Defense Department sets up its own SourceForge

The dam holding back U.S. federal adoption of open source just burst with the introduction of the Defense Department's Forge.mil.

Forge.mil is an open-source project repository built in the image of SourceForge.net, Federal Computer Week reported Friday.

Despite being based on SourceForge's technology, Forge.mil has one significant difference: security. As David Mihelcic, chief technology officer for the Defense Information Systems Agency, told Federal Computer Week, the Department of Defense's code repository has been "upgraded to meet DOD security requirements," with smart cards used to provide log-in credentials.

There are only three open-source projects hosted at Forge.mil so far, and it's initially restricted to the Defense Department's technology community, but I suspect this number will soon increase as various federal agencies discover it and ask to collaborate on code through it. It's also a new way for vendors to participate in Defense Department projects, as Mihelcic noted about one project, which is designed to automate server configuration:

"Our intern had to stand up 50 Linux machines in a lab and he said, 'Boy I don't want to do this by hand; why can't I use Bastille to do this for me?'" Mihelcic said. "He looked at Bastille and saw it couldn't do all the things he needed, so he started an open-source project. He got folks like Red Hat to jump in and participate."

All of the code is open for public view, though only those with the right Defense Department credentials can edit or contribute to the projects. As the public sees the code, however, it's almost certain to lead to individuals wanting to contribute to the code.

The Defense Department, which has been pushing hard to get involved in open source for some time as a consumer, is now involved as a developer. In just a few years, open source has gone from being "risky" to one of the best ways to mitigate risk.

Editor's note: The code is actually based on CollabNet's SourceForge Enterprise code, not the SourceForge.net code base. CollabNet enables Forge.mil.

Follow me on Twitter at mjasay.

[Commander_Spock]

Why would the military establishments that Commander_Spock and Crew supports wish for the enemy to know the internals of the systems that are in use by these establishments!!!

[MSSlayer]

Um, they aren't posting code that controls critical systems such as missiles, or warship electronics.

[Commander_Spock]

This should have read: "Why would the military establishments that Commander_Spock and Crew supports wish for the enemy to know the internals of the systems that are in use by these establishments!!!" So, it is really, really cool that the Russian Federation which is responsible for sending missions into space relies on the IBM's OS/2 Warp Operating System (and not on the Tuxedo Clad Bird) to do the job. Incidentally, OS/2 (according to IBM) cannot be Open-Sourced - Cool!

[Commander_Spock]

Most interestingly, the "smarter banks" which keep all of our cash and other valuables chose - Microsoft's Code-Base OS/2 (Windows):

Re: "IBM, Bankers at Odds Over OS/2 Migration Path
Vendor advises OS/2 users to switch to Linux, but ATM makers are leading push to Windows"

http://www.computerworld.com/softwaretopics/os/story/0,10801,83884,00.html

[MSSlayer]

OS/2 is a small module in the Windows Kernel. It is of minor importance. Win32 and Posix is where the action is.

Banks adopting Windows is the reason why ATM's are routinely hacked these days...

[Commander_Spock]

Re: "[...Banks adopting Windows is the reason why ATM's are routinely hacked these days...} Well, it appears that they should have remained on OS/2 like the Russians have done it is believed. Also, one wonders what the scenarios are with respect to the "Electronic Voting Machines..."!

[kojacked]

Banks adopting Linux is the reason why ATM's are routinely hacked these days. My momma told me so.

[tm_anon]

Unfortunate that the Defense Department took out the best part of Open Source, meaning the contributions from the community. A better idea would be to make it open and viewable only to the contributors, widening the base of contributors as they go along.

Not exactly open source, but for this particular purpose, it's a better model to work with.

[Commander_Spock]

Re: "[...A better idea would be to make it open and viewable only to the contributors, widening the base of contributors as they go along...]" Huh! So much for the idea of "top military secrets" - who needs enemies!!!

[tm_anon]

when making a response to my post, try to actually RESPOND TO MY POST.

[MSSlayer]

Spock lives in his own little world where OS/2 rules all.

Back here on earth it is long dead.

[Commander_Spock]

Re: "[...Back here on earth it is long dead...." Just let us wait and see what happens when NASA grounds its aging Shuttle Fleet. OS/2 may be "long dead" as you might want others to believe; but, like Elvis it will be still making for the Russian Federation.

http://en.ecomstation.ru/solutions/?action=solutions

Have ya ever heard of a company called Serenity Systems International dude!!!

See about "eComStation 2.0 RC6a (being) released"

http://www.ecomstation.com/

[odubtaig]

Yes, the country that brought us Concordski (the worlds most expensive firework ever), Aeroflot, Samovars, the Lada, a resurgence in NAZIism, the fakest 'democracy' since Ancient Greece and a safe haven for murderers, criminal organisations, criminal organisation backed internet thieves, botnet merchants and Spam Kings is also my first choice to be held up as a shining example of how to do things right.

