Open Source in the Military? 398
djmcmath asks: "Does anyone have any experience with Open Source Software and/or GPL'd software in military applications? I'm only asking because I'm involved in work on the combat systems for a new submarine, and had considered an Open Source solution. (I apologize, I must be intentionally vague for obvious reasons.) So ignore the obvious questions (Is it really suitable? Are closed-source proprietary options better? Does MS have a good solution?) and skip to the good stuff. What about the fact that my code would be classified Secret under US Code Umptifratz? I cannot distribute my code (and it's changes) without being tried for treason. What happens to the rest of the combat system code when I submit my GPL'd module?" Open Source and the Military: it's a tricky combination of keeping what can be open, open and keeping your secrets...well, secrets! However, open source in the military need not be as high profile as weapons systems. One of the only major OS projects that I'm aware of that had any form of military involvement was GRASS, the open-source GIS system. I'm sure there may be a few others out there. Does anyone know of other OS projects with military association? If there are any projects out there that interface with classified bits, how did you deal with those issues?
Source Distribution (Score:5, Informative)
Are you distributing your executables? If you use the OSS for a specific system and only on that system, you are not required to distribute source - everyone that has the binaries (the military) will have the source.
Re:Source Distribution (Score:5, Funny)
It's actually simpler than that -- this is the US -- therefore, you only need to say aloud one of two magic incantations, "National Security" or "For the love of God, will no one think of the children?" and debate is terminated. In your favor.
Re:Source Distribution (Score:3, Insightful)
Although, to keep everyone happy, you may have to name your project GNU/Submarine.
Re:Source Distribution (Score:2)
Running any part of your military using software from a foreign corporation (even if they are based in a country you are allied with) is rather stupid IMHO. For the obvious reasons of "national security".
At least with GNU/submarine when you sell the sub onto the taiwanese later they get the source to maintain it.
It might help for the French to be able to maintain their warships before they even think about selling them to someon else too.
GLP and software availability (Score:5, Funny)
You only need to distribute the source to the people that you distribute the binary to.
Presumably the binary is covered by the same secrecy rules as the source, so the only people entitled to the source are the miltary.
Although, if the binary is in a bomb, you may also need to distribute the source to the poor sod that you drop it on.
Re:GLP and software availability (Score:5, Funny)
Re:GLP and software availability (Score:3, Informative)
If you use some other means (written orders from the commanding officer) to force the users not to republish the source code, then you have NOT given them a GPLed release, because you haven't given them permission to redistribute it under the same terms you acquired the software with.
(I do software contracting for the US military, and we'll include LGPL or PD code, but not GPL).
Imagine if this happened in the civilian world- CompanyX modifies GPLed GNU Emacs and puts it up for sale- but before a customer can purchase it, they have to sign a separate contract promising to never redistribute the source code. It's a blatant violation.
(Actually, that has been attempted before. A group published a modified version of the GPLed Quake game, but required users to sign away their rights to the source code before they could download the binary. The original author sent his lawyers after them, and they gave up on the scheme)
Re:GLP and software availability (Score:4, Informative)
Sweet! (Score:3, Interesting)
Re:GLP and software availability (Score:2)
Hrrm, but army, navy and air force have separate budgets and chains of command, plus they subcontract work. It's an interesting issue; as I (personally) read the GPL, the onus is on me (personally) to comply. That means that the distributable I produce must be accompanied by the written offer to supply source. It's irrelevant whether I intend to supply it to my mother, my workmate, another department in my company, or Osama bin Laden for that matter. If I use GPL code, I have to ensure that I'm in a position to comply with the terms. Saying "I voz only obeying orders" isn't good enough.
Re:GLP and software availability (Score:2)
Re:GLP and software availability (Score:2)
Re:GLP and software availability (Score:2)
Contracts vs. laws (Score:4, Informative)
Security classifications, in contrast, are a matter of LAW.
This is an important distinction that comes up periodically. E.g., there's a fair amount of software that is used to control the operation of amateur radio station equipment. The licenses inevitably require that the user have suitable FCC (or local equivalent) certification suitable for the operation of this equipment, probably due to FCC regulations. Does this violate the GPL? I would argue it doesn't - it's the FCC that requires a license to operate the equipment, not the author, and the sole purpose of this restriction is to limit the author's liability in those cases when the receiver acts in bad faith.
