Slashdot Mirror
Open Source in the Military?
djmcmath asks: "Does anyone have any experience with Open Source Software and/or GPL'd software in military applications? I'm only asking because I'm involved in work on the combat systems for a new submarine, and had considered an Open Source solution. (I apologize, I must be intentionally vague for obvious reasons.) So ignore the obvious questions (Is it really suitable? Are closed-source proprietary options better? Does MS have a good solution?) and skip to the good stuff. What about the fact that my code would be classified Secret under US Code Umptifratz? I cannot distribute my code (and it's changes) without being tried for treason. What happens to the rest of the combat system code when I submit my GPL'd module?" Open Source and the Military: it's a tricky combination of keeping what can be open, open and keeping your secrets...well, secrets! However, open source in the military need not be as high profile as weapons systems. One of the only major OS projects that I'm aware of that had any form of military involvement was GRASS, the open-source GIS system. I'm sure there may be a few others out there. Does anyone know of other OS projects with military association? If there are any projects out there that interface with classified bits, how did you deal with those issues?
Couldn't the military, if it wanted to avoid the legalities and implications of the GPL, just license whatever code it wanted directly from the authors?
I actually have had to deal with this an the GPL really isn't your biggest concern, but first, let me address that.
The GPL is a set of licensing terms between the author and whomever he distributes the code to. If you are working directly with the Navy (unlikely) then writing and consuming the GPL code would pose no problem since your not distributing to anyone.
If you are working for a contractor, then it is a bit more hairy. You can still write the code GPL and distribute it to the Navy under the GPL. This of course gives the Navy whatever rights to the code so that they could redistribute it if they choose. It does not allow some guy in Florida to obtain secret info though. You would have to first give him a binary for him to have grounds to ask for the source and of course, classified source code produces classified binaries so this isn't an issue.
The real issue is QA. There are all sorts of processes (I know at least for Surface Systems) covering COTS verses in house software. Now, I spent a great deal of time working things out with QA and this is what we came up with when I first asked to use an OS library in a tactical program:
First, I had to vouch for the code. That meant I literally had to go through it line by line and make sure there were no possible backdoors in it. Also, if I modified more than a certain percentage of the library, then I was responsible for bringing that library up to in-house standards (which I'm sure you know is a real pain in the ass).
Don't worry about the licensing terms, they aren't going to be a sticking point likely. QA is what is going to kill you... (and it will only get worse if your program carries a higher classification).
int func(int a);
func((b += 3, b));
Perhaps he meant espionage - the release of state secrets to an enemy of the state.
I can't say that I don't give a fuck. I've just run out of fuck to give.
That quote is accurate, but the military can and does refine the definition for non-civilian personnel.
-----------------------------------------
Remove the Greed which plagues mankind.
Okay, so your little research into Article III makes you an expert over the person with DOD clearence (any level) who has filled out 15-30 pages of personal facts/history, who had to read another 50-100 pages of what to do/what not to do/possible punishments, and has their personal life investigated left and right (at their choice) to benefit our country?
Until you've been there and done it and know what it takes to get a clearence and what ramifications exist if you break the agreement, keep you opinions to yourself and go back to your text book. That is real world buddy.
If, however, these combat systems were to be _sold_ (or given away, though that's unlikely)
Selling military equipment is a multibillion dollar business. Where do you think we get all our cheap gas? We've been trading military technology for cheap oil in the mideast for ages.
Treason is an overstatement, but in his case, the penalties would be stiff, and could depending on the circumstances and who he distributes it to, could be considered treason. The non disclosure agreement sets penalties of 10 years and 10,000 dollars for EACH violation of the security regs. For example:
Classified fact a
classified fact b
classified fact c
classified fact d
classified fact e
If those were real classified facts, I could easily end up in jail for 50 years for this post.
It may not technically be treason, but it can be as severe and match the spirit of treason if not the letter of the definition.
Just a note on how military are involved on spreading the evil "specter" all over the world. Just one name that means all:
"TCP/IP"
It's open, clear and crystal like water. The whole world uses it. 90% of open/closed source network systems depend on it. It's open, it's readable. And it's ARPA...
What else is needed to talk about the military involvement? From start to end, many things done on computers are orginally military by their nature... First computers were created for military needs, let's not forget this. And today nearly everyone uses them. From Taco to Ben Laden...
On the one hand, I think we need something more devious than that... Put somewhere in the FAQ:
Q: blahblahblahOpen Sourceblahblahblahlegal question?
A: Get a fucking lawyer.
On the other appendage, I think Taco & Co. post these questions because of the anecdotes provided in the comments. And since the comments are the most important part of the site, what better way to add value to slashdot than to repeatedly post the variations of the question?
Personally I'm waiting for April 4, so I can be rejected for asking, "Hey, it's been a year since we talked about Game Programming w/ SDL, what's changed since then?"
[o]_O
give my right leg to have one of these things to ride around the Jersey shore in :)
You don't haveto - just enlist.
I'm a consultant - I convert gibberish into cash-flow.
If you can't release your source code, don't use the GPL.
:)
Why? Because a lot of us GPL fans are Buddhist, Pacifist, Hippie types!
Seriously... I don't want you using my software to help kill people.
But you can't under the GPL, stop anyone from using the software to do things you don't like, as long as they comply with the GPL. Open Source is about making software freely available - if you do that, you have to be willing to let people use it for things you may not like.
