Open Source Software In the Military

JohnMoD writes With the advent of forge.mil, etc. the military seems to be getting on board with free and open source software. A working group meeting is going to be held at Georgia Tech in Atlanta, August 12-13, 2009. There's a pretty good lineup of speakers including a Marine from the Iraq-Marine Expeditionary Forces, who was on the ground and saw the agility open source gave to him and his soldiers. A number of OSS projects are going to be meeting there: Delta 3D, OpenCPI, FalconView, OSSIM, Red Hat, etc. Looks like there will be some good discussions."

This proves it!

[Anonymous Coward]

See; with the military now realizing the destructive potential of OSS people hopefully now realize the true danger posed by this dangerous concept!

You would think that it is only the Americans...

[Anonymous Coward]

Who are fighting in Iraq & Afghanistan.
There are soldiers from many other countries who are fighting right alongside the US Forces.
Personally, I regret the loss of the lives of any service personell regardless of which country they are from.

Re:

[Anonymous Coward]

Anyone who doesn't regret the loss of lives of all soldiers no matter what country, should be dead.

Anyone that doesn't respect all lives should be killed.

Re:

[GigaplexNZ]

Anyone that doesn't respect all lives should be killed.

By someone who respects lives.

Re:

[kdemetter]

Is this some elaborate plot to kill everyone who respect lives ?

Re:

[__aapspi39]

I'm with FurQ on this sort of issue(http://www.youtube.com/watch?v=b_aU3TeDMnE/ [youtube.com])

"you can't kill everybody, because you wouldn't have anybody left to respect..."

Re:

[__aapspi39]

apologies - http://www.youtube.com/watch?v=b_aU3TeDMnE [youtube.com]

Re:

[SpoodyGoon]

I can tell you as an American I have not forgotten the troops from other countries that work along side our troops. Maybe someone else has but not me.

Re:

[Nathrael]

It is sad to see that being supportive of one's country is now regarded as troll-ish on Slashdot.

Patriot != bigot

[Hognoxious]

In my opinion it should be. It means being negative about the rest.

Really? So if you love your [hypothetical, I know] wife, it means you hate all other women?

P.S. Some guy by the name of John J Dwyer called...

Re:Patriot == bigot

[sourICE]

If your wife hates all other women and you love your wife enough to believe in every ideal she believes in without question, then yes you hate all other women.

If you follow your country blindly while it creates war with others over possibly meaningless matters or when there are other options besides war and you never once question it then you are a bigot.

-

dunno.

Re:

[sumdumass]

Man, you are working hard convoluting that to get what you want it to mean out.

You are even assigning attributes that aren't always there in order to do it. How proud you must be. Here is a hint, you don't need to be blindly obedient to be patriotic. You don't need to blindly trust or accept anything the country is doing to be patriotic. Only in your imaginary world is that true.

Re:

[xouumalperxe]

Here is a hint, you don't need to be blindly obedient to be patriotic. You don't need to blindly trust or accept anything the country is doing to be patriotic.

More to the point, most definitions of patriotism put the ideals of the country above the actions of the government.

Re:

[sourICE]

Here is a hint, you don't need to be blindly obedient to be patriotic.

I never once said that you have to be blindly obedient to be patriotic, I said that if you did then a patriot would == bigot. Ahh.. the wonderful invention of the 'if' statement. If only there were some equivalent in the English language, oh yes if.

Only in your imaginary world is that true.

I only wish that even half of all the bullshit I have seen in this world were imaginary.

Re:

[PopeRatzo]

I just hope it's easier finding drivers for nuclear missiles than WiFi adapters and video cards.

Re:

[Hognoxious]

What it is ain't exactly clear.

Re:

[K. S. Kyosuke]

And saving lives of yet others?

Re:Killing code?

[Anonymous Coward]

No you are wrong.

When Microsoft's products crash (guidance tracking on cruise missiles) THEY SAVE LIVES.

Re:

[Elektroschock]

Just use the EGPL

Done already

[hoarier]

PLA Daily [pladaily.com.cn] ("China Military Online") is brought to us by Apache, so it would appear that at least one military has already got on board with free and open source software. I'd guess that the PLA could deliver better coding value for money to the Pentagon than could KBR.

