back to article German ministry hellbent on taking back control of 'digital sovereignty', cutting dependency on Microsoft

The Federal Ministry of the Interior (Bundesministerium des Innern or BMI) in Germany says it will reduce reliance on specific IT suppliers, especially Microsoft, in order to strengthen its "digital sovereignty". In an official statement, the Federal Minister of the Interior Horst Seehofer states that “in order to ensure our …

  1. N2 Silver badge
    Trollface

    Uncontrollable costs?

    Yep, it's all smoke and mirrors there.

    1. Adrian 4 Silver badge

      Re: Uncontrollable costs?

      "You could also argue that less time spent fixing broken on-premises IT means more time to focus on innovation; but it is true that cloud computing is a kind of outsourcing and there are downsides."

      Not really. That might be true in the short term, but in the long term the jobs will be deskilled to cut costs, so the postholders won't be able to do any more than they're required to.

      Whether that's a good thing or a bad thing is a subject for tech/beancounter 'discussion'.

    2. bombastic bob Silver badge
      Linux

      Re: Uncontrollable costs?

      the biggest cost is in the SWITCHING. Some time ago didn't a German government institution switch BACK TO MICROSHAFT _FROM_ Linux??

      now it's BACK AGAIN. AGAIN.

      And THAT is where the "uncontrollable costs" will be - re-re-training, re-re-procurement, hiring new consultants, kicking upstairs or laying off old ones, yotta yotta.

      I hope they stick with a good commercial LInux solution, maybe a GERMAN company?

      I'm thinking Suse Linux.

      1. Lusty

        Re: Uncontrollable costs?

        Yeah, Suse is a German company. Wholly owned by a Swedish company.

      2. trisul

        Re: Uncontrollable costs?

        Munich switched from Microsoft to Linux and switched back to Microsoft after they promised to set up a HQ in Munich, bringing loads of revenue to the city. This is not a tech argument, in effect Munich was paid by Microsoft to switch back.

        1. Kristian Walsh

          Re: Uncontrollable costs?

          Two problems with your theory: First, Microsoft didn't move to Munich, they'd been there for thirty years. All they did was relocate from a suburb into the city centre. The second problem is that they did so on the back of a generous relocation subsidy from the City of Munich. So, bringing revenue to the city? No. Probably a net loss in the medium term to Munich, and breaking even after.

          Munich's failure was precisely because its plan was based on ideology, not a rational analysis of what was needed and what could be delivered. A gradual multi-year phase out of Windows would have worked, but the people driving this change wanted to have a Linux-only world working perfectly in an unreasonable timeframe. Replacing Windows with Linux on the desktop meant effectively writing a lot of software from scratch. That created a much higher IT budget than under the Microsoft system - the burden of filling in process holes fell on the city IT department, whereas previously it could be solved with a far cheaper application software purchase.

          The hope had been that other municipalities would switch over too, and help spread that cost, but that never happened, partly because Munich's "Great Leap Forward" plan resulted in a lot of short-term chaos that put other cities off the idea... City administrators really aren't the kind of people to say "Fuck it, let's just do it and see what happens!".

          They could have still got things going right, but the shift to mobile and cloud-based working was the last straw: Linux servers might run all of these services, but the client end of the deal is very poor, with poor integration to the application software that the City had chosen to replace Office.

          You might think an office suite is "outdated", but you're probably a software developer or IT manager whose work only barely touches on policymaking, where such software is essential. MS Office might not be a great piece of software, but it's miles ahead of any other office document suite, and critically, it offered a private-cloud solution that could be managed as "pay this much a month and stop worrying about it"

    3. Unicornpiss Silver badge
      Alert

      Re: Uncontrollable costs?

      One thing for sure. While it sounds good on paper, IMHO no one has ever saved money by moving their data centers to the cloud. But many have reduced security, speed, uptime, and consistency by doing same.

      Eventually when you outsource everything, you can find yourself in a situation where if you wanted to go back to in-house, you no longer have the facilities, hardware, or talent to do so. You may not even understand your own infrastructure. It's comparatively easy to outsource everything. But if the wind changes direction, not so easy to go back. CIOs that outsource all their resources and personnel are signing a deal with the devil and helping create legal monopolies. That monster in the room is soon going to have you by the short hairs. It's as silly as people that choose variable rate mortgages because it sounds like a great deal. Sure, it's cheap at first..

      1. Jeff 11

        Re: Uncontrollable costs?

        "IMHO no one has ever saved money by moving their data centers to the cloud"

        Untrue - outfits I've worked with who've adopted serverless compute have definitely saved money from not having to run virtual machines 24/7 for workloads that aren't constant. I'd like to see anyone emulate the same with in-house kit in their own DC...

  2. DavCrav Silver badge

    "Not really. That might be true in the short term, but in the long term the jobs will be deskilled to cut costs, so the postholders won't be able to do any more than they're required to."

    It's not just that. Innovation is done by highly skilled staff, usually. If the highly skilled staff are working for the cloud company, that's where any innovation that happens will occur. So you lose all of the extra value generated by the innovation.

    1. JimC

      Yep

      And once the skills have gone they are never coming back.

