Schleswig-Holstein, Germany’s most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.
Concerns over data security are also front and center in the Minister-President’s statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.
Saunders noted that “the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission’s use of Microsoft 365 breaches data protection law for EU institutions and bodies.”
This isn’t going to happen.
This headline comes up every year that it’s time for the government to negotiate contracts with Microsoft. Once they get the best price they think they can, they will accept it and issue a news release that “we’re staying in Windows after all”.
It’s lame, but it’s what is going to happen.
I remember some city in Germany actually doing it some years back and then eventually giving up and switching back.
googles
It’s a little unclear exactly what software was and wasn’t switched, but sounds like it’s Munich, and now they’re back on LibreOffice again.
By 2006, the city had started a concerted effort to move away from Microsoft products and onto Linux. Fast forward to 2013 and 80% of all workstations in the government and related organizations were running LiMux. However, Microsoft’s Windows and Office services were still used.
As we reported back in 2017, the government made a controversial decision to abandon open source and return to Windows.
A newly elected government in Munich, Germany has said it will aim to use open source solutions in its offices. In doing so, the government is moving away from Windows and Microsoft Office despite committing to the products several years ago.
https://en.wikipedia.org/wiki/LiMux
LiMux was a project launched by the city of Munich in 2004 in order to replace the software on its desktop computers, migrating from Microsoft Windows to free software based on Linux.[citation needed] By 2012, the city had migrated 12,600 of its 15,500 desktops to LiMux. In November 2017 Munich City Council resolved to reverse the migration and return to Microsoft Windows-based software by 2020.[1][2][3] In May 2020, it was reported that the newly elected politicians in Munich, while not going back to the original plan of migrating to LiMux wholesale, will prefer Free Software for future endeavours.[4]
EDIT: I guess I should have just read the other comment responding to the parent, which mentioned Munich.
Amd just after Munich announced it will go back to Windows, Microsoft decided to move its German central to Munich. What a coincidence.
Munich did exactly that in 2017, so let’s see how far Sleswig-Holstein is willing to go, hopefully they won’t be falling for Microsofts sweet talk.
The reason Munich switched back to Windows, when users were just fine working with Limux, was a corrupt politician who ordered the return to windows, probably pocketing a hefty bribe in the process.
Source?
https://www.zdnet.de/88202452/stadt-muenchen-erwaegt-abkehr-von-linux/
The article from 2014 explains how this was mostly a political quarrel, with a former administration transitioning away from Microsoft (which as a US corporation has no business in any government administration of another country), and the conservatives pushing (under a “social democrat” mayor, admittedly) to go back to MS against technological advice.
Im Stadtrat hingegen steht den Berichten zufolge eine fraktionsübergreifende Mehrheit hinter LiMux. Bettina Messinger, Sprecherin der SPD-Fraktion für Personal, Verwaltung und IT, sagte Heise Online, dass man keine neue Haltung zu dem Thema habe. Sie bezeichnete die Umstellung auf Linux als „mutige Entscheidung“. Kritische Stimmen und Beschwerden seien im EDV-Bereich nichts Ungewöhnliches. Man müsse LiMux und das Umfeld nun stetig verbessern und nutzerfreundlicher gestalten. Unter anderem sei dafür mehr IT-Personal in der Verwaltung nötig.
Auch die CSU-Fraktion unterstützt LiMux weiter. Deren IT-Experte Otto Seidl nannte Schmidts Kritik „eine sachfremde Einzelmeinung eines Juristen“. Die Grünen warnen Heise zufolge vor einem „teuren Schildbürgerstreich“, sollte die Stadt zu Microsoft zurückkehren. Demnach wollen die Abgeordneten in einer Ausschusssitzung klären, woher die Beschwerden stammen.
In other words: the “manyfold complaints” were an “ad populum” argument without sources and were most likely made up.
!remindme 1 fiscal quarter
I wonder what they will choose for their base. I was surprised LiMux was based off Debian since Suse is headquartered in Luxembourg City. I personally would welcome a large organization choosing Suse products as we need more competition for RHEL (which would be a huge boon in productivity since we won’t need like 3 projects to spend a decent amount of time repackaging RHEL).
Redhat and Debian are separate projects, tmk.
According to an old interview, pretty much whatever: They’re saying “five big distributions are suitable”.
They’re starting the switch with apps, not the OS. From a technical POV it’d be nice to see NixOS as it’s devops / managed deployment heaven. It also happens to be European and, just like Debian, it’s a community distro.
For a project of this size, doubly and triply if it gets even more states as users, it absolutely does make sense to have your own release channel, have a team working on nothing but pushing patches (security and otherwise) onto an LTS branch and upstream as well as integration testing for the precise desktop you’re shipping to users: The states are paying them to support a desktop, not an OS to run whatever on.
