Obama Administration Supports Recycling Code and Open Source

jones_supa writes: The Obama administration is seeking public comments on its open source policy. They have released for public comment a draft Federal Source Code policy to support improved access to custom software code. From the policy document: "This policy requires that, among other things: (1) new custom code whose development is paid for by the Federal Government be made available for reuse across Federal agencies; and (2) a portion of that new custom code be released to the public as Open Source Software (OSS)." Tony Scott, Federal CIO of the US government, mentioned one of the strengths of open source – cost saving. Scott wrote on the White House blog that the U.S. government "can save taxpayer dollars by avoiding duplicative custom software purchases and promote innovation and collaboration across Federal agencies."

Obama administration supports backdoors

[Anonymous Coward]

... which means that, by definition, it cannot support open source software.
http://www.nytimes.com/2016/03... [nytimes.com]

Re:

[Anonymous Coward]

I'm not sure where you are getting your definition from, but as long as the backdoor is open source, I don't see any conflict here.

Re:

[grimmjeeper]

Having the code for the back door open to the public is like giving away keys to anyone and everyone who wants it. It would render any encryption useless.

However, I think the OP is confused about things a little. Obama is pushing for private companies to install back doors so the government can spy on you. This article is about the source code for publicly funded software being open. Your phone is not government funded software so that's actually two different things.

Re:

[Bert64]

No it wouldn't...
You can release the code, while not releasing the keys. It would be quite easy to create a system with a default SSH public key such that anyone with the private key could log in, without having to release the private key. Of course such a backdoor would be obvious and quickly found, and people would surely remove or change the public key if they were using it themselves but it wouldn't help anyone else to actually gain access unless they were to also leak the private key.

Most encryption al

Re:

[grimmjeeper]

By definition, a back door lets you get access to the encryption without having the key. So not releasing the keys is irrelevant.

Re:

[Bert64]

No a backdoor just gives you access via a method other than the publicly disclosed one. A backdoored encryption where there are two keys just means that you need one of the two keys, it's quite possible to publish the source code without publishing the backdoor key, and equally possible for anyone with the source to remove or change the backdoor.

Re:

[grimmjeeper]

You really don't understand how encryption works, do you?

Re:

[tripleevenfall]

Right. The Obama administration wants the model to generally be proprietary and closed, except open to the government. They don't want everything to be open. They want it closed to everyone but them.

Re:

[ShanghaiBill]

Just because the license permits you to modify/redistribute it however you wish (the definition) ...

That is NOT the definition of "Open Source". You can modify OSS, and you can redistribute OSS, but you cannot do it "however you wish". All OSS licenses put restrictions on modification and/or redistribution. Only "public domain" has no restrictions, and while that is Open Source, it is not a license.

While Obama's proposal sounds good, it is actually a step in the wrong direction. Under current policy, much government source code is automatically in the public domain. So if this proposal uses any other

Re:

[vovin]

Which BSD license? The 2 clause or the 3 clause?

Re:

[Dragonslicer]

While Obama's proposal sounds good, it is actually a step in the wrong direction. Under current policy, much government source code is automatically in the public domain. So if this proposal uses any other OSS license, it will mean more restrictions, not fewer.

The difference with releasing government source code under a GPL-like license, instead of public domain or a BSD-like license, is that it would prevent private entities from taking that source code and using it in a closed-source product. Whether that's an advantage or a disadvantage is a matter of personal opinion; I think there are reasonable arguments either way.

Re:

[Tharkkun]

Just because the license permits you to modify/redistribute it however you wish (the definition) ...

That is NOT the definition of "Open Source". You can modify OSS, and you can redistribute OSS, but you cannot do it "however you wish". All OSS licenses put restrictions on modification and/or redistribution. Only "public domain" has no restrictions, and while that is Open Source, it is not a license.

While Obama's proposal sounds good, it is actually a step in the wrong direction. Under current policy, much government source code is automatically in the public domain. So if this proposal uses any other OSS license, it will mean more restrictions, not fewer.

