Slashdot Mirror
White House Checks Out Open Source
Floris writes "The White House goes Open Source? It sure seems that way! (credit for the link goes to LinuxToday)" The story quotes "a senior White House official." Federal Times, which ran the article, is generally a pretty reliable source of "insider" government news. And I've been to some meetings of the DC LUG mentioned in the story and it's full of staunch Linux advocates who are busily infiltrating Linux into the government agencies where they work. Nice to see they're finally getting some attention from the higher-ups.
This is a bunch of crap. I know someone who signed the NDA to look at the NT source code, and well they are screwed. He isnt allowed to write OS software for anyone but MS now. I am sure there is some statutes of limitation, but he is locked into Microslave now.
Wasn't it the original SCSI code that was done by someone in the Naval Research Labs? This was back in '92.
"...anyone know if Linux is being used in MI5/6? *grin*"
Indeed it is, although there's an awful lot of nt in there too.... Most of the serious stuff is on ICL mainframe stuff though.
better explain that to IBM, SGI, Compaq, and Dell pretty quick, or they might have a problem due too the excessive risks they are taking....
Yes at Univs with respectable CS programs the NT source is around. Where I'm at it isn't exactly SP5 + IE5 + DX5 + etc... but yes the source is out there.
From what I've seen AIX is probably the most popular Unix for non cloak and dagger type stuff within the government. These types love security and stability (as in job / not ctrl-alt-del) and who could be move reasuring than Big Blue?
But has Microsoft considered making their products open source for two years?
Yes. More than that. But their definition of open source might not match yours and would probably be a lot closer to Sun's.
Of course the real reason why govt employees love open source is because they don't half to file 500 forms in trpilicate and wait 6 months to purchase a software license or a user upgrade!!
Never have truer words been written. The five Linux boxes I've setup or helped setup for the U.S. Army were all a result of an excess of requirements, a lack of budget, and too many official hoops to jump through to get an "approved" solution.
Long live the GPL!
I sum the problem up, simply, people have forgotten how to say "No."
Everybody practice with me:
"No."
It's easy. Now when this "Upper Management" abstraction makes a request based on ignorance,
instead of blindly obeying it, say "No."
The NSA may or may not have source for NT, but that's unrelated to whether the White House or other branches of governemnt has access to it. The NSA may have the source and use whatever inside knowledge that gives them when auditing other agency's classified networks, but the vast majority of federal system admins out there have no more access to NT source than the rest of you.
I work for the government, and my boss is actually considering a limited linux deployment to users' desktops. We move in that direction a bit more whenever some stupid Windows thing happens that would be easy to fix or would never have happened under linux.
Anon Cow
Wow, I'd like a pair of those. I guess they have a built-in protection cup, right?
Does the government use OpenBSD at all? I mean, since the vast majority of the auditing of the code has already been done by someone else, it's a pretty safe bet.
the date on the article is May 22nd. Also, the fact that they mention NT 3.51 just getting certified should ring some bells.
HE HE HE, this is funny, I can just see them creating their own linux distrib just like they created their own official computer language (ADA) that no one would be dumb enough to use other than the federal govt. Of course the real reason why govt employees love open source is because they don't half to file 500 forms in trpilicate and wait 6 months to purchase a software license or a user upgrade!! (chuckle)
damn gov could pick the right os is there life depended on it. They went with a MS platform because they didn't even research anything else, how stupid can you be. Sheesh lamers
Woo hoo, finally somebody whoes under 18, and i thought i was the only high schooler reading slashdot daily.
[snipped story of county govt employee in FL who spent weeks of meetings and memos to try to get sudo, and failed]
While that's a sad story, you can't just give one example and say, "Hey, see, government is a sucky bureucratic mess!" I work for the federal government in DC. If I want a new piece of commercial software, I buy it. If I want a new piece of free/open-source software, I download it and compile it. It's quite easy, very little red tape (I need to fill out a credit card form listing what I bought and how much it was) and we get things done, which is all our managers want.
So, while it's fun to make fun of government, you can't generalize like that. There are linux installs all over the federal government, just queso a few machines... :) I'm typing from one right now.
Anon Cow
IIRC correctly, Congress is in charge of funding the NSA.
The NSC is the unelected shadow government which was set up at the end of WWII. It's role is to run the National Security State that we've lived in ever since.
I have a taped Gore Vidal state which contains strong words regarding the national security state (and the consequent rollback of democratic rule in this country)
When my teenager wanted the newest version of Linux, he borrowed a CD with a public version of Linux from a friend at his high school.
For years now, the tech support staff at most companies have recognized what Linux is because a significant percentage of them have been using it at home. Now it is perfusing through the teens, not merely through the techs.
Almost certainly just having the kernel source code on the machine blows the security rating.
To get a C2 security rating, there has to be a significant corporate body involved to fund the development/testing. It has to involve frozen binaries that can be tested and will not be patched or replaced (say goodbye to shouting all your problems to Usenet and just glueing together some fixes).
It's not something a tribe of hackers is going to ever accomplish. A corporate body of some sort could possibly accomplish it with a frozen version that wasn't ever going to change.
It's possible that something like RedHat 4.2 is mature enough that RedHat could shore it up, plug holes and such, and submit it for C2 certification.
Nobody is going to be able to certify an unstable ever-changing current-type Linux distribution fresh from hobo-town (the bazzar over there that all the smoke is rising from, and all those dogs are running around in)
Hey, Stallman actually reminds me of what a stereotypical postal employee would look like.
Kind of an old Harley-type with beard and suspenders. Gruff, and prone to wild tantrums.
