Open Source in the Military?
djmcmath asks: "Does anyone have any experience with Open Source Software and/or GPL'd software in military applications? I'm only asking because I'm involved in work on the combat systems for a new submarine, and had considered an Open Source solution. (I apologize, I must be intentionally vague for obvious reasons.) So ignore the obvious questions (Is it really suitable? Are closed-source proprietary options better? Does MS have a good solution?) and skip to the good stuff. What about the fact that my code would be classified Secret under US Code Umptifratz? I cannot distribute my code (and it's changes) without being tried for treason. What happens to the rest of the combat system code when I submit my GPL'd module?" Open Source and the Military: it's a tricky combination of keeping what can be open, open and keeping your secrets...well, secrets! However, open source in the military need not be as high profile as weapons systems. One of the only major OS projects that I'm aware of that had any form of military involvement was GRASS, the open-source GIS system. I'm sure there may be a few others out there. Does anyone know of other OS projects with military association? If there are any projects out there that interface with classified bits, how did you deal with those issues?
I cannot distribute my code (and it's changes) without being tried for treason
Are you distributing your executables? If you use the OSS for a specific system and only on that system, you are not required to distribute source - everyone that has the binaries (the military) will have the source.
I can't say that I don't give a fuck. I've just run out of fuck to give.
You only need to distribute the source to the people that you distribute the binary to.
Presumably the binary is covered by the same secrecy rules as the source, so the only people entitled to the source are the miltary.
Although, if the binary is in a bomb, you may also need to distribute the source to the poor sod that you drop it on.
Is contact companies that are open source supportive that have done a lot of work with government projects that may be similar to yours, ask those kinds of questions of people who have some serious experience with it. I know my dad could help but he's unfortunately a 6 hour drive from here at the moment, and he forgot to pay his phone bill *rolls eyes* again.
Couldn't the military, if it wanted to avoid the legalities and implications of the GPL, just license whatever code it wanted directly from the authors?
I'd say as long as you didn't specify what the program was beng used for specifically, there shouldn't be a problem.
.5% accuracy on this, not "The targetting for the ICBM needs to be .5% accurate", etc.)
(I.E., we need
Just my $.02.
JoeLinux
Don't worry about the GPL. As long as you're not distributing the product or software to anyone, you don't have to give out the source. If it stays within the military, you're fine.
If, however, these combat systems were to be _sold_ (or given away, though that's unlikely) you'd have to give the buyers the source, and you couldn't restrict what they do with it once they have it. Obviously, anyone that purchases the systems would have a vested interest in NOT revealing the source code. I really doubt this sort of thing would be a problem with military sales.
The GPL is meant to protect the users of the software, NOT the developers of the software. Too many people here interpret it far too rabidly, but if you read it carefully you'll realize that, if your combat systems are secret and classified, your source code can stay that way too. Even if you sell it to someone else, you only have to make the code available to _those_who_buy_it_. You don't have to give it to the entire public just because you sell it to one person. What they do with it after they get it is up to them, though, and they may very well choose to give it away.
Imagine, a whole new suite of apps for KDE, ksonar ktorpedo kcmissile ...
It makes me doubt the veracity of your entire question. Here's what the constitution says about treason:
Article III:
Section 3. Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
I fail to see how software distibution could be considered treason. Has slashdot just been duped again?
My lawn is looking like a jungle, does anyone know where I can get the source code for napalm??
A quote from the FAQ which I believe applies to your situation:
"The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you."
Greg
To a shark, you are just another food choice...
The terms of the GPL simply state that if you sell a GPL product to a customer, you must provide the source to that customer.
Red Hat, Mandrake, and the like are being nice enough to provide iso images of their software for your download - they are not required to.
So what are the ramifications? Well, if the military sells your GPL solution to a 3rd country, they have to provide the source to that 3rd country, as well.
In other words, in this case, GPL (or no) makes no difference at all. GPL code can be "top secret" as long as the customer has full access to the code.
The idea of the GPL is that "If I bought it, I can do as I please with it - and if I sell it, so can whoever I sell it to..."
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Come on editors, this deserves at least a 2, funny. That is of course unless you have absolutley no sense of humor! What's a matter with you? Geeze, just cuz you have to work on a Saturday doesn't mean the rest of us should pay for you being pissed off! Get a life monkey boys!
I actually have had to deal with this an the GPL really isn't your biggest concern, but first, let me address that.
The GPL is a set of licensing terms between the author and whomever he distributes the code to. If you are working directly with the Navy (unlikely) then writing and consuming the GPL code would pose no problem since your not distributing to anyone.
If you are working for a contractor, then it is a bit more hairy. You can still write the code GPL and distribute it to the Navy under the GPL. This of course gives the Navy whatever rights to the code so that they could redistribute it if they choose. It does not allow some guy in Florida to obtain secret info though. You would have to first give him a binary for him to have grounds to ask for the source and of course, classified source code produces classified binaries so this isn't an issue.
The real issue is QA. There are all sorts of processes (I know at least for Surface Systems) covering COTS verses in house software. Now, I spent a great deal of time working things out with QA and this is what we came up with when I first asked to use an OS library in a tactical program:
First, I had to vouch for the code. That meant I literally had to go through it line by line and make sure there were no possible backdoors in it. Also, if I modified more than a certain percentage of the library, then I was responsible for bringing that library up to in-house standards (which I'm sure you know is a real pain in the ass).
Don't worry about the licensing terms, they aren't going to be a sticking point likely. QA is what is going to kill you... (and it will only get worse if your program carries a higher classification).
int func(int a);
func((b += 3, b));
Perhaps he meant espionage - the release of state secrets to an enemy of the state.
I can't say that I don't give a fuck. I've just run out of fuck to give.
I'm not sure why the author of this question thinks that he'll get good advice from Ask Slashdot. The only reasonable response is "you should find an attorney with experience in intellectual property and national security laws and an appropriate security clearance to be told the complete story."
