I am reading a NASA Grant application today, and noticed this text:
Program elements will give preference to proposals that include a plan for committing software as Open Source Software (OSS), beginning at the inception of the proposed work. This plan will include the identification of software components developed as part of the proposed work, and designate a permissive, widely accepted OSS license and a public repository hosting service for these components.
Bruce,
Yeah, NASA (and other government agencies) have been promoting OSS for quite some time and some even have some long-standing projects, ref: WorldWind. And something worth noting, is that with the government, what they mean by OSS can sometimes be misleading. There is GOTS (Government Off The Shelf) OSS and non-GOTS OSS. Meaning, it could be regular OSS lib, but accessible only in a repository that is only accessible by government contractors / programs that have a need, and never really return code to the public domain (but do maintain changes). This is quite commonplace. I am not sure if that's what they mean in this case of the grant, specifically. NASAs WorldWind, has source repositories in the public domain and has for many years (I may be in the commit logs somewhere), so some definitely do work that way.
Projects like GDAL have benefited greatly from government / OSS integration. But then, you have situations like LAS Tools Right Now, where the main developer purportedly made some kind of a threat about adding malicious code to it, so gov agencies are asking everyone to immediately uninstall QGIS (open source GIS package, that utilizes las tools out of the box). I don't know if this has been validated but you can find bits and pieces around the net about it. Which brings me to my next point.
Sometimes, if you're working a government contract and you want to use a particular OSS library, they do not allow you to just download it and use it. You can however, purchase it through a trusted third-party company. All due to liability issues. As a result, you can literally burn, box and sell, literally Free software. The problem is, what if libtiff pokes a hole in the firewall every three image opens? And, don't laugh, i've seen weird stuff happen over the years. The funniest, was an API function to "create a folder" at a path, that, if the folder already exists, it would actually traverse the folder and delete all files / folders found underneath it. No joke. Now, due to some bad // \ path handling in the lib, when passed a path like this: C://something//and//some//place, it accidentally started wiping everything in the root of the C:/ drive. The first tool user that experienced that, was not a happy camper :-) The OSS path handling lib wasn't explicitly malicious, it was just bad path handling in the lib causing the problem, but bygons. Liability is a royal PITA.
Joseph Armbruster KJ4JIO
On Fri, Jul 17, 2020 at 2:18 PM Bruce Perens via AMSAT-BB amsat-bb@amsat.org wrote:
I am reading a NASA Grant application today, and noticed this text:
Program elements will give preference to proposals that include a plan for committing software as Open Source Software (OSS), beginning at the inception of the proposed work. This plan will include the identification of software components developed as part of the proposed work, and designate a permissive, widely accepted OSS license and a public repository hosting service for these components. _______________________________________________ Sent via AMSAT-BB@amsat.org. AMSAT-NA makes this open forum available to all interested persons worldwide without requiring membership. Opinions expressed are solely those of the author, and do not reflect the official views of AMSAT-NA. Not an AMSAT-NA member? Join now to support the amateur satellite program! Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
Joseph,
You need to consider what the alternatives are. In the case of the United States Government, being able to make their own flavor, even if they have to hire a contractor to do it, is tremendously reassuring. If someone has bad intentions in the Open Source world, or writes pernicious code, people *see* it. My experience in being an officer of a Fortune 100 proprietary software company, and having many proprietary software companies as customers, is that disgruntled employees and their deliberate or accidental code issues are part of every proprietary software product, and remain secret. I have been paid big bucks to clean this stuff up during one company's IPO. What was there would have sunk them if ever discovered.
Government proprietary software customers have to work hard just to get the right to examine proprietary software, maybe in a controlled room with severe constraints on their action. A really big concern for the United States Government right now is that the ICs that they buy actually perform as specified and do not contain deliberate surprises. The reality for them is that 100% disclosure and tracing of processes is essential. Open Source provides a good way to do it. All of the other alternatives provide a significantly larger administrative load.
Thanks
Bruce
On Fri, Jul 17, 2020 at 1:28 PM Joseph Armbruster < josepharmbruster@gmail.com> wrote:
Bruce,
Yeah, NASA (and other government agencies) have been promoting OSS for quite some time and some even have some long-standing projects, ref: WorldWind. And something worth noting, is that with the government, what they mean by OSS can sometimes be misleading. There is GOTS (Government Off The Shelf) OSS and non-GOTS OSS. Meaning, it could be regular OSS lib, but accessible only in a repository that is only accessible by government contractors / programs that have a need, and never really return code to the public domain (but do maintain changes). This is quite commonplace. I am not sure if that's what they mean in this case of the grant, specifically. NASAs WorldWind, has source repositories in the public domain and has for many years (I may be in the commit logs somewhere), so some definitely do work that way.
Projects like GDAL have benefited greatly from government / OSS integration. But then, you have situations like LAS Tools Right Now, where the main developer purportedly made some kind of a threat about adding malicious code to it, so gov agencies are asking everyone to immediately uninstall QGIS (open source GIS package, that utilizes las tools out of the box). I don't know if this has been validated but you can find bits and pieces around the net about it. Which brings me to my next point.