Aside from not being a veteran he fills a lot of the other requirements, i.e. never held a real job, etc.
>Every article by the general media has misrepresented this issue.
And why is this? I'll tell you why. It's because of morons like yourself who ran around yelling that people should refer to Linux as "GNU/Linux" Well, people *ARE* using the term "GNU/Linux". It's just not working out as you dolts thought it would. The fact of the matter is that among Linux users the word/phrase/term "Linux" refers to both the kernel and the OS. Like a number of words the meaning of the term "Linux" changes as the way it is referred to/used by people changes. American English is full of this kind of thing. I suggest you learn something about it before posting more of your nonsense concering "critical issues" concering the use of the word "Linux" by others.
"Zaman added that Microsoft has been considering making some of its software products open source for two years."
Well congratu-fsckin-lations! I guess that proves that MS really is innovative - they've known about this newfangled "Open Source" thing for two years! Woohoo! Let's all go buy more proprietary software - Microsoft has known about Open Source for two years - before it became popular!
I think there is a world market for maybe five personal web logs.
Actually, this post is truly offtopic. I'm testing my new CGI-based proxy, and I need to make sure Slashdot posting works through it. :) New version by Monday, hopefully, for all you filter-haters.
Who on earth is still using NT 3.5?
It's only certified as a stand-alone machine. How useful is a server with no clients???
If you work in government, please let your PHBs know about this study --and about Linux and StarOffice.
Balmer has also said that Microsoft is considering making some of its software "open-source".This is how MS has traditionally responded to competition--announce a future "feature" already offered by a competitor. This technique has been used to stifle competition by relying on timid human nature to hold out for future promises from a trusted pimp^h^h^h^h dealer^h^h^h^h^h^h vendor--MS--instead of going with what is already available. This is the age-old Microsoft vaporware technique.
"Established by law in 1947 as a body of cabinet-level officials, the National Security Council (NSC) advises the President on national-security policy. Its role was expanded during the Eisenhower administration, when a relatively small NSC staff organization was created to serve as a secretariat coordinating foreign policy."
From here.
(Sorry, but I was too lazy to make the above paragraph more readable.)
Server: Netscape-Enterprise/3.6
looks like they are using the Netscape Enterprise server to me. I am not sure where you came up with them using apache.
I like the part about how they're concerned about "excessive reliance on Microsoft software". That alone has to tell you something.
...Microsoft has been considering making some
of its software products open source for two years."
Two years, eh? That's a real good license. I'm just dying to work on code that's open for 2 years.
I beleive you may have misinterpreted that.
IMHO he was saying they have been considering it for two years already.
People are getting clueful... a certain company is in for a good hard spanking.
You oughtta put that on your resumé...
I would.
There are many people out there who have 'Systems Analyst' on their business cards that don't have the skills to contribute to a kernel patch or device driver.
The main problem with the media (and therefore the general public) believing that Linus wrote GNU/Linux is, as I see it, that Linus getting hit by a bus will scare the sh*t out of people.
_If_ Linus decides to stop working on Linux, or he gets hit by the famous bus, the general public will think that the sole person who is developing this great ``new'' promising system is gone, and therefore any further development is stalled.
We all know that this is not the way things are. But if the general public, believes it really is so, we may see companies abandoning Linux, ultimately making Linus _the_ central person of GNU/Linux (or open source in general) development.
The power if PR should not be underestimated. Now that the media already has the wrong picture of how open source works, we're in a hurry to seek to rectify that view.
This may be a good reason to insist on calling a Linux system a GNU/Linux system. To emphasize that it is not just the system written by some crazed Finnish communist student with too much spare time on his hand, or whatever it is the media seems to believe.
Stallman may be more justified in his insistance on the GNU/Linux labelling that we would normally agree he is.
Forgive me if I'm being ignorant, but what's wrong with the statement you quoted (other than the misspelling)? Wasn't Linus the original creator of Linux? And isn't the code scrutinized and tested...blah blah blah?
I doesn't say Linus wrote everything -- only that he created Linux. Last time I checked, he did.
The specs are pretty tight in what hardware you're using, too. For a system to pass any of the tests NT has been certified to, you can't for example have a floppy drive in the machine.
:(
I haven't seen this advertised anywhere by MS.
"Although it is not true that all conservatives are stupid, it is true that most stupid people are conservative."
"Zaman added that Microsoft has been considering making some of its software products open source for two years."
Could this mean that Microsoft has, for the past two years, been considering open-sourcing some of there software ?
The article specifically quotes an MS official as saying that if the NSA asked for source for "national security reasons," then MS would happily give it to them. What a surprise, huh?
~luge
IAAL,BIANLY
It's not like that all over. I had a similar problem in a previous position. I needed a low-volume, local email solution with the ability to have dialup connectivity with the campus mail server. I asked our IT folks for an NT box and Exchange. They decided we did not need it bad enough to spend the required money. Fine. Slackware to the rescue. I put together a 386/20 with 8MB RAM, and a 140MB hard disk and made it a mail server for about a dozen people. No problem.
.gov and .mil domains. Lots of people have a requirement and don't have the time, money, or both that it takes to get a commercial solution. So they bring in the handy-dandy CDROM and install an Open Source solution in less time and money than it would take to purchase something that may not be as useful in the long run.
There are lots of Linux and *BSD boxed in the
The MS Office suite has a strangle-hold on the USG. A few yrs ago, there was a good number of WP docs for down loading from USG web sites. Now all you find are pdf, word, and powerpoint docs. Upper management demands that we send them only .doc and .ppt files. E-mail attachments confuse the decision makers unless they are, well, you know the format. I recently was forced to send a PHB in another agency a rather complicated figure (EPSF but it could have been pdf) pasted into a .ppt file.
