I do have some burning questions though, 1. How are they saving their work to the cloud if they use LibreOffice ? I don’t think it offers the same functionality that M365 suite does. 2. How are they handling IT security? Are they using a different vendor ?
How about instead you donate the same amount of money you would've paid to Microsoft anyways to fund open source projects you rely on? At least for one year, then drop it down to some arbitrary chosen percentage of that cost. That way you can still advertise it as a cost-cutting measure, and everyone would benefit.
> The goal is not only to save costs, but above all to gain digital sovereignty.
> [It's true] that open source is not necessarily cheaper, [..] it requires investment. But the money flows into internal infrastructure, into the further development of Nextcloud, LibreOffice, and other similar systems, instead of proprietary ones.
> Schleswig-Holstein pursues an "upstream-only strategy," meaning that developments flow directly back into international projects. The state does not want to maintain its own forks, but rather contribute all improvements directly to the main projects, thereby contributing to development for the benefit of the general public.[1]
On a side note, the real key to the project's success is that it's supported by a coalition of the conservative and green parties. They actually value digital sovereignty and longterm cost savings. Contrast that with Bavaria, where the MS lobbyist managed to get them to sign a longterm Office 365 contract…
[1]https://www-heise-de.translate.goog/hintergrund/Interview-Wi...
I've been doing m365 and azure for more than three years by now and I just feel terrible. Especially regarding some of our customers, which are small gGmbH (kind of NGO). Instead of making a secure, privacy focused offering we just sell them the usual m365 package. We basically push them into the data industrial complex just to get some collab tools and mail.
Stormshield is a very good product but it's mainly designed for industrial scenarios and lacks some features that are essential for an enterprise NGFW (i.e. the protocol inspection covers very few protocols compared to PA/Checkpoint/etc). Unfortunately the enterprise NGFW scenario is dominated by US or Israeli companies, even if some niches brands like Stormshield for OT and Clavister for telcos are Europeans
Power differences, contractual leverage, vendor lock-in, motivation versus costs to make changes, etc.
You know they want sovereignty.
WRT the criticism on this move by "the opposition" saying, ""It may be that on paper 80 percent of workplaces have been converted. But far fewer than 80 percent of employees can now work with them properly.""
I think this natural pressure will also be helpful for re-tooling IT infra and support companies to being more sovereign.
Edit: I mean from a society perspective you pay a tiny bit more for a real gain, without reducing labour from the private sector.
They're out of their minds if they're donating nothing to Libreoffice, though.
Given this understanding, the best away to achieve the desired outcome is to get creative about aligning incentives at the top of org structures where resources are allocated.
I really don’t understand what this means; could you please explain it? It comes off as ‘mushy’ consulting-speak to me.
I hope Holstein prepared the switch well and kill off any Microsoft stuff as quick as possible. Nothing is worse than co-existence with something hostile which doesn’t want to be compatible.
* No Dual-Booting
* No VM
* Especially no WINE (your ducked with every odd update)
* And by the love of god, hit everyone with a bat which tries to ship incompatible files (MS-Office, ppt, xls, pst…) to you. Links to “Microsoft Teams”? Hit harder and show no mercy :)
* Make plan.
* Used standards wherever possible.
* Switch file-formats and external platforms before. Use a standard distribution and DO NOT MAKE YOUR OWN DISTRIBUTION. If you have a big IT department with hundreds of employees, maybe an own repository with your custom software.
* Enforce all suppliers hard to support Linux natively! If not? Drop them. Search a honest company which gives you also the source.
* Avoid the usual mistake like “this a local support company” or “their offer is cheaper”
* Don’t purchase shitty hardware. ThinkPads are a good start, but we speak about printers, NFC, label writers, scanners and so on.
The remaining 20 percent of workplaces are currently still dependent on Microsoft programs such as Word or Excel, as there is a technical dependency on these programs in certain specialized applications. According to Schrödter, however, the successive conversion of these remaining computers is the stated goal.
PS: And don’t repeat Munich! Munich is “HOW NOT”. Three distinct IT-Departments. And the next major was “convinced ” with tax money and a Microsoft Headquarters. Result, it is worse than before.
This kind of suggests that they have a bunch of VBA scripts in the tax department and the legal team are dependent on sharing 'track changes' in contracts. It will do the world a favour if the VBA is forced out. Don't know what they will do about 'track changes', it is ubiquitous in the contract world. Hopefully they will force government suppliers onto the libre alternative.
It’s a tremendous mis-allocation of public resources. Hiring local people to tailor the free software which already exists and contributing those changes back to the world would spend fewer of those dollars and spend them locally, and be pro-social at the same time.
So I don’t hate this story. I love it and see it as a massive win.
Assuming you just replace a proprietary software ecosystem with an Open Source one and immediately get the same thing for free is a very naive view that will get you in trouble.
Having said that, as a German, I am very happy this switch happens and seems to have some backing in the local administration at least. But it's still a high-risk wager and I'm afraid it'll turn out like the LiMux project in Munich, which was eventually (and cleverly so) framed as the origin of all problems in the municipal digital infrastructure. In the end, it got swapped out for a new Microsoft contract in a wonderful example of lobbyism and bribery, and Open Source and Linux have been discredited, to the point no winning mayor candidate can ever bring it up again as a viable alternative.
Yes, this is what I’m talking about. Hiring people and developing expertise instead of paying expensive consultants is a preferred use of my tax dollars.
