back to article Solaris deposed as US drone-ware, replaced by Linux administration

Hey, Linux fans: a high-profile, colossal, global outfit is about to dump a proprietary operating system and replace it with Linux in a very, very, demanding application that literally involves life and death situations. We've known this for a while actually, since 2012 to be precise, as that is when the Naval Air Station at …

COMMENTS

This topic is closed for new posts.

Page:

They probably realised ....

..... that while open source may have some risks it is not as great as the risk of Larry raising the prices once the system was entrenched. Either that or installing it on a non GUI system was too much hassle even with Mobaxterm.

15
0
Anonymous Coward

Re: They probably realised ....

As a long term Solaris fan ...

I couldn't agree with you more!

5
0
Anonymous Coward

Re: They probably realised ....

Yep it must have been the price. Linux is after all one of the few OSs with more known security holes than Solaris...

1
24
Anonymous Coward

Re: They probably realised ....

Hi TheVogon, now you've opened with the standard Linux security holes spiel, I'm guessing next up is the link to the irrelevant Zone-H Survey in 5..4...3...2...1

8
0
Anonymous Coward

Re: They probably realised ....

Wrong guess. Here instead are some supporting stats:

http://secunia.com/advisories/product/12192/

http://secunia.com/advisories/product/4813/

0
5
Anonymous Coward

Re: They probably realised ....

So... you're again cherry picking results that you think support your case, comparing one distribution of Linux from one vendor with Solaris? Good to see you've changed the material, if not your form. Of course, you did notice this little snippet further down the page... right?

"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

Here's another set of Secunia advisories that demonstrate the joys of cherry picking:

http://secunia.com/advisories/product/1173/?task=statistics_2014

So... should I just use the link above to make spurious confirmation bias-based claims that all versions of Windows Server are equally vulnerable and unpatched to a similar degree over time? Decisions, decisions...

6
0
Anonymous Coward

Re: They probably realised ....

Let me see:

648 vulnerabilities in Windows Server 2003

1,697 vulnerabilities in Solaris 10

4,244 vulnerabilities in SUSE 10.

Your link just further backs up the point being made - That 'Linux is one of the few OSs with more known security holes than Solaris'. The only other one I know of being OS-X.

1
9
Anonymous Coward

Re: They probably realised ....

Instead of simply looking up a web page and triumphantly throwing out numbers, you might want to try looking at examples of the actual updates. Last time I looked, IBM Java 6 was not Linux.

Definition: "A Linux distribution (often called distro for short) is an operating system built on top of the Linux kernel."

This means that every single piece of software included in the SuSe 10 distribution is included in the advisories. That can, and probably would include everything from /usr/games/fortune to an office suite and won't be same as other distros.

Since you instead prefer to think of Linux as a single piece of software, instead of the collection of several hundred (often specialised) distributions it actually is, let's play that game with Microsoft. There are 1069 pieces of Microsoft software listed on Secunia. I'll take 2003 Server as a convenient choice which with to coat Redmond's entire product line with a layer of bullshit and say that this must mean n thousand security vulnerabilities affecting all versions of 'Windows', even if the vulnerabily is actually in Office, or some other vendor's software, but hey it's installed on Windows, and it's all just Microsoft isn't it? Never mind that recent versions are a huge step up in the security stakes if properly maintained, deployed and managed.

This is approximately your logic.

10
0

Security stats are all meaningless

These security stats mean nothing, for any OS, when we're dealing with embedded/dedicated systems.

They don't run a whole LAMP stack or the whole of Ubuntu/whatever. No email. No Twitter.

They just run kernel + custom software.

3
0
Thumb Up

Wow, that'd make a great T-shirt!

Death from above*

*now powered by Linux

9
0
Silver badge
Black Helicopters

Re: Wow, that'd make a great T-shirt!

Love it. But will they now have the "Intel on the inside" logo on the hardware itself or more appropriately "Powered by ARM"?

I always thought Solaris was a killer opsys, but little did I know....

4
0

Re: Wow, that'd make a great T-shirt!

"Powered by" is so old school. Why not nick one of the old risc os coding groups names? They were always creative when it came to mentioning ARM:

Grievous Bodily 'ARM

ARMageddon

...

12
0

Re: Wow, that'd make a great T-shirt!

Death as a Service? in the cloud?

5
0
Silver badge
Linux

Re: Wow, that'd make a great T-shirt!

"Death from above*

*now powered by Linux"

At least penguins will be safe. Its bound to have a prime directive not to harm them!

1
0
Anonymous Coward

Re: Wow, that'd make a great T-shirt!