One handicap that linux currently has is the lack of operational support that the USG would be confortable with. If someone in the USG wants to use linux and wants to hire contractors to provide admin support, then where do they turn to? Usenet? Hence, there will have to be an established, reputable company that they can turn to (IBM, could make a killing here). These companies need to establish a presence in the DC metro area. By law, the major USG agencies have to have their headquarters in this region; the implications of this should be obvious. Redhat would be wise to open a small DC area office ASAP.
Linux will probably make some inroads into the USG server market. But it could do more.
craw posting with a no score because he now can.
Created by a Finnish graduate student named Linus Torvalls in 1991, Linux's open code is relentlessly scrutinized and tested by tens of thousands of systems analysts worldwide, who constantly recommend improvements, Klosowski said.
Congratulations! Now every teenage hacker type who works on a kernel patch or device driver is a "system analyst"!
You oughtta put that on your resumé...
Jay (=
Whew! For a while there I was under the assumption that Zaman was talking about another open source license with a termination clause. But it turns out that not only can't Microsoft develop a good product, they can't hire someone who knows english enough to construct a good sentence. Perhaps it would have been better worded ...Microsoft has been considering for the last two years making some of its products open source.
Of course, we've got to remember that Microsoft has been telling its customers for the last two years that open source was not a good development model. Who would forget that? Now that the government starts to understand the benefit of open source, we find out that Microsoft has been "considering" the open source model for the last years.
Oh, next thing we'll here is that Microsoft *pioneered* the open source movement. Yep, as someone already mentioned, they were the "first" to support open source with gorilla.bas and nibbles.bas. Also they'll claim that their Open source model is "superior" to the competing ones, but it'll just be a more restrictive version of the SCSL. And it'll only cover products that aren't important to Microsoft's core business.
If you can't beat them, join them is what we're seeing from Microsoft now. Of course, they're no more joining us, then a parasite joins its host. Watch out for Micrsoft!
-Brent--
I wouldn't go anywhere near so far as to consider those dirty bastards in the whitehouse my "higher-ups"
A branch of the NSA does have NT source code. For C2 certification you have to provide source code, and NT 3.51 was C2 certified under some conditions. Plus the official word has been NT 4 will be C2 in 6 months (well that's what I've been hearing for about 2 years). This would signify to me that Microsoft has provided that branch of the NSA (NSCS I think) with some source code.
The government is using Java all over the place right now. In fact with almost all the databases in the government introducing some web frontend probably 10% to 15% are being done with java on the server side (from personal observation of many government projects). This number should increase in the near term as PERL has with the government in the recent past.
One thing to note those is that databases that are to be used by multiple agencies rarely use java or javascript on the client side. This is due to the large number of agencies that block them at their firewalls.
Now if only they wouldn't complain so much when we introduce Python.
But has Microsoft considered making their products open source for two years? How long ago was Halloween?
Gates' Law: Every 18 months, the speed of software halves.
Zaman added that Microsoft has been considering making some of its software products open source for two years.
"Open source is a very innovative way to develop software," Zaman said. "The issue is how much of our own code we should put out in the open source environment."
Two years huh?
jflynn wrote
;-), some interesting work gets done outside California. Anyone knows whether it is legal to download and test this out within the US juristiction?
It might be worth looking into the certification standard they mentioned and see what's missing, if anything.
Heck, if you want to eyeball a public key certification system, take a look at OSCAR (Open Secure Certificate ARchitecture). While we all know that Silicon Valley is the centre of the IPO universe
LL
While I think that the idea of the government using OSS is great, something even better could happen. Instead of spending US$2 billion next year, they could spend US$1 billion on the proprietary software they still need and the conversion to OSS and donate the surplus billion to funding OSS projects.
Jemal"Amazing it is, that the US government has been just as naive, believing that a closed source product
only did what the package said it would do. I wonder how much insight MS/Sun/Oracle/others
have into what's going on behind those closed doors. "
While there may be select individuals from these companies who have the appropriate security clearances and background investigations to be allowed supervised access to these systems for troubleshooting / technical support, no cryptography / software from any of these companies is responsible for protecting classified information. The job of providing cryptographic algorithms and hardware (and yes they are generally hardware implementations) is solely the responsibility of the NSA.
Then of course the classified networks are physically separate from unclassified networks, so all the hackers that "forced" the Army to switch their web server from NT to Mac OS had no capability to actually compromise any National Security information.
One other benifit of the USG going open source is it would break the Microsoft monopoly a lot faster than the antitrust trial. A year and we are still waiting for the decesion. When it finally comes then we can wait for the appeals. If the USG had started a switch to Linux and Free BSD instead of going to court by now MS would have a much smaller market share, and there would be a lot more software ported to the open source OSes, which would have resulted in many non Goverment changeovers
Quemadmodum gladius neminem occidit, occidentis telum est
Actually, the chambers were not nickel plated. The real reason the M16 had such a high failure rate was marketing. Colt sold the M16 as a point and shoot automatic rifle, no cleaning required. When it was used as advertised a combination of the South East Asian climate and powder residue/gunk caused the failures. What was added was the chamber assist knob and instructions to clean the rifle everyday.
In the immortal words of Socrates, who said; 'I drank what?'
As 'the computer guy' at one of those under 100 employees companies, I'd say that getting Linux in the door means getting the software vendors on board. I'm speaking here about accounting and sales packages, that's what we really care about, not what program we use for typing.
