Slashdot Mirror
MITRE Corp. Report On Open Source In Government
Jeremy Allison (of the Samba team) writes "Very interesting paper just published by MITRE corporation. (In PDF - they've learned not to use Microsoft Word. :-). Highlights: 'The main conclusion of the article was that FOSS software plays a more critical role in the DoD than has generally been recognised.'; 'Create a "Generally Recognised as Safe" FOSS list ... including Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail.'
'FOSS' stands for 'Free and Open-Source Software.' Looks like these people 'get it.'"
"Generally Recognised as Safe ... bind, and sendmail."
:)
I'm all for Unix server software, but BIND and Sendmail? True, they haven't been bad lately, but both of these are former poster childs for the land of remote root exploits. Yet Qmail, djbdns, and Postfix--some of the most secure software ever made, is strangely absent.
Well, it is the government. They are making progress in their own little way.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Nice to see some of our tax dollars not going to waste on over-priced under-powered software.
...
I suppose this means there will be more job openings for geeks in government possisions. Get out your resumes guys and gals
No sig for you. YOU GET NO SIG!
About time somebody did something like this. I mean, to the average Joe, the advantages of FOSS are obvious. But the DoD need documents, papers...anything written. It's similar to businesses WANTING to pay for software and therefore keeping away from FOSS.
I guess everyone was waiting for somebody to basically do a "study" or write a paper that could be quoted or "fallen back upon" if you will.
Then again, this report is about the fact that FOSS already plays a more critical role. My point is, it's high time somebody came out and recognised the fact. Great job on the paper.
Find a job you like and you will never work a day in your life.
A very minor and unimportant comment:
Most companies when publishing in PDF format do so, not for openness but to preotect against copying or modification.
For example, my company works extensively with the FDA and we publish all our standard operating procedures (SOPs) in PDF format since it's so difficult to copy. We rely not on the openess of the format but on its limitations. Not earth-shattering but I wanted to mention that PDF is not a particularly open format, despite its structures being well known.
This list would provide quick official recognition of FOSS (Free and Open-Source Software) applications that are:
(a) commercially supported
(b) widely used and
(c) have proven track records of security and reliability (eg. as measured by speed of closures of CERT reports in comparision to closed-source alternatives)
Gmanske.
While the Navy has its much-farted-upon attempt to build Win2k-powered "Smart Ships", the NSA has been developing SELinux (Security Enhanced Linux), their homebrew kernel.
It seems that the right hand doesn't see what the left hand is doing. That's the USA federal government for you. However, based on the existance of the "safe" FOSS list, perhaps the DoD is rethinking their investments in eN Tee. I sure hope so, for the sake of national security. Meh.
"I am root. Bow before me." To this I say, "You are root, and you bear the sins of the world upon your shoulders."
In this paragraph MITRE seems to infer that GPL'ed software is some how more secure, or better able to be secured then other software.
"For Security, use of GPL within
groups with well-defined security boundaries should be encouraged to promote faster,
more locally autonomous responses to cyber threats. "
Page 3, Example 2.
This really makes no sense to me. Especially when the majority of the software they list as "heavily used infrastrucuture tools such as "Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail," are a good portion of NOT licensed under the GPL. (Yes I realize some, are but the majority of that list are not.)
Doesn't make a lot of sense. Considering most people would agree the most secure OS out there is OpenBSD.
Banning Free and Open Source Software would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to -- and overall expertise in -- the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security focused DoD groups to defend against cyberattacks.
Starting on page 32, theres a very nice glossary of common Free and Open Source Acronyms.
Isn't anybody gonna mention that RMS is going to say that FOSS should really be reffered to as Dental/FOSS?
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
whatever happened to good old ASCII or ISO text files? nothing says cross-platform than an ISO format
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I work for the DoD (and am lucky enough to work with MITRE folk as well), and we go for the open source solution whenever we can. Why? We're in security. We absolutely NEED to be able to hack our own code whenever necessary. We can't afford to be taken down by any sort of attack, whether it be a worm, virus, or directed attack -- and I'm not talking "afford" in the sense of a dollar amount. We also like to be able to do things like add signatures to our IDSs whenever we feel like it. We often notice and track new virus and worm activity before it "breaks." We can't wait for vendor updates.
