Forgot your password?
typodupeerror
Government Software The Military Linux News

Convincing the Military to Embrace Open Source 164

Posted by Zonk
from the talking-to-a-brick-wall dept.
drewmoney writes "Misconceptions about what 'open source software' means has made elements of the US Defense Department reluctant to deploy in a live environment. DoD proponents of shared-source projects are now working to reverse this trend by educating IT decision-makers and demonstrating OSS usefulness. 'The cost of cleaning up a "network spill" that introduces classified material on an unclassified network is running about US$11,000 per incident on the Navy/Marine Corps Intranet (NMCI), so the free Secure Save tool could produce monetary savings for the Navy. Additionally, it would cover more file formats than the costly commercial redaction product currently available on the NMCI.'"
This discussion has been archived. No new comments can be posted.

Convincing the Military to Embrace Open Source

Comments Filter:
  • by flyingfsck (986395) on Saturday December 29, 2007 @07:44PM (#21852262)
    I can tell you, but then I'll have to shoot you...
    • No need to shoot me. I already know, and it is, indeed, very cool stuff. The military definitely embraces open source, especially with some of the more interesting high performance stuff that they do.
      • The military definitely embraces open source
        "The military" encompasses so much as to not mean much. Proprietary vendors still have vast swaths of the DoD by the short hairs. Until very recently, for example, the US Navy had the largest deployed WinNT4.0 rollout as part of the IT21 network configuration on ships. Or so a MicroSoft sales drone was telling me.
    • by MichailS (923773)
      And then you would invoice the army $11000?
    • Yes, they do [dla.mil]. They even have security tech guidelines [disa.mil] for installing and maintaining Linux in a secure production environment... and it's in a Wiki.

      /P

  • by G3ckoG33k (647276) on Saturday December 29, 2007 @07:46PM (#21852270)
    NT 4.0 and US naval ships...

    I think Linux floats here. Just check www.top500.org

    I can't guarantee that all other open source projects will float as well. But, who could?

  • by phrostie (121428) on Saturday December 29, 2007 @07:46PM (#21852274)
    maybe they just need to look around and open their eyes.
    there are lots of projects. for example, http://brlcad.org/ [brlcad.org]
  • It shouldn't matter. Some software has all the source code publicly available. Other software only has the machine code publicly available. The differences there are quite small. Most software is somewhere between (A lot of free source code is used legitimately in closed source apps).

    But it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just
    • Re: (Score:1, Informative)

      by Anonymous Coward
      Yeah, but when the software suddenly breaks, and the company hasn't issued a patch yet to fix your problem, you're S.O.L.

      With OSS, you can fix it yourself.
      • Re: (Score:3, Informative)

        by palegray.net (1195047)
        This doesn't apply in the military. If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels. These sorts of mission-critical software failures are not commonly seen in most military environments, however, due to extremely long certification processes for anything that has blinky lights on it.

        As much as I love open source software (my servers run on Debian, my w
        • by L7_ (645377) on Saturday December 29, 2007 @08:45PM (#21852634)
          you dont understand. the problem is that with binary distributions, like the majority of COTS software that the DoD/army buys you usually settle on a version number to do all of the testing with. Say, version 1.1. The rest of the system is built around 1.1 and all of its (intended and unintended) functionality. When there is a problem with the software version, commercial vendors fix the problem in the current version. Say you bought version 1.1 in 1997, there is no way that the company is going to sell you 1.1.88 when they are on version 6.0.

          This has nothing to say of the commercial binary distributions that are delivered from companies that are no longer in business... it happens more than you think in the defense industry world. Especially with the late 90's push to buy everything 'COTS'. Say you have version 1.1 of a database layer tool... all of a sudden that company goes out of business, I don't care how 'Mission Critical' the software is, it will never be fixed... since they did not have the source.