Right?

[Commander_Spock]

They say "Birds of a Feather Flock Together" on the "International Space Station".... "Right?" or wrong! And, don't worry - The Chinese And The Indians Are Coming!

[MSSlayer]

Do the disjointed and insane remarks you write make sense to you Spock? Because they don't to anyone else.

[Commander_Spock]

"Mission Accomplished" MSSlayer! And, please do not start to give the appearance that you are soon going to crack-up on us at this stage when the journey has just began.

Remember, if you cannot get into space then "All Your (Celestial) Base Are Belong To US"!

http://www.youtube.com/watch?v=L9oh3gqOEKU

"To Boldly Go Where None Has Gone Before"!

Live Long And Prosper!

[Commander_Spock]

Re: "Open Source, meaning the contributions from the community..." How about this: "Open Source, meaning the contributions from the community" to the right; and, Code-Base OS/2 (Windows) + eComStation and OS/2 to the left and you can have what ever you like!

[kit_plummer]

Well...really, until the federal contractors who write the code for the Department of Defense contractors are incentivized to do their work in Forge.mil fashion forget it. This a build-it and hope they will come approach without the need. I'm contractor A and I've been awarded 1.5B to develop system X. Why would I "open" any of my effort? The right answer should be because the "customer" said so. But, the customer isn't saying this. Sure, there is talk of Open Technology Development and all the players are supposed to treat OSS as generic COTS. But, that is a lot different that expecting contractor A and contractor-n will have any desire to collaborate.

Don't get me wrong. I'd love to see OSS as a baseline requirement for DoD-sourced contracts. And, I believe for the sake of transparency we, as tax-payers, deserve this.

Just like the DoD to be behind the curve. We don't need Forge.mil with CAC-access. We need Github.mil with CAC-access. But, oh well.

[tm_anon]

In this case, the customer is the one making the change in order for the vendors to be able to have a way to work with the code already implemented.

Your example with contractor A is flawed. Because of the work involved in building from the ground up, most contractors already use code that's already been created. Some are too arrogant and will only use their own code, thinking it's better. Others will only use Open Source, believing everyone else is better. Then there are those who use a hybrid of the two, giving back contributions, but saving the parts which make the code secure, leaving those security holes for others to fill in how they'd like.

In other words, contractors are already using open source and already making some parts of their work open to the public as a way of repaying the community. Open Source has been in government for as long as licensing permitted, it's just not been acknowledged. Now they're starting to learn how to embrace it.

[Commander_Spock]

Re: "[...In other words, contractors are already using open source and already making some parts of their work open to the public as a way of repaying the community. Open Source has been in government for as long as licensing permitted, it's just not been acknowledged. Now they're starting to learn how to embrace it....]" Well, it all depends on which government you are talking about.... because, as it is widely known the British Military has not so long ago decided to go along with the 90% Plus market share Code-Base OS/2 (Windows) Operating System - Windows XP to be specific - for use in their nuclear submarines (while the Russians use OS/2). So, what are you going to do - run and hide in your underground bunker for fear that "Windows" will not be up to "security" snuff? Lol!

[tm_anon]

@******* (aka Commander_Spock)

If you want to take over a column, make your own. Grownups with a clue are talking.

[Commander_Spock]

welcome to the Federation Star Fleet's Situation Room "@*******"; and. are your "REXX-based systems" (platforms) ready for outgoings that are designed to achieve 25,000 feet per second (escape velocity). BTW, what about those that have to deal with those that are incoming. So, how about if we call it "Battle Preparedness"!

"Where Eagles Dare"!

[Commander_Spock]

Additionally, re: "Where Eagles Dare"! Damn the "mis-characterization" or "characterization" of the "Accomplished Missions"; and, with one being on the "Left" with the other on the "Right" you can have the Software or Hardware of Your Choice... so say the market forces and the world's economy.

And, we talk about "grownups"!

"Eight Years"!

[kit_plummer]

@tm_anon I think you've missed my point. It is easy to consume Open Source Software...and there are various govie mandates dictating that FLOSS be treated the same as commercial, proprietary software. This justifies its use. But, as you've pointed out using Open Source is not the issue here - it is already common practice.

I can tell you that there is very, very little community participation in the form of "giving back". Most government contractors are pushed away for GPL licensed software because their legal functions fear the loss of IP. So, basically this Forge.mil instance is just another firewall preventing the use of GPL because it blocks the ability for any changes to go back to the source.

New software that is being developed by contractors...well I think you're going to have to explain to me why any contractor would want to collaborate. Speaking from experience collaborating across contracts within the same contractor is painful...and in many cases not even possible due to "color of money" issues. I suppose we should be happy that facilities are being provided to promote the potential collaboration in the form of DoD-open code. But, back to my original point. Unless government agencies reform the acquisition process to provide some incentive to use it - contractors won't pay attention.

There is another angle. As Jim Stogdill bluntly points out here: http://radar.oreilly.com/2009/01/the-army-the-web-and-the-case.html - there is an opportunity. This requires that intra-agency projects be hosted in a Forge.mill environment. It is possible to imagine contractors being able to provide community-based development opportunities extra life. By exposing real-life "problems" through the Forge.mil environment it is possible to imagine DoS-sourced software projects growing. But, even the generative nature is cramped, because it is limited to those with CAC cards.

Anyway...just take away Matt's key point here that there is a huge difference between consuming OSS and producing it.

[Commander_Spock]

Re: "[...I suppose we should be happy that facilities are being provided to promote the potential collaboration in the form of DoD-open code. But, back to my original point. Unless government agencies reform the acquisition process to provide some incentive to use it - contractors won't pay attention....]" You should have added "Why even bother to provide cost intensive "facilities" when the British Military plans to adopt an "off-the-shelf-software" policy to effect cost savings. And, right here on this CNET NEWS site there was news about the Chinese attempt at their own Open-Source Linux Operating System... and just where is that Chinese Linux today.in terms of world market share in comparison to that of the dominant Microsoft's Windows Operating System. Additionally, imagine leaving the American Military establishment and shifting to a career in the Microsoft dominant Windows Operating System business/civilian world.

[MSSlayer]

If you consume something it is gone. You can't "consume" software, you use it.

[Commander_Spock]

Re: "If you consume something it is gone. You can't "consume" software, you use it." Ha, Ha, Ha, Ha, Ha, Ha, Ha, Ha........ ROFL!.

[tm_anon]

@kit_plummer

My main criticism with your response is in how you view collaboration between contractors.

When using an Open Source model, you're not limited to using only new code, written that day. You're meant to take what exists already and build off of that. You're not collaborating in real time so much as collaborating with those who have already tested and retested what you're now working on. Because of all this testing and tweaking and retesting of the code, it becomes more and more stable. You end up having a very strong base to work off of.

Contractors would end up being able to make better product with less work and no collaboration issues, just an understanding that you get paid, but you don't get ownership. Of course, dealing with the government, this is often the case anyway. At least this way you'd know it's going to help your fellow contractors.

[zmonster]

I applaud this step by the military. I actually cannot believe this is happening. I never thought I'd see the day where the government would do something useful, that will save time & money, and improve technology tenfold. Congratulations.

[Commander_Spock]

This is all well and good what you are saying; but, the banks around the world are getting the "all the bail-out cash", Linux Is For Free"; and, still the world's economy is in a deep, deep financial and economic quagmire.

Yep, "Mission Accomplished" - Again!

Come work for us for free!!!

[cohaver]

Best thing the DOD could do. I have seen 25 years of PC viruses ,macros and Spam Java script. Open and breakdown the code at it's roots for faster on the fly battle field corrections. Purge the weakness in the code at it's Roots is always the best.

[Rob_a_tForge_mil]

Matt Asay, Please please change the link in the above article from forgemil.com to https://www.forge.mil. . Forgemil.com was a site we were using during the development of forge.mil. Unfortunately, the wrong URL somehow made it in to the article. Right now the site requires a user to authenticate using a DOD PKI certificate (either a Common Access Card or a certificate from one of the DoD external certificate authorities (ECA)). See http://iase.disa.mil/pki/eca/index.html for more information.

[nosillacast]

Rob - I was glad to see your correction - hope he fixes the link soon. That said, https://www.forge.mil is coming up with an invalid security certificate. Might want to get that cleaned up if we're going to gain credibility for Open Source in the security world.

[nosillacast]

Rob - I was glad to see your correction - hope he fixes the link soon. That said, https://www.forge.mil is coming up with an invalid security certificate. Might want to get that cleaned up if we're going to gain credibility for Open Source in the security world.

dang - tried to verify the cert anyway and it failed!

[Rob_a_tForge_mil]

We're using a DoD issued certificate to identify ourselves. If you don't have the DoD root installed you'll get the invalid security certificate error. Visit the following page to download the DoD/ECA Root Certificates: https://www.dodpke.com/InstallRoot.

[farodek]

i'd say it's like sourceforge, here's an access denied error i got from one of the projects:

You do not have permission to view this page.
If you feel you have received this message in error, please contact the SourceForge administrator.

[john.mark]

Hi Matt - Just a friendly note to let you know that this is a CollabNet operation. Forge.mil runs on CollabNet SourceForge Enterprise :)

-John Mark
openCollabNet Community Manager
http://www.collab.net/