Defense Dept. Memo Explains Open Source Policy 387
TonyStanco writes "Big news. DoD issued a policy statement leveling the playing field for Open Source. We have the memo on the Center of Open Source & Government site." The requirements listed in this memo make me think of a company policy along the lines of "You can bring your baby or toddler to work, so long as it can talk, feed itself and stick effortlessly to the ceiling like a spider." See this PDF for more information about National Security Telecommunications and Information Systems Security Policy (NSTISSP) number 11.
OSSis not a toddler. (Score:3, Insightful)
Except it's not really like that is it?
OSS is not a toddler - it's tends to be just as mature as proprietry equivilants.
So it should be covered by similar guidlines.
Which is all memo says really.
Re:OSSis not a toddler. (Score:2, Funny)
iopha
Re:OSSis not a toddler. (Score:4, Insightful)
So it should be covered by similar guidlines.
Which is all memo says really.
Mostly. But I found couple of things that bothered me a little:
"OSS refers to software that is copyrighted and distributed under a license that provides everyone the right to use, modify and redistribute the source code of software. Open source licenses impose certain obligations on users who exercise these rights." [Emphasis mine]
This is not entirely true. Most open source licenses that I know of do not impose any obligations on *use* of the software (unless you consider warranty disclaimer as an obligation). These types of obligations usually come with proprietary software and licenses.
"Certain restrictive open source licenses allow users to copy, modify and distribute software..." [Emphasis mine]
"Restrictive" is a relative term. That's why I say, make all Open Source apps double-license - one Open Source license of choice, the other - binary only regular EULA with all its conditions. Let users choose which one they want. They will not call this software "restrictive", "cancerous" or any other names anymore.
Erm... (Score:3, Insightful)
It was a joke about how strict the regulations were. Didn't you see the part about sticking to the ceiling like a spider? That's not normal human child behavior, hence, the stated regulations that would require such would be unreasonably str
Re:OSSis not a toddler. (Score:5, Insightful)
The referenced guidelines require that all Information Assurance applications MUST have gone through the NIAP certification process. This includes security scanners like nmap or nessus, lockdown tools like bastille, intrusion detection systems like Snort, and also (I think) any security-enabled applications like OpenSSH, or really anything OpenSSL-enabled like Apache, and even the operating systems that run them. With the current certification requirements, it is incumbent upon the vendor to pay to have a certified 3rd party testing group send the product through the testing. It is a lengthy, expensive, beauracracy-driven process. It is highly unlikely that any opensource project will have the time, money, or patience for dealing with it. Someone like RedHat or IBM would have to feel that it is in their best interests to throw away millions of dollars to prove that a given installation of a particular opensource application is acceptably, provably secure. Given the intense lobbying by Microsoft that happened when the NSA undertook the SE Linux project, and more importantly given that most managers have serious missions to accomplish that have nothing to do with software evaluations, it is highly unlikely that any government manager is going to put their budgets and careers on the line by having an opensource product put through evaluation.
This situation does not just affect opensource projects, but also small businesses and vendors. It's unlikely that such organizations would have the resources to get this certification process completed. This game is clearly closed to only big and/or well-heeled vendors.
For this reason, it is highly unlikely that officially blessed opensource products will ever enter an environment with even marginal security requirements. Until the beaucractic process for evaluation changes significantly, the current situation is decidedly biased against opensource, as well as small businesses and vendors.
All this being said, while DoD has fairness as a goal in its procurement processes, safeguarding the lives of its servicemen and servicewomen is the top priority, even if that means a bias for or against certain classes of organizations. Whether there is an effective way of making this process more fair while keeping things secure, whether the benefits of the system outweigh the detriments, or whether the process as it exists now is doing an effective job in passing products that are secure in the real world and not just on paper, is a question that I cannot answer.
--
Re:OSSis not a toddler. (Score:5, Insightful)
The regulations always say words to the effect of "a specific installation of a specific version of a specific software product (on a specific hardware configuration)". The parenthetical there is for some other security ratings.