> But it's still a high-risk wager and I'm afraid it'll turn out like the LiMux project in Munich, which was eventually (and cleverly so) framed as the origin of all problems in the municipal digital infrastructure.
While this may be true, there are also quite prominent cases where the massively expensive foreign consultant solutions have also lead to disastrous project overruns.
Maybe this was true at one point in time. But now, it just pays for AI/Copilot and your latest support chatbot.
In the current cancel culture even if you use *GPL licenses you get attacked for not being MIT or similar. But mysteriously never a peep about Big Tech making billions off open source without giving back even a tiny 1% to the projects. Insanity.
https://web.archive.org/web/20021001164015/http://www.openso...
Building a new street? The cheapest bidder wins.
Cuts to social security? As long it saves money in the short term in doesn’t matter if the long term costs will be higher or if the cuts don’t make sense.
Imagine how Open Source Software could improve if a consortium of nations put their money and resources into commissioning bug fixes and enhancements, which would be of collective benefit.
Apart from a few niche cases, the needs of most government bureaucracies would be well served by currently available OSS word processing, spreadsheet, presentation and graphics software.
There are also practical advantages: the ability to fix a bug in-house instead of waiting for a technology giant from another continent.
Here's an article from the same newspaper that showed up to me as "related" when browsing TFA:
https://www.heise.de/en/news/Criminal-Court-Microsoft-s-emai...
Yes, but bureaucracies make this impossible. If you have worked at a bank before, you'll know how difficult it is to make a change to some in-house piece of software. And that's a bank, not a gov't institution. Think how much more friction there will be in the latter.
Good: I already wrote a script to fix the exact same issue.
Bad: It was in a pile of old stuff from 10+ years ago.
Good: It worked anyway.
Bad: The bank still has the same bug.
Once that’s in place, the process for populating that repository can easily adopt locally modified versions of upstream software: defaults changed, bugs removed, features added, etc.
No one in a big business/government blinks at changing group policies for internal deployment. Changing the code is really very little different once the ability to do so is internalized.
If all the software one institution uses comes in the form of proprietary binaries, there is simply no need to even think about making policies about fixing those systems in-house.
Despite all the talk about sovereign cloud the actual governments are actually going the other way.
1. The Online Safety Act in the UK pushes people to use big tech more rather than run stuff independently - the forums that moved to social media. 2. EU regulatory requirements that help the incumbents:https://www.theregister.com/2025/10/27/cispe_eu_sovereignty_... 3. ID apps in multiple countries that require installs from Google or Apple stores, and only run on their platforms. 4. The push to cashless which means increased reliance on Visa, Mastercard, Apple and Google.
To be clear I do not not think that any of these things are in the public interest. However the government is not the public, and the public (and probably a lot of the government) has deeply ingrained learned helplessness about technology.
What happens when major OSS projects are controlled by the governments themselves? Will David still beat Goliath?
I feel that you wrote some words that only seem to make sense if we don't think about them too much.
A government can control a piece of open source software the same way a big tech company does - with economies of scale. In other words, by throwing more money, resources, and warm bodies at their open source projects than anybody else.
The code itself might be under an open license, but project governance is free to remain self-interested and ignorant of the needs of the "community."
Any pull request accepted from outside isn't a mutual exchange of developer labor for the benefit of all, but the company successfully tricking an outside developer into doing free work for them.
Any pull request that runs counter to the interests of the company can and will be ignored or rejected, no matter how much effort was put into it or how much it would benefit other users.
Any hostile forks are going to be playing a catch-up game, as community efforts cannot outpace the resources of most large companies.
(Gentle reminder to subscribe to donate to a FOSS project or two that you use.)
Because in my experience, the projects that I can think of that switch to open core are those that are started by smaller businesses when a large multinational tech company starts to mess with their revenue streams.
In that case, I don't fault them in the slightest. As a matter of fact, I think these days it's now a sucker's bet to build a company around an open source product. Free software? Maybe. Source available or open core from the start? Possibly. A fully permissive license that in the outside chance my product is successful, suddenly puts me in competition with Amazon and Microsoft, so they can kill my business with my own software? Forget about it.
Could the government also dictate the operating system and software people use to make sure it is the state sponsored one? If I’m not mistaken some similar actions have happened in N Korea and China.
I’m not saying this is an inevitable outcome, but just trying to think of worst case scenarios. A lot of terrible things have started with good intentions.
That’s not far from how it is right now in OSS, even without governments in the chain. For example: how the xz back door was found: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Now a lot of people would be angry if my state decided to spend money on security flaws. I imagine an elected representative try to explain how they wanted to misspend funds allocated to improve software and plant flaws instead. That would not go down well here or in Germany. Try to hire people for this in Germany and see how long you last till your little op is public.
It’s been widely speculated that there are gentleman’s agreements where strategic bugs do not get fixed. To apple’s credit, unlike say BlackBerry, they designed iMessage where many of the intercept methods are tamper evident.
Linux for starters, however even that has too many US contributions.
In general, we need to go back to the cold war days, multiple OSes and programming languages governed by international standards, with local vendors.
If sovereignty is desired, it can't stop at Office packages.
But the OS is not where Microsofts power lies. Its in exchange (almost everywhere cloud managed, including for many governments) and SharePoint, with a small amount of teams, where Microsoft is truly a scary prospect for sovereignty.
I can't log on to a windows computer if the cloud account don't exist? What if there's no internet?
