For what it's worth, there is a lot of movement in the Federal government to open source code that is written for the government. The GSA, which is the kind of meta agency that helps other federal agencies do stuff talks a lot about this. They also have a site called https://code.gov/ that lists open source projects created for the Federal government. A lot of their own repositories are completely open source and they do development in the open.
I work on a contract for the CDC and we open sourced an older version of the software we display data on maps in: https://github.com/CDCgov/CDC-Maps
I'm working on switching our development to open so we use the same codebase that is available to everybody and adding other visualizations. It's slow going but there is movement there. I do agree it would be beneficial to fund open source projects, likely by including some requirement in contracts.
I think them funding projects directly with cash could cause a lot of problems though. The increase regulations that would need to be added would probably not be worth it for open source projects. People who get funding would likely need to submit a lot of documentation, there'd also probably be weird rules about non U.S. citizens etc... and laws would need to be passed.
Brookings seems to be advocating funding open source IT projects that already exist, for example a big ($10m+) check to the Apache Foundation. Apache already has the compliance competency.
It may be more efficient to use existing grant writing for universities. The Apache Foundation can redistribute the money it can’t hire programmers competently the way a university research department can. However it would be bigger impact to write smaller checks for many tools.
The real problem is that single purpose / single feature IT software tends to be the best at what it does but is the hardest to fund this way.
The compromise will probably be funding people to write and evangelize standards. This is too bad, because people who apply for grants aren’t Google, they aren’t standardizing an existing, widely deployed real piece of successful engineering without any economics brakes. They’re people writing things like SOC 2 or ISO 27000xxx that arguably do not provide any meaningful value at all - standards that could vanish overnight and absolutely nothing about a single person’s daily life would change at all.
18F or whatever publishes a lot of stuff like this. Markdown policy documents. I think it’s profoundly wasteful, it is taking talented people’s intellectual energy and diverting it to something that not only hardly anyone will use, but perpetuates the worst aspects of government - the belief that text and bureaucracy and the way lawyers do things is intrinsically valuable, as opposed to something normal people routinely completely and utterly ignore.
I'm not sure who I would trust, but I don't generally trust university research departments to produce high quality, reusable software. Not that industry projects produce consistent quality software either, but fewer of those projects are open sourced.
> 18F or whatever publishes a lot of stuff like this. Markdown policy documents. I think it’s profoundly wasteful
I think you’re under-estimating the value of publishing a good policy from a respectable source within the Federal government.
Many of the government’s technology problems are actually self-inflicted policy problems. Publishing a good policy gives internal reformers a place to start. When the lawyers and security people start telling you no, it’s much more effective to say “actually this language comes directly from GSA, who approved it for X, which has the same compliance requirement you’re concerned about” than to simply protest that it’s industry best practice.
I do agree that this lawyers-first way of doing things kinda sucks. It’s certainly not the way to maximize tech success. But it’s the system/culture we’ve got. I’d love to hear ideas for changing it, especially if you can figure out a way to accomplish the privacy, security, integrity, and fairness objectives that the current system prioritizes.
A government agency struggling to serve the public good because it’s hobbled by obsolete tech is better than an agency enabled by cutting edge tech unshackled from the public interest and democratic legitimacy.
For what it's worth a large amount of the DOE work (where they have the super computers) is open source. You got ORNL (with Summit and soon Frontier)[0], ANL[1] (soon to have Aurora), and LLNL[2]. I think what needs to happen is that things could be better organized, for example ORNL has [3] which still open sourced but not grouped under the ORNL GH. Also if we got to code.gov and search "ORNL" and "C++" we only see DCA++ which isn't on the GH but here[4].
I think as long as code isn't sensitive to national security (LLNL...) it should be open source. But I think the big problem is that organization and discovery is very difficult. code.gov is an attempt to solve this, but it doesn't do it well.
And I'll add Idaho National Lab [5] to that list - particularly the MOOSE multiphysics finite element code [6] is a largish project with significant momentum/funding:
The funny part about a lot of the national security code at LLNL is that I bet there is approximately no one else on the planet with the computing resources to actually run it (HPC simulations of weapon effects) Except the few countries that possibility could are exactly the ones we wouldn't want to get their hands on it... funny how that works out.
Just remember, what was the actual reason ENIAC was created? It wasn't just for fun:
>its first program was a study of the feasibility of the thermonuclear weapon.
