Schleswig-Holstein, Germany’s most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.
Concerns over data security are also front and center in the Minister-President’s statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.
Saunders noted that “the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission’s use of Microsoft 365 breaches data protection law for EU institutions and bodies.”
Good lord, they are in for a world of hurt.
Unrelated to the question but on the picture:
The AI nicely drew a german city but … put the naziflag on the ships Rather than the current german flag.
Or more noticably all the southern hemisphere penguins
Why is that image even there? It’s not in the original article unless my adblocker is removing it for some reason.
EDIT: before anyone states the obvious, yes, I know how OG metatags work. What I’m asking is why would they chose that particular image, with the penguins and all, to accompany an article like that, and not, say, just a regular stock image of a German city?
Even stranger, the filename in the URL implies that this was potentially even intended: https://regmedia.co.uk/2024/04/04/shutterstock_kiel.jpg Almost makes me wonder if some intern put an AI image there for shits and giggles to see if anyone notices.
Finally, where exactly do you see any Nazi flags? All I can see is a red, white, and black livery, which ARE the colors that the Nazis used, but not in that arrangement. There are no swastikas anywhere (as far as I can see), so it seems as if this rather the flag of the German Empire, which also used the same colors, but predates the Nazis by a good 60 years.
A stock image of Kiel is really not out of place for an article about Schleswig-Holstein, it being our capital and all. It’s also a fleet base. And you can find vaguely similar towers there.
What doesn’t make sense is the rest: The penguins, the what galleons I think with Imperial livery, Schwarz-Rot-Gold in combination with Imperial livery, what looks like a Lübeck flag (of all cities!) but rotated, and whatever the other flag is supposed to be. This is Kiel’s flag, for reference. Oh: Half-timbered houses. Those look like copy+pasted out of Swabia or something.
Okay but the penguins do make sense, right? Penguins are like the mascot of linux
Penguin, singular. Also none of them are fat and content enough to be Tux but fair point, that’s probably how they ended up there.
Its a meta property in the HTML. Viisible to software, but not shown in the article.
Afaik, it was the flag of the Third Reich from 1933 to 1935 (so before the Swastika flag).
It’s actually way older. It appeared first as official flag in 1867 for the north German federation, was adopted in 1871 to be the flag of the German Empire and was no longer in official use in1919 (albeit nationalist groups kept using it).
After that, you’re right.
More Info here: https://en.m.wikipedia.org/wiki/Flag_of_the_German_Empire
Maybe soon a unified CSV handling might be possible.
Commas are too common, we should go with semicolons. And
\nand UTF-8 by default. And a header that defines changes from defaults, plus metadata such as data logger model and settings. These are some significant quality-of-life improvements but I’d guess it will take another file extension before that happens.I just don’t like that CSV exists as a format and has no standards currently. If you remove commas from CSV then you’re taking the C out of CSV.
SCSV (semicolon separated values) at least sounds like an upgrade to CSV. Or maybe just use something that is flexible but is standard like JSON?
Yeah, SCSV would work, with a .ssv file extension for FAT compatibility.
JSON is overkill, tabular data is often recorded by 8-bit devices. Yes, you can use a dishwasher to cook salmon, but building a dishwasher is difficult and it can break in many more places. Each piece of salmon also needs to be carefully wrapped.
At that point why not use TSV?
I can confidently say that CSV support is one of those problems that even the brightest computer scientists will be pondering for the decades to come.
Supporting CSVs sounds like an easy problem, but it’s not. It’s like a whole different complexity type. Time complexity, space complexity, and now, the dreaded subclass between spec complexity and organisational complexity.
You can’t just make the users agree which delimiter to use and how quotes are supposed to work. That’s nearly impossible. No no no.
I genuinely hate AI art
Right? The rash of AI images used in journalism is genuinely troubling. It seems like at least 50% of news article thumbnails I see are AI these days.
And, like…are those penguins in the back cheering with human arms? Is that an orca jumping out of the water? What the fuck is going on.
