Software Choice Group Tells DOD Not to Use Open Source

ducomputergeek writes "A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software. This comes after MITRE, a defense contractor, published a report stating that not only does the Department of Defense use opensource, but is recommend on using it more. The article is at News.com and you can read it here."

Re:NEWS FLASH

[dzym]

Yes, people can have different opinions.

You can be paid to have them, or you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.

On the other hand, reasoning that it's better to move to an open source product just because said OS product is currently attacked less, is fallacious.

Microsoft at al?

[DigitalDad]

Seriously, how can a group called "Initiative for Software Choice" that's backed by major players against open source (see Microsoft) be open and objective in this?

Choices

[aufecht]

Initiative for Software Choice, just make sure you chose between Windows XP,2000 or 98.

Not surprising... but the DOD is heading twds OSS

[andymac]

My company does quite a bit of work for the big defense contractors, we're involved in many big programs. These contractors are constantly asking us for Linux based software (SDKs APIs etc.) and especially for their embedded devices. These guys want to stop laying huge license fees to WindRiver for their vxWorks software... and want to spend the $$ elsewhere. Good on them I say. However I will insert the obligatory M$ comment: I'm shocked (not!) that MS would push their own agenda blah blah blah... ;-)

GPL FUD again?

[debest]

FUD: You have to open up all your code if you use GPL code in your software.

Fact: You have to open up all your code if you use GPL code in your software and then distribute it!

I don't think the DoD distributes very much of the software it writes, so why should it care if it uses GPL code? It shouldn't care! But let the FUD fly!

Who makes the choice?

[Cap'n Canuck]

Proprietary software companies such as Microsoft have labeled open-source software as a serious threat and have begun to oppose its use by governments. At the same time, however, nations such as France and Germany have begun to encourage open-source software to limit their dependence on proprietary vendors and to stimulate local software development.

As a community of Open Source users, there is often a "ram-it-down-your-throat" style of preaching your brand of OS religion. Sure, a free OS is great, but it's not for everyone. Ultimately, a group of knowledgable professionals within the DoD will make a choice. You can agree or disagree with that choice, but they are entitled to it. Besides, their criteria are different from yours, which are different from France's and Germany's.

Having said that, Microsoft, along with Cisco & Intel, have taken what I feel is the low road. It is one thing to advocate your product, but what they are essentially doing here is mudslinging. While this seems to be a fine tradition in American politics, I'm not sure that it's an ethical business practice, even for Microsoft (OK, I may have said that tongue-in-cheek).

Karma: Basking in the warm afterglow of post-coital whoring.

Intel a two faced demon?

[Diabolical]

It's a pitty to see Intel's name as one of the companies opposing OSS. Strangely they reach out at one side and then at the other side they slap you in the face. It is not that Intel should choose sides.

I can understand fully that it is in Intels best interest to have support from both camps but this is really something they should watch out for. It may well be that more OSS developers and users will buy the products of their competitors if these kind of things become normal practice for them.

Well gee...

[Kjella]

Of course they're worried. If their corporate customers start saying "Hey, if the DoD is using it, it must be good and secure enough for us too!"

Oh and the GPL doesn't really stop the DoD at all, as you only have to release source code to those you provide with a binary. Unless DoD starts handing out binaries to others, they can keep every change to themselves (but I imagine they'd rather stay with the main branch than running their own solo run, but they are one of the few who could).

OSS is no magic cure against bugs though, and QA is important. In my experience bugs show up faster & get fixed faster in OSS, so in the short run you have more *known* bugs than commercial software, even if there aren't really any more bugs in it. In the long run though, if enough people use it and find bugs, it is more stable and bugfree.

Kjella

OSS can't be used everywhere

[enos]

I was at a talk once where a guy from Lockheed was saying how they were using more and more commercial off-the-shelf systems to reduce costs. They were moving away from specialized systems custom developed for each plane, to a more general system that didn't need as much work.

He started out with an animation of someone punching bill gates, so that eased my fears. But he said that even though Linux would be great, they could not have a foreign national have control over their system. Sure, they could see exactly what they have, but any changes to the kernel would have to be checked out completely (expensive), so they would be right back at having a specialized system. Politics maybe, but they ended up with a proprietary OS.

I gotta say though, the redundancy systems they have on those things, amazing.

Re:NEWS FLASH

[s20451]

you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.