I work on a contract for the VA, which includes open-source repos [1] for VA.gov's frontend + backend systems. We work closely with USDS [2], who has been a huge ally in advocating for doing our work in the open, including our project management. It seems like GSA does a lot of similar advocacy work, though I haven't interfaced with them directly.
One interesting thing we've run across is that Public Domain source code is not considered "Open Source" in terms of OSI licensing [3]. This isn't usually relevant, but has blocked use cases like software services offering free use for OSI-licensed projects.
(To other readers: If you're interested in chatting about working on modern, open-source projects in the federal space, drop me a note! Email in profile).
The reasons look to more nuanced than that article (especially for government work) but the crux AFAIK is that public source is not a license, so there is no license that the OSI can approve. From https://opensource.org/faq#public-domain
: There are certain circumstances, such as with U.S. government works as described above, where it is not easy to apply a license, and the software must be released into the public domain. In these cases, while it would be inaccurate to display the OSI logo or say that the license is OSI-approved (since there is no license), nevertheless we think it is accurate to say that such software is effectively open source, or open source for most practical purposes, even though it is not officially released under an open source license. (This is assuming, of course, that in the laws of releasing jurisdiction the meaning of "public domain" is compatible with the Open Source Definition.) After all, the freedoms guaranteed by open source licenses are still present, and it is possible for the familiar dynamics of open source collaboration to arise around the software.”
The next FAQ heading explains that the CC0 license was not OSI approved due to its patent clause.
Public source does have its issues with some jurisdictions, but surely jurisdiction problems are no worse than the specific problems each other license has.
Hey, I just sent you a connection request on LinkedIn. Definitely interested in learning more about your open working experiences. I'm really surprised that they're also including project management with that.
> I think them funding projects directly with cash could cause a lot of problems though. The increase regulations that would need to be added would probably not be worth it for open source projects. People who get funding would likely need to submit a lot of documentation, there'd also probably be weird rules about non U.S. citizens etc... and laws would need to be passed.
I think 18F's modular contracting methodology is highly effective for this sort endeavor, if you can take the opinion that they're the sponsor and benevolent dictator driving that part of the codebase (and the code developed is open sourced upon confirmation acceptance criteria has been met).
Thank you for switching to an open development model. A rising tide lifts all boats.
Nice link, I've followed 18F a little and I'm interested in everything they're doing.
I think whipping contractors into shape is the easiest path to increasing government participation in open source. It's easier than coming up with new regulations specifically around open source funding.
Billions of dollars are spent each year by the federal government on custom software development anyways. And on the whole, they end up spending about what big tech companies do for engineers (but not getting the same level of quality) Forcing the contractors to be more open will probably keep them more honest and make them write less shitty code.
I found a small bug in a GSA site (plainlanguage.gov) and was able to PR a fix that was merged almost immediately. It's a shame that we can't do the same with all of the bugs in other government websites.
The work we do for the VA is open source! I am a contractor working alongside the US Digital Service - there are a TON of projects out in the wild and lots of movement in the "Government should build open source software" direction.
It's definitely becoming more common. Many agencies have organizations up on GitHub where development of various products are done out in the open (for example, https://github.com/cmsgov).
I think one piece in federal scope would be school courseware. How many poor schools fork out for something to do forums, grades, homework submission, lesson notes. There's a ton of duplication and there's no point. Get one decent cloud implementation, host it, and scale for several million users. Then give all schools and students free access.
Moodle is GPL. The expensive part is training, not the license fees. Lots of teachers really need extreme amounts of hand-holding, even younger ones who have been using websites for their entire lives. (And you can replace "teacher" there with any other profession, including "programmer".)
I remember talking to the whoever was developing moodle at the time about 10 years ago and he didn't like the "MVC" pattern because it had too many files.
It took forever to implement at our organisation (it was a non-profit) and was generally a waste of time.
I'm not saying that yours is a bad idea, but the lobby for companies who make the existing software in that space would likely disagree with that position.
In the 00's I was part of an effort to merely get the State government to consider OSS.
The lobby was powerful and effective.
Despite broad bipartisan support (we did a great job educating legislators on open software and open data and how that resonates with the work of the public) our house speaker blocked it solid.
Had there been a vote, it would have passed.
Tons of people lobbied that speaker for literally months. Fax, phone calls, visits to her office, the works.
