Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government The Internet Politics

US Government Sets Up Online "App Store" 138

Posted by samzenpus
from the top-25-free-programs dept.
krapper writes "The Obama administration has unveiled a government 'app store' designed to push the federal bureaucracy into the era of cloud computing. The change means some federal employees will begin using services like YouTube, Gmail and WordPress, which store data on private internet servers instead of on those paid for with public money. The process will start small but will ramp up quickly, Vivek Kundra, the US chief information officer, said in a blog post on Tuesday. 'Our policies lag behind new trends, causing unnecessary restrictions on the use of new technology,' Kundra writes in the post on WhiteHouse.gov. 'We are dedicated to addressing these barriers and to improving the way government leverages new technology.' The app store is designed for federal employees doing official government business and is not intended for use by the public."
This discussion has been archived. No new comments can be posted.

U.S. Government Sets Up Online 'App Store'

Comments Filter:
  • by Anonymous Coward on Thursday September 17, 2009 @12:08AM (#29450621)

    federal employees will begin using services like YouTube, Gmail and WordPress

    Maybe this means Joe Wilson can troll 4chan instead.

    • by rohan972 (880586)

      Maybe this means Joe Wilson can troll 4chan instead.

      Welcome to slashdot, Mr President!

      • Re:Cloud services (Score:4, Insightful)

        by cayenne8 (626475) on Thursday September 17, 2009 @12:05PM (#29455335) Homepage Journal
        Actually, my first thought on reading this article was..GREAT!! You can now just buy your congressional representative online, and not have to go through a lobbying firm.

        Go to the .gov app store, click on your fav. representative, and send them your issue and PayPal contribution.

        Sounds much easier to me!!

        • by rohan972 (880586)

          You can now just buy your congressional representative online, and not have to go through a lobbying firm.

          The market for congressional representatives needs to be opened up more. If power is decentralised more to the states and local levels, the price of nationwide legislation would go up as it would require bribing a lot more politicians. However the price of an individual legislator would come down due to increased competition and lower effectiveness (in terms of national policy), making corruption more accessible to the average citizen.

          Not that I'm seriously in favor of more corruption but that is part of

          • Re: (Score:3, Insightful)

            by cayenne8 (626475)
            One thing we should do, is repeal the amendment that allowed senators to be elected rather than appointed by the states' congress'....that used to keep at least the senate answerable to the states rather than lobbyists.
  • by KNicolson (147698) on Thursday September 17, 2009 @12:12AM (#29450635) Homepage
    I wonder how this is related to a recent announcement of Wave System, OpenID, Google, PayPal, etc into an initiative to have a single sign-on for e-government [blogoftrust.com]?
    • by Anonymous Coward on Thursday September 17, 2009 @01:05AM (#29450875)

      I'm not sure how a TPM can establish identity. Fundamentally, a TPM is a cryptographic token that can accept a key or a passphrase, and has the option to seal it and keep it sealed until the right boot code is passed through it. Other than that, it is fundamentally just a smart card fixed onto a computer's motherboard.

      A TPM wouldn't be good for validating a user, who can be using that machine, a phone, a jaw harp, or a beer mug with an IP stack for access. A TPM can validate that the first part of an OS boot was not tampered with on a machine, as well as store some private keys that are usable only on that box. The advantage of this would be for this is ensuring that an attacker can't just replace the MBR with a keylogger, then later on, steal the laptop in a two phase black bag attack.

      For a single sign on for users, the US government already has a large and well established system, the DoD's Common Access Card.

      Fears of a national ID card aside, using a smart card for access can be a very good thing. No passwords can be sniffed, it is quite easy to use client certificates (the server doesn't have to care one whit if a client's key is on a card, in Firefox's key storage, or in a TPM), and allows shorter passwords to be used, because all it would take is 3-15 (usual default settings on smart cards) bad attempts, and the smart card will either block further attempts until reset, or permanently brick itself needing replacement. Phishing would be useless because all a phisher would get is "yay, this user has connected to your web server with a valid certificate". The main way a smart card can be compromised would be malware that would grab the user's PIN via a keylogger, then use the smart card (if inserted) to sign/decrypt stuff in the background.

      Finally, a large number of security programs like TrueCrypt can use smart cards. I have on a laptop TC protected volumes for a VM that runs my Quicken. If someone steals the laptop and manages to get past BitLocker (RAM dump while the box is on), they would need to have the passphrase, the PIN from the eToken, and the eToken itself, to be able to mount that volume. A couple wrong guesses, the eToken zaps itself, so that gets rid of the brute forcing route in. (Of course, rubber hose crypto does work, but my biggest security scenario is silent theft of the laptop, not seizure and interrogation of the owner.)

