Slashdot Mirror
New DoD Memo On Open Source Software
dwheeler writes "The US Department of Defense has just released a new official memo on open source software: 'Clarifying Guidance Regarding Open Source Software (OSS).' (The memo should be up shortly on this DoD site.) This memo is important for anyone who works with the DoD, including contractors, on software and systems that include software; it may influence many other organizations as well. The DoD had released a memo back in 2003, but 'misconceptions and misinterpretations... have hampered effective DoD use and development of OSS.' The new memo tries to counter those misconceptions and misinterpretations, and is very positive about OSS. In particular, it lists a number of potential advantages of OSS, and recommends that in certain cases the DoD release software as OSS."
gives a new meaning to terms such as "fatal exception" and "kernel panic"
the government is acting intelligently. I feel strange.
[signature]
I think at least 50% of the technical people in the Navy and Marine Corp would like to see (the next version of) NMCI switch to an open-source OS.
At least they can always dream...
>and recommends that in certain cases the DoD release software as OSS.
How can the DoD release software under a copyleft license when the federal government is incapable of holding copyrights in the first place? I thought it was all automatically PD if it's not secret? Not that that's stopped anyone from asserting copyright when it suits them.
In addition to using externally developed free software, various parts of the military have periodically released and continued to support some decent bits of software. BRL-CAD is from the Army Research Lab, and Delta3d is from the Naval Postgraduate School, to pick two examples off the top of my head.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Everywhere I go, there are Linux and BSD systems.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
And thus another chair is thrown in Redmond.
http://dilbert.com/2010-12-13
My federal manager was decidedly anti-OSS, he would state that we can't get support on the OSS, so we couldn't use it, denying anything and everything that came through. All I can say now is read it and weep.
I wrote about this a little while ago on why the federal government needs to be using Open Source. http://www.dremspider.net/?p=15 This is what I have seen as a federal contractor.
While I'm all in favor of OSS making it into DoD, the wording of the memo puts DoD on shaky ground.
In particular, 2(e) suggests that you can release modified OSS software to a government entity and you won't have to release the source code. If it's GNU GPL software, then you can release the modified binary to other entities within your organization, but you have to release source code to them (not a problem) and you cannot restrict their further distribution of source code or binary (a big problem). GNU GPL v3 uses the words "anyone who comes into possession of a copy."
2(g) suggests that DoD staff can release software as open source. DoD staff, as US government agents, cannot claim copyright over their work. Most OSS licences (e.g. BSD, GPL) basically say "I am the copyright owner, and I hereby allow you to do stuff." Contractors developing software on a DoD contract may (in certain circumstances) be in a position to say that, and thus be able to release their software as OSS. Software developed by DoD staff themselves, if it is to be released as OSS, needs to be released under a very carefully worded license, which would by its nature be incompatible with GNU GPL and many other licenses. Thus for example for DoD staff to modify GNU GPL licensed code, and release their modifications (necessarily under GNU GPL) raises all sorts of legal problems.
M$ have lobbied DoD heavily in the past, against OSS, on just these grounds. I can't think why they wouldn't do so again. This is not something that can be solved with a memo, even from DoD CIO. We need legislative change to insulate DoD against lawsuits from M$ and other proprietary software vendors.
Microsoft products don't cut it with the interoperability.
Take a look at SharePoint for instances, It's painful to move data in and out. Sure there is the SDK, PowerShell, and good old manual labor.
But these products are sub-par. The SDK was written by what looks in the amount of 50 people who all had different ideas on proper coding.
PowerShell isn't even close to the usability as vbscript. Who ever heard of a function that returned the entire transaction, database table, and all the output feedback along the way.
By the way, forget coding for SharePoint on a workstation, you basically only code on a Windows SharePoint Services or MOSS server. Sure you can use Virtual Machines but forget that when you are
paying for per seat licenses. Got to be legit.
Another thing is that Microsoft makes everything seem like a risk. Global Unique Identifiers are on everything. .Net was a bad Idea. Ever notice it takes approximately 15 seconds to spool up an asp.net application.
You have to activate your copy of Sh(it)arePoint Designer, Visual Studio[Torpedo].
Intellisense sometimes is missing things. It makes you dumb as you come to rely on it. Team Studio costs too much and is more complicated than CVS.
That compounded with the 30 seconds you have to wait for your data to be retrieved from SQL Server and shoved in
a datagrid's Session State. Shouldn't there be automated paging by now?
C# is basically just becoming a python rip off.
Remember LINQ? 2XML 2SQL If you tried to use the XML you noticed it wasn't exactly finished. "namespaces?"
After a while the Xbox 360 will require you to go online to validate you are playing the game you are playing.
The games will be registered to you via a 32bit GUID that is randomly generated by the tool from Visual Studio.
Then you'll find out that at least 10 other people own your copy of Fears of War Unlimited. You are a pirate and you 360 has been
deactivated. Thats just where this hysteria is headed. EA, you're just as bad.
The Department of Defense would do well to just go totally opensource.
Ubuntu clients, Redhat servers, skys the limit.
But here is the problem with that. Redhat doesn't really want to attempt to compete in the desktop market.
They publicly stated this. This is BAD. Because they have to. They need too.
They have people capable of fixing the problems in components such as Xorg, the Kernel, and Gnome.
They have the capability to fork projects and put out decent alternatives.
Distributions act like they are Linux Prime the leader of the Great Linux.
But truly there is no one person Linux belongs too or you can go to to blame.
That's the best thing about it. Nobody really owns it. Nobody is going to come and put you jail for using it.
Nobody is going to force you to pay tax on it.
Ubuntu has a good Desktop product. But I'm not sure about the caliber of their employees.
I'm not sure they can continue to drag Debian along.
In an enterprise environment you need things to work. That's the problem with open source.
Companies aren't being forced to invest in the product. Sony should make sure the kernel supports it's laptops.
Intel should insure there are sufficient drivers for its latest video cards, network cards, and modems.
Another problem is Microsoft will slip in one of their MVP salesman and your management get big eyes about the possibilities.
But whatever. I don't care.
I was at the Mil-OSS conference this year where this memo was discussed quite a bit, and I just want to mention some things in response to some of the comments. Most of this was in David Wheeler's blog (the first link), but some might have been missed.
Most government program/project managers are very slow to try new things like OSS. Generally, this is not due to laziness or not being technically up to date, but rather because the number of rules and regulations that they can get hammered for failing to follow is so large that they tend to continue to follow a safe path unless it is incredibly clear that they won’t get in trouble. This memo is designed to give top cover and make clear to all PM’s that using OSS is more than acceptable, it is actually preferred.
1) Although I can't say for sure how much the new administration's personnel in the Pentagon had to do with being signed, it probably was very little since the memo had been in production for years (rumor was that Dr. Pepper was going to give a free soda to everyone if it came out before 2010, but I don't think that's true). Over beers, one of the people involved with its writing told the story of being asked whether the memo would be out before Thanksgiving and responding, "Without a doubt." That was in 2007!! It probably emerged more from the "Open Technology Roadmap" by John Scott, Mark Lucas, and JC Herz for Sue Peyton in 2006 than any political changes.
2) Much of the memo just clarifies parts of the DoD's official position on OSS, especially areas that were major targets for FUD by contractors who are trying to sell proprietary systems to the government. For example, they would claim that procurement law requires commercial software to be used, and OSS wasn’t COTS. This was addressed by the 2003 memo, but still the misinformation persisted. Additionally, procurement law requires that software either be warranted or the source code available. Vendors would claim that since OSS isn’t warranted, it couldn’t be used, neglecting the second part of the requirement about source code.
Totally worth the $10K per box for Sourcefire so you don't have to get your hands dirty with any of that icky open source Snort garbage.
That's because things that are released into the public domain are truly free, as opposed to those things that are released under various licenses, which are not truly free even though they are less encumbered than things released under normal copyright.
We think it's funny. We know you don't think it's funny. That's part of why it's funny. You want to fucking kill google, and all you can do is thrash furniture. Your team can't even keep a fucking SideKick working and you want to take on Android. What is it, a decade of WiMo, and 6.5 is the best you can do?
Get over it. You're Wile E. Coyote and Google is your Roadrunner. That's some funny shit there. If they call their app store ACME that would complete the joke. Somebody get Sergey on the horn.
Help stamp out iliturcy.
Comment removed based on user account deletion
I like how you made up half your story. Like the bit about everything needing activation. You know, no paid Microsoft developer tools need activation (developers may be the only group Microsoft treats relatively decently, but I digress).
Your stuff about ASP.NET is a lie too. Or rather, it takes as long to spin up the ASP.NET runtime as the Java or ColdFusion runtimes. Of course, ASP.NET isn't Open Source so clearly it's not good enough for you.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I had been having ongoing arguments with auditors and DoD scanners about Open Source Software versus "freeware" - it's free, so that means it's Freeware - right? Finally, Daniel Risacher from the "Defense Department's Office of the Chief Information Officer" made this announcement.
Reading that, I got all excited...and waited patiently. For a bit. Finally, come April, I emailed him directly with this question:
At a RedHat conference on Oct8, 2008, you made a comment that the DoD would further clarify that OSS is not the same as Freeware/ Shareware, for those who are still confused about the subject. We are currently undergoing an audit, and are being told that we can't use various products because they are "shareware" - specifically, mysql was on the hitlist. Discontinuing use of mysql would be an engineering nightmare for us, esp since anything else would also be "freeware" according to the auditors.
Of course, 8500.2 says that we can't use shareware because we don't have access to the source code, and we obviously have access to the code of open source products. I can't find the memo that you mentioned would be coming soon - has it been released?
To which he responded:
From: Daniel Risacher ((redacted))
Sent: Monday, April 06, 2009 3:54 PM
To: Brian LaMere
Subject: Re: OSS in DoD?
The memo is essentially finished, but stuck in an near-endless do-loop of executive-level staffing.
Forward the names of any gov't personnel who are giving you trouble to my work email: ((redacted)), and I'll try to talk to them.
Wow...that was back in April. Things sure do move fast around there ;)
There are countless documents that say so many different things, compounded by the fact that there are a multitude of auditors who have been trained that "Open Source" is "Freeware." And since "Freeware" is disallowed according to 8500.2, they then decide that "Open Source" is too. Nevermind that the Linux kernel is Open Source, no - they would pick and choose randomly which software we could and couldn't use. On a whim they'd suddenly decide mysql was no longer ok, no matter what evidence I could provide otherwise.
G-d, how I miss that circus.
Now the company corporate folks I work for has open source on its radar.. Now we have FOSS (Free Open Source Softwaree) training about all the viral open source licenses and to upgrade or install anything we needs a subject matter expert. We have a unix gnu utility that needs upgrading, can't do it, now we need sign of.
Never mind that we have Unix guru and were using perl/gcc mpi and a bunch of other software installed. Open Office was a usefull tool on our Unix machines, some of those perl modules helped us write custom code documentors, no more. we'll be waiting a couple years for an upgrade.. Closed network means it all had to go through IT anyway.
sigh......
G-d, how I miss that circus
OMG, FFS.
Any software product written by government employees (not incorporating proprietary or OSS code) is one better than OSS--by law it's in the public domain. As long as the software is not classified anyone can use and modify the code. When I was the Admin Officer for a Navy helicopter squadron in San Diego in the late 80's, we used to get software from the local Navy Air Rework Facility, who had a code shop. They would always tell us we MUST pay them for the software (yes the military uses chargebacks just like any other business) but we would just laugh at them and tell them that their code was in the public domain--so it was free. Then they'd tell us we could not use it without paying for support and we'd tell 'em if we couldn't figure it out, we just wouldn't use it. They had not figured out that you can't charge money--even bongo bucks--for something that is free.
When I contribute to OSS projects I like to think of it as doing some work for the good of the global community. What I don't like to think of it as, is to work for a foreign military for no pay. Actually I think i rather have foreign military spend some more on programmers and have less over to spend on bombs and soliders.
Is there some alternative OSS license that don't allow the software to be used for military purposes?
Maybe related to this in UK?
Windows for Warships:
http://www.theregister.co.uk/2009/01/15/royal_navy_email_virus_outage/
The tags speak volumes. Where are the *BSD mascots? Of course, OSS automatically means nothing but Linux. One OS to rule them all, eh? And fuck you in advance for your comment about Linux being a kernel, not an OS.
And allowing slavery is more free because you're allowed to keep slaves.
Most government program/project managers are very slow to try new things like OSS.
If you think FOSS is new, either your 'recreational' activities with Bill and Steve at Microsoft headquarters have left you brain damaged or you have been in a cave for at least 25 years. The Internet, a DARPA project, has been FOSS since before the term 'FOSS' was available.
You're right about the slow but wrong about the new. The bizarre part is that slow-moving, incompetent managers everywhere are willing to go far over budget and don't even blink at signing double-overtime to deal with a self-inflicted Microsoft problem. But not willing to spend a dime to roll back to the FOSS software they had which worked without a hitch and needed only negligible maintenance. I can't find a description in DSM-IV, but there has to be a special name for that.
No, the federal government can hold copyrights. US law says that whatever a government official does, as part of his official duties, is not subject to copyright. Today, most software developed for the US government is developed by contractors, who CAN hold copyrights, and they can assign those copyrights to the federal government. Some contracts even REQUIRE that the copyright be transferred to the US government.
- David A. Wheeler (see my Secure Programming HOWTO)
I make a similar argument in "Government-developed Unclassified Software: Default release as Open Source Software" - if "we the people" paid to develop software, then by default "we the people" should get it. This was one of the proposals in the open government dialogue, and many people voted for it.
I don't think that EVERY program funded by the government should be released to the public. If it's classified for good reason (say, its purpose is to explode a nuclear bomb), then I think it should definitely NOT get to the public. But if we made openness the DEFAULT, that would eliminate a lot of nonsense.
- David A. Wheeler (see my Secure Programming HOWTO)
I wrote this in 1997 in a comment file for my version of nenscript:
These changes were made on my own time and on my own computer, but
could easily be construed as being part of my official duties as an
AWACS software programmer/analyst. If this is the case, then any
changes that I made are a work of the US government and are not
subject to copyright protection in the United States, and furthermore
are provided, free of charge, with no warantee. If my changes are not
legally part of my official duties, then I hereby disclaim all rights
to the aforementioned changes and explicitly put them in the public
domain, and furthermore disclaim any warantee, express or implied. I
am not an intellectual property lawyer, so I'm not sure which of these
situations applies. Either way, the changes are free to you.
Daniel Risacher, 2Lt, USAF
"The simplest solution is to ignore your dead children."
Great job.
Does anyone have examples of health related OSS within the DOD or US gov? Also can anyone comment on why VA's VISTA has a stumbling block relating to OSS? Is it some Intersystems license?
I am mostly a lone voice on DOD panel trying to advocate for the above so would greatly appreciate detailed guidance/support