4 guys in expensive, black suits, and some number of zeroes to the right of a donation got it done.
For what it's worth, the same group was successful in part of removing that speaker from office.
The damage had been done. It was hard to even bring the matter up in committee going forward.
> While some FOSS contributors are paid by their employer to contribute, most contributions to FOSS are made without direct compensation. Therefore, another option is to provide tax credits to the people who volunteer their free time to help create and maintain FOSS. A bill for such a credit has been introduced in the New York State Assembly every legislative session since 2009 but has never made it out of committee. If passed, this bill would provide a $200 tax credit for expenses related to FOSS development, which would help incentivize more individuals to contribute, likely leading to spillover benefits for the state of New York similar to those from the French procurement regulation.
It's like Hacktoberfest, but instead of a free t-shirt it's $200.00 off your tax bill. What could possibly go wrong?
Hacktoberfest learned the lesson, just have the project agree to participate. (Or say that you only get the credit if the development was for a foundation, like Apache or Mozilla)
One problem with this approach is that you need to know about the existence of the software in order to craft a FOIA request such that you can see the code, this can mean sending multiple FOIA requests. Combine that with the delay in fulfilling a request, on the order of months, or sometimes longer, and you could be looking at a year or more before you get the source code you were looking for.
You can absolutely make a request. If you are interested in the software, go ahead. However, the Freedom of Information Act only applies to records, and software is not always considered a record.
So Freedom of Information Act request will work if they're already predisposed to release the software, it's no guarantee.
My understanding is that that only applies to software written by government employees. Put more rhetorically: if the government pays for Windows (which it does), does that mean you can access the Windows source code via FOIA request?
It's paid for by the people of United States, but if made Open Source in the conventional sense it's going to belong to people of all the countries?
People of all the countries are not a problem, but governments that are in political opposition to the US can be. I could imagine them using the source code to target technological and social structures of the country. They could do it now as well, but with much more effort than cloning stuff from GitHub.
I would suggest that the government does not directly fund existing OSS development, unless it's using said OSS and wants to buy development of a particular feature
I would suggest that the government reimbursed 80% of small contributions, e.g. below $300 a year per project, and matched larger contributions, e.g. up to $3000 a year per project.
As always, when an influx of free money is involved, cunning criminals would try to siphon it out without producing useful software. This is why I would limit such contributions to small amount per individual contributor.
It makes really easy for a large enough group of fans fund a popular project for free, and double their larger contributions, without the government choosing the projects. It also would still require spending money, or just effort, to donate, so donating just for kicks is limited.
Also worth considering is open source software grants for academics. This would increase the number of people in academia who are major contributors to open source projects. Added benefit would be that, as practicing software engineers, those people would be good at teaching software engineering to their students.
The government should make open-source software, paying developers handsomely to do so.
I know I live in cloud-cuckoo fantasy land here, but I know plenty of developers that would love to work on projects for the civic good, but they don't because they also want to earn good money so that they can live comfortably, raise a family easily, etc. etc. So they go and work for Facebook and Google, etc.
There's an inbuilt assumption that government can't or shouldn't ever compete with tech giants for salary. But look at the incredible sums of money wasted on contracts with borderline useless consulting shops. You can't tell me that money wouldn't be better spent on hiring smart developers and project managers and just getting stuff done.
I know it'll never happen, but a developer can dream. There's no actual reason why it couldn't.
That's the ideal situation, but anybody that has worked in the public sector can tell you the outcome. You'd have an office full of incompetent people that are making $150k/yr just because they're a friend or relative of someone. That's a really big problem in government and there's no simple solution here. Even if you started doing background checks and not allowing partners/relatives of current employees to be hired, they would just get picked up as favors by other districts. A sort of friend hiring exchange program if you will.
It’s not like that doesn’t happen in the private sector as well, though. Literally can’t count the number of top execs you see parachuted into top jobs because they’re friends with the CEO.
There are USDS and 18F, that were initially populated with ex-Googbooksoftlix engineers. Of course, everyone with a brain left USDS after Trump was elected.
How does the licensing work? According to the GPL FAQ[1] code written by government employees is public domain and can't be licensed with the GPL. I'd imagine similar restrictions would apply to other copyleft licenses.