If the programs are not released to the public can't you use GPL code and not release the source? As long as there isn't a restriction on Goverments in the GPL I don't see any problem. You will more likely get a negative reaction from from your CO just because he (she) doesn't think the program should be "Open Source". If you use existing open source code that isn't classified then I don't see any problem with that part of the code being released with your improvements as long as the improvements don't breach security.
That quote is accurate, but the military can and does refine the definition for non-civilian personnel.
-----------------------------------------
Remove the Greed which plagues mankind.
If the guy asking the question read the GPL, he would know the answers to his questions about the GPL. Then again, if he read the answers to the last post where some moron asked slashdot about the GPL, he would have already had the answers to his questions as well. This topic is not news for nerds. It is not new. It is not for nerds. The nerds are smart enough to have read the GPL and wouldn't ask such assinine questions. Come on people, learn to think for yourselves!
I think one of the things most users forget regarding GPL issues is the ability to contact the author(s) and try and negotiate a new license (such as BSD style or commercial), possibly for a fee. It doesn't ruin the spirit of the GPL for other users and allows you to keep military secrets secret.
The point was:
If the bomb crashes and does not explode, and some people can extract the binary out of it, then these people can ask for the source code and get it.
"i wonder what happens to a sub with a gpf'ing OS running it's navegational system."
That could give yet another new meaning to "The Ping of Death"
Okay, so your little research into Article III makes you an expert over the person with DOD clearence (any level) who has filled out 15-30 pages of personal facts/history, who had to read another 50-100 pages of what to do/what not to do/possible punishments, and has their personal life investigated left and right (at their choice) to benefit our country?
Until you've been there and done it and know what it takes to get a clearence and what ramifications exist if you break the agreement, keep you opinions to yourself and go back to your text book. That is real world buddy.
I wonder if this is for the Virginia Class of mini-subs. These things are just so freaking cool. I'd give my right leg to have one of these things to ride around the Jersey shore in :)
int func(int a);
func((b += 3, b));
IANAL, however I did work in military intelligence and information security.
From what I understand, in this case, the government agency responsible for the code changes would be required to distribute those changes to any agency they distribute the binaries too... This should not, as I understand it, mean the individual users of the software.
For example, lets say the Navy sends copies of the binaries to Electric Boat(a sub manufacturer). They would be required to send the source to Electric boat as well.
However, in this case, it is Electric Boats IT department that is the receiver of the binary, NOT the electric boat employee who uses the software. Therefore, the source can legally be kept inside a safe at the CMCC(classified material control center), shown only to the IT department and others with an established need to know.
However, in any case, regardless of license, if the source changes reveal classified information it would be illegal to release them to the general public. I'd wager that even if that turned out to be a direct violation of the GPL, the classification side of the case would win in court.
With all that said, I would recommend you push for release of all source changes that do not reveal classified information. I realize that might not be much, but what you can, go for it.
If the bomb crashes and does not explode, and some people can extract the binary out of it, then these people can ask for the source code and get it.
I don't think so. The intention of the bomb-dropper was not to provide the drop-ee with a copy of the binary included with the bomb. That would be like stating that if I broke into your office and stole a copy of the binary I could then walk in the front door and demand a copy of the source code.
If you're a zombie and you know it, bite your friend!
OK... this is not a troll... I am being serious here.
:)
:)
:)
If you can't release your source code, don't use the GPL.
Why? Because a lot of us GPL fans are Buddhist, Pacifist, Hippie types!
Seriously... I don't want you using my software to help kill people.
I spend my free time writing software to help people. Right now I can barely afford to eat but I am happy because I feel that the software I write is going to do some good in the world.
Killing people and creating even more bad karma doesn't fit in with my world view
I have also talked to Stallman about putting a clause in the GPL about not using the GPL in military systems because of these concerns. I don't know if it is possible. What about the Coast Guard? What UN peace keeping troops?
So yes... you can't use GPL code.
... and stop killing people!
Peace!
Kevin
Your tyrade has several flaws in it:
1) I never claimed to be an expert.
2) I have no reason to doubt my dictionary on definitions, so if the constitution defines something as treason, I'm inclined to believe it.
3) I never said it wasn't something you couldn't get punished for - I just don't believe it's treason. It's more espionage-like than treason-like.
4) You have no idea of my expertise.
Treason is an overstatement, but in his case, the penalties would be stiff, and could depending on the circumstances and who he distributes it to, could be considered treason. The non disclosure agreement sets penalties of 10 years and 10,000 dollars for EACH violation of the security regs. For example:
Classified fact a
classified fact b
classified fact c
classified fact d
classified fact e
If those were real classified facts, I could easily end up in jail for 50 years for this post.
It may not technically be treason, but it can be as severe and match the spirit of treason if not the letter of the definition.
"You know, Hobbes, some days even my lucky rocketship underpants don't help" -- Calvin
Just a note on how military are involved on spreading the evil "specter" all over the world. Just one name that means all:
"TCP/IP"
It's open, clear and crystal like water. The whole world uses it. 90% of open/closed source network systems depend on it. It's open, it's readable. And it's ARPA...
What else is needed to talk about the military involvement? From start to end, many things done on computers are orginally military by their nature... First computers were created for military needs, let's not forget this. And today nearly everyone uses them. From Taco to Ben Laden...
One thing I've noticed with using computers with "Secret" stickers slapped all over it is that the software itself can be unclassified, but the computer becomes Secret when it starts processing data. I work with some systems in the USAF that are like that - the OS (solaris or windows for example) is unclas, the software installer (on a dat tape) is unclas -- but when you install everything and configure it, the system becomes secret.
Also, if you know anything about COMSEC, you might notice how a crypto device that is zeroized can be stored in plain old room (locked only to prevent theft) and you can even find schematics of some of this equipment on the net.
-Major Kusanagi, Section 9
-- Will program for bandwidth
I work for a military contractor. Every project that we've worked on, we've ALWAYS given the military the source we use. What is th econflict with OSS?
Want to see every step I took to start my company? http://www.rowdylabs.com/blogs/pitchtothegods
I work for a large defense contractor. We're forbidden to use most open source programs. MySQL, Jacorb, Postgresql, Log4J, and even perl (!) have been avoided because of liability issues... Its also difficult to convince our laywers open source can be used w/o (potentially) violating copyright of many developers...
Would be nice to see, but its not common (or likely) in my experience.
I am a programmer in the USAF, and my squadron (for security reasons I cannot say what my unit does) uses OSS.
;-)
We use Samba for sharing printers between Windows NT and Solaris. We don't change the source code, but we do use OSS. I believe that we also use GCC for some things, because (and I am not 100% sure on this since I am not a sysadmin) I don't think Solaris comes with a C compiler. We also use DivX for... I could tell you but then I'd have to kill you
I've thought about this before because of our software licensing. Let's say Microsoft thinks they need a license audit. What's more important: maintaining our security by not allowing Microsoft access to sensitive computer systems, or complying with their "copyright" policies? If a computer is located in a secure area protected by federal classification law, who will know?
It goes both ways. The government could potentially abuse the GPL, but they could do the same to the draconian licensing terms in commercial software. It is my experience that the people in charge of acquiring systems will make sure their subordinates comply with the law. The higher-ups at my squadron stress that we must obey licensing laws because it's The Right Thing To Do.
I like open source software. I think it's the greatest thing since sliced bread. But for some applications, such as classified computer systems, it may be best to stick to closed source if you need to change the open source software.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
My company lists their open source projects here. No missile guidance systems, just stuff like virtual workspaces, and I haven't worked on any of these projects so I can't vouch for their quality/usefulness. But hey, if you're a US taxpayer you paid for them, so have at it.
I worked on a terrain database analysis tool, called ZCAP,
that was funded a few years back by U.S. Army STRICOM
and the Defense Modeling and Simulation Office
We distributed the application (and still do) in a complete package
that included a number of supporting free source applications, such as gnuplot
and tcl/tk. We handled the combination of free source, (no longer)export-restricted
software, and proprietarty libraries by loosely integrating
using system calls under a tk-based gui. Not very clean, but there
is a lot of good code in there, and I'm planning to gpl it in the near future.
Um, Hi.. slashdot moderation is done by random groups of readers, not paid editors.
Juln
This is something that people don't realize. When you put something under the GPL, YOU say that ANYONE can use your software/code under the terms of it. But you CAN STILL make SEPARATE licenses to third parties which can be as restrictive or unrestrictive as you please.
However, if this GPLed code you speak of was written by somebody else, you're fucked unless you can get that person to re-license the code for you.
RTEMS (see http://www.rtems.army.mil) is a very nice real time OS that the military has open sourced with a very BSD like license that even mentions GPL (see http://www.rtems.army.mil/rg4/copyright.html)
:-)
As a side note I see that RTEMS stands for something new - perhaps I am having a 1984 experience but I seem to remember it used to stand for "Real Time Executive for Missile Systems"
Don't say the us military has not done anything for open source or I will be forced to mention Arpanet
Well I dont think that concept works in this case for open source :D
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
The M-1 tank uses the Firebird database apparently. The military really liked the near-instant recovery from power failure (apparently the M-1 tank loses it's power every time it shoots it's main gun).
sigs are a waste of space
Let's face it, in the name of National Security, even the 1st and 4th ammendments can be suspended (for us USians).
In the face of that, I doubt that a software license agreement would enjoy greater immunity from National Security considerations than the 1st ammendment.
If somehow the Navy did distribute the binary or a system containing the binary, I doubt the recipient would have much luck in suing the Navy over GPL violations to get the source.
If Bin Laden had a nuke, I would really hope that the launch control systems was controlled by a really good OS that had been critically reviewed and worked on by lots of people - not some home grown thing cooked up in a cave.
Although technically, GPLed software is not permissible for classified applications (where the code is secret, not just the data), if the Pentagon feels its important enough, then the US military can always choose to disregard any intellecual property laws.
They have a long history of this- most famously, they took the Wright brother's patent on heavier-than-air flying machines. An invention of that magnitude should be worth TRILLIONS of dollars (in today's currency, after accumulating 90 years of interest), and they didn't pay a cent. There was a war on!
Wouldn't that fall under giving them aid and comfort? Giving the ennemy vital information (such as the source code of weapons control systems) sure helps (aids) them, doesn't it?
Say no to software patents.
Learn this and learn it well:
it's == it is
its == the possessive version of it
The word 'its' is a possessive pronoun (its, yours, hers, his, theirs) as opposed to a possessive noun and therefore does not follow the rules set out in Bob's Quick Guide To The Apostrophe, You Idiots. </grammar police>
When it comes to submarines and GPL'd software, there is at least my software suite for passive sonar signal analysis. http://hasas.sf.net
One of the tools he's using is the FlightGear flight simulator.
Maori
The military can take what they want, do what they want, build what they want, and then toss the scraps back to citizens (Arpanet, GPS, etc.). Boy, you're just silly.... Sure you're not working for the NSA and just trying to glom onto who knows what you could be looking for at /.?
Randomly clicking into the moebiac abyss...
That brings up the question of embedded devices in general, e.g. what if the binary is in night vision goggles or a satellite radio issued to troops? They presumably can't be given the classified source code. I discussed embedded devices with RMS a long time ago and back then, he seemed to think it was technically a GPL violation, but if the code in the device can't be changed (i.e. it's in ROM) then it didn't really count as software, so he wasn't too worried. At that time, embedded CPU's weren't so ubiquitous and those that existed were mostly tiny and didn't run much GPL'd code. It might be time for a more formal policy on stuff like this.
