Slashdot Mirror
DoD Wary of That "Open" Word
joabj writes, "Why is the U.S. Defense Department still reluctant to use open source software, despite assurances from within the DoD itself? Blogging for Government Computer News, I found at a recent D.C. conference that to some extent the roadblock might be with that word 'open'."
I was watching a C-Span panel with US Homeland Security Secretary Michael Chertoff earlier today (rebroadcast from Tuesday 9/12) and he was talking about a lot of things. However, I was very positively struck when he talked about interoperability of first responder radio networks and how it's important that we don't lock ourselves into a proprietary network should the feds mandate a specific system.
He specifically refered to making it an 'open source' setup if we were to mandate specific equipment to avoid vendor lockin.
While I don't follow the open source movement too closely, it's a major reference, from where I see it.
As someone in the military, I can tell you for sure that appearance and impression matters MUCH more then function or realism. It's all about how it looks or how it sounds, not what it does or how well it does it. There's a reason our fighter planes aren't called the Kitty or the Puppy. Heh heh, the F-22 Puppy, that'd be funny.
Never give in--never, never, never, never, in nothing great or small, large or petty, never give in except to conviction
I work in a military environment. Recently our computers were transitioned to NMCI. Result: All open source is strictly prohibited. My workspace had designed a really awesome database powered by MySQL and other open source technology. When NMCI came online we were SOL. When we asked for help, we were advised we could spend a $xxx,xxx and purchase a Microsoft SQL Server license instead. When we pushed the issue, we were told that we were welcome to submit MySQL to NMCI for approval but that no one knew how to file the paperwork and no one had ever seen any software approved before. My take: It's a money scam. Somehow NMCI and Microsoft profit from each other with an exclusive agreement.
Most governments, including China, have access to the Microsoft Windows source code. This means that the enemy-of-the-week probably has it too. From a military perspective, that means that the product is 'totally open for all the worlds [sic] eyes and ears to see'. And it doesn't exactly have a great security record...
I am TheRaven on Soylent News
While this is frequently the case, it isn't necessarily the case.
Far too many people think that FOSS is just something you download off the web. Something that someone else creates, but which you, as the customer, have no control over. That choosing an Open Source product is like going to the grocery store, and that you only get to pick whatever products are being offered, and that you otherwise have no say in their design.
However, this isn't necessarily the case. I've spoken to a number of groups on this subject at length, and what a lot of people don't realize is that you can continue to use your existing sources of software, but that you simply have to demand that the developer provide it to you under an Open Source license. That's it. You can still contract out the development work to the companies you're using for custom development. You can still buy from your approved vendors list. The license that the software is provided under is a contractual issue, and thus is something that can be negotiated.
Yes, the vendor may want more money in order to provide their software as OSS. However, if you're a really large corporation or organization (like the US DoD), in generally you'll be able to specify these requirements. Either your vendors meet them, or they don't (in which case you take your business elsewhere). Same as any other requirement specified in the tendering process.
FOSS doesn't have to mean "downloaded from some guys website". For a big organization like the US DoD, this probably isn't terribly desirable (unless the software does exactly what you want, and you can either form a business relationship with the developer, do continued development in-house, or are willing to contract out feature additions and bug fixes to a third party -- this is, after all, the biggest strength of FOSS).
(I wonder what would happen if a really big organization like the US DoD went to Microsoft when it comes time to renew their bulk licensing contract and specified that the software must be licensed as OSS, and in return offered them twice the amount of the previous contract. What would win out? Greed and good business sense, or jealous protection of the code and the loss of a major customer?)
Yaz.
What people really don't seem to understand is the reality that it is often more efficient to replace a system wholesale than get a new group of people who have a year of "learning curve" just to figure out what the hell the existing system is doing.
So, pretend you're a department manager with a million bucks to spend on some piece of software and your vendor just ceased to exist. Your existing application is ten years old and full of bugs. Do you spend your million bucks paying the salaries of ten developers to potentially get you to square one after a year or do you spend a half million bucks on licenses and support for a new package and still keep five in-house developers on to work on the transition?
Most people choose option number two. That's just the reality on the ground, so if you're going to make the open source case, frame it in that context. Don't put all your money on "hey! you've got the code!" -- because that's the least of the worries.
Especially in the military, would you want hurriedly built planes falling apart over enemy territory?
I'd want a program (milspeak for "project") that knows how to limit it's objectives, yet also creates a platform for growth and enhancement.
Thus, if we're on a tight timeline, we'd need a quickly-built airframe that at first is limited (cheap already-existing engines, older model avionics and missiles, etc), but allows easy upgrade to newer faster engines, canards, more capable avionics, misiles and strike capabilities, etc.
"I don't know, therefore Aliens" Wafflebox1
Or maybe it's time we used some meaningless but loaded marketoid term instead of "open source". How about "Real Software" (tm) ?
:)
With the added benefit that you could say "Are you sure you want to use Windows for that project ? I think we should use Real Software".
May contain traces of nut.
Made from the freshest electrons.
The resistance to open source I have seen is "who do you call when something goes wrong?"
That's the primary issue. Another is having the luxury to point the finger at the COTs vendor...MS, Oracle, etc...when something goes wrong..."It's not our fault, it's that shitty MS upgrade".
Another issue still is concern that, should a open source project be KNOWN to be used for classified processing, the authors could be compromised or the s/w could be targeted/examined for holes.
Another issue is mixing code that touches classified data with MS includes and libraries does not obligate open source release...while mixing with GNU might. Releasing code from the govt oftens requires time, money, effort. Or a competing shop could use that argument against the use of open source. "No one gets fired for choosing MS"...your company loses the contract.
However I have seen a rallying cry lately among a lot of civil service types..."Linux Everywhere!"...there is significant happiness in many areas of government using Linux or other open source. The non-recurrent licensing costs are very appealing to government.
I've worked in several shops that dump $10K-100K a year to MS...it can be a real drain for projects in sustainment.
I don't think "Insightful" is a strong enough moderation for the parent.
If "partners" are getting the MS source, they can look at it for attack-vectors and re-compile it themselves. What then is the difference between Microsoft and Open Source? Only a few hundred thousand dollars.
-J