Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Open Source In the National Interest

Zonk posted more than 8 years ago | from the penguins-for-everyone dept.

170

munchola writes "A new report from the Department of Defense's Advanced Systems and Concepts Office recommends that the DoD move to adopt open source software and methodologies as well as open standards in order to make the most efficient use of internal resources. According to CBR, the report states that a move to 'Open Technology Development' is not only in the U.S. national interest, but in the interests of U.S. national security. OTD incorporates open source methodologies and open standards, but also takes into account the fact that the DoD has systems that it would rather keep secret."

cancel ×

170 comments

Sorry! There are no comments related to the filter you selected.

Yay! :) (2, Funny)

Spy der Mann (805235) | more than 8 years ago | (#15698779)

Let's have a party! Invite Linus and Stallman! :)

Bring the fireworks! :)

Re:Yay! :) (0)

Anonymous Coward | more than 8 years ago | (#15698832)

Linus and Stalin?

Sure, govt. business type operations but the DoD? Open DoD software? Something just doesn't seem to gel there with those two words.

Re:Yay! :) (0)

Anonymous Coward | more than 8 years ago | (#15699379)

Of course, especially since proprietary systems like Windows with who-knows-what security holes are present has worked out so well for everyone!

Re:Yay! :) (1)

adavies42 (746183) | more than 8 years ago | (#15698882)

Bring the fireworks! :)

Supplied by Raymond?

Re:Yay! :) (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15699139)

Hello, Canadian Arseholes. I'm here at Eglinton park in Toronto and I just wanted you Canadians to know that it is a shithole. Its funny how Canadians in their smug self satisfaction like to believe they are somehow magically better than everyone else though they have contributed absolutely nothing to the collective progression of mankind. Certainly not a fraction of that graciously bestowed by your illustrious neighbours to the south.

I can only hope that my home country of England could someday bask in the glow and radiance of the glorious United States of America. It warms my Gaelic heart just thinking about it. Canadians, please fuck off and don't even think about coming between us and the wondrous Americans. Thank you. Seriously, fuck off and die. And that includes you Shania Twat.

Re:Yay! :) (0)

Anonymous Coward | more than 8 years ago | (#15699101)

Stallman would not come. The article said "Open Source" and not "Free Software", so it is evil.

(Stallman: Could you please spend a little more time fighting the EXTERNAL enemies and a little less on the internal ones?)

Re:Yay! :) (1)

MK_CSGuy (953563) | more than 8 years ago | (#15699162)

Let's have a party! Invite Linus and Stallman! :)

I can already see the flame war - "That's GNU/Tomahawk you asshole!!"

What Would Shelley Do! (1)

soloport (312487) | more than 8 years ago | (#15699335)

If Shelley is against it [shelleytherepublican.com] and Tristan is against it [shelleytherepublican.com] it must not come to pass!

Re:What Would Shelley Do! (1)

ATMD (986401) | more than 8 years ago | (#15699992)

Oh no!

Good God, I don't know where to start with that. I'll just cackle inanely for a while, and hope that not too many computer-illiterate "Bible bashers" are taken in by it...

2 words. (2, Insightful)

jellomizer (103300) | more than 8 years ago | (#15698784)

About Time

Re:2 words. (1)

diersing (679767) | more than 8 years ago | (#15698805)

About time... the MS lobby shows up to bury it with a couple dozen reports of their own, a couple dinners and a quick junket to the islands and we'll be back where we started.

This all makes now but... (5, Insightful)

Recovering Hater (833107) | more than 8 years ago | (#15698797)

I foresee the DoD changing its tune after Microsoft drops a few million dollars in the right direction to make this go away. Remember the Open Doc file format drama that unfolded not too long ago? ...where did I put my tinfoil hat again...

Re:This all makes now but... (1)

Spy der Mann (805235) | more than 8 years ago | (#15698855)

Yes, but this is matter of "National Security". After all the brawl on wiretapping, they can't take "National Security" that lightly. If they take it back (Open Source, i mean), the DoD is going to lose A LOT of credibility.

Re:This all makes now but... (1)

nuzak (959558) | more than 8 years ago | (#15698975)

Oh my gosh, the credibility of the DoD is at stake, whatever shall they do?

How about demand and get a hundred billion more dollars?

Has the DoD ever done any wrong in the eyes of the administration or any body of congress other than the GAO?

Re:This all makes now but... (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15699066)

Does the Advanced Systems & Concepts office carry so much weight that the DoD as a whole can't simply pretend the report never happened?

Well maybe. (1)

fury88 (905473) | more than 8 years ago | (#15699082)

That's their plan all along...

"Always remember... (4, Insightful)

Irvu (248207) | more than 8 years ago | (#15699382)

...your rifle was made by the lowest bidder."

That's a relatively old joke in the Military, and a relatively sick one when you consider the problems of faulty weapons (e.g exploding in your hands). But it points to something pretty basic. When it comes to things the DOD is rewarded for going cheap. This doesn't mean that they won't but they are rewarded for trying. In this gig Microsoft is at a disadvantage as their competitors are a) Free, and b) can be taken under total control by the DOD. Remeber that in-house changes to GPL'd code need not be released. Microsoft on the other hand is likely to worry about in-house changes to their stuff (e.g. document security restrictions for Office).

While I doubt Stallman will be welcome any time soon keep in mind that Theo De Raadt and the other BSD people have been welcomed (and financed) by the DOD before now. Ditto things like SELinux. In many ways this is only surprising because it took so long for them to say openly.

Re:"Always remember... (3, Interesting)

liliafan (454080) | more than 8 years ago | (#15700161)

I will believe it when I see it, I just got told in no uncertain terms by our site IT security officer that:

"Nessus is unapproved software, we only allow xxxxxx(closed source) security scans to lock down your UNIX servers"

Yes I work for the DoD.

Re:This all makes now but... (3, Insightful)

Poppler (822173) | more than 8 years ago | (#15700197)

I foresee the DoD changing its tune after Microsoft drops a few million dollars in the right direction


Except a few million is peanuts to the DoD. Their budget for 2006 was well over $400 Billion. I think they're going to make whatever decision will benefit them most, regardless of the cost.

Darl? (0)

Anonymous Coward | more than 8 years ago | (#15698806)

So Darl thinks that free software should be restricted worldwide by American law? How does he work that one out, especially when a lot of free software doesn't come from America?

NEWSFLASH (4, Insightful)

P3NIS_CLEAVER (860022) | more than 8 years ago | (#15698828)

Govt. IT is highly fragmented. It took 20 years for DOD to switch to all-diesel. How long to switch to open-source?

Re:NEWSFLASH (1)

IAmTheDave (746256) | more than 8 years ago | (#15698969)

How long to switch to open-source?

As long as it takes for current systems to become obsolete. There are better things to spend taxpayer money on right now than a full-scale system switch-over to OSS just because.

As desktop computers need replacing, use Linux. As servers require replacing, use OSS as well. As for the immediate - go with what's already in place.

Re:NEWSFLASH (2, Insightful)

theonetruekeebler (60888) | more than 8 years ago | (#15699225)

It's open-source methodologies they're switching to, entirely within the DoD itself. It will probably be a matter setting up sourceforge.dod.gov and adding a Wiki.

The all-diesel thing is a hardware problem, and military hardware isn't cheap.

Who cares? The obvious has been stated. (2, Insightful)

twitter (104583) | more than 8 years ago | (#15699238)

Govt. IT is highly fragmented. It took 20 years for DOD to switch to all-diesel. How long to switch to open-source?

Penis Cleaver, what a cute name you have. Oh well, it's worth the time to answer your silly question.

Intention is more important than time here. Now that the US DoD has realized and prooven the obvious, they will do it as they need to.

The rest of us can continue the migration and have fewer problem doing it. We can now point to it whenever we run into "Get the Facts" nonsense that M$ and other tin horn companies spend lots of money telling people. It was bullshit and this is one more nail in their credibility coffin. It's the kind of thing that makes their fanboys feel like they were lied to, because they were.

Enough hits like that makes things much easier. Between the government stating the obvious, DRM and corporate rip offs, M$ is losing most of it's fan base. Companies are feeling very burnt by the long time it's taking to get Vista out because of all the money the spent of code assurance plans. DRM disasters are turning off home users and reviewers because the systems are so buggy that all of M$'s hardware lock-ins and driver advantages are negated. Now everyone can look back at the things M$ has said about security and think, "those people are not very honest." All of that animosity makes it that much easier to advocate free software.

It's nice to see people finally catching on.

Re:NEWSFLASH (1)

192939495969798999 (58312) | more than 8 years ago | (#15699259)

Awesome, they all dress in Diesel [diesel.com] ? Oh wait, never mind.

US Gov. Mandates ODF (1)

arthurpaliden (939626) | more than 8 years ago | (#15698844)

So how soon untill we see this.

Re:US Gov. Mandates ODF (1)

bsartist (550317) | more than 8 years ago | (#15699064)

So how soon untill we see this.
Immediately after a major breakthrough in porcine aviation.

The anti-OSS people do have one point. (5, Insightful)

LWATCDR (28044) | more than 8 years ago | (#15698852)

The statement that people could introduce malicus code into Linux that then makes it's way into secure systems. Of course with companies outsourcing programming jobs to other countries the same thing could happen with a closed source system.
The solution for OSS is simple. Any OSS software that goes into a Command and Control system needs to have it's source code audited by an independent authority.
Of course the same thing should be done with any software that goes into a military, aerospace, or any other mission critical system. In this case OSS does have a clear advantage in that the end user can select any group to perform the code audit instead of depending on the vendor.
Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

Re:The anti-OSS people do have one point. (0, Redundant)

arthurpaliden (939626) | more than 8 years ago | (#15698873)

Straw man argument. Its is open. Therefore you have the code. Therefore you can look.

Re:The anti-OSS people do have one point. (5, Interesting)

Peter Mork (951443) | more than 8 years ago | (#15698924)

The solution for OSS is simple. Any OSS software that goes into a Command and Control system needs to have it's source code audited by an independent authority.

Unfortunately, it's not as simple as auditing the source code. You also need to have complete control over the compiler, as implemented in machine code. For example, see Ken Thompson's comments [acm.org] on how to imbed self-replicating code into a compiler so that every program has a back door.

Re:The anti-OSS people do have one point. (1)

arthurpaliden (939626) | more than 8 years ago | (#15698952)

It is that simple because you have the source code for the compiler. Now I know you run into the chicken and the egg problem here but you can still analize the object code to see exactly if the code generated maches the source supplied.

Verifying code (2, Informative)

Peter Mork (951443) | more than 8 years ago | (#15699147)

The chicken-and-egg problem is a big problem. If you need to verify the security of a system, you need to have written the compiler, from scratch. You cannot rely on a third-party tool, unless you can verify the compiler executable (not its source code). The article also notes that the problem is even worse: you need to verify that the hardware implementation of the instruction set is correct.

Don't get me wrong, I think that open-source is important. It just doesn't provide any absolute guarantees.

Re:Verifying code (1)

arthurpaliden (939626) | more than 8 years ago | (#15699389)

Actually all you need to do is write a simple compiler using asembler/object code to handle the inital version of gcc. Then you work your way up to the current release. As to verification of opcode functionality, that is just leg work.

Re:The anti-OSS people do have one point. (1)

morgan_greywolf (835522) | more than 8 years ago | (#15699072)

At some point you have to trust someone, unfortunately. The only way to be completely sure, as Ken Thompson himself points out in a roundabout way, is to build a computer and all of its software (include firmware, microcode, etc.) completely from scratch, using no one else's software at all, since such malware could even be inserted into firmware or even the CPUs microcode. Let me just say that the task would be next to impossible today, even for the DOD.

Re:The anti-OSS people do have one point. (3, Insightful)

jZnat (793348) | more than 8 years ago | (#15699143)

No matter how many times that FUD is introduced here, people forget that GCC bootstrapped itself, and I'm sure it gives you directions somewhere on how to bootstrap it yourself as well. Writing a simple C compiler in Assembly and "compiling" the Assembly by hand is very possible if you need that degree of paranoia distinguished.

