OA is not OSS - Defense Daily Network
Download
Report
Transcript OA is not OSS - Defense Daily Network
THIS PRESENTATION BROUGHT
TO YOU BY
GLOBAL TECHNICAL SYSTEMS
Harley Garrett
9 Industrial Park Dr
Oxford, MS 38655
[email protected]
www.gtshq.com
Copyright (C) Harley Garrett. Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.3 or any later
version published by the Free Software Foundation; with no Invariant Sections, no FrontCover Texts, and no Back-Cover Texts. A copy of the license can be found
at:http://www.gnu.org/licenses/fdl.html entitled "GNU Free Documentation License".
Disclaimer: Any observations or points of view (POV) are the sole opinions of the author and
not attributable to GTS.
Topics and Their Impact on OA
How Can SB’s Avoid or Leverage?
•
•
•
•
Copyright & Patents
Interface Standards and Associations
Licenses & Information Assurance
Role of OA & OSS in IT Advances
Are Patents & Copyright Laws
Obstacles to Open Interfaces?
• 1887 Marconi monopoly - Shore-to-Ship Comm
– Refused to communicate with non-Marconi equipped ships
• 1969 IBM announces separately prices SW
– U.S. vs IBM Anti-Trust Suit – 13 yrs & dismissed
• 1975 Bill Gate’s Open Letter to Hobbyists
– “As majority of hobbyists must be aware, most of you steal
your SW..Is this fair?..You prevent good SW from being
written..the thing you do is theft”
• 1981 IBM PCs ship with Microsoft Proprietary DOS
• 1998 Digital Millennium Copyright Act (DMCA)
– Copyright Infringement Criminal & Civil Penalties for the
Digital Age
Impact of DMCA on Open Interfaces
• 2005 Sun Micro makes 1600 patents OSS
• 2007 – Microsoft: Claims Linux & OSS violate 235
Microsoft Patents; files DMCA notices [pay royalties or
face patent infringement law suits]
• 2009 Oracle buys Sun Micro
– Discontinues OpenOffice, MySQL (and now OpenSolaris)
– Employees quit; start Maria DB, LibreOffice, Illumos.
• 2011 Oracle sues Google $2.6B: Android’s use of Java
– Microsoft issues DMCA notices to OSS Apps developers who
want to interoperate with Skype.
– Now pushing HW OEMs to include their Unified Extensible
Firmware Interface [UEFI] [BIOS replacement] in HW for
security purposes. But then the HW won’t boot other OS’s
Alliances Associations & Standard Makers
• HW Stds: Engineering Specs, processes
• SW Stds: Protocols, NW Architectures, Code
• Members are Economic & Business Centric
– Standards sometimes benefit a single firm under
the guise of “openness” & ‘interoperability”
• OSS Stds: Evolve from OSS Foundations
– Members focus on Quality; Peer Relationships
– Standards evolve via general acceptance & use
– Always benefit everyone
– LAMP [Linux, Apache, MySQL, PHP], Android
SERVER STACK Software
Points of View (SBR) & Small Business
Recommendation (SBR)
• POV #1 Copyright law now used by large firms
as a weapon against each other -- and to
coerce OSS developers and users.
– SBR: DoD contracts process should offer some
some safe-harbor. Observe & Monitor
• POV #2 Large Firms dominate standards
through industry associations & alliances
– SBR: Compete with your own subject matter
expertise and/or join Open Alliances/Foundations
SW License Impact
• Commercial Proprietary (Closed)
– (Microsoft, Oracle, IBM, NetApp, VMWare..
– No source code, reverse engineering prohibited
• Open/Closed Hybrid
– Normally for enterprise & business processes
– User can modify source code but under strong
restrictions; Licensor owns derivative works
• Open Source (GNU, BSD, CDDI, Apache …)
– Various requirements but none restricting mods,
distribution; GNU GPLs & Compatibles majority
Open/Closed Hybrid License Example
Licensee may make modifications to the SoftWare [however]. …All modifications and rights associated
therewith
shall be the exclusive property of (the company).
Company retains right to develop enhancements.
Licensee agrees not to take any action that would limit
(Company’s) sale, assignment, licensing, or use of its own
SW modifications or enhancements thereto.
DoD ERP/MAIS Experience with Closed &
Open/Closed Hybrid Licenses
• Army General Fund Enterprise Business Sys
(GFEBS) – One Army/Contractor “Team”
– “We are being ordered to modify Army processes
to fit the SAP SW”
– Now Two years behind schedule & over cost
• Defense Integrated Military Human Resource
System (DIMHRS)
– $1B and 12 years – canceled in 2010.
– 100% PeopleSoft proprietary code & tools
– Peoplesoft now owned by Oracle
Experience with Open/Closed Hybrid Licenses
• Navy ERP - 2000-2004 pilot programs
– GAO 2005“Efforts failures; $1B largely wasted”
– New Program $800m to complete 2011
– 2011 Personnel & Pay System – 12 yrs behind
$576M over cost (Oct 2011)
• Navy PMO Website:
– “The Navy ERP Program uses a product from SAP
Corporation, the largest provider of ERP solutions
in the world.”
• [Don’t worry, AF & Army are in the same boat]
OPEN SOURCE LICENSES
• DoD CIO 16Oct2009 Memo “Clarifying
guidance regarding OSS”
– did not make any distinction among Open License
types
• White Paper 1Oct2011 “The GNU GPL is
compatible with the DFARs”
– most closely resembles unlimited rights licensing.
• Majority of OS licenses are GPL or GPL
Compatible
Points of View (SBR) & Small Business
Recommendation (SBR)
• POV #3 Proprietary and Hybrid Licensed COTS
SW are major obstacles to DoD in achieving
OA in it systems.
– SBR: Invest in-house OSS expertise. Offer Gov’t
alternative OA/OSS solutions. Help create a
more/larger SB set-aside customer environment.
• POV #4 Hybrid licensed SW is not “open”, may
“force fit” existing processes. Costly to deploy
– SBR: Look for OSS niches to offer ERP primes.
Build on this to create a SB “middle systems
integrator class” for major procurements.
IA Compliance – Pro OA or an Obstacle?
• NIST & NSA: Common Criteria (CCEVS 7 Levels)
& FIPS 140-2 CMVP (4 Levels)
– Typical Costs: $100k + & 18-24 Months
– Lab Fees+“Extended Costs”Paid by SW Owner
– Process Assumes All COTS SW is Proprietary
– 1628 Total Certs: Two OSS (RHEL & OpenSSL)
– “And most importantly, encouraging competition
and collaboration through development of
alternative solutions and sources.” (CNO Memo to
ASN (RDA) 28Aug06)
• Where are the OSS IA alternative solutions?
Points of View (SBR) & Small Business
Recommendation (SBR)
• POV #5 DoD has a competitive proprietary
environment among CMVP/Common Criteria
IA compliant SW (and HW) modules but not
among OSS modules.
– SBR: Look for Primes [or other SBs] willing to help
fund and collaborate on an Open Source CMVP
project as part of a mutually beneficial teaming
strategy to target upcoming procurements.
Role of OA & OSS in IT Advances
• F/O Networks & Greater bandwidth,
– WWW IPv4 migration to IPv6
• 3G moving through LTE to 4G
– Explosion of Wireless Devices
• Clouds: Public, Private, Community, Hybrid
– SaaS, PaaS, IaaS (computers, storage, networks)
– HW Virtualization
• OSS Contributions: Android, Linux, XEN, ZFS,
KVM, OpenStack, Illumos, OpenSSL
Points of View (SBR) & Small Business
Recommendation (SBR)
• POV #6 Rapid advances in IT computing
infrastructure enabling integration of voice,
data, and video to meet end-user commercial
market demands is driven more by OSS
innovations and OA interfaces than by
proprietary SW and HW innovations.
– SBR: Develop in-house OSS VM and Cloud
management capabilities; Offer this to primes
participating in ERP or smaller cloud
procurements
Summary
• Small Business can help the Navy and DoD
expand OA into and across their missions
– OA and OSS are two sides of the same coin
– The key is pervasive integration into Navy Systems
– Successful SBs will remain cognizant of obstacles
and innovations in COTS IT environments and how
they affect DoD
• Use this knowledge in developing SB growth
strategies – and help DoD create a “middle
class” of SB System Integrators
BACK Up Slides
DoDD 8500.1 & DoDI 8500.2
Information Assurance
National Security Telecommunications & Information Security Policy No. 11
(NSTISSP #11 – January 2000)
The acquisition of all GOTS IA and IA-enabled products to be used on
systems entering, processing, storing, displaying, or transmitting national
security information shall be limited to products which have been evaluated by
the NSA, or in accordance with NSA-approved processes.
Atch 6 Encl 4 (DoDI 8500.2) CONFIDENTIALITY CONTROLS FOR DOD INFORMATION
SYSTEMS PROCESSING PUBLICLY RELEASED INFORMATION
The acquisition of all IA and IA-enabled GOTS IT products is limited to products that
have been evaluated by the NSA or in accordance with NSA approved processes. The
acquisition of all IA- and IA-enabled COTS IT products is limited to products that have
been evaluated or validated through one of the following sources - the International
[Common Criteria (CC] for Information Security Technology Evaluation Mutual
Recognition Arrangement, the NIAP Evaluation and Validation Program, or the FIPS
validation program [CMVP]
“Closed” PROPRIETARY License
No Source Code
(Company) is the…sole owner of all intellectual
property rights… must not be altered, deleted or
obliterated in any manner. ..License Agreement
does not grant you the right to sublicense, rent,
assign or lease the software, in whole or in part,
and you may not decompile, disassemble, modify,
decrypt, extract or otherwise reverse engineer, or
make further copies of the software ….
