Slashdot Mirror
Software Choice Group Tells DOD Not to Use Open Source
ducomputergeek writes "A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software. This comes after MITRE, a defense contractor, published a report stating that not only does the Department of Defense use opensource, but is recommend on using it more. The article is at News.com and you can read it here."
You can be paid to have them, or you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.
On the other hand, reasoning that it's better to move to an open source product just because said OS product is currently attacked less, is fallacious.
Seriously, how can a group called "Initiative for Software Choice" that's backed by major players against open source (see Microsoft) be open and objective in this?
My good sig is in the laundry
In other news, Microsoft reports that it has purchased the rights to the next edition of Webster's Unabridged Dictionary. Among the changes expected to appear in this edition, the word "choice" will henceforth be defined as "the act of giving Microsoft more money, esp. against one's better judgment."
Initiative for Software Choice, just make sure you chose between Windows XP,2000 or 98.
My company does quite a bit of work for the big defense contractors, we're involved in many big programs. These contractors are constantly asking us for Linux based software (SDKs APIs etc.) and especially for their embedded devices. These guys want to stop laying huge license fees to WindRiver for their vxWorks software... and want to spend the $$ elsewhere. Good on them I say. However I will insert the obligatory M$ comment: I'm shocked (not!) that MS would push their own agenda blah blah blah... ;-)
"Content's a bitch."
This would be the Henry Ford definition of choice then? "You can choose any supplier you like, so long as it's us."
This is my World Wide Web of Whatever
A group backed by corporations with their own interests says their biggest threat is not a good choice.
In other news, a group called "The Darkened Lung Group" (backed by R.J. Reynolds and Phillip Morris) are saying that smoking isn't that bad for you and it's not really addictive.
Sound waves should be free!
"Not inherently less secure" is a strange way of advocating your position. Double-negatives like this usually betray a defensive mind set. Why didn't they have the conviction to say "we're *more* secure"?
Ryan T. Sammartino
"Ancora imparo"
FUD: You have to open up all your code if you use GPL code in your software.
Fact: You have to open up all your code if you use GPL code in your software and then distribute it!
I don't think the DoD distributes very much of the software it writes, so why should it care if it uses GPL code? It shouldn't care! But let the FUD fly!
Look at the tomato! Isn't it sad? He can't dance! Poor tomato!
Minipax unuse openful computerwrite. Refs uncommercialism. Doubleplus ungood.
--The grammar police.
Anyways, a funny highlight, one of their members is: "Open Solutions" =)
Proprietary software companies such as Microsoft have labeled open-source software as a serious threat and have begun to oppose its use by governments. At the same time, however, nations such as France and Germany have begun to encourage open-source software to limit their dependence on proprietary vendors and to stimulate local software development.
As a community of Open Source users, there is often a "ram-it-down-your-throat" style of preaching your brand of OS religion. Sure, a free OS is great, but it's not for everyone. Ultimately, a group of knowledgable professionals within the DoD will make a choice. You can agree or disagree with that choice, but they are entitled to it. Besides, their criteria are different from yours, which are different from France's and Germany's.
Having said that, Microsoft, along with Cisco & Intel, have taken what I feel is the low road. It is one thing to advocate your product, but what they are essentially doing here is mudslinging. While this seems to be a fine tradition in American politics, I'm not sure that it's an ethical business practice, even for Microsoft (OK, I may have said that tongue-in-cheek).
Karma: Basking in the warm afterglow of post-coital whoring.
It's a pitty to see Intel's name as one of the companies opposing OSS. Strangely they reach out at one side and then at the other side they slap you in the face. It is not that Intel should choose sides.
I can understand fully that it is in Intels best interest to have support from both camps but this is really something they should watch out for. It may well be that more OSS developers and users will buy the products of their competitors if these kind of things become normal practice for them.
... And I am grateful for the Microsoft marketdroids, for spewing such ridiculous, transparent FUD.
;)
The more they do this, the more exposure Open Source gains, and the more people are going to stop buying Microsoft products.
Seriously, though, imagine a PHB in those difficult times: you have to do more with less $$$. And right there and then, comes this PR FUD from Microsoft, saying: "Stop using this cheap Open Source! It's BAD for your health and for the environment!!".
PHB brain, of course, only registers the word cheap. He immediately goes to his techies and says: "Linux is cheap!! Start using it NOW to save money!".
*Collective sighs of relief from said techies*
Let us all give thanks for Microsoft Marketing, and for the FUD for which it stands. With upgrade paths and expensive licenses for all.
Amen.
(Yes, I am being sarcastic, people. Go back to your turkeys instead of pointing these flamethrowers at me now...)
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Well I'm sure the DoD remember their dead microsoft NT sub. The radar which doesn't work etc. The missing nukes because of SQL server? Microsofts admission and then retraction.. it is all documented out there..
A quick search of slashdot digs up this:
navy unhappy with microsoft
Even the average man in the street thinks of windows as less secure. I can't believe something like this would really fool people...
Of course they're worried. If their corporate customers start saying "Hey, if the DoD is using it, it must be good and secure enough for us too!"
Oh and the GPL doesn't really stop the DoD at all, as you only have to release source code to those you provide with a binary. Unless DoD starts handing out binaries to others, they can keep every change to themselves (but I imagine they'd rather stay with the main branch than running their own solo run, but they are one of the few who could).
OSS is no magic cure against bugs though, and QA is important. In my experience bugs show up faster & get fixed faster in OSS, so in the short run you have more *known* bugs than commercial software, even if there aren't really any more bugs in it. In the long run though, if enough people use it and find bugs, it is more stable and bugfree.
Kjella
Live today, because you never know what tomorrow brings
you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.
It's my experience that people first tend to form their opinions based on deeply held beliefs (or otherwise) and later use reasoning to give justification to their beliefs. It is extremely rare for someone to start without preconceptions and use reasoning to develop an objective opinion. It is even rarer for someone to start with a deeply held belief and change their mind based on reasoning.
For example, do most people who share files have liberal views on intellectual property because it justifies swapping copyrighted files, or do most people who swap copyrighted files do so because it validates their predeveloped liberal views on intellectual property?
Toronto-area transit rider? Rate your ride.
I work for the DoD, in a branch that plans technology policy for various projects. Over the last 5-10 years, the push for "Open Standards Architecture" (OSA) has been at the forefront. It's the stated policy of the DoD, which comes from the mouth of a former Secretary of Defense, to push for open standards, open interfaces, and in general to be as far from proprietary as possible. Proprietary software means more expense for the government due to non-competition, and it also puts the government in the hands of a private corporation.
Open Source, while not specifically targeted by the DoD, is the next logical step. Although the previous generation of nuclear submarines ran HP-UX, the next generation (due to be delivered starting 2006) will run about half Solaris, half Linux. So yes, open source is on the way in in the government. Slightly off-topic, but if you want a good example of why proprietary software is no good for mission-critical work, look up on Google the problems the USS Yorktown had with Windows NT about 5 years ago...
"If at first you don't succeed, lower your standards."
Strange,
;-)
I thought the warez group Drink Or Die already used Open Source software to distribute their stuff...
The first thing it told me was, "You can introduce hostile code into your network by opening an E-Mail" and therefore intructs you not to open E-Mail from anyone you don't know. They go on to say that you can also compromise the company's security by reading your Yahoo or Hotmail mail at work. Later in the course it instructs you to keep your system up to date by installing the latest Microsoft security patches, which is ironic because a co-worker just trashed his system by installing a Microsoft security patch and is looking at 3 days downtime while the technicians reinstall the OS (Technicians have an 8 hour response time and due to the holiday they were pretty close to that time. They took his computer away but they won't be able to deliver it on Friday because no one's going to be there.)
Great. So we know we have a problem but instead of taking steps to solve the underlying problem, we're just going to tell everyone in the company to modify their behavior because if they don't, the company's network and billions of dollars of assets will be compromised. Does anyone else see a problem with this?
Frankly, with the company's assets at stake, it would be a damn good idea to roll your own client code just so you can audit the source code. I did some auditing with Data General for a while and they had it right. Every auditing test was extremely well documented and available on the network, along with the automated code generated to test each function (In the C Library in this case.) But if rolling your own clients makes sense, you could save yourself a lot of time and money by grabbing open source projects for the applicaitons you need and feeding those to your audit and programming teams. You save some money and the open source community gets free high quality auditing of their source code and any additional features you decide to add to it. Everyone wins.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
A group comprised completely of proprietary software vendors is recommending the use of proprietary software.
