• Snot Flickerman
    link
    fedilink
    English
    191
    edit-2
    8 months ago

    This is what the government gets to farming literally fucking everything out to third parties whose goal is profit instead of making government agencies that exist to do the same job whose goal is to serve the people.

    Like, no shit, Sherlock.

    • The Dark Lord ☑️
      link
      fedilink
      English
      578 months ago

      Right. This isn’t an issue with Microsoft, it’s an issue of getting a third party to do work when you have very different priorities. Microsoft’s priority is to make money, as all companies do. The governments priority is to have a safe and secure service. The two don’t match, so the government should have created and maintained a safe and secure service.

      The biggest issue is that people don’t want the government to over-spend on anything, so they don’t want the government to pay tech people tech salaries. So even if they did just do it themselves, you can’t trust it’s done by the best people because it’s only done by those who are willing to work at 30% of the pay.

      So the issue isn’t really with Microsoft, it’s with the government for not being aware of priorities, and not being willing to pay for what’s important.

      • @CheeseNoodle
        link
        English
        428 months ago

        Government spending 101:
        Paying private sector rates? unnafordable!
        Paying a private company who pays their employees those same private sector rates plus a huge margin on top? totally reasonable!

        • Rentlar
          link
          fedilink
          English
          38 months ago

          Sorry that’s the lowest/only rate we got for tender, lol.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          8 months ago

          Or: the only way we could get this crazy group of senators whose votes we need is by devising the program in such a convoluted and inefficient way such that it’s politically un-killable (read: SLS).

      • Snot Flickerman
        link
        fedilink
        English
        8
        edit-2
        8 months ago

        you can’t trust it’s done by the best people because it’s only done by those who are willing to work at 30% of the pay.

        I dunno, I think I’d consider having enough scruples to care more about what you produce than how much you get paid to be “The Best.” Some of “The Best” programmers I have seen are fully on the Free Open Source Software bandwagon.

        Because I can’t trust that those who are profit-oriented are willing to bring “the best” without doing things exactly like in the article. “The Best” are busy nickel and diming you to death while hiding their best work from you. That’s not the best, that’s a selfish asshole who doesn’t give a flying fuck about the future of humanity, only themselves. That’s far from “The Best.” That’s just “Fuck you, got mine.”

        • JJROKCZ
          link
          English
          28 months ago

          Many of the best developers are doing free open source work yes, but many great developers can’t because they have bills to pay and mouths to feed and charity &/or government work doesn’t pay well enough for that

        • The Dark Lord ☑️
          link
          fedilink
          English
          28 months ago

          You’re not wrong. If I said anything that made it seem like those who get paid less are worse developers, that’s on me. But there are many who are amazing developers who can’t take a government job because the pay is too low. It seems odd to rule those people out. If we’re fighting for better pay for everyone, government jobs should set an example.

      • @[email protected]
        link
        fedilink
        English
        28 months ago

        If you give government more funding, the tech people salaries likely won’t change. Those of a few more bureaucrats will likely.

        But in case of such a long partnership like with MS it’s likely still better.

      • @[email protected]
        link
        fedilink
        English
        -108 months ago

        While this is bad, I think you’d prefer such a guy to a relative of someone important sitting there, and\or to somebody who schemed their way through bureaucratic institutions to be sitting there, or through acquaintances.

        • @[email protected]
          link
          fedilink
          English
          68 months ago

          That’s the joke, no? You wouldn’t expect anyone to be able to bring their kids to work / nepotize into a top level pentagon meeting. Outright buying a seat on the other hand…

    • @[email protected]
      link
      fedilink
      English
      48 months ago

      The problem is EVERY org has that problem. Its a rules for rulers problem.

      The “people” are very far links in the chain of people that actually sign budgets and do the actual work for a lot of this. I even know people who switched from government to contracting with government because they felt like the incentives for the government side was to hire buerocrats and justify past choices and not actually help people.

      Like no doubt most privatization schemes are just fucked because they just privatized the government ass kissing and also sometimes because what kind of fucking market were hoping for in the first place.