Sometimes, if you're working a government contract and you want to use a particular OSS library, they do not allow you to just download it and use it. You can however, purchase it through a trusted third-party company. All due to liability issues. As a result, you can literally burn, box and sell, literally Free software. The problem is, what if libtiff pokes a hole in the firewall every three image opens? And, don't laugh, i've seen weird stuff happen over the years. The funniest, was an API function to "create a folder" at a path, that, if the folder already exists, it would actually traverse the folder and delete all files / folders found underneath it. No joke. Now, due to some bad // \ path handling in the lib, when passed a path like this: C://something//and//some//place, it accidentally started wiping everything in the root of the C:/ drive. The first tool user that experienced that, was not a happy camper :-) The OSS path handling lib wasn't explicitly malicious, it was just bad path handling in the lib causing the problem, but bygons. Liability is a royal PITA.
Joseph Armbruster KJ4JIO
On Fri, Jul 17, 2020 at 2:18 PM Bruce Perens via AMSAT-BB amsat-bb@amsat.org wrote:
I am reading a NASA Grant application today, and noticed this text:
Program elements will give preference to proposals that include a plan
for
committing software as Open Source Software (OSS), beginning at the inception of the proposed work. This plan will include the identification of software components developed as part of the proposed work, and designate a permissive, widely accepted OSS license and a public repository hosting service for these components. _______________________________________________ Sent via AMSAT-BB@amsat.org. AMSAT-NA makes this open forum available to all interested persons worldwide without requiring membership.
Opinions expressed
are solely those of the author, and do not reflect the official views of
AMSAT-NA.
Not an AMSAT-NA member? Join now to support the amateur satellite
program!
Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
Bruce,
I totally get your pro-open source, but it seems to be every email thread, I'd sure hope that AMSAT Engineering was aware of that clause.
Being lots of educational CubeSats use COTS parts, isn't it likely that most would be only open sourcing the ground station elements which might come under "Open Source Software" and be suitable for NASA's guidelines, while AMSAT doesn't to my knowledge release gerber pcb files it does release a good amount of ground station code, think Fox Telem is open source and as others have pointed out there's other projects shared on Github relating to AMSAT satellites.
Peter, 2M0SQL
On Fri, 17 Jul 2020 at 19:15, Bruce Perens via AMSAT-BB amsat-bb@amsat.org wrote:
I am reading a NASA Grant application today, and noticed this text:
Program elements will give preference to proposals that include a plan for committing software as Open Source Software (OSS), beginning at the inception of the proposed work. This plan will include the identification of software components developed as part of the proposed work, and designate a permissive, widely accepted OSS license and a public repository hosting service for these components. _______________________________________________ Sent via AMSAT-BB@amsat.org. AMSAT-NA makes this open forum available to all interested persons worldwide without requiring membership. Opinions expressed are solely those of the author, and do not reflect the official views of AMSAT-NA. Not an AMSAT-NA member? Join now to support the amateur satellite program! Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
Sorry. The problem is not really that AMSAT doesn't do enough open source. The problem is that AMSAT seems to be overly constrained in its action. Open Source is part of an overall strategy we suggest for a cure.
On Fri, Jul 17, 2020, 3:04 PM Peter Goodhall (2M0SQL) peter@magicbug.co.uk wrote:
Bruce,
I totally get your pro-open source, but it seems to be every email thread, I'd sure hope that AMSAT Engineering was aware of that clause.
Being lots of educational CubeSats use COTS parts, isn't it likely that most would be only open sourcing the ground station elements which might come under "Open Source Software" and be suitable for NASA's guidelines, while AMSAT doesn't to my knowledge release gerber pcb files it does release a good amount of ground station code, think Fox Telem is open source and as others have pointed out there's other projects shared on Github relating to AMSAT satellites.
Peter, 2M0SQL
On Fri, 17 Jul 2020 at 19:15, Bruce Perens via AMSAT-BB amsat-bb@amsat.org wrote:
I am reading a NASA Grant application today, and noticed this text:
Program elements will give preference to proposals that include a plan
for
committing software as Open Source Software (OSS), beginning at the inception of the proposed work. This plan will include the identification of software components developed as part of the proposed work, and designate a permissive, widely accepted OSS license and a public repository hosting service for these components. _______________________________________________ Sent via AMSAT-BB@amsat.org. AMSAT-NA makes this open forum available to all interested persons worldwide without requiring membership.
Opinions expressed
are solely those of the author, and do not reflect the official views of
AMSAT-NA.
Not an AMSAT-NA member? Join now to support the amateur satellite
program!
Subscription settings: https://www.amsat.org/mailman/listinfo/amsat-bb
participants (3)
-
Bruce Perens
-
Joseph Armbruster
-
Peter Goodhall (2M0SQL)