Ditto the occasional licenses that require the receiver be old enough to enter into a binding contract. Of course it's silly to say that a 17-year-old can't make valuable contributions, but the law says that contracts with 17-year-olds are never binding except for some relatively rare circumstances. (E.g., they can be emanicpated by a court, by enlistment in the military, or by marriage. Or it could be a "necessity" such as a contract for housing.)
I think the same argument can be made here. Are you willing to make the source code available to any agency legally entitled to view it? If so, then I think you can still use the GPL.
Re:Contracts vs. laws (Score:2, Insightful)
But if you cannot simultaneously simultaneously obey the the Gnu Public license and the law, then the license doesn't take effect, copyright law kicks in, and you have no permission to redistribute modified code at all.
Any person who inserts willingly mingles GPL code with classified code is either immediately violating copyright, or conspiring to commit espionage (when they release the code, as the license requires).
Of course, in real life no real criminal espionage charges would be pressed. If this were to actually happen- by accident, say, a subcontractor programmer gets confused), and is found out, then the government would have to weigh the value of the combined code, and either arrange payment to the original authors, or promise to destroy (in a security-level approved fashion) the offending software.
Unless they declare it a matter of National Security and just pull the whole thing under Eminent Domain.
Re:GLP and software availability (Score:5, Funny)
Embedded devices (Score:4, Interesting)
That brings up the question of embedded devices in general, e.g. what if the binary is in night vision goggles or a satellite radio issued to troops? They presumably can't be given the classified source code. I discussed embedded devices with RMS a long time ago and back then, he seemed to think it was technically a GPL violation, but if the code in the device can't be changed (i.e. it's in ROM) then it didn't really count as software, so he wasn't too worried. At that time, embedded CPU's weren't so ubiquitous and those that existed were mostly tiny and didn't run much GPL'd code. It might be time for a more formal policy on stuff like this.
Of course, the GPL'd code owner can always grant GPL exemptions for specific purposes (the GPL itself has a clause saying this and I think the FSF has given a few exemptions in the past), so the surest way to be in good standing is if you can get permission from the owner.
Disclaimer: IANAL and I don't speak for the FSF.
Re:Embedded devices (Score:2)
Hm... to whom do you have to make the source available to:
Re:GLP and software availability (Score:2)
Although, if the binary is in a bomb
And you thought copy-protected CD-ROMs were bad.
Re:GLP and software availability (Score:2)
Except that the GPL only requires that you make available the source on request. A note on the bomb casing would do the trick, since the requirement would only apply if you dropped a bomb which didn't go off.
Re:GLP [sic] and software availability (Score:3, Funny)
If the bomb crashes and does not explode, and some people can extract the binary out of it, then these people can ask for the source code and get it.
Re:GLP [sic] and software availability (Score:3, Funny)
I don't think so. The intention of the bomb-dropper was not to provide the drop-ee with a copy of the binary included with the bomb. That would be like stating that if I broke into your office and stole a copy of the binary I could then walk in the front door and demand a copy of the source code.
Re:GLP [sic] and software availability (Score:2)
Re:OpenBSD (Score:2)
I purchased OpenBSD from 2.5 to 2.8, until I suddenly became too poor to pay 50 Aussie bucks for the official CD's and found out how easy it is to make my own bootable OpenBSD CD's for just what I need...
If you want x86, then just download it from the OpenBSD ftp site.
wget -r ftp://ftp.openbsd.org/pub/OpenBSD/3.0/i386/ Makes it easy.
Once thats done...
cd ftp.openbsd.org/pub/OpenBSD,
then...
mkisofs -v -r -l -L -T -J -V "OpenBSD-3.0" -A "OpenBSD v3.0-Release, Custom ISO, 17-03-2002." -b 3.0/i386/cdrom30.fs -c boot.catalog -o openbsd-i386-3.0.iso -x openbsd-i386-3.0.iso
Burn that ISO!
Now though, I'm no longer terribly poor and want more than just x86 (I want x86, Sparc64 and Alpha), so I'll be buying lots more official CD sets [openbsd.org] and T-Shirts [openbsd.org].
License it? (Score:2, Insightful)
Re:License it? (Score:3, Funny)
Govmnt guy: "We need to have a private copy of your software. Can we buy it?"
Me: "Hmmm...OK." (Govmnt gives money, Me gives Govmnt new licence.)
Me: "Do I have to claim this on my taxes?
Govmnt guy: "Yessss."
Me: "By the way, what are you going to do with your new software, anyway?"
