
Code.mil – An experiment in open source at the Department of Defense - us0r
https://github.com/deptofdefense/code.mil
======
engi_nerd
This is a huge battle I am in the middle of fighting right now. I am working
on a project that is extremely late and we are having all kinds of political
pressure put on us by very senior people. Meanwhile their damn IA staff won't
approve any of the tools or hardware that I _need_ to help us get the job
done.

One huge obstacle to open-source anything in DoD is the attitudes of their
information assurance professionals. I have been told by numerous DoD IA
people that "Open Source is bad because anyone can put anything in it" and
"We'd rather have someone to call." I understand the second point -- we
honestly don't have the time to run every last issue to ground and it's
probably better if we do have some professional support for some of our most
important tools. But the first just boggles my mind.

But the IA pros are, as a group, schizophrenic, because _somehow_ people are
getting things by them anyway. The system I'm working on has Python as a build
dependency. The devs are creating reports using Jupyter notebooks.

Basically the DoD needs to stop being so damn obstinate about open source.

~~~
joehan
Let me add a bit more irony here: github is blocked from my work(USAF) so I
can't get to code.mil. All I want to do is be the workaholic that I am and DoD
makes it literally impossible for me to do that. You have no idea how much
bureaucracy can defeat the spirit of an employee. Most of my friends are
leaving the AF for reasons like this. I'll do my best during my time here, but
needless to say, I'm out.

~~~
panzagl
The only thing that makes it worth it is that the problem domains are so much
more interesting than anything you're likely to run into in industry.

~~~
joehan
You're right, but at some point, I need to draw the line of whether I can
actually do the work and be productive instead of fighting the system.

~~~
_spoonman
Can you both reach out to me via the methods in my profile?

------
dkhenry
I love seeing this kind of work done. Not because its going to radically
change the underlying technology, but having the air cover a project like this
will provide can enable so many government coders who get shut down by their
first tier manager who tells them they can't use open source components or
can't open source their code. Its might seem silly but just getting the
projects out in the open increases their hygiene more then any other single
factor.

~~~
michaelvoz
I hate the word coders. Lets stop using it

~~~
vog
Care to elaborate? What's wrong with the word "coders"?

~~~
Stratoscope
Back in an earlier era of computing, there was a strict hierarchy of jobs:

An _analyst_ took business requirements and wrote specifications.

A _programmer_ took those specifications and created flowcharts of the program
logic.

A _coder_ took the flowcharts and translated them into code on a coding form.

A _keypunch operator_ punched the code onto cards, line by line, card by card.

So "coder" was a rather low status job, just one rung above being a typist.

~~~
wjamesg
Is it just me, or is this typical HN elitism?

~~~
digler999
the "lets stop using it" comment, yes. Stratoscope's comment was just
explaining why it hurts some big egoes. s/he didn't take any position on it.

------
austincheney
Speaking as a long time US soldier here is how the military perceives code:

* There is no copyright and plagiarism doesn't exist. Internally to the military everything is libre to the most maximum extreme. While people do get credit for their work they have no control over that work and anybody else in the military can use their work without permission.

* Service members and employees of the military are not allowed to sue the military. As a result software written by the military has no need to disclaim a warranty or protect itself from other civil actions.

* Information Assurance protections are draconian. This is half way valid in that there are good monitoring capabilities and military information operations are constantly under attack like you couldn't imagine. The military gets criminal and script-kiddie attacks just like everybody else, but they also get sophisticated multi-paradigm attacks from nation states. Everything is always locked down all the time. This makes using any open source software really hard unless it is written yourself or you work for some advanced cyber security organization.

~~~
webmaven
_> The military gets criminal and script-kiddie attacks just like everybody
else, but they also get sophisticated multi-paradigm attacks from nation
states. _

Just like everybody else.

~~~
67726e
I work for a company in the cyber-crime / cyber-security space. We piss off
criminals. We get attacked. We'll still never see half the shit the USG does,
we'll still never see half the shit a Google or Facebook does. Stop pretending
your "Facebook for Cats" company is going to experience the same level of
threat. It's foolish and sounds egotistical to pretend someone cares that
fucking much.

~~~
webmaven
I only meant that the private sector (eg. GOOG, FB, etc.) are constantly
dealing with APTs as well, it isn't just the USG.