  • @Fedizen
    link
    English
    69
    edit-2
    8 months ago

    Its kind of funny to me that by pushing data harvesting of OS’s and office data then selling it to 3rd parties Microsoft has probably become the biggest security threat to the US government, maybe ever. And its all because the US refuses to pass basic consumer privacy protections.

  • @[email protected]
    link
    fedilink
    English
    588 months ago

    Microsoft knows the government needs something, and is insistent on squeezing as many of your tax dollars from them as possible, or leaving us all vulnerable.

    Capitalism is terrorism.

  • pelya
    link
    English
    568 months ago

    Once the government switched to Linux en-masse, Microsoft will have no leverage whatsoever, no solution they can possibly propose will beat free software.

    LibreOffice is totally adequate for most government jobs.

    It’s not like there’s no precedent, Germany’s government already switched to Linux

    The only possible way to generate money is through the use of online document editing services, but Google Docs pretty much cornered the market here.

    • no banana
      link
      English
      808 months ago

      I just want to clarify that a german state switched. Not Germany.

      • @irreticent
        link
        English
        11
        edit-2
        8 months ago

        And, IIRC, it’s just a trial to see if it will work.

        Edit: I should have read the article linked in a comment above…

        “As spotted by The Document Foundation, the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings.”

        “In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years.”

        So, it seems the trial may be over and they are migrating for good.

    • @[email protected]
      link
      fedilink
      English
      188 months ago

      I’m honestly surprised the us govt hasn’t developed their own pos locked downed Linux os.

      • @blurg
        link
        English
        48 months ago

        Back in 2000, there was something like that for the kernel with SELinux (Security-Enhanced Linux). Which continues to live in various distributions’ kernels. Not a full O/S though, and not generally regarded as a PoS.

        • @[email protected]
          link
          fedilink
          English
          18 months ago

          I always found it to be a real PITA… It felt like a parallel system to file permissions, which meant I had two things to configure instead of one and I never really saw the purpose. It seemed like it could be more granular than the default, but if it did anything more than that I never learned about it

          Granted, I’m a dev, not an admin. I go back and configure the firewall after I shut it off because it was in my way… Eventually

    • @[email protected]
      link
      fedilink
      English
      178 months ago

      Even if libre office didn’t offer those features, I’d be willing to bet the gov could donate 1/100 what they pay Microsoft in a year to have them implemented.

      • @[email protected]
        link
        fedilink
        English
        18 months ago

        seriously. or just say “America’s gift to the world” and wave their dicks around over in house programmers adding it.

    • lemmyreader
      link
      fedilink
      English
      108 months ago

      Just for the record : Schleswig-Holstein is only one of Germany’s 16 states. Let’s hope the rest of Germany will follow.

    • @[email protected]
      link
      fedilink
      English
      7
      edit-2
      8 months ago

      France is here a better example. The Gendarmerie has its own distribution based on Ubuntu called GendBuntu. The state developed Tchap, a messaging system based on matrix. And many are looking to Linux to simply cut the cost like the french army.

      Side note: The app Fedilab has its package name based on the french government open source projects (fr.gouv.etalab.mastodon).

    • @[email protected]
      link
      fedilink
      English
      38 months ago

      They can also just use Office online. That should be good enough to get people to switch without a huge disruption in efficiency.

        • @[email protected]
          link
          fedilink
          English
          38 months ago

          Yeah, but there are alternatives, so it at least provides a smaller change than completely switching to something else.

          • @[email protected]
            link
            fedilink
            English
            18 months ago

            Yeah but years of macros over macros that keep the business running won’t be easily ported to a new solution.

            • @[email protected]
              link
              fedilink
              English
              28 months ago

              Sure, and being forced to redo it is probably a good thing in the long run.

              Maybe they’ll get a developer to build it into a reusable product instead of relying on Jim in accounting to fix the macros to get it working after an update. Or maybe they’ll realize they could get the same result with a pivot table and clever formulas.

