Slashdot Mirror
Defense Dept. Memo Explains Open Source Policy
TonyStanco writes "Big news. DoD issued a policy statement leveling the playing field for Open Source. We have the memo on the Center of Open Source & Government site." The requirements listed in this memo make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider." See this PDF for more information about National Security Telecommunications and Information Systems Security Policy (NSTISSP) number 11.
. . . like government documents, it might as well *not* be open source.
HTML Version of the PDF.
....make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider."
Except it's not really like that is it?
OSS is not a toddler - it's tends to be just as mature as proprietry equivilants.
So it should be covered by similar guidlines.
Which is all memo says really.
Oh wait, everything but the use of Microsoft products that is. It seems like that gets instant approval without the need for any justification. "Microsoft released Windows XP? OK, upgrade, forget about the costs and everything else that such an upgrade demands - just do it - across the board. Office XP you say? OK, allocate $10,000,000 for the software, we'll worry about paying for the licenses later."
Everyone knows that the benefits of using open source products far exceeds any benefits that can be reaped by paying a whole bunch of money for closed source products and their associated licenses (which are arguably always more extensive and restrictive then open source license schemes). Sure, paying $50,000,000 to upgrade your old NT servers to 2000 and your 98 desktops to either Windows 2000 or XP has it's benefits over spending $30,000,000 on Redhat and Star Office and the training. A bunch of sales people always say that such a move (upgrading Windows servers and clients and Office) has it's benefits. I just don't seem to see them. Maybe I'm too progressive, I don't know.
PS: didn't get it...this time
"You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider.
Well, hey. At least its a start. Previously, many DOD organizations and departments had an absolute policy on software/platform. In many places, especially sensitive installations, the policy was Solaris. In the last few years there has been an inexorable move toward Windows, despite the obvious problems. Other defense contractors have been moving in the same direction presumably to control costs by moving everything to one platform. However, most people are finding that this is not the best solution and they are allowing the installation/use/purchase of other systems including open source, Linux and OS X.
Visit Jonesblog and say hello.
You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider." Thanks for that, now everytime the AC comes out at work I'm going to expect an army of spider-babies to pop out and steal my printer.
It's not stupid. It's advanced.
Isn't that putting it a bit strongly?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
What is bureaucracy?
This guy wants to clean out a room in the Pentagon, stacked to the ceiling with boxes labeled, "non-essential documents". So he starts a study showing how much space they can save by ridding themselves of all of these useless documents.
A few months later they complete this study, and send it up for a review. A board determines that this is a great idea and they can in fact save tons of space by ridding themselves of all of these documents, with one stipulation. They must make copies of all the documents for their records...
Craenor
Sorry.
That document you linked to is dated Janurary, 2000, not may 2003.
It also does not mention the GPL.
And replace it with "FREEDOM" software, pronto!
and stick effortlessly to the ceiling like a spider
Better start here then.
My toddler can do all that. Can't yours?
....Bethanie....
Well, with the advent of gecko tape that last part may now be possible!
--
The internet is the greatest source of biased information in the history of mankind.
It's not that hard to do now, if you wrap them up in that new Gecko tape.
Best first bet would be it will slip in from DARPA. They've probably *already* been using it in places they're technically supposed to be using a commercial UNIX.
--Dave
I think the FOOS community notably the ones (like me) that do not write code but tries to get FOOS into the corporations, increasingly need to stress the fact that it comes with strings attached and that the corporations need to make sure that those strings is being honored.
Help fight continental drift.
The letter mentions Linux, and the GPL *specifically*.
The BSD license wasn't mentioned, because BSD is dead.
So basically this policy says that if you use OSS then you have to follow the licensing that went with it. What happens if it was sensitive code and it could be detrimental(sp?) if you released the source? Do you still have to do it or is that an exception in the GPL?
especially since OSS is often (and arguably most useful) used to augment existing systems, with no expectation of redistribution. It is up to the project managers to make a product that delivers; forget about NSTISS or the GPL.
And most COTS systems in use don't have the certs anyway, and no one gets in a tizzy. It's only if you wanted to hook it up to SIPRNET or something (and then it gets reviewed independantly anyway).
This is just some stuff to make the guys funding the projects (Congress) feel better.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Provided they're electronic copies.
What's the value of having assurance that there will be bugfixes and updates? With Microsoft, and under contract, you know that's going to happen. It may not happen as quickly as with open source software, but under a service agreement, the government has someone to sue should "service" not be provided.
OSS? Linus and software maintainers could stop development at any moment, and a contract with Redhat isn't going to change that. The government would have no contract with Linus to continue development, no contract with the KDE developers to continue development, etc. Sure, they could hire someone to track down and fix bugs, but this is a cost that's almost never included in OSS advocate estimates.
Don't get me wrong. I'm all for laws and policies that require OSS to be considered when when the time comes to renew contracts/upgrade/whatever. But there are hidden costs that you just don't always see.
lol, silly moderators, lol
YOU SUCK BALLS!
Mostly because they roll it up into a system, and then validate the whole system as conforming to whatever spec it needs to adhere to.
If OSS fits the bill, the project leads would have already assimilated it (and often do). Similarly, the COTS goes into the melting pot, and the University student glue software, and out comes RLASSFSP (really long acronym something something).
RLASSFSP gets specced out, everyone goes out for a beer.
... and it didn't crash often, it'll get approved. Or if it has "Microsoft, SGI, or IBM" in the name (almost forgot).
Typical, eh?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
When I read this memo, I don't particularly think it's endorsing anything. They basically remind people that "the Linux operating system" is an example of "open source software" released under "restrictive" licensing terms (i.e., the GPL) and that usage of such software is subject to policies and protocols just like any other software used by the DoD. They then make a point of reminding people that if they use OSS software, that they remember the licensing impact because it could have ramifications later (e.g., if they modify any code that is covered by the GPL).
It's almost like they are setting the stage for some intellectual property issues with GNU/Linux. Perhaps I'm being too paranoid given the ripple effect that the whole SCO fiasco is having, but that was my initial reaction to the memo's direction.