      Disclaimer: TPMs are double edged swords, and they can be used to enforce DRM stacks, but I consider them a good thing in general. Especially because by the TCG spec, they are to be shipped disabled and unowned, so software companies cannot assume every computer user has one and can use it for copy protection.

      • Re: (Score:3, Informative)

        by cayenne8 (626475)
        "the US government already has a large and well established system, the DoD's Common Access Card."

        Yes, but, from what I've seen...pretty much ONLY the DoD uses that system. And knowing how turf wars go with gov. agencies..I doubt they want to share that system.

        • by Thng (457255)
          quick googling indicates the CAC grew out of HSPD-12 [cac.mil](homeland security presidential directive 12). All federal agencies were supposed to have issued these cards over the last year. Agencies such as USDA already use these for computer access. Everyone else, it's a fancy (and expensive) ID card.
          • by cayenne8 (626475)
            "quick googling indicates the CAC grew out of HSPD-12 (homeland security presidential directive 12). All federal agencies were supposed to have issued these cards over the last year. Agencies such as USDA already use these for computer access. Everyone else, it's a fancy (and expensive) ID card."

            VA doesn't.

            They're trying a homebrew card.....but....

    • by Anonymous Coward on Thursday September 17, 2009 @01:22AM (#29450959)

      The first link is about Obama staffer's former colleague being investigated for crime. I don't even know what or whose fault are you trying to imply with that.

      The second link is about the said staffer having committed a crime before. He shoplifted as a lot younger man, over a decade (13 years, to be exact) ago. He pleaded guilty and paid the fine... The "once a thief, always a thief" doesn't really apply to stuff like that. I myself shoplifted a few times when I was a teenager. I can understand a young man getting the small rush of doing something wrong there, with immediate risk of getting caught... It doesn't even imply that 13 years later one would have tendency to become corrupted or something.

      So, what could possibly go wrong?

      I think this is a great idea, as long as the programs the government will use will encrypt the data properly before storing it outside their servers. (though even that won't be necessary. I'm sure they won't use gmail for "top secret documents ;) )

      • I'm sure the military won't use outside servers for top secret stuff (too paranoid, thank god), but Josephine Yutz, who got appointed for the great work she did during Rep. Bullwinkles campaign, just might. We've seen a lot of dumb shites do stuff like that in the past when they should have known better.

        And "Cloud Computing", (god, I hate buzzwords) is okay for short-term projects that aren't critical, but all it would take is a couple of DDOS attacks on an external (commercial) server, or even just a servi

    • by timeOday (582209)
      Yes, the government must keep doing everything the same way it is now forever, otherwise something could possibly go wrong.

      You can't weigh the risks of the new way without considering the problems with how things are done now. Having thousands of independently run servers doing more or less the same thing throughout a big enterprise has lots of problems. Hopefully this will centralize widely-useful services, thus saving money on servers and administration. More importantly, it will give smaller departm

      • by cayenne8 (626475)
        The thing that worries me a little...what if the Feds start putting lots of stuff out on YouTube, etc...

        They put so much there, etc...that eventually, YouTube and other formerly private company services become "too large/important to fail"? So, then, the govt. takes them over and starts regulating and running the shows?

        I mean...with what has happened to private entities so far (banks, auto manufacturers), I think it is a legitimate worry.

        I think before they can use such resources, they need to pass some

    • by andy1307 (656570)

      Former Washington, D.C., CTO Vivek Kundra, who was recently appointed Federal CIO, has not been implicated in the FBI's corruption investigation, which centers on a city employee and a technology consultant.

      This is an outrage. We can't have people who've not been implicated serving in government.

  • by Anonymous Coward on Thursday September 17, 2009 @12:22AM (#29450689)

    ...they'll be too important to fail?

  • by CodeBuster (516420) on Thursday September 17, 2009 @12:23AM (#29450695)
    Since when did the term 'App Store' come to describe any server offering applications for download? I swear, once the marketers get their hands on a new tech term, what comes out the other end is pure and unadulterated bullshit. Soon the term 'App Store' will have about as much meaning as 'The Cloud' and the marketers will have moved on to their next buzzword kill.
    • If it was used as 'Application Storage' I could see that being a viable shortened term actually.
    • by mlts (1038732) * on Thursday September 17, 2009 @12:34AM (#29450745)

      Agreed. This seems to be more of an official non-classified download repository than anything else. If I were in a small business and called their samba share that had the install images of Office, Acrobat, and other licensed packages for internal use an "app store", I'd be looked at by their IT people like I was some troll or pirate.

