The DoD: seriously openly sourcy

[Updated Feb 5 12:45pm to remove inaccurate quote about sourceforge.net /rj.]

In Monday's IT Blogwatch, Richi Jennings watches the Defense Department launch forge.mil, its own open source code repository. Not to mention "eek"...

Doug Beizer reports:

Defense Department officials have launched a new Web site where developers can work on open-source software projects specifically for DOD.
...
In its first week, Forge.mil is hosting three open-source projects ... DOD Bastille integrates the specific security, technical and implementation guidelines required by DOD ... Another project on Forge.mil is designed to manage request for proposals development. The third project automates the secure configuration of Solaris systems.

Bob Brewin stirs the mash tub: [You're fired -Ed.]

Forge.mil (although the site has a .com domain) ... provides Defense software engineers with the environment and tools to create Defense software for engineering applications in weeks, rather than the years it usually takes, David Mihelcic, the agency's CTO, told the monthly meeting of the Washington Chapter of the Armed Forces Communications and Electronics Association.
...
DISA has Security Technical Implementation Guides, which can run hundreds of pages that govern server configuration. For a large server farm, manual configuration is a time-consuming and daunting task. DoD Bastille was developed by DISA intern Aaron Lippold and automates the implementation guides.

Michael W. Jones recurses:

The Department of Defense has built its repository on the same technology used by SourceForge, itself a project available on the SourceForge site. In keeping with its mission, the Forge.mil project has added a layer of security that does not exist in the original project ... [It] has been upgraded to meet Department of Defense standards, including the use of smartcards for system authorization.
...
The code ... is open for viewing by the public, even though only those that are behind the improved security can edit or contribute to the code source ... Once people start looking at the code, some will wish to contribute ... the way that civilian open source projects gain momentum. It is exceedingly nice to see our government involved in so active a way in the open source movement.

Guy Martin is involved:

I'm happy to report that after a lot of work (and a significant amount still to come), we've launched an early access version of the Forge.mil and software.forge.mil collaboration capability ... It's officially categorized as LOA (limited operational availability) ... to work through the inevitable bumps in the road that come with not only the operational details of a new system, but also getting projects and users used to the notion of a more open development methodology ... it is clear we'll have to work on getting some folks up to speed on this way of project development, but ... they seem excited and energized by what this change can bring.
...
All in all, it was a good day.

But 1u3hr scoffs:

Okay, why the **** does the DoD call the site "forge.mil" but actually host it at "forgemil.com"? If they can't get a real .mil site, who can? I thought it was some phishing scam. "forge.mil" doesn't even resolve, let alone redirect.

To which, legirons adds, tongue-in-cheek-stylee:

You know it's the right site, because its certificate is signed by the DoD CA.

Except that CA isn't installed in any browser. And the site to download that cert is signed by the cert itself. Security by circular reasoning.

However, superid cheers:

When I was first hired as a budding DoD programmer a long time ago, one of the first things I asked is "where is our library of stuff that has been developed locally?"

I might as well have asked "where is my +3 mace?" because we didn't have that either. I'm glad this is finally happening.

And finally...

• "Eek" -- strangely hypnotic, yet moderately disturbing

Buffer overflow:

• Eric Krangel: Microsoft Throwing Xbox 360 Tupperware Parties To Hook Women. Brilliant

• ElasticVapor: Semantic Cloud Abstraction

• Dan Morrill: H1B Visa holders see the other side of the coin

• Robin Wauters: Nielsen Deletes Reply-To-All Button

• Matt Asay: Defense Department sets up its own SourceForge

• Andy Green: Best of TED

Other Computerworld bloggers:

• Seth Weintraub: Adobe Flash on iPhone? Here we go again.
• Seth Weintraub: The next iPhone
• Michael Horowitz: ThinkPad users beware of Internet Explorer hang problems
• Mike Elgan: What if Google decided YOU were 'malware'?
• SJVN: Google search snafu fixed, explained
• Eric Lundquist: Google goes crazy claiming everything is malware
• Eric Lundquist: Superbowl: security hackers playground
• Martin MC Brown: This Site May Harm Your Computer
• Eric Lundquist: Skype, Phone Home:VOiP is only the starting point
• Eric Ogren: Security businesses move ahead in this economy
• Preston Gralla: Microsoft: This is the last Windows 7 beta
• Michael Horowitz: The best way to disable Autorun for protection from infected USB flash drives
• Dan Tynan: The curious case of Linkstar Media
• Don Tennant: Seventh grader is 'President for a Day' at CA
• Robert L. Mitchell: D-Day: Verizon dumps landline business on FairPoint
• Mark Everett Hall: AppStore's cutting Edge browser, a dull blade
• Shark Tank: Priorities
• Shark Bait: Insourcing

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• Fannie Mae sabotaged?
• Gmail gears up for offline Web access
• Cisco's grandiose green game gets going