New platform for open source in SA - TechCentral

New platform for open source in SA

Charl Botha

Charl Botha

A new organisation wants to promote the use of open-source software in South Africa’s public and private sectors.

“Not using this software in South Africa is detrimental to our economy and skills development,” says Open Source Software for South Africa (OSSSA) founder Charl Botha.

Open-source software is software that does not conform to traditional software licence models and can be used and distributed freely.

Botha is a computer scientist who wants to create a platform that will pool the resources of other open-source initiatives. He believes South Africa’s government should standardise on open source.

When he is not actively campaigning for open software, Botha runs a visualisation, imaging and software engineering consultancy called Vxlabs.

OSSSA was launched last week and consists of a group of individuals and organisations that promote the use of open source in South Africa, including the Open Source User Group of South Africa. “We believe open-source software is good for our economy and for the empowerment of our people.”

Botha founded OSSSA because, he says, the country sends millions of rand to rich companies in developed countries to pay for software like Windows, Office  and Sharepoint, and for the support of that software.

Botha says most of these packages have free, open-source equivalents.

“If we were to use the open-source versions instead, we would be able to inject a large portion of this money into our local economy to pay for support and training.”

In the long term, it would also provide room for local business to grow and cultivate local skills, he says. “We would not be indentured to specific foreign companies anymore, but we would be able to choose freely, thus encouraging competition in the local market.”

The OSSSA website will make information available to allow South Africans wanting resources or support for open source-software. Botha wants the organisation to be the central point for all conversations about open source.

Botha says the OSSSA will campaign for increased uptake of open source in South Africa, especially in areas where it sees opportunities. “This means writing letters to our representatives in government and to the mainstream media, and working together with groups that are already active in government lobbying for large-scale improvement.”

Botha believes it’s not only servers and cloud-based applications where open source has a place, but also in the software that ordinary people use every day. Most computer users focus on a tiny subset of software functionality — they need to be able to read and write e-mails, documents, spreadsheets and presentations.

Asked about similar campaigns that have been launched before, Botha says what’s different now is timing.

“Most computing devices now run on some form of open-source software. Google’s Android is a good example. Even smart TVs run on Linux, he says.

One of the things often preventing the mass roll-out of open-source software in government and businesses is file formats, Botha says. “It is not a good idea to keep documents in proprietary formats, especially not if we want to ensure those data files remain accessible in 50 years’ time.

He also believes that moving to open-source software will allow South African developers to fill the gap left by the transition from licensed to open-source software. He says local software engineers will also be able to attract foreign business. Although this will be good for citizens too, Botha says they are targeting government because its taxpayer’s money being used to license software.

“We really can empower South Africa with open-source software, its not about limiting anyone, we just want to ensure that the majority of the computing we do happens on open-source software.” He says its good for the economy, its very good for skills, and it allows us to write our own story instead of having it written by someone else.  — © 2014 NewsCentral Media

  • Heisenberg

    I think people have had enough problems trying to understand the mess that is Windows.

  • Gareth David

    This is all good that they want to have government spend money elsewhere to help skills development and training, but the reason I don’t see this growing as big as it should is because forcing people to one solution will force innovation to stagnate.

    Most open source project attempts to mimic closed source/commercial projects, but never really get to a point where its comfortably better. Now this is obviously not true for everything, but for a large part of open source software.

    It might help us now, but in a capitalist world, you need to bring something else to the table to fund innovation… and having ads placed into systems which already look horrendous is not going to help.

    Personally I don’t think people are tired of Windows, they are tired of payment to keep up with trends, open source just promotes continuously paying smaller amounts for support versus larger amounts now and then which includes support. In the end, both is equally expensive but the open source always lagging behind to some extent.

    Let the hateful comments (or comments to “prove me wrong”) start…

  • cpbotha

    No hate from this side in any case. 🙂

    They might both be equally expensive, but OSS allows us to channel that equal expense into the SA economy and business, and not into the coffers of already-well-off foreign mega-corporations.

    Furthermore, our schools and universities currently deliver bright young people who use proprietary products for no other reason than the fact that that is what they are used to. Here again is a great opportunity for local development.

  • Anti_Trust

    I think this is a brilliant idea. The constant Windows updates drive me Satty not to say anything about the virus software that keeps costing. Open source will bypass this problem to a large extent. If we can get this going it will do the economy a world of good and save a lot of money. It has my support!

  • Greg Mahlknecht

    If you are using a version of Windows less than 5 years old, free antivirus is built in – and Windows Defender is better than a lot of the bloatware Windows AV you pay for.

