Convincing the Military to Embrace Open Source

drewmoney writes "Misconceptions about what 'open source software' means has made elements of the US Defense Department reluctant to deploy in a live environment. DoD proponents of shared-source projects are now working to reverse this trend by educating IT decision-makers and demonstrating OSS usefulness. 'The cost of cleaning up a "network spill" that introduces classified material on an unclassified network is running about US$11,000 per incident on the Navy/Marine Corps Intranet (NMCI), so the free Secure Save tool could produce monetary savings for the Navy. Additionally, it would cover more file formats than the costly commercial redaction product currently available on the NMCI.'"

First Paste.

First Paste.

first

my first first post. AWESUM

Re:first

You SUCK, bitch.

Re:first

I hate to break it to you, but you failed miserably. In fact, the magnitude of your failure is so large that it would take me 30 years just to describe it accurately. Instead, I think I would prefer for you to just step in front of a train. It would make life easier for everyone involved.

Re:first

+1 Informative We love you, mods.

DoD uses lots of Linux machines

[flyingfsck]

I can tell you, but then I'll have to shoot you...

Re:DoD uses lots of Linux machines

[SCHecklerX]

No need to shoot me. I already know, and it is, indeed, very cool stuff. The military definitely embraces open source, especially with some of the more interesting high performance stuff that they do.

Re:DoD uses lots of Linux machines

[MichailS]

And then you would invoice the army $11000?

Re:DoD uses lots of Linux machines

[smittyoneeach]

The military definitely embraces open source

"The military" encompasses so much as to not mean much. Proprietary vendors still have vast swaths of the DoD by the short hairs. Until very recently, for example, the US Navy had the largest deployed WinNT4.0 rollout as part of the IT21 network configuration on ships. Or so a MicroSoft sales drone was telling me.

Re:DoD uses lots of Linux machines

[Jeremiah+Cornelius]

Let 'em kill people with Bill Gates' junk. Live by the sword...

Re:DoD uses lots of Linux machines

[smittyoneeach]

The most devastating thing in the DoD arsenal is the bureaucracy.
Quite amazing what the DoD accomplishes in spite of itself--the truest testament to the unquenchable American spirit.
Case in point: http://www.defenselink.mil/comptroller/icenter/budget/ppbsint.htm

Re:DoD uses lots of Linux machines

[longacre]

On the other hand, the cyborg soldiers of the future will see Tux on the boot screen of the Land Warrior System currently under development.

Re:DoD uses lots of Linux machines

[Penguinisto]

Yes, they do. They even have security tech guidelines for installing and maintaining Linux in a secure production environment... and it's in a Wiki.

/P

Re:DoD uses lots of Linux machines

Linux dominates in the big computing clusters. Desktops are still a very small, but growing percentage. Microsoft is trying to fight back with bullshit from consultants about cost of ownership.

NT 4.0 and US naval ships...

[G3ckoG33k]

NT 4.0 and US naval ships...

I think Linux floats here. Just check www.top500.org

I can't guarantee that all other open source projects will float as well. But, who could?

maybe they just need to look around

[phrostie]

maybe they just need to look around and open their eyes.
there are lots of projects. for example, http://brlcad.org/

Re:maybe they just need to look around

Hold on! You don't want an "unholy alliance" between the military and open source!

Re:maybe they just need to look around

Wait a minute, we wouldn't want an "unholly alliance" between open source and the military!

Re:maybe they just need to look around

[iamweezman]

As a network technician for the Air Force I can say that our shop is often frustrated by the restrictions placed on what software is allowed on our network. We've opened our eyes and seen some awesome opensource applications that we would love to use to manage and monitor our Cisco equipment with (Wireshark was the last application we fought to be able to use).

Understandingly the Information Assurance office has to be able to certify that each and every line of code does not have some backdoor or potential exploit that could be used by a foreign country. With the massive increase of Chinese hacking going on throughout the DoD, it's no wonder that an organic opensource application has a long process to go through before acceptance.

Re:maybe they just need to look around

[janrinok]

And just how does the Information Assurance office achieve this with regards to closed-source software? Do they actually have a check of every line of code? Or is this simply a way of ensuring that the US Government only procures software produced in the USA? While I fully understand why this might be desireable, it would only be another form of protectionism. I would argue that it is far easier to check open-source code - after all the code is freely available and the run time can be compiled from read-only sources using your own validated compilers and software tools - than trying to achieve the same for commercially produced, closed-source software.

Stop talking about "open Source"

[91degrees]

It shouldn't matter. Some software has all the source code publicly available. Other software only has the machine code publicly available. The differences there are quite small. Most software is somewhere between (A lot of free source code is used legitimately in closed source apps).

But it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just software.

Re:Stop talking about "open Source"

Yeah, but when the software suddenly breaks, and the company hasn't issued a patch yet to fix your problem, you're S.O.L.

With OSS, you can fix it yourself.

Re:Stop talking about "open Source"

[palegray.net]

This doesn't apply in the military. If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels. These sorts of mission-critical software failures are not commonly seen in most military environments, however, due to extremely long certification processes for anything that has blinky lights on it.

As much as I love open source software (my servers run on Debian, my workstations are Ubuntu 64, and I publish open source software in my limited spare time from active duty service), you're not going to see the Navy adopting a patch created in the last few days by Joe Developer. Things just don't work that way.

Re:Stop talking about "open Source"

[John+Hasler]

Have you ever done a code inspection on a binary? Have you ever written a patch for one?

Re:Stop talking about "open Source"

[L7_]

you dont understand. the problem is that with binary distributions, like the majority of COTS software that the DoD/army buys you usually settle on a version number to do all of the testing with. Say, version 1.1. The rest of the system is built around 1.1 and all of its (intended and unintended) functionality. When there is a problem with the software version, commercial vendors fix the problem in the current version. Say you bought version 1.1 in 1997, there is no way that the company is going to sell you 1.1.88 when they are on version 6.0.

This has nothing to say of the commercial binary distributions that are delivered from companies that are no longer in business... it happens more than you think in the defense industry world. Especially with the late 90's push to buy everything 'COTS'. Say you have version 1.1 of a database layer tool... all of a sudden that company goes out of business, I don't care how 'Mission Critical' the software is, it will never be fixed... since they did not have the source.

What you need to understand is that the source distribution model is going to change. Open source/GPL'ed code or Apache based FOSS software is going to be delivered by a defense contractor (the ones that will still be in business in 7 years i mean) and take complete authority over the delivered code. This is no different than nowadays when defense companies buy multi-million dollar software packages, delivered as binaries, that they have to maintain responsibility for. Sure, they can pass the buck when the software breaks... but when the defense contractor has the source (and hires a competent enough software engineer (not too common)) then they can make the changes themselves.

This is what the person is talking about. It doesnt matter that a Chinaman makes the changes to the code, the DoD/military just needs to trust their vendors to authenticate and take responsibility for their software solutions, in house developed, FOSS or closed binary COTS.

Re:Stop talking about "open Source"

If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels.

What are you, a comedian? The US govt/military, getting stuff fixed pronto? Yeah, right, pronto. It'll get fixed...eventually...after spending a lot of money...assuming the vendor bothered to make an archive of the source for the software in question, and that the govt. reps made sure to get the source (been there, seen that). Heads rolling? Not in the world where connections to politicians mean more than technical competence (been there, seen that, too).

The creation and management of software in the military is just as likely to be fucked up and disorganized as any civilian outfit.

Re:Stop talking about "open Source"

[remitaylor]

It shouldn't matter [...] it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just software.

While I understand why you might think that, your statements are simply untrue. It matters. It matters a lot, especially to folks like the military where security is so important.

[security of the source / ability to test for exploits]
Let's say the military decides to use X software for some task. If X is open-source, people could use the source to search for exploits / weaknesses. "But," you say, "even if the code is compiled to binary, you could still test for exploits." Well, yes ... and no. Yes, if you *have* the binary, you can use it directly to find flaws or 'decompile' it to look for potential weaknesses in the generated source code ... but not as easily as if you had the real source, in its original condition. And, even so, that's assuming that you have the source code, at *ALL*! If the software isn't open-source, there's a good chance that you'll never get your hands on the source OR the binary. At all. This is ideal for folks like the military.

[freedom of development / customizations to open-source code]

A lot of free source code is used legitimately in closed source apps

Another issue depends on the licensing of the open-source code. Many licenses would *NOT* allow the military (or whoever) to legitimately use the code in their closed source apps. That's not all licenses, but there are ones that might legally force the military to release their modifications to the original source code. Obviously, the military has to beware of such licenses.