      To me, a true "app store" is something like Apple's offering, Handango, Digital River, or a place where one looks through a catalog and either downloads a demo, or pays a license fee, then gets an executable to download.

      There are some things I'd like to see the USG do though, if they are offering a large repository like this for internal use. The first thing is to PGP or gpg sign everything on the store so if it gets tampered with, one can find the app that has no or an invalid signature. (I'd also like to see Authenticode signing on Windows installs, and gpg package signing on BSD/RedHat/debian as another method that is transparent to the user, but will alert them if something is not right.)

      • by syousef (465911) on Thursday September 17, 2009 @02:13AM (#29451137) Journal

        Agreed. This seems to be more of an official non-classified download repository than anything else. If I were in a small business and called their samba share that had the install images of Office, Acrobat, and other licensed packages for internal use an "app store", I'd be looked at by their IT people like I was some troll or pirate.

        A+++++++++++++++ commenter. Would read again!

      • Re: (Score:3, Interesting)

        by dkf (304284)

        Agreed. This seems to be more of an official non-classified download repository than anything else. If I were in a small business and called their samba share that had the install images of Office, Acrobat, and other licensed packages for internal use an "app store", I'd be looked at by their IT people like I was some troll or pirate.

        But the government isn't like a small business. It's like a very large business, and that sort of concept has been around for a while; we do the same thing for applications here with a secure webserver that employees (and students since we're a university) can download install images from, with appropriate invoices being generated internally if necessary afterwards (depends on what sort of license was negotiated with the vendor).

      • If I were in a small business and called their samba share that had the install images of Office, Acrobat, and other licensed packages for internal use an "app store", I'd be looked at by their IT people like I was some troll or pirate.

        Yes, but you'd be looked at by their management as though you were some kind of genius or saviour.

    • By their definition I am also running an "App Store" that's on my D: drive, even if it's just for me and my family.
      • by M-RES (653754)
        I think I'm going to complain to my ISP when I get threatening letters about file-sharing. I'll simply explain to them that I'm NOT sharing files, I'm running an 'App Store'.
    • I would agree, until I went to the page (www.apps.gov). They are actually selling applications (for example, a text editor for $75.19 [apps.gov]). Most of what they have now seem to be salesforce apps, but the best that I saw (in limited shopping) was the 500 MB of storage for $1,436.37 [apps.gov] (judging by other items on the list, I am assuming that they actually meant 500GB, but, hey, you never know).

      I work for the FAA. We can't even (officially) get a browser more modern than IE6 unless you are a web developer. How a
    • by mcgrew (92797) * on Thursday September 17, 2009 @08:17AM (#29452677) Homepage Journal

      They need lots of bullshit to fertilize their money trees.

    • by sorak (246725)

      hmmm...that gives me some ideas...

      "The Pirate Bay" is now an "App Store" running a Buy One, Get it Free sale. See, it's in business speak. That make it legal...

      "Linux, Now with the YUM App Store!"

  • by introspekt.i (1233118) on Thursday September 17, 2009 @12:40AM (#29450773)
    ..With transparency? Hell the federal government can't account for the money it's spending (by knowing where it's being spent), much less keep track of many of its records. I'm curious to see how spewing them all over the Internet is going to help us track on everything.
  • by 93 Escort Wagon (326346) on Thursday September 17, 2009 @01:21AM (#29450951)

    There's an app for that.

  • by ahodgkinson (662233) on Thursday September 17, 2009 @01:22AM (#29450963) Homepage Journal

    Fantastic. An App Store puts democracy back into the hands of the ordinary citizen.

    In fact, I think open an account right now, and buy myself a congressman.

  • According to a comment over at NASA Watch, this is going to be at least conceptually based on the NEBULA cloud computing platform developed by NASA Ames. It seems pretty cool and potentially quite useful. Calling it an "app store" is a really dumb analogy though, and gives absolutely no idea of what it actually entails:

    http://nebula.nasa.gov/ [nasa.gov]
    http://www.nasawatch.com/archives/2009/09/ames_will_help.html [nasawatch.com]

    I am the Project Coordinator for Nebula, the cloud computing pilot at NASA Ames. Nebula has been in R&D and under development for well over a year. There are many reasons that a large organization, such as NASA, would explore cloud. The Nebula team did an extensive trade study to see what public clouds out there could meet NASA's needs. None did. Either they were not fast and powerful enough to handle NASA's massive data sets or they did not comply with security requirements. NASA needed its own cloud. I won't go into technical specifics (you can read about them at http://nebula.nasa.gov/ [nasa.gov] but the Nebula team ended up creating something that is smart, powerful, and incredibly energy-efficient to boot.