A good example of this is the C2 security rating. Microsoft spent some money getting Windows NT C2 rated. Specifically, they got a specific patch level of a specific service pack of Windows NT v3.51 approved as C2 certified, on a specific set of hardware (with no floppy, I think) in a non-networked configuration.
No one paid any attention to those little details. They just saw "Windows NT is C2 rated" and used that for purchase decision approval for every Windows NT/2000 system the DoD has bought since then. Because the "bureaucratic process" doesn't know enough about computers to know what the ratings mean, or what they apply to, or where they don't apply.
The same will be done with this. "The NSA certified Linux for secure operation" will be enough, with supporting documentation to state that. Doesn't matter that it is for a different version of linux than your current procurement, it will still get it through the acceptance process.
Government regulations are only meant to be an overwhelming burden for those people silly enough to think you are actually supposed to comply with them fully. No one that has worked with government procurements for more than 3 months still believes that.
Justification.... (Score:5, Informative)
Oh wait, everything but the use of Microsoft products that is. It seems like that gets instant approval without the need for any justification. "Microsoft released Windows XP? OK, upgrade, forget about the costs and everything else that such an upgrade demands - just do it - across the board. Office XP you say? OK, allocate $10,000,000 for the software, we'll worry about paying for the licenses later."
Everyone knows that the benefits of using open source products far exceeds any benefits that can be reaped by paying a whole bunch of money for closed source products and their associated licenses (which are arguably always more extensive and restrictive then open source license schemes). Sure, paying $50,000,000 to upgrade your old NT servers to 2000 and your 98 desktops to either Windows 2000 or XP has it's benefits over spending $30,000,000 on Redhat and Star Office and the training. A bunch of sales people always say that such a move (upgrading Windows servers and clients and Office) has it's benefits. I just don't seem to see them. Maybe I'm too progressive, I don't know.
PS: didn't get it...this time
Contracs (Score:2)
OSS? Linus and software maintainers could stop development at any moment, and a contract with Redhat isn't going to change that. The government would have no contract with Linus to continue development,
Re:Contracs (Score:5, Insightful)
True, the core Linux maintainers could die or quit at any time. So could a software company drop a given application or operating system. For example, my company used a CRM called Vantive that was vastly superior in terms of ease of use and custimozation compared to PeopleSoft 8. We have in-house programmers that are very adept at coding for it. But PeopleSoft bought Vantive and dis-continued it. A few bugs sprang up that required access to certain source code that we didn't have. The answer? Pay 2 million (absolutely no exagueration) for People Soft 8 and go through the process of buying better servers and changing the structure of your Oracle databases "if you need future support for a PeopleSoft CRM". And yes, we had a service contract.
But the beauty of open source insures that others will pick up where they left off. It happens with alomst every popular and useful open source project whose lead developers quit. In the case of Linux, you would have people from companies like Redhat, Suse, and IBM ready to take the lead. The costs of such a change of "power" is rarely passed on to the consumer. Also, the really good analysts do,/i> factor in the cost of hiring contractors to specialize your code.
Re:Contracs (Score:3, Insightful)
And that doesn't necessarily preclude a successful lawsuit, should the government choose to persue it. If a root exploit were discovered and widely used, and it affected government servers, and Microsoft chose not to do anything about it, I suspect they would be sued and the US would win.
True, the core Linux maintainers could die or quit at any time. So could a software company drop a given application or operating system.
But no
You're first assumption was right, sort of (Score:4, Insightful)
If the software was GPL, it wouldn't matter how the contract was structured, because our programmers could have fixed the code. Instead, 2 million bucks was spent.
And PeopleSoft is not liable or accountable, because all they did was gain ownership of the closed code. The agreement of assurance was specifically with Vantive. We didnt' buy the patented works itself (which wasn't an option, and People Soft refused to sell Vantive after-the-fact).
As a side note, PeopleSoft 8 is laughable. I could design a better tool using PHP-Nuke (I actually hacked up a solution that was based on PHP-nuke for real simple CRM fucntions to show that it could be done - it was ignored, of course).