That said, I think you're on to something there, and I am immediately
launching[1] my new Facebook-for-Cats venture! Wish me luck!

[0] Nah...[2]

[1] Tentatively named either FurrBook or PurrBook[0]

[2] Well, _maybe_... [0]

------
lloydde
No one wants yet another license.

Is there an explanation about why Unlicense is not appropriate? Or what it
would take for an Unlicense derivative to meet the legal requirements? Could
the laws be changed in small ways to allow US Government employees to more
fully participate in open source?

"The Unlicense is a template for disclaiming copyright monopoly interest in
software you've written; in other words, it is a template for dedicating your
software to the public domain. It combines a copyright waiver patterned after
the very successful public domain SQLite project with the no-warranty
statement from the widely-used MIT/X11 license."
[http://unlicense.org/](http://unlicense.org/)

I like how other commenters have included other successfully US.gov and
specifically DoD open source such as BRL-CAD and NSA's Apache Accumulo. And
the DoD Open Source FAQ is interesting and something I haven't seen before:
[http://dodcio.defense.gov/Open-Source-Software-
FAQ/](http://dodcio.defense.gov/Open-Source-Software-FAQ/)

Open source and US.gov participation reminds me of what happened with NASA
Nova. It was pretty sad that when OpenStack became relevant in the industry
that seemed to cause a panic at NASA and they pulled completely out of
OpenStack development. Instead of NASA being to help the project stay focused
on being opinionated enough to be generally useful (out of the box), NASA was
too afraid about the perception of competing with proprietary commercial
interests. (It was nice to see last year, all these years later, that NASA’s
Jet Propulsion Laboratory is now a user again having purchased RedHat
OpenStack.)

~~~
rectang
> Is there an explanation about why Unlicense is not appropriate?

The Unlicense was not drafted by legal professionals. Please do not use.

[https://lists.opensource.org/pipermail/license-
review/2012-J...](https://lists.opensource.org/pipermail/license-
review/2012-January/001381.html)

CC0 is better. However, it still has issues in that it explicitly disclaims
patent grants.

We still don't have a solid license of this class.

~~~
lloydde
Thanks for that link. [https://lists.opensource.org/pipermail/license-
review/2012-J...](https://lists.opensource.org/pipermail/license-
review/2012-January/001386.html) provided more details.

Has the Open Source Initiative otherwise tried to find a solution such that
software works of the United States government would have a clean path to be
compatible with Open Source?

CC0 may be better if you are looking for international agreement, though it
seems like the patent related clause resulted in the review by opensource.org
to be abandoned.

"CC0 was not explicitly rejected, but the License Review Committee was unable
to reach consensus that it should be approved, and Creative Commons eventually
withdrew the application. The most serious of the concerns raised had to do
with the effects of clause 4(a), which reads: "No ... patent rights held by
Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by
this document.". While many open source licenses simply do not mention
patents, it is exceedingly rare for open source licenses to explicitly
disclaim any conveyance of patent rights, and the Committee felt that
approving such a license would set a dangerous precedent, and possibly even
weaken patent infringement defenses available to users of software released
under CC0." [https://opensource.org/faq#cc-
zero](https://opensource.org/faq#cc-zero)

------
rectang
The NSA open sourced what became Apache Accumulo years ago, so that government
org has made peace with the copyright issue.

The DoD, though, is still trying to feel its way around. There seem to be some
lawyers there who are very hard to convince. For years, they've been asking to
have various licenses and CLAs modified and we've been telling them no.

Here's their latest request for the Apache License 2.1:

[http://markmail.org/message/eueu4rzlbpe2ugcj](http://markmail.org/message/eueu4rzlbpe2ugcj)

~~~
konklone
Just so it's clear, NSA is technically part of DoD. (Though it's a bit like
FBI's relation to DOJ, they operate very independently.)

Also, the DoD CIO has had, since ~2003, this excellent FAQ supporting open
source:

[http://dodcio.defense.gov/Open-Source-Software-
FAQ/](http://dodcio.defense.gov/Open-Source-Software-FAQ/)

But as people on this thread and elsewhere will tell you, that hasn't resulted
in widespread support at DoD for open source.

------
zo7
My only bit of experience working on a DoD-related project was a huge turn-off
for me to do any more work in that space in the future because they were
resistive about approving any open source software. The development mindset on
the project was to re-implement everything (including some tricky algorithms
we were using) because it was unreasonable to expect any timely approval, even
if it's a feature from the current version of a library that was already
approved for an older version. I don't see the reasoning with it, since if
anything open source is _more_ secure because you know exactly what is going
on inside of it, compared to closed source which may be from a trusted source
but you have no idea what it's really doing under the hood.

Hopefully this helps push things in the right direction, although I'm not
optimistic.

------
brudgers
BRL-CAD has been an open source US Department of Defense project for many
years. It is architected with the *NIX philosophy of chaining small single
purpose tools...The exception that proves the rule? It's own version of Emacs.

It highlights a unique aspect of Federal Government developed software: it's
public domain rather than licensed based on copyright law. This facilitates
reuse but complicates contribution by outside developers.

[https://brlcad.org/](https://brlcad.org/)

[https://brlcad.org/d/about](https://brlcad.org/d/about)

~~~
walterbell
Copyright may still apply outside the US, no?

~~~
brudgers
[IANAL]

------
imroot
It'll be interesting to see the intersection of this and forge.mil (which
was/is the DoD's implementation of SourceForge and associated services). About
5 years ago, there was a fair amount of Open Source Software being ran in DISA
for supporting the branches and the software that they wrote, but, there was
little open-sourcing of that software, even amongst the individual branches of
service (the Marines might write something that the Army could use, but, there
were political or other factors that precluded that from happening).

~~~
tomberek
Re-inventing the wheel is still rampant. This effort, along with open sourcing
the work of contractors, may provide a venue for increased sharing. Please let
us know your thoughts.

(Note: employee of DDS)

------
brilliantcode
Not only is helping the defense industry downright immoral, it's a waste of
talent.

Just think back to why you studied computer science or coding. I hope it
wasn't to help build spy tools on your friends & families. I hope it wasn't to
help engineer destructive weapons that is dropped on innocent civilians.

Fuck code.mil, fuck lockheed martin.

edit: I've turned down VC money a while ago because I discovered they had
previously sold a company to Lockheed Martin affiliate. Downvote all you want
but I'm not some spinless piece of shit that will throw out principles and
morals for it. I love making money but it's not worth losing your compass or
soul over.

~~~
fotbr
Counterpoint: I did not help the defense industry as a spineless sellout
looking for money.

I studied computer science because it was interesting. Period. Not because I
wanted to change the world, or make a pile of money.

I wrote code, as a contractor, for the army, as a way of serving my country. I
know that's not a popular stance to take now that pride in one's country is
not politically correct, but pride in and service to my country is something
that is important to me. Don't mistake pride for blind unwavering support in
everything we do like the "USA-USA" chanting folks often have. I'm more than
happy to point out where we, as a country, have fucked up. We've done it quite
a lot.

I have medical conditions that preclude active service. I also have a family
tradition of service, both in and out of uniform. Since I could not serve in
uniform like my great grandfather did in WWI, my grandfather and his brother
did in WWII, or like my uncles did in Korea and Vietnam, I did as my father
did and served my country by providing my skills in a time, place, and manner
the DoD needed.

I'll have no decorations, no glory, no rifle salute at my funeral.

I most certainly could have made a boatload more money working elsewhere.

Yet, I don't regret it one bit.

It was something I felt I needed to do - some will understand, others, I
suspect including you, won't ever comprehend

War moves humanity forward, but at a terrible price. Since humanity will never
eliminate war, when someone has to pay that price, I'd simply rather it not be
my countrymen (and now countrywomen).

I'm happy you've got values you're willing to stand by and not compromise.

I'm happier that I live in a country where you're allowed to call those that
serve "immoral" and "spineless piece[s] of shit" with no governmental
repercussions or retaliation.

I'm happiest that despite my conditions, I found a way to contribute, even if
in a minor (and now most likely obsolete) way, to the defense of that nation.

~~~
kakarot
I get where you're coming from. But please also understand that "pride for
one's country" and "pride for America" are two separate domains, and that when
people lack pride for America it isn't some kind of "political correctness" (I
mean seriously, it's still politically incorrect to bash the American
government and its activities)

It is way, way, way, more complex than that and I'm sure you know this.

