Slashdot Mirror

It's the same search engine which runs the search website's of the US, Norway, New Zealand and Israel Governments. http://www.gcn.com/Articles/2008/05/21/Widgets-to-the-rescue.aspx

Surprisingly big for a search engine that so few people have ever heard of.

Google and privacy. You might want to check out this, this, this, or this. People also forget that the majority of the world population is not living in the USA. US agencies are allowed to spy on non-US citizens as they like, although this is usually not emphasized for diplomatic reasons. Thus, not only terrorists and wrongdoers should be concerned about their privacy...unless Schmidt thinks that all non-US citizens are terrorists. Foreign governments should actually be much more concerned about Google than they seem to be, but as far as I know only former French president Chirac was concerned about Google and as a politician he turned out to be a wrongdoer, of course. LOL

You can make scroogle your search engine of choice although we all know that it helps less than some people might expect, because normally configured browsers leak a lot of information.

I had been having ongoing arguments with auditors and DoD scanners about Open Source Software versus "freeware" - it's free, so that means it's Freeware - right? Finally, Daniel Risacher from the "Defense Department's Office of the Chief Information Officer" made this announcement.

Reading that, I got all excited...and waited patiently. For a bit. Finally, come April, I emailed him directly with this question:

At a RedHat conference on Oct8, 2008, you made a comment that the DoD would further clarify that OSS is not the same as Freeware/ Shareware, for those who are still confused about the subject. We are currently undergoing an audit, and are being told that we can't use various products because they are "shareware" - specifically, mysql was on the hitlist. Discontinuing use of mysql would be an engineering nightmare for us, esp since anything else would also be "freeware" according to the auditors.

Of course, 8500.2 says that we can't use shareware because we don't have access to the source code, and we obviously have access to the code of open source products. I can't find the memo that you mentioned would be coming soon - has it been released?

To which he responded:

From: Daniel Risacher ((redacted))
Sent: Monday, April 06, 2009 3:54 PM
To: Brian LaMere
Subject: Re: OSS in DoD?
The memo is essentially finished, but stuck in an near-endless do-loop of executive-level staffing.
Forward the names of any gov't personnel who are giving you trouble to my work email: ((redacted)), and I'll try to talk to them.

Wow...that was back in April. Things sure do move fast around there ;)

There are countless documents that say so many different things, compounded by the fact that there are a multitude of auditors who have been trained that "Open Source" is "Freeware." And since "Freeware" is disallowed according to 8500.2, they then decide that "Open Source" is too. Nevermind that the Linux kernel is Open Source, no - they would pick and choose randomly which software we could and couldn't use. On a whim they'd suddenly decide mysql was no longer ok, no matter what evidence I could provide otherwise.

G-d, how I miss that circus.

Should have implemented Grand Central, I hear it's free and opensource. Even has the Apache license so that it allows use of the source code for the development of proprietary software.

I mean they already borrowed the TCP IP stack.

You are missing the point.
While Grand Central is a very cool system, its not designed to make multithreaded applications faster. Its designed to make it easier to write a multi-threaded app, or retrofit multi-threading into existing single-threaded code.

And that link you provided is interesting, but nowhere does it say anyone but microsoft wrote the TCP stack. All it says is it uses several existing TCP algorithms.

No, it's not surprising.

Should have implemented Grand Central, I hear it's free and opensource. Even has the Apache license so that it allows use of the source code for the development of proprietary software.

I mean they already borrowed the TCP IP stack.

They're not.

http://gcn.com/Articles/2009/07/13/Update2-USPS-open-source-Product-Tracking-System.aspx?p=1

The service is moving 1,300 Sun Solaris midrange servers to a Hewlett-Packard Linux environment. USPS is using Novellâ(TM)s SUSE Linux on the mainframe and distributed computing platforms to forge greater interoperability between the two environments, Byrne said.

http://gcn.com/Articles/2009/07/13/Update2-USPS-open-source-Product-Tracking-System.aspx?p=1

The service is moving 1,300 Sun Solaris midrange servers to a Hewlett-Packard Linux environment. USPS is using Novellâ(TM)s SUSE Linux on the mainframe and distributed computing platforms to forge greater interoperability between the two environments, Byrne said.

I think the summary and the TFA are a bit confusing. It probably would have been better had the summary linked not just to the TFA but also directly to the gcn.com article which is linked to from TFA, or maybe better yet, just to the gcn.com article. What I get from that gcn.com article is this:

a) There is a mainframe that is talking to ~1300 "midrange" servers.

b) The mainframe is an IBM Z-series which has been shifted over from an IBM proprietary OS to Novell SUSE Linux.

c) The COBOL code is running on the *mainframe*, not the ~1300 servers! (TFA summary is wrong on this)

d) Because the mainframe is now running Linux, and because of a USPS IT decision to standardize on Linux (this is why OpenSolaris was never an option - sorry OpenSolaris fans), they're now converting the servers to Linux as well for better interoperability between the mainframe environment and server environments.

e) As for what this system is actually tracking:

Events are transactions that occur at the service's retail counters, such as shipping and picking up packages or the delivery of priority mail by carriers to businesses and residences. The mail is scanned to confirm delivery, and that information is sent to the PTS database. ...

âoeWe're inserting like 40 million events a day,â he added. ...

The PTS has 56 transaction types, such as acceptance scans and delivery confirmations, that have now all been migrated to Linux.

The gcn.com article has more info, but even it is confusing to me. Questions:

What is an "HP Linux Environment" (Does HP have its own version of Linux? What distro is HP using?)

Any Z-series gurus reading this want to chime in and explain what the IFL actually is (Page 2 of article)?

Yes, I know, I could Google for those answers, but I'm already worn out just doing what the original story submitter should have done. Just consider the above an "improved summary". :)

According to this article they moved Novell's Suse linux http://gcn.com/articles/2009/07/13/update2-usps-open-source-product-tracking-system.aspx

The service is moving 1,300 Sun Solaris midrange servers to a Hewlett-Packard Linux environment. USPS is using Novellâ(TM)s SUSE Linux on the mainframe and distributed computing platforms to forge greater interoperability between the two environments, Byrne said.

Source: http://gcn.com/Articles/2009/07/13/Update2-USPS-open-source-Product-Tracking-System.aspx?Page=1&p=1

Basically, GAE is a Google-hosted platform that can run applications written in Python. (Other languages â" such as PHP, Java and Ruby â" are being considered.) With the downloadable software development kit (SDK) and a copy of the Python runtime, you develop your application on a local machine and then upload it to Google. Google will run the app and worry about bandwidth, CPU and storage issues. Google provides a dashboard that allows you to keep track of how often the application runs.

From the description, it sounds like this is found in TBB and research done for DARPA in PGAS. GCN had a blog post, "Does parallel processing require new languages?", about this the other day.

The problem is that an operating system is just something you need to get the application to work on the hardware you choose. It might be a small part of the problem. If you decide to create your own custom distro for the purpose of running your application you're going to possibly run into problems getting your application stack to work correctly on top of it or may have problems getting support.

The OS they chose was RHEL and you can infer some of the rest of the stack from the requirements.

Looks like they went with an SOA architecture on top of a J2EE stack with an Oracle backend using Eclipse as the development platform.

I don't know why these stories turn into OS flame wars. It's like blaming the spark plug for poor engine performance. The OS is probably adding vulnerabilities (Don't know of any OS that doesn't have listed vulnerabilities) but you have to look at the whole stack. Any individual part of the stack could be fine on it's own, but in combination may create other problems. On top of that, this system isn't just a combination of off the shelf components, there is a lot of coding involved and for all we know that's where most of the issues may be.

I saw no mention of how they are using Windows or if they are using Windows at all. Under the recommendations, they made no recommendations to stop using Windows at all.