... so be it.
And for those big packages we pick the software we like first, then ask the vendor what platform to run it on. Right now that means Solaris, but if our vendors started saying Linux is the best platform for our product
Why not develop our own stuff? We just don't have the time, or money for enough staff, and I imagine that most small businesses are in the same boat.
So -- convince the software vendors and they will sell Linux to the business community.
-- I browse at +5 with stripped sigs
"Created by a Finnish graduate student named Linus Torvalls in 1991, Linux's open code is relentlessly scrutinized and tested by tens of thousands of systems analysts worldwide, who constantly recommend improvements, Klosowski said."
I noticed that line too. I guess it sounds better to say "systems analyst" instead of hacker. I have an great idea -- instead of going round and round on hacker vs. cracker we can just call everyone a "systems analyst"!!!
A man who wants nothing is invincible
"I mean if a 13 year old (now 14) can use it as easily as i can what's preventing buisnesses from using it. "
Well, how much time have you put into learning Linux? I know that I put in a ton of my free time in college with it. Now that I work, I understand a bit of a business's hesitation. Time is more important to a company than money and Linux may not cost any money but is does cost time. Making administration easier is a good thing. We have to lose the RTFM attitude that was handed to us by the Unix folks. Heck, I think that Linux could achieve a big victory if it duplicated the look and feel of NT down to the menu. "It's NT on the outside but Linux on the inside!" or "It's NT but it works!". Excel 5 killed off Lotus 1-2-3 because it had so much Lotus support, there was no reason not to switch. Right now the thought of retraining many workers is an expensive scare that IT people will want ot avoid. As for learning on their own...I hate to say this but life can suck for adults. Enjoy the free time to hack at Linux while you can. After 8-10 hours of work and trying to maintain some sort of a social life (can't meet people at school anymore), there is little time left over for learning a new OS. In a world where we have Macintosh for Dummies, switching to a new OS can be too much of risk for a company.
-- soldack
Point taken. I was talking more about the small companies. 98% of US companies have under 100 employees. For these companies it is an expensive risk, albeit a worthwhile one. A goal of Linux should be to reduce the risk involved in switching to Linux. Providing full Windows compatibility and look and feel would go long way towards achieving that goal.
-- soldack
Could you supply a URL or some other reference where Microsoft states they have released Open Source software?
"Classic UFO's
I was the one who posted that link to Linux Today. At my agency (IRS) the borg has made a steady encroachment, so that now just about everything else has been pushed aside. IRS has just implemented a $120 million contract with beyond.com for supply of laptops and desktops. My laptop issue is a 233 mhz Micron running NT4 and Office. The govt still hasn't answered my question about the (alleged) C2 security problem with NT 4.
Woohoo 17th and H! :)
:) They were in the cabinets in the Operations center across from the Vaxen. What I imagine really happened was one of the Synoptics 3030s died again, or the FDDI link to the firewalls went down.
I worked there too, many years ago, as a network engineer right when whitehouse.gov was moving from JPL to the NEOB. Lotsa fun if you're the shoestring engineer that we all are, as they had next to no budget for anything.
Its good to see that it only took 4 years (*grin*) for them to come around from when we started infesting the EOP network with linux boxes. (The best was shado.whitehouse.gov, a monitoring box for web servers) We told them "shado" stood for Sureptitious Hacking And Detection Operation. Really we got the name from the TV Show from the 60's called U.F.O (Supreme Headquarters for the Alien Defense Organization), at the time, we also contemplated calling it "potatoe".
As I recall, the routers (Cisco 7000's) that handled the eop.gov (sprintlink) and whitehouse.gov (PSInet) links werent on anyones desk.
As for large goverment web sites that run linux, go take a look at www.sec.gov. Does over a terabyte in traffic a month.
Farmy
maintains that the Kernel itself is designed quite well, and that the user level stuff is so bad...
I hear that the NT kernel is reasonably good because they hired the architect of the VMS operating system to run the project, and he did it largely as a VMS clone/next generation. Person who told me this also says that most of the major data structures retain the VMS naming.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Any bets on whether they pass it on to their intrusion department?
It's not a problem for Open Source of course. We've got much of the world's programmer stock on our side of the security game. But with Closed Source the NSA could easily put far more crackers onto a project to break the code's security than the vendor can afford to put on cerating and fixing it.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
it was used as advertised a combination of the South East Asian climate and powder residue/gunk
caused the failures
That's not the whole story.
When used with the specified ammuntion, the original M16 worked as advertised. But there was an admiral who had a warehouse full of ball powder that was going out of date. It was the sort that was in bags, and you throw several of the bags into the breech of a big naval gun on a battleship. So he decided to save the Navy a few bucks by having the poweder made up into ammo for this new gun the Marines had just started using in the current war, instead of buying this expensive fancy-schmancy clearn-burn ammo that looked like another $200-hammer boondoggle.
Now when you're firing a bullet the size of a large automobile, from a gun reloaded by a conveyor-belt or something similar, you're not too concerned about powder residue fouling the barrel and loading mechanism. But when you're firing something the size of a .22 bullet, with a reloading mechanism powered by a similarly-sized piston in a cylinder filled with the combustion gasses, a little smoke residue quickly clogs the works.
And while a warehouse full of powder for navy guns might only make for few dozen volleys of those guns, it can make up a LOT of ammo for overpowered .22s like the M16.
So the Marines (and others) got a lot of bad ammo. And even with the spray-and-pray style of fighting (where they even used M16s to cut grass) it took a long time to shoot it up. Meanwhile, those M16s were clogging up, and people were dying, and the new-fangled gun got blamed. So they retrofitted it with that knob to get it restarted when it stuck, and passed out some cleaning kits. And people got by. And eventually the bad ammo got used up or discarded and things went back to working.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
computer has a TCP stack?
If he's the general in charge of evaluating, obtaining, modifying, and deploying some computer system for the military, or making the selection of an OS for the military, he and/or his subordiantes should be concerned about it. If he's a general using them, he should only have to worry about the likelyhood of his security being compromized, and delegate these matters to the people below him.
A general has too much else to think about to be involved with the details of everything under his command.
And the same holds true for everybody else in large organizations, government or private. The system security is the job of particular people, who should know at least as much as they need to know to do the job right - and some extra to be sure they didn't miss something. But the rest of the people - from the President to the Receptionist - only needs to know enough to be sure they don't compromize security by improper operation, plus enough more to motivate them not to skimp to save some effort - or to interfere in the selection process.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
On one hand, the Fed might decide to open up crypto so they could get better stuff. (And pigs might start to fly.)
On the other hand, the Fed might start having its own Linux distribution, or NSA/military/etc. crypto add-ons for NSA/military/etc.-certified configurations of commercial products. This is how I expect them to go.
This second approach has two variants: They might loosen up crypto for the general public, or they might try to keep it locked up.
In either case, when crypto-enhanced stuff is distributed widely among the civilian portion of the government, it's only a matter of time until the object code leaks out, is reverse-engineered, and appears as bare source, as plug-ins, and what-have you. Then it gets analyzed in the open crypto community, and anything useful gets integrated into the general code base.
The remaining variable is how much the government fights this. If they try to stay tight, expect loud screaming about espionage and nasty crackers and the like. They'll slow it down a bit. But the main result of their fighting will be to continue to retard crypto among the US civilian population relative to the rest of the world, making us fall progressively behind on computer secutiry, and leaving US private and private-enterprise systems more open to snooping and attack than they otherwise might be.
Of course that might be what they want: The main problem for an oppressive government is keeping its own population under control.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Now the USG will be able to whittle away our rights reliably, quickly, efficiently and in Style! Awww yeah. I've died and gone to funkytown. I'd much prefer to see the gov using Micros~1 products, especially if I ever get audited. "Mister Taxpayer, according to our records you owe us $1,241 and... uh... hold on, let me reboot. ah. Well, I was saying...err... wait a moment, please. (reboot). Right, ok. You owe us... uh... we owe you $10,314 and 99 cents. (reboot)."
Why, of course you'll be seeing Federal mail on LKML. After all, no doubt the Father of the Internet has plenty of proposed patches for the Linux IPv4 code.
Think Al Gore, networking guru extraordinaire, Linux Hacker, Creator of the Internet, and all-'round net.god. Bow down before the Great Tree^H^H^H^HMan.
;)
Only the dead have seen the end of war.
I'm involved in some government-funded projects at the moment (test sites for airborn-agents, simulations, etc.), and all coding we do is in Java. Very cool. In fact, they've been given an ultimatum nationally to be compatible with a large common system or lose funding within just over a year, and it's best implemented in Java.
...well Eric, we seem to have found someone to replace you when you retire from the crusade;)
Remember this...no eternal reward will forgive us now for wasting the dawn....(jim morrison)
Imagine how far that money would go if they spent even 1/10 of it on open source software
development instead of purchasing ready made software. That's $200 million. What do you
suppose the Gnome project could do with $10 million? Maybe give Linus a big fat check just
for being a nice guy. Send the samba folks a couple million. No sweat.
The simple fact is that the majority of the money will be simply given to Microsoft. (and some other large companies). But what if they spent it *all* on open source development for everything they need? Two *billion* dollars per year could pay a $100k/year salary for an army of programmers 20,000 strong. This army would be difficult to manage and coordinate, but it could be done. And imagine the wonderous results.
I assume you're trying to be funny.
But regarding sample source - there's much more than IIS and VB samples. I've found the hundreds of COM, VC++ & DDK samples that come with various windows SDKs invaluable.
Taken from www.mi5.gov.uk
Server: Apache/1.3.0 (Unix)
Not linux but at least it's not WinNT!!!
Lynk
All throughout our lives, we are told - "don't put all your eggs in one basket"! At college - "if you make backups, it is safer not to put you backups in one location - whether it be a hard disc, same safe etc". Well, i'm suprised its taken people (in this case american government)*so* long to realise that its not a good idea to keep to the same software company - ie, microsoft - ie, keeping all your eggs in one basket. Hopefully, other companies will follow the us governments example and think the same - "well, perhaps its not a good idea to rely on microsoft for EVERYTHING" - and suddenly opening their eyes to reports such as the HotMail, bugs in Windows, windows not being a good secure, stable operating system and that there are other software companies around... Secondly, its very convient, for when the us government makes this statement about looking towards open source - that microsoft suddenly say "ah, yes, we've been looking into open source for several years"... like bloody hell have they... and pink pigs fly.
Yes, I fully understand that what I quoted was technically accurate, spelling issues aside. However, what the entire article suggests to me is that the person who wrote it has no idea that Linux refers to the kernel and not the OS. This is a critical issue that needs to be made clear. The previous reply to my original post on this thread points this all out quite well. Every article by the general media has misrepresented this issue. All other issues aside, Richard Stallman has done a lot more for the free software community (would "liberated" be a better choice of words, since we are not trying to reference price?) than Linus Torvalds (though I admire both) with regards to his stunning philosophy.. without the benefit of which we would probably not be where we are today. After all, how many software applications are released under the GPL today?