  • Greg Mahlknecht

    >Most open source project attempts to mimic closed source/commercial projects

    My problem isn’t that they try and mimic commercial products (I quite like that, I work with Linux occasionally, and they’ve copied Windows so much, it’s turned in to a familiar environment) – it’s that so many try and do it simultaneously. Yes, it’s good to diversify, but it’s also quite self-defeating. They spend so much time trying to be the #1 OSS solution, by the time they’ve finished fighting each other, Microsoft has gone on to the next version of Office/Windows/whatever and pulled even further ahead.

    For me, the aqueduct in Life Of Brian perfectly sums up the Linux distribution situation, and much of the OSS movement:

    [The People’s Front of Judea are breaking into Caesar’s palace. However, they become distracted by the Campaign for a Free Galilee, a rival organisation with the same plan, and a fight breaks out.]

    Brian: People, we should be struggling together.
    PFJ member: [in a headlock] We are!
    Brian: No, we should be rising up against the common enemy.
    All: The Judean People’s Front?!
    Brian: No no, the Romans!

  • Greg Mahlknecht

    I went to the OSSSA site, and I have to say – quite disappointed; I expected to find some of the things the article talks about – local people I could get support from for OSS (we use some OSS packages in my company and I do support local guys, so am always interested in knowing about alternatives), productivity package equivalents, etc. But there’s just an empty forum and no information.

  • cpbotha

    My apologies, it’s being worked on; remember that we started just last week. 🙂

    The current highest priority is building our network and starting to contact government. We’ll get to the resources that you mention as soon as we can. (if you feel moved to contribute in that light, please let me know at info AT osssa.org.za )

  • cpbotha

    There’s a well-developed and institutionalized trade in Windows vulnerabilities. Even the NSA takes part http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/ and so do many underground sites.

    Although OSS has also had recent issues (heartbleed, shellshock, poodle), the fundamental issue with proprietary software is that vulnerabilities can and do remain hidden (and abused) for a long time; you’re at the mercy of the vendor. Current legislation also means you can’t even trust the “good” vendors. In contrast, OSS can be fully audited down to the source level by *anyone*.

    Bottom-line: No software is completely safe, but OSS is significantly better than proprietary in this regard.

  • I think that you’re missing the point about open source – its about contribution not consumption.

    The notion that OSS is “unlicensed” is disingenuous. Its a different licensing model – one where you you get the ability to extend and change the software you buy as you choose.

    The idea that supporting OSS because its free (as in free beer) is unsustainable and therefore inappropriate for both government and business. Rather institutions should use and support OSS because its the best solution and that the best solution (even when it’s OSS) might cost more.

    In fact, the “rich companies in developed countries” that you refer to are some of the biggest supporters of the OSS ecosystem. Microsoft is a case in point (ironically Apple not so much).

  • cpbotha

    Remember that this article is an introductory summary, not the complete story. Please also check the website and let me know if you want to discuss.

    I’ll address each of the points in your comment in turn:

    * “licensed to open source…” was not my choice of words. I prefer proprietary vs open source. I’ve been working with open source licenses (as the owner of a number of projects and a committer on a number of other projects) for a number of years now. If you’ve ever used Linux, you’ve probably run some of my code.

    * The main motivation is not that it’s free (as in beer), it’s about having more freedom in deciding where and how we invest the money intended for software. We can contribute to the OSS ecosystem, and stimulate local economy and skills at the same time.

    * I know that MS has had to revise its strategy significantly to remain relevant, also increasing its OSS support. However, that does not diminish the potential positive impact of redirecting more software expenditure back into SA.

  • cpbotha

    (almost forgot to ask: I would be super grateful if you would like to clarify, in an educational fashion, any of the issues you touch upon in your comment here in a blog post on osssa — let me know if you’re interested! 🙂

  • philipcopeman

    Charl we have been saying this for years. TurboCASH saves SMEs hundreds of millions each year. We are based in Cape Town and are the worlds leading open source software for SMEs. We spend more money marketing in SA than anywhere else. Each month the rest of the world moves faster with our product and SA slips further back.

    So what are you actually going to do that is going to be different?

  • cpbotha

    Hi there Philip!

    To answer your question: 1. Potential positive impact of general OSS migration in SA would be significant. 2. OSS awareness has been steadily increasing, the timing is better now. 1+2 are sufficient reasons to keep on trying promoting this.

    It would be great if you would be willing to write a blog post about TurboCash on the OSSSA website. Could you let me know via the OSSSA website email? (seems discus doesn’t like it if I post something that looks like a URL)

  • Philip, I acquired TurboCASH early 2000’s when I started my business, but found that no Accountant could do my books due to incompatibility with Pastel, which the majority of them use, so I had to ditch the software and go the Pastel route.
    Is this now a different story with TurboCASH? How compatible is it now?