--rc
Perhaps Mr. Stinko should give Microsoft a page or two, linked from his announcement, to explain how great Microsoft's shared source and government source initiatives are, and how Microsoft is really embracing open sourcing, without the troubles of uncontrolled changes to code, and how much better this is for the military.
One great quote:
It's like Exxon assisting to a Green Peace conference...
btw, since your first failures (see first link, and google it, I think Roblimo had more on this) in trying to set something up to profit off of open source as an attorney, how goes your latest effort Mr. Stinko?
Why didn't Sdem persue legal action if this was truly wrong? You trolls need to get a life.
[n/t]
The Navy/Marine corp are launching a large scale contract (NMCI) that restricts all Navy IT to MS and MS solutions.
This contract locks down the network to only NMCI managed systems (MS only). If there are existing systems that cannot run under windows than you have to apply for a "legacy system" exception and pay extra for no service.
This one size fits all approach is short sighted and foolish. The upper echelon has yet to catch on that the network is the backbone or the infrastructure that enables an ever increasing plethora of monitoring systems, data acquisition and control systems, collabration and communication mechanisms, etc.
As more and more devices become Web enabled the Navy has effectively locked itself out in the cold and crawled in bed with built in obsolesce - not to mentioned left itself vulnerable to an attack or virus that would spead like wild fire in a homogeneous network.
Use of Free and Open-Source Software (FOSS) in the U.S. Department of Defense -- This report documents the results of a short email-mediated study by The MITRE Corporation on the use of free and open-source software (FOSS) in the U.S. Department of Defense (DoD).
pb Reply or e-mail; don't vaguely moderate.
What I'd like to know is why does an organization that sets United States federal technology policy guidelines post their policies on the web by scanning a paper document into PDF format! So we can all see a facsimile of John P. Stenbit's signature?!
--Lawrence Lessig for Congress!
"You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider."
Hi Timothy, we'd like to make you an honorary member of our organization - PIFCA (People Incapable of Forming Cogent Analogies).
You belong with us like a marmot is comfortable with peanut butter.
"You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider."
I work for the government, so maybe I am more used to seeing security requirements for everything, but I didn't get that impression at all. We expect everything to talk, feed itself, and stick effortlessly to the ceiling all the while being secure. The government (DoD, DoE, etc) is probably one of the biggest users and innovaters of open source so I wouldn't get too feisty. The only reason people (managers) get a little hesitant about Open Source is blame. When something drops on the floor, they want someone to point the finger at, someone we have a contract with so that they can fix it reducing personal liability. Enter Microsoft with contracts in hand.
Support a great indie game: http://www.abaddon360.com
[nt]
Great tool for the job: High speed color scanner Couple this baby with some freely avaiable software to make PDFs, like PixUtil from Pixel Translations (the ISIS standard), and you have a winner.
Todler on the celing
Maybe if your todler has Gecko feet
Im dreaming ofa big bndwdth, That can resist the
You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider."
In other news, Safeco has been reported to have replaced all their acustic cieling material with velco in order that their company wide pre-toddler policy can be implemented. In order to prevent possible liability, they had to replace their traditional furnature with what can only be described as a rubber room.
When asked about the subject, representatives of Safeco were unavailable for comment, but issued the following statement, "we are cleaning baby vomit out of our clothing".
According to one district manager, "I can't tell if productivity is up or down, i'm stuck. Help!".
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
First off, I'm not getting into the money issue (like it matters to them any way). But any way, shouldn't the DoD like open source even if they don't use it so they can make sure there isn't some hidden feature to start a terrorist attack.
...
Instructions
1. Click "run"
2. Type "Terrorist Plans"
3. Enter Password "yourname"
4. Select Date "YYYY:MM:DD"
5. If a valid date was enter follow instructions and you will get your free pass to heaven
obsfucation. I wonder if Lawyers and Government ppl have similar contests?
I prefer the "u" in honour as it seems to be missing these days.
link to ACTUAL pdf that we're discussing, not the second one referenced by the headline...
http://www.egovos.org/pdf/OSSinDoD.pdf
I'd like to think of myself as fairly open minded, but lets be honest, as far as operating systems go, Linux doesnt really have much weight these days. It has been so increadibly wrong about, well, pretty much everything, that it is rapidly fading.
I say this because it has become an ammendable operating system, and over the years the kernel has had to be "interpreted" in new ways to stay compatable with modern knowledge and not be out of touch. So much so infact that the kernel is now seen as a "metaphore" and not to be taken literally. How can you beleive in something with absolute faith that has to be updated every so often to iron out the embarasing errors?
Well, this may be the case, and if indeed it is, then possibly linuxism is a metaphore too? This would seem like a nice way the GPL advocates could accept science and work along side it without alienating people. In fact I am surprised that people are still to this day arguing in favour of linuxism, which is, i would like to add, impossible. As linuxism (and the operating system it stems from) is based on faith, and you dont question the ways of Linux Torvalds, etc. The only evidence for linuxism is a cyclical one, based on you already accepting the operating system.
I have noticed this in various faiths actual, and with risk of being flamed to death, i think that anyone that has such a great deal of faith in their operating system, whether it be windows, Macintosh, BEOS, and even Amiga, are so blinded by their faith that they cannot argue outside the box, each operating system relying on its existance to prove itself.
I have to emphasise that this is just my point of view at the moment, and the most irritating thing in the world is people getting on their high horse and preaching thier righteousness, whether linuxism or windows-ity. People believe what they want (or have been brought up) to believe, and your never going to convince them otherwise!
Anyway, to sum up my rather rant-ish comment: Windows is based on computer science, to accept Windows is to accept the scientific principles it is based on, many of which will contradict Linux. Linuxism is based on Windows, to accept linuxism is to accept the kernel, and gospel truth, which will contradict accepted computer science. Therefore neither party will ever conceed and never agree.
What I will say to the Linuxists is: Don't worry, give it 50 years and your operating system will be dead.
If the software was GPL, it wouldn't matter how the contract was structured, because our programmers could have fixed the code. Instead, 2 million bucks was spent.
And PeopleSoft is not liable or accountable, because all they did was gain ownership of the closed code. The agreement of assurance was specifically with Vantive. We didnt' buy the patented works itself (which wasn't an option, and People Soft refused to sell Vantive after-the-fact).
As a side note, PeopleSoft 8 is laughable. I could design a better tool using PHP-Nuke (I actually hacked up a solution that was based on PHP-nuke for real simple CRM fucntions to show that it could be done - it was ignored, of course).
Right, then somebody implements a bad encryption scheme and because it's closed source nobody sees it and breaks it, and the DoD or other users fool themselves into thinking it's secure, until a foreign government breaks it and reads all our coded communications for years... (Or whatever it is that these people are afraid of). I'd much rather trust something like PGP that everybody can read and understand and crackers (black and white hatted) can do their worst at. Otherwise you are just buying a false set of security.
Government encryption systems are actually COTS. It's what goes into the devices that makes them do what they do. Have no fear I've already used Linux in the DoD, years ago.
Computer scientists, you know, the ones who write operating system code, and develop new crazy shit yeah, them... they use
1) Linux
2) OSX
3) WinNT
4) FreeBSD
5) Solaris
6) OpenBSD
7) other {Tru64, AIX, Plan9, custom}
in that order.... (pretty close anyway, that's from my random sampling around the grad/undergrad dept.)
So why again does using Windows help you embrace Computer Science? Or windowsity... made up words... zughhhhhh!!!
ARRRGHHH MODS ARE INSANE!~!!!!!!!!@@!@!@
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
wow slashdot, threw the 'hang effortlessly from the ceiling' thing in just to setup the posters for the obvious gecko tape comments? Guess they had a bucket of '-1 redundant' points layin' around.
Why bother with OSS when you can simply pay $30,000 per Microsoft license? They paid that much for a toilet, they might as well pay that much more for something to flush down it!
I HAVE COME TO CONQUER YOU ALL, EARTH SCUM!
Having a policy that OSS must compare favorably with Non-OSS is reasonable, and a good sign. Any policy other than "No OSS" is a good sign, as it shows they are considering it. I would say that OSS's biggest worry is simply not being noticed, not just failing to measure up. After all, most Open Source projects simply don't have the advertising budget their Closed-Source, Commercial competitors do.
Contact Me (got tired of viruses emailing me).
You're not nessicarly buying into a false sence of security. OSS has the advantage of being tested in the field, this much is true.
Speaking idealy... assuming a goverment wants something secure, they want a system that the public doesn't use. This is only common sence.
While you run the risk of creating a system that does suck, you are at less of a risk cause fewer people don't know that it sucks. That's the theory anyway. And it's a hell of alot easier to sell people on this concept. It's harder to convience them that an OSS project can provide super duper security.
In the same token... windows also sucks as most of their standards are in public use as well.
Proper management and testing is the key. In practice, sometimes it works, sometimes it doesn't. Novel is considered to be quite secure cause no bugger knows anything about it.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
The buzzword for what you're talking about is Security Through Obscurity. The problem is that it will keep away the casual hackers and script kiddies so you will have many fewer attacks, but to a determined attacker (think of Bletchly Park in WW2 attacking the Enigma) if there are any weaknesses, they will most likely be found and you will not know about it until it's too late. The KGB (or whatever the enemy is these days) doesn't brag about their exploits on IRC.
What an original and clever joke. The document mentions "U.S. lives may be at risk," so you say nobody can use Microsoft products anywhere. Slashdot has never in its existence seen such humor against Microsoft, and I thank you for bringing it to the masses. You, sir, are a veritable joy pendant.
Your post was so incredibly funny that it obviously deserved status as "+5 Funny," because of the incredible amount of mental forethought required to concieve of such a quip, the likes of which nobody else could ever dare compare to.
Again, I thank you.
"Sufferin' succotash."
I would NOT be offended if goverment agencies decided to use undocumented closed source protocals
I wouldn't be offended- I'd be scared. The rule of thumb is that "Security through obscurity is no security at all", but realistically, it's good enough for some situations where there aren't large numbers of dedicated, well-fianced enemy spies. That is, anyplace other than National Security can get away with it for a while.
It is critical that, if a software developer who knows the code defects, we can simply change everyone's password and not junk the entire system until the program can be re-written from scratch. But that's what relying on closed-source for security would require.
Hell if they want to write their propriority software in ADA, more power too them.
The US government doesn't write proprietary software. Or anything else proprietary for that matter- all their intellectual works are public domain. Some of them are protected under security classification, like the way Air Force bases belong to the public, but they're not allowed inside without permission.
(And, a Top-Secret classification will expire long before copyrights do...)
Be careful about Tony Stanco, the person who wrote the Slashdot story. He seems to be using computer issues as a way of promoting himself.
They also took the son's inheritence.
A man sooner forgets the loss of his father than the loss of his inheritence.
"Security Through Obscurity" makes sence in for goverment level security, as far as one layer of it in order to prevent unauthorized encryption. This worked *damn well* when America decided to use Navajo during WW2.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
It was a joke about how strict the regulations were. Didn't you see the part about sticking to the ceiling like a spider? That's not normal human child behavior, hence, the stated regulations that would require such would be unreasonably stringent. Timothy was drawing a parallel to the stringent regulations regarding OSS.
And who says geeks don't have a sense of humor?
The requirements listed in this memo make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider."
How you can make this out from that memo which basically says we have a set of procedures in place for software evaluation, if OSS passes those then fine, no problem and secondly be aware of the terms of the license that the OSS comes under.
I know this is Slashdot but the fact that OSS may have to go through a regular selection process instead of being mandated as defacto standard, to the detriment of all others is proper procedure in most large organisations. You should be saying well done for leveling the playing and giving OSS a chance to compete on equal terms.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
You are assuming this cannot happen with open source encryption. How do know that the most common Open encryption has not already been cracked by some uber cracker(s) who are right now pissing themselves with laughter at people claiming that X system is more secure than some closed source system ? DO you think that said crackers will always out of the goodness of their hearts annouce this fact publicly? The same applies to a closed system. Its always too late when you find out your encryption has been broken.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
especially if you haven't seen the movie.
The thousands of little fiefdoms with differing systems is a good thing, as due to the diversity, what knocks out one system won't necessarily knock out the one next door. Mono-culture is always a bad idea security and stability-wise.
Working as an intern for a national laboratory, I noticed how getting new equipment worked. First, you find what you really want, like a computer for instance. Next, in your proposal, you go around and find different parts for that machine, and make sure the stuff you really want is the lowest price. Send it up to the people who double check this to see if they are getting a "good" deal, and bam, you get your computer.
With this in mind, what Linux or Unix OS are they planning on using already? They must have one picked out if they are going to start making rules on the OSS situation.
"Some fight for law. Some fight for justice. What will you fight for? One day, you will see."
It makes no sence at all.
Back in 1945 when we didn't have electronic computers, the portability and speed of a Navajo was an advantage. But if one single Navajo was captured or defected, their whole code system is gone, and they have no possibility of replacing it.
The only people who should ever rely on Security Through Obscurity are those who know their data too worthless to bother stealing.
You are assuming this cannot happen with open source encryption.
Don't put words into someone else's mouth. Nobody claimed it "cannot happen".
Humans are fallable, we can never be sure that an encryption we've designed is unbreakable. The (valid) assumption we make is that exploits will be more likely to be announced if there are more people looking at the code.
Plus, it's faster and more reliable to check an algorithm for flaws if you actually have the algorithim, rather than just a sample of output sniffed from the airwaves. If an open-source code goes unbroken for 20 years, you can feel somewhat safe with it. If a closed source one survives that long, you'll never be sure if its really safe, or just nobody tried to crack it.
Security through Obscurity should only be considered on apsect in an approach to security it self, not the end all and be all of it.
In the case of the Navajo, the language it self was just one layer. As you said, loose one fluent in Navajo to the other side and you are screwed. But it was also encrypted by symbolic logic as well, so even if you got past the fact that it was a rather obscure language... you had to dephipher it as well. What good is it going to do you if you retrive a message regarding the turtles comming to nest if you don't know what a turtle is in the first place.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Right.
Umm no. As long as it doesn't leave the DoD it's not 'distribution' under the terms of the license. You don't have to do shit.
Selling the program to outside customers and simply using it in-house are two entirely different situations though. See this entry in the GPL FAQ.
The only difference between GPL and BSD in this context would be if the DoD had some reason to distribute the program in question to the public. As long as it's used exclusively in-house it doesn't matter at all.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Don't put words into someone else's mouth. Nobody claimed it "cannot happen".
Yes but it was implied.
Plus, it's faster and more reliable to check an algorithm for flaws if you actually have the algorithim
Yes, and it's faster and more reliable to crack an algorithm when you have it in the first place. Usually with standard based encryption, we rely on the fact that brute force techniques would take such an impractical period of time to crack that it's not worth the bother and effort.
"Security through Latency" if you want to assign a catch phrase to the idea.
Let's look at the past 10 years of home computing. The leap of the common place 386/sx 16mhz which was something I purchaced roughly 1989... vs today with the Pentium 4 3.0Ghz or Athlon 3.2ghz. That's just the leap in typical home computer hardware. Computing power is increasing, our ability to parelell process is increasing. That old law that typical cpu power increases 100% every 1.5 years, plus advances in clustering make possible to actually crack encryption schemes that normally would have taken years on machines they were invented to work with.
For this reason Security through Latency isn't a much better solution either.
Which is why as part of security mesures to prevent this from happening you need to incorperate several layers into your security system.
If a closed source one survives that long, you'll never be sure if its really safe, or just nobody tried to crack it.
Which is why you always employ sanity checks regardless wether you right open source or closed source. Like transmiting a message encrypted and seeing if you get a reaction.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
If you GPLed the software that controls your guided missiles, where are you going to get a platform to run it on? Meanwhile, perhaps some of the guidance algorithms could be modified into something useful to the general public. After all, they are *my* missiles too - my taxes paid for them.
openBSD is of course reputed to be the most secure open source operating system.
I think that it seems a little weird that the US military is on the one hand acting very anti opensouce, while on the other- it is actively funding its development.
Additionally, I have seen one or two "discovery channel" type documentaries in recent months that have filmed computer terminals inside US military installations. There was no doubt that the personnel were running Unix, although the exact flavour remained unclear- but could it be openBSD...?
After all, all the nice Mac users love a sailor...
Even MS if survives the summer, they've already left Win95/98 behind and tried (or have) dropped NT. So, in regards to "who do you sue?" logic, read your license. MS-Windows could be chock full of remote exploits or send your personal data abroad or monitor your files and habits or break your third party applications and you'd have no recourse whatsoever -- except maybe upgrade to OS X/*BSD/Linux/QNX/etc.
Nice of Timothy to set up a straw man
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I can't think of anything worse than contributing to anything and finding out it's being used to kill a few more civilians or conscripts as part of the current stampede.
I can, what about contributing to something and finding out that because of some clause in the license it can't be used to prevent or at least minimize the death of many more civilians, conscripts or others.
Recently there are many people on both sides of the debate. I can't imagine open source software being usable to many people if they need a hundred people with different opinions to agree that their actions are acceptable.
This is why the GPL specifically does not allow discrimination against a group. If agreeing to political causes is a requirement to use OSS it becomes quite unfree. Even MS lets their competitors use their software.
Is that the DoD, the DoJ, dictator-of-the-week, and any other offensive military/rights-quashing group, can use your code, and you have no control over it.
Bullshit. Or can you actually think of cases where the "military/rights-quashing group" uses a developer's code without their permission? I personally don't see a need for the military to jackboot someone else's code, since there're about 1500 military programmers in the US Air Force alone. That doesn't count civil service or contracted personnel working with or for the Air Force.
And frankly, if you think people join the US Armed Forces because they want to "quash people's rights," you are sadly out-of-touch with reality. Military members swear an oath to defend the Constitution of the United States--it's an oath we don't take lightly. If you're not happy with the Iraq war, that's fine. . . neither am I. But blame the politicians you elected into office, who sent the troops in the first place.
!#@%*)anks for hanging up the phone, dear.
You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider.
Stewie?
Damn it, where are those mod points?
Somebody mod this guy up.
