×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Convincing the Military to Embrace Open Source

Zonk posted more than 6 years ago | from the talking-to-a-brick-wall dept.

Government 164

drewmoney writes "Misconceptions about what 'open source software' means has made elements of the US Defense Department reluctant to deploy in a live environment. DoD proponents of shared-source projects are now working to reverse this trend by educating IT decision-makers and demonstrating OSS usefulness. 'The cost of cleaning up a "network spill" that introduces classified material on an unclassified network is running about US$11,000 per incident on the Navy/Marine Corps Intranet (NMCI), so the free Secure Save tool could produce monetary savings for the Navy. Additionally, it would cover more file formats than the costly commercial redaction product currently available on the NMCI.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

164 comments

first (0)

Anonymous Coward | more than 6 years ago | (#21852230)

my first first post. AWESUM

Re:first (0)

Anonymous Coward | more than 6 years ago | (#21852504)

You SUCK, bitch.

Re:first (1, Informative)

Anonymous Coward | more than 6 years ago | (#21852506)

I hate to break it to you, but you failed miserably. In fact, the magnitude of your failure is so large that it would take me 30 years just to describe it accurately. Instead, I think I would prefer for you to just step in front of a train. It would make life easier for everyone involved.

Re:first (0)

Anonymous Coward | more than 6 years ago | (#21853192)

+1 Informative We love you, mods.

DoD uses lots of Linux machines (3, Funny)

flyingfsck (986395) | more than 6 years ago | (#21852262)

I can tell you, but then I'll have to shoot you...

Re:DoD uses lots of Linux machines (1)

SCHecklerX (229973) | more than 6 years ago | (#21852688)

No need to shoot me. I already know, and it is, indeed, very cool stuff. The military definitely embraces open source, especially with some of the more interesting high performance stuff that they do.

Re:DoD uses lots of Linux machines (1)

smitty_one_each (243267) | more than 6 years ago | (#21853006)

The military definitely embraces open source
"The military" encompasses so much as to not mean much. Proprietary vendors still have vast swaths of the DoD by the short hairs. Until very recently, for example, the US Navy had the largest deployed WinNT4.0 rollout as part of the IT21 network configuration on ships. Or so a MicroSoft sales drone was telling me.

Re:DoD uses lots of Linux machines (1)

Jeremiah Cornelius (137) | more than 6 years ago | (#21853350)

Let 'em kill people with Bill Gates' junk. Live by the sword...

NT 4.0 and US naval ships... (2, Informative)

G3ckoG33k (647276) | more than 6 years ago | (#21852270)

NT 4.0 and US naval ships...

I think Linux floats here. Just check www.top500.org

I can't guarantee that all other open source projects will float as well. But, who could?

*nix and Windows (3, Informative)

Agarax (864558) | more than 6 years ago | (#21852986)

On Navy ships workstations are Windows 2000 for office work and for Sailors to email home (everyone has a UNCLAS account).

The more specialized gear (Aegis, and various consoles) are usually Unix or Linux, depending on the piece of gear and the Aegis baseline.

A few pieces of gear run on Windows variants, the Navigation gear (Voyage Management System) the most notable. I think it is a civilian product the military uses.

From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot.

Not to mention that hardware and software varies greatly from ship to ship. A Aegis tech from the original Arleigh Burke destroyer would be hard pressed to trouble shoot a system from the latest variant of that class of ship, if he was able to accomplish it at all.

Navy enlisted techs are usually sent to a specific school for a certain piece of gear to help alleviate this problem, though it complicates the Navy's already dire manning problems as certain pieces of gear may only be on a few ships. It is no wonder that civilians do so much these days.

Just my two cents.

maybe they just need to look around (5, Interesting)

phrostie (121428) | more than 6 years ago | (#21852274)

maybe they just need to look around and open their eyes.
there are lots of projects. for example, http://brlcad.org/ [brlcad.org]

Re:maybe they just need to look around (0)

Anonymous Coward | more than 6 years ago | (#21853506)

Hold on! You don't want an "unholy alliance" between the military and open source!

Re:maybe they just need to look around (0)

Anonymous Coward | more than 6 years ago | (#21853574)

Wait a minute, we wouldn't want an "unholly alliance" between open source and the military!

Re:maybe they just need to look around (1)

iamweezman (648494) | more than 6 years ago | (#21853900)

As a network technician for the Air Force I can say that our shop is often frustrated by the restrictions placed on what software is allowed on our network. We've opened our eyes and seen some awesome opensource applications that we would love to use to manage and monitor our Cisco equipment with (Wireshark was the last application we fought to be able to use).

Understandingly the Information Assurance office has to be able to certify that each and every line of code does not have some backdoor or potential exploit that could be used by a foreign country. With the massive increase of Chinese hacking going on throughout the DoD, it's no wonder that an organic opensource application has a long process to go through before acceptance.

Stop talking about "open Source" (1)

91degrees (207121) | more than 6 years ago | (#21852298)

It shouldn't matter. Some software has all the source code publicly available. Other software only has the machine code publicly available. The differences there are quite small. Most software is somewhere between (A lot of free source code is used legitimately in closed source apps).

But it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just software.

Re:Stop talking about "open Source" (1, Informative)

Anonymous Coward | more than 6 years ago | (#21852368)

Yeah, but when the software suddenly breaks, and the company hasn't issued a patch yet to fix your problem, you're S.O.L.

With OSS, you can fix it yourself.

Re:Stop talking about "open Source" (3, Informative)

palegray.net (1195047) | more than 6 years ago | (#21852466)

This doesn't apply in the military. If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels. These sorts of mission-critical software failures are not commonly seen in most military environments, however, due to extremely long certification processes for anything that has blinky lights on it.