So you see, just from these 2 examples ... it's simply not the case that open-source versus closed-source software doesn't matter or that "it's all just software." I'm sure lots of people can point out numerous other reasons why it matters - these are the two that came to mind for me.

Re:Stop talking about "open Source"

[bigstrat2003]

Exactly, thank you. Reading this story, and the one about Linux being used in various devices, those were my thoughts exactly. Sometimes (especially with hardware), it's important to a user how many others adopt something, so that whoever makes it will have incentive to keep going. This doesn't apply to Linux and OSS, though, so the periodic "Let's get people to use OSS!" discussions slashdot has are nothing more than zealotry, imnsho. If you're not being a zealot, you should have no reason to care what software the military uses, or anyone else, for that matter.

Re:Stop talking about "open Source"

[John+Hasler]

> Another issue depends on the licensing of the open-source code. Many licenses would *NOT*
> allow the military (or whoever) to legitimately use the code in their closed source apps.
> That's not all licenses, but there are ones that might legally force the military to
> release their modifications to the original source code.

If you are thinking of the GPL here, no. They would only be required to provide source to those outside their organization to whom they distributed binaries. They would not have to make the source public and they would not have to distribute it at all if they used the binaries only inside their origanization.

Re:Stop talking about "open Source"

[91degrees]

Have you ever done a code inspection on a binary?

Yup. 99% of military purchasing guys haven't done a code inspection of anything.

Have you ever written a patch for one?

Yes. Haven't you?

Re:Stop talking about "open Source"

YAAAY! thank you!
YES, exactly. The problem isn't with "good" vs. "bad" code. All code has bugs, the QA process is supposed to help, but it can only do so much. The problem is with being able to fix it or upgrade it when it's broken or just used differently, especially when it's long out of date or a company has gone under.

To put a slightly different twist on it, who remembers Casini, the NASA project? Well, this is backwards actually, but they used a radio designed by lockheed martin. It turned out that this radio, designed for satellites, had a fixed clock with self-tuning for the digital signal only in a small range. Even satellites experience problems with red/blue shift, but only within a finite range. Lockheed martin wouldn't tell NASA the details of the spec, so NASA didn't know that this would happen until someone figured it out by accident... and then spent months proving it to the people above him. As it happened they were able to tweek the mission to just inside the operational parameters, but they got lucky and it shouldn't have happened. This is the kind of stuff that happens with "closed" solutions.
Hell consider the Arian V rocket that exploded, we all know that story. That code was just FINE, until you went outside the operational parameters. Those type of parameters are NEVER documented properly (and if they once were... sorry but even defense contractors don't use ADA much anymore. So said a guy I talked o from Lockheed). So, to know these details you have to see the code. Imagine a Nuke with the Arian bug, where the closed code was tested 10 years ago on slower missiles, now the company is out of business and you would have to decompile to check, you think they'll do it?... So now we launch a nuke, and it goes off right above us causing the worst fallout in history.

Open Source isn't magic, it doesn't solve all your problems, and it's probably no less buggy... but at least you have to tools to do the job, or pay someone else to do it. You can't always pay someone enough money to fix a bug if it's closed source... and sometimes even if you could it would be outside even what the armed forces can afford. They don't actually need true "FOSS", but they do need a source license.

Re:Stop talking about "open Source"

[John+Hasler]

> 99% of military purchasing guys haven't done a code inspection of anything.

Why would purchasing guys be doing code inspections?

> Haven't you [ever written a patch for a binary]?

Yes. A tedious and error-prone process.

Re:Stop talking about "open Source"

[John+Hasler]

> Sure, they can pass the buck when the software breaks... but when the defense contractor
> has the source (and hires a competent enough software engineer (not too common)) then
> they can make the changes themselves.

Since the DoD has the source and a Free license to it, it can hire someone else to make the changes it needs even if the contractor goes out of business.

> This is what the person is talking about. It doesnt matter that a Chinaman makes the
> changes to the code, the DoD/military just needs to trust their vendors to authenticate
> and take responsibility for their software solutions, in house developed, FOSS or closed
> binary COTS.

With Free software they don't need to trust the vendors (though they may choose to do so for non-critical systems).

Re:Stop talking about "open Source"

[houghi]

It will get fixed? They are going to force the vendor? They and what army?

Oh wait.

Mmm. They have a lot of people with beards in Guantanamo. Could they be OSS developers?

Re:Stop talking about "open Source"

[Jonner]

Since I'm a US citizen and taxpayer, the military is supposed to be working for me. So, I do care if they do their job correctly and efficiently much more than some random corporation.

Re:Stop talking about "open Source"

[Fred_A]

Many licenses would *NOT* allow the military (or whoever) to legitimately use the code in their closed source apps. That's not all licenses, but there are ones that might legally force the military to release their modifications to the original source code. I can't believe some people *still* haven't figured out how those licences (GNU and GNU derived) work... As pointed out above, you have to redistribute the source of the stuff you distribute. Presumably the military wouldn't redistribute their stuff.

OTOH, I have seen a few licences that explicitely prohibited military use.

Re:Stop talking about "open Source"

Exactly. And when dealing with classified stuff, national security laws trump license conditions and copyright. Not to mention, even if there was infringement, no one outside of the group of people authorized to have access would know, and telling anyone (lawyer, court, etc) without a required security clearance would be illegal.

Re:Stop talking about "open Source"

[jotok]

Bullshit. I work for one of those vendors. It's a fantasy that the military jumps into our ass when we fail to fix an issue.

They jump into EDS's ass, and EDS flails around ineffectually while the vendors bicker. Eventually a massive and meaningless response, usually involving multiple powerpoints and 200-page word documents (it's a trick--pages 10-200 are "data" in a poorly formatted table) puts the slumbering giant back to sleep.

For this, I get a bonus.

Re:Stop talking about "open Source"

[palegray.net]

You and I are probably talking about different levels of severity when it comes to problems. Funny thing... I used to work for EDS, and now I'm active duty in the Navy (submarine community). I assure you, in the rare cases that major glitches that affect mission readiness are found in certain systems afloat, the vendor does fix their shit, and fast.

Re:Stop talking about "open Source"

[jotok]

Yah, but it depends on the criticality of the system.

I know some SPAWAR guys who work on GCCS. Something breaks, they're on the next plane. This is really not the case with any IT21 system.

In fact, I would suggest that there is such a radical difference between these kinds of systems that they don't even belong in the same conversation.

Re:Stop talking about "open Source"

[palegray.net]

In fact, I would suggest that there is such a radical difference between these kinds of systems that they don't even belong in the same conversation. On that point I have to agree with you. You know, it's kinda odd talking to somebody on Slashdot who actually has real world experience with this stuff. How'd you wind up doing DOD contract stuff? I'm not hard to find if you want to chat off-thread. Happy New Year!

Article confuses two different problems...

[MyNameIsFred]

The article confuses two different problems. One problem is redaction, the other is a network spill. The two are very different. Redaction is "editing problem," deleting classified material from a document to make it unclassified. In a network spill, classified information is accidentally put on an unclassified system. A spill is a much more complicated problem. You have to determine how many systems were "infected," and sanitize those systems. And sanitizing may require the destruction/confiscation of the system. You also have to determine whether anyone without a clearance had access to the material. And I would guess that the vast majority of the cost is labor, not software.

Re:Article confuses two different problems...

[palegray.net]

Mod parent up. It's a very good representation of how spills and such are dealt with.

Re:Article confuses two different problems...

[asdfghjklqwertyuiop]

You also have to determine whether anyone without a clearance had access to the material.

And what do they do in that case?

Re:Article confuses two different problems...

Give you a pre-paid ticket to Cuba offcourse :)

Re:Article confuses two different problems...

[rah1420]

You also have to determine whether anyone without a clearance had access to the material.

And what do they do in that case?

We could tell you, etc., etc., etc.

All seriousness aside, I'm sure that it depends on a number of things: the clearance that the spilled material had, the audience that was exposed, whether anyone actually did access it ("having" access is not the same as actually accessing it) among other things.

In any case, I would surmise that the reaction would be anything from a strong suggestion to forget and a recitation of the penalties for disclosure to something more energetic. I am only too glad that I don't even have the ability to get unauthorized access to such material.

Re:Article confuses two different problems...