Powered by ASM (air to surface missile) more like.

0
0
Silver badge
Facepalm

Re: Death from above

But penguins can't fly!

1
0

Re: Death from above

Given enough thrust they'll fly just fine!

0
0

I've missed something here

I'm I read somewhere that someone developing driver-less cars said they had to write their own OS because a PC or server based OS might go off and do housekeeping chores at inopportune moments. A pilot-less military helicopter however appears to be OK with a general purpose database app on top of a general purpose OS. Is that right?

0
3

Re: I've missed something here

Google's self driving cars are allegedly running on modified Ubuntu Linux. So there you are then. (A working version of the video linked to in that previous linked article can be found here.)

4
0

Re: I've missed something here

I'm not sure a general purpose OS is suitable for this, I'd rather see a true real time OS that's coded for the task, and doesn't have attack vectors because the code never existed.

But of course, that would require a lot of effort.

3
1
Anonymous Coward

Re: I've missed something here

Yes but imagine the possibilities for dealing with spammers.

7
0
Silver badge

Re: I've missed something here

"I'm not sure a general purpose OS is suitable for this"

Maybe, but just because they started off with general purpose Linux doesn't mean thats what they'll end up with. From a security point of view any sensible designer is going to strip off all code that isn't needed, and the bit that's left ought to be there only because it is needed.

However, before Linux fans break out the champagne, I'd note that the US have yet to rationalise their many different air forces, armies and drone units (including at least six separate major air operations). The vast amount of overlap, duplication, infighting and waste, when combined with a budget squeeze that has barely started make this consolidation inevitable.

It doesn't follow that the USNAS will be the lead developer for pilotless choppers - could be the marines, could be the air force, could be the army, could be a new combined defence development unit. Until the consolidation has been completed there's no guarantees as to what hardware or software will prevail.

4
0

Re: I've missed something here

No.

0
0

Controlling how? Re: I've missed something here

@Magnus Pym: you're right that the on board flight control system should probably be real time. The question the article raised to me is what is meant by "software controlling the drone" - perhaps it's remote control software+GUI/a flight management tool etc that's used on the ground. As you're dealing with probably powerful computers and delays/latencies due to radio links anyway, having a normal OS instead of real time looks like a good design choice.

4
0

Re: I've missed something here

A general-purpose OS isn't suitable for ATMs, or voting machines, or industrial controllers, or medical equipment either, but people still do it.

4
0
Silver badge

Re: I've missed something here

Why not? What's so special about an ATM, or a voting machine? I could sketch the logic on the back of an envelope and neither require real-time anything. As for the others, with appropriate hardware interface boards to ensure real-time stuff happens in real time, same question?

0
0
Anonymous Coward

Re: I've missed something here

" From a security point of view any sensible designer is going to strip off all code that isn't needed, and the bit that's left ought to be there only because it is needed."

You've obviously never worked with any of the dev types I have then: pretty much all of them are of the "install everything and we'll write the app to run as admin" school of design.

2
0
Boffin

Re: I've missed something here

Perhaps they're using the RT patches (http://en.wikipedia.org/wiki/RTLinux). That's what I would do, anyway.

0
0

Re: I've missed something here

"coded for the task, and doesn't have attack vectors"

I think attack vectors will be important for efficient death-dealing.

0
0
Silver badge

Re: I've missed something here

You appear to have missed the little box that you tick to make the kernel real time.

0
0

Re: I've missed something here

I think the term that you are looking for is a Real Time OS (RTOS)

0
0
Silver badge
Linux

Re: I've missed something here

> Why not? What's so special about an ATM, or a voting machine?

It's something we actually care about. It doesn't really fit well into the typical corporate mentality of cutting corners until you are left with a circle.

Software development for those devices should look nothing like the usual nonsense that goes on with consumer products and business systems.

1
0

Re: I've missed something here

Although you can get Linux to near realtime, I don't think the drone itself depends on it, Linux is probably for the backend.

0
0
Silver badge

Publishing the code?

Isn't it a requirement of using Linux that the code modifications must be published? So we'll have the US Merchants of Death (tm) developing code which Al Quaeda can use in their drones. Neat.

1
9

Re: Publishing the code?

No, the requirement is that source code has to be distributed to the clients that buy the binaries.

Not that the modifications of the kernel will tell much about flying the drone.

7
0
Stop

Re: Publishing the code?

"Isn't it a requirement of using Linux that the code modifications must be published? "

GPLv2 was published in June, 1991...after so many years, people still come with this dumb quote? NO, the source must be PROVIDED with the binaries DISTRIBUTED. Since the recipient is only one entity, they are the only one entitled for it.