Of course, the GPL'd code owner can always grant GPL exemptions for specific purposes (the GPL itself has a clause saying this and I think the FSF has given a few exemptions in the past), so the surest way to be in good standing is if you can get permission from the owner.
Disclaimer: IANAL and I don't speak for the FSF.
Consider how an administration--and the civilian courts--might interpret "giving [enemies] aid." The source code for a guidance system, a targeting algorithm, a damage control response aid, etc. would be 'aid' under most people's definitions once you think it through. What more can you ask for than a clear understanding of the capabilities (and weaknesses) of an adversary?
Bill Gates is a communist -- he's just more equal than the rest of us.
I remember Cygnus used to advertise that this big Navy software system was built using GNU tools because the Navy decided that Microsoft stuff wasn't reliable enough. Of course that refers to the compilers etc. and I'm not sure if the resulting Navy software contained GPL code itself. However it shows there's already nontrivial military use of GPL'd software.
Don't bother GPL'ing the software if it's yours. If it's someone else's code, don't use it. The country is more important than a principle as esoteric as 'Free Software' or 'Open Source'.
The truth about Michael
... implement some sort of "Don't ask, Don't tell" policy for this whole "Open in the military" issue.
sic transit gloria mundi
Seems that this is a somewhat stupid question. Even if classified work is done by a contractor, and sold to the government as work-for-hire, the contractor is the only one required to provide the source code to anyone, and then, only to the group to whom they give the executable - the government. So, as long as they wouldn't give the executable to anyone else, the GPL is obeyed. And quite honestly, if a contractor provides classified software to anyone except the government, under government blessing, they'll have bigger problems than a GPL violation.
Go ahead, use GPL'd software in whatever you like. Unless the government plans to sell the software to anyone else later, you're completly within the bounds of the license. Nowhere does the GPL say "if you give this software to someone, you have to provide it to the world." It simply says that "if you give someone this software, you have to give them the means to modify it."
--
Just lurking, thanks!
The quotation was taken from http://www.adahome.com/Resources/Compilers/GNAT.h
You can get GNAT here or check the above webpage for mirrors.
Besides that, if you use Windows, you can use a free IDE, AdaGIDE, developed at the Department of Computer Science of the USAF Academy. The IDE is of course free software put under the terms of the GPL.
-- Look to the Rose that blows about us--"Lo, Laughing," she says, "into the World I blow..."
Luckily, OpenBSD is free even for integration into atomic bombs to be dropped on Australia.
A Source CD stuck onto the side of every submarine sold...
You arent going to get a very fair comparison from slashdot. The best thing to do would probably do more research into it yourself
It's a take on the military's 'don't ask, don't tell' policy on homosexuality in the military.
Under this definition, Clinton is definately guilty of treason and should be locked up. Of course, since he's a politician, nothing of the sort will ever happen to him...
-- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
You need to remember that the only person that has the right to get the code is the person that also has the binary, and as I said, since the Norwegian military is the sole owner and user of this then only we have the right to demand the source.
All in all my experience is that GPL-based software goes much better with the military than closed-source, as the military themself have the possibility of going over the source to check for backdoors etc etc. This isn't possible if some of our servers would be running for instance Windows 2000.
--
\ Christian A Strømmen
If you have released your code under GPL I dont think you really have a choice in the matter. I may of course be wrong here.
I'm a programmer, I don't have to spell correctly; I just have to spell consistently
Really? Which "enemy" did he aid? (No, aiding the Republicans by his foolish behavior doesn't count. In the context of this article, enemy means "military enemy", not "political opponent").
Agreed, but for perjury, not for treason.
Say no to software patents.
You cite a couple of problems which I don't think anyone has truly grappled with at this point. But... in general it seems that Open Source is a MUCH better model for the DoD than any which has come before. Finally the DoD (or for that matter any other govt. entity) has never consistently dealt with code (IP law and how the code must be delivered as source, etc...) and maybe Open Source is finally a way for it to crawl out of the dark ages. The new stuff you have brought up...
How to deal with code that becomes classified because of embedded data, or algorithms
To what degree can an 'integrator' maintain the rights they have in 'derivative' works they truly did make on their own dime but which might make use of the Open Source 'base'. Or would the Open Source Model change the dynamics completely.
... really screw up the current business model and I don't know that the clowns in govt. or in your 'industry' know how to deal with it AT ALL.
I truly believe that Open Source is the right model for the government to get the best 'bang for the buck'. I also believe it (Open Source) would staunch the bleeding hemorhage caused by 'integrators' which resell the same solutions over and over again and then claim that their rights to the code are 'proprietary' and hold the govt's fee to the fire indefinitely. I think the whole Open Source phenomenon is too new for them to really come to grips with. I think if you can make even a portion of your project (Seawolf or whatever) Open Source it would be Great!!! It would be even more interesting to see how the Lockheeds, GD's, Northrup/Grummans, etc... figure out how to make Open Source a part of their business model and their customer relationship mgt process. I think with some thought it might represent a serious competitive edge for the company(s) who figure it out first and best.
Good Luck!
I think it works fine as long as it stays in the US military. You can always see it as one big organisation that has the source somewhere.
Problems may arise when you want to export a submarine to Saudi Arabia (or whereever). GPL requires you to give them the source...
Ah, yes, but the Bomb Drop Initiator did give the aforementioned Bomb to the Bomb Drop Recipient of his or her own free will. The BDI did not absolutely have to give it to the BDR, but since they did, then the BDR is entitled to the source code. The BDR did not steal the bomb, but probably rather just stood there asking for it.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
I have also used some open source (non-GPL) in sensitive products. I reccomend looking at non-GPL options as well. I (my team) used a standard, the Vector, Signal, and Image Processing Library (VSIPL) backed by DARPA. Look into freely distributed products backed by DARPA and similar agencies.
If the work is classified. To even tell the FSF or the author, that there is a violation of the GPL could be espionage.
Remember, classified, etc. means don't tell anyone!