Govmnt guy: "It's classified."
Me: "Oh, really?" (Govmnt guy hands over more money.)
Doesn't seem like a problem to me!
Hmm... (Score:2)
(I.E., we need
Just my $.02.
JoeLinux
Re:Hmm... (Score:2)
Re:Hmm... (Score:2)
Re:Hmm... (Score:2)
JoeLinux
ksonar (Score:3, Funny)
Treason? Very unlikely... (Score:2, Offtopic)
Article III:
Section 3. Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
I fail to see how software distibution could be considered treason. Has slashdot just been duped again?
Re:Treason? Very unlikely... (Score:4, Insightful)
Re:Treason? Very unlikely... Know your facts. (Score:2, Insightful)
Okay, so your little research into Article III makes you an expert over the person with DOD clearence (any level) who has filled out 15-30 pages of personal facts/history, who had to read another 50-100 pages of what to do/what not to do/possible punishments, and has their personal life investigated left and right (at their choice) to benefit our country?
Until you've been there and done it and know what it takes to get a clearence and what ramifications exist if you break the agreement, keep you opinions to yourself and go back to your text book. That is real world buddy.
Re:Treason? Very unlikely... (Score:4, Insightful)
Classified fact a
classified fact b
classified fact c
classified fact d
classified fact e
If those were real classified facts, I could easily end up in jail for 50 years for this post.
It may not technically be treason, but it can be as severe and match the spirit of treason if not the letter of the definition.
Re:Treason? Very unlikely... (Score:2)
Wouldn't that fall under giving them aid and comfort? Giving the ennemy vital information (such as the source code of weapons control systems) sure helps (aids) them, doesn't it?
Re:Treason? Very unlikely... (Score:2)
Really? Which "enemy" did he aid? (No, aiding the Republicans by his foolish behavior doesn't count. In the context of this article, enemy means "military enemy", not "political opponent").
Agreed, but for perjury, not for treason.
Read the FAQ (Score:5, Informative)
A quote from the FAQ which I believe applies to your situation:
"The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you."
Greg
Re:Read the FAQ (Score:2)
If they DON'T have to distibute source internally, then can't I say that my "organization" is Humanity, and that I can distribute my GPL-derived binaries (without source) to anyone within the "organization"?
And if they DO have to distribute source internally, then Pt. Joe Schmoe would be able to request the source for the missile guidence software he is pressing the blinky red buttons on. Unless they order him not to... =)
Re:Read the FAQ (Score:2)
Whatever the excact definition it's hard to see how it could not apply to a nation's military.
Does an employer need to give the source to an employee (if they ask for it) for the internally modified GPL programs they use on their workstation?
Not necessarily, since the origanisation can choose how information is stored internally. In just the same way that not every cell in someone's body "knows" everything that they, as a person, knows...
Another mis-understanding of the GPL (Score:5, Informative)
The terms of the GPL simply state that if you sell a GPL product to a customer, you must provide the source to that customer.
Red Hat, Mandrake, and the like are being nice enough to provide iso images of their software for your download - they are not required to.
So what are the ramifications? Well, if the military sells your GPL solution to a 3rd country, they have to provide the source to that 3rd country, as well.
In other words, in this case, GPL (or no) makes no difference at all. GPL code can be "top secret" as long as the customer has full access to the code.
The idea of the GPL is that "If I bought it, I can do as I please with it - and if I sell it, so can whoever I sell it to..."
Re:Another mis-understanding of the GPL (Score:2)
With military systems, it's common to sell systems of varying degree of capability to various entities so as to maintain various strategic aims.
For example, we might keep tier 1 functionality for ourselves, offer tier 2 to the say, the Israelis, and tier 3 to other Mideast countries.
If this practice of sharing systems with various capability levels extends to software systems... Well, if you ship someone a device with binaries burned into the ROMs, don't you also have to provide the source? Could they then examine the source and add back in capabilities you've disabled? Don't you have to provide the same source to all who might have the binaries?
Re:Another mis-understanding of the GPL (Score:2)
If the second and third tier shipments just had a switch (or a bit) flipped to disable a feature, that's a problem -- source or no source.
Re:Another mis-understanding of the GPL (Score:2)
For example, we might keep tier 1 functionality for ourselves, offer tier 2 to the say, the Israelis, and tier 3 to other Mideast countries.