[jellomizer]

The problem with Open Source and Government lies down to one thing. Who to blame I know, I know. If they had Microsoft products and there was a huge problem that is Microsoft fault they will blame them but nothing will happen. But it would come down to a Microsoft Problem not the employee problem. Thus keeping Open Source Away from Governments. Why do you think governments hire contractors, and still keep them even after a major screwup... It is not because the contracting company is doing shady businesses it is because the person who hired the contractor improperly managed them, or had them do something not recommended but having the contractor take the blame for the problem saved the guy his job. The problems with this case is not a technical problem that Open Source or Closed Source will be good at fixing. But if they had an Open Source App and there was a screw up the person who made the decision to install the app would be gone. Vs. A commercial app where the same problem may exist but being able to blame the company allows for deniability. The white papers told me that it could do this, it is the fault of the company. Thus saving their job. Unlike other sectors which reward you for what you do right, in government it is what you do wrong is what gets you fired. Think about it when there is a mistake in the government and it gets known some guy (usually some lower level manager) get fired, even if the fault was his the guy is probably the most experienced to fix the problem and assure it will never happen again. Sigh for a Christen majority country there is little understanding of forgiveness.

Re:Article confuses two different problems...

[digitalunity]

Software doesn't write itself, and integration is usually necessary anyway. Look at it another way.

With open source software, the user can choose from multiple vendors to provide integration and bugfix support, whereas with closed source you have the original author only. If that vendor goes out of business, you're SOL.

Re:Article confuses two different problems...

[jellomizer]

You are thinking logically not like a government employee...
Getting bug fixes and fast response time is good and fine. But when there is a problem who do you blame. If the company went out of business and there was a problem the blame would still go the problem perhaps some heat on why you didn't switch to a different company... But something similar can happen to Open Source Projects too. There are a lot of OSS projects that start get some good foot hold then suddenly just die, stopping all the support. And fixing others people code is different then writing new code which most government programmers are more qualified to do. But if they choose an open source project and it something failed. It is not why haven't you switched to the new Program (where they can normally show them a letter saying they do not have the funding for the switch) but all the blame will go to choosing the project and question will arrive why couldn't you go with X companies.
It is not about efficiency or quality it is all about saving your butt. The government has work very hard to make a system were all accountability is blurred so when something goes wrong there is a finger trail on who to blame for the problem and it usually stops at the person who has no one else to point to.

Why?

[el_chupanegre]

I don't think the military should use OSS. I get the whole argument about 'more eyes to look = less bugs' but that only works if you actually upgrade to a newer version that doesnt have the bugs. If I know you're running version 1.0 after 1.1 has come out, I can look at the differences in the code and work out exploits. Surely the military has some kind of long winded process for updating software, so it's quite likely that old versions will remain.

Also what's to stop someone poisoning the source as a popular OSS project did that was recently reported on here? (I'm too lazy to look up which one)

Re:Why?

[SCHecklerX]

You aren't giving the organizations in the military that work with this stuff enough credit. Hint: Your beloved internet started as a military research project. Now think how much farther they have come since then with stuff the private sector won't really see for quite some time (like all other applicable research that come out of the military).

Re:Why?

[hedwards]

It really isn't just the military, any organization with a huge staff, numerous computers spread across multiple continents is going to have a difficult time keeping things updated like that. To make things more complicated, some of the gear is out at sea, and serious issues the likes of which a corporation will never see can happen if things aren't interoperating the way that they're supposed to be.

The military in this sense has the same sorts of problems that a large hospital does, but multiplied by a huge number due to the sheer size of it.

When you think about it, it is rather remarkable they do as well as they do.

I'm not really sure why OSS is the answer to those problems, if it is that big of an issue, the taxpayers can just buy access to the source code for any of the applications. 11,000 per incident is nothing compared with the pallets of shrink wrapped $20s that have been outright lost in recent years. I think that as far as this subject goes, that there are more pressing places to save money.

Re:Why?

Such poisoning has occured a few times.

The reason isn't because of "more eyes", it's because THEY can fix it when it breaks, or hire someone too at least. Presumably they would use a vendor to do that shit for them, that's what companies like RedHat, and Sun are for. Those type of companies will happily back port port JUST security fixes to old systems if you are willing to pay them enough money. The bonus is... if/when they go under, you're not out of options if it's FOSS.
Even if they wanted to do it all themselves they could still go with software equivalent to Debian stable. Honestly, mission critical in the army doesn't mean anything more than mission critical in a large corporation. If you tell me that the Army cares more about any one helicopter crew than Amazon does about 5 minutes downtime over Christmas... I say you're full of shit. It would be nice if it worked that way, but it doesn't. No-one has better than 6 nines of uptime (6 nines ~40 minutes, 7 nines is ~4 minutes downtime per year), and the one's who do and care most sure as hell aren't the army. The one's who care most and know how to do it are already using mixes of FOSS and home-rolled solutions.

Re:Why?

[Repossessed]

Access to the source code may not be available in a significant way. (The Microsoft shared source deal seems a good example of this, since they don't allow you to modify the code).

Actually, the biggest thing with OSS to me, as far as the DoD is concerned anyway, is that you can change contractors if you have too. You have everything, if for any reason the people who maintain the software now have a problem, or just aren't getting things done, you can hire somebody else to maintain the code instead (okay, so that's nowhere near as easy as it sounds).

Certainly better than getting stuck running windows 98 because the company that made the database software you use went under, and the only way to get the information in them is with obsolete software. (And yes, this happened to my grandparents company).

Re:Why?

[Frank+T.+Lofaro+Jr.]

Agreed. I go by the 15 year rule. What we see today from the military, secret agencies, etc is what was cutting edge 15 years ago. So in 1992 they had then what we are seeing from them now. What they got now is what we'll be told about in 2022. In other words, WAY advanced.

FCS runs on Linux

The entire Future Combat System runs on RedHat Linux. The systems timeframe is a little lengthy, but it will be field tested in 2008. It certainly is based on Open Source technology, and it's going to be deployed service wide.

Re:FCS runs on Linux

[Frank+T.+Lofaro+Jr.]

All your base are belong to Linux!

Gives a whole new meaning to Linux pwns you.

Re:FCS runs on Linux

[malevolentjelly]

I believe they dumped that model due to horrible battlefield performance, etc. I am fairly certain they're switching to more high performance proprietary embedded. I won't explain why I know this.

Future Combat Systems

[samkass]

The entire "Future Combat Systems" of the US Army is based on SOSCoE, a virtual environment that currently runs on linux. It includes development environments for C/C++/Java, but not Microsoft or .NET (yet, anyway). I'm not sure where the meme came in that the DoD is anti-linux. They are certainly proportional in their linux market share as the rest of the world, I'd say.

Re:Future Combat Systems

[giminy]

No kidding. I worked at two DoD research labs between 2005 and 2007, and both were using GNU/Linux and *BSD quite extensively, both for research projects and for general IT stuff. I'd say that they use more Windows/Solaris than Linux/BSD, but commercially-supported and NIAP-Lab-vetted linux distros are relatively new in comparison to their commercial counterparts.

Re:Future Combat Systems

SOSCoE! OMG! Are you really using SOSCoE to prove your point? Or is your point that when SOSCoE is officially labeled as an official failure and the cause for many FCS failed projects, that OSS in Army systems will be a thing on the past.

For those that don't know SOSCoE is a closed source attempt (and failure) to allow application to actually talk to each other. ...your tax money being put to good use!

Re:Future Combat Systems

[c6gunner]

For those that don't know SOSCoE is a closed source attempt (and failure) to allow application to actually talk to each other. ...your tax money being put to good use!

Well, thank you for your input! After all, what better place is there to get reliable information about classified military systems than from an Anonymous Coward?

Re:Future Combat Systems

[samkass]

Yeah, I admit SOSCoE is not something to hold up as the epitome of success, but it is a huge example of how the Army is willing to base an entire generation of weaponry on a linux software base. I wasn't measuring success, just the DoD's willingness to use linux.

And SOSCoE's development model isn't open source, but it's as close as you're going to get in a secret environment, I think. All companies involved have to give all their source code to the prime contractor and is owned by the government, which is a lot different than how such contracts usually work (where the government is willing to license binaries without having any rights to the source.)

Re:Future Combat Systems

[stubob]

Non-AC (but not the GP AC). SOSCOE is not classified. Read all about it I can attest that SOSCOE is a really stupid idea. We're writing POJO (on JDK 1.4, no less) apps in stead of Webapps hosted in a container. Sigh. But look at the size of the contract that Boeing got to build a "virtual Operating System."