Most code written for government use is not written by government employees, but by contractors. Here's the second paragraph from the section you linked:
"However, when a US federal government agency uses contractors to develop software, that is a different situation. The contract can require the contractor to release it under the GNU GPL. (GNU Ada was developed in this way.) Or the contract can assign the copyright to the government agency, which can then release the software under the GNU GPL."
Readit News
I work on a contract for the CDC and we open sourced an older version of the software we display data on maps in: https://github.com/CDCgov/CDC-Maps
I'm working on switching our development to open so we use the same codebase that is available to everybody and adding other visualizations. It's slow going but there is movement there. I do agree it would be beneficial to fund open source projects, likely by including some requirement in contracts.
I think them funding projects directly with cash could cause a lot of problems though. The increase regulations that would need to be added would probably not be worth it for open source projects. People who get funding would likely need to submit a lot of documentation, there'd also probably be weird rules about non U.S. citizens etc... and laws would need to be passed.
It may be more efficient to use existing grant writing for universities. The Apache Foundation can redistribute the money it can’t hire programmers competently the way a university research department can. However it would be bigger impact to write smaller checks for many tools.
The real problem is that single purpose / single feature IT software tends to be the best at what it does but is the hardest to fund this way.
The compromise will probably be funding people to write and evangelize standards. This is too bad, because people who apply for grants aren’t Google, they aren’t standardizing an existing, widely deployed real piece of successful engineering without any economics brakes. They’re people writing things like SOC 2 or ISO 27000xxx that arguably do not provide any meaningful value at all - standards that could vanish overnight and absolutely nothing about a single person’s daily life would change at all.
18F or whatever publishes a lot of stuff like this. Markdown policy documents. I think it’s profoundly wasteful, it is taking talented people’s intellectual energy and diverting it to something that not only hardly anyone will use, but perpetuates the worst aspects of government - the belief that text and bureaucracy and the way lawyers do things is intrinsically valuable, as opposed to something normal people routinely completely and utterly ignore.
It has been solving the problem you mention very well.
I think you’re under-estimating the value of publishing a good policy from a respectable source within the Federal government.
Many of the government’s technology problems are actually self-inflicted policy problems. Publishing a good policy gives internal reformers a place to start. When the lawyers and security people start telling you no, it’s much more effective to say “actually this language comes directly from GSA, who approved it for X, which has the same compliance requirement you’re concerned about” than to simply protest that it’s industry best practice.
I do agree that this lawyers-first way of doing things kinda sucks. It’s certainly not the way to maximize tech success. But it’s the system/culture we’ve got. I’d love to hear ideas for changing it, especially if you can figure out a way to accomplish the privacy, security, integrity, and fairness objectives that the current system prioritizes.
A government agency struggling to serve the public good because it’s hobbled by obsolete tech is better than an agency enabled by cutting edge tech unshackled from the public interest and democratic legitimacy.
I think as long as code isn't sensitive to national security (LLNL...) it should be open source. But I think the big problem is that organization and discovery is very difficult. code.gov is an attempt to solve this, but it doesn't do it well.
[0] https://github.com/ORNL
[1] https://github.com/argonne-national-laboratory
[2] https://github.com/LLNL
[3] https://github.com/ornladios/ADIOS2
[4] https://github.com/CompFUSE/DCA
[5] https://github.com/idaholab/
[6] https://github.com/idaholab/moose
Just remember, what was the actual reason ENIAC was created? It wasn't just for fun:
>its first program was a study of the feasibility of the thermonuclear weapon.
https://en.wikipedia.org/wiki/ENIAC
One interesting thing we've run across is that Public Domain source code is not considered "Open Source" in terms of OSI licensing [3]. This isn't usually relevant, but has blocked use cases like software services offering free use for OSI-licensed projects.
(To other readers: If you're interested in chatting about working on modern, open-source projects in the federal space, drop me a note! Email in profile).
[1] https://department-of-veterans-affairs.github.io/va.gov-team..., repository links at the bottom
[2] https://www.usds.gov/
[3] https://opensource.org/node/878
The reasons look to more nuanced than that article (especially for government work) but the crux AFAIK is that public source is not a license, so there is no license that the OSI can approve. From https://opensource.org/faq#public-domain : There are certain circumstances, such as with U.S. government works as described above, where it is not easy to apply a license, and the software must be released into the public domain. In these cases, while it would be inaccurate to display the OSI logo or say that the license is OSI-approved (since there is no license), nevertheless we think it is accurate to say that such software is effectively open source, or open source for most practical purposes, even though it is not officially released under an open source license. (This is assuming, of course, that in the laws of releasing jurisdiction the meaning of "public domain" is compatible with the Open Source Definition.) After all, the freedoms guaranteed by open source licenses are still present, and it is possible for the familiar dynamics of open source collaboration to arise around the software.”
