In multiple media reports over the past two weeks, the US Army has professed its love for the penguin. The Army eventually intends to move from a Windows-based infrastructure over to Linux for its new, roughly $200bn weapons program. But the Army has largely been prepping new Linux-friendly weapons, vehicles, and devices before …
I beg your pardon?
"That potentially presents a major problem for the first brigade of Linux-based FCS vehicles expected to be introduced in 2015. Linux-based systems have a limited ability to communicate with Microsoft-based systems. And interoperability issues aren't something you want to deal with in a war zone."
That comment is incorrect, and in the wrong sequence. The correct phrase is:
"Microsoft operating systems are deliberately designed to limit their ability to interoperate."
Linux follows industry-wide standards. Microsoft does not. Furthermore, there is little or no actual communication problem between Linux and Windows; "file shares" (aka SMB) work, ordinary TCP/IP network traffic works, SQL queries work, remote desktop clients and servers on both sides work.
Your article throws FUD at people who don't know the truth about Linux and industry standards. I prefer to think that's caused by ignorance, rather than malice or corruption.
Oddly enough ...
I thought the military would be more into a BSD style solution.
That doesn't really seem like the right word. Sure, it'll take some effort, but it doesn't sound like they're having major problems. Interoperability isn't usually THAT hard.
Windows based satellite tracking system? No wonder the international space station fell to earth.
Blue Screen Of Death -> Blue Planet Of Death
I mean Spy Satellite.
The Left Hook: Army Upgrades to Linux
Err..., I could also have written this article with this hook:
The Army upgrades its latest battlefield software with Linux. Spokespersons say they require more open, more flexible, and more secure software than Windows. In addition, they will save money on licensing fees, and be able to use multiple vendors for support. They anticipate some problems with integrating their old Windows software and its proprietary network interface and clumsy implementation of network standards. Red Hat etc etc
The only way you can claim there is a networking interoperability problem between Linux and Windows is to look at SMB networking, called "Samba" in the open world. Since SMB is a quite insecure local protocol, I doubt it is in use on the battlefield, where I assume they use only encrypted connections like ssh, sftp and so forth.
But then American voting machines use MSDOS or Windows with hardly any security. So maybe fire control websites only work with IE 6.
(sorry its irresistible)
Gives a whole new meaning to "blue screen of death"
So you think the army would be trialling BSD(M)?
Hopefully icon not necessary.
Iran uses my OS.... mwah ha ha ha ha, I foresee a nice collapse for your crummy country and their crappy hippy network.
Is Linux A Squishy Target?
There is no proof that Linux is more secure. That is largely a faith-based viewpoint in the context of a political movement surrounding open source. But I guess in the Bush administration faith-based initiatives are trendy now. I've watched CERT advisories for over ten years now, and Windows and Linux have had a roughly equal number of security holes reported during all that time.
Operating systems don't become secure because thousands of amateurs are looking at the source code, as Eric Raymond would like you to believe. They become secure by reacting to and learning from attacks over and over for years. Windows is not only a constant target of real hackers, Microsoft has hired an army of "penetration engineers" to work on it and make it tougher. You're fooling yourself if you think Linux is secure.
This decision is probably largely the result of a few open source "true believers". The Army should carefully examine this on the basis of security and also on the basis of supporting American business.
You forgot your flame icon. Or should it be an Angel Bill icon, or even a Paris icon?
linux... over BSD?
Why go Linux... with all it's crappy code validation and NOT for validated and pretty secure code from.... know which one is it.. it's a BSD, I know that much... is is OpenBSD that is the really secure one?
Good maybe things will improve
Once the ARMY no longer uses MS.
I'm not Eric Raymond, but I would like to contradict your assumptions:
Because Linux is open source, and because thousands of eyes are looking at the code (anyone could look at the code!), the chances of getting security issues fixed are MUCH HIGHER compared to MS solution which was caught few times leaving known security holes open for 6+ months.
When you buy RHEL or SLES, you get the standard promise of 5 years for security fixes. If you insist, you can get 8 years, depending on your negotiation skills with the vendors.
The Army could basically hire a developer or any software house which could backport security fixes even 10 years from now since the code IS open, and when you go the "MS way" you can only pray that MS will fix the issue after stating EOL for an OS (example: Windows 2000 products).
