Forgot your password?
typodupeerror
Government Databases Open Source Security Software

NSA Mimics Google, Angers Senate 193

Posted by Soulskill
from the don't-be-evil-just-doesn't-work-for-us dept.
An anonymous reader writes "In a bizarre turn of events, the Senate would prefer that the DoD use software not written by the government for the government. Quoting: 'Like Google, the agency needed a way of storing and retrieving massive amounts of data across an army of servers, but it also needed extra tools for protecting all that data from prying eyes. They added 'cell level' software controls that could separate various classifications of data, ensuring that each user could only access the information they were authorized to access. It was a key part of the NSA’s effort to improve the security of its own networks. But the NSA also saw the database as something that could improve security across the federal government — and beyond. Last September, the agency open sourced its Google mimic, releasing the code as the Accumulo project. It's a common open source story — except that the Senate Armed Services Committee wants to put the brakes on the project. In a bill recently introduced on Capitol Hill, the committee questions whether Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives. The bill could ban the Department of Defense from using the NSA's database — and it could force the NSA to meld the project's security tools with other open source projects that mimic Google's BigTable.'"
This discussion has been archived. No new comments can be posted.

NSA Mimics Google, Angers Senate

Comments Filter:
  • by andydread (758754) on Wednesday July 18, 2012 @08:18AM (#40684501)
    This seems like a result of the conservative cry to shrink the size of the federal gubmint. "Gubmint shouldn't be allowed to do internally what they can outsource to some private company" possibly owned by China. THis is sad
    • Nah... (Score:5, Insightful)

      by Kupfernigk (1190345) on Wednesday July 18, 2012 @08:31AM (#40684603)
      It is the result of private corporations lobbying for more privatisation. "Shrink the Government" is the voter-friendly PR spin on it. We have the same in the UK...fortunately the privatised "security" company G4S has just screwed up so massively that the agenda must have been put back a year or so. Personally, I think that any and all national security functions, whether physical or cyber, shouldn't be provided by anybody whose managers I cannot vote out of office.
      • Re:Nah... (Score:5, Insightful)

        by sortius_nod (1080919) on Wednesday July 18, 2012 @08:53AM (#40684775) Homepage

        Personally, I think that any and all national security functions, whether physical or cyber, shouldn't be provided by anybody whose managers I cannot vote out of office.

        This highlights the problem with the "small government" argument. In Australia we've seen private companies run rail, road, telecommunications, electricity & water infrastructure into the ground because of conservative "small government" agendas. All that seems to happen is the companies stick their hands out for "aid" or the like to help them make bigger profits while neglecting what they are responsible for.

        • Re:Nah... (Score:5, Informative)

          by ozmanjusri (601766) <(aussie_bob) (at) (hotmail.com)> on Wednesday July 18, 2012 @09:08AM (#40684933) Journal

          In Australia, we're being gouged by just about every private company that can sink its hooks into our wallets. We should be asking for more regulation, not less.

          Check this out!

          'Mr Levey said in its research Choice [magazine] discovered one Microsoft software development product that was more than $8500 cheaper in the US.

          "It would be cheaper to pay someone's wage and fly them to the US and back twice, getting them to buy the software while they're there,” he said.'

          http://www.theage.com.au/technology/technology-news/downloads-its-cheaper-to-pay-a-wage-fly-to-the-us-and-back-twice-20120718-229in.html [theage.com.au]

          • by khallow (566160)

            In Australia, we're being gouged by just about every private company that can sink its hooks into our wallets. We should be asking for more regulation, not less.

            How does more regulation fix the problem of a nation of fools? I'm curious how that's supposed to work since it doesn't appear to work in my country (the US).

            • by microbox (704317)

              How does more regulation fix the problem of a nation of fools?

              Checks and balances. Doesn't always work. But does that mean we should throw them out. (e.g., have the police and politicians ever colluded? should we therefore get rid of the separation of powers?)

              • by khallow (566160)

                Checks and balances.

                That's not regulation. Sure one can institute checks and balances via regulation. But one can also increase the power of an institution by regulation. I'd say the latter is far more common than the former.

            • Re: (Score:3, Insightful)

              by Runaway1956 (1322357)

              It isn't regulation that destroys us - it's the lack of intelligent regulation.