As much as I love open source software (my servers run on Debian, my workstations are Ubuntu 64, and I publish open source software in my limited spare time from active duty service), you're not going to see the Navy adopting a patch created in the last few days by Joe Developer. Things just don't work that way.

Re:Stop talking about "open Source" (4, Insightful)

L7_ (645377) | more than 6 years ago | (#21852634)

you dont understand. the problem is that with binary distributions, like the majority of COTS software that the DoD/army buys you usually settle on a version number to do all of the testing with. Say, version 1.1. The rest of the system is built around 1.1 and all of its (intended and unintended) functionality. When there is a problem with the software version, commercial vendors fix the problem in the current version. Say you bought version 1.1 in 1997, there is no way that the company is going to sell you 1.1.88 when they are on version 6.0.

This has nothing to say of the commercial binary distributions that are delivered from companies that are no longer in business... it happens more than you think in the defense industry world. Especially with the late 90's push to buy everything 'COTS'. Say you have version 1.1 of a database layer tool... all of a sudden that company goes out of business, I don't care how 'Mission Critical' the software is, it will never be fixed... since they did not have the source.

What you need to understand is that the source distribution model is going to change. Open source/GPL'ed code or Apache based FOSS software is going to be delivered by a defense contractor (the ones that will still be in business in 7 years i mean) and take complete authority over the delivered code. This is no different than nowadays when defense companies buy multi-million dollar software packages, delivered as binaries, that they have to maintain responsibility for. Sure, they can pass the buck when the software breaks... but when the defense contractor has the source (and hires a competent enough software engineer (not too common)) then they can make the changes themselves.

This is what the person is talking about. It doesnt matter that a Chinaman makes the changes to the code, the DoD/military just needs to trust their vendors to authenticate and take responsibility for their software solutions, in house developed, FOSS or closed binary COTS.

Re:Stop talking about "open Source" (0)

Anonymous Coward | more than 6 years ago | (#21853036)

YAAAY! thank you!
YES, exactly. The problem isn't with "good" vs. "bad" code. All code has bugs, the QA process is supposed to help, but it can only do so much. The problem is with being able to fix it or upgrade it when it's broken or just used differently, especially when it's long out of date or a company has gone under.

To put a slightly different twist on it, who remembers Casini, the NASA project? Well, this is backwards actually, but they used a radio designed by lockheed martin. It turned out that this radio, designed for satellites, had a fixed clock with self-tuning for the digital signal only in a small range. Even satellites experience problems with red/blue shift, but only within a finite range. Lockheed martin wouldn't tell NASA the details of the spec, so NASA didn't know that this would happen until someone figured it out by accident... and then spent months proving it to the people above him. As it happened they were able to tweek the mission to just inside the operational parameters, but they got lucky and it shouldn't have happened. This is the kind of stuff that happens with "closed" solutions.
Hell consider the Arian V rocket that exploded, we all know that story. That code was just FINE, until you went outside the operational parameters. Those type of parameters are NEVER documented properly (and if they once were... sorry but even defense contractors don't use ADA much anymore. So said a guy I talked o from Lockheed). So, to know these details you have to see the code. Imagine a Nuke with the Arian bug, where the closed code was tested 10 years ago on slower missiles, now the company is out of business and you would have to decompile to check, you think they'll do it?... So now we launch a nuke, and it goes off right above us causing the worst fallout in history.

Open Source isn't magic, it doesn't solve all your problems, and it's probably no less buggy... but at least you have to tools to do the job, or pay someone else to do it. You can't always pay someone enough money to fix a bug if it's closed source... and sometimes even if you could it would be outside even what the armed forces can afford. They don't actually need true "FOSS", but they do need a source license.

Re:Stop talking about "open Source" (1)

John Hasler (414242) | more than 6 years ago | (#21853292)

> Sure, they can pass the buck when the software breaks... but when the defense contractor
> has the source (and hires a competent enough software engineer (not too common)) then
> they can make the changes themselves.

Since the DoD has the source and a Free license to it, it can hire someone else to make the changes it needs even if the contractor goes out of business.

> This is what the person is talking about. It doesnt matter that a Chinaman makes the
> changes to the code, the DoD/military just needs to trust their vendors to authenticate
> and take responsibility for their software solutions, in house developed, FOSS or closed
> binary COTS.

With Free software they don't need to trust the vendors (though they may choose to do so for non-critical systems).

Re:Stop talking about "open Source" (0)

Anonymous Coward | more than 6 years ago | (#21852660)

If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels.

What are you, a comedian? The US govt/military, getting stuff fixed pronto? Yeah, right, pronto. It'll get fixed...eventually...after spending a lot of money...assuming the vendor bothered to make an archive of the source for the software in question, and that the govt. reps made sure to get the source (been there, seen that). Heads rolling? Not in the world where connections to politicians mean more than technical competence (been there, seen that, too).

The creation and management of software in the military is just as likely to be fucked up and disorganized as any civilian outfit.

Re:Stop talking about "open Source" (4, Insightful)

John Hasler (414242) | more than 6 years ago | (#21852534)

Have you ever done a code inspection on a binary? Have you ever written a patch for one?

Re:Stop talking about "open Source" (1)

91degrees (207121) | more than 6 years ago | (#21852860)

Have you ever done a code inspection on a binary?

Yup. 99% of military purchasing guys haven't done a code inspection of anything.

Have you ever written a patch for one?

Yes. Haven't you?

Re:Stop talking about "open Source" (1)

John Hasler (414242) | more than 6 years ago | (#21853228)

> 99% of military purchasing guys haven't done a code inspection of anything.

Why would purchasing guys be doing code inspections?

> Haven't you [ever written a patch for a binary]?

Yes. A tedious and error-prone process.

Actually, yes (0)

Anonymous Coward | more than 6 years ago | (#21853788)

It was called a virus. Mmmmmm. Good.

