- cross-posted to:
- foss@beehaw.org
- cross-posted to:
- foss@beehaw.org
- really good article with a couple surprises in there. - "some people speculated that, because of the political pressure against it, its release must have been an act of resistance by someone within the IRS. But the open sourcing of the program was always part of the plan, and was required by a law called the SHARE IT Act. It happened “fully above board, which is honestly more of a feat!,” Given told 404 Media. “This has been in the works since last year.” " - Vinton told 404 Media in a phone call that the open sourcing of Direct File “is just good government.” - “All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.” - Dunno, sounds like some fucking commie shit to be. And not the kind i can someyimes get on board with when it comes time to do secret police shebanigans, but the bad scary kind where they dont even have a use for police. - Wouldn’t it be better to just give the code for free to a good corporate citizen who can be entrusted with its stewardship? - Edit: yes of course we rent it back! - only if the corporate citizen promises really hard we can trust them. like a super promise. - Also we have to pay them whenever we want to use the code. Yes. - you bought it, why shouldn’t you also rent it? - Exactly! Twice the value for my tax dollar! - Not that I’ve ever paid taxes, but, you know, if my accounting department all suddenly died in mid march some year, and i wasnt operated out of a PO box in a tax shelter, i bet i mightve had to. - All of the sweet, sweet gross domestic product statistics. Mmm I love GDPness. - All that gdpness hot and throbbing in my mouth as i wrap my accounting department around it, and extract everything i can. I’ll be methodical, ruthless, and messy, as i extract every last bit. 
 
 
 
 
- We need better than that. We need a pinky promise. - That’s impractical, because for a pinky promise, you need to actually lock pinkies. We need a surrogate, like maybe the Commander in Chief? - I think we should ask Chuck Schumer. He’s really good at getting things done. - Perfect, and since he’s in his 70s, he has all of that experience keeping promises to draw on. 
 
 
 
 
- Bro why are people downvoting this when it is so clearly a joke - because its the internet in 2025 and we simply cannot tell anymore 
- I can think of two reasons and both of them are hilarious. 
- A lot of people are completely incapable of reading obvious sarcasm, which is too bad. 
- deleted by creator 
 
- /s dude, this is the Internet and you are not a person with a widely known stance. - The candle that burns half as bright burns twice as long, and you, my child, will burn so very long. - Sick “burn”, but still a bit uncalled for, don’t you think? - Perhaps i should have said hot, but seriously; more fun to not. - So you’re saying he’s really really ugly - Was more tjinking about takes. 
 
 
- A funny joke is always called for. 
 
 
 
- Wouldn’t it be better to just give the code for free to a good corporate citizen who can be entrusted with its stewardship? - To be fair, since it’s public domain, anyone can take it, modify it (and not release modifications), and try to screw you over w/ it. - No but im saying it shouldn’t be public, it should be given to a good corporate citizen to maintain so we can rent it back when we need it. - Well, public domain gets you halfway there. You can still rent it later, provided the original is user-unfriendly enough that you’d be interested in alternatives. - Okay but ‘public domain’ is communist, and everyone within 20 miles of it should be killed - But its not physical so there is no precise location for it, and the only way to sidestep this existential problem is by not having a public domain, so maybe my headache goes away. - Hmm, maybe we could make private domain? It’s like public domain, but private. - Right, so you could only access it by paying corporate citizens. Yes. 
 
 
 
 
 