              After the crash of 1929, a lot of pretty smart people designed a lot of regulations, regarding the banking industry and the stock markets. About the time that George Bush Jr. took office, they got serious about deregulating banking and stocks. Notice that before Boy Bush left office, the market crashed hard - again.

              Over regulation isn't good, nor is the lack of regulation good. There can be tons of worthless laws that appeal t

              • by khallow (566160)

                It isn't regulation that destroys us - it's the lack of intelligent regulation.

                The problem seems to be that "intelligent regulation" is rather scarce.

                After the crash of 1929, a lot of pretty smart people designed a lot of regulations, regarding the banking industry and the stock markets. About the time that George Bush Jr. took office, they got serious about deregulating banking and stocks. Notice that before Boy Bush left office, the market crashed hard - again.

                And the market crashed a number of times in between too. Somethings a bit wrong with your story, namely, the 70 years of history you left out.

                But this does illustrate a problem of existing regulation, namely, the difficulty of undoing it. Sometimes it's like a band aid, that you can rip off easily. And sometimes it's like a Borg implant with connections to every major organ in the body. Just ripping it out can cause a great deal of tu

                • In that 70 year history, there were no crashes that involved billions of dollars of charity for businesses that were "to big to fail". I remember specifically when the Savings and Loans places went belly up. They were allowed to die. And, their failures didn't impact the average American like either the crash of '29, or the crash of 2007-8. In that 70 year time frame, many banks failed, but the average investor was protected.

                  Today - the average investor has no protection, but the boobs who cause the ban

                  • by tnk1 (899206)

                    You're calling the people who understand the financial system and are taking no damage from their faulty investments "boobs". It seems to me that they know exactly what they are doing and are very good at it. What they are not good at is doing what is best for anyone other than themselves.

                    The problem with deregulation is that it always catches people who relied on it flat footed. That doesn't mean that more regulation is necessarily better, but it does mean that you can't just rip it away and expect thin

              • by jbolden (176878)

                Which is why elected officials don't draft regulations. They draft laws. At which point members of a permanent bureaucracy who are experts draft regulations. The problem is that with downsizing of government and the level of pay inequality in America we don't have a permanent bureaucracy anymore. Rather many of these regulators move in and out of corporate positions.

                It is a complex problem, but it has nothing to do with intelligence.

                • by tnk1 (899206)

                  I feel that regulation tends to empower large corporations, not control them. Heavy regulation creates iron triangles between industry, regulatory groups and legislators. Those structures can become all but independent from the needs of individual voters as no matter who wins an election, they still need the support of industry insiders to enforce regulations and even author pertinent legislation.

                  I think a lot of people believe that more regulation would stop the "revolving door" between government and in

                  • by jbolden (176878)

                    I think there is 2 issues which are very distinct:

                    a) Does a standing powerful bureaucracy lead to regulations being written by qualified individuals i.e. intelligent regulation in the grandparent post's words
                    b) Does a standing powerful bureaucracy lead to the best possible outcomes.

                    (a) is easy to answer, yes. (b) is much more complex. I agree with you that a standing powerful bureaucracy forms a triangle and that triangle becomes very hard to move or replace. This used to the norm prior to the 1980s in

              • by KhabaLox (1906148)

                About the time that George Bush Jr. took office, they got serious about deregulating banking and stocks.

                Really? When was Glass-Steagall repealed?

                • by pingbak (33924)

                  Glass-Steagall was repealed at the end of the Clinton administration. It's effects were felt during the Bush-43 administration.

        • by medcalf (68293)
          The problem in this case (Australia's model, I mean) seems to be one of creating monopolies rather than allowing a competitive market to form. The problem with large government is essentially the same (government as a monopoly), but backed by force of law. I don't have a problem with the government having a priority order of reuse - buy - build, but I do have a problem with throwing away what's been built because it wasn't higher on that chain. That's just dumb.
        • Personally, I think that any and all national security functions, whether physical or cyber, shouldn't be provided by anybody whose managers I cannot vote out of office.

