Ozone and the Government Open Source Software (GOSS) Advisory Board

I was recently asked about the history of the Ozone Government Open Source Software Advisory Board, AKA “The GOSS Board”.

Below are my recollections… many of the source documents (such as the meeting briefings and minutes of the board meetings) are on Intelink at https://intellipedia.intelink.gov/wiki/OWF_GOSS , which many government folks can able to access with a PIV certificate. (Intelink is a shared service for the Defense, Intelligence, Homeland Security, Foreign Affairs, and Law Enforcement communities, and is not available to the general public.)  I found at least one other public blog that covers some of the same history, albeit with a different focus.

NSA first developed the “Ozone Widget Framework” (OWF) circa 2009.  OWF is a web application that acts as a framework for small, user-composable, web apps which we called “widgets”.  Around 2010, NSA was giving away (compiled) copies at Intelligence Community events.  People liked it.  Other agencies used it in various ways.

Around 2010, my boss gave me a task to go build a proof-of-concept web “storefront”, or apps store for DoD.  Knowledgeable people suggested that I should consider OWF.  It met many of my requirements, but I assumed that I would need to customize it in some way, so I convinced NSA leadership to share the source code with other federal agencies and (in theory) to accept patches.  Essentially, to adopt an open-source-like collaboration model, with the caveat that the code would not be shared outside the Federal government.

I coined the term “Government Open Source Software”, or GOSS.  Personally, I would have preferred to make it plain-old OSS, but I was limited by what I could get NSA and other gov’t agencies to accept at the time.  The code was made available to any federal agency.   In doing this, we also created a multi-agency governance board called the OWF GOSS (Gov’t Open Source Software) Advisory Board.  The four founding members were from NSA, DoD CIO, CIA and ODNI.  Over the next few years, the board grew to include representatives from DISA, NGA, 2 organizations in the Navy, DIA, 2 organizations in the Army, maybe others. (as best I can recall)

The original charter for the board included responsibilities to determine when to release the code to the public as “real” open source software, and also to disband itself if it wasn’t useful any longer.

The board met quarterly for years (2010-2014), hosted by NSA. (Mostly at their contractor’s offices)  At those meetings, participating agencies would prioritize work on the software.   The meetings were face-to-face (mostly) and generally lasted all day.  In the morning we would generally talk about strategic direction and membership, and in the afternoon we reviewed and prioritized the specific feature requests.    It slowed down around 2013-2014, because the NSA gov’t lead proposed to refactor the whole thing, so work on the day-to-day software updates was reduced while the refactoring effort was underway.  After a false start (remember OWF 8, OSGi ?), the refactoring effort eventually became the “Ozone Platform“, (OZP) which currently powers the Intelligence Community’s “AppsMall”.  Interestingly, OZP was always open source – it was developed in the open from the very inception.

Because OWF was a GOSS project, if some agency had a feature request that the broader community did not consider a priority, (and therefore was not in the work queue for the main developer) that agency was always encouraged to develop the enhancement with their own people and submit it back as a patch.  This happened a few times, and some of those features did eventually make it into the baseline, but most of the development was done by the core team that was on contract to NSA.

Section 924 of the 2012 National Defense Authorization Act directed the DoD CIO (my organization) to make it really open source.  We called this the GOSS-to-FOSS transition.  This process took about a year; the code had to be reviewed for release, some portions of the code were proprietary 3rd-party modules, and needed to be removed, licenses had to be chosen, a CLA developed, etc.   During the transition (and afterwards), the GOSS board kept meeting.

The GOSS board worked well, partly because ODNI had set aside funding for the NSA core team to work on community requirements.   That money ran out eventually (FY2016), and about the same time NSA stopped using the software internally (in favor of the refactored version called “Ozone Platform”.  NSA announced that they were no longer going to maintain OWF, which created much discontent for the other community members who found themselves using “unsupported” software.   NSA responded to the discontent by signing a CRADA with the software vendor (Next Century, Inc.) to make them the custodian of the both OWF and Ozone Platform and run the GOSS board themselves.