 
- All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. - as long as its not military stuff, I don’t want to be able to download a simulator for nuclear bombs or something on my PC 
- “All code paid for by taxpayer dollars should be open source, available for comment, for feedback, for people to build on and for people in other agencies to replicate. It saves everyone money and it is our [taxpayers’] IP,” she said. “This is just good government and should absolutely be the standard that government technologists are held to.”" - Nice sentiment, but bad take. Open-sourcing the software that runs our military equipment would be a fantastic gift to the bad actors of the world. - security through obscurity is not security - Security can mean security against hackers, but it can also mean security against revealing classified information. Classified information about weapons systems (e.g. performance characteristics) is inherently embedded into the code running on those systems, and therefore shouldn’t be open sourced. - Source: used to write classified code - then the code maintainers are doing it wrong. - Any information that shouldn’t be public knowledge such as specs, account credentials, access tokens etc should be in a configurable/dynamic format such as an ENV variable or a config file, that way confidential info isn’t part of the working tree. - This should not be an issue in a properly maintained codebase. - I think when it comes to the code that controls the navigation, control, detonation, etc, or our munitions, that perhaps that should not be publicly reviewable. Not because of hacking concerns, but it does give info to a potential enemy that could render them less effective. 
- Eh, there’s an intrinsic amount of information about the system that can’t be moved into a configuration file, if the platform even supports them. - If your code is tuned to make movement calculations with a deadline of less than 50 microseconds and you have code systems for managing magnetic thrust vectoring and the timing of a rotating detonation engine, you don’t need to see the specific technical details to work out ballpark speed and movement characteristics. 
 Code is often intrinsically illustrative of the hardware it interacts with.- Sometimes the fact that you’re doing something is enough information for someone to act on. - It’s why artefacts produced from classified processes are assumed to be classified until they can be cleared and declassified. 
 You can move the overt details into a config and redact the parts of the code that use that secret information, but that still reveals that there is secret code because the other parts of the system need to interact with it, or it’s just obvious by omission.
 If payload control is considered open, 9/10 missiles have open guidance control, and then one has something blacked out and no references to a guidance system, you can fairly easily deduce that that missile has a guidance system that’s interesting with capabilities likely greater that what you know about.- Eschewing security through obscurity means you shouldn’t rely on your enemies ignorance, and you should work under the assumption of hostile knowledge. It doesn’t mean you need to seek to eliminate obscurity altogether. 
 
- It seems to be working out fine in Ukraine… 
- A lot of functionality can be decoupled from anything that needs to be classified. A HUD is a HUD and no one should be hard coding in performance characteristics of the F-35 into it. I’ve also worked on government projects and holy crap does the code quality vary wildly, even before you get into “it’s still working so deal with the problems, it doesn’t have the budget for updates”. - Using ‘off the shelf’ parts/code can save significant time and money. There’s a reason subs use xbox controllers. Government websites and data interfaces at the very least should have the audit-ability that open source provides. - A HUD is a HUD - sure but the HUD from the F-35 is very specifically designed to work in an F-35. It’s very similar, and comes from the same family, as the software running on other planes. But it’s not identical. - And yes, performance limits would be hard coded into the software because the HUD needs to alert the pilot when they are getting close. - Edit: and that’s ignoring the fact that a lot of this stuff comes from private companies so you’ll run into things like IP/patent laws - For the F35 unfortunately a lot of its capabilities seems to be cloud based. (At least for maintenence, I don’t know of on the air). - That’s why I’m angry my stupid government still has wants to buy the stupid things instead of sitting this generation out and going to an own 6gen aircraft. - Aren’t all planes cloud based though? 
 
- That’s what config files are for. It would be a nightmare to hardcode weight and balance and have to recompile the HUD every time you change the loadout or refuel the plane. - Most code, algorithms, etc are not any more sensitive than the concept of desks and file cabinets. No, guidance programs for missiles probably shouldn’t be put on GitHub, but there’s a reason RSA and other encryption algorithms were open sourced. It’s better to have more eyes looking for inefficiencies, weaknesses, and vulnerabilities than to just assume it’s good because no-one on the team responsible is smart/engaged enough to find them. - Lmfao I can tell you’ve never worked in embedded systems before. They don’t really have config files. They don’t have the space. 
 
- If it’s developed for the government, even by a private contractor, it’s still considered US government code and is public domain. It’s why sqlite is public domain. - I personally doubt there’s much available in the off-the-shelf fighter HUD system market, personally. 
 
 
 
- Uh, clearly you haven’t seen the quarterly earnings reports. 
 
- Our entire Internet, the backbone of all encryption, all runs on open source software. - It is more secure because people can see and audit the code. - Let me flip what you wrote: - Our military equipment already is vulnerable. We just don’t know how badly because it’s not open source. - Prove it’s secure by releasing the code. - Our military equipment already is vulnerable. We just don’t know how badly because it’s not open source. - I’m gonna be honest, I’m sure China has many copies of the source code already 
 
- The GitHub page has a section for this: - Exempted Code - Not all source code, documentation and metadata used in the development of Direct File is included in this repository. Specifically, any code or data that is considered Personally Identifiable Information (PII), Federal Tax Information (FTI), Sensitive But Unclassified (SBU), or source code developed for National Security Systems (NSS), as defined in 40 U.S.C. § 11103, is exempt. Due to these restrictions, certain pieces of functionality have been removed or rewritten. - But does it build?! 
 