"So we'll have the US Merchants of Death (tm) developing code which Al Quaeda can use in their drones. Neat."

Al Quaeda use Windows on their desktops and laptops. The only drones they use are made with paper...

9
0

This post has been deleted by its author

Silver badge

Re: Publishing the code?

It would only be any code that is covered by GPL that has been modified that would have to be included anyway.

Most of the application development tools and library runtimes are published under LGPL, so it is perfectly possible to add the controlling layer as an application that sits on top of Linux linking to LGPL code without having to provide the source to anybody, even the people who buy the binaries.

If you are extending it comment about modified code to the previous comments about stripping Linux down to stop housekeeping, the stuff that is likely to affect performance is all in user space, and can be configured out by modifying the runtime configuration. Similarly, any parts of the kernel that are not required can be stripped out at kernel build time by configuration. The configuration files for the kernel build and runtime daemon configuration are not covered by GPL, so would not have to be published.

This perception that anything that runs on Linux has to be covered by the full GPL is just crap, and the sooner more people understand this, the more likely it is we will see commercial applications appear to run on Linux, something that is definitely required for Linux to be perceived as a viable full alternative to other operating systems. The opportunity for Linux to take the desktop is past (unless it's Android!), but I'm still hoping that it can achieve sufficient traction that it does not die as a desktop OS.

3
0
Silver badge

Re: Publishing the code?

You still have to make the offer to provide the source of the LGPL libs you used when you distribute the app binary.

Does dropping a bomb on somebody count as distribution? Would having the GPL text on the side of the bomb be sufficient?

0
0
Silver badge

Re: Publishing the code?

Not just those who purchase but anyone who receives the bjnaries. I wonder if the missiles are linux powered too?. "I could give you the source code, but then I'd have to kill you."

1
0
Silver badge

Re: Publishing the code?

Actually I think it's more "I could kill you, but then I'd have to give you the source code,." !

0
0
Vic

Re: Publishing the code?

It would only be any code that is covered by GPL that has been modified that would have to be included anyway.

This is not true.

If you *distribute* GPLed code (which is not the case here), you either ship the source with the binaries or you accompany it with a written offer, valid for at least 3 years, to supply source to any third party

Whether or not you have modified the code is entirely irrelevant - go and read the GPL. Section 3 is the one you want.

The configuration files for the kernel build and runtime daemon configuration are not covered by GPL, so would not have to be published.

From Section 3 of GPLv2 :-

" For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."

Vic.

0
0
Vic

Re: Publishing the code?

Not just those who purchase but anyone who receives the bjnaries.

If you're distributing under Section 3(b) - as most commercial entities do - it's any third party. Whether or not they've received the binaries is irrelevant.

Vic.

0
0

Re: Publishing the code?

If you're dead there is no reason to give you the source code! They will go out with a bang..........

0
0
Black Helicopters

one minor flaw

Actually what happened was that they gave the commandment to a junior to go and get the source code to iOS. After being laughed out of the room by both Apple and Cisco, the junior, using his initiative, got the closest thing he could... cOS . Not realizing that this is in fact the Chinese state funded Linux mobile OS. It was free after all and they gave him the source code wrapped up in a nice auto-loading USB key.

The Chinese now have a fleet of remote controlled Death Machines sat on US soil ready for activation as an incentive for the good people of USA to pay back all that money they borrowed.

I for one welcome our Chinese................

3
4
Anonymous Coward

Re: one minor flaw

sounds like you should return to your basement home and hourly reading of /.

3
6

Re: one minor flaw

AC lighten up , it's a joke and there is never a requirement to make things personal. It's a giant neon sign of insecurity.

7
0
Pint

Re: one minor flaw

Didn't particularly like the joke... (a bit too elaborate) but that's taste for you (IOW that's my problem, not yours). Totally agreed with your point, Andy - have an upvote ;)

1
0
Silver badge

Can anyone help me here?

I'm trying to set up a cron job that disables the launch of a Hellfire missile if an 'arm' confirmation is not received within 100ms of the initial 'weapons enable' command. This was working fine until I installed the proprietary Nvidia drivers for my FLIR display. Before anyone asks, I have installed the latest version of the combat-calc libraries.There was a post from SuperTrooper on the forum last week that dealt with cron and task schedule interference but I didn't bookmark it.

20
1

Re: Can anyone help me here?

Personally I'd use at and a highly obfuscated perl script (if that isn't a tautology) to execute the command after 100ms if it wasn't cancelled by something else first.

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018