Slashdot Mirror
Open Source In the National Interest
munchola writes "A new report from the Department of Defense's Advanced Systems and Concepts Office recommends that the DoD move to adopt open source software and methodologies as well as open standards in order to make the most efficient use of internal resources. According to CBR, the report states that a move to 'Open Technology Development' is not only in the U.S. national interest, but in the interests of U.S. national security. OTD incorporates open source methodologies and open standards, but also takes into account the fact that the DoD has systems that it would rather keep secret."
Let's have a party! Invite Linus and Stallman! :)
:)
Bring the fireworks!
About Time
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I foresee the DoD changing its tune after Microsoft drops a few million dollars in the right direction to make this go away. Remember the Open Doc file format drama that unfolded not too long ago? ...where did I put my tinfoil hat again...
My humor is probably your flamebait
Govt. IT is highly fragmented. It took 20 years for DOD to switch to all-diesel. How long to switch to open-source?
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
The statement that people could introduce malicus code into Linux that then makes it's way into secure systems. Of course with companies outsourcing programming jobs to other countries the same thing could happen with a closed source system.
The solution for OSS is simple. Any OSS software that goes into a Command and Control system needs to have it's source code audited by an independent authority.
Of course the same thing should be done with any software that goes into a military, aerospace, or any other mission critical system. In this case OSS does have a clear advantage in that the end user can select any group to perform the code audit instead of depending on the vendor.
Of course if the military does a code audit on Linux they would have contribute back the patches so it is a win win situation.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
First, I generally agree that there are many areas where this will be of significant benefit. Unfortunately, there are so many problems across DOD right now due to insufficiently trainied operators/admins - this will make it significantly worse in the operational arena. I have been on board many installations to train people and was saddened by the lack of sound IT skills by those that are supposed to be managing the systems. Of the 100 or so IT personnel I have trained, I would say that 5-6 have the necessary mindset and skills to effectively implement OSS. Centralized control is a hallmark of DOD IT - and this flies in the face of that as well, from a cultural perspective. (not that this is a bad thing) So, this means that not only will they need to change the infrastructure - the culture will need to shift, which is a much longer term issue. Then again, this could be good for the network-centric warfare concept. It could inject a much needed does of innovation.
Granted, I'm not talking about Command and Control systems, but the DoD has been using OS Software for years now. I know because they are using iText to produce billions of PDF documents. I have been mailing with DoD developers regularly in the past (and neither I, nor my product is American). It's not as if they have changed their mind about OSS overnight. The remarkable thing is that they are now coming out with a policy about OSS, and that they are considering to use it on a larger scale. (Yes, we're talking about Operating Systems now!)
It has also blown up several rockets and caused other havoc.
Why is this? Because 99% of these systems were done in closed source. If they were done in open source than open source applications would be blowing up pipelines and rockets.
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/
Here's the problem with adopting Open Source for everything: It completely homogenizes the entire process of software development, which means that it tends to quash alternative development tools, languages, and techniques.
For example, is it good or bad that JavaScript has implicit typing? Many developers want explicit typing, and call implicit typing "lazy". I can barely have a conversation with a group of fellow geeks without getting shouted down on this topic. The problem with group-anything is that group-think will prevail. To quote one of my favorite posters from demotivators.com, "Meetings: None of us is as dumb as all of us".
In addition, alternative lanuages and tools tend to be stifled in so-called "open" (read group) environments, because the rest of the group immediately pushes to have the alternative tool or environment removed, unless the group agrees that it is a good idea. Is that the way inventions are made? No. Inventions are made by a single person with a radical idea avoiding all the intervention/interference, naysayers, etc. and presenting that idea DESPITE the opinions of others. I can see opening source after the fact for auditing and sugestions, but not for development.
It seems that a lot of the open source push has been a reaction to the fact that many of the development tools we use are not at a high enough level of abstraction. If you abstract away from code and languages where you are doing your own memory management, one would think that you would experience fewer memory-related programming issues. What kind of issues are most often discussed with open-source development? Exploits, buffer overflows, etc. I can see the database engine being open source, which would help with dealing with injection attacks, but the rest of the application (where the money is) can't possibly benefit from having lots of people "helping out".
Imagine the entire cast of The Food Network making soup together at the same time. "None of us is as dumb as all of us".
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
The chicken-and-egg problem is a big problem. If you need to verify the security of a system, you need to have written the compiler, from scratch. You cannot rely on a third-party tool, unless you can verify the compiler executable (not its source code). The article also notes that the problem is even worse: you need to verify that the hardware implementation of the instruction set is correct.
Don't get me wrong, I think that open-source is important. It just doesn't provide any absolute guarantees.
It makes contract bidding cheaper. If you can use an OSS toolkit over a proprietary one, the cost that gets billed to the government is lower which makes it easier to win contracts. Other than that, bureaucratic inertia is the only major problem OSS faces. There is hardly any more bias against OSS than there is toward any regular commercial software.
This is the time that Open Source activists and promoters need to run with the ball. Draw the attention of CEOs and business executives to the fact that the DoD advocates Open Source. Show them that we're not talking toy software. Show them that this isn't about not wanting to spend money. (Since when was the DoD afraid to spend money?) This is about an innately powerful method of developing high-grade - even military-grade - products that do what people actually need done.
We couldn't ask for better, but only if those outside of the IT industry actually hear of it. If only those who already accept the strengths of Open Source know that someone else has also decided it is a good solution, then that decision means nothing. Particularly as the DoD is very unlikely to do anything about it. It'll just be a decision. But if the business community got shown this... That would be a whole different ball-game.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Govt. IT is highly fragmented. It took 20 years for DOD to switch to all-diesel. How long to switch to open-source?
Penis Cleaver, what a cute name you have. Oh well, it's worth the time to answer your silly question.
Intention is more important than time here. Now that the US DoD has realized and prooven the obvious, they will do it as they need to.
The rest of us can continue the migration and have fewer problem doing it. We can now point to it whenever we run into "Get the Facts" nonsense that M$ and other tin horn companies spend lots of money telling people. It was bullshit and this is one more nail in their credibility coffin. It's the kind of thing that makes their fanboys feel like they were lied to, because they were.
Enough hits like that makes things much easier. Between the government stating the obvious, DRM and corporate rip offs, M$ is losing most of it's fan base. Companies are feeling very burnt by the long time it's taking to get Vista out because of all the money the spent of code assurance plans. DRM disasters are turning off home users and reviewers because the systems are so buggy that all of M$'s hardware lock-ins and driver advantages are negated. Now everyone can look back at the things M$ has said about security and think, "those people are not very honest." All of that animosity makes it that much easier to advocate free software.
It's nice to see people finally catching on.
Friends don't help friends install M$ junk.
I work for the Child, Youth and Family Development department. We use Windows on the desktop, Novell as our file server and SuSE Linux for everything else. Currently we are transitioning away from HPUX to an IBM BladeCenter environment running VMWare and SuSE. We have one major application and several minor ones. The major app, a client tracking system, was developed in house and runs Sybase as a back end. Eventually we plan on porting it to use Postgres and releasing it as open source so that anyone in need of a client tracking system can use it.
This is the real beauty of open source in government, not leveraging the work of others by running open source systems, but leveraging the large development force that most governments have to share in house apps wit less of the usual inter-agency squabbling. An agency that might be wary of using a non open source application developed by a rival agency will be less wary of using an open source app that just happens to be developed by said rival. Instead of reinventing the wheel, in house development staff can cooperate with other staff in other agencies.
That the DoD would recommend open source is exciting, because it really is a good fit for government agencies. Believe it or not, our little state government IT department is better run and more on the ball than most IT departments that I have worked for in big corporations. Moving to Linux hosted on blades running VMWare has freed up a lot of resources to plan for the future that used to be used in just putting out fires.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
It is called GNAT: The GNU NYU Ada 9X Translator. "GNAT is a free, high-quality, complete compiler for Ada95, integrated into the GCC compiler system." Note that "The work was co-sponsored by ARPA and the Ada Joint Program Office." Also look at GNADE, the GNU Ada Database Environment.
The WGA debacle has proven that WIndows update is a security risk. Not running Windows update is also a security risk. When non US governements will reach the conclusion that they need to move off Microsoft software? It is a matter of national security.
...your rifle was made by the lowest bidder."
