Slashdot Mirror
MITRE Corp. Report On Open Source In Government
Jeremy Allison (of the Samba team) writes "Very interesting paper just published by MITRE corporation. (In PDF - they've learned not to use Microsoft Word. :-). Highlights: 'The main conclusion of the article was that FOSS software plays a more critical role in the DoD than has generally been recognised.'; 'Create a "Generally Recognised as Safe" FOSS list ... including Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail.'
'FOSS' stands for 'Free and Open-Source Software.' Looks like these people 'get it.'"
"Generally Recognised as Safe ... bind, and sendmail."
:)
I'm all for Unix server software, but BIND and Sendmail? True, they haven't been bad lately, but both of these are former poster childs for the land of remote root exploits. Yet Qmail, djbdns, and Postfix--some of the most secure software ever made, is strangely absent.
Well, it is the government. They are making progress in their own little way.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Nice to see some of our tax dollars not going to waste on over-priced under-powered software.
...
I suppose this means there will be more job openings for geeks in government possisions. Get out your resumes guys and gals
No sig for you. YOU GET NO SIG!
About time somebody did something like this. I mean, to the average Joe, the advantages of FOSS are obvious. But the DoD need documents, papers...anything written. It's similar to businesses WANTING to pay for software and therefore keeping away from FOSS.
I guess everyone was waiting for somebody to basically do a "study" or write a paper that could be quoted or "fallen back upon" if you will.
Then again, this report is about the fact that FOSS already plays a more critical role. My point is, it's high time somebody came out and recognised the fact. Great job on the paper.
Find a job you like and you will never work a day in your life.
A very minor and unimportant comment:
Most companies when publishing in PDF format do so, not for openness but to preotect against copying or modification.
For example, my company works extensively with the FDA and we publish all our standard operating procedures (SOPs) in PDF format since it's so difficult to copy. We rely not on the openess of the format but on its limitations. Not earth-shattering but I wanted to mention that PDF is not a particularly open format, despite its structures being well known.
This list would provide quick official recognition of FOSS (Free and Open-Source Software) applications that are:
(a) commercially supported
(b) widely used and
(c) have proven track records of security and reliability (eg. as measured by speed of closures of CERT reports in comparision to closed-source alternatives)
Gmanske.
While the Navy has its much-farted-upon attempt to build Win2k-powered "Smart Ships", the NSA has been developing SELinux (Security Enhanced Linux), their homebrew kernel.
It seems that the right hand doesn't see what the left hand is doing. That's the USA federal government for you. However, based on the existance of the "safe" FOSS list, perhaps the DoD is rethinking their investments in eN Tee. I sure hope so, for the sake of national security. Meh.
"I am root. Bow before me." To this I say, "You are root, and you bear the sins of the world upon your shoulders."
In this paragraph MITRE seems to infer that GPL'ed software is some how more secure, or better able to be secured then other software.
"For Security, use of GPL within
groups with well-defined security boundaries should be encouraged to promote faster,
more locally autonomous responses to cyber threats. "
Page 3, Example 2.
This really makes no sense to me. Especially when the majority of the software they list as "heavily used infrastrucuture tools such as "Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail," are a good portion of NOT licensed under the GPL. (Yes I realize some, are but the majority of that list are not.)
Doesn't make a lot of sense. Considering most people would agree the most secure OS out there is OpenBSD.
Banning Free and Open Source Software would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to -- and overall expertise in -- the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security focused DoD groups to defend against cyberattacks.
Starting on page 32, theres a very nice glossary of common Free and Open Source Acronyms.
Isn't anybody gonna mention that RMS is going to say that FOSS should really be reffered to as Dental/FOSS?
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
whatever happened to good old ASCII or ISO text files? nothing says cross-platform than an ISO format
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I work for the DoD (and am lucky enough to work with MITRE folk as well), and we go for the open source solution whenever we can. Why? We're in security. We absolutely NEED to be able to hack our own code whenever necessary. We can't afford to be taken down by any sort of attack, whether it be a worm, virus, or directed attack -- and I'm not talking "afford" in the sense of a dollar amount. We also like to be able to do things like add signatures to our IDSs whenever we feel like it. We often notice and track new virus and worm activity before it "breaks." We can't wait for vendor updates.