It can be open and free to use among government entities without releasing it to the public. It's about re-using and sharing code instead of having each agency or project working in a silo.

Re:

[ShanghaiBill]

It can be open and free to use among government entities without releasing it to the public.

That is NOT what this is about. Sharing code within an organization does not require any OSS license. You can do that with full proprietary.

What?

[Etherwalk]

... which means that, by definition, it cannot support open source software.
http://www.nytimes.com/2016/03... [nytimes.com]

+4 Insightful? Look, government's position on backdoors is fundamentally wrong, as almost everyone who works in tech knows and almost nobody who works outside of tech understands or cares about. But that debate has nothing to do with open source.

The United States Government is the biggest purchaser on the planet, and we pay their bills. If they want to recycle code across their organization to save us money, great. If they want to open-source their unclassified software, great.

Unintended Consequences?

[sycodon]

If done in the full spirit of the summary, would that not create a mono culture of code that makes vulnerabilities available everywhere instead of just the agency in which it was developed?

Yes, especially when it comes to encryption

[vvaduva]

Yes, they support recycling code...old code..related to encryption.

Re:

[Waffle Iron]

There's no justifiable reason to disallow the distribution of binaries built from modified source code.

Which implies that there is no justifiable reason to deny your users the freedom to copy and redistribute those binaries as they please.

You were going to allow that, weren't you?

Re:The BSD and MIT licenses are the only real opti

[HornyBastard]

There's no justifiable reason to disallow the distribution of binaries built from modified source code.

My code. My rules. That is all the justification I need.
If you don't like my rules, don't use my code.

Disallowing that isn't promoting freedom; it's eliminating freedom.

The GPL is about the freedom of the code.
with the BSD/MIT/whatever licenses the code is more Free to start with. The GPL makes sure that the code stays Free.
If you don't like the GPL, don't use it.
You just have to understand that different types of people appreciate different types of freedom.

Re:

[shaitand]

"We're talking about open source software here, however. That means relinquishing control over how other people use the code."

No, that wouldn't be open source software. That would be public domain software.

"your intent is to control others (that is, to remove their freedom to act as they choose)."

Not at all, others are perfectly free to act as they choose. But my labor and efforts are not free, time is the one truly limited resource humanity has and the only freedom you are granted with a BSD/MIT license vs

Re:

[Anonymous Coward]

with the BSD/MIT/whatever licenses the code is more Free to start with.
The GPL makes sure that the code stays Free.

This is something that is often reiterated and that I strongly disagrees with, not necessarily the intention, but the definition of the words.

GPL has nothing to do with making sure that the code stays free. What GPL does is that it ensures that any software that is built on top of it will have to be open source.
When it comes to the original source code BSD/MIT/unlicensed distribution all ensures that the original source remains free. You can compile and distribute as many binaries you want, the source is st

Re:

[vux984]

GPL has nothing to do with making sure that the code stays free.

Please define 'free'.

What GPL does is that it ensures that any software that is built on top of it will have to be open source.

Ok. That Includes copies of the original source.

When it comes to the original source code BSD/MIT/unlicensed distribution all ensures that the original source remains free.

How is the GPL not ensuring this exactly?

You can compile and distribute as many binaries you want, the source is still out there,

How is this not the case with GPL?

this makes the "free" claim often put on GPL software a bit dubious since it limits what you can do with the software rather than ensures that you can decide on your own.

Its analogous to any system of freedom which states that your freedom ends where it starts to infringe on mine.

If you take a free project, add your 0.02 cents and change the license, then give it to me, then I don't enjoy the same rights you enjoyed. The GPL ensures that I'm just as free when i get your modified code as you were when you got the code from someone el

Not "your" code if taxpayer paying for it ...

[perpenso]

My code. My rules. That is all the justification I need.

We are talking about coding funded by US taxpayers. It you accept government funding then its not "your" code. The government should be allowed to put a non-restrictive license on things it funds. Much like code from NASA and other agencies that had been released to the public domain.

