×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Open Source Software In the Military

kdawson posted more than 4 years ago | from the keep-it-stupid-stupid dept.

The Military 91

JohnMoD writes With the advent of forge.mil, etc. the military seems to be getting on board with free and open source software. A working group meeting is going to be held at Georgia Tech in Atlanta, August 12-13, 2009. There's a pretty good lineup of speakers including a Marine from the Iraq-Marine Expeditionary Forces, who was on the ground and saw the agility open source gave to him and his soldiers. A number of OSS projects are going to be meeting there: Delta 3D, OpenCPI, FalconView, OSSIM, Red Hat, etc. Looks like there will be some good discussions."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

91 comments

This proves it! (1, Funny)

Anonymous Coward | more than 4 years ago | (#28747019)

See; with the military now realizing the destructive potential of OSS people hopefully now realize the true danger posed by this dangerous concept!

Glad To See It (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28747029)

If OSS is good enough for consumers, businesses, and even governments, there's no reason why the military and their contractors can't use it.

I'm glad Open Source Software is being used to support the brave men and women serving our country and defending our freedom.

God Bless America.

You would think that it is only the Americans... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#28747135)

Who are fighting in Iraq & Afghanistan.
There are soldiers from many other countries who are fighting right alongside the US Forces.
Personally, I regret the loss of the lives of any service personell regardless of which country they are from.

Re:You would think that it is only the Americans.. (1, Funny)

Anonymous Coward | more than 4 years ago | (#28747231)

Anyone who doesn't regret the loss of lives of all soldiers no matter what country, should be dead.

Anyone that doesn't respect all lives should be killed.

Re:You would think that it is only the Americans.. (2)

GigaplexNZ (1233886) | more than 4 years ago | (#28747543)

Anyone that doesn't respect all lives should be killed.

By someone who respects lives.

Re:You would think that it is only the Americans.. (1)

kdemetter (965669) | more than 4 years ago | (#28748023)

Is this some elaborate plot to kill everyone who respect lives ?

Re:You would think that it is only the Americans.. (1)

SpoodyGoon (1574025) | more than 4 years ago | (#28750187)

I can tell you as an American I have not forgotten the troops from other countries that work along side our troops. Maybe someone else has but not me.

Re:You would think that it is only the Americans.. (0)

Anonymous Coward | more than 4 years ago | (#28751067)

Who are fighting in Iraq & Afghanistan.
There are soldiers from many other countries who are fighting right alongside the US Forces.
Personally, I regret the loss of the lives of any service personell regardless of which country they are from.

That's because pointing out that other countries are also fighting would belie the spin we've been fed that we're fighting "unilaterally".

Re:Glad To See It (1, Troll)

Nathrael (1251426) | more than 4 years ago | (#28747773)

It is sad to see that being supportive of one's country is now regarded as troll-ish on Slashdot.

Re:Glad To See It (0, Troll)

kanweg (771128) | more than 4 years ago | (#28749557)

In my opinion it should be. It means being negative about the rest. I don't see how that helps to all get along.

Bert
Who was never brainwashed at school to pledge allegiance to a plot of territory (a ritual invented by a guy from a flag factory to sell more flags)

Patriot != bigot (1)

Hognoxious (631665) | more than 4 years ago | (#28749969)

In my opinion it should be. It means being negative about the rest.

Really? So if you love your [hypothetical, I know] wife, it means you hate all other women?

P.S. Some guy by the name of John J Dwyer called...

Re:Patriot == bigot (2, Insightful)

sourICE (1480471) | more than 4 years ago | (#28751239)

If your wife hates all other women and you love your wife enough to believe in every ideal she believes in without question, then yes you hate all other women.

If you follow your country blindly while it creates war with others over possibly meaningless matters or when there are other options besides war and you never once question it then you are a bigot.

-

dunno.

Re:Patriot == bigot (2, Informative)

sumdumass (711423) | more than 4 years ago | (#28751359)

Man, you are working hard convoluting that to get what you want it to mean out.

You are even assigning attributes that aren't always there in order to do it. How proud you must be. Here is a hint, you don't need to be blindly obedient to be patriotic. You don't need to blindly trust or accept anything the country is doing to be patriotic. Only in your imaginary world is that true.

Re:Patriot == bigot (1)

xouumalperxe (815707) | more than 4 years ago | (#28754119)

Here is a hint, you don't need to be blindly obedient to be patriotic. You don't need to blindly trust or accept anything the country is doing to be patriotic.

More to the point, most definitions of patriotism put the ideals of the country above the actions of the government.

Re:Patriot == bigot (1)

sourICE (1480471) | more than 4 years ago | (#28758915)

Here is a hint, you don't need to be blindly obedient to be patriotic.

I never once said that you have to be blindly obedient to be patriotic, I said that if you did then a patriot would == bigot. Ahh.. the wonderful invention of the 'if' statement. If only there were some equivalent in the English language, oh yes if.

Only in your imaginary world is that true.

I only wish that even half of all the bullshit I have seen in this world were imaginary.

Re:Glad To See It (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28750447)

Replying to undo a moderation.

I'll wait. (0)

Anonymous Coward | more than 4 years ago | (#28747069)

Cost: $325 for attendee

I'll wait for the transcripts, Slashdot follow up and Youtube videos. Thank-you-very-much.

The irresistible force (0)

Anonymous Coward | more than 4 years ago | (#28747077)

is open source anarchy reinforced with military "intelligence".

Re:The irresistible force (0, Redundant)

PopeRatzo (965947) | more than 4 years ago | (#28748067)

I just hope it's easier finding drivers for nuclear missiles than WiFi adapters and video cards.

Killing code? (0, Troll)

Anonymous Coward | more than 4 years ago | (#28747103)

It's good to know when your code is contributing in killing others!

Re:Killing code? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#28747107)

So much trolling going on in here.

Re:Killing code? (2, Insightful)

K. S. Kyosuke (729550) | more than 4 years ago | (#28747153)

And saving lives of yet others?

Re:Killing code? (5, Funny)

Anonymous Coward | more than 4 years ago | (#28747179)

No you are wrong.

When Microsoft's products crash (guidance tracking on cruise missiles) THEY SAVE LIVES.

Re:Killing code? (0)

Anonymous Coward | more than 4 years ago | (#28747191)

+1 funny
No mod points left :(

Re:Killing code? (0)

Anonymous Coward | more than 4 years ago | (#28773243)

Having worked on some of the aforementioned code, I can accurately state that none of the guidance systems on a cruise missile have anything to do with Microsoft products. In fact very little if anything required to target, launch and track a cruise missile requires a Microsoft product.

Done already (1)

hoarier (1545701) | more than 4 years ago | (#28747137)

PLA Daily [pladaily.com.cn] ("China Military Online") is brought to us by Apache, so it would appear that at least one military has already got on board with free and open source software. I'd guess that the PLA could deliver better coding value for money to the Pentagon than could KBR.

I'm in the Military, (2, Interesting)

superslacker87 (998043) | more than 4 years ago | (#28747173)

and do I honestly think I'll ever see any of this stuff?

Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights. My MOS (job classification) is an E4 and out position. Basically I have no chance of attaining any leadership skills in my job. Big change from when I joined six years ago. I'm seriously considering leaving communications for something that I can actually advance in, even if I wouldn't be as happy in it, but I could be wrong about that.

This turned in to an off-topic rant. My bad.

Anyway, I'll be joining tomorrow when I can get access to a computer that I can use my ID card in. Until then, I'll just not be able to look around it and - most likely - correctly speculate what the program is like for a junior enlisted servicemember, even if they know Linux well.

Re:I'm in the Military, (5, Informative)

qbzzt (11136) | more than 4 years ago | (#28747217)

and do I honestly think I'll ever see any of this stuff?

Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights

How many of those civilian contractors are veterans who used to do your job when they were in the military? Just because the government decided to use civilian contractors doesn't mean you don't have a career path, it's just not necessarily one that stays in the military.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28747341)

How many of those civilian contractors are veterans who used to do your job when they were in the military? Just because the government decided to use civilian contractors doesn't mean you don't have a career path, it's just not necessarily one that stays in the military.

I work in HR at a major installation. The IT contractors are overwhelmingly non-veterans. With that said, there are quite a lot of opportunities available in IT in the civil service still. At my installation, the IT positions are starting to return to civil service positions, instead of contract. I see veterans getting picked up for IT positions quite frequently. There are actually barriers in place (veteran's preference) that prevent most non-veterans from obtaining civil service position.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28747273)

You can see the stuff if you're military. I'm also in the military and have an account with Forge.mil. There's not a LOT of things on there, yet, but what they do have looks very promising and there's more then a few people on there. My job has nothing to do with computers or anything like that, so, yes, you will see it. I've downloaded and looked at some of the stuff while at work.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28747675)

You can see FalconView right away. The source code is posted to the internet.

www.falconview.org [falconview.org]

Re:I'm in the Military, (1)

DrgnDancer (137700) | more than 4 years ago | (#28747681)

Go to warrant officer school. Communications warrants do a lot of this stuff. I did quite a bit of network admin work as a communications officer too, but we were National Guard and I was mostly conscripted into that for my civilian skills. I don't think active duty communications officers get to do that much.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28748253)

Honestly, I was in the military and worked on a unix based command and control system. I never got to do more than act as an operator even though I just wanted to dive into the code.

Long story shot, went back to school and got my engineering degree and now I work for a contractor and I now get to develop those software/hardware systems. If you want to do more than just operations and basic troubleshooting (if any), use your GI Bill (I got about 40k plus the 9/11 bonus GI Bill bonus) and go back to school. If you can make it through the military you have more than enough discipline to make it through college.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28748283)

Amen brother! I tried to get permission to use Audacity and I was told I had to buy Adobe Audition instead. Despite the project lead for Audacity being a former military person, Audacity "did not conform to security requirements." In fact, at the time (2006) NO open source was allowed.

The Basic maths is free=bad. The Army has gone to a "Single DOIM" (Directorate of Information Management)concept where ALL IT across the Army comes under one Director. This includes authorizations for ALL software purchases. That means budget. Free software doesnt increase your budget so you write the regulation so free software is not allowed. It is not a surprise to me that a Marine started this. The Marines have such a small budget, literally a rounding error on the Army budget, that they do anything to save.

This will die a sad death after lots of talk.

Re:I'm in the Military, (1)

kaiser423 (828989) | more than 4 years ago | (#28748315)

The Air Force just finished a program to open source Falcon View [falconview.org], which is about the coolest, most comprehensive mapping/GIS program out there.

The Alpha is still pretty rough, and a lot of the cool aerial refueling/bombing run tools are obviously not in there anymore, but it is a tool utilized widely in all the branches that just came open source. Big accomplishment if you ask me!

Not affiliated. I had utilized it extensively in the past, and was missing having it at my new contractor job....then they open sourced it!

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28751863)

Great, now they need to port it out of windows so that we can use it on the aircraft.

Re:I'm in the Military, (1)

gandhi_2 (1108023) | more than 4 years ago | (#28748333)

Did you use "blueforce tracker" or "FBCB2"? Then you HAVE seen it. It's BSD, X, and Gnome. There's tons of stuff in service like that.

And you sort of have a choice: leadership in the combat arms like the Infantry or technical skills in places like Signal. Or you can be a pouge who acts all hardcore, even though an 11B PFC has boots with more roadmarch miles than you.

Re:I'm in the Military, (1)

TehDuffman (987864) | more than 4 years ago | (#28753613)

Or you can be a pouge who acts all hardcore, even though an 11B PFC has boots with more roadmarch miles than you.

Its POG (as in Person other-than grunt) not pouge... you obviously dont know what you talking about because grunts can barely read let alone follow /.

Also the only real grunts are Marines not soldiers (which the summary calls us) get a job boot.

Army Strong [photobucket.com]

Re:I'm in the Military, (1)

gandhi_2 (1108023) | more than 4 years ago | (#28755813)

LOL...nice. But no, pouge wasn't an acronym. It was retroactively created by people who need acronyms to remember anything.

Like my buddy. He got kicked out of the marines. They caught him reading a book. "Hey, this thing ain't got no pictures!"

Marines are grunts like...the marines at JCOT? The travel agents of Iraq. Like the marines in the MCX? The sales associates "in country". Like the marines that bring the FOB mail around? And all the marines guarding the chowhall at camp cupcake and TQ?Semper Fool, deviled egg! [youtube.com]

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28761891)

LOL...nice. But no, pouge wasn't an acronym. It was retroactively created by people who need acronyms to remember anything.

Like my buddy. He got kicked out of the marines. They caught him reading a book. "Hey, this thing ain't got no pictures!"

Marines are grunts like...the marines at JCOT? The travel agents of Iraq. Like the marines in the MCX? The sales associates "in country". Like the marines that bring the FOB mail around? And all the marines guarding the chowhall at camp cupcake and TQ?Semper Fool, deviled egg! [youtube.com]

The BFT runs Linux not BSD

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28748401)

Be patient. We are working on stuff for ordinary folks.

Sorry, youngster (2, Insightful)

Runaway1956 (1322357) | more than 4 years ago | (#28748403)

"Basically I have no chance of attaining any leadership skills"

I fear that you don't understand what "leadership" is. If you wish to learn about leadership, and you are not learning, that is your failure, not the failure of the military, the boy scouts, an employer, or even your parents. I would ask first, how many courses are you enrolled in? If you answer "none", then it is obvious that you DON'T wish to learn leadership, but instead, you only want to bellyache about the military. Which is fine with me - we earn the right to bitch by serving. But, for your own good, you do need to be honest with yourself.

As for attaining a "leadership position" - that is another subject entirely. The best leaders, of course, are good followers. Are you a good follower? Do you work hard to make your mates and superiors look good? Do you support your juniors? Are you always there, willing to do whatever it takes? Do you volunteer to "go the extra mile"?

If so - maybe you really are in the wrong MOS. Maybe even the wrong branch of military. The Navy does things considerably different than the Army - you might consider a tour with the fleet after your army service.

I have one son in the Army, one going into the Navy. If they switched places, I don't think either would be happy - it all depends on the individual's aptitude, personality, etc.

But, please, let's not blame the Army for a failure to learn a skill. You can learn if you wish to learn. Demonstrating that skill is the path to advancement, not bitching about the lack of a skill.

Re:I'm in the Military, (2, Informative)

destuxor (874523) | more than 4 years ago | (#28748473)

My MOS (job classification) is an E4 and out position. Basically I have no chance of attaining any leadership skills in my job. Big change from when I joined six years ago. I'm seriously considering leaving communications for something that I can actually advance in, even if I wouldn't be as happy in it, but I could be wrong about that.

I'm guessing you're a 25B in a Signal unit.

Trust me, there are a lot of ways you can learn leadership skills as an E-4. How many SOP's have you written? How many Soldiers have trained to replace you? Have you initiated a risk analysis for the information systems you are responsible for? Have you taught your Linux skills to the Soldiers around you? Have you considered making a website for your company (something small, like a company Craigslist phpBB site)? Have you assembled a continuity book? Have you compiled a formal list of recommendations for your SIGO/CDR/PL/whatever to improve mission effectiveness, efficiency, safety, and lower operational expenses? Have you personally met and networked with your BN/BDE S-6 or lower echelon commo PLT's, DOIM/ESB, and surrounding units at the same echelon? Have you offered other units the opportunity to participate in your own unit-level training (even simple stuff, like "how to make a website")? Have you aggressively pursued cross-training opportunities other units may be willing to offer (generator troubleshooting, COMSEC management, SIPRNET regulations, JNN operators, etc)?

I did all of this and then some when I was an E-3/E-4 in Iraq. There is no reason you should bitch and moan that you're not picking up leadership skills. What schools have you gone to (WLC, BNCOC, Ranger)? How many Soldiers do you supervise? Why are you still an E-4 after six years? If you're stuck in an MTOE position outside your MOS, get a Letter of Release from your CSM and find a job somewhere else like JCU [jcuonline.org].

As for getting sysadmin rights...feel free to e-mail me and I'll share all kinds of backdoors I've found in the system. They don't hand the reins over easily so I just take 'em.

Re:I'm in the Military, (2, Insightful)

Hognoxious (631665) | more than 4 years ago | (#28750045)

Never mind what he's done, can I have your recipe for acronym soup?

Re:I'm in the Military, (1)

destuxor (874523) | more than 4 years ago | (#28750157)

Never mind what he's done, can I have your recipe for acronym soup?

Laughing out loud (literally)
;-)

Re:I'm in the Military, (3, Interesting)

superslacker87 (998043) | more than 4 years ago | (#28750587)

25B - Information Technology Specialist
SOP - Standard Operating Procedure
SIGO - Signal Officer (Guy in charge of communications in a line unit, aka combat unit)
CDR - Commander
PL - Platoon Leader
BN - Battalion
BDE - Brigade
PLT - Platoon
DOIM - Directorate of Information Management
ESB - Expeditionary Signal Battalion
COMSEC - Communications Security
SIPRNET - Secure (or Secret) Internet Protocol Router Network (As opposed to NIPRNET, or as they call it now LandWarNet, AKA the Internet)
JNN - Joint Network Node
WLC - Warrior Leader's Course
BNCOC - Basic Noncommissioned Officer Course (now called ALC, Advanced Leader's Course. Follow-up was ANCOC (Advanced) which is now called SLC, Senior Leader's Course)
MTOE - Modification Table of Organization and Equipment (Where people and things are within a unit)
MOS - Military Occupational Specialty (See 25B above)
CSM - Command Sergeant Major
JCU -Joint Communications Unit

And to answer the parent's questions, Yes, I am a 25B in a signal unit. I wrote an SOP for my previous unit, which was a line unit. I made the web page for that unit too. I have done training for the unit, and being in a signal unit, all I ever do is cross-train. I can't honestly remember the last time I did anything geeky in the sixteen months I've been on this post, except for the two weeks we were prepping for a deployment.

I'm still an E-4 after six years for a few reasons:

  1. Despite all the technical know-how I have, it means absolutely jack when you're on one profile that questionably makes you possibly non-deployable, and another profile that won't let you run. After all, running is the most important thing we can do, right? If you suck at PT, you must suck at everything else. At least that's what members of the military think.
  2. While I have completed WLC, I got moved out of the unit I was with when I went and was going to go to the board and every time that happens, you're at the bottom of the rung, no matter what kind of time in service one has. I got to go thanks to that nice retention policy that makes us "promotable" after 4 years. Ha, how many MOSs actually have 350 promotion points?
  3. Do these point trends [ncoschool.com] imply any way one could get promoted without being nearly perfect? If they'd stop reclassing the E-5 25Fs into 25Bs, maybe I'd have a chance.

Yes, I'm maxed on school, both military and civilian. 5 classes from graduation actually, and am going while in the military.

Morale isn't very high with this poster, but that should be pretty apparent.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28750379)

Don't feel too bad, I'm a Civilian contractor that works with this stuff (FBCB2, JCATS, SIMPLE, etc thats built off of RH Linux) on a day to day basis and the stuff is so locked down by the actual contractor who develops the software that sometimes your pulling your hair out to make things work properly since its been locked down by them and they don't tell you what has and hasn't been disabled.

Re:I'm in the Military, (0)

Anonymous Coward | more than 4 years ago | (#28755127)

Then be a contractor. Honestly, that's the better route. I don't necessarily agree with it, but it is what it is. I was the master trainer for BFT (opensource). At the time (Ignorant PFC) I thought that would be a cool job. Then when I got on the ground, there was a contractor making 4x what I was and he basically did nothing, just got the master image from the LSA every once in a while, and sit around for a year.

He didn't do PT, didn't do guard duty, didn't do convoys, didn't have to salute, didn't have to clean toilets, do PT, etc, etc, etc. And he made 4x what I was making.

As a 25B (assuming), you'll have plenty of opportunities for this type of work, if you so desire. As far as leadership, you are in the military, probably with multiple deployments. You already have waaaaaaaaaaay more than most corporate college boys ever could possibly dream of, even if you don't realize it.

Military too class based (0)

Anonymous Coward | more than 4 years ago | (#28759303)

Unfortunatly, as a lower enlisted you won't be able to have any real impact on the army. As others suggested, you need to either go warrant officer route or just plain officer for anyone to really pay attention to you. This is sort of continuing your rant, but I spent four years in the army as well, leaving as an E4. I wasn't interested in being an officer or warrant officer or making a career in it, I just wanted to serve my country for 4 years and then continue on with my business IRL.

During my time, I wrote a program that completely automated some of the database and paperwork tasks my office was in charge of that saved our understaffed office at least 10 hours a week. I tested installing it at the next battalion over that did the same sort of work, and they fell in love with it also. It was reliable and fairly well polished. I tried submitting it to the army as a whole through their proper channels for "ideas for the army". It was signed off at the local level and passed on to the European level reviewing authorities where it disappeared forever. I quite badgering people to look at it eventually because it was obvious that whoever was in charge up there either:
A. Couldn't understand how to properly evaluate in house software developed and submitted this way (the way I submitted it for review wasn't normally for software, but there was no other suitable way to have it reviewed)
B. Wasn't going to bother with looking at something that a mere rank-and-file E4 cooked up for army wide deployment. I included the source code and they could have had anyone they want look at it...

Regardless, the army has too much red tape for these sorts of process. I could have saved them 1000's of hours a week army wide if they actually gave a damn and looked at my program. Since my MOS didn't say "software developer" anywhere on it, I didn't have a chance. With any luck and these new programs, the army could actually make "military intelligence" less of an oxymoron and give open source programs such as the one I tried submitting a chance.

New kind of freedom! (1)

syousef (465911) | more than 4 years ago | (#28747285)

Free as in speech.

Free as in beer.

Free as in free to blow the shit out of something.

WOW (0)

ammorais (1585589) | more than 4 years ago | (#28747287)

... the military seems to be getting on board with free and open source software.

Is this the end of the teenager on the basement that hacks the military, now that the military is going secure?
How will the future nerd teens entertain themselves???

Re:WOW (5, Informative)

betterunixthanunix (980855) | more than 4 years ago | (#28747637)

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened.

Now, if the military is controlling the code that is committed to certain projects, that is another story. Then they can see enhanced security from day 1, by ensuring that every patch is thoroughly reviewed -- a much smaller task than trying to re-verify years of review from some other project.

Re:WOW (4, Insightful)

symbolset (646467) | more than 4 years ago | (#28748163)

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen.

Just because you're not doing it, don't presuppose that nobody is. The code review of all the major pieces is ongoing, extensive and in-depth. It's done for a lot of reasons: motivated self interest on the part of organizations with large user bases (NSA, .mil, governments, large corporates), product development (all the commercial vendors), security professionals (for experience props) and others.

Stuff does occasionally get through, but it's almost always pointed out and fixed right away.

One downside of commercial software is that code audits can only be done by two groups: the vendor and the black hats.

Re:WOW (2, Interesting)

betterunixthanunix (980855) | more than 4 years ago | (#28752127)

That is a lot of code to try to audit, especially when a backdoor may be spread across many different modules. I saw an entry to the underhanded C coding contest that hid an information leak across 5 different sections of the program; the leak happened 0.5% of the time the code was run (on average), but it involved leaking the secret key for a block cipher. It could been even more well hidden, had there been more code available, as there would outside the constraints of a contest.

"Security professionals" cannot necessarily spot a well engineered, well hidden backdoor in millions of lines of code, as there might be in the Linux kernel. Given the widespread use of Linux in banks and governments, it would not surprise me if different groups of people have been busy trying to hide some sort of vulnerability.

This is not to say that commercial software is not vulnerable. It is just as easy to bribe a programmer at some major proprietary software house to introduce code as it is to sneak code in through patches in an open source project. The real issue here is introducing third party code, that you have not overseen from its inception, into a high-security environment and trusting it. This is the reason why the NSA has never approved any computer system for handling all classification levels -- it is not economical to develop a custom system, but it is not secure to trust a third party system, so the compromise is keeping top secret data on a physically separate computer from unclassified data.

I am not trying to imply that some hacker is going to be able to take over the military's computer systems -- that only happens in Hollywood. More likely, if such a vulnerability were to be introduced, it would involve weakening a random number generator, or an encryption implementation, or perhaps even making it easier to create a covert channel without being caught. Even just slightly weakening the security could have far reaching consequences for an espionage campaign -- and slightly weakening the security would also make detection that much harder.

Re:WOW (1)

rant64 (1148751) | more than 4 years ago | (#28756747)

This is the reason why the NSA has never approved any computer system for handling all classification levels -- it is not economical to develop a custom system, but it is not secure to trust a third party system

Not true. The INTEGRITY [ghs.com] RTOS has been deemed EAL6+ certified by NSA, from what I've heard it has so little lines of code that auditing is possible.

Re:WOW (1)

betterunixthanunix (980855) | more than 4 years ago | (#28796787)

The last time I checked, the NSA still had not approved any single system to handle data at all four levels of classification, and they required that a single physical system could only handle two "consecutive" classification levels at a time (that is, one level directly below the other, so that TOP SECRET and SECRET could be processed on a single system, but TOP SECRET and CLASSIFIED could not). I would be very surprised if that has changed, since protecting against a covert channel puts requirements on the hardware, regardless of what software is running on the system.

Re:WOW (1)

rant64 (1148751) | more than 4 years ago | (#28798091)

Well, it's a very specific piece of equipment indeed. But I'm not in the US military and I have nothing to do with NSA, so please enlighten me what the use of such a device would be. As I see it, a SECRET system connected to a TOP SECRET system is no longer classified SECRET (and may not even connect if it's not accredited for the classification, and may not even be close to each other, in case of red/black). What environment would need a system that handles all classification levels? A more practical method that I'm aware of is to tunnel information across security boundaries by protecting/encrypting it up to the classification required.

But we digress, we were talking about introducing malicious code in third party software. I don't really see how classification levels fit into the equation. Apparently, the Integrity operating system is so small that it can be fully audited, behaves predictable under all tested parameters, and the EAL6 certification simply means that it can be trusted to behave accordingly, to a very high degree. Yeah, you need to trust two parties instead of one. But it seems to me the next-best thing to writing it yourself.

Re:WOW (1)

betterunixthanunix (980855) | more than 4 years ago | (#28813301)

There are plenty of cases where a single system must handle multiple classification levels. For example, a manager at the CIA may need to handle TOP SECRET information about a spy in a hostile nation, and also UNCLASSIFIED information about some new equipment that is being procured in his department. It would be economical to have a single desktop for that manager to do his work, but since that range of information crosses all four classification levels, that is not allowed; it would be highly economical for all the employees in the agency to be given only one desktop, especially at the end of an upgrade cycle (in the NSA, it is typical for analysts to have two computers on their desks, one connected to the Internet and used for unclassified data, the other connected to a secure internal network and used for SECRET and TOP SECRET data). There is also the issue of servers; the government uses NAS, databases, and application servers just like everyone else, but needs to spend more because of a need to keep different classification levels on physically separated systems.

Encryption is important in these systems, but it is not the whole story. SECRET data should be encrypted, but in order to work with it, it must be decrypted at some point and displayed to the user. A careless (or malicious) user might copy a section of that SECRET data into an UNCLASSIFIED document, thus breaking the entire security system if the different classification levels are not enforced by physically separate systems. There is also a frequent need for UNCLASSIFIED data to be included as part of a classified report -- at some point, that data must be moved between classification levels. In multilevel security, one would usually use a "data diode" for that process -- a specially designed system (hardware or software) that is only capable of copying data up the classification chain.

The question of security in the government is more than just a question of keeping hackers out. A bigger question is keeping data under control, and making sure that sensitive information remains classified. Even if an operating system is polished to the point where it is impossible to gain unauthorized access, it could still be completely unsuitable for government work if it lacks mandatory ACLs (which is what SELinux provides) and various other necessary features for data oriented security. The reason no system has ever been approved to process all classification levels is primarily a concern about covert channels -- they are unavoidable, and there tends to be higher bandwidth available on a single computer system than on physically separated systems. In fact, it is entirely plausible for someone looking to steal classified data to try and get a patch in that increases the bandwidth of a covert channel; even a 1% increase could be highly valuable for a spy.

Systems rated at EAL4 and higher are scrutinized for more than just predictable behavior; they are required to have various mechanisms designed to protect data from slipping into lower classification levels. Windows 2000 was certified at EAL4 for that very reason: it includes a security policy mechanism that allows administrators to create MLS policies; likewise, RHEL5 was also certified at EAL4, because of its inclusion of SELinux (the reason that other distros which include SELinux do not have that certification is probably because they never submitted their system for such certification; there are also other criteria concerning the storage of encryption keys and the ability to instantly revoke a specific user's access to the system). The criteria and motivation for the criteria can be found on the NSA/NIST websites, if you feel like reading a few hundred pages of technical material (you can also check out Security Engineering by Ross Andersen, which has a chapter devoted to MLS).

Re:WOW (1)

DeBaas (470886) | more than 4 years ago | (#28755567)

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened. (snipped the rest)

While I basically agree that it really means more potential for security you miss one point: human nature. With open source developers know some people will look at their code. And that means that they will make cleaner code. No matter how good of a developer you are, the awareness that someone else will look at it will make most developers take another look before releasing and make sure the code doesn't have embarrassing parts.
So even if no-one actually really audits or checks your code, the fear of having to admit that there is some dumb or ugly code in there, often will make the code a bit better.

GNU Rocket (0)

Anonymous Coward | more than 4 years ago | (#28747305)

OSS in miltary? GNU Rocket (http://rocket.sf.net)

Open Source on the Sea (5, Informative)

Kavli (762663) | more than 4 years ago | (#28747337)

Having worked for the Royal Dutch Navy for several years as a programmer and software architect, I'm impressed by their use of open source software on board their combat platforms. For instance, the Landing Platform Dock 2, HrMs Johann de Witt, uses GNU/Linux as a main component in the Combat Management System. Other platforms, including their submarines also uses various degrees of open source in combination with older proprietary systems.

CMS (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#28748013)

, the Landing Platform Dock 2, HrMs Johann de Witt, uses GNU/Linux as a main component in the Combat Management System.

Personally I prefer Drupal as a CMS.

Re:Open Source on the Sea (0)

Anonymous Coward | more than 4 years ago | (#28748027)

HrMs Johann de Witt certainly doesn't look stylish enough for OSX. And I'm pretty sure that's GUN/Linux.

Windows for destroyers (no pun intended) (1)

Ilgaz (86384) | more than 4 years ago | (#28748187)

I would really love to hear your opinion about the other Royal (UK) navy's use of Windows on Destroyers and Nuclear submarines and even (kind of) bragging about it.

http://www.theregister.co.uk/2009/01/05/windows_for_warships_hits_type_23s/ [theregister.co.uk]

I mean, if it is not non ethical or anything else stops you.

What is your guess? Do they use Windows clients to a real operating system like UNIX or it is actually pure Windows? What would Dutch army/ask say if you went crazy and proposed using Windows replacing *NIX? They would sure do a triple background check on you right?

Re:Windows for destroyers (no pun intended) (2, Informative)

Kavli (762663) | more than 4 years ago | (#28748597)

I won't start a discussion about the choice that the Royal Navy did.

All I can say is that the technical management at CAWCS/Force Vision never saw Microsoft as a viable alternative. At least as long as I was working there.
But sure, we used other operating systems as well. Among those OpenVMS and Solaris 7 and 8. Most of the development was done on Sun/Solaris.
We even had Windows systems for office support, but on a physically isolated network.

Disclaimer:
As a former external consultant I'm not speaking for the Royal Dutch Navy.

Not Suprised (1)

shock1970 (1216162) | more than 4 years ago | (#28747489)

I've been teaching Eclipse [eclipse.org] Plug-in and RCP development [avantsoft.com] to US Military and Defense organizations and contractors, as well as for the Australian government, for the past 3 years.

As long as the open source product can be proven as a secure technology, I don't see why the government wouldn't adopt it, especially if there are little to no licensing fees for its use.

NMCI (2, Interesting)

DoofusOfDeath (636671) | more than 4 years ago | (#28747495)

I know that a number of Navy scientists have scratched their heads regarding why the NMCI [wikipedia.org] abomination [nmcistinks.com] used Windows rather than Linux on the desktop.

I wonder if they'll smarten up when they roll out NGEN, which will replace NMCI.

Re:NMCI (0)

Anonymous Coward | more than 4 years ago | (#28748139)

NMCI was destined to suck from the beginning, and it has nothing to do with its choice of operating system.

Re:NMCI (2, Informative)

steve-san (550197) | more than 4 years ago | (#28748229)

Don't hold your breath. Although the Federal Desktop Core Config (FDCC) [nist.gov] only mandates *security settings* for federal gov't XP/Vista machines, many IT PHBs have taken it as a mandate to USE Windows for the desktop environment. Hard to blame them, if you just go by the title of the program. I mean, where's the Linux FDCC, or the Mac version? Oh, that's right... they don't exist (yet).

Add to that the fact that AD, Exchange, SharePoint, OCS (among others) are de-facto standards across the DoD, and you can see where that leaves us for desktop machines. Not impossible to integrate alternative OS's, just very difficult; and nearly impossible to reap all those "MS-unique features" from your Windows servers w/out Windows/IE/Outlook/OCS on the other end.

I think it's safe to say that vendor lock-in has been achieved.

Requires US$200 Certificate to contribute. (0, Flamebait)

cellurl (906920) | more than 4 years ago | (#28747603)

I tried to submit code. You have to get a $200 certificate and it has to be from symatec or one other. Forge.mil does not allow any of the cheap or free certificates companies. Screw em, I got better places to give away my time.

Re:Requires US$200 Certificate to contribute. (0)

Anonymous Coward | more than 4 years ago | (#28747971)

I believe they are trying to do more upstream, but yes, this restriction retards progress and should be fixed.

They apparently need to know "who is looking at what" which means they do not /yet/ get OSS and see it as something of a risk/experiment.

I encourage them to fix this if they want to get true cooperation going. I'm sure most of these projects have applications far beyond just the military and could benefit from collaboration with the private sector.

Re:Requires US$200 Certificate to contribute. (1)

drewcifur (255801) | more than 4 years ago | (#28748065)

Forge.mil would be used for items that can't necessarily go into a sourceforge or github type setting (due to ITAR restrictions and the like). Discussions abound as to the best place to host items that can be made available to all without cert. I've been in on some of the discussions and we are looking out for these concerns. None of us want to see code that should be available to all restricted for no good reason.

Re:Requires US$200 Certificate to contribute. (1)

gandhi_2 (1108023) | more than 4 years ago | (#28748395)

This is pretty funny. The US Army uses self-signed certs. www.us.army.mil

MS's "help" for the brass (4, Interesting)

gtall (79522) | more than 4 years ago | (#28747665)

If anyone caught Gen. Patraeus's briefing last week, I forget where it was but it was a public briefing, he constantly referred to Microsoft. Usually, the phrasing went something like, "if Microsoft will allow this". I noted that several of his slides were a bit odd in that there were arrows that really pointed no where and had no information content that I could discern. In the Q&A afterward, he actually pointed out the MS person who helped him create the slides. That would explain the totally useless arrows. But I was struck that MS actually has a representative to help the brass do Powerpoint. Until that changes, DoD will always be enthralled by MS and their Powerpoint bulletpoints.

Just as a brief aside, there is a Stargate SG-1 episode where the General has been replaced by some other Air Force General and he calls O'Neill into his office to complain about the fonts and the fact that he'd prefer there be more bullet points in his report. The look on O'Neill's face was just too good.

DoD has been using F/OSS for years (4, Informative)

grandpa-geek (981017) | more than 4 years ago | (#28747769)

Several years ago there was a series of conferences on F/OSS in government sponsored by George Washington University. There were several presentations made on use of F/OSS by DoD. They included the certification of F/OSS for use in command-control systems, the use of F/OSS in weapons systems, and other applications. Topics addressed included interpretation of terms of the GPL when F/OSS is used in systems for which DoD secrecy requirements apply to the software. (In that case, distribution within DoD and its contractor community is treated as internal to the user and not subject to general disclosure.)

The conferences included numerous presentations about F/OSS is government, including health care and a wide variety of other areas. DoD was just as active as other agencies in using it.

Hey it's FalconView (0)

Anonymous Coward | more than 4 years ago | (#28748081)

I never get to comment on /. stories but this is relevant to my interests.
I didn't know FalconView was open souce (or at least moving to open source). Here is the link if Google failed you:
http://www.falconview.org/

I dont like it... (1)

nimbius (983462) | more than 4 years ago | (#28748205)

But i signed up for applications like this when i agreed open source was a terrific achievement for the community. war is a terrible application for something so geared toward the greater good, but freedom as in speech means some are bound to say things others dont like.

I can only hope open source can lead us away from wars entirely some day.

Too many similar tools? (2, Funny)

OrigamiMarie (1501451) | more than 4 years ago | (#28748393)

Al: Uh-oh, quick! Should we use gnuke, knuke, or just bare-bones nuke?
Bob: Ah, definitely not knuke, it screws up at least half of the commands it sends to nuke. Maybe gnuke, it's at least a competent front-end, but it's missing a bunch of the functionality of nuke -- the dev got bored and was pulled onto another project. But the command-line for nuke is so obtuse that it will take two or three tries just to get the command right, and those first two bad commands might be worse than not using it at all. Of course, nobody has what you would call real-world experience with any of them . . .
Al: Ah sh*t, too late anyway.

Sorry, it was the first thing I thought of when I saw the gnuke tag on the story.

TCP/IP was military (5, Insightful)

ritzer (934174) | more than 4 years ago | (#28748659)

Anyone on this forum heard of TCP/IP? Maybe I am getting old, but I remember the internet as a DARPA project. Source got distributed and ported to whatever you OS you happened to be using. Sounds like open source to me.

F/OSS on the Desktop (0)

Anonymous Coward | more than 4 years ago | (#28749385)

Yeah it's in servers and weapons, but can anyone get Firefox installed on thier desktops yet?

It's not sad when it is trollish... (1)

sourICE (1480471) | more than 4 years ago | (#28751189)

It's not sad to see it appear trollish when really it does not have much relevance at all to the topic at hand. Any moron can throw posts all over that say, "WOOO!! Go !"

-

dunno.

Resistance (4, Interesting)

WhoIsThatDork (987578) | more than 4 years ago | (#28751999)

I've been working as a software developer in a military research lab for about 7 years. My primary area of work is development of middleware to allow interoperability between DoD systems that otherwise have no such capability. I'm a big proponent of using general open source solutions as well as the military having their own "open source" for situations that might not be appropriate for public distribution, but are very relevant across the entire DoD.

The resistance always comes in people guarding their products, ultimately to protect jobs and/or profit. The contracting companies have their stovepipe systems, and typically they want to be the sole source of development/maintenance. Even government entities keep things closed off from one another; I've had many instances where I've been told to either partially distribute or not distribute DoD-owned software (including source) when requested by another element of the DoD. Too many people are worried about their intellectual property, which makes it very difficult to tear down these political barriers. This ultimately results in the exact same functionality being developed many times over, which I've seen all too often. We're making some progress, but it's going to take significant buy-in from someone high up (read: with star(s) on their shoulder) to push the agenda. Otherwise, it continues to be a large amount of talk without much in the way of results.

Speaking of large amount of talk, I recently met with one of the key speakers at the aforementioned conference (Major James D. Neushul). This individual is a risk to adoption of open source principles...not because he opposes them, but because his mouth exceeds his knowledge. He speaks largely in buzzwords and jumps between concepts as soon as you corner him on the technical inaccuracies of his claims, but he does so with fervent insistence of his correctness. At one point in our discussion, he actually stated that the ideal solution right now is for every computer, down to the individual warfighter level, to be running an instance of a web server and use web applications. He also wrote the "specification" for an XML version of a widely-used bit-oriented messaging format (VMF), except he didn't write schemas, but rather a description of how one should make the schemas. It's a pretty scary stance to assume that a set of tag-naming rules is going to result in compatibility of all the independently developed schemas. It's unfortunate that this individual is probably going to alienate many skilled and otherwise open-supporting engineers....such as myself and my entire engineering team, all of whom are on-board with opening up DoD capabilities...yet none of us can tolerate his sloppy, bravado-laden approach.

The only important thing to say (0, Troll)

ChameleonDave (1041178) | more than 4 years ago | (#28752381)

I have some karma to burn, so I'll say it.

Military use of Free software is in violation of the spirit of the movement. Yes, the letter of the GNU licences doesn't stop you doing immoral things with code, but it is clear that if I took the time to contribute a nice little program to the human race, it wasn't so that some bastard could come along and in use it to facilitate the blowing apart of other human beings. The fatigue-wearing bullies of some regime halfway across the world, be it in Korea, India, the US, Honduras or anywhere else, are not welcome to the fruits of my labour.

Any discussion of this matter which does not consist either of plans to stop this happening, or sighing wishes that things could be different, is completely missing the point, and a sign of a lack of civilisation.

Re:The only important thing to say (2, Insightful)

SiggyTheViking (890997) | more than 4 years ago | (#28758209)

I appreciate your stance that war is immoral, but I must point out that this is not a universally held notion.

Similarly, I appreciate the concept of non violent resistance, and think it is one of the bravest stances a person can take. However, I will choose to stand against fatigue-wearing bullies, whatever color their fatigues may be. And I choose to use the sharpest sword I can lay my hand on to do it.

Why the military will not be successful with OSS (1)

iamwahoo2 (594922) | more than 4 years ago | (#28752863)

The US Military is currently all abuzz about OSS. Ecspecially the top leaders. They see that OSS development teams are managing to be successful in areas where military acquisition programs are failing. Software development in a military acquisition program is a painstakenly slow process. Software revisions take years on major acquisition programs. Quick patching of even serious bugs is impossible and even if it were possible can cost millions. Furthermore, the software is not sustainable. The software that they purchase is typically tied to a piece of hardware and when that hardware becomes unavailable or obselete, they cannot port that software to new hardware because they do not have the source code to do so.

Consider this, there are US military aircraft flying right now with hardware and software for which they have no source data. The systems are tied into critical data buses with other avionics. And get this...the hardware and software are designed and built in a foreign country (many times Israel, which is notorious for their espionage activities).

What is my point? The US military acquisition teams are not trained to handle the modern world of software where data rights play a key role in making sure that their systems are secure, sustainable, reliable, and affordable. They know that OSS does well in all of these aspects, but so have many closed source software teams. Until they understand why their acquisition programs have failed in this respect, they will not be successful in their attempt to fix their problems by mimicking OSS processes.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...