It's my experience that people first tend to form their opinions based on deeply held beliefs (or otherwise) and later use reasoning to give justification to their beliefs. It is extremely rare for someone to start without preconceptions and use reasoning to develop an objective opinion. It is even rarer for someone to start with a deeply held belief and change their mind based on reasoning.

For example, do most people who share files have liberal views on intellectual property because it justifies swapping copyrighted files, or do most people who swap copyrighted files do so because it validates their predeveloped liberal views on intellectual property?

The lead-in is misleading.

[Rip!ey]

The lead-in is misleading.

They do not recommend that "the DOD drop plans for further adoption of Open Source software". They are saying that all software, regardless of the developement model, should have equal consideration if it meets the criteria for a specific purpose.

"Public entities should procure the software that best meets their needs and should avoid any categorical preferences for open source software, commercial software, free software, or other software development models."

The article itself is also misleading.

"Proprietary software companies such as Microsoft have labeled open-source software as a serious threat and have begun to oppose its use by governments."

Whilst we know this to be true re: Microsoft, the Initiative for Software Choice (whom the article discusses) expresses no such opposition.

Re:GPL FUD again?

[LostCluster]

Furthermore, you only have to open up your code to those who you distribute your software to...

Which means Army can give software to the Navy, and they'd only have to give the code to the Navy, not to the general public.

big freaking surprise

[MORTAR_COMBAT!]

A group comprised completely of proprietary software vendors is recommending the use of proprietary software.

In the end, it is up to those who want their government to "choose" other software to let their voices be heard. This will work as long as politicians listen to the populace they supposedly represent, instead of listening with their wallets to companies from other states.

Of course, it may be that both the People and the "Software Choice" group of mega-corps both favor the use of proprietary software in government. My vote happens to be that our tax money which buys the software that runs our infrastructure should not be used to place our infrastructure under the control of a proprietary software vendor.

Re:Microsoft at al?

[0x0d0a]

group called "Initiative for Software Choice"

(a) I don't see what their name has to do with this

(b) The name is pretty par for the choice for a lobbying group

(c) In this case, the name is actually deserved, as what they're fighting for is not to ban Open Source software from government contracts, but only to ensure that the US government not *require* Open Source, which would eliminate as an option most current closed software.

Re:NEWS FLASH

[Proaxiom]

On the other hand, reasoning that it's better to move to an open source product just because said OS product is currently attacked less, is fallacious.

The argument is roughly analogous to reasoning it's better to move to a given neighborhood just because said neighborhood currently has a lower crime rate.

As a parent and homeowner, that logic sounds pretty good to me.

Re:Microsoft at al?

[bstadil]

OS fanatics have been busy yabbering to anyone who'll listen why their utopian communist way

I do not understand why you think that OpenSource is exempted from capitalist market forces. It is precisely the market forces that the OpenSource movement wants put into play and that MS et al is afraid of.

ignoring proprietary software

[MORTAR_COMBAT!]

Even if the government only considered open source software, that does not exclude Microsoft from participation. Microsoft would be free to produce software which meets the requirements set, basically set there to ensure that software running our vital infrastructure, paid for by our taxes, does not place our government at the behest and mercy of a software company.

One way to ensure that safety is through the use of open source software. There are undoubtedly other ways, such as Microsoft could provide source licenses only to the government for software the government buys, etc.

However one of the main factors into considering open source software is the rising cost of software licenses. Since our tax money is used to buy this software, I for one would prefer we don't have to pay year after year for what amounts to yearly abandonware.

Re:GPL FUD again?

[greenrd]

Basically the same definition used by copyright law, or by a typical software license. Distribution within an organisation doesn't tend to count as "distribution" from the point of view of copyright law, but practically everything else does.

win EVERY battle?

[bstadil]

they don't have to win EVERY battle.

Agree totally. Interestingly you do not really need to win any battles, only make sure you will be around for the next skirmish.

MS lost every battle aganist DOJ but still won the war, the Vietcong hardly fought any battles let alone won one.

OpenSource will not go away, it can't as long as individual programmers are "scratching itches".

Re:Microsoft at al?

[Anonymous Coward]

utopian communist way beats all,
Interesting way to phrase this. Communist as defined by Soviet Union and China was a top down archetecture where one (or a small group of ppl) control what goes on. Also, they are the ones who have high profits. But anybody who supports them, will get some decent scrapes. It has lead to the down fall of all that support it.

In contrast, the democratic version is lead by votes where by one person is in power, but on a true sharing approach. Normally, there is plenty of opposition against that pperson with all sorts of ppl who have different ideas. They will routinely fire up their own stuff based on what the others were doing. In a normal democracy/capitalist society, you will find that competition encourages the best of the best to succeed. This would create a system that improves in various places through out the system. Sound familiar?

So I have been thinking long and hard about who would really be pushing MS systems which have high costs in terms of ppl and security. I have not doubt that MS would push it (high profits). I also have no doubts that the ppl who are feeding on the scrapes would also push it. But finally who might push it so that weak security is in place through out our government? Crackers and SKs do not have the money to buy politicians and/or be part of groups like comptia. It would take somebody who has billions, has shown enough intelligence to attack us before. Who indeed?
So commrade, are you with MS or Jihad?

Isn't this in the dictionary as an example...

[Techmaniac]

of irony?

I mean, a group called software choice telling the goblement (.gov) what software they should choose. Please destroy this government Mr. Terrorist.

Re:NEWS FLASH

[Anonymous Coward]

Dude, I just want the latest Eminem CD. Sometimes piracy is just piracy.

Re:that's what ISC was saying

[Spellbinder]

but government gets it's money from the people..
therefore they should spend it to our benefit!!!
if they buy m$ just the employes and shareholder benefit!!!
with open source everybody benefits!!! (at least everybody using software)
with this in mind there is nothig to decide if the open source software
can do the same job at the same price as a closed source option

DoD Commies!

[stinkbomb]

One particularly nasty bit:

"Thus, because of the GPL's "transitive user rights," at least half of the DoD's OSS efforts, were they to be more widely disseminated, would largely foreclose proprietary and/or hybrid companies from further developing the
software and commercializing the results. The same is true for any outside R&D funded
by the DoD - if it is GPL-based, proprietary companies cannot directly benefit from it."

Oh no! If the DoD develops it's own GPL'd software, we (MS, Cisco, Intel, et al) can't sell it as our own for ridiculous prices!

Stop the commies at the DoD!

Choice?

[valisk]

Is it just me, or do the ever increasing numbers of Industry pressure groups seem to all be formed by the same small group of companies?
This is a measure designed to 'gull' the general public (Im tempted to add the word license there, don't know why :) ) into believing that industry has mobilised itself against OSS.
When in fact only Microsoft its distribution partners, and occasionaly Adobe has taken issue with it.

Re:Microsoft at al?

[Sj0]

Isn't it ironic that some people equate Open source with communism, but they equate "ein volk, ein reich, ein windows!" with democracy, choice, and capitalism?

Nat actually what the art

[jbolden]

If you read the actual article [softwarechoice.org] recommendation the /. summary is simply incorrect. The recommendation was:

a) The choice of open source vs. closed source be made on a project by project basis and not be a matter of policy. In particular the DoD should not adobt a preferential policy favoring open source over closed source when possible,

b) While BSD licenses are OK using GPL licenses violate congressional norms (in particular they make commercial software impossible)

In addition things not mentioned in the summary

a) DoD is far and away the largest user of open source in the government

b) Security issues are ambigious with regard open source vs. closed source

c) A great deal of open source software violates all sorts of other government regulations and the government would end up having to bring these systems into compliance.

Yes the comments were hostile to open source particularly GPL they certainly where nowhere near the summary though.

Re:Microsoft at al?

[Bruce Perens]

Especially these guys. They are lobbying against your right to choose Open Source. They dress their campaign up as if they seek equality and no preferences, but read the fine print. They want to lock us out of industry standards by using patents - it's right there in their "principles".

See SincereChoice.org [sincerechoice.org] for a platform that really would give you choice.

Bruce

Re:NEWS FLASH

[SpoonMeiser]

The argument is roughly analogous to reasoning it's better to move to a given neighbourhood just because said neighbourhood currently has a lower crime rate.

In a sense, yes, but that's not the point... Moving to an open source product because it is attacked less, means that you are at less risk from skiddie and worms. But a real attacker won't be randomly trying machines for known exploits, (s)he'll be attacking just the box/site that he wants access to.

To keep with the neighbourhood analogy, it's like moving to a safer neighbourhood when a hit-man's after you, it doesn't really matter how many petty criminals are in the area, there's still a goddamn hitman!

Re:Microsoft at al?

[Bruce Perens]

Oh, I definitely think Open Source is the best, if that's what you mean by bias. What you need is an unbiased third party to evaluate both sides. Like Terry Bollinger at MITRE. His conclusion is really interesting reading.

Bruce

Looks like MSFT is trying to play catch-up

[varun]

>arguing that proprietary products are not inherently less secure

"not inherently less" - looks like Microsoft is trying to prove that it's products are "not worse" that open source ones. One would imagine that they would want to show how their software is "inherently" more. Just goes to show that they are (or at least feel that they are) lagging behind.

Re:NEWS FLASH

[rseuhs]

Wrong, to keep with the neighbourhood analogy, you are moving from a tent to a house with security doors and alarm system.

Sure it's not perfectly secure and some criminals will overcome the defensive measures.

But it's better than the tent (=Windows) you had before, so I don't see why this move should be wrong.

Re:Microsoft at al?

[rseuhs]

(c) In this case, the name is actually deserved, as what they're fighting for is not to ban Open Source software from government contracts, but only to ensure that the US government not *require* Open Source, which would eliminate as an option most current closed software.

Well, there are currently zero OSS-only policies in the US among governmental organizations, but numerous MS-only policies at the operating system and office-suite level.

And now this "Initiative for Software Choice" starts fighting against policies that don't even exist (yet).

If they are serious about software choice, why don't they attack the numerous MS-only policies out there?

Re:Intel a two faced demon?

[B.D.Mills]

It's called hedging your bets. Intel really has no interest in what operating system you buy, as long as it runs on their hardware.

To get Linux running on a new processor, all that's needed is a new gcc, maybe a few modifications to the kernel, and within a week or two you have an operating system for your new processor. It may take longer, but with the full source code available you have a good chance.

To get a Microsoft OS running on a new processor would be much more difficult, nearly impossible. You can't do a direct source port, as Microsoft guards this like the Crown Jewels. You have emulation difficulty as well because Microsoft OSes have "undocumented" API calls. And of course emulation runs like a snail on Mogadon.

So it's no surprise to me that Intel would back Microsoft. If Linux wins, Intel loses a cosy monopoly as well.

Re:Sarcasm Noted, but...

[Greyfox]

The whole problem is they're not fixing the root cause of the problem. Why should I have to fear the simple act of opening E-Mail? Why does one of the largest IT companies in the country simply accept that they must fear opening E-Mail? And why is it that when we follow the company's "Experts'" advice, we can end up doing as much damage to our system as opening that unknown E-Mail is likely to?

We're always hearing on the news that poor IT security is costing the country billions of dollars each year. So what's it going to take to get people to take IT security seriously? They're certianly not doing so right now. An audit team would be a small price to pay to be able to have a reasonable level of faith that day to day operation of your applications will most likely not compromise your system or your network.

There's no sense in re-inventing the wheel either. Distributing an open source package (assuming it was GPLish) would require you to share your audit results back with the project. This would be a good idea anyway since you wouldn't have to re-patch in your diffs every time the authors published an upgrade. If your bank looks over the audit results from my company's audit of blargmail and decide that we know what we're doing, you can reasonably comfortably use blargmail without having to go to the trouble yourselves. If you read the audit docs and say "Hey! They weren't looking for buffer overflows at all" you can either audit it yourselves or go with some other package.

Either way you look at it, Good IT security or the results of having poor security are a cost of doing business. You'll pay the price either way. Over time, the cost of having good security should be far less than what could happen if your security is not so good. Would you want to put your money in your bank if you think it's not secure? How would you feel if your hospital were run like (you seem to indicate) your bank is? Your power grid? Your water supply?

Pharma business needs OS too!

[bubbha]

We have data we keep on clinical trials that must be saved for 15 years after the patient dies. So we have to store data for 20 to 40 years. We also have to be able to revive the data and possibly process it. Clearly the storage strategy to meet this REQUIREMENT should not include proprietary data formats or programs.

Re:Nat actually what the art

[inode_buddha]

er, "congressional norms"? After re-reading my local copy of the GPL, version 2, I don't see how using the GPL makes commercial software impossible. Please excuse me while I read the rest of this discussion for clarification. Especially the "actual article" (thanks for the link!)