Forgot your password?
typodupeerror
Software Government The Military News

Congress Endorses Open Source For Military 145

Posted by kdawson
from the because-it's-better-that's-why dept.
A draft defense authorizing act in Congress includes wording plugging open source software. It seems both cost and software security were considerations. This is an important victory for open source. "It's rare to see a concept as technical as open-source software in a federal funding bill. But the House's proposed National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for military services to consider open-source software when procuring manned or unmanned aerial vehicles."
This discussion has been archived. No new comments can be posted.

Congress Endorses Open Source For Military

Comments Filter:
  • Face it, when you need a real time operating system, Linux is not the choice of a new generation.

    Information servers, fancy GUI update stuff, maybe. Missiles and flight control systems, not so much.

    • Re: (Score:1, Informative)

      by Anonymous Coward

      I work together with people that work with real-time control systems (mostly for particle physics data aquisition, ALICE detector at CERN). They say "OS? Linux, of-cource! WxWorks is not much used, to much hassle)

      Notably, ALICE has a lot of "onboard" Linux computers (with onboard FPGA's I think). This is possible in this experiment, as the radiation levels are much lower than ATLAS and CMS - but there is much more data per collision, so they need fast and smart triggers as close to the metal as possible.

    • Re: (Score:2, Informative)

      by Waste55 (1003084)
      Agreed. Even in the commercial and space world Greenhills RTOS is one of the most widely used since it is flight certified already.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Linux is not the choice of a new generation.

      Posting anonymously...

      I know of at least one embedded real time platform that fly's using none of the cruft from GHS or VxWorks. This platform leverages GCC for compilation and GDB for debugging.

      I know of another embedded real time platform that is used in military communications that DOES use GHS cruft.

      The most compelling evidence that I know of not to rely on GHS... there were software bugs in it that were discovered, isolated, and patched under the support agreements. There have been no such bugs

      • by idiotnot (302133)

        FWIW, A lot of the stuff I'm seeing lately for RT is LynxOS. I guess they have a linux compatibility layer ala AIX, NetBSD, OpenBSD, etc.

    • I know many examples that use Linux - it is my job. I also know many projects that are over budget and under performing that use VxWorks.
    • What about eCos?
      http://ecos.sourceware.org/ [sourceware.org]
  • Nice to see (Score:5, Insightful)

    by Nerdfest (867930) on Friday September 26, 2008 @10:39AM (#25166847)
    that government is realizing that security through obscurity is not a good plan.
    • Re:Nice to see (Score:5, Insightful)

      by stoolpigeon (454276) <bittercode@gmail> on Friday September 26, 2008 @10:43AM (#25166907) Homepage Journal

      My guess is what you have here is a good indication that some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product. Not new insight or greater education on the part of law makers.

      • My guess is what you have here is a good indication that some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product. That could be, it is still a very good thing.
      • by jc42 (318812)

        ... some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product.

        Or perhaps some of the security guys got through to them, and hit them with the rather old observation that if you have any security concerns, you don't run any software unless you have all its source. And you've compiled it yourself.

        It's sorta bizarre that this would even be a question with the military. Would they buy a vehicle or weapon with "no user-serviceable parts"?

    • Re: (Score:3, Insightful)

      by Daimanta (1140543)

      No, they are probably realising that $700 needs to come from somewhere so they might as well use open source software instead of buying licenses.

      • Re: (Score:2, Informative)

        by moose_hp (179683)
        Open source != Free (as in "free beer") licenses
      • Re: (Score:3, Insightful)

        by n3tcat (664243)
        not likely. $700 is practically nothing. ever see how much money the military spends on printer cartridges? it's more likely that OSS is easier to switch vendors later on without getting locked into an expensive position.
      • Re:Nice to see (Score:4, Informative)

        by DerekLyons (302214) <fairwater@gmFREEBSDail.com minus bsd> on Friday September 26, 2008 @01:14PM (#25169053) Homepage

        No, they are probably realising that $700 needs to come from somewhere so they might as well use open source software instead of buying licenses.

        Except that the kind of software in the bill in question is rarely licensed - it's tactical software, not admin software. Specialized tactical software is usually purchased outright. (Not to mention that the Federal Government undoubtedly gets significant discounts from vendors for per seat licenses and support.)
         
        That being said, there's much less here than meets the eye. Like many other extremely specialized problem domains, there almost certainly isn't any FOSS to be considered for use. This goes double since this almost certainly is an embedded system, not a PC, with the operating hardware, computer hardware, OS, and applications tightly bound and integrated. (In the systems like this I worked on while I was in the Navy, the line between OS and application was a wide grey area - in some ways they were virtually the same.)

    • by nospam007 (722110) *

      >that government is realizing that security through obscurity is not a good plan.

      Yep, intelligent bombs and cruise-missiles for the masses.