Re:The anti-OSS people do have one point. (1)

Peter Mork (951443) | more than 8 years ago | (#15699213)

The point is not that writing a compiler is necessarily that difficult. The point is that simply reading the source code (assuming it's crystal clear code) gives you some magical guarantee. Assuming you can trust the hardware, you need a combination of a verified compiler, access to the source code, and sufficient documentation to recognize when the source code is doing something suspect. In other words, open-source software is necessary, but not sufficient.

I was unable to quickly find information on gcc bootstrapping. Can you provide any information describing this process?

Re:The anti-OSS people do have one point. (1)

bcat24 (914105) | more than 8 years ago | (#15699310)

But then you have to trust that your OS's file writing primitives haven't been tampered with. Even if you trust the OS, can you trust the CPU? The hard disk controller? OK, it's really far-fetched, but if your a government institution, you may need to worry about stuff like this.

Countering Trusting Trust (4, Informative)

dwheeler (321049) | more than 8 years ago | (#15699916)

There's a technique for completely countering the "Trusting Trust" attack, called "Diverse double-compiling". See my web page on countering trusting trust through diverse double-compiling [dwheeler.com] , which includes a link to a paper describing how to do it, and an example where it's been done.

Re:The anti-OSS people do have one point. (4, Insightful)

ZachPruckowski (918562) | more than 8 years ago | (#15698943)

Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

Only if they distribute it outside their organization, which in this case could be probably construed as the US government and the military and national guard.

Re:The anti-OSS people do have one point. (3, Insightful)

jc42 (318812) | more than 8 years ago | (#15700230)

... hey would have contribute back the patches so it is a win win situation.

This is hardly anything new. Look into how the DoD funded the development of the Internet (aka ARPAnet).

Actually, in most cases they didn't even develop their own patches. Rather, they told their academic and industry fundees about the problems in the latest code, let the hackers work out a solution, took the code for their own uses, and left it in the public code base for further use and development.

Yeah, they probably did a bit of development on their own, but the evidence is that there hasn't been as much of this as you might expect. The military has found the academic hacker community to be a much better testbed for most of the code, and a lot cheaper than trying to debug changes in a military setting. As long as the crypto stuff is highly modular (and it is), it's a lot more effective to just leave the code development in the public sector, where there are lots of eyes and people happy to show off their expertise by doing the hacking that a strictly-managed power structure finds highly distateful.

For a feel of the US government's relationship with the linux part of the open-source community, google for "secure linux" and do a bit of reading. There's a lot going on there.

Re:The anti-OSS people do have one point. (1)

IAmTheDave (746256) | more than 8 years ago | (#15698980)

Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

I have a sneaking suspicion that "State Secrets" privledge trumps GPL, since, you know, it trumps every other law in the land.

Re:The anti-OSS people do have one point. (1)

WilliamSChips (793741) | more than 8 years ago | (#15699052)

If they don't wanna release the source, they just don't release the binaries. It's that simple.

Re:The anti-OSS people do have one point. (4, Insightful)

db32 (862117) | more than 8 years ago | (#15699346)

Go ask Cisco, or MS, or any of the other major vendors how many of their patches came from the DoD. DoD has found a great number of problems in a great number of products and has in turn work on a great number of patches that made it back into the consumer world.

Coarse...for the really paranoid type...I would like to point out that the DoD has played very large roles in quite a few other critical areas that I'm sure everyone holds near and dear...vehicles, aircraft, radar, computers, oh and that intarweb thingy...DARPAnet and all.

DoD has had a pretty good history of providing goodness to the populace as well as all the negative that people like to focus on. DoD doesn't start the fight...politicians do, remember that next time you see a service member. They bleed for the good causes, and the bad causes...its the leaders that determine what causes they are going to bleed for next.

Re:The anti-OSS people do have one point. (0)

Anonymous Coward | more than 8 years ago | (#15699008)

... people could introduce malicus[sp] code into Linux that then makes it's[sp] way into secure systems.
And with closed source software it could already be there! :P

Re:The anti-OSS people do have one point. (3, Insightful)

wfberg (24378) | more than 8 years ago | (#15699018)


The statement that people could introduce malicus code into Linux that then makes it's way into secure systems. Of course with companies outsourcing programming jobs to other countries the same thing could happen with a closed source system.

American programmers are just as capable of introducing (intentional) bugs as foreign programmers.


Of course the same thing should be done with any software that goes into a military, aerospace, or any other mission critical system. In this case OSS does have a clear advantage in that the end user can select any group to perform the code audit instead of depending on the vendor.


The US armed forces have enough spending power to convince even Microsoft to pony up the source code. And they do.

Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

Under the GPL, you only have to contribute patches if you distribute your modified code to third parties. The result of a code audit might also just be "don't use module X", in which case there's nothing to patch.

The way I read it the article is more about encouraging DoD programmers to be more like the open source community in sharing programs, ideas and sourcecode with each other, rather than continually reinventing the wheel.

Re:The anti-OSS people do have one point. (1)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15699029)

Yes.

>it holds the potential to reduce software purchasing and development costs.

and to improve security. The Naval Academy has held "hacking" exercises. How about a code auditing exercise? At the end of that, the graduating officers will be much harder to hoodwink about software security.

>Of course if the military does a code audit on Linux they would have contribute back the patches

Only if they distribute the binaries outside their organization.

Re:The anti-OSS people do have one point. (2, Insightful)

larkost (79011) | more than 8 years ago | (#15699265)

In this the military has much the same problems that most organizations have: the decisions about what to purchase are often not made by people who have any hands-on experience, rather it is made by people who are getting much of their information from vendor salespeople.

Remember, it is the Generals who ultimately sign off on these large scale decisions, and not many of those come from the Engineering ranks (to get high office you usually have to serve in combat positions... generally a good idea, but might not work out for everything). And in many cases even the Generals are not the ones making the mandates, but the system decisions are made by the congressional budgeting process (think Pork Barrel).