This one is terrible because it’s like a montage of a penguin colony over a generic historic painting of a port city. Very little creativity and quality control. I’d just combine some actual photo of the Kiel port and penguins jumping out of water. (Not necessarily these two)
What you actually want is a nice picture of either a market place or seafront promenade and a fat and content (as usual) Tux munching a Fischbrötchen
Cool but that would require some cultural awareness, and the reporters cannot be bothered.
You mean collage? I agree. I think your suggestion would work best if it was also made to look like an obvious collage. If it was accurately photoshopped to look like the penguins were actually there it would look silly.
Good!!! I hope other governments follow.
Good. This makes them less vulnerable to the malware that Windows innately is.
In the enterprise space, Windows isn’t an issue at all.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Windows laptops have been tightly locked down since the early 2000’s, including USB ports.
I’ve never seen a virus or malware on a machine in enterprise, and if it were to occur, the most it can damage is the local machine, as network shares are minimal (most data is kept in databases), the shares with write access are limited to small user groups, etc.
Users simply lack permissions to change stuff, so malware lacks it too.
Have you been near some sort of news in the last years? Corporations using windows get hacked regularly and they are far off from having everything in a database somewhere. You have no fucking clue. What you are describing is the dream of corporate security newbies, but no big corporation let alone some state government is anywhere close to that.
They have massive shares, where all the people can read and overwrite everything, they open all attachments directly on their machine and click away all warnings without reading them. (Who needs USB if you can mail malware directly?)
This is hell and in Germany dozens of smaller or bigger government networks were hacked and massive amounts of data encrypted last year alone.
I can from personal experience that there is a huge push to get much more secure in the local government space in the US, including adhering to NIST 800-53, and be audited on it. It’s not foolproof, but it’s a much needed step forward towards preventing big events becoming breaches. But if they are a breach they’ll be lower impact. It’s painful to get there, but I’ve been involved heavily in the conversion in policies and procedures to get there.
This is because enterprise manages security properly - layered, minimum perms to perform a task, etc.
Apparently Microsoft itself isn’t Enterprise?
I’ve never seen a virus or malware on a machine in enterprise…
Change Healthcare - https://www.msn.com/en-us/money/companies/change-healthcare-hack-what-you-need-to-know/ar-BB1kvg2t
MGM Grand - https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
HP Enterprise - https://apnews.com/article/russian-hackers-hewlett-packard-enterprise-microsoft-sec-breach-cozy-bear-d4e88ded0a47d010216e11f41132f72c
Here’s 12 more - https://www.kaspersky.com/blog/ransowmare-attacks-in-2023/50634/
Users simply lack permissions to change stuff, so malware lacks it too.
Oh something is lacking in your world and I’m not talking about permissions.
I wouldn’t say that Windows is malware itself, but rather it wasn’t created with a security-first stance, which we absolutely need for all OSes going forward. I say this as someone who ditched Windows as my DD (“I use Arch, btw”). I left Windows more for their policies and subscription models that are becoming increasingly anti-consumer.
With that said, let’s not pretend that Linux is immune as has been proven in the past week with xz and liblzma being compromised. Yes, it took 3 years to get to the point their long game paid off, but it still happened through a series of credibility social engineering steps by a single person. (Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
(Yes I know others were also trying to do exactly this, but only Jia Tan was successful)
The reason you know is because the target software is FOSS. Care to bet other similar schemes have been successfully pulled off with proprietary software?
You only know this happened because one dev was benchmarking their system and noticed a 0.5s anomaly in resource usage, and was able to track it down to this. For every one of these that are caught, there are countless more that slip past.
I actually look at it a completely different way. There are so many users optimizing and digging into the core of open source versus proprietary that with so many randoms actions there’s less “vulnerable” dark spots available. If we think there’s a limitless X amount of vulnerabilities (since we don’t know the true ceiling limit), open source will always be “X (vulnerabilities) - 1” compared to proprietary. Completely a math metaphor but gets the point across, It’s a path that lessens the impact which we should be striving for over profit/monopoly motives.
