nsa

Nothing To Hide: An anti-stealth game in which you are your own watchdog

open source game

Nothing To Hide is an "anti-stealth game," in which you must carry cameras and spy gear to live in a world of self-surveillance and self-censorship. A world where you're made to be your own watchdog. Released for The Day We Fight Back, the game is now seeking crowdfunding to complete the open source game—10% of what's raised will first go to the Electronic Frontier Foundation (EFF), Demand Progress, and the Freedom of the Press Foundation. » Read more

1 Comment

Observations from this year's NSA Open Source Industry Day

open source control not desirable

I attended the NSA Open Source Industry Day in Maryland this year and thought I'd summarize what did and didn't surprise me. We'll see if these observations prove controversial or helpful! More importantly we'll see if organizations can effectively manage, govern, and secure their applications given the reality of open source, agile development practices, and component-based development.

4 Comments

Do cloud right: Four critical steps to selecting the provider for you

cloud services and providers

When Edward Snowden leaked intelligence files, a storm was triggered in the cloud, leaving a path of destruction. Snowden’s email provider Lavabit shut down. So has the email offering of Silent Circle. The Guardian ran a story declaring: Lavabit’s closure marks the death of secure cloud computing in the U.S. And the EU is not entirely unaffected either. Be it by the Tempora program in the UK or the U.S. National Security Agency facilities that reportedly reside in Germany.

» Read more

4 Comments

The Accumulo challenge, part II

To compete or collaborate

In Part I, we discussed the Senate Armed Services Committee (SACS)'s attempt to hobble the open source Accumulo project in the DOD. They directed the Department's CIO to jump through a number of reporting hoops before Accumulo would be allowed inside the DOD, and directed the Accumulo team to upstream their work into related open source projects. It appears to be an attempt to dismantle the project on the assumption that it was competing with products and project from the private sector. » Read more

1 Comment

The Accumulo challenge, part I

The Accumulo challenge, part I

The dozens of software projects launched in the wake of Google's Big Table and Map Reduce papers have changed the way we handle large datasets. Like many organizations, the NSA began experimenting with these "big data" tools and realized that the open source implementations available at the time were not addressing some of their particular needs. » Read more

0 Comments

History of open source in government

pssst! open source in use here

It is difficult to imagine the Federal government moving in one well-coordinated direction on any matter, and so it has been with the adoption of open source software. Some agencies were early adopters, especially the academic and research communities. As it did in universities, open source adoption in the US government originated in research settings, where sharing and collaboration were already part of the culture of pedagogy. In this way, the government had been using and creating open source software even before it was called "open source." Other agencies and departments have been more conservative, for a variety of reasons, and are only just now bringing open source software into their operations. With this in mind, the history of open source in the US government is best understood as a series of individual stories that have collectively led to the pervasive adoption of open source we see today. » Read more

2 Comments

SCAP: computer security for the rest of us

I'm setting up a new computer. I get through the registration screens, install my software, change my wallpaper, and everything's working fine. I'm left, though, with a lingering, uneasy feeling: I don't know if this machine is secure. I'm a computer guy, so I know how to set up strong passwords and firewalls, but I'm still not sure if I've done everything right. I turn to my vendor, who has hopefully published a hardening guide. If I'm very enthusiastic, I might even follow the NSA's Security and Network Analysis Center Guides. If I do any of these things, I'm already being more diligent that 95% of users out there. And that's a problem. » Read more

7 Comments