If you want to go by "your rules" then use only your money, your resources and your time. "Your" not necessarily being singular, plural in the case of a team of private developers too.

The GPL is about the freedom of the code.

The GPL discriminates against some taxpa

Re:

[qwijibo]

Microsoft uses BSD code. They couldn't do that with GPL code.

I don't like Microsoft or their products, but I would rather they use BSD code written by people who understand what they're doing than have Microsoft, yet again, reinvent the wheel.

When there's no possibility of the end result being open sourced, would you rather someone commercially benefit from using BSD code, or live with whatever fundamental security holes they can introduce starting from scratch?

Sometimes, "freedom" has to include the freed

Re:

[Anonymous Coward]

Sometimes, "freedom" has to include the freedom to be a douchebag.

Not "sometimes". Always. It's not freedom otherwise.

Re:

[shaitand]

"would you rather someone commercially benefit from using BSD code, or live with whatever fundamental security holes they can introduce starting from scratch"

Commercial benefit has nothing to do with it. You can commercially benefit while complying with the GPL. But would I rather someone is able to take my time in order to save their own without allowing others the same benefit or live with whatever fundamental security holes they can introduce starting from scratch?

I pick option C. I neither allow doucheb

Re:

[Bert64]

If you provide absolute freedom, then you also provide the freedom for some to take away freedoms from others. Releasing binaries without source is just such an act, you are using source which you had the freedom to receive and modify, but you are not extending that same level of freedom to others.

The GPL aims to ensure equality for everyone, which requires to impose an equal set of limits on everyone to avoid a select few from imposing their own set of limits on everyone else. Society works much the same w

New territory for GPL, restrict creator not user

[perpenso]

If you provide absolute freedom, then you also provide the freedom for some to take away freedoms from others. Releasing binaries without source is just such an act, you are using source which you had the freedom to receive and modify, but you are not extending that same level of freedom to others.

There is a fundamental flaw in this argument. Traditionally the creator of software is under no restriction under the GPL. They are free to dual license the code and use it in proprietary closed software. The GPL really only applies to users, people who modify the code. It allows these users to to re-distribute something they have not created.

The problem with this new context, government funded software, is that all taxpayers are part creators, part owners. The taxpayers paid the developer to write this

Gov't can give FSF authority over taxpayer code

[perpenso]

The government can't give a non-governmental organization like the FSF unrestricted authority over taxpayer funded code since the FSF will selective discriminate against some taxpayers. Also note that the FSF is free to re-write the GPL however it wants, GPL'ing code is a blank check to the FSF.

The only options are government authority or completely non-discriminatory licensing.

Re:

[Desler]

The weaker the chiphers the better. Because, you know, pedophiles and stuff.

Re:

[Locke2005]

Because you know pedophiles are going to use any of the hundreds of 3rd part apps to encrypt all there communications, i.e. the ones that Apple can't help at all to decrypt... or were you being sarcastic in the first place?

Re:

[Desler]

Yes, Captain Aspergers, I was being sarcastic.

Re:

[NotDrWho]

They're very tech *CEO* friendly, however. The Obama Administration supports giving them all the H1B's they want and are quite happy to help them artificially drive down all tech salaries as a result.

Re:

[PolygamousRanchKid]

I think we need to start granting H-1Bs for politicians. We don't seem to have enough politicians with the right skills.

What about gov't contractors?

[goombah99]

Does this mean that any code at a university which was associated with an NIH or NSF or DOE grant has to be provided freely to the govt?

Not really

[goombah99]

Look at all the commercialized code that have come out of universities.

Re:

[tomhath]

No. This proposal is already what federal law requires. But it's an election year so they are saying whatever will get votes.

Re:

[cayenne8]

Huh ? Does that mean that right now, code that is developed for one agency, doesn't get reused by another ?

Simple answer is YES.

You act at this?

It has worked this way forever really....but is getting slightly better.

But, unless this is for a new department or govt agency....most software is coming in to be built upon or added to a pile of old code/systems of legacy systems cobbled together over the years.