  • new clause? (Score:3, Interesting)

    by BountyX (1227176) on Friday September 26, 2008 @10:44AM (#25166915)
    I wonder if this will cause new clauses in gpl terms similar to commercial usage clauses preventing the support of any millitary, etc?
    • Re: (Score:3, Interesting)

      by Progman3K (515744)

      >>I wonder if this will cause new clauses in gpl terms similar to commercial usage clauses preventing the support of any millitary, etc?

      I doubt it.
      The FSF will be more interested in the other side having the same access.
      Freedom for all, even your enemies.

    • Re:new clause? (Score:4, Informative)

      by chromatic (9471) on Friday September 26, 2008 @11:30AM (#25167607) Homepage

      Considering that would violate the OSI guidelines (and contradict the GPL FAQ), probably not.

    • Re: (Score:3, Informative)

      There are no commercial usage clauses in any version of the GPL. The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

      There are terms in some free and open source licenses that make certain business models impractical, but nothing that would restrict any area of use.

      • The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

        The Affero GPL has usage clauses and is endorsed by the FSF.

        • by BruceCage (882117)

          Could you elaborate? As in, point to the relevant sections of the license. Even though the license is quite readable, I'm not entirely willing to spend an hour or so analyzing it.

          I can only guess that you're referring to the fact that the Affero GPL considers providing users access to a running application over the network as distribution.

          If that is the case I have to disagree on this being a usage clause (see the GPL FAQ [fsf.org]).

      • by mi (197448)

        The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

        Profit is not everything. My little project [virtual-estates.net] may be for sale, but I will not sell to anyone owning a Che Guevara T-shirt, for example.

  • by CSMatt (1175471) on Friday September 26, 2008 @10:44AM (#25166921)

    You can be sure that Microsoft and other proprietary companies will be fighting tooth and nail to remove this provision.

  • GPL'd software (Score:3, Insightful)

    by DodgeRules (854165) on Friday September 26, 2008 @10:48AM (#25166981)
    If the Government uses open source code that is under the GPL license, and modifies it to include some security or other feature that is considered to be under the umbrella of "National Security", are they required to provide the source code to terrorists so they can attempt to crack it?
    • Well, given that security through obscurity is a doomed strategy, would that be so bad?
    • Re:GPL'd software (Score:5, Informative)

      by Flying Scotsman (1255778) on Friday September 26, 2008 @11:00AM (#25167155)

      are they required to provide the source code to terrorists so they can attempt to crack it?

      From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists. If the changes are internal-use only, there isn't a GPL conflict by not distributing the modified source.

      • by tobiasly (524456)

        From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists. If the changes are internal-use only, there isn't a GPL conflict by not distributing the modified source.

        I'm sure that they will be "distributing modified binaries to terrorists" at about 500 MPH :)

        If they drop a smart bomb on someone that uses open source software in its circuitry, I'm guessing that's much like running GPL code on your webserver, and considered internal use only. Now if they use code under the Affero GPL [fsf.org], that could be interesting!

      • From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists.

        The US air force drops a bomb on my wedding party in the belief that it is a terrorist training camp. The bomb is a dud, and it fails to explode. I now have in my possession an unexploded bomb with embedded, Pentagon-modified GPL software.

        Are the Pentagon now required to furnish me with a machine-readable copy of their source code?

        The question would, I suppose, depend upo

    • This is a big deal with FOSS code in the military sector. Whoever leverages the code (read is familiar with the license) is not the person who "owns" the code, nor is likely even remotely influential about its release. Essentially anything that binds you to contribute modifications back to the community is right out. It isn't the contractor's code to release, it isn't truely the military's code to release (although they have procedures for it), it is the taxpayers' code. Because of that there is a bunch
      • Re: (Score:3, Informative)

        by Zero__Kelvin (151819)

        "Essentially anything that binds you to contribute modifications back to the community is right out."

        So the GPL is a perfectly viable option, then ...

    • by NtroP (649992) on Friday September 26, 2008 @11:01AM (#25167185)

      If the Government uses open source code that is under the GPL license, and modifies it to include some security or other feature that is considered to be under the umbrella of "National Security", are they required to provide the source code to terrorists so they can attempt to crack it?

      Depends. If my company uses OSS in an internal application, I don't have to release the changes back to the public. But, if my company were to distribute a product that uses it we'd have to provide source code.

      I'm assuming that the military would not have to release source code in UAV's because they tend to get those products back and therefore it would be an internal product or application. They'd have to release the source for any bombs or missiles though because they are delivering that product to the public.

      • by internerdj (1319281) on Friday September 26, 2008 @11:06AM (#25167285)
        Easy. Just tape the listing to the front of the bomb.
      • by Zero__Kelvin (151819) on Friday September 26, 2008 @11:22AM (#25167513) Homepage

        "They'd have to release the source for any bombs or missiles though because they are delivering that product to the public."