I've sat through meetings with vendor reps where certain office members tore the reps some new orifices. I've heard from a *major AV/Firewall company name deleted* rep "Oh, you use open source FREEWARE! Well, if you want to go with something totally insecure that has absolutely no support and you don't know exactly what the code actually does..." The rep then sat there in stunned silence as the department head launched into a detailed tirade about how every member of the office not only knew what the open source we used did, most of us could re-write it if we needed to. The rep actually blushed and admitted that if we could do that, we didn't need their product.
Most of our offices do use Microsoft on most of the standard user desktops... but it's open source hacked-to-hell code that runs everything else around here! Well, aside from the gallons and gallons of coffee and Mountain Dew that runs the people..
Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
OK. I'll bite on your trolling attempt.
Lets see, that was a 200 page document with several figures at 1.44Mb. I'd be curious to know what how big an MS-Word file it would be.
Anyway, I've got a rant about MS-Word for document exchange.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
I've always wondered about the supposed lack of "FOSS" at DoD. Aside from SE Linux, there are other quite public acknowledgements of support for open source software. From the back of the OpenBSD 3.1 CD case:
"This effort sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Material Command, USAF, under agreement number F30602-01-2-0537"
Kind of a big hint that someone somewhere in DoD thinks highly of OpenBSD.
Of course, this support may have since been reduced or eliminated due to the same pressure that the NSA faced with SE Linux.
null sig
most of the pdf files I've seen of 50 page manuals with a few pictures were over 5mb big.
I have one that is 200 pages and it is over 30mb big.
GoatPigSheep, the 3 most important food groups
By the way, the document summary shows that it was originally a Microsoft Word Doc titled "Microsoft Word - 3DBD823B-1ABD-0AA6.doc" with the author being www.
Interesting that the DOD uses GnuPG, Linux, Linux (Red Hat), FreeBSD, NetBSD, OpenBSD, OpenOffice, Perl, Perl CGI Scripts, PerLDAP, PHP, Tcl/Tk and TCP Wrappers, amongst others.
Why use .doc at all, when a plain-text file could be viewed on any system. Or hell, do it in .html. But the fact of the matter is that most of the people who would really be interested in this document are probably using a flavor of *nix.
Voodoo Girl is the bomb!
Or, good old HTML?
The dogcow says "Moof!"
Please don't make me laugh! I just got my stitches out and it hurts!
A Government Is a Body of People, Usually Notably Ungoverned
Just to add some info here. Just because an article talks about usage and approval of FOSS in the "DoD" (Department of Defense), it doesn't mean that there is signifigant usage. Remember that the DoD is comprised of some management overhead and three sub departments: Army, Navy, Air Force. While Linux may be used and even endorsed by the "DoD", it's usage is not permitted without one hell of a waiver process in the Department of the Navy. Especially under NMCI(Navy Marine Corps Intranet), Linux is not even listed as an approved legacy system, much less something EDS will agree to support.
Additonally, each branch of the service is autonomous in IT management, which means there are FOUR DIFFERENT ways of running a network with the associated FOUR sets of management overhead and of course, they aren't interoperable. This is a fairly generalized statement, but most of the systems I deal with daily in the Marine Corps are specific to us and don't work with the other services systems despite the fact that they all do the EXACT SAME THING.
So kids, the moral of the story is: Write you congressman and complain about the misuse of your tax dollars. And don't forget to tell them that free software == excuse for lower taxes == more votes for them.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
Open with Acrobat Reader, File->Document Properties->Summary... reveals:
Title: Microsoft Word - 3DB823B-1ABD-0AA6.doc
Furthermore, the PDF file was created by http://createpdf.adobe.com - which allows one to upload files and have the processed into PDF - 15 for free, more for $$$.
Seems like they didn't find out that ghostview allows you to generate pdf files as well as view them...
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
Last I checked the BSD's were first:
"The General Public License (GPL)4 is the original FOSS license, and GPL software is simply FOSS software that is covered by the GPL."
Page 12
This report is really full of holes. In the chart it says that BSD and Artistic licensed software cannot be combined with closed source software.
In page 22:
[i]Ironically, a thoroughly rigorous and systematic ban on DoD use of FOSS could also affect a number of proprietary product that rely on FOSS products that permit incorporation of FOSS into their closed-source products. For example, Microsoft Office uses the FOSS zlib collection of data compression software, and thus could technically be banned as a product that incorporates FOSS software.[/i]
So, do you distribute that hacked-to-hell "open source" code, if you're so confident in its abilities?