Re:You're first assumption was right, sort of (Score:3, Insightful)
I think somehow the beancounters make it look better to buy something for $2 million than to increase headcount by a dozen people. I'll never understand how that works.
Re:Contracs (Score:5, Insightful)
You are kidding, right? Windows is full of holes, and many of have been around for years by the time people get around to using them for break-ins, including into government computers. I don't know whether the US government could, in theory, win, but in practice, they don't seem to be sueing.
If the OSS developer drops the project, there is no guarantee that anyone will pick it back up. It may be likely, but that's not good enough for many officials. Without something in writing, there's no real security in your purchase/training.
Microsoft drops products constantly. And when Microsoft does that, you are completely stuck because nobody can pick up the software.
Perhaps what's confusing you is that Microsoft refers to many different, incompatible products using the same trademark. But that doesn't do you any good when your programs stop running.
The reality of it all is that if you buy Microsoft, not only do you have to put up with buggy software, but you get no guarantees, you have to expect security holes and accept the risk for them yourself, you can't fix anything, and the software likely has a much shorter usable life than comparable open source software.
Re:Contracs (Score:5, Insightful)
As mentioned in the parent, companies like Red Hat and Suse make their money from support contracts. Since their bread and butter is in these contracts, and not in selling upgrades, they are more likely to take an active role in fixing problems, instead of having a vested interest in propogating problems (leading to more upgrades).
Microsoft has, in the past, refused to fix bugs in "older" software. In many circumstances, the solution is to "upgrade." In several cases, bugs deemed non-critical by MS have been left unfixed for months. In several other cases, the fixes to these bugs have caused even worse problems.
I have yet to see a contract stipulating Microsoft promises to fix any problems discovered, let alone take resonsibility for any defects. Doesn't mean they don't exist; but, like invisible ephemeral unicorns, until I see one (or the effects of one), I don't believe in them.
The concept of manufacturer liability in the software market is laughable. Schools can get sued for millions for choosing co-valedictorians, but Microsoft sure as hell isn't going to pay for the privacy-raping holes in Passport.
Something is fucked up here.
Re:Contracs (Score:5, Insightful)
I don't think you understand how OSS works. See, if Linus&Co decide to stop whatever they're doing and go live fat and happy in Silicon Valley or somewhere, 'we' still have the code. Anyone can take it and continue the development -worst case scenario, they can't call it 'Linux' anymore. However, if Microsoft says 'well, that's all, folks! We'll start selling beach balls from now on!', there's not a single thing anyone can do about it. And no one can continue the development of those systems.
E
Re:Contracs (Score:5, Insightful)
Re:Contracs (Score:3, Interesting)
Yup. Personal experience in that area. A suprisingly large amount of DOD software was written for Clipper Summer '87.
BWAAAAHAAHAHAHAHAHAHA!!!!! (thunk!)
(/me gets back on chair.)
(sniffle!)
Oh, that's RICH!
You almost had me fooled for a minute there.
Re:Contracs (Score:5, Insightful)
Oh please, no one has ever sued Microsoft for lack of "service," and it is not because Microsoft products are perfect either.
Not only that, but Microsoft has done just about every other unfriendly thing that a software vendor can do. They have stopped development of projects, created spurious incompatibilities, and sold bugs as "features." If the government paid IBM (or RedHat or whomever) half of what they currently spend on Microsoft software they could almost certainly get a real service contract for a huge pile of Free Software, and if they didn't like the service they got, they could take that money next year and hire someone else without having to switch software.
I agree that there are costs to switching to Free Software, and I definitely agree that Free Software can't currently fill everyone's computer needs, but your arguments against Linux amount to nothing more than FUD. There are plenty of valid reasons for not choosing Linux. However, service, support, and longterm viability are all parameters that favor Linux.
Re:Contracs (Score:2)
Re:Contracs (Score:3, Interesting)
I agree with you 100%. Heck, I will even go so far as to say that in many cases replacing proprietary software with Free Software is a loser over the long term. There are plenty of commercial software systems that are good deals, and there are Free Software systems that do not measure up.