          What you need to understand is that the source distribution model is going to change. Open source/GPL'ed code or Apache based FOSS software is going to be delivered by a defense contractor (the ones that will still be in business in 7 years i mean) and take complete authority over the delivered code. This is no different than nowadays when defense companies buy multi-million dollar software packages, delivered as binaries, that they have to maintain responsibility for. Sure, they can pass the buck when the software breaks... but when the defense contractor has the source (and hires a competent enough software engineer (not too common)) then they can make the changes themselves.

          This is what the person is talking about. It doesnt matter that a Chinaman makes the changes to the code, the DoD/military just needs to trust their vendors to authenticate and take responsibility for their software solutions, in house developed, FOSS or closed binary COTS.
          • > Sure, they can pass the buck when the software breaks... but when the defense contractor
            > has the source (and hires a competent enough software engineer (not too common)) then
            > they can make the changes themselves.

            Since the DoD has the source and a Free license to it, it can hire someone else to make the changes it needs even if the contractor goes out of business.

            > This is what the person is talking about. It doesnt matter that a Chinaman makes the
            > changes to the code, the DoD/military ju
        • by houghi (78078)
          It will get fixed? They are going to force the vendor? They and what army?

          Oh wait.

          Mmm. They have a lot of people with beards in Guantanamo. Could they be OSS developers?
        • by jotok (728554)
          Bullshit. I work for one of those vendors. It's a fantasy that the military jumps into our ass when we fail to fix an issue.

          They jump into EDS's ass, and EDS flails around ineffectually while the vendors bicker. Eventually a massive and meaningless response, usually involving multiple powerpoints and 200-page word documents (it's a trick--pages 10-200 are "data" in a poorly formatted table) puts the slumbering giant back to sleep.

          For this, I get a bonus.
    • by John Hasler (414242) on Saturday December 29, 2007 @08:31PM (#21852534) Homepage
      Have you ever done a code inspection on a binary? Have you ever written a patch for one?
      • by 91degrees (207121)
        Have you ever done a code inspection on a binary?

        Yup. 99% of military purchasing guys haven't done a code inspection of anything.

        Have you ever written a patch for one?

        Yes. Haven't you?
        • > 99% of military purchasing guys haven't done a code inspection of anything.

          Why would purchasing guys be doing code inspections?

          > Haven't you [ever written a patch for a binary]?

          Yes. A tedious and error-prone process.
    • It shouldn't matter [...] it makes no difference. It is ultimately just software. A tool that can do a job. Zealots proclaiming that open source is the only way make it sound like Open Source software is somehow different. It's all just software.

      While I understand why you might think that, your statements are simply untrue. It matters. It matters a lot, especially to folks like the military where security is so important.

      [security of the source / ability to test for exploits]
      Let's say the military decides

      • > Another issue depends on the licensing of the open-source code. Many licenses would *NOT*
        > allow the military (or whoever) to legitimately use the code in their closed source apps.
        > That's not all licenses, but there are ones that might legally force the military to
        > release their modifications to the original source code.

        If you are thinking of the GPL here, no. They would only be required to provide source to those outside their organization to whom they distributed binaries. They would not
      • by Fred_A (10934)

        Many licenses would *NOT* allow the military (or whoever) to legitimately use the code in their closed source apps. That's not all licenses, but there are ones that might legally force the military to release their modifications to the original source code.

        I can't believe some people *still* haven't figured out how those licences (GNU and GNU derived) work... As pointed out above, you have to redistribute the source of the stuff you distribute. Presumably the military wouldn't redistribute their stuff.

        OTOH, I have seen a few licences that explicitely prohibited military use.

    • Exactly, thank you. Reading this story, and the one about Linux being used in various devices, those were my thoughts exactly. Sometimes (especially with hardware), it's important to a user how many others adopt something, so that whoever makes it will have incentive to keep going. This doesn't apply to Linux and OSS, though, so the periodic "Let's get people to use OSS!" discussions slashdot has are nothing more than zealotry, imnsho. If you're not being a zealot, you should have no reason to care what sof
    • make it sound like Open Source software is somehow different. It's all just software.


