Slashdot Mirror
Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com)
"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
Expect Billions to flow from the deep pockets of the likes of Boeing and Lockheed Martin to the K street lobbying machine
No one is perpetually scrutinizing anything. That's an old fallacy wrongly attributed to ESR and/or Torvalds. "Linus's Law" merely states all bugs are shallow given enough eyeballs, not the some vast benevolent army of free labor is auditing everything all the time. That's fiction, as as been proven many times with the discovery of ancient zero days in software that's been open source for decades.
Maw! Fire up the karma burner!
There will be a LOT of yapping and some apps will be created then in about 9 months they will toss it all and sign a Billion dollar check to Microsoft.
What happened to NSA Linux.
The other fallout from that was tossing out all our Apple and Sun systems too.
Then came the ship with NT 4.0 that never worked correctly and the brief Idea to launch nukes from NT 4 computers.
Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
This is total bullshit. No one noticed, for example, the Debian OpenSSL vulnerability for nearly 2 years. There are also plenty of other examples that were around many times longer without being spotted despite all this claimed “perpetual scrutiny.”
Open source is not necessarily more secure than proprietary software. Because it is visible, good programmers can look for bugs and plug security leaks if they want to, but bad guys can also look for vulnerabilities to exploit. Nobody has to look at the code and/or fix anything. In fact, most people have ZERO interest in doing so. Plenty of security flaws have gone either unnoticed or unfixed for an awful long time in open source projects.
Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
Remember it wasn't that long ago when all you had to do was hit Backspace 28 times and you could bypass login security on almost all Linux distros....
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
Won't happen, that amendment died in the conference reconciliation. The merged version does have an open source software pilot, but that's it: Section 875: (a) DoD shall “initiate the open source software pilot program” (b) NLT 60 days enactment of this Act, the SECDEF shall “provide a report to Congress with details of the plan of the Department of Defense to implement the pilot program required by subsection (a).”
- David A. Wheeler (see my Secure Programming HOWTO)
Yep, this is exactly right. Now that they know, Russian, Chinese, and ISIS hackers will be adding new features like crazy to OpenOffice Impress, all with the handy new feature of sending your deck to the cloud..........and more than one cloud...and more than you know about.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
The DoD is a MASSIVE client for corporations like Microsoft and Dell. If they are going fully open source then either Microsoft will release an open source version of Windows+Office+SQL Server or the open source toolset will get similarly advanced (which it simply isn't, at least not when you factor in the responsiveness at the user level for Windows, the overwhelming Office+Outlook+Exchange integration compared to all the competition, and the Analysis Server aspect of SQL Server) tools.
In 35 years in that business, I saw and used a lot of open source development tools, as well as in deployed software. Red Hat is a major provider of OS to DoD, including embedded in weapon systems. GNAT Ada is open source.
And on my last project we kept 2 lawyers (one government, one prime contractor) busy nearly full-time evaluating various OSS licenses for our intended use. The GPL was a significant debate; most OSS licenses were deemed acceptable by both sides. In each case, we evaluated OSS and proprietary software for functionality, life-cycle costs, supportability, expected security/vulnerabilities, and made a decision that balanced these factors. Sometimes the OSS components won out, other times not. But there was a documented decision with rationale.
In general, the choice of software was not a government decision, but a prime contractor decision. Not sure how much we want Congress dictating to contractors what they put into their products.
"What happened to NSA Linux." https://en.wikipedia.org/wiki/...
As long as DoD does not distribute anything it develops beyond DoD (or the Federal government since it is all part of the same organization) it is all staying within the organization developing it and thus would not be obligated to share any improvements.
Per gnu.org:
The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.
and
For instance, you can accept a contract to develop changes and agree not to release your changes until the client says ok. This is permitted because in this case no GPL-covered code is being distributed under an NDA. You can also release your changes to the client under the GPL, but agree not to release them to anyone else unless the client says ok. In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions. The GPL would give the client the right to redistribute your version. In this scenario, the client will probably choose not to exercise that right, but does have the right.
Thus, as long as they only use it internally they have no obligation to make the changed source code available. In addition, they could require contractors to develop code under and NDA that prohibits release until the authorize its release so even if they do not do the actual development internally they can still control its release. I would not bet on the DoD probably choosing not to exercise that right.
So while it may be good PR for OSS in reality it may not actually advance OSS for the public. DoD could classify any OSS projects to prevent its release using the argument that its release would be detrimental to national security and require contractors to sign an NDA for any work they do for DoD.
https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic
I'm a consultant - I convert gibberish into cash-flow.
Not only does that not follow (you have no idea who scrutinizes their copy of FLOSS precisely because of the privacy FLOSS affords users) but you're missing a much more important point: FLOSS respects a user's ability to do things computer owners want their software to do but inherently can't trust proprietary software to carry out. Proprietary software can't be trusted because the users can't be sure it is doing what the users want and not doing what the users don't want (typically this means leaking information, opening backdoors, and implementing malware). It's not about guarantees, it's about the permission to exert as much control over one's own computers as one wishes. Proprietary software inherently doesn't grant that permission and FLOSS does. Couple that with a monied organization as big as the American federal government, and you have the ability for significantly increasing control over their own computers.
Digital Citizen