If you notice, most software licenses have a clause that says that if this is a US government user, then this software is classified as XXXX clause.
Maybe you should ask your Project Manager or Government Contract Manager. They are required to understand what you can and can't use, particularly when the project is classified.
Unless things have changes a lot in the past couple years, I suspect you won't be able to use any open source software. Even if you can, you should check with your Project Manager and your Government Contract Manager before you make that decision for yourself - it could cost you more than your job.
"All I ever wanted was to see Larry Wall give Bill Gates a Perl necklace."
http://www.eisenschmidt.org/jweisen
Yeah, you can tell by my uid.
Actually, I was pointing that out in case it was simply someone mistaken and not a silly troll. It does seem plausible to me that somebody actually hasn't picked up on that yet, as the moderation system was unbeknownst to me in my early days here, reading essential journal of modern civilization, this compendium of all that is True and Worthy, Slashdot.
Juln
You aren't too far wrong on removing the functionality to Chinese.
The company I worked for a couple of decades ago sold disk drives to the Chinese with high altitude heads and the RPM of the platters were reduced from 3600 RPM to 2400 RPM.
Also extra capacitors were added to the seek circuit so the settling time after a head seek was greatly extended. This was done to reduce the data access capability of the disk drives.
And in the end, the love you take is equal to the love you make
First off, run, do not walk, do not pass go, straight to the base/department legal department. Do not attempt to do ANYTHING until they OK it - the regulations surrounding secret-level work are inordinately hairy and convoluted, and only a lawyer specialized in classified-work law can answer your question definitively.
The other note, which is useful when discussing this with aforementioned lawyer: any work done under a Classified label (or higher) has different rules than "normal" work. Basically, any license that gets applied to the code only applies to those with a clearance at least as high as the code was written. Thus, if your code is Classified, I don't care if it has the BSD license, GPL, Bob's SuperFree License, or whatnot. Anyone without a Classified clearance isn't entitled to see it. Period.
This is a case where the murky grounds of National Security trumps Copyright (and other Intellectual Property) law. The law still holds, but it's restricted to the circle of security it's at.
National Security law basically allows you to use anybody else's code, provide you compensate them in a just and reasonable manner. As far as I've experienced, this means that you have to pay them the basic asking price on the free (i.e non-classified) market, and they don't get to say "no, you can't use it". For GPL/BSD/Open Source licenses, the asking price is Free, so well, they've been "compensated" as they've normally would.
In this case, Classifed work can certainly suck in Open Source code and not release it until it gets unClassified. And, as a side note, there is no "leaking" - people are not entitled to distribute code to non-cleared people, so it's not like Trade Secrets. It stays locked up until it's declassfied.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
*BSD is released under the BSD licence, which specifical permits the use of BSD software for killing babies and making money. You can keep the source under your bed if you wish. Bill Gates is permitted to use BSD software for Windows (And he does).
You are not even required to drop large numbers of BSD CDs on Sadam's head (but bonus points if you do!)
Many DARPA projects are done in cooperation with universities and many of the software supporting them end up as OSS.
Here's a list of DARPA research areas, tying in to projects. I know MIT's project oxygen has helped a lot in the world of linux on handhelds.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
I hereby declare that I and everyone I know form a conglomerate "organization", and as such we will only be purchasing copyrighted material collectively in the future. Because we will only be redistributing this material within our own organization, and not to anyone outside it, we should be exempt from copyright restrictions, right?
Let me get this straight, you work on a system that is designed to kill yet you worry about the copyright law?
If you used BSD licensed software, you'd not have
deal with unreasonable release issues related to GPL'd code, which attempts to highjack any potential corporate generosity.
GPL licensing is a snare for anyone who
wants to write code in a formal, organized setting, and it shoots itself in the
foot by attempting to subvert corporations or other bodies who may want to give something back to the public (e.g the Peace Dividend).
Intelligent businesses descision-makers will favor BSD licensed-software over any other. The BSD license very clearly has no strings attached.
If your organization feels it is important to give back some useful unclassified components, modules, or patches to the public, the BSD license absolutely encourages this.
But if your company decided to make public an unclassified module that was part of a larger classified system which was based on GPL'd code,
you'd be opening yourself up to a lawsuit because
the GPL license would require you to release the sources for all the software you made. This is unreasonable.
Even discovering a bug in GPL'd code and releasing the fix publically could arguably
oblige you and your company to release the whole of your work to the public.
So, why should anyone trust such licensing?
The fact is, the primary strength of GPL licensing is also it's primary weakness - advocacy of open source. It just goes too far trying to force this to happen.
The GPL license is like a highwayman posing as a beggar at the roadside. If you stop your carriage, and attempt to give something back of
some value, you will be forced into to giving up everything you've got.
-AJCB
You're missing an important distinction here. The GPL limits what restrictions (none) you can place on redistribution of source code as a term of the license CONTRACT.
Security classifications, in contrast, are a matter of LAW.
This is an important distinction that comes up periodically. E.g., there's a fair amount of software that is used to control the operation of amateur radio station equipment. The licenses inevitably require that the user have suitable FCC (or local equivalent) certification suitable for the operation of this equipment, probably due to FCC regulations. Does this violate the GPL? I would argue it doesn't - it's the FCC that requires a license to operate the equipment, not the author, and the sole purpose of this restriction is to limit the author's liability in those cases when the receiver acts in bad faith.
Ditto the occasional licenses that require the receiver be old enough to enter into a binding contract. Of course it's silly to say that a 17-year-old can't make valuable contributions, but the law says that contracts with 17-year-olds are never binding except for some relatively rare circumstances. (E.g., they can be emanicpated by a court, by enlistment in the military, or by marriage. Or it could be a "necessity" such as a contract for housing.)
I think the same argument can be made here. Are you willing to make the source code available to any agency legally entitled to view it? If so, then I think you can still use the GPL.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
No dipshit. I don't have all the answers. I just happen to know this one b/c I've been there. Ah, expereince is a wonderful thing. Something you may actually acheive in a few years.