Imagine if an Al-Qaeda hacker -- trust me, some computer science programs and IRC channels in this country and especially in Europe are not unlike those flight schools for them -- got ahold of some of that open-source code, browsed through it, and immediately found a really nasty root exploit due to some quickly-hacked up code.
Do you think he would be altruistic enough to report it, or would he try everything he could to cause havoc -- perhaps give out wrong intelligence to troops so they could cause another Afghan Wedding Party massacre or Chinese Embassy bombing, or steal some valuable intelligence and use it to plan terror attacks?
While open source is good, the DoD should be a bit more careful about being so open.
Weren't they the defense contractor with the absolutely awful security in Cliff Stoll's _The Cuckoo's Egg_?
May we never see th
Yes, there may be holes in the article, but overall it just makes sense for the people in the defense industry to use open source. Their GRAS list is rather accurate- and don't forget in essense that any system is only as stable as the sysadmin behind it; that goes for NT networks as well.
The report also no makes no differentation between Open Source Software like FreeBSD, OpenBSD, and Apache; and Free Software which generally always refers to software under the GPL or LGPL. Like Linux, gcc, or GNATS.
"The word free in FOSS refers not to fiscal cost, but to the autonomy rights that FOSS grants its users. (A better word for zero-cost software, which lacks such rights, is freeware.) The phrase open source1 emphasizes the right of users to study, change, and improve the source codethat is, the detailed designof FOSS applications. Software that qualifies as free almost always also qualifies as open source, and vice versa, since both phrases derive from the same set of software user rights2 formulated in the late 1980s by Richard Stallman of the Free Software Foundation."
The writer of this report does not make differentation between Open Source and Free Software. He call's things under a BSD license with no cost, and no restriction on rights, freeware. (Freeware does not mean OSS. Freeware is closed source software, that is given away at no cost.) While in the next setence pushing the view that all OSS is GPL'ed.
This report is a grave disapointment.
If you actually tried to open up any but the most basic Word document in Wordpad, it butchers the document. Try it.
.PDF documents are extremely common. Get used to it. If you really can't stand to have to download extra software to view such a common format, you'll be happy to know that most Linux distributions come with at least one .PDF viewer.
However, that's beside the point. You see, not everyone runs Windows, and not everyone wants to open a document that can come with little extras like macro virii.
Further,
Not that the parent wasn't a troll or anything...
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
I hate it when I have to buy a $400 program to view .doc file..:-)
Don't then. Download Open Office, buy Sun's Version, or use something like wordpad.
Don't then. Just use Open Office.
whatever happened to good old ASCII or ISO text files?
The PDF document contains images, tables, colors, and underlined/italicized/bold text. Those are rather difficult to express in plain ASCII text.
Doing so is not unlike trying to write a voxel-based graphics engine in HTML.
Right tool for the job...
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
I know it's DoD SOP to coin TLAs for everything, but FOSS is just lame. Reminds me of dental FOSS.
Guess they couldn't use OSS, cause that's another government agency, right? What about DFSG...
PDF tends to be smaller unless you have bitmap graphics. That's the rule I've always had. Anyone want to improve on that?
--Giving to trolls for the benefit of us all
Show me a format that's cross-platform, has the concept of headers/footers and has formatting.
Oh, right, rtf...
--Giving to trolls for the benefit of us all
I work in the trenches so-to-speak.
The good news is that the DoD is paying attention to Linux in a big way. Undoubtedly, Solaris, HP, and SGI were among a few of the favorite big ticket items that the DoD likes to purchase. However, there is a small number of people who are using linux. We're expecting that number to grow.
Mitre gets it -- they're pretty smart folks. But does the rank-and-file military? By and large -- no -- although there's more currently than say 18 months ago. Some are still caught of in the security problems linux has. Others are just ignorant by calling it "freeware" -- when linux really rises to a level above the typical "freeware" moniker.
The military is really a bargain buyer -- yes they don't want those M16's to explode -- but they don't want to be bled dry for a shoddy system, either. Especially when they have to report to a congressional subcomittee explaining why they blew billions of taxpayer dollars on incompatible systems.
whatever happened to good old ASCII or ISO text files? nothing says cross-platform than an ISO format
...I'll just go back to my Forth system and cry.
Oh sure, leave out us EBCDIC users, you young whipper-snappers with your fanch-schmancy ISO standards. HA!
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
The DoD has been asked to conduct internal software audit or trash MITRE report on FOSS.
Even the GPL does not require anyone to distribute their customized in-house modifications.
I do hope that some employees who are exposed to open source, its benefits and the values of the community behind it contribute to open source projects in some way.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Stone Design's Create under OS X produces much smaller files.
As does PrintToPDF under MacOS 9.
It is a matter of using compression on the images. Likes say JPEG compression.
The really big PDFs don't tend to use any (or very little) compression.
Good, I'm glad they get it.
Now let's slashdot the 1.5 meg PDF file and have them get it some more.
Text you fools!
-Tom
Not exactly.
.doc file produced by the most recent version of Word for Windows under Windows 2000. I think you will be surprised to find it won't be readable.
Try opening a
Are you sure it will open that word file?
I can't rember now if XP Home updated WordPad but, the version that comes with Win2000 can't open the latest version of MS's Word format.
And WordPad will work with all versions of Word's file format?
.doc converter like one based on antiword.
I don't know about Win XP but, Win2000 and Win98SE can't do it with the version included with the OS.
You could use a
due to ports, OpenBSD is very easy to keep up to date, you just do a cvsup and a make world (or somthing like that, i prefer gentoo myself ;) )
point of the matter is, that while OpenBSD is no walk in the park to maintain compared to say Windows, it isn't exactly quantum physics, usually if you can manage to get your system up and running with OpenBSD, at that point, you have more than enough knowlege to install any patches that are released.
proxy
The poster could have said Unicode text but, it is still not a good idea.
PDFs are optimized for printing and a lot of print shops will take them these days.
Text is just that, text. There aren't any images, or anything.
JPEGs are bitmaps.
The thing is that you can use compression with images in the file to make it smaller.
Basically, this is just used to make the file size smaller.
I can't remember now how long this has been around but, at least a couple of years as a means to make the files smaller.
A lot of people will begin to think about the converse, "What if Closed Source were banned from the DoD?" or even more specifically, "What if Closed Source from companies found guilty of breaking federal law were banned from the DoD?". I wouldn't be surprised if the answers were "not much change" and "things improve", respectively.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Yeah.
.doc file to either PDF or AppleWorks.
I just mentioned that becuase I actually have tried that WordPad trick at work.
Don't use Windows at home. Just convert the
Stone Design makes a free front end app to antiword.
Ever tried to read a "good old ASCII" text file? If you try to read it on screen, you'll suffer annoyance and fatigue after mere minutes. If you try to print it out, you'll end up with page after page after page of unformatted text, probably wrapped to 80 characters.
ASCII is a fine format for email and config files. It's not an acceptable document format. PDF is, despite what some people seem to think, the best digital document format available today.
I write in my journal
yes that is right even though the paper makes it sound like GNAT is a separate project from GCC, they are now one, GCC (GNU Compiler Collection). Their description says they are one now but I think this description was copied from each of their web sites.
Also is not RTLinux longer consider free software, because it restricts more than the GPL due to patents?
Also looks like they do not use csh at all which is under the BSD license. or pdksh which is in public domain, they are the default shells on OpenBSD.
They are also missed Binutils from the GNU which is the assembler and linker for most open/free operating systems.
Also is there not versions of sed and make and m4 and top that are under the BSD license?
Is perl not dual licensed, GPL and artistic?
I'm not trying to torch anybody's favorite software here, but both djbdns and qmail have drawbacks.
The biggest issue is the license. Qmail is limited to source-code only distribution, with an exception being made for precompiled binaries if they behave exactly the same as qmail normally behaves. Information here. This means that if you want qmail not to throw all of its binaries under /var and ignore most of /etc for configuration files (which it normally does), you have to compile and patch it by yourself. Also, there is no distributing patched versions, so if D. J. Bernstein dies tomorrow, qmail development is effectively frozen until qmail passes into the public domain decades later. That includes any security/performance patches, as well as ports to other architectures. Djbdns has a similiar license.
There is also compatability. Djbdns does not support certain zone transfer mechanisms. It ignores some IETF standards entirely and impliments its own version instead. I get upset when Microsoft twists and corrupts public standards for its own ends, and I get upset when Bernstien does it as well. I'm lazy, I don't want to have to doublecheck if my DNS servers supports a certain standard if my cofiguration changes. Qmail is more of a quibble, I don't like how it throws everything in /var. (And I'm not sure why the world needs qmtp)
I'm not saying that a lot of people and smaller sites won't find qmail/djbdns (and the rest of Bernstein's software) useful. They seem to be secure, and they do their job as long as everything is compatible.
However, one of the reasons why I avoid proprietary software for many tasks is that I don't want to hitch my wagon to somebody else's horse. If I go with a MTA that is wildly used and is GPL or BSDl, I am assured that development does not rest solely on one person. And if I go with standards-compliant software, it ends up being less of a hassle in the long run.
Djbdns and Qmail aren't bad. But they have licenses that limit distribution and development, and they break interoperability.
I didn't even know Microsoft has that restrictive license. It says here that it "Specifically bans use of: GPL, LGPL, Artistic, Perl, Mozilla, Netscape, Sun Community, and Sun Industry Standards."
Microsoft's site shows the license. It's really true. This particular EULA seems to be for a "Microsoft Mobile Internet Toolkit Beta 2". They actually call OSS as "Potentially Viral Software" in the license.
One of the reports' three recommendations is to create a "Generally Recognized As Safe" list of Free or Open Source Software. The stable distribution of Debian has already done this. If the DoD is looking for a base set of packages, then Debian looks to be the set to work with.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I'm currently trying to write a parser for ISO8211. Currently it makes me very cross and won't run on any platform. Just because a format has been endorsed by ISO doesn't mean it's either any good or easy to use.
[Yes, I know there already are two open source ISO8211 parsers out there. Unfortunately they're in C++ and Python respectively and I need one in Java].
I'm old enough to remember when discussions on Slashdot were well informed.
2. Why would the DoD distribute their modified code? Perhaps they would send a patch to Apache or whatever if it was sufficiently general interest, but I suspect most of the modifications have to do with security policies particular to them.
Same as everybody else I'd guess, not having to keep their own branch and re-implement any fixes in the public branch, keeping track what they have fixed and public branch haven't when the interface changes. Of course, the NSA could probably afford that, but the benefits are few...
Kjella
Live today, because you never know what tomorrow brings
If somebody finds a bug in, say Linux, that can be exploited against both Sendmail and Qmail, the Sendmail folk will fall all over themselves to find and distribute a workaround. Bernstein, on the other hand, will likely just smile and say "not qmail's fault". This doesn't do much good for people who are actually using qmail in the field and will need to create and distribute their own patches on the back-channels -- and then integrate them with the myriad of patches out there.
I really believe that Qmail's license was and is the biggest barrier to it's more widespread adoption.
OS Software is like love: The best way to make it grow is to give it away.
As a Debian Developer, allow me to strongly disagree. There is a lot of software in Debian! It's as reliable and trustworthy as we can make it, but a lot of stuff doesn't get banged on very heavily (some of it is downright obscure), and the best we can really say is, "we haven't found any obvious problems". Which is a whole world apart from "Generally Recognized As Safe."
Now, anything that's FOSS and GRAS is probably in Debian, but being in Debian stable is only evidence of being FOSS and NPU (Not Proven Unsafe).
I think that the idea of having an external list of FOSS/GRAS software is an excellent one. Moreover, I doubt if Debian wants to accept responsibility for maintaining such a list.
Seriuously. There are established procedures for keeping people out. If you're not at a very minimum using HTTP Basic authentication, it's the equivalent of setting up a billboard, or leaving a stack of papers face down on a public sidewalk in hopes nobody flips the stack over. Reasonable and innocent curiousity is not a crime, nor is reasonable reporting of the reslults of such.
A friend once got sued for using a "guest" dialup account with a null password from a local telco back in the early 1990s, when net access was damn expensive and for the most part not available to kids. He didn't set up a BBS or crack any passwrd files. He just used the guest account to telnet into some MUDs and read some newsgroups. Luckily, the jury decided it was reasonable for him to assume that as a customer, the "guest" account with no attepts made to restrict acess applied to him.