That way the Army is not dependent on 1 company and the army could do whatever it wishes with the OS without any stupid restrictions, compared to buying any MS OS.
To be fair, the article didn't say anything about them choosing it because it's supposedly more secure. They just don't want to be beholden to Microsoft, which sounds like a good reason to me.
CERT - schmert
There are always going to be 'security holes' found in any operating system. The difference between Windows and Linux is the fact that Linux developers publish 'fixes/patches' right away and their code is reviewed by 100's of other developers around the world. Microsoft waits around till some hacker finds a vulnerability, exploits it, and then eventually a "security update" is made available to the general public.
The Army's decision to transition to Linux will ultimately mean a secure and stable operating system for our nations defense. Additionally, the American taxpayer should be extremely gratified that tax dollars aren't being wasted on licensing fees.
"I'm in your SMB share, destroying your targeting .exe"
"There is no proof that Linux is more secure."
There is also no proof that NP=/=P. It just looks that way.
"The Army should carefully examine this on the basis of security and also on the basis of supporting American business."
Yes yes. Defense Budget for 2007: $668.6 billion. I do not think the industry of the Socialist States of America needs additional state intervention.
Re: Is Linux A Squishy Target?
You've managed you fashion your own noose and I fear hang yourself too. You say that Windows and Linux has has a "roughly equal number of security holes reported", I'll choose to believe you there because that sounds reasonable to me. The problem with this fact is the circumstances behind it, your point is in effect this: That security researchers with complete access to the code of linux and it's applications have only discovered an equal number of holes, compared to a closed source OS where they have to guess at the attack vectors.
Having found these holes by being able to review the code, they are spotted faster and due to the nature of open source, usually fixed faster too. With closed source, security researchers are reliant upon stumbling across security holes in a very long and boring game of blind man's bluff. They are frequently months behind the blackhats who have plenty of time to exploit these holes.
However it's not security that should be the driving force behind linux. It's the standards and interoperability, the lower cost of modifying the OS for your specific purposes and the reassurance that comes from being able to look at the code.
How anyone can say that it is a good idea for a public body to be locked in with one monopolistic vendor baffles me? It's your money and your government, how can you not be outraged that the IT infrastructure effectively belongs to a single private company?
Look for Microsoft to take a share hit on this...
Big risk with potential takeover of Yahoo + Army waving goodbye. Who knows, maybe the Navy (remember the fun and games with that Windows implementation?) and even the Airforce might decide Penguin power is cool enough for them too.
Cry havoc and let loose the penguins of doom!
...in the end all actual communication will be done with walkie-talkies by grunts, as has been the case for decades? Check.
IIRC a few years ago the French MoD if not the entire govt announced they were going to develop a secure version of Linux. Licensing presumably means this is/will be in the public domain.
switching catch phrases
from 'Blue screen of Death'
'root of all evil' ....
Let's hope the good side coders are smarter then the 'bad side' coders. Especially now the 'bad side' has got the source to the kingdom ...
Cool, linux's problem has always been...
people to maintain it, drivers, etc. Now maybe the Army will take over that role. I can see the future:
"Are you running US OS or PRC OS?"
"Neither I am running EU OS"
"Really they finally released that?"
"No, its in beta, and the French components aren’t out yet because the developers are on strike, but the language packs are great."
You know theres a problem when you're arguing about the colour of the wheels...
Sidestepping the whole Linux versus Windows pissing contest, surely lessons learned would recommend that our (mine, yours, whichever country that refers to) militaries should be focusing on simple, even open (if you are feeling game), APIs and protocols. The question should be "How do I make my Linux ammopack speak to my Windows pistol" but rather "We all speak MilNet 5.5, lets get along harmoniously to wreak highly efficient havoc on yonder agrarian-cum-freedomfighter..".
30 years of internet messaging has been built on this principle. Just because one company has a tendency to reinvent wheels (or at least attach painted lanterns to them) is no reason to follow suit.
The old philosophy of "in order to be secure, we must have something unique and secret" is dying. Secure methods built on commodity infrastructure/protocols allow far greater agility. Todays criminal can communicate securely with other criminals around the world far more easily than our law enforcement agencies can, and can adapt to threats and opportunities far more quickly.