The Academies and ROTC programs do train some IT people (and even more Engineers), but the main function of an Officer is to lead, not to do the detail work. I don't say that as a denigration, as I was in ROTC as an Engineering student.

Re:The anti-OSS people do have one point. (1)

MK_CSGuy (953563) | more than 8 years ago | (#15699117)

Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

Does the military (or any other security related branch of govt.) has ever contributed bug reports/fixes to OSS?
I can see reasons why they wouldn't want to do it (i.e. keeping foreign intel. from knowing that they are working with this and that software systems).

Re:The anti-OSS people do have one point. (1)

civilizedINTENSITY (45686) | more than 8 years ago | (#15699234)

Does the military (or any other security related branch of govt.) has ever contributed bug reports/fixes to OSS?

Sandia Labs does a lot of GPL work. As a premire weapons lab, they have some bright people who write good code. MPQC [mpqc.org] , for example.

Re:The anti-OSS people do have one point. (0)

Anonymous Coward | more than 8 years ago | (#15699309)

Government IP should never be GPLed, it should be public domain. The reason is, just like all other government activities, it's paid for by US tax payers. So all US taxpayers should be able to use the resulting "product" in whatever fashion they desire.

Re:The anti-OSS people do have one point. (0)

Anonymous Coward | more than 8 years ago | (#15699878)

While that may be true, it's probably easier to release a bugfix with the same license as the project it's fixing rather than trying to maintain a project with dozens of licenses for parts of the code. It's nice to see government expendature returned to the people by way of IP contributions, but they certainly should not be creating a new layer of beaurocracy to do it.

Re:The anti-OSS people do have one point. (1)

LWATCDR (28044) | more than 8 years ago | (#15699986)

NSA Linux? I think the SELinux security extensions are from the NSA Linux project. Actually yes a LOT of OSS comes from the government.

Re:The anti-OSS people do have one point. (2, Insightful)

jjohnson (62583) | more than 8 years ago | (#15699131)

Rather than an independent authority, the N.S.A. already has extensive experience with Linux due to developing SELinux, and also has a mandate to evaluate and provide secure computing solutions to the U.S. public. Just have them do it.

No, they don't have a point. (1)

pavon (30274) | more than 8 years ago | (#15699288)

Because the exact same complaint applies to proprietary software. It is not true that anyone can introduce code into an OSS project. While everyone can make their own private modifications to the source, that is entirely different from getting your code accepted into the official repository. Every reputable project out there restricts commit permission to developers who have proven themselves usefull. All other patches have to go through one of the main developers first. Now these "trusted" developers certainly could insert malicious code, and given the division of labor it may very well go unnoticed by other developers (ESR's million eyeball theory is bunk).

However, this is no different from a propietary product. These are often developed by large teams, working under unacceptable deadlines. Therefore, code reviews don't always happen, or are not a vigorous as they could be. Those conditions could also lead to disgruntled employees, some of which won't have the highest moral resolve. Some companies don't have the highest moral resolve, and will knowingly put malicious code into their product. It is just as possible for malicious code to get into proprietary software as open source software.

So what it boils down to is that OSS is no different than proprietary software in this regard. If you trust Windows, you should also trust Linux. If you trust Photoshop, you should trust Gimp. If don't trust Joe Sourceforge, then you also shouldn't trust Joe Shareware. Sometimes knowing that a product is widely used and reputable is good enough. Sometimes it isn't, and in that case you either need to write it yourself or, like you said, audit the code.

I guess you didn't read all my post? (1)

LWATCDR (28044) | more than 8 years ago | (#15700025)

I said that any trusted system should have a complete code audit done. And that it really didn't matter if it was open or closed source.

No they don't. (1)

Ayanami Rei (621112) | more than 8 years ago | (#15699300)

Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.

Show me the section of the GPL that stipulates this.
Don't bother, it isn't in there.

The Government (or any contractor) is under no obligation to release the results of any derivative works back to an upstream source. If a contractor like Northup Grummond did do a code audit and made patches, they'd only have to release these improvements to the customer (DoD). DoD could take or leave the source code.

That's what people forget about the GPL, just because you sell something to one customer doesn't put you under any obligation to provide source to anyone else. It's a requirement of distribution, but it doesn't dictate your DISTRIBUTION GROUP.

Which is why it irks me when people complain about the viral-ness of the GPL. It's not like it'll enable China to see your source code or anything if you use it as a government contractor.

No they don't (1)

fm6 (162816) | more than 8 years ago | (#15699367)

The statement that people could introduce malicus code into Linux that then makes it's way into secure systems. Of course with companies outsourcing programming jobs to other countries the same thing could happen with a closed source system.

Forget outsourcing. Software companies that don't manage their development process closely enough (and that's most of them) often end up with unauthorized features. Usually they're added because somebody thought they were cool, but backdoors are not unknown.

I used to work at Borland, and the developers there are notorious for adding features totally on their own initiative. In one famous case [securityfocus.com] , the unauthorized feature was a back door in a widely used database server. This back door was probably not created with malicious intent, but the security effect was the same. Any bets as to how many other similar back doors exist that haven't made the news?

The Interbase back door was only discovered when the product was open-sourced. And that nicely illustrates why open source is more secure than closed source. Borland's blunder demonstrates that you can't secure software simply by making source creation "employees only". A company can monitor the development process in order to prevent developers from creating security problems — as Borland should have done — but how do you separate companies with good auditing procedures from those that just claim they do? By contrast, opening up the source offers objective evidence as to the software's security — or lack thereof.

Re:The anti-OSS people do have one point. (3, Informative)

thewiz (24994) | more than 8 years ago | (#15699373)

FYI: The government already has several organizations that review source code and test software before it is accepted for use. Putting something that has not been reviewed on a government computer is a good way to lose your clearance.

Wasn't it closed source software (1)

$RANDOMLUSER (804576) | more than 8 years ago | (#15698956)

Re:Wasn't it closed source software (2, Insightful)

P3NIS_CLEAVER (860022) | more than 8 years ago | (#15699081)

It has also blown up several rockets and caused other havoc.