However, the second the commercial software folks start talking about accountability (especially with regards to Microsoft) I can't help but cry foul. Microsoft sells their software "as is" they are not remotely liable
Re:Contracs (Score:5, Insightful)
With Microsoft, and under contract, you know that's going to happen.
Sorry - no you don't. Microsoft have previously claimed that Windows NTv4 is being supported for security hotfixes until 30 Jun 04 (see here [microsoft.com]) but then failed to fix a serious RPC based DoS attack [microsoft.com].
I should imagine this pisses "secure" government sites off quite a bit - they have been promised security fixes for another year now and then get shafted because MS claim that NTv4 "does not support the changes that would be required to remove this vulnerability".
At least with OSS users are capable of fixing the problem themselves (or paying for it, or using a general release patch etc).
But there are hidden costs that you just don't always see.
Yep - and what are the costs of upgrading all of the Windows NTv4 to Windows 2000 servers to avoid this security bug?
As long as the guy with the cash used it... (Score:2)
Typical, eh?
Re:Justification.... (Score:5, Insightful)
Whatever
Sure, the nice high tech stuff is out in the field, but Joe Government is working off a 95 box hooked up to an NT network most likely, with 3270's into some ancient mainframe or some Sun system.
This is where OSS can make a big impact. Shit, half the IT guys in the government are UNIX guys, where do you think they've been hiding? Right next to the Novell Guys. All of a sudden, thousands of "out of date" UNIX guys are competitive with linux, and they're bringing in new blood to supplement them, because many are close to retirement. All the while their outdated Win and proprietary UNIX systems are nearing EOL, with nary a vendor in sight.
You couldn't get a better situation for FOSS in the government right now. Someone's gotta replace those big nasty mainframe's and NT 3.51 boxen. Some of us make a decent living doing it.
It's a start (Score:5, Interesting)
Well, hey. At least its a start. Previously, many DOD organizations and departments had an absolute policy on software/platform. In many places, especially sensitive installations, the policy was Solaris. In the last few years there has been an inexorable move toward Windows, despite the obvious problems. Other defense contractors have been moving in the same direction presumably to control costs by moving everything to one platform. However, most people are finding that this is not the best solution and they are allowing the installation/use/purchase of other systems including open source, Linux and OS X.
Eeep. Spider-babies (Score:5, Funny)
Re:Eeep. Spider-babies (Score:3, Informative)
Explains Open Source Policy -- Excuse Me (Score:5, Funny)
Isn't that putting it a bit strongly?
True Story... (Score:5, Funny)
This guy wants to clean out a room in the Pentagon, stacked to the ceiling with boxes labeled, "non-essential documents". So he starts a study showing how much space they can save by ridding themselves of all of these useless documents.
A few months later they complete this study, and send it up for a review. A board determines that this is a great idea and they can in fact save tons of space by ridding themselves of all of these documents, with one stipulation. They must make copies of all the documents for their records...
Craenor
Re:True Story... (Score:5, Funny)
My favorate involves moving a set of offices (used by Naval training personel, my friend is an officer and IT worker in said office) from Windows 98 and 2000 to Redhat. Yes, it is happening in a few places withing the military. Anyways, the IT staff there has been utilizing Linux and BSD for years, and decided to write up a report to outline it's effectiveness and security so that they could obtain approval to use it for all of the desktops under their control. Needless to say, they got approval with the usual stipulations (such as: some workstations demand Windows for certain software that only runs on Win32, and emulation is not an option). But, the military wanted them to also keep on hand a collection of spare Windows 2000 workstations "just in case", because "Linux is not yet proven" - that was their honest answer (why they needed entire workstations and not just a collection of "ready to go" Ghost images was a point of laughter in itself). The total: 50 workstations for a network of 200 systems. The cost of paying for those workstations and then keeping them on hand, and then paying for the Win2k clients and licenses for the next year was nearly triple the cost of moving the existing workstations over to Redhat 7.x (which was the newest RH release at the time) and hiring outside training for whatever training they might need (which didn't involve a move to Open or Star Office, because they were planning on running Microsoft Office anyways).