As for spelling here on slashdot, I could give two shits. Get your junior high english teacher to proof and spell check it for me.
It doesn't really matter if you OSS the source: the contract you are presumably working under contains a clause to the effect "The Government retains an interest in this code" (i.e. the gov't can request the source at any time for free.) This clause is in standard DARPA contracts and grants, USAF acquisitions, etc.. Whether or not the contractor decides to release the code as a general work is another issue.
Classification-level of the code and work product is a total red herring.
There are some obvious layers of release process you have to go through before you can publish any source outside your project. The biggest hurdle is getting the contract's program office to agree that the code is publishable outside the program.
What it comes down to is: sure, go ahead, put an OSS license on the code if you want to. If you do decide to make a case for publishing the code as OSS to the general public and run the gauntlet through program offices, make sure you can separate the unclassified components from the rest of the code.
Just because you OSS your code doesn't mean that the program office or contractor automagically has to publish the code, esp. when access levels get in the way.
Its YOUR military that has protected your rights and freedoms every day since your conception.
.NEQ. Bad</b>
Would I like to see World Peace? Sure. I think it would be best for all involved. HOWEVER, it was the military that put an end to scum like Hitler and hopefully Bin Laden. You mis-spoke on the biggest mass murder in the world, it was a toss up between Stalin and Hitler. I suggest you stop in at the Holocaust Memorial next time you visit Washington D.C. to protest something. Maybe it'll open your eyes.
As for your point of OSS being international, then that means that scum like Bin Laden and Sadaam can use OSS against the US. All's fair in love and war chief.
So, next time you take a moment to release yourself from hugging your tree and open your mouth, engage your brain.
<b>Military
As for the original article, maybe you might want to investigate the BSD's.
What's my Karma Mr. Burns? "Excellent"
I'm working on a combat system for some frigates. (Like the poster, I can't divulge who/what/where)
Although my company isn't using GPL'ed code, we do use GPL'ed tools. I know its not an amazing revelation, but my management is keen on it because they don't have to cough up any cash.
Great, informative reply. Why it is at 0 moderation is beyond me. Wonder if it has something to do with that RTBL crap.
This is a CAD suite developed and used by the U.S. Army's Ballistics Research Lab. See http://ftp.arl.mil/brlcad for more information. It isn't fully Open Source for a number of reasons, but they do distribute the source code free of charge. (You can modify it, but not redistribute it.) Top secret components/add-ons are compiled separately, and of course are not available to the public.
If nothing else, maybe the BRLCAD developers can answer some of your questions.
-Sam
As far as a "secret" classification goes, it really isn't a big deal. The US gov and its contractors use OSS at all levels and for just about any project. If someone claims that the gov forbits them to use OSS that just means they are suffering from pointy-haired boss syndrome. The gov would really prefer to save money and be more efficient. It is the contractors would want to re-invent the wheel every month and uselessly waste your tax dollars.
Source code should usually be unclassified if at all possible. Classified source code is a real hassle. It is usually pretty easy to declass code.
The real issue is this. Once you put a classification onto source code (or anything for that matter), you no longer own it. It becomes property of the US gov. I really don't know how that would work for OSS. It should be pretty easy to avoid in any event. Just keep the dirty words and secret numbers out of your code. You shouldn't be hard-coding anything anyway, let alone classified information.
I've had network patches from interesting places. I've done work with bodies that wouldn't even tell me what they were using Linux for.
Linux is already used for signal descrambling, SToW (Simulated Theatre of War) and a large number of other things, many of which mere mortals are never likely to discover until thirty years on.
I get kernel fixes from such people, optimisations from such people and so forth, but I've yet to see any GPL'd nuclear attack management tools and I guess those won't be GPL 8)
Open Source is an act of love. Influencing people by killing them and destroying their property is an act of hate, or at least socially backward behavior.
I think the haters should contact the lovers to see if the lovers want their software used for an alternative purpose.
Bush's education improvements were
Oh, yeah, that's a great idea. One more thing for the NAV ET's to maintain :).
OSS seems pretty good. Lots better than "SNAPSHOT, TUBE FOUR. MAN BATTLE STATIONS TORPEDO," followed by "Program FishGuide caused a General Protection Fault in module USER.EXE at F00DBEEF:DEADD00D" in white letters on a blue background.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
...to a proprietary OS. There are several good ones that make this arrangement easy and cost effective. (Yes, I work on making one, assume I'm plugging it.) You can then know exactly what's in your OS, hack on it to your heart's content, and maybe even get some good support for it.
Start Running Better Polls
In what court would the GPL cause classified materials to be released? That's what I thought. If something is classified, the government will not release it, regardless (the courts never would). Sorry. In this country, what's illegal is determined by the government. If a classified project were using GPL code in a way that violated the GPL, noone on the outside would know anyways because it's classified (in theory, at least). This issue is really more of a moral one than a legal one. Would you violate the GPL in a classified situation in order to promote national security? rms would say no. I think I would say yes.
Brian
I hear his daughter's name is going to be Dr. Vandelay/Jane.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Please forgive the fact that I'm posting anonymously; I might get in trouble otherwise.
I work for a company that is a military contractor. Right now we have a contract to build what is, quite frankly, an ass-kickingly cool system -- I won't go into detail, but basically an embedded computer that can move around on the battlefield by firing solid-propellant fueled rockets. (How cool is my job?)
We use Linux for this device -- a decision that has paid for itself about 100 times over. The point is that Linux does not automatically infect everything with GPL. Parts of our system are GPL (and, we've distributed them publically). For example, this device does not use an x86 processor -- it uses a rather obscure processor, but one that does have Linux support. We've submitted kernel patches back to the folks who maintain the port to this processor. We have also distributed a number of kernel modules -- which are now being used by other organizations. These mods were general platform support stuff, not specific to our mission or the application.