Re:Stop talking about "open Source" (1)

remitaylor (884490) | more than 6 years ago | (#21852708)

It shouldn't matter [...] it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just software.

While I understand why you might think that, your statements are simply untrue. It matters. It matters a lot, especially to folks like the military where security is so important.

[security of the source / ability to test for exploits]
Let's say the military decides to use X software for some task. If X is open-source, people could use the source to search for exploits / weaknesses. "But," you say, "even if the code is compiled to binary, you could still test for exploits." Well, yes ... and no. Yes, if you *have* the binary, you can use it directly to find flaws or 'decompile' it to look for potential weaknesses in the generated source code ... but not as easily as if you had the real source, in its original condition. And, even so, that's assuming that you have the source code, at *ALL*! If the software isn't open-source, there's a good chance that you'll never get your hands on the source OR the binary. At all. This is ideal for folks like the military.

[freedom of development / customizations to open-source code]

A lot of free source code is used legitimately in closed source apps

Another issue depends on the licensing of the open-source code. Many licenses would *NOT* allow the military (or whoever) to legitimately use the code in their closed source apps. That's not all licenses, but there are ones that might legally force the military to release their modifications to the original source code. Obviously, the military has to beware of such licenses.

So you see, just from these 2 examples ... it's simply not the case that open-source versus closed-source software doesn't matter or that "it's all just software." I'm sure lots of people can point out numerous other reasons why it matters - these are the two that came to mind for me.

Re:Stop talking about "open Source" (1)

John Hasler (414242) | more than 6 years ago | (#21852788)

> Another issue depends on the licensing of the open-source code. Many licenses would *NOT*
> allow the military (or whoever) to legitimately use the code in their closed source apps.
> That's not all licenses, but there are ones that might legally force the military to
> release their modifications to the original source code.

If you are thinking of the GPL here, no. They would only be required to provide source to those outside their organization to whom they distributed binaries. They would not have to make the source public and they would not have to distribute it at all if they used the binaries only inside their origanization.

Re:Stop talking about "open Source" (1)

bigstrat2003 (1058574) | more than 6 years ago | (#21852758)

Exactly, thank you. Reading this story, and the one about Linux being used in various devices, those were my thoughts exactly. Sometimes (especially with hardware), it's important to a user how many others adopt something, so that whoever makes it will have incentive to keep going. This doesn't apply to Linux and OSS, though, so the periodic "Let's get people to use OSS!" discussions slashdot has are nothing more than zealotry, imnsho. If you're not being a zealot, you should have no reason to care what software the military uses, or anyone else, for that matter.

Article confuses two different problems... (4, Informative)

MyNameIsFred (543994) | more than 6 years ago | (#21852330)

The article confuses two different problems. One problem is redaction, the other is a network spill. The two are very different. Redaction is "editing problem," deleting classified material from a document to make it unclassified. In a network spill, classified information is accidentally put on an unclassified system. A spill is a much more complicated problem. You have to determine how many systems were "infected," and sanitize those systems. And sanitizing may require the destruction/confiscation of the system. You also have to determine whether anyone without a clearance had access to the material. And I would guess that the vast majority of the cost is labor, not software.

Re:Article confuses two different problems... (1)

palegray.net (1195047) | more than 6 years ago | (#21852482)

Mod parent up. It's a very good representation of how spills and such are dealt with.

Re:Article confuses two different problems... (1)

asdfghjklqwertyuiop (649296) | more than 6 years ago | (#21853188)

You also have to determine whether anyone without a clearance had access to the material.


And what do they do in that case?

Re:Article confuses two different problems... (0)

Anonymous Coward | more than 6 years ago | (#21853284)

Give you a pre-paid ticket to Cuba offcourse :)

Re:Article confuses two different problems... (1)

rah1420 (234198) | more than 6 years ago | (#21853530)

You also have to determine whether anyone without a clearance had access to the material.

And what do they do in that case?


We could tell you, etc., etc., etc.

All seriousness aside, I'm sure that it depends on a number of things: the clearance that the spilled material had, the audience that was exposed, whether anyone actually did access it ("having" access is not the same as actually accessing it) among other things.

In any case, I would surmise that the reaction would be anything from a strong suggestion to forget and a recitation of the penalties for disclosure to something more energetic. I am only too glad that I don't even have the ability to get unauthorized access to such material.

Re:Article confuses two different problems... (1)

jellomizer (103300) | more than 6 years ago | (#21853570)

The problem with Open Source and Government lies down to one thing. Who to blame I know, I know. If they had Microsoft products and there was a huge problem that is Microsoft fault they will blame them but nothing will happen. But it would come down to a Microsoft Problem not the employee problem. Thus keeping Open Source Away from Governments. Why do you think governments hire contractors, and still keep them even after a major screwup... It is not because the contracting company is doing shady businesses it is because the person who hired the contractor improperly managed them, or had them do something not recommended but having the contractor take the blame for the problem saved the guy his job. The problems with this case is not a technical problem that Open Source or Closed Source will be good at fixing. But if they had an Open Source App and there was a screw up the person who made the decision to install the app would be gone. Vs. A commercial app where the same problem may exist but being able to blame the company allows for deniability. The white papers told me that it could do this, it is the fault of the company. Thus saving their job. Unlike other sectors which reward you for what you do right, in government it is what you do wrong is what gets you fired. Think about it when there is a mistake in the government and it gets known some guy (usually some lower level manager) get fired, even if the fault was his the guy is probably the most experienced to fix the problem and assure it will never happen again. Sigh for a Christen majority country there is little understanding of forgiveness.

Why? (1)

el_chupanegre (1052384) | more than 6 years ago | (#21852342)

I don't think the military should use OSS. I get the whole argument about 'more eyes to look = less bugs' but that only works if you actually upgrade to a newer version that doesnt have the bugs. If I know you're running version 1.0 after 1.1 has come out, I can look at the differences in the code and work out exploits. Surely the military has some kind of long winded process for updating software, so it's quite likely that old versions will remain.

Also what's to stop someone poisoning the source as a popular OSS project did that was recently reported on here? (I'm too lazy to look up which one)

Re:Why? (2, Insightful)

SCHecklerX (229973) | more than 6 years ago | (#21852706)

You aren't giving the organizations in the military that work with this stuff enough credit. Hint: Your beloved internet started as a military research project. Now think how much farther they have come since then with stuff the private sector won't really see for quite some time (like all other applicable research that come out of the military).

Re:Why? (1)

hedwards (940851) | more than 6 years ago | (#21852854)

It really isn't just the military, any organization with a huge staff, numerous computers spread across multiple continents is going to have a difficult time keeping things updated like that. To make things more complicated, some of the gear is out at sea, and serious issues the likes of which a corporation will never see can happen if things aren't interoperating the way that they're supposed to be.

The military in this sense has the same sorts of problems that a large hospital does, but multiplied by a huge number due to the sheer size of it.

When you think about it, it is rather remarkable they do as well as they do.

I'm not really sure why OSS is the answer to those problems, if it is that big of an issue, the taxpayers can just buy access to the source code for any of the applications. 11,000 per incident is nothing compared with the pallets of shrink wrapped $20s that have been outright lost in recent years. I think that as far as this subject goes, that there are more pressing places to save money.

Re:Why? (0)

Anonymous Coward | more than 6 years ago | (#21853122)

Such poisoning has occured a few times.

The reason isn't because of "more eyes", it's because THEY can fix it when it breaks, or hire someone too at least. Presumably they would use a vendor to do that shit for them, that's what companies like RedHat, and Sun are for. Those type of companies will happily back port port JUST security fixes to old systems if you are willing to pay them enough money. The bonus is... if/when they go under, you're not out of options if it's FOSS.
Even if they wanted to do it all themselves they could still go with software equivalent to Debian stable. Honestly, mission critical in the army doesn't mean anything more than mission critical in a large corporation. If you tell me that the Army cares more about any one helicopter crew than Amazon does about 5 minutes downtime over Christmas... I say you're full of shit. It would be nice if it worked that way, but it doesn't. No-one has better than 6 nines of uptime (6 nines ~40 minutes, 7 nines is ~4 minutes downtime per year), and the one's who do and care most sure as hell aren't the army. The one's who care most and know how to do it are already using mixes of FOSS and home-rolled solutions.

FCS runs on Linux (1, Informative)

Anonymous Coward | more than 6 years ago | (#21852350)

The entire Future Combat System [wikipedia.org] runs on RedHat Linux. The systems timeframe is a little lengthy, but it will be field tested in 2008. It certainly is based on Open Source technology, and it's going to be deployed service wide.

Future Combat Systems (5, Informative)

samkass (174571) | more than 6 years ago | (#21852372)

The entire "Future Combat Systems" of the US Army is based on SOSCoE, a virtual environment that currently runs on linux. It includes development environments for C/C++/Java, but not Microsoft or .NET (yet, anyway). I'm not sure where the meme came in that the DoD is anti-linux. They are certainly proportional in their linux market share as the rest of the world, I'd say.

Re:Future Combat Systems (1)

giminy (94188) | more than 6 years ago | (#21854014)

No kidding. I worked at two DoD research labs between 2005 and 2007, and both were using GNU/Linux and *BSD quite extensively, both for research projects and for general IT stuff. I'd say that they use more Windows/Solaris than Linux/BSD, but commercially-supported and NIAP-Lab-vetted linux distros are relatively new in comparison to their commercial counterparts.

It's gonna be hard (1)

Plazmid (1132467) | more than 6 years ago | (#21852406)

It's gonna be hard to get the military to embrace open source. Heck, I've had trouble getting my girlfriend to embrace open source.

Re:It's gonna be hard (0)

Anonymous Coward | more than 6 years ago | (#21852710)

I got no problems with mine embracing open source, but now we are expecting a baby due in five months...

Re:It's gonna be hard (1)

bcdm (1031268) | more than 6 years ago | (#21853120)

I've heard that Valtrex is really good in helping clear up open source. Should do the trick for you.

I do not understand (1)

dbIII (701233) | more than 6 years ago | (#21852416)

Haven't the US military been using Solaris with gnu tools since long before Slashdot and linux existed?

Shure (1)

krischik (781389) | more than 6 years ago | (#21852512)

The NAVI even created there own Ada compiler in open source (OK they had the NYU to help them). Today the compiler is part of the main GCC distribution.

Martin

linux is for ass fucking faggots (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21852418)

dick smokers. go fucking die of aids. stop molesting children and just die of aids in the shitty backalleys.

I'm in the Navy; my perspective on this. (5, Informative)

palegray.net (1195047) | more than 6 years ago | (#21852434)

The military is starting to use open source software in more ways than people on the outside may realize. MediaWiki [mediawiki.org] is used in some interesting ways, as is a certain open source instant messaging platform. Without going into detail on things that are best not discussed outside classified environments, there are other large open source software projects that have made their way into the server room.

The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes. Another issue is the fact that in order to use anything new, the military winds up spending insane amounts of money on retraining personnel, restructuring documentation, testing in live combat environments, etc. Essentially, it's all the major problems of large corporate uptake of open source projects, with additional dependencies.

Things are slowly improving. The military uses what works, and for much of what we use in our infrastructure solutions developed on Microsoft platforms still work. That's not saying they're necessarily the best answer to a given technology need, but they're already in place and it will take some time for new ideas to get adopted.

Re:I'm in the Navy; my perspective on this. (1)

YrWrstNtmr (564987) | more than 6 years ago | (#21852664)

I'm, (sort of) in the Air Force, and I concur. DoD uses a variety of systems. Apple, MS, Linux, Solaris, UNIX, etc, etc. Are we talking about Linux on everyones desktop? Not a chance. That would require a decade+ of investigation and deliberation. But for other areas, OS diversity abounds.