      1. Doctor Syntax Silver badge

        Re: Yep

        They can come back but it would require some effort to rebuild the organisation. Effort that the C-suite would be unwilling and/or unable to exert.

  3. Shadow Systems Silver badge

    Do you want to be held hostage by Microsoft?

    Relying on their software means you're up shit creek if they decide to pull your access to "your" data on *their* servers. You are similarly screwed if MS is told by Trump to hand over your data (or just sends in the jack booted thugs to steal MS servers storing your data to thwart MS lawyers from ever having a chance to try any fancy legal footwork to deprive you of having a chance of getting your data back while the courts deal with it), thus you can never be sure of your national security when your data is in another country's hands.

    Now change Microsoft to any other company not wholly beholden to your government. See what happens? If you want sovereignty & security then don't use another country's software.

    1. Doctor Syntax Silver badge

      Re: Do you want to be held hostage by Microsoft?

      "If you want sovereignty & security then don't use another country's software."

      And certainly don't use another country's servers.

      1. whitepines Silver badge
        Black Helicopters

        Re: Do you want to be held hostage by Microsoft?

        And certainly don't use another country's servers.

        Especially ones that USA headquartered companies hold private keys for. Look up the Intel ME and AMD PSP. All that for your Hollywood's protection, you see -- there's no way to get an Intel or AMD machine without the unwanted megabytes of backdoor-capable signed firmware.

        Thankfully non-x86 options exist, but they're not widespread yet. Maybe this will help give a bit of a shove in the right direction?

        1. Arthur Daily

          Re: Do you want to be held hostage by Microsoft?

          And now the firmware has been hacked, exposing new tweaks.

          1) No TP security updates - old machines more than 3 years - tough titty, no vendor updates as if BIOS updates were bad enough.

          2) Circular Keyboard/Mouse drivers - Windows 10 insists on NOT loading keyboard drivers but using say synaptics driver in the UEFI jungle. I now don't trust that device or enforced must use policy.

          3) InSnide UEFI transmitting WiFi shit before the PC Boots.

          I believe China is now getting the sovereign risk message, and seeking to remove binary blobs and key dependencies. It is possible for the US to disable most Chinese produced devices on demand.

          Or a bad actor to disable via a remote connection, lots of things. Say voting machines, and voting apps. But so far both countries are keeping such baked in dependencies.

    2. veti Silver badge

      Re: Do you want to be held hostage by Microsoft?

      i see your point, but how exactly can you avoid it? Any government may decide to come after you. Case in point, the US government has been picking fights with several US companies (Amazon, Ford, Microsoft). It's not clear to me how hosting their data anywhere else would make any of them more secure against gov't-level interference.

      Particularly if the gov't is prepared to ride roughshod over the law, in which case - even if your "rights" are cast-iron in legal terms, it can still take years to assert said rights.

      Basically, there's no realistic defence against government-level attacks on your business. At least, not in the sense of preventing them. There are some mitigation strategies, but I'm not sure if "hosting your own data" would qualify as one.

      1. big_D Silver badge

        Re: Do you want to be held hostage by Microsoft?

        That is the whole point. And we are talking about government offices here.

        The government should host the data and applications itself, and where possible have oversight on the code being executed.

        That either means using local providers (inland) or using your own staff and your own software or open source software.

      2. jmch Silver badge
        Mushroom

        Re: Do you want to be held hostage by Microsoft?

        "Basically, there's no realistic defence against government-level attacks on your business. At least, not in the sense of preventing them. "

        Yes there is. It's called seperation of powers. Sadly (in the US at least), the legislative branch has lately allowed itself to become irrelevant and is ridden roughshod over by the executive branch. In many countries the seperation of powers wasn't as strong to begin with. More importantly, an independent judiciary and police force is an important part of a functioning liberal democracy. Again, sadly we are seeing in many parts of the US and EU that judicial appointments are being made with heavy political bias, and/or having the executive branch exert undue influence on police activity, in effect deciding who to apply the law against and who to protect.

        The other element is "rule of law", another essential cornerstone of liberal democracy, and again unfortunately the totalitarians (on either side) keep reinterpreting this to mean "we can change law to whatever we want and then the shit we do is legal" rather than the real meaning of "law should be applied to all indiscriminately", and in any case conform to a broad set of accepted principles eg human rights

        The problem is that these defences keep getting eroded using other shit (like artificially-stoked fear of immigration, terrorism, paedophilia etc) as an excuse, and many people are falling for that shit because they're already living on an economic and social knife-edge* and are more prone to scaremongering.

        OK, rant over

        *possibly by design

        1. Reg Reader 1

          Re: Do you want to be held hostage by Microsoft?

          *possibly by design

          Globalization! The wealthy have been able to keep many developed countries GDP high while causing job loss in the middle and lower economic middle classes. Job losses cause what you've described above and lower wages for just about everyone else and that pulls money away from the populaces ability to pay taxes which then hurts education, infrastructure, and healthcare. Decreased educational standards then continue the downward spiral.

          1. jmch Silver badge

            Re: Do you want to be held hostage by Microsoft?

