Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defense Dept. Memo Explains Open Source Policy

Posted by ryuzaki0 on from the bureaucracy-miring-in-itself dept.

TonyStanco writes "Big news. DoD issued a policy statement leveling the playing field for Open Source. We have the memo on the Center of Open Source & Government site." The requirements listed in this memo make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider." See this PDF for more information about National Security Telecommunications and Information Systems Security Policy (NSTISSP) number 11.

22 of 387 comments (clear)

  1. HTML Version by cruppel · · Score: 1, Informative

    HTML Version of the PDF.

  2. Justification.... by mao+che+minh · · Score: 5, Informative
    Well, the possible use of any commodity that may be used by the government (especially by the military) is always pitched in a structured and lengthy write-up that examines all aspects of the commodity and it's probable uses.

    Oh wait, everything but the use of Microsoft products that is. It seems like that gets instant approval without the need for any justification. "Microsoft released Windows XP? OK, upgrade, forget about the costs and everything else that such an upgrade demands - just do it - across the board. Office XP you say? OK, allocate $10,000,000 for the software, we'll worry about paying for the licenses later."

    Everyone knows that the benefits of using open source products far exceeds any benefits that can be reaped by paying a whole bunch of money for closed source products and their associated licenses (which are arguably always more extensive and restrictive then open source license schemes). Sure, paying $50,000,000 to upgrade your old NT servers to 2000 and your 98 desktops to either Windows 2000 or XP has it's benefits over spending $30,000,000 on Redhat and Star Office and the training. A bunch of sales people always say that such a move (upgrading Windows servers and clients and Office) has it's benefits. I just don't seem to see them. Maybe I'm too progressive, I don't know.

    PS: didn't get it...this time

    1. Re:Justification.... by Anonymous Coward · · Score: 1, Informative

      Hmmm, I'm a Navy Captain (Colonel equivalent for the military impaired) running debian testing on my home box and debian stable on my traveling laptop. No I don't have a Comp Sci degree or work in IT. And I know your perceptions of military life are not based on fact, at least in my personal experience coming up through the ranks. With few exceptions, today's US military personnel are extremely motivated and savvy. Check out recent history in Iraq. And in my area of expertice, you won't make Captain without a Masters degree.

  3. Not the same memo by sould · · Score: 4, Informative

    Sorry.

    That document you linked to is dated Janurary, 2000, not may 2003.

    It also does not mention the GPL.

    1. Re:Not the same memo by fanatic · · Score: 5, Informative

      The dipshit that posted the article linked the wrong doc. Here is the right one: http://www.egovos.org/pdf/OSSinDoD.pdf

      --
      "that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
  4. Re:Gawd. If code were written that way . . . by sould · · Score: 5, Informative

    Gawd!

    It aint that hard.

    Basically:

    1) It defines OSS & GPL

    2) Says they're OK to use provided:
    a) They comply with the same Dod policies for equivilant Off the Shelf software
    b) They're comply with the requirements defined by the National Security Telecommunications and Information Systems Secuirty policy.
    c) They're configured as per DoD approved security configurations from http://iase.disa.mil and http://www.nsa.gov.
    d) You dont break any licenses.

    Thats all!

  5. Which in fact, means jack... by Ayanami+Rei · · Score: 4, Informative

    especially since OSS is often (and arguably most useful) used to augment existing systems, with no expectation of redistribution. It is up to the project managers to make a product that delivers; forget about NSTISS or the GPL.

    And most COTS systems in use don't have the certs anyway, and no one gets in a tizzy. It's only if you wanted to hook it up to SIPRNET or something (and then it gets reviewed independantly anyway).

    This is just some stuff to make the guys funding the projects (Congress) feel better.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
    1. Re:Which in fact, means jack... by Anonymous Coward · · Score: 4, Informative

      For the (34^e)*78368.22432 + Pi time, please get this through your thick skull: The GPL only applies IF YOU DISTRIBUTE THE SOFTWARE The DoD, NASA, NSA, your granny etc. can use GPL software until they have it comming out of their ears, but you have no right to see, smell, touch or taste even the tiniest scrap of it unless the person using that code legally distributes a binary to you. They do not have to make the source code publicly available so that anyone can download it, although anyone who has recieved a copy of the code can redistribute it as they wish.

      So unless the fucking missle flies through your window, the code has not been distributed to you. If that happens, you have bigger things to worry about than the god damn source.

      Now for fucks sake, go read the GPL and the FSF FAQ's about it, or shut the hell up.

  6. Re:So Basically... by Anonymous Coward · · Score: 1, Informative

    The Govment doesn't have to distribute the source amongst itself.

    However, if they were making the software available outside the govment, then they would be obligated to honor the terms in the license/s.

  7. Careful with that License, Eugene by rc.loco · · Score: 1, Informative


    When I read this memo, I don't particularly think it's endorsing anything. They basically remind people that "the Linux operating system" is an example of "open source software" released under "restrictive" licensing terms (i.e., the GPL) and that usage of such software is subject to policies and protocols just like any other software used by the DoD. They then make a point of reminding people that if they use OSS software, that they remember the licensing impact because it could have ramifications later (e.g., if they modify any code that is covered by the GPL).

    It's almost like they are setting the stage for some intellectual property issues with GNU/Linux. Perhaps I'm being too paranoid given the ripple effect that the whole SCO fiasco is having, but that was my initial reaction to the memo's direction.

    --
    --rc
  8. Re:So Basically... by cyt0plas · · Score: 2, Informative

    The GPL basically says (oversimplicification, oh well) that if you distribute a binary copy to someone, you have to include the source. First off, if it's so "top secret" that it cannot have the source given out, they probably won't give the binary out either. Secondly, if they keep it internally, it's not "dissemminated", and as such, they are not bound by it either.

    The GPL is a copyright license, and as such covers only _distribution_ and posession, not use or output. They don't distribute it - they don't have to give out the source.

    --
    Contact Me (got tired of viruses emailing me).
  9. Re:Eeep. Spider-babies by Strike · · Score: 2, Informative

    Shouldn't that be "like a gecko " anyway?

  10. useful link by Anonymous Coward · · Score: 2, Informative

    link to ACTUAL pdf that we're discussing, not the second one referenced by the headline...

    http://www.egovos.org/pdf/OSSinDoD.pdf

  11. Re:Navy/Marine Corp and the desktop by Camel+Pilot · · Score: 4, Informative

    Official NCMI information site

    The and another

    Bitching from a deckhand

    .. UNIX/Linux machines would connect as
    legacy servers...

  12. Re:Navy/Marine Corp and the desktop by Minna+Kirai · · Score: 2, Informative

    Try google.com someday. But here's a story on C-Net. Notice that the central contractor for this project is Ross Perot's company. (Here's another article which mentions different defense contractors doing the work, plus other big IT jobs)

  13. Re:Navy/Marine Corp and the desktop by cvas · · Score: 2, Informative

    Welcome to this decade, EDS has not been associated with Ross Perot since 1986.

  14. Re:Earth Governments Are Fools by petecarlson · · Score: 4, Informative

    It wasn'ta toilet, it was a toilet seat. The seats in question were for C-130 aircraft and had to meet a shitload of specs. I woked for the company that made them (Middle River Aircraft Systems)and saw the specs for them. Quit inane, as many aircraft specs are..

  15. Re:hmmm... by gbjbaanb · · Score: 4, Informative

    I don't know about 1) but my last company, we had a bug, and a nice support contract with MS, this bug turned into something pretty major for us, and MS stepped in and had developers working 9-5 to find and fix it.

    Apparently if the bug hadn't been fixed in a week, it'd have been escalted into a 'class A' bug and Ballmer or Gates would have been informed, and the developers would have started working round the clock.

    (it turns out our CTOs code was at fault, the duffer).

    I was surprised at the response from MS though. I think we had paid a fair bit to MS for the support, though knowing the guys in charge they persuaded MS that it was a strategic relationship and subject to a special discount.

    Oh, we also had a MS employee assigned to us as a support contact - not just a secretary-type either, someone who knew his stuff and could actually do things for us, including helping us with the MS performance lab we got to use.

  16. Re:hmmm... by Quila · · Score: 2, Informative

    I've never been in on any extremely large-scale MS buys but:

    1) I've never seen any guarantees of uptime.
    2) I've never seen anything other than standard corporate-style support, but I've never even seen that being used. All problems are handled by the in-house help desk people (who may be non-Microsoft contractors), who may go to TechNet for answers.

  17. Re:Gawd. If code were written that way . . . by stanmann · · Score: 2, Informative

    You know, Despite the humor of your comment, and grand-parent, You still even today cannot go wrong buying IBM. You may pay too much, but in a corporate or other enterprise(government, military, educational, etc) IBM is around today, and will be around tommorrow. They support their hardware and any software they supply. They even still produce a version of PC Dos and support it. They also continue to provide support for the last version of OS/2 Warp.

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
  18. Re:most important reason not to use OSS license by PhxBlue · · Score: 3, Informative

    Then why, pray tell, aren't the military (since I'm guessing they have the might) arresting Mr Ashcroft and several other members of the US Government elite? Why also are they not refusing to fight in Iraq?

    Because it's not our job to arrest Mr. Ashcroft for exercising the duties of his office - and because it would be a violation of the worst sort for the military to actively remove politicians from office just because what they're doing might not be constitutional. Interpretation of what is or is not constitutional is not up to us, it's up to the courts.

    As for Iraq - what was actually iillegal about the invasion? Congress authorized use of force in October 2002 and gave the President the money he asked for to fight the war in the 2003 budget. If Congress didn't want the war, all they had to do was refuse to pay for it.

    Oh that's right, it's an oath you don't take "lightly", but when the alternative is court martial, you were just following orders.

    If the President ordered the military to arrest members of Congress or the Supreme Court, you can bet that oath would come into play. But the military does not act based on what some Anonymous Coward thinks is unconstitutional. Hell, the US Military isn't even allowed to participate in domestic peacekeeping--Google for "Posse Comitatus Act," and contrast it with the military's active involvement in such nations as Pakistan and Turkey. Where would you rather live?

    --
    !#@%*)anks for hanging up the phone, dear.
  19. URLs blead them Re:Gawd. If code were written.... by mrmeval · · Score: 2, Informative

    BTW, code IS written that way...

    http://niap.nist.gov/cc-scheme/

    This web site has all of the various policy documents.

    DOD Directive #8500.1
    DOD Instruction #8500.2
    NSTISSP #11 Fact Sheet
    NIST Spec Pub 800-23
    NSD 42
    NSTISSAM Compusec/1-99
    USAF CIO Memorandum
    Natl IA Acquisition Policy
    Pres. Decision Directive 63
    Info. Assurance Reg 6-8510

    And more.

    --
    I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty