1475
you are viewing a single comment's thread
view the rest of the comments
[-] bitofarambler@crazypeople.online 456 points 2 months ago* (last edited 2 months ago)

really good article with a couple surprises in there.

"some people speculated that, because of the political pressure against it, its release must have been an act of resistance by someone within the IRS. But the open sourcing of the program was always part of the plan, and was required by a law called the SHARE IT Act. It happened “fully above board, which is honestly more of a feat!,” Given told 404 Media. “This has been in the works since last year.”

Vinton told 404 Media in a phone call that the open sourcing of Direct File “is just good government.”

“All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”"

[-] outhouseperilous@lemmy.dbzer0.com 140 points 2 months ago* (last edited 2 months ago)

Dunno, sounds like some fucking commie shit to be. And not the kind i can someyimes get on board with when it comes time to do secret police shebanigans, but the bad scary kind where they dont even have a use for police.

Wouldn't it be better to just give the code for free to a good corporate citizen who can be entrusted with its stewardship?

Edit: yes of course we rent it back!

[-] bitofarambler@crazypeople.online 79 points 2 months ago* (last edited 2 months ago)

only if the corporate citizen promises really hard we can trust them. like a super promise.

[-] outhouseperilous@lemmy.dbzer0.com 18 points 2 months ago

Also we have to pay them whenever we want to use the code. Yes.

[-] bitofarambler@crazypeople.online 16 points 2 months ago

you bought it, why shouldn't you also rent it?

[-] outhouseperilous@lemmy.dbzer0.com 11 points 2 months ago

Exactly! Twice the value for my tax dollar!

Not that I've ever paid taxes, but, you know, if my accounting department all suddenly died in mid march some year, and i wasnt operated out of a PO box in a tax shelter, i bet i mightve had to.

[-] oo1@lemmings.world 3 points 2 months ago

All of the sweet, sweet gross domestic product statistics. Mmm I love GDPness.

[-] outhouseperilous@lemmy.dbzer0.com 3 points 2 months ago

All that gdpness hot and throbbing in my mouth as i wrap my accounting department around it, and extract everything i can. I'll be methodical, ruthless, and messy, as i extract every last bit.

[-] outhouseperilous@lemmy.dbzer0.com 2 points 2 months ago

Maybe we can do a three way where i let our hot cia affiliated friend tickle your labor while i do?

You know, for your birthday?

We need better than that. We need a pinky promise.

[-] sugar_in_your_tea@sh.itjust.works 3 points 2 months ago

That's impractical, because for a pinky promise, you need to actually lock pinkies. We need a surrogate, like maybe the Commander in Chief?

load more comments (2 replies)
[-] czl@lemmy.dbzer0.com 45 points 2 months ago

Bro why are people downvoting this when it is so clearly a joke

[-] fiddledeedee@sopuli.xyz 40 points 2 months ago

because its the internet in 2025 and we simply cannot tell anymore

[-] outhouseperilous@lemmy.dbzer0.com 19 points 2 months ago

I can think of two reasons and both of them are hilarious.

load more comments (2 replies)
[-] Gladaed@feddit.org 15 points 2 months ago

/s dude, this is the Internet and you are not a person with a widely known stance.

[-] outhouseperilous@lemmy.dbzer0.com 21 points 2 months ago

The candle that burns half as bright burns twice as long, and you, my child, will burn so very long.

[-] Gladaed@feddit.org 13 points 2 months ago

Sick "burn", but still a bit uncalled for, don't you think?

[-] outhouseperilous@lemmy.dbzer0.com 6 points 2 months ago

Perhaps i should have said hot, but seriously; more fun to not.

load more comments (2 replies)
[-] sugar_in_your_tea@sh.itjust.works 2 points 2 months ago

A funny joke is always called for.

load more comments (6 replies)
[-] officermike@lemmy.world 20 points 2 months ago

“All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”"

Nice sentiment, but bad take. Open-sourcing the software that runs our military equipment would be a fantastic gift to the bad actors of the world.

[-] hildegarde 171 points 2 months ago

security through obscurity is not security

[-] bitwyze@lemmy.world 41 points 2 months ago

Security can mean security against hackers, but it can also mean security against revealing classified information. Classified information about weapons systems (e.g. performance characteristics) is inherently embedded into the code running on those systems, and therefore shouldn't be open sourced.