            "many developed countries GDP "

            One of my pet peeves is the use of GDP per capita as a rough proxy of how wealthy / advanced a country is. In most 'western' nations, GDP per capita has grown in the last few years to beyond pre-recession levels, while median income has effectively stagnated at 2007 levels. Taking inflation into account, median income is down.

            Using 'mean' as an average just hides the fact that there is a tiny (and shrinking) class of ultra-rich people whose wealth increases rapidly as everyone else's stagnate. It's no longer a case of the 1% or the 0.1%, we're talking about 0.0001% here

            1. Yet Another Anonymous coward Silver badge

              Re: Do you want to be held hostage by Microsoft?

              >One of my pet peeves is the use of GDP per capita as a rough proxy of how wealthy / advanced a country is

              There are a million people in Chicago.

              The Chicago derivatives exchange does > $1 Tn in trades

              - therefore everyone living in Chicago is a millionaire.

    3. thondwe

      Re: Do you want to be held hostage by Microsoft?

      Unless you write all your own software, you are hostage to someone else?

      If you use an Open Source solution and the authors interests wander elsewhere, what do you take it on (if you have the skills) or spend effort switching? What if the authors of Libre Office start collecting feature usage data to focus their efforts (which is what MS is mostly doing?)? What do SUSE/Redhat/Ubuntu do with their patch management processes - guess they may analyze the data to see how popular packages are... Could a government ask them for IP addresses which have downloaded packages/update needed to support Tor or VPNs etc?

      If your going to be paranoid about MS, you need to be paranoid about them all?

      International Law and Enforcement is what's needed and needs to apply to ALL software houses... (Hence GDPR etc)

      1. big_D Silver badge

        Re: Do you want to be held hostage by Microsoft?

        What do SUSE/Redhat/Ubuntu do with their patch management processes - guess they may analyze the data to see how popular packages are

        You don't need the IP address for that, you just need how many times a package had been downloaded. Given that if you are downloading updates for 50 PCs behind a firewall/router, you only get the single external address 50 times, the IP address is pointless anyway.

        1. Doctor Syntax Silver badge

          Re: Do you want to be held hostage by Microsoft?

          In any case big distros ship with a fairly full set of applications so the patch info will be mostly "everything". At best it might tell them about Gnome vs KDE vs XFCE vs whatever else.

      2. alain williams Silver badge

        Re: Do you want to be held hostage by Microsoft?

        Unless you write all your own software, you are hostage to someone else?

        If you use an Open Source solution and the authors interests wander elsewhere, ...

        There is an easy solution to that : pay the Open Source authors to provide solutions that meet your needs and then continue to pay them for maintenance.

        Oh, you say "that will be very expensive", true but:

        1) what is the cost of paying a closed source provider for decades ? Once OSS does what you want the development costs will drop to a lower maintenance level.

        2) the costs will still be large, but we are talking about governments/similar here, they are paying huge amounts to Microsoft, etc, already.

        3) the costs are still large - so why not notice that there is a large amount of overlap in the requirements of governments in different countries. How about working together ? This will really bring costs down - the hard bit will be getting this idea into the heads of politicians who will be being bribed by the proprietary system vendors who do not want the geese to die.

        4) put some of your own staff onto the the projects that interest you. That keeps some of the cash that you pay in your country rather than send it to the USA, it also increases the number of skilled people in your country.

        5) smaller businesses in your country will benefit from the filter down and not have to send so much of their income to the West coast of the USA.

        Summary: it should be a complete no brainer to have governments support OSS; however it is unlikely to happen.

    4. jmch Silver badge

      Re: Do you want to be held hostage by Microsoft?

      "you're up shit creek if they decide to pull your access to "your" data on *their* servers."

      I'm not a cloud expert, and been in IT long enough to know nothing is trivial, but surely keeping a backup on your own servers of anything that's in the cloud isn't a huge extra bit of work.

      "You are similarly screwed if MS is told by Trump to hand over your data"

      Erm, no - MS already have already told Uncle Sam to do one in exactly those circumstances. Of course there's no way of knowing if they are secretly mirroring the data to some TLAs on the side, but the shit hitting the fan if that ever came to light would be enormous. If it ever came to light that Azure (or AWS etc etc) were passing any client data to third parties, they would lose half their business overnight and long-term, be finished as a going concern.

      "(or just sends in the jack booted thugs to steal MS servers storing your data to thwart MS lawyers from ever having a chance to try any fancy legal footwork to deprive you of having a chance of getting your data back while the courts deal with it)"

      Given that has MS already has European-only data centres where they keep data for EU clients, that's gonna take quite a jackboot!

      1. Zippy´s Sausage Factory

        Re: Do you want to be held hostage by Microsoft?

        Erm, no - MS already have already told Uncle Sam to do one in exactly those circumstances.

        They gave up on that as soon as the CLOUD act passed - https://www.theregister.co.uk/2018/04/04/microsoft_agrees_doj_cloud_act_renders_email_battle_moot/ (sorry can't remember how to link this)

        Given that has MS already has European-only data centres where they keep data for EU clients, that's gonna take quite a jackboot!

        I thought they were moving them back to the US now, after the recent privacy policy update (that i can't seem to find any trace of, which makes me question either my memory or my Google skills...)

