Hacker News new | past | comments | ask | show | jobs | submit login
Code.mil – An experiment in open source at the Department of Defense (github.com)
378 points by us0r on Feb 24, 2017 | hide | past | web | favorite | 163 comments

This is a huge battle I am in the middle of fighting right now. I am working on a project that is extremely late and we are having all kinds of political pressure put on us by very senior people. Meanwhile their damn IA staff won't approve any of the tools or hardware that I need to help us get the job done.

One huge obstacle to open-source anything in DoD is the attitudes of their information assurance professionals. I have been told by numerous DoD IA people that "Open Source is bad because anyone can put anything in it" and "We'd rather have someone to call." I understand the second point -- we honestly don't have the time to run every last issue to ground and it's probably better if we do have some professional support for some of our most important tools. But the first just boggles my mind.

But the IA pros are, as a group, schizophrenic, because somehow people are getting things by them anyway. The system I'm working on has Python as a build dependency. The devs are creating reports using Jupyter notebooks.

Basically the DoD needs to stop being so damn obstinate about open source.

IA is there to tell you no. You have to make the case to the aquisition organization and the end user that not using the tool is a greater risk to the mission than using the tool. And remember what you're developing may outlast your career- maintenance and sustainability are much bigger issues to the DoD than any discomfort caused to the developer, even if it means schedule slip.

And for what it's worth, open source has been used pretty widely on the projects I've worked on- there's risk being tied to a single vendor and most acquisition orgs get that. The rare cases where we couldn't use O/S were usually situations where someone was trying to do something on Windows machines and they were trying to fly under IA's radar.

I quote one of our lead IA guys: "The purpose of IA is to try to dodge the work and laugh at the person who gets stuck with it."

I envy you for being in an acquisition organization that gets all this. Mine doesn't.

Oddly enough it sometimes helps to go further up the IA chain- the program/acquisition IA guys are usually retired prior who just want to get a check, but if you can reach higher level service branch or OSD IA oversight staff they are usually more motivated and tech savvy, and more willing to help/give suggestions rather than just say 'no, try again'.

We just had a meeting this week where we did just this. We are also going higher up the program management chain.

Hire a good Cybersecurity Engineer that can run all of the scans and make reports to submit up the IA chain. If you can prove that your IS or application is secure it really becomes hard(er) for the ISSM to say "no, can't, and I don't know"

We don't have a good cyber security person in-house, so we are relying on guidance from a very good and trusted cyber security engineer from a research institution that is under contract with us. I've been lobbying for money to hire a good cyber security person but haven't had luck (yet).

I work around the outside of the DoD world myself and I wish you the best of luck. The office of no in the DoD is extra strict and their (government) actual security is awful. Without getting into the details some of the stuff I have seen employees do is shocking. Another hoop you have to jump through is that it is such a pain to get hired by the DoD or IC and a lot of the better security people have a culture which clashes with IA and OPM to say the least so even if someone wants to get hired by them there is a good chance they will get rejected off of a culture fit or they smoked pot once in college half a decade ago.

I wrote a paper earlier that's relevant here:

"Publicly Releasing Open Source Software Developed for the U.S. Government", by David A. Wheeler, Software Tech News, Volume: 14 Number: 1. https://www.csiac.org/journal-article/publicly-releasing-ope...

It goes over the various rules for releasing software as OSS when the US federal government pays to have it developed.

The DoD CIO actually has a FAQ regarding open source: http://dodcio.defense.gov/Open-Source-Software-FAQ/

It's very useful when arguing with IA staff regarding open source software.

STIGS say that if it is open source and unencumbered by contract support requirements that it is fair game. Use IA's own hammer against them. It's right in the AppDev STIG.

There must be a further vetting process beside whether or not an open source library has contract support requirements. Otherwise GOV developers could just pull some Chinese student's OSS encryption library for their next VPN project... Oh wait, there's FIPS. This blanket statement you've made isn't very meaningful.

They are not exactly wrong with the first point, actually. I once worked on a DARPA malicious code detection challenge and even carefully inspecting the source of a library can often fail to uncover a carefully crafted implant, even if you know there is going to be something there and even if you know it is hidden within a small area of 5-50K lines of code. Of course, they are right whether the code is open source or commercially developed (how many companies have counter-intelligence divisions to vet or monitor their employees to detect proper spies?). For something critical enough, you would want all the code to be developed in-house using some semi-formal process (or, if truly truly critical, formal verification), but it probably depends what the project is.

Of course, if it is in python, then it seems to me the horse is so far out of that particular barn door that it is now half-way across the country...

They buy 100% Juniper to secure their routing. Formal analysis?! They can barely analyze the purchase contracts. In fact, that too gets farmed out to contractors. You'd be hard pressed to find an actual civil servant or active duty military signature anywhere beyond a vague application or statement of need. Formal analysis... Oh, my sides, they are killing me!

Let me add a bit more irony here: github is blocked from my work(USAF) so I can't get to code.mil. All I want to do is be the workaholic that I am and DoD makes it literally impossible for me to do that. You have no idea how much bureaucracy can defeat the spirit of an employee. Most of my friends are leaving the AF for reasons like this. I'll do my best during my time here, but needless to say, I'm out.

For some reason the AF seems to have draconian web filtering in place, compared to other places I have experience with. In the late 2000's when I was still on active duty, we used to complain about having to look stuff up at home because when you'd go to search for a tech solution and it was on someone's random blog, 9 times out of 10 it'd be blocked. It was extremely frustrating.

Fwiw, I'm a Navy physician and have the same problem. Wait until you know, that right now, someone is very sick, and the study you're trying to look up is hosted on a server in some super sketchy non-ally, like Switzerland.

The only thing that makes it worth it is that the problem domains are so much more interesting than anything you're likely to run into in industry.

This is why part of my profile says "reformed rocket scientist". I spent a little under two years working for a NASA contractor on their sounding rocket program. The problems I was paid to solve were relatively un-interesting (find the best ways to fit the experimenter's data requirements into our ancient, antiquated, badly-in-need-of-replacement hardware). The problems the experimenters were solving were actually fascinating, but I didn't get much exposure to their side of things.

Now yes, I am struggling with Information Assurance people and their cantankerousness, but I also have the unique pleasure of being the primary data scientist on this very large project, which is exposing me to new things every day. I just haven't had an environment for learning this rich before.

You're right, but at some point, I need to draw the line of whether I can actually do the work and be productive instead of fighting the system.

Can you both reach out to me via the methods in my profile?

PM me.

There are also many people who are trying to modernize software development practices in the DoD (and the US government more generally).

The official US DoD policy is very pro the use of open source software. The DoD's official policy on open source software is "Clarifying Guidance Regarding Open Source Software (OSS)" (2009), available at: http://dodcio.defense.gov/Portals/0/Documents/FOSS/2009OSS.p... That policy says: "a. In almost all cases, OSS meets the definition of “commercial computer software” and shall be given appropriate statutory preference in accordance with 10 USC 2377... There are positive aspects of OSS that should be considered when conducting market research on software for DoD use, such as: (i) The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team." (Full disclosure: Dan Risacher is the point-of-contact and lead author of this policy, but I helped write the policy.)

There's also a "Military Open Source Software" (MIL-OSS) group, which is an informal group that discusses these things and works out solutions: https://groups.google.com/forum/#!forum/mil-oss http://mil-oss.org/

The claims that "Open Source is bad because anyone can put anything in it" is ridiculous. Anyone can edit proprietary software, too - just use a hex editor. The issue isn't whether it's technically possible to edit software (it always is), the issue is who has control over the supply chain. In both proprietary and open source software, there are only a limited number of people who have the privilege to determine what is accepted into the software. In addition, in almost all OSS you have a public record of who made what change (and what the change was), and everyone can see the result.

"We'd rather have someone to call" is completely legitimate. So, go hire someone. There are a lot of organizations who would be happy to take money in exchange for a person to call. It's how many companies make their living. This shift happened in the early 2000s.

To those so-called "IA" people who don't understand that open source software is a key aspect of software development today: welcome to the 21st century, perhaps you'd like to try living here.

> To those so-called "IA" people who don't understand that open source software is a key aspect of software development today: welcome to the 21st century, perhaps you'd like to try living here.

For good talent, it's easier just to leave, get paid more, have a better life, than spend your work life arguing with irrational sandbaggers.

Sandbaggers. Such a perfect description.

Thank you for your work on these policies and the very well-written and sourced reply.

Policy is great and all. But the DoD culture is more than just policy.

Our team once had to defend the decision to use OpenSceneGraph, because one PdM was convinced it could be hacked after deployment.

> I have been told by numerous DoD IA people that "Open Source is bad because anyone can put anything in it" and "We'd rather have someone to call." I understand the second point

Regarding that point -- it's not really a dichotomy, is it? For the most popular open source projects you can nearly always find a corporation or 501(c)(3) willing to sell a support subscription. For the less popular projects, you might be able to get a subscription from individuals, if your sourcing rules allow suppliers like that.

The IA people have attempted to use "lack of paid support" to deny me the use of tools (PuTTY is one glaring example) that are already being used on other systems that I have access to, and that had to go through the same sort of IA approvals.

So they use the understandable business logic of "we'd like to have paid support" to some silly and pointless purposes.

And yeah, my experience is not universal, but it's not uncommon, either, if the tales I have heard from all sorts of professionals in this world have any truth to them.

> The IA people have attempted to use "lack of paid support" to deny me the use of tools (PuTTY is one glaring example) that are already being used on other systems that I have access to, and that had to go through the same sort of IA approvals.

This sort of thing was exhausting. It's a lack of communication/coordination between the units. I had one office that didn't want to use DOORS (everyone else in industry and DoD that was on the project had their own DOORS servers setup already). The reason: Money and time to set up. Here's the deal, though, that one unit didn't need to take on the whole burden. There were already other projects using DOORS in the organization, someone had done the server setup and license purchasing already! "All" we needed to do was coordinate with them to share the costs so we could have access to their systems.

But no, they wouldn't even let me take on that task. They'd rather keep passing around excel spreadsheets and word documents. Clusterfuck.

Same thing with 99% of server systems. Each unit established their own enclave, rather than sharing. So the licensing costs overall were about 5-20x what they should've been. One license/purchase for 1000 users is cheaper than 20x50-user licenses (typically).

Would it be useful if someone started a company that offered support for virtually any OSS? Like, you contact them, say "I need support for X", and they research it, figure out how much expertise they need to support it, and quote you a figure.

Perhaps this organization would also sign up to monitor for security vulnerabilities affecting the software, on your behalf, and would be responsible for getting you information about the patch.

I think several companies have started on that premise. Cygnus comes to mind, but there are probably others, too.

> . I have been told by numerous DoD IA people that "Open Source is bad because anyone can put anything in it" and "We'd rather have someone to call." I understand the second point -- we honestly don't have the time to run every last issue to ground and it's probably better if we do have some professional support for some of our most important tools. But the first just boggles my mind.

Given the degree to which the DoD itself, via the NSA, has subverted open standards which have the same theoretical "many eyes" protection as open source, this isn't actually a surprising attitude for DoD to have.

Whether "no open source" is the best (or even a practicable, as the rest of your post addresses) method of addressing this concern is another question.

The "IA" in DoD is generally the NSA. The NSA is made primarily of two different camps. SIGINT is their offensive side aka "hack the planet". The Information Assurance Directorate is the "blue team" who tries to protect government infrastructure.

The overall, top-level IA people who set the standards and procedures that must be followed are NSA. However each department and organization is responsible for having professionals who understand the policies and can follow the rules.

They don't really have to follow the rules. They just have to drag their feet long enough for your project to die.

True, but this project will not be allowed to die. So we will see what happens when the proverbial immovable object (IA) meets an unstoppable force (people with stars on their shoulders).

See what happened to Michael Flynn. He had three of those stars on his shoulders and the IC pretty much wrecked him.

So when the NSA publishes SELinux, do we get to know whether it was red or blue team?

Well the flask security architecture (about 10 years of research that culminated in what is now SELinux) was written specifically for Information Assurance by IAD so... Blue Team.

They use this internally.

It's not just the IA folks. The DoD regs are written in such a way that they only grudgingly accept that software can exist as its own thing.

The DoD by and large certifies SYSTEMS meaning a bundle of hardware and software. That makes sense when certifying an F-16 or an Abrams tank because they are bundled packages of hardware and software, but it is maddening when trying to work on say a web app or database.

A team I was on wanted to use a particular open source app and was told we couldn't because it wasn't authorized -- but it was bundled as part of the Oracle DBMS. So the ruling was that if we installed the Oracle DBMS on our desktops we could use it because that is how it was approved. But wait, another rule said we CAN'T run a DBMS on our desktops. ARGH!