There are some unofficial hacks to bypass the online account requirement, but MS have been actively stamping these out. Now the current situation isn't like it's impossible to bypass this, mind you (as far as I'm aware there's at least a couple of workarounds), but normal users won't know/care and will end up just creating an online account.
Surely that is something only criminal would say.
Via updates they can install and run anything they want ... aka 'kill switch'.
Isn't the code of law the original open source, for very good reason?
As law becomes more and more enforced by software, should it not all be required to be open source?
I think governance (both public and private) would benefit from open tools to manage communities at scale via technology.
wait until they found out that there is no "customer service" in OSS, sometimes the project is fine but people need "someone" to be held accountable in some ways
that's why a lot of OSS project never take flight
then https://news.ycombinator.com/item?id=45837342 - ICC ditches Microsoft 365 for openDesk
Microsoft pledged not to intervene like that again, reclassifying its legal interpretation of its own services, and added language to its contracts to guarantee that it would fight future US attempts to do so:
https://www.politico.eu/article/microsoft-did-not-cut-servic...
When the US manages to force Microsoft to do something, it responds by trying to protect itself from the same scenario in the future. Because it wants profits. The ICC leaving Microsoft is the last thing Microsoft wanted.
https://www.heise.de/en/news/How-a-French-judge-was-digitall...
and it can demand access do data:
https://www.theregister.com/2025/07/25/microsoft_admits_it_c...
Actually there is, that's what the entire point of the sovereign clouds are. They reside physically in Europe, with legal control by Europeans, and European employees that can't be bossed around by the US. If the US orders Amazon to retrieve data from S3 servers located in a European sovereign cloud, Amazon employees in the US don't have the technical capability to do so, and the European data center employees are legally bound not to.
Employees have bosses and those bosses have bosses, and those bosses have bosses in the US. If not direct bosses, then at least people higher up in the context of all of Microsoft, who can pull strings, criticize them, categorize them as unreliable, and make their life hard, or even bring into motion that they are made to give up their position or are let go. Most people don't want a hard life at the job and be bullied. It is likely, that people joining Microsoft don't have the strongest moral compass anyway, so them sticking their neck out for European data protection, and losing what comfy life they have, including probably exceptional ...
Company politics are not to be underestimated. The question becomes who selects and vetoes higher ups in those sovereign clouds.
European governments cannot trust US companies, even when they have inner-EU parts, because influence from the US cannot be rules out.
"Microsoft admits it 'cannot guarantee' data sovereignty: Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin"
> Where does this kind of conspiracy thinking come from?
Now you say
> Microsoft pledged not to intervene like that again
You are full of it
Not appropriate for HN:
People don't want political interference between countries to happen again and you're calling it "conspiracy thinking".
The snark of the above poster is the least problematic thing here.
So in light of that actual evidence, yes I am calling it conspiracy thinking to suggest that Microsoft has built in some kind of kill switch to make it easier for the government to do things that are against its corporate interest. Because that's literally what it is -- imagining some kind of conspiracy where Microsoft wants to help the US government, instead of its own bottom line.
Explain to me what's problematic about that?
And whatever you think about the arguments on either side, snark is absolutely a problem on HN. We can't have civil, productive discussions with it, and if you say it's "the least problematic thing here", then that's part of the problem too. Let's be better than that, how about?
IMO that's what we should be better than.
And I get what you're arguing for, I just don't see it as plausible or realistic.
Meanwhile, OP asserted they are "sure" Microsoft could do it at the "flick of a switch". Under orders from the US government.
That's absurd. If that's not conspiracy thinking, I don't know what is. A literal conspiracy between the two entities. When something is actually conspiracy thinking, you're allowed to label it as such, you know? You're trying to police ideas here, and that's entirely inappropriate. Be better.
The news in your jurisdiction might not cover these matters
https://www.breakingnews.ie/world/trump-sanctions-on-interna...
https://news.ycombinator.com/item?id=46182023
Also, how about less snark about the "news in my jurisdiction"? Since the first amendment provides more press freedoms than many European countries have.
Not to mention companies who moved on to Google Docs or the web version of Office. Or companies who moved to MacOS 15-10 years ago.
In my state back home the entire workforce moved to LibreOffice and, according to my sister (a government worker), everyone is doing fine. Recently I saw a German government worker using Office to produce a document and she mentioned that she "barely knows how to use it" and "just knows how to load templates, fill and print".
This hypothetical problem of "needs training" only seems to exist when you mention the words "open source".
I think everyone agrees the costs are high, especially beyond monetary ones, but this stance on avoiding these costs is slowly pushing everyone into finding out how expensive is not having sovereignty.
Through its tech industry the US has over time acquired too much power over critical digital infrastructure that has already compromised governments. We know of Presidents/PMs/Legislators spied upon through their phones and computers, and also Microsoft itself involved in revoking email access to the ICC's chief prosecutor as retaliation/defense against investigations.
Sovereignty is too important for government, and since everyone needs to do it and get security right going for open-source with funded development and constant auditing is in my mind the only way.
Where did you see flashy UIs? Modern UIs are boring flat geometric monochrome shit and Microsoft is one of the worst there.
germans have been quite riled up by US escapades
They should switch to open-source for sovereignty. Not "cost". The fact that they mention "cost" as motivation and to secure buy-in is very worrisome. If you really want to switch to open source permanently and secure your sovereignty, you should invest more (making LibreOffice Calc as good as Excel? One can dream, but it's not cheap). Cost-savings show a lack of seriousness. How long until another government switches back?