        1. Doctor Syntax Silver badge

          Re: Do you want to be held hostage by Microsoft?

          And ISTR a rather vague statement somewhere that implied the German data trustee arrangement was no longer operative. If that's so it was withdrawn with a lot less publicity than it was announced.

      2. Alumoi

        Re: Do you want to be held hostage by Microsoft?

        I'm not a cloud expert, and been in IT long enough to know nothing is trivial, but surely keeping a backup on your own servers of anything that's in the cloud isn't a huge extra bit of work.

        If you keep your own servers for backup, what's the use of the cloud?

        1. amanfromMars 1 Silver badge

          Re: Do you want to be held hostage by Microsoft?

          If you keep your own servers for backup, what's the use of the cloud? ..... Alumoi

          Howdy Alumoi,

          Are you not familiar with the expression "belt and braces" and that enduring Scout motto "Be Prepared" for second and third party failures/first party opportunities?

        2. jmch Silver badge

          Re: Do you want to be held hostage by Microsoft?

          "If you keep your own servers for backup, what's the use of the cloud?"

          Any decent-sized company that has at least 1 big central data centre and a business continuity plan should have a backup data centre mirroring all the data, and with the possibility of switching all operations to the backup in an emergency. ie you need not only the data but all the operational software that is correctly configured and ready to go at a few hours' (or for some critical businesses, minutes') notice. All that stuff costs a lot, and you're paying for most of it twice*, just to be sitting there in backup, and one of the selling points for cloud is that it is cheaper to operate.

          Of course every company would have it's own cost-benefit analysis, but given the risks of having your precious data being ONLY in the cloud combined with the cost savings of having some operations in the cloud, it could work well for some companies to have part of their operations in the cloud as opposed to fully on their own systems. Having everything on the cloud is mental

          *AFAIK some software licensing allows an backup/failover system for free as part of the main license, some charges a small %age for backup systems, some might charge full whack. All the hardware needs to be there in place though.

  4. Kev99

    I still question the sanity and intelligence of any company or government that puts its data on "the cloud". Not a day goes by where there isn't an article on this company or that government has had data leaked, stolen, or otherwise compromised.

    1. werdsmith Silver badge

      Has that never happened with on premise data then?

      1. JimC

        Lets put it this way

        I wouldn't be surprised if the air gap has to return the way things are going.

      2. VikiAi Silver badge
        Facepalm

        Of breaches have happened on local servers too. And will almost certainly continue to do so in the future.

        But the question is: do you want such a mishap to be an occasional and relatively local disaster, or do you want frequent and widespread data breaches as par-for-the-course?

      3. big_D Silver badge

        It has, but it is generally a lot harder. You have control over your network, you configure it and you are responsible for its loss. Also the firewall is at the perimeter of your network and is "easy" to configure for the sys admins.

        A hosted VM with its own virtual firewall on the other hand, being configured by a finance department lackey , if you are lucky, is a whole other kettle of fish. You have to configure the local and remote firewalls to allow the transmission of the data to and from your premises, that's the "easy" bit. Then you need to configure the virtual firewall to also allow access from your mobile workers, only what IP addresses do they use? Do you even know how to identify them? Or do you just allow any external IP address access? Yes, that sounds good, because your mobile workers can be anywhere...

        And the configuration of the VM and the software running on it isn't always easy, either. Mix up the two and you have pre-programmed chaos.

        If you have a corporate network, only external users with your VPN software and your VPN keys and a valid username and password can get at your systems and you, generally, have the expertise to set this up and enforce it. If one of the servers is misconfigured, it might allow your employees to see more than they should, but it isn't available to every Tom, Dick and Harriet that stumbles across you external IP address.

        It isn't foolproof, but it is a lot easier to contain than having departments running their own virtual servers in a cloud somewhere, where nobody knows how to properly configure it, the virtual switch and the virtual firewall properly.

        Even if you have the expertise in house, are they being re-trained to configure all these different virtual components from all these cloud suppliers? Are they going to be there in a couple of years, when you need to make changes or things stop working?

        And, most importantly, you are responsible for the data. Even if you get it right, if your cloud provider screws up and your data is leaked anyway, you are still liable for fines and prison time, because it is your data and your responsibility. I'd much rather face a fine/lose my job/go to prison for my own stupidity than the stupidity of others that I have "no" influence over.

    2. jmch Silver badge

      "Not a day goes by where there isn't an article on this company or that government has had data leaked, stolen, or otherwise compromised."

      True, but not all of them are cloud-related. Data has been being leaked / stolen / left behind on the train etc etc since forever. It's happened from 'closed' corporate systems, air-gapped systems where some muppet gets data on a CD / USB, unsecured / unencrypted laptops etc et etc.

      The problem isn't 'cloud' per se, it's implementation by muppets at the behest of halfwits, which in turn is a symptom of beancounters refusing to provide the necessary budgets for staff, equipment and training and clueless business users imposing artificially and absurdly short deadlines.

      There certainly can be a business justification for 'cloud' (which essentially is just a fancy name for outsourcing your data centre to a third party), but the business case has to include the contingencies for the cloud being inaccessible, just like an 'in-house' plan business continuity by having multiple data centres, mirrored server instances etc etc

      1. Doctor Syntax Silver badge

        he business case has to should include the contingencies for the cloud being inaccessible, just like an 'in-house' plan business continuity by having multiple data centres, mirrored server instances etc etc

        FTFY

        If the driver is cost will those contingencies be included. Maybe, but very likely only after the need for them has been cogently demonstrated by an outage.

    3. amanfromMars 1 Silver badge

      IT's a Mad, Mad, Mad, Mad World .... and AI is Madder? And as Mad as Hell*

      Kev99,

      Would the Intelligently Insane be for realising IT a Free and Open Global Source File Utility and Universal Facility?

      *Mad as Hell Networking

  5. Rol Silver badge

    O/S of Damocles

    Microsoft's goal is to have you renting their software and hardware solutions by the minute - by creating an ecosphere where obsolescence is guaranteed.

    Is it any wonder companies are looking for solutions that might last longer than a couple of cycles?

    MS will, for an incredible amount of money, offer a bespoke extended life for your critical systems, that will eventually become more expensive than the O/S upgrade you've been trying to avoid.

    Open-source options similarly get overtaken by newer versions, but they tend to retain support for legacy stuff, or the community / in-house team can come up with a fix, because, well, it's open-source, so anyone can pop the bonnet and spanner away, suitably equipped with the freely available source code, that, like a Haynes car manual, will make the job possible.

    I really can't see the sense behind throwing your lot in with a company that can be so easily manipulated by a government that sees the world as a collection of enemies and potential enemies. Add that obscenity in the White house into the mix, and it's more like when, rather than if, the lights will go out on your MS system, due to some political discourse or other.

    1. JimC

      Re:they tend to retain support

      I'm not sure I've ever seen evidence for that.

      1. big_D Silver badge
        Holmes

        Re: Re:they tend to retain support

        Have you not been following the news for the last year or so?

        1. yoganmahew

          Re: Re:they tend to retain support

          Like Python 2.7 news?

    2. LDS Silver badge

      "but they tend to retain support for legacy stuff"

      Actually, until now Microsoft retained support for "legacy stuff" far more than open source. For the simple reason people can't recompile the "legacy stuff" every new release. Very few companies have the resources to fix their own specific "legacy stuff" for which there's no community at all, and even if you have the source code, it's usually quite expensive to hire someone to maintain it, especially when it's very specific "legacy stuff".

      But it is true that since subscription became the preferred method to extract a constant cash flow from cash cows, fast obsolescence and lack of backward compatibility can be the best way to try to justify the subscription need.

      It may turn out that the "new" (after all, extensively used in the Unix world before the PC...) business model could kill that very cash flow they want now, as users become not so happy to be forced to follow.

      PS: dear Microsoft, with all your telemetry could you fix the Outlook issue which makes it continuously asking for a password? It's years it happens, without a definitive fix. Maybe after all that telemetry is never really used but to profile users, and never to "improve the experience"?

      1. Doctor Syntax Silver badge

        Re: "but they tend to retain support for legacy stuff"

        Actually, until now Microsoft retained support for "legacy stuff" far more than open source.

        The issue with Microsoft was the other way around. By periodically updating the format it meant your "legacy" version of Office couldn't open the .doc or whatever file someone sent from their more recent version so you had to buy the new as well.

        The open approach is to set the file format as a standard and stick to it so our old version of the S/W will open and use a file written by the latest version or even from some other application using the same standard. Microsoft got its arm twisted to use an open standard so they got their own, reportedly of dubious clarity.

  6. IGotOut
    Go

    About time.

    If the whole of the EU slung some serious resources at IT maybe we can actually break the stranglehold the US has.

    There are some good European companies that exist but we need more, and we need to promote them better to break the Google, MS and Amazon dominance

    As an example I use Protonmail for email and Here for navigation, both far better than the likes of Outlook and Hotmail.

    Then we should look at funding other "disrupters" (I feel unclean now). If someone.is going to come in and mess up stuff , at least let them be European.

    1. cynic56
      Joke

      Re: About time.

      Oh no. Anything but Europe. Have you never heard of Brexit?

      1. John G Imrie Silver badge
        WTF?

        Re: About time.

        I've heard of Brexit, but I've yet to see one despite BoJo shouting, 'It's over here, no over there, no dam it, it's that great big thing by the cliff edge'

      2. Anonymous Coward
        Anonymous Coward

        Re: About time.

        Have you never heard the germans can be quite _determined_ when it comes to a strong and united europe, with a strrrrong german leadership..

        ..ehm, got a little carried away here.

        1. Doctor Syntax Silver badge

          Re: About time.

          It might be worth your reading up why, after WWII, it was decided that international cooperation in Europe was a good thing.

      3. Roland6 Silver badge
        Joke

        Re: About time.

        >Anything but Europe. Have you never heard of Brexit?

        Don't worry Boris will throw some of that £350m at it, so we can have BJnix, naturally it will be better than anything those pesky foreigners can come up with...

        1. Avatar of They
          Thumb Up

          Re: About time.

          Yeah, like the GPS replacement, or the space agency or... oh wait I see what you did there.