      That's like saying murderers and humanitarians are all just people. It's true if you exclude lots of factors, but in the wider sense of contribution to society, it's complete BS.
  • by MyNameIsFred (543994) on Saturday December 29, 2007 @07:53PM (#21852330)
    The article confuses two different problems. One problem is redaction, the other is a network spill. The two are very different. Redaction is "editing problem," deleting classified material from a document to make it unclassified. In a network spill, classified information is accidentally put on an unclassified system. A spill is a much more complicated problem. You have to determine how many systems were "infected," and sanitize those systems. And sanitizing may require the destruction/confiscation of the system. You also have to determine whether anyone without a clearance had access to the material. And I would guess that the vast majority of the cost is labor, not software.
    • Mod parent up. It's a very good representation of how spills and such are dealt with.

    • You also have to determine whether anyone without a clearance had access to the material.


      And what do they do in that case?
      • by rah1420 (234198)

        You also have to determine whether anyone without a clearance had access to the material.

        And what do they do in that case?

        We could tell you, etc., etc., etc.

        All seriousness aside, I'm sure that it depends on a number of things: the clearance that the spilled material had, the audience that was exposed, whether anyone actually did access it ("having" access is not the same as actually accessing it) among other things.

        In any case, I would surmise that the reaction would be anything from a strong sugges

    • The problem with Open Source and Government lies down to one thing. Who to blame I know, I know. If they had Microsoft products and there was a huge problem that is Microsoft fault they will blame them but nothing will happen. But it would come down to a Microsoft Problem not the employee problem. Thus keeping Open Source Away from Governments. Why do you think governments hire contractors, and still keep them even after a major screwup... It is not because the contracting company is doing shady busine
      • Software doesn't write itself, and integration is usually necessary anyway. Look at it another way.

        With open source software, the user can choose from multiple vendors to provide integration and bugfix support, whereas with closed source you have the original author only. If that vendor goes out of business, you're SOL.
        • You are thinking logically not like a government employee...
          Getting bug fixes and fast response time is good and fine. But when there is a problem who do you blame. If the company went out of business and there was a problem the blame would still go the problem perhaps some heat on why you didn't switch to a different company... But something similar can happen to Open Source Projects too. There are a lot of OSS projects that start get some good foot hold then suddenly just die, stopping all the support.
  • I don't think the military should use OSS. I get the whole argument about 'more eyes to look = less bugs' but that only works if you actually upgrade to a newer version that doesnt have the bugs. If I know you're running version 1.0 after 1.1 has come out, I can look at the differences in the code and work out exploits. Surely the military has some kind of long winded process for updating software, so it's quite likely that old versions will remain.

    Also what's to stop someone poisoning the source as a popul
    • Re: (Score:3, Insightful)

      by SCHecklerX (229973)
      You aren't giving the organizations in the military that work with this stuff enough credit. Hint: Your beloved internet started as a military research project. Now think how much farther they have come since then with stuff the private sector won't really see for quite some time (like all other applicable research that come out of the military).
      • by hedwards (940851)
        It really isn't just the military, any organization with a huge staff, numerous computers spread across multiple continents is going to have a difficult time keeping things updated like that. To make things more complicated, some of the gear is out at sea, and serious issues the likes of which a corporation will never see can happen if things aren't interoperating the way that they're supposed to be.

        The military in this sense has the same sorts of problems that a large hospital does, but multiplied by a hug
        • Access to the source code may not be available in a significant way. (The Microsoft shared source deal seems a good example of this, since they don't allow you to modify the code).

          Actually, the biggest thing with OSS to me, as far as the DoD is concerned anyway, is that you can change contractors if you have too. You have everything, if for any reason the people who maintain the software now have a problem, or just aren't getting things done, you can hire somebody else to maintain the code instead (okay,
      • Agreed. I go by the 15 year rule. What we see today from the military, secret agencies, etc is what was cutting edge 15 years ago. So in 1992 they had then what we are seeing from them now. What they got now is what we'll be told about in 2022. In other words, WAY advanced.

