Slashdot Mirror
US Dept. of Defense Creates Its Own Sourceforge
mjasay writes "The US Department of Defense, which has been flirting with open source for years as a way to improve software quality and cut costs, has finally burst the dam on Defense-related open-source adoption with Forge.mil, an open-source code repository based on Sourceforge. Though it currently only holds three projects and is limited to DoD personnel for security reasons, all code is publicly viewable and will almost certainly lead to other agencies participating on the site or creating their own. Open source has clearly come a long way. Years ago studies declared open source a security risk. Now, one of the most security-conscious organizations on the planet is looking to open source to provide better security than proprietary alternatives."
Denigrating the concept of security through obscurity is not the same as claiming the inverse holds. This should be an interesting experiment in whether subjecting code to an early phase of public hazing reduces security holes and risks of all sorts.
Okay, why the hell does the DoD call the site "forge.mil" but actually host it at "forgemil.com"? If they can't get a real .mil site, who can? I thought it was some phishing scam. "forge.mil" doesn't even resolve, let alone redirect. And ".com"? Government reserved .gov, .mil and some other domains for its exclusive use. Why on earth are they using .com?
It's based on SourceForge Enterprise Edition, a product that VA Software (Now SourceForge, Inc) sold off to CollabNet about two years ago. It's not even close to the code that runs sourceforge.net (sf.net's code was a php/python/perl based site, SFEE is J2EE).
I would like to see open source applications that would replace all of the legacy, proprietary applications. DoD is loaded with very badly written applications that usually can only be changed by giving the same companies that produced them more money. Notice I said "changed" and not "improved".
In the land of the blind, the one-eyed man is usually crucified.
If it's 'limited to DoD personnel for security reasons' in what sense is it 'Open'?
Now if only they would release JESS to this website. http://www.jessrules.com/jess/index.shtml
Open within a community that is guaranteed to be all "U.S. Persons" for export control purposes, perhaps.
Sure, it's not open to 6 billion people, but it might be open to several million, and that's a heck of a lot better than closed in someone's desk drawer.
STANDARD MANDATORY NOTICE AND CONSENT BANNER
YOU ARE ACCESSING A U.S. GOVERNMENT (USG) INFORMATION SYSTEM (IS) THAT IS PROVIDED FOR USG-AUTHORIZED USE ONLY. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
Use of this system constitutes consent to monitoring for all lawful purposes.
When I was first hired as a budding DoD programmer a long time ago, one of the first things I asked is "where is our library of stuff that has been developed locally?"
I might as well have asked "where is my +3 mace?" because we didn't have that either.
I'm glad this is finally happening.
Open source code, Open Government http://www.whitehouse.gov/ and Open Source Intelligence http://en.wikipedia.org/wiki/Open_source_intelligence all good ideas that may well speed things along and save the tax payers some cash.
Since when did risible falsehood and fallacy filled rants written by swivel-eyed ideologues count as 'studies'?
http://www.sourcewatch.org/index.php?title=Ken_Brown
[JoinCommunity]*
*DOD CAC or ECA Certificate Required
How easy is it to get one of these certificates?
You see? You see? Your stupid minds! Stupid! Stupid!
In most cases, if software was developed under a government contract, then the government has full rights to the source code. It would be a great starting place for updating a number of existing applications. Version control and vetting of results could be problematic in some cases, but not impossible to overcome.
DMCA - Chilling free speech since 1998.
"Though it currently only holds three projects and is limited to DoD personnel for security reasons, all code is publicly viewable"
No, it's not. Code posted to .mil is only available to those with sufficient authorisation. The .com site is publicly available for those seeking more information.
So, code will be NOT be 'publicly' available - only to those on secure. Kinda as you'd expect, but rather a long way away from real FOSS.
No problem! What you have to do is wtf???!!!!dsfjsdqkjfghjkfgqs:gffg
[no carrier]
Not bloody likely anytime soon. You should be able to get access to most source code for non-sensitive GOTS software today through the Freedom of Information Act, but I bet it would take so long that you'd stop caring.
It looks like the military has solve the problem of time travel and web master has let it slip. According to the FAQ
The Forge.mil effort started development in October 2009 and the first capability, SoftwareForge, is now available for limited, unclassified use.
The military has being using open source for more than 2 decades. They even have a huge repository of approved/certified open source products that people with the right clearance can access to assist with day to day work. This is not new in any way or shape. This is nothing more than the incompetent in the Whitehouse taking credit for other people's work to make himself look good in the eyes of the bubbling idiots who ate his turds during the election.
Disa frequently outsources it projects and this is one example of where the contractor didn't coordinate with his govt poc to obtain domain and PKI certs.
http://www.collab.net/news/press/2008/collabnet-disa.html
I work in Army IA division and this happens more often then i care to admit.
" Though it currently only holds three projects and is limited to DoD personnel for security reasons, all code is publicly viewable and...."
ok how do you limit the site and make it public at same time, good journalism guys.
and
"Slashdot only allows a user with your karma to post 2 times per day (more or less, depending on moderation). You've already shared your thoughts with us that many times. Take a breather, and come back and see us in 24 hours or so. If you think this is unfair, please email posting@slashdot.org with your username "CHRONOSS2008". Let us know how many comments you think you've posted in the last 24 hours."
f#ck karma
YA like yesterday must a been 22 hrs ago.
this place sucks now. censorship on the uptake i guess them mpaa suiing you guys is having an effect soon it will be 1 post a week then a month then hey why bother letting anyone post.