    2. Anonymous Coward
      Anonymous Coward

      Re: Here for navigation

      Have you checked if they slurp your data? I have, and guess what, the "FREE!" comes at a usual price...

      1. rbaba

        Re: Here for navigation

        last time I looked they were not a not for profit. I don't trust companies that claim they the are ethical with data without providing evidence for those claims. https://twitter.com/RogerNg61805223/status/1174102259141107712

    3. Anonymous Coward
      Anonymous Coward

      Re: About time.

      If the whole of the EU slung some serious resources at IT maybe we can actually break the stranglehold the US has.

      Here we go again. Have you any idea how much resource is required? Basically you’d have to recreate something as good as MS Office, Windows, even Outlook, etc. I know there’s projects like Libreoffice, but frankly that’s just so far behind you may as well start again. And Linux on the desktop remains is so niche it is effectively insignificant.

      And that’s before you consider how much stuff has built up inside Microsoft’s ecosystem. All those macros, formulae, Visio drawings.

      Like it or loathe it, MS’s stuff is a de facto standard. And to a large extent these days it’s an open standard. If you wanted to clone Office you can, but that’s a really big job. All of MS’s file formats are open, so in principle it can be done, but be prepared to blow billions doing so and supporting it. Plus whilst there’s dozens of disparate Linux distros, Windows and MacOS will continue to be the only OSes you can use en masse across an entire economy’s desktop / laptop user base.

      Germany and the EU would be better off using their influence (carrot and stick) to shape MS to their needs. The alternative is to waste time trying to displace them and persuading everyone recreate everything they’ve already produced in MS’s ecosystem in some new, incomplete and no-good-outside-the-EU alternative.

      1. Doctor Syntax Silver badge

        Re: About time.

        " If you wanted to clone Office you can, but that’s a really big job."

        Just as well somebody's done it. I use one of those clones every day.

        "Germany and the EU would be better off using their influence (carrot and stick) to shape MS to their needs."

        Much easier and cheaper to drop some Euros to the Document Foundation if they need something specific that's not already in there.

  7. ma1010 Silver badge

    The long term

    In the long term, the choice is obvious:

    A) Commercial software that, these days, is rented to you by companies that slurp your data, jack up the rent at whim, force updates that can break your system, and who may discontinue support for products at their whim. OR

    B) Go with open source that avoids most of these problems.

    The hard part is, of course, getting from A to B. Don't know if it's true, but I was told that years ago, there was a meeting of California state IT high-ups at which it was decided that they were going to junk MS and go Linux statewide. Didn't happen, of course, for reasons that I'm sure are obvious to El Reg readers. But, as the article points out, if you can take small steps and train everyone in those steps as you take them, you can eventually get somewhere better. But it will take careful planning and a training budget.

    1. G R Goslin

      Re: The long term

      "We are also considering alternative programs to replace certain software. This will be done in close coordination with other EU countries.”

      Read this as "We want to make a gesture, but by doing it in coordination with other EU countries, we have made sure it will never be done

      1. A.P. Veening Silver badge

        Re: The long term

        Read this as "We want to make a gesture, but by doing it in coordination with other EU countries, we have made sure it will never be done

        I wouldn't bet on it if I were you. The Germanic and Nordic language speaking countries are in agreement on that and don't have a real problem with leaving the Romanic (and Slavic) language speaking countries biting the dust.

    2. veti Silver badge

      Re: The long term

      The only problem "open source" really solves is the one about having too many qualified applicants for your vacancies. Go OS, and basically you need to become a software company - with all the headaches that involves - in addition to the business you actually make money from.

      1. EBG

        but..

        every company is, in part, a software company now (since HMRC binned paper returns, I mean every). It's just a question of how much you outsource.

      2. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    I wish them luck but we all know the inevitable backhanders and brown envelopes will stop this in it's tracks. Outsourcing such as the cloud is just a cost cutting exercise that won't end well once they all up the prices and even then it doesn't matter because you won't be able to switch providers without downtime.

    1. Doctor Syntax Silver badge

      "I wish them luck but we all know the inevitable backhanders and brown envelopes will stop this in it's tracks."

      It seems to have done so at city level but maybe not at national govt. level. Microsoft can't open regional offices all over Germany.

      1. Teiwaz Silver badge

        "I wish them luck but we all know the inevitable backhanders and brown envelopes will stop this in it's tracks."

        It seems to have done so at city level but maybe not at national govt. level. Microsoft can't open regional offices all over Germany.

        I suppose at the very least it might panic MS into giving better rates for a new contract.

  9. rbaba

    Never quite got the point of cloud data storage and SaaS

    (0) Cloud storage: You never get to hold on to you data physically. Lest we forget about the thefts from Amazon, but seriously, you if you believe that you won't be held hostage at some point in time, then you are seriously mistaken.

    (1) SaaS: You decide that you are going to rent software to manage and/or manipulate and/or make a profit from Data in (0). And the software decides the format for the data, in some closed source format.

    Seriously, this is the current best business practise? I guess you should expect this when all the advice, even from the el reg comes from vendors.

