New DoD Memo On Open Source Software 146
dwheeler writes "The US Department of Defense has just released a new official memo on open source software: 'Clarifying Guidance Regarding Open Source Software (OSS).' (The memo should be up shortly on this DoD site.) This memo is important for anyone who works with the DoD, including contractors, on software and systems that include software; it may influence many other organizations as well. The DoD had released a memo back in 2003, but 'misconceptions and misinterpretations... have hampered effective DoD use and development of OSS.' The new memo tries to counter those misconceptions and misinterpretations, and is very positive about OSS. In particular, it lists a number of potential advantages of OSS, and recommends that in certain cases the DoD release software as OSS."
hmm military using OSS (Score:3, Funny)
gives a new meaning to terms such as "fatal exception" and "kernel panic"
Re:hmm military using OSS (Score:5, Funny)
I think you meant "Colonel Panic".
Re: (Score:2)
"Crashes" take on a whole new importance too...
Re:hmm military using OSS (Score:5, Funny)
I'm still wondering what happened to General Protection Fault.
Is he retired? Missing In Action?
Re:hmm military using OSS (Score:5, Funny)
He was involved in some illegal operations and they ended up shutting down the whole program. I heard they were calling for the death penalty but his execution was halted at the last minute.
Re: (Score:1, Redundant)
hilarious. mod him funny!
Re: (Score:3, Funny)
Re:hmm military using OSS (Score:5, Funny)
Re: (Score:3, Insightful)
Re: (Score:1)
No, General Failure screwed up once too often...
No, it was really General Protection's fault.
Re: (Score:2)
Did he abuse Private Memory again?
Re: (Score:1)
Re: (Score:2)
This is very odd... (Score:5, Funny)
the government is acting intelligently. I feel strange.
Re:This is very odd... (Score:5, Insightful)
Re:This is very odd... (Score:4, Funny)
Faster than the speed of light.
It's a tachyon memo from now to 2003.
Just think! Once they receive the memo, 2003 and onward will happen with the new memo.
Thus, the present will be altered, and we'll have all the benefits of the new memo being in effect for 6 full year.
Re: (Score:1)
No, probably not. You can't trust messages from the future -- even from yourself! You may have been compromised by the enemy.
Re: (Score:2)
Actually, that sound like the plot to a fairly cool SF novel
Pug
Re: (Score:1, Interesting)
Re:This is very odd... (Score:5, Interesting)
probably has more to do with who's now running the office of the President.
No, Obama had nothing to do with it. I sent comments about the draft version of this document well over a year ago. Yes, it takes government this long to do something this logical and simple.
Re: (Score:1, Funny)
But I thought Obama was personally responsible for every single thing in the massive US government! Are you saying the Internet lied to me?
Re: (Score:3, Interesting)
I learned that lesson during my Officer training. It was my final 'lead' assessment, and we were on a patrol against hostile forces. My team had been briefed twice that day on the rules of engagement by me, and my 2IC was briefed by me a third time as well as he had to give the brief to another group. I'd then checked understanding of the ROE with the group after he'd done so.
We went on patrol and encountered enemy. We had one of
Re: (Score:3, Insightful)
Re:This is very odd... (Score:5, Insightful)
Within the military community, you're absolutely correct, but politicians are rarely held to the same standard. If Joe Biden shot someone without provocation, Obama wouldn't face any problems but pressure to fire Biden and have him stand trial.
wait, so what happened with Bush & Cheney when Cheney did shoot someone?
Re: (Score:2)
Within the military community, you're absolutely correct, but politicians are rarely held to the same standard. If Joe Biden shot someone without provocation, Obama wouldn't face any problems but pressure to fire Biden and have him stand trial.
wait, so what happened with Bush & Cheney when Cheney did shoot someone?
. . . nothing, because it was obviously a hunting accident? Where, you know, the victim said it was an accident, and he was cleared of any wrongdoing after preliminary investigation? When you go around shooting things, it's possible for people to get hurt by mistake, and everyone involved understands and accepts this.
Re: (Score:2)
That someone essentially apologized to Cheney for letting his face get in the way. One wonders what went on behind the scenes to inspire THAT!