I think one point that's getting missed here is that most of the Workstations are migrating to XP (Vista by now?) away from Solaris, but most of the back-end processing is still big Solaris/Linux boxes AFAIK.

It's gonna be hard

[Plazmid]

It's gonna be hard to get the military to embrace open source. Heck, I've had trouble getting my girlfriend to embrace open source.

Re:It's gonna be hard

[wxjones]

Have you tried getting her drunk first? Oh, open SOURCE. Nevermind.

Re:It's gonna be hard

I got no problems with mine embracing open source, but now we are expecting a baby due in five months...

Re:It's gonna be hard

[bcdm]

I've heard that Valtrex is really good in helping clear up open source. Should do the trick for you.

I do not understand

[dbIII]

Haven't the US military been using Solaris with gnu tools since long before Slashdot and linux existed?

I'm in the Navy; my perspective on this.

[palegray.net]

The military is starting to use open source software in more ways than people on the outside may realize. MediaWiki is used in some interesting ways, as is a certain open source instant messaging platform. Without going into detail on things that are best not discussed outside classified environments, there are other large open source software projects that have made their way into the server room.

The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes. Another issue is the fact that in order to use anything new, the military winds up spending insane amounts of money on retraining personnel, restructuring documentation, testing in live combat environments, etc. Essentially, it's all the major problems of large corporate uptake of open source projects, with additional dependencies.

Things are slowly improving. The military uses what works, and for much of what we use in our infrastructure solutions developed on Microsoft platforms still work. That's not saying they're necessarily the best answer to a given technology need, but they're already in place and it will take some time for new ideas to get adopted.

Re:I'm in the Navy; my perspective on this.

[YrWrstNtmr]

I'm, (sort of) in the Air Force, and I concur. DoD uses a variety of systems. Apple, MS, Linux, Solaris, UNIX, etc, etc. Are we talking about Linux on everyones desktop? Not a chance. That would require a decade+ of investigation and deliberation. But for other areas, OS diversity abounds.

Re:I'm in the Navy; my perspective on this.

[spammeister]

I'm in a different Navy, but we work with the US. I'd have to say I'm happy that not everything we get "forced" to use is M$, but the training on said platforms is usually a ppt presentation, so good luck to us if the system craps out in some strange way whilst we're bobbing around in the middle of the Augie(sp?)!

Re:I'm in the Navy; my perspective on this.

[Bl4ckJ3sus]

Disclaimer- I am an Air Force contractor. We have many flavors of linux/unix running in our lab, IRIX/Redhat/Solaris etc... but the one thing that they all have in common is the fact that they are supported by a company. What everyone seems to be missing here is the fact that if something goes "horribly wrong," the government is going to be looking for someone to point the finger at and kick in the ass. We run a few open source applications, but only after they have gone through a pretty stringent code review. I agree that there is a learning curve for most personnel whenever a new product comes on line, but that's what they have us contractors for!

Open source is hardly excluded

[MikeRT]

Open source software is the only type of software that is often mostly made by foreigners that the DoD will use. Proprietary software that is owned by a foreign company cannot be used without extraordinary extenuating circumstances. Even if the whole development is done in America, the legal ownership by foreign nationals takes the proprietary software automatically off the approved software lists.

Re:Open source is hardly excluded

Foolish, though - most "american" closed software producers subcontract right back out to foreign nationals. Least with open source, third-party audit becomes easy. At the rate america is making enemies, you could hardly trust a european subcontractor to produce secure code for americans, never mind cheap indians+chinese.

Shure

[krischik]

The NAVI even created there own Ada compiler in open source (OK they had the NYU to help them). Today the compiler is part of the main GCC distribution.

Martin

arpanet and bsd

[trb]

both the arpanet (essential predecessor to the internet) and bsd unix (essential predecessor to linux) were open source projects funded in large part by darpa, which is the american military. so saying that the military doesn't embrace open source seems kind of wrong.

Excellent!

The hook is almost set.

Re:Excellent!

[wongaboo]

The nicest thing about NMCI might be that it scares the Navy/Marine Corps off of all commercial software solutions. The system is incredibly dysfunctional and expensive. Moving a computer from one user to another or from one side of the room to the other usually costs several hundred dollars and weeks of delay. Moving a whole unit is a nightmare. Most software will not work on the network and users seem to devote themselves mostly to hacking printers and external drives onto the system because that is the only way they can get their work done. Open source software encourages the user to solve problems. If you know how to fix it, do so. If the Marine Corps/Navy adopted this concept (as opposed to just some open source software, rigidly controlled) it would be a perfect about face from the NMCI system where you have no access of any kind to your own machine and neither does the S-6 shop (the computer shop) in your unit. Instead you have to rely on some under trained and, in any case, unavailable, tech located on the other side of the world. We are literally ceding an advantage to our enemy with NMCI and Open Source (which in many ways had it's birth in DARPA) is the perfect solution to this strategic disaster.

Re:Excellent!

I will freely admit that EDS is a miserable company, and that the people working on the NMCI project are for the most part complete morons, but what you're complaining about has less to do with EDS and more to do with what the government wanted in the NMCI contract. The Navy/Marine Corps and EDS have to agree on how service is provided. I'm going to take a second here to help you understand things. (Because someone might believe you, and the Marine Times article was complete BS).

Most software will not work on the network It's not that it doesn't work, it's that it isn't available to be installed with the software distro system. Which is probably because of the lengthy approval/packaging process or the cost involved.

and users seem to devote themselves mostly to hacking printers and external drives onto the system Hacking? Seriously? If a user doesn't have the permission to do these things, then there's a problem. Believe it or not, you can get help for that.

the NMCI system where you have no access of any kind to your own machine and neither does the S-6 shop (the computer shop) in your unit. Which planet do you live on again? Are you actually advocating that users be given local administrative rights to the machines they use? Eventually you will learn how wrong that is. I will also point out the S-6 is Communications, and that the S-6 is not authorized to work on NMCI systems while in garrison.

tech located on the other side of the world As if the government would allow an NMCI call center in a foreign nation!

Sure, there's a lot of things NMCI sucks at, but you need to pick your battles. And you think EDS wanted a lot for this contract? Do you even know what IBM bid?

Re:Excellent!

First, I should say that I have seen many S-6 shops manned by radio operators, so it may not be a good idea to give them all Admin rights, nor should regular users have such access. Although, I will agree that some S-6 ISC's should be granted at least some rights. That would be nice, but the way the service level agreements are structured, it can't happen. To meet each of its SLAs for trouble tickets, EDS must resolve a certain percentage of these tickets within a window of time. If there are independent ISCs (information systems coordinators) who resolve the more simple issues, that will make what might be considered industry-standard SLAs impossible for EDS to meet. Which in turn means EDS may not be able to bill 100%.

NMCI was intended to be a cost-cutting initiative, and it is expensive to keep trained people on-site. While the military still has many trained personnel for deployments, the billing issue prevents them from assisting users while in garrison. Also, if keeping technicians closer to the users is something the government needs, they should be paying EDS to do this. It shouldn't be up to the sailors and Marines to make up for the deficiencies of the contract.

DoD proponents of shared-source projects...

[John+Hasler]

Didn't you mean to write "open-source"?

Not that hard

[AnswerIs42]

NASA World Wind is open source and is uses by the DoD and other governmental groups.

Refer them to the NSA

[Bill,+Shooter+of+Bul]

They've kicked the linux tires a time or two. Secured it a bit.

"Convincing"?

[Courageous]

I work as an integrator and inserter of technology into military organizations.

Hence, I can say with some authority that they are, for the most part, Talready convinced. To best characterize them, it would be: "interested, but cautious". "Convinced, but careful". They want to save money, believe that open source can be good, but have certain matters of due dilligence that they need to attend to.

There remain "paperwork" issues of getting open source into SCIFs, particularly when the provenance of the open source is questionable. Not all open source is born equal, you know. Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).

BTW, there is a new DoD directive that has been issued, ordering all defense procurement to include an assessment of open source products as an alternative to proprietary software. How is this "not convinced"?

C//

Re:"Convincing"?

[Tony+Hoyle]

A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info.

He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.. a free project with a few hundred authors isn't going to have the current contact details (or even full names in some cases) of all of them - we have the exact time and date of the change, but only because version control tells us.

Re:"Convincing"?

[Courageous]

A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info. He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.