Source: used to write classified code

[-] Pika@sh.itjust.works 43 points 2 months ago

then the code maintainers are doing it wrong.

Any information that shouldn't be public knowledge such as specs, account credentials, access tokens etc should be in a configurable/dynamic format such as an ENV variable or a config file, that way confidential info isn't part of the working tree.

This should not be an issue in a properly maintained codebase.

[-] BassTurd@lemmy.world 20 points 2 months ago

I think when it comes to the code that controls the navigation, control, detonation, etc, or our munitions, that perhaps that should not be publicly reviewable. Not because of hacking concerns, but it does give info to a potential enemy that could render them less effective.

[-] ricecake@sh.itjust.works 17 points 2 months ago

Eh, there's an intrinsic amount of information about the system that can't be moved into a configuration file, if the platform even supports them.

If your code is tuned to make movement calculations with a deadline of less than 50 microseconds and you have code systems for managing magnetic thrust vectoring and the timing of a rotating detonation engine, you don't need to see the specific technical details to work out ballpark speed and movement characteristics.
Code is often intrinsically illustrative of the hardware it interacts with.

Sometimes the fact that you're doing something is enough information for someone to act on.

It's why artefacts produced from classified processes are assumed to be classified until they can be cleared and declassified.
You can move the overt details into a config and redact the parts of the code that use that secret information, but that still reveals that there is secret code because the other parts of the system need to interact with it, or it's just obvious by omission.
If payload control is considered open, 9/10 missiles have open guidance control, and then one has something blacked out and no references to a guidance system, you can fairly easily deduce that that missile has a guidance system that's interesting with capabilities likely greater that what you know about.

Eschewing security through obscurity means you shouldn't rely on your enemies ignorance, and you should work under the assumption of hostile knowledge. It doesn't mean you need to seek to eliminate obscurity altogether.

[-] turmacar@lemmy.world 5 points 2 months ago* (last edited 2 months ago)

A lot of functionality can be decoupled from anything that needs to be classified. A HUD is a HUD and no one should be hard coding in performance characteristics of the F-35 into it. I've also worked on government projects and holy crap does the code quality vary wildly, even before you get into "it's still working so deal with the problems, it doesn't have the budget for updates".

Using 'off the shelf' parts/code can save significant time and money. There's a reason subs use xbox controllers. Government websites and data interfaces at the very least should have the audit-ability that open source provides.

[-] Lv_InSaNe_vL@lemmy.world 6 points 2 months ago* (last edited 2 months ago)

A HUD is a HUD

sure but the HUD from the F-35 is very specifically designed to work in an F-35. It's very similar, and comes from the same family, as the software running on other planes. But it's not identical.

And yes, performance limits would be hard coded into the software because the HUD needs to alert the pilot when they are getting close.

Edit: and that's ignoring the fact that a lot of this stuff comes from private companies so you'll run into things like IP/patent laws

[-] froh42@lemmy.world 5 points 2 months ago

For the F35 unfortunately a lot of its capabilities seems to be cloud based. (At least for maintenence, I don't know of on the air).

That's why I'm angry my stupid government still has wants to buy the stupid things instead of sitting this generation out and going to an own 6gen aircraft.

[-] Lv_InSaNe_vL@lemmy.world 4 points 2 months ago

Aren't all planes cloud based though?

load more comments (1 replies)
[-] turmacar@lemmy.world 3 points 2 months ago

That's what config files are for. It would be a nightmare to hardcode weight and balance and have to recompile the HUD every time you change the loadout or refuel the plane.

Most code, algorithms, etc are not any more sensitive than the concept of desks and file cabinets. No, guidance programs for missiles probably shouldn't be put on GitHub, but there's a reason RSA and other encryption algorithms were open sourced. It's better to have more eyes looking for inefficiencies, weaknesses, and vulnerabilities than to just assume it's good because no-one on the team responsible is smart/engaged enough to find them.

load more comments (1 replies)
load more comments (1 replies)
[-] ayyy@sh.itjust.works 4 points 2 months ago

It seems to be working out fine in Ukraine…

load more comments (1 replies)
[-] CosmicTurtle0@lemmy.dbzer0.com 74 points 2 months ago

Our entire Internet, the backbone of all encryption, all runs on open source software.

It is more secure because people can see and audit the code.

Let me flip what you wrote:

Our military equipment already is vulnerable. We just don't know how badly because it's not open source.

Prove it's secure by releasing the code.

[-] OsrsNeedsF2P@lemmy.ml 15 points 2 months ago

Our military equipment already is vulnerable. We just don't know how badly because it's not open source.

I'm gonna be honest, I'm sure China has many copies of the source code already

[-] TimLovesTech@badatbeing.social 31 points 2 months ago

The GitHub page has a section for this:

Exempted Code

Not all source code, documentation and metadata used in the development of Direct File is included in this repository. Specifically, any code or data that is considered Personally Identifiable Information (PII), Federal Tax Information (FTI), Sensitive But Unclassified (SBU), or source code developed for National Security Systems (NSS), as defined in 40 U.S.C. § 11103, is exempt. Due to these restrictions, certain pieces of functionality have been removed or rewritten.

[-] michaelnik@lemmy.world 3 points 2 months ago

But does it build?!

[-] OsrsNeedsF2P@lemmy.ml 14 points 2 months ago

Maybe it's the military that's incompatible with our values, not open source

[-] snek_boi@lemmy.ml 8 points 2 months ago* (last edited 2 months ago)

The problem you’re describing (open sourcing critical software) could both increase the capabilities of adversaries and also make it easier for adversaries to search for exploits. Open sourcing defeats security by obscurity.

Leaving security by obscurity aside could be seen as a loss, but it’s important to note what is gained in the process. Most security researchers today advocate against relying on security by obscurity, and instead focus on security by design and open security. Why?

Security by obscurity in the digital world is very easily defeated. It’s easy to copy and paste supposedly secure codes. It’s easy to smuggle supposedly secret code. “Today’s NSA secrets become tomorrow’s PhD theses and the next day’s hacker tools.”

What's the alternative for the military? If you rely on security by design and open security for military equipment, it’s possible that adversaries will get a hold of the software, but they will get a hold of software that is more secure. A way to look at it is that all the doors are locked. On the other hand, insecure software leaves supposedly secret doors open. Those doors can be easily bashed by adversaries. So much for trying to get the upper hand.

The choice between (1) security by obscurity and (2) security by design and open security is ultimately the choice between (1) insecurity for all and (2) security for all. Security for all would be my choice, every time. I want my transit infrastructure to be safe. I want my phone to be safe. I want my election-related software to be safe. I want safe and reliable software. If someone is waging a war, they’re going to have to use methods that can actually create a technical asymmetry of power, and insecure software is not the way to gain the upper hand.

[-] jawa22 4 points 2 months ago

I am fairly confident that theNSA is aware of this kind of concern and they have an pretty cool repo.

load more comments (1 replies)
[-] SynonymousStoat@lemmy.world 4 points 2 months ago

I'm sure there are exceptions for classified systems. Personally, I do believe all things developed by tax payer money should be released to the public including classified systems, given enough time has passed that the release of such information wouldn't put anything or anyone at risk.

[-] Lv_InSaNe_vL@lemmy.world 2 points 2 months ago

For the most part they are. You can find enormous troves of classified documents that have been made public, and a huge amount of once top secret technology and engineering eventually makes its way into the public space.

Yeah, they get open sourced by publishing them over the usual channels during disputes on the War Thunder discord server.

load more comments (1 replies)
[-] brucethemoose@lemmy.world 3 points 2 months ago

Depends on the application.

In some cases, it would be fantastic. But it’s clearly not a one size fits all, yeah.

[-] sugar_in_your_tea@sh.itjust.works 3 points 2 months ago

So open sourcing Tor, which protects our foreign operatives, was a bad idea? Implementing secure sockets for the web (TLS) was a bad idea? Publishing security vulnerabilities publicly (CVE system) was a bad idea?

All of those help our adversaries, but our adversaries also have an incentive to improve the code so everyone benefits.

Sure, there are probably some things that shouldn't be released (i.e. something w/ a legitimate national security concern), but by and large, most things should. Tax software absolutely should, because there's zero reason for the software you use to file your taxes (which is a legal requirement) to not be publicly auditable, because you're on the hook for any mistakes it makes.

[-] outhouseperilous@lemmy.dbzer0.com 2 points 2 months ago* (last edited 2 months ago)

Good thing no bad actors have root access!Agreed; open source software is so notoriously insecure.

load more comments (6 replies)
load more comments (1 replies)
this post was submitted on 04 Jun 2025
1475 points (100.0% liked)

Technology

73698 readers
3271 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS