Government 069 Open Source Applications

tastelessbeachInternet and Web Development

Nov 12, 2013 (3 years and 8 months ago)

51 views

1


Government 06
9



Open Source Applications


Government Members share Open Source experiences during this November, 2011
WebForum. A wide variety of products are discussed, as well as current initiatives, web
platforms, p
olitical barriers and security
.

NOREX retains the original, unedited

version
in order to facilitate future networking.


Contact your NOREX Member Care Team for
assistance.




*Please note that this is a transcript of an audio conference and it may contain misspellings and grammatical er
rors.


The names of participants have been abbreviated, and their organizations have been deleted from this transcript.



Open Source web platforms

................................
................................
................................
..
3

Reasons for considering Open Source

................................
................................
................
4

Political barriers to Open Source

................................
................................
..........................
5

Choosing a hosted service or host internally

................................
................................
......
8

Licensing code

................................
................................
................................
.........................
8

Security

................................
................................
................................
................................
...
10

























2


NOREX WebForum Transcript

Open Source Applications

November
17,
2011




TOPIC: Open Source Initiatives


Moderator
:
Good afternoon, everyone
.
We are going to begin our call today with
sharing initiatives for organizations that are on the call, and kind of see where people
are at. Have you implemented
Open Source

initiatives, or are you considering,
evaluating? Let’s just kind of see where people

are at, to get a feel for who is on the
call. Does anybody want to start? All right, how about Dave?


Dave G
.
:
What initiatives have we done? Well, last year, we had the mayor of

(City)
implement an
Open Source

policy, which meant that we have to at least

consider
Open
Source

products when we buy something over $100,000, something like that, a
software product, that is. In addition to that, we rolled out a couple of, and currently use,
some
Sugar
CRM
s

mainly small things for smaller departments around the c
ity
, a couple
of
Drupal

websites which are actually being used as kind of
web frontends to database.
We are

trying to create little products out of
Drupal, and
use it not so much as a
website, but more of flow and database type things.

There are a couple m
ore. I will have
to look at the
website

that has them all listed.


Moderator
:
That is fine. It gives us something to start talking about. Joe
;

any insight
from your organization?


Joe H
.:
Well, we have used an
Open Source

LDAP

for authentication, and that worked
out nicely. That pretty much, like the gentleman said previously, was a web frontend
and some web applications. But usually smaller projects, and we usually get customer
requests for, you know, on
-
the
-
shelf type product
s and not
Open Source
. That may be
because they do not know enough about
Open Source
. That is what drew me to today’s
meeting, was to find out more about
Open Source

and how people are successfully
using it, and especially in county government. Thank you.


Moderator
:

OK, thank you, Joe. Who else would like to comment where your
organization is at with
Open Source

initiatives?


MaryLee W
.:
We recently did a redevelopment of our air
port website with Ruby on Rails

Open Source
. Our city portal website is
ShareP
oint
, and so this was very much a pilot,
and we are still in the evaluation phase.


Moderator
:

OK, thanks, MaryLee. Any other organizations that care to chime in here,
give us a feel for where your
organization

is at?


3


Bill N.
:
We have leveraged
Open
Source

for several years. We
have used a lot of
various

products. It is not really an official policy or something like that. It is just a
strategy that I have implemented
here in

IT. Our
web

content management
system, we
use Plone
. It was out and had a li
ttle
bit

more traction before
Drupal

kind of caught on,
and we just have continued to use that. We use several Java products, the
Spring

F
oundation work
environment
, for a lot of
development in

that space
. We use MySQL

for some
of

the databases. We use SQL Server for the others. Obviously, SQL Server is
not
Open Source
. Let’s see, right now, we are in the middle of a project transitioning a
lot of our document images from scanning from a proprietary
environment to an Alfresco
conte
nt management system. We use a lot of different stuff in our network monitoring.
We use a tool called OpenNMS that allows us to monitor all of our networks and stuff in
that environment.
We have got
an

instant
messaging tool we
use out there. It is
Openfir
e
, is what we use. Really, there is a plethora. I know I am forgetting a lot of
different stuff. But, it has been a strategy for us and pretty successful.