  • FCS runs on Linux (Score:1, Informative)

    by Anonymous Coward
    The entire Future Combat System [wikipedia.org] runs on RedHat Linux. The systems timeframe is a little lengthy, but it will be field tested in 2008. It certainly is based on Open Source technology, and it's going to be deployed service wide.
  • by samkass (174571) on Saturday December 29, 2007 @08:07PM (#21852372) Homepage Journal
    The entire "Future Combat Systems" of the US Army is based on SOSCoE, a virtual environment that currently runs on linux. It includes development environments for C/C++/Java, but not Microsoft or .NET (yet, anyway). I'm not sure where the meme came in that the DoD is anti-linux. They are certainly proportional in their linux market share as the rest of the world, I'd say.

    • by giminy (94188)
      No kidding. I worked at two DoD research labs between 2005 and 2007, and both were using GNU/Linux and *BSD quite extensively, both for research projects and for general IT stuff. I'd say that they use more Windows/Solaris than Linux/BSD, but commercially-supported and NIAP-Lab-vetted linux distros are relatively new in comparison to their commercial counterparts.
  • It's gonna be hard to get the military to embrace open source. Heck, I've had trouble getting my girlfriend to embrace open source.
  • Haven't the US military been using Solaris with gnu tools since long before Slashdot and linux existed?
    • The NAVI even created there own Ada compiler in open source (OK they had the NYU to help them). Today the compiler is part of the main GCC distribution.

      Martin
  • The military is starting to use open source software in more ways than people on the outside may realize. MediaWiki [mediawiki.org] is used in some interesting ways, as is a certain open source instant messaging platform. Without going into detail on things that are best not discussed outside classified environments, there are other large open source software projects that have made their way into the server room.

    The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes. Another issue is the fact that in order to use anything new, the military winds up spending insane amounts of money on retraining personnel, restructuring documentation, testing in live combat environments, etc. Essentially, it's all the major problems of large corporate uptake of open source projects, with additional dependencies.

    Things are slowly improving. The military uses what works, and for much of what we use in our infrastructure solutions developed on Microsoft platforms still work. That's not saying they're necessarily the best answer to a given technology need, but they're already in place and it will take some time for new ideas to get adopted.

    • I'm, (sort of) in the Air Force, and I concur. DoD uses a variety of systems. Apple, MS, Linux, Solaris, UNIX, etc, etc. Are we talking about Linux on everyones desktop? Not a chance. That would require a decade+ of investigation and deliberation. But for other areas, OS diversity abounds.
    • I'm in a different Navy, but we work with the US. I'd have to say I'm happy that not everything we get "forced" to use is M$, but the training on said platforms is usually a ppt presentation, so good luck to us if the system craps out in some strange way whilst we're bobbing around in the middle of the Augie(sp?)!
    • Disclaimer- I am an Air Force contractor. We have many flavors of linux/unix running in our lab, IRIX/Redhat/Solaris etc... but the one thing that they all have in common is the fact that they are supported by a company. What everyone seems to be missing here is the fact that if something goes "horribly wrong," the government is going to be looking for someone to point the finger at and kick in the ass. We run a few open source applications, but only after they have gone through a pretty stringent code revi
  • by MikeRT (947531) on Saturday December 29, 2007 @08:18PM (#21852458) Homepage
    Open source software is the only type of software that is often mostly made by foreigners that the DoD will use. Proprietary software that is owned by a foreign company cannot be used without extraordinary extenuating circumstances. Even if the whole development is done in America, the legal ownership by foreign nationals takes the proprietary software automatically off the approved software lists.
  • both the arpanet (essential predecessor to the internet) and bsd unix (essential predecessor to linux) were open source projects funded in large part by darpa, which is the american military. so saying that the military doesn't embrace open source seems kind of wrong.
  • Didn't you mean to write "open-source"?
  • NASA World Wind [nasa.gov] is open source and is uses by the DoD and other governmental groups.
  • They've kicked the linux tires a time or two. Secured it a bit.
  • "Convincing"? (Score:5, Informative)

    by Courageous (228506) on Saturday December 29, 2007 @08:36PM (#21852562)

    I work as an integrator and inserter of technology into military organizations.

    Hence, I can say with some authority that they are, for the most part, Talready convinced. To best characterize them, it would be: "interested, but cautious". "Convinced, but careful". They want to save money, believe that open source can be good, but have certain matters of due dilligence that they need to attend to.

    There remain "paperwork" issues of getting open source into SCIFs, particularly when the provenance of the open source is questionable. Not all open source is born equal, you know. Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).

    BTW, there is a new DoD directive that has been issued, ordering all defense procurement to include an assessment of open source products as an alternative to proprietary software. How is this "not convinced"?

    C//
    • by Tony Hoyle (11698)
      A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info.

      He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.. a free project with a few hundred authors isn't going to have the current contact details (or even full names in some cases) of all of them - we hav
      • A project I work with closely from a military type wanting to know the author of a particular 3 line bug fix, their email address, nationality, etc. As the fix was about 2 years old we had his name but no current contact info. He went away disappointed. Not heard anything like that happen since.. but some in the military could probably do with some education.

        Don't take this wrong, but honestly, it sounds like some people working for the military could use a little education, also. For something simple, like
      • Have someone trusted investigate the fix, the bug and what it does and see if that fix is appropriate, if not, write a better one.

        Then you have a trusted source for the fix.

  • Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on
    My Linux knowledge is practically nil, and I'm the "expert" in my unit.
    • Then they are as firmly entrenched in the M$ death spiral as we are. Although *some* of our kit is Linux, it's very specialized and it would be on less than 1% of computers that I have come in contact with. It's just too easy to keep the "status quo" going then to have to train the front line administrators in more than one OS (2000 and XP is difficult enough), let alone more than one office suite. When a data spill happens, (more often than not it's a computer error, rather than human error) I have yet to
  • Is the article summary talking about Open Source or Microsoft's Shared Source? They're Not At All the same thing.
  • by stewbacca (1033764) on Saturday December 29, 2007 @08:55PM (#21852696)
    The Air Force is hell bent on lining the pockets of Dell and Microsoft, with their stupid, COTS (commercial-off-the-shelf) procurement requirements.

    The Army and Marines use a lot of Linux. My company sells software to mostly the Army, and we have lots of Linux developers for a couple of Linux only intel software apps.

    The NSA (and all the branches of service that work in/for it) uses a heavy mix of UNIX and Windows (and the largest chunk of Mac OS X of any gov't agency I know of).

    Bascially, each branch operates in a fishbowl, separate from each other, so it is hard to generalize the Department of Defense's computer uses.

  • With the most advanced inertial navigation software, image sensors, microprocessors being developed in other countries, they have to use open source and download it from other countries just to survive.

    • by c6gunner (950153)

      With the most advanced inertial navigation software, image sensors, microprocessors being developed in other countries, they have to use open source and download it from other countries just to survive.

      Sure, technically speaking, Intel's newest line of processors was developed and fabricated in Israel. Has this lead to all users of intel processors switching to OSS?

      As an AC already pointed out, most of the development is being done by American companies, they're just outsourcing the research, developm

  • by HangingChad (677530) on Saturday December 29, 2007 @09:25PM (#21852858) Homepage

    It's a waste of time pitching the Navy anything. NMCI outsourced their entire network infrastructure to EDS. A monumental cesspool of pork barrel contracting that puts Haliburton's Iraq contracts to shame. There are hurdles and endless reviews for getting any piece of software approved for use on Navy or Marine networks. And between SPAWAR and EDS they're busy trying to squeeze out what little internal development is left in the Navy and move everything to the giant hosted service architecture. The very people most likely to use and promote any type of open source software or a project built on open standards are the ones jumping ship and going elsewhere.

    You can waste your time trying to educate DoD if you want but it's maddeningly frustrating. They'll listen and understand, then go off and do something entirely different. Which is a shame because the military is an organization that would benefit the most from an open, flexible infrastructure. One that could scale on demand, integrate disparate information sources and is reliable on legacy hardware. You would think with the massive paperwork hassles of buying anything through the government, the military would pounce on technology that let them side-step the entire procurement process and load it when you need it.

