Schleswig-Holstein, Germany’s most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.

Concerns over data security are also front and center in the Minister-President’s statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.

Saunders noted that “the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission’s use of Microsoft 365 breaches data protection law for EU institutions and bodies.”

  • Karyoplasma@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    7 months ago

    Let me tell you a story about proprietary software:

    The German police force have a contract with a software firm that wrote their program to file and archive emergency calls. Basically just a form that goes to a database. Now, one day, an update got pushed. The problem with that update was that the hotkey for quitting out of the current form (q) now also fired when inside an editing field. The software firm did not acknowledge that as a problem and it took months of complaints to fix and it cost the taxpayer around 300,000€ in “maintenance fees”.

    • AggressivelyPassive@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      As someone who works with government agencies as a software developer: they are absolutely awful.

      You’ll get no specification at all, those you do get will change at least three times and every stupid little decision needs at least 20 people from different states, cities or agencies to agree.

      Yes, the bug is pretty bad, but I’m also very sure that what you’re describing is not the whole story.

        • AggressivelyPassive@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          You never worked with bureaucracy, did you?

          From a technical standpoint, you are absolutely correct, but reality and bureaucracy don’t always match.

          I’ve had instances, where we had glaring holes in our security, but were not allowed to fix them, because the datacenter (operated by a public agency) only does deployment in a fixed schedule.

          I’ve had officials of some sort who wrote in the contract, that each and every change has to be on the staging environment for at least one week for testing and signoff.

          It’s absurd and stupid, but realistically, you often can’t change it.

          • Rikudou_Sage@lemmings.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            I did, that’s why I’m talking about it.

            In my experience, what you say is absolutely true, but glaring bugs like that are deployed as a hotfix.

          • barsoap@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            7 months ago

            That’s one of the reasons why dataport (who are going to do the migration as the state’s IT consultant / dev house) was founded in the first place: So that IT can work like IT does and not be beholden to bosses who think in bridge construction terms in one place, and tax collection terms in another. Now those bosses are mere clients of an inter-state agency that does nothing but IT, and IT can speak with authority when it comes to IT matters.

            • AggressivelyPassive@feddit.de
              link
              fedilink
              English
              arrow-up
              0
              ·
              7 months ago

              That won’t change a thing, unfortunately.

              My employer currently works with a bunch of agencies and I’ve been involved with some of them. I can deliver the best product ever with the best process and lightning fast deployment - if the client doesn’t get its shit together, you won’t deliver on time/in budget.

              Anecdote I’m currently part of: an agency bought a new app, we’re 98% done, we could go live on Tuesday. But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly. This agency however doesn’t react. At all. And because it’s something like 5mm outside of the jurisdiction of the agency that is our direct client, there’s nothing we can do. So the system is just sitting there waiting.

              I could go on and on. Dataport is a good idea, but if all their clients are overworked, understaffed or straight up incompetent, there’s not much they could do.

              • barsoap@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                7 months ago

                But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly.

                There’s no “their system”: The boxes under the desks of civil servants are managed by dataport, talking to backend infrastructure managed by dataport.

                If there’s some new administrative procedure agencies or ministries want their civil servants to do and it can’t be implemented because it’s under-specced or just incoherent then dataport gets to send that spec back saying “fix your shit”: It’s not like the agencies have a choice in who’s running their infrastructure. The tax office can’t do jackshit if the fire inspector doesn’t like their new plans either. If things are implemented as specced and people complain and want a rework then dataport can say “well it’s your budget, not ours”. If they do that all the time at some point the court of accounts will take them aside for a polite conversation. Just this one thing, making IT external to whatever it is that the agency is doing, provides lots of accountability.

                That is: The solution isn’t so much to eradicate bullshit but to make sure that it stays in the silo where it got generated.

                but if all their clients are overworked, understaffed or straight up incompetent

                I’ll just leave this here.