- Maybe it’s the military that’s incompatible with our values, not open source 
- The problem you’re describing (open sourcing critical software) could both increase the capabilities of adversaries and also make it easier for adversaries to search for exploits. Open sourcing defeats security by obscurity. - Leaving security by obscurity aside could be seen as a loss, but it’s important to note what is gained in the process. Most security researchers today advocate against relying on security by obscurity, and instead focus on security by design and open security. Why? - Security by obscurity in the digital world is very easily defeated. It’s easy to copy and paste supposedly secure codes. It’s easy to smuggle supposedly secret code. “Today’s NSA secrets become tomorrow’s PhD theses and the next day’s hacker tools.” - What’s the alternative for the military? If you rely on security by design and open security for military equipment, it’s possible that adversaries will get a hold of the software, but they will get a hold of software that is more secure. A way to look at it is that all the doors are locked. On the other hand, insecure software leaves supposedly secret doors open. Those doors can be easily bashed by adversaries. So much for trying to get the upper hand. - The choice between (1) security by obscurity and (2) security by design and open security is ultimately the choice between (1) insecurity for all and (2) security for all. Security for all would be my choice, every time. I want my transit infrastructure to be safe. I want my phone to be safe. I want my election-related software to be safe. I want safe and reliable software. If someone is waging a war, they’re going to have to use methods that can actually create a technical asymmetry of power, and insecure software is not the way to gain the upper hand. 
- I am fairly confident that theNSA is aware of this kind of concern and they have an pretty cool repo. - Idk, they didn’t appreciate Snowden open sourcing a lot of their documents. 
 
- I’m sure there are exceptions for classified systems. Personally, I do believe all things developed by tax payer money should be released to the public including classified systems, given enough time has passed that the release of such information wouldn’t put anything or anyone at risk. - For the most part they are. You can find enormous troves of classified documents that have been made public, and a huge amount of once top secret technology and engineering eventually makes its way into the public space. - Yeah, they get open sourced by publishing them over the usual channels during disputes on the War Thunder discord server. - Well yeah, when someone on the internet is wrong, you need to prove it! 
 
 
 
- Depends on the application. - In some cases, it would be fantastic. But it’s clearly not a one size fits all, yeah. 
- I’m sure a lot of military software, in contrast, is acquired from private companies that retain IP rights. Likely legal exceptions aside. - Ideally, any software the government buys or any firmware that ships on hardware the government buys should be FOSS, but not necessarily released to the public right away (i.e. if there’s a legitimate national security risk). That gives the government the option to fix issues they run into instead of being forced to wait for the vendor to fix them (if they ever do). 
 
- You know open-source doesn’t mean publicly available. It means the person, or in this case the US government, that brought the software should have free access to the source code to edit and distribute it as they like. - So yes, the military should use something functional equivalent to open source to prevent vender lock in and to allow for external audits. They probably shouldn’t give it to Russia or make it freely available online though. - At least not while it presents a national security risk. Once it’s largely obsolete, everything should be made public. 
 
- So open sourcing Tor, which protects our foreign operatives, was a bad idea? Implementing secure sockets for the web (TLS) was a bad idea? Publishing security vulnerabilities publicly (CVE system) was a bad idea? - All of those help our adversaries, but our adversaries also have an incentive to improve the code so everyone benefits. - Sure, there are probably some things that shouldn’t be released (i.e. something w/ a legitimate national security concern), but by and large, most things should. Tax software absolutely should, because there’s zero reason for the software you use to file your taxes (which is a legal requirement) to not be publicly auditable, because you’re on the hook for any mistakes it makes. 
- Don’t worry, that’s all written by defense contractors anyways, so they’ll sell it to the US, and to others the US allows, all closed source. The source won’t even be open to the US government, either, as that’d harm the bottom line of the contractor (support & maintenance contracts for that closed-source software). - I really don’t get why the government does this. The US government is a massive client, and they could probably force their suppliers to provide them an open source license so they can maintain it themselves. What else are military contractors going to do, not sell their guns? It’s not like the US gov is going to let them sell to countries we don’t like anyway, so it’s in their interest to play ball. 
 
- Good thing no bad actors have root access!Agreed; open source software is so notoriously insecure. 
- Watch this thread from here on in carefully separate the idealists from those who know what defence is like. - yes, open-source is the goal of everything that can be opened.
- no, defence code isn’t on the list of what can be opened
- yes, obscurity isn’t good as a sole effort
- yes, defence in depth
- no the funding to get it to where it’s safe to open for randos to submit changes isn’t there today
 - Anything I missed? - Yes, Virginia, it’s better to open all the things right now, but there are risks you haven’t taken into account because you’re not aware of them. The pros are; it’s their job and their work, so listen to their expertise no matter what the oppositional/defiant disorder suggests otherwise. - Defense code can absolutely be open source, even the very sensitive code that goes into guidance systems on rockets and whatnot. Open source != publicly available, it means those who receive the code get certain rights to use and modify the code. This is imperative for the US government to provide timely updates to their equipment if the vendor is doing a poor job at it. - Yes, it’s ideal to open source everything, but not ideal to release it to the public. Once the code is no longer sensitive (i.e. the equipment is obsolete), it should be released publicly. 
 
 
 
- Hurry up and clone that ASAP, this is gonna get taken down once DOGE realizes what it is - More likely they’ll just turn off or unpublish the API that it depends on. - Is that even available right now? Usually for this type of thing you need API keys, which are not included, nor available at all. - Direct File interprets the United States’ Internal Revenue Code (26 USC) as plain language questions, the answers to which should be known to taxpayers without need of external instructions or publications. Taxpayers’ answers are then translated into standard tax forms and transmitted to the IRS’s Modernized e-File (MeF) API, which is available for authorized public use - So before the API it still generates everything you need to mail in the forms? - Probably. It would need to be updated with new laws and rules though. 
 
 
 
- Recreating the API seems doable? If we can recreate dead MMO servers… - Are you comparing online game servers to the American tax system? Because I really want a ban. - What really pisses me off is that their anti-cheat forces me to use dogeOS 
 
- Well, you probably could. Issue is that you can’t self host the IRS. If they aren’t running the service that accepts the data there isn’t much you can do. 
- Direct File interprets the United States’ Internal Revenue Code (26 USC) as plain language questions, the answers to which should be known to taxpayers without need of external instructions or publications. Taxpayers’ answers are then translated into standard tax forms and transmitted to the IRS’s Modernized e-File (MeF) API, which is available for authorized public use 
 
 
- That was my thought too and I did so but it’s been up for over a week now. 
 
- I wonder if this could be altered to work for other countries - We’ve already got free software for filing taxes, kthxbye! - Oh that’s good to know what’s it’s called 
 
- It would be nice but I think it is not really possible. Too many difference in the laws I suppose. - Yeah, tax software is hyper-tailored to the tax law, which is why it needs to get an update every year. 
 
- I can see the EU funding it. This could be a measure to allow Blue States circumvent the federal system - a CaliTAX, AlohaTAX, ect. This would be vital during a civil war scenario, so that the Blue States can having working taxation systems without having to redo everything. 
 
- because this is the first pull request and something many people will see, I would like to say that I learned from a former project manager at the IRS that development on Direct File has stopped since January. the source code is only public because of federal law. it’s not likely that this is going to be merged but it’s possible that the components of Direct File might be used elsewhere - Don’t get your hopes up too much. 
 
- TurboTax owned buy intuit, part of H&R block who has partnered with credit karma. Everything is a monopoly now - I’m pretty sure intuit and h&r block are competitors, not the same compamy. - You are correct. - Here’s an annoying thing i just learned about H&R Block: - As of 2022, H&R Block’s tax preparation service shares user data with Facebook, which can be used for targeted advertising. This can include sensitive financial information from health savings accounts and college expenses, and this tax data is shared without consent even for users who opt out of the service. - Do you have a source we can reference for that particular bit of shitbaggery? - Edit: congressional report on the shit bags in question: - https://www.classaction.org/media/hartz-v-taxact-inc-congressional-report.pdf - Wikipedia 
 
- This pisses me off so much. 
 
 
- Yeah I saw Monopoly Fortnite I wonder what is next? - I know, what are they making next? Lord of the Rings edition? Star Wars? Oh the humanities. 
 
 
- It’s already got 4 PRs - lol - 7 open now, 2 closed - XD - One of the currently open ones is this one: - https://github.com/IRS-Public/direct-file/pull/11 - Hilarious - Low effort pull, deletes the problem instead of putting the work in to correct it. /jk - IDK LGTM 
 
 
 
 
- Unless it’s maintained it won’t be of much use. It needs to be kept up to date with tax laws, and it relies entirely on the IRS accepting the generated returns. It seems it may function for now, though. - Direct File interprets the United States’ Internal Revenue Code (26 USC) as plain language questions, the answers to which should be known to taxpayers without need of external instructions or publications. Taxpayers’ answers are then translated into standard tax forms and transmitted to the IRS’s Modernized e-File (MeF) API, which is available for authorized public use - Linux geeks, assemble!  
- Web devs too! 
 
- Direct File is maintained by the IRS themselves though. - https://www.businessinsider.com/trump-house-republican-kill-irs-direct-file-2025-5 - Will it continue to be? 
 