One of the people that "approved" the move was father-in-law for a local Microsoft sales person. Sure the plan got "approval" due to it's merits, but the contigency plan effectively killed the move.
No problem (Score:3, Insightful)
The Bird Report (Score:5, Funny)
Comment removed (Score:5, Funny)
I don't see the problem... (Score:5, Funny)
Re:I don't see the problem... (Score:2)
Spider-baby (Score:2, Redundant)
Well, with the advent of gecko tape [slashdot.org] that last part may now be possible!
It's not that bad (Score:5, Interesting)
Best first bet would be it will slip in from DARPA. They've probably *already* been using it in places they're technically supposed to be using a commercial UNIX.
--Dave
Maybe time to change attitude a bit (Score:5, Insightful)
I think the FOOS community notably the ones (like me) that do not write code but tries to get FOOS into the corporations, increasingly need to stress the fact that it comes with strings attached and that the corporations need to make sure that those strings is being honored.
Re:Maybe time to change attitude a bit (Score:2, Interesting)
I'd say that's so important as to be essential. That can lessen the "buyer's remorse" if a company discovers it can't do something it wants to down the road and, more importantly, focuses the consumers' minds on the idea that there are different kinds of licenses. That seemingly simple concept can be a huge revelation to someone who has only dealt with p
So Basically... (Score:2, Interesting)
Re:So Basically... (Score:2, Informative)
The GPL is a copyright license, and as such covers only _distribution_ and posession, not use or output. They don't distribute it - they
Close, but not quite (Score:3, Interesting)
Right.
Re:Close, but not quite (Score:3, Interesting)
Do you know how many employees the DoD has? More than 1 million.
The word "distribution" means passing something out. Nobody can claim that giving a program to 1 million people spread around the world is not "distribution". The fact that all the recipients get paychecks from the same place means nothing.
See this entry in the GPL FAQ.
I've seen that entry in the FAQ. FAQs, ho
Waivers (Score:3, Interesting)
Re:Waivers (Score:5, Funny)
Navy/Marine Corp and the desktop (Score:5, Interesting)
This contract locks down the network to only NMCI managed systems (MS only). If there are existing systems that cannot run under windows than you have to apply for a "legacy system" exception and pay extra for no service.
This one size fits all approach is short sighted and foolish. The upper echelon has yet to catch on that the network is the backbone or the infrastructure that enables an ever increasing plethora of monitoring systems, data acquisition and control systems, collabration and communication mechanisms, etc.
As more and more devices become Web enabled the Navy has effectively locked itself out in the cold and crawled in bed with built in obsolesce - not to mentioned left itself vulnerable to an attack or virus that would spead like wild fire in a homogeneous network.
Re:Navy/Marine Corp and the desktop (Score:2)
Re:Navy/Marine Corp and the desktop (Score:5, Informative)
The and another [navy.mil]
Bitching from a deckhand [fcw.com]
legacy servers...
Re:Navy/Marine Corp and the desktop (Score:3, Informative)
Re:Navy/Marine Corp and the desktop (Score:5, Interesting)
There really is no point to this posting, so mod me down. I'm just ranting and wanted to share an example of your tax dollars at work.
Re:Navy/Marine Corp and the desktop (Score:5, Insightful)
I deal with this monster everyday and there is very little publicity about this contract. There needs to be more horror stories out in the press. NMCI forces MS on everything that touches that friggen network and all other Operating Systems are considered "legacy".
another interesting link... (Score:5, Interesting)
What I'd like to know... (Score:3, Insightful)
Re:What I'd like to know... (Score:2)
No matter how much electronic preparation they do to a document, in the end lawyers still have to print out their filings, carry them to the courthouse, and watch as a clerk studies their signature and stamps the
Baby... Spider... What? (Score:5, Funny)
Hi Timothy, we'd like to make you an honorary member of our organization - PIFCA (People Incapable of Forming Cogent Analogies).