Moderator
:

Very good. Thank you, Bill. I see Blaise has chatted into us that, we are
using ITdashboa
rd.gov. Any comment on that, Blaise?


Dave G.:
Let me take a quick look at that URL. Yes, I remember going at this once and
trying. The backend was some kind of weird XML, and I just could not get around it. So,
I ended up abandoning it. It was a little d
ifficult for me, not an easy barrier of entry like a
WordPress or a
Drupal

or something like that.


TOPIC: Open Source web platforms


Moderator
:

Any other organizations want to share your initiatives with us today? All
right, let’s move into the submitted topics. Our first submitted topic is, I would like to
know what other members
experien
ced using
Open Source

we
b platforms, such as
Ruby on Rails
,
versus
Microsoft

SharePoint

for hosting websites. I am not sure if Peter
is on the call. MaryLee, do you have any insight into this, or have anything to share with
us?


MaryLee W.:
I do not
believe

Pete was able to be on the call. Our question there was
really just around whether anyone else has any experience with
Open Source

web
platforms. The on
e that we piloted was Ruby on Rails
, but we were just interested in
others’ experiences.


Dave G.:
A while ago, when our previous mayor was here, we conferred his website
from a closed source to a WordPress site. My one takeaway out of that is what
WordPress, at least at that time, about a year and a half ago, really could not handle a
6000 page website
. The performance was fine, but really, it was the backend being able
to find the pages and manipulate the pages. If I were to do it again today, I would do it in
Drupal
, and a lot of those problems would have disappeared. In
Drupal
, you could
create a pre
ss release. You just create kind of a press release template. The end user
would not really have to be technical in any way. You could hand it off to his press
4


office, and they would just fill out, essentially, what is a web form, and it would format it
co
rrectly and then post it in the right place. So, that is my
experience

with websites.


MaryLee W.:
Thanks, Dave. That is helpful. Our library had looked into WordPress, and
we
wondered

about its ability to handle complexity.


Moderator
:
OK, thank you, Dav
e. Any other experiences with
Open Source

web
platforms you can share? How about with
Ruby on Rails
?


Bill N.:
I can speak to it a little bit, back to the web platform. It depends, when you are
talking about web platform, if you are trying to develop a web based application, or if
you really just want more of a website tool. I think if you want a
website

tool to ma
nage
your website, you want a web content
management

system. I think
Drupal

would be
great for that. Like

I said earlier, we use Plone

for that, and we use it both for our
internet public site and our internal intranet as well. We went from an ASP based pa
ge
environment several years ago and deployed that. But likewise with WordPress, with
Plone, we have used it for some applications as well. It is nice, I guess. It is quick and
easy
, and you can get something up and running, but way too much overhead for s
ome
simple web based
applications

of

any size or any frequency of use. So, I would not
recommend that. With regard to
Ruby on Rails
, I have got
some

exposure to that. One
of the questions I would have about that is
;

the availability of trained resources th
at
know
Ruby on Rails
. One of the things that we have done here, we have kind of
emphasized the Java stack and the Spring framework on that. We use a complimentary
tool similar to
Ruby on Rails.

It is called Groovy and Grails
, that is what it is for. It ki
nd of
replicates or simulates
Ruby on Rails

in a Java stack environment. So, you might want
to think about that. But, I think resources that have knowledge of
Ruby on Rails

is kind
of a challenge.


TOPIC: Reasons for considering Open Source


Moderator
:

Great, thank you, Bill. All right, any other comments here? OK, we will
move on to the next submitted topic. I am
interested

to know where pressure is coming
from. Is it external,
internal
, both, from clients, from politicians? Jeremy, I do not think he
i
s on. Would anybody like to address this? Where is the
interest

coming from in your
different organizations?


Bill N.:
We undertook
Open Source
--
I had a big background in this, and the Java space
work here anymore, but really it was just budget constraints
. To get anything done, you
had to look at other solutions, and
Open Source

provides that
opportunity
. One nice
thing about
Open Source

is, you can quickly go out and try something, throw it up, tear
it up, and you do not have to go through a big, long pro
cess and worry that you are
selecting the right tool upfront. It allows you to try several things very, very quickly, and
avoid the long sales process, and then the procurement process as well. So, that is one
of the reasons we like it.