- The code to generate the forms should be simple enough… But the amounts, the deductions, the laws, the rules…etc, these all need to be checked by an accountant or lawyer… It might be a good method to double check a return, but if the return isn’t guaranteed to be correct by the IRS or an accountant is checking details…I would be worried - Right. Well it should be good for 2025, so it depends on how much/if any changes there are in the next year. 
 
 
- What happened to the title of this?? Jeez - “The IRS Tax Filing Software that TurboTax Is Trying to Kill Just Got Open Sourced” might be more clear but headlines try to cut those sorts of words out, unfortunately at the cost of readability sometimes. 
- They accidentally included 8 verbs. (tax, filing, is, trying, kill, got, open, sourced) - But most of those aren’t used as verbs here. - right, but you can only tell what’s used as a verb after you’ve parsed it. 
 
 
 
- Suck a bag of dicks, TurboTax 
- I got told I couldn’t get a tax return because they flagged me for potential fraud, so I have to go to ID.me to verify… but then my account got banned while trying to verify my information. - Fml - Guess that means they don’t want your money! Woo! (this is not legal advice, pay your taxes) 
- I love id.me, I’m so glad I had to give my facial data to them to collect unemployment insurance! 
 
- The more money you pay someone to find the loop holes in the tax code the less likely you are to support out government and its war machine. 
- Oh that’s awesome. I hope it can still be accepted by the IRS for the future (if we still have one in ~3 years) but it would be neat to just be able to have an open standard for online filing. - Don’t worry, there will always be an IRS for us plebes. 
 
- HA get fucked turbotax 
- It’s licensed under CC0 to anyone wondering. BSD 0-Clause would probably be better but still fantastic. - CC0 is a horrible thing to use for software. It seems great, but it specifically does not give patent rights. Compare that to MIT which implicitly does so. CC0 specifically says it does not. - The US government doesn’t (to my knowledge at least) have copyright protections so MIT wouldn’t be possible. BSD 0-Clause is just better because e.g. Austria doesn’t allow you to cede copyright to the public domain and CC0 directly mentions the public domain in the terms of the license. - Interesting, SPDX does not list 0BSD as FSF approved, but FSF does approve it. This isn’t the first problem I’ve seen with SPDX’s list. They say CC0 is FSF approved but FSF only says it is approved for things besides code. 
 
- Could you explain why this is bad? Software patents aren’t a great thing, are they? - Correct. They’re bad. And if someone releases code under CC0 that has patented stuff in it you may be liable for using their patent without permission because CC0 says in section 4a, - No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. - Compare that to MIT which is considered to implicitly grant patent rights by saying you may deal in the software without restriction. Apache specifically gives you explicit patent rights in section 3. - Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. - So the problem is that CC0 in it’s public license fallback specifically says that it does not grant patent rights. - CC0 is a trap for software. Please avoid it. Please encourage others so avoid it. - To the extent of my knowledge, the only public domain dedication with permissive license fallback that is approved by both FSF and OSI is the WTFPL. Which is also a crayon license. Public domain is a weird concept and not all jurisdictions have it and not all jurisdictions allow you to manually put things into it. This is why they need the permissive license fallback. You’re better off using a well known and well understood permissive license. - Thank you for the through explanation! That was very helpful 
 
- Correct. You release something under CC0, someone else sees it, patents it, and sues you. 
 
 
 
- Was the US so behind that they didn’t have a way to file taxes online for free? - Unfortunately yes 
- Yes, thanks to the powerful lobby from Turbotax. 
- Not just that. The tax preparation industry has gotten tax more complex and harder to file in the US - You get the government you can afford. The tax preparation industry has been able to buy several governments 
- Not behind, ahead. Just you wait. - Uh no … the US is behind on this and payment platforms and invoice creation and a ton of other shir - I’m not sure you got what I meant, which was that the US may end up dragging others in its wake. Time will tell. I just know it’s not just the US that has seen a rise in right wing politics. - And so, yeah, I said it kind of tongue in cheek, but I’m concerned it’s the start of a trend. But hey, maybe there’s an asteroid inbound. - Here he just let the coalition fall - Can you elaborate a bit, as far as where here is and what coalition? I have ideas but I don’t wanna make assumptions. And obviously that’s is you feel comfortable doing so, not trying to blow you up. But I’m interested in what’s happening elsewhere you know? And I am just not sure I trust the news. - In NL Geert Wilders let the coalition fall but it was one of the worst coalitions we have had 
 
 
 
 
 
 
- THIS is the way. 