The DoD users of OWF (50+ programs, 11 of which are major acquisitions) have since banded together to form a “DoD GOSS Advisory Board (DGAB)” to pool requirements to a DoD custodian (Navy’s SPAWAR System Center-Pacific), where DoD users can send funding to support DoD Requirements.  I suspect that SPAWAR might consider contracting back to Next Century to either make enhancements or integrate patches from the community.   One might argue that Next Century is uniquely well-qualified to maintain OWF (since they’ve been doing it since at least 2009), but certainly they are not the only qualified agent to do so.

Part of the hard challenge for collaborative development in a government context is that even if a varied set of agencies or offices all are contributing, some central agent has to evaluate the patches and integrate the changes. (i.e. the custodian or maintainer)  This can work until the custodial agency has a shift in focus, and wants to step down, leaving a void in the community.  This is hard in non-gov’t projects too.  The Ozone transition has been ugly, but hopefully it’s starting to turn the corner.   I don’t think the story is quite done yet; the relationship between the CRADA partner (the “commercial” custodian) and the government custodian is still evolving at this time.

That said, I like to point out that the process worked pretty well for 5 years, which is a pretty good run.

Also, the concept and rhetoric of the GOSS Advisory Board was adopted by the DoD Command-and-Control community for another piece software called “Agile Client Framework”, but I don’t know much about it.  (They call is the “GAB”, short for “GOSS Advisory Board”.)

Galaxy Chart in D3

When I first started working in for the Deputy CIO for Business Process & Systems Review, I was exposed to a data visualization called a “galaxy chart“. The version I saw was developed by Technomics, Inc., who (interestingly) do a lot of work for my former organization, PA&E (now CAPE).

While Technomics seemed to claim (when I met them) that they “invented” the galaxy chart, I think this is probably an overstatement, since there seems to be plenty of prior art.

Anyhow, I built a D3 plugin for a galaxy-chart layout.

Example galaxy chart

Example galaxy chart displaying a view of the United States Federal Budget for Fiscal Year 2011

A Burning Man 2014 Story

A cabinet, standing alone, in the Black Rock DesertIt was early in the morning around Thursday, when my family let me off-leash to go cruise the playa to see the art. I was way out in the deep playa, almost at the 12:00 apex of the trash fence, almost as far out as it is possible to be.  I rode my bike up to a cabinet standing alone by itself in the desert. The sun was just over the hills to the east. There was a man and woman about 50 meters away, on a blanket watching the sunrise, but otherwise, I was alone.

The cabinet was a slightly battered-looking piece of furniture, like you would find in a bedroom at a beach rental.  There were some drawers on the left, and two swinging doors, top and bottom.  The drawers were screwed shut.  The bottom door was secured with some heavy steel rings, locked with a bicycle lock, the kind that you dial in a combination of four letters and it releases. As I parked my bicycle and walked up to the cabinet, I could hear a woman’s voice from within, telling a story.  Here is what I heard, retold as best I can remember 6 weeks later… Continue reading

Most cryptic error message of 2014

My work computer (Windows 7 Enterprise) informed me today with a sad red “x” icon that:

Provider could not perform the action since the context was acquired as silent.

This is now my favorite error message; just barely edging out the message from 2003-era Windows ME which informed my girlfriend that she should contact her system administrator.

How to apply an Open Source License to a US Government Work

This article is also posted to my Intelink blog.

Every so often, a government project manager asks me a question like this:

I’m looking to hire some government guys and I’m interested in young folks hacking on [my project].

So, here’s my predicament:  if they work on the code, their work becomes ‘public domain’ and not something that could be restricted by licenses (at least according to some legal advice I’ve been given).  If the work is the in public domain, I have no way of ensuring that someone won’t take the code and sell it back to the government as their own (because they could modify it and put a proprietary seal on it).

Here’s my question: is there some legal structures that can be put in place to restrict modification, use and distribution like typical software licenses for government-created works?

Here’s some ways this has been done before. Continue reading