If this practice of sharing systems with various capability levels extends to software systems... Well, if you ship someone a device with binaries burned into the ROMs, don't you also have to provide the source? Could they then examine the source and add back in capabilities you've disabled? Don't you have to provide the same source to all who might have the binaries?
There is a simple solution. Either only load the ROMS with the software modules you want to supply or completly obliterate the software you don't want to supply before you ship the stuff. Then the only source you need to supply is that for the software you have actually shipped. Even with no GPL issues you really don't want to ship the code you don't want shipped in a trivially disabled form...
GPL Distribution & Security (Score:4, Insightful)
The GPL is a set of licensing terms between the author and whomever he distributes the code to. If you are working directly with the Navy (unlikely) then writing and consuming the GPL code would pose no problem since your not distributing to anyone.
If you are working for a contractor, then it is a bit more hairy. You can still write the code GPL and distribute it to the Navy under the GPL. This of course gives the Navy whatever rights to the code so that they could redistribute it if they choose. It does not allow some guy in Florida to obtain secret info though. You would have to first give him a binary for him to have grounds to ask for the source and of course, classified source code produces classified binaries so this isn't an issue.
The real issue is QA. There are all sorts of processes (I know at least for Surface Systems) covering COTS verses in house software. Now, I spent a great deal of time working things out with QA and this is what we came up with when I first asked to use an OS library in a tactical program:
First, I had to vouch for the code. That meant I literally had to go through it line by line and make sure there were no possible backdoors in it. Also, if I modified more than a certain percentage of the library, then I was responsible for bringing that library up to in-house standards (which I'm sure you know is a real pain in the ass).
Don't worry about the licensing terms, they aren't going to be a sticking point likely. QA is what is going to kill you... (and it will only get worse if your program carries a higher classification).
Re:GPL Distribution & Security (Score:2)
The real problems come if the US decides to give the technology to some 3rd party. We might want to give them Mark-3 smart bombs, but we might not want to give them the ability to develop their own Mark-4 smart bombs. Therefore, DO NOT include GPL'd code in a product if you can foresee that we might want to give binary-only versions of it to another country. Since you can't predict such actions, my conclusion is that you shouldn't include GPL code in any such project. Heck, this is a defense project! Clean-room the whole thing from the ground up. Go nuts. Spend billions.
Re:GPL Distribution & Security (Score:2)
If they have the skills to develop Mk4 from the Mk3 code it probably makes little difference if they have the source or not. Also they might be reluctant to buy if they don't get the source and can have their own people check for lack of bugs.
ask a military lawyer (Score:3, Informative)
Re:ask a military lawyer (Score:3, Insightful)
Q: blahblahblahOpen Sourceblahblahblahlegal question?
A: Get a fucking lawyer.
On the other appendage, I think Taco & Co. post these questions because of the anecdotes provided in the comments. And since the comments are the most important part of the site, what better way to add value to slashdot than to repeatedly post the variations of the question?
Personally I'm waiting for April 4, so I can be rejected for asking, "Hey, it's been a year since we talked about Game Programming w/ SDL, what's changed since then?"
Virginia Class (Score:2)
Re:Virginia Class (Score:3, Insightful)
You don't haveto - just enlist.
Re:Virginia Class (Score:2)
I think I have a better chance of trading the Navy my right leg then of becoming a Navy Seal
Re:Virginia Class (Score:2)
If you're lucky, you just might have a chance to get your own right leg blown off. It would be the best of both worlds! You'd be a cripple, your enemy would be a cripple, but fuck yeah, you got to ride inside of a shiny blinky deathmobile!
Re:Virginia Class (Score:2)
Need a pretty big slip, but it would be worth it
Hmm.. interestting (Score:5, Informative)
From what I understand, in this case, the government agency responsible for the code changes would be required to distribute those changes to any agency they distribute the binaries too... This should not, as I understand it, mean the individual users of the software.
For example, lets say the Navy sends copies of the binaries to Electric Boat(a sub manufacturer). They would be required to send the source to Electric boat as well.
However, in this case, it is Electric Boats IT department that is the receiver of the binary, NOT the electric boat employee who uses the software. Therefore, the source can legally be kept inside a safe at the CMCC(classified material control center), shown only to the IT department and others with an established need to know.
However, in any case, regardless of license, if the source changes reveal classified information it would be illegal to release them to the general public. I'd wager that even if that turned out to be a direct violation of the GPL, the classification side of the case would win in court.
With all that said, I would recommend you push for release of all source changes that do not reveal classified information. I realize that might not be much, but what you can, go for it.
