
The People's Code - rmason
https://code.gov/#/
======
joshdotsmith
I really like the work of folks at 18F, USDS, CFPB, et al.

Bearing in mind that I'm ecstatic to see this collection of projects and
someone clearly put a lot of time and effort into this already, I do have
couple points of hopefully constructive feedback here:

\- Please list all of your repositories and feature ones that you think
deserve special recognition. Seeing all your repos is a 4-step process
otherwise: click on the project, click on the link, click on the
acknowledgement that I clicked a link, click on the organization name on
GitHub. [1]

\- Some information on contribution policies, pulling in your README.md, etc
would be helpful on this site. [2]

\- When I click on the link to go to your repo, I know I'm clicking a link
that leaves your site. You even say so. "But you probably knew that already."
Don't hijack it, please. [3]

\- The activity feed doesn't provide much value in its current form. Most of
these GitHub events are completely without context. [4]

EDIT:

I've since opened the following issues on [https://github.com/presidential-
innovation-fellows/code-gov-...](https://github.com/presidential-innovation-
fellows/code-gov-web/issues). Anyone who has feedback, definitely let them
know (kindly!).

[1] [https://github.com/presidential-innovation-fellows/code-
gov-...](https://github.com/presidential-innovation-fellows/code-gov-
web/issues/125)

[2] [https://github.com/presidential-innovation-fellows/code-
gov-...](https://github.com/presidential-innovation-fellows/code-gov-
web/issues/124)

[3] [https://github.com/presidential-innovation-fellows/code-
gov-...](https://github.com/presidential-innovation-fellows/code-gov-
web/issues/123)

[4] [https://github.com/presidential-innovation-fellows/code-
gov-...](https://github.com/presidential-innovation-fellows/code-gov-
web/issues/122)

~~~
ncallaway
I'm impressed with how quickly they responded to [3], but unfortunately the
answer was exactly what I expected on this one.

> We fought the law and the law won unfortunately. We're hoping to get more
> leeway on this in the near future from the legal team. Stay tuned!

Lawyers. The answer is always lawyers.

~~~
icc97
Getting a quote from The Clash from the US Government, that's actually pretty
awesome.

~~~
TheArcane
The Clash?

~~~
jwarren
The Clash.

[https://www.youtube.com/watch?v=KsS0cvTxU-8](https://www.youtube.com/watch?v=KsS0cvTxU-8)

~~~
pokemon-trainer
"I Fought the Law" is a song written by Sonny Curtis of the Crickets and
popularized by a remake by the Bobby Fuller Four, which went on to become a
top-ten hit for the band in 1966 and was also recorded by the Clash in 1979.

~~~
icc97
Yes indeed you're correct. Another nice theory of mine ruined by actual
evidence. I'm still hoping that the guy making the comment got it from The
Clash though, just cause I'm biased towards them.

------
former_govt
I admire the work that 18F is doing, and live in the DC area, even contracted
for the government early in my career -- but I can never go back. I just
fundamentally disagree with the security clearance apparatus is in place and
never want to subject myself to that again. Especially when purely private
companies pay more and don't care what you do in your personal time.

Working for the government felt like being a child again.

~~~
bretthoerner
What was so bad about the security clearance aspect?

~~~
former_govt
They want to know deeply personal details about your life, show up at your
neighbour's and friends doors to question them, have explicit control over
where you can travel on your vacation, deeply care about what you do in your
free time, and mishandled all of it -- all in the vague guise of preventing
blackmail and sabotage.

The blackmail and sabotage argument, as near as I can tell, is a farce because
our enemies and "friends" are engaged in massive corporate espionage. If it
were a real concern to them than they would use thier powers to require the
same level of scrutiny on the private sector.

In addition to that they say be truthful so you don't have anything to hide to
prevent possible blackmail by foreign powers, but in reality it's the truthful
ones who don't make it through the process.