Most of them have at their base, old stovepipe legacy systems, or maybe multiple stovepipe systems

Re:

[Infiniti2000]

Huh ? Does that mean that right now, code that is developed for one agency, doesn't get reused by another ?

In many cases, yes, though I'm not sure of the number of cases in each. For example, most code developed by the DoD is by default Distribution D [dtic.mil], which doesn't allow distribution to other (non-DoD) government agencies.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Lame duck President wants to be the hero now

[NotDrWho]

Hooray?

Re:

[KGIII]

That's kind of odd as it's the second to last option, the last being to discard. The terms are reduce, reuse, recycle. There's some merit to that and, as near as I can tell, it applies to code as well as anything.

In related news...

[PopeRatzo]

Donald Trump has announced that he's going to make Open Source great again by putting the "SS" back in "OSS".

Mod parent up?

[Crowd Computing]

They see the opposition that President Trump is receiving, and they see the source of this opposition. And they start to think that President Trump is right, and that he's needed more now than ever before. His support continues to grow and grow, all thanks to those who are trying to oppose him!

By this logic, if I modded you down, I'd mod you up.

Re:

[Locke2005]

To a certain extent, the troll is right: attacking Trump increases his support from his followers. My worst fear is that someone will attempt to assassinate Trump and fail, thereby making him enough of a hero to get elected. Of course, I wouldn't put it past Trump to fake an assassination attempt just to increase his "ratings", because he is enough of a narcissist to do that.

Re:

[PopeRatzo]

Do you and your fellow President Trump denigrators realize that...

"...not many people know it, but the Fuhrer was a terrific dancer. And he could paint an entire apartment in one afternoon...TWO COATS!"

https://classicmovienight.file... [wordpress.com]

Re:

[Locke2005]

Just keeping drinking that koolaid; you'll be rewarded in due time...

Open Source AHA Exchange

[BiggoronSword]

The Obama administration should open source the AHA exchange; let market competitors fix and replace it.

Re:

[BiggoronSword]

ACA*

Re:

[ArchieBunker]

Nah Trump will repeal it when he wins.

What code reuse really means...

[__aaclcg7560]

The people who run the Department of Re-inventing The Wheel will get laid off.

Nobody Wants It

[avandesande]

So government is going to have to release source code from some crappy custom HR or accounting application? Really folks think about the business applications you work on.

What about other IP?

[rayzat]

The Federal government pays a lot of money for research and development in a lot of areas, architecture, bridges, roads, jet engines, custom ASICs, etc etc. I used to design custom racks, brackets, conduit routing, power/heating/cooling systems for electronics. Think Humvees with quarter racks to a full mobile data center. It eventually got to the point where we were only doing something new/innovative every 3rd or 4th deal. Every other deal was use the bracket designed for A, the rack from B, the generator from C, etc. If we had to release those cad drawings we would have had no competitive edge. If they're saying code should be reusable across agencies and parts should be made open, when stop just at software?

Maybe we'll finally get new code here?

[damn_registrars]

Considering President Obama has approval ratings on slashdot that are about even with the Ebola Virus or Kim Jong-Un, I would expect that his endorsement of recycling code would encourage the monkeys that write slashdot to cough up some all-new code very soon. This might be the greatest gift Obama has given to the slashdot community since ... well, likely ever.

Just great!

[PPH]

Another bin I have to haul out to the curbside every week. Worse yet, they'll make us sort it first. Perl goes in the green one, C++ in the blue (please remove and discard templates first), VB goes in with the compost.

Seems like a no-brainer

[Locke2005]

Any software paid for by public funds should be made available for public use, duh! We also need to open source all textbooks, and put all the for-profit textbook companies out of business. Seriously, a huge chunk of our education budget goes to publishers, and open source text would be freely downloadable to tablets, making it cheaper, more current, and more correct, sense any errors could be instantly corrected. Put out bounties, and pay students for finding "bugs" in the text, that'll make those little b

API

[kyldere]

To me, this means that someone in the government understands what an API is. This is great news!