I've sat through meetings with vendor reps where certain office members tore the reps some new orifices. I've heard from a *major AV/Firewall company name deleted* rep "Oh, you use open source FREEWARE! Well, if you want to go with something totally insecure that has absolutely no support and you don't know exactly what the code actually does..." The rep then sat there in stunned silence as the department head launched into a detailed tirade about how every member of the office not only knew what the open source we used did, most of us could re-write it if we needed to. The rep actually blushed and admitted that if we could do that, we didn't need their product.
Most of our offices do use Microsoft on most of the standard user desktops... but it's open source hacked-to-hell code that runs everything else around here! Well, aside from the gallons and gallons of coffee and Mountain Dew that runs the people..
Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
I've always wondered about the supposed lack of "FOSS" at DoD. Aside from SE Linux, there are other quite public acknowledgements of support for open source software. From the back of the OpenBSD 3.1 CD case:
"This effort sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Material Command, USAF, under agreement number F30602-01-2-0537"
Kind of a big hint that someone somewhere in DoD thinks highly of OpenBSD.
Of course, this support may have since been reduced or eliminated due to the same pressure that the NSA faced with SE Linux.
null sig
By the way, the document summary shows that it was originally a Microsoft Word Doc titled "Microsoft Word - 3DBD823B-1ABD-0AA6.doc" with the author being www.
Interesting that the DOD uses GnuPG, Linux, Linux (Red Hat), FreeBSD, NetBSD, OpenBSD, OpenOffice, Perl, Perl CGI Scripts, PerLDAP, PHP, Tcl/Tk and TCP Wrappers, amongst others.
Please don't make me laugh! I just got my stitches out and it hurts!
A Government Is a Body of People, Usually Notably Ungoverned
Just to add some info here. Just because an article talks about usage and approval of FOSS in the "DoD" (Department of Defense), it doesn't mean that there is signifigant usage. Remember that the DoD is comprised of some management overhead and three sub departments: Army, Navy, Air Force. While Linux may be used and even endorsed by the "DoD", it's usage is not permitted without one hell of a waiver process in the Department of the Navy. Especially under NMCI(Navy Marine Corps Intranet), Linux is not even listed as an approved legacy system, much less something EDS will agree to support.
Additonally, each branch of the service is autonomous in IT management, which means there are FOUR DIFFERENT ways of running a network with the associated FOUR sets of management overhead and of course, they aren't interoperable. This is a fairly generalized statement, but most of the systems I deal with daily in the Marine Corps are specific to us and don't work with the other services systems despite the fact that they all do the EXACT SAME THING.
So kids, the moral of the story is: Write you congressman and complain about the misuse of your tax dollars. And don't forget to tell them that free software == excuse for lower taxes == more votes for them.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
Open with Acrobat Reader, File->Document Properties->Summary... reveals:
Title: Microsoft Word - 3DB823B-1ABD-0AA6.doc
Furthermore, the PDF file was created by http://createpdf.adobe.com - which allows one to upload files and have the processed into PDF - 15 for free, more for $$$.
Seems like they didn't find out that ghostview allows you to generate pdf files as well as view them...
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
Last I checked the BSD's were first:
"The General Public License (GPL)4 is the original FOSS license, and GPL software is simply FOSS software that is covered by the GPL."
Page 12
This report is really full of holes. In the chart it says that BSD and Artistic licensed software cannot be combined with closed source software.
In page 22:
[i]Ironically, a thoroughly rigorous and systematic ban on DoD use of FOSS could also affect a number of proprietary product that rely on FOSS products that permit incorporation of FOSS into their closed-source products. For example, Microsoft Office uses the FOSS zlib collection of data compression software, and thus could technically be banned as a product that incorporates FOSS software.[/i]
Weren't they the defense contractor with the absolutely awful security in Cliff Stoll's _The Cuckoo's Egg_?
May we never see th
The report also no makes no differentation between Open Source Software like FreeBSD, OpenBSD, and Apache; and Free Software which generally always refers to software under the GPL or LGPL. Like Linux, gcc, or GNATS.