I think because there is so many surveillance built into proprietary software, companies like U.S. probably can just ask for any information from Apple, Google, Facebook, Microsoft when they need it.
On the other hand, countries like China and Russia would need to compromise these product like Jia Tan did. Except for Apple, because every apple service in China is maintained by a Chinese company with no encryption allowed.
Of course, there can be malware for open-source systems such as Linux, but it’s generally caught and patched a lot faster.
I wonder what they will choose for their base. I was surprised LiMux was based off Debian since Suse is headquartered in Luxembourg City. I personally would welcome a large organization choosing Suse products as we need more competition for RHEL (which would be a huge boon in productivity since we won’t need like 3 projects to spend a decent amount of time repackaging RHEL).
Redhat and Debian are separate projects, tmk.
According to an old interview, pretty much whatever: They’re saying “five big distributions are suitable”.
They’re starting the switch with apps, not the OS. From a technical POV it’d be nice to see NixOS as it’s devops / managed deployment heaven. It also happens to be European and, just like Debian, it’s a community distro.
For a project of this size, doubly and triply if it gets even more states as users, it absolutely does make sense to have your own release channel, have a team working on nothing but pushing patches (security and otherwise) onto an LTS branch and upstream as well as integration testing for the precise desktop you’re shipping to users: The states are paying them to support a desktop, not an OS to run whatever on.
Nix does have an interesting package manager.
The states are paying them to support a desktop, not an OS to run whatever on.
Don’t they need money to fund both aspects? Is there any support to lean on someone goes with Nix?
A lot of governments in the US pretty much go through Microsoft for simplicity. There’s a lot of software obtained from a single vendor. I suppose that’s why rhel is so popular.
Dataport is big enough (5200 employees) to support that kind of thing themselves, and they precisely are the single vendor for the participating states (it’s an inter-state public corporation). More than twice the employees Suse has, quarter the size of RedHat.
Let me tell you a story about proprietary software:
The German police force have a contract with a software firm that wrote their program to file and archive emergency calls. Basically just a form that goes to a database. Now, one day, an update got pushed. The problem with that update was that the hotkey for quitting out of the current form (q) now also fired when inside an editing field. The software firm did not acknowledge that as a problem and it took months of complaints to fix and it cost the taxpayer around 300,000€ in “maintenance fees”.
As someone who works with government agencies as a software developer: they are absolutely awful.
You’ll get no specification at all, those you do get will change at least three times and every stupid little decision needs at least 20 people from different states, cities or agencies to agree.
Yes, the bug is pretty bad, but I’m also very sure that what you’re describing is not the whole story.
That bug should have been a hotfix. Or a rollback.
You never worked with bureaucracy, did you?
From a technical standpoint, you are absolutely correct, but reality and bureaucracy don’t always match.
I’ve had instances, where we had glaring holes in our security, but were not allowed to fix them, because the datacenter (operated by a public agency) only does deployment in a fixed schedule.
I’ve had officials of some sort who wrote in the contract, that each and every change has to be on the staging environment for at least one week for testing and signoff.
It’s absurd and stupid, but realistically, you often can’t change it.
I did, that’s why I’m talking about it.
In my experience, what you say is absolutely true, but glaring bugs like that are deployed as a hotfix.
That’s one of the reasons why dataport (who are going to do the migration as the state’s IT consultant / dev house) was founded in the first place: So that IT can work like IT does and not be beholden to bosses who think in bridge construction terms in one place, and tax collection terms in another. Now those bosses are mere clients of an inter-state agency that does nothing but IT, and IT can speak with authority when it comes to IT matters.
That won’t change a thing, unfortunately.
My employer currently works with a bunch of agencies and I’ve been involved with some of them. I can deliver the best product ever with the best process and lightning fast deployment - if the client doesn’t get its shit together, you won’t deliver on time/in budget.
Anecdote I’m currently part of: an agency bought a new app, we’re 98% done, we could go live on Tuesday. But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly. This agency however doesn’t react. At all. And because it’s something like 5mm outside of the jurisdiction of the agency that is our direct client, there’s nothing we can do. So the system is just sitting there waiting.