How to know when they're serious: when the federal government hires an in-house team of (well-paid) programmers, and sysadmins. Not consultants. Put them in charge of public-facing and internal-use digital infrastructure, serving both the federal and state governments. Make them work to tailor a distro, or LibreOffice, to government needs. Invest in workforce training to keep their productivity up despite the switch.
And then, one day (let's dream for a second), that team could also pick new projects that serve the public interest, like a vulnerability research team (like Google Project Zero), or helping out with all those underfunded core pieces of digital infrastructure out there with only a single maintainer. Creating public goods is the point of a government.
Approximately 9 million, according to the article:
> In contrast, there would be one-time investments of nine million euros in 2026, explained the Ministry of Digitalization to the Kieler Nachrichten. These would have to be made for the conversion of workplaces and the further development of solutions with free software in the next 12 months. Given the annual savings, this sum will pay for itself in less than a year.
For a transition to open-source to be successful and permanent, manage it well. Not like this.
Of course no guarantee that it will be the case for 100% but still better. Even if there were no savings it would be better spent money.
[0]: https://en.wikipedia.org/wiki/LiMux / Discussion at https://news.ycombinator.com/item?id=15661372
They knew: If Linux makes it in Munich, it will likely spread over and they loose tons of contracts with other German states.
- Of course, of course.
Initiated by the city of Munich, LiMux aimed to migrate public administration systems from Windows to a Linux-based OS to increase control over IT infrastructure and reduce costs. Despite initial success (announced at LinuxTag in 2014, I was there for the announcement), the project faced intense political lobbying by Microsoft leading to a reversion to Windows.
More examples in this note: https://lab.abilian.com/Tech/Linux/Sovereign%20OS%20-%20%22E... (in particular https://lab.abilian.com/Tech/Linux/Sovereign%20OS%20-%20%22E...)
You get backups, file synchronization, real time collaboration.
Setting and running all of that is as simple as making O365 account and clicking couple of buttons by one person.
There is no OSS solution that does that.
To replicate that with OSS you need 3 to 5 full time graybeards and it still will be annoying normal people that will not understand “why they can’t just do X as in MSFT tools”.
Shouldn't backups and file sync be handled at a higher level of abstraction? Unless every employee is only dealing with Microsoft Office documents and nothing else (doubt it), shouldn't there be a separate backup&sync strategy already in place?
There are a myriad of both FOSS and corporate backup/sync tools available.
As for the real-time collaboration - I'm not sure how important that is. Writer/Word seem like useful tools for documents that have reached their final state before being prepared for printing. I think there are lots of better formats suited to real-time collaboration. Intuitively it seems like text-first documents (markdown, etc.) should better lend themselves to tools like diff or git, or any other collaboration tool, especially a real-time edit tool. It's almost like asking for pdf to support real-time collaboration. I'm not sure about Writer, but Word and pdf documents are awful with regards to edits and git-style collaboration. They're formats for presentation, not editing. In case someone here hasn't delved into the internal structures of the files, remember how WYSIWYG HTML editors jumbled the HMTL beyond recognition? It's similar in that it doesn't seem like the format we want to collaboratively work on documents before finally converting them to Writer/Word/PDF.
Well don’t explain it to me I know that stuff. Go grab 2-3 office workers and try to explain markdown to them. If you’re lucky maybe they won’t leave when you move on to explain Git.
I worked one time with a guy that wanted to convince sales department to write documents in LaTex so then it could be well printed for the customers and also put in Git … well they laughed the guy out of the room - well before he’s even started explaining formats for presentation vs formats for editing.
I see how business people we work with on documents understand I have a cursor here and I type and there is my avatar/photo on top that I am active - I see how they wouldn’t understand Git diff at all and would just move on presented with Git diff not even wanting to collaborate.
NextCloud/OwnCloud and other options can deliver some of it, but all of it is harder... Just email/calendar/contacts is hard to match... Then file collaboration and syncing... And all the corner cases in the various office formats.
Even the non mainline office app, Visio does a lot of things competing apps just don't.
I tend to prefer open source apps for myself, and for code projects, I'll focus on markdown for docs etc... but definitely understand why a corp would just pay the monthly Microsoft tax for all employees.
With the improved web versions, Linux on the desktop becomes an option even then.
Most user's Windows ability is to look for apps on the desktop or Start menu.
I've yet to see FLOSS that matches that aspect of Outlook and o365/Exchange. I'm fact, IMO, it should have been one of the monetization efforts with Mozilla, which is a server companion for Thunderbird and a now comprehensive integration of calendar and contacts.
Language, form, muscle memory (call it what you will) is difficult to separate from thinking and working. I'm very picky when it comes to desktop UI: I use Linux exclusively, and I can't tolerate most Linux distros' default desktop environments. Someone who's been productive for a decade or more with Windows applications -- well, to the extent we're willing to ascribe "UI stability" to those applications' own updates -- will probably hate Linux with a passion.
I don't think such a transition can be made seamless. They should have thought about becoming Microsoft's hostage two decades ago (I guess).
Yes, there is a cost to changing software. But it’s not unique to an Open Source migration.
When you migrate anyway you could choose that to use a proper database and SQL if that makes sense instead.
I’ve run projects for a few different employers to look at doing this. The math doesn’t math unless you can segment your workforce. For example, at one place we had a field workforce that operated dispatch centers and field techs. That was all iOS + Linux or Chrome.
Russia is waging war on Europe. America is increasingly aligned with Russia:
https://www.bbc.com/news/articles/cpvd01g2kwwo
When the US government has become erratic, unreliable, untrustworthy, and aligned with your enemies then it's necessarily time to de-risk your infrastructure and supply chains by removing America products and services from them.
It's the same reason you don't want Chinese equipment in your telecommunications infrastructure. You can't trust what the Chinese government will do to it or with it.
No. NATO is engaged in a proxy war with Russia in Ukraine.
> America is increasingly aligned with Russia
Sure, and that's why they provide Russia with weapons and sanction Ukraine and Europe, right?
In 2014 Moscow invaded Ukraine, occupied Crimea, Donetsk, Luhanks. In 2022 Moscow invaded again. No NATO forces in Ukraine. No Moscow forces on NATO members territory. Trump officials unable to answer who started war, you blame NATO, both you and Trump aligned with Moscow.
Mostly the widespread perception that the USA has betrayed the security guarantees given to Europe, and that the USA isn't a reliable partner anymore.
In the end, from a European/German perspective, it matters little whether these thoughts/comments/strategies are a negotiation tactic, "trolling", serious threats or something else entirely. And the fact that "Government adjacent" people like Elon Musk behave the way the do certainly doesn't help.
The fear that the United States may use it's tech companies as blunt offensive weapens does now exist (in a semi-abstract form) where it didn't 5 or 10 years ago.
I think at this point in time nobody can say what the end result will be or how things may develop in the future. Either on the political or the technological field.
Germany has had a fairly active Linux community for decades. A large portion of German local government has had experience using or RFPing FOSS alternatives since the 2000s all the way back to Munich's bake off of Windows vs Linux.
While the geopolitical portion is sexy and fun to look at, in most cases American vendors just don't find much value in supporting DACH customers because their budgets are significantly lower and they tend to be much more on-prem heavy unlike their Scandinavian, CEE, or British peers.
DACH local governments also tend to rely heavily on MSP/MSSPs and for these kinds of businesses, margins really matter and vendors don't like dealing with channel sales because they just don't bring enough money to the table for the amount of money you have to spend wining, dining, and supporting them. And given MSP/MSSP margins, it makes sense for them to adopt FOSS.
Finally, some German local governments have used public proclamations like these to renegotiate vendor deals (I think Munich did something similar).
That said, private sector players in DACH have largely consolidated around American or Israeli vendors, such as Schwarz - despite their proclamation for digital soverignity - using American-Israeli SentinelOne [0].
It's good to have competition though, and I do strongly feel that MSP/MSSPs and organizations dependent on Channel are better suited to using FOSS tooling.
[0] - https://www.sentinelone.com/press/sentinelone-and-schwarz-di...
Microsoft blocked official email account of Karim Khan (a prosecutor of International Criminal Court). That was due to Executive order by president Trump (Executive Order 14203 - Imposing Sanctions on the International Criminal Court).
* Data processing by advertising providers including personalised advertising with profiling - Consent required for free use
The full page reload after wasting all that time to realise I don't actually have a choice was a nice touch.
I don't know why people keep sending me / sharing Heise links. There's more than one news website in the world
Guess someone decided "we need to make it sound like we have 80% anyway we can", who knows what the real percentage is.
Excel, in particular, hasn't been unseated despite billions in investments from competitors over the years. Parity will happen someday, but it's at least a decade away.
Time has come. Over the last few years there is more and more interest from goverments and private organizations to have relieable software that does not depend of foreign entities. Software sovereignty is becoming a necesity rather than a nice to have for both nations and enterprises.
> Excel, in particular, hasn't been unseated despite billions in investments from competitors over the years.
Excel, like many other technologies in the past can be disrupted. Like mane other commenters say, it won't come cheap. Saving costs shouldn't be the the goal here.
> Parity will happen someday, but it's at least a decade away.
Challenge accepted!
What major commonly used features do you reckon Excel has that hasn't been implemented in LO Calc yet, that would be a deal-breaker for most businesses?
To my knowledge, Calc has implemented most of Excel's formulae (well over 500 in total count), so at least for typical spreadsheet functionality you wouldn't missing anything.
The biggest limitation I can think of is the limited support for VBA, but Microsoft have already announced VBA's deprecation[1], so no one should be relying on it even in MS World.
And whilst LO's own Basic scripting is... basic, it also supports rich scripting and full automation via Python and Javascript. It even has a full-fledged SDK for developing addins/extensions using a high-level language like C++/Java etc[2], so businesses who're dependent on some random proprietary excel COM addin or something could invest in development effort to port it over.
Heck, if businesses are so inclined, they could modify the LO source itself and build a custom version to add the features they want - that's the beauty of FOSS.
[1] https://devblogs.microsoft.com/microsoft365dev/how-to-prepar...
When Calc gets the other 90% of the features Excel has, you also need to contend with word, Outlook, Visio and all the rest that Libre Office has a 0% solution for.
I support FLOSS... But pretending that anything else does enough for many orgs is delusional. There is work and pain to get through to even have a workable solution... And it won't be as good for a long while.
Massive cost savings are one of the bigger motivators... But that will be offset by the need for more internal staff.
What's your approach to getting out of Access, Visio and Outlook integrations?
Access = LibreOffice Base
Visio = LibreOffice Impress
Outlook = Schleswig-Holstein already switched successfully to Open-Xchange and Thunderbird, I've not heard of them running into any major issues with this setup.