"The word free in FOSS refers not to fiscal cost, but to the autonomy rights that FOSS grants its users. (A better word for zero-cost software, which lacks such rights, is freeware.) The phrase open source1 emphasizes the right of users to study, change, and improve the source codethat is, the detailed designof FOSS applications. Software that qualifies as free almost always also qualifies as open source, and vice versa, since both phrases derive from the same set of software user rights2 formulated in the late 1980s by Richard Stallman of the Free Software Foundation."
The writer of this report does not make differentation between Open Source and Free Software. He call's things under a BSD license with no cost, and no restriction on rights, freeware. (Freeware does not mean OSS. Freeware is closed source software, that is given away at no cost.) While in the next setence pushing the view that all OSS is GPL'ed.
This report is a grave disapointment.
If you actually tried to open up any but the most basic Word document in Wordpad, it butchers the document. Try it.
.PDF documents are extremely common. Get used to it. If you really can't stand to have to download extra software to view such a common format, you'll be happy to know that most Linux distributions come with at least one .PDF viewer.
However, that's beside the point. You see, not everyone runs Windows, and not everyone wants to open a document that can come with little extras like macro virii.
Further,
Not that the parent wasn't a troll or anything...
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
I hate it when I have to buy a $400 program to view .doc file..:-)
Don't then. Download Open Office, buy Sun's Version, or use something like wordpad.
Don't then. Just use Open Office.
whatever happened to good old ASCII or ISO text files?
The PDF document contains images, tables, colors, and underlined/italicized/bold text. Those are rather difficult to express in plain ASCII text.
Doing so is not unlike trying to write a voxel-based graphics engine in HTML.
Right tool for the job...
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
PDF tends to be smaller unless you have bitmap graphics. That's the rule I've always had. Anyone want to improve on that?
--Giving to trolls for the benefit of us all
I work in the trenches so-to-speak.
The good news is that the DoD is paying attention to Linux in a big way. Undoubtedly, Solaris, HP, and SGI were among a few of the favorite big ticket items that the DoD likes to purchase. However, there is a small number of people who are using linux. We're expecting that number to grow.
Mitre gets it -- they're pretty smart folks. But does the rank-and-file military? By and large -- no -- although there's more currently than say 18 months ago. Some are still caught of in the security problems linux has. Others are just ignorant by calling it "freeware" -- when linux really rises to a level above the typical "freeware" moniker.
The military is really a bargain buyer -- yes they don't want those M16's to explode -- but they don't want to be bled dry for a shoddy system, either. Especially when they have to report to a congressional subcomittee explaining why they blew billions of taxpayer dollars on incompatible systems.
whatever happened to good old ASCII or ISO text files? nothing says cross-platform than an ISO format
...I'll just go back to my Forth system and cry.
Oh sure, leave out us EBCDIC users, you young whipper-snappers with your fanch-schmancy ISO standards. HA!
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
The DoD has been asked to conduct internal software audit or trash MITRE report on FOSS.
1. Somehow I doubt that the DoD -- or anywhere that security is really important -- throws together code and puts it into production right away. (Who hasn't heard the stories about the draconian code review policies?)
2. Why would the DoD distribute their modified code? Perhaps they would send a patch to Apache or whatever if it was sufficiently general interest, but I suspect most of the modifications have to do with security policies particular to them.
3. Do you really believe that "Al-Qaeda hackers" [sic] spend more person-hours looking at the code than non-malicious users?
4. Neglecting the silliness about Al-Qaeda, why should I trust you that "some computer science programs and IRC channels" are training highly dangerous black hats? Last I checked, IRC was the land of windows-running script kiddies, and typical computer science programs include perhaps one optional course on security.
Even the GPL does not require anyone to distribute their customized in-house modifications.
I do hope that some employees who are exposed to open source, its benefits and the values of the community behind it contribute to open source projects in some way.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
A lot of people will begin to think about the converse, "What if Closed Source were banned from the DoD?" or even more specifically, "What if Closed Source from companies found guilty of breaking federal law were banned from the DoD?". I wouldn't be surprised if the answers were "not much change" and "things improve", respectively.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Ever tried to read a "good old ASCII" text file? If you try to read it on screen, you'll suffer annoyance and fatigue after mere minutes. If you try to print it out, you'll end up with page after page after page of unformatted text, probably wrapped to 80 characters.
ASCII is a fine format for email and config files. It's not an acceptable document format. PDF is, despite what some people seem to think, the best digital document format available today.
I write in my journal
yes that is right even though the paper makes it sound like GNAT is a separate project from GCC, they are now one, GCC (GNU Compiler Collection). Their description says they are one now but I think this description was copied from each of their web sites.
Also is not RTLinux longer consider free software, because it restricts more than the GPL due to patents?
Also looks like they do not use csh at all which is under the BSD license. or pdksh which is in public domain, they are the default shells on OpenBSD.
They are also missed Binutils from the GNU which is the assembler and linker for most open/free operating systems.
Also is there not versions of sed and make and m4 and top that are under the BSD license?
Is perl not dual licensed, GPL and artistic?
I'm not trying to torch anybody's favorite software here, but both djbdns and qmail have drawbacks.
The biggest issue is the license. Qmail is limited to source-code only distribution, with an exception being made for precompiled binaries if they behave exactly the same as qmail normally behaves. Information here. This means that if you want qmail not to throw all of its binaries under /var and ignore most of /etc for configuration files (which it normally does), you have to compile and patch it by yourself. Also, there is no distributing patched versions, so if D. J. Bernstein dies tomorrow, qmail development is effectively frozen until qmail passes into the public domain decades later. That includes any security/performance patches, as well as ports to other architectures. Djbdns has a similiar license.
There is also compatability. Djbdns does not support certain zone transfer mechanisms. It ignores some IETF standards entirely and impliments its own version instead. I get upset when Microsoft twists and corrupts public standards for its own ends, and I get upset when Bernstien does it as well. I'm lazy, I don't want to have to doublecheck if my DNS servers supports a certain standard if my cofiguration changes. Qmail is more of a quibble, I don't like how it throws everything in /var. (And I'm not sure why the world needs qmtp)
I'm not saying that a lot of people and smaller sites won't find qmail/djbdns (and the rest of Bernstein's software) useful. They seem to be secure, and they do their job as long as everything is compatible.
However, one of the reasons why I avoid proprietary software for many tasks is that I don't want to hitch my wagon to somebody else's horse. If I go with a MTA that is wildly used and is GPL or BSDl, I am assured that development does not rest solely on one person. And if I go with standards-compliant software, it ends up being less of a hassle in the long run.
Djbdns and Qmail aren't bad. But they have licenses that limit distribution and development, and they break interoperability.
I didn't even know Microsoft has that restrictive license. It says here that it "Specifically bans use of: GPL, LGPL, Artistic, Perl, Mozilla, Netscape, Sun Community, and Sun Industry Standards."
Microsoft's site shows the license. It's really true. This particular EULA seems to be for a "Microsoft Mobile Internet Toolkit Beta 2". They actually call OSS as "Potentially Viral Software" in the license.
Even on Slashdot the GPL is largely misunderstood. It principally dictates that if you redistribute the software you must also redistribute the source; it does not require that you redistribute the source in order to use the code yourself in whatever fashion you require. Your error is exactly the misunderstanding that MS capitalizes upon in describing the GPL as 'viral'.
One of the reports' three recommendations is to create a "Generally Recognized As Safe" list of Free or Open Source Software. The stable distribution of Debian has already done this. If the DoD is looking for a base set of packages, then Debian looks to be the set to work with.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I'm currently trying to write a parser for ISO8211. Currently it makes me very cross and won't run on any platform. Just because a format has been endorsed by ISO doesn't mean it's either any good or easy to use.
[Yes, I know there already are two open source ISO8211 parsers out there. Unfortunately they're in C++ and Python respectively and I need one in Java].
I'm old enough to remember when discussions on Slashdot were well informed.
2. Why would the DoD distribute their modified code? Perhaps they would send a patch to Apache or whatever if it was sufficiently general interest, but I suspect most of the modifications have to do with security policies particular to them.
Same as everybody else I'd guess, not having to keep their own branch and re-implement any fixes in the public branch, keeping track what they have fixed and public branch haven't when the interface changes. Of course, the NSA could probably afford that, but the benefits are few...
Kjella
Live today, because you never know what tomorrow brings
If somebody finds a bug in, say Linux, that can be exploited against both Sendmail and Qmail, the Sendmail folk will fall all over themselves to find and distribute a workaround. Bernstein, on the other hand, will likely just smile and say "not qmail's fault". This doesn't do much good for people who are actually using qmail in the field and will need to create and distribute their own patches on the back-channels -- and then integrate them with the myriad of patches out there.
I really believe that Qmail's license was and is the biggest barrier to it's more widespread adoption.
OS Software is like love: The best way to make it grow is to give it away.
As a Debian Developer, allow me to strongly disagree. There is a lot of software in Debian! It's as reliable and trustworthy as we can make it, but a lot of stuff doesn't get banged on very heavily (some of it is downright obscure), and the best we can really say is, "we haven't found any obvious problems". Which is a whole world apart from "Generally Recognized As Safe."
Now, anything that's FOSS and GRAS is probably in Debian, but being in Debian stable is only evidence of being FOSS and NPU (Not Proven Unsafe).
I think that the idea of having an external list of FOSS/GRAS software is an excellent one. Moreover, I doubt if Debian wants to accept responsibility for maintaining such a list.
Seriuously. There are established procedures for keeping people out. If you're not at a very minimum using HTTP Basic authentication, it's the equivalent of setting up a billboard, or leaving a stack of papers face down on a public sidewalk in hopes nobody flips the stack over. Reasonable and innocent curiousity is not a crime, nor is reasonable reporting of the reslults of such.
A friend once got sued for using a "guest" dialup account with a null password from a local telco back in the early 1990s, when net access was damn expensive and for the most part not available to kids. He didn't set up a BBS or crack any passwrd files. He just used the guest account to telnet into some MUDs and read some newsgroups. Luckily, the jury decided it was reasonable for him to assume that as a customer, the "guest" account with no attepts made to restrict acess applied to him.
If you put a table in your front yard with a "free" banner hanging over it, it's kinda hard to charge someone for trespassing if they walk up and eat a few brownies off the table when you weren't arround. Maybe it is your yard and maybe they were your brownies, but you implied consent in a major way by putting them out there in that context. If you really only meant for the paper cups next to the brownies to be free, it's your problem. In fact, it's false advertising if you try and collect damages.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
I'm actually quite relieved to see that they don't include csh. I think that's just good sense. As for pdksh, I doubt if even BSDers use it very often, so it probably fails the widely-used test. I actually know of more people that use ash (recently renamed dash), which is originally from NetBSD, but is now found on many other systems (Linux, FreeBSD, etc.)
I was recently at a conference where several vendors promised that their anti-virus product "stopped attacks 100% of the time." I didn't bother pointing out that that wasn't exactly likely or sustainable in an operational environment.
Someone else at the conference mentioned a foreign vendor whose firewall was supposed to stop 100% of traffic -- well, it did. However, it blocked ALL network traffic to the machine it was installed on and was not reconfigurable. Hey, it did what it was advertised to do, right?
Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
Because what you had to say is about right.
;-)
Don't use qmail, use postfix. It's more secure, faster, simpler to use, and it has a much better license. Also, Weiste Venema is a much nicer person
himi
My very own DeCSS mirror.
I took a class recently conducted by a Major ( in the Corps) who informed me that Linux is used for firewalling at the higher echelons of IT in the Corps. As for other services, I can point you to quite a few Navy guys running Linux mailservers. The Navy is much less regimented than the Corps and their IT think nothing of going Fry's, building a nice Athlon system, and throwing Linux on it. That would never happen here in the Corps unfortunately. I'm sure if I'm in Kuwait in six months setting up a network and the only way to get said network running was through the LEAF project, I'd get the go-ahead until we could get some expensive, proprietary firewall sent to us. The poster above is pretty much dead on. Each service does have its own way of going things. Just head on over to Netcraft.com and see what the Army's running for a webserver.
This guy is way out there
I would say that the license that gives the most freedom is the license that publically funded development should have. Guess what: that license is not the GPL
This is a tired argument, but to recap:
Long story short, GPL is analogous to a constitution protecting the freedoms of its citizens (users) by constraining in a few minor ways what freedoms the developers can deny their users.
The BSD license is more akin to a democracy with no constitution, or no strong constitution, which constrains the developers little or not at all, at the expense of leaving the users with no protection of their freedoms.