I have also talked to Stallman about putting a clause in the GPL about not using the GPL in military systems because of these concerns
Now your advocating clsoing the source to people whose world view conflicts with yours. Beyond teh difficulty in sorting out what would be limited and what wouldn't, since you can change the terms of another writer's license, why limit this to the military? Either the source is open and free to all, under the same terms, or it isn't. This gets real close to MS' FUD about viral code - all of a sudden you can't reffly use and distribute code you've created beacuse it incorporates someone else's more restrictive license.
If you want to limit your code's uses, write seperate modules that don't incorporate others code. Unfortunately, you cna't have things both ways Open Source and Restrictions on End Users.
I'm a consultant - I convert gibberish into cash-flow.
DivX ;) for compressing video captured by unmanned Predator airborne surveillance platforms?
If you used BSD licensed software, you'd not have
deal with unreasonable release issues related to GPL'd code, which attempts to highjack any potential corporate generosity.
GPL licensing is a snare for anyone who
wants to write code in a formal, organized setting, and it shoots itself in the
foot by attempting to subvert corporations or other bodies who may want to give something back to the public (e.g the Peace Dividend).
Intelligent businesses descision-makers will favor BSD licensed-software over any other. The BSD license very clearly has no strings attached.
If your organization feels it is important to give back some useful unclassified components, modules, or patches to the public, the BSD license absolutely encourages this.
But if your company decided to make public an unclassified module that was part of a larger classified system which was based on GPL'd code,
you'd be opening yourself up to a lawsuit because
the GPL license would require you to release the sources for all the software you made. This is unreasonable.
Even discovering a bug in GPL'd code and releasing the fix publically could arguably
oblige you and your company to release the whole of your work to the public.
So, why should anyone trust such licensing?
The fact is, the primary strength of GPL licensing is also it's primary weakness - advocacy of open source. It just goes too far trying to force this to happen.
The GPL license is like a highwayman posing as a beggar at the roadside. If you stop your carriage, and attempt to give something back of
some value, you will be forced into to giving up everything you've got.
-AJCB
Its YOUR military that has protected your rights and freedoms every day since your conception.
.NEQ. Bad</b>
Would I like to see World Peace? Sure. I think it would be best for all involved. HOWEVER, it was the military that put an end to scum like Hitler and hopefully Bin Laden. You mis-spoke on the biggest mass murder in the world, it was a toss up between Stalin and Hitler. I suggest you stop in at the Holocaust Memorial next time you visit Washington D.C. to protest something. Maybe it'll open your eyes.
As for your point of OSS being international, then that means that scum like Bin Laden and Sadaam can use OSS against the US. All's fair in love and war chief.
So, next time you take a moment to release yourself from hugging your tree and open your mouth, engage your brain.
<b>Military
As for the original article, maybe you might want to investigate the BSD's.
What's my Karma Mr. Burns? "Excellent"
So far it seems that everyone has failed to actually read what he wrote. It's not like he hopped on freshmeat and searched for "torpedo guidance system" and actually found something to work with. His quandry is most likely whether or not using open source tools for his project requires his project to be open source. This is an easy answer as you can generate all the code you want using open source tools and then release it under any license that makes you happy. The Marine Corps Warehouse Management System is powered by Red Hat 6.0 and compiled using gcc. While the number of $500 toilet seats we have in warehouse 5 is not really a matter of National Security, it still may be a peice of information that enemies could develop intelligence with, so the system specifications and code remain closed source. We are not violating the GPL because our system is not based on GPL'd code.
Although, to keep everyone happy, you may have to name your project GNU/Submarine.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
Yes, security classifications are legally enforced.
But if you cannot simultaneously simultaneously obey the the Gnu Public license and the law, then the license doesn't take effect, copyright law kicks in, and you have no permission to redistribute modified code at all.
Any person who inserts willingly mingles GPL code with classified code is either immediately violating copyright, or conspiring to commit espionage (when they release the code, as the license requires).
Of course, in real life no real criminal espionage charges would be pressed. If this were to actually happen- by accident, say, a subcontractor programmer gets confused), and is found out, then the government would have to weigh the value of the combined code, and either arrange payment to the original authors, or promise to destroy (in a security-level approved fashion) the offending software.
Unless they declare it a matter of National Security and just pull the whole thing under Eminent Domain.
Further back
- The DoD needed a way to keep an infrastructure going during and after a war. Blah Blah Blah, arpanet was born.
-
They needed Operating Systems for it to run on - prefererably something not closed and owned by IBM, DEC, Prime, etc.
Many many tools that are "just there" are there because they were developed under public grants - often not the point of the research, just tools developed in the processes of doing the work. If I develop CoolTool(TM) while being paid by taxes to do something, I can't just sell CoolTool. Frankly, often it was put out because "here was something handy and I want it to keep going but am moving on."They ended up funding a lot of the development of young Unix
(GnuPlot came from Dartmouth after being written to plot data under a weather grant or something)
My point is that Open Source and the gub'mint (esp the DoD and military) have a long history together. The fact that free software is auditable and readable is often mandatory - especially for systems that will never get third party support.
No licenses I've glanced at have ever said "If you make changes for your own use, you must give them back." If this ends up being sold one day (and many military technologies (besides Tang) HAVE made it back into the civilian world), then you may have issues.
It is the same military money that lets you post your little message. The Internet was funded by DARPA(Defense Advanced Research Projects Agency, an agency of the DOD). And the US is the primary defender of whats right and good in the world, so bite me. Good luck in finding out if we are using your stuff in weapon systems, because you do not have the need to know. Because I will use whatever I can to make sure that US Sailors come home again.