  • kmf

    +1 my full support

  • Mohamed Ganie

    This is very refreshing, I am willing to participate will all the time I have available

  • Abdul Thompson

    Finally, someone that really know that resources and hardware manipulation can actively contribute to speed and better inter-internet connectivity.

    Guys, all becomes so easy, SQL dbase access let alone any other and many other improvements can be achieved by open source. thumbs up guys

  • Greg Mahlknecht

    I think that the OSS vulnerabilities you mention kind of blow the famous “many eyes” argument out of the water. It’s very clear that this is just not true, with the Shellshock vulnerability being 25 years old; Heartbleed 3 years old and gotofail a few years at time of discovery. The danger, of course, is that these vulnerabilities are in plain sight for bad actors to exploit. One assumes that it’s only well-intentioned people looking for these bugs, when in reality the Chinese and Russian governments are probably spending billions looking for these, and we’d never know if they found and exploited them.

    >OSS can be fully audited down to the source level by *anyone*.

    As is demonstrated by pretty much every recent exploit, sadly “anyone” is usually a pool of zero people. Anyone can audit at the source, but nobody is.

    >Bottom-line: No software is completely safe, but OSS is significantly better than proprietary in this regard.

    I have to disagree here. I don’t see either model (closed/open) as intrinsically better than another, they both have their strong and weak points which balance out. It might be easier to fix OSS vulnerabilities, but it’s also orders of magnitude easier to find them. It’s a double edged sword.

    By the way, I do respect that OS software/data is a good thing having contributed hundreds or thousands of hours to it over the years, but try and keep my enthusiasm about it in perspective 🙂

  • cpbotha

    Hi there Greg, we’re just going to have to agree that I’m right. ;P

    With open source, any interested party has the possibility to contract any security auditing outfit anywhere to audit any part of the software, down to any level.

    With proprietary software, there is no such possibility whatsoever. You’re operating on security through obscurity (and we all know how much respect that gets in the security community) and a blind dependence on the software vendor.

    That’s quite a glaring difference.

    (That being said, I agree to a certain extent with most of your points, especially regarding the intrinsic security. Given the choice between security through obscurity and the vulnerabilities out in the open however, I know which one I would select.)

  • Greg Mahlknecht

    >That’s quite a glaring difference.

    As is there in your method of comparison – you’re pointing out the positives of open source code auditing and completely ignoring the gigantic, massive negatives of it.

    We can agree that security through obscurity is bad, but if you were to draw a straight line to the OSS side of that argument it would be “security through hoping only good guys look at the source code”. You have a blind dependence on an unnamed entity auditing the code out of the kindness of their heart.

    > I know which one I would select

    Because I view them as on a par with each other, I just select the best tool for the job, regardless of open/closedness.

  • “by the time they’ve finished fighting each other”

    Greg, +100 internet points to you. The worst thing about open source is that everyone can contribute – and so everyone does contribute, *to their own projects* . And so you have a hundred versions of everything, when you could have had 1 version that blew all the others out of the water.

  • I’m always in favour of spreading open source, but I have to say, I’ve got my doubts here too.

    Enterprises need stability and support, government is no different. They’ll require commercial commitments for your software and services, and that does exactly what you said it would: Keeps money from flowing out to Microsoft, Apple, Oracle, etc, and keeps it local instead.

    And when you’re talking that kind of money, then the conversation changes. It’ll be in your commercial best interests (and/or government security requirements) to keep certain source code and projects hidden from public view (ie proprietary). Pretty soon, other vendors will want to contract to government, and you have to compete, and since you need unique selling points in order to do that, a proprietary model makes more sense, and boom, you’ve created another Microsoft, except it runs UNIX and not Win32.

    If you really want to get the country using open source, then selling services is not the way to do it. Educating everyone in the value chain on how to build their own software is, and I don’t see that here. I see “support and training”, not “transformative education”.

  • cpbotha

    No. As a company dependent on the security of OSS component X, I have the possibility of “security through commissioning a paid audit of that component”. With proprietary, I really have no options other than being at the mercy of vendor, unless I’m a mega-corp or government myself.

    As I have agreed with you, not one of the two options in inherently more secure, but OSS has greater potential. If you’re interested, this is a nicely reasoned set of arguments by people far more versed in security than you or I am: http://www.dwheeler.com/secure-class/Secure-Programs-HOWTO/open-source-security.html

  • Sky Captain

    Can you clarify what you mean? Are they confused and therefor staying with Windows rather than “having more confusion”? Or are they sick and tired of the Windows mess and willing to change?

