[amsat-bb] NASA and Open Source

Bruce Perens bruce at perens.com
Fri Jul 17 20:59:51 UTC 2020 

Joseph,

You need to consider what the alternatives are. In the case of the United
States Government, being able to make their own flavor, even if they have
to hire a contractor to do it, is tremendously reassuring. If someone has
bad intentions in the Open Source world, or writes pernicious code, people
*see* it. My experience in being an officer of a Fortune 100 proprietary
software company, and having many proprietary software companies as
customers, is that disgruntled employees and their deliberate or accidental
code issues are part of every proprietary software product, and remain
secret. I have been paid big bucks to clean this stuff up during one
company's IPO. What was there would have sunk them if ever discovered.

Government proprietary software customers have to work hard just to get the
right to examine proprietary software, maybe in a controlled room with
severe constraints on their action. A really big concern for the United
States Government right now is that the ICs that they buy actually perform
as specified and do not contain deliberate surprises. The reality for them
is that 100% disclosure and tracing of processes is essential. Open Source
provides a good way to do it. All of the other alternatives provide a
significantly larger administrative load.

    Thanks

    Bruce

On Fri, Jul 17, 2020 at 1:28 PM Joseph Armbruster <
josepharmbruster at gmail.com> wrote:

> Bruce,
>
> Yeah, NASA (and other government agencies) have been promoting OSS for
> quite some time and some even have some long-standing projects, ref:
> WorldWind.  And something worth noting, is that with the government,
> what they mean by OSS can sometimes be misleading.  There is GOTS
> (Government Off The Shelf) OSS and non-GOTS OSS.  Meaning, it could be
> regular OSS lib, but accessible only in a repository that is only
> accessible by government contractors / programs that have a need, and
> never really return code to the public domain (but do maintain
> changes).  This is quite commonplace.  I am not sure if that's what
> they mean in this case of the grant, specifically.  NASAs WorldWind,
> has source repositories in the public domain and has for many years (I
> may be in the commit logs somewhere), so some definitely do work that
> way.
>
> Projects like GDAL have benefited greatly from government / OSS
> integration.  But then, you have situations like LAS Tools Right Now,
> where the main developer purportedly made some kind of a threat about
> adding malicious code to it, so gov agencies are asking everyone to
> immediately uninstall QGIS (open source GIS package, that utilizes las
> tools out of the box).  I don't know if this has been validated but
> you can find bits and pieces around the net about it.  Which brings me
> to my next point.
>
> Sometimes, if you're working a government contract and you want to use
> a particular OSS library, they do not allow you to just download it
> and use it.  You can however, purchase it through a trusted
> third-party company.  All due to liability issues.  As a result, you
> can literally burn, box and sell, literally Free software.  The
> problem is, what if libtiff pokes a hole in the firewall every three
> image opens?  And, don't laugh, i've seen weird stuff happen over the
> years.  The funniest, was an API function to "create a folder" at a
> path, that, if the folder already exists, it would actually traverse
> the folder and delete all files / folders found underneath it.  No
> joke.  Now, due to some bad // \\ path handling in the lib, when
> passed a path like this: C://something//and//some//place, it
> accidentally started wiping everything in the root of the C:/ drive.
> The first tool user that experienced that, was not a happy camper :-)
> The OSS path handling lib wasn't explicitly malicious, it was just bad
> path handling in the lib causing the problem, but bygons.  Liability
> is a royal PITA.
>
> Joseph Armbruster
> KJ4JIO
>
> On Fri, Jul 17, 2020 at 2:18 PM Bruce Perens via AMSAT-BB
> <amsat-bb at amsat.org> wrote:
> >
> > I am reading a NASA Grant application today, and noticed this text:
> >
> > Program elements will give preference to proposals that include a plan
> for
> > committing
> > software as Open Source Software (OSS), beginning at the inception of the
> > proposed
> > work. This plan will include the identification of software components
> > developed as part
> > of the proposed work, and designate a permissive, widely accepted OSS
> > license and a
> > public repository hosting service for these components.
> > _______________________________________________
> > Sent via AMSAT-BB at amsat.org. AMSAT-NA makes this open forum available
> > to all interested persons worldwide without requiring membership.
> Opinions expressed
> > are solely those of the author, and do not reflect the official views of
> AMSAT-NA.
> > Not an AMSAT-NA member? Join now to support the amateur satellite
> program!
> > Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
>


-- 
Bruce Perens - CEO at stealth startup. I'll tell you what it is eventually
:-)

More information about the AMSAT-BB mailing list