If you put a table in your front yard with a "free" banner hanging over it, it's kinda hard to charge someone for trespassing if they walk up and eat a few brownies off the table when you weren't arround. Maybe it is your yard and maybe they were your brownies, but you implied consent in a major way by putting them out there in that context. If you really only meant for the paper cups next to the brownies to be free, it's your problem. In fact, it's false advertising if you try and collect damages.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
I'm actually quite relieved to see that they don't include csh. I think that's just good sense. As for pdksh, I doubt if even BSDers use it very often, so it probably fails the widely-used test. I actually know of more people that use ash (recently renamed dash), which is originally from NetBSD, but is now found on many other systems (Linux, FreeBSD, etc.)
I was recently at a conference where several vendors promised that their anti-virus product "stopped attacks 100% of the time." I didn't bother pointing out that that wasn't exactly likely or sustainable in an operational environment.
Someone else at the conference mentioned a foreign vendor whose firewall was supposed to stop 100% of traffic -- well, it did. However, it blocked ALL network traffic to the machine it was installed on and was not reconfigurable. Hey, it did what it was advertised to do, right?
Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
Because what you had to say is about right.
;-)
Don't use qmail, use postfix. It's more secure, faster, simpler to use, and it has a much better license. Also, Weiste Venema is a much nicer person
himi
My very own DeCSS mirror.
I get "Connection Refused" from the link to the article.
I took a class recently conducted by a Major ( in the Corps) who informed me that Linux is used for firewalling at the higher echelons of IT in the Corps. As for other services, I can point you to quite a few Navy guys running Linux mailservers. The Navy is much less regimented than the Corps and their IT think nothing of going Fry's, building a nice Athlon system, and throwing Linux on it. That would never happen here in the Corps unfortunately. I'm sure if I'm in Kuwait in six months setting up a network and the only way to get said network running was through the LEAF project, I'd get the go-ahead until we could get some expensive, proprietary firewall sent to us. The poster above is pretty much dead on. Each service does have its own way of going things. Just head on over to Netcraft.com and see what the Army's running for a webserver.
This guy is way out there
I'm confused. If open source is so good, then why does it have to be "hacked-to-hell" ?
He said he works for the DoD. All really good software must be hacked and trashed a bit do be acceptable in that environment.
Therefore, open source - scramble it using the DIICOE process.
Anything Microsoft - Pre trashed, no changes necessary.
You are checking your backups, aren't you?
(In PDF - they've learned not to use Microsoft Word. :-).
Ok and how is PDF any better then Word?
The USA or DoD does not class me as an IT Specialist.
I have never worked in an IT slot in the USA or DoD.
I had a Linux PC up running a test Apache website in the ".mil" domain back in 1997. I developed a very basic one-week Linux course for and delivered it to key-personnel for a couple "train-the-trainer" sessions. I am also not a trained instructor and/or BS type person. I also did similar (except for time line) with Cisco, telephone circuit and packet switching networks.... So,
Okay, why AFT, Yippee, Dang, because in non-social situations, I have always believed that security is greatly helped when you can be sure of every line that may be used against you. Then you can hope that, you are smart enough in the environment and no line goes over your head. So, god bless the USA and pseudo-savants everywhere.
Jadi
Reality is a self-induced hallucination.
I would say that the license that gives the most freedom is the license that publically funded development should have. Guess what: that license is not the GPL
This is a tired argument, but to recap:
Long story short, GPL is analogous to a constitution protecting the freedoms of its citizens (users) by constraining in a few minor ways what freedoms the developers can deny their users.
The BSD license is more akin to a democracy with no constitution, or no strong constitution, which constrains the developers little or not at all, at the expense of leaving the users with no protection of their freedoms.
Both licenses are appropriate in some circumstances. BSDL is good for getting protocols, algorithms, and other standards widely accepted by allowing proprietary as well as free products to use the code (good example: ogg vorbis), while the GPL is excellent at insuring that a project remains free in perpetuity.
Software funded by tax dollars is funded by the users. It is therefor more appropriate to have a license which protects the rights and freedoms of the users who are paying for the developmnt over those of the developers who are being paid (though of course developers benefit immensly, in having their freedoms protected with respect to contributions by other developers. Not every user is a developer, but every developer is a user somewhere along the line).
The Future of Human Evolution: Autonomy
The DoD is under tremendous pressure to have Microsoft blessed as the only products they use, as Microsoft has learned how to lobby and started throwing lots of money at this. The government is a huge purchaser of systems, and there are many legacy things out there. Since the past 10 years or so have brought many fresh college grads into the workforce, many of whom only know Microsoft products, there is pressure on the technical selection folks to replace with Microsoft since those precious MCSE's only know these platforms.