  10. gnwiii

    Consider liability

    In the past, large organizations have often favored commercial options because, in the event of trouble, they could blame the supplier. Now, however, many risks have ambiguous chains of responsibility. Did an employee click on a link that installed malware? Should the vendor have provide software that didn't have as many security issues? Does it benefit anyone to blame unknown and/or untouchable perpetrators? Suppliers of proprietary IT kit are use licenses and contracts that shield them from liability and require dubious arbitration mechanisms to resolve disputes.

    An instructive example occurred in Nova Scotia this week after a construction crane fell across several buildings (one under construction). Tenants of two occupied buildings were require to evacuate until the crane was removed, but the construction company could not arrange insurance in a reasonable time frame, so the province (e.g., taxpayers) had to exercise its sovereignty to declare a state of emergency and assume liability so the work could start immediately. Note that delay increases risks of further damage and added delays if another storm occurs.

    Mission critical IT systems in large organizations should never have been allowed to reach a state where the organization can't assume effective control if something (ransomware, loss of a data centre to acts of nature or war, etc. ) goes bad. At present, however, expertise is in short supply because security has been pushed to the edge instead of being baked in during development. This means it will be painful for many organizations to reach a position where they could assume control, and they are exposed to elevated risks until they improve their position.

  11. Imhotep

    Just when I thought I was out, they pull me back in

    This happens periodically. Some state or city decides they are going to go open source, they don't have the expertise on staff to support it, the users complain - and everything is abandoned and Microsoft cashes some more checks.

    Didn't we watch this play out at some German city/state recently?

    1. Yet Another Anonymous coward Silver badge

      Re: Just when I thought I was out, they pull me back in

      >Didn't we watch this play out at some German city/state recently?

      Munich, but to be fair they did it particularly badly (it was after all a government IT project)

      1. Anonymous Coward
        Anonymous Coward

        Re: Just when I thought I was out, they pull me back in

        The study mentions that 33% of them used Windows all along because of Windows-specific applications. So they had to support two operating systems at the same time as well as doing in-house development for both of them. I'm not sure what they tried to get out of their "highly customized version of Ubuntu", though.

        Frankly most IT managers out there are either dumb or have a hard time to create a holistic IT approach because of internal politics.

        1. A.P. Veening Silver badge

          Re: Just when I thought I was out, they pull me back in

          Frankly most IT managers out there are either dumb or have a hard time to create a holistic IT approach because of internal politics.

          Either being dumb or being crippled by internal politics (and usually a combination of both) isn't limited to IT managers, it is rather usual for managers of all other departments as well.

  12. Danny Boyd

    G-suite?

    I must be missing something - they say they are concerned with Microsoft's telemetry, and they consider Google G-Suite as an alternative? Is this some sick kind of joke?

  13. rbaba

    And doesn't get me started on the idiots that use Outlook and Google mail services

    Yeah you can trust them not to look at you emails.

  14. Anonymous Coward
    Anonymous Coward

    I do believe it is long past the tme where it is appropriate that kids are educated solely in Microsoft products.

    Surely better to teach using OS and then let further ed or employers reskill them if neccessary, actually transition ISNT so hartd for users, coming from one who has also moved from Microsoft through both Mac and OS.

    If the new generation workforce is coming out of school familiar with OS (with out the "ZOMG what is this strange software?" panic that seems to happen now when kids are confronted by anything that isnt from slurp,) then companies - and communities can move on from this lock in enabled extortion.

    Once data is stored or processed elsewhere it isnt "yours" anymore, and as a citizen, I abhor the practice of submitting data that I am legally required to give the government, or other private data amassed by healthacre etc to a private company just because they hold the power to take it, That adat should remain on servers owner and operated by those who I have to give the data to.

    1. LDS Silver badge

      People never learn using an OS - they learn to use applications. The OS needs to be less intrusive as possible. Any OS that gets in the way requiring complicate hops to perform basic operations will go nowhere. Most people are not IT techies, and see computers just as something they have to use even when they would like to work without. Moreover, applications may be far more complex to use than an OS (from a user perspective), and "reskilling" user to use different applications with different GUIs and workflows can become quickly quite difficult and expensive.

      While in large organizations IT people need something that can be easily deployed, configured and maintained remotely.

      1. sum_of_squares
        Linux

        "People never learn using an OS"

        To me the GNU core utils are closely related to the Linux Kernel. Is "chmod" a programm or an extension of the operating system? Yes, you could use Linux without the GNU stuff, but nobody really does this (and vice versa).

        I think this is one of the more profound distinctions when it comes to Linux vs Windows. What people comes to mind are often comparisons of "Can LibreOffice Calc be a good replacement for MS Excel?". But the real difference is that Linux is all about enableing the users while Windows is all about dumbing down users. The core of Linux is having a toolset of things that do one thing particularly well. Windows is all about having a "one size fits all" approach where the UI of PowerBI looks a lot like the UI of Excel even though they are vastly different from each other.

        Even the most stupid user can use Linux nowadays, nevertheless you should encourage users to learn more and become curious instead of abstracting everything away and trying to enforce a digital lock-in for the sole purpose of maxing out some companies income.

        1. Unicornpiss Silver badge
          Alert

          Maybe a little off track..

