search

dwcaress / MB-System

MB-System is an open source software package for the processing and display of bathymetry and backscatter imagery data derived from multibeam, interferometry, and sidescan sonars.
https://www.mbari.org/products/research-software/mb-system/
Other
127 stars 44 forks source link

Be able to disable sonar format drivers #368

Open schwehr opened 5 years ago

schwehr commented 5 years ago

It would be nice to be able to control which formats are built into mb-system for several reasons:

For a note on GSF: I reported a number of issues with GSF (some more than 10 years ago) and have gotten no acknowledgements or fixes. Many of these issues are with improper handling of pointers. The GSF development process happens behind closed doors. It isn't clear how testing is done and if any code auditing is done. c.f. https://github.com/schwehr/generic-sensor-format/issues

dwcaress commented 5 years ago

Kurt, Before the widespread adoption of GSF by commercial software vendors (including when I worked for that SAIC office for 7 months), GSF support and development was entirely funded by the Navy, and therefore it was in fact the Navy that decided which change requests went forward. I don't know if that is still true. I have made a few requests to SAIC (now Leidos) for changes to GSF over the years. Straight up bug fixes have been accepted. Changes to ease integration with MB-System have not been accepted. At least once it was explained that my requests had been passed on to the Navy, and it was the Navy that decided those changes were undesirable. Dave

schwehr commented 5 years ago

Hey Dave, Thanks for adding the context of GSF for those who don't know. I've come to realize that I have no hope for influencing the Navy and Leidos beyond getting the to add an open source license to the code. I've met with the Admiral in charge at the time and many other folks from the Navy and Leidos. They were clear that my worries about GSF and the process around the maintenance of GSF were not going to be addressed. Using the GSF libraries is functionally equivalent to running an old version of Adobe Flash w.r.t. the view of an attacker. I've done all the warning I can at this point.

PR #369 concludes what I wrote about in 2013: AUTOCONF/AUTOMAKE CHANGES TO MB-SYSTEM FOR CONDITIONALLY REMOVING GSF

Notes from 2008 and 2010: OPEN SOURCE AND GSF - THE "GENERIC SENSOR FORMAT" FOR MULTIBEAM SONARS where I wrote: "It is super important to note that SAIC is only able to work on GSF based on its contracts with the US Navy"

Using the GSF code in a "secure environment" (e.g. within Sabre) gives me the heebie jeebies. And it should make easy starter material for an orange team

Orange Is The New Purple