        You must work at Microsoft. Destroying someone is not considered to be analogous to "delivering a product" to someone anywhere else on the planet as far as I am aware ;-)

        • If you think the presence of the word moron in a post magically makes it flamebait, please read the moderator guidelines

          From the "Important Stuff" written below the old comment-posting form:

          Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated.

          You were fairly warned.

          • My post is currently modded +2 Funny, your post is off-topic, my karma is pegged, and my SlashID is much lower than yours.

            I'll try to work up a shudder ...
      • Re: (Score:3, Funny)

        by Ioldanach (88584)

        I'm assuming that the military would not have to release source code in UAV's because they tend to get those products back and therefore it would be an internal product or application. They'd have to release the source for any bombs or missiles though because they are delivering that product to the public.

        No, you're mistaken. The source for bombs or missles is part of the delivery system, much like the source code in a UPS driver's tablet computer, it is not intended to be consumed by the public. The appl

      • Oh, man, you just made me snort my Coke. I'll use that story at the next SDR where someone asks about the GPL!
    • Re: (Score:3, Insightful)

      by geekoid (135745)

      No, in fact if the change a version of Linux and claim they can't release it for national security, then they wouldn't release that.

      Not really a problem.

    • Re: (Score:3, Insightful)

      by Phroggy (441)

      Only if they redistribute their modified version.

      And no, distributing it internally within the military does not count as distribution.

    • by evilviper (135110)

      are they required to provide the source code

      This is the US Military. If they decide to use your software, you ASK THEM NICELY to follow the copyright terms.

      They have an awful big club to wield in all three branches of government... You could well see The President being awoken at 3am to order Congress into an emergency session, all to pass a law that says the GPL doesn't apply to the US Military

      Just ask Marconi... He decided the US Mil should pay patent license fees to him, on all those radios they used

    • by jambarama (784670)
      The government has sovereign immunity. Except where the feds (even the states) explicitly permit lawsuits, they cannot be sued. Congress has not abrogated sovereign immunity over copyright infringement. Thus the Feds can violate the GPL with impunity.
  • The real question (Score:1, Interesting)

    by Anonymous Coward

    The real question is what company is trying to sell UAVs to the government, and is offering open source. My guess is one of the small Israeli companies managed to get this put in the appropriations bill to help them.

  • by fragbait (209346)

    Perhaps it'll show up here one day.

    Federal Enterprise Architecture [whitehouse.gov]

    -fragbait

  • by xgr3gx (1068984) on Friday September 26, 2008 @11:02AM (#25167217) Homepage Journal
    In order to try saving money, they'll probably do something really stupid that will end up costing them money.
    Like setup a Linux environment, and realize they have some old, critical, archaic, crappy piece of software that only runs on Windows NT.
    So they'll get some virutualization software inorder to run Windows on their new Linux servers in order to get that old app running.
    So they'll virtualize a bunch of old NT boxes, only to find out app doesn't work well when running on virtualized Windows.
    So then they have to install new Server 2008 boxes to run the old app, only to find out the old version of that app won't run on Windows versions newer than NT 3.5.
    So now they pay millions for a new version of said critical app.
    Then they realized the new version of the app has a Linux version.
    Then some figures out that the old app could have run under WINE.
  • by rgo (986711) on Friday September 26, 2008 @11:03AM (#25167225)
    Microsoft reacted signing a 10 year collaboration agreement with Al Qaeda. Together, they will develop WMD...



    Windows Media player Deluxe.
    • Microsoft {...} will develop WMD {...} Windows Media player Deluxe.

      I'm sure this will probably infringe several parts of the Geneva convention about "cruel and inhumane treatments".

    • by couchslug (175151)

      "Microsoft reacted signing a 10 year collaboration agreement with Al Qaeda. Together, they will develop WMD... "\

      Poor Al Qaeda. They have never dealt with anyone that ruthless...

  • technical? (Score:2, Insightful)

    by jipn4 (1367823)

    It's rare to see a concept as technical as open-source software in a federal funding bill.

    Open Source is a legal and business concept. You'd hope that a few hundred lawyers would be able to figure that one out.

    • It's rare to see a concept as technical as open-source software in a federal funding bill.

      Open Source is a legal and business concept. You'd hope that a few hundred lawyers would be able to figure that one out.

      I'm guessing the editors/writers (and maybe readers) of Government Computer News don't get out much. Federal funding and appropriations bills routinely address technical issues in the manner they do here.

  • by RobBebop (947356) on Friday September 26, 2008 @11:25AM (#25167545) Homepage Journal

    I already see some misunderstanding in other threads in this conversation. (a) people say the military won't give back the changes they make to GPL software. (b) people say that because it is GPL, the "bad guys" will get it.

    For the first point, the GPL does not require changes to be merged back into the main development area. It allows (and encourages) projects to FORK the source code into new projects when different applications are desired. This keeps the original projects clean from "feature creep" and gives the different (competing) development teams control of their own development. The limitation that the GPL imposes is that if an organization wants to DISTRIBUTE the executable versions of their software, they would need to include an offer to distribute the source as well. Since it is not in the US military's interest to distribute their software, there is no real concern of (b) the "bad guys" getting the software.

    In that vain, the "bad guys" would have access to the baseline version if they can figure out what software has been forked into military applications. If the US military is foolish enough to operate this using defaults that are hackable, then it serves them right. I personally think that they are more qualified than that.

    A last concern is (c) THIS IS BEING FUNDED BY TAXPAYER MONEY AND IT SHOULD BE OWNED BY THE TAXPAYERS. This is false. I mean, the funding does come from taxes, but the public has no more of a claim for software that is developed for military applications using FOSS software than they do over the software, hardware, and designs of any other piece of military equipment ever designed. These instruments are created for the purpose of providing national security. If the designs were made public, then security WOULD be compromised. Ergo, in the interests of national security it's important for that information to be kept private.

    Final point, the GPR (Government Purpose Rights) license. This is a thinly veiled government source license that I have seen the military force on subcontractors in recent years to force Boeing, Lockheed, and all the rest to "play nice". The GPR license is a requirement on contracts so that the government gains the right to send software developed by Lockheed over to Boeing for further analysis. Believe it or not, frequently in legacy codebases you see "Proprietary of XYZ Corporation" and for the most part the government tries to acknowledge these rights. However, they realize that many things are developed over and over again by different companies because they are prevented from leveraging off of each others work (at the cost of the taxpayers). It is encouraging, therefore, to see the government prevent this with GPR.

    • by db32 (862117) on Friday September 26, 2008 @01:23PM (#25169217) Journal
      More to the point is that military developments almost without fail make it into the public if they have a significant public use. Flight, radar, medicine, etc. Hell, the military has probably had the best return on investment of any government run endeavor. So many people bitch about the military, but it was military members that were first putting their lives at risk testing things like supersonic aircraft and space travel. Guess who had the joy of being the human guinea pigs for things like the Anthrax vaccines.

      If you really wanna bitch DARPA will take their internet and go home...
    • by BruceCage (882117)

      For the first point, the GPL does not require changes to be merged back into the main development area. It allows (and encourages) projects to FORK the source code into new projects when different applications are desired.

      Note the emphasized bit. I'm certainly not aware of this. Forking might be unavoidable in some cases, but as far as I know the GPL (the license) doesn't actually have an opinion on the matter.

  • DoD and DND has been using Linux for many years. Nuff sed.
  • I don't know about the other services, but the Army has been using FOSS for years, especially Linux. They already have UAVs running embedded Linux, and they have worked for years, successfully, I might add, to make their web sites compatible with different platforms. I have been using Linux as my primary OS since 2000 and never had any problem using an Army site. This is just so some Congress Critters can court the geek vote by claiming to push FOSS in an environment where it is already widely used. There w
  • I look at this and wonder why open-source has to be specifically endorsed by congress for the military to consider it. The military should consider technologies based on their merits. Does Congress need to pass a bill that endorses C++ applications, or closed-source applications? Military and government have used open source software for years with things like SE Linux. I won't complain about the text being in there, but it is indicative of the wrong mind set.

  • If you read the bill - as I have for the past 15 minutes - you wil learn that most of it is about "open source intelligence", which gets discussed as ways to gather info from publicly-available sources: websites, chat rooms, etc.

    Open source software code is also included, but does not appear to be the main focus. Additionally, I would expect that for national security reasons, the govt. may slurp open source tools into their mix, but I would not expect them to share much. I do believe they may be exempt fro

  • by ChrisA90278 (905188) on Friday September 26, 2008 @01:01PM (#25168841)

    Most all the software I develop goes to the US government, mostly the DoD. I've been using Open Source for well over 20 years now. I don't think it was called "open source" back then but still much of it was.

    You have to remember that government contractors and universities had access to the Internet starting back in the late 1970's and were on USNET long before there was a web.

    I'm certain that the government and military were the second users of open source universities being the first users. Only after the web got popular did open source spread out into the rest of the world.

  • This is actually a far bigger deal than just some minor win for the open source. Most people don't understand that government software projects are their own huge industry. Whenever the military has a need for a specific application that doesn't exist (or even sometimes does), they solicit bids for the solution. These solutions are often something that many of us here can whip up in a weekend of hard coding, but because of the way government projects work, the company who wins the bid usually complicates th

  • by joeljkp (254783)

    As another data point (and one that's more predictable than the military), NASA actively recommends open source software for its software solicitations.

Support bacteria -- it's the only culture some people have!

Working...