Dear gawd. The next step is collaborative government.

I do so hope they do regular back-ups...

Correct me if I'm wrong, but isn't an open source system more of a cybersecurity risk?  Wouldn't an updated proprietary (and hopefully less clunky) system been more secure?

Well, if you have the right server package, Drupal isn't clunky. 

We just don't have the budget of the US Gov.  

I'll have to disagree here, Nestor. You don't have to be any more proactive implementing security policies using open source than you do using proprietary. If anything you have to be more proactive with proprietary solutions as those are the ones most targeted by script kiddies.

@Heatwave,

My apologies. What I meant is that with proprietary software, most patches are "pushed" to the customer by the vendor, while with open-source, at least in my experience, the user has to "pull" any updates (i.e., seek and download what he needs).

But then, I work in an environment where all our COTS (Commercial Off-The-Shelf) packages are fully supported with site licenses, service agreements and all that good stuff. With FOSS (Free Open Source Software) we're on our own.

I'd rather be on my own with FOSS than trapped in a licence with COTS.

Forums.  User groups.  Access to the source code.  All of these things are massive advantages to the savvy administrator.  I'm rarely more than five minutes away from finding a fix to any issue I encounter with any of the software I run on Linux.  I've never been able to say that about any of the COTS software we run.  Five minutes from pages and pages of "yeah, we know about that problem but there's nothing we can do to fix it at the moment", that's something I know about.

With COTS you're tied to the development speed of a single team of people working on all the bugs at the same time, and yours might not be high on their list of priorities no matter what sort of SLA you've got with them.  With FOSS you've got potentially thousands of developers around the world looking at all the bugs and what interests one won't be what interests another, so all the bugs get fairly equal coverage.  If you know anything about programming, you can get the source code and take a look yourself.  Who knows, your fix might help others.  Don't see that with COTS.  Whenever I've tried to fix things with the COTS packages I can get the code for (our Facilities Management Software, for example) I've been firmly told that I should have just reported the bug and left it at that.  Never mind that I've found a huge chunk of shoddy code that throws errors because someone forgot an apostrophe on one line.

Linux-based systems tell you about updates just as much as Automatic Updates does for Windows.  But here's the score - Windows will tell you about the OS and Office (if you're lucky).  Linux will tell you about updates for every single package you've got installed.  You don't have to trawl round every single manufacturer and see if they've updated any of their software.  Drupal has an updates system built in - if you ever look around the admin side of one of these sites you'll see alerts telling you when packages have been updated and recommendations as to which are the critical security updates you need to install.  Yes, it's then down to you to do the installation but a good webmin will be all over this.  But still, that's just 1 update service running on the computer, 1 is a web page that's called once an hour.  Consider my installation of Windows.  I've got Windows updates (1), Adobe Updates (2), McAffee anti-virus (3), Spacejock software (4), Apple Updates (5), Firefox updates (6), Opera updates (7), OpenOffice updates (8)...  The list goes on!  There's practically an update service running for each manufacturer.  No wonder windows machines are slower!

No sysadmin leaves automatic updates turned on - especially not on servers!  We currently do things manually but in the new year, once we've moved from eDirectory to Active Directory (or betamax to VHS as I've been describing it), we'll set up a Windows Update Server to handle all of the updates to our servers and desktops - release to a small group of machines, make sure nothing breaks, then release to all.

Anyway, sorry for the rant.  This is something I happen to feel rather strongly about.  There's this perception that software is somehow "better" because you pay for it precisely because you can set up these SLAs with companies.  But it's not.  I'd pay to set up an SLA with a FOSS package because I know the money would help in the development of the package worldwide by paying for developer time.  I can't say the same for a COTS package.

And a very good rant it was, too.  You make some very valid points that are excellent arguments against going with FOSS.  Particularly the "next best thing" one.  If it is a well established FOSS package such as Drupal, Apache, Linux itself, then you run less of a risk of the developer loosing interest as there will normally be many others waiting in the wings to pick up where he left off.  But if it's a one man show developing a tool that was useful for a while and he no longer needs, then you're stuffed.  At least you have the option of grabbing the code and seeing if you can run with it, not something you could do with a COTS package that you need but now the company has gone bust.

Finding someone who's had the same error depends on how large a user base the software has and how active their forums are.  I've had good experiences of this and bad.

We give our regular users little or no control over their workstations either - they think it's frustrating but then we point out that we've not had a virus issue in the three years since we implemented the policy and their computers are all running faster and better because they're not able to install all that random shite they used to.  Cleaning a PC used to take days!  Now it takes a few minutes, hour at most.  We're also very tolerant of people asking for stuff, even if their need for it is dubious.  No problems with installing visual studio on someone's PC if they ask for it, or any other development environment for that matter.  I figure if someone knows what the software is called, they're pretty much good to go.  And if it turns out we discover another coder elsewhere in the organisation, we can form our own self-help group.  Don't know how approachable your IT department is but we try not to be too "them and us".  Doesn't hurt to ask.

Alternatively, if you can run programmes off a pen drive, Cygwin can be installed to a USB stick, as can Komodo Edit and the full XAMPP (www.apachefriends.org) stack - entire development environment on a stick!  It's a shade slow but it's better than nothing.  I also carry an installation of CrunchBang Linux on a little 4-gig USB drive that's bootable.  Again, it has all of my development tools installed but it's got the benefit of being a full operating system rather than just a portable app.

If an IT director / C-level individual has a positive experience of FOSS then they're more likely to implement it in their organisation.  If all they get is the Microsoft misdirection or they have a bad experience, then no amount of persuasion is ever going to change their mind.