Slashdot Mirror
Linux -- Government Acceptance vs. Actual Use
sdriver writes: "As someone who works in the Space/Science/Military field (as a contractor) I thought I'd share some links to how much Linux really is being used. This one is the U.S. Military using Linux. This is another. This one is about realtime Linux stuff for the U.S. Military. Then there are some general arguments about Open source here and here. For those of us who have hardcopies of this magazine will notice most advertisments feature Linux along with VxWorks as a typical target platform. Not the "other" guys."
It's no surprise or secret that for all its tripwire maze of requirements, the U.S. government uses plenty of Free software already. Still, a re-examination of the POSIX requirement would seem in order. Or perhaps the Feds would like to save money by funding the development of an add-on POSIX implementation layer for Linux -- after all, that sounds "good enough for government work." ;)
First, I am a contractor for a large program which does use the DII COE kernel, and currently we use it under Solaris. There are quite a few requirements to be DII COE certified that aren't mentioned by the article.
The real problem is, if you port the DII COE to Linux, it's just one more platform. Currently, there's a COE requirement that all new DII COE certified software must work on all the platforms for which there is a DII COE kernel, currently, they are HP, Sun, and NT.
So as far as the government is concerned, it doesn't save them any money. If they contract out a program to work under the DII COE for linux, the government will probably need to pay to develop it for HP, Sun, and NT as well. In the end it will be only added cost with little added value, since they can run the same software on the boxes they currently own in the first place.
And then there's all the restrictions. No bash or csh scripts. Use korn shell instead. No SUID shell scripts. Perl is not a default language. Even little things like the default umask are not to be changed. System administration is quite a pain.
And even with the restrictions, which distribution do you use? Slackware, Red Hat? Expecting DII COE to work with both is quite a task, since it wants control of quite a few administration details, and both are different in that area. Not all binaries compiled for slackware will work for redhat and vice versa. And that's a problem since the COE packages must be delivered precompiled.
And then if you want things like perl, or gzip, or Netscape, and all the things that COE didn't provide (usually called Commercial Of The Shelf, or COTS software), the government must pay to have those repackaged to the COE package format. This might include things like Gnome, Kde, StarOffice, BIND, Sendmail, etc.... And of course, each platform must be packaged separately.
Ack.
are the objections of the DOD to the kernel, or to the extant distros? posix compliance should be easy enough to fix, as suggested in the original post, an add on layer of some sort. seems silly to reject a solid kernel on that basis.
Actually, you're wrong. Certain government agencies do have NDA-restricted access to code from Microsoft. And they've been through it plenty.
Certain Universities have access to Microsoft source, too. It's always done under NDA.
I guess you're just wrong. Sorry.
I'm a senior network admin/systems manager for a medium sized city govt in the US (pop 100K). We use open source software everywhere we can make it fit and make it work for reasons of low cost, high reliability and ease of customization. I'd like to say we use Linux extensively, but I can't.... I run only a single Linux machine anymore. I've migrated all my open source unix machines from Linux to OpenBSD and FreeBSD now, because *BSD does run better and tends to be even more stable. OpenBSD is on all my Internet firewall/bastion servers and is virtually hackerproof. Lots have tried, all have failed.
User error: An operator enters in a wrong number. The ship becomes operates perfectly; however, unexpected actions occur.
Application error: An operator enters in a wrong number which should be trapped. The ship becomes crippled. The OS does not crash or become crippled.
Application error: A wrong number is entered and not trapped by the application, which corrupts a critical database. Terminals accessing the data become useless. The ship is crippled until the database is restored. The OS does not crash or becomes crippled.
Driver/Hardware/OS error: An incorrect input into an application causes a driver to send inproper information to a device. The device becomes inoperable until a reset occurs. The OS may crash.
OS error: The OS receives an input that shoul d be trapped, and the OS crashes or becomes inoperable.
The Yorktown was disabled in September 1997 due to an application and OS error. The user input was not handled properly by the application, plus the application crashed the machine (i.e., blue screen of death). Unless the OS crashed due to a poorly-written driver to specialized hardware, I would say that it is due to problems with Windows NT. Howver, fully-supported network cards, video cards, mouse, keyboard drivers should be fully operational under any conditions. NT still has problems, but Linux is much better.
OpenBSD is going to have full userland real-time control soon (the code just needs to be merged into current) And, what the hell, OpenBSD is already secure! The DoD already uses it in over 260 installations!! Why benefits would you get with Linux... Other then Red Hat making some cash...Sheesh
You think that compatibility package is installed on a single gov't. machine? If it's not POSIX out of the box, and they're installing it out of the box and not modifiying it, then it's not POSIX compliant, is it?
Of course, I didn't post this. Someone else did, although I did write it on ma-linux.
you would be a lot better thinker if you thought about your own words rather than just spew out your random thoughts.
Failure: When your best just isn't good enough.
Yes, you are correct.
I guess I just find it to be kind of a challenge to argue, er I mean beat my head against the wall.
See, this is an example of that lack of critical thinking...
What do you think it means by LAN consoles and remote terminal units crashing?
They might have had a web app server, and the web pages don't come up.
Think about it... Have you ever dealt with endusers? When they say "My computer crashed." what does that mean?
You can tell by the tone of the whole article that it is not technically specific. They talk about a database overflow in one instance, and a divide by the number zero elsewhere...
Come on, put your thinking cap on!
Nobody is getting paid. I'm just sick and tired of reading misinformed idiots posting this bullshit as fact.
Where does it state this? The whole article is written by a technically inept journalist.
You're trying to read something into the article to prove your own personal biases.