5


TOPIC: Political
barriers to Open Source


Moderator
:

Thank you, Bill. Anybody else care to comment here? What is making you
look at
Open Source
?

We will move on.

I would be interested in hearing about how
other state public education
departments

are using
Open Source
, how
successful they
have been, what software they are using, and what were the barriers they encountered
in implementing the software. Jesse, would you care to elaborate on this a little bit?


Jesse K.
:
At the state level, we maintain a warehouse.
Around the state, we have
various districts of schools that maintain vendor software, that then they send
information up to our warehouse. But, the process is a little bit clumsy, and changes to
the whole system can take a year to a year and a half, so the
y are very slow. So, we are
looking at implementing a
state
-
wide

system that might replace the vendors. We have
recently seen an
Open Source

product that we were thinking about.


Moderator
:

What is that, Jesse?


Jesse K.:
I would have to look it up. I do n
ot remember which one it is. I know that we
are going to have to do a lot of modifications. It is a PHP product, and it is written in
PHP. We would have to do some modifications, and as the gentleman said before, we
would have to get somebody trained in PH
P here. But, I know that our state has a
tendency, or not even tendency, they completely block
Open Source
, for fear, I guess,
of issues that people could imbed viruses or whatever into the source. So, we have a lot
of resistance to
Open Source
. That is wh
at I was talking about, barriers, in kind of
implementing the software. It is political barriers here

that I think could be somewhat of
a problem. Then, I was curious if anybody else was using any specific software that
they found that was good for doing w
hat is called a student information system, which is
really the systems that run schools and districts, all the things that they use for running
districts. So, that is what I was looking for. Also, even though I am guessing from
looking at the list of peop
le, that there is no one here that is specific to education, just if
there were any political barriers that people encountered with the issue of
Open Source
,
because I think there is a lot of fear about
Open Source
. So, those would be my
questions and thou
ghts.


Moderator
:
OK, thanks, Jesse. Anybody care to chime in on that? What are some
political barriers you all have faced in implementing
Open Source
?


Bill N.:

I can speak to a couple of factors. I am going to start with your first question
about the fears. I agree there is a lot of fear related to
Open Source
, although I think it is
abating a little bit here in
the past

few years. Usually, it is from people tha
t are
associated and have not really seen any software or understand what is going on. In my
state, there is really no big push to leverage
Open Source

software. Some of the
smaller organizations
and

agencies do make use of it, because they are just budget
-
constrained. But a lot of times, I think there is unfounded fear for the use of software. A
lot of that, I think, comes from software vendors trying to push software and retain the
ol
d patterns of marketing and procurement
and stuff like that, to protect
their sales
6


revenu
e. But if you track CIO or
Burner (
?)
or anything else, I think several years ago,
there was no question of, are you
going

to have a strategy, or are you going to use
Open Source
. It was more of,
when

will you have the strategy in place to leverage
Open
Source
.


We use a
tool
,

a product called Moodle. It is kind of the
Open Source

counterpart to
Blackboard that is used in the educational
environment
. We use that for training through
all of our staff he
re in the state within corrections. There is a policy that every person
gets X amount of training. We have been using that as our training delivery mechanism,
kind of like an e
-
learning platform. The problem that we had with that is, and this is
where the
student
information

system may come in, it really did not have an
environment where you can track and manage the test scores and kind of like the
registrar’s office and stuff like that,
you know
, what courses are available, and if you are
in this degree pr
ogram, kind of related to like a college or something, how many

of
those ___ tests have you taken
, and have you taken all the prerequisites, stuff like that.
So, we had to create that. It is written in PHP, and we had to train ourselves to learn
PHP. But,
it was not too big of a step for us, because we had already had some Python
experience

anyway. We created that, and there is actually now a vendor that offers an
add
-
on to Moodle that provides that. Now, what our individuals can do is go out and
sign up fo
r courses. You can make sure if you have got your prerequisites done. You
can track all that, and we refresh it on an annual basis, because you have to take a
string on a four
-
year basis.