I'm in the Military,

[superslacker87]

and do I honestly think I'll ever see any of this stuff?

Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights. My MOS (job classification) is an E4 and out position. Basically I have no chance of attaining any leadership skills in my job. Big change from when I joined six years ago. I'm seriously considering leaving communications for something that I can actually advance in, even if I wouldn't be as happy in it, but I could

Re:I'm in the Military,

[qbzzt]

and do I honestly think I'll ever see any of this stuff?

Absolutely not. They have civilian contractors to do all the cool stuff. I'm a network administrator who is denied administrative rights

How many of those civilian contractors are veterans who used to do your job when they were in the military? Just because the government decided to use civilian contractors doesn't mean you don't have a career path, it's just not necessarily one that stays in the military.

Re:

[DrgnDancer]

Go to warrant officer school. Communications warrants do a lot of this stuff. I did quite a bit of network admin work as a communications officer too, but we were National Guard and I was mostly conscripted into that for my civilian skills. I don't think active duty communications officers get to do that much.

Re:

[kaiser423]

The Air Force just finished a program to open source Falcon View [falconview.org], which is about the coolest, most comprehensive mapping/GIS program out there.

The Alpha is still pretty rough, and a lot of the cool aerial refueling/bombing run tools are obviously not in there anymore, but it is a tool utilized widely in all the branches that just came open source. Big accomplishment if you ask me!

Not affiliated. I had utilized it extensively in the past, and was missing having it at my new contractor job....then the

Re:

[gandhi_2]

Did you use "blueforce tracker" or "FBCB2"? Then you HAVE seen it. It's BSD, X, and Gnome. There's tons of stuff in service like that.

And you sort of have a choice: leadership in the combat arms like the Infantry or technical skills in places like Signal. Or you can be a pouge who acts all hardcore, even though an 11B PFC has boots with more roadmarch miles than you.

Re:

[TehDuffman]

Or you can be a pouge who acts all hardcore, even though an 11B PFC has boots with more roadmarch miles than you.

Its POG (as in Person other-than grunt) not pouge... you obviously dont know what you talking about because grunts can barely read let alone follow /.

Also the only real grunts are Marines not soldiers (which the summary calls us) get a job boot.

Army Strong [photobucket.com]

Re:

[gandhi_2]

LOL...nice. But no, pouge wasn't an acronym. It was retroactively created by people who need acronyms to remember anything.

Like my buddy. He got kicked out of the marines. They caught him reading a book. "Hey, this thing ain't got no pictures!"

Marines are grunts like...the marines at JCOT? The travel agents of Iraq. Like the marines in the MCX? The sales associates "in country". Like the marines that bring the FOB mail around? And all the marines guarding the chowhall at camp cupcake and TQ?Semper Fool, dev [youtube.com]

Sorry, youngster

[Runaway1956]

"Basically I have no chance of attaining any leadership skills"

I fear that you don't understand what "leadership" is. If you wish to learn about leadership, and you are not learning, that is your failure, not the failure of the military, the boy scouts, an employer, or even your parents. I would ask first, how many courses are you enrolled in? If you answer "none", then it is obvious that you DON'T wish to learn leadership, but instead, you only want to bellyache about the military. Which is fine with m

Re:

[destuxor]

My MOS (job classification) is an E4 and out position. Basically I have no chance of attaining any leadership skills in my job. Big change from when I joined six years ago. I'm seriously considering leaving communications for something that I can actually advance in, even if I wouldn't be as happy in it, but I could be wrong about that.

I'm guessing you're a 25B in a Signal unit.

Trust me, there are a lot of ways you can learn leadership skills as an E-4. How many SOP's have you written? How many Soldiers h

Re:

[Hognoxious]

Never mind what he's done, can I have your recipe for acronym soup?

Re:

[destuxor]

Never mind what he's done, can I have your recipe for acronym soup?