Don't take this wrong, but honestly, it sounds like some people working for the military could use a little education, also. For something simple, like a 3 line bug fix, all it takes is a third party (*cough*, your company) to review the code and pronounce it "good". I'm overstating here, a little, but truthfully: not by much.

This is the same thing done by Red Hat. They are stakeholding the open source they integrate and distribute. I.e., the government accepts the provenance of RH's software, in one fell swoop, as Red Hat's. That's how it gets in. Truly.

If you want to be a good integrator for the government, then you can easily stakehold the open source you integrate (and distribute to your military customer) as well.

Mind you, I understand that the military contractors are having as much trouble navigating through the open source community as the military itself is. Keep in mind, that while this is true it represents an opportunity for both you and the company you work for to excel.

Luck and progress,

C//

Re:"Convincing"?

Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).

If you'd agree that the code being open makes it inherently less risky, you'd be wrong.

Open-ness doesn't magically reduce the risk - the thousand eyes mitigation only works if there are indeed many eyes reviewing the code. A license and a link on a website does not guarantee that - a vibrant and diverse community could, though.

What being "open" does provide (risk-wise) is a better-known risk (what is the history of the code, who vouches for it?), a clear way to mitigate the risk (verify the sources and, if you must, hire trusted people to review and certify the code), and the potential community support.

These are very powerful benefits - but I cringe whenever someone repeats the truism that open-source == more-secure, and open-source == trusted. If I didn't know better about open source, it would be the kind of thing that would make me skeptical about the whole concept.

Re:"Convincing"?

[Courageous]

You could have a nice discussion if you didn't post AC. WTF?

Re:"Convincing"?

[Frank+T.+Lofaro+Jr.]

Have someone trusted investigate the fix, the bug and what it does and see if that fix is appropriate, if not, write a better one.

Then you have a trusted source for the fix.

if the DoD is anything like the military I work in

[spammeister]

Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on
My Linux knowledge is practically nil, and I'm the "expert" in my unit.

Open Source or shared source?

[Russ+Nelson]

Is the article summary talking about Open Source or Microsoft's Shared Source? They're Not At All the same thing.

whoops (used a "less than" symbol)

[spammeister]

Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on less than 1% of computers that I have come in contact with. It's just too easy to keep the "status quo" going then to have to train the front line administrators in more than one OS (2000 and XP is difficult enough), let alone more than one office suite. When a data spill happens, (more often than not it's a computer error, rather than human error) I have yet to see an entire computer confiscated (although I'm sure it's happened). If anything the offending hard drive would be confiscated or *gasp* in a pinch we'd probably just slap a secret sticker on it to save time. Good thing I work for a country with not so many super duper secrets like the US, or even a budget worth 1/50th of the DoD, any orginization that large would be a major pain in the arse.

My Linux knowledge is practically nil, and I'm the "expert" in my unit.

The military uses plenty of open source stuff

Just not on the desktop. What do you think they are using to monitor intrusions, and for their high performance clusters at research facilities? Do you really think that the organization responsible for giving us TCP/IP would abandon their ability to easily continue their research?

No thanks

[AxelBoldt]

Personally I would prefer if my contributions to Linux would not be used to help wage an illegal war of aggression against a country that never attacked nor even threatened the U.S.

Re:No thanks

[idiotnot]

Then stop contributing to GPL projects. The license allows users to do whatever they want with it, to whatever purpose.

Re:No thanks

[the+linux+geek]

Judging by parent's User ID, I'm going to karma hell for this, but too damn bad.

When you insert code into something like the Linux kernel, you agree that from that moment on, it is licensed under GPL version 2. That does not mean you have the luxury of deciding who uses it, despite your little political foibles on that topic. "Free software" means exactly that - if the United States Armed Forces opt to use the software, then they have every right to use it. It is no longer in your control.

On another note, why should you object to having the military using code you've written? You're failing to understand that the men in uniform are under a binding contract, and that they are sacrificing every day to defend their nation. The US Military does not create policy, civilian politicians do - the military is just a tool of policy. They need all the tools at their disposal to do their job of keeping the United States safe, however that job is defined by the politicians.

Re:No thanks

On another note, why should you object to having the military using code you've written? You're failing to understand that the men in uniform are under a binding contract, and that they are sacrificing every day to defend their nation. Firstly, they're not all "men". Some are women! Secondly, he's not talking about the ones "defending their nation", he's talking about the ones "waging an illegal war of aggression against a country that never attacked nor even threatened the U.S."

The US Military does not create policy, civilian politicians do - the military is just a tool of policy. They need all the tools at their disposal to do their job of keeping the United States safe, however that job is defined by the politicians. What about their job of blowing the crap out of Iraq? Should people be allowed to have opinions about that? Does blowing up Iraqis really "keep the United States safe"? If so, how?

Re:No thanks

Your post provides a very good reason to allow non-US militaries access to open source code, but it fails to provide any compelling reason to forbid all militaries. Some soldiers really are just fighting to defend their countries.

I'm all for forbidding US military and corporate access to various software designed to help people. (I'd even extend it further and say that I'd support an open source license forbidding use by any US citizen until the US decides to play fair with the world. If we're allowed to ban entire ISPs because some customers are spammers, why not ban entire countries? Especially supposedly democratic nations, where the pressure might force actual change.)

But please, don't paint every military as being just like the US. Most of the world is non-US, and doesn't deserve to be treated like them.

Re:No thanks

[Revotron]

I'll tell you what... Why don't you go to your local military base and say that to a soldier's face?

Judging by your tone of voice, you obviously don't understand that there are millions and millions of men and women who have sacrificed themselves so you can speak those very words of hatred for their cause. So, because they have signed their life away to defend you and your family, you are going to deny them the tools that could very well save their lives, and yours in the process, because you take issue with the politicians on Capitol Hill?

And since when did a country need to threaten the US in order for there to be justification of a war? The US is suddenly forbidden from coming to the defense of other nations? I'm sure the Kurds would love to speak with you - well, those that survived the gas attacks, that is.

Fuck politics, you can believe whatever you want to (by the way, thank a soldier for that), but the one thing you do not do is speak ill of a man who would die for you and your family.

There goes my karma, but it was worth it.

Re:No thanks

[c6gunner]

You've got a great point! In fact, let's take it a bit further. Why should we do ANYTHING to help the military? I say you start a campaign of civil disobedience aimed at destroying the US military's ability to wage any sort of warfare whatsoever. Don't stop until they're down to using shoelaces and plastic forks. I'm sure this will make the entire world a much safer place, and you'll have PLENTY of time to rebuild the military once foreign troops start rolling over your borders! Plus I'm sure it won't affect your global standing or your quality of life in the slightest! Yep, clearly we could achieve a true utopia if only we could disarm the US military!

Re:No thanks

[Rakshasa+Taisab]

So are you saying that keeping the military in a state where it must funnel money to corporate interests is a _good_ thing?

If the military stopped using MS software all together, it would remove Microsoft as an entity who would gain by increased military expenditure. Thank you for promoting the military-industrial complex.

Re:No thanks

[houghi]

It could be that the person is against those policies and/or against the actions taken to defend/enforce those policies.
It could be that the person is against military alltogether.

As a sidenote: your excuse you are giving the military is very close to "An order is an order." and that does not work since a very long time.

Re:No thanks

[Jonner]

Really? Exactly how long ago did the excuse stop working? Besides, I doubt most decisions about what software to use in the military have anything to do with policy. A soldier might refuse an order to kill civilians because he thinks it's immoral. A general might even refuse to order an invasion because he believes it's illegal or immoral. But under what circumstances would someone in the military choose a proprietary application instead of a Free one on moral grounds? If he simply wants to sabotage the effectiveness of the military, there are probably much easier ways.

Re:No thanks

[K.+S.+Kyosuke]

You must be new here. Otherwise you would know that the port of Linux to sharks with lasers is making good progress already.

Re:No thanks

I'll tell you what... Why don't you go to your local military base and say that to a soldier's face? Judging by your tone of voice, you obviously don't understand that there are millions and millions of men and women who have sacrificed themselves so you can speak those very words of hatred for their cause.

So you're saying that soldiers sacrificed themselves to give him freedom of speech, so therefore, he should never use that freedom of speech to say anything that you think those soldiers might not agree with? Or in other words, he has the right to free speech, as long as he's not dumb enough to actually exercise that right.