We also track certifications. We issue certificates for completion
, as well. Another way
that we have extended the use of that Moodle package is that, we have extended it to
our inmates. We
have

a prototype program, just now started about two weeks ago, and
we are working with a junior college here in the state of Kansas

to
deliver

e
-
based
college training and courses. I think the first one is Accounting I, and there is another
course. It allows them to take that while they are in prison in a correctional
facility
. We
have had to put some barriers in there and strip some
of that out for safety purposes,
but it allows them to earn college credit while they are incarcerated.


Moderator
:

Great information, Bill. Thank you.


Jesse K.:
I just looked it up, and openSIS

is the name of the software we were looking
at. This is just something that we are just beginning to look at, not officially or anything.
It is just kind of speculation among the IT folks about possibilities.
Thank you very much
for your response, Bill.


Moderator
:

Anybody else have anything to add here?


Dave G.:
I do not have much to talk about, besides complete agreement about what Bill
was saying about the political side of it. What we did is, we just said, we are going to
start small. We are going to
go into green fields. We are not going to replace any of the
software vendors. We are just going to move into places where we do not really have
anything right now. Through probably a year or two of doing that, we got enough
7


traction and enough accolades g
oing up to City Hall where it became a policy after that.
Then, just a quick comment on Moodle
;
I know
of a higher
-
educational


facility in the
area that uses Moodle. Through
all their campuses, I think they are one of largest
colleges in America, 250,000
students I think, that they have all on that platform.


Jesse K.:
Your comment regarding starting small, that is one of the approaches that we
had anticipated, going to places that some of our users do not have any real software
going right now and they cannot afford to buy something, and seeing if we can get their
inter
est
. So, I appreciate you saying that that was successful.


Bill N.:
One thing I could add from the capabilities of your organization maturity,
Open
Source
, it kind of likens back to an environment of maybe 20 years ago and to pure
technology, where people

did more programming and stuff like that themselves.
Whereas, maybe in the past ten years, people were taking
software

and installing it,
putting patches on, and just kind of administering. So, it is kind of a different type of
environment. You have to ha
ve it right, with at least a few individuals that are willing to
get in there and kind of roll up their shirt sleeves and not be intimidated by the lack of
documentation and stuff like that. So, if you do not have people that are going to dig into
source c
ode or deal with the unexplained or unknown, you would probably be pretty
frustrated with
Open Source
. But if you have got some of those people who are willing
to dig in there and mess with it and experiment,
you will probably find a lot of success.
Again,

I thought of some other things that we have used. We use OpenOffice as a
replacement or an alternative to Microsoft Office. We put that out there for a lot of our
correctional officers. It is free, and there are some other alternatives to Microsoft Office

now, as well. We have also got an alternative to Microsoft Exchange. I have two email
systems, and for a lot of our correctional officers and for people out in the field, I think I
have got like 900 mailboxes on the piece of software called Zimbra. We use

their
community version of that. VMware owns that now. It is a phenomenal product.


Moderator
:

Great discussion. Thank you so much. Jesse, do you have what
you

need
here? Any other comments?


Jesse K.:
It is interesting to hear the comments. If we ever ha
ve the opportunity to have
any other state’s education, I would be
curious

what they are using or doing, if they are
indeed trying to implement something that is state
-
wide. But, since we do not have
those people on the phone right now, I have got enough
i
nformation
.


Moderator
:

OK, thank you.


Dave G.:
One last comment. Bill was talking about how

it might be a barrier to entry if
you do not have people that know PHP or whatnot. Personally, I am a business analyst
here. I do not program, but I have been instrumental in bringing up a lot of these
products. I think what you
should

go for, of what my s
uggestion to go for would be,
products that probably either have a company behind it, such as the Sugar
Theorem
(?)
or Drupal or Zimbra. I always kind of drooled over Zimbra, but there was no way we
were ever going to get it
in here
. So, going after one tha
t has a company behind it. Or,
8


two, a thing that you could do is, you start using it, and you just document the heck out
of what you

know. Then, the programmers are

usually so thankful that they almost
become part of your staff. They are like, what issues
do you have? Let’s help you out
with that. So, contributing to an
Open Source

project in other ways is also useful and
usually gets some reciprocation.


Moderator
:
Thank
you
, Dave. Good
information
. Jesse, one other thing too, we can
take this to the other

education members and see if anybody else has any input for you
on this.


Jesse K.:
That would be good. Thanks.


TOPIC: Choosing a hosted service or host internally


Moderator
:
Moving on to the next question.

I want to see how others are doing this. Do
they host the
application

themselves, or pick a
hosted service like Bitbucket

or others?
Can anybody address this? Anybody using Bitbucket?


Bill N.:
I do not really recall Bitbucket, but we host all of our own
applications

ourselves.
We are evaluating leveraging some of the cloud technologies, but we really do not use
anything like that. I know there is a vendor that does host, specialized in Drupal and
some of those others, but I cannot remember the name of the

organization. But, we host
our own.


Moderator
:
Blaise has

chatted in;

this is not using Open Source, but host Open Source
project.
I am not sure if that helps others or not. I do not know what that means exactly.


Dave G.:
We hosted all of ours internally. However, for certain reasons here or there,
because of the
architecture

of a lot of these
Open Source

products, especially the web
based ones, it is just so simple to essentially forklift it and move it over into the cloud
. I
have done that a number of times with a number of different products, even going to
such hosting as Go

Daddy, because you can get a Go Daddy hosting account for like
$4 a month.


TOPIC: Licensing

code


Moderator
:

OK, anybody

else on this topic? We will move on, then. Need suggestions
in which license, MIT

or some other
s
,
is preferred. MIT license, it looks like that is a

free
software license of some sort?


Bill N.:
I have heard of that license. There are several different
licensing schemes out
there. Perhaps this is an inappropriate approach, but I just do

not get too wrapped
around the axles

on which licensing you use. All of our stuff we develop, it is for internal
use, and it is really not for external use. I think a lot

of that is where you get into issues,
if you are going to integrate some
Open Source

software within a product that you are
going to market later on
. But, you know, there is GPL
, and MIT is one. I really have not
9


heard that many people using MIT
’s

licensi
ng. Then, there is Mizell

(?), and there is
some other licensing out there, as well.


Moderator
:

Thank you. Anybody else have anything on MIT licensing or others?


Blaise L.
:

My two questions are, well
, there are some
Open Source

projects available,
and we are also trying to contribute on that. So, we have built some
applications

like the
IT dashboard provided by federal government. It is in PHP, and it is not very good. We
built one in .NET, and we are looking to see if we can sh
are the code to some other
people that may find it useful. That is why I asked those questions. I want to know which
license is good to share some
Open Source

code, to give us some protection but still
allow other people to make changes and implement our c
ode.
Another thing
, which is
the previous one, is;

I want to know which is the best place to host those to share this
code.
Is it clear?


Moderator
:

So, you are wondering what to use to share your code that you have
developed?


Blaise L.:
Yes.


Moderator
:

OK. Who can share what is best or what you are using to share code?


Bill N.:
We have contributed some of our improvements back to the community on a
couple

of these projects. I think we did that on Moodle and something else. Usually, at
those locations, there is a way that
you

can post those improvements or share things
that you have done. I think we did it with Alfresco and the Moodle, as I recall. But,
re
ally, it is dependent upon the project, how you provide that back, and then whatever
licensing is associated with it, and how that was done by the programmers. I cannot
even recall. Frankly, I do not think I ever knew. I just asked them to do it.


Moderato
r
:

Anyone else? How are you sharing your code? Or, is it all pretty much
specific to what you are using? It kind of sounds like that might be the case. Sorry,
Blaise. I do not know, is there anything else you want to add here?


Blai
se L.:
Is there anyone h
ere that has shared code before? Say, if we built a certain
information

system for our university, and we can share the code so that other colleges
or universities can also use it. Has anyone done that before?


