It’s been three decades since Linux launched the modern world of free, open-source software but you’d hardly have known that at a state legislative hearing Tuesday.
The hearing, concerning two bills that aim to have New Hampshire government use more non-proprietary software, covered debate points on security, cost, maintenance and control that haven’t changed since the days Digital Equipment Corp. ruled New Hampshire’s tech roost. In fact, DEC was mentioned more than once.
The other bill (HB 1581) from Lex Berezhny, a Grafton Republican, would reinstate a requirement that state agencies must use open-source software when it is “the most effective software solution.” That requirement existed in state law from 2012 to 2018, he said.
Gallager said the two bills were developed separately. “The fact that you’ve got people in both parties thinking about this issue independently shows there is a wide range of support for it,” he said.
The Executive Department and Administration committee sent both bills to subcommittee.
New Hampshire has long had a thriving open-source software community, but despite the field’s philosophical link to “live free or die,” they have had little success getting state law or regulations to support the concept. Concern about lack of central oversight in open source programs, which are often developed by volunteers, has dogged the field from the beginning.
Definitions of free and open-source software can differ – Gallager said part of the value of his bill would be putting some of those definitions into state law – but generally, they refer to programs that allow the user to examine or change the code as needed, which proprietary software almost never does.
Proponents say this lets users make the best use of their software, freeing them from the whims of companies that might change or abandon useful software or raise its price, and limits security or privacy issues because everything is open to inspection.
Opponents say the lack of corporate development and oversight creates unpredictable programs that don’t have a good backup, raising issues about security, privacy and maintenance.
“Who handles their tech support, who handles their updates, who handles their problems? If they’re not making any money doing this, if there’s no financial incentive, how is the government supposed to … rely on that sort of process for a product that’s free?” asked Rep. Stephen Pearson, R-Derry.
Despite the term, free software is not necessarily free of financial cost, a distinction geeks associate with the terms “libre” (free to use) vs. “gratis” (free to obtain). Many large companies have been built on selling and serving free software.
Tuesday’s hearing drew the state’s most prominent free software advocate, Jon Hall, a programmer whose legacy in the field dates back three decades. (Hall is the person who brought up DEC, a former employer, during his testimony. He also mentioned the Morris Worm, a 1988 bug that was the first to draw media attention to the potential for hacked software to spread online.)
Among his arguments, Hall said that studies have shown that free and open-source software is cheaper in the long run than software from Microsoft or other vendors because you don’t have to buy regular licenses or be forced into software upgrades or have to ditch equipment like printers because they are no longer supported.
Even when free and open-source software has higher costs due to training, he said, those costs have benefits.
“Where does the money that you spend go? You can send millions of dollars to Redmond (Washington, home of Microsoft) or Silicon Valley, or pay local software developers,” Hall argued.
On the other hand, Denis Goulet, commissioner of the Department of Information Technology, said Gallager’s bill would put large and hard-to-quantify costs onto the state. “It would take a year, two years, to figure out what it would cost” due to training on new systems, he told the committee. “It wouldn’t be small.”
Goulet, who opposed Gallager’s bill and did not speak on Berezhny’s, said the state already uses open-source systems as appropriate, pointing to its web content management system.
“I estimate 85% of systems contained one or more open source libraries,” he said. Software libraries are chunks of code, data or other procedures that can be inserted into a program to help it run.
Goulet also raised questions about open source security, mentioning a serious bug called Log4j in a free, open-source library that has been incorporated into a myriad of applications, including many used by the state. The bug has produced global alarm because of the number of vulnerabilities it causes.
“We’re scrambling as I speak to patch it,” Goulet said.
Open-source proponents, in contrast, said Log4j is an example of security benefits from open source because users can examine the code of open-source programs that use Log4j and decide on their own fixes, instead of having to wait passively for private companies to issue a fix.