Re: (Score:2)
***Within the military community, you're absolutely correct***
So, the entire chain of command was court marshalled as a result of the My Lai massacre? (http://en.wikipedia.org/wiki/My_Lai_Massacre). Not that I recall. Reality is that unless you lose a war and can't get to neutral ground before the victors catch up with you, military justice stops at the designated fall guy.
Re:This is very odd... (Score:5, Informative)
I wrote the memo (mostly). Here's some historical context:
In 2001-2002 (or so), the Defense Information Systems Agency was in the process of certifying RHEL as being compliant with the Common Operating Environment, which was like a DoD-version of the LSB, sorta. Rumor has it (was before my time) that a certain OS vendor (popular in the desktop space) took exception to this fact and drafted an unsolicited memo for the DoD CIO, which effectively would have banned OSS.
The DoD CIO at the time was a guy named John Stenbit. Stenbit was (and is) a strong-willed visionary, who wasn't about to roll over for anybody, so he (through DISA) commissioned a survey of how much OSS was currently in use in DoD. The study got farmed out to MITRE, specifically a guy named Terry Bollinger. The results of the study were that OSS was being used in lots of places across DoD, in some cases for mission-critical things, and interestingly extensively by the information assurance community. (e.g. snort)
So Stenbit got someone to write a new memo, which he signed in 2003. It said roughly: OSS is okay, it's just like other software, but make sure that you get approval before you use it. (Same as anything else.) Stenbit retired from gov't in 2004.
In April 2008, the Deputy CIO (Dave Wennergren) got the idea that we ought to have updated DoD guidance on Open Source Software. I believe it was suggested to him by Scott McNealy (Sun), Art Money (former DoD CIO from 1999-2001), and Bill Vass (Sun, but former gov't executive under the DoD CIO). Dave asked around if there was anybody on the CIO staff at the time who knew much about OSS. That ended up being me.
I was a CS major at MIT, class of '95; used to work down the hall from Richard Stallman. I was on ROTC scholarship and later served about 6 years as an active-duty officer. I started working as a civilian in gov't in 2002, and in 2004 I took a position with the office of DoD CIO - partially so that I'd be in the right place to advocate OSS in gov't.
Four years later, I got an golden opportunity: I got the task to figure out what the updated OSS guidance should say.
I drafted the memo, with help from lots of folks, including David Wheeler, John Scott, LtCol John Barrette, Dave Emery, Terry Bollinger, MaryAnn Kiefer, Roger Loeb, Frank Petroski, Monique Pryce, JC Herz, and probably others I forgot to mention. I briefed the concept to Wennergren. Got feedback. Revised. Sent out to other offices in the Office of the Secretary of Defense (OSD) for coordination. Sent to the Military Department CIO offices for coordination. Spent many, many hours coordinating and revising with the Office of General Counsel (OGC) for the OSD, the Army, USAF, and Dept of Navy. It was mostly done a year ago, but it kept getting held up because someone wanted to review and comment.
One paragraph in the memo is traceable to a particularly heinous licensing debacle with a particular software vendor (not Microsoft) that affected a particular software project, and could have been avoided by using OSS.
The lawyers were by far the biggest delay. I wanted to reference the Open Source Definition (published by the Open Source Initiative), but lawyers wouldn't let me, on the grounds that doing so could be considered an endorsement of a non-federal entity, which would violate the Joint Ethics Regulation. I argued that this was a ludicrous interpretation of the JER, and eviscerates the authority granted to the CIO by the Clinger-Cohen Act. But after months of no-progress, I compromised and the final memo does not reference the OSI.
There was no direct involvement by the White House for the 2009 memo, and I don't think for the 2003 memo either. The generally favorable attitude from the current administration toward "openness" meant that I (and I think Mr. Wennergren) felt a pro-open memo would be well received, but we didn't consult with the WH, nor does the WH get that deep into agency policy - even for an agency as big as DoD. If the WH wanted to push po
Re: (Score:2)
Re: (Score:2)
The lawyers were by far the biggest delay.
The law grinds unbelievably slowly, especially compared to the rest of the Internet-addled world. One year to get the lawyers to agree to a memo like this is really rushing them.
