Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Checks Out Open Source

Posted by ryuzaki0 on from the sometimes-they-do-the-right-thing dept.

Floris writes "The White House goes Open Source? It sure seems that way! (credit for the link goes to LinuxToday)" The story quotes "a senior White House official." Federal Times, which ran the article, is generally a pretty reliable source of "insider" government news. And I've been to some meetings of the DC LUG mentioned in the story and it's full of staunch Linux advocates who are busily infiltrating Linux into the government agencies where they work. Nice to see they're finally getting some attention from the higher-ups.

9 of 119 comments (clear)

  1. Well of course by Skyshadow · · Score: 3
    Am I the only one remembering the end of Sneakers here? The part about the NSA being able to read everybody's mail?

    Of course the White House wants to go open source -- do you seriously think that the security-paranoid folks who work there really want the NSA reading all about the next Monica and using it to get more funding? I think not.

    ----

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  2. When are the Feds gonna open up Crypto? by zilym · · Score: 3
    It's seems kind of ironic that the Feds are complaining about poor security in Microsoft software, then praising how stable and secure Linux is, when the Feds are probably part of the problem. I agree, with the Feds: Linux will help to improve security through encrypted file systems and network pipes (www.kerneli.org) plus encrypted/signed email and files (www.gnupg.org). However, Linux had a hard time getting here since all the developement of these strong security tools had to be done outside of the country. Maybe when the Feds have Linux installed all over the place and get tired of having to patch their kernel all the time (to get the International Crypto pieces), they'll start thinking about making the restrictions a little more open.

    I can dream at least, eh?

  3. could be good for Java by josepha48 · · Score: 3

    This could be good for Java and other cross platform languages like Tcl/Tk. If the goverment has servers that are NT and some that are Linux and several other platforms then they are going to want software that will run on both you'd think.

    I am interested in where this will go. If the goverement gets into Open Source code, will they give back to the Open Source community if they find security issues and fix them?

    If the goverment enhances security in the kernel will they Open Source these too?

    --

    Only 'flamers' flame!

  4. MS Open Source by Imperator · · Score: 3
    Zaman added that Microsoft has been considering making some of its software products open source for two years.

    Open source is a very innovative way to develop software," Zaman said. "The issue is how much of our own code we should put out in the open source environment."

    He is, I assume, talking about the IIS Sample Site and VB Examples. I remember Microsoft's commitment going back as far as gorillas.bas and other QBasic example programs, which were freely available when you bought QBasic.

    --

    Gates' Law: Every 18 months, the speed of software halves.
  5. Does government have NT source? by shadrax · · Score: 3
    From the article:
    Access to the Linux source code "gives us some confidence," the White House official said, adding that it simplifies patching security breeches and correcting routine errors.

    I've always wondered if the government, which uses Windows for much of its operations, is given (or pays for) the NT source. This quote seems to imply that they don't have it. Surprising, if so--I would have thought that the NSA would want to examine and/or customize the OS, at least for sensitive networks. Maybe I overestimate the competence of the US government.
  6. Re:Federal Linux Distrib? by Stonehand · · Score: 3

    --- Kernel Patch Request Form ---

    Adding a patch to the Linux kernel (hereafter referred to as "kernel") may compromise security, functionality or both. Therefore, before submitting patch for inclusion you must attach a Form 15812n Software Audit Report for all contexts in which you intend to use this patch. This procedure must be repeated should additional contexts emerge.

    We will need the following details.

    Who wrote the patch? Is/are the people responsible (hereafter referred to as "patch author(s)") U.S. citizens? Please have them undergo security clearances and attach the resulting paperwork. Use of nails and rivets is for this purpose (attaching, not auditing) is hereby sanctioned.

    What does this patch do, and why do you want it? Be sure to detail all system resources consumed by such, and study the impact upon the targetted environment. Include time and resources expended on this application, sub-applications and related activities.

    Do you expect it to be applied to future revisions of the kernel? If so, explain why and bear in mind that this is included in the aforementioned "additional contexts" section, and thus will require periodical documentation and re-application.

    Please remit this form once completed to your supervisor and all other individuals affected for approval, with copies for yourself, the Software Patching Department, and Personnel (for your quarterly performance evaluation) as usual.

    Bear in mind that approval may not occur until a full review of your provided documentation has occured. We hope to be able to respond to you within six months of completion of said review. Thank you for your time.

    --end form--

    --
    Only the dead have seen the end of war.
  7. About time by Oestergaard · · Score: 4

    That was about time that some government took off the sunglasses and had a look at the real world.