While our law enforcement/military looks at developing monolithic novelties that lose any secrecy advantage the moment someone blabs, mere mortals are squirting hardened messages across the public internet. Sure, they may cock up, but they can adapt a dozen times before "InterpolChip2008" gets off the drawing board. It is Asymmetric information warfare, and the "good guys" are still counting on battleship solutions.
I use the term "criminal" to also refer to the enemy du jour on the a la carte menu of bad guys.
Back to the pissing contest, if the windows guys would stop pissing on everyone, and the linux guys would stop pissing into the wind in a vain attempt at pissing on the windows guys, we might all be much better off...
> That security researchers with complete access to the code of linux and it's applications have only discovered an equal number of holes, compared to a closed source OS where they have to guess at the attack vectors.
That might be a decent argument for a normal user (which I do not agree with). But we are talking about people controlling weapons systems, whole wars could be decided based on such a flaw. So the fact you recongnize that having source code makes finding holes EASIER acts against the platform for these uses. Yes, your argument might indicate that Windows has actually more holes (which, again, I do not share, based ont he fact that Microsoft has a few thousand engineers looking for holes as well, with source code access and a FULL TIME JOB, TRAINING AND SPECIFIC ASSIGNMENTS TO FIND SUCH HOLES) but that would irrelevant, as a dedicated hacker trying to achieve a specific goal with access to source code will have a much easier time than one without such code.
What about Windows for Warships? Will not the US Navy use it?
This article doesn't make any sense
I don' t know of any problems interconnecting Microsoft and Linux systems -- provided you keep to the standards. Since you're trying to make a robust system that's also secure there's also a lot to be gained from keeping things relatively simple (a lot of Microsoft's inter-application information sharing and other innovative "features" seem to be accidents waiting to happen).
Microsoft as a company has a poor track record with standards. It can't resist tweaking things, it seems to be a throwback to the early "Hack-DOS" days, with the result that their kit is a pain to work with. This is something you have to put up with in the desktop world because there's so much of it about but its not the way people build reliable embedded systems -- for those there is nothing that Redmond has to offer except a gut feeling of uncertainty about what's going on and when is it likely to crash.
You missed a great opportunity for article sub-titles. Here are a few suggestions for next time:
- "March of the Penguins" ......... "Penguins: Armed and Dangerous" ........ "When Penguins Attack" ......... "Penguin: Reloaded" .......... "Full Metal Penguin".
And when the US Navy and Marine Corps come around:
- "An Officer and a Penguin" ......... "A Few Good Penguins".
This is a custom implementation
Someone has latched onto a big chunk of development revenue on this one.
But let us not forget this is undoubtedly a custom system from end-to-end.
I am far from a worshipper of Linux, but it seems to me that full control of software source code is needed for what they are trying to implement and support. They can have this with their own build of Linux(also OpenBSD, Open Solaris, ... etc I'm sure there others). Short of some extraordinary agreement with Microsoft it does not seem possible with Windows.
It is always a disconcerting to me that folks forget they are tying themselves to Intel when they go with Linux but nothing is ever perfect.
In addition, advisories about Linux often cover an entire distribution of software, which may include several database implementations and thousands of packages that the average user will never install. They are often lumped into the Linux bug camp, because they come with the OS (even if they aren't installed by default). The up-side of this is that the distribution usually takes the lead in fixing the bug, often even before the code is fixed upstream.
Microsoft claims responsibility for only Microsoft software, often takes weeks or months to fix a bug, and largely disclaims responsibility for 3rd party software being able to take over or screw up a PC. Their attempts at security also seem to be driven by business objectives, such as the case of Vista's "worm protection", which blocks many P2P implementations, and requires you to upgrade to a more expensive version of Vista if you want even an ounce of that functionality back (or completely disable code signing and hack DLLs).
The US Army uses a mixture of platforms, and rightly so. A part is being migrated to Linux.
Regarding the arguments of being more secure, it's a myth. Open Source DOES NOT MEAN that it's more secure. Some OSS has better securtiy, some non-OSS has better security. 1000's of amature developers looking at the code after all these years has still resulted in hunderds if not thousands of security holes and patches every year on Linux.
Not saying Windows is more secure, just that having it peer reviewed means shit all. Check out Ubuntu and Vista Secunia statistics.
A mixture of platforms for the Army is a good thing. Last thing you want is them using a single OS, regardless what one it is.
Although $3.1bn for the Linux shop migration rather than the $0.62bn to stay with the Windows solution as well as the whole integration issue sort of highlights a lot of what people argue about the total cost of ownership...
Re: Frenching Connections
@Nigee: They'd be even denser than their usual neutronium-headed worst if they don't have a few boffins actually looking at it and evaluating a fork.
@AC re @Austin: Damn you, sir! You're going to have me laughing randomly for the next four hours as one or another of your alternative titles pops into mind. Definitely time to grab your coat, go home to the missus and have a well-deserved pint!
So Microsoft employs an army of penetration engineers, eh? Nice job title, but how do you sell that to your girlfriend's mother first time you meet her?
On a different note: Now Linux developers will de facto be working for the death industry. MS might even use that as basis for a future marketing campaign - "green, peaceful, hippie Vista".
Why don't they switch to Macs.. then the field commanders could be safe, secure *and* look fabulous with their trendy white macbooks. Senior officers could be given Air's as a bonus afforded to their Rank.
Bloody 'ell! you're telling us that the US military's weapons systems are based on Windows? THAT makes me feel really secure - blue screen of death, indeed!
A fatal exception error has occurred at OMG:000FUD00SNAFU in module Iraq (01) + Afghanistan (02). The current action against insurgents will be terminated. You will lose any unsaved civilians in all current conflicts.
* Press any key to terminate civilians
* Press CTRL+ALT+DEL to restart the conflict
* Press the Backspace key to withdraw troops
Blue Farce of Death
It explains all the blue on blues.
But someone mentioned the police force vss criminals. The criminals are not more secure or better oriented toward modern communication. Far from it. Their difficulty lies in lessons learned.
The police can get away with making mistakes. One after the other. And because of command lines they may never get rectified. But they use work arounds, unofficial protocols.
Criminals are lucky to survive making one mistake. They can amass fortunes until that happens but someone else will be spending it if they make one mistake.
And so we must assume the same reasoning on the battlefield. Only with communication errors, the military will only get to make one mistake per man killed until someone tells the chimp he is making a mistake.
The problem then is getting the fool to listen.
It won't matter if you use Linux or what.
I wonder what version of Windows the military is using. I bet it is a cut down version of Win 95.
Why argue about the make of tools in the carpenter's toolbox?
Architect drawings and craftsmanship has much greater influence on the end-result.
Windows vs Linux - neither wins
As a software developer with many years experience on many platforms, I have to point out that in the great OS battle neither Windows nor Linux win. Solaris is better than them both - by a long way. In the context of a closed military system, the security arguments above are largely irrelevant. Connections between boxes will be over mil-spec encrypted lines, and no insecure lines will connect to any of them. This means that whether someone can hack in or not is pretty much a moot point. What matters more than anything is how stable your boxes are and how good the custom code you write for the boxes is.
Now, on box stability, Solaris wins hands down. Just look at the way each system copes with memory failures for example. Inducing a kernel panic through some bad code is far far easier on Linux than it is on Solaris. For stability, Solaris > Linux > Windows.
On the subject of coding, the best code will be written on the platform with the best tools to debug and fix that code. Now the windows dev tools are actually pretty good. They aren't great, but they do at least work. And in some cases you get best of breed tools on windows (think Rational Quantify/Purify and Intel's VTune - both of which are available for other OSs, but the most fully featured versions are on Windows). On Linux the development tools suck. Anyone out there who thinks that GDB is even remotely fit for purpose clearly has never used it. GDB is unstable, and outright doesn't work for multi-threaded code. In fact GDB is proof that open source does not automatically equal good. On Solaris you have Sun Studio which is an excellent development system, and you have DTrace which is a killer app. For developing robust mil-spec code it is clear that Solaris > Windows > Linux.
I don't understand the "no interoperable" argument. We all know that MS loves to invent their own proprietary standards and embrace & extend existing ones. But there are still plenty of well documented open protocols for doing just about anything between the two operating systems. There is also plenty of middleware that runs on Windows & Linux that could facilitate messaging, transactions, RPC or whatever. I don't see any reason you can't have Linux & Windows talking to each other.
"Linux-based systems have a limited ability to communicate with Microsoft-based systems"
Shouldn't that be the other way round?
Interoperability is only a problem if
thou believest that there is no true God but the one MS God, and thine eyes seeth only that which thine one true God hath created.
And if thou dost believe that, then you're in for troubled times ahead, dude.
"Linux-based systems have a limited ability to communicate with Microsoft-based systems". I think this is misleading. Let me suggest:
Microsoft==Embrace and Extend
It is an established FACT that Microsoft has an ongoing policy of modifying standard communication protocols, then inventing its own, without telling anyone else what they are and then threatening to sue anyone who tries to find out. There are and have been for many years court judgments about this exact kind of thing. Hell, even Billy boy himself has appeared in articles espousing the strategy.
This isnt a technology issue. It's a management issue. Management have clearly failed to identify and mitigate the risk implicit with going balls-deep into a proprietary technology "owned" by a notoriously sharp idiot-savant\h\h\h\h\h\h\h\h\h\h entrepreneur.
"So in the end all actual communication will be done with walkie-talkies by grunts, as has been the case for decades?"
No, these days they use mobes and civilian-grade GPS.
"IIRC a few years ago the French MoD if not the entire govt announced they were going to develop a secure version of Linux."
And someone else has already noted that BSD has a better reputation in security circles. And-also-and IIRC, the NSA similarly announced that they would develop a secure linux kernel. I don't know what happened to either project, but if they actually exist then one wonders why the whole world isn't using them. Isn't "being open to third party improvements" supposed to be one of the major benefits of open source?
Maybe the "Linux" brand now has the critical mass of religious adherents needed to stay afloat despite known limitations and the existence of a free and technically superior alternative.
I'll get my flame-proof jacket...
I'm guessing hackers shouldn't get a look in to most of it.
If it isn't a (mostly) closed off / private system then people are just looking for trouble.
I'd say the security / bug risks could well be equal either way, the difference is, one of them you can't guarantee a fix. The other you can. When it comes to your own life, I wouldn't start putting all my trust in one other person who is only interested in money (Okay, Boeing are only interested in money, but you could find someone else to take over the maintainance, even if you must make the government body yourself.... Which I'm pretty sure would work out cheaper in the long run over a range of projects).
My theory today is that
If this article is correct - www.heise.de/tp/r4/artikel/5/5263/1.html - then it could be that the US military don't want the NSA to have easy access to their systems.
er ... that's it
(dayglo pack-a-mac by the umbrella stand)
SMCS-NG as first deployment of "Windows for Warships"
So when is the British Navy changing over? .....wiki page below. http ://en.wikipedia.org/wiki/SMCS
Advanced IntelAIgent Virtual Defense ......
..... ...... for PsychoPathic Controls in Deep Underground ControlLed PsychoSIS
Seems like a job for Special Forces, Austin. White Hatted Wizards with Above Top Secret Clearance. And Fully Licensed and Loded to Thrill [and not too many of them on the Dance Floor, I'll wager] ........ for AIDefinitive OverArching View with HyperVision... IT HyperTechnology Delivering ITs Future Goods in Advance of Product Placement for Sharing. The NeuReal Paradigm for the Change AIgent.
"So they're bringing some 70 programmers, engineers and other IT professionals to Washington to brainstorm in four "Battle Command" summits." ...... Hmmmm...... I wonder who, and by what criteria, that motley selection is made? It is bound to be an eclectic eccentric extravagant mix, though. Anything less than Unique will be Failure before it has even begun.
One would not unreasonably assume, that if monitoring of Technology Use is so supposedly widespread/ubiquitous/intrusive, then they would have an assembly of the Best of the very Best. Anything Less and the Dream is Lost and ITs Fakes and Fakery XXXXPosed. False Prophets and False Profits unmasked.
Some Real Positive ProAction with some Real Slick Monetary Transactions will Plug that Hole in Defenses and Energise Shield Repairs, Immediately, if not Sooner.
Military machine Windows based?
No wonder they keep killing so many Brits when we're supposed o be on the same side!
how the os-communists how are going to deal with this. Because the Opensource Community is full of socialists. Nothing to do with the quality of software but those leftists are now faced with there biggest problem: giving their code - for free- to the biggest military-complex in the world. Proof in the pudding that politics and software don't mix...Never...In a political sense the whole Opensource movement is flawed. Got it, ladies...
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Did a date calculation bug just cost hard-up Co-op Bank £110m?
- Feast your PUNY eyes on highest resolution phone display EVER
- Wall St's DROOLING as Twitter GULPS DOWN analytics firm Gnip