Tech people are generally clueless about what happens when the lawyers get involved. Lawyers are trained to find problems, not to create new things such as software or services. They are trained very, very well. Things are rarely, if ever, perfect. Problems WILL be found.
Call in a lawyer, double the delivery time. That's my rul
Re: (Score:2)
I'm keeping my fingers crossed you people were able to put together a policy that's fair but also very open to OSS. And thanks for such a thorough reply.
LoB
Re: (Score:2)
(I'm former US military too, different branch)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
While parent's opinion is a little skewed, it's not as bad an evaluation as first glance suggests. I do really think the Bush administration was hostile to OSS, and the Obama administration is friendly towards OSS. Given one or more administrations friendly to OSS, anything may happen in the next several years. Advances equivalent to the past 8 years may only take 2 or 3 years. Once OSS gains a little momentum, well, just use your imagination.
And, the payoff may be decades away. There are a number of f
Re: (Score:3, Funny)
the government is acting intelligently. I feel strange.
Maybe they have been taken over by aliens.
Re:This is very odd... (Score:5, Insightful)
The government has always acted in its own interests. Perhaps they have realised that releasing software as OSS suits their purposes.
Re: (Score:2)
Nah they'll help you. Whether you like it or not.
Re: (Score:2, Insightful)
The government has always acted in its own interests. Perhaps they have realised that releasing software as OSS suits their purposes.
People have always acted in their own interests. A good government (one that is of and by the people) acting in its own interest is acting in your interest as well.
Not saying this is always the case, but it does happen. Using your money to develop software that is licensed for you to use freely is a good example.
Re: (Score:3, Insightful)
Good governments are rare if not non-existent. When you empower one group to rule over another, the temptation to use that power to benefit the ruling group is very strong.
Re: (Score:1)
Re: (Score:2)
The government has always acted in its own interests.
oh, citation needed big time. maybe this is true in some communist/fascist dictatorships, but i really do like to believe (and i see evidence that supports this belief) that in first-world countries with constitutions and functioning legal systems, the government is mostly a government of the people, by the people and for the people.
Re: (Score:2)
Wait... we didn't?
Re: (Score:2)
I agree with you. But I should point out that like millions of other folks in small town/rural America, both my fire protection and ambulance service are provided by volunteer organizations. The municipal government does do police and roads, but smaller towns hire out their policing from the state government (Unlike most of the country counties don't amount to much in New England). I suppose they could rent cops from Brinks et. al. although I for one much prefer my police not be models of the free enterp
Re: (Score:2)
I like how you made up half your story. Like the bit about everything needing activation. You know, no paid Microsoft developer tools need activation (developers may be the only group Microsoft treats relatively decently, but I digress).
Your stuff about ASP.NET is a lie too. Or rather, it takes as long to spin up the ASP.NET runtime as the Java or ColdFusion runtimes. Of course, ASP.NET isn't Open Source so clearly it's not good enough for you.
Re: (Score:1)
Maybe related to this in UK?
Windows for Warships:
http://www.theregister.co.uk/2009/01/15/royal_navy_email_virus_outage/ [theregister.co.uk]
NMCI (Score:5, Insightful)
I think at least 50% of the technical people in the Navy and Marine Corp would like to see (the next version of) NMCI switch to an open-source OS.
At least they can always dream...
Re: (Score:2, Insightful)
Are you KIDDING me? The SAME people forcing me to use IE6 want me to use OSS??
Re: (Score:3, Interesting)
Re: (Score:2)
I wouldn't complain to much about getting all the right tools for all the wrong reasons; better than all the wrong tools for the wrong reasons.
Yes, but from what I've heard, NMCI is providing all the wrong tools for all the wrong reasons.
Re: (Score:3, Interesting)
I am a contractor on an Air Force project. My facility is up to IE 7 and windows Vista. IE 8 is strictly forbidden, and firefox is not approved for use on the project, though it works just fine with the exception that the default font is a little to small to comfortably read.
But ... (Score:2)
>and recommends that in certain cases the DoD release software as OSS.
How can the DoD release software under a copyleft license when the federal government is incapable of holding copyrights in the first place? I thought it was all automatically PD if it's not secret? Not that that's stopped anyone from asserting copyright when it suits them.
