La Suite Numerique is a bunch of tools for a more global population. It's mostly for government workers I guess but it looks like anyone can use it. The most famous tool is Tchap (see <https://en.wikipedia.org/wiki/Matrix_(protocol)>) which is used by cops in France as a secure messaging platform.
Who is going to audit these open source projects?
Most universities have a computer science department, that has a security group.
As a part of European CS bachelor's students study the Linux kernel.
And if they do, it will certainly not be exhaustive. Nor will it be at a pace in which software is typically released.
I expect most projects don't even check they're not violating licenses or ever audit any dependency… let alone do a security check on who the authors are.
Also just FYI, russians are not stupid. If they want to contribute malware they won't do it from their kgb email address. They will create a fake identity with a very standard WASP name.
Security is generally better in linux based ecosystems than windows.
Microsoft also don't do sec audits - if you want a sec audit on your stack then you buy it.
It just turns out that it is much easier to audit a Linux based stack that a Windows based one
Seems there's more than one country doing malicious stuff on purpose.
The French government has been investing in open source for quite a long time now, just not on sexy and high-visibility projects.
Or at least the government could pay for security audits.
Also, in some cases there are research agencies doing some work as well (sometimes they have been doing it for a long time on not-so-sexy but vital projects like Inria and the open source tax code in France).
That said, Birmingham UK turned a £38 million Oracle Financials project into a £90 million failure after including re-implementation costs. That kind of stuff probably isn't replaceable, simply because they spent all the money.
The last thing we need is cheap consulting messing with open source projects. I don't want TCS and Accenture developing libreoffice or stuff like that and turn it into shit
The Microsoft vs ICC situation seems similar. IT independence is now taken serious at governemental organisations. Our ingroup got a problem.
There’s a Hacker News thread here that goes into more detail:
FWIW I’m no fan of Trump, but I’m even less of a fan of this bipolar tribalism.
It looks and feels very similar to ms office (So easier to adopt than libre)
https://www.onlyoffice.com/document-editor.aspx?docs=downloa...
https://www.onlyoffice.com/spreadsheet-editor.aspx?docs=down...
(Edited to remove statement saying paid product, as it's free with enterprise offerings as below)
I think OnlyOffice focusing on web based collaboration only is on point. It is what organizations want today and what users expect.
sylware•3h ago
That for software/protocol/file formats (and hardware programing interfaces...).
It is much easier to say than done, and when you read that, often it is to apply pressure on microsoft pricing only without a real intent to start to "digitally assume themselves".
Keep in mind: there is ZERO, Z-E-R-O, economic competition with big tech as they are backed by funds with thousands of billions of $ and they their billions of $ too. They will spend anybody out of business (~usually 5-10 years, even longer), and "buy" anybody (then throw them away once lock-in is assured).
For instance: libreoffice is horrible (c++ grotesque syntax complexity is the culprit), PDF file format is insane (I cannot event download the specs with noscript/basic (x)html browsers!). Better write simple utf8 text files along with some PNG images mkv(AV1/OPUS) video if needed.
Basically, you need to generate programmatically the PDF files of the administration since there are no "reasonable" (as far as I know) open source software to do so (often c++, then excluded de-facto).
sodimel•3h ago
sylware•2h ago
When dealing with an ultra-complex file format which cannot be dodged, usually a good way to deal with it is to only use a very simple but coherent subset and enforce this usage with validation tools.
For instance, the web, noscript/basic (x)html (or you are jailed in the 2.5 web engines of the whatng cartel).
With PDF, I dunno much of the format (since I did not manage to download easily the specs), but when I have to print some text, I have a very small PDF generator for that (written ~25 years ago, so no utf-8 for me).
But what's important: such attempt must be sided with re-assessing the pertinence of the usage of the information systems, and yes, it will annoying and much less comfy and that MUST be acknowledged before even trying.
And big tech is not the only one trying hard to do vendor and developer lock-in.
sodimel•1h ago
sylware•36m ago
Hopefully, its API a C API bridge for interop.
But pydyf pretends to go up to PDF 1.7: this is kind of arrogant due to the file format complexity.
That's why such tools are not enough: what's important is to evaluate and to assess a subset of the PDF format, that to reduce significantly the technical cost of ownership and exit cost, and maybe use such tools to write also validation tools in order to enforce the usage of that subset of PDF.
Very often, complex file formats (open or not) end up being generated and consumed by one program.
A warning: big tech and its minions will fight super hard everything that is simple, stable in table and does a good enough job (like noscript/basic (x)html for nearly all online services as they were working a few years back).
vasco•2h ago
tonyedgecombe•2h ago
Microsoft had a technically strong alternative but it was far too late.
sylware•2h ago
tonyedgecombe•1h ago
sylware•55m ago
You are part of the problem dude.
michalf6•2h ago
pjmlp•2h ago