This report is probably an effort to build some evidence and support on why wholesale replacement of everything with off the shelf would add costs and hurt national security. Probably also explains IBM's (and others) shift to support Linux and variants over the past few years as they saw Microsoft tactics refined.
And, Microsoft's more recent license agreement language seems pointed at providing a legal reason why they need to be the only platform, since there are no technical reasons.
Sleep is for the Weak
After all, they're MIT. MITRE stands for MIT Research. For the uninitiated, MIT is Massachusetts Institute of Technology.
Laws affecting technology will always be bad until enough techies become lawyers.
Qmail is not really an open source software/ free software program. See my paper at http://www.dwheeler.com/oss_fs_why.html for an explanation.
- David A. Wheeler (see my Secure Programming HOWTO)
A common assumption about FOSS licenses such as GPL is that their transitive user rights
means they cannot be used with non-FOSS (e.g., government or proprietary) software. However,
this is generally not the case; such mixing can generally be done in various ways. For example,
even GPL with its strong protection of transitive user rights provides a number of mechanisms to
allow such mixing (Figure 1). Microsoft 5 provides a good example of an innovative use of one
such mixing strategy in their Windows Services for Unix (SFU)6 product.
This is an incredibly misleading statement. Nobody has ever assumed that GPL software cannot be used on the same system as proprietary software. This ignores the fact that you cannot link a GPL library into your proprietary code. For a company that writes top secret material, this is somewhat concerning that they would ignore this.
"so 'many 'quotes'; (and) "random?" 'punctuation!"' 'HELP!'"
It was written by:
Terry Bollinger
The MITRE Corporation
1820 Dolley Madison Blvd.,
W534 McLean, VA, 22102, USA
terry@mitre.org
Terry Bollinger currently works at The MITRE Corporation, where he focuses on distributed software and hardware architectures issues for U.S. Department of Defense information infrastructures. He is an editor for IEEE Software, and was one of two Special Editors for the Jan/Feb 1999 issue of IEEE Software on Linux and open source software methods.
Terry has had extensive experience at all levels of software development in the telecommunications industry, at NASA, and for the U.S. Department of Defense. Especially while working in the telecommunications industry, he has had extensive hands-on experience with both a wide range of software construction methods and approaches, and with the consequenses of trying to apply some of these methods in "realistic" environments in which there is a typical spectrum of developer experience (e.g., what happens when C++ is applied in and environment consisting almost entirely of long-term funcional C programmers). Terry also has a strong background in software reusability and software process, including an IEEE Software Best Paper on why software process improvement doesn't always give the kinds of results advertised, and is intrigued by the issue of why some programmers seem to be so much better at producing high-quality, stable code that endures over time. In terms of software construction issues, he is both highly familiar with the overall set of techniques involved (including newer methods such a graphical component based programming), and is strongly supportive of the need for good methods while also being heathily skeptical about a lot of the claims made for various software construction methods and tools.
Terry has M.S. and B.S. degrees in Computer Science from the University of Missouri at Rolla, and has been a member of IEEE for 23 years.
As of yet, there's not enough incentive for the non-ideologically driven to drop Word and switch to an open source product. Large organizations, and MITRE is large, already have Word sitting on thousands of desktops, they've paid for it, and they've sent employees off to "How To Use Word" training. Bringing in a Word replacement means additonal time and cost (installations, tweaking, employee training, help desk training, etc.) without a compelling payoff --you pay for the transition and your capabilities remain essentially the same.
Open source office suites will need to do a lot more than be "free" and successfully mimic MS Office before they're become worth the price of switching.
-- Slashdot: When Public Access TV Says "No"
What I find really distasteful is the above phrase's incorporation of "MIT". Microsoft tries to pass it off as standing for "Mobile Internet Toolkit", but personally I believe it was intended to sound like (and evoke the favorable sentiments associated with) the Massachusetts Institute of Technology AND the associated, like-named OSS license.
.
- First they ignore you, then they laugh at you, then ???, then profit.
If the bug was in Linux, shouldn't the patch be done to Linux? And why should Bernstein take responsibility for bugs in other people's code?
Besides, Bernstein does fix his software when vulnerabilities in some platforms are discovered. He did it with his daemontools package (his replacement for inetd).