Open/Closed Hybrid License Example *
• You cannot reverse engineer or decompile the
RPT format.
• You cannot use the software to develop a
product that converts the RPT file to another
format.
• You cannot use the software to build a product
that is competitive with other SAP offerings.
• You cannot use unauthorized keycodes or
redistribute keycodes.
* http://www.sap.com/solutions/sap-crystal-solutions/queryreporting-analysis/sapcrystalreports/licensing/index.epx
Open Source Cloud & Virtualization Management
• EC2 (Amazon Web Services – AWS)
• QEMU Processor Emulator & Virtual Machine
Monitor
– Integrates on VirtualBox, XEN, KVM, Win4Lin Pro
Desktop, Modified + KVM can run on MAC OSx
•
•
•
•
OpenStack, Eucalyptus, CloudStack
Joyent SmartDataCenter (SmartOS)
Nebula (OpenStack)
AXSH Wakame (Linux & openindiana)
World Wide Web Site Oct 2011
(more...)
Web Server Market Share Oct 2011
Apache
(Open)
65.05% 326,008,432
64.67%
-0.38
76,323,018
15.73%
78,937,065
15.66%
-0.07
Nginx
(Open)
38,970,683
8.03%
43,037,079
8.54%
0.51
Google
(Open)
17,265,308
3.56%
17,487,924
3.47%
-0.09
Microsoft
Proprietary
315,605,335
Open Source SW Examples
•
•
•
•
•
•
•
•
•
GNU Compiler Collection
FFTW - Fastest Fournier Transform in the West
Linux (Debian, Fedora, Ubuntu,..)
SmartOS & OpenIndiana (OpenSolaris Forks)
ZFS (OpenSolaris Default File Server)
XEN (Virtual Machine Monitor-Hypervisor)
KVM Kernel-Based VM for Linux, BSD, Windows
Node.js (I/0 Side Java Script Environment)
LAMP Web Server Stack (Linux, Apache, MySQL,
PHP)
System Interface Standards Driven by
Technology
• Telephony & Telegraphy (wire)
– 1836-1861 Telegraphy
– 1876 Telephone “Mr. Watson, Come here..”
• 1884 American Institute of Electrical Engineers
(AIEE)
• Wireless (Radio) Telegraphy (1887-1920)
– The Wireless Institute (TWI)& Society of Wireless
and Telegraphy Engineers (SWTE)
• 1963 TWI & SWTE Form IEEE
Interfaces Go Digital (Think SW)
•
•
•
•
•
•
•
•
1947 – First Transistor (Bell Labs)
1948 First Stored Program (SW) Computer
1951 Transistor Production
1954 IBM 704 SW Hand Coded Asby Language
1954 First High Level Language (FORTRAN)
1958 First Integrated Circuit (IC) & IBM SAGE
1959 First Business Language (COBOL)
1963 Beginners All-Purpose Symbolic Instruction
Code (BASIC)
• 1964 First Mini-Computer DEC PDP-8
• 1975 First Micro-Computer ALTAIR 8800
• 1981 IBM XT & AT
Basic SW Development Process
Source Code in
Language:C,
C++, Perl, etc
Executable in
Binary (0,1)
Machine
Language
COMPILER
Intermediate
Language
APPLICATION
This is referred to as
the “executable” that
you purchase
Display
Compact
Disc
(Binary 0, 1)
APPLICATION
OPERATING SYSTEM
(Win 7, Apple OSX, Linux)
Your Computer
Proprietary
OS’s wed
Applications to
the Computer
HW (Platform)
Linux is the
exception
“Closed” SW License Specifying HW
Licensee agrees to install this Software only on Hardware …that has previously been approved by
(company) in writing…Any individuals that use the
Software including employees, agents, subsidiaries, and
business partners must be identified as “Named
Users”.
Closed License Clause Restricting
Web Access to Applicatons
“Business Partners may have screen access to
the Software solely with Licensee’s Use and may
not use the Software to run any of their business
applications”
License providing source code …HOWEVER…
Licensee may make modifications to the Software. …All modifications and rights associated therewith
shall be the exclusive property of (the company).
Company retains right to develop enhancements.
Licensee agrees not to take any action that would limit
(Company’s) sale, assignment, licensing, or use of its own
SW modifications or enhancements thereto.