Laughing out loud (literally)
;-)

Re:

[superslacker87]

25B - Information Technology Specialist
SOP - Standard Operating Procedure
SIGO - Signal Officer (Guy in charge of communications in a line unit, aka combat unit)
CDR - Commander
PL - Platoon Leader
BN - Battalion
BDE - Brigade
PLT - Platoon
DOIM - Directorate of Information Management
ESB - Expeditionary Signal Battalion
COMSEC - Communications Security
SIPRNET - Secure (or Secret) Internet Protocol Router Network (As opposed to NIPRNET, or as they call it now LandWarNet, AKA the Internet)
JNN - Joint Network Node
WLC

New kind of freedom!

[syousef]

Free as in speech.

Free as in beer.

Free as in free to blow the shit out of something.

Re:WOW

[betterunixthanunix]

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened.

Now, if the military is controlling the code that is committed to certain projects, that is another story. Then they can see enhanced security from day 1, by ensuring that every patch is thoroughly reviewed -- a much smaller task than trying to re-verify years of review from some other project.

Re:WOW

[symbolset]

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen.

Just because you're not doing it, don't presuppose that nobody is. The code review of all the major pieces is ongoing, extensive and in-depth. It's done for a lot of reasons: motivated self interest on the part of organizations with large user bases (NSA, .mil, governments, large corporates), product development (all the commercial vendors), security professionals (for experience props) and others.

Stuff does occasionally get through, but it's almost always pointed out and fixed right away.

One downside of commercial software is that code audits can only be done by two groups: the vendor and the black hats.

Re:

[betterunixthanunix]

That is a lot of code to try to audit, especially when a backdoor may be spread across many different modules. I saw an entry to the underhanded C coding contest that hid an information leak across 5 different sections of the program; the leak happened 0.5% of the time the code was run (on average), but it involved leaking the secret key for a block cipher. It could been even more well hidden, had there been more code available, as there would outside the constraints of a contest.

"Security professional

Re:

[rant64]

This is the reason why the NSA has never approved any computer system for handling all classification levels -- it is not economical to develop a custom system, but it is not secure to trust a third party system

Not true. The INTEGRITY [ghs.com] RTOS has been deemed EAL6+ certified by NSA, from what I've heard it has so little lines of code that auditing is possible.

Re:

[betterunixthanunix]

The last time I checked, the NSA still had not approved any single system to handle data at all four levels of classification, and they required that a single physical system could only handle two "consecutive" classification levels at a time (that is, one level directly below the other, so that TOP SECRET and SECRET could be processed on a single system, but TOP SECRET and CLASSIFIED could not). I would be very surprised if that has changed, since protecting against a covert channel puts requirements on t

Re:

[rant64]

Well, it's a very specific piece of equipment indeed. But I'm not in the US military and I have nothing to do with NSA, so please enlighten me what the use of such a device would be. As I see it, a SECRET system connected to a TOP SECRET system is no longer classified SECRET (and may not even connect if it's not accredited for the classification, and may not even be close to each other, in case of red/black). What environment would need a system that handles all classification levels? A more practical metho

Re:

[betterunixthanunix]

There are plenty of cases where a single system must handle multiple classification levels. For example, a manager at the CIA may need to handle TOP SECRET information about a spy in a hostile nation, and also UNCLASSIFIED information about some new equipment that is being procured in his department. It would be economical to have a single desktop for that manager to do his work, but since that range of information crosses all four classification levels, that is not allowed; it would be highly economical

Re:

[DeBaas]

It is funny that people assume that open source means more secure. It means more potential for security, since you can undertake an enormous, in-depth code review, but given the amount of code in some projects (the Linux kernel, Apache, etc.), that is not something that is likely to happen. It is not terribly difficult to hide a defect in some code -- a cool example of this is the Underhanded C Coding Contest, where the goal is to introduce a vulnerability in such a way that reading through the source does not give an obvious indication of what happened. (snipped the rest)

While I basically agree that it really means more potential for security you miss one point: human nature. With open source developers know some people will look at their code. And that means that they will make cleaner code. No matter how good of a developer you are, the awareness that someone else will look at it will make most developers take another look before releasing and make sure the code doesn't have embarrassing parts.
So even if no-one actually really audits or checks your code, the fear of havin

Open Source on the Sea

[Kavli]

Having worked for the Royal Dutch Navy for several years as a programmer and software architect, I'm impressed by their use of open source software on board their combat platforms. For instance, the Landing Platform Dock 2, HrMs Johann de Witt, uses GNU/Linux as a main component in the Combat Management System. Other platforms, including their submarines also uses various degrees of open source in combination with older proprietary systems.

Windows for destroyers (no pun intended)

[Ilgaz]

I would really love to hear your opinion about the other Royal (UK) navy's use of Windows on Destroyers and Nuclear submarines and even (kind of) bragging about it.

http://www.theregister.co.uk/2009/01/05/windows_for_warships_hits_type_23s/ [theregister.co.uk]

I mean, if it is not non ethical or anything else stops you.

What is your guess? Do they use Windows clients to a real operating system like UNIX or it is actually pure Windows? What would Dutch army/ask say if you went crazy and proposed using Windows replacing *NIX? They

Re:

[Kavli]

I won't start a discussion about the choice that the Royal Navy did.

All I can say is that the technical management at CAWCS/Force Vision never saw Microsoft as a viable alternative. At least as long as I was working there.
But sure, we used other operating systems as well. Among those OpenVMS and Solaris 7 and 8. Most of the development was done on Sun/Solaris.
We even had Windows systems for office support, but on a physically isolated network.

Disclaimer:
As a former external consultant I'm not speaking for t

Not Suprised

[shock1970]

I've been teaching Eclipse [eclipse.org] Plug-in and RCP development [avantsoft.com] to US Military and Defense organizations and contractors, as well as for the Australian government, for the past 3 years.

As long as the open source product can be proven as a secure technology, I don't see why the government wouldn't adopt it, especially if there are little to no licensing fees for its use.

NMCI

[DoofusOfDeath]

I know that a number of Navy scientists have scratched their heads regarding why the NMCI [wikipedia.org] abomination [nmcistinks.com] used Windows rather than Linux on the desktop.

I wonder if they'll smarten up when they roll out NGEN, which will replace NMCI.

Re:

[steve-san]

Don't hold your breath. Although the Federal Desktop Core Config (FDCC) [nist.gov] only mandates *security settings* for federal gov't XP/Vista machines, many IT PHBs have taken it as a mandate to USE Windows for the desktop environment. Hard to blame them, if you just go by the title of the program. I mean, where's the Linux FDCC, or the Mac version? Oh, that's right... they don't exist (yet).

Add to that the fact that AD, Exchange, SharePoint, OCS (among others) are de-facto standards across the DoD, and you c

Re:

[drewcifur]

Forge.mil would be used for items that can't necessarily go into a sourceforge or github type setting (due to ITAR restrictions and the like). Discussions abound as to the best place to host items that can be made available to all without cert. I've been in on some of the discussions and we are looking out for these concerns. None of us want to see code that should be available to all restricted for no good reason.

Re:

[gandhi_2]

This is pretty funny. The US Army uses self-signed certs. www.us.army.mil

MS's "help" for the brass

[gtall]

If anyone caught Gen. Patraeus's briefing last week, I forget where it was but it was a public briefing, he constantly referred to Microsoft. Usually, the phrasing went something like, "if Microsoft will allow this". I noted that several of his slides were a bit odd in that there were arrows that really pointed no where and had no information content that I could discern. In the Q&A afterward, he actually pointed out the MS person who helped him create the slides. That would explain the totally useless arrows. But I was struck that MS actually has a representative to help the brass do Powerpoint. Until that changes, DoD will always be enthralled by MS and their Powerpoint bulletpoints.

Just as a brief aside, there is a Stargate SG-1 episode where the General has been replaced by some other Air Force General and he calls O'Neill into his office to complain about the fonts and the fact that he'd prefer there be more bullet points in his report. The look on O'Neill's face was just too good.

DoD has been using F/OSS for years

[grandpa-geek]

Several years ago there was a series of conferences on F/OSS in government sponsored by George Washington University. There were several presentations made on use of F/OSS by DoD. They included the certification of F/OSS for use in command-control systems, the use of F/OSS in weapons systems, and other applications. Topics addressed included interpretation of terms of the GPL when F/OSS is used in systems for which DoD secrecy requirements apply to the software. (In that case, distribution within DoD and its contractor community is treated as internal to the user and not subject to general disclosure.)

The conferences included numerous presentations about F/OSS is government, including health care and a wide variety of other areas. DoD was just as active as other agencies in using it.

Re:

[account_deleted]

Comment removed based on user account deletion

Too many similar tools?

[OrigamiMarie]

Al: Uh-oh, quick! Should we use gnuke, knuke, or just bare-bones nuke?
Bob: Ah, definitely not knuke, it screws up at least half of the commands it sends to nuke. Maybe gnuke, it's at least a competent front-end, but it's missing a bunch of the functionality of nuke -- the dev got bored and was pulled onto another project. But the command-line for nuke is so obtuse that it will take two or three tries just to get the command right, and those first two bad commands might be worse than not using it at al

TCP/IP was military

[ritzer]

Anyone on this forum heard of TCP/IP? Maybe I am getting old, but I remember the internet as a DARPA project. Source got distributed and ported to whatever you OS you happened to be using. Sounds like open source to me.

It's not sad when it is trollish...

[sourICE]

It's not sad to see it appear trollish when really it does not have much relevance at all to the topic at hand. Any moron can throw posts all over that say, "WOOO!! Go !"

-

dunno.

Resistance

[WhoIsThatDork]

I've been working as a software developer in a military research lab for about 7 years. My primary area of work is development of middleware to allow interoperability between DoD systems that otherwise have no such capability. I'm a big proponent of using general open source solutions as well as the military having their own "open source" for situations that might not be appropriate for public distribution, but are very relevant across the entire DoD.

The resistance always comes in people guarding their products, ultimately to protect jobs and/or profit. The contracting companies have their stovepipe systems, and typically they want to be the sole source of development/maintenance. Even government entities keep things closed off from one another; I've had many instances where I've been told to either partially distribute or not distribute DoD-owned software (including source) when requested by another element of the DoD. Too many people are worried about their intellectual property, which makes it very difficult to tear down these political barriers. This ultimately results in the exact same functionality being developed many times over, which I've seen all too often. We're making some progress, but it's going to take significant buy-in from someone high up (read: with star(s) on their shoulder) to push the agenda. Otherwise, it continues to be a large amount of talk without much in the way of results.

Speaking of large amount of talk, I recently met with one of the key speakers at the aforementioned conference (Major James D. Neushul). This individual is a risk to adoption of open source principles...not because he opposes them, but because his mouth exceeds his knowledge. He speaks largely in buzzwords and jumps between concepts as soon as you corner him on the technical inaccuracies of his claims, but he does so with fervent insistence of his correctness. At one point in our discussion, he actually stated that the ideal solution right now is for every computer, down to the individual warfighter level, to be running an instance of a web server and use web applications. He also wrote the "specification" for an XML version of a widely-used bit-oriented messaging format (VMF), except he didn't write schemas, but rather a description of how one should make the schemas. It's a pretty scary stance to assume that a set of tag-naming rules is going to result in compatibility of all the independently developed schemas. It's unfortunate that this individual is probably going to alienate many skilled and otherwise open-supporting engineers....such as myself and my entire engineering team, all of whom are on-board with opening up DoD capabilities...yet none of us can tolerate his sloppy, bravado-laden approach.

I have to be nitpicky but...

[blakedev]

Some Marines get pretty offended when they're called "soldiers."

Re:

[SiggyTheViking]

I appreciate your stance that war is immoral, but I must point out that this is not a universally held notion.

Similarly, I appreciate the concept of non violent resistance, and think it is one of the bravest stances a person can take. However, I will choose to stand against fatigue-wearing bullies, whatever color their fatigues may be. And I choose to use the sharpest sword I can lay my hand on to do it.

Why the military will not be successful with OSS

[iamwahoo2]

The US Military is currently all abuzz about OSS. Ecspecially the top leaders. They see that OSS development teams are managing to be successful in areas where military acquisition programs are failing. Software development in a military acquisition program is a painstakenly slow process. Software revisions take years on major acquisition programs. Quick patching of even serious bugs is impossible and even if it were possible can cost millions. Furthermore, the software is not sustainable. The software that