I've come to the conclusion that it's really just about having an excuse deny
employment to "people not like us."

~~~
utnick
Its pretty backwards if you think about it, if the places you go or people you
know or mistakes you make, can easily make you lose your security clearance
and therefore your career could be ruined, it makes you much easier to
blackmail than under a system that was more laissez-faire

~~~
JustSomeNobody
Hmmm... If that were true we'd have lots of empirical evidence, so I'd like to
see some link to that.

~~~
pdkl95
> we'd have lots of empirical evidence

That assumes there would be many attempts at this kind of blackmail, and that
any attempts that did occur were discovered and documented.

> I'd like to see some link to that.

Even if the conditions above were satisfied (which I find highly unlikely),
this assumes that we (the public) have access to the documentation.

------
OliverJones
How about open source code for some makes and models of voting machine?

The US Veterans' Administration health records software system is in the
public domain.
[https://en.wikipedia.org/wiki/VistA#Licensing_and_disseminat...](https://en.wikipedia.org/wiki/VistA#Licensing_and_dissemination)
But it's not listed here. (It's also kind of complex. "wget; tar x;
./configure ; make" probably won't get you a running instance. Still.

~~~
mi100hael
Voting machines are products produced by private firms. Getting them to
publish the source code is about as likely as getting Apple to publish the
source for iOS.

~~~
trendia
Actually, with monopsony it's rather simple:

"If you don't publish the code, then we will have to use paper ballots."

~~~
schmidty
No effort towards innovation would then go into that sector. Ever again.

~~~
diyorgasms
I'm not sure if this it's a popular decision, but I don't really think the
private sector should be innovating with our electoral system. Integrity is of
utmost importance, and voting machines have been proven vulnerable in the
past. I don't think the private sector has appropriate motivation to really
get voting right.

~~~
cmurf
The difficulty is the purse strings to pay for election infrastructure comes
from politicians. Private firms have funds for product advocacy without
advance funding from government, unlike open source solutions. So the entire
field is distorted from day 0 when it comes to proprietary vs open source.

A smarter thing to do would be to create a selection pool defined as any
registered voter over the age of 75; and from that pool they choose their
election technology board. And that board procures the election system based
on the budget the legislature gives them. That is, the budget is the budget
only, it doesn't say anything about what technology or brand is used, the only
attachment is that funds are used for the state election system. If someone
over 75 can't understand how our election system works, we're screwed, and in
fact we've seen how voting systems have failed, have altered the outcome of
elections, and because they had no paper trail, and no meaningful way to do
recounts or audits there's no recourse.

------
CiPHPerCoder
[https://github.com/samilliken/openDCIM/search?utf8=%E2%9C%93...](https://github.com/samilliken/openDCIM/search?utf8=%E2%9C%93&q=unserialize)

[https://github.com/USEPA/E-Enterprise-
Portal/search?utf8=%E2...](https://github.com/USEPA/E-Enterprise-
Portal/search?utf8=%E2%9C%93&q=unserialize)

Looks like the US Government is oblivious to the risk of PHP Object Injection.

[https://paragonie.com/blog/2016/04/securely-implementing-
de-...](https://paragonie.com/blog/2016/04/securely-implementing-de-
serialization-in-php)

It looks like they're publishing code that, in particular, is vulnerable to
CVE-2015-2171.

[https://github.com/samilliken/openDCIM/blob/d3e137294179e392...](https://github.com/samilliken/openDCIM/blob/d3e137294179e392321265567b6ad32ffe738c5f/Slim/Middleware/SessionCookie.php#L127)

~~~
Alupis
You should send in a pull request, or file a bug report in the repo.

~~~
CiPHPerCoder
I'm not on their payroll, and I'd already fixed the CVE upstream _over a year
ago_ , so no.

~~~
Alupis
You took the time to go search through those repos, and then took the time to
come here and point out your findings.

You could have easily just copy pasted what you wrote here into an Issue on
those repos.

It would have helped out your government, made these projects a tad bit
better, and taught a few developers something they'll remember in the future
when they write more software for the government.

It's part of the "spirit" if you will. Let's support these efforts - they're
long overdue and difficult enough to get done for those few trying.