Re:I'm in the Navy; my perspective on this. (1)

spammeister (586331) | more than 6 years ago | (#21852798)

I'm in a different Navy, but we work with the US. I'd have to say I'm happy that not everything we get "forced" to use is M$, but the training on said platforms is usually a ppt presentation, so good luck to us if the system craps out in some strange way whilst we're bobbing around in the middle of the Augie(sp?)!

Re:I'm in the Navy; my perspective on this. (1)

Bl4ckJ3sus (1081165) | more than 6 years ago | (#21852906)

Disclaimer- I am an Air Force contractor. We have many flavors of linux/unix running in our lab, IRIX/Redhat/Solaris etc... but the one thing that they all have in common is the fact that they are supported by a company. What everyone seems to be missing here is the fact that if something goes "horribly wrong," the government is going to be looking for someone to point the finger at and kick in the ass. We run a few open source applications, but only after they have gone through a pretty stringent code review. I agree that there is a learning curve for most personnel whenever a new product comes on line, but that's what they have us contractors for!

I found the problem! (1)

Erris (531066) | more than 6 years ago | (#21853792)

The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes.

There is something wrong with a certification process that takes forever but manages to certify any one of the googazillion versions of any Microsoft "product". These change frequently and can never be found in the same exact combination on more than one given machine.

Open source is hardly excluded (5, Interesting)

MikeRT (947531) | more than 6 years ago | (#21852458)

Open source software is the only type of software that is often mostly made by foreigners that the DoD will use. Proprietary software that is owned by a foreign company cannot be used without extraordinary extenuating circumstances. Even if the whole development is done in America, the legal ownership by foreign nationals takes the proprietary software automatically off the approved software lists.

Re:Open source is hardly excluded (0)

Anonymous Coward | more than 6 years ago | (#21852484)

Foolish, though - most "american" closed software producers subcontract right back out to foreign nationals. Least with open source, third-party audit becomes easy. At the rate america is making enemies, you could hardly trust a european subcontractor to produce secure code for americans, never mind cheap indians+chinese.

arpanet and bsd (1)

trb (8509) | more than 6 years ago | (#21852514)

both the arpanet (essential predecessor to the internet) and bsd unix (essential predecessor to linux) were open source projects funded in large part by darpa, which is the american military. so saying that the military doesn't embrace open source seems kind of wrong.

Excellent! (0)

Anonymous Coward | more than 6 years ago | (#21852516)

The hook is almost set.

Re:Excellent! (2, Informative)

wongaboo (648434) | more than 6 years ago | (#21852632)

The nicest thing about NMCI might be that it scares the Navy/Marine Corps off of all commercial software solutions. The system is incredibly dysfunctional and expensive. Moving a computer from one user to another or from one side of the room to the other usually costs several hundred dollars and weeks of delay. Moving a whole unit is a nightmare. Most software will not work on the network and users seem to devote themselves mostly to hacking printers and external drives onto the system because that is the only way they can get their work done. Open source software encourages the user to solve problems. If you know how to fix it, do so. If the Marine Corps/Navy adopted this concept (as opposed to just some open source software, rigidly controlled) it would be a perfect about face from the NMCI system where you have no access of any kind to your own machine and neither does the S-6 shop (the computer shop) in your unit. Instead you have to rely on some under trained and, in any case, unavailable, tech located on the other side of the world. We are literally ceding an advantage to our enemy with NMCI and Open Source (which in many ways had it's birth in DARPA) is the perfect solution to this strategic disaster.

"Convincing"? (5, Informative)

Courageous (228506) | more than 6 years ago | (#21852562)


I work as an integrator and inserter of technology into military organizations.

Hence, I can say with some authority that they are, for the most part, Talready convinced. To best characterize them, it would be: "interested, but cautious". "Convinced, but careful". They want to save money, believe that open source can be good, but have certain matters of due dilligence that they need to attend to.

There remain "paperwork" issues of getting open source into SCIFs, particularly when the provenance of the open source is questionable. Not all open source is born equal, you know. Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).

BTW, there is a new DoD directive that has been issued, ordering all defense procurement to include an assessment of open source products as an alternative to proprietary software. How is this "not convinced"?

C//

Re:"Convincing"? (1)

Tony Hoyle (11698) | more than 6 years ago | (#21852620)

A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info.

He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.. a free project with a few hundred authors isn't going to have the current contact details (or even full names in some cases) of all of them - we have the exact time and date of the change, but only because version control tells us.

Re:"Convincing"? (1)

Courageous (228506) | more than 6 years ago | (#21853158)

A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info. He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.

Don't take this wrong, but honestly, it sounds like some people working for the military could use a little education, also. For something simple, like a 3 line bug fix, all it takes is a third party (*cough*, your company) to review the code and pronounce it "good". I'm overstating here, a little, but truthfully: not by much.

This is the same thing done by Red Hat. They are stakeholding the open source they integrate and distribute. I.e., the government accepts the provenance of RH's software, in one fell swoop, as Red Hat's. That's how it gets in. Truly.

If you want to be a good integrator for the government, then you can easily stakehold the open source you integrate (and distribute to your military customer) as well.

Mind you, I understand that the military contractors are having as much trouble navigating through the open source community as the military itself is. Keep in mind, that while this is true it represents an opportunity for both you and the company you work for to excel.

Luck and progress,

C//

Re:"Convincing"? (0)

Anonymous Coward | more than 6 years ago | (#21853628)

Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).


If you'd agree that the code being open makes it inherently less risky, you'd be wrong.

Open-ness doesn't magically reduce the risk - the thousand eyes mitigation only works if there are indeed many eyes reviewing the code. A license and a link on a website does not guarantee that - a vibrant and diverse community could, though.