Re: (Score:1)
Because the code will be developed by an outside contractor, and the copyright will be held by them.
Re:But ... (Score:4, Insightful)
Anything funded by the federal government including private work should be considered the property of the people and thus released into the public domain.
We, the public, should not be expected to pay twice for work done by the private sector. Either we pay for the work and have all of it released for us to utilize or the work remains proprietary and receives no funding from the public.
Re:But ... (Score:5, Informative)
No software these days is developed from scratch, and the Government would be paying way, way more if it tried and probably getting significantly worse products. Most major programs utilize some proprietary code, for which the Government pays for "Government Purpose Rights". That means that the Government can use the software and often even demand the source code and deliver it to other contractors. But no one is allowed to use it for non-Government projects without contacting the original author and attaining their own license. It's kind of a Government version of dual-licensed open source.
Re: (Score:2)
Re: (Score:2, Interesting)
For the Defense Department, the contractor typically retains the copyright to whatever they develop, and the gov't gets "government purpose rights" to it, or in some cases "unlimited rights". This is the way rules are laid out in the Defense Federal Acquisition Regulation Supplement. The DFARS read they way they do because Title 41, US Code says it should be that way. (Or in some cases, Title 10).
Individual procurements can be different, depending on the negotiated terms of the contract. The DFARS speci
Re: (Score:2)
Keep in mind that most gov't employees (and most gov't contractors) have never actually seen a real contract, much less read it. That's what lawyers and contracting officers do... so program/project managers frequently don't actually know what intellectual rights they own.
Not so in my experience, project managers will find out 'what's in the contract' if the contractor is claiming rights to the code just as soon as they try to re-bid the contract and ask the incumbent to hand over their code.
This was on the civilian side and contractor claimed all the code belonged to them. FAR said anything they brought from in-house previously developed and re-used on our project remained property of the contractor. Almost nothing was re-used.
We also had lots of contractors refusing to do
Re: (Score:3, Insightful)
Re: (Score:2)
Anything funded by the federal government including private work should be considered the property of the people and thus released into the public domain.
I'll generally agree with you, but there is privately developed software in use by the government, and the military in particular that isn't going to be released on the basis that releasing it would help our enemies more than it'd help citizens of the United States. Stuff like nuclear explosion simulation programs, ballistic missile targeting/flight programs, etc...
Now, things like the NSA linux build is available [nsa.gov].
There's other software available, if you know where to look, but most of it isn't that useful
Government-developed unclass: Default OSS (Score:2)
I make a similar argument in "Government-developed Unclassified Software: Default release as Open Source Software [dwheeler.com]" - if "we the people" paid to develop software, then by default "we the people" should get it. This was one of the proposals in the open government dialogue [ideascale.com], and many people voted for it.
I don't think that EVERY program funded by the government should be released to the public. If it's classified for good reason (say, its purpose is to explode a nuclear bomb), then I think it should definite
Re: (Score:3, Informative)
Government agencies are required, IIRC, to respect* private copyrights, and releasing software that is derivative of private works that are under a copyleft license under the same license might be consistent with (and might even be necessary, if the software is released at all, to comply with) those regulations.
* As I understand, its not bound in the same way a private
Re: (Score:3, Interesting)
Come on! I like the GPL as much as any other free-software-loving-commie but even I don't think OSS==copyleft. Public domain, along with BSD and MIT type licenses are recognized as open source (heck, software released under them is even recognized as "free" by the free software crowd).
Re:But ... (Score:4, Insightful)
Just because the DoD develops software doesn't mean they have to release it at all. You can request the software under Access to Information (FOIA in the US, I think?), but they can always cite national security reasons for not releasing, say, the guidance code for the Tomahawk missile.
Without having read the memo in full, I would presume that they're talking about what license to use when releasing stuff. I'd sincerely doubt that they would use something like the GPL/LGPL to release code, but there are other open source licences that are more in line with what the government does. The ones that leap immediately to mind are the BSD and MIT licenses, both of which had their births in the need to keep government-funded developments in the public domain.
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Insightful)
Congress shall have the power ... To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries
Hmm... I think it has everything to do with copyright protection.
"securing for limited time" is the operative clause to the subject of the law being to "To promote the Progress of Science and useful Arts". The GPL is not only very clear about the when and how of exclusive control, but has in part been critical in maintaining law that has almost been completely lost to an age of fascism and tyranny.
good site:http://www.techdirt.com/articles/20080220/020252302.shtml
Re: (Score:2)
Yeah but you must hold a copyright in order to put a license on the code in the first place. And my understanding (possibly out of date and/or misinformed) is that US law forbids the federal government from holding copyrights, for the reasons that wizardforce said (WE paid for it so it already belongs to all of us). Controlling distribution is exactly what a license does, since by default, copyright law basically says "no copying!" -- so the license gives conditions under which the copyright holder will a
Federal Government can hold copyrights (Score:2)
there's a few useful bits of software already (Score:5, Informative)
In addition to using externally developed free software, various parts of the military have periodically released and continued to support some decent bits of software. BRL-CAD [wikipedia.org] is from the Army Research Lab, and Delta3d [delta3d.org] is from the Naval Postgraduate School, to pick two examples off the top of my head.
Re: (Score:2, Informative)
SimKit, Discrete Event Simulation Library, also from the Naval Postgraduate School....
http://diana.nps.edu/Simkit/ [nps.edu]
Sean
Re: (Score:1)
In another instance,
Nicholas Harbour, who at the time was working for the Department of Defense Computer Forensics Lab (DCFL [dc3.mil])
wrote a loving modified dd [linuxquestions.org] that writes to multiple files and streams to multiple programs at the same time. The program, dcfldd [sourceforge.net], also introduces the sorely missed VERIFY operation, and even block-by-block hashes, ( dcfldd Man page [die.net])
Maybe someone will combine this with dd_rescue [garloff.de], ddrescue [gnu.org] and dd_rhelp [kalysto.org] to make the ultimate "Convert and Copy" [roesler-ac.de] utility :-)
Ah and I can dream of SCTP support [wikipedia.org] too :-)
Re: (Score:2)
Open Scene Graph is also heavily utilized by a lot of military sim software.
I know in my old government contractor job we used and contributed to probably ten or fifteen different open source projects.
Mil uses lots of Linux and BSD (Score:3, Informative)
Re: (Score:2, Insightful)
Crash! (Score:4, Funny)
And thus another chair is thrown in Redmond.
Re: (Score:2)
How goes the saying: Every time you throw a chair, somewhere, a Windows system crashes... or was it the other way around...?
Re: (Score:1)
Re: (Score:3, Informative)
Holy SHIT chair-throwing jokes are old... and weren't even that funny to begin with...
Re:Crash! (Score:5, Funny)
Re: (Score:2)
Zunes are binging and squirting? eep.
C'mon Steve (Score:5, Interesting)
We think it's funny. We know you don't think it's funny. That's part of why it's funny. You want to fucking kill google, and all you can do is thrash furniture. Your team can't even keep a fucking SideKick working and you want to take on Android. What is it, a decade of WiMo, and 6.5 is the best you can do?
Get over it. You're Wile E. Coyote and Google is your Roadrunner. That's some funny shit there. If they call their app store ACME that would complete the joke. Somebody get Sergey on the horn.
Re: (Score:2)
As much as I would love to see that, they'd run into trademark conflicts with the ACME grocery store chain.
Re: (Score:2)
No, no, they really aren't. They're as funny as RMS-bath jokes, which is to say not.
Re: (Score:1, Funny)
Re: (Score:2)
You say I'm pathetic, yet...
Irony.
Re: (Score:1)
This is great... (Score:5, Interesting)
Re:This is great... (Score:4, Informative)
Re: (Score:1)
openfiler.com offers support for openfiler - the open source iSCSI SAN.
No, I do no business with them. But there's a lot of folk excited about this at work.
Re: (Score:1)
Shameless plug (Score:3, Interesting)
Re: (Score:2, Interesting)
Hell, I warned them about the trap of commercial software when it was fairly new.
People don't really remember that almost all software used to be FOSS.