~~~
joepie91_
Reporting issues to a vendor takes a _hell_ of a lot of effort and time
compared to idly posting them in a comment thread.

This is like those remarks along the lines of "it only takes 5 minutes to
submit a patch to the documentation". No, it doesn't - it takes 5 minutes to
_write_ it and create a PR, and usually two hours to defend it from the
maintainer's criticisms.

~~~
iamatworknow
>usually two hours to defend it from the maintainer's criticisms

Isn't that what we want, though? Discussion and review, particularly with the
people who are most familiar with the project (the maintainers) is what makes
software better, not worse. If you're not willing to do that then why comment
on issues you find in open source projects at all, other than to stroke your
own ego?

~~~
CiPHPerCoder
> Isn't that what we want, though?

Generally. But on the other hand, no, this isn't a monoculture, where everyone
wants the same exact thing.

> Discussion and review, particularly with the people who are most familiar
> with the project (the maintainers) is what makes software better, not worse.

Tell that to vim:
[https://github.com/vim/vim/issues/638](https://github.com/vim/vim/issues/638)

Tell that to node.js:
[https://github.com/nodejs/node/issues/5798](https://github.com/nodejs/node/issues/5798)

Tell that to WordPress:
[https://core.trac.wordpress.org/ticket/21022](https://core.trac.wordpress.org/ticket/21022)
[https://core.trac.wordpress.org/ticket/25052](https://core.trac.wordpress.org/ticket/25052)
etc.

Despite all of the time that industry experts have contributed towards
identifying and discussing security problems, these projects have severe
_inertia_ in the security realm.

How much more time do you want us to carve out of our lives for projects that
won't fix their problems?

> If you're not willing to do that then why comment on issues you find in open
> source projects at all, other than to stroke your own ego?

I don't like the way this is framed. It's a hidden false dichotomy.

~~~
iamatworknow
I don't disagree with your or joepie91_'s points in that many (maybe most)
open source project maintainers are perhaps more guarded and difficult in
accepting contributions than they should be.

That said, even if you submit a pull request or an issue ticket and the
maintainer doesn't follow up, or is making the issue unnecessarily complicated
to resolve formally and merge into the main branch, at least the record of
your findings is there attached to the repo as a rejected pull request or a
closed issue ticket, and that can help someone who comes along after the fact
who maybe experienced the same issue you did and can benefit from your
comments. Maybe that same person who comes along later _will_ have the time to
fight for having the changes merged, and can use your comments as further
evidence that the issue is worth reconsidering.

I stand by the idea that finding the issue, but posting it on an unrelated
forum (like HN) instead of attaching it to the project itself serves no
purpose than to tell others who are probably not even users of the open source
code "look at this problem I found/solved, aren't I great?"

~~~
CiPHPerCoder
In this case: I did, and it was immediately closed without any change to the
code, documentation, process, or culture.

~~~
Alupis
> In this case: I did, and it was immediately closed without any change to the
> code, documentation, process, or culture.

You left out the part where they told you this perceived issue did not impact
their codebase, due to how they were using the upstream project you cited.[1]

> While this is an issue it does not affect us as we aren't using session
> cookies with slim

You then started to rant about how they don't update their dependencies "quick
enough".

[1]
[https://github.com/samilliken/openDCIM/issues/837](https://github.com/samilliken/openDCIM/issues/837)

~~~
joepie91_
> You left out the part where they told you this perceived issue did not
> impact their codebase, due to how they were using the upstream project you
> cited.

This is _completely_ irrelevant. Vulnerable dependencies are vulnerable
dependencies, and trying to avoid updates because you're "not affected" is a
really good way to get owned.

This is for the exact same reason that "yes, there's an XSS vulnerability in
the admin panel, but that doesn't matter because it requires an admin login"
is invalid. At _some_ point, somebody is going to combine multiple
"unexploitable" vulnerabilities or exploitation paths that you overlooked, and
successfully compromise your system.

A vulnerable dependency means that you need to update that dependency, full
stop. No exceptions.

~~~
Alupis
Whether it's relevant or not is up for the project maintainer to decide. All
anyone can do is point out what they perceive as a potential problem, and then
let the others take it from there.

CiPHPerCoder didn't exactly do that. He came out guns ablaze from the start,
using bolded text, italics and inflammatory phrasing - basically just stopping
short of calling the project maintainer a complete idiot.

It's not surprising CiPHPerCoder got the reaction he did - it is, however,
surprising he decided to do all this under his company's name.

It's almost like CiPHPerCoder is personally offended that some joe random
developer hasn't heard about some obscure CVE CiPHPerCoder was involved with,
or that they didn't handle it like he would like. "Do you know who I am!?"

The initial issue was he came here and ranted about it, instead of pointing it
out to the projects. Eventually he "gave in" and reported it to a single
project, but took this holier-than-thou tone and was aggressive the entire
time. That's ridiculous.

~~~
CiPHPerCoder
> It's almost like CiPHPerCoder is personally offended that some joe random
> developer hasn't heard about some obscure CVE CiPHPerCoder was involved
> with, or that they didn't handle it like he would like. "Do you know who I
> am!?"

Except this isn't "some joe random developer", this is software created by and
for the US government, which is featured on code.gov.

I'd expect them to take security seriously and apply all upstream security
patches immediately, not sit on them for years after they've been resolved.

Anything but that is sheer negligence. What _else_ hasn't been updated which
contains vulnerabilities that _do_ affect them?

> The initial issue was he came here and ranted about it, instead of pointing
> it out to the projects.

That's what joepie91 was trying to explain to you.

> Eventually he "gave in" and reported it to a single project, but took this
> holier-than-thou tone and was aggressive the entire time. That's ridiculous.

Would you rather I do that or not report it to them at all? Choose only one.
If I'm going to do it, I'm not going to do it your way. You can if you want.

Personally, I'd rather not report bugs at all. Until you've reported
vulnerabilities to two or three dozen different projects, this might not mean
much, but: _It burns you out to keep reporting the same flaws to different
projects._

Having developers respond to security risks with an air of entitlement just
turns up the heat on the burn-out engine.

The first response to my comment here was

    
    
      You should send in a pull request, or file a bug report in the repo.
    

Pay attention to the _order of operations_ here. The "should" is immediately
associated with a large amount of unpaid work, with an alternative that would
also be a large amount of unpaid work disguised as a hypothetically smaller
amount of effort. But as others have stated: It's not.

> It's not surprising CiPHPerCoder got the reaction he did - it is, however,
> surprising he decided to do all this under his company's name.

Even if I had remembered to switch Github accounts, people would still
associate it with my employer anyway. Kind of a moot point, really.

I gave you what you asked for. Next time, maybe don't tell people what they
should do? It's rude to bark orders like that, and it won't get the result you
want.

~~~
Alupis
Perhaps if you didn't act like a jackass when reporting bugs, you'd have
better interactions, and get less of the "burn out" feeling you're describing.

And next time you decide to put on a show, consider not doing it under your
company name.

You're forgetting this arrogant display is here for all to witness, including
folks who may (or may not, now) want to contract your company in the future.
You also seem to forget the very folks behind code.gov are the same ones that
influence who gets contracted with the government...

The people working on code.gov and all of the repositories are truly doing
something great. Code has been in the federal government for at least 60
years, probably longer - and this is the first time something like code.gov
has been produced. It's an amazing effort, and it's surely not easy to effect
change like this at the federal level.

The open source initiative will help increase code quality at the federal
level, as well as encourage less duplication of efforts (different agencies
likely solve similar or the same problems very often). It also encourages a
baseline standard of code and organization. This is a fantastic beginning!

Next time, a simple "Hey, did you guys know about CVE-2015-2171? You may have
some vulnerabilities." is all that's needed. Instead, you let everyone know
you were in a fit of rage - how dare someone suggest you comment on an issue
you brought up!

We need to encourage and support these efforts, not shit all over them.

In short, don't be an ass... please.

~~~
CiPHPerCoder
> You're forgetting this arrogant display is here for all to witness,
> including folks who may (or may not, now) want to contract your company in
> the future. You also seem to forget the very folks behind code.gov are the
> same ones that influence who gets contracted with the government...

If you base your "security talent" hiring decisions the same way you approach
"contract customer service representative decisions, you'll end up with very
pleasant people who don't know jack shit about security. Which would explain a
lot of the results we're seeing. So you might be right.

If anyone is reading this thread and wants their software to be _actually_
secure-- no sugar-coating or letting bad decisions happen-- get in touch. :)

> The people working on code.gov and all of the repositories are truly doing
> something great. Code has been in the federal government for at least 60
> years, probably longer - and this is the first time something like code.gov
> has been produced. It's an amazing effort, and it's surely not easy to
> effect change like this at the federal level.

For once, we are in agreement.

> Next time, a simple "Hey, did you guys know about CVE-2015-2171? You may
> have some vulnerabilities." is all that's needed.

OK, why didn't you do that then?

It's so easy to tell others what to do, when you have no skin in the game.
What will you do next time?

    
    
      - Tell the other person what to do.
      - Do it yourself, because it clearly matters to you.
    

> We need to encourage and support these efforts, not shit all over them.

> In short, don't be an ass... please.

I won't be an ass if and only if folks aren't making demands of how I spend my
leisure time.

------
jknoepfler
This is a great idea. I feel like the big picture isn't open source code for
government, but open source APIs for interacting with the government. In the
medium-term future, I think we should push for a system where all government
documents that ought to be a matter of public record are managed in a publicly
readable versioned source repository like, like a federal git server.

Other things that I'd like to see in publicly visible git repositories:

\- federal laws and regulations (particularly regulations, standards, etc.).

\- procedures (rules for federal processes)

\- all documents for making requests of the federal government, with
mechanisms for getting those requests to the right place.

~~~
JustSomeNobody
Absolutely![0]

[0] I know this doesn't contribute to the conversation and is frowned upon,
but I had to exclaim when I read this.

------
pdkl95
Why the subsidy to Google? Sending tracking data to Google isn't appropriate
for a government site.

    
    
        <script>
          /* i='GTM-M9L9Q5' */
          /* ... */
          src='https://www.googletagmanager.com/gtm.js?id='+i
          /* ... */
        </script>
        <!-- ... -->
        <noscript>
          <iframe src="https://www.googletagmanager.com/ns.html
                       ?id=GTM-M9L9Q5&gtm_auth=GTM-M9L9Q5"
                  height="0" width="0"
                  style="display:none;visibility:hidden">
          </iframe>
        </noscript>
    

Also, requiring Javascript in a single page application is a terrible design
for this kind of site. Almost all of this can be static pages or traditional
web frameworks. Requiring Javascript made the download much larger than
necessary, slowed down the page load time a lot, and forced the page to reflow
multiple times as the data arrived. A wide variety of web frameworks could
have rendered and cached static pages instead of massively over-engineering
the site as an "app".

~~~
jonknee
Just a wild guess here, but I bet they're using Google Analytics for the same
reason everyone else uses Google Analytics--to see what their audience is
looking at.

> Also, requiring Javascript in a single page application is a terrible design
> for this kind of site.

Good luck making a single page application without Javascript! It is all in 25
requests and 668KB, not the lightest site, but that's actually less data than
the homepage of Google is today. It's also properly setting expires headers so
future page loads are very quick.

~~~
pdkl95
I know why they want analytics; I'm asking why they are giving out live
tracking data to a single private company. This free data is effectively a
subsidy.

> Good luck making a single page application without Javascript

The bad design decision was making it a single page application in the first
place. This should be a static site, or very lightweight (and easily cached)
framework.

> 25 requests and 668KB

That's an _obscene_ amount of bloat. This should be 3-5 requests not counting
images, and 668kB is an order of magnitude too big.

> less data than the homepage of Google is today

Comparing against another massively over-engineered, bloated web page isn't
particularly useful.

> expires headers

That's great, but it doesn't affect the initial download size or the
memory/CPU usage in the user agent.

[https://vimeo.com/147806338](https://vimeo.com/147806338)

~~~
jonknee
> I know why they want analytics; I'm asking why they are giving out live
> tracking data to a single private company. This free data is effectively a
> subsidy.

How is it a subsidy? They are getting the analytical data they want and are
not having to pay anything for it. They could spend tons of time and money to
build an analytics system, but that sounds like a waste of tax dollars. You'll
also notice that their code is hosted on GitHub, is that a subsidy too?

------
kensai
"The Federal Source Code Policy is designed to support reuse and public access
to custom-developed Federal source code. It requires new custom-developed
source code developed specifically by or for the Federal Government to be made
available for sharing and re-use across all Federal agencies. It also includes
an Open Source Pilot Program that requires agencies to release at least 20% of
new custom-developed Federal source code to the public."

That's really nice, but I think the 20% is too little. It should be at least
50%. They could still keep a critical low percentage secret.

~~~
random_rr
20% is a LOT! Consider the amount of work it takes to open-source things. It's
a huge step forward.

~~~
joshdotsmith
What do you think takes the most effort to make these projects open source? If
this were the policy for all new projects, why would that be difficult?

~~~
random_rr
There is a lot of internal resistance to open sourcing code. Lots of people
believe that their code is their secret sauce - and why would you have highly
paid consultants create code just so the next department can take it?

There's also security concerns to take into account - which I know someone
will say is a good thing, because of transparency and so forth. But just
realize that it's not a trivial amount of work to clean up a code-base and
display it to the public all of the time.

And if the policy were open-source by default, the unspoken policy for project
managers would be "automatically submitting a request to be closed source"

It's not perfect, but I know that 20% is a lot, and I think anyone who's
worked in the sector would agree.

~~~
colejohnson66
But isn't everything made by the government in the public domain?

~~~
Forge36
Assuming that's true, private companies contracted by the government may not
be under that same requirement (think military specs and designs). The output
as a whole may be public domain (I know what an F22 is, and the parts to build
one, but the specs to those parts are proprietary) but the operations, and
binaries,(specs and requirements to build the individual pieces) to produce
that output may remain private.

------
weka
Took a look at some of the code.

I see one for Gov of Commerce:

The Commerce.gov API is under active, but not public, development. As such,
API code is not currently made available publically. This Github repository
will be used to collect and respond to feedback regarding the API and engage
with developers interested in using the API.

\---

I don't believe that's the correct usage of GitHub. What's the point if you're
not going to showcase the code?

~~~
greglindahl
They said what they think the point is in what you quoted: "to collect and
respond to feedback..."

I can see why you might not like it, or not agree with it, but it's not like
they didn't say it!

~~~
toomuchtodo
My feedback would be a FOIA request for commerce.gov's API code, and a PR to
add it to their repo.

~~~
dangrossman
You can't make an FOIA request for code. You can only make requests for
_agency records_ , and in the definitions section of the bill, computer code
is explicitly listed as something that _isn 't_ an agency record.

"computer software, including source code, object code, and listings of source
and object codes, regardless of medium are not agency records"

~~~
toomuchtodo
Works created by the federal government are in the public domain, per section
105 of the copyright code. So you'd be right I can't use a FOIA request to
obtain the code, but if obtained through other methods, I believe I'm in the
clear for hosting it on Github.