Both licenses are appropriate in some circumstances. BSDL is good for getting protocols, algorithms, and other standards widely accepted by allowing proprietary as well as free products to use the code (good example: ogg vorbis), while the GPL is excellent at insuring that a project remains free in perpetuity.
Software funded by tax dollars is funded by the users. It is therefor more appropriate to have a license which protects the rights and freedoms of the users who are paying for the developmnt over those of the developers who are being paid (though of course developers benefit immensly, in having their freedoms protected with respect to contributions by other developers. Not every user is a developer, but every developer is a user somewhere along the line).
The Future of Human Evolution: Autonomy
Microsoft software has to be trashed too, fortunatly the registry makes this easy to do. It's not hard to horribly break a Windows machine with a few strategic registry tweaks, all in the name of security.
I read the internet for the articles.
The DoD is under tremendous pressure to have Microsoft blessed as the only products they use, as Microsoft has learned how to lobby and started throwing lots of money at this. The government is a huge purchaser of systems, and there are many legacy things out there. Since the past 10 years or so have brought many fresh college grads into the workforce, many of whom only know Microsoft products, there is pressure on the technical selection folks to replace with Microsoft since those precious MCSE's only know these platforms.
This report is probably an effort to build some evidence and support on why wholesale replacement of everything with off the shelf would add costs and hurt national security. Probably also explains IBM's (and others) shift to support Linux and variants over the past few years as they saw Microsoft tactics refined.
And, Microsoft's more recent license agreement language seems pointed at providing a legal reason why they need to be the only platform, since there are no technical reasons.
Sleep is for the Weak
After all, they're MIT. MITRE stands for MIT Research. For the uninitiated, MIT is Massachusetts Institute of Technology.
Laws affecting technology will always be bad until enough techies become lawyers.
Qmail is not really an open source software/ free software program. See my paper at http://www.dwheeler.com/oss_fs_why.html for an explanation.
- David A. Wheeler (see my Secure Programming HOWTO)
You are quite mistaken. People who are clueless about the GPL (and there are a lot of them) assume this all the time. And others make other incorrect assumptions: for example, that code that is compiled or written with a GPL'ed tool becomes GPL'ed. Few people who have been involved in the debate for a while suffer gross misunderstandings like this, but the general public (and clueless managers) certainly do.
It's not true that you can't link a GPL library into your proprietary code. You can. You just can't distribute it to others in that state. (You can still use it internally.) If you need to distribute proprietary code but want to use GPL code, you just have to keep them at a safe distance from each other: for example, running in separate processes and communicating through IPC or standard I/O is fine. And, of course, this sort of issue is totally irrelevant to the question of whether or not to use Linux; it's about integrating GPL code into your code, not merely using them side by side.
It was written by:
Terry Bollinger
The MITRE Corporation
1820 Dolley Madison Blvd.,
W534 McLean, VA, 22102, USA
terry@mitre.org
Terry Bollinger currently works at The MITRE Corporation, where he focuses on distributed software and hardware architectures issues for U.S. Department of Defense information infrastructures. He is an editor for IEEE Software, and was one of two Special Editors for the Jan/Feb 1999 issue of IEEE Software on Linux and open source software methods.
Terry has had extensive experience at all levels of software development in the telecommunications industry, at NASA, and for the U.S. Department of Defense. Especially while working in the telecommunications industry, he has had extensive hands-on experience with both a wide range of software construction methods and approaches, and with the consequenses of trying to apply some of these methods in "realistic" environments in which there is a typical spectrum of developer experience (e.g., what happens when C++ is applied in and environment consisting almost entirely of long-term funcional C programmers). Terry also has a strong background in software reusability and software process, including an IEEE Software Best Paper on why software process improvement doesn't always give the kinds of results advertised, and is intrigued by the issue of why some programmers seem to be so much better at producing high-quality, stable code that endures over time. In terms of software construction issues, he is both highly familiar with the overall set of techniques involved (including newer methods such a graphical component based programming), and is strongly supportive of the need for good methods while also being heathily skeptical about a lot of the claims made for various software construction methods and tools.
Terry has M.S. and B.S. degrees in Computer Science from the University of Missouri at Rolla, and has been a member of IEEE for 23 years.