The next FAQ heading explains that the CC0 license was not OSI approved due to its patent clause.
Public source does have its issues with some jurisdictions, but surely jurisdiction problems are no worse than the specific problems each other license has.
I think 18F's modular contracting methodology is highly effective for this sort endeavor, if you can take the opinion that they're the sponsor and benevolent dictator driving that part of the codebase (and the code developed is open sourced upon confirmation acceptance criteria has been met).
Thank you for switching to an open development model. A rising tide lifts all boats.
https://18f.gsa.gov/2019/04/09/why-we-love-modular-contracti...
I think whipping contractors into shape is the easiest path to increasing government participation in open source. It's easier than coming up with new regulations specifically around open source funding.
Billions of dollars are spent each year by the federal government on custom software development anyways. And on the whole, they end up spending about what big tech companies do for engineers (but not getting the same level of quality) Forcing the contractors to be more open will probably keep them more honest and make them write less shitty code.
I found a small bug in a GSA site (plainlanguage.gov) and was able to PR a fix that was merged almost immediately. It's a shame that we can't do the same with all of the bugs in other government websites.
Deleted Comment
https://github.com/department-of-veterans-affairs
Join us at https://oddball.io/jobs
It's no-brainer infrastructure, like highways.
It took forever to implement at our organisation (it was a non-profit) and was generally a waste of time.
In the 00's I was part of an effort to merely get the State government to consider OSS.
The lobby was powerful and effective.
Despite broad bipartisan support (we did a great job educating legislators on open software and open data and how that resonates with the work of the public) our house speaker blocked it solid.
Had there been a vote, it would have passed.
Tons of people lobbied that speaker for literally months. Fax, phone calls, visits to her office, the works.
4 guys in expensive, black suits, and some number of zeroes to the right of a donation got it done.
For what it's worth, the same group was successful in part of removing that speaker from office.
The damage had been done. It was hard to even bring the matter up in committee going forward.
It's like Hacktoberfest, but instead of a free t-shirt it's $200.00 off your tax bill. What could possibly go wrong?
Open-source meets this requirement, proprietary software doesn't.
So Freedom of Information Act request will work if they're already predisposed to release the software, it's no guarantee.
People of all the countries are not a problem, but governments that are in political opposition to the US can be. I could imagine them using the source code to target technological and social structures of the country. They could do it now as well, but with much more effort than cloning stuff from GitHub.
I would suggest that the government reimbursed 80% of small contributions, e.g. below $300 a year per project, and matched larger contributions, e.g. up to $3000 a year per project.
As always, when an influx of free money is involved, cunning criminals would try to siphon it out without producing useful software. This is why I would limit such contributions to small amount per individual contributor.
It makes really easy for a large enough group of fans fund a popular project for free, and double their larger contributions, without the government choosing the projects. It also would still require spending money, or just effort, to donate, so donating just for kicks is limited.
There are already processes and procedures in place, it piggy backs on a lot of existing relationships. NSF?
I know I live in cloud-cuckoo fantasy land here, but I know plenty of developers that would love to work on projects for the civic good, but they don't because they also want to earn good money so that they can live comfortably, raise a family easily, etc. etc. So they go and work for Facebook and Google, etc.
There's an inbuilt assumption that government can't or shouldn't ever compete with tech giants for salary. But look at the incredible sums of money wasted on contracts with borderline useless consulting shops. You can't tell me that money wouldn't be better spent on hiring smart developers and project managers and just getting stuff done.
I know it'll never happen, but a developer can dream. There's no actual reason why it couldn't.
https://medium.com/the-u-s-digital-service/youll-never-be-th...
https://www.fastcompany.com/40528581/obama-federal-it-fix-it...
[1] https://www.gnu.org/licenses/gpl-faq.en.html#GPLUSGov
"However, when a US federal government agency uses contractors to develop software, that is a different situation. The contract can require the contractor to release it under the GNU GPL. (GNU Ada was developed in this way.) Or the contract can assign the copyright to the government agency, which can then release the software under the GNU GPL."