Clicked through the site a little to the 'PKI Online Training' section, and I'm informed that I must :
1. enable flash
2. enable cookies
3. enable javascript
4. disable pop-up blocking
I desperately hope this is a scam, since the alternative possibility is just frightening
The opinions expressed here are those of this individual, and may not reflect the policy or practice of the collective
The site does have a .mil address. I'm on it right now but it's not very active since it looks to be brand new. You can only get on the .mil site with a DoD approved CAC Card.
Anyways seems Linux is being used a bit more.
[posting anon to not reveal username to those who will recognize me]
I wonder if this will catch on. In my little neck of the DoD woods, we've had great difficulty getting buy-in to collaborative, geographically dispersed software development. About 5 years ago we had the Sourceforge guys give a demo, but we opted to roll our own. I had the equivalent running with web-based tools for bug tracking, discussion boards, project pages, CVS browsing, project team roles and flexible authorization - but after hosting about 4 local software projects, it ultimately withered and died. Could not get other departments/agencies interested - everyone has their own rice bowl. Perhaps I'm just in the wrong area... I don't see much advantage being taken of collaboration or re-use.
That said, I will be taking a look at this newest effort once I get into the office.
I'm really starting to like this Barrack Osama guy! Finally a president who knows how to take advantage of technology and open source
Secure the machine with a password, but don't watch what you are typing when you enter it. Now no one knows the password, and even though they have you, what you know, your body... They cannot get into the system. Of course you can't either, but you didn't say anything about that being a requirement. What you have, what you know, and who you are... The big three..... We are all waiting for a fourth security principle to make things better :-)
Comment removed based on user account deletion
at 8:30 eastern time, on Feb 2. The site is still /.'ed. We have brought down a gov web site.
(are we terrorists?)
I want to clear up some confusion ....
The real site is at https://www.forge.mil/ not www.forgemil.com. Forgemil.com was a site we were using during the development of forge.mil. Unfortunately, the wrong URL somehow made it in to the article. Right now the site requires a user to authenticate using a DOD PKI certificate (either a Common Access Card or a certificate from one of the DoD external certificate authorities (ECA)). See http://iase.disa.mil/pki/eca/index.html for more information.
Registered in the wrong TLD? Untrusted PKI source? Tells you you don't have permission to access the site? Screwed up beyond belief? How can you doubt for a minute it's military?
unfortunately no smiley, if the military had gotten a process patent on disfunctional bureaucracy we could have a balanced budget collecting royalties from the banks and investment firms.
Where you at?
"Well," he said, "it's to do with the project which first made the software incarnation of the company profitable. It was called Reason, and in its own way it was sensational."
"What was it?"
"Well, it was a kind of back-to-front program. It's funny how many of the best ideas are just an old idea back-to-front. You see there have already been several programs written that help you to arrive at decisions by properly ordering and analysing all the relevant facts so that they then point naturally towards the right decision. The drawback with these is that the decision which all the properly ordered and analysed facts point to is not necessarily the one you want."
"Yeeeess..." said Reg's voice from the kitchen.
"Well, Gordon's great insight was to design a program which allowed you to specify in advance what decision you wished it to reach, and only then to give it all the facts. The program's task, which it was able to accomplish with consummate ease, was simply to construct a plausible series of logical-sounding steps to connect the premises with the conclusion.
"And I have to say that it worked brilliantly. Gordon was able to buy himself a Porsche almost immediately despite being completely broke and a hopeless driver. Even his bank manager was unable to find fault with his reasoning. Even when Gordon wrote it off three weeks later."
"Heavens. And did the program sell very well?"
"No. We never sold a single copy."
"You astonish me. It sounds like a real winner to me."
"It was," said Richard hesitantly. "The entire project was bought up, lock, stock and barrel, by the Pentagon. The deal put WayForward on a very sound financial foundation. Its moral foundation, on the other hand, is not something I would want to trust my weight to. I've recently been analysing a lot of the arguments put forward in favour of the Star Wars project, and if you know what you're looking for, the pattern of the algorithms is very clear.
"So much so, in fact, that looking at Pentagon policies over the last couple of years I think I can be fairly sure that the US Navy is using version 2.00 of the program, while the Air Force for some reason only has the beta-test version of 1.5. Odd, that."
"Do you have a copy?"
"Certainly not," said Richard, "I wouldn't have anything to do with it. Anyway, when the Pentagon bought everything, they bought everything. Every scrap of code, every disk, every notebook. I was glad to see the back of it. If indeed we have. I just busy myself with my own projects."
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Does this mean we'll be seeing them release the code for facebook?
See this for context.
I tried tho get to this site yesterday from the .mil side, but it is either down or limited by ip address since I kept getting "server unavailable" errors all day.
I hope this MOSS (Military OSS) site actually works out. Sharing code and ideas in this restricted fashion makes total sense, since it is all Government owned (per contract).
We can host SourceForge ourselves.
I'd like to buy homeland for our 10 million people. http://twitter.com/mahadiga
The site is not at forgemil.com it is at https://www.forge.mil/ but a PKI cert is needed for access until we can get approval for public release. Public information is at www.disa.mil/forge. The .com thing was a temporary staging server that we used during initial test and development. Next time we'll be sure to configure robots.txt more appropriately. Sorry for the confusion.