Nix does have an interesting package manager.
The states are paying them to support a desktop, not an OS to run whatever on.
Don’t they need money to fund both aspects? Is there any support to lean on someone goes with Nix?
A lot of governments in the US pretty much go through Microsoft for simplicity. There’s a lot of software obtained from a single vendor. I suppose that’s why rhel is so popular.
Dataport is big enough (5200 employees) to support that kind of thing themselves, and they precisely are the single vendor for the participating states (it’s an inter-state public corporation). More than twice the employees Suse has, quarter the size of RedHat.
This is the sexiest thing Germany has done since that German couple that drives the Porsche in Super Troopers.
Switching to an open-source project is easy, but the concern is more about the context in which they are used and how long they will persist in using these. It might be more convenient for the government to initially try Linux for some pilot projects that require less human intervention. This is because I’m not sure how familiar civil servants are with Linux and LibreOffice. On the other hand, open-source projects don’t provide after-sales services and may have technical or compatibility issues. It requires time for them to get accustomed to them.
I wish my country would also stop subsidising M$ and transition to Linux as well.
Yeah for the simple stuff LibreOffice will be just fine but for anything complex like mail merges and such it’s probably going to require a lot of work re-doing things.
When someone uses a text editor like LibreOffice, whenever someone mentions complex tasks, I’d imagine writing a thesis, a series of books, a big ass report or the like. Mail merges sound like something another app should do…
They’ve thought about that too, and see training as vital where others before them have failed. Also OS and programs will look somewhat similar to what users are used to, from what I can recall.
Producing documents or e-mails can’t be that functionally different, right? Many don’t need much more than that. However, I could see integration of third-party software as a challenge, but one that in most cases could be easily overcome.
Producing documents or e-mails can’t be that functionally different, right?
If you do complicated stuff in docx and then try open it in something like Libre the formatting will be interpreted differently.
Source: I partly create forms for templats in Libre/OpenOffice at work.
According to the article,
- They are also migrating backend infrastructure such as emails servers etc.
- They already have Linux migration experience in some German states as well as the current proposer.
- Companies such as RedHat, Canonical and OpenSuse do offer enterprise level support. So open source software doesn’t have “after sales” support is a myth.
- They say that the goal of the migration is privacy and security, no necessarily cost driven. They may very well be prepared to pay a premium for enterprise level support.
- They have already identified compatibilities issues in their previous project. They got them because they mixed Windows and Linux, the article says. That’s why they migrate everything to Linux this time.
Your clarification helps me understand their swtiching. Thanks 👍
Thanks
Good, we need to stop supporting products that try to strong arm you into a perpetual subscription.
If governments actually employed most of the development teams who build their services, and cut out most of the private middlemen consultants, managers, sales staff etc they could 1) build an engineering and cybersecurity capability without surveillance capitalism, focused on data security and privacy 2) save money 4) create productivity multipliers by unifying and sharing code for common functions across governments around the world 5) return our tax dollars to us through FOSS software that benefits us, instead of enriching big tech corporations who are already richer and more powerful than most nation states.
For example, covid tracking apps — instead of every dumb cunt government paying tens/hundreds of millions for consultants to reinvent the wheel or reskin someone else’s code, they could have had in house devs coordinate common FOSS codebases and collectively saved 80+% of the cost. This is the same for most standard or common services using bespoke or proprietary software and systems.
Politicians are criminally corrupt idiots though, so they’ll continue enriching big tech and surveillance capitalism at the expense of civilisation.
If governments actually employed most of the development teams who build their services, and cut out most of the private middlemen consultants, managers, sales staff etc
You mean this? They’ve been working on it for a while, this is about adopting stuff they’ve already done.
For example, covid tracking apps
Germany’s is open source. Developed by Telekom and SAP, most of the money didn’t go towards development (it’s simple enough of an app, after all) but infrastructure and end-user support. You can’t just tell random FLOSS people to deal with 80 million DAUs.
Yes. I’m aware there are a few who appear to be moving in the right direction, but I have strong doubts it’ll become more than an outlier.
You’ve got my vote
Let me tell you a story about proprietary software:
The German police force have a contract with a software firm that wrote their program to file and archive emergency calls. Basically just a form that goes to a database. Now, one day, an update got pushed. The problem with that update was that the hotkey for quitting out of the current form (q) now also fired when inside an editing field. The software firm did not acknowledge that as a problem and it took months of complaints to fix and it cost the taxpayer around 300,000€ in “maintenance fees”.
As someone who works with government agencies as a software developer: they are absolutely awful.