Support? (Score:5, Funny)
Military involvement (Score:5, Insightful)
"TCP/IP"
It's open, clear and crystal like water. The whole world uses it. 90% of open/closed source network systems depend on it. It's open, it's readable. And it's ARPA...
What else is needed to talk about the military involvement? From start to end, many things done on computers are orginally military by their nature... First computers were created for military needs, let's not forget this. And today nearly everyone uses them. From Taco to Ben Laden...
Treason? (Score:2)
OSS in the USAF (Score:4, Interesting)
We use Samba for sharing printers between Windows NT and Solaris. We don't change the source code, but we do use OSS. I believe that we also use GCC for some things, because (and I am not 100% sure on this since I am not a sysadmin) I don't think Solaris comes with a C compiler. We also use DivX for... I could tell you but then I'd have to kill you
I've thought about this before because of our software licensing. Let's say Microsoft thinks they need a license audit. What's more important: maintaining our security by not allowing Microsoft access to sensitive computer systems, or complying with their "copyright" policies? If a computer is located in a secure area protected by federal classification law, who will know?
It goes both ways. The government could potentially abuse the GPL, but they could do the same to the draconian licensing terms in commercial software. It is my experience that the people in charge of acquiring systems will make sure their subordinates comply with the law. The higher-ups at my squadron stress that we must obey licensing laws because it's The Right Thing To Do.
I like open source software. I think it's the greatest thing since sliced bread. But for some applications, such as classified computer systems, it may be best to stick to closed source if you need to change the open source software.
More projects (Score:2)
One Approach - Loose Integration (Score:5, Interesting)
I worked on a terrain database analysis tool, called ZCAP [ucf.edu],
that was funded a few years back by U.S. Army STRICOM [army.mil]
and the Defense Modeling and Simulation Office [dmso.mil]
We distributed the application (and still do) in a complete package
that included a number of supporting free source applications, such as gnuplot
and tcl/tk. We handled the combination of free source, (no longer)export-restricted
software, and proprietarty libraries by loosely integrating
using system calls under a tk-based gui. Not very clean, but there
is a lot of good code in there, and I'm planning to gpl it in the near future.
Re:One Approach - Loose Integration (Score:2)
Re:One Approach - Loose Integration (Score:2)
Licensing! (Score:2)
This is something that people don't realize. When you put something under the GPL, YOU say that ANYONE can use your software/code under the terms of it. But you CAN STILL make SEPARATE licenses to third parties which can be as restrictive or unrestrictive as you please.
However, if this GPLed code you speak of was written by somebody else, you're fucked unless you can get that person to re-license the code for you.
RTEMS is pretty much BSD code from the US miltary (Score:2, Interesting)
As a side note I see that RTEMS stands for something new - perhaps I am having a 1984 experience but I seem to remember it used to stand for "Real Time Executive for Missile Systems"
Don't say the us military has not done anything for open source or I will be forced to mention Arpanet
The M-1 Tank is using open source software (Score:2, Funny)
Re:The M-1 Tank is using open source software (Score:2, Informative)
Re:The M-1 Tank is using open source software (Score:2)
Functionality not platforms!..It sold Army C.O.E. (Score:2, Informative)
I decided to install Linux on a box in my location and brought in several apps that I developed on my own (that I am releasing as open source). One of these boxes I had set up as a web server and I demoed some of these apps to the front office, they mandated that we needed a linux box.
42 NT boxes and now a Linux box too!
One app that I created (eNewsbot) used the PERL LWP mods and scanned the front pages of up to 4,000 media outlets and returned any successful matches through email. WAY cheaper than Lexis Nexis and you can customize which outlets to scan for (like only states that are affected by a certain river, etc). Other successful apps that we use include Checkbot to scan for broken URLs, and we are testing open source for an internal new mechanism. Perl's CGI.pm really came in handy when we needed to get presentations from the field. They needed to be in Powerpoint and only powerpoint so we just rolled our own script to accept them to our intranet.
Could you do this kind of stuff on NT? Sure, but our people couldn't so I had a huge leg up. Plus the fact that open source costs us 0.00 to implement was a HUGE plus.
I have had the open source discusssion with the front office and what (our) green suiters want is functionality not platforms. It just so happens that what makes this functionality possible is open source. They couldn't care less if it was NT or Open Source as long as they are getting this new ability.
This works for non classified stuff so I don't know about what you are doing in particular. If you want other good info regarding Open Source in Government check out the Open Source Software Institute [oss-institute.org].
They have a mailing list with great info and knowledgable folks.
patches and predictability (Score:2)
I know the versions would be audited for security vulnerabilities, but what if the goal of introducing a patch to say, the linux kernel, would be to ensure that the noise from a hard drive had a certain pattern they could listen for? Or maybe APMD so they could listen for spin ups at certain intervals? This is a sub, so naturally being able to introduce patterns of noise into such a system would be an advantage.
And you also have upgrades to worry about. How fast could you patch zlib throughout the fleet before an exploit was developed and deployed by the opposition? Does the boat need to have a full time bugtraq officer? How about modifying sonarbouys to probe comm on the boats...or use buffer overflows that have only been discovered within the last hour or so?
Even if you keep your modifications secret, what does the standard public tree tell the enemy about the capability of a weapons system?
Replacing windows in the admin shop is probably a good idea, but deploying OSS in a weapons system should heed the possibilities the enemy has to use analysis of the public tree to find weaknesses in that system.
Re:patches and predictability (Score:2)
Why does everyone assume every computer sytem in the world is on the Internet??? Lets be serious, a submarine under water in a war situation is sure as hell not going to be on a 24/7 net connection. Probably it will never be on ANY internet connection at all, especially on secure systems. So zlib has a buffer overflow on the boat, if the enemy manages to get a spy on the boat to get local access to use this overflow then we have much bigger problems.
AAAAAARRRRGGGHHHH!!!! (Score:2, Offtopic)
Learn this and learn it well:
it's == it is
its == the possessive version of it
The word 'its' is a possessive pronoun (its, yours, hers, his, theirs) as opposed to a possessive noun and therefore does not follow the rules set out in Bob's Quick Guide To The Apostrophe, You Idiots [angryflower.com]. </grammar police>
USN Tactical Flag Command Suite (Score:2)
I am sure they could just... (Score:2)
Stupid question (Score:2)
Seems that this is a somewhat stupid question. Even if classified work is done by a contractor, and sold to the government as work-for-hire, the contractor is the only one required to provide the source code to anyone, and then, only to the group to whom they give the executable - the government. So, as long as they wouldn't give the executable to anyone else, the GPL is obeyed. And quite honestly, if a contractor provides classified software to anyone except the government, under government blessing, they'll have bigger problems than a GPL violation.
Go ahead, use GPL'd software in whatever you like. Unless the government plans to sell the software to anyone else later, you're completly within the bounds of the license. Nowhere does the GPL say "if you give this software to someone, you have to provide it to the world." It simply says that "if you give someone this software, you have to give them the means to modify it."
Forget Slashdot - Ask your Boss (Score:2)
Unless things have changes a lot in the past couple years, I suspect you won't be able to use any open source software. Even if you can, you should check with your Project Manager and your Government Contract Manager before you make that decision for yourself - it could cost you more than your job.
Two point on Classified work... (Score:5, Informative)
First off, run, do not walk, do not pass go, straight to the base/department legal department. Do not attempt to do ANYTHING until they OK it - the regulations surrounding secret-level work are inordinately hairy and convoluted, and only a lawyer specialized in classified-work law can answer your question definitively.
The other note, which is useful when discussing this with aforementioned lawyer: any work done under a Classified label (or higher) has different rules than "normal" work. Basically, any license that gets applied to the code only applies to those with a clearance at least as high as the code was written. Thus, if your code is Classified, I don't care if it has the BSD license, GPL, Bob's SuperFree License, or whatnot. Anyone without a Classified clearance isn't entitled to see it. Period.
This is a case where the murky grounds of National Security trumps Copyright (and other Intellectual Property) law. The law still holds, but it's restricted to the circle of security it's at.
National Security law basically allows you to use anybody else's code, provide you compensate them in a just and reasonable manner. As far as I've experienced, this means that you have to pay them the basic asking price on the free (i.e non-classified) market, and they don't get to say "no, you can't use it". For GPL/BSD/Open Source licenses, the asking price is Free, so well, they've been "compensated" as they've normally would.
In this case, Classifed work can certainly suck in Open Source code and not release it until it gets unClassified. And, as a side note, there is no "leaking" - people are not entitled to distribute code to non-cleared people, so it's not like Trade Secrets. It stays locked up until it's declassfied.
-Erik
Re:Two point on Classified work... (Score:2)
Actually the asking price for GPL code isn't "free" it's that you must distribute derived works under the same licence. But it dosn't oblige you to distribute in the first place or override restrictions on distribution.
So in theory you could have software as "classified" and "GPL". Meaning it's only possible to distribute it under certain conditions, but anyone who it is distributed to must be able to get the source code.
Note however the "classified" bit only applies within your own country though. So if the software ends up being distributed elsewhere, including in faulty munitions fired in anger, only the GPL should apply.
Re:Two point on Classified work... (Score:2)
This is absolutely untrue for the majority of open source licenses. I suggest you go and look at a piece of open source code. See the first line? The little © symbol? If you don't want to read any further, then just stop right there and assume that the code is neither free as in speech or in beer.
There is a cost associated with using open source code, usually acknowledgement, sometimes releasing your changes, occasionally open sourcing your project. It is not generally "free as in beer", it's just that the cost is in behaviour, not $$$.
I take your point that the military can do whatever it damn well likes, but it'd be interesting to see what a court would consider a "just and reasonable" paying of the cost of using open source code. I'm a little tired of groups thinking that they can behave any way they like, then substitute money afterwards when they are forced to. It's not OK for Microsoft to do it, and I don't think it's OK for the Dubyament either.
That said, if the binaries never leave the military, the source doesn't have to, even under GPL. But that doesn't mean that you can get away with paying the costs as they apply in the circumstances, i.e. adding GPL licenses to all linked source.
DARPA projects (Score:2)
Here's [darpa.mil]a list of DARPA research areas, tying in to projects. I know MIT's project oxygen [mit.edu] has helped a lot in the world of linux on handhelds.
Ironic... (Score:2)
There's no problem here (Score:2)
Almost open source: BRLCAD (Score:2, Interesting)
If nothing else, maybe the BRLCAD developers can answer some of your questions.
-Sam
Linux and the military (Score:2)
Linux is already used for signal descrambling, SToW (Simulated Theatre of War) and a large number of other things, many of which mere mortals are never likely to discover until thirty years on.
I get kernel fixes from such people, optimisations from such people and so forth, but I've yet to see any GPL'd nuclear attack management tools and I guess those won't be GPL 8)
Open Source is an act of love. ... (Score:2)
Open Source is an act of love. Influencing people by killing them and destroying their property is an act of hate, or at least socially backward behavior.
I think the haters should contact the lovers to see if the lovers want their software used for an alternative purpose.
Get a Source Licence... (Score:2)
Combat Systems software (Score:2)
Open source can certainly save you development time/money, but its application should depend upon its use and how it will integrate into the rest of the combat control system. For instance, how was Cluster Knave (Macintosh based submarine imagery system) integrated into command, control and combat? I don't know the answer to that one by the way. (Is Cluster Knave still around by the way? Anyone?)
Will this software integrate/interface with the outside world at all? Obscurity is your friend here and one of the reasons the NSA makes their own stuff. (rolling their own) But this certainly depends upon other systems and their requirements.
As for distributing ANY of your code, assuming you are working on anything with collateral clearance or higher, you would be under investigation PDQ. Especially given the current climate with lots of things going back into classification and security in many programs being looked at hard. Open source ideals aside, do not decide to use open source solutions for classified work if you would like to contribute back to the community. This would be a major career mistake. For classified work, use open source if it will help get the job done better/faster.
Um, TCP/IP. Arpanet, etc? (Score:2, Insightful)
Further back
They ended up funding a lot of the development of young Unix
(GnuPlot came from Dartmouth after being written to plot data under a weather grant or something)
My point is that Open Source and the gub'mint (esp the DoD and military) have a long history together. The fact that free software is auditable and readable is often mandatory - especially for systems that will never get third party support.
No licenses I've glanced at have ever said "If you make changes for your own use, you must give them back." If this ends up being sold one day (and many military technologies (besides Tang) HAVE made it back into the civilian world), then you may have issues.
No references to "Umptifratz" on google (Score:2)
Re:Almost FP (Score:2, Funny)
That could give yet another new meaning to "The Ping of Death"
Re:GPL (Score:3, Funny)
Of course, the military has a lot of firepower, and Stallman doesn't have any, so it is probably a moot point.
Re:GPL (Score:3, Insightful)
Selling military equipment is a multibillion dollar business. Where do you think we get all our cheap gas? We've been trading military technology for cheap oil in the mideast for ages.
Re:GPL (Score:2)
Good summary, but I think the point to keep in mind is that you end up having to envision a 'worst case scenario' which would indeed involve the first buyer merely redistributing everything for free.
Re:GPL (Score:3, Informative)
GPL is supposed to allow developers to give out their source code, without having to worry that someone else will change the code and not share their modifications.
I code for the army, and we're very clear that unless they truely don't mind Iraq getting a copy of their software, then it can't be based on GPL sources. If its GPL, then any developer, contractor, sysadmin, or random private who comes across the code can walk it right off the base, and no one can legally stop him.
(I suppose for some categories of software, the benefit to Iraq might be low enough that the Army truly wouldn't mind giving them a copy- especially if the hardware is permantently beyond their reach)
Re:This just might align with your politics. (Score:2)
Re:This just might align with your politics. (Score:4, Insightful)
Why? Because a lot of us GPL fans are Buddhist, Pacifist, Hippie types!
Seriously... I don't want you using my software to help kill people.
But you can't under the GPL, stop anyone from using the software to do things you don't like, as long as they comply with the GPL. Open Source is about making software freely available - if you do that, you have to be willing to let people use it for things you may not like.
I have also talked to Stallman about putting a clause in the GPL about not using the GPL in military systems because of these concerns
Now your advocating clsoing the source to people whose world view conflicts with yours. Beyond teh difficulty in sorting out what would be limited and what wouldn't, since you can change the terms of another writer's license, why limit this to the military? Either the source is open and free to all, under the same terms, or it isn't. This gets real close to MS' FUD about viral code - all of a sudden you can't reffly use and distribute code you've created beacuse it incorporates someone else's more restrictive license.
If you want to limit your code's uses, write seperate modules that don't incorporate others code. Unfortunately, you cna't have things both ways Open Source and Restrictions on End Users.
Re:This just might align with your politics. (Score:2)
That is the most blatanyly ignorant thing I've ever heard. Killing people is wrong - but suggesting to ban GPL software from the military is stupid. The military is not inherently 'evil', its _use_ might be evil. Do you really think that all those hundreds of thousands of German soldiers in WW2 were evil, or just doing what their American counterparts did - support their country. Sometimes killing people saves even more lives in the end. That's a fact of life.
By your logic, while, we're at it, we might as well ban companies from using Linux (oops, GNU/Linux), because God knows, RJ Reynolds might get a hold of it, and we can't have cigarette making companies using GNU Software, because they kill people to.
Oh, might as well ban non-Americans from using the GPL too, because damnit, unless those Iraqis get some common sense and get rid of Saddam, they're helping to kill people to.
What if GPL software was used in some embedded system that terrorists are using? What are you going to do now? Somebody call TiVo and let them know that Osama is using their custom GNU/Linux software to watch Friends!
Re:This just might align with your politics. (Score:2)
Second, what do you mean by the statement "I don't want you using my software..."? The software which he creates, GPL or no GPL, is still the intellectual property of him, or in this case, his employer (the military). It's not "your software", and therefore you clearly have no say in how it should be used, or any claims to ownership of it.
Third, a "no military applications" clause in the GPL would probably be a Very Bad Idea(TM) for reasons many Slashdot posters can probably agree with me on - one of which you mention in your own post, it would affect peacekeeping forces as well. It would probably also have a negative (limited, but negative) effect on spread of open source. Also, there's really nothing keeping someone else from coming up with a modified GPL which doesn't have that clause, and call it MPL or whatever. I would certainly stop using the GPL if such a change occured, I don't mind if the US military uses my free software, I'd consider it an honour (and I'm not even a US citizen).
Peace is fine, what about freedom?
Re:military open source (Score:2, Insightful)
Would I like to see World Peace? Sure. I think it would be best for all involved. HOWEVER, it was the military that put an end to scum like Hitler and hopefully Bin Laden. You mis-spoke on the biggest mass murder in the world, it was a toss up between Stalin and Hitler. I suggest you stop in at the Holocaust Memorial next time you visit Washington D.C. to protest something. Maybe it'll open your eyes.
As for your point of OSS being international, then that means that scum like Bin Laden and Sadaam can use OSS against the US. All's fair in love and war chief.
So, next time you take a moment to release yourself from hugging your tree and open your mouth, engage your brain.
<b>Military
As for the original article, maybe you might want to investigate the BSD's.
Re:military open source (Score:2, Insightful)