is mostly well-known license but different” is a sure way to severely delay or prevent corporate adoption of your project. At this point, you should really just pick a well-known license.
Given these thorns in the side of company code, it is not at all surprising when engineers consider just coming up with some code themselves.
Yeah, but most new code (especially frontend javascript, desktop application libraries, mobile application libraries) is 2-clause BSD, ISC (which is formally equivalent to 2BSD), MIT, or Apache 2.0. I guess there are goons going around slapping WTFPL on things, but oh well, doesn't seem to be stopping anyone.
GPL doesn't cause problems unless you're distributing. If you're just compiling and running it as part of your service, it's no biggie. I ran it by legal pretty quickly. I've worked on plenty of projects with GPL stuff in them.
> GPL doesn't cause problems unless you're distributing
Or if you might want to distribute in future, what is good now might become impossible because a client wants an on premise install for instance. Or if the software department ever get's spun out to a separate legal entity. I'm a big fan of the GPL, even the AGPL, but I wouldn't use a GPL library in a non-GPL product.
"Use of open source software has been declining..." is a clickbait headline that is a pretty minor part of the document. It should be no surprise that Oracle doesn't like open source and I don't think there's much benefit to getting into the mud on that topic.
Don't underestimate the impact of the SaaS model causing this to shift. Most on-prem, whether FOSS or commercial, has large startup cost associated with it.
Conversely, more are choosing the (mostly commercial) SaaS alternatives to avoid those startup costs.
Source: corporate finance and work with IT purchasing.
I don't necessarily agree with him but I do sympathize on the security front. I know we all do our best in the OSS world but governments collecting all that data and not paying engineers to do formal verification and security auditing seems pretty scary.
Maybe this is a little backwards but there's something comforting about a massive beauracracy filled with paper forms and legions of administrators. It makes it quite difficult to run off with a billion records, doesn't it?
Private sector dev checking in: (Very grumpily checking in, after reading some of TFA)
This really couldn't be more untrue, and I say this both as an eng in my day to day, and as a washed up data scientist who was once tasked with investigating this exact question.
Open source continues to be an extremely compelling option (and oftentimes THE idiomatic option) for large swaths of common tasks.
I could really only believe his assertions if his data is so twisted out of the realm of a kind interpretation.
I tried to read through but at every paragraph I was met by a wall of handwaving which aligns far more strongly with Oracle's incentive to sell support packages than any reasonable interpretation of reality.
Some snippets:
- "Government should attempt to emulate the fast-paced innovation of
Silicon Valley. Silicon Valley is comprised of IT vendors most of which fail. "
Do they fail because of their tech choices or their strategic choices?
- "Instead, the
Government should attempt to emulate the best-practices of large private-sector
Fortune 50 customers, which have competed, evaluated, procured and secured
commercial technology successfully."
In my experience, the most technologically savvy F100's are all VERY familiar with utilizing in-house dev, and as recent releases from AWS/Azure might suggest (SQL Server on linux, Aurora support for postgres/mysql, etc) OSS is a key part of this as well.
- "Significant IT development
expertise is not. Substantial custom software development efforts were the norm at
large commercial enterprises, until it became obvious that the cost and complexity of
developing technology was prohibitive, with the end-products inherently insecure
and too costly to maintain long-term. "
Exactly, so we started moving to _OPEN SOURCE_, but not in exclusion to the in-house expertise. (HN has seen lots of the murmurs about when this transition went south and believed that too much outsourcing at the cost of domain expertise and stability was the path to success) He later goes on to cite equifax's failure as an example of this, which I find especially entertaining because that suggests a privately developed piece of software would somehow have more eyes on it or guarantees of safety than a product as widely used as most things Apache.
- "The most important skill set of CIO’s today is to
critically compete and evaluate commercial alternatives to capture the benefits of
innovation conducted at scale, and then to manage the implementation of those
technologies efficiently."
Translation: "We don't like the alternatives CIO's have been finding, because they aren't Oracle".
I'm getting a bit snippy here as one might tell, so I'm going to stop reading before I start screaming at my monitor.
"The COTS industry is under an anti-commercial attack". Oh no, not the COTS industry!
> In my experience, the most technologically savvy F100's are all VERY familiar with utilizing in-house dev, and as recent releases from AWS/Azure might suggest (SQL Server on linux, Aurora support for postgres/mysql, etc) OSS is a key part of this as well.
Ding ding ding fries are done! Oracle is deeply concerned with losing customers to PaaS and Saas providers. Part of Oracle's current model is to push its mixed and private cloud offerings for their customers--AWS and Azure have a huge share of that market already.
It's Oracle, though, and they have a huge presence in the gov't sector... They're trying to reclaim that as much as possible by moving in on the Trump Administration's transparent give-aways to favored parties.
> Ken Glueck, Senior VP for government affairs, Oracle
> Bio: Based in Washington, Glueck has run Oracle’s Washington office for about 20 years, having built a career as a tech lobbyist before there was a phrase for it and running field operations for Connecticut Sen. Joe Lieberman.
[1] https://www.recode.net/2015/8/18/11617800/meet-silicon-valle...