You’ll get no specification at all, those you do get will change at least three times and every stupid little decision needs at least 20 people from different states, cities or agencies to agree.
Yes, the bug is pretty bad, but I’m also very sure that what you’re describing is not the whole story.
That bug should have been a hotfix. Or a rollback.
You never worked with bureaucracy, did you?
From a technical standpoint, you are absolutely correct, but reality and bureaucracy don’t always match.
I’ve had instances, where we had glaring holes in our security, but were not allowed to fix them, because the datacenter (operated by a public agency) only does deployment in a fixed schedule.
I’ve had officials of some sort who wrote in the contract, that each and every change has to be on the staging environment for at least one week for testing and signoff.
It’s absurd and stupid, but realistically, you often can’t change it.
I did, that’s why I’m talking about it.
In my experience, what you say is absolutely true, but glaring bugs like that are deployed as a hotfix.
That’s one of the reasons why dataport (who are going to do the migration as the state’s IT consultant / dev house) was founded in the first place: So that IT can work like IT does and not be beholden to bosses who think in bridge construction terms in one place, and tax collection terms in another. Now those bosses are mere clients of an inter-state agency that does nothing but IT, and IT can speak with authority when it comes to IT matters.
That won’t change a thing, unfortunately.
My employer currently works with a bunch of agencies and I’ve been involved with some of them. I can deliver the best product ever with the best process and lightning fast deployment - if the client doesn’t get its shit together, you won’t deliver on time/in budget.
Anecdote I’m currently part of: an agency bought a new app, we’re 98% done, we could go live on Tuesday. But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly. This agency however doesn’t react. At all. And because it’s something like 5mm outside of the jurisdiction of the agency that is our direct client, there’s nothing we can do. So the system is just sitting there waiting.
I could go on and on. Dataport is a good idea, but if all their clients are overworked, understaffed or straight up incompetent, there’s not much they could do.
But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly.
There’s no “their system”: The boxes under the desks of civil servants are managed by dataport, talking to backend infrastructure managed by dataport.
If there’s some new administrative procedure agencies or ministries want their civil servants to do and it can’t be implemented because it’s under-specced or just incoherent then dataport gets to send that spec back saying “fix your shit”: It’s not like the agencies have a choice in who’s running their infrastructure. The tax office can’t do jackshit if the fire inspector doesn’t like their new plans either. If things are implemented as specced and people complain and want a rework then dataport can say “well it’s your budget, not ours”. If they do that all the time at some point the court of accounts will take them aside for a polite conversation. Just this one thing, making IT external to whatever it is that the agency is doing, provides lots of accountability.
That is: The solution isn’t so much to eradicate bullshit but to make sure that it stays in the silo where it got generated.
but if all their clients are overworked, understaffed or straight up incompetent
Good!!! I hope other governments follow.
Good. This makes them less vulnerable to the malware that Windows innately is.
In the enterprise space, Windows isn’t an issue at all.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Windows laptops have been tightly locked down since the early 2000’s, including USB ports.
I’ve never seen a virus or malware on a machine in enterprise, and if it were to occur, the most it can damage is the local machine, as network shares are minimal (most data is kept in databases), the shares with write access are limited to small user groups, etc.
Users simply lack permissions to change stuff, so malware lacks it too.
Have you been near some sort of news in the last years? Corporations using windows get hacked regularly and they are far off from having everything in a database somewhere. You have no fucking clue. What you are describing is the dream of corporate security newbies, but no big corporation let alone some state government is anywhere close to that.
They have massive shares, where all the people can read and overwrite everything, they open all attachments directly on their machine and click away all warnings without reading them. (Who needs USB if you can mail malware directly?)
This is hell and in Germany dozens of smaller or bigger government networks were hacked and massive amounts of data encrypted last year alone.
I can from personal experience that there is a huge push to get much more secure in the local government space in the US, including adhering to NIST 800-53, and be audited on it. It’s not foolproof, but it’s a much needed step forward towards preventing big events becoming breaches. But if they are a breach they’ll be lower impact. It’s painful to get there, but I’ve been involved heavily in the conversion in policies and procedures to get there.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Apparently Microsoft itself isn’t Enterprise?
I’ve never seen a virus or malware on a machine in enterprise…
Change Healthcare - https://www.msn.com/en-us/money/companies/change-healthcare-hack-what-you-need-to-know/ar-BB1kvg2t
MGM Grand - https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
HP Enterprise - https://apnews.com/article/russian-hackers-hewlett-packard-enterprise-microsoft-sec-breach-cozy-bear-d4e88ded0a47d010216e11f41132f72c
Here’s 12 more - https://www.kaspersky.com/blog/ransowmare-attacks-in-2023/50634/
Users simply lack permissions to change stuff, so malware lacks it too.