I could go on and on. Dataport is a good idea, but if all their clients are overworked, understaffed or straight up incompetent, there’s not much they could do.
But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly.
There’s no “their system”: The boxes under the desks of civil servants are managed by dataport, talking to backend infrastructure managed by dataport.
If there’s some new administrative procedure agencies or ministries want their civil servants to do and it can’t be implemented because it’s under-specced or just incoherent then dataport gets to send that spec back saying “fix your shit”: It’s not like the agencies have a choice in who’s running their infrastructure. The tax office can’t do jackshit if the fire inspector doesn’t like their new plans either. If things are implemented as specced and people complain and want a rework then dataport can say “well it’s your budget, not ours”. If they do that all the time at some point the court of accounts will take them aside for a polite conversation. Just this one thing, making IT external to whatever it is that the agency is doing, provides lots of accountability.
That is: The solution isn’t so much to eradicate bullshit but to make sure that it stays in the silo where it got generated.
but if all their clients are overworked, understaffed or straight up incompetent
Hey, can you hear that? That’s the sound of hundreds of IT support workers silently crying out at the thought of having to explain a whole new OS and new office software to some boomer.
I think it is fine if everything they used to do have a replacement, my wife has been using my laptop running silverblue for personal laptop, doing homework and everything, until she want to use affinity photos or forced to use docx.
That being said, docx is invented specifically sabotage of open document standard and cross compatibility, but I installed onlyoffice for her, and everything is fine now. And if she spent as much time in GIMP and dark table, she should be as happy as in affinity photo, since she doesn’t use that many features anyway.
Same happened with her father in law, he was trying to do some business work, I give him the silverblue laptop, and opened only office. He can work just as normal, after I told him how to use the super key in gnome.
Most office worker, and students only uses very limited functionality of some software, if all of which has a decently intuitive replacement, I think they will be happy.
Doubt it. Most users are point-and-droolers with no understanding nor desire to learn the base concepts behind the interfaces they’re using. No IT worker has ever successfully explained a technical concept to an (l)user in the history of ever.
These people learn how to use computers at their jobs by rote, not by comprehension, and to them one word processor, spreadsheet, or browser is much the same as any other once they learn where all the buttons are that make it do what they want, and their interest in any of it stops precisely at that point and no further. There will be some grumbling about “the new system is so much worse than the old system,” but that very same grumbling always happens whenever the “system” changes, regardless of whether or not the new one or the old one was actually the worse of the two.
Furthermore, these days I guarantee you the majority of the work they do is entirely within a browser via some ghastly intranet site which will not look or behave any differently on Linux vs. Windows vs. Mac vs. a Chromebook vs. a graphing calculator, etc.
I am one of the sysadmins that will have to deal with the Fallout of this. I dont worry to much about the desktop side of things, Users can offen adapt well enough to clicking a different icon to do the same task. What worries me is moving away from Exchange and Microsoft AD, these systems include a lot of features we take for granted and will likely be missed.
Some helpful links:
https://wiki.archlinux.org/title/Kerberos
https://wiki.archlinux.org/title/Active_Directory_integration
https://wiki.archlinux.org/title/Samba/Active_Directory_domain_controller
Suggest you run a small virtual lab to get your head around things.
It is doable, and there are articles out there about sysadmins running it with great success in a mixed environment.
Good luck, admin 👍🏻
I hired an accountant to do my taxes this year and her company had just switched to Libre Office and she, a boomer, could t figure out how to open a fucking CSV with it. She kept complaining about it just being a string of numbers and letters.
I resorted to providing her with PDFs instead.
Wait? Don’t you just double click?
Unless they are opening it in text editor?!
deja vu…
Really? This town announced it before?
No, but Munich did something similar a while back. Different German town, similar headlines.
LibreOffice is perfectly fine for your Dear Princess Celestia letters (which 99 percent of Word users do is write simple letters), but once you start doing more advanced formatting (such as tables and text boxes and other embeddings), LibreO really doesn’t like it. And good luck if you have to convert such a Word document.