As of yet, there's not enough incentive for the non-ideologically driven to drop Word and switch to an open source product. Large organizations, and MITRE is large, already have Word sitting on thousands of desktops, they've paid for it, and they've sent employees off to "How To Use Word" training. Bringing in a Word replacement means additonal time and cost (installations, tweaking, employee training, help desk training, etc.) without a compelling payoff --you pay for the transition and your capabilities remain essentially the same.
Open source office suites will need to do a lot more than be "free" and successfully mimic MS Office before they're become worth the price of switching.
-- Slashdot: When Public Access TV Says "No"
What I find really distasteful is the above phrase's incorporation of "MIT". Microsoft tries to pass it off as standing for "Mobile Internet Toolkit", but personally I believe it was intended to sound like (and evoke the favorable sentiments associated with) the Massachusetts Institute of Technology AND the associated, like-named OSS license.
.
- First they ignore you, then they laugh at you, then ???, then profit.
Somebody there was aware that there was a bunch of people who argue about the differences between "Free" and "Open" and which one is better, while for all practical purposes they are exactly the same. Combining the acronym was a good way to not take sides in the argument (I suspect the authors had no opinion either). I also think a word starting with a consonant is easier to pronounce and put into sentences.
Yes you can use GPL in your proprietary code. You just are not allowed to distribute it to outside parties. If you are writing something top-secret where the secret would be revealed by examination of the source code, you would be pretty foolish to distribute the binary, too!
No offence to you, Sivar, since you're an innocent victim of this offtopic rant, but it's unfortunate that you can click a box to disable peoples .sigs, but there's no box to disable comments about people's sigs. If only...
Will the Python one run under Jython? Just a thought.
You are correct that such a program could not include any GPL code.
If you link it in to your code, you are required to release the source code. Just because people may not know it exists does not mean you can hold the source proprietary.
As has been pointed out about a million times here, the GPL only requires you to release the source code to the people you distribute to. If somebody does not know a program exists then they obviously have not been distributed to, so they have no rights to the source code.
For some reason people are often wary about the idea of loading new versions of the kernel into running servers. and new kernel releases can take longer to test and propogate than (relatively) simple userspace programs.
How long do you want to wait for a patch to a security problem?
(Perhaps I should have used a proprietary Kernel as an example --- they're likely to take much longer to come out with a patch).
OS Software is like love: The best way to make it grow is to give it away.
If it is a government secret you can then arrest that requestor (and whoever gave them the program) for violating whatever security arrangement they were made to sign.
Nonsense. The mere notion that the software exists and that it links with GPL libraries is enough for someone to request the code. Legally (assuming the GPL can stand the test) they'd be required to provide it. For reasons of national security they may decide to ignore the GPL, but thats only because its a catch-22. I highly suggest that all government contractors who develop sensative software not link any libraries that are released under the GPL. In this case, its a sleazy trap to force developers to release their source code.
No, only people who have the program are allowed to request the source code. If somebody has a top-secret government program then they have probably broken the law somehow.
Read the license, then make your point.
"b) Accompany it with a written offer, valid for at least three years, to
give any third party, for a charge no more than your cost of physically
performing source distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the terms of
Sections 1 and 2 above on a medium customarily used for software
interchange; or,"
Please explain how somebody gets ahold of this written offer without violating security regulations of the DOD or whoever wrote the "secret" program.
It is well established that GPL code can be used inside an organization for whatever purpose that organization wants, and there is absolutely no requirement that anybody inside or outside the organization get access to the source code.
The purpose of the GPL is so that anybody who owns a program can modify it for their own uses or interoperate with it (they can of course "modify" it to free copies thus allowing others to "own" it). It is not in any way intentded to grant anything to people who don't have the program. The "third party" thing has been explained a million times over that the "third party" is supposed to have a copy of the program.
PDF is a subset of Postscript all right, but while Postscript contains the actual character values, PDFs only store glyphIDs.
Glyphs, not characters.
There is a difference. A big difference. Trying to turn glyphIDs back into characters may work sometimes, but it's certainly not guaranteed to work. Any glyphs that do not have cmap entries in the font will come out as garbage.
Adobe should certainly never have put the text selection tool into Acrobat Reader. It does not work half the time, and it has fooled people into thinking that PDFs contain text. They don't. They only contain the vector image data necessary to render the text.
Free Hans!