          "People never learn using an OS"

          Well, you may be right, and that's part of another problem. I've lost count over the years of how many high-level people with advanced degrees and lofty salaries I've met that don't understand how to do basic copy n' paste, how to zip/unzip a file, or the difference between a file and a shortcut, a mapped 'drive' vs. a UNC path, or even the critical thinking skills to parse an error message that tells exactly how to solve the problem that's occurring. And these are people that surely used a computer at least starting with their college years.

        2. Richard Plinston Silver badge

          > you could use Linux without the GNU stuff, but nobody really does this

          except _everyone_ with an Android phone.

    2. Anonymous Coward
      Anonymous Coward

      A Linux From Scratch (LFS) project would be a good a way to train kids in IT related classes about the use of a non-Microsoft OS. That's a long term fix. In the short term Governments will have to pony up to retrain IT staff in GNU/Linux and BSDs usage; of course, there's a lot of overlap across those OSs. Those are things that are worth doing.

  15. Alister Silver badge

    Some of the arguments, such as the risk of cloud downtime, seem familiar from years back; and yet it has not impeded cloud adoption.

    That's because those making the decision to move to the cloud, in nearly all cases, are blind and deaf to the consequences, and only see the immediate cost benefits.

    1. yoganmahew

      And further the beancounters don't understand the risk.

      A cloud provider with a bazillion tenants has an average of near zero downtime. But amongst that bazillion, there are tenants that are degraded for hours or days. If you count your average uptime by tenant (regardless of size), a large tenant down is the same as a small tenant down - effectively a rounding error.

      But what if it's you?

      Beancounters need to look at not the change they will hit an outage, but the impact of the outage when it inevitably hits them. How would they cope with a week's outage? Or a permanent loss of data (like AWS-E tenants sufferred last week)? Does that mean an on-prem backup solution is required? How much would that cost? (egress is expensive). How long would it take to deploy? Can it even be deployed?

      It's surely just a matter of time before cloud ransomware.

    2. briesmith

      Alfie - tell me, what's it all about?

      The cloud - somebody else's computer.

  16. Anonymous Coward
    Anonymous Coward

    Story over here at the Beeb....

    Microsoft president: Don't move fast and break things

    https://www.bbc.co.uk/news/av/technology-49768347/microsoft-president-don-t-move-fast-and-break-things

    Are Microsoft taking the piss ?

    1. Doctor Syntax Silver badge

      "Are Microsoft taking the piss ?"

      When weren't they?

  17. Aussie Doc
    Joke

    Surely they jest

    Drop MS and consider Google G-suite??? And don't call me Shirley ---->

  18. NE-bot

    The lack of OSS money has been noticed for a while

    This article brings to mind some collected research by the excellent Nadia Edhbal who has an extensive tech life including VCs.

    She collated some stuff on this here: https://nadiaeghbal.com/research/

    But yes, it looks like the dominant tech model for sustainable OSS is develop the software, sell the support + ready made cloud options. It works BUT a) is never going to be massive money and b) as this article points out, is vulnerable to being bought out by more unscrupulous companies with large cash piles like MS/Goog.

    Technically speaking, OSS should be more sustainable, better for the world etc, but current real world conditions are against it.

    1. Doctor Syntax Silver badge

      Re: The lack of OSS money has been noticed for a while

      "as this article points out, is vulnerable to being bought out by more unscrupulous companies with large cash piles like MS/Goog."

      Or even IBM. But from the business's point of view, as opposed to the users', that could be part of the business plan.

  19. Anonymous Coward
    Anonymous Coward

    The inherent risks in IT dependency on commercial software vendors

    “The paper examines the risks inherent in IT dependency on commercial software vendors”

    Seems like a good idea for the use of Open Source software, that way you're not locked into any one commercial vendor.

  20. Anonymous Coward
    Anonymous Coward

    Retraining is a canard

    A common wail is that people must be "retrained" to use OSS. Believe it or not, the majority are not that stupid/inflexible and adapt quickly. (Principle of least astonishment and all that.) There will always be those complaining that they cannot embed videos in their spreadsheets or whatnot.

    (Note from my past: Decades ago, I was attending an industry conference on crypto in embedded systems. One of the speaker -- consultant -- spent his half hour railing against Linux in the military because of "retraining" costs, rather than discuss what he said he would. The week after, MS released a completely new i/f for Windoze.)

    1. FrogsAndChips Silver badge

      Re: Retraining is a canard

      And retraining is unavoidable with MS products anyway. I can't count the number of hours I have wasted after Office updates trying to find out where the hell some icons had been relocated. WHY DO YOU NEED TO RESHUFFLE THE BLOODY RIBBON EVERY 3 MONTHS???

  21. briesmith

    Don't buy bundled software; find out what you need and buy that.

    Microsoft can bully home and SME users but it can't bully big buyers like the NHS, the Police (although they're doing a good job bullying themselves with the NEP) and so on. They need to bring pressure on Microsoft and others to end bundling. In all our best interests.

  22. root01

    Start by creating a list of open source software covering specific areas like the french government does with Socle Interministériel de Logiciels Libres (SILL)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019