really good article with a couple surprises in there.
"some people speculated that, because of the political pressure against it, its release must have been an act of resistance by someone within the IRS. But the open sourcing of the program was always part of the plan, and was required by a law called the SHARE IT Act. It happened “fully above board, which is honestly more of a feat!,” Given told 404 Media. “This has been in the works since last year.”
Vinton told 404 Media in a phone call that the open sourcing of Direct File “is just good government.”
“All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”"
Dunno, sounds like some fucking commie shit to be. And not the kind i can someyimes get on board with when it comes time to do secret police shebanigans, but the bad scary kind where they dont even have a use for police.
Wouldn’t it be better to just give the code for free to a good corporate citizen who can be entrusted with its stewardship?
“All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”"
Nice sentiment, but bad take. Open-sourcing the software that runs our military equipment would be a fantastic gift to the bad actors of the world.
Security can mean security against hackers, but it can also mean security against revealing classified information. Classified information about weapons systems (e.g. performance characteristics) is inherently embedded into the code running on those systems, and therefore shouldn’t be open sourced.
Any information that shouldn’t be public knowledge such as specs, account credentials, access tokens etc should be in a configurable/dynamic format such as an ENV variable or a config file, that way confidential info isn’t part of the working tree.
This should not be an issue in a properly maintained codebase.
really good article with a couple surprises in there.
"some people speculated that, because of the political pressure against it, its release must have been an act of resistance by someone within the IRS. But the open sourcing of the program was always part of the plan, and was required by a law called the SHARE IT Act. It happened “fully above board, which is honestly more of a feat!,” Given told 404 Media. “This has been in the works since last year.”
Vinton told 404 Media in a phone call that the open sourcing of Direct File “is just good government.”
“All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”"
Dunno, sounds like some fucking commie shit to be. And not the kind i can someyimes get on board with when it comes time to do secret police shebanigans, but the bad scary kind where they dont even have a use for police.
Wouldn’t it be better to just give the code for free to a good corporate citizen who can be entrusted with its stewardship?
Edit: yes of course we rent it back!
only if the corporate citizen promises really hard we can trust them. like a super promise.
Also we have to pay them whenever we want to use the code. Yes.
you bought it, why shouldn’t you also rent it?
Nice sentiment, but bad take. Open-sourcing the software that runs our military equipment would be a fantastic gift to the bad actors of the world.
Our entire Internet, the backbone of all encryption, all runs on open source software.
It is more secure because people can see and audit the code.
Let me flip what you wrote:
Our military equipment already is vulnerable. We just don’t know how badly because it’s not open source.
Prove it’s secure by releasing the code.
security through obscurity is not security
Security can mean security against hackers, but it can also mean security against revealing classified information. Classified information about weapons systems (e.g. performance characteristics) is inherently embedded into the code running on those systems, and therefore shouldn’t be open sourced.
Source: used to write classified code
then the code maintainers are doing it wrong.
Any information that shouldn’t be public knowledge such as specs, account credentials, access tokens etc should be in a configurable/dynamic format such as an ENV variable or a config file, that way confidential info isn’t part of the working tree.
This should not be an issue in a properly maintained codebase.