Slashdot Mirror
Open Source Software In the Military
JohnMoD writes With the advent of forge.mil, etc. the military seems to be getting on board with free and open source software. A working group meeting is going to be held at Georgia Tech in Atlanta, August 12-13, 2009. There's a pretty good lineup of speakers including a Marine from the Iraq-Marine Expeditionary Forces, who was on the ground and saw the agility open source gave to him and his soldiers. A number of OSS projects are going to be meeting there: Delta 3D, OpenCPI, FalconView, OSSIM, Red Hat, etc. Looks like there will be some good discussions."
And saving lives of yet others?
Ezekiel 23:20
and do I honestly think I'll ever see any of this stuff?
Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights. My MOS (job classification) is an E4 and out position. Basically I have no chance of attaining any leadership skills in my job. Big change from when I joined six years ago. I'm seriously considering leaving communications for something that I can actually advance in, even if I wouldn't be as happy in it, but I could be wrong about that.
This turned in to an off-topic rant. My bad.
Anyway, I'll be joining tomorrow when I can get access to a computer that I can use my ID card in. Until then, I'll just not be able to look around it and - most likely - correctly speculate what the program is like for a junior enlisted servicemember, even if they know Linux well.
I run Ubuntu skinned to look like a Mac on a PC. Go figure.
No you are wrong.
When Microsoft's products crash (guidance tracking on cruise missiles) THEY SAVE LIVES.
Having worked for the Royal Dutch Navy for several years as a programmer and software architect, I'm impressed by their use of open source software on board their combat platforms. For instance, the Landing Platform Dock 2, HrMs Johann de Witt, uses GNU/Linux as a main component in the Combat Management System. Other platforms, including their submarines also uses various degrees of open source in combination with older proprietary systems.
I know that a number of Navy scientists have scratched their heads regarding why the NMCI abomination used Windows rather than Linux on the desktop.
I wonder if they'll smarten up when they roll out NGEN, which will replace NMCI.
Anyone that doesn't respect all lives should be killed.
By someone who respects lives.
It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened.
Now, if the military is controlling the code that is committed to certain projects, that is another story. Then they can see enhanced security from day 1, by ensuring that every patch is thoroughly reviewed -- a much smaller task than trying to re-verify years of review from some other project.
Palm trees and 8
If anyone caught Gen. Patraeus's briefing last week, I forget where it was but it was a public briefing, he constantly referred to Microsoft. Usually, the phrasing went something like, "if Microsoft will allow this". I noted that several of his slides were a bit odd in that there were arrows that really pointed no where and had no information content that I could discern. In the Q&A afterward, he actually pointed out the MS person who helped him create the slides. That would explain the totally useless arrows. But I was struck that MS actually has a representative to help the brass do Powerpoint. Until that changes, DoD will always be enthralled by MS and their Powerpoint bulletpoints.
Just as a brief aside, there is a Stargate SG-1 episode where the General has been replaced by some other Air Force General and he calls O'Neill into his office to complain about the fonts and the fact that he'd prefer there be more bullet points in his report. The look on O'Neill's face was just too good.
Several years ago there was a series of conferences on F/OSS in government sponsored by George Washington University. There were several presentations made on use of F/OSS by DoD. They included the certification of F/OSS for use in command-control systems, the use of F/OSS in weapons systems, and other applications. Topics addressed included interpretation of terms of the GPL when F/OSS is used in systems for which DoD secrecy requirements apply to the software. (In that case, distribution within DoD and its contractor community is treated as internal to the user and not subject to general disclosure.)
The conferences included numerous presentations about F/OSS is government, including health care and a wide variety of other areas. DoD was just as active as other agencies in using it.
It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen.
Just because you're not doing it, don't presuppose that nobody is. The code review of all the major pieces is ongoing, extensive and in-depth. It's done for a lot of reasons: motivated self interest on the part of organizations with large user bases (NSA, .mil, governments, large corporates), product development (all the commercial vendors), security professionals (for experience props) and others.
Stuff does occasionally get through, but it's almost always pointed out and fixed right away.
One downside of commercial software is that code audits can only be done by two groups: the vendor and the black hats.
Help stamp out iliturcy.
Al: Uh-oh, quick! Should we use gnuke, knuke, or just bare-bones nuke?
Bob: Ah, definitely not knuke, it screws up at least half of the commands it sends to nuke. Maybe gnuke, it's at least a competent front-end, but it's missing a bunch of the functionality of nuke -- the dev got bored and was pulled onto another project. But the command-line for nuke is so obtuse that it will take two or three tries just to get the command right, and those first two bad commands might be worse than not using it at all. Of course, nobody has what you would call real-world experience with any of them . . .
Al: Ah sh*t, too late anyway.
Sorry, it was the first thing I thought of when I saw the gnuke tag on the story.
"Basically I have no chance of attaining any leadership skills"
I fear that you don't understand what "leadership" is. If you wish to learn about leadership, and you are not learning, that is your failure, not the failure of the military, the boy scouts, an employer, or even your parents. I would ask first, how many courses are you enrolled in? If you answer "none", then it is obvious that you DON'T wish to learn leadership, but instead, you only want to bellyache about the military. Which is fine with me - we earn the right to bitch by serving. But, for your own good, you do need to be honest with yourself.
As for attaining a "leadership position" - that is another subject entirely. The best leaders, of course, are good followers. Are you a good follower? Do you work hard to make your mates and superiors look good? Do you support your juniors? Are you always there, willing to do whatever it takes? Do you volunteer to "go the extra mile"?
