Slashdot Mirror
Open Source Software In the Military
JohnMoD writes With the advent of forge.mil, etc. the military seems to be getting on board with free and open source software. A working group meeting is going to be held at Georgia Tech in Atlanta, August 12-13, 2009. There's a pretty good lineup of speakers including a Marine from the Iraq-Marine Expeditionary Forces, who was on the ground and saw the agility open source gave to him and his soldiers. A number of OSS projects are going to be meeting there: Delta 3D, OpenCPI, FalconView, OSSIM, Red Hat, etc. Looks like there will be some good discussions."
No you are wrong.
When Microsoft's products crash (guidance tracking on cruise missiles) THEY SAVE LIVES.
and do I honestly think I'll ever see any of this stuff?
Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights
How many of those civilian contractors are veterans who used to do your job when they were in the military? Just because the government decided to use civilian contractors doesn't mean you don't have a career path, it's just not necessarily one that stays in the military.
-- Support a free market in the field of government
Having worked for the Royal Dutch Navy for several years as a programmer and software architect, I'm impressed by their use of open source software on board their combat platforms. For instance, the Landing Platform Dock 2, HrMs Johann de Witt, uses GNU/Linux as a main component in the Combat Management System. Other platforms, including their submarines also uses various degrees of open source in combination with older proprietary systems.
It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened.
Now, if the military is controlling the code that is committed to certain projects, that is another story. Then they can see enhanced security from day 1, by ensuring that every patch is thoroughly reviewed -- a much smaller task than trying to re-verify years of review from some other project.
Palm trees and 8
If anyone caught Gen. Patraeus's briefing last week, I forget where it was but it was a public briefing, he constantly referred to Microsoft. Usually, the phrasing went something like, "if Microsoft will allow this". I noted that several of his slides were a bit odd in that there were arrows that really pointed no where and had no information content that I could discern. In the Q&A afterward, he actually pointed out the MS person who helped him create the slides. That would explain the totally useless arrows. But I was struck that MS actually has a representative to help the brass do Powerpoint. Until that changes, DoD will always be enthralled by MS and their Powerpoint bulletpoints.
Just as a brief aside, there is a Stargate SG-1 episode where the General has been replaced by some other Air Force General and he calls O'Neill into his office to complain about the fonts and the fact that he'd prefer there be more bullet points in his report. The look on O'Neill's face was just too good.
Several years ago there was a series of conferences on F/OSS in government sponsored by George Washington University. There were several presentations made on use of F/OSS by DoD. They included the certification of F/OSS for use in command-control systems, the use of F/OSS in weapons systems, and other applications. Topics addressed included interpretation of terms of the GPL when F/OSS is used in systems for which DoD secrecy requirements apply to the software. (In that case, distribution within DoD and its contractor community is treated as internal to the user and not subject to general disclosure.)
The conferences included numerous presentations about F/OSS is government, including health care and a wide variety of other areas. DoD was just as active as other agencies in using it.
It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen.
Just because you're not doing it, don't presuppose that nobody is. The code review of all the major pieces is ongoing, extensive and in-depth. It's done for a lot of reasons: motivated self interest on the part of organizations with large user bases (NSA, .mil, governments, large corporates), product development (all the commercial vendors), security professionals (for experience props) and others.
Stuff does occasionally get through, but it's almost always pointed out and fixed right away.
One downside of commercial software is that code audits can only be done by two groups: the vendor and the black hats.
Help stamp out iliturcy.
Anyone on this forum heard of TCP/IP? Maybe I am getting old, but I remember the internet as a DARPA project. Source got distributed and ported to whatever you OS you happened to be using. Sounds like open source to me.
I've been working as a software developer in a military research lab for about 7 years. My primary area of work is development of middleware to allow interoperability between DoD systems that otherwise have no such capability. I'm a big proponent of using general open source solutions as well as the military having their own "open source" for situations that might not be appropriate for public distribution, but are very relevant across the entire DoD.
The resistance always comes in people guarding their products, ultimately to protect jobs and/or profit. The contracting companies have their stovepipe systems, and typically they want to be the sole source of development/maintenance. Even government entities keep things closed off from one another; I've had many instances where I've been told to either partially distribute or not distribute DoD-owned software (including source) when requested by another element of the DoD. Too many people are worried about their intellectual property, which makes it very difficult to tear down these political barriers. This ultimately results in the exact same functionality being developed many times over, which I've seen all too often. We're making some progress, but it's going to take significant buy-in from someone high up (read: with star(s) on their shoulder) to push the agenda. Otherwise, it continues to be a large amount of talk without much in the way of results.
Speaking of large amount of talk, I recently met with one of the key speakers at the aforementioned conference (Major James D. Neushul). This individual is a risk to adoption of open source principles...not because he opposes them, but because his mouth exceeds his knowledge. He speaks largely in buzzwords and jumps between concepts as soon as you corner him on the technical inaccuracies of his claims, but he does so with fervent insistence of his correctness. At one point in our discussion, he actually stated that the ideal solution right now is for every computer, down to the individual warfighter level, to be running an instance of a web server and use web applications. He also wrote the "specification" for an XML version of a widely-used bit-oriented messaging format (VMF), except he didn't write schemas, but rather a description of how one should make the schemas. It's a pretty scary stance to assume that a set of tag-naming rules is going to result in compatibility of all the independently developed schemas. It's unfortunate that this individual is probably going to alienate many skilled and otherwise open-supporting engineers....such as myself and my entire engineering team, all of whom are on-board with opening up DoD capabilities...yet none of us can tolerate his sloppy, bravado-laden approach.