In fact, it's you who is reducing the value of the sacrifice of the brave soldiers who went before. They fought to give him freedom of speech. No matter what he says. Freedom! It's not "freedom of speech" to only say things that you assume that some group of people will agree with. Even if the group of people is the soldiers who fought for the freedom.

I was a soldier. I served to protect people's right to speak freely about whatever they want, not just to say things I agree with. I wanted to protect people's right to do whatever they want, not to be told exactly what to do and how to think. If all you want is for people to do whatever they're told, say whatever they are told is acceptable, indeed, to think in ways that are considered acceptable, then we may as well put everybody in the Army where that is what happens.

I prefer freedom for everybody. Let every individual decide what to say, what to think, what to do.

Re:No thanks

Really? Exactly how long ago did the excuse stop working?

If you mean the excuse of "I was only following orders", it stopped working when they tried using it at the Nuremberg war crimes trials after World War Two. You can get some more information at Wikipedia's page about the Nuremberg Defence.

Re:No thanks

[jtev]

That is only not an excuse if the action is against the rules of warfare. If a military superior gives a soldier an order, unless that order is illegal, under the laws of the military the soldier is in, or the international rules of warfare his country has agreed to, the soldier has a responsibility to follow those orders. Failure to do so can have severe consequences, up to and including execution for mutiny. So, if it's only a moral issue, then it is the job of the soldier to shut up and soldier.

Re:No thanks

[Jonner]

I am aware of the Nuremberg trials, but the principle applied there was that following orders is not an excuse for committing war crimes. It was not decided that members of militaries are always responsible for harm resulting from orders they followed. Obviously, that would put soldiers in a precarious legal position since they're often ordered to kill people and blow stuff up.

Re:No thanks

[Revotron]

If you give me a bat, and I break it over your head, would you give me another bat? If you have any shred of common sense, no, you wouldn't.

How many people do you think would want to fight for your freedom, if the first thing you do with it is stab them in the back? How many people do you think would die for you if you're so vehemently opposed to the cause that they are fighting for?

This isn't about freedom of speech, it is about human decency. Freedom of speech is wonderful, but if one has any shred of decency, one will at least show some form of respect for those who sacrifice their lives to defend the very freedoms that allow you to spit in their face.

Depends on the Branch of Service

[stewbacca]

The Air Force is hell bent on lining the pockets of Dell and Microsoft, with their stupid, COTS (commercial-off-the-shelf) procurement requirements.

The Army and Marines use a lot of Linux. My company sells software to mostly the Army, and we have lots of Linux developers for a couple of Linux only intel software apps.

The NSA (and all the branches of service that work in/for it) uses a heavy mix of UNIX and Windows (and the largest chunk of Mac OS X of any gov't agency I know of).

Bascially, each branch operates in a fishbowl, separate from each other, so it is hard to generalize the Department of Defense's computer uses.

Who cares if the military uses OSS?

Who cares if the military uses open source software? With projects actually forbidding military use, it seems clear that socially responsible Free Software advocates are locking out the military.

I know that I wouldn't want my work to be used by the US military. The only good argument for allowing the US military access to open source is that they might spend money on it, but that hasn't been my experience. They're more than willing to use it since it's free, but unwilling to pay anyone except some US contractor to support it.

So let the US military keep their blood money. Real Free Software can survive without it.

Use open source or die

[heroine]

With the most advanced inertial navigation software, image sensors, microprocessors being developed in other countries, they have to use open source and download it from other countries just to survive.

Re:Use open source or die

If you say *fabbed* in other countries, you might have a point. But they're still designed by Intel, Sun, etc, which are very much American companies headquartered in the USA.

Re:Use open source or die

[c6gunner]

With the most advanced inertial navigation software, image sensors, microprocessors being developed in other countries, they have to use open source and download it from other countries just to survive.

Sure, technically speaking, Intel's newest line of processors was developed and fabricated in Israel. Has this lead to all users of intel processors switching to OSS?

As an AC already pointed out, most of the development is being done by American companies, they're just outsourcing the research, development, or manufacturing to other nations. Wake me up when a company called Advanced Tehran Electronics is presenting any sort of market threat to American companies.

See? Open source is good!

[Prysorra]

We can stop errors like....uh...this.

NMCI not a great example

[HangingChad]

It's a waste of time pitching the Navy anything. NMCI outsourced their entire network infrastructure to EDS. A monumental cesspool of pork barrel contracting that puts Haliburton's Iraq contracts to shame. There are hurdles and endless reviews for getting any piece of software approved for use on Navy or Marine networks. And between SPAWAR and EDS they're busy trying to squeeze out what little internal development is left in the Navy and move everything to the giant hosted service architecture. The very people most likely to use and promote any type of open source software or a project built on open standards are the ones jumping ship and going elsewhere.

You can waste your time trying to educate DoD if you want but it's maddeningly frustrating. They'll listen and understand, then go off and do something entirely different. Which is a shame because the military is an organization that would benefit the most from an open, flexible infrastructure. One that could scale on demand, integrate disparate information sources and is reliable on legacy hardware. You would think with the massive paperwork hassles of buying anything through the government, the military would pounce on technology that let them side-step the entire procurement process and load it when you need it.

It would all be funny if it wasn't billions of your tax dollars going down the crapper.

Re:NMCI not a great example

[Max+Threshold]

Not like NMCI was doing any better themselves. I had to explain to one of their so-called "admins" how to change file permissions on a Windows NT box.

good in theory...

[Butisol]

What's the point of working your way up to General if you can't go into semi-retirement at a corporation selling software using your military connections?

Re:good in theory...

[Yehooti]

Painful point, but I think that's true in the hardware world as well.

*nix and Windows

[Agarax]

On Navy ships workstations are Windows 2000 for office work and for Sailors to email home (everyone has a UNCLAS account).

The more specialized gear (Aegis, and various consoles) are usually Unix or Linux, depending on the piece of gear and the Aegis baseline.

A few pieces of gear run on Windows variants, the Navigation gear (Voyage Management System) the most notable. I think it is a civilian product the military uses.

From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot.

Not to mention that hardware and software varies greatly from ship to ship. A Aegis tech from the original Arleigh Burke destroyer would be hard pressed to trouble shoot a system from the latest variant of that class of ship, if he was able to accomplish it at all.

Navy enlisted techs are usually sent to a specific school for a certain piece of gear to help alleviate this problem, though it complicates the Navy's already dire manning problems as certain pieces of gear may only be on a few ships. It is no wonder that civilians do so much these days.

Just my two cents.

Re:*nix and Windows

[TW+Atwater]

"Mac users are equally divided between elitist bastards and f@#%ing morons."

Probably true. Windows (l)users, however, run closer to 10% wannabe elitist bastards and 90% f@#%ing morons

Re:*nix and Windows

[G3ckoG33k]

"From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot."

Ok, my initial lead wasn't as clear as I had thought.

-

.

From a 1998 article ( http://www.gcn.com/print/17_17/33727-1.html )

Atlantic Fleet officials acknowledged that the Yorktown last September experienced what they termed "an engineering local area network casualty," but denied that the ship's systems failure lasted as long as DiGiorgio said. The Yorktown was dead in the water for about two hours and 45 minutes, fleet officials said, and did not have to be towed in.

"This is the only time this casualty has occurred and the only propulsion casualty involved with the control system since May 2, 1997, when software configuration was frozen," Vice Adm. Henry Giffin, commander of the Atlantic Fleet's Naval Surface Force, reported in an Oct. 24, 1997, memorandum.

Giffin wrote the memo to describe "what really happened in hope of clearing the scuttlebutt" surrounding the incident, he noted.

The Yorktown lost control of its propulsion system because its computers were unable to divide by the number zero, the memo said. The Yorktown's Standard Monitoring Control System administrator entered zero into the data field for the Remote Data Base Manager program. That caused the database to overflow and crash all LAN consoles and miniature remote terminal units, the memo said.

The program administrators are trained to bypass a bad data field and change the value if such a problem occurs again, Atlantic Fleet officials said.

But "the Yorktown's failure in September 1997 was not as simple as reported," DiGiorgio said.

"If you understand computers, you know that a computer normally is immune to the character of the data it processes," he wrote in the June U.S. Naval Institute's Proceedings Magazine. "Your $2.95 calculator, for example, gives you a zero when you try to divide a number by zero, and does not stop executing the next set of instructions. It seems that the computers on the Yorktown were not designed to tolerate such a simple failure."