Actually, it looks like one of these FAA system (Traffic Flow Management System) is running RedHat Enterprise Linux on the servers and workstations with an Oracle backend. The system was migrated from HP/UX to Linux.

http://gcn.com/Articles/1998/07/13/Software-glitches-leave-Navy-Smart-Ship-dead-in-the-water.aspx?p=1

i know feeding the trolls - but he wanted to be impressed

From the article: "The Yorktown lost control of its propulsion system because its computers were unable to divide by the number zero, the memo said."

All I have to say is as a tax payer, I demand that all warships should be able to divide by zero...

http://gcn.com/Articles/1998/07/13/Software-glitches-leave-Navy-Smart-Ship-dead-in-the-water.aspx?p=1

i know feeding the trolls - but he wanted to be impressed

Basically, GAE is a Google-hosted platform that can run applications written in Python. (Other languages â" such as PHP, Java and Ruby â" are being considered.) With the downloadable software development kit (SDK) and a copy of the Python runtime, you develop your application on a local machine and then upload it to Google. Google will run the app and worry about bandwidth, CPU and storage issues. Google provides a dashboard that allows you to keep track of how often the application runs.

Disclaimer: I'm a Fed Employee, with BA and MS in Computer Science.

The Scholarship for Service (SFS) program, jointly run by the National Science Foundation and the U.S. Department of Homeland Security (DHS), the U.S. government is desperate for cybersecurity professionals. The SFS program was designed to increase and strengthen the federal government's core of cybersecurity professionals by underwriting two-year stipends for full-time students who specialize in information assurance at approved four-year colleges and universities in exchange for agreeing to serve at a federal agency in a cybersecurity position for at least two years.

http://gcn.com/articles/2009/03/23/sfs-cyber-workforce.aspx

I was remembering the "taking a month off" thing to be in 2000, but at least according to this it was early 2002.

It seems like it should have been a year. It's not like Microsoft accomplished anything in 2002.

Look at the VPL entry for the product:

"Science Application International Corporation (SAIC) determined that the TOE doesnâ(TM)t satisfy any EAL defined in the Common Criteria, but rather fulfills the High Robustness requirements as defined in the U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness, Version 1.03, 29 June 2007. The TOE, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Security Target."

It's unclear what this means. I haven't seen anything like this on any other evaluation.

On the other hand, the certificate indicates EAL 6. There have been press releases that point to both stories.

Once upon a time in a magical land where sensitive data would from time to time vanish and then reappear, the mainframe WAS the sofa.

Your argument in a nutshell is: "If we optimize a counter-strategy, they will optimize their own counter-strategy, so we are better off leaving the status quo favorable to their present strategy."

The status quo isn't favourable to any strategy - that's why it's a good idea. If you increase the probability that Arabs will be searched, the terrorists can gain an advantage by using non-Arab attackers. If you increase the probability that men will be searched, they can gain an advantage by using women. The only strategy that can't be exploited in this way is random sampling.

Should we stop associating bank robbers with people who walk into a bank with ski mask and gun on the premise that this will simply let robbers without ski masks and guns slip through undetected?

Masks and guns are necessary for robbers and unnecessary for non-robbers, whereas dark skin isn't necessary for blowing up a plane.

If you can isolate a subgroup that contains 85% of your "targets," it is simply logical that 85% of your resources should be dedicated to that particular subgroup.

No, that strategy can be exploited.

This has no similarity whatsoever to racism, which is the (contradicting) fallacy of replacing demographic weights with a general assumption of intrinsic character traits.

I never said it was racism, I said it was bad security.

And you are quite mistaken to suggest terrorists have so much facility in choosing the demographic to cull recruits.

They only need four or five people to carry out an attack. Do you really think they can't find four or five recruits in the whole world who don't look like stereotypical terrorists, i.e. young Middle Eastern or North African men? Islamism is an ideology, not a race.

At present, there is absolutely no doubt profiling is *efficacious*, although please do note that I am not assuming that just because it is efficacious that it is *morally right*. You can still make against profiling even if it's known to make the best use of the available resources.