In the end, it is up to those who want their government to "choose" other software to let their voices be heard. This will work as long as politicians listen to the populace they supposedly represent, instead of listening with their wallets to companies from other states.
Of course, it may be that both the People and the "Software Choice" group of mega-corps both favor the use of proprietary software in government. My vote happens to be that our tax money which buys the software that runs our infrastructure should not be used to place our infrastructure under the control of a proprietary software vendor.
MORTAR COMBAT!
The argument is roughly analogous to reasoning it's better to move to a given neighborhood just because said neighborhood currently has a lower crime rate.
As a parent and homeowner, that logic sounds pretty good to me.
Even if the government only considered open source software, that does not exclude Microsoft from participation. Microsoft would be free to produce software which meets the requirements set, basically set there to ensure that software running our vital infrastructure, paid for by our taxes, does not place our government at the behest and mercy of a software company.
One way to ensure that safety is through the use of open source software. There are undoubtedly other ways, such as Microsoft could provide source licenses only to the government for software the government buys, etc.
However one of the main factors into considering open source software is the rising cost of software licenses. Since our tax money is used to buy this software, I for one would prefer we don't have to pay year after year for what amounts to yearly abandonware.
MORTAR COMBAT!
No, you are a troll. Sincere Choice promotes the idea that people should have a choice. Software Choice promotes the idea that the best choice is proprietary software. That's their choice, but they shouldn't pretend that a policy that promotes that idea is the best for my needs.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
--note: I have zero way to tell and zero insider knowledge of what intel might or might not do.
,please, think of the childrenz" or some such new law probably coming to a nation near you soon.
With that said, I would bet that if push came to shove, intel would fall on the side of millions of cpu chips to desktops (trusted and see-cure microsoft yada yada) instead of thousands to servers (terrible open source linux that any al queda teenager can hack open in 2 minutes yada yada). Public perception and marketing and outright lying and word twisting and propogandaizing will prevail in the short term. Not long term but the short term. The pushing and shoving being mandated "by law" with snoopervision hard coded into the chip itself, probably to "fight software and music and movie piracy and to help stop terrorism and them e-vile hackerz
Really, just guessing though. Microsoft's alleged "punishment" was too wussy, I am guessing there's a sub tosa deal in place now between the government and microsoft, there will be a slew of trojans hidden in their software and only a matter of time before they are inside the chips. The government has stated quite clearly that their goal is TOTAL surveillance, I mean, how many more clues are needed now? Intel will play ball with this if they are forced to choose. So will AMD probably as well, and it never has to be made public, at least past the plausable deniability level.
Open source software, the way it is marketed is perfect for DoD work simply because the software itself is tweakable. The IT people in govement departmenrs have a large degree of control over how software is used should they choose open source; they are not as reliant on MS's vision of how their software is used, nor should they be.
Should open source be required? I used to say yes, but then I realize, that is not choice. So of course no, but then neither should closed source be. It all comes down to what it will do for you. On one hand you get a product that MS does not warrent for any particular purpose, nor allow themselves to be held liable for any such use, versus a software product that does the same thing but at least allows the purchaser to to alter the code to suit their own preference, but retaining the decision as to whether to distribute it, under some liberal conditions.
Dawn of the Dead
Now the cheapest bidders can be even cheaper, by not having to include liscensing fees in it's quotation.
Of course MS will freak out. This is going directly for their main artery. If I was in business, I'd try to fight it. It might not be "socially" correct, but it makes good business sense to try and counter the competition.
Now, let's just hope that the DoD will not fold to commercial power.Marriage is considered capital punishment for the theft of a goat in some third world countries...
> This comes after MITRE, a defense contractor,
> published a report stating that not only does the
> Department of Defense use opensource, but is
> recommend on using it more.
MITRE is one hell of a lot more than just another defense contractor. Look into it's history and you'll see that DoD will value its opinion far above that of some Microsoft lobbiest.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The part that I wonder about is "other software products with limited or no warranty, such as those commonly known as freeware or shareware". I wonder if this was meant to indicate Open Source Software? IANAL, but I've never seen a EULA for software that didn't indicate a limited warranty. In fact, from my layman's point of view, all the standard EULAs seem to indicate that the software has no warranty, since they seem to claim that the software doesn't have to do anything at all...
Elegance is for tailors. -A. Einstein
If you read the actual article recommendation the /. summary is simply incorrect. The recommendation was:
a) The choice of open source vs. closed source be made on a project by project basis and not be a matter of policy. In particular the DoD should not adobt a preferential policy favoring open source over closed source when possible,
b) While BSD licenses are OK using GPL licenses violate congressional norms (in particular they make commercial software impossible)
In addition things not mentioned in the summary
a) DoD is far and away the largest user of open source in the government
b) Security issues are ambigious with regard open source vs. closed source
c) A great deal of open source software violates all sorts of other government regulations and the government would end up having to bring these systems into compliance.
Yes the comments were hostile to open source particularly GPL they certainly where nowhere near the summary though.
As we have seen with Microsoft's efforts to complicate other formats, the best way of wnsuring this is to demand source code. If Microsoft doesn't like it, well there is always OSS.
See my journal, I write things there
In a sense, yes, but that's not the point... Moving to an open source product because it is attacked less, means that you are at less risk from skiddie and worms. But a real attacker won't be randomly trying machines for known exploits, (s)he'll be attacking just the box/site that he wants access to.
To keep with the neighbourhood analogy, it's like moving to a safer neighbourhood when a hit-man's after you, it doesn't really matter how many petty criminals are in the area, there's still a goddamn hitman!
--
Hollywood representatives have publicly stated that skipping commercials is "stealing."
What they say is that closed source is not inherently less secure than open source. They are kind of arguing that its a tie. In reality this undersells the commercial world.
For example every security class A operating system for example is commercial (and presumably closed source). No open source has even gone for a high security certification though the NSA was going to build a high security version of Linux before they got stopped (nowhere near class A though). The issue though is that while there are excellent closed source secure systems Microsoft doesn't make any of them; vendors like IBM (with Z-OS) do.
However Palladium will move MSFT towards a capability system and these are substantially more secure (in practice) than systems based on file permissions (like Unixes). I wouldn't be so sure this is a permanent win for Linux rather than a short term victory based on:
a) Microsoft's poor execution on security
b) Services running with excessively high permissions
c) Security not being a focus of the company until recently.
On Windows box I honestly don't know. If you could FTP (in binary mode!) to a *NIX box, you could just "md5 filename"
Sorry, my Windows skills are limited to playing games.
Personally, I'd resubmit the story; they repeat stories that ran just a day before, your odds of getting approved are pretty good, eh?
Trolling is a art,
Sure it's not perfectly secure and some criminals will overcome the defensive measures.
But it's better than the tent (=Windows) you had before, so I don't see why this move should be wrong.
For a simple analogy, ask yourself: all things being equal, who do you trust more: the used car salesman making a pitch (Microsoft) or the common views of a dozen of his ex-customers (other open source users)?
Also, this isn't like the Coke-vs.-Pepsi debate--two more-or-less equivalent products, where one can debate endlessly which one is better. Open source and closed source software are profoundly different development models. I think open source really is better for most users, in a clearcut economic sense. I have concluded that, in contrast to many economic arguments for open source, Microsoft's arguments are mostly logically and economically unsound. You may reach different conclusions, but the point is that this is something one can think about and determine the truth of logically. Therefore, it is not a question of advocacy and bias but putting forward logical arguments and empirical proof.
But wouldn't it be even better if FAA (no idea what it is, but it probably has something to do with airplanes and america (Flying Assosicaition of America?)) developed an in-house system with good auditing AND make it open source? The more eyes, the better.
You could argue that if the source is open, a nasty cracker (133t, is that it?) might stumble upon a security hole (3xp101t?) and take advantage of it. But it wouldn't take long before the rest of the 'net (or whatever the fora) knew it as well, and some smart people at FAA would at that time probably pick up the information, and have patches from the community waiting for in-house auditing. It's a better scenario than if a cracker found a security hole (3XpL0itz?) in a closed source, and nobody would know but the cracker. Your airplane goes down just like the servers..
I dunno if this is my honest opinion. I'm just asking, trying to establish a position. If I'm wrong, enlighten me!
It already is. The newly signed homeland security bill saw to it.(all 420+ pages could not have been adequately examined by those who voted for it but that is another rant.) Download the PDF from the govt web site.
...the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.
Page 323 Line 15.
comment directly in my journal