If so - maybe you really are in the wrong MOS. Maybe even the wrong branch of military. The Navy does things considerably different than the Army - you might consider a tour with the fleet after your army service.
I have one son in the Army, one going into the Navy. If they switched places, I don't think either would be happy - it all depends on the individual's aptitude, personality, etc.
But, please, let's not blame the Army for a failure to learn a skill. You can learn if you wish to learn. Demonstrating that skill is the path to advancement, not bitching about the lack of a skill.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
I won't start a discussion about the choice that the Royal Navy did.
All I can say is that the technical management at CAWCS/Force Vision never saw Microsoft as a viable alternative. At least as long as I was working there.
But sure, we used other operating systems as well. Among those OpenVMS and Solaris 7 and 8. Most of the development was done on Sun/Solaris.
We even had Windows systems for office support, but on a physically isolated network.
Disclaimer:
As a former external consultant I'm not speaking for the Royal Dutch Navy.
Anyone on this forum heard of TCP/IP? Maybe I am getting old, but I remember the internet as a DARPA project. Source got distributed and ported to whatever you OS you happened to be using. Sounds like open source to me.
If your wife hates all other women and you love your wife enough to believe in every ideal she believes in without question, then yes you hate all other women.
If you follow your country blindly while it creates war with others over possibly meaningless matters or when there are other options besides war and you never once question it then you are a bigot.
-
dunno.
Man, you are working hard convoluting that to get what you want it to mean out.
You are even assigning attributes that aren't always there in order to do it. How proud you must be. Here is a hint, you don't need to be blindly obedient to be patriotic. You don't need to blindly trust or accept anything the country is doing to be patriotic. Only in your imaginary world is that true.
I've been working as a software developer in a military research lab for about 7 years. My primary area of work is development of middleware to allow interoperability between DoD systems that otherwise have no such capability. I'm a big proponent of using general open source solutions as well as the military having their own "open source" for situations that might not be appropriate for public distribution, but are very relevant across the entire DoD.
The resistance always comes in people guarding their products, ultimately to protect jobs and/or profit. The contracting companies have their stovepipe systems, and typically they want to be the sole source of development/maintenance. Even government entities keep things closed off from one another; I've had many instances where I've been told to either partially distribute or not distribute DoD-owned software (including source) when requested by another element of the DoD. Too many people are worried about their intellectual property, which makes it very difficult to tear down these political barriers. This ultimately results in the exact same functionality being developed many times over, which I've seen all too often. We're making some progress, but it's going to take significant buy-in from someone high up (read: with star(s) on their shoulder) to push the agenda. Otherwise, it continues to be a large amount of talk without much in the way of results.
Speaking of large amount of talk, I recently met with one of the key speakers at the aforementioned conference (Major James D. Neushul). This individual is a risk to adoption of open source principles...not because he opposes them, but because his mouth exceeds his knowledge. He speaks largely in buzzwords and jumps between concepts as soon as you corner him on the technical inaccuracies of his claims, but he does so with fervent insistence of his correctness. At one point in our discussion, he actually stated that the ideal solution right now is for every computer, down to the individual warfighter level, to be running an instance of a web server and use web applications. He also wrote the "specification" for an XML version of a widely-used bit-oriented messaging format (VMF), except he didn't write schemas, but rather a description of how one should make the schemas. It's a pretty scary stance to assume that a set of tag-naming rules is going to result in compatibility of all the independently developed schemas. It's unfortunate that this individual is probably going to alienate many skilled and otherwise open-supporting engineers....such as myself and my entire engineering team, all of whom are on-board with opening up DoD capabilities...yet none of us can tolerate his sloppy, bravado-laden approach.
That is a lot of code to try to audit, especially when a backdoor may be spread across many different modules. I saw an entry to the underhanded C coding contest that hid an information leak across 5 different sections of the program; the leak happened 0.5% of the time the code was run (on average), but it involved leaking the secret key for a block cipher. It could been even more well hidden, had there been more code available, as there would outside the constraints of a contest.
"Security professionals" cannot necessarily spot a well engineered, well hidden backdoor in millions of lines of code, as there might be in the Linux kernel. Given the widespread use of Linux in banks and governments, it would not surprise me if different groups of people have been busy trying to hide some sort of vulnerability.
This is not to say that commercial software is not vulnerable. It is just as easy to bribe a programmer at some major proprietary software house to introduce code as it is to sneak code in through patches in an open source project. The real issue here is introducing third party code, that you have not overseen from its inception, into a high-security environment and trusting it. This is the reason why the NSA has never approved any computer system for handling all classification levels -- it is not economical to develop a custom system, but it is not secure to trust a third party system, so the compromise is keeping top secret data on a physically separate computer from unclassified data.
I am not trying to imply that some hacker is going to be able to take over the military's computer systems -- that only happens in Hollywood. More likely, if such a vulnerability were to be introduced, it would involve weakening a random number generator, or an encryption implementation, or perhaps even making it easier to create a covert channel without being caught. Even just slightly weakening the security could have far reaching consequences for an espionage campaign -- and slightly weakening the security would also make detection that much harder.
Palm trees and 8
I appreciate your stance that war is immoral, but I must point out that this is not a universally held notion.
Similarly, I appreciate the concept of non violent resistance, and think it is one of the bravest stances a person can take. However, I will choose to stand against fatigue-wearing bullies, whatever color their fatigues may be. And I choose to use the sharpest sword I can lay my hand on to do it.