          This highlights the problem with the "small government" argument. In Australia we've seen private companies run rail, road, telecommunications, electricity & water infrastructure into the ground because of conservative "small government" agendas. All that seems to happen is the companies stick their hands out for "aid" or the like to help them make bigger profits while neglecting what they are responsible for.

          I find it interesting that this "shrink government and privatize" trope is being expressed around the world. It makes the tinfoil hatter in me think there might be some coordination going on.

        • Sounds like you are describing a situation with "too big to fail" monopolies propped up and supported by the government. That is not "conservative small government" agenda, that is the government bailing out corporations, not enforcing anti-trust laws, and the government creating regulations that prevent barriers to entry while failing to protect the consumer from the monopolies they created/propped up/protected. "small government" doesn't mean the government does nothing. "small government" has very imp
        • by swillden (191260)

          This highlights the problem with the "small government" argument.

          No, it highlights the problem with having a big government which corporations can influence to divert taxpayer dollars into their own pockets.

          Small government proponents don't want to outsource government functions to tax-funded private operations, they want to reduce the size and scope of government functions. In the US, many don't necessarily even want to reduce the overall government role, either, they just want to reduce the role of the federal government, moving many of the current federal functions

      • Re:Nah... (Score:5, Insightful)

        by Ash Vince (602485) * on Wednesday July 18, 2012 @09:11AM (#40684955) Journal

        It is the result of private corporations lobbying for more privatisation. "Shrink the Government" is the voter-friendly PR spin on it. We have the same in the UK...fortunately the privatised "security" company G4S has just screwed up so massively that the agenda must have been put back a year or so. Personally, I think that any and all national security functions, whether physical or cyber, shouldn't be provided by anybody whose managers I cannot vote out of office.

        As a fellow Brit I have been following the G4S Olympic security blunder in the news too. I will be very surprised if it actually makes any difference in the long run to privatisation though.

        We have already let G4S run several prisons as part of a pilot scheme, once the pilot is over in a year or two we will outsource more to them I'm sure. Even before this G4S had a piss poor record when it came to prisoner transport yet they were still given more contracts in a similar vein.

        The simple fact is that government loves privatising stuff as it means they can push costs of large infrastructure projects down the line to the next generation. It also means they can make lots of friends in business and those friends will repay them with a nice cushy non-executive director role later on.

        • Re:Nah... (Score:5, Informative)

          by RaceProUK (1137575) on Wednesday July 18, 2012 @09:30AM (#40685143)

          It is the result of private corporations lobbying for more privatisation. "Shrink the Government" is the voter-friendly PR spin on it. We have the same in the UK...fortunately the privatised "security" company G4S has just screwed up so massively that the agenda must have been put back a year or so. Personally, I think that any and all national security functions, whether physical or cyber, shouldn't be provided by anybody whose managers I cannot vote out of office.

          As a fellow Brit I have been following the G4S Olympic security blunder in the news too. I will be very surprised if it actually makes any difference in the long run to privatisation though.

          We have already let G4S run several prisons as part of a pilot scheme, once the pilot is over in a year or two we will outsource more to them I'm sure. Even before this G4S had a piss poor record when it came to prisoner transport yet they were still given more contracts in a similar vein.

          The simple fact is that government loves privatising stuff as it means they can push costs of large infrastructure projects down the line to the next generation. It also means they can make lots of friends in business and those friends will repay them with a nice cushy non-executive director role later on.

          Not to forget the Tories' attempt to privatise the NHS. Also, the railways were privatised under a Tory government. Look how well that's turned out (for non-UK /.ers: the UK railway network is overpriced, severely limited in capacity, and slowly falling apart).

          • by Ash Vince (602485) *

            Not to forget the Tories' attempt to privatise the NHS. Also, the railways were privatised under a Tory government. Look how well that's turned out (for non-UK /.ers: the UK railway network is overpriced, severely limited in capacity, and slowly falling apart).

            I think you are confused. The only thing the railways do slowly is get you to your destination (on a good day, on a bad day they don't even do this), the falling apart bit is happening quite quickly :)

      • Re:Nah... (Score:5, Insightful)

        by dkleinsc (563838) on Wednesday July 18, 2012 @09:25AM (#40685071) Homepage

        And "privatisation" is also spin, because what they really mean by that is "Transfer a large sum of money from the public treasury to the ownership of one or more politically connected corporations".