What we have not distributed is the source code to the actual application that does the rocket-based mobility, or any of the inter-node radio communications code, etc. That stuff is the bread and butter of what the device actually does, and none of it is GPL. It runs on Linux, and uses glibc, but glibc is LGPL which means that it does not infect apps with GPLness.
Really, in this situation, I think everyone wins. Our company wins, because we developed this app in probably 1/3 the time that it would have taken had we tried using a proprietary system (the app requires kernel modications for various reasons). The Linux community wins, because it has gotten a lot of good code back from us. The the military wins, because they get an excellent product from us. U.S. taxpayers win because the thing costs a hell of a lot less than it would have if we'd used proprietary (costly) tools, which would have required twice as many (costly) engineers in order for it to work correctly.
And, I win, because I get to write Linux code at work. And my code makes things blow up. How cool is that?
-Unfortunately Anonymous.
As I have heard it defined, the point of the GPL is to allow the user to improve the product for his or her own purposes, and one of those purposes may very well (but is not required to) be to make that code available to others.
If I buy a Zero10 printer, and don't like the fact that the default drivers for that printer embed little 'x's where ever there is a contrast edge, then if the drivers were developed under the GPL, Zero10 would be requrired to provide me the source code, at my request, and at the cost of the media upon which it is distributed plus a nominal fee for the time required to produce the source code, and I could modify that code.
If I decide to re-distribute the modified code, which replaced the little 'x's with little 'o's, I would also have to provide the modified source code.
Observations...
Eproms and EEproms are not strictly Roms. I would suggest that if your going to develop firmware code (on re-programmable media, including eproms and eeproms) that you will need to be prepared to provide source code if you include GPL sourced code in the media. You should be safe with Proms, but I am not as sure.
Software in embeded systems may be developed as a gpl licenced product, but is not likely to be re-distributed. Dishwashers, refrigerators, ovens, stoves, washers and dryers, tv's, vcr's, and DVD players may all have GPL code inn use, but it is the very rare individual indeed who would consider buying one, and re-distributing it with a modified executable in it.
Am I wrong to assume that if the software does not require an EULA, it doesn't really matter what licence it was written under?
I can just see the EULA with my next microwave oven... The software included with this product does not have any gaurantees as to the sutability of it with respect to the expected uses of the product it is included with. This software may or may not cause your slice of pizza to become warmer that it was in the refrigerator you removed it from, at a rate greater than or less than what would be achived by leaving it on your back porch. The bar code reader may optionally and without involving the user spontaniously order healthy food through your local varient of webvan upon your passing a pizza box across it. We will not be held responsible for your oven tempreture droping after you put the cake in, the stove burning the cream of mushroom soup, or your freezer defrosting your ice-cream, even if you have an 802.11b sniffer trace showing that said commands originated with this device.
Then again, I could be wrong....
-Rusty
You never know...
Taco said in an IRC Q&A question that the value of comments is questionable. Therefore, the reason to post any stories on slashdot is, of course, to get us to see their new ads.
This is a tough question to answer as I am not sure what exactly you are looking for. Because you are using open source development tools, it does NOT mean you have to distribute those changes to the rest of the world or release ANY of your source code or binaries. In fact, if you are using open source code, my understanding of many open source licenses is that you are only required to release the code to those that you distribute the binaries to. This may mean your defense contractor or the DOD or Dept. of the Navy. The tricky issue is the source code could (probably will be) actually be considered more classified than the binaries.
Open source can certainly save you development time/money, but its application should depend upon its use and how it will integrate into the rest of the combat control system. For instance, how was Cluster Knave (Macintosh based submarine imagery system) integrated into command, control and combat? I don't know the answer to that one by the way. (Is Cluster Knave still around by the way? Anyone?)
Will this software integrate/interface with the outside world at all? Obscurity is your friend here and one of the reasons the NSA makes their own stuff. (rolling their own) But this certainly depends upon other systems and their requirements.
As for distributing ANY of your code, assuming you are working on anything with collateral clearance or higher, you would be under investigation PDQ. Especially given the current climate with lots of things going back into classification and security in many programs being looked at hard. Open source ideals aside, do not decide to use open source solutions for classified work if you would like to contribute back to the community. This would be a major career mistake. For classified work, use open source if it will help get the job done better/faster.
Visit Jonesblog and say hello.
Further back
- The DoD needed a way to keep an infrastructure going during and after a war. Blah Blah Blah, arpanet was born.
-
They needed Operating Systems for it to run on - prefererably something not closed and owned by IBM, DEC, Prime, etc.
Many many tools that are "just there" are there because they were developed under public grants - often not the point of the research, just tools developed in the processes of doing the work. If I develop CoolTool(TM) while being paid by taxes to do something, I can't just sell CoolTool. Frankly, often it was put out because "here was something handy and I want it to keep going but am moving on."They ended up funding a lot of the development of young Unix
(GnuPlot came from Dartmouth after being written to plot data under a weather grant or something)
My point is that Open Source and the gub'mint (esp the DoD and military) have a long history together. The fact that free software is auditable and readable is often mandatory - especially for systems that will never get third party support.
No licenses I've glanced at have ever said "If you make changes for your own use, you must give them back." If this ends up being sold one day (and many military technologies (besides Tang) HAVE made it back into the civilian world), then you may have issues.
When I worked at one where classified software was written, we were almost strictly using free software. QT and g++ for almost all of the software. Some researchers used other tools though.
I really enjoyed working for the goverment though, but not the long commute.
It is the same military money that lets you post your little message. The Internet was funded by DARPA(Defense Advanced Research Projects Agency, an agency of the DOD). And the US is the primary defender of whats right and good in the world, so bite me. Good luck in finding out if we are using your stuff in weapon systems, because you do not have the need to know. Because I will use whatever I can to make sure that US Sailors come home again.
AstroMage
The largest majority of you may not care, but the point is: do I really want to offer the results of my hard work to the military?
If they snarf some of the code you wrote for the Free Software community, well, you cannot really do anything about it (apart from hoping that the whole military concept will fall into oblivion as soon as we humans learn to live in peace). They have done so and will do so again: there are multiple signs of Linux and friends being used in many .mil situations.
But do you really want to burden your karma by pouring the precious juice of your neurons directly into their bottomless pits?
They indeed have money. Military and security are where big money can be made currently. But while with security you are just making impossible promises (there is no security that cannot be broken given enough time, patience and effort), with the military you are just plainly contributing to make the world worse.
I am stunned by another thing. Why on earth do the military rely on external contractors for weapons code? Since we all know that writing bug-free code is impossible, this is probably the situation where it would be most important to have the author of the code promptly available (with his/her green-gray dress loaded with the appropriate amount of stars and medals) for day-to-day maintenance. Is military code written with the same love for Quality that characterizes the Redmond masterpieces?
"But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL"
Note "in some way" may not include an intentional approved release. Could espionage or accidental release of the binary require source release? It could be that the GPL is too vague.
Shouldn't the BIRDS get paid this money? :-P
maybe they could use this big money to finally win in courts when they get soaked with petrol
i had a sig, once..
Ok, I got a little curious when this guy started mentioning "US Code Umptifratz" and after searching with google I couldn't find any reference to "Umptifratz" that relates to US law. In fact, only 2 search results came up. Could this guy be jerking our collective chain?
I used to work for Raytheon on sattelite control systems for the military. We were simply not allowed to use open source at all, period, end of story. The reason was that they were afraid of people (or I suppose other governements) working in viruses into the code which could then cause problems when the code was used.
The only software we could use was Official Solaris Software (tm). Have you ever used a Solaris box without GNU tools? Its a real pain in the rear. We constantly came across situations where it would have been wonderfull to use XYZ opensource project, but we had no option to use it all.
After working there for 2 years, my boss finaly went to the security group and put it to them. He asked if there was any way we could use open source. After a month of deliberation and constant proding from us and as many high level people that we could find, we finaly got an answer. 'If someone reads every line of code and signs his name to a document stating that there are no viruses in this code, then we will let you have the code'. Which is just a fancy way of saying 'no'.
So, to tie it back to your post, I'm surprised you can even consider open source. Much less worry about the GPL.
RedShodan --------- Never underestimate the bandwidth of a station wagon full of tapes.
The trickier question is scope of distribution. If your code runs a workstation out in the field operated by some E2, does something like the GPL insist he must have access to the source code? I have argued that it does not. As others in this thread have pointed out, the organization has access to the source. If the DoD contracts out classified software and the contractor uses open source stuff, then the DoD gets back its finished product of source code and executable.
Remember that in the case of the GPL, you are not required to physically distribute source with binaries; you must simply make that source available. Within the DoD, that source is available, sitting on a machine in a secure facility thousands of miles away.
CJW
GNAT Pro and GNAT Pro High Integrity Edition have certainly been used as the compilers for military systems.
GNAT, as the subject line suggests, is a GPL'd piece of software: the 'Pro' part relates to the level of support offered, access to prebuilt binaries for cross environments, early access to supported builds that are otherwise only visible in CVS GCC builds etc. Those who are interested might look at Ada Core Technologies website.
-- O improbe amor, quid non mortalia pectora cogis!
Gnuke
Gzap
...
It's
<quote>YOUR military that has protected your rights and freedoms every day since your conception.</quote>
Actually, no. The Civil War, in which the theory was proven that the greatest danger to the United States is a band of armed racist citizens with advanced military training, did not protect (or even establish) a single right or freedom for citizens in the US. The 13th, 14th, 15th and 19th Amendments to the Constitution did that, and only after a century of litigation by groups such as the NAACP, Supreme Court decisions such as Brown v. Topeka Board of Education (1954) and Roe v. Wade (1973), Presidential initiatives such as the New Deal and the Great Society, and legislative action such as the Sherman Antitrust Act, the Civil Rights Act of 1964, and the Voting Rights Act of 1965. Indeed, it is civilian control of the military which has prevented the military from being the greatest obstacle to the securing of all these rights.
[BTW -- The Emancipation Proclamation of 1863, while signaling Lincoln's recognition that he needed Black troops to win the war, did not extend rights to Blacks, since it only affected states and territories in armed revolt against the US, i.e. exactly those states disputing Lincoln's authority to issue executive orders they were bound to follow. It had as much legal effect as proclaiming that the Brazilian slaves of 1863 were free.]
-- "Why, Mr. Anderson, why? Why do you do it? Why get up? Why keep voting? Do you think you're voting for something?"
Suck it Trebeck!! Suck it hard, and suck it long!
Does anyone know of other OS projects with military association?
The basic systems that have driven the internet for decades were developed in part by the military and defense related government programs starting with DARPA.
------ The only greater hazard to your liberty than n politicians is n+1 politicians.
No shit. I knew that also. I'm also quite aware that this post, as were my last two, are quite useless. Isn't anything posted on slashdot completely fucking useless? Do you think I'm some sort of freakin' idiot?
Juln
We produced Computer-based training for a weapons system and the customer required all the source files, media, code, etc. in the name of life-cycle management.
As long as the changes do not have to be publicly published as the price of the 'free' (beer or speech) software, then I don't see what the problem is. The customer has the clearance (and probably more than the contractor...assuming the person asking here is a contractor). Seems to be a moot point from that angle...but I'm not an OSS/GPL/FSF/ETC expert.
Cheers,
Galego
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]
Yes it does according to the Supreme Court. The court ordered the US Army to pay royalties to Mauser over the design of the bolt in the 1903 Springfield rifle IIRC. I believe it took a declaration of war against Germany and perhaps wartime congressional legislation to end these payments. You example cites war also. Wartime exceptions don't invalidate the rule.