              • @[email protected]
                link
                fedilink
                English
                28 months ago

                I agree with you, but nothing is more permanent than temporary solutions.

                Your response is the rational one, but rarely the one taken.

                It works and the new solution would cost time and money, we can’t have that.

    • @Cold_Brew_Enema
      link
      English
      -88 months ago

      Unfortunately, LibreOffice is still garbage. Microsoft it miles ahead in its apps compared to the Linux equivalent. There isn’t even a good OneNote alternative on Linux.

        • @[email protected]
          link
          fedilink
          English
          28 months ago

          Many things. The biggest issue, I’d say, is the unability to create tables in Calc. This severely limits productivity.

          And I use both OneNote and Xournal++, and the latter isn’t really a replacement to the former, save for a few features.

      • pelya
        link
        English
        18 months ago

        Nah, Office 97 was the last decent one, Office 2003 is trash due to app menus all messed up. LibreOffice is modelled after Office 97.

  • @[email protected]
    link
    fedilink
    English
    51
    edit-2
    8 months ago

    Microsoft, an early example of enshittification. I read about the pay-to-play nickel and diming of security logs to cloud providers. Logs which would help identify intrusions. Theres just been so many examples of security failuers that highlight the company knows its embedded status within the US govt, and knows it can do less for more.

  • @[email protected]
    link
    fedilink
    English
    438 months ago

    sure its fun to shit on public servants being old and not wanting to change from microsoft office. there is more then a little truth in that.

    but IT departments are often staffed with techs that cant and dont want to do anything but microsoft, it really doesnt matter how much better linux is.

    • Lettuce eat lettuce
      link
      fedilink
      English
      288 months ago

      As an IT sys-admin, you’re largely correct. We are losing the essence more and more of proper sys-admin work.

      IT staff are becoming more ecosystem maintainers than actual integrators and solutions experts. Instead of doing deep research on the problem and architecting actual solutions, many sys-admins just send off a quote request to a single external vendor and then call it good.

      The research, quoting, planning, implementation, configuration, testing, monitoring, and maintenance are all outsourced. The sys-admins are just left with a simple web dashboard or desktop app that they often don’t even understand well, and a support line for when things need to get fixed/upgraded.

      It’s a glorified help desk position in many cases. I’ve worked with several 10-15+ year admins that don’t even know how to spec out a server, how to architect a basic network topology, how to optimize a SAN or NAS solution, etc.

      They go with the default without a second thought. Email = O365 Office apps = MS Office suite Virtualization = VMware/Azure/HyperV Servers = HP/Dell

      And because they are used to it, it propagates onward. If you want to break out of that, you have to be intentional every step of the way.

      • @[email protected]
        link
        fedilink
        English
        118 months ago

        On the other side of this, you have company’s that are in tangential fields looking to grab up a piece of that pie. Electricians, low voltage companies, fucking furniture companies (oh, we totally do audiovisual, that’s similar enough), the C-suite is trying to force their way into this new golden goose and expecting their staff to be able to handle this without training, time, or real hands on experience. And, no, a 2 day workshop from a manufacturer isn’t really “training”, at least not the only training needed…

    • @SupraMario
      link
      English
      178 months ago

      It’s no IT… it’s what everyone knows and what developers make their software for. Most enterprise software is windows designed, it’s an ecosystem that’s very hard to break away from.

      • @Kyouki
        link
        English
        108 months ago

        This hits the nail perfectly, as well as users just only knowing Windows because it’s the first type of device you learn most likely through the schooling system.

        • IT I do run Linux myself and plan on deploying more Microservices through it.
        • @douglasg14b
          link
          English
          28 months ago

          Most enterprise software has to meet constantly shifting goals requirements certifications and regulations.

          In most cases it’s complicated because it has to be and because it’s been driven to be complicated over time to meet the complex needs of the business.

          The software will represent the business, if the business is too complicated then the software will be too complicated. It’s impossible to separate the software complication from the business in that sense.