You belong with us like a marmot is comfortable with peanut butter.
Re:Baby... Spider... What? (Score:3)
I mean "Team of Stealth Rabbits".
Er, I mean "Barrel of Orange Midgets"
Or wait, maybe I mean "Group of Albino Chickens"...
Shit, I'm lost.
hmmm... (Score:5, Insightful)
I work for the government, so maybe I am more used to seeing security requirements for everything, but I didn't get that impression at all. We expect everything to talk, feed itself, and stick effortlessly to the ceiling all the while being secure. The government (DoD, DoE, etc) is probably one of the biggest users and innovaters of open source so I wouldn't get too feisty. The only reason people (managers) get a little hesitant about Open Source is blame. When something drops on the floor, they want someone to point the finger at, someone we have a contract with so that they can fix it reducing personal liability. Enter Microsoft with contracts in hand.
Re:hmmm... (Score:5, Insightful)
I am very serious in asking this.
1) Does microsoft offer guarantees to the military. for example do they guarantee uptimes or security. Do their contracts stipulate that Microsoft is liable for defects in their software.
2) Do the contracts that MS sign specify that MS will always fix the problem if things go wrong. Do they guarantee it?
It would be interesting if MS offered such contracts to the military because in the commercial world their contracts disavow any kind of liability.
Re:hmmm... (Score:5, Informative)
Apparently if the bug hadn't been fixed in a week, it'd have been escalted into a 'class A' bug and Ballmer or Gates would have been informed, and the developers would have started working round the clock.
(it turns out our CTOs code was at fault, the duffer).
I was surprised at the response from MS though. I think we had paid a fair bit to MS for the support, though knowing the guys in charge they persuaded MS that it was a strategic relationship and subject to a special discount.
Oh, we also had a MS employee assigned to us as a support contact - not just a secretary-type either, someone who knew his stuff and could actually do things for us, including helping us with the MS performance lab we got to use.
Re:hmmm... (Score:3, Interesting)
The company is called AIT - listed on LSE, it all collapsed when the directors were caught effectively fiddling the accounts.
Re:hmmm... (Score:3, Informative)
1) I've never seen any guarantees of uptime.
2) I've never seen anything other than standard corporate-style support, but I've never even seen that being used. All problems are handled by the in-house help desk people (who may be non-Microsoft contractors), who may go to TechNet for answers.
Re:hmmm... (Score:3, Interesting)
To the best of my knowledge as a US Military employee: No, and no. If Microsoft software breaks, it's up to the people in our Network Operations Centers to fix it. I'd imagine the government gets a good discount in support costs, though. . . and probably has more than a couple Microsoft employees on contract to boot.
Re:hmmm... (Score:3, Interesting)
Do you seriously think they do provide any guarantees?
In the corporate mentality (and government is the worst case of it) it is not important what is in the contract. What counts is the simple fact that there is an external entity (i.e. Microsoft) you can point finger on should something go wrong. As opposed to the situation, when there is no external entity, no contract and someone has to admit that it was they (or their subordinate) who screwed up something. Corporate mentality is about keeping safe wit
Re:hmmm... (Score:3, Insightful)
Yep. And that contract says when something drops on the floor don't try pointing that finger at us or we'll bite it off.
-
In other news: (Score:4, Funny)
In other news, Safeco has been reported to have replaced all their acustic cieling material with velco in order that their company wide pre-toddler policy can be implemented. In order to prevent possible liability, they had to replace their traditional furnature with what can only be described as a rubber room.
When asked about the subject, representatives of Safeco were unavailable for comment, but issued the following statement, "we are cleaning baby vomit out of our clothing".
According to one district manager, "I can't tell if productivity is up or down, i'm stuck. Help!".
And we have contests for (Score:2)
This is a good thing. (Score:5, Insightful)
Be careful about Tony Stanco. (Score:3, Insightful)
More conspiracy theories (Score:5, Insightful)
How you can make this out from that memo which basically says we have a set of procedures in place for software evaluation, if OSS passes those then fine, no problem and secondly be aware of the terms of the license that the OSS comes under.