The Navy reduced the Yorktown crew by 10 percent and saved more than $2.8 million a year using the computers. The ship uses dual 200-MHz Pentium Pros from Intergraph Corp. of Huntsville, Ala. The PCs and server run NT 4.0 over a high-speed, fiber-optic LAN.

Despite the USS Yorktown's setbacks, the Navy plans to use Smart Ship technology on other classes of ships.

[...]

But according to DiGiorgio, who in an interview said he has serviced automated control systems on Navy ships for the past 26 years, the NT operating system is the source of the Yorktown's computer problems.

NT applications aboard the Yorktown provide damage control, run the ship's control center on the bridge, monitor the engines and navigate the ship when under way.

"Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor," DiGiorgio said.

Pacific and Atlantic fleets in March 1997 selected NT 4.0 as the standard OS for both networks and PCs as part of the Navy's Information Technology for the 21st Century initiative. Current guidance approved by the Navy's chief information officer calls for all new applications to run under NT.

OSS doesn't meet quality standards

[timmarhy]

The fact is that most OSS projects are ill suited to the corperate and government environment.

OSS focuses on the latest and greatest features, government doesn't, they want tested and proven versions. OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

I know the linux fanboys here will go batshit crazy over this, and i guess the truth stings.

the ONLY situation i can see OSS being any advantage to the DoD is if they hired the developers of an OSS project they are interested in to maintain a fork of the software for them.

Re:OSS doesn't meet quality standards

[greg1104]

The fact is that most OSS projects are ill suited to the corperate and government environment.

At least my open-source web browser warns me when I misspell "corporate" while trolling.

OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

Yeah, it's a shame the copies of RHEL5 I deployed earlier this year will only be supported until 2014. Barely any time at all to test them.

Re:OSS doesn't meet quality standards

[timmarhy]

"Yeah, it's a shame the copies of RHEL5 I deployed earlier this year "

all you did was prove my point dumby. READ AGAIN - i said the only situation where OSS will work is when you pay developers to maintain it for you, which is what a RHEL support agreement is.

essentially DoD need to do a cost/benefit and make up their minds if paying dev's vs purchasing a product makes sense.

Ridiculous

[Ironpoint]

It is ridiculous to suggest that the military is concerned about cost or spending. The taxpayer pays the bill, and the bill can grow to whatever is politically possible. Why would a department choose open source when a few well connected companies stand to make hundreds of millions selling closed source solutions. The primary role of the military in US society is to funnel tax money and reward political power and connection. A large percent of military spending is for parts that are scrapped months before they are even delivered. They go from the factory to the dump.

The navy doesn't care how much it costs because, in the end, you will pay. The navy will never go bankrupt no matter how much they spend.

Re:Ridiculous

[timmarhy]

nonsense

They have a budge like anyone else, and their purpose is very clear, to protect america's waters and interests abroad.

I suppose you probably think the government can't go broke because they can print more money to?

Re:Ridiculous

[Entropius]

They have a bloated budget, getting anything they ask for from Congress (since we have to support the troops, right?) and the purpose of people at Boeing et al. working on military "R&D" isn't to develop equipment to "protect America's waters and interests abroad"; it's to get themselves more contracts. This after all is what the stockholders want, right?

I live in a military contracting town, and have first-hand knowledge of people not really caring whether or not anything works or is militarily useful as long as the money keeps coming.

Hint: the government IS broke, and it's because of irresponsible spending on the military, started by Reagan, slowed by Clinton, and then increased again by Bush II.

Re:Ridiculous

[timmarhy]

err companys that are after contracts to build things for the navy don't care, thank you captain obvious.

I was refering to the navy itself which does the purchasing. it's up to them to spend wisely (which they don't do, no debate from me there)

Re:Ridiculous

[Ironpoint]

nonsense

They have a budge like anyone else, and their purpose is very clear, to protect america's waters and interests abroad. I can see by your tone that the only appropriate response is "lol". Did you read that off a brochure? I'm not going to debate a talking points memo. Of course they have a budget, that's not at issue. Just because an organization has a budget doesn't imply that they are concerned with cost. Even the most lavish parties have a budget.

I suppose you probably think the government can't go broke because they can print more money to? The government can't go broke because their buying power is not measured in dollars.

Re:Ridiculous

[c6gunner]

I can see by your tone that the only appropriate response is "lol". Did you read that off a brochure?

As opposed to what? A "Stop Amerikkkan Imperiali$m" placard being carried by a guy smoking a massive blunt and wearing a "FUCK YOU!!" shirt?

You've got absolutely no business criticizing anyone else's opinions when it's so painfully clear that you've been brainwashed past any semblance of rationality.

Just because an organization has a budget doesn't imply that they are concerned with cost. Even the most lavish parties have a budget.

And even the most lavish parties are concerned with cost. It all depends on what the set limit is.

The government can't go broke because their buying power is not measured in dollars.

You may wish to read up on the history of the USSR.

Re:Ridiculous

[Ironpoint]

As opposed to what? A "Stop Amerikkkan Imperiali$m" placard being carried by a guy smoking a massive blunt and wearing a "FUCK YOU!!" shirt? No, because that would read "Stop Amerikkkan Imperiali$m", which isn't what you wrote.

You've got absolutely no business criticizing anyone else's opinions when it's so painfully clear that you've been brainwashed past any semblance of rationality." I'm being very rational and I'll criticize whomever I want. When someone calls my ideas 'nonsense', I expect them to back it up with some sort of argument.

You offered an opinion. You said my post is 'nonsense'. You offer two very basic simple facts. 1. The navy has a budget 2. The navy's job is to defend the coast and nation's interests. These, of course, don't have anything to do with my argument, that the navy doesn't care about costs. Your post is so far out in left field that is seems you are just repeating something you heard. For instance, in the early 00's it seemed every service member one talked to was transfixed on parroting the 'new kind of war' theme. When you say "their purpose is very clear, to protect america's waters and interests abroad", you sound like a commercial without supporting your "nonsense" argument.

As for being brainwashed, maybe you want to throw in some "make no mistake"'s with your use of "very clear".

Windows is the kids menu

[symbolset]

It doesn't sting. It reminds me of my boy when he was 8 years old. We would take him out to nice restaurants where we could get decent food. No matter what was available he wanted the same boring things: chicken nuggets, grilled cheese, cheeseburger.

I encouraged him to try new things but it's pointless to push it because there's something in the human condition that makes us think any unfamiliar food is toxic.

So be it. Enjoy your kid's meal. I'll be over here with the diverse selection of culinary creations from all the world's cultures. Thanks.

Re:Windows is the kids menu

[timmarhy]

WTF does chicken nuggets and your kid being a spoilt brat have to do with anything I said?

can you be more abstract? I think maybe there's a japanese conceptual artist out there that thinks your analogy is good, everyone else thinks it's dumb.

Its ok, we are cost plus

I was on a team building a system meant to run in a classified/secret environment. The main barrier to using open source was the NIAP certification/scam.

Anything running in a classified environment must be NIAP certified. NIAP certification requires deep pockets and long timelines. Open Source software packages don't have the funding to get the certification and the government won't budge.

We wanted to use Ubuntu, but it's not certified, gotta shell out for Redhat licenses. Wanted to go use iptables/snort, nope sorry buy this intusion detection system thats more expensive than a new mercedes. The examples of this went on and on.

Overall I would say we shelled out more than 2 million dollars in proprietary closed source software that had equivalent or better free open source competitors. But its all cost plus anyway so the defense contractor is happy, the govt can check off its checklist so they're happy, and big software co. has a big stable customer. Everyone's happy, unless you pay taxes of course.

Re:Its ok, we are cost plus

[p0tat03]

You are appalled at this process in the military, I am glad. This isn't some tiny server farm you're running for kicks - when your systems are compromised or fail outright, people die. I for one am glad that there are certification processes in place to ensure that the code we are running in mission critical systems is SECURE. Sure, we have a *reasonable* expectation that Ubuntu is technically sound, won't go kaput at a moment's notice, and doesn't contain any Chinese communist espionage code... but we don't KNOW that. The security of a nation is not run on hunches and educated guesses.

Re:Its ok, we are cost plus

You are sure that RedHat doesn't contain chinese espionage code?

Note that Windows XP and Windows 2000 obtained NIAP certification. The process isn't about security. The governement does not have a crack team of real security experts checking this stuff out. It is about money.

Nooo!

You want to get blood on Tux's flippers?

Add this to the GPL : "Software licensed under the GPL may not be used for war"

Re:Nooo!