Je ne parle pas francais.
Somebody there was aware that there was a bunch of people who argue about the differences between "Free" and "Open" and which one is better, while for all practical purposes they are exactly the same. Combining the acronym was a good way to not take sides in the argument (I suspect the authors had no opinion either). I also think a word starting with a consonant is easier to pronounce and put into sentences.
No offence to you, Sivar, since you're an innocent victim of this offtopic rant, but it's unfortunate that you can click a box to disable peoples .sigs, but there's no box to disable comments about people's sigs. If only...
Will the Python one run under Jython? Just a thought.
They pretty much screwed me royally on a contract. They had no intention of completing it, they were just trolling for employees. When I wouldn't accept their job offer (at less than half of my consulting rate - a rate which THEY had offered in the first place) they dumped me with no notice. Then they proceeded to use the 10 weeks of work I did to satisfy a whole year's contract requirements to the NSA. (I started going out with a woman in the office after I left, which is how I know.) The agency I went through told me they had actually dropped them as a client because they had done the same thing to others. The people there were generally nice and there was interesting work, but the local management was pretty ruthless. YMMV
The revolution will NOT be televised.
What is the difference between a real song and a simulated song?
The definition of free in the article quotes Stallman's definition of free. A part of Stallman's definition of Freedom is:
"The freedom to redistribute copies so you can help your neighbor (freedom 2)." and
"The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for this."
Does anyone else notice how the word freedom in these statements should be replaced with condition, i.e.:
"The condition that you must redistribute copies so you can help your neighbor (freedom 2)." and
"The freedom to improve the program, under the condition that you release your improvements to the public, so that the whole community benefits. (freedom 3). Access to the source code is a precondition for this."
This is a strange definition of freedom if you ask me. It means that an individual working on software derivatives for whatever purpose, must sacrifice his work "for the public good"; A very blatant socialist mentality which ultimately restricts the rights of an individual to personally benefit from his own labor. Now, this is all well and good when people volunteer to work anyway, and sacrifice their individual rights. Just don't expect companies to pay people to help develop this software, since the company cannot gain any value from the software mods, other than for actual internal use in the company. This will ultimately restrict the use of this FOSS software in the DoD in this case, if any software mods are necessary for classified applications, for instance. We've already seen companies like Apple and TiVo pass over linux for freeBSD, because BSD really is free, i.e. no GPL.
Vote for Pedro
For some reason people are often wary about the idea of loading new versions of the kernel into running servers. and new kernel releases can take longer to test and propogate than (relatively) simple userspace programs.
How long do you want to wait for a patch to a security problem?
(Perhaps I should have used a proprietary Kernel as an example --- they're likely to take much longer to come out with a patch).
OS Software is like love: The best way to make it grow is to give it away.
Ahem... last time I checked, the "origin of Capabilities Maturity Model" (sic) was widely acknowledged to be Watts Humphrey and the Carnegie Mellon Software Engineering Institute (SEI), not the MITRE Corporation. Click here for some more info. I wonder if my MITRE associates would agree with the statement that MITRE "breaks down all... initiative"??? And I thought it was bad in the Government!
I was a bit disappointed to read about the potential scenarios for using GPLed libraries on page 24 of this otherwise excellent report. One could easily misread the report as saying: if you develop some code that crucially relies on a GPLed library that you've thus created GPLed software. But that's far from being the case for in-house research or development. If you never release any of your code or binaries (correct me if I'm wrong), you can use supporting GPLed libraries.
Marklar: marklar
PDF is a subset of Postscript all right, but while Postscript contains the actual character values, PDFs only store glyphIDs.
Glyphs, not characters.
There is a difference. A big difference. Trying to turn glyphIDs back into characters may work sometimes, but it's certainly not guaranteed to work. Any glyphs that do not have cmap entries in the font will come out as garbage.
Adobe should certainly never have put the text selection tool into Acrobat Reader. It does not work half the time, and it has fooled people into thinking that PDFs contain text. They don't. They only contain the vector image data necessary to render the text.
Free Hans!
There was a writer in 'Life' magazine ... who claimed that rabbits have
no memory, which is one of their defensive mechanisms. If they recalled
every close shave they had in the course of just an hour life would become
insupportable.
-- Kurt Vonnegut
- this post brought to you by the Automated Last Post Generator...