Defense Dept. Memo Explains Open Source Policy 387
TonyStanco writes "Big news. DoD issued a policy statement leveling the playing field for Open Source. We have the memo on the Center of Open Source & Government site." The requirements listed in this memo make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider." See this PDF for more information about National Security Telecommunications and Information Systems Security Policy (NSTISSP) number 11.
It's a start (Score:5, Interesting)
Well, hey. At least its a start. Previously, many DOD organizations and departments had an absolute policy on software/platform. In many places, especially sensitive installations, the policy was Solaris. In the last few years there has been an inexorable move toward Windows, despite the obvious problems. Other defense contractors have been moving in the same direction presumably to control costs by moving everything to one platform. However, most people are finding that this is not the best solution and they are allowing the installation/use/purchase of other systems including open source, Linux and OS X.
It's not that bad (Score:5, Interesting)
Best first bet would be it will slip in from DARPA. They've probably *already* been using it in places they're technically supposed to be using a commercial UNIX.
--Dave
So Basically... (Score:2, Interesting)
Waivers (Score:3, Interesting)
Navy/Marine Corp and the desktop (Score:5, Interesting)
This contract locks down the network to only NMCI managed systems (MS only). If there are existing systems that cannot run under windows than you have to apply for a "legacy system" exception and pay extra for no service.
This one size fits all approach is short sighted and foolish. The upper echelon has yet to catch on that the network is the backbone or the infrastructure that enables an ever increasing plethora of monitoring systems, data acquisition and control systems, collabration and communication mechanisms, etc.
As more and more devices become Web enabled the Navy has effectively locked itself out in the cold and crawled in bed with built in obsolesce - not to mentioned left itself vulnerable to an attack or virus that would spead like wild fire in a homogeneous network.
another interesting link... (Score:5, Interesting)
Re:Maybe time to change attitude a bit (Score:2, Interesting)
I'd say that's so important as to be essential. That can lessen the "buyer's remorse" if a company discovers it can't do something it wants to down the road and, more importantly, focuses the consumers' minds on the idea that there are different kinds of licenses. That seemingly simple concept can be a huge revelation to someone who has only dealt with proprietary software or has only a vague idea like "Linux is free and hard to use."
It also perhaps gives developers pause to consider different types of licenses. Perhaps the GPL is not a good "default" license (I personally think the BSD and LGPL are better for commercial entities -- I realize I can be debated on that subject). Perhaps it is. Still, even developers should think about what license is best for their software. And it'd be nice if the software didn't dictate that to them...
Questions: OSS and Dod? (Score:-1, Interesting)
*ISSUES OF NATIONAL SECURITY* is one of those issues. I would NOT be offended if goverment agencies decided to use undocumented closed source protocals in order to communicate and store information. In fact, I'm all for that. Hell if they want to write their propriority software in ADA, more power too them.
Typicaly speaking, goverment encryption systems should be protected from public use, and not be released under open source.
Re:Navy/Marine Corp and the desktop (Score:5, Interesting)
There really is no point to this posting, so mod me down. I'm just ranting and wanted to share an example of your tax dollars at work.
Re:Contracs (Score:3, Interesting)
I agree with you 100%. Heck, I will even go so far as to say that in many cases replacing proprietary software with Free Software is a loser over the long term. There are plenty of commercial software systems that are good deals, and there are Free Software systems that do not measure up.
However, the second the commercial software folks start talking about accountability (especially with regards to Microsoft) I can't help but cry foul. Microsoft sells their software "as is" they are not remotely liable for their software, and if you want a decent service contract you have to purchase one on top of your licensing agreement, and you probably have to get the contract from someone besides Microsoft. Purchasing a commercial contract is also no guarantee that the software in question will be developed in the future. The company I work for currently is in the middle of a JD Edwards ERP installation, and today PeopleSoft announced they will be purchasing JD Edwards.
What do you bet that future JD Edwards "upgrades" will involve paying huge money for a completely different product?
Like I said, there are plenty of hidden costs associated with switching to Free Software. However, service, support, and longterm viability of your software all play into the hands of Free Software adoptees.
Re:Questions: OSS and Dod? (Score:2, Interesting)
Re:Questions: OSS and Dod? (Score:5, Interesting)
I wouldn't be offended- I'd be scared. The rule of thumb is that "Security through obscurity is no security at all", but realistically, it's good enough for some situations where there aren't large numbers of dedicated, well-fianced enemy spies. That is, anyplace other than National Security can get away with it for a while.
It is critical that, if a software developer who knows the code defects, we can simply change everyone's password and not junk the entire system until the program can be re-written from scratch. But that's what relying on closed-source for security would require.
Hell if they want to write their propriority software in ADA, more power too them.
The US government doesn't write proprietary software. Or anything else proprietary for that matter- all their intellectual works are public domain. Some of them are protected under security classification, like the way Air Force bases belong to the public, but they're not allowed inside without permission.
(And, a Top-Secret classification will expire long before copyrights do...)
Close, but not quite (Score:3, Interesting)
Right.
Umm no. As long as it doesn't leave the DoD it's not 'distribution' under the terms of the license. You don't have to do shit.