    I can't believe they haven't thought of this earlier (or at least thought of it in public). Linux is far from the only open-source OS, simply using the proprietary UN*Xes they've been running for long, with open-source daemons and tools would have gotten them a long way.

    I remember the swedish government discovering that the proprietary e-mail tool they used had a backdoor in the encryption service they relied upon for security reasons. The backdoor was there for the US government (NSA probably).

    This was so funny, or rather tragic, because they simply didn't think about before someone pointed it out to them. They honestly believed, that because the shrink-wrapped package said ``encryption'', they'd be safe.

    Amazing it is, that the US government has been just as naive, believing that a closed source product only did what the package said it would do. I wonder how much insight MS/Sun/Oracle/others have into what's going on behind those closed doors.

    Never underestimate the power of human stupidity.

    Well, I'm looking forward to seeing new OSS daemons from the white-house, and mails from randomuser@whitehouse.gov on LKML :)

  8. Bunch of fun. by bmetzler · · Score: 5
    Reading this article was fascinating. The first thing I saw was Linux, an open-source operating system similar in functionality to Microsoft Windows, is being given serious consideration as an alternative for government computer users, the official said. "Similar in functionality?" It's nice of them to acknoledge that, even though it could be argued that Linux has more functionality then Windows. Still I has to save this to show anyone who tries to tell me that Linux is brain-dead.

    Reading further we see: As a result, Linux boasts a robust code that rarely malfunctions and is extremely difficult for hackers to crack, Klosowski said. Microsoft, on the other hand, keeps its code secret and makes upgrades to its products on a yearly basis, he said. Microsoft software products have been the target of numerous computer viruses. Neato! More positive news. My heart is warmed.

    Now we get a few laughs. Microsoft's main server software, Microsoft Windows NT 3.5, for instance, is certified... I see. It's version 3.5 that is Microsoft's main server product, with NT 4 being relegated to just "Newest" status.

    Zaman is amazing. After all the PR microsoft has done trying to convince people that "open source" development is not a good way to develop code. After all, who would work for free, eh? But now we find out that according to Zaman, "Open source is a very innovative way to develop software," In fact, Microsoft is so convinced of the viability of the Open Source model that "...Microsoft has been considering making some of its software products open source for two years." Two years, eh? That's a real good license. I'm just dying to work on code that's open for 2 years.

    A few paragraphs later Zaman states that government agencies are not excessively reliant on Microsoft products... But just 2 paragraphs later we read The government already relies extensively on Microsoft products for desktop and, increasingly, server applications. Only a slight contradiction, eh? I suppose we can overlook that.

    And the last thing that we read is: Regardless of security concerns, Smith added, a multitude of software systems within an agency often can lead to interoperability problems. Very interesting. In the server market, you can't allow fragmentation within your product base. In the current server market, there is a lot of similarity within most server OS's, except one. That one is fragmented in the Server OS market. That OS is Windows. If I was an administer of a network and couldn't allow even one little bit of fragmentation, I'd keep Windows as far away from my servers as I could.

    I wrote an essay on fragmentation of the Server Market. It may apply here.

    -Brent
    --
  9. Security is a state of mind by LL · · Score: 5

    While it may be laudable that public institutions are shifting to a more transparent OS, would it result in any increase in real security (as defined by the reduction of risk of data corruption and unauthorised duplication)? Just like replacing cracked window-panes with bullet-proof glass may result in a ra-ra feeling of improved safety, there is no additional protection if people carelessly leave windows open. Security results from modifying dangerous habits, just like we automatically check to see whether the door locks behind us when we leave the house, we need to condition ourselves to automatically log out or follow other basic data integrity procedures (duplicate copies, permissions, etc). This is a process of on-going education, informing people why certain procedures have to be followed despite the initial perceived hassle. One can point to the German Enigma machine which, while technically secure, lost integrity through operators being careless in their transmissions (using same callsigns, repeating the first sign-on phrase, etc) which allowed the British cryptoanalysis an opening. I believe the Americans used a variation of the easily cracked Italian crypto-machine but retained security through more rigorous operational procedures.

    Security is only as strong as the weakest point and IMHO, people are the most fallible link in the system, not computers (though bad design flaws/assumptions are tough to figure out too). So, will the political establishment spend the savings from using OpenSource and not licensing windows to reinvest in helping the users effectively use the systems? In my observation hardware might take up 15-30% of the cost, similar for software, but the rest (40-60%) is in the education of users for them to be productive (and don't get me started on the folly of buying Pentium IIIs for web-browsing).

    Throwing money at a problem is no solution to thinking through the issues.

    LL