    It would all be funny if it wasn't billions of your tax dollars going down the crapper.

    • Not like NMCI was doing any better themselves. I had to explain to one of their so-called "admins" how to change file permissions on a Windows NT box.
  • The fact is that most OSS projects are ill suited to the corperate and government environment.

    OSS focuses on the latest and greatest features, government doesn't, they want tested and proven versions. OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

    I know the linux fanboys here will go batshit crazy over this, and i guess the truth stings.

    the ONLY situation i can see OSS being any advantage to the DoD is if they hired the developers of an OSS project they a

    • by greg1104 (461138)

      The fact is that most OSS projects are ill suited to the corperate and government environment.

      At least my open-source web browser warns me when I misspell "corporate" while trolling.

      OSS EOL's stuff long before it would be considered "tested" in something like a DoD environment.

      Yeah, it's a shame the copies of RHEL5 I deployed earlier this year will only be supported until 2014 [redhat.com]. Barely any time at all to test them.

      • by timmarhy (659436)
        "Yeah, it's a shame the copies of RHEL5 I deployed earlier this year "

        all you did was prove my point dumby. READ AGAIN - i said the only situation where OSS will work is when you pay developers to maintain it for you, which is what a RHEL support agreement is.

        essentially DoD need to do a cost/benefit and make up their minds if paying dev's vs purchasing a product makes sense.

    • It doesn't sting. It reminds me of my boy when he was 8 years old. We would take him out to nice restaurants where we could get decent food. No matter what was available he wanted the same boring things: chicken nuggets, grilled cheese, cheeseburger.

      I encouraged him to try new things but it's pointless to push it because there's something in the human condition that makes us think any unfamiliar food is toxic.

      So be it. Enjoy your kid's meal. I'll be over here with the diverse selection of culinary cr

      • Re: (Score:3, Informative)

        by timmarhy (659436)
        WTF does chicken nuggets and your kid being a spoilt brat have to do with anything I said?

        can you be more abstract? I think maybe there's a japanese conceptual artist out there that thinks your analogy is good, everyone else thinks it's dumb.


  • It is ridiculous to suggest that the military is concerned about cost or spending. The taxpayer pays the bill, and the bill can grow to whatever is politically possible. Why would a department choose open source when a few well connected companies stand to make hundreds of millions selling closed source solutions. The primary role of the military in US society is to funnel tax money and reward political power and connection. A large percent of military spending is for parts that are scrapped months befo
    • by timmarhy (659436)
      nonsense

      They have a budge like anyone else, and their purpose is very clear, to protect america's waters and interests abroad.

      I suppose you probably think the government can't go broke because they can print more money to?

      • by Entropius (188861)
        They have a bloated budget, getting anything they ask for from Congress (since we have to support the troops, right?) and the purpose of people at Boeing et al. working on military "R&D" isn't to develop equipment to "protect America's waters and interests abroad"; it's to get themselves more contracts. This after all is what the stockholders want, right?

        I live in a military contracting town, and have first-hand knowledge of people not really caring whether or not anything works or is militarily useful
        • by timmarhy (659436)
          err companys that are after contracts to build things for the navy don't care, thank you captain obvious.

          I was refering to the navy itself which does the purchasing. it's up to them to spend wisely (which they don't do, no debate from me there)

  • Every military project I've ever worked on has demanded a copy of all source code "for security reasons" - to make sure I wasn't slipping anything extra in there.

  • People always said the main thing slowing down the adoption of Linux was the lack of a killer app...
  • Personally, I want no part in promoting technology to an organization that harms and kills innocent people -- such as the military. Let alone the recent tortures and illegal "detainments" the US military has engaged in.

    "Yes, this village of children and their parents reduced to a smoky hole in a ground made possible by missiles running Linux!" Really, do we want that kind of association for something that is otherwise so wonder and represents the major achievement of OpenSource?

    Sorry, I do not wish to Op

What is wanted is not the will to believe, but the will to find out, which is the exact opposite. -- Bertrand Russell, "Skeptical Essays", 1928

Working...