That said it IS possible to use open source software. We use SVN and Tortoise SVN at work and it is explicitly on an approved products list. Another team is developing Java apps on Linux using Eclipse. But the only reason it is there is because an organization took the time to go through the test and evaluation process and submitted a request for approval to the network security gods (who are NOT your local IA people most likely) and waited 6-9 months for it to get through the review backlog. So it is possible, and your IA people SHOULD be in the business of helping you get to YES instead of just saying NO -- but the reality is many of them don't know how to get to yes because it can be a convoluted maze, so they just default to no for everything.

IA person here.

Good IA people know how to evaluate risk.

Bad IA people show up for the salary and point to a policy which says 'no' (i.e., not actually evaluating risk)

Ad-hoc proper IA requires evaluating your project according to a checklist of security controls. It could very well be something about open source doesn't fit well with those controls. The answer is to change the policy, then change the controls, and finally, pass your compliance checks.

Idk about DoD, but US Dept of Veterans Affairs is doing better with open source. Their bread&butter application, VistA, is open sourced. Their Technical Reference Model (TRM) is a catalog of approved/unapproved software. NodeJS and a lot of NPM packages are approved.

I know this is a little off topic for the parent but this seems where all the DOD people are collating.

I'm currently working in a research team at NJIT's CSTR. We're looking to do a lot of raytracing for a project that we are working on. We've talked to one of our friends at JHAPL and they said they use 3 internally, 2 were DOD projects and 1 was PHARLAP. He also claimed that PHARLAP was neither the fastest nor the best and that the only reason he mentioned it was that it's not export controlled and we can get our hands on it. We've started interfacing with PHARLAP and the progrnosis does not look good at all. ~12 seconds/trace, I assume because we're going from python->matlab->fortran then back from fortran->matlab->python.

Does anyone here work on those other 2 raytracers? If you do work on one of those I'd love to get an email from you to see if we can get our hands on a copy of it (either from the code.mil project or via some contract for internal use only).

If you'd like to know more my boss would love to do a telecon if you work on one of these.

We were planning on writing our own which would be a hard endevour so if anything we'd rather just improve someone else's raytracer to include the loss calculations we need.

Report: Federal tech start-up falls down on rules, procedures By Joe Davidson | Columnist February 22


“This report is not about security. It’s about compliance”. Nothing more than DC turf wars.


I feel your procurement pain.

For a brief moment, I had a mobile test automation gig. I found a device specific bug, and we only had one unit of that device. The device was inexpensive and easy to procure. But I had to make the case about why I needed to procure another device for fault isolation purposes, and doing so was not a trivial process. It kind of felt like a someone in accounts payable having to explain the need to buy more checks.

I left soon after that.

I am a Data Scientist without any tools except a single installation of MATLAB 2010a on a computer that my organization doesn't even own, on a network we don't even control. I have a few hundred TB of stuff I need to make sense of. I just can't do it with the tools available.

> The system I'm working on has Python as a build dependency. The devs are creating reports using Jupyter notebooks.

Hi, just wondering if someone could explain these points here. I don't know enough about either to know what the implication is or what the OP means.

Not OP, but my assumption is that despite the concerns about open source, they are still using open source tools like Python and still collaborating using non-DOD approved tools like Jupyter (also open source). But correct me if I'm wrong.

OP here. The implication was that the organization cannot deliver consistent guidelines. The devs of the sim I am working on are using Python and Jupyter on their systems, which were accredited and approved in the exact same fashion that I need my corresponding data analysis network approved. However, the IA professionals -- who are the same people who approved the sim dev systems -- are telling me that my request for Python (actually I'm requesting an enterprise license for Anaconda Python distribution) is problematic for the reasons I spelled out in my original post.

Consistency, clarity, and understanding are what I'd like. But, these same IA people also get confused when I mention "highly technical terms" like the size of the SAN I'm planning on using.

Thanks for the explanation!

As an aside, I dunno what a SAN is either ;-)

Can't you just clue them in to the MITRE paper lauding open source in defense applications.

Also tracks with my experience.

Jet fighter projects are late. Should they source electronics from Russia?

Electronic components are practically the opposite of open source software. To evaluate an IC, you need to painstakingly decap it and study it under a microscope as well as logic probe it to ensure its functionality. And that only applies to the random sample of chips you audit. Open source software allows you to evaluate it with virtually no encumbrance, and once you've frozen a version in your source control, you do not have to worry about it changing underneath you.

And to answer the parent's rhetorical question as if it were serious: of course not.

During the cold war the DoD did source some material from Russia. So, if the chip is like titanium in that you can vet it then it's not a problem.

I know this is a rhetorical question. I really do not understand where you're going with this though.

I think the implication is "should they make a suboptimal decision in order to stay on schedule?"

In this case 'suboptimal decision' is denying access to OSS.

I think.

Ah. That interpretation makes sense. I just couldn't get over the fact that using Russian avionics isn't going to happen under ITAR.

I love seeing this kind of work done. Not because its going to radically change the underlying technology, but having the air cover a project like this will provide can enable so many government coders who get shut down by their first tier manager who tells them they can't use open source components or can't open source their code. Its might seem silly but just getting the projects out in the open increases their hygiene more then any other single factor.

That is exactly the motivation. Provide a clear path and precedent for government developers to open source their projects. Right now we are inviting comments and criticism for the approach to gauge the community response.

I hate the word coders. Lets stop using it

> I hate the word coders. Lets stop using it

It's a perfectly good, long established term for the people who review substantive facts and assign codes from a standard list, as is common in the medical billing field.

Let's keep using it, just not when we mean "programmers".

Care to elaborate? What's wrong with the word "coders"?

Back in an earlier era of computing, there was a strict hierarchy of jobs:

An analyst took business requirements and wrote specifications.

A programmer took those specifications and created flowcharts of the program logic.

A coder took the flowcharts and translated them into code on a coding form.

A keypunch operator punched the code onto cards, line by line, card by card.

So "coder" was a rather low status job, just one rung above being a typist.

This hierarchy hasn't been relevant for at least 40 years. There are software developers in their 30s who have literally never seen a punchcard in person. Coder doesn't mean the same thing it used to mean.

It hasn't been relevant for at least 40 years for most people in this industry. My first job was in an organization with exactly these people, except that "operators" (of which I was one at when I started as a teenager about twenty years ago) had several component levels of hierarchy within it. Sysop, Print Op, and at the very bottom of the ladder, the Tape Op, whose job is to be the robot arm that our organization refused to pay for (no shit). Now, I'm still in contact with a couple of people that I used to work with, and one of whom still works there (though now he is a programmer upstairs). That hierarchy does still exist. We did, however, have a card-punching machine. You fed cards into the hopper, and a computer did the punching. So we didn't have a keypunch operator. But I still have a stack of cards somewhere in my house. I'll have to ask if they still use that equipment.

Is it just me, or is this typical HN elitism?

the "lets stop using it" comment, yes. Stratoscope's comment was just explaining why it hurts some big egoes. s/he didn't take any position on it.

I think what you're reading is an recounting of history, rather than a prescription of how things should be.

Someone working at an auto plant once told me they "worked on software", they were a "coder", because they loaded the chips into the machine and pressed the button to flash firmware to the chips.

Others involved in "coding" might attach a laptop to an ethernet, USB, RS-232, etc., port in an industrial machine and use command-line tools or GUIs to configure a device or monitor/diagnose a situation.

There's so much so-called "coding" that doesn't involve actual "software development" that I'm uncomfortable with the terms "coding" and "coder" ... though I'm OK with "code" (as in meat), but not with "a software code" (as in "a pork chop").

EDIT: distinction between "code" as in meat and "a code" as in a pork chop.

Coders is ambiguous, e.g. medical coders.

Many English words support multiple definitions. Programmers and developers can both be argued to have similar ambiguities.

Developers, certainly. Programmers...I'm not aware of another use of that other that creating software.

Programmers are also people who schedule broadcast programming or otherwise determines broadcast content.

I had wondered if that was a thing; hadn't heard it.

Anyway, software developers, computer programmers, and software engineers have no ambiguity. Shorten those if you want, but "coders" is a leap.

Coders is empirically not ambiguous to the point of impeding communication, given that coder is actually in use. Language changes over time. Choosing to try to prevent that is of course something you may do, but it rarely will prevent change from happening.

My goodness, within this field itself computer used to refer to a person, not a machine. Run into any ambiguity there recently?

> Language changes over time.

And so I will continue to champion the language uses I want to see. E.g. internet instead of Internet, regardless instead of irregardless, "access" as both a noun and verb, programmer/developer/engineer instead of coder.

May the best word win.

Why? It's pretty descriptive.

Personally, and I'd like to stress that this is my opinion, I feel that the term is very reductive. It has its etymology in "code", when programming encompasses much more than just writing code. (we also write documentation, tests, use complex tools, version control, invoke the command line, etc...) It evokes the term "code monkey" which just sees programmers as tools to barf out code. Lastly this is just my own conceit, but I believe that the term just doesn't describe the approach used well which spans so many different methodologies and concepts. (to throw some keywords out there: TDD, Agile, idioms, patterns) To say that developers merely write code is like calling engineers builders or doctors healers. (again, those terms wouldn't be wrong, but quite reductive)

Writing code isn't hard at all. I could teach someone how to write working hello world programs in a day. The hard part is architecting these projects to be readable, modular, extensible, efficient, and to follow standards.

Also not the OP, but this is exactly why I don't use the term except in a pejorative sense. Code is a tool in my toolbox; it is not what I do, it is what I may apply to a problem if it is appropriate to do so. If I describe someone as a coder, it's because I don't particularly trust them to solve problems that don't involve code (and I probably don't trust them to solve problems that do, either).

It is funny, because on a personal level, I have a rather distinct, if not opposite feeling about "code". But I never thought of it this way before thinking this answer. Thanks for that, and here goes.

First I tend to split the word from its meaning (because ontology matters, right?). I say "we code" just like "a driver goes back to his wheel" when we really mean his car, it's a figure of speech. Using a distinctive, hallmark part of something to refer to the entire thing (a "sail" for a boat, a "roof" for a home, etc.) When I hear a special one saying to a third party "oh he's coding", knowing she knows pretty well actual code writing is like 10% of the work, I hear "he's working, programming, doing his job/hobby". This thing.

I agree that a smug face dropping a condescending "that guy's a coder" may not be a particularly nice feeling though (but I personally hear "I'm too stupid to understand what this guy does, or I don't like doing it myself, so I'll just be a douche about it because it makes me feel better about myself", and laugh it out as you would imagine).

Then, the meaning. I come from a science background/interest, so there's code of the highest and noblest kind everywhere: DNA in bio, but also HLA; the Standard Model, and Information Theory, etc. Our reality is just a biologically-biased (i.e. "human") perception of what is, for all intents and purposes, code in the most fundamental of meanings. Even human languages are just code for our brains to communicate states.

So when I see our tiny civilization harnessing matter and energy into complex electronics, packing whole cities of transistors into powerful machines that spell a dramatically new turn in our quest against entropy (in other words one physicist's answer to "what is the goal of civilization?"), and how it's all just code... I don't know, but it inspires awe more so than anything (note that I don't care one bit how others see it, it's very personal). I see something graceful in the way we do that, in the way computer code is just our abstraction for finite state machines, just like a living cell runs on DNA and below all the cosmos runs on quantum fields. I tend to consider it a beautiful achievement that we've been able to abstract so much, so deep, considering the man hours required to replicate the activity of just one modern CPU.

Sorry for a long post, totally off topic as it stands. It's just that the social and historical perspective that gives coding a bad name rubs me in exactly the wrong way, as if it were belittling a god to say they've encoded this universe, or if the DNA in people (and links between them) wasn't just about one of the most important factor in their constitution and evolution. Code matters, as far as we know, and actually literally.

A TL;DR/ last minute poetry illustration: saying "a winery makes wine" doesn't fail to honor their work because we ommitted the seven hours out of nine when they're not actually making it; on the contrary the very superior nature of the resulting nectar speaks for itself of the high nature of their trade as a whole, and it's gratifying that we don't speak of all the behind-the-scenes not-so-glamourous aspects of it.

So I make code. How's that not beautiful in every possible way? :)

I'm not the OP but it does have an air of condescension/reductiveness about it, like calling carpenters "hammerers."

> Why? It's pretty descriptive.

IMO, programming consists of two main tasks: developing abstract algorithms to achieve desired goals and reducing those abstract alogorithms to concrete code. While both are essential, the hard, interesting, and more valuable part is the first, and "coder" captures the second.

(Software development encompasses even more tasks.)

Developer > Programmer > Coder

(Leaving aside, for the moment, the collision of "coder" with a completely unrelated profession.)

> While both are essential, the hard, interesting, and more valuable part is the first, and "coder" captures the second.

Depends on what you find interesting. I'd almost consider this an elitist attitude. Eventually, somebody has to do the actual work to implement the abstract algorithms, and it's really a lot better when you've got a talented person that cares about those nuts and bolts details and the realities of hardware and networks and runtime performance.

> Eventually, somebody has to do the actual work to implement the abstract algorithms

Sure, and that's, as I said, also an essential part of programming, which is a strict superset of writing code.

What other word would you prefer to use for people who write code?

People who write computer programs are "programmers", people who assign standardized codes to turn instructured domain information into structured data are "coders". These terms were both in wide and consistent use before some people (apparently people with narrow knowledge in tech management) decided to start calling programmers "coders".

Those of us working as programmers in environments where we not-infrequently work with actual coders appreciate the distinction being preserved.

Well people who write novels are novelists and people who write plays are playwrights so I submit either 'codist' or 'codewright'.

People who golf are golfers and people who act are actors.


Codœristwrights then.

Hey buddy, why don't you just stop using it, and also consider not trying to force your will onto others through snide, empty internet comments

Speaking as a long time US soldier here is how the military perceives code:

* There is no copyright and plagiarism doesn't exist. Internally to the military everything is libre to the most maximum extreme. While people do get credit for their work they have no control over that work and anybody else in the military can use their work without permission.

* Service members and employees of the military are not allowed to sue the military. As a result software written by the military has no need to disclaim a warranty or protect itself from other civil actions.

* Information Assurance protections are draconian. This is half way valid in that there are good monitoring capabilities and military information operations are constantly under attack like you couldn't imagine. The military gets criminal and script-kiddie attacks just like everybody else, but they also get sophisticated multi-paradigm attacks from nation states. Everything is always locked down all the time. This makes using any open source software really hard unless it is written yourself or you work for some advanced cyber security organization.

Active duty members can sue the military. The general rule is that under Feres v United States, a service member may not recover under the Federal Tort Claims Act (FTCA) for claims which arise out of or in the course of activity incident to their service. Courts often refer to this as the Feres Doctrine. So the claim has to fall outside of "in the course of activity incident to service" -- Feres is an interesting case that went to the supreme court in the 50s. He was an LT that died in a barracks fire. The cause of the fire was determined to be a faulty heater. His spouse sued -- the supreme court ruled she couldnt sue.

One of the reasons that the Feres Doctrine has not changed, even though many service members have challenged the law, is that Congress has always had the power to change the law and has not done so. In 1985 and 1986 some members of Congress tried to pass a law that would have allowed active-duty service members to sue for medical malpractice. The law did not pass. In 2009 members of Congress introduced another bill that would have allowed service members to sue. It was called the Carmelo Rodriguez Military Medical Accountability Act of 2009. The proposed law was named for Carmelo Rodriguez, a marine sergeant whose military doctors never told him about potentially cancerous tumors on his body, even though the tumors were noted in his medical records over the course of 8 years. This bill never became law. (Dec, 2011)

> The military gets criminal and script-kiddie attacks just like everybody else, but they also get sophisticated multi-paradigm attacks from nation states.

Just like everybody else.

I work for a company in the cyber-crime / cyber-security space. We piss off criminals. We get attacked. We'll still never see half the shit the USG does, we'll still never see half the shit a Google or Facebook does. Stop pretending your "Facebook for Cats" company is going to experience the same level of threat. It's foolish and sounds egotistical to pretend someone cares that fucking much.

I only meant that the private sector (eg. GOOG, FB, etc.) are constantly dealing with APTs as well, it isn't just the USG.

That said, I think you're on to something there, and I am immediately launching[1] my new Facebook-for-Cats venture! Wish me luck!

[0] Nah...[2]

[1] Tentatively named either FurrBook or PurrBook[0]

[2] Well, maybe... [0]

What do you mean by "everything is libre"?

No one wants yet another license.

Is there an explanation about why Unlicense is not appropriate? Or what it would take for an Unlicense derivative to meet the legal requirements? Could the laws be changed in small ways to allow US Government employees to more fully participate in open source?

"The Unlicense is a template for disclaiming copyright monopoly interest in software you've written; in other words, it is a template for dedicating your software to the public domain. It combines a copyright waiver patterned after the very successful public domain SQLite project with the no-warranty statement from the widely-used MIT/X11 license." http://unlicense.org/

I like how other commenters have included other successfully US.gov and specifically DoD open source such as BRL-CAD and NSA's Apache Accumulo. And the DoD Open Source FAQ is interesting and something I haven't seen before: http://dodcio.defense.gov/Open-Source-Software-FAQ/

Open source and US.gov participation reminds me of what happened with NASA Nova. It was pretty sad that when OpenStack became relevant in the industry that seemed to cause a panic at NASA and they pulled completely out of OpenStack development. Instead of NASA being to help the project stay focused on being opinionated enough to be generally useful (out of the box), NASA was too afraid about the perception of competing with proprietary commercial interests. (It was nice to see last year, all these years later, that NASA’s Jet Propulsion Laboratory is now a user again having purchased RedHat OpenStack.)

> Is there an explanation about why Unlicense is not appropriate?

The Unlicense was not drafted by legal professionals. Please do not use.


CC0 is better. However, it still has issues in that it explicitly disclaims patent grants.

We still don't have a solid license of this class.

Thanks for that link. https://lists.opensource.org/pipermail/license-review/2012-J... provided more details.

Has the Open Source Initiative otherwise tried to find a solution such that software works of the United States government would have a clean path to be compatible with Open Source?

CC0 may be better if you are looking for international agreement, though it seems like the patent related clause resulted in the review by opensource.org to be abandoned.

"CC0 was not explicitly rejected, but the License Review Committee was unable to reach consensus that it should be approved, and Creative Commons eventually withdrew the application. The most serious of the concerns raised had to do with the effects of clause 4(a), which reads: "No ... patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.". While many open source licenses simply do not mention patents, it is exceedingly rare for open source licenses to explicitly disclaim any conveyance of patent rights, and the Committee felt that approving such a license would set a dangerous precedent, and possibly even weaken patent infringement defenses available to users of software released under CC0." https://opensource.org/faq#cc-zero

> It was pretty sad that when OpenStack became relevant in the industry that seemed to cause a panic at NASA and they pulled completely out of OpenStack development.

As I understand the sequence of events, NASA didn't pull out of OpenStack because they got cold feet, the folks at NASA who drove the contribution of code from the Nebula project that became OpenStack Nova started to see $$$ and went off with the rest of their code to found the OpenNebula project as well as the OpenNebula Systems company.

The folks remaining at NASA were then left with an unpalatable choice of picking favorites between a consortium of vendors and a spin-off.

I suspect those are factors as well, but I think we're both trying to make sense of the timeline. I came to OpenStack after the dust had settled. The stories I've heard focused on how exhausting the process of getting NASA approval to open source Nova was. I can't see all of the NASA contributors being motivated by $$$ money. It seems NASA wasn't configured for continued stewardship and for their hackers to keep on hacking.

A point of correction, NASA Nebula became OpenStack Nova and one of the spin-offs was Nebula.com which folded and some of the team went to Oracle. That Nebula is completely different than (the European) OpenNebula: https://en.wikipedia.org/wiki/OpenNebula

Right. When the Ames CTO left to form Nebula and took soem personnel with him, that also removed advocates from within NASA: https://gigaom.com/2011/07/27/ex-nasa-cto-builds-cloud-dream...

But my understanding is that the European OpenNebula grew out of some of the same initial NASA Nebula code, and some folks went to the US subsidiary they created.

Now, while I was paying attention at the time, I didn't exactly have a front-row seat, and my memory could be wrong - three open source projects and three companies all with near identical names is a bit confusing!

European OpenNebula pre-dates OpenStack and is written in a different programming language.

Related links:



And consider the 2010 paper on "A Comparison and Critique of Eucalyptus, OpenNebula and Nimbus"

Hmm. I wonder where I picked up that idea, then...?

The NSA open sourced what became Apache Accumulo years ago, so that government org has made peace with the copyright issue.

The DoD, though, is still trying to feel its way around. There seem to be some lawyers there who are very hard to convince. For years, they've been asking to have various licenses and CLAs modified and we've been telling them no.

Here's their latest request for the Apache License 2.1:


Just so it's clear, NSA is technically part of DoD. (Though it's a bit like FBI's relation to DOJ, they operate very independently.)

Also, the DoD CIO has had, since ~2003, this excellent FAQ supporting open source:


But as people on this thread and elsewhere will tell you, that hasn't resulted in widespread support at DoD for open source.

As discussed elsewhere in this thread, acceptance of open source is very much an agency-by-agency deal within the DoD. IC orgs have pretty wide latitude to do what they want and NSA even more than others because of the primacy of their mission. Accumulo is widely used within the IC so it was to NSA's advantage to let it out - no doubt they did not want to maintain it themselves. Many orgs don't want to take on the burden of maintaining something, especially in the current budget climate where they'll have to go fight for $$$ and probably drop some other mission to make room.

My only bit of experience working on a DoD-related project was a huge turn-off for me to do any more work in that space in the future because they were resistive about approving any open source software. The development mindset on the project was to re-implement everything (including some tricky algorithms we were using) because it was unreasonable to expect any timely approval, even if it's a feature from the current version of a library that was already approved for an older version. I don't see the reasoning with it, since if anything open source is more secure because you know exactly what is going on inside of it, compared to closed source which may be from a trusted source but you have no idea what it's really doing under the hood.

Hopefully this helps push things in the right direction, although I'm not optimistic.

BRL-CAD has been an open source US Department of Defense project for many years. It is architected with the *NIX philosophy of chaining small single purpose tools...The exception that proves the rule? It's own version of Emacs.

It highlights a unique aspect of Federal Government developed software: it's public domain rather than licensed based on copyright law. This facilitates reuse but complicates contribution by outside developers.



and also ping by the same author https://en.wikipedia.org/wiki/Mike_Muuss

Copyright may still apply outside the US, no?


It'll be interesting to see the intersection of this and forge.mil (which was/is the DoD's implementation of SourceForge and associated services). About 5 years ago, there was a fair amount of Open Source Software being ran in DISA for supporting the branches and the software that they wrote, but, there was little open-sourcing of that software, even amongst the individual branches of service (the Marines might write something that the Army could use, but, there were political or other factors that precluded that from happening).

Re-inventing the wheel is still rampant. This effort, along with open sourcing the work of contractors, may provide a venue for increased sharing. Please let us know your thoughts.

(Note: employee of DDS)

Not only is helping the defense industry downright immoral, it's a waste of talent.

Just think back to why you studied computer science or coding. I hope it wasn't to help build spy tools on your friends & families. I hope it wasn't to help engineer destructive weapons that is dropped on innocent civilians.

Fuck code.mil, fuck lockheed martin.

edit: I've turned down VC money a while ago because I discovered they had previously sold a company to Lockheed Martin affiliate. Downvote all you want but I'm not some spinless piece of shit that will throw out principles and morals for it. I love making money but it's not worth losing your compass or soul over.

I've worked for the DoD on tons of stuff, from operating and maintaining research supercomputers to operating and maintaining M2A2 Bradley fighting vehicles.

The DoD is the single largest employer in the world. This sophomoric implication that all three million people live and breathe to slaughter the innocents is downright stupid.

I respect your decision not to engage with military operations, but this bizarre ranting isn't productive, and isn't going to alter the course of wars. Consider running for office instead.

Counterpoint: I did not help the defense industry as a spineless sellout looking for money.

I studied computer science because it was interesting. Period. Not because I wanted to change the world, or make a pile of money.

I wrote code, as a contractor, for the army, as a way of serving my country. I know that's not a popular stance to take now that pride in one's country is not politically correct, but pride in and service to my country is something that is important to me. Don't mistake pride for blind unwavering support in everything we do like the "USA-USA" chanting folks often have. I'm more than happy to point out where we, as a country, have fucked up. We've done it quite a lot.

I have medical conditions that preclude active service. I also have a family tradition of service, both in and out of uniform. Since I could not serve in uniform like my great grandfather did in WWI, my grandfather and his brother did in WWII, or like my uncles did in Korea and Vietnam, I did as my father did and served my country by providing my skills in a time, place, and manner the DoD needed.

I'll have no decorations, no glory, no rifle salute at my funeral.

I most certainly could have made a boatload more money working elsewhere.

Yet, I don't regret it one bit.

It was something I felt I needed to do - some will understand, others, I suspect including you, won't ever comprehend

War moves humanity forward, but at a terrible price. Since humanity will never eliminate war, when someone has to pay that price, I'd simply rather it not be my countrymen (and now countrywomen).

I'm happy you've got values you're willing to stand by and not compromise.

I'm happier that I live in a country where you're allowed to call those that serve "immoral" and "spineless piece[s] of shit" with no governmental repercussions or retaliation.

I'm happiest that despite my conditions, I found a way to contribute, even if in a minor (and now most likely obsolete) way, to the defense of that nation.

I get where you're coming from. But please also understand that "pride for one's country" and "pride for America" are two separate domains, and that when people lack pride for America it isn't some kind of "political correctness" (I mean seriously, it's still politically incorrect to bash the American government and its activities)

It is way, way, way, more complex than that and I'm sure you know this.

I know you were just defending what you saw was a wrongful attack against yourself, but you accidentally snuck in attacks on other demographics in the process.

>Just think back to why you studied computer science or coding. I hope it wasn't to help build spy tools on your friends & families.

So what do you think of all the people working at Google, Facebook, and Microsoft? All of them are spying on everyone too.

Countless software engineers work in the web space, where much of the money for continued operation comes from advertising, which these days includes tracking and spyware.

Honestly, can you point me to anything in Silicon Valley or the tech industry that's actually an ethical business?

And even if you find someplace that isn't involved in spying, you get places like Uber where sexual harassment of female employees is encouraged and promoted.

AFAICT, if you're worried about doing work that doesn't compromise your morals in any way, and really does contribute positively to society somehow, you'll have to do something like avionics work: low-level code to make critical devices work as safely as possible. But even this has descended a lot from the military realm, so I don't think that's really safe either. You could also work on space probes, but that's a problem too because those are all built by defense contractors and research organizations that get most of their revenue from the DoD. Maybe the automotive sector.

I'm sorry you've been downvoted so heavily. FWIW, I am very sympathetic to your position. So much so that when In-Q-Tel came knocking a couple of years ago, wanting to talk to us about potential funding, we didn't even bother returning their call. And then I published a public op-ed explaining why we had no interest in working with the Defense/Intelligence/Spook complex.

Like you said, there's more at stake than money.

I like the cut of your jib. Good to know there's still individuals out there with actual standards and strong moral ground. The defense industry is dirty business.

They are in the business of hurting, killing, and causing suffering.

I really can't believe he level of support HN is showing. Yesterday's thread and comments about Peter Thiel about being a POS & hypocrite for Palantir. Today, open support of defense industry is front page.

Senseless violence is and everywhere should be condemned, but violence itself is not inherently a wrong.

The violent actions of the US and Allied forces brought an end to the Holocaust.

Violence is sometimes necessary and morally just in self defense and in defense of those who cannot defend themselves.

Would you claim that the work of US Coast Guard after Hurricane Katrina was immoral? Is the Coast Guard "in the business of hurting, killing, and causing suffering"?

The "support" you see here on HN has less to do with hypocrisy, but instead is condemning your ill-reasoned moral absolutism.

I also completely share your attitude. And I think the harsh tone of your post was appropriate too, given the circumstances.

It should now be crystal clear to everyone why it is simply not ok to bomb endlessly without congressional approval, create massive military / surveillance apparatuses and systems of secret courts with secret laws, run black sites and an enormous network of prisons all while diminishing habeas corpus, perform targeted assassinations on American citizens and foreigners alike, develop 'tactical' nukes, etc. It is crazy to allow those things to happen without speaking up (no matter who is president, Democrats), and nearing evil to directly contribute to the creation of these precedents and apparatuses. Obama is about as objectionable as Trump IMO, but the point is you never know whose hands all of this power will end up in.

You've got me curious. What would you have happen? Sure, I can see calls for stopping drone attacks and for not getting involved in wars. I can also see a reduction of the defense industry generally. But you seem like you'd like to abolish the US military entirely. How would you address the change in the global balance of power that would result? Do you think things would just resettle peacefully?

As a German born in 1980, I guess I am a pacifist by default, but still: Thank you for that post!

It sounds like there's a space for a company that simply validates these issues and supports opensource software, for customers like DOD. I'd expect that such a company could charge each customer quite a bit, and that each customer will want pretty much the same verification of the same libraries, with additional work only needed as new stuff gets requested. Thoughts?

There are some of these that exist already. None that I'm aware of are very large. I've even seen one that was operated by the contractor that needed to have to open source software approved for use in another project.

> This can make it hard to attach an open source license to our code.

It's not clear to me why this is necessary/desired. Is it because of contribution to existing works protected by copyright or something else?

From the OSI's FAQ [1]:

> What about software in the "public domain"? Is that Open Source?

> There are certain circumstances, such as with U.S. government works ... we think it is accurate to say that such software is effectively open source, or open source for most practical purposes

What problem does this license aim to solve?

[1] https://opensource.org/faq#public-domain

EDIT: ok this comment [2] clears things up a bit. AFAICT It's specifically regarding a mechanism to permit foreign contributors while allowing them to disclaim liability.

[2] https://github.com/deptofdefense/code.mil/issues/14#issuecom...

> Usually when someone attaches an open source license to their work, they’re licensing their copyright in that work to others. U.S. Federal government employees generally don’t have copyright under U.S. and some international law for work they create as part of their jobs. In those places, we base our open source license in contract—rather than copyright—law.

> ...

> When You copy, contribute to, or use this Work, You are agreeing to the terms and conditions in this Agreement and the License.

I do not see how this is enforceable, or that it even makes sense, any more than it would make sense for me to take, say, a NASA photo and slap my own terms on it. If it's in the public domain, there's no ownership and no 'or else' to back a contract setting licensing terms.

The alternative is that I'm misunderstanding this license, of course. Where am I going wrong?

Am I missing something here or is there nothing associated with this initiative other than 'please check our LICENSE agreement?'

It says the first projects will be released once the license agreement is finalized, so at the end of March.

There IS a license agreement. Perhaps you didn't click the right link?

It appears some of the 18F crew are behind this. I'm interested to see what unfolds in this repo.

Actually it would appear to be the Defense Digital Service

The contact in the license points to a dds.mil address

Forgive my ignorance. I thought 18F and Digital Services were interlinked.

DDS spun out of US Digital Service and DDS members go through the USDS hiring pipeline.

18F, USDS, and the Presidential Innovation Fellowships are philosophically related, but organizationally and functionally distinct.

The Defense Digital Service and the US Digital Service are distinct organizations: http://www.defenseone.com/technology/2015/11/meet-head-penta...

I'm from 18F, and I'm now a "contributor", but only because they accepted my pull requests. :)

On one hand it's always cool to see increased adoption of open source, but it strikes me as more than a little subversive for the DoD to adopt an open source methodology. I can't help but see the appropriation of an inherently equitable and socialist means of sharing innovation (FOSS) by a violent, exclusionary, and globally oppressive regime to be a step in a very wrong direction.

I mean, by the nature of being an army they gotta do controlled violence, but they're the largest organization in America with single-payer health care (Tricare), so I don't know about calling them not socialist

(really flat top/bottom pay ratio too: private E1 gets paid $19k/yr top generals max out at $180k base - I've heard of grads fresh out of master's getting more than that at Google)

I had no idea about the details of Tricare, that's pretty interesting. I suppose it makes sense for a government to be very invested in the healthcare of its armed forces.I was thinking more about the United States army's particular global role as the primary means of the violent perpetuation of capitalism and Western hegemony. You make a great point; I think the main difference in our perspectives could be approaching the question domestically versus globally.

I get the "violent, exclusionary, and globally oppressive" part, but why "socialist"? Open source strikes me as rather ideology neutral. If anything it's perhaps a bit anarchic.

Socialism is all about reducing the effect that direct actions and agreements between individuals can have on society as a whole.

Open source is all about direct action and the unplanned dynamics that may unfold as a result.

I believe socialism has a pretty specific definition: government ownership and control of the means of production. Which is easy to grasp for steel mills, power plants, and hospitals. A bit trickier in the creative economy and the gig economy.

I am aware of the definition and I don't dispute it. But consider for a moment why socialism wants the state to own all means of production.

The point is to directly control the effects of economically relevant actions and not leave it to an emergent dynamic that results from direct actions and agreements between individuals (i.e. the invisible hand).

Socialists think that it is in everyone's best interest if the government plans what work needs to be done, what resources to allocate and under what conditions the product should be made available to users, which directly contradicts the way in which open source software is produced.

In my view, the similarities between the DoD and socialism are lot greater than the similarities between open source and socialism. Any particular open source project can of course adopt a military style command and control structure, but not the open source model as a whole.

That's an interesting definition of socialism; I didn't intend it in that way. Open source seems "socialist" to me by virtue of the pretty much the same attributes that you're (I think correctly) describing as anarchic. It's a broad term, I think we're saying the same thing :)

I have never worked on code intended for military use. From my layman's point of view, it seems like DoD code would either be "the most boring legacy CMS you can imagine" or "top secret missile guidance AI systems". The former isn't interesting. The latter should probably stay closed-source.

Is there any DoD code that is both interesting and suitable for public consumption?

It is surprising to people outside the DoD, but most applications are exceedingly mundane - I would lump a lot of them under "database frontends," like personnel, finance, and logistics systems. One problem there is that, in many cases, DoD or its contractors end up writing custom code for those things rather than using existing solutions, so projects get delayed as feature creep sets in. There is a bigger push for using commodity software but it's slow in coming.

For things where you truly need custom code - like missile guidance systems, avionics, specific process oriented tools for crunching data (intel or otherwise), open sourcing the core application is probably not going to help anyway. One problem though is that, increasingly, people want to use open source libraries for things. Take the data crunching - people want to use R, Python, Hadoop, whatever. This is where people are running into issues. And good luck getting those tools into close environments (e.g. classified networks) - many places do not have the resources in manpower or expertise to custom build the environments they need, so they couldn't use the newest shiny stuff even if they wanted to, even if their IA shop allowed it.

As to your last question, not a lot of examples to mind (maybe Accumulo like someone mentioned elsewhere), but another factor is that there are few programmers that are actually DoD civil servants - most stuff is written by contractors and DoD folks don't usually have the experience or knowledge necessary to even understand what they're getting at a technical level in order to recognize that what they have is something worth open sourcing (which might take some work). I'm not saying it's bad everywhere - I have met some pretty awesome technical folks that were GS's - but it's very uneven.

(disclaimer: USAF vet and still involved with the DoD)

NB I have no first-hand knowledge, hence being deliberately vague.

But I remember reading about a statement from the Pentagon that they recouped every cent they ever invested in computer science research during Operation Desert Storm, thanks to a logistics package that had grown out of said research.

And given the scope of the US military apparatus, it does not sound ridiculous.

Now, this is like 4th-level hearsay, but I can imagine such a logistics package would be quite interesting for many a company.

I don't work on any DoD stuff myself, but folks I know have developed ad-hoc networking capabilities that are mainly useful for helping military units communicate but likely have other applications.

Infrastructure stuff? e.g. SELinux was created by the NSA.

I did a senior research project with a DoD contractor at my university in my last semester. It was a lot of fun, and we got to get exposed to a handful of tools and practices these parties use. I'm very excited at the prospect that maybe some of them will become free. Kudos DoD!

It makes a lot of sense for Gov't funded IP to not have a copyright attached to it. I feel similarly for gov't funded research. Of course, this doesn't include things that should be export controlled for national security reasons.

Wonder if they will have a code of conduct.... :P

There's also forge.mil, which has existed for a while but requires a TLS client certificate to access.

Forge.mil is NOT useful for open source software projects. If you're developing OSS, it'd make more sense to use a public site designed for the purpose like GitHub or GitLab or (yes even) SourceForge. Forge.mil is more for non-OSS projects that cannot use the usual public sites.

Forge.mil is based on the old version of the SourceForge software. The public documents say it uses Subversion, for example - there's no hint that forge.mil supports git: http://www.forge.mil/Faqs.html .

Thinly veiled publicity stunt by the Department of Defence here.

Can you elaborate? What's your proposed motive for a publicity stunt?

I disagree with the OP but that's a bit of a non-question. I was under the impression that the motive for any sort of publicity stunt is trying to gain publicity..

Yeah sure, and what's the purpose of that for a federal organisation as prevalent as the military?

Trying to portray a message of transparency after few years ago being exposed by Snowden for running a non constitutional spying program on all US (and non US) citizens. I thought the motive for positive publicity from the DoD since that happened would be pretty obvious.

You can look up the people involved using GitHub. A desire for positive publicity doesn't invalidate anything good an org does.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact