Open Source with the Home Office and the British Computing Society
Recently there has been a lot more interest from the government in Open Source software than we have ever seen before, both at Cabinet Office level, departmental level and in Local Authorities. Last night was the first of two sessions hosted by the British Computing Society’s Open Source Specialist Group to help the Home Office IT team to gain a better understanding of why they are not taking advantage of as much Open Source software as they feel they should be doing, and to examine some of the issues and obstacles that have led to them being locked in to solutions that don’t give them the freedom and cost benefits that they are seeking.
The format of the evening was a panel debate with Mark Elkins of the BSC chairing and Tariq Rashid of the Home Office proposing the topics for discussion. On the panel were representatives from a number of large system integrators (SIs) who work on large scale government projects. The panel was:
- Darren Austin, UK Chief Engineer, Atos Origin.
- Adam Jollans, Program Director – Open Source and Linux Strategy, IBM Systems & Technology Group.
- Mike Robertson, Head of Public Sector Business, Savvis.
- Gurpritpal Singh, CTO, UK Technology Consulting, Hewlett Packard.
The format of the evening was that Tariq would pose a question and the panel members gave their responses before it was opened to the floor for questions and comments from the audience. This format worked quite well – although some members of the audience were clearly unused to requesting, and then waiting to be called to speak, and rather disrespectfully interrupted the proceedings on a number of occasions to spout their opinion during the panel responses – please, if you go to an event with a set format, don’t disrupt it, that just makes the community seem unprofessional.
I won’t break down the responses question by question (there will be audio published at some point I believe and I didn’t take good notes) but some of the key points raised were:
The System Integrators are perfectly happy to work with Open Source. The customer just has to ask for it. All the SIs on the panel said this. They already provide Open Source solutions to other countries, they already use Open Source software where they are providing just a service (cuts their costs and gives them more control). They just pitch proprietary stuff at procurement contracts because that is what wins them here.
When the customer asks for a service to be performed to open standards (yes there was a discussion of the definition of an open standard, the problems of FRAND and the need for Free standards) then the integrator will generally use Open Source software because it reduces their costs (a little) but much more importantly allows them the freedom to commercialise the overall solution in the way that they want to, without complicated negotiations with a third party supplier. The implication of this seemed to me to be that the government still gets screwed over, but only by the SI, and possibly not so badly.
Purchasers of smaller solutions rather than multi-million pound services projects buy from a catalogue, the  G-Cat or something like that. This is a list of approved, vetted, commercial off the shelf (COTS) solutions that are safe to use (“safe” in this context meaning you won’t get fired if the thing you bought was on the catalogue). This catalogue is hard to get on to. Suppliers of proprietary software have to jump through hoops to prove that they are good enough as a company to supply the licenses and there may be some technical appraisal, I don’t really know the details. The point is that the process is hard, it takes time, and probably money. Suppliers go through that process and write it all off as cost of sales, because they know that if they get on the list then the gravy train is on it’s way into town. Open Source projects, with great code, a solid and active community, but no real concept of “financial stability” (and equally no concept of “financial instability”) often have no budget to jump through hoops and fill out documents as a presales exercise because they get, and want, no financial reward at the end of the process when someone in local government downloads and uses the software for free. If the government wants Free Software in the catalogue, they are going to have to pick up the tab in the short term for the presales activity and engage with some knowledgeable consultants (yes, we will do that kind of thing) on a project to go through the evaluation process and fill out all the forms to enable, in the longer term, better value selections to be made from the catalogue.
There was quite a discussion about the ownership of risk, this is important to government purchasers, but more as a concept, than as a reality. Large projects have big penalty clauses, which means that the government likes to work with suppliers who have the financial wherewithal to live up to these clauses. I don’t think I am revealing that much about my company finances to say that we would struggle to demonstrate that we could pay up on a penalty clause running into tens of millions of pounds. Does the government exercise these penalties on a regular basis? No. As one of the pannelists mentioned they would swiftly end up owning all the SIs if they did, and whilst the UK government nationalising IBM is a fun thing to contemplate, it really isn’t going to happen. I made the point at this stage that the government seems to get a lot of comfort from knowing “who to sue”, if things break. What they need to do is learn how to gain comfort from knowing “how to fix it”, and knowing that they can engage with any other supplier to fix broken things. Having open code and the legal right to modify it to your requirements and to have other people modify it to your requirements actually reduces risk. Having financial penalties does not in fact reduce risk at all, it just mitigates your liability when things go wrong.
Next week there will be another debate covering slightly different topics, I believe the format and panel will stay the same which I think works very well (subject to a well behaved audience of course). The topics are listed below, feel free to discuss them in the comments and I will try and pass on some of the most insightful at the event.
Evening Debate 2 – Tuesday 1st March
1. Security. OSS is insecure compared to commercial software?
- By what criteria can we select software to minimise security risks?
- Does OSS need a different approach to patching?
- Can we simply use empirical evidence when comparing OSS with closed software? Statistics for internet browsers are common – published vulnerabilities, known exploits, time to fix
- Key question for HMG is – all things being equal, open code means vulnerabilities can be discovered and exploited before there is time to fix
2. Buy-not-Build. Can OSS actually benefit HMG because HMG doesn’t want custom or re-engineered software?
- HMG generally asks IT suppliers to build systems from COTS components and minimise customisation and re-engineering – it doesn’t want to maintain special code because of cost and risk. So does a significant benefit of OSS not apply to HMG?
3. Legal advice for OSS
- OSS has some unique legal aspects compared with commercial software – where to get advice? Myths around legal obstacles and obligations are going unchallenged.
- Patents and liability issues are often raised – resolved by major OSS suppliers who will shield customers?
4. Long Term Strategy
- OSS won’t happen overnight.
- Should we work backwards from insisting on open information formats for HMG interactions with the public and other sectors? This way the use of open standards compliant software filters back into HMG organisations.
5. Other Ideas
Edubuntu at BETT 2011
Just before my trip to Belgium I was asked to say a few words about the Edubuntu project at the BETT 2011 educational technology show as part of a larger presentation on Open Source software for education. It was quite encouraging to see the packed room of teachers and educational leaders all wanting to learn more about doing more for less with Free Software.
OpenERP vs Lotus Domino
Database / Server
Modules / Databases
Model and Form View / Form
_defaults / Field default values
_constraints and _sql_constraints / Validation formulas
Records / Documents
Functional fields / Computed and Computed for display fields
Read only fields / Computed when composed fields
Tree Views / Views
Calendar Views / Calendar Views
Gantt views / n/a
Diagram Views /Â n/a
Graph Views /Â n/a
Domain / Selection formula
Python / Lotusscript
Access Controls List / Access Control Lists
n/a / Replication
n/a / What You See Is What You Get
n/a / Public Key Authentication
Internationalisation / Domino Global Workbench
Workflow / Lotus Workflow,formally known as Domino.Workflow
Reporting and Printing /Â n/a
Text & HTML / Rich Text
AGPL / Proprietary
In Conclusion
Notes is OK, but proprietary and closed and quirky and carrying over 20 years of baggage with it. OpenERP has more of a rigorous and correct feel to it with standards compliance, a modern framework, nice APIs and a real grown up relational back end with transactions and atomicity and so on. The NoSQL engine at the core of Notes is a great idea, and new implementations of the architecture such as CouchDB are dead handy, especially for distributed applications.
All these detail comparisons are rather academic, the bottom line is that having poked about at the application development layer of OpenObject and looking back at all the Notes applications I have written over the last 15 years or so I am left thinking that most of them I could rebuild now in OpenObject, but slightly better.
SSH Sessions Timing Out?
Now this might be common knowledge but it took me while searching and scratching about to find the right solution.
As many others do I’m sure, I use ssh terminal sessions a lot. I’ve often got half a dozen open at once either in separate terminals or in Terminator for example. Sometimes if I don’t update them for a reasonable length of time they simply lock up so that I have no response at all. I’ve not actually timed this issue but I expect it is happening somewhere between 10 and 30 minutes of inactivity.
After getting annoyed for the umpteenth time today I finally did some serious searching… I concluded that this lock-up is probably due to my broadband router. It wasn’t happening across the local LAN or when I was connecting from other locations so I already suspected my broadband service. I suspect that it’s a NAT cache timeout or something but that’s not really important.
Several howtos I found discussing various timeout problems suggested editing the ssh config file on the server. This is fine if you know which server(s) you will be connecting too all the time and of course if there don’t happen to be hundreds of them that you need to re-configure. But if you don’t know or do use many machines then that’s not an ideal solution at all.
I think this is though 🙂
If you haven’t already got one, make a file in your home ssh directory (on Ubuntu it is normally found in ~/.ssh
):
touch ~/.ssh/config
Open it with your favourite editor and enter a line something like this:
ServerAliveInterval 120
Then save and close it. From my initial tests this seems to do the trick nicely.
According to the manual it:
Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option.
This is one of those things I should have done ages ago. I hope this help others who find their ssh sessions mysteriously hanging.
OverView Zoomy presentations with OpenGL
And so we have OverView which is in truth at the moment very little more than a statement of intent and a window with a ball in it. I have started to outline the design and to learn a bit about OpenGL and fonts, but the project is at a very early stage. If you are interested and either know a bit about 3d programming or, like me, nothing at all then do join in on the design discussion or in the #overview channel on Freenode IRC.
A Good Pub Guide: The White Hart, Sherington
If you travel around the country on business it can be a very tiresome and soul-destroying experience. Especially when you end up having to stay in one of the bland, clinical, plastic and totally soulless hotels that the TV adverts would suggest are something altogether different. I’ve never liked these places and so I do try to find interesting, more characterful lodgings to stay that are not expensive. Often the best to look out for are Pubs with accommodation.Earlier this week, we had a bit of a road trip on our hands… A day discussing OpenERP in Cambridge and the next day vtiger CRM consulting in Milton Keynes which is not too far away, so we needed somewhere to stay to avoid driving a 200+ mile round trip.
We found a real gem of place! A very attractive country pub with extremely pleasant rooms, very friendly service, fantastic food (the Mixed Grill was really, really excellent), good beer and entertaining and congenial locals too.
If you happen to be working around the Bedford, Milton Keynes, Newport Pagnell area and want somewhere to stay, I whole-heartedly recommend you check out The White Hart in Sherington.