That's a relatively old joke in the Military, and a relatively sick one when you consider the problems of faulty weapons (e.g exploding in your hands). But it points to something pretty basic. When it comes to things the DOD is rewarded for going cheap. This doesn't mean that they won't but they are rewarded for trying. In this gig Microsoft is at a disadvantage as their competitors are a) Free, and b) can be taken under total control by the DOD. Remeber that in-house changes to GPL'd code need not be released. Microsoft on the other hand is likely to worry about in-house changes to their stuff (e.g. document security restrictions for Office).
While I doubt Stallman will be welcome any time soon keep in mind that Theo De Raadt and the other BSD people have been welcomed (and financed) by the DOD before now. Ditto things like SELinux. In many ways this is only surprising because it took so long for them to say openly.
To: Department of Defense, Source Distribution Department
From: Kim Jong Il
To Whom It May Concern,
In accordance with the terms of the GNU General Public License, I'd like to receive a copy of the source code for your Pacific-based Ballistic Missile Defense System. I do not require it in CD form; please simply email it to me at the above address (k.il@korea-dpr.com).
Thank you for your prompt fulfillment of your obligations under the GPL.
Sincerely,
Kim Jong Il
The recommendation by the DoD isn't specifically to use open source software, though that'd be one possible implementation of it. What they're recommending is that the DoD build a foundation upon which code and standards can be shared in the way that open source tends to do. The current situation in DoD is that basically every project writes its own code, so the software in a GPS satellite may well be entirely distinct from the software in a communications satellite, even though they could both be cheaper and more reliable if they were to reuse code and standards. It's the methodology, not the actual code, of the open source movement that they're interested in.
Haven't made it through the whole thing yet, but FTR:
The business model of purchasing physical goods and services has served DoD well in the past; but it falls short when applied to software acquisition. By treating DoD-developed software code as a physical good, DoD is limiting and restricting the ability of the market to compete for the provision of new and innovative solutions and capabilities. By enabling industry to leverage an open code development model, DoD would provide the market incentives to increase the agility and competitiveness of the industrial base. Currently within DoD, there is no internal distribution policy or mechanism for DoD developed and paid for software code. By not enabling internal distribution, DoD creates an arbitrary scarcity of its own software code, which increases the development and maintenance costs of information technology across the Department. Other negative consequences include lock-in to obsolete proprietary technologies, the inability to extend existing capabilities in months vs. years, and snarls of interoperability that stem from the opacity and stove-piping of information systems.
Absolutely.
There are over 100,000 publicly available open source projects available spanning most functional areas.4 Many of these projects provide mature and robust solutions in their areas of focus. When possible, OSS components should be leveraged rather than funding the development of equivalent proprietary components for specific programs.
Damn Skippy!.
Challenges Culture and Process The primary challenges to this transition will be cultural, not technical. Over time, government acquisitions and development processes have built a bureaucracy and rewards system that encourages and supports the status quo. Careers are advanced primarily on program size, not necessarily overall efficiency. Furthermore, government contractors are measured by revenue; government program managers are measured by the size of their organization and their overall budget. The canonical government contracting process creates high entry costs for small innovative companies -- the established contractors attempt to control their positions through proprietary implementations and interfaces. The system is very good at protecting itself -- new approaches, such as OTD, will have to endure legal, security, and process challenges. The current infrastructure will attempt to delay change, claim they are adapting by trying to assume control of the innovative process.
My Favorite Quote is in the DOD report.
There is one thing stronger than all the armies in the world, and that is an idea whose time has come.
-- Victor Hugo
All in All, I'd say the guy in charge of this report knows his stuff and I for one, welcome our new OSS-using DOD overlords.
OSGGFG - Open Source Gamers Guide to Free Games
There's a technique for completely countering the "Trusting Trust" attack, called "Diverse double-compiling". See my web page on countering trusting trust through diverse double-compiling, which includes a link to a paper describing how to do it, and an example where it's been done.
- David A. Wheeler (see my Secure Programming HOWTO)
Are you some kind of idiot? In a few years some other guy will be in this guys position and will have a different take. When I say fragmented, I mean 100 different domain controllers and methodologies, and ever changing management.
You sound just as bad as the MS apologists. The fact of the matter is you can deploy decent solutions in either open source or closed source, and if you know anything about IT problems in govt you would realize that neither will cure the disease that ails it. You open source guys sound really needy more than anything.
Mr. P3NIS_CLEAVER to you bud.
Please sign petition to restore sanity to our banking system!!!
http://financialpetition.org/