Slashdot Mirror
US Govt Commits To Publish Publicly Financed Software Under FOSS (k7r.eu)
An anonymous reader writes: The White House has published a draft (PDF) for a Source Code Policy. The policy requires every public agency to publish their custom-build software as Free Software for other public agencies as well as the general public to use, study, share and improve the software. The Source Code Policy is intended for efficient use of US taxpayers' money and reuse of existing custom-made software across the public sector. It is said to reduce vendor lock-in of the public sector, and decrease duplicate costs for the same code which in return will increase transparency of public agencies. The custom-build software will also be published to the general public either as public domain, or as Free Software so others can improve and reuse the software. Looking at the exceptions, it appears the list excludes a number of interesting things. But what's remarkable here is that, by default, publicly financed software will now be deemed as open-source. That's a win.
Does that include any software made by secret intelligence agencies?
I'm not sure how US is, but the Australian government goes to a tender process for projects, and then picks the lowest as far as I can tell.
I've had the pleasure of working on a few government funded projects, and the skill level of many of the developers was rubbish. Embarrassingly so.
More consulting by Highly Paid Consultants, no more buying but leasing software from military-industrial complex cronies, and so on, and so forth.
Nice try, but we'll have to see if it does anything useful like actually reduce dollars spent in the long run.
So, foreign governments can save money as well? Even the hostile ones?..
In Soviet Washington the swamp drains you.
3. The release of the item would create an identifiable risk to the stability, security, or integrity of the agencyâ(TM)s systems or personnel
no biggie here, as youd have to identify the risk and make it meaningful.
4.The release of the item would compromise agency mission, programs, or operations
vague. you can expect this one to see a lot of abuse because the person who releases the code often isnt the author, and frequently wont be able to answer this question without worrying about their job.
5.The CIO believes it is in the national interest to exempt publicly releasing the work.
this. the CIO often doesnt know TCP from BBQ and will likely relegate the bulk of their source to this category by default so as to avoid lengthy congressional investigations and burdensome oversight.
Good people go to bed earlier.
I've worked on a bunch of contract at various levels of government and I'm always shocked to see how belligerent and protective departments or groups can be with their code and applications. There's been so many times when I get hired to do something that after spending a day or two there, that I discovered that another department has done the exact same thing. What follows is my recommendation to leverage what they have in-house already rather than whip something up. What always follows after is weeks of chatter and the eventual escalation to the board/CIO/CTO/CEO to make things happen. 90% of the time they tell me to go back to my original work order and get it done as they initially requested. Good money for me, but what a waste.
Case in point, the "communications" department wanted to refresh the staff directory with more helpful information and include (for who wants to) include their Twitter/LinkedIn/geocities/etc links. We get hired to do this for them. HR has a full-fledged table that we need to do nightly imports and THEIR OWN Web Application (and a dormant web-service to call). What would be a simple DB extend by adding a couple of other linked tables, becomes a duplicate because the HR folks have their own IT department and don't want to play nice with corporate. $10k vs $50k.
Wearing pants should always be optional.
If an agency sends out an RFQ for custom software, not a single one will start with the publicly available code primarily because programmers work around what they're most familiar with. The intention is nice, though.
I see that, as I expected, ITAR is a valid excuse to withhold software from the public. I bet that most DoD specific projects would qualify for this exception. I have never worked on a DoD project that was not covered by ITAR, but all the software I've written for the USG was specific to weapon systems so I suppose that should come as no surprise.
The only thing worst than normal OS documentation is mandated OS documentation...
Yep, North Korea would be able to use the 2.4 million lines of Java that makes up the bulk of healthcare.gov, if it had been developed under this policy. The US would then hope that NK actually tried to use it for something important.
Section 26:
Functions
getRandomNumber()
https://xkcd.com/221/
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
This will unify humanity! Ubuntu!
I can start my own dragnet!
If they release it as public domain rather than Free Software, we'll know for sure that the Government is trying to enslave us. (What do you bet this scheme was hatched by the NSA...?)
(Note to humor-impaired moderators: this is satire, not flamebait; YMMV.)
Based on my experiences as a government contractor for the last 15 years, contracts are moving towards commercial off the shelf software and away from custom developed applications. In many cases the deliverable isn't really COTS, but a bunch of hacked together semi-custom systems sold as such to meet contract requirements. Since this software is the proprietary IP of a third party consultancy or software maker, they best the gov't agencies can do is get source escrow, but they would not be able to make the code publicly available.
While I am very much in favor this piece of legislation, the practical effects won't be as great as hoped since there simply are not as many custom developed software projects these days. They can't force a company to open source a product.
Now everyone might see that the $200 million software project commissioned by NASA (or the NSA, FAA, NIH, etc.) that went 500% over budget and took 3 times as long to finish as originally estimated....is really just a 300 line Python script that is full of bugs.
Now, hackers won't have to deal with that pesky machine code to find the loopholes; they can look for intriguing bits of source code first. Should do wonders for the security of Government-held data, don't you think?
On the other hand, we can hope that "white hats" will do the same...but what's THEIR incentive to help government systems become even more secure? A bounty program would be nice...but not in a time when austerians are on the ascent!
Works created by agencies of the federal government are not under copyright, but automatically in the public domain.