Never by hatred has hatred been appeased, only by kindness - the Buddha
Sure, just as everyone knows that open source advocates repeatedly present opinion as fact without supporting evidence.
It's hard to beat an honest man in an argument. If the open source world wants to be taken seriously, it needs to stop posting crap like the quote above and start providing compelling arguments.
In order to avoid being hypocritical here, my compelling arguments against the generalisation quoted above start with:
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Had you not posted as AC and had I had points you would have earned one.
-- I am. Therefore, I think!
"But blame the politicians you elected into office, who sent the troops in the first place."
Al Gore had nothing to do with the war. Bush II was not elected into office. He was appointed.
Look, The DoD uses Windows for shear monstrosity of the network users and their demographics. Average 18 year olds entering the military to Major Generals have used some form of windows. The same cannot be said of Linux or UNIX unless they were Technologically savvy /.ers. Colonel's would have a hell of a time learning Linux, trust me - they have a hard time with email. The tech savvy individuals will probably pursue some sort of computer related field in the military as well, where windows is most definitely not the answer as many pointed out. I.e. up time, security, etc. The military doesn't use windows, as an end all is all, especially for it's weapons systems. Case and point: I work as a USAF weather forecaster, our weather product dissemination uses a Silicon Graphics box dual booting Linux and WinNT via VMware. They sent me to school just to operate this stuff, as I had never used it in the past. One would find the majority of network *stuff* that matters to the DoD, not access to Yahoo, runs from something other than windows.
Just my .02 cents
Sorry, but this doesn't hold water. If Gore had carried his home state, Florida wouldn't have been an issue.
!#@%*)anks for hanging up the phone, dear.
Unfortunately, as anyone who's been through the exercise of trying to pick up development of a poorly documented MLOC project can tell you, it is frequently more efficient in both time and money to start from scratch than it is to try and work out all the little things that the original guys knew but you don't, and how they interact to create the mostly working system you see before you.
You can evolve a project team, hopefully passing on most of the relevant knowledge if you have good processes in place and good people doing the work, but that's about the best you can hope for. Picking up a major OSS project that had been dropped and doing anything more than fixing a few trivial bugs would be beyond almost any group that hadn't previously been heavily involved anyway, at least within sensible time and cost constraints.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
In any case, I find it hard to believe that any relatively modern MS product can be reliably "certified" as fulfilling any rigorous set of security guidelines. Especially as I see at least one "critical security update" every week on my Win2k box. How much testing does every MS product go through before being deployed? How about every patch or service pack?
On the flipside, forcing OSS to jump through these hoops will result in a stronger, more competitive product. Why should you trust essentially unverifiable MS software when you have a rigorously tested and code-audited product. Sure, OSS will probably have to go through a lot more certification, but they'll benefit from it.
The problem is that in this age, that oath has little to do with what the military is actually ordered to do. Iraq is just the largest and most recent example; we also have all the invasions in the Reagan years (Grenada, etc.) and the invasion of Panama. The treatment of prisoners at Guantanamo is directly counter to the spirit of the Constitution.
Earlier, we have Vietnam and the Bay of Pigs operation as examples of non-defensive military excursions.
Hell, in the 1800's we picked a war with Mexico for no other reason than to take land we wanted for the railroad.
While it is indeed the politicians' fault, the US leadership has a history of such things--Iraq is not a shot in the dark, but the worst and most recent example of misuse of the military. I will never join the military simply because I can not trust the leadership of this country not to order me to do something unethical/unconstitutional.
What ever happened to the Department of _Defense_?
Oh that's right, it's an oath you don't take "lightly", but when the alternative is court martial, you were just following orders.
No-one forces you into being a soldier or a military paper-pusher, so looking at US military history (esp. the past 50 years) you'd have to be incredibly ignorant to go into service assuming you'll be able to help in "upholding the Constitution".
(If that's what the DoD, etc. actually did, I'd be right behind it all the way.)
Gore would have won florida had Katherine Harris not manipulated the vote by purging tens of thousands of innocent voters whom they thought were all felons BEFORE the election. The database was proven wrong and the press didn't run with the story, for obvious reasons.
It wasn't the recount that did it, it was what they did with the voter registrations before the election even happened.
Go read some. The election was definitely rigged, and Jeb is definitely mafia.
Someone mod this post back up! It has been labelled as "flamebait" and "troll" when it makes a perfectly valid point (whether you agree with it or not) that OSS can be used by anyone you want, even by people who use it against you.
Then why, pray tell, aren't the military (since I'm guessing they have the might) arresting Mr Ashcroft and several other members of the US Government elite? Why also are they not refusing to fight in Iraq?
Because it's not our job to arrest Mr. Ashcroft for exercising the duties of his office - and because it would be a violation of the worst sort for the military to actively remove politicians from office just because what they're doing might not be constitutional. Interpretation of what is or is not constitutional is not up to us, it's up to the courts.
As for Iraq - what was actually iillegal about the invasion? Congress authorized use of force in October 2002 and gave the President the money he asked for to fight the war in the 2003 budget. If Congress didn't want the war, all they had to do was refuse to pay for it.
Oh that's right, it's an oath you don't take "lightly", but when the alternative is court martial, you were just following orders.
If the President ordered the military to arrest members of Congress or the Supreme Court, you can bet that oath would come into play. But the military does not act based on what some Anonymous Coward thinks is unconstitutional. Hell, the US Military isn't even allowed to participate in domestic peacekeeping--Google for "Posse Comitatus Act," and contrast it with the military's active involvement in such nations as Pakistan and Turkey. Where would you rather live?
!#@%*)anks for hanging up the phone, dear.
While it is indeed the politicians' fault, the US leadership has a history of such things--Iraq is not a shot in the dark, but the worst and most recent example of misuse of the military. I will never join the military simply because I can not trust the leadership of this country not to order me to do something unethical/unconstitutional.
I understand that - and it's a big part of why I didn't join right out of high school. In fact, I was 24 when I signed the enlistment papers. Fact is, though, you're eventually going to face that dilemma no matter where you work. :) But I'll grant that it's easier to walk away from a job in the civilian sector than it is to walk away from the military, given such a quagmire.
I'd like to think that most military members would have the fortitude to say "no" to something which they honestly believed was unethical, or at least to find out the reasoning behind an order. Maybe this is because I went into the Air Force rather than a branch of service where free thought is a bit less encouraged, though.
!#@%*)anks for hanging up the phone, dear.
Yes, the Florida election was dirty. That wasn't really my point, though - my point was, Florida is only one state and only about 27 Electoral votes. If Gore had carried one more state than he did, he would have had enough Electoral votes to win, and Florida would have been a non-sequitur.
!#@%*)anks for hanging up the phone, dear.
I've thought about this before.
The US Navy has a computer hardware/services/support contract called NMCI (Navy Marine Corp Intranet) with EDS. (EDS is bleeding money over this.)
They are rolling out a standard software load for between 300,000 and 400,000 computers, all with Microsoft Windows 2000 and Microsoft Office 2000, among other stuff. Do a web search, you can probably find the NMCI Gold Disk software contents.
Look at that again... 300,000 to 400,000 desktops with MS Windows 2k and Office 2k. Now, I'd hope they're getting a nice volume licensing deal. But even so, they are spending (in licensing costs along, not including support costs) probably in the range of
Let's see, $300 for Windows 2000 and $500 for Office 2000. Probably with a nice 70% volume discount? (Okay, the volume discount % is nothing but a guess, feel free to correct it.)
300,000 * ($300 + $500) * 0.3 = $72million.
And that's probably "renewed" every 3 years. That's just in licensing costs, just for Microsoft software, just for the US Navy alone. Just for client software, not server software licensing too.
It would be nice to see that spent on OSS development instead, and use some free software tools. After all, the NMCI contract includes paying for software support anyway, as a separate cost from the licensing.
Your tax dollars at work. Mine too.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
Good point - I have always wondered, though, why the Axis weren't able to break that. It can't be *that* hard to find somebody who speaks Navajo who is willing to cooperate for a price, and a linguist who knows what the language is.
But still, the point is valid that there's a place for STO (security through obscurity) and also for STME (security through many eyes). It's like travelling to a foreign country where there are different common diseases than you are used to. Do you try to not drink the water (STO) or just eat what the locals eat and get sick and gain immunity?
Maybe the best solution is to hire a bunch of white hat crackers (sounds like Colonel Sanders, doesn't it?) and swear them to secrecy and then give them the source and see what they can do. Best of both worlds.
Someone mod this post back up! It has been labelled as "flamebait" and "troll" when it makes a perfectly valid point. . .
And you don't think the following qualifies as flamebait/troll material?!#@%*)anks for hanging up the phone, dear.
I see. So the Supreme Court, appointed by politicians, gets to decide what's unconstitutional, right?
Mostly right, but only insofar as it may interpret laws which have been passed.
And you feel your oath only counts when the (relevant) courts say so? Which, by the chain of power, means when the politicians say so? Oh dear, sounds like you've just made your own oath impossible to uphold as it applies to politicians.
Actually, as far as I know, politicians make an oath to uphold and defend the Constitution as well. If you feel they're not upholding their oaths, maybe you need to talk to them about it. Regardless, you seem to be avoiding the question of what exactly was unconstitutional about the Iraq war. And as far as Ashcroft's actions are concerned, try to remember that the rights granted within the Constitution do not apply to people who are in this nation illegally.
False dichotomy. Many Western nations deploy the military on a temporary basis in times of emergency and are politically as free and safe, if not more so, than the United States.
That's fine, but you're talking about military personnel arresting government officials. The term for that isn't "time of emergency," it's martial law--and that doesn't fly in any Western nation I'm aware of.
!#@%*)anks for hanging up the phone, dear.
Somehow this discussion managed, once again, to turn from a discussion on stringent pentagon security, usability, and stability standards, to a Microsoft bashing session.
Although some of Microsoft's business practices obviously incite a lot of pent up anger in many slashbots, it's not what's at issue here.
However the issue IS licensing and how it pertains to OSS.
The way I see it is that in open source, anything you modify in a product must be publicly released or else it is a violation of the license. This probably irks the pentagon because they don't want to hear whiny slashbots complaining that they aren't making their modifications public (which would be an intelligence nightmare) or have to deal with the fact that 1,000s of programmers around the world have ready access to the code base of whatever OSS would be in question.
This isn't to say MS is much better than these respects, except for the fact that we're talking about the pentagon here. If they're going to sign a contract with MS it would NOT, I REPEAT NOT, be a vanilla corporate contract. This is the PENTAGON, the nerve center for the most powerful military in the world! You can damn well bet they've got a clause in that contract that hold microsoft accountable for any bugs/holes in their software which does not meet their specs under the contract. This is what they get out of closed-source, accountability.
Please continue your delusions, as they will be OSS' downfall.
I think that it seems a little weird that the US military is on the one hand acting very anti opensouce, while on the other- it is actively funding its development.
Well, the DARPA thing was more an anti free speech thing, and anti-canadian. But then again, Canada is a haven for pot-smoking communist al-qaeda agents! ;) (Well, to be fair, there were several terrorists caught trying to cross the Canadian border to execute attacks timed for New Year's Day 2000...)
The most anti Open Source thing they have done recently is accepting Microsoft's new licensing terms after finding out they had been charged far more than ordinary businesses would be charged for the same Microsoft Software. They accepted Microsoft's song and dance about giving them a discount, whereas the Germans were smart enough to say "forget you, man!"
I for one would support legislation that requires all government entities to use ONLY open source software. It is unconscionable that they are wasting taxpayer dollars on crappy software to which they do not even possess the source code. How do they know there are no trojans and backdoors in that software that could be revealed to our enemies?
Interpretation of what is or is not constitutional is not up to us, it's up to the courts.
You sound like a nazi officer.
"Military members swear an oath to defend the Constitution of the United States--it's an oath we don't take lightly. If you're not happy with the Iraq war, that's fine. . . neither am I. But blame the politicians you elected into office, who sent the troops in the first place."
Excuse me for bringing up this one small point, but don't those politicians also swear an oath to defend the Constitution of the United States? So what's your point? Does anyone in politics OR the military even know what's written in the Constitution they swear to uphold and defend?
How does one who is in the military deal with an issue where they are under orders to do things that they consider anti-Constitutional? Do you defy your orders or defend the Constitution - which will it be? I'll bet I know the answer! In the case of the Iraq war (and plenty of others before it) the Constitution was circumvented by the fact that we fought a war without Constitutionally-required Congressional Declaration of War. I didn't see too many among the military with the guts to stand up for the Constitution.
Does anyone outside the military and politics still beleive this is the "Land of the Free"?
Darn it!!! Why do people continue to repeat this! George W. was elected because he got the majority of electoral votes. If, however, Florida's electoral votes were given to Al Gore, then the college would have produced a **TIE**!!!
When the electoral college can't pick a winner, it's up to the US House of Representatives. The majoirity of the Representatives in the House were (and are) Republican. I'm willing to bet my son's college fund that, if it came to a House vote, that the vote would have broken along party lines, and George W. would ***STILL*** be the 43rd President.
That's the system. If you don't like it, get an Amendment passed or call for a new Constitutional Convention. Do NOT whine about the system acting like it was *designed* to act.
Oh, and as for the fact that the majority of the voters voted for someone else. Big deal. About 57% of the voters voted for people other than Bill Clinton in the first election (as opposed to the 52% that didn't vote for George W.), and he still won the electoral college. That's just the way that the game is played: plurality rules, and not majority rule. Cope.
I personally don't see a need for the military to jackboot someone else's code, since there're about 1500 military programmers in the US Air Force alone
How many programmers are there in Robert Mugabe's regime? None, so he probably uses linux and MySQL to keep track of his purges.
Rather than talking out your ass, how about reading the GPL? You only have to distribute the source if you intend to distribute the binary. Since Uncle Sam isn't in the software distribution industry, I doubt this is going to be a problem for them.
The fact that they run the most powerful military in the world means squat - do you think they're going to bomb Redmond if they're displeased with Windows ME? You're using "the Pentagon" as a catchall term for military procurement... most of which is done in relatively small lots by individual military agencies... and they get the same treatment as MS' corporate customers
Now go away and troll somewhere else.
Sean
For those of you humor-challenged ./ers, timothy was referring to the requirements that the DoD was placing on software contracts in general (and really any contract for that matter), not about the actual requirements being slanted away from OSS or anything else for that matter.
"All great wisdom is contained in .signature files"
Hate to burst you cozy little conspiracy theory, but MS products *do not* get a bye whe it comes to examining them. Case in point:
The primary Microsoft OS in the DOD is still Windows NT, running Office 97. The approval to operate Win2K did not come down until 2002, and XP was just approved last month. Contrary to what you may think, a lot of smart people will scrutinize the OS until there's a final consensus.
If anything, this arrangement actually helps Microsoft! The first thing we have to do when we get a new box is slag the preloaded OS and load an approved one, then apply all the SP's and patches...
How does one who is in the military deal with an issue where they are under orders to do things that they consider anti-Constitutional? Do you defy your orders or defend the Constitution - which will it be? I'll bet I know the answer! In the case of the Iraq war (and plenty of others before it) the Constitution was circumvented by the fact that we fought a war without Constitutionally-required Congressional Declaration of War. I didn't see too many among the military with the guts to stand up for the Constitution.
I've answered this question already elsewhere in this thread, but I'll answer it again for your benefit: If Congress didn't approve of the war, they shouldn't have:
The Constitution gives the President the job, as Commander-in-Chief, to command the United States Military. The Congress can check that power by refusing to fund proposed military operations. If they choose to give up their power and allow the President to prosecute a war their constituents believe is unjust, then whose problem is that?
But then, really, the Constitution was doing its job - after all, a majority of the US population wanted war. It is not the job of our governing document to mandate pacifism--only to ensure a stable system of government that remains under the control of its people.
!#@%*)anks for hanging up the phone, dear.
I don't get it. It sounds as if people are upset that governmnets, military operations, and corporations tend to refuse to adopt open source software. I cannot help but see that as a good thing. On one hand, we openly express dissent at the corporatization of governments, and at the excesses of military operations as they wage their unpopular wars, and at the oppression of tyranny in government, but then we express disdain and resentment that these same tyrants refuse to become more efficient and cost-effective by using the free software.
Free software is in no danger of extinction. It's not important that governments and corporations refuse to adopt it. Also, if the free software approach is such a significant advantage, why aren't we seeing companies that use it overtaking companies that refuse to use it? After all, if the margins are thin, the one who can make them a little less thin, wins, right?
Stop blaming "management", people. Instead of buying toys, leasing expensive cars, getting real estate in ridiculous markets, or spending all your money on entertainment, why aren't you putting that into new businesses and revolutionize the industry yourself? Why aren't all these enlightened geeks in charge by now, anyway? If everyone is working in an environment where they have to deal with dysfunctional management, well, let's just say I was sick of hearing it 10 years ago, and now, I'm disappointed that nobody seems to have risen to the challenge. And that includes the military.
If clueful people have opted out of positions of authority, it's their own fault that the people who now occupy those positions of authority are idiots.
In the words of Stone Cold Steve Austen "Hell Ya". In a democratic country I fell it is the governments obligation to choose the most cost efective solution to any given problem. Saying that I can not tell you which OS would be the best. Conversly any thing from Micr0s0ft would be the worst.
Godwin's Law. You lose the debate. Goodbye.
Good point - I have always wondered, though, why the Axis weren't able to break that. It can't be *that* hard to find somebody who speaks Navajo who is willing to cooperate for a price, and a linguist who knows what the language is.
I haven't read a good academic writeup on this, but I have a few ideas. Firstly, afaik the language being used was never identified by the Axis, so they did not even know what to look for (thus security through obscurity). The language was not easily identifiable because it is not related to commonly used languages (afaik).
Also, there is a little problem of finding a native speaker of Navaho and getting access to them. There weren't very many of those to go around, and I would suspect they were all in the US (there are probably even less now). Once you have found one, you have to convince them to work with you. Now remember that the Nazis wanted to kill everyone who was not an Aryan eventually, and the Japanese had similar racial policies. How likely is that?
Just some ideas to consider.