I know you were just defending what you saw was a wrongful attack against
yourself, but you accidentally snuck in attacks on other demographics in the
process.

------
_lex
It sounds like there's a space for a company that simply validates these
issues and supports opensource software, for customers like DOD. I'd expect
that such a company could charge each customer quite a bit, and that each
customer will want pretty much the same verification of the same libraries,
with additional work only needed as new stuff gets requested. Thoughts?

~~~
low_key
There are some of these that exist already. None that I'm aware of are very
large. I've even seen one that was operated by the contractor that needed to
have to open source software approved for use in another project.

------
wyldfire
> This can make it hard to attach an open source license to our code.

It's not clear to me why this is necessary/desired. Is it because of
contribution to existing works protected by copyright or something else?

From the OSI's FAQ [1]:

> What about software in the "public domain"? Is that Open Source?

> There are certain circumstances, such as with U.S. government works ... we
> think it is accurate to say that such software is effectively open source,
> or open source for most practical purposes

What problem does this license aim to solve?

[1] [https://opensource.org/faq#public-
domain](https://opensource.org/faq#public-domain)

EDIT: ok this comment [2] clears things up a bit. AFAICT It's specifically
regarding a mechanism to permit foreign contributors while allowing them to
disclaim liability.

[2]
[https://github.com/deptofdefense/code.mil/issues/14#issuecom...](https://github.com/deptofdefense/code.mil/issues/14#issuecomment-282310303)

------
lewiscollard
> Usually when someone attaches an open source license to their work, they’re
> licensing their copyright in that work to others. U.S. Federal government
> employees generally don’t have copyright under U.S. and some international
> law for work they create as part of their jobs. In those places, we base our
> open source license in contract—rather than copyright—law.

> ...

> When You copy, contribute to, or use this Work, You are agreeing to the
> terms and conditions in this Agreement and the License.

I do not see how this is enforceable, or that it even makes sense, any more
than it would make sense for _me_ to take, say, a NASA photo and slap my own
terms on it. If it's in the public domain, there's no ownership and no 'or
else' to back a contract setting licensing terms.

The alternative is that I'm misunderstanding this license, of course. Where am
I going wrong?

------
xemdetia
Am I missing something here or is there nothing associated with this
initiative other than 'please check our LICENSE agreement?'

~~~
aniers
It says the first projects will be released once the license agreement is
finalized, so at the end of March.

------
ryanmaynard
It appears some of the 18F crew are behind this. I'm interested to see what
unfolds in this repo.

~~~
dkhenry
Actually it would appear to be the Defense Digital Service

    
    
      https://www.dds.mil/
    

The contact in the license points to a dds.mil address

~~~
ryanmaynard
Forgive my ignorance. I thought 18F and Digital Services were interlinked.

~~~
Readywater
DDS spun out of US Digital Service and DDS members go through the USDS hiring
pipeline.

18F, USDS, and the Presidential Innovation Fellowships are philosophically
related, but organizationally and functionally distinct.

------
magicmu
On one hand it's always cool to see increased adoption of open source, but it
strikes me as more than a little subversive for the DoD to adopt an open
source methodology. I can't help but see the appropriation of an inherently
equitable and socialist means of sharing innovation (FOSS) by a violent,
exclusionary, and globally oppressive regime to be a step in a very wrong
direction.

~~~
fauigerzigerk
I get the "violent, exclusionary, and globally oppressive" part, but why
"socialist"? Open source strikes me as rather ideology neutral. If anything
it's perhaps a bit anarchic.

Socialism is all about reducing the effect that direct actions and agreements
between individuals can have on society as a whole.

Open source is all about direct action and the unplanned dynamics that may
unfold as a result.

~~~
niels_olson
I believe socialism has a pretty specific definition: government ownership and
control of the means of production. Which is easy to grasp for steel mills,
power plants, and hospitals. A bit trickier in the creative economy and the
gig economy.

~~~
fauigerzigerk
I am aware of the definition and I don't dispute it. But consider for a moment
why socialism wants the state to own all means of production.