Oh something is lacking in your world and I’m not talking about permissions.
I wouldn’t say that Windows is malware itself, but rather it wasn’t created with a security-first stance, which we absolutely need for all OSes going forward. I say this as someone who ditched Windows as my DD (“I use Arch, btw”). I left Windows more for their policies and subscription models that are becoming increasingly anti-consumer.
With that said, let’s not pretend that Linux is immune as has been proven in the past week with xz and liblzma being compromised. Yes, it took 3 years to get to the point their long game paid off, but it still happened through a series of credibility social engineering steps by a single person. (Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
(Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
The reason you know is because the target software is FOSS. Care to bet other similar schemes have been successfully pulled off with proprietary software?
You only know this happened because one dev was benchmarking their system and noticed a 0.5s anomaly in resource usage, and was able to track it down to this. For every one of these that are caught, there are countless more that slip past.
I actually look at it a completely different way. There are so many users optimizing and digging into the core of open source versus proprietary that with so many randoms actions there’s less “vulnerable” dark spots available. If we think there’s a limitless X amount of vulnerabilities (since we don’t know the true ceiling limit), open source will always be “X (vulnerabilities) - 1” compared to proprietary. Completely a math metaphor but gets the point across, It’s a path that lessens the impact which we should be striving for over profit/monopoly motives.
There are so many surveillance built into proprietary software, countries like U.S. probably can just ask for any information from Apple, Google, Facebook, Microsoft.
On the other hand, countries like China and Russia would probably need to compromise these product like Jia Tan did. Except for Apple, because every apple service in China is maintained by a Chinese company with no encryption allowed.
Of course, there can be malware for open-source systems such as Linux, but it’s generally caught and patched a lot faster.
I genuinely hate AI art
This one is terrible because it’s like a montage of a penguin colony over a generic historic painting of a port city. Very little creativity and quality control. I’d just combine some actual photo of the Kiel port and penguins jumping out of water. (Not necessarily these two)
What you actually want is a nice picture of either a market place or seafront promenade and a fat and content (as usual) Tux munching a Fischbrötchen
Cool but that would require some cultural awareness, and the reporters cannot be bothered.
You mean collage? I agree. I think your suggestion would work best if it was also made to look like an obvious collage. If it was accurately photoshopped to look like the penguins were actually there it would look silly.
Based
Boom. Listen up NHS England.
Good lord, they are in for a world of hurt.
Unrelated to the question but on the picture:
The AI nicely drew a german city but … put the naziflag on the ships Rather than the current german flag.
Why is that image even there? It’s not in the original article unless my adblocker is removing it for some reason.
EDIT: before anyone states the obvious, yes, I know how OG metatags work. What I’m asking is why would they chose that particular image, with the penguins and all, to accompany an article like that, and not, say, just a regular stock image of a German city?
Even stranger, the filename in the URL implies that this was potentially even intended: https://regmedia.co.uk/2024/04/04/shutterstock_kiel.jpg Almost makes me wonder if some intern put an AI image there for shits and giggles to see if anyone notices.
Finally, where exactly do you see any Nazi flags? All I can see is a red, white, and black livery, which ARE the colors that the Nazis used, but not in that arrangement. There are no swastikas anywhere (as far as I can see), so it seems as if this rather the flag of the German Empire, which also used the same colors, but predates the Nazis by a good 60 years.
A stock image of Kiel is really not out of place for an article about Schleswig-Holstein, it being our capital and all. It’s also a fleet base. And you can find vaguely similar towers there.
What doesn’t make sense is the rest: The penguins, the what galleons I think with Imperial livery, Schwarz-Rot-Gold in combination with Imperial livery, what looks like a Lübeck flag (of all cities!) but rotated, and whatever the other flag is supposed to be. This is Kiel’s flag, for reference. Oh: Half-timbered houses. Those look like copy+pasted out of Swabia or something.
Okay but the penguins do make sense, right? Penguins are like the mascot of linux
Penguin, singular. Also none of them are fat and content enough to be Tux but fair point, that’s probably how they ended up there.
Afaik, it was the flag of the Third Reich from 1933 to 1935 (so before the Swastika flag).
It’s actually way older. It appeared first as official flag in 1867 for the north German federation, was adopted in 1871 to be the flag of the German Empire and was no longer in official use in1919 (albeit nationalist groups kept using it).
After that, you’re right.
More Info here: https://en.m.wikipedia.org/wiki/Flag_of_the_German_Empire
Its a meta property in the HTML. Viisible to software, but not shown in the article.
Or more noticably all the southern hemisphere penguins
Anyone tried out the Russian military’s distro?