Selling the program to outside customers and simply using it in-house are two entirely different situations though. See this entry in the GPL FAQ. [gnu.org]
The only difference between GPL and BSD in this context would be if the DoD had some reason to distribute the program in question to the public. As long as it's used exclusively in-house it doesn't matter at all.
most important reason not to use OSS license (Score:-1, Interesting)
Linus Torvalds once said he doesn't care what's done with Linux, and Stallman accused him of being "just" an engineer (for the n'th time). Yet he seems to have no problem with any organisation that stands firmly against his views with benefitting from his work.
I can't think of anything worse than contributing to anything and finding out it's being used to kill a few more civilians or conscripts as part of the current stampede.
(All you "just war" fetishists can demonstrate your confidence in US methods by promising to live in the city of the next target of attack, during and for the months after its "liberation"; if you're still here, you're just hot air, and we can ignore your viewpoint.)
dont forget DARPA funded openBSD for 20 months... (Score:3, Interesting)
openBSD is of course reputed to be the most secure open source operating system.
I think that it seems a little weird that the US military is on the one hand acting very anti opensouce, while on the other- it is actively funding its development.
Additionally, I have seen one or two "discovery channel" type documentaries in recent months that have filmed computer terminals inside US military installations. There was no doubt that the personnel were running Unix, although the exact flavour remained unclear- but could it be openBSD...?
"As-is" (Score:2, Interesting)
Even MS if survives the summer, they've already left Win95/98 behind and tried (or have) dropped NT. So, in regards to "who do you sue?" logic, read your license. MS-Windows could be chock full of remote exploits or send your personal data abroad or monitor your files and habits or break your third party applications and you'd have no recourse whatsoever -- except maybe upgrade to OS X/*BSD/Linux/QNX/etc.
Nice of Timothy to set up a straw man
Re:hmmm... (Score:3, Interesting)
To the best of my knowledge as a US Military employee: No, and no. If Microsoft software breaks, it's up to the people in our Network Operations Centers to fix it. I'd imagine the government gets a good discount in support costs, though. . . and probably has more than a couple Microsoft employees on contract to boot.
Re:Which in fact, means jack... (Score:3, Interesting)
God, I'm looking forward to a ME where Israel isn't the most open and democratic society so they'll get off their US subsidized, pampered butts and fix what ails them.
Re:Which in fact, means jack... (Score:3, Interesting)
Re:Navy/Marine Corp and the desktop (Score:1, Interesting)
Re:hmmm... (Score:3, Interesting)
Do you seriously think they do provide any guarantees?
In the corporate mentality (and government is the worst case of it) it is not important what is in the contract. What counts is the simple fact that there is an external entity (i.e. Microsoft) you can point finger on should something go wrong. As opposed to the situation, when there is no external entity, no contract and someone has to admit that it was they (or their subordinate) who screwed up something. Corporate mentality is about keeping safe within the structure with minimum effort - not about doing something.
I think that is one of the driving forces of outsourcing (apart from the issue of cost savings).
Re:Contracs (Score:3, Interesting)
Yup. Personal experience in that area. A suprisingly large amount of DOD software was written for Clipper Summer '87.
BWAAAAHAAHAHAHAHAHAHA!!!!! (thunk!)
(/me gets back on chair.)
(sniffle!)
Oh, that's RICH!
You almost had me fooled for a minute there.
Re:dont forget DARPA funded openBSD for 20 months. (Score:2, Interesting)
I think that it seems a little weird that the US military is on the one hand acting very anti opensouce, while on the other- it is actively funding its development.
Well, the DARPA thing was more an anti free speech thing, and anti-canadian. But then again, Canada is a haven for pot-smoking communist al-qaeda agents! ;) (Well, to be fair, there were several terrorists caught trying to cross the Canadian border to execute attacks timed for New Year's Day 2000...)
The most anti Open Source thing they have done recently is accepting Microsoft's new licensing terms after finding out they had been charged far more than ordinary businesses would be charged for the same Microsoft Software. They accepted Microsoft's song and dance about giving them a discount, whereas the Germans were smart enough to say "forget you, man!"
I for one would support legislation that requires all government entities to use ONLY open source software. It is unconscionable that they are wasting taxpayer dollars on crappy software to which they do not even possess the source code. How do they know there are no trojans and backdoors in that software that could be revealed to our enemies?
Re:Close, but not quite (Score:3, Interesting)
Do you know how many employees the DoD has? More than 1 million.
The word "distribution" means passing something out. Nobody can claim that giving a program to 1 million people spread around the world is not "distribution". The fact that all the recipients get paychecks from the same place means nothing.
See this entry in the GPL FAQ.
I've seen that entry in the FAQ. FAQs, however, have no legal weight. Only licenses do. What I don't see is anything in the text of the GPL itself to modify the definition of "distribution" to something other than in the English dictionary.
Quoting from that FAQ:
an organization can make a modified version and use it internally without ever releasing it outside the organization.
It says the organization doesn't have to release to the public. It does not say the organization can forbid its members from releasing to the public. (In any group of a million users, at least a few will feel like uploading to USENET)
If a boss can forbid his employees from redistributing a GPLed program based on the strength of the employment contract between them, or because they're in the same "organization", then commercial software vendors could evade the GPL by requiring their customers to sign onto shell corporations first. Obviously, that can't fly.
Re:hmmm... (Score:3, Interesting)
The company is called AIT - listed on LSE, it all collapsed when the directors were caught effectively fiddling the accounts.