Moderator
:

Has anybody developed your own cod
e to share out? Is that what you are
asking today?


Blaise L.:
Yes.


David G.:
I know that our GIS department has. I cannot remember the name. We are
going to IM them, and I will text it so it gets into the transcript when they get back to me.
They were at the
Open Source

convention OSCON the last
couple

of years, but I just
10


cannot r
emember their name. The other thing is, sometimes code is shared on Google
Code. But, let me
ping those guys and see.


Moderator
:

David, is that something that is typically more the responsibility of the
developers, then, rather than maybe like your level?


David G.:
Yes, typically. Like Bill said earlier, most of the work that I have done, well,
one, like I said earlier, I am not a developer, and two, most of the work is internal work,
so it is not getting shared out.


Blaise L.:
Thank you.


Moderator
:

Tha
nks, gentlemen. Additional topics? That is the end of our submitted
topics, so now, does anybody have anything they want to bring up in this call?


TOPIC: Security


Joe H.:
I was just curious to see if anybody has had any problems with securing their
Open
Source

programs, applications? Have they had defacements? Have they had
downtime? Then, were they able to trace to where these problems were associated?


Moderator
:

Thank you. Any problems with security?


Bill N.:
We have not had any issues, one out

of iss
ues related to security. Although,
frankly, a lot of our stuff is so internally based, and we do not push a lot out there f
or the
public to see.
. Knock

on wood, we have not had defacement of our webpage, either,
even though, an anonymous put out an email s
aying that they are going to attack
several

state correctional systems. We were locking up, not to get hit, and frankly, if
anonymous wanted to hit us, they could have probably taken us down. I have no doubt
about that. But, again, I think a lot of the fea
rs around security are really overblown.
There is a philosophy on this, and I will state this and get off. A lot of the fear around
security on
Open Source
, I think, is really initiated by proprietary software vendors.


Quite frankly, even when I was youn
g

and early on in my career, it

was not uncommon
for proprietary software to have a backdoor that their programmers put in there, so that
they c
an help maintain the stuff. The nice thing about

Open Source

software is
,

certainly
on a highly active project, many, many, many people see that code, and it is really hard
and difficult to hide that from people seeing it. Now, you place your bet on the fa
ct that
you are hoping that, th
ough thousands of people
seeing

the code,
they will point out
some of that. I think that really does happen in
Open Source

software. But again, you
cannot be guaranteed of it. So, you are kind of pitting the known versus the unknown,
and quite frankly, I think, in proprietary software, you do not
really know there, either.


Joe H.:
Thank you for sharing that.


Moderator
:

Dave is chatting in;

GitHub is the code sharing site our GIS uses.

11


Dave G.:
I completely concur with Bill. All of our sects that are public facing, none of
them had any security is
sues. A lot of it, I think, might be the way that we set up the site
to use a proxy to redirect. So, the only thing really facing out was an Apache server that
would redirect the requests back into an
internally

secure server. So, I think through
your netw
ork design, you will really deflect a lot of the attacks against your
Open
Source
. Just like any other site, the biggest attacks are just spam that were going on,
like our data assess site. But, you have to decide, you know, will the public have to
registe
r and be approved and go through the process, or are you just going to open it up
so that they can comment, and then assign an FTE or a partial FTE to go ahead and
cleave out the spam on a daily or weekly basis. Those security issues.


Joe H.:
Thank you very much. I agree with the
majority

of you. A lot of us, we have
grown up, you know, it has got to be software, it has got to be secure, it has got to be
bought, and stuff like that. But now, the trend, where we are trying to save dollars, is to

go ahead and make use of the appropriate
Open Source
programs without any
compromise of systems or data. So, we just have to go cautiously as we move along.
We do have the infrastructure to support
Open Source
, and we have been successful in
being able to

deploy, you know, in small amounts, not huge. I appreciate everybody’s
input
today
. Thank you.



End of discussion

























© Copyright 2011, by NOREX, Inc.


5505 Cottonwood Lane


Prior Lake, MN 55372 The opinions expressed in this
NORVIEW are those of NOREX members, not necessarily those of NOREX, Inc.