I'm glad you made the distinction and I understand where you're coming from, but even in narrow resource-allocation terms, randomness is still the best strategy.

The Veterans Affairs payroll system "Personnel and Accounting Integrated Data" (PAID) Pay System was first planned in the Kennedy administration (1963) and deployment begain in 1964. See VA History Highlights for 1963 & 1964
I don't know what type of system it is running on now (probably OpenVMS from HP), during the 70-90's it ran on VAX VMS.
During the earlier part of this decade, they tried upgrading to a system built on Oracle Financials. The develoment project was called CoreFLS, was budgeted at $400+ million and was canceled as a failure after spending $240+ Million. So they are still running PAID, as far as I know.

Game theory algorithm improves security by putting police on unpredictable schedules

Security, not through obscurity, but through complex mathematics. It's not just for computers.

....not the nation's internet - the agencies' connections. And yes, the DoD has mechanisms and infocon levels for this. Given the proper threat the connection to the internet is unplugged - I'd imagine they would do something similar for the civilian agencies. If you read the sidebar: http://www.gcn.com/print/27_8/46113-2.html this isn't an experiment. Consolidation is already happening, and is continuing to do so.

I hate to pick on Slashdot (okay, no I don't) - but this was "news" back in mid-January.

I'll be curious to see how this plays out. Currently the LOC uses a lot of Flash. After reading the article (the one I linked above, not the non-informative blog post in this /. "story") it sounds like the LOC will be using Silverlight in a specific, probably limited, fashion. It'd be nice to get more information, though. From what little information is available, it's possible that MS proposed this as a new project - adding content, not replacing current LOC web materials.

In any case it seems like a silly thing to do unless there's something Silverlight does that Flash doesn't do (given that the LOC site already uses Flash). Plus Silverlight currently doesn't include accessibility support, which to my mind would make it a non-starter for a government website.

>As a developer, I'm waiting for an open-source solution, so that I'm not restricted to .NET languages, a single platform to develop on, etc.

Miquel de Icaza is working on an open-source version of Silverlight for Linux. See here.

"From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot."

Ok, my initial lead wasn't as clear as I had thought.

-

.

From a 1998 article ( http://www.gcn.com/print/17_17/33727-1.html )

Atlantic Fleet officials acknowledged that the Yorktown last September experienced what they termed "an engineering local area network casualty," but denied that the ship's systems failure lasted as long as DiGiorgio said. The Yorktown was dead in the water for about two hours and 45 minutes, fleet officials said, and did not have to be towed in.

"This is the only time this casualty has occurred and the only propulsion casualty involved with the control system since May 2, 1997, when software configuration was frozen," Vice Adm. Henry Giffin, commander of the Atlantic Fleet's Naval Surface Force, reported in an Oct. 24, 1997, memorandum.

Giffin wrote the memo to describe "what really happened in hope of clearing the scuttlebutt" surrounding the incident, he noted.

The Yorktown lost control of its propulsion system because its computers were unable to divide by the number zero, the memo said. The Yorktown's Standard Monitoring Control System administrator entered zero into the data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units, the memo said.

The program administrators are trained to bypass a bad data field and change the value if such a problem occurs again, Atlantic Fleet officials said.

But "the Yorktown's failure in September 1997 was not as simple as reported," DiGiorgio said.

"If you understand computers, you know that a computer normally is immune to the character of the data it processes," he wrote in the June U.S. Naval Institute's Proceedings Magazine. "Your $2.95 calculator, for example, gives you a zero when you try to divide a number by zero, and does not stop executing the next set of instructions. It seems that the computers on the Yorktown were not designed to tolerate such a simple failure."

The Navy reduced the Yorktown crew by 10 percent and saved more than $2.8 million a year using the computers. The ship uses dual 200-MHz Pentium Pros from Intergraph Corp. of Huntsville, Ala. The PCs and server run NT 4.0 over a high-speed, fiber-optic LAN.

Despite the USS Yorktown's setbacks, the Navy plans to use Smart Ship technology on other classes of ships.