The point is to directly control the effects of economically relevant actions
and not leave it to an emergent dynamic that results from direct actions and
agreements between individuals (i.e. the invisible hand).

Socialists think that it is in everyone's best interest if the government
plans what work needs to be done, what resources to allocate and under what
conditions the product should be made available to users, which directly
contradicts the way in which open source software is produced.

In my view, the similarities between the DoD and socialism are lot greater
than the similarities between open source and socialism. Any particular open
source project can of course adopt a military style command and control
structure, but not the open source model as a whole.

------
kogus
I have never worked on code intended for military use. From my layman's point
of view, it seems like DoD code would either be "the most boring legacy CMS
you can imagine" or "top secret missile guidance AI systems". The former isn't
interesting. The latter should probably stay closed-source.

Is there any DoD code that is both interesting and suitable for public
consumption?

~~~
jcurbo
It is surprising to people outside the DoD, but most applications are
exceedingly mundane - I would lump a lot of them under "database frontends,"
like personnel, finance, and logistics systems. One problem there is that, in
many cases, DoD or its contractors end up writing custom code for those things
rather than using existing solutions, so projects get delayed as feature creep
sets in. There is a bigger push for using commodity software but it's slow in
coming.

For things where you truly need custom code - like missile guidance systems,
avionics, specific process oriented tools for crunching data (intel or
otherwise), open sourcing the core application is probably not going to help
anyway. One problem though is that, increasingly, people want to use open
source libraries for things. Take the data crunching - people want to use R,
Python, Hadoop, whatever. This is where people are running into issues. And
good luck getting those tools into close environments (e.g. classified
networks) - many places do not have the resources in manpower or expertise to
custom build the environments they need, so they couldn't use the newest shiny
stuff even if they wanted to, even if their IA shop allowed it.

As to your last question, not a lot of examples to mind (maybe Accumulo like
someone mentioned elsewhere), but another factor is that there are few
programmers that are actually DoD civil servants - most stuff is written by
contractors and DoD folks don't usually have the experience or knowledge
necessary to even understand what they're getting at a technical level in
order to recognize that what they have is something worth open sourcing (which
might take some work). I'm not saying it's bad everywhere - I have met some
pretty awesome technical folks that were GS's - but it's very uneven.

(disclaimer: USAF vet and still involved with the DoD)

------
cosinetau
I did a senior research project with a DoD contractor at my university in my
last semester. It was a lot of fun, and we got to get exposed to a handful of
tools and practices these parties use. I'm very excited at the prospect that
maybe some of them will become free. Kudos DoD!

------
noobermin
It makes a lot of sense for Gov't funded IP to not have a copyright attached
to it. I feel similarly for gov't funded research. Of course, this doesn't
include things that should be export controlled for national security reasons.

------
rmc
Wonder if they will have a code of conduct.... :P

------
rkeene2
There's also forge.mil, which has existed for a while but requires a TLS
client certificate to access.

~~~
dwheeler
Forge.mil is _NOT_ useful for open source software projects. If you're
developing OSS, it'd make more sense to use a public site designed for the
purpose like GitHub or GitLab or (yes even) SourceForge. Forge.mil is more for
non-OSS projects that cannot use the usual public sites.

Forge.mil is based on the old version of the SourceForge software. The public
documents say it uses Subversion, for example - there's no hint that forge.mil
supports git: [http://www.forge.mil/Faqs.html](http://www.forge.mil/Faqs.html)
.

------
clarkenheim
Thinly veiled publicity stunt by the Department of Defence here.

~~~
sleepychu
Can you elaborate? What's your proposed motive for a publicity stunt?

~~~
schindlabua
I disagree with the OP but that's a bit of a non-question. I was under the
impression that the motive for any sort of publicity stunt is trying to gain
publicity..

~~~
sleepychu
Yeah sure, and what's the purpose of that for a federal organisation as
prevalent as the military?

~~~
clarkenheim
Trying to portray a message of transparency after few years ago being exposed
by Snowden for running a non constitutional spying program on all US (and non
US) citizens. I thought the motive for positive publicity from the DoD since
that happened would be pretty obvious.

~~~
wslack
You can look up the people involved using GitHub. A desire for positive
publicity doesn't invalidate anything good an org does.