    NASA was approached by the Feds because Nebula solves some cloud problems that are common among other Government Agencies. It is wicked fast, complies with FISMA and can scale to Government-sized demands. It is also rather forward-thinking in that it is built using open-source components and is incredibly energy efficient. Again, Nebula was created with NASA - not the Feds - in mind, but when they caught wind, they were interested too.

    I suggest that people spend some time reading about what is actually going on before they jump to conclusions. To my knowledge there have been no announcements that Ames will orchestrate the Fed's move to cloud computing or develop any new systems or technologies that were not already under development. NASA has been responsible for a number of innovative new technologies over the years. Memory foam, for example. NASA invented it, but are they out there selling mattresses? :) Some people seem so caught up in the politics that they have completely missed the point.

    Posted by: Gretchen at September 16, 2009 8:42 PM

  • by The Wooden Badger (540258) on Thursday September 17, 2009 @01:50AM (#29451065) Homepage Journal

    I don't know. I thought keeping data on old clunky servers is kind of necessary for purposes of the Freedom of Information Act and this whole "transparency" idea. They are going to start storing data in gmail and youtube accounts? Maybe I'm missing something, but this doesn't feel right.

    • Its one thing for FOIA, but companies hosting this data must be doing some kinda mining on it. Else whats in it for them? Bait and switch a free model, for a pay model later on. Why don't they just start up a wiki and let the people run the country, or wait is that too much like socialism?
      • Let the people run the country? Which country were you thinking of? It could not be the USA...
      • I can tell you one thing for certain as a cloud computing solutions engineer working in the federal sector, these companies aren't offering this to the government as a free model. There's a hefty price tag.
  • by MichaelCrawford (610140) on Thursday September 17, 2009 @02:38AM (#29451211) Homepage Journal
    I'm pretty sure "App Store" must be some kind of Apple trademark.

    However, it is possible to lose the rights to your trademark if it falls into common use. That's why so many companies defend their marks so vigorously.

  • 'Our policies lag behind new trends, causing unnecessary restrictions on the use of new technology,'

    And that's a bad thing?

  • The app store is designed for federal employees doing official government business and is not intended for use by the public.

    YouTube, GMail, and Wordpress are not designed for official government business. What's more the technology of today is not made to facilitate people interacting with their government. Being created by commercial interests It's made to do two things:

    1. Separate people from their money.
    2. Find out information about people and the types of companies and people they interact with, to increa
    • Re: (Score:3, Informative)

      Please, Vivek, explain away:

      Okay, that took 30 seconds with Google. Om Malik (a respected journalist not a notorious and admitted troll like Dvorak) looked into Dvorak's claims:

      http://www.examiner.com/x-10080-DC-Technology-Examiner~y2009m8d12-Dvorak-alleges-US-CIO-and-exDC-chief-is-a-fake [examiner.com]

      In short, for all the points he had an opportunity to verify it turned out Dvorak was wrong and it was clear Dvorak had not tried very hard to look into the matter since random bloggers were able to quickly find proof using public internet resources

      • Who's the troll? There are legitimate questions about the man, you have put to rest one of the many problems with his past, already pointed out by Dvorak in the article I linked to, and somehow the rest of the problems are supposed to just vanish now? Sorry, Vivek will have to answer for each of the accusations put forth, not just one of the many and the rest go away.
        Here's the stuff that Vivek has yet to resolve, from Dvorak's article. And I think they are major issues. Hell, any honest person thinks
        • Re: (Score:3, Informative)

          Who's the troll?

          Dvorak.

          There are legitimate questions about the man...

          Yup, questions and not answers. Questions like are you, Coolhand2120, a murderer. Asking that question without actually doing any research, when you're already a notorious troll, that's called trolling.

          Legitimate journalists looked, and so far have decided there is no story. Maybe at some point in the future someone will decide Kundra's background actually is suspicious, but not finding info with a quick Google search is not evidence that he's lying. Just as quickly googling "Coolhand2020 innocent of

          • From http://en.wikipedia.org/wiki/Defamation [wikipedia.org]

            Most jurisdictions allow legal actions, civil and/or criminal, to deter various kinds of defamation and retaliate against groundless criticism.