[...]

But according to DiGiorgio, who in an interview said he has serviced automated control systems on Navy ships for the past 26 years, the NT operating system is the source of the Yorktown's computer problems.

NT applications aboard the Yorktown provide damage control, run the ship's control center on the bridge, monitor the engines and navigate the ship when under way.

"Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor," DiGiorgio said.

Pacific and Atlantic fleets in March 1997 selected NT 4.0 as the standard OS for both networks and PCs as part of the Navy's Information Technology for the 21st Century initiative. Current guidance approved by the Navy's chief information officer calls for all new applications to run under NT.

Now, with prospects for developments such as the Pentagon assigning IP addresses to individual bullets to keep track of its inventories, IPv4 address shortage workarounds that have succeeded so far increasingly will create problems, according to McManus and Tseronis.

I found a relevant article in the second result with this search (dropping 'fired' which probably isn't helpful and narrows the search too much and using 'track' instead of 'tracking' which allows for more variations in wording). BTW, while tracking inventory electronically is probably a good thing, I can't for the life of me understand why IP addresses would be used instead of DOD inventory numbers.

"The University" won't have the only input into the selection of vendors: both of these projects are intended for a national audience as part of the NSF's Cyberinfrastructure program.

Of particular interest: the NSF "Track 2" machine is built to complement the capabilities of TeraGrid, and is also being built in a location (Oak Ridge Laboratory) that the DOE is using to build their own Petascale machine.

http://www.gcn.com/online/vol1_no1/40250-1.html

(Both will rely on the readily available, federally administered Tennessee Valley Authority power system, interestingly enough.)

"Just a thought; But what was the Operating System of Choice for those poor unfortunate Department of Homeland Security Victims?"

'The contract, awarded June 27, named Microsoft as the "primary technology provider" to the Department of Homeland Security, supplying desktop and server software critical for the agency'

"Microsoft Corp. has hired another Homeland Security Department official for its team "

was: Re:Just Out of Curiosity

Though in this case the OS in question is irrelevant, I doubt how "Knoppix" would have prevented this:

In September 21, 1997 while on maneuvers off the coast of Cape Charles, Virginia, a crew member entered a zero into a database field causing a divide by zero error in the ship's Remote Data Base Manager which brought down all the machines on the network, causing the ship's propulsion system to fail.

I just don't see how the operating system plays into this.

There are residual electrical charges left over from the areas that are over-written, on the
periphery of where the read/write head is designed to go. Those are the areas that I was referring too.

At any rate, while trying to find that article, I did come up with an interesting find on erasing HDD's:
http://www.gcn.com/print/26_09/43577-1.html

Overseen by the Navy's Program Executive Office for C4I, the Expanded Maritime Interception Operations (EIMO) wireless system provides a data link between crews on interdicted vessels and their home ship up to a few nautical miles away. Unlike a simple radio unit, these wireless links can transmit biometric data, scanned documents, digital photos and e-mail from the boarding team, allowing near real-time analysis of such artifacts. The units use the 802.11g wireless protocol and Federal Information Processing Standard 140-2 encryptions standards. Navy floats on-board Wifi

Which is the same as the summary... what's the point?

Searching further, here's a link to GCN (Government Computer News) with a little bit more details: linky.

thanks for reminder.. quick search finds latest version circa 1996.. apparently there was no reverse switch.. imagine not being able to re-read what you just read again..

http://www.gcn.com/print/22_10/21970-1.html worried about a coin but they cant keep track of the laptops. i think they need to focus on some of the important things before looking with the naked eye for nano-spy gear