    • @[email protected]
      link
      fedilink
      English
      178 months ago

      but IT departments are often staffed with techs that cant and dont want to do anything but microsoft, it really doesnt matter how much better linux is.

      Yeah, I’ve met such. When they encounter the need to use Linux, their critique of it is connected to the first link in Google not working by copy-paste.

  • @ThePyroPython
    link
    English
    398 months ago

    Well y’all decided that finding and keeping zero-day exploits were more important than contacting the companies to fix them because you looked at both approaches and decided that intelligence gathering scale > cyber security robustness.

  • Jo Miran
    link
    fedilink
    English
    248 months ago

    I cannot disclose any details but this article vastly undersells the risk and how exposed the US is. It is definitely goes well beyond government exposure.

    • masterofn001
      link
      fedilink
      English
      218 months ago

      It’s not like theres’s an NSA backdoor key called NSAkey in windows or something…

      • Jo Miran
        link
        fedilink
        English
        248 months ago

        Windows is not the problematic Microsoft product. Not even close. If you understood how much of the US infrastructure and controls are consolidated under Microsoft cloud services, you’d never sleep again. Cloud was fine back when it was a product catering small and medium companies but when large corporations started migrating their critical infrastructures to cloud services to offload responsibilities, we really went off into the weeds.

        • AggressivelyPassive
          link
          fedilink
          English
          118 months ago

          Not only cloud infrastructure, tons of industrial automation devices are more or less open on the Internet. Best case that’s just a few minutes downtime in a factory, worst case someone fries the grid and destroys water treatment plants.

          And even the actual applications being written for the government aren’t that great. The lowest bidder gets the contract, and security is really easy to cheap out on, if you’re doing just enough to not be legally liable - which isn’t hard.

          The older I get and the more insights in the inner workings of the technical infrastructure I get, the more I’m surprised we’re not actively collapsing right now. It’s scary how abysmal security is and it’s scary how unprepared society is. Just as a hint: the European power grid spans the entire EU, Balkans, Turkey, Ukraine. There’s no plan how to restart the grid, if it shuts down entirely. None. Complete terra incognita.

        • @doublejay1999
          link
          English
          68 months ago

          No need to be quite so cloak and dagger mate, it fairly obviously to any one who pauses to think.

          People have been calling out the problems of corporate oligarchy for more than a decade. This is merely part of that .

          It’s systemic risk, not merely technical

          • @[email protected]
            link
            fedilink
            English
            58 months ago

            He’s not being cloak and dagger. He’s an old guy (double spacer spotted) who works in the military or private sector under NDA and can’t talk about it.

            Or he’s LARPing. But the double spaces make me believe him.

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            8 months ago

            its not cloak and dagger, its ‘whatever you do, don’t open the breaker box. you will die.’

  • Phoenixz
    link
    fedilink
    English
    218 months ago

    Now for all governments in the world: install Linux already and get it over with. Cut your dependence on an abusive and crappy software vendor

  • The Menemen!
    link
    English
    208 months ago

    The US at least has some degree of control over Microsoft. How much worse is that the EU is still not developing an own OS/distro?

      • The Menemen!
        link
        English
        3
        edit-2
        8 months ago

        I am not talking about a OS for the general public, but specifically for the administration.

        And this will work much better with a unified attempt. If the EU would be taking OpenSuse for this, this would basically be the end of OpenSuses independence… I’d like it to be GNU/Linux based though.

    • @[email protected]
      link
      fedilink
      English
      138 months ago

      There were grassroots movements like the Limux project (Munich using a custom Linux distribution). But that got shut down by Microsoft bribery (not confirmed, but MS did build a new headquarters in Munich…).

      • The Menemen!
        link
        English
        4
        edit-2
        8 months ago

        Yeah, that was a shame. But I really think we’d need a shared OS for all administration units of the EU (from EU level down to munipiality levels). Would be much easier as the private sector could also adjust to it.

  • @Treczoks
    link
    English
    18
    edit-2
    8 months ago

    Whoever uses Microsoft products should be aware from the start that security is a low priority for them. If you can accept the risk, fine. If you can’t, think about the consequences.