What if for some reason it doesn't explode and is still intact?
"It's a very tangled subsystem." --Windows kernel guru
Actually, as far as I know, politicians make an oath to uphold and defend the Constitution as well. If you feel they're not upholding their oaths, maybe you need to talk to them about it. Regardless, you seem to be avoiding the question of what exactly was unconstitutional about the Iraq war. And as far as Ashcroft's actions are concerned, try to remember that the rights granted within the Constitution do not apply to people who are in this nation illegally.
This point is brought up a lot. BUt the simple fact of the matter is not everyone who was detained was detained because they were in the country illegally. When you start randomly rounding up people from other coountries, you are bound to nab a few illegal aliens, or people who you might suspect of committing a crime. But that is *not* what led to their detainment in the first place. Besides that, there are plenty of cases (some brought up in the popular press recently) in which INS says someone is an illegal alien but they aren't really because they did file all their paperwork and it was lost or mishandled by INS. INS needs serious revamping and 9/11 brought out only a few of the many problems with it.
It should also be considered that some of those detained were only detained because they had names similar to known terrorists. Or because they fit a profile. The government has not been incredibly forthcoming on how, how many, when, and why people have been detained, but it is clear some of them have been detained for almost three years now, still with no trial and no justification. Though some people are claiming the rights of the Constitution do not apply to them, I firstly disagree with this entirely, secondly point out that there are some international treaties which the US has signed which do grant these people some rights which we are now breaking. There is no justification for the way our government is currently behaving and it is clear they are loving every minute of this gross abuse of power.
I would also like to thank you for your participation in our nation's defense and this debate, and for your attitude in same. I agree with you wholeheartedly that the problem is not the military but the government, as usual.
IHBT! IHL, and IHBD.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider
Kinda reminds me of when I was playing airplane with my baby daughter. I was on my back and had her happily propped on my legs above me and I was making airplane noises when she dropped a bomb... baby puke right into my mouth!
You thought Luke Skywalker got a good shot into the deathstar - she got a direct hit!
SEO Copywriter. Just Say ON
BTW, code IS written that way...
http://niap.nist.gov/cc-scheme/
This web site has all of the various policy documents.
DOD Directive #8500.1
DOD Instruction #8500.2
NSTISSP #11 Fact Sheet
NIST Spec Pub 800-23
NSD 42
NSTISSAM Compusec/1-99
USAF CIO Memorandum
Natl IA Acquisition Policy
Pres. Decision Directive 63
Info. Assurance Reg 6-8510
And more.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Why aren't all these enlightened geeks in charge by now, anyway?
Because as any politico will tell you, a popular incumbent is hard to beat. I am very impressed with the inroads OSS has made already into the corporate/government world, I believe mostly because of the education of those management types that IT people provide. Of course other factors are involved, but I feel that sitting down with the boss and explaining and giving a demonstration has a lot to do with it. Don't talk down to them with a lot of tech terms; they hate that and will probably boot your project on that principal alone. 'TCO' is still a buzzword they like to hear. Provide the proper presentation, in thier language, and things click. Don't get me wrong, people still want closed source on the desktop because that is what they are familiar with. And sometimes a closed source app is foisted upon the IT dept. to support one way or another, but if it's what makes the company tick you don't have much of a choice. Just lock it down and stabilize it best you can.
For this reason Security through Latency isn't a much better solution either.
There's no such thing as Security Through Latency, except as a bad idea that the US government forced upon some private citizens by its export restrictions (defining powerful encryption as illegal weapons).
Moore's Observation of increasing computer speeds is well known. "CPU speeds double every 18 months". Lets assume for a minute that there's a techological advance, and they start doubling every 3 months. That's a 16x improvement per year- to keep up with that, you just need to increase the size of the crypto key by 4 bits per year. Easy. Some people today already use 2048 bit keys, which will take centuries to brute-force, even if Moore's Observation speeds up drastically.
Increasing CPU speeds will always take enormous technical effort. Increasing the resiliency of encryption only takes doubling the size of an integer in the software.
DoD works on memorandums. The fact that FOSS is mentioned means that FOSS exists. Sorry. OSS. Why isn't FREE software mentioned in this memorandum; they mentioned the GPL?
Having done my time in code mines of a DoD contractor, I can tell you that:
(1) Now, as far as the DoD states, Open Source exists.(2) It *instructs* people to seek legal council on the license; something which is normally done in DoD.
(3) It made a post on Slashdot.
Strangely, the DoD has been using FOSS for a while. Why a memo now?
Counsel, counsel, counsel.
Monopolies always like government regulation, since it imposes barriers to entry. High barriers to entry protect big players and disproportionately penalize small players. A few megabucks to qualify a product come out of the petty cash drawer at Redmond, but are a big deal to small firms and free software providers.
Since the purpose of the US government is to transfer money from taxpayers to large campaign contributors without undue public scrutiny, there will often be policy documents that are published that make no sense if you assume that they are meant to achieve their stated purpose. But they make perfect sense if you consider what they're really optimized for.
Get your teeth into a small slice: the cake of liberty
If you read the Memo linked at the bottom, you will see that this is, in fact, a trojan for BANNING most OSS in the DOD. It has been policy, mostly honored in the breach than the observance, that all systems used in the DOD be NIAP Evaluated to the level required for accreditation to the classification of the data being processed. This memo REITERATES that guidance by including the policy. Since all DOD systems MAY process Sensitive But Unclassified data (like anything with an SSID in it), that means ALL systems need at least EAL 2, and in general the lowest level that gets accredited is EAL 3 (on the basis of "train as you fight", so you use the same systems in peace as you would use in war). This evaluation costs money, and must be redone each time the code changes. Who is doing this for most OSS? It's a source of constant debate in the DOD community, but the reality of the IA policy is that ONLY commercial software is likely to actually pass muster.
your comment, while true and insightful, can be miscontrued as "Score: -5, antisemitic" by some of the more knee-jerk right wingers here in Slashdot.
Nevermind that Israel receives most of the foreign aid given worldwide by the USA, and has never made a single foreign debt payment, many people still think its a struggling nation, unjustly suffering from the "scourge of terrorism".
No sig for the moment.