As a sibling comment says you don't need to implement absolutely everything Excel does to _disrupt_ Excel. But you do need to provide a fantastic tool that is easy to use and solves 99% of the problems. If governments start putting their money were their mouth is I am very convinced we can create tools that supersede Excel, Word,...
Good lord.
I've never used anything but OpenOffice / LibreOffice for writing academic texts in the humanities and never missed anything. The "catch" whenever I tried Microsoft Word was the menu that had the most important functions (for me) hidden away much deeper than in OO and LO.
I've never been a big user of Spreadsheets but I've heard only good of Excel and trust the widespread opinion that it is unchallenged in its domain. In sociology you wouldn't use it because you've got specialized statistics software such as R and SPSS (PSPP being an attempt at an Open Source Alternative to SPSS).
Looking at administration, Excel ist probably quite important but when you get rid of it, not one but various solutions might take its place, depending on who uses it. If you want something like a browseable database in a colorful table for office clerks, LO Calc might be enough. But the things Excel gets praised for a lot (I never know what exactly people mean) would probably have to be tackled another way.
Governments going down that need to invest into finding those solutions by providing staff that is qualified to find them or even develop them. The state of Schleswig-Holstein considered in its Open Source initiative strategy that it may be challenged by a future legislation and put a focus on the reasons for acceptance of Open Source solutions. I wonder if that is put into action well to find solutions with the least "catch" that may even excel over Microsoft products depending on their context :)
I've done this several times during my career, to see if LO Calc would ever come up to the performance of Excel. To be fair, I haven't done so since I switched to Python.
Here's the experiment I would conduct. Generate a column of 5000 numbers. Now graph them. Now make a few token changes to the graph such as modifying some of the aesthetic parameters. The difference in processing time was profound, last time I tried it. Also, there was a noticeable "latency" between clicking something, and seeing something happen, that made it quite un-ergonomic if not physically painful to use. I'm sensitive to this because I get eyestrain headaches easily.
It's not the most efficient, being effectively a webview. But its UI and compatibility is imho much better than LibreOffice.
https://euro-stack.com/blog/2025/3/schleswig-holstein-open-s...
When I last tried in a small pilot program, it was incredibly primitive. Linux desktops were janky and manual compared to Active Directory and group policy, and an alternative to Intune/AAD didn't even seem to exist. Heck, even things like WSUS and WDS didnt seem to have an open version or only had versions that required expensive expert level SME'S to perform constant fiddling. Meanwhile the Windows tools could be managed by 20 year old admins with basic certitifcations.
Also, GRC and security seemed to be impossible back then. There was an utter lack of decent DLP tools, proper legal hold was difficult, EDR/AV solutions were primitive and the options were limited, etc.
Back then it was like nobody who had ever actually been a sysadmin had ever taken an honest crack at Linux and all the hype was coming from home users who had no idea what herding boxen was actually like.
Microsoft is trash and is getting worse day by day, but at the very least it's the same trash everyone has to deal with, so people mostly got used to the smell, and you can get economies of scale in tools used to deal with said smell. MS is trash because of incompetence.
Linux is dozens of different flavors of trash, so you don't even get economies of scale dealing with it. It's trash because of ideology - the people involved would often reject the functionality you mentioned for ideological reasons, and even for those who do accept them, won't agree on the implementation meaning you now have a dozen of different flavors, and will take up arms if someone tries to unify things (just look at the reaction to systemd).
Linux works well for careers where shoveling trash is already part of your work, in which case all the effort doubles as training for the job and experience makes this a non-issue. But for non-IT careers where the computer is just a tool that is expected to work properly, it's nowhere near there, and will never get there because everyone's instead arguing on the definition of "there" and which mode of transportation to use getting there.
This is despite them being a tech company, and despite them having already invested in their single Linux flavor (gLinux). Wayland migration was also a pain.
While anyone with macOS or Windows laptops can open support tickets, the hardcore Linux users get invited to join internal forums to help themselves.
Thus naturally one needs to be really into it, especially when dealing with software that doesn't even exist.
So we get our IT supported systems and run GNU/Linux either on servers or VMs.
I sense only if there are changes imposed at governments level, would companies change their stance on this.
https://euro-stack.com/blog/2025/3/schleswig-holstein-open-s...
I've used other things that claimed to in the past and none came anywhere close in practice. They all turned out just to be LDAP with some NT4 style policies for windows and very little at all for the Linux clients. It was like traveling back in time to the Windows 2000 era of management.
/usr is expected to be shared among hosts, host-specific stuff goes into /usr/local for a reason, and as a sysadmin you can decide to simply not have host specific software.
EDR/AV is basically unnecessary, when you only mount things either writable or executable. And you don't want the users to start random software or mount random USB-sticks anyway.
> Back then it was like nobody who had ever actually been a sysadmin had ever taken an honest crack at Linux and all the hype was coming from home users who had no idea what herding boxen was actually like.
Unix has over 50 years of history of being primarily managed by sysadmins instead of home users. While Linux is not Unix, it has inherited a lot. The whole system is basically designed to run a bunch of admin configured software and is actually less suitable for home users. I would say the primary problem was accessing it with a Windows mindset.
Sounds good, except:
* scripting languages exist. The situation is even worse on Linux than on Windows (because of the sysadmin focus). You need at least /bin/sh installed and runnable on any POSIX system. In practice bash, python, perl and many more are also always available.
