Slashdot Mirror
Convincing the Military to Embrace Open Source
drewmoney writes "Misconceptions about what 'open source software' means has made elements of the US Defense Department reluctant to deploy in a live environment. DoD proponents of shared-source projects are now working to reverse this trend by educating IT decision-makers and demonstrating OSS usefulness. 'The cost of cleaning up a "network spill" that introduces classified material on an unclassified network is running about US$11,000 per incident on the Navy/Marine Corps Intranet (NMCI), so the free Secure Save tool could produce monetary savings for the Navy. Additionally, it would cover more file formats than the costly commercial redaction product currently available on the NMCI.'"
I can tell you, but then I'll have to shoot you...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
NT 4.0 and US naval ships...
I think Linux floats here. Just check www.top500.org
I can't guarantee that all other open source projects will float as well. But, who could?
maybe they just need to look around and open their eyes.
there are lots of projects. for example, http://brlcad.org/
The article confuses two different problems. One problem is redaction, the other is a network spill. The two are very different. Redaction is "editing problem," deleting classified material from a document to make it unclassified. In a network spill, classified information is accidentally put on an unclassified system. A spill is a much more complicated problem. You have to determine how many systems were "infected," and sanitize those systems. And sanitizing may require the destruction/confiscation of the system. You also have to determine whether anyone without a clearance had access to the material. And I would guess that the vast majority of the cost is labor, not software.
The entire "Future Combat Systems" of the US Army is based on SOSCoE, a virtual environment that currently runs on linux. It includes development environments for C/C++/Java, but not Microsoft or .NET (yet, anyway). I'm not sure where the meme came in that the DoD is anti-linux. They are certainly proportional in their linux market share as the rest of the world, I'd say.
E pluribus unum
The military is starting to use open source software in more ways than people on the outside may realize. MediaWiki is used in some interesting ways, as is a certain open source instant messaging platform. Without going into detail on things that are best not discussed outside classified environments, there are other large open source software projects that have made their way into the server room.
The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes. Another issue is the fact that in order to use anything new, the military winds up spending insane amounts of money on retraining personnel, restructuring documentation, testing in live combat environments, etc. Essentially, it's all the major problems of large corporate uptake of open source projects, with additional dependencies.
Things are slowly improving. The military uses what works, and for much of what we use in our infrastructure solutions developed on Microsoft platforms still work. That's not saying they're necessarily the best answer to a given technology need, but they're already in place and it will take some time for new ideas to get adopted.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Open source software is the only type of software that is often mostly made by foreigners that the DoD will use. Proprietary software that is owned by a foreign company cannot be used without extraordinary extenuating circumstances. Even if the whole development is done in America, the legal ownership by foreign nationals takes the proprietary software automatically off the approved software lists.
This doesn't apply in the military. If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels. These sorts of mission-critical software failures are not commonly seen in most military environments, however, due to extremely long certification processes for anything that has blinky lights on it.
As much as I love open source software (my servers run on Debian, my workstations are Ubuntu 64, and I publish open source software in my limited spare time from active duty service), you're not going to see the Navy adopting a patch created in the last few days by Joe Developer. Things just don't work that way.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Have you ever done a code inspection on a binary? Have you ever written a patch for one?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I work as an integrator and inserter of technology into military organizations.
Hence, I can say with some authority that they are, for the most part, Talready convinced. To best characterize them, it would be: "interested, but cautious". "Convinced, but careful". They want to save money, believe that open source can be good, but have certain matters of due dilligence that they need to attend to.
There remain "paperwork" issues of getting open source into SCIFs, particularly when the provenance of the open source is questionable. Not all open source is born equal, you know. Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).
BTW, there is a new DoD directive that has been issued, ordering all defense procurement to include an assessment of open source products as an alternative to proprietary software. How is this "not convinced"?
C//
Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on less than 1% of computers that I have come in contact with. It's just too easy to keep the "status quo" going then to have to train the front line administrators in more than one OS (2000 and XP is difficult enough), let alone more than one office suite. When a data spill happens, (more often than not it's a computer error, rather than human error) I have yet to see an entire computer confiscated (although I'm sure it's happened). If anything the offending hard drive would be confiscated or *gasp* in a pinch we'd probably just slap a secret sticker on it to save time. Good thing I work for a country with not so many super duper secrets like the US, or even a budget worth 1/50th of the DoD, any orginization that large would be a major pain in the arse.
My Linux knowledge is practically nil, and I'm the "expert" in my unit.
I tried to think of a good sig, and this wasn't it.
The nicest thing about NMCI might be that it scares the Navy/Marine Corps off of all commercial software solutions. The system is incredibly dysfunctional and expensive. Moving a computer from one user to another or from one side of the room to the other usually costs several hundred dollars and weeks of delay. Moving a whole unit is a nightmare. Most software will not work on the network and users seem to devote themselves mostly to hacking printers and external drives onto the system because that is the only way they can get their work done. Open source software encourages the user to solve problems. If you know how to fix it, do so. If the Marine Corps/Navy adopted this concept (as opposed to just some open source software, rigidly controlled) it would be a perfect about face from the NMCI system where you have no access of any kind to your own machine and neither does the S-6 shop (the computer shop) in your unit. Instead you have to rely on some under trained and, in any case, unavailable, tech located on the other side of the world. We are literally ceding an advantage to our enemy with NMCI and Open Source (which in many ways had it's birth in DARPA) is the perfect solution to this strategic disaster.
cogito ergo oro
you dont understand. the problem is that with binary distributions, like the majority of COTS software that the DoD/army buys you usually settle on a version number to do all of the testing with. Say, version 1.1. The rest of the system is built around 1.1 and all of its (intended and unintended) functionality. When there is a problem with the software version, commercial vendors fix the problem in the current version. Say you bought version 1.1 in 1997, there is no way that the company is going to sell you 1.1.88 when they are on version 6.0.
This has nothing to say of the commercial binary distributions that are delivered from companies that are no longer in business... it happens more than you think in the defense industry world. Especially with the late 90's push to buy everything 'COTS'. Say you have version 1.1 of a database layer tool... all of a sudden that company goes out of business, I don't care how 'Mission Critical' the software is, it will never be fixed... since they did not have the source.
What you need to understand is that the source distribution model is going to change. Open source/GPL'ed code or Apache based FOSS software is going to be delivered by a defense contractor (the ones that will still be in business in 7 years i mean) and take complete authority over the delivered code. This is no different than nowadays when defense companies buy multi-million dollar software packages, delivered as binaries, that they have to maintain responsibility for. Sure, they can pass the buck when the software breaks... but when the defense contractor has the source (and hires a competent enough software engineer (not too common)) then they can make the changes themselves.
This is what the person is talking about. It doesnt matter that a Chinaman makes the changes to the code, the DoD/military just needs to trust their vendors to authenticate and take responsibility for their software solutions, in house developed, FOSS or closed binary COTS.
The Army and Marines use a lot of Linux. My company sells software to mostly the Army, and we have lots of Linux developers for a couple of Linux only intel software apps.
The NSA (and all the branches of service that work in/for it) uses a heavy mix of UNIX and Windows (and the largest chunk of Mac OS X of any gov't agency I know of).
Bascially, each branch operates in a fishbowl, separate from each other, so it is hard to generalize the Department of Defense's computer uses.
You aren't giving the organizations in the military that work with this stuff enough credit. Hint: Your beloved internet started as a military research project. Now think how much farther they have come since then with stuff the private sector won't really see for quite some time (like all other applicable research that come out of the military).
Then stop contributing to GPL projects. The license allows users to do whatever they want with it, to whatever purpose.
Judging by parent's User ID, I'm going to karma hell for this, but too damn bad.
When you insert code into something like the Linux kernel, you agree that from that moment on, it is licensed under GPL version 2. That does not mean you have the luxury of deciding who uses it, despite your little political foibles on that topic. "Free software" means exactly that - if the United States Armed Forces opt to use the software, then they have every right to use it. It is no longer in your control.
On another note, why should you object to having the military using code you've written? You're failing to understand that the men in uniform are under a binding contract, and that they are sacrificing every day to defend their nation. The US Military does not create policy, civilian politicians do - the military is just a tool of policy. They need all the tools at their disposal to do their job of keeping the United States safe, however that job is defined by the politicians.
It's a waste of time pitching the Navy anything. NMCI outsourced their entire network infrastructure to EDS. A monumental cesspool of pork barrel contracting that puts Haliburton's Iraq contracts to shame. There are hurdles and endless reviews for getting any piece of software approved for use on Navy or Marine networks. And between SPAWAR and EDS they're busy trying to squeeze out what little internal development is left in the Navy and move everything to the giant hosted service architecture. The very people most likely to use and promote any type of open source software or a project built on open standards are the ones jumping ship and going elsewhere.
You can waste your time trying to educate DoD if you want but it's maddeningly frustrating. They'll listen and understand, then go off and do something entirely different. Which is a shame because the military is an organization that would benefit the most from an open, flexible infrastructure. One that could scale on demand, integrate disparate information sources and is reliable on legacy hardware. You would think with the massive paperwork hassles of buying anything through the government, the military would pounce on technology that let them side-step the entire procurement process and load it when you need it.
It would all be funny if it wasn't billions of your tax dollars going down the crapper.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
On Navy ships workstations are Windows 2000 for office work and for Sailors to email home (everyone has a UNCLAS account).
The more specialized gear (Aegis, and various consoles) are usually Unix or Linux, depending on the piece of gear and the Aegis baseline.
A few pieces of gear run on Windows variants, the Navigation gear (Voyage Management System) the most notable. I think it is a civilian product the military uses.
From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot.
Not to mention that hardware and software varies greatly from ship to ship. A Aegis tech from the original Arleigh Burke destroyer would be hard pressed to trouble shoot a system from the latest variant of that class of ship, if he was able to accomplish it at all.
Navy enlisted techs are usually sent to a specific school for a certain piece of gear to help alleviate this problem, though it complicates the Navy's already dire manning problems as certain pieces of gear may only be on a few ships. It is no wonder that civilians do so much these days.
Just my two cents.
Remember folks, slashdot doesn't have a -1 "disagree" moderation!
It doesn't sting. It reminds me of my boy when he was 8 years old. We would take him out to nice restaurants where we could get decent food. No matter what was available he wanted the same boring things: chicken nuggets, grilled cheese, cheeseburger.
I encouraged him to try new things but it's pointless to push it because there's something in the human condition that makes us think any unfamiliar food is toxic.
So be it. Enjoy your kid's meal. I'll be over here with the diverse selection of culinary creations from all the world's cultures. Thanks.
Help stamp out iliturcy.
You've got a great point! In fact, let's take it a bit further. Why should we do ANYTHING to help the military? I say you start a campaign of civil disobedience aimed at destroying the US military's ability to wage any sort of warfare whatsoever. Don't stop until they're down to using shoelaces and plastic forks. I'm sure this will make the entire world a much safer place, and you'll have PLENTY of time to rebuild the military once foreign troops start rolling over your borders! Plus I'm sure it won't affect your global standing or your quality of life in the slightest! Yep, clearly we could achieve a true utopia if only we could disarm the US military!
So are you saying that keeping the military in a state where it must funnel money to corporate interests is a _good_ thing?
If the military stopped using MS software all together, it would remove Microsoft as an entity who would gain by increased military expenditure. Thank you for promoting the military-industrial complex.
- These characters were randomly selected.