I know this is Slashdot but the fact that OSS may have to go through a regular selection process instead of being mandated as defacto standard, to the detriment of all others is proper procedure in most large organisations. You should be saying well done for leveling the playing and giving OSS a chance to compete on equal terms.
What do they really have planned? (Score:5, Insightful)
With this in mind, what Linux or Unix OS are they planning on using already? They must have one picked out if they are going to start making rules on the OSS situation.
Family Guy - Da Bomb episode (Score:4, Funny)
Stewie?
DOD and OSS (Score:3, Insightful)
Re:HTML Version (Score:2)
Not the same memo (Score:5, Informative)
That document you linked to is dated Janurary, 2000, not may 2003.
It also does not mention the GPL.
Re:Not the same memo (Score:4, Funny)
The PDF linked from the article is also dated Jan 2000, and also doesn't mention the GPL ...
<shrug>
Re:Not the same memo (Score:5, Informative)
useful link (Score:2, Informative)
http://www.egovos.org/pdf/OSSinDoD.pdf [egovos.org]
Re:Gawd. If code were written that way . . . (Score:5, Informative)
It aint that hard.
Basically:
1) It defines OSS & GPL
2) Says they're OK to use provided:
a) They comply with the same Dod policies for equivilant Off the Shelf software
b) They're comply with the requirements defined by the National Security Telecommunications and Information Systems Secuirty policy.
c) They're configured as per DoD approved security configurations from http://iase.disa.mil [disa.mil] and http://www.nsa.gov [nsa.gov].
d) You dont break any licenses.
Thats all!
Which in fact, means jack... (Score:5, Informative)
And most COTS systems in use don't have the certs anyway, and no one gets in a tizzy. It's only if you wanted to hook it up to SIPRNET or something (and then it gets reviewed independantly anyway).
This is just some stuff to make the guys funding the projects (Congress) feel better.
What difference would it make? (Score:5, Funny)
Re:What difference would it make? (Score:3, Funny)
thank you for disseminating the binaries to the missle guidance software to me via the onboard computer in the handily packaged LBU100 bomb which was delivered by US Military couriers today.
I find, however, that you neglected to include the software to this device, especially the arming and control routines.
Please deliver to me, within a reasonable time, said software as you are obliged to under the terms of the GPL, and I shall ensure that the delivery package is returned as soon as
Re:What difference would it make? (Score:5, Funny)
Re:Which in fact, means jack... (Score:3)
Jeroen
Re:Which in fact, means jack... (Score:3, Interesting)
God, I'm looking forward to a ME where Israel isn't the most open and democratic society so they'll get off their US subsidized, pampered butts and fix wha
Re:Which in fact, means jack... (Score:4, Informative)
So unless the fucking missle flies through your window, the code has not been distributed to you. If that happens, you have bigger things to worry about than the god damn source.
Now for fucks sake, go read the GPL and the FSF FAQ's about it, or shut the hell up.
Re:Which in fact, means jack... (Score:3, Interesting)
Re:Gawd. If code were written that way . . . (Score:2, Insightful)
Re:Gawd. If code were written that way . . . (Score:4, Funny)
Depending on the time period:
"Is it IBM? If not, you're fired." or "Is it IBM? If so, you're fired."
dont forget DARPA funded openBSD for 20 months... (Score:3, Interesting)
openBSD is of course reputed to be the most secure open source operating system.
I think that it seems a li
Earth Governments Are Fools (Score:3, Funny)
Re:Earth Governments Are Fools (Score:5, Informative)
Re:Earth Governments Are Fools (Score:4, Insightful)
If you've ever tried to take a dump on a C-130 in flight, going through a thunderstorm, after a 60 day deployment to a tent in Turkey, when your entire digestive tract is in full rebellion...you'd be damn glad that the toilet is designed properly.