* exploits exist. Just opening a pdf file may execute arbitrary code on a machine. There is no way to avoid that by just configuring your system. And it will happen sooner or later, especially if nation states are involved.
The idea that your systems are somehow unhackable because you... mount everything W^X is... not based in reality. Of course it's a great idea, but in practice you need defense in depth, and you need to have a way to Detect and Respond to inevitable Endpoint breaches. I don't love EDR/AVs, but they mitigate real attacks happening in the real world.
python ~/my.py
wget | bash
Also you can't make it physically impossible for employees to not e.g. screenshot things and take them home. You can forbid it and try to enforce it, but some amount of trust is needed.
Willing action needs to be taken for what it is, an deliberate action by that user. If that user is allowed to access that data, than I don't see what is wrong with him doing that in an automated way.
The early Unix systems you're talking about were mainframe based. Modern client-server or p2p apps need an entirely different mindset and a different set of tools that Linux just didnt have the last time I looked.
When they audit the company for SOX , PCI-DSS, etc we can't just shrug and say "Nah, we decided we don't need that stuff." That's actually a good thing though, because if it were optional well meaning folks like you just wouldn't bother and the company would wind up on the evening news.
Maybe I am missing something, but that seems orthogonal to ensuring host integrity? I didn't argue against logging access and making things auditable, by all means do that. I argued against working against the OS.
It is not like integrity protection software doesn't exist for Linux (e.g. Tripwire), it is just different from Windows, since on Windows you have a system where the default way is to let the user control the software and install random things, and you need to patch that ability away first. On Linux software installation is typically controlled by the admin and done with a single file database (which makes it less suitable for home users), but this is exactly what you want on a admin controlled system.
Sure, computing paradigms have changed, but it is still a good idea to use OS isolation like not running programs with user rights.
Even if security were "solved" in Linux (it's not), it would still often be illegal not to have an EDR and that's probably a good thing.
Well that's my point. You don't need third-party software messing up with the OS internals, when the same thing can be provided by the OS directly. The real EDR product is the OS.
No, its not and never will be.
Even if it were technically unnecessary (in some hypothetical future where privilege escalation became impossible?), legal, compliance, and insurance requirements would still be there.
That's totally accurate, but you're missing the fact that we fundamentally don't (and can never) trust the OS or any other part of a general purpose computer.
In general purpose computing you have a version of Descartes brain in a vat problem (or maybe Plato's allegory of the cave if you want to go even further back).
https://iep.utm.edu/brain-in-a-vat-argument/
To summarize: We can't trust the inputs even if the OS is trusted, and if the OS is trusted can't trust the compiler, and even if we trust the compiler we can't trust the firmware, but even if we trust the firmware we can't trust the chips it runs on, and even if we trust those chips we can't trust the supply chain, etc. "Trust" is fundamentally unsolvable for any Turing machine, because all trust does is move the issue further down the supply chain.
I know this all sounds a bit hypothetical, but it's not. I can show you a real world example of every one of those things having been compromised in the past. When there is money or lives at stake people will find a way, and both things are definitely at stake here.
So what we have to do is trust, but verify, or at the very least log everything that happens and that's largely what those EDR products exist to do. Maybe we can't stop every attack, even in theory, but we take a crack at it and while we're at it we can log every attack to ensure that we can at least catch it later.
There just isn't any version of this world in which general purpose computers don't require monitoring, logging, and exploit prevention.
If you think the hardware works against you, then you are screwed.
It doesn't have to be "a random company". Microsoft, for example, now ships EDR as part of the operating system.
Many companies prefer other vendors for their own reasons. Sometimes one concern is the exact issue you're describing. By using another vendor outside of MS they can layer the security rather than putting all their eggs in a Microsoft designed basket. We sometimes call that a "security onion" in cyber.
I have no idea what the Linux version of that would even look like though. I imagine you'd just choose one of the many 3rd party EDR's from "random companies." It's another reason I asked the original question about how Sysadmins cope with Linux these days. MS has an entire suite of products designed to meet these security, regulatory, and compliance problems. Linux has... file permissions I guess?
If you want integrity, first make everything executable immutable, the system is explicitly designed to work that way. That's why the FHS exists for. Then use something like Tripwire to monitor it.
To log access use auditd (https://www.baeldung.com/linux/auditd-monitor-file-access).
What else do you need to do?
How though? Presumably you mean we should trust the OS to do that?
Edit to be clear auditd has the same issue. We're trusting it to audit itself. However, we know that we cant trust it because rootkits are a thing. So now what?...
I guess we need a tool thats designed to be tamper proof to monitor it. We do that by introducing an external validation. A 2nd external system can vouch that hashes are what we expect, etc.
If you think your OS doesn't give you the correct answer to a read, than you need to run a second OS side-by-side and compare. If you think your OS is touching data you haven't told it to, you need to have a layer running below so you can check, i.e. virtualization, BIOS or hardware. If you think your OS is making network calls you haven't told it to, then you need to connect it via an intermediate host, that acts as a firewall.
I don't see what injecting a random blob into the OS gives you other than box ticking. Now you need to trust the OS and that other thing.
When your attacker gains control of your OS (so actually below root), than you are screwed anyways. Only having some layer independently will help you in that case. Having more code in your OS, won't help you at all, it will just add more attack surface.
I mean, that's mostly right. IF the OS is already rootkit infected then installing an EDR won't fix it, as it mostly won't be able to tell that the answers it gets from the OS are incorrect. That's why you'll sometimes see bootable EDR tools used on machines that are suspected of already being compromised. It's a second OS to verify the first, exactly as you describe.
In practice that's not typically required because the EDR is usually loaded shortly after the OS is installed, and they're typically built with anti-tamper measures now. So we can mostly just assume that the EDR will be running when the malware is loaded. That allows us to do things like Kernel‑level monitoring for driver loads, module loads, and security‑relevant events (e.g., LSM/eBPF hooks on Linux, kernel callbacks/ETW on Windows).
By then layering on some behavioral analysis we can typically prevent the rootkit from installing at all, or at the very least get some logs and alerts sent before it can disable the EDR. It's also one reason these things don't just run in userland as you suggested above. They need kernel mode access to detect kernel mode malware, and they need low level IO access to independently verify that the OS is doing what it says it is when we call an API.
Your suggestion reminds me of the old 'chkrootkit' command on Linux. It's a great tool, if you don't already have a rootkit. In that case it just doesn't work. A modern EDR would have prevented the rootkit from installing an API hook in the first place (ideally).
> Only having some layer independently will help you in that case.
Sometimes it's more about detection, and sometimes it's more about prevention, but both are valuable. I would one day love to see a REAL solution, but for now I think EDR's are the least worst answer we have.
A better answer would be a modern OS built to avoid the weaknesses that make these bolt on afterthought solutions necessary, but neither Windows or Linux come anywhere close to being that. They both have too much history and have to preserve compatibility.
> How though? Presumably you mean we should trust the OS to do that?
If you don't trust the layer controlling the hardware (aka. the OS) then you need to do that in hardware.
LibreOffice works just fine on _Windows_ - and that's what the majority of its users are running.
So, Schleswig-Holstein can switch to Linux, or not switch, or let specific agencies or individuals choose.
I think everyone hates it, but they're often legally required. Even when they aren't legally required, they usually are by insurance companies.
Nobody wants to be on the news the first time Becky in Marketing opens an email attachment she shouldn't.
*EDIT* I left out one of the biggest benefits: Dummies & Newbs. The world is filled with people who have never used a mouse before they started this job Last week and people who actually NEED the stupid warning stickers on their toasters. If you don't lock down their desktops your support costs will be astronomical and downtime will be constant. We know this because there was a time before these tools, and it largely sucked for everyone.
Did you know that you can bypass the windows 98 login screen by just clicking 'Cancel' instead of 'OK' at the login prompt? Nice and simple, right? That stupid button not only wrecked security it caused 10's or 100's of thousands of hours in lost work because people forgot their passwords, clicked Cancel, and then would call the help desk wondering why network shares didnt work. It would sometimes take hours to figure that all they had to do was reset the password and login properly.
Looks like what IBM tied. IBM allowed some people to stay on Microsoft Office, the 'some people' were VPs and a few 'important' people. That turned into a disaster.
Eventually almost everyone started requesting M/S Office Exceptions, and many were granted. Other people revolted. IBM then gave up and went back to M/S Office.
To do this correctly, convert everyone, from CEO, Board Members down to the lowest level of person. No exceptions.
It is by now a trusty enough workhorse for large organizations.
Yes, it's not all the way there: I've filed hundreds of bugs against LibreOffice, and many are still open (not just feature requests); and yes, I have a lot of criticism of the governance. But it is proof that a huge, end-user-facing software project can sustain itself and improve within having to rely on the MS-bucks or the Googlebucks and such.
But a huge project needs a lot of support, and needs to renew its support from new people, so please help out!
https://whatcanidoforlibreoffice.org/
Filing bugs, contributing graphics, translating parts of the UI (which you would be a saint to do since the translation system is the pits), designing document templates, organizing an install-party, getting promotional material and putting it, and of course you can write write code (starting with easy-hacks) or contribute money.
----
Due disclosure: I'm a trustee of The Document Foundation, which manages the project. Going to speak at LOConf Asia 2025 in Tokyo later this month:
Schleswig-Holstein completes migration to open source email
You'd think Microsoft would be dead and buried by now, or that the readers would have realized how inconsequential these changes are. One or the other.
Now, if two or more municipalities managed to migrate to Linux at the same time...
I can't say I've ever suffered from my choices or that I missed any features. As for "polish" - that's subjective, isn't it? I can access all the features I want quickly and efficiently. It's a tool, after all.
There are some minor bugs with Calc that I'd rate 2/10 in importance - annoyances mostly. I haven't used Excel in a while, but it had annoyances, too.
But even if Microsoft Office is more polished and feature-rich, I still think that the trade-off is worth it - we get data and software sovereignty, privacy and cost savings. The workers need to relearn how to access feature X in the menu or how to live without feature Y.
You see, most Office users are not heavy/expert users and they only occasionally need the basic features that exist everywhere and do good enough of a job. I personally have only used Word maybe 3 times over the past few years, because almost all work documents live elsewhere, while Google Docs is good enough for my personal word processing needs (which could probably be done with Libreoffice as well). In the old days I used to install pirated Microsoft Office when I got a new laptop. These days I don't even think about it.
Imagine every company starts to evaluate how many employees actually need Microsoft Office, and then drop licenses for those who would be ok with Libreoffice or nothing at all. Microsoft would be shitting their pants.
Given that the US has shown it's willing to wield sanctions as a blunt instrument against anyone and everyone, it's only prudent for European countries to reduce their exposure to US tech.
and that's the problem, people wouldn't invest that much into project no one use