  • @doublejay1999
    link
    English
    158 months ago

    I feel like they are so close to an epiphany……

    • Brewchin
      link
      English
      08 months ago

      Another subscription model, you mean?

  • Phoenixz
    link
    fedilink
    English
    138 months ago

    Which then raises the question: why isn’t the US using open source software everywhere, paying the same -or very likely - much less to maintain and expand said software? Can you imagine the money stream towards thousands of devs fixing any (but, feature or security) issue, which they would already do for free? Finally some recognition and so on.

    Finally they’d have software that they can trust and rely upon, it’ll kill one huge company and spawn hundreds of smaller companies. Win-win all around

    • @[email protected]
      link
      fedilink
      English
      108 months ago

      Because there is seldom a good replacement for the majority of software that enterprises use.

      • @s1nistr4
        link
        English
        28 months ago

        As much as I like FOSS it’s significantly harder to fund.

        With proprietary you keep the source code, ship the app, collect data & sell it, and charge for a premium /subscription. They then use that money to fund talented devs and give them deadlines to make good software.

        With FOSS it’s largely contribution work by people who work on it in their free time. They use donations or paying for enterprise support, and if they do add a subscription service / premium version you can just modify the code and get it for free.

        That’s largely why FOSS software is behind, what’s the direct incentive for someone to make it good?

      • lemmyvore
        link
        fedilink
        English
        28 months ago

        An administration that were really looking to liberate itself of proprietary software and develop a sustainable policy would analyze its needs and look for software that matches them, not shape their needs around the proprietary software they’re already using.

        If you start by thinking “what software does things exactly the same as this one I’m using” of course you’ll never move on. Microsoft obfuscates their software on purpose so you can never find 100% compatible stuff.

        • @[email protected]
          link
          fedilink
          English
          18 months ago

          You’re living in a fantasy land. The software you’re referencing, largely doesn’t exist how a corporate environment utilizes it. Even just excel, the employees need it, you can’t teach someone 5 years from retirement a new spreadsheet program. Sure you could buy licenses from MS, but I bet if big organizations started doing it, they would stop. Or only sell the entire MS suite at some insane price. Adobe? Haha

    • Bahnd Rollard
      link
      English
      58 months ago

      If its anything like the private sector its a mostly a liability thing. If something is wrong with the program, you can sue the vendor. With open source… Thats a lot harder to do. Large groups wont use the thing if you cant put the blame on someone else when it breaks.

  • @[email protected]
    link
    fedilink
    English
    118 months ago

    I’d focus on enforcing standards and interoperability first, in a serious an highly punitive fashion for offenders.

    If you can read/write your spreadsheet using any spreadsheet tool or OS you’re half-way there and will’ve severely hampered the old embrace-extend-extinguish (it’s still a thing).

    • lemmyvore
      link
      fedilink
      English
      48 months ago

      Unfortunately the ISO certification process for office document formats was subverted by Microsoft to require their OOXML formats instead of the ODF (Open Document Format) that was being prepared for this role. And then they continued by not implementing the certified format correctly in Office anyway.

      As a result it’s virtually impossible for any law-abiding, taxpayer-answering government to argue for adopting ODF over OOXML

      It’s also impossible to find any other software that supports existing documents, because Microsoft introduces differences from the spec on purpose and any software that tries to stick to the official OOXML format can’t process them 100% correctly.

      Any government that wants to wean itself off Microsoft documents would have to first conduct an investigation, explain why ODF is the better format, demonstrate that Microsoft doesn’t follow their own spec, then accept the fact they’re gonna partially lose their existing documents if they move away, and only then they’d be able to start the process of looking for ODF-supporting software and companies, and convert their docs and processes.

      • nickwitha_k (he/him)
        link
        fedilink
        English
        38 months ago

        demonstrate that Microsoft doesn’t follow their own spec

        I genuinely feel bad for MS devs because of all of the garbage that they have to deal with because of scummy management and the Balmer years.