Re:Earth Governments Are Fools (Score:3, Insightful)
If you had a toilet that had to survive 1000 bums per day in a saltwater environment with no spares or repair shops for 5000 miles in all directions (this was a toilet on a SHIP) then you might expect to pay more than the HomeSpot $100 special.
Re:HTML (Score:2)
Re:Remember.. (Score:2)
Re:Questions: OSS and Dod? (Score:4, Insightful)
Re:Questions: OSS and Dod? (Score:2)
Speaking idealy... assuming a goverment wants something secure, they want a system that the public doesn't use. This is only common sence.
While you run the risk of creating a system that does suck, you are at less of a risk cause fewer people don't know that it sucks. That's the theory anyway. And it's a hell of alot easier to sell people on this concept. It's harder to c
Re:Questions: OSS and Dod? (Score:5, Interesting)
I wouldn't be offended- I'd be scared. The rule of thumb is that "Security through obscurity is no security at all", but realistically, it's good enough for some situations where there aren't large numbers of dedicated, well-fianced enemy spies. That is, anyplace other than National Security can get away with it for a while.
It is critical that, if a software developer who knows the code defects, we can simply change everyone's password and not junk the entire system until the program can be re-written from scratch. But that's what relying on closed-source for security would require.
Hell if they want to write their propriority software in ADA, more power too them.
The US government doesn't write proprietary software. Or anything else proprietary for that matter- all their intellectual works are public domain. Some of them are protected under security classification, like the way Air Force bases belong to the public, but they're not allowed inside without permission.
(And, a Top-Secret classification will expire long before copyrights do...)
wtf? (Score:2)
1) Linux
2) OSX
3) WinNT
4) FreeBSD
5) Solaris
6) OpenBSD
7) other {Tru64, AIX, Plan9, custom}
in that order.... (pretty close anyway, that's from my random sampling around the grad/undergrad dept.)
So why again does using Windows help you embrace Computer Science? Or windowsity... made up words... zughhhhhh!!!
ARRRGHHH MODS ARE INSANE!~!!!!!!!!@@!@!@
Re:most important reason not to use OSS license (Score:5, Insightful)
Is that the DoD, the DoJ, dictator-of-the-week, and any other offensive military/rights-quashing group, can use your code, and you have no control over it.
Bullshit. Or can you actually think of cases where the "military/rights-quashing group" uses a developer's code without their permission? I personally don't see a need for the military to jackboot someone else's code, since there're about 1500 military programmers in the US Air Force alone. That doesn't count civil service or contracted personnel working with or for the Air Force.
And frankly, if you think people join the US Armed Forces because they want to "quash people's rights," you are sadly out-of-touch with reality. Military members swear an oath to defend the Constitution of the United States--it's an oath we don't take lightly. If you're not happy with the Iraq war, that's fine. . . neither am I. But blame the politicians you elected into office, who sent the troops in the first place.
Re:most important reason not to use OSS license (Score:4, Informative)
Then why, pray tell, aren't the military (since I'm guessing they have the might) arresting Mr Ashcroft and several other members of the US Government elite? Why also are they not refusing to fight in Iraq?
Because it's not our job to arrest Mr. Ashcroft for exercising the duties of his office - and because it would be a violation of the worst sort for the military to actively remove politicians from office just because what they're doing might not be constitutional. Interpretation of what is or is not constitutional is not up to us, it's up to the courts.
As for Iraq - what was actually iillegal about the invasion? Congress authorized use of force in October 2002 and gave the President the money he asked for to fight the war in the 2003 budget. If Congress didn't want the war, all they had to do was refuse to pay for it.
Oh that's right, it's an oath you don't take "lightly", but when the alternative is court martial, you were just following orders.
If the President ordered the military to arrest members of Congress or the Supreme Court, you can bet that oath would come into play. But the military does not act based on what some Anonymous Coward thinks is unconstitutional. Hell, the US Military isn't even allowed to participate in domestic peacekeeping--Google for "Posse Comitatus Act," and contrast it with the military's active involvement in such nations as Pakistan and Turkey. Where would you rather live?