        For example, take cruise missiles: Right now, instead of the US DoD hiring a bunch of people to design and build missiles for $X, instead they go to a defense contractor, who in turn hires a bunch of people to design and build missiles for $X and charges the DoD $X+$Y. So in effect, what's different between the DoD just building missiles and hiring a contractor to build missiles is that $Y goes from the public to the owners of the contractor company.

      • I heard about G4S when Have I Got News For You was still fresh, how many decades ago is that?

        In Holland, there was/is a parliamentary inquiry into whether the efforts of privatization in the last decades has produced any positive results or at least any non-negative ones... they are still searching.

        But AT THE SAME TIME, the CDA and VVD, Christian and capitalist filth, were advocating MORE of it, despite being able to name a single success or even a single non-disaster. Their solution to the mess the public

      • by billstewart (78916) on Wednesday July 18, 2012 @12:41PM (#40687535) Journal

        Remember $500 hammers? Back in the 1980s, there was a big push to reduce government purchasing costs, especially for military projects, through the use of "Commercial Off-The-Shelf" technology, so whenever possible you'd buy COTS products instead of specially-made customized government-market products. It didn't always make sense, but in many cases it could save a huge amount of money, and realistically a large fraction of the stuff the government bought had commercial equivalents that already had economies of scale keeping the costs down. Sometimes the hammer costs $500 because it's made of MIL-SPEC Titanium, sometimes it's because you spend $490 setting up your hammer-making machine to run off two Left-Handed Jet Engine Hammers for the Air Force, sometimes it's because you spend $600 in contact-lawyer time writing an addendum to a ten-year-old contract to sell two more off-the-shelf hammers to replace the MIL-SPEC ones that got lost.

        Government procurement has always had a lot of "check the box on the contract" requirements. Sometimes they make sense, like using COTS to save money when there are commercial products available (especially if that means forcing the organization that wants the stuff to be realistic about what they need.) Sometimes they're theoretically required, but in practice the agency can get a waiver (so everything needs IPv6, but they actually use IPv4, and POSIX was required from mid-80s on but everybody got a waiver and used MS-DOS for office equipment.) Sometimes they increase the costs because the purchasing department puts all that stuff in the contract even though the users don't actually need it.

        I did work on some projects where COTS didn't make sense. We were bidding on a communications system that used X.25 (which wasn't yet obsolete :-), but the civilian agency that wanted it had asked the NSA for help specifying a system that would be secure. So yes, it was X.25, but with dozens of special options that no commercial equipment used more than a few of. And the contract specified COTS. How do you reconcile the problem and let the agency check off the "COTS" box on their contract? Make the device, offer it for sale to the market, have a couple of your subcontractors buy boxes from you for "testing" or "evaluation".

        Another part of that project not only wanted special-flavor X.25 off the shelf, and POSIX, but also wanted a B1-secure operating system (but it was communication gear, so it would have to be Red Book B1, which was still way-future research, and we had one of the first Orange Book B1 Unix boxes), and GOSIP (the OSI networking stack, though nobody had a GOSIP stack that worked with that particular flavor of X.25 options.) A later project I worked on wanted B1 Secure, POSIX, Ada, POSIX Real-Time (even though the spec wasn't baked yet, and the B1 Secure Unix system didn't support it, and getting that re-evaluated would cost $250K even if we could figure out how to make it work :-)

    • This seems like a result of the conservative cry to shrink the size of the federal gubmint. "Gubmint shouldn't be allowed to do internally what they can outsource to some private company" possibly owned by China. THis is sad

      Considering that this is the Democrat-controlled Senate we're talking about, instead of the Republican-controlled House, I suspect you're mistaken....

      • by CrimsonAvenger (580665) on Wednesday July 18, 2012 @08:58AM (#40684837)

        This seems like a result of the conservative cry to shrink the size of the federal gubmint. "Gubmint shouldn't be allowed to do internally what they can outsource to some private company" possibly owned by China. THis is sad

        Considering that this is the Democrat-controlled Senate we're talking about, instead of the Republican-controlled House, I suspect you're mistaken....

        *sighs* don't know what I did to my html tags that time....

    • Wasn't the big reason why we didn't stop the 9/11 attackers was a lack of cross departmental sharing of data. Public or Private systems, it seems like they are going back to the old ways of doing things again.

      • by tnk1 (899206)

        We get all upset about it, but honestly, when you start involving a lot of people in these processes, this is actually expected. You have to work very hard to maintain coordination between disparate groups with their own charters, it's not a given. There's some idea that it is "the government" and it should all work together. Maybe if there weren't thousands of employees of intelligence services out there, it would be simpler.

        It seems that we only want the government to collaborate when something happens

    • by trcooper (18794)

      I believe the idea behind the policy is that the government should not offer products that compete with the private sector.

      For instance, you have a subscription website that offers say, high end weather information and analytics. You've spent thousands of hours developing software which takes raw data and improves it. You've built a subscriber base, and provide a service they're happy with, and continue to innovate and improve.

      Then NOAA comes out and says we're going to build a public site which directly

      • by plover (150551) *

        That sounds suspiciously like Santorum's argument in favor of stopping the NOAA from providing weather forecasts to the public, which was clearly pushed strictly to favor of his donor's firm, Accuweather. Since I am paying for a government forecaster to produce forecasts, then I want those forecasts. The NOAA didn't build their site as commercial competition, they built their site to permit public access to government information. Big Difference.

        The real question is: should the NOAA exist? That's a co

    • by readin (838620)
      You misunderstand. If the government is hiring the private company, then the government is still calling the shots and controlling the money, and it is still big government. When conservatives seek smaller government, they mean they want government controlling less of our personal lives, less of our money, and less of our public lives.
  • Huh. (Score:4, Insightful)

    by AltGrendel (175092) <ag-slashdot@exit0.COMMAus minus punct> on Wednesday July 18, 2012 @08:22AM (#40684533) Homepage
    Why should we get something for free when we can pay for it? Wait a minute....
    • by gr8_phk (621180)

      Why should we get something for free when we can pay for it? Wait a minute....

      Because it doesn't meet your needs. Funny, I just read the Joel rant saying "Not Invented Here" is not bad. Now the subsequent Open Sourcing has to be treated as a separate decision (made later) so it's not fair to say they should have modified existing open source. They are also quite capable of putting their slant on existing open source and then releasing it - witness the SE Linux extensions courtesy of the NSA.

  • Sell it to Google (Score:5, Insightful)

    by Maximum Prophet (716608) on Wednesday July 18, 2012 @08:24AM (#40684549)

    Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives

    Just arrange to sell it to Google, make them the maintainers, and buy it back for $1.

  • for bills &c.

    They're created w/ a tool named ACOMP.EXE (which the GPO used to use to make their style manual --- which typeset exactly like a printed copy I have from 1943 --- the new version is done w/ Adobe InDesign CS3 though).

    If the Senate can use a special software tool for so prosaic a function, why can't other parts of the government?

    William

    (who recently had to download the successor to NIH (National Institute of Health) Image to make a reasonably-sized bitmap for placement into an automated pagi

  • by mitcheli (894743) on Wednesday July 18, 2012 @09:01AM (#40684873)
    Several years ago when I was a young service member and working for around $25K a year to develop software for the military, I was told that the military was moving away from GOTS solutions and was mandating that everyone move to COTS software. They replaced my position with contractors that made $75K a year and ultimately with multi hundred million dollar contracts with contracting firms who "integrate" in COTS solutions. Granted having become one of those contractors myself and having over doubled my pay in that time frame, I do have to admit I appreciate that cheaper COTS solution. Though I do often times wonder to myself if the Government centralized their development efforts, tracked industry standards for producing secure code, and further developed some of the charming projects they have worked on (like SELinux) what the world would be like today. Just think, instead of knowing a huge ass hole is in your current revision of router code, you could simply send it off to the developers to repair. No lack of a $100K+ support contract to prevent you from getting a patch...
    • by Dr_Barnowl (709838) on Wednesday July 18, 2012 @09:32AM (#40685159)

      Indeed. Support contracts give the private contractors a disproportionate amount of power.