What being "open" does provide (risk-wise) is a better-known risk (what is the history of the code, who vouches for it?), a clear way to mitigate the risk (verify the sources and, if you must, hire trusted people to review and certify the code), and the potential community support.

These are very powerful benefits - but I cringe whenever someone repeats the truism that open-source == more-secure, and open-source == trusted. If I didn't know better about open source, it would be the kind of thing that would make me skeptical about the whole concept.

if the DoD is anything like the military I work in (1)

spammeister (586331) | more than 6 years ago | (#21852566)

Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on
My Linux knowledge is practically nil, and I'm the "expert" in my unit.

whoops (used a "less than" symbol) (2, Interesting)

spammeister (586331) | more than 6 years ago | (#21852584)

Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on less than 1% of computers that I have come in contact with. It's just too easy to keep the "status quo" going then to have to train the front line administrators in more than one OS (2000 and XP is difficult enough), let alone more than one office suite. When a data spill happens, (more often than not it's a computer error, rather than human error) I have yet to see an entire computer confiscated (although I'm sure it's happened). If anything the offending hard drive would be confiscated or *gasp* in a pinch we'd probably just slap a secret sticker on it to save time. Good thing I work for a country with not so many super duper secrets like the US, or even a budget worth 1/50th of the DoD, any orginization that large would be a major pain in the arse.

My Linux knowledge is practically nil, and I'm the "expert" in my unit.

Open Source or shared source? (1)

Russ Nelson (33911) | more than 6 years ago | (#21852576)

Is the article summary talking about Open Source or Microsoft's Shared Source? They're Not At All the same thing.

The military uses plenty of open source stuff (0)

Anonymous Coward | more than 6 years ago | (#21852654)

Just not on the desktop. What do you think they are using to monitor intrusions, and for their high performance clusters at research facilities? Do you really think that the organization responsible for giving us TCP/IP would abandon their ability to easily continue their research?

No thanks (0, Flamebait)

AxelBoldt (1490) | more than 6 years ago | (#21852692)

Personally I would prefer if my contributions to Linux would not be used to help wage an illegal war of aggression against a country that never attacked nor even threatened the U.S.

Re:No thanks (3, Interesting)

idiotnot (302133) | more than 6 years ago | (#21852824)

Then stop contributing to GPL projects. The license allows users to do whatever they want with it, to whatever purpose.

Re:No thanks (4, Insightful)

the linux geek (799780) | more than 6 years ago | (#21852834)

Judging by parent's User ID, I'm going to karma hell for this, but too damn bad.

When you insert code into something like the Linux kernel, you agree that from that moment on, it is licensed under GPL version 2. That does not mean you have the luxury of deciding who uses it, despite your little political foibles on that topic. "Free software" means exactly that - if the United States Armed Forces opt to use the software, then they have every right to use it. It is no longer in your control.

On another note, why should you object to having the military using code you've written? You're failing to understand that the men in uniform are under a binding contract, and that they are sacrificing every day to defend their nation. The US Military does not create policy, civilian politicians do - the military is just a tool of policy. They need all the tools at their disposal to do their job of keeping the United States safe, however that job is defined by the politicians.

Re:No thanks (0, Troll)

Anonymous Coward | more than 6 years ago | (#21853322)

On another note, why should you object to having the military using code you've written? You're failing to understand that the men in uniform are under a binding contract, and that they are sacrificing every day to defend their nation.
Firstly, they're not all "men". Some are women! Secondly, he's not talking about the ones "defending their nation", he's talking about the ones "waging an illegal war of aggression against a country that never attacked nor even threatened the U.S."

The US Military does not create policy, civilian politicians do - the military is just a tool of policy. They need all the tools at their disposal to do their job of keeping the United States safe, however that job is defined by the politicians.
What about their job of blowing the crap out of Iraq? Should people be allowed to have opinions about that? Does blowing up Iraqis really "keep the United States safe"? If so, how?

Re:No thanks (0)

Anonymous Coward | more than 6 years ago | (#21853490)

Your post provides a very good reason to allow non-US militaries access to open source code, but it fails to provide any compelling reason to forbid all militaries. Some soldiers really are just fighting to defend their countries.

I'm all for forbidding US military and corporate access to various software designed to help people. (I'd even extend it further and say that I'd support an open source license forbidding use by any US citizen until the US decides to play fair with the world. If we're allowed to ban entire ISPs because some customers are spammers, why not ban entire countries? Especially supposedly democratic nations, where the pressure might force actual change.)

But please, don't paint every military as being just like the US. Most of the world is non-US, and doesn't deserve to be treated like them.

Re:No thanks (-1, Redundant)

AxelBoldt (1490) | more than 6 years ago | (#21853950)

That does not mean you have the luxury of deciding who uses it,

I am painfully aware of that. The article we are discussing asks, "how can we convince the military to use OSS", and my answer is we don't have to and we shouldn't.

Depends on the Branch of Service (4, Interesting)

stewbacca (1033764) | more than 6 years ago | (#21852696)

The Air Force is hell bent on lining the pockets of Dell and Microsoft, with their stupid, COTS (commercial-off-the-shelf) procurement requirements.

The Army and Marines use a lot of Linux. My company sells software to mostly the Army, and we have lots of Linux developers for a couple of Linux only intel software apps.

The NSA (and all the branches of service that work in/for it) uses a heavy mix of UNIX and Windows (and the largest chunk of Mac OS X of any gov't agency I know of).

Bascially, each branch operates in a fishbowl, separate from each other, so it is hard to generalize the Department of Defense's computer uses.

Who cares if the military uses OSS? (0)

Anonymous Coward | more than 6 years ago | (#21852698)

Who cares if the military uses open source software? With projects actually forbidding military use [linux.com] , it seems clear that socially responsible Free Software advocates are locking out the military.

I know that I wouldn't want my work to be used by the US military. The only good argument for allowing the US military access to open source is that they might spend money on it, but that hasn't been my experience. They're more than willing to use it since it's free, but unwilling to pay anyone except some US contractor to support it.

So let the US military keep their blood money. Real Free Software can survive without it.

Use open source or die (1)

heroine (1220) | more than 6 years ago | (#21852768)

With the most advanced inertial navigation software, image sensors, microprocessors being developed in other countries, they have to use open source and download it from other countries just to survive.

Re:Use open source or die (0)

Anonymous Coward | more than 6 years ago | (#21853402)

If you say *fabbed* in other countries, you might have a point. But they're still designed by Intel, Sun, etc, which are very much American companies headquartered in the USA.

NMCI not a great example (2, Interesting)

HangingChad (677530) | more than 6 years ago | (#21852858)

It's a waste of time pitching the Navy anything. NMCI outsourced their entire network infrastructure to EDS. A monumental cesspool of pork barrel contracting that puts Haliburton's Iraq contracts to shame. There are hurdles and endless reviews for getting any piece of software approved for use on Navy or Marine networks. And between SPAWAR and EDS they're busy trying to squeeze out what little internal development is left in the Navy and move everything to the giant hosted service architecture. The very people most likely to use and promote any type of open source software or a project built on open standards are the ones jumping ship and going elsewhere.

You can waste your time trying to educate DoD if you want but it's maddeningly frustrating. They'll listen and understand, then go off and do something entirely different. Which is a shame because the military is an organization that would benefit the most from an open, flexible infrastructure. One that could scale on demand, integrate disparate information sources and is reliable on legacy hardware. You would think with the massive paperwork hassles of buying anything through the government, the military would pounce on technology that let them side-step the entire procurement process and load it when you need it.

It would all be funny if it wasn't billions of your tax dollars going down the crapper.

good in theory... (1)

Butisol (994224) | more than 6 years ago | (#21852932)

What's the point of working your way up to General if you can't go into semi-retirement at a corporation selling software using your military connections?

OSS doesn't meet quality standards (1)

timmarhy (659436) | more than 6 years ago | (#21852990)

The fact is that most OSS projects are ill suited to the corperate and government environment.

OSS focuses on the latest and greatest features, government doesn't, they want tested and proven versions. OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

I know the linux fanboys here will go batshit crazy over this, and i guess the truth stings.

the ONLY situation i can see OSS being any advantage to the DoD is if they hired the developers of an OSS project they are interested in to maintain a fork of the software for them.

Re:OSS doesn't meet quality standards (1)

greg1104 (461138) | more than 6 years ago | (#21853138)

The fact is that most OSS projects are ill suited to the corperate and government environment.

At least my open-source web browser warns me when I misspell "corporate" while trolling.

OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

Yeah, it's a shame the copies of RHEL5 I deployed earlier this year will only be supported until 2014 [redhat.com] . Barely any time at all to test them.

Re:OSS doesn't meet quality standards (1)

timmarhy (659436) | more than 6 years ago | (#21853478)

"Yeah, it's a shame the copies of RHEL5 I deployed earlier this year "

all you did was prove my point dumby. READ AGAIN - i said the only situation where OSS will work is when you pay developers to maintain it for you, which is what a RHEL support agreement is.

essentially DoD need to do a cost/benefit and make up their minds if paying dev's vs purchasing a product makes sense.

Windows is the kids menu (2, Funny)

symbolset (646467) | more than 6 years ago | (#21853270)

It doesn't sting. It reminds me of my boy when he was 8 years old. We would take him out to nice restaurants where we could get decent food. No matter what was available he wanted the same boring things: chicken nuggets, grilled cheese, cheeseburger.

I encouraged him to try new things but it's pointless to push it because there's something in the human condition that makes us think any unfamiliar food is toxic.

So be it. Enjoy your kid's meal. I'll be over here with the diverse selection of culinary creations from all the world's cultures. Thanks.

Re:Windows is the kids menu (2, Informative)

timmarhy (659436) | more than 6 years ago | (#21853492)

WTF does chicken nuggets and your kid being a spoilt brat have to do with anything I said?

can you be more abstract? I think maybe there's a japanese conceptual artist out there that thinks your analogy is good, everyone else thinks it's dumb.

Ridiculous (1)

Ironpoint (463916) | more than 6 years ago | (#21853022)


It is ridiculous to suggest that the military is concerned about cost or spending. The taxpayer pays the bill, and the bill can grow to whatever is politically possible. Why would a department choose open source when a few well connected companies stand to make hundreds of millions selling closed source solutions. The primary role of the military in US society is to funnel tax money and reward political power and connection. A large percent of military spending is for parts that are scrapped months before they are even delivered. They go from the factory to the dump.

The navy doesn't care how much it costs because, in the end, you will pay. The navy will never go bankrupt no matter how much they spend.

Re:Ridiculous (1)

timmarhy (659436) | more than 6 years ago | (#21853048)

nonsense

They have a budge like anyone else, and their purpose is very clear, to protect america's waters and interests abroad.

I suppose you probably think the government can't go broke because they can print more money to?

Re:Ridiculous (1)

Entropius (188861) | more than 6 years ago | (#21853968)

They have a bloated budget, getting anything they ask for from Congress (since we have to support the troops, right?) and the purpose of people at Boeing et al. working on military "R&D" isn't to develop equipment to "protect America's waters and interests abroad"; it's to get themselves more contracts. This after all is what the stockholders want, right?

I live in a military contracting town, and have first-hand knowledge of people not really caring whether or not anything works or is militarily useful as long as the money keeps coming.

Hint: the government IS broke, and it's because of irresponsible spending on the military, started by Reagan, slowed by Clinton, and then increased again by Bush II.