Malarkey. It does give with tables and boxes. I’ve been digitizing my home be brew ttrpg system slowly over the last few years, using libreoffice. Zero issues, zero difficulty.
And I’ve now written three novels, a novella, and many short stories with it. The native epub output isn’t perfect, but it does fine for alpha/beta reading. And that’s the only flaw it has for prose.
I’ve converted older word documents in the process of the ttrpg formatting, btw, with no issues.
The word processing part is all I really use, so I can’t say much about anything else in the suite, but librewriter is fully capable.
Does Word like advanced formatting? I’ve found LaTeX easier to use for typesetting, and I don’t like LaTeX.
Wait a second lemme just quickly program my letter
You don’t compose your letter in word either… Nor do most people need “advance” formating for letter. I doubt you are formating floating subfigures, aligning equations, and organizing citations for every email.
That’s a blatant lie. LibreOffice Writer works better than M$ Word for every single purpose and application.
I do lots of advanced formatting in LibreOffice and it works a LOT better than Microsoft Office ever has, mostly because the functionality is consistently found in the same dialogues across versions. Also, references are not permanently broken like those in documents submitted by my windows using colleagues.
This is disingenuous and misleading.
Yes compatibility with Word with complex formatting is problematic, but is that really libreoffice or is it Ms office?
For documents drafted in LibreOffice complex formatting is rock solid. It’s patently false to say its just generally inferior to Word in this regard.
Yeah it is always funny when people shit on non-MS office suites for not being 100% comaltible with MS Office, when it is Microsoft who doesn’t stick to the international standards.
How can they be international standards if they don’t include Microsoft? Doesn’t Microsoft and all its employees count as part of this global international world? See, Microsoft is the victim here.
You might want to look into what standardization means.
Start here: https://en.m.wikipedia.org/wiki/International_Organization_for_Standardization
And here more on our specific case: https://www.iso.org/standard/66363.html
Imo companies who hinder or harm standardization (Microsoft and Apple are the leaders here) are literally among the worst things on this earth.
Oh hey, I’m from Schleswig-Holstein! That’s neat! I mean libre office looks like shit (they probably never saw a UX designer and high DPI scaling has been broken since like forever) but at least its not Microsoft. And if its functionally the same, why not? So yeah, good news!
Eh I don’t think it’s that bad and with the dark theme and breeze icons it looks amazing
If you have to tweak it to make it good, it’s bad.
Damn windows and Mac are dog water then
Both work out of the box really well. Sure, Windows will break inevitably, but it’s usually few months before it does. Office looks really good. And that’s all that matters.
You don’t have to convince me, by the way, I’ve been using Linux for 15 years. But I’ve been in IT pretty much all of my adult life.
Until developers make stuff really good looking out of the box, FOSS will be still the ugly thing no one except IT people want to use.
If you go by that logic, most things in FOSS would be considered bad, which is not true.
Well, most things are bad from UX perspective, it’s just that people who use FOSS are used to that.
That’s why only enthusiasts usually use FOSS.
Before you start throwing around the five or so exceptions that exist, I’m well aware, but it’s just that - exceptions.
Writer and Calc look almost identical to ms word and excel on my Debian 12 system… Congratulations by the way, you should be proud of your state!
Good to know, maybe it’s just the port then and their website (shudders) has been a year or so since I tried it. Yeah, I think it’s a good move and if it convinces other States even better.
Yeah, check it out. I’m not a power user of spreadsheets, so I can’t address what the previous commenter said about functionality but the UI looks good on mine and my girlfriend’s systems. She’s been using Calc to run her catering business for over a year without any complaints, so I would feel good about recommending it.
As someone using LibreOffice at home and MS Office at work (both daily): nope, unfortunately, Calc is pretty shit compared to Excel. It’s enough for my personal needs but I wouldn’t want to rely on it professionally.
Ich verwende übrigens Arch.
*Gewölbe
*Bogen
Anyone tried out the Russian military’s distro?
Boom. Listen up NHS England.