~ Kish
After all, they could always think of something devious like the Netscape Public License. They sure could use some help fixing all those annoying bugs..
~ Kish
Actually, I use the term Linux rather than GNU/Linux myself. However, it would be nice if people knew the whole truth. Saying Linus wrote the Linux OS, for instance, isn't quite the truth. Forcing people to call it GNU/Linux has absolutely nothing to do with my point, nor do I think anyone should even bother, nor did I ever run around yelling that people should call it that. I could care less. Linux is good enough for me, because I know what the hell it is. Perhaps you should think about what you have to say before you flame someone? It helps to keep -yourself- from appearing stupid..
~ Kish
Hmm.. "Created by a Finnish graduate student named Linus Torvalls in 1991, Linux's open code is relentlessly scrutinized and tested by tens of thousands of systems analysts worldwide, who constantly recommend improvements, Klosowski said."
Well, aside from the fact that they can't even spell Linus' name right.. If I were Richard Stallman, I'd be thinking myself to be really good material for a prospective U.S. postal employee by now. You'd think Linus had written Linux, the GNU system (oh, I meant Linux again), and every piece of software for it.. and that all of those other programmers in the world don't really do anything other than give him ideas. Is there a religion for him yet?
~ Kish
Take a look at http://niap.nist.gov/ for information about the National Information Assurance Partnership. Here is some info from the August 27, 1997 press release:
"In a move to assist U.S. information security technology producers in achieving international competitiveness, the Commerce Department's National Institute of Standards and Technology and the National Security Agency today signed a letter of partnership establishing the National Information Assurance Partnership (NIAP)SM. This initiative is expected to break new ground by providing both independent evaluators and product producers with objective measures for evaluating the quality and security of these products. In turn, this should result in increased consumer confidence in evaluated information security
products."
I work for the Navy installing Windows NT 4.0 on battleships, aircraft carriers etc... As soon as I am finished with the install, my boss comes and "improves" the security of the machine. This is not just settings, he changes code. The government is competent, and IMHO has source code for NT.
I've been getting tired of adults telling me that linux is too difficult for their fragile little minds. I mean if a 13 year old (now 14) can use it as easily as i can what's preventing buisnesses from using it. Anyone who deserves to be called a network administrator should know how to work a linux/unix system. /. but i really had to get some of that out.
I'm glad to see that the government is using it, at least some people have come to their senses in realizing that yes Linux IS hard to use, but it isn't death.
I almost vomit when I see people getting 50+ thousand dollars a year for pointing and clicking their mouse. The fact is anyone can do that. All suceeding in the computer industry seems to require now is knowing how to touch type.
Even worse than that is how two of my friends refuse to learn to type because they think they'll just be able to talk to their computers by the time they need to use them(college). And how my middle school computer teacher insisted on explaining what a lan was to me last year, but when i asked her to let me telnet to the server she gave me this blank look of "you can telnet to a unix computer??". Grr... i'm gonna go off on these people someday.. sorry for posting this on
Should a general really be concerned about TCP stack bugs?
If the life of his troops are at risk.
Should a general even know that his computer has a TCP stack?
FWIW to be a Officer in the US military requires a higher education. I don't think it would be beyond their comprehension. You will agree that the General needs to know if his tanks are deisel powered or gas turbine. Likewise what caliber shells his artillery requires.
Now should the General be able to _code_ his own TCP/IP stack?
It would be nice if he could do it himself, but he's a General, he can delegate the work.
I'm gonna go out on a limb here and make a comparison.
During the Viet Nam war soldiers were issued the, at the time, new M-16 rifle.
The M-16 was well designed and tested. However the testing and design didn't take into account the tropical conditions of south east asia. The result was more than a few soldiers losing their lives because corrosion caused their arms to misfire. This was corrected by nickel plating the chamber. Guns that were already issued were modified by military machinists.
"Microsoft officials argue their software products meet federal security standards."
;)
Is that like the expression 'Close enough for government work'?
"There is no spoon" - Neo, The Matrix
Imagine how far that money would go if they spent even 1/10 of it on open source software development instead of purchasing ready made software. That's $200 million. What do you suppose the Gnome project could do with $10 million? Maybe give Linus a big fat check just for being a nice guy. Send the samba folks a couple million. No sweat.
Everyone working on open source/free software should be thinking about how to get their hands on some of that money. If the government is serious about using open source software, it could be a virtual gold mine for all those projects struggling for people and resources.
Good point.
:) Wonder how they'll tackle that one.
However, I wouldn't worry about the govt. giving back fixes.
You can argue, that the US government probably some way or the other is immune to copyright law (at least US copyright law). So they don't _have_ to give back the fixes.
But it's a matter of common interest. It's in their best interest to see that the stock distributions are as secure as possible, in order to minimize the hazzle they go thru when maintaining their installations. Therefore the government _will_ be interested in giving back any fixes, even though they don't have to.
Still, I wouldn't be surprised if some brown nosed idiot would suggest they they shouldn't give back the fixes, because of national security reasons or whatever. Like the crypto restrictions. But I'm confident that such measures would be short-term, and that we will definitely see contributions from the government, should they decide to use the more secure platform.
Ironically, the government may some day be part of a community
First of all, as far as the White House was concerned, they don't need to worry about a singular dependence on M$ because they had a hodgepodge of machines (Linux, SGI, HPUX, VMS, NT). And their IT infrastructure was poor at best. One day we all had to stay late because someone knocked the only router we had to the outside world off a desk and we were out for hours.
A current colleague of mine interviewed for a developer position there back in April. I asked him what they had there and there really aren't too many changes. My understanding is that they are still running hand-me-down SGI Indigos running Irix 5.3. Hey guys - think Y2K!!! Upgrade to 6.5!!!
"Microsoft is the epitome of innovation and product quality."
Sanity.html - Error 404 not found
If the government embraces open protocols and file formats, that would make a great start. Why should tax payers have to go out to buy a copy of MS Word to view documents on a government funded web server ?
Dunno how many of you have ever worked with government before, but my aunt (who works for an unnamed, county level government in Florida) is now managing a brand-spanking new AIX system for her employer. To get a new piece of software, she had to wage a couple of weeks long campaign with her management, with memos, meetings, the whole nine yards. In the end, after all of that effort, she was denied. The piece of software she wanted? The one that took so much trouble to get? sudo. Uhuh. GPL'd, publicly available, sudo. Needless to say, the poor woman is also stuck with vi- she says she spends 1/2 of her time teaching other people that. She dreams of the day she can get emacs. That is the bureaucratic mindset in govm't IT these days. So, don't hold your breath about Linux. They'll probably have to read every single line of code before it ever gets installed- and by that time, we'll be at kernel 4.0. Argh...
~tieguy
IAAL,BIANLY
They want security? How ironic that possibly the most secure operating system, OpenBSD, has to be developed in Canada because of US export restrictions!
If the government could require people to communicate with it by open standards, this could break some of the market standardization on Microsoft Office. Many people buy MSoffice so they can exchange documents. If people who need to submit documents to or recieve documents from are forced to use open standards such as HTML, XML, or something new. Then people could buy what they like and no need to upgrade just tostay compatible.
;-).
The only question is the government big enough to provide the critical mass around some open standards for a variety of documents. Oh for the days of Big Government again
Still, MS instills a culture where the machine does everything for you. You are not supposed to question what is really going on. The OS has deep roots in a single user non-networked system. A switch to Linux along with some training might be more effective in changing the state of some minds than you think.
Should the majority of people who use computers have to worry about "what is really going on"? Tha advantage to using Linux in sensitive government applications comes from the ability of admins to review their systems and set them up properly more easily. From a user's point of view, it would be better the more internals of computation the software is able to obfuscate.
Should a general really be concerned about TCP stack bugs? Should a general even know that his computer has a TCP stack? If it allows him to do effectively whatever he does as a general and is easily kept secure by his system administrators, then that's great.
Don't get me wrong - I think Linux could definitely be great in a lot of government applications. But relying on users' increased sense of "knowing what the computer's doing" is a far from ideal situation.
--Andrew Grossman
grossdog@dartmouth.edu
C2 certification requires an audit of the code that pertains to those requirements. A vendor has to pay for this audit (when Novell went for it the cost was implied to be quite high in the press), and then control the releases to some degree (audit the final setup with a small application tends to be the way it's done).
I've had Linux used in projects for the verious government agencies for five years now, but I can't get it onto the classified systems because it's not C2 certified. In general NT's lack of current cert is ignored or exempted (as is some other OSs), but Linux is not.
If Redhat could get their distribution of linux C2 certified then the government would have to consider it against NT everytime someone brought it up.
If the regulations are public knowledge then is anyone currently trying to get Linux certified?
After what kind of modifications to the OS does the certification become invalid? This might be a very important point since the kernel is now going through faster development cycles. Would the US Gov be able to use the latest and greatest or would they be stuck with something that was certified but older? (at least for operations that require that certification)
And, since I'm a UK bound persona, anyone know if Linux is being used in MI5/6? *grin*
Wiggly -- But I want to be different, just like everybody else.
Who on earth is still using NT 3.5
It's only certified as a stand-alone machine. How useful is a server with no clients???
The NSA is the evil agency we all know and love. What's the funciton of the NSC? Does it control the NSA?
Bureaucracy...reminds me of the part in Cryptonomicon when one of the characters has a waking nightmare while someone explains the German bureaucracy to him.
"I don't know of any large government Linux contracts,"
:)
This could be a very stable revenue stream for some Linux companies. Distribute updates, security patches, and support on a contract basis.
It might be worth looking into the certification standard they mentioned and see what's missing, if anything.
I'd love to see slashdot.gov
You're right of course, sloppy users are the biggest threat.
Still, MS instills a culture where the machine does everything for you. You are not supposed to question what is really going on. The OS has deep roots in a single user non-networked system. A switch to Linux along with some training might be more effective in changing the state of some minds than you think.
For example, with all its security holes, I find Windows users rarely talk about security, except when headline news forces them to take note. Linux users on the other hand discuss it often, and developers code with the concept in mind from the start.
It just occurred to me that if UCITA passed, and the Federals were using commercial, proprietary software for critical systems, that they'd be up the proverbial creek at the whim of the vendors... not necessarily a good thing when you're suing one for anti-trust violations. Heh.
Not that'd ever happen, but...
Only the dead have seen the end of war.
Interesting point. I was under the impression that the source is sometimes made available to outside groups; my memory is telling me that some universities have operating systems courses where students are required to sign NDAs, because they get access to at least some of the NT sources. I can't give specific citations, 'tho, just vagaries.
It's possible that the statement should be taken to mean: source code for not only the Linux kernel, but just about everything else as well with fairly few exceptions (for Gov't stuff. I doubt, say, that Civ:CTP or Myth II are on procurement lists...); whereas the opposite is true for most of the Windows world. Even if the NSA had access to NT sources, they'd still need audit ability for all the applications; even a safe kernel with poorly written applications isn't that safe.
Only the dead have seen the end of war.
Of course the White House wants to go open source -- do you seriously think that the security-paranoid folks who work there really want the NSA reading all about the next Monica and using it to get more funding? I think not.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I can dream at least, eh?
This could be good for Java and other cross platform languages like Tcl/Tk. If the goverment has servers that are NT and some that are Linux and several other platforms then they are going to want software that will run on both you'd think.
I am interested in where this will go. If the goverement gets into Open Source code, will they give back to the Open Source community if they find security issues and fix them?
If the goverment enhances security in the kernel will they Open Source these too?
Only 'flamers' flame!
Open source is a very innovative way to develop software," Zaman said. "The issue is how much of our own code we should put out in the open source environment."
He is, I assume, talking about the IIS Sample Site and VB Examples. I remember Microsoft's commitment going back as far as gorillas.bas and other QBasic example programs, which were freely available when you bought QBasic.
Gates' Law: Every 18 months, the speed of software halves.
I've always wondered if the government, which uses Windows for much of its operations, is given (or pays for) the NT source. This quote seems to imply that they don't have it. Surprising, if so--I would have thought that the NSA would want to examine and/or customize the OS, at least for sensitive networks. Maybe I overestimate the competence of the US government.
That was about time that some government took off the sunglasses and had a look at the real world.
:)
I can't believe they haven't thought of this earlier (or at least thought of it in public). Linux is far from the only open-source OS, simply using the proprietary UN*Xes they've been running for long, with open-source daemons and tools would have gotten them a long way.
I remember the swedish government discovering that the proprietary e-mail tool they used had a backdoor in the encryption service they relied upon for security reasons. The backdoor was there for the US government (NSA probably).
This was so funny, or rather tragic, because they simply didn't think about before someone pointed it out to them. They honestly believed, that because the shrink-wrapped package said ``encryption'', they'd be safe.
Amazing it is, that the US government has been just as naive, believing that a closed source product only did what the package said it would do. I wonder how much insight MS/Sun/Oracle/others have into what's going on behind those closed doors.
Never underestimate the power of human stupidity.
Well, I'm looking forward to seeing new OSS daemons from the white-house, and mails from randomuser@whitehouse.gov on LKML
Reading further we see: As a result, Linux boasts a robust code that rarely malfunctions and is extremely difficult for hackers to crack, Klosowski said. Microsoft, on the other hand, keeps its code secret and makes upgrades to its products on a yearly basis, he said. Microsoft software products have been the target of numerous computer viruses. Neato! More positive news. My heart is warmed.
Now we get a few laughs. Microsoft's main server software, Microsoft Windows NT 3.5, for instance, is certified... I see. It's version 3.5 that is Microsoft's main server product, with NT 4 being relegated to just "Newest" status.
Zaman is amazing. After all the PR microsoft has done trying to convince people that "open source" development is not a good way to develop code. After all, who would work for free, eh? But now we find out that according to Zaman, "Open source is a very innovative way to develop software," In fact, Microsoft is so convinced of the viability of the Open Source model that "...Microsoft has been considering making some of its software products open source for two years." Two years, eh? That's a real good license. I'm just dying to work on code that's open for 2 years.
A few paragraphs later Zaman states that government agencies are not excessively reliant on Microsoft products... But just 2 paragraphs later we read The government already relies extensively on Microsoft products for desktop and, increasingly, server applications. Only a slight contradiction, eh? I suppose we can overlook that.And the last thing that we read is: Regardless of security concerns, Smith added, a multitude of software systems within an agency often can lead to interoperability problems. Very interesting. In the server market, you can't allow fragmentation within your product base. In the current server market, there is a lot of similarity within most server OS's, except one. That one is fragmented in the Server OS market. That OS is Windows. If I was an administer of a network and couldn't allow even one little bit of fragmentation, I'd keep Windows as far away from my servers as I could.
I wrote an essay on fragmentation of the Server Market. It may apply here.
-Brent--
While it may be laudable that public institutions are shifting to a more transparent OS, would it result in any increase in real security (as defined by the reduction of risk of data corruption and unauthorised duplication)? Just like replacing cracked window-panes with bullet-proof glass may result in a ra-ra feeling of improved safety, there is no additional protection if people carelessly leave windows open. Security results from modifying dangerous habits, just like we automatically check to see whether the door locks behind us when we leave the house, we need to condition ourselves to automatically log out or follow other basic data integrity procedures (duplicate copies, permissions, etc). This is a process of on-going education, informing people why certain procedures have to be followed despite the initial perceived hassle. One can point to the German Enigma machine which, while technically secure, lost integrity through operators being careless in their transmissions (using same callsigns, repeating the first sign-on phrase, etc) which allowed the British cryptoanalysis an opening. I believe the Americans used a variation of the easily cracked Italian crypto-machine but retained security through more rigorous operational procedures.
Security is only as strong as the weakest point and IMHO, people are the most fallible link in the system, not computers (though bad design flaws/assumptions are tough to figure out too). So, will the political establishment spend the savings from using OpenSource and not licensing windows to reinvest in helping the users effectively use the systems? In my observation hardware might take up 15-30% of the cost, similar for software, but the rest (40-60%) is in the education of users for them to be productive (and don't get me started on the folly of buying Pentium IIIs for web-browsing).
Throwing money at a problem is no solution to thinking through the issues.
LL