      I work for the UK National Health Service ; back when I was defining interoperability standards for medical records communication, I was revising the standard for GP (General, or Family Practitioner) health record communications. The messages were declared in terms of a common standard for interoperability. Somewhat naively, I specified that the messages should use the standard means to convey unknown information (the absence, and the reason for it's absence), rather than the "magic numbers" that were being used at the time. I was promptly told that I couldn't actually make things consistent with the standard, because to change those bits of the vendor system would, under the terms of the contract, result in a full system test, which was a chargeable item costing millions of pounds.

      So they had nicely arranged things such that you couldn't promote interoperability (by using a well-defined standard available to all vendors), because you couldn't afford the work they would have to do in order to fix their system to follow the government-dictated standard which they had known they would have to use all along ....

      And we actually help them. I think the system testing clause is in there at the insistence of the government side ; when I was on the other side of the divide working for a private sector supplying an NHS hospital, I was told I couldn't fix bugs in our system because it would necessitate a full system test - even though I point-blank told them that this was NOT necessary because the component concerned was covered by rigorous unit tests. Instead, they rolled back the changes in their system that had broken ours (having been told not to change that aspect of the configuration in the first place).

      Accumulo is an Apache 2.0 licensed extension of other OSS components - so there is no downside from the commercial side, apart from not being able to justify charging for it's cost of development. Which is what I suspect the problem is.

      First rule in government spending: why build one when you can have two at twice the price? S R Hadden - Contact

  • by windcask (1795642)

    I suppose I'll be moderated "troll" if I suggest that the government shouldn't waste time and money rewriting software that already exists and can be licensed in the commercial market. Not that necessarily there's a tool that can support the NSA's massive data-sharing needs, but still.

    • by dissy (172727) on Wednesday July 18, 2012 @09:41AM (#40685257)

      I suppose I'll be moderated "troll" if I suggest that the government shouldn't waste time and money rewriting software that already exists and can be licensed in the commercial market.

      That isn't trolling at all. But I don't see why it shouldn't be handled like any other purchasing decision.

      Commercial Product A cost $X
      Commercial Product B cost $Y
      Paying developers time to create that product will cost $Z

      All else being equal, why _wouldn't_ you choose the option with the lowest cost?

      Of course all else is rarely equal, but still people in companies do this kind of thing daily, weighing the cost vs benefit vs features and then factor in the other issues such as support/maintenance over the lifetime of the product and the computing resources required to use said product.

      If paying developers to create it and maintain it turns out significantly cheaper than the other options, it only makes sense to create it in-house.
      If buying it and paying the support contract, as well as paying for modification/customization of features turns out cheaper than other options, then it makes sense to buy the thing and not worry about it.

      Without knowing dollar amounts involved and the required feature list, it's impossible to know what each option costs in whole.
      We also don't really know all the factors involved. I'm sure cost is a factor in there somewhere, but it could rank anywhere from #1 to #last.

      • Nice theory and it works until the congresscritters get involved.

        The real problem with COTS is the military requirements, usually legit by the way, are just enough different to mean the COTS package doesn't really meet the requirement so you pay some contractor additional dollars to modify the software and now you are locked into the original version or else have to pay for modifications each time a new version is released.

        COTS is great for the desktop environment. Not so much when you get to the mission si

  • Posting anon. (Score:5, Informative)

    by Anonymous Coward on Wednesday July 18, 2012 @09:28AM (#40685113)

    In a bill recently introduced on Capitol Hill, the committee questions whether Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives

    I work at a large defense contractor, so obviously I'm posting anon. My thoughts on this are as follows: indeed there are requirements to use as much COTS and/or FOSS as possible for things that already exist (and so long as the use of any does not/cannot cause no future licensing issues that can be reasonably foreseen.)

    Is in an effort to avoid the "not invented here" syndrome that plagues commercial and government enterprises alike. But the operative idea is that we should use a COTS if it provides the functionality that we need. If there is some type of deviation in the type of functionality that a project needs, it is perfectly reasonable to add new logic around it (or build one from scratch altogether.)

    The NSA requirements for retrieving and storing massive amounts of data, when taken as is, do sound like something that Google already does. However, there are other requirements a Google-like COTS might or might not meet or might not meet efficiently (.ie. "tweaking the COTS will cause substantial operational costs down the road", just as a hypothetical example.)

    There are needs to attach security label classifiers (TS,S,R,C,SBU,U), and compartment/silos to meet "need-to-know" requirements. There can be security-related non-functional requirements that say the mechanisms for storing/retrieving information above a certain security label be also be labeled with a classifier as strict as the data being handled. Part of the software system might be required to exist within Type 1 cryptography products, with physical shielding and all. It might be required to provide interfaces and protocols aware of sneakernet and airwalls.

    Things like that do not get solved by deployment schemes and configuration alone. So "mimicking google" might not be descriptive to what's really going on here.

    Furthermore, it looks incredibly stupid for Congress to be telling the NSA to shelve their own FOSS and to look for a COTS alternative. Sometimes, for some types of operations, you simply do not want a COTS. Fine for building government owned systems that handles, say, tax or immigration/nationalization records. Not so fine for TS-level material.

    The NSA has been guilty of some major pork-barrel mishaps, and needs fiscal supervision. Hell, the whole defense sector is plagued by inefficiencies. However, this particular action by Congress, it's not a solution.

  • Who benefits? (Score:4, Informative)

    by time961 (618278) on Wednesday July 18, 2012 @09:52AM (#40685399)
    Clearly, someone must have paid for this charming little legislative tidbit. But who?

    I mean, I could understand if Lockheed-Martin had a proprietary solution that they were offering (with just a few change orders needed to satisfy NSA's requirements, of course), but the beneficiaries here seem to be the Cassandra and HBase projects, neither of which seem likely to have much of a lobbying budget. Was it their forebears at Facebook? Could they possibly care enough?

    And blaming it on "conservatives-want-smaller-government" seems pretty silly, too. Sure, turfing Accumulo might conceivably further that goal in some tiny, tiny way, but it's not like some senator was likely to have figured this out by himself. No, clearly someone put them on to it, but who and why?

    It's an intriguing mystery. Any ideas?

    • It's an intriguing mystery. Any ideas?

      The benefits don't have to be immediate. "You will not be participating in open source projects" is a message many MIC folks would love to send to agencies.

  • ... if my campaign donors make a profit on it."

    Just yesterday I was reminded of this old chestnut:

    "There is no distinctly American criminal class except Congress." -- Mark Twain

  • by X.25 (255792) on Wednesday July 18, 2012 @11:04AM (#40686185)

    ...the committee questions whether Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives.

    Is this a joke?

    • by PPH (736903)

      No. Its actual policy. There is usually some sort of make vs buy decision for each app. But departments are strongly encouraged to use existing off-the-shelf apps instead of rolling their own.

      Of course, I'd like to see the actual policy promote FOSS options as well as "commercial alternatives".

  • by Heretic2 (117767) on Wednesday July 18, 2012 @11:32AM (#40686557)

    I thought Doug Cutting, creator of Hadoop, did a lot of the work on Accumulo too. And they open-sourced it for more people to use, how can that possibly be bad? This seems backwards, it seems the NSA is doing something good here in making up some nice software and releasing it to the world. I think the real question is what sort of vested interest these senators have in the businesses that would "sell similar technology" to the gov't.

    Vertically integrating your own software stack isn't necessarily a bad idea. At some scale, if you have enough internal resources, supporting your own code stack becomes more effective than dealing with a large number of third party contractors that are often competing with each-other and not 100% mission focused (think profit motivation). While it makes sense to use a COTS (commercial-of-the-shelf) application for certain problems, the problem of National Security I don't think should be corporatized. I think they should be using the best tools, whether internal or externally developed.

  • by PPH (736903)

    The STOCK Act [wikipedia.org] needs to be amended to plug the loophole allowing legislators to own stock in industries that they can affect with their political power.

  • A specific Air Force agency paid my company to develop a SharePoint application to manage the staffing of Electronic Documents. The agency owns the product (aka code) when we are done. NO annual license fee and can share with whomever they want.

    Another AF agency has the exact same requirement, even follows the same regulations, can they use the application. No the license something called TMT, pay to have it customized and have to pay annual licensing in the tens of millions to continue to use the produce.

COBOL is for morons. -- E.W. Dijkstra

Working...