Go to hell. People die for you.

Actually, yes

It was called a virus. Mmmmmm. Good.

Strange.....

[Joce640k]

Every military project I've ever worked on has demanded a copy of all source code "for security reasons" - to make sure I wasn't slipping anything extra in there.

Accountability and maintenance is the issue

[Xanthvar]

Accountability and maintenance is the issue that keeps US DoD from adopting open source for the most part.

As far as the article goes, I don't truly see open source as making an impact on network spills.

MyNameIsFred was right on, in his labor assessment.

Most of the network spills that I have been involved with cleaning up, are due to human error, who are generally writing a report, and inadvertently include some information that is of a higher classification. They then, publish this, or email it to everyone under the sun, and it is mostly manpower that is spent on trying to track down who got it, and what they did with it, and how to get the horses back in the bar after the fact. Education is the issue there, not technology.

As far as redaction goes, I don't know, I've never been involved with that, so I don't feel I can speak on the subject.

Accountability: DoD doesn't trust most open source programing, as they do not know who did the actual coding. It could have been an American or an allied nation, who is friendly to the US, or they could be from a country that is not as friendly. With closed source programing the idea (though not necessarily the reality) is that they can require that only US citizens or allied nations do the work, thus preventing a foreign national from an unfriendly nation from putting in some sort of back door that could be used to exploit the system... (again, the reality is that code is often outsourced and there is nothing from keeping a US citizen from putting exploitable code into the system, but again, this is the intent, not reality).

"But, if you have the source code, you can check it yourself, to make sure there are no back doors!" -- this is a great argument, but it isn't really practical. Who would do this work? There just isn't enough manpower for this task. Personally, I think this could be the biggest strength of open source code, used in a defense environment. You take a product, customize it to your missions needs, then sign and hash it to verify that it hasn't been tampered, and require that only that version of the code is used. Releasing this code to the public generally isn't that big a deal, as if a new feature is added, it probably needs it, but most likely, features would be removed, making the product simpler. IRC clients that certain commands insist on using, irregardless to the security threat they provide is a great example (Yes, it is on a secure network, but that doesn't mean you shouldn't insist on all applications following best practices).

Until DoD starts doing something like this on a large scale basis, the argument that some evil foreign power COULD have put something bad into the code, is going to carry a lot of weight. And everyone in DoD knows what foreign powers are most likely do so... after all, you would have to be stupid not to try and do the same thing if you could!

Maintenance: This is the other big issue DoD has with open source. If there is an issue with the program, we may need to talk to someone to fix it. Also, we need to make sure that if it is going to take 5 years to get it implemented, that it will be supported when we finally get to use it in production.

"But, you can get maintenance on Red Hat or (insert names of product or company here)!" -- this argument is heard all the time, but just because you can get product support, doesn't mean that it is going to be around long enough. Thunderbird is about the only example I can think of to back this up (and it is probably not a good example, but you know what I mean). The open source project could be abandon at any time due to the main developer getting tired of it, or perishing, or going to jail for murder or whatever. Now, this can also apply with any closed source, commercial product, as well, where the company goes under, or gets bought out, etc... but again, this is the an argument that carries a lot of weight in DoD. This is why they generally choose to use MS or Unix, they are pretty sure that it will be around

New THAAD & Zumwalt destroyers use Linux

[EraserMouseMan]

http://www.lynuxworks.com/solutions/milaero/in-action/ddx.php

http://www.spacewar.com/reports/Concurrents_Redhawk_Linux_Selected_For_THAAD_Missile_Defense_Program.html

The military is already embracing real-time linux distros. . .

Hold on now :)

[link5280]

The military does use open source software and they are extremely knowledgeable about it, so the premise of this article is flawed. However, most desktop (office) computers within DoD are Windows and Office based, the military likes interoperability for day to day communications. However, mission or weapon systems vary widely; I have seen VMS, Unix, Linux, Windows, OS/2, etc... used. These systems, depending on use, are typically in a standalone or closed network configuration. Closed networks, particularly those that are classified, are encrypted. So in order to take advantage of a software flaw one must first break the encryption or gain physical access to the system, unlikely. There is always the internal threat, but that is why DoD issues security clearances and controls physical access to systems. Also the military will not arbitrarily patch their software, especially on mission systems. They must test the patch and ensure it doesn't affect mission critical software, this doesn't happen overnight. If a patch is available in less than 24 hours from when a major flawed is discovered it doesn't necessarily benefit the military.

thei iz alredi yoozing it

[rice_burners_suck]

Yoo dont haf too convins tha milateri too yooz owpen sors softwer. Thei iz alredi yoozing it.

Re:thei iz alredi yoozing it

[Tastecicles]

ur sp33lchukkers b0rken. Liek mi txtspk trnsl8r.

Comment removed

[account_deleted]

Comment removed based on user account deletion

One project I know threw out MS Office..

There's a specific system in use which uses higher classified data. Because MS was unwilling to sumbit source code to eval without trying to screw the max out of the military they were told to take a hike and the application installed was Openoffice.

Needless to say that numerous claims of "incompatibility" had to be fought by the team that took the only responsible decision (they didn't have the sway to lose Windows as base OS altogether because the supplier didn't have any other dev tools - same argument why consultancies keep recommending Windows).

If you really, really care about security you must be either incompetent, insane, or bought to suggest the use of MS originated software. This is not because they don't try (these days), but you're dealing with *very* bad fundamentals..

Difference

[jawahar]

Open source software promotes Competition Closed source software promotes Collusion.

You sir, are an idiot. Or a shill.

[CarpetShark]

make it sound like Open Source software is somehow different. It's all just software.

That's like saying murderers and humanitarians are all just people. It's true if you exclude lots of factors, but in the wider sense of contribution to society, it's complete BS.

Re:You sir, are an idiot. Or a shill.

[91degrees]

That's like saying murderers and humanitarians are all just people

They both work as well as organ donors.

There is a lot of philosophy about whether Open Source is in itself good for society. Really though, this shouldn't affect government buying decisions any more than someone's political opinions affect whether they should be hired.

Approved Software

[jrsjrsjrs]

Is there any public list of what software is already approved?

Re:if the DoD is anything like the military I work

[Ivecowarrior]

I know for a fact that some of the major decision makers in the UK MoD (my little brother is one of them) know just enough about open source to be dangerous.
He knows that the source code is fully in the open. He knows that the projects invariably are a sum of contributions from all over the planet by programmers who have never met each other...
BUT
until I put him straight, he seriously believed that open source projects - even the major ones like the linux kernel itself - where contributed to in a free-for-all wiki arrangement with no overseer at all.

This is a misconception that is often completely overlooked and contributes massively to the lack of trust in open source in secure environments.

Killer app?

[InfiniteWisdom]

People always said the main thing slowing down the adoption of Linux was the lack of a killer app...

Technology to kill the innocent...

[flajann]

Personally, I want no part in promoting technology to an organization that harms and kills innocent people -- such as the military. Let alone the recent tortures and illegal "detainments" the US military has engaged in.

"Yes, this village of children and their parents reduced to a smoky hole in a ground made possible by missiles running Linux!" Really, do we want that kind of association for something that is otherwise so wonder and represents the major achievement of OpenSource?

Sorry, I do not wish to OpenSource death and destruction. If the military wants to use Linux to manage their death infrastructure, not much we can do to stop them. But to encourage them to do so? Not in the name of OpenSource!!!!

Re:You sir, are an idiot. Or a shill.

[CarpetShark]

You really should listen to Peter Quinn's talk on ODF, and learn about sovereignty before you say that. You'll almost certainly find it enlightening.

Re:You sir, are an idiot. Or a shill.

[CarpetShark]

p.s.: the Venezuelan open-source related stuff on encouraging their own economy is also directly relevant to why governments should care about open source. Not to mention the underhanded (and prooven) bribes from companies like Microsoft while attempting to keep things closed. The fact that such things can't happen with open development ALONE should make you want your government leaning towards that.

Re:I found the problem!

As promised. Happy new year!

Re:You sir, are an idiot. Or a shill.

[91degrees]

But I consider open standards and open source to be different arguments. Unless you're employing your own developers, freely available source code (as opposed to restrictedly available source code) is not the most important aspect of the software.

Your article is dated ...

[Agarax]

So ... in 1998 they used NT on a ship that has been decomissioned for three years?

That was ten years ago.

Technology has changed slightly, and the military loves throwing money at contractors to do upgrades.