            Your claim that I am a murder was just made up, and I could actually sue you for libel in this country (USA), so you have proven yourself to be a complete jack ass. I never said "Hey I murdered someone", Vivek, on the other hand, did say he has a bio degree that seems to have vanished. And that's why Vivek can never sue

            • Your claim that I am a murder was just made up, and I could actually sue you for libel in this country (USA), so you have proven yourself to be a complete jack ass.

              I never claimed you were a murder. Can a person be a murder? I made reference to asking the question of if you're a murderer. I welcome your lawsuit. Good luck getting a lawyer. It's called an example, by the way, which demonstrates why the principal you propose is wrong.

              I never said "Hey I murdered someone", Vivek, on the other hand, did say he has a bio degree that seems to have vanished.

              Seems to have vanished? Or is Dvorak simply asking the question of if it vanished because he doesn't see it in any online resources?

              Your problem is you believe it to be the responsibility of the person refuting the unsubstantiated claim to prove his case.

              No, I believe when you've cried wolf many times and told people you cry wolf to drive advertising to your l

      • I'm sorry, but the link you posted does not answer the primary questions posed by Dvorak in the previous poster's link. Dvorak is basically saying, what has Vivek ever done that makes you think he has the stones to be the CTO for a Fortune 1000 company let alone the Federal Government?
        • Dvorak is basically saying, what has Vivek ever done that makes you think he has the stones to be the CTO for a Fortune 1000 company let alone the Federal Government?

          No, he's not. He's saying he looked into Dvorak's bio and could not confirm from internet searches that all of it was true, then he implies we should assume it isn't. He does this to generate traffic to his blog as people debate it because that's how he makes money. He's stated more than once he intentionally tries to drive traffic to his sight by putting inflammatory opinions and opinions he knows are unsupportable because that draws in people to comment about how wrong he is.

  • So, I was in DC last week at an event where all of the administration poobahs spoke and the big topics were data.gov and cloud services. When Apps.gov was announced, I assumed like other sites that it would have a citizen component to it. So, I wandered over and registered as a "visitor" (should have read the fine print on the page footer about only for federal employees / agencies part). Anyhow, I put a "free" social media app or two in my cart, just to see how the gub'ment would handle check-out (would
  • All this really is is welfare for all the tech cronies that supported the Obama campaign. Yahoo, Google, all were big Obama supporters, so much that even some righties wonder if right wing content is page ranked lower on Google. Now they get their share of the taxpayer trough.

     

  • by Ilgaz (86384) on Thursday September 17, 2009 @07:43AM (#29452417) Homepage

    I watched the presentation at NASA TV, it was given at NASA Ames Research Center.

    They have archive of it at Youtube:
    http://www.youtube.com/profile?v=eND7hT8JdwA&user=NASAtelevision [youtube.com]

    That is the guy presenting the idea himself. It was interesting enough to watch it at 4 AM my local time. The numbers guy gives, like the 20% of capacity used, everyone having their own data center, it may take $600.000 (yes, 600K) to setup a weblog in certain circumstances while it is free on blogger.com like services are amazing.

    As listeners are full of govt. guys, guy repeated 4-5 times that secret/critical things won't be on cloud, outside USA etc. What matters is, they will be forcing very strict privacy and security rules to vendors.

  • he should fit in with the rest of them I guess.
  • by Danathar (267989) on Thursday September 17, 2009 @08:03AM (#29452553) Journal

    People who are shaking at the knees about google and the federal government obviously are not aware that the government has been outsourcing data processing to offsite contractors for decades.

    Sheesh. Google is no different than ANY other contractor when it comes to the Federal government and has to abide by the same contracting rules as everybody else.

    Does this mean that it's any SAFER than at EDS, Booze Allen, Perot Systems, HP, IBM, etc? No. But it's not any less either.

  • Would someone please explain the difference between good old-fashioned corruption and "public-private partnerships" (of the sort that excites Bill Clinton and, apparently, the Obama administration)?
  • It's interesting how the government is portraying data centers as the problem. The video [datacenterknowledge.com] Kundra showed is like a bad political ad: when the data centers appear, the music turns ominous and the background grows dark. But when cloud computing is mentioned, the music turns happy and the landscape becomes green. I'm all for eliminating redundant technology spending, but where does Kundra believe these "clouds" actually live?

Wishing without work is like fishing without bait. -- Frank Tyger

Working...