~~~
greglindahl
Basically, you're trying to figure out some way to piss off the techies and
managers you want to convince to be more open? Even if FOIA worked on code,
you really aren't helping your cause..

~~~
toomuchtodo
> you're trying to figure out some way to piss off the techies and managers

I'm not trying to piss anyone off, but to be honest, I don't really care if I
do. I'm simply trying to pry government open into being more transparent
through any means necessary.

> you want to convince to be more open

No. Not in the slightest. My opinion doesn't matter anywhere in government, so
I'm left with the tools at my disposal.

> Even if FOIA worked on code, you really aren't helping your cause..

When the carrot doesn't work, one must use the stick.

------
neom
This is awesome! At work we're trying to help with this at the municiapl
level, it's hard so it's really great to see it coming from the Fed. Shout out
to Becky Sweger[1] from 18F who has been instrumental in helping move things
forward, talking about open data and open code.

[1] [https://twitter.com/bendystraw](https://twitter.com/bendystraw)

------
sandGorgon
The one project that i would love to see opensource is the FBI Sentinel
project.

A lot of countries have broken infrastructure for law enforcement. Just like
USAID, it would probably be more efficient to give software that can be
adopted.

The sentinel project captures millions of man hours of wasted... and
ultimately successful product development - all focused towards law
enforcement collaboration. It would be good to have that.

------
tommynicholas
If there's one thing that deserves a federal massive budget, it's this. If
laws and regulations can be understood easily by software, we would remove so
many problems the government creates. Complexity would be easier to manage,
but also transparency would inherently breed simplicity.

~~~
zanny
Just for an example, HNR Block and other companies built on doing your taxes
for you lobby the government to prevent simplification of the tax code,
because they profit off its complexity.

The same applies to almost all law. The complexity does not exist without a
reason - there is almost always some entity actively funding the continued
obfuscation of law for profit.

So don't expect government to ever actively get simpler, because that would
only benefit the outsiders rather than incumbents in the industries such laws
affect, and those outsiders never have the capital to compete in lobbying and
bribery.

~~~
trendia
The bigger influence on the tax code is the litany of deductions, which are
lobbied for by the wealthy.

The value of a $100,000 deduction is worth $30,000 to a wealthy person, but
probably around $1 for H&R block.

edit: fixed

~~~
maxerickson
It's worth more like $30,000. You only save the tax on the deduction, not the
whole thing.

(and some deductions will of course be worth less than the tax; a $100,000
donation to the Red Cross costs $100,000 and doesn't have any financial
return, so the $30,000 tax benefit there costs $70,000)

------
qwertyuiop924
Most of the code looks fairly dull and single-purpose. Except NASA's code, as
you may expect. Trick and OpenMCT both look at least interesting, and OpenMCT
in particular could be used as the basis for many an interesting web-based
project.

~~~
uabstraction
I've already seen OpenMCT integrated with Kerbal Space Program. It looks like
a great platform for real-time sensor data visualization. I'd love to hook it
into a drone and violate some FAA regulations :)

------
amluto
In case any code.gov website people are looking: there's an unfortunate bug:
when the site is first loading on a slow network, you can see all the agency
names and click them, but they all show text like "No repositories found."
This made me think that this was a brand-new project that hadn't done anything
yet.

Also, the little department logo images shouldn't have alt-text. That alt text
of the department name overlays the actual text of the department name and
just makes it even less accessible when the image isn't there.

(I suppose the lesson for web development in general is to test on a slow
connection.)

------
idlewords
Why does this simple landing page have to be over 600K and require Javascript?

------
matthjensen
I wonder how they will determine which open source projects are included at
code.gov. For instance, I contribute to a few projects that are used within
government for determining the economic impacts of fiscal policy, and the code
is in the public domain. I'd love for them to be included at code.gov, but I'm
not sure whether they meet the criteria.

~~~
brainfire
The general guidelines are in the policy [0], linked from the launch
announcement [1], but each agency's CIO is responsible for the particulars at
their org. If it's not a new project post-August it won't contribute to the
20% so it might not be reviewed for release without someone suggesting it
specifically, I would guess.

[0]
[https://www.whitehouse.gov/sites/default/files/omb/memoranda...](https://www.whitehouse.gov/sites/default/files/omb/memoranda/2016/m_16_21.pdf)

[1] [https://www.whitehouse.gov/blog/2016/08/08/peoples-
code](https://www.whitehouse.gov/blog/2016/08/08/peoples-code)

------
liveoneggs
is this page 508 compliant? I look to .gov to show some examples of
accessibility

------
breakingcups
This is a step in the right direction, a thank you to the people who helped
make this possible.

------
initram
They already have some Swift projects [0], which I think is kind of cool. Not
sure I would want to use code named "Bro" or "Conman" though. lol.