Why is this? Because 99% of these systems were done in closed source. If they were done in open source than open source applications would be blowing up pipelines and rockets.

Re:Wasn't it closed source software (1)

Don853 (978535) | more than 8 years ago | (#15699353)

That link was nice, just because it let me know there's a distribution out there called "Red Flag Linux", being used in China.

I look forward... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15698985)

to when the US is a Democratic Socialist country like Norway or Sweden. The government should always take the least expensive route that achieves the same results, in this case, open source.

Likewise, the government should be the single-payer system for medicine, the Internet should be free, etc. All this could be done by raising our taxes about 10% per person. I'd galdly pay more taxes to have better public transportation, universal healthcare, and university.

Re:I look forward... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15699378)

God damn commie

Re:I look forward... (0)

Anonymous Coward | more than 8 years ago | (#15699456)

Please don't show your ignorance. Socialism IS NOT communism. The two are vastly different. Your response is typically American and shows a lack of understanding in terms of governmental styles and history. Communism is impossible to achieve. Democratic socialism is alive and well.

Democratic socialism is a very good form of government and used by many successful countries, namely Sweden, Norway, Finland, Denmark.

One of the reasons the US lags behind Europe in terms of public transportation, universal healthcare, and general high-quality of life is that Americans refuse to pay just a little more in taxes to achieve something that would help everyone.

Re:I look forward... (0)

Anonymous Coward | more than 8 years ago | (#15699917)

And Europe lags behind in freight transportation, responsive health care, and disposable income. Quality of life comparisons may vary significantly by locale.

Re:I look forward... (1)

pinkocommie (696223) | more than 8 years ago | (#15699476)

I wouldn't. I'd rather have them cut the fat from the current programs like the highway to nowhere /DoD etc to fund it.

Re:I look forward... (1)

bigpat (158134) | more than 8 years ago | (#15699692)

to when the US is a Democratic Socialist country like Norway or Sweden.

As opposed to the Communist 1 1/2 party state that it is today?

I look forward to a day when the US is at least more Democratic. I think we already have much of the Socialist part already.

Re:I look forward... (0)

Anonymous Coward | more than 8 years ago | (#15699988)

I think you really, really don't understand how government works in Scandanavian countries if you think we've got Socialism down pat or that the Scandanavian countries aren't as Democratic as us. They do, after all, rate higher than us in press freedom, [rsf.org] class mobility and equality of opportunity, and gender equality. [scandinavica.com]

They even have as high of a rate of gun ownership as us without all the murder.

Re:I look forward... (0)

Anonymous Coward | more than 8 years ago | (#15700174)

Why was the parent post modded up as insightful, instead of down as a troll? Or, if not a troll, then there should be a new mod category for Insane -- "I'd galdly pay more taxes..."

The solution obviously is not to raise taxes but to cut the government's wasteful spending. Look at how much "pork-barrel" spending there was in the last omnibus spending bill [heritage.org] .

Training (4, Informative)

mo'o ahi (633487) | more than 8 years ago | (#15699002)

First, I generally agree that there are many areas where this will be of significant benefit. Unfortunately, there are so many problems across DOD right now due to insufficiently trainied operators/admins - this will make it significantly worse in the operational arena. I have been on board many installations to train people and was saddened by the lack of sound IT skills by those that are supposed to be managing the systems. Of the 100 or so IT personnel I have trained, I would say that 5-6 have the necessary mindset and skills to effectively implement OSS. Centralized control is a hallmark of DOD IT - and this flies in the face of that as well, from a cultural perspective. (not that this is a bad thing) So, this means that not only will they need to change the infrastructure - the culture will need to shift, which is a much longer term issue. Then again, this could be good for the network-centric warfare concept. It could inject a much needed does of innovation.

They've been using OSS for years (4, Interesting)

LWGLIN (98225) | more than 8 years ago | (#15699014)

Granted, I'm not talking about Command and Control systems, but the DoD has been using OS Software for years now. I know because they are using iText [lowagie.com] to produce billions of PDF documents. I have been mailing with DoD developers regularly in the past (and neither I, nor my product is American). It's not as if they have changed their mind about OSS overnight. The remarkable thing is that they are now coming out with a policy about OSS, and that they are considering to use it on a larger scale. (Yes, we're talking about Operating Systems now!)

Wait a minute! (0)

Anonymous Coward | more than 8 years ago | (#15699044)

I didn't know Ada was open source??

Re:Wait a minute! (0)

Anonymous Coward | more than 8 years ago | (#15699217)

Ada is indeed part of GCC (but not built by default because the Ada front end is written in Ada).

Re:Wait a minute! (2, Informative)

civilizedINTENSITY (45686) | more than 8 years ago | (#15699305)

It is called GNAT [adahome.com] : The GNU NYU Ada 9X Translator. "GNAT [gnu.org] is a free, high-quality, complete compiler for Ada95, integrated into the GCC compiler system." Note that "The work was co-sponsored by ARPA and the Ada Joint Program Office." Also look at GNADE [sourceforge.net] , the GNU Ada Database Environment.

Too many cooks spoil the broth (2, Insightful)

MikeyTheK (873329) | more than 8 years ago | (#15699092)

Here's the problem with adopting Open Source for everything: It completely homogenizes the entire process of software development, which means that it tends to quash alternative development tools, languages, and techniques.

For example, is it good or bad that JavaScript has implicit typing? Many developers want explicit typing, and call implicit typing "lazy". I can barely have a conversation with a group of fellow geeks without getting shouted down on this topic. The problem with group-anything is that group-think will prevail. To quote one of my favorite posters from demotivators.com, "Meetings: None of us is as dumb as all of us".

In addition, alternative lanuages and tools tend to be stifled in so-called "open" (read group) environments, because the rest of the group immediately pushes to have the alternative tool or environment removed, unless the group agrees that it is a good idea. Is that the way inventions are made? No. Inventions are made by a single person with a radical idea avoiding all the intervention/interference, naysayers, etc. and presenting that idea DESPITE the opinions of others. I can see opening source after the fact for auditing and sugestions, but not for development.

It seems that a lot of the open source push has been a reaction to the fact that many of the development tools we use are not at a high enough level of abstraction. If you abstract away from code and languages where you are doing your own memory management, one would think that you would experience fewer memory-related programming issues. What kind of issues are most often discussed with open-source development? Exploits, buffer overflows, etc. I can see the database engine being open source, which would help with dealing with injection attacks, but the rest of the application (where the money is) can't possibly benefit from having lots of people "helping out".

Imagine the entire cast of The Food Network making soup together at the same time. "None of us is as dumb as all of us".

Re:Too many cooks spoil the broth (0)

Anonymous Coward | more than 8 years ago | (#15699269)

"Here's the problem with adopting Open Source for everything: It completely homogenizes the entire process of software development, which means that it tends to quash alternative development tools, languages, and techniques."

You mean Microsoft, don't you? Not Linux which comes with 1000 ways to do things (which you often claim to be 'the problem' with Open Source - fragmentation).

You just change the problem so you can point to it, don't you..?

Re:Too many cooks spoil the broth (1)

mrchaotica (681592) | more than 8 years ago | (#15699329)

Here's the problem with adopting Open Source for everything: It completely homogenizes the entire process of software development, which means that it tends to quash alternative development tools, languages, and techniques.

Yes, that's why everyone in the entire Free Software community has completely standardized on -- for example -- GTK. Obviously, Motif, QT, Swing, WxWidgets, TK, etc. are all figments of your overactive imagination.

For example, is it good or bad that JavaScript has implicit typing?

In addition, alternative lanuages and tools tend to be stifled in so-called "open" (read group) environments...

What's JavaScript? I mean, didn't the Open Source community standardize on LISP decades ago? I've never even heard of anything called "JavaScript," much less things like "Perl" or "Python" (names I Just made up)... they would have all been stifled due to the ubiquity of LISP.

And what about applications? 'Cause, you know, everyone uses EMACS. I can't imagine what those 2,460 other things in the "text editor" category on Sourceforge could possibly be for!

Re:Too many cooks spoil the broth (1)

civilizedINTENSITY (45686) | more than 8 years ago | (#15699360)

Open source is not homogeneous in the manner that MicroSoft as a solution is homogeneous. It is in fact the shotgun scatter approach to development that produces an organic style growth in free/open source development. Just as diversity is good for an ecosphere, the diversity of approaches (while sometimes a bitch, short term) is providing a long term advantage to open source. With all due respect, it seems to me your fears are just almost exactly 100% ass-backwards. Open source is a cure for the homogeneous systems whose lack of diversity means a single virus vector can wipe out an entire ecoshpere.

Re:Too many cooks spoil the broth (1)

PitaBred (632671) | more than 8 years ago | (#15699441)

Have you thought that perhaps implicit typing is a BAD thing, not just lazy, and the people you talk with are just unable to express it very well?
Inventions aren't always made by single people, either. Unless you think that, say, the CPU in your computer is made by a single-person enterprise. Or that things like Teflon weren't made in a research environment with other people.
The open-source push is because it keeps the process open. Anyone can add to it if they feel like it, and yes, it is controlled by a majority, but that's a good thing. Because that means it's not controlled by a single dictating minority who may or may not do what the group needs it to do.
I think you've set up a straw man, and don't truly understand the benefits of communication between people. You should try it sometime, it's helpful.

BTW, it's actually despair.com

Re:Too many cooks spoil the broth (1)

jahudabudy (714731) | more than 8 years ago | (#15699840)

You have a point about "design by committee" problems; also, group efforts add in the complexity of group communication to the already complex problem of software design, which does indeed increase the spaces error can creep in. However, which closed source products did you have in mind that were not developed by a group, enabling them to avoid these problems?

How is this different from closed source? (1)

Valdrax (32670) | more than 8 years ago | (#15700044)

In addition, alternative lanuages and tools tend to be stifled in so-called "open" (read group) environments, because the rest of the group immediately pushes to have the alternative tool or environment removed, unless the group agrees that it is a good idea.

How on Earth is this different from working for a company on a closed-source project? In fact, such a decision to stifle an alternative tool is frequently made by non-programmers in a closed source environment or by higher-ranking programmers in an entirely undemocratic fashion.

In open source, you're always free to fork the code and leave to pursue the solutions you think are best. This isn't true in a closed source environment.

It seems that a lot of the open source push has been a reaction to the fact that many of the development tools we use are not at a high enough level of abstraction. If you abstract away from code and languages where you are doing your own memory management, one would think that you would experience fewer memory-related programming issues.

What, do you think some sort of Open Source Illuminati is using bribery, blackmail, and beatings to force all Open Source projects into languages you don't like? People use low-level languages in Open Source projects because it's what they know and what they like. Unlike working for a company, you are perfectly free to choose a higher level language if you want for your project.

Re:Too many cooks spoil the broth (1)

DamnStupidElf (649844) | more than 8 years ago | (#15700078)

In addition, alternative lanuages and tools tend to be stifled in so-called "open" (read group) environments, because the rest of the group immediately pushes to have the alternative tool or environment removed, unless the group agrees that it is a good idea. Is that the way inventions are made? No. Inventions are made by a single person with a radical idea avoiding all the intervention/interference, naysayers, etc. and presenting that idea DESPITE the opinions of others. I can see opening source after the fact for auditing and sugestions, but not for development.

I think perl, php, python, ruby, and many other languages disprove that assumption. That much open source software is written in C or C++ does not imply that other languages are excluded, in fact the majority of Windows and other Unix software is also C or C++. If you want to be worried about marginalizing new languages, rant about Microsoft's push for everyone to adopt .net. Please don't forget about KDE, Gnome, Fluxbox, XFCE, and all the other window manages, nor vi, emacs, jed, pico, and all the other editors, nor any number of other cases where your argument is severely flawed.

Inventions are generally not made by a single person with radical ideas; that's the misconception upon which modern copyrights and patents are based. Most inventions are gradual improvements of existing ideas, made by many people at many different times, and drawing from many other sources of inspiration. Most inventions are independantly reinvented by numerous people around the same time.

"None of us is as dumb as all of us"

dispair.com is not exactly a source of rigorously justified assertions. When truly intelligent people work in a group, they recognize their individual strengths and also share a common framework for logical discussion of the advantages and disadvantages of different approaches to a problem. An open environment is the best place for this to happen because everyone can observe whether individuals are acting rationally and intelligently, or just being dumb. Groupthink only happens to those who don't recognize it.

yuo Fail It! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15699169)

rans0m for theIr

OSS has one solid advantage (3, Insightful)

MikeRT (947531) | more than 8 years ago | (#15699179)

It makes contract bidding cheaper. If you can use an OSS toolkit over a proprietary one, the cost that gets billed to the government is lower which makes it easier to win contracts. Other than that, bureaucratic inertia is the only major problem OSS faces. There is hardly any more bias against OSS than there is toward any regular commercial software.

The point everyone seems to have missed... (5, Insightful)

jd (1658) | more than 8 years ago | (#15699214)

...is that Closed Source vendors have opposed Open Source "in the national interest" and "for reasons of security" for some time now. Regardless of whether the DoD ever actually follows through on this, there is now an official statement by the US Government no less that these claims are false. Hey, we've all known that for some time, but ringing endorsements by the DoD don't come by on a weekly basis.


This is the time that Open Source activists and promoters need to run with the ball. Draw the attention of CEOs and business executives to the fact that the DoD advocates Open Source. Show them that we're not talking toy software. Show them that this isn't about not wanting to spend money. (Since when was the DoD afraid to spend money?) This is about an innately powerful method of developing high-grade - even military-grade - products that do what people actually need done.


We couldn't ask for better, but only if those outside of the IT industry actually hear of it. If only those who already accept the strengths of Open Source know that someone else has also decided it is a good solution, then that decision means nothing. Particularly as the DoD is very unlikely to do anything about it. It'll just be a decision. But if the business community got shown this... That would be a whole different ball-game.

Re:The point everyone seems to have missed... (1)

Amazing Quantum Man (458715) | more than 8 years ago | (#15699275)

...is that Closed Source vendors have opposed Open Source "in the national interest" and "for reasons of security" for some time now. Regardless of whether the DoD ever actually follows through on this, there is now an official statement by the US Government no less that these claims are false

So you're telling me that Darl McBride was wrong? No! It can't be!!!!!

We use open source in NM state gov. (4, Interesting)

spun (1352) | more than 8 years ago | (#15699286)

I work for the Child, Youth and Family Development department. We use Windows on the desktop, Novell as our file server and SuSE Linux for everything else. Currently we are transitioning away from HPUX to an IBM BladeCenter environment running VMWare and SuSE. We have one major application and several minor ones. The major app, a client tracking system, was developed in house and runs Sybase as a back end. Eventually we plan on porting it to use Postgres and releasing it as open source so that anyone in need of a client tracking system can use it.

This is the real beauty of open source in government, not leveraging the work of others by running open source systems, but leveraging the large development force that most governments have to share in house apps wit less of the usual inter-agency squabbling. An agency that might be wary of using a non open source application developed by a rival agency will be less wary of using an open source app that just happens to be developed by said rival. Instead of reinventing the wheel, in house development staff can cooperate with other staff in other agencies.

That the DoD would recommend open source is exciting, because it really is a good fit for government agencies. Believe it or not, our little state government IT department is better run and more on the ball than most IT departments that I have worked for in big corporations. Moving to Linux hosted on blades running VMWare has freed up a lot of resources to plan for the future that used to be used in just putting out fires.

Re:We use open source in NM state gov. (0)

Anonymous Coward | more than 8 years ago | (#15699361)

obviously a comment from someone who has no experience whatsoever in the DoD!

And this general statement coming from a group who are strong OSS advocates anyway, doesn't ring loud in my ears.
Why did the DoD move away from such customizations in the first place?

WGA - when other governements follow? (2, Insightful)

PolR (645007) | more than 8 years ago | (#15699371)

The WGA debacle has proven that WIndows update is a security risk. Not running Windows update is also a security risk. When non US governements will reach the conclusion that they need to move off Microsoft software? It is a matter of national security.

bahumbug! (1)

araczynski (265221) | more than 8 years ago | (#15699492)

funny how these days EVERYTHING that a politician is intersted in is always considered to be "good for national security"... in any case, nothing says 'secure' like giving out blueprints to a part of your infrastructure... fucking idiots.

What will be the DoD Contractor's Response? (0)

Anonymous Coward | more than 8 years ago | (#15699547)

What will be the response of the big DoD contractors? Will they nod their approval and adopt the new DoD IT process, or will they join with Microsoft and try to keep the status quo (including spreading more FUD)? Initially they will most likely do the later as they tend to make more money by building the same closed, expensive thing over and over. Reuse is not in their best interest. Open IP is not in their best interest as their competitors might be able to use what they perceive as their IP. Many make a lot on per-unit sales and markup of COTS, often with most of the markup due to the software.

Only if the big contractors can be encouraged to conform and adapt will this succeed. They are in the business of making money and don't care to reuse code or build an open widget as they make as much money as possible on closed, proprietary, limited functionality, complex systems. Their goal is to maximize shareholder equity. Today, closed is best and maximizes the equations. OTD/OSS would hurt their markups; remember the $500 toilet seats. The same applies to software and IT in the current market. OTD/OSS would upset the apple cart and hurt their profits and hence the bonuses of management. Also, many companies in the US can't think past the next couple of quarters, but OTD/OSS adoption is a strategic change that will take years to implement. I run into these problems daily but thankfully am in island of OSS.

A further problem is one of mindset. Many in the Government, especially the DoD support world know only Microsoft as that is what DoD has been buying, it is the "safe bet", and it is what "just works". It was the lowest cost alternative. There are a lot of MSCEs out there that support DoD (I know many at the pentagon and in the DC area). Changing to an OSS mindset will require retraining and relearning how to do things with other than a pretty, nice, shiny point-and-click GUI (the chief button pusher at Spacley Sprockets is an MSCE working for DoD).

However, if DoD can phase this in with the buy-in and cooperation of the large contractors, it will work.

What can you do to help? Work with DoD and their contractors to help, starting with open standards and protocols. Encourage the use of open tool chains and standardized, OSS platforms. Help establish systems to vet the source code and verify changes (BSD does some of this now). Encourage the use of OSS collaboration tools that foster best practices like bugzilla and subversion. When FUD appears, counter it not by emotional anti-FUD but by well thought-out, factual dialog with all parties, leveraging the court of public opinion.

I'm not so sure I agree.... (1)

ShyGuy91284 (701108) | more than 8 years ago | (#15699591)

At least as a US citizen. Companies like Microsoft (Microsoft specifically) are a pretty big part of our economy. I don't think I have to even say how much money is coming into the US economy with each OEM computer bought out there putting probably $150 into our economy including MS Windows and Office.... Open Source is good for the global interest, yes, but I don't think so for the United States interest. It's easy to continue riding a wave of success (Like Microsoft has done for the past couple decades), but the combination of the United States decline as an innovator and common-sense idea that people from one country are not smarter then people from another in general makes me think that if Open Source ever overthrew closed source, it's likely the companies making money off from it might not be based in the US....

I've been freaking telling my bosses (O6s) (1)

qkslvrwolf (821489) | more than 8 years ago | (#15699648)

I've been telling my bosses this for 2 years! Maybe now they'll listen...

awesome (4, Funny)

eliot1785 (987810) | more than 8 years ago | (#15699654)

To: Department of Defense, Source Distribution Department
From: Kim Jong Il

To Whom It May Concern,

In accordance with the terms of the GNU General Public License, I'd like to receive a copy of the source code for your Pacific-based Ballistic Missile Defense System. I do not require it in CD form; please simply email it to me at the above address (k.il@korea-dpr.com).

Thank you for your prompt fulfillment of your obligations under the GPL.

Sincerely,
Kim Jong Il

Re:awesome (1)

Valdrax (32670) | more than 8 years ago | (#15700101)

That requirement only matters if you distribute the software. I don't think North Korea would like the distribution method that we'd be most likely to employ.

Not recommending open soruce software (3, Informative)

flooey (695860) | more than 8 years ago | (#15699696)

The recommendation by the DoD isn't specifically to use open source software, though that'd be one possible implementation of it. What they're recommending is that the DoD build a foundation upon which code and standards can be shared in the way that open source tends to do. The current situation in DoD is that basically every project writes its own code, so the software in a GPS satellite may well be entirely distinct from the software in a communications satellite, even though they could both be cheaper and more reliable if they were to reuse code and standards. It's the methodology, not the actual code, of the open source movement that they're interested in.

Actual Report (2, Interesting)

MrCopilot (871878) | more than 8 years ago | (#15699735)

79 page .pdf http://www.acq.osd.mil/actd/articles/OTDRoadmapFin al.pdf [osd.mil]

Haven't made it through the whole thing yet, but FTR:
The business model of purchasing physical goods and services has served DoD well in the past; but it falls short when applied to software acquisition. By treating DoD-developed software code as a physical good, DoD is limiting and restricting the ability of the market to compete for the provision of new and innovative solutions and capabilities. By enabling industry to leverage an open code development model, DoD would provide the market incentives to increase the agility and competitiveness of the industrial base. Currently within DoD, there is no internal distribution policy or mechanism for DoD developed and paid for software code. By not enabling internal distribution, DoD creates an arbitrary scarcity of its own software code, which increases the development and maintenance costs of information technology across the Department. Other negative consequences include lock-in to obsolete proprietary technologies, the inability to extend existing capabilities in months vs. years, and snarls of interoperability that stem from the opacity and stove-piping of information systems.

Absolutely.

There are over 100,000 publicly available open source projects available spanning most functional areas.4 Many of these projects provide mature and robust solutions in their areas of focus. When possible, OSS components should be leveraged rather than funding the development of equivalent proprietary components for specific programs.

Damn Skippy!.

Challenges Culture and Process The primary challenges to this transition will be cultural, not technical. Over time, government acquisitions and development processes have built a bureaucracy and rewards system that encourages and supports the status quo. Careers are advanced primarily on program size, not necessarily overall efficiency. Furthermore, government contractors are measured by revenue; government program managers are measured by the size of their organization and their overall budget. The canonical government contracting process creates high entry costs for small innovative companies -- the established contractors attempt to control their positions through proprietary implementations and interfaces. The system is very good at protecting itself -- new approaches, such as OTD, will have to endure legal, security, and process challenges. The current infrastructure will attempt to delay change, claim they are adapting by trying to assume control of the innovative process.

My Favorite Quote is in the DOD report.
There is one thing stronger than all the armies in the world, and that is an idea whose time has come.
-- Victor Hugo

All in All, I'd say the guy in charge of this report knows his stuff and I for one, welcome our new OSS-using DOD overlords.

HMM (1)

majortom1981 (949402) | more than 8 years ago | (#15699877)

Wouldnt open source be easier to hack since anyone can look at the source code?

The Mitre corp told them this in 2002! (1)

sgtrock (191182) | more than 8 years ago | (#15699968)

In fact, Mitre told them that they were already using FOSS so much that "...banning FOSS would have immediate, broad, and strongly negative impacts on many sensitive and security-focused DoD groups to defend against cyberattacks." (Quoting from the executive summary)

You can read the whole thing here [egovos.org] . So, it's taken four years for the DoD to finally put in place an official policy encouraging the use of FOSS when the guys in the trenches have apparently been doing so routinely for about a decade. Typical. :)

This is news? (1)

jc42 (318812) | more than 8 years ago | (#15700103)


The military security folks have been saying for decades "Don't run any software unless you have the source code all the way down, plus the circuit diagrams. If you don't, you have no idea what might be hidden inside."

So the DoD's decision makers are listening to their security experts?

I guess maybe it is news.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?