The Armys FBCB2 and, by extension, Blue Force Tracking systems are all Linux-based. Although I haven't heard an official engineering justification for using Linux in favor of a homegrown embedded OS or mobile Windows OS, but I can tell you that the computers that run FBCB2 are slow as hell these days. The Army had the technology developed years ago and used the best technology available at the time. The computers involved in that technology are outdated, but there is no real need to upgrade a working system and incremental performance boosts do not justify the cost, labor, and troubleshooting upgrades in processors, memory, and software.
Additionally, providing power to a computer in the field is a real problem. While bringing generators, spare batteries, and solar panels is the only solution to the problem itself, we can reduce downtime and maintenance time by keeping processor speed at a minimum. The same logic applies to portable gaming consoles and laptops; while it's possible to build a 3 GHz Game Boy, you wouldn't be able to power it for long enough to be portable or playable.
Yet another problem frequently encountered by is the heat. We're not talking your overclocked gaming rig with two video cards, we're talking Iraq, where summer temperatures can exceed 140 degrees Fahrenheit and even hotter inside vehicles once the air conditioning fails (and sadly, it does fail in the HMMWV sometimes). I surprised FBCB2 hasn't made it into LinuxDevices.
Here's a video of FBCB2/Blue Force Tracking in action.
Me personally, I wish my brigade got all that high speed equipment, but given I'll probably be sitting in front of a radio playing Quake on my laptop when I go to Iraq for 12 hours a day I guess that equipment won't help.

Well... there is this from 2005: http://www.gcn.com/print/24_21/36507-1.html [gcn.com]

NASA has been investigating using TCP/IP for communications with satellite since at least 2000 ... http://ipinspace.gsfc.nasa.gov/documents/OMNIconce pt.pdf [nasa.gov]

and it was going so well that http://www.military-information-technology.com/art icle.cfm?DocID=998 [military-i...nology.com]

Not that new based on a quick google.

How much was spent? US$8.6 billion by the US Federal Gov't and a lot more elsewhere. An 'industry' that big is hardly a flop. I think the problem is that people want drama, they want something sensational. Potentially Bad Problem Gets Fixed gets old quickly.

embrace, extend, extinguish.

ISO Certification failure = Product rejection. Embrace, extend, extinguish doens't work when certification acceptance is put in contracts by customers, States and Countries.

ODF Certification is done.. http://www.gcn.com/blogs/tech/40647.html
Adoby PDF certification application.. http://www.gcn.com/online/vol1_no1/43015-1.html

However, you are correct they are trying to embrace, extend, extinguish.
MS application.. http://www.internetnews.com/ent-news/article.php/3 618176

embrace, extend, extinguish.

ISO Certification failure = Product rejection. Embrace, extend, extinguish doens't work when certification acceptance is put in contracts by customers, States and Countries.

ODF Certification is done.. http://www.gcn.com/blogs/tech/40647.html
Adoby PDF certification application.. http://www.gcn.com/online/vol1_no1/43015-1.html

However, you are correct they are trying to embrace, extend, extinguish.
MS application.. http://www.internetnews.com/ent-news/article.php/3 618176

Considering that the entire point of the article is the discovery that the airplane's computer system is poorly designed, I'd say it was less "fortunately" as in "by random luck, it turns out the systems are separate" and more "fortunately" as in "well, as luck would have it, they're not total idiots, and they made the systems separate."

It's not unheard-of, after all, for software failures to cascade from trivial areas to more vital areas in passenger craft.

I knew I read about this last year. In fact, there was a similar article written in May 2006: Avian flu could cripple telecom services, Internet.

America has a bad opinion of the China regardless...

Nvidia have paid people on the job, with the relevant experience. What makes people think that the oss community can do a better job than nvidia's own people, when they can't even keep their own codebases bugfree?

You were asking the right question up until the last bit. Nobody can keep their codebases "bug free". Humans make mistakes. I assume you're human, ergo you make mistakes too, right? There's probably no program on Earth bigger than twenty lines that's bug-free. Not even LaTeX, though it's been quite a while since anyone's found one.

But as to why "people think that the oss community can do a better job than nvidia's own people", it's because OSS development has, when comparisons have been possible, proven to be better-written than the commercial alternatives. There are objective tests that illustrate this, over and over.

(Note, I still think this Fluendo stuff or something like it is a good idea. But I still want the OSS work to go on, too.)