Some Points on the Memo (Score:5, Informative)
Most government program/project managers are very slow to try new things like OSS. Generally, this is not due to laziness or not being technically up to date, but rather because the number of rules and regulations that they can get hammered for failing to follow is so large that they tend to continue to follow a safe path unless it is incredibly clear that they won’t get in trouble. This memo is designed to give top cover and make clear to all PM’s that using OSS is more than acceptable, it is actually preferred.
1) Although I can't say for sure how much the new administration's personnel in the Pentagon had to do with being signed, it probably was very little since the memo had been in production for years (rumor was that Dr. Pepper was going to give a free soda to everyone if it came out before 2010, but I don't think that's true). Over beers, one of the people involved with its writing told the story of being asked whether the memo would be out before Thanksgiving and responding, "Without a doubt." That was in 2007!! It probably emerged more from the "Open Technology Roadmap" by John Scott, Mark Lucas, and JC Herz for Sue Peyton in 2006 than any political changes.
2) Much of the memo just clarifies parts of the DoD's official position on OSS, especially areas that were major targets for FUD by contractors who are trying to sell proprietary systems to the government. For example, they would claim that procurement law requires commercial software to be used, and OSS wasn’t COTS. This was addressed by the 2003 memo, but still the misinformation persisted. Additionally, procurement law requires that software either be warranted or the source code available. Vendors would claim that since OSS isn’t warranted, it couldn’t be used, neglecting the second part of the requirement about source code.
Re: (Score:2)
Over beers, one of the people involved with its writing told the story of being asked whether the memo would be out before Thanksgiving and responding, "Without a doubt." That was in 2007!!
So, which Thanksgiving were you thinking he was referring to?
ABOUT TIME. Too many confused auditors in the DoD (Score:4, Interesting)
I had been having ongoing arguments with auditors and DoD scanners about Open Source Software versus "freeware" - it's free, so that means it's Freeware - right? Finally, Daniel Risacher from the "Defense Department's Office of the Chief Information Officer" made this announcement. [gcn.com]
Reading that, I got all excited...and waited patiently. For a bit. Finally, come April, I emailed him directly with this question:
At a RedHat conference on Oct8, 2008, you made a comment that the DoD would further clarify that OSS is not the same as Freeware/ Shareware, for those who are still confused about the subject. We are currently undergoing an audit, and are being told that we can't use various products because they are "shareware" - specifically, mysql was on the hitlist. Discontinuing use of mysql would be an engineering nightmare for us, esp since anything else would also be "freeware" according to the auditors.
Of course, 8500.2 says that we can't use shareware because we don't have access to the source code, and we obviously have access to the code of open source products. I can't find the memo that you mentioned would be coming soon - has it been released?
To which he responded:
From: Daniel Risacher ((redacted))
Sent: Monday, April 06, 2009 3:54 PM
To: Brian LaMere
Subject: Re: OSS in DoD?
The memo is essentially finished, but stuck in an near-endless do-loop of executive-level staffing.
Forward the names of any gov't personnel who are giving you trouble to my work email: ((redacted)), and I'll try to talk to them.
Wow...that was back in April. Things sure do move fast around there ;)
There are countless documents that say so many different things, compounded by the fact that there are a multitude of auditors who have been trained that "Open Source" is "Freeware." And since "Freeware" is disallowed according to 8500.2, they then decide that "Open Source" is too. Nevermind that the Linux kernel is Open Source, no - they would pick and choose randomly which software we could and couldn't use. On a whim they'd suddenly decide mysql was no longer ok, no matter what evidence I could provide otherwise.
G-d, how I miss that circus.
Anything written by gov't employees is Pub. Domain (Score:1)
Hmm, for us non-Americans... (Score:1)
When I contribute to OSS projects I like to think of it as doing some work for the good of the global community. What I don't like to think of it as, is to work for a foreign military for no pay. Actually I think i rather have foreign military spend some more on programmers and have less over to spend on bombs and soliders.
Is there some alternative OSS license that don't allow the software to be used for military purposes?
Re: (Score:2)
Happily, since you released your contribution for free, your software that got used by military X also got used by military Y to nullify X.
The two waves cancel each other out, leaving a calm space where your code lives on doing some good.
Re: (Score:1)
Here's a template for a C or C++ program:
Now any government agency can take that template, expand it to do anything they want, and it's GPL rather than public domain.