  • Sky Captain

    I think you analogy is flawed. The enemy is not windows, it’s the problems that people have in business, leisure and life in general that beg to be resolved.

    Linux has lots of competition, but it’s co-operative in nature. I can use parts of the competitor’s product freely and most projects do. Yes, there are products that fail, but they don’t die, since the code stays to be used by anyone. Conversely there project that merge. This is the beauty of the whole ecosystem. You’re free to choose, influence, fund, criticize, or promote any project.

    The problem is that people are not able to choose any more and don’t like it, but that doesn’t mean the system is broken: It’s simply means that people are uneducated in the wider sense of the word.

    Choice is always good. People’s inability to deal with choice needs to addressed and not by limiting the choice, but by education.

  • Sky Captain

    Make no mistake. Linux projects typically have a “release early, fix often” policy, so Linux updates are more frequent. They can be silent, as can windows updates, however, unless the kernel is upgraded, you don’t have to restart the system.

    The costs on the other hand are a very valid reason.

    Also, support for Open Source software, supports local and wider development to the betterment of everybody, not just Microsoft shareholders.

  • Sky Captain

    Greg, the fact that it took 25 years to discover the shellshock vulnerability is telling about the complex nature and relative low danger of the exploit. So it doesn’t prove anything really except one thing. A fix was rolled out almost universally within days, where are MS known exploits have been known for months and years without fixing.

    There are probably more Linux servers than Windows servers on the internet, yet the Windows one’s are the target of innumerable exploits and virusses, not the Linux ones. Could it be that it’s so much easier to find and exploit Win bugs? I strongly support the latter proposition!

  • Sky Captain

    Ditch your accountant! Surely any accountant worth his salt can work with your system. Or is Turbocash so complicated that it’s impossible?

  • Sky Captain

    “It’ll be in your commercial best interests (and/or government security
    requirements) to keep certain source code and projects hidden from
    public view (ie proprietary)”

    Now that’s were you’re sooo wrong. There is nothing that government should be doing that needs to be hidden.

    Apart from that, open source code does not mean that the data is readable by everyone. If, for instance, something is encrypted by OSS it is as secure as any other encrypted document or database.

    On the “transformative education” point, I’m totally with you!

  • Greg Mahlknecht

    >Greg, the fact that it took 25 years to discover the shellshock vulnerability is telling about the complex nature and relative low danger of the exploit

    I suggest you read up on Shellshock, it has the most severe rating possible in all exploit categories.

    > A fix was rolled out almost universally within days

    No. Again, read up on Shellshock, it’s a problem that will be with us for years.

    >where are MS known exploits have been known for months and years without fixing

    This is where your argument falls apart. Shellshock existed for 25 years but you’re assuming no bad actors knew about it or exploited it. Yet, if an MS exploit existed for 10 years, you assume it had been exploited. You can’t use double standard when making an argument if you want people to take you seriously.

    Once a bug on the MS platform becomes “known” it’s usually patched quickly. There are exceptions, but then again there are also exceptions on the OSS side. Shellshock isn’t anywhere vaguely near to be universally fixed.

    >There are probably more Linux servers than Windows servers on the internet, yet the Windows one’s are the target of innumerable exploits and viruses

    [Citation Needed] – in light of your ignorance of the Shellshock exploit, I’m assuming you’re just making up stuff now.

  • Greg Mahlknecht

    >Linux has lots of competition, but it’s co-operative in nature

    Yup, agreed – and that’s the good parts of it, but not everything about OSS is good and awesome, a good advocate of the platform should point out both the strengths and the weaknesses so that an informed choice can be made.

    >Choice is always good

    Yes, and that choice includes open/closed source – not just a choice between OSS products, totally discounting closed source products. The problem with OSS fanboys is that they say “choice is good…. but only use my list of choices.”

  • Joseph George

    I’m afraid this is exactly the sort of mind-set that one has to address to make any headway in promoting open source software. Some people have mistaken ideas of open source software, either informed by prejudice or through a brief exposure that happened years ago. To argue that innovation is absent in open source is just plain wrong. Ubuntu, anyone? Android is a supreme example of innovation. Another is Firefox. How about Apache? MySQL and PostgreSQL? The mimicking that Gareth mentions applies perhaps to office software but that is just a fraction of open source software.

  • Greg Mahlknecht

    Are you sure you aren’t the reincarnation of Steve Jobs?
    “You’re accounting it wrong!”
    “Oh wait, I didn’t consider maybe my product sucks”
    🙂

  • Sky Captain

    Regarding shellshock: You’re quite right. I had patches in all my machines and devices as they came out, so I did bother with it any further. I was under the impression an attacker needs access to a machine first anyway (via login), but the use of an http request to attack a server with the () { :; }; string is indeed a huge problem. I suppose I shouldn’t open my trap too far when it comes to the intricacies of security unless I have the experience and knowledge to back it up!
    (source: http://blog.cloudflare.com/inside-shellshock)

    My last point however: Here’s your citation: “There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions and perhaps 40 for Linux.” Par 2.13 – http://www.math.unipd.it/~bellio/Analysis%20of%20the%20Impact%20of%20Open%20Source%20Software.pdf

  • “Now that’s were you’re sooo wrong. There is nothing that government should be doing that needs to be hidden.”

    There’s no “should” or “shouldn’t” here. There’s “the fact of the matter” which is that every government around the world keeps secrets – sometimes out of necessity. It really doesn’t matter what we think the government “should” be doing, the fact is that they’re going to require that capability from whoever sells them software.

    “Apart from that, open source code does not mean that the data is readable by everyone.”

    Of course, but then again if the source code is readable by anyone, then people that are smarter than the developers can and will find exploits. Have you seen the sh*tstorm in OSS lately? Heartbleed, Shellshock, now Poodle? All of that will greatly dim the confidence that people have in trusting open source software.

  • Sky Captain

    “Heartbleed”, “Shellshock”, “Poodle” types have been in the windows world for a long time. I believe their discovery in OSS is improving things, and it’s all done in a transparent fashion. There is not other way forward with government except open source code. Laws are open source, congress (and parliament) is open source, etc, so the software must be open too by definition. How would you like a law that the cops can use to lock you up, but you can’t see the law or the reasoning. Only the results. You can’t ask why, you can’t check the validity of your incarceration, you just suffer for it? It has to open by definition.

  • Greg Mahlknecht

    >My last point however: Here’s your citation
    We were talking about server exploits. Your citation includes desktop platforms, and is 13 years (!!) old. A lot has changed in that time. We can at least agree that Windows was full of holes and insecure back then – and that Linux couldn’t even dream able to replace it on the desktop – at the time that report was written Windows 98/ME were the most popular Windows OSes – still DOS-based, the virus count includes all those!

    Look, I have nothing against OSS, for me it’s just another choice available to me to get my job done, I don’t have strong feelings for or against it but do make sure when I do use or not use it, my decision is properly informed.

  • Greg Mahlknecht

    I’m not sure if you’re aware that governments can get access to Windows source code for auditing purposes, an initiative they started over a decade ago.

    On the flipside, pretty much all the technology that Google uses to collect your data, mine it and allows you to use it on Android is closed source (AOSP is open, but the “good bits” of Android are closed source) – yet Android is held up as one of the OSS poster-boys. How does this play in to the open/closed source debate? What OS should an open source advocate that actually practices what they preach use?

  • Heisenberg

    Well, I don’t know too about open source, but Windows is a nightmare to work with.

  • gamesbook

    @cpbotha One good source for really useful thinking and discussion on this topic is Ben Balter, the GitHub “liaison” to the US Government. In his blog, he touches on many of the issues raised here – ben.balter.com

  • Gareth David

    I guess you missed the part where I said some, not all open source projects. Oh well… my bad for you missing that.

  • Sky Captain

    Very true dat about Android. Tried running CM11 without Google Apps, but it’s very limited.

    Personally, I’m holding out for Ubuntu on my phone(s) and elsewhere using is already. I know, hardcore Linux geeks dislike it, but is does pretty much what I need and I can choose to only use what I like.

  • Sky Captain

    >Yes, and that choice includes open/closed source

    Indeed, and the same goes for any comparison of choices. However, there is a principle choice that I’ve made. I will support OSS philosophy as it is in line with my principles. Therefor a proprietary system has to really have a massively compelling offering before I will consider it.

    For example: Twenty years ago I sold MS Office against WordPerfect, Harvard Graphics and Lotus 123. It was like selling cake to the hungry. Ten years ago I still used MS Office. Then things got convoluted and more trouble than was worth the result. Then they started messing with the UI. And the fileformat for worse with each version. I hate the MS Office ribbon, the terrible file formats and a lot more. So I choose to ignore them and work out how to do what I need in LibreOffice. If something seems missing, I either support the effort to create it or I work around it. Anybody is free to do as they please in this regard, but if they ask my advice, I’d tell them why I support FOSS and encourage them to follow suit.