Re:Ridiculous (1)

timmarhy (659436) | more than 6 years ago | (#21854030)

err companys that are after contracts to build things for the navy don't care, thank you captain obvious.

I was refering to the navy itself which does the purchasing. it's up to them to spend wisely (which they don't do, no debate from me there)

Its ok, we are cost plus (0)

Anonymous Coward | more than 6 years ago | (#21853388)

I was on a team building a system meant to run in a classified/secret environment. The main barrier to using open source was the NIAP certification/scam.

Anything running in a classified environment must be NIAP certified. NIAP certification requires deep pockets and long timelines. Open Source software packages don't have the funding to get the certification and the government won't budge.

We wanted to use Ubuntu, but it's not certified, gotta shell out for Redhat licenses. Wanted to go use iptables/snort, nope sorry buy this intusion detection system thats more expensive than a new mercedes. The examples of this went on and on.

Overall I would say we shelled out more than 2 million dollars in proprietary closed source software that had equivalent or better free open source competitors. But its all cost plus anyway so the defense contractor is happy, the govt can check off its checklist so they're happy, and big software co. has a big stable customer. Everyone's happy, unless you pay taxes of course.

Nooo! (0)

Anonymous Coward | more than 6 years ago | (#21853440)

You want to get blood on Tux's flippers?

Add this to the GPL : "Software licensed under the GPL may not be used for war"

Re:Nooo! (0)

Anonymous Coward | more than 6 years ago | (#21854034)

Go to hell. People die for you.

Strange..... (1)

Joce640k (829181) | more than 6 years ago | (#21853928)

Every military project I've ever worked on has demanded a copy of all source code "for security reasons" - to make sure I wasn't slipping anything extra in there.

Accountability and maintenance is the issue (1)

Xanthvar (1046980) | more than 6 years ago | (#21853998)

Accountability and maintenance is the issue that keeps US DoD from adopting open source for the most part.

As far as the article goes, I don't truly see open source as making an impact on network spills.

MyNameIsFred was right on, in his labor assessment.

Most of the network spills that I have been involved with cleaning up, are due to human error, who are generally writing a report, and inadvertently include some information that is of a higher classification. They then, publish this, or email it to everyone under the sun, and it is mostly manpower that is spent on trying to track down who got it, and what they did with it, and how to get the horses back in the bar after the fact. Education is the issue there, not technology.

As far as redaction goes, I don't know, I've never been involved with that, so I don't feel I can speak on the subject.

Accountability: DoD doesn't trust most open source programing, as they do not know who did the actual coding. It could have been an American or an allied nation, who is friendly to the US, or they could be from a country that is not as friendly. With closed source programing the idea (though not necessarily the reality) is that they can require that only US citizens or allied nations do the work, thus preventing a foreign national from an unfriendly nation from putting in some sort of back door that could be used to exploit the system... (again, the reality is that code is often outsourced and there is nothing from keeping a US citizen from putting exploitable code into the system, but again, this is the intent, not reality).

"But, if you have the source code, you can check it yourself, to make sure there are no back doors!" -- this is a great argument, but it isn't really practical. Who would do this work? There just isn't enough manpower for this task. Personally, I think this could be the biggest strength of open source code, used in a defense environment. You take a product, customize it to your missions needs, then sign and hash it to verify that it hasn't been tampered, and require that only that version of the code is used. Releasing this code to the public generally isn't that big a deal, as if a new feature is added, it probably needs it, but most likely, features would be removed, making the product simpler. IRC clients that certain commands insist on using, irregardless to the security threat they provide is a great example (Yes, it is on a secure network, but that doesn't mean you shouldn't insist on all applications following best practices).

Until DoD starts doing something like this on a large scale basis, the argument that some evil foreign power COULD have put something bad into the code, is going to carry a lot of weight. And everyone in DoD knows what foreign powers are most likely do so... after all, you would have to be stupid not to try and do the same thing if you could!

Maintenance: This is the other big issue DoD has with open source. If there is an issue with the program, we may need to talk to someone to fix it. Also, we need to make sure that if it is going to take 5 years to get it implemented, that it will be supported when we finally get to use it in production.

"But, you can get maintenance on Red Hat or (insert names of product or company here)!" -- this argument is heard all the time, but just because you can get product support, doesn't mean that it is going to be around long enough. Thunderbird is about the only example I can think of to back this up (and it is probably not a good example, but you know what I mean). The open source project could be abandon at any time due to the main developer getting tired of it, or perishing, or going to jail for murder or whatever. Now, this can also apply with any closed source, commercial product, as well, where the company goes under, or gets bought out, etc... but again, this is the an argument that carries a lot of weight in DoD. This is why they generally choose to use MS or Unix, they are pretty sure that it will be around for a while.

Also, with open source, while their patch time is generally much better, you could be relying on some volunteer to make the update if they feel it is important enough, while with a proprietary system, there is someone who you can hold their feet to the fire to ensure that the issues gets fixed (if they are still in business that is).

Until these two issues (Accountability and maintenance) can be resolved on a regular basis, it is an uphill struggle to get DoD to adopt more open source. While they do use a lot of it, they tend to be the exception, rather than the rule.

Then throw in all the dirty tricks, politics and lobbying, and suddenly why should open source be treated differently than everything else.. the best product doesn't get chosen, the one with the best marketing campaign is.

On a side note, on the subject of name dropping ( and this may be seen as a flame or a troll...) but in DoD circles, there are some organizations that are respected, and there are many others that are not.

DISA is generally not held in high regard by most... I believe the phrase is "DISA shares the first four letters with Disaster for a reason", and NMCI isn't much better. A Mitre study isn't going to impress anyone, and for the love of Pete, saying that NORAD uses it, is like saying it is the probably one of the worst products of all time or has no idea what "Security" means.

Just my 2 cents worth.. I'll get my coat.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...