[0] [https://code.gov/#/explore-code/agencies/DOL](https://code.gov/#/explore-
code/agencies/DOL) [1] [https://code.gov/#/explore-
code/agencies/DOE](https://code.gov/#/explore-code/agencies/DOE)

~~~
qwertyuiop924
Bro is actually already a widely used and incredibly popular piece of
software. However, I don't think the main branch is developed by the US
government, so this may be the DOE trying to dodge the law.

------
dnprock
I suggest having a search feature across all repositories.

------
thinkcomp
How about open PACER?

~~~
greglindahl
That's a Judicial Branch screwup, not Executive Branch.

Check out the RECAP project. So far, that's the best we've got.

------
skiplist1
Just an honest question. Can I obtain some estimation of the capabilities of
CS people working for the government by just reading all these code. Will I
find here a glimpse of code beautifully designed and tailored to solve some
really deep problem that require real intelligence?, can I use these code to
learn how to code a big project?

------
yellowapple
Apparently Github supports displaying STL models:
[https://github.com/nasa/NASA-3D-Resources/blob/master/3D%20M...](https://github.com/nasa/NASA-3D-Resources/blob/master/3D%20Models/Cassini%20\(A\)/cassini.stl)

------
rayiner
Interesting that someone approved the communist reference (or that people
didn't perceive that as a communist reference). It's not the 1980s anymore I
guess.

~~~
pvg
Do you mean 'people's'? That would make 'the people's house' as a way to
describe US executive mansions and legislature buildings communist references
as well.

------
mars4rp
Where is the IRS code?

~~~
officialchicken
Under the Department of Commerce - unsurprisingly - there is nothing from IRS.

A bit more surprising and entirely missing from the list (no source code):

* Department of Education * Department of Health and Human Services * Department of Housing * Department of Interior * State Department * Department of Transportation

And not really expecting anything from: * Department of Defense * Department
of Homeland Security

~~~
xenophonf
DHHS:

[https://github.com/HHS](https://github.com/HHS)

There are more if you know where to look. Some of the GitHub organizations are
in their infancy, like NIAID's:

[https://github.com/niaid](https://github.com/niaid)

Others are only semi-public; these generally consist forks of software they
use or private repos used for external collaboration.

I'm working on getting some of our stuff open-sourced. When it's written by
contractors, the intellectual property rules can get complicated. Convincing a
contractor to publish code their consultants wrote for a government project,
no matter how minor, can be a tricky bit of advocacy. Sometimes they have
really skewed ideas surrounding IP that must be overcome before this can
happen. (Best case, our code will likely end up hosted by Internet2 or a
similar foundation.)

------
_audakel
I was kinda hoping to see some projects from the NSA. Noooope.

------
manish7
This is awesome initiate by US Gov.

------
ayh
Great so we all have access to useless software code.

------
steanne
Looks like You Don’t Have Javascript Enabled

Code.gov is built on the latest web technology using Javascript. To use
Code.gov, please enable Javascript so we can share all of the wonderful open
source projects the Federal Government has to offer.

~~~
NoGravitas
I had to unblock third-party scripts to get anything other than an animated
pixel-art gif of an American flag.

------
masterleep
Horrible name - the Federal Government of the United States is not "the
People".

~~~
gbog
And horrible domain name: How come `code.gov` is US-only? How come it's motto
is "Help propel America’s next breakthrough in innovation"? If this in not
imperialism, I don;t know what is.

~~~
lucaspiller
The gov TLD is US only. Other countries have their own, e.g. In the UK most
government sites are under gov.uk.

~~~
gbog
> The gov TLD is US only.

And you think it is normal? Why not gov.us? The US are always giving lessons
to the world, but do not even understand that we --the other parts of the
world-- would like to have some minimal level of fairness.

~~~
frumiousirc
> Why not gov.us?

Because creator privilege and because life is not fair.

~~~
gbog
Civilisation, development of human ethics, laws, all this stuff is our way to
adjust for the unfairness of life. Also, back people did not invent our create
the buses, was it right to let them seat in the back, when they where even
allow to get in?