Yeah, but with the toliets, you pay per toilet, not per person who uses it :)
Now, I know nothing about this stuff, but I believe that systems like AIX do things like assign process id's in an unguessable sequence, really trivial things like this that I don't think linux hackers would even guess needed doing.
....
Of course, if the military just asked for what
it wanted
From my haphazard memory of past GPL discussions, that's how I believe it to be read. You can do anything you want, but as soon as you distribute it, for profit or otherwise, you have to release the source.
Distributing to Army/Navy, etc isn't "distribution", tho, as they all fall under the DOD's jurisdiction... right? It's similar to a CEO using and modifying Linux, and then passing it along to the departments underneath. That's not "distribution".
Potato chips are a by-yourself food.
Good thing, because I certainly am not a GNU expert. I believe I've only read the GPL once.
In general, I defer to people with more experience, knowledge, or sense -- it's a sign of maturity to admit when you don't know something. It's a sign of immaturity to call people names. It's a sign of cowardly immaturity to call people names while hiding behind anonymity.
No I did not purchase my nick from eBay. Did you? Oh, of course -- you're an Anonymous Coward. You don't have the courage of your convictions to stand behind what you say.
Potato chips are a by-yourself food.
Recently my office setup a Web/database application using an existing NT/IIS/SQL server box. We needed to add fax capability to the app quickly, and cheaply, if possible.
We could have investigated 3rd party software or bought and setup Exchange (that'd be a cold day in Hell) or wrote some custom VB code, but we found a better solution.
We had a Linux box performing some other tasks anyway, so I wrote two small scripts (total ~30 lines), edited a couple of config files, and the Linux box was ready to provide fax services to the NT app. It took about 4 hours from start to finish and another two hours to debug a problem with one of the tools used in the solution. I basically tied together a few existing tools to create a solution. I had to modify the source in one of the tools to workaround a limitation in another of the tools, so availability of source was key to making it work quickly. Of course I commented the modifications and kept the original code handy.
Linux is being used all over the place, often with only tacit approval of IT management types.
I setup several Linux boxes at my last assignment. One is primarily a mail and file/print box. Another is a masquerading box that connects a remote LAN to the office network via dialup PPP. Another started out as a Web/mail server, but grew to provide file/print, Web/database, mailing list, dialup, and, recently, fax services. The first two boxes are 486's with 16MB RAM. The last is a P100 with 32MB RAM.
These boxes have been running for up to two years without problems. The most downtime they had is hardware upgrades and a mandatory Y2K shutdown.
The single biggest reason Linux isn't used more in the DoD, regulations notwithstanding, is the lack of knowledgeable sysadmins. NT is often used when Linux or *BSD would make more sense simply because that's all they know how to use.
But there are still lots of Linux boxes out there getting the mission accomplished, only getting recognition from the local admin and perhaps an officer or two who knows the real deal.
Get over it.
Linux is used at many DoD locations for many purposes. None involve direct control of a weapons system, but it's definitely being used in all kinds of support functions. I have personally used it for several applications in military organizations.
The military uses trucks too, so should Ford and Mercedes stop improving their technology? Should farmers stop growing food so that soldiers can't eat?
Your position is ridiculous.
OpenBSD....Already fits the bill
I'm happy with that. Anything But Microsoft... oh, hang on a minute, can I change my mind if I end up being shot at by the US military? (-:
"What? You're not using Windows 98? You're MAD!" (-:
Got time? Spend some of it coding or testing
And then if you want things like perl, or gzip, or Netscape, and all the things that COE didn't provide (usually called Commercial Of The Shelf, or COTS software), the government must pay to have those repackaged to the COE package format. This might include things like Gnome, Kde, StarOffice, BIND, Sendmail, etc.... And of course, each platform must be packaged separately.
How hard would it be to do RPMtoCOE or DEBtoCOE?
Not a complete solution, of course, but probably a necessary step. A COE-packager-based distribution with a suite of XXXtoCOE tools would at least look more attractive (ie be more buzzword-compliant). That and updating UniFix's POSIX cert, then chasing a C2 (or higher) rating, would surely help lots.
Got time? Spend some of it coding or testing
Theoretically, the duly elected representatives of the people make laws, and "the government" merely carries out the implementation of those laws. I do realize that your statement is more or less true; the many-headed apparatus of the US Government pretty much decides its own laws, with a few helpful suggestions here and there from major corporations and contributors.
Someone at where you work needs to either learn what 'annual' means or learn to count.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
/sbin/halt should stop Linux if you're having a problem with it not stopping. So will the power switch.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
Except openBSD can't use more than one processor, so that rules it out for many applications. Plus we don't know all the specifics of what they'ed be intending the machines to do, where maybe there's a LOT of changes mandated that the default install won't be the default anymore, and hence maybe some new bugs will creep in.
Plus it's canadian. For a matter of national pride, the gov't isn't likely to adopt software that was developed outside of the states...
Also from the article:
Maybe the initial problem was an application error, but the fact that all the other machines crashed indicates that there were some OS issues as well. If it were just an application error, this wouldn't be news, but take down every machine on the ship and there should be some serious explaining going on.
Your right to not believe: Americans United for Separation of Church and
Well, since the only thing on the LAN which would even look sort-of like a console to an end-user would be another PC, I think it's reasonable to infer that the application error crashed their whole network. It's not like they would mistake a networked printer for a console, y'know. And I doubt that they were running the ship off of web pages back when this originally occurred, considering that it was probably using technology that was state-of-the-art a year or two before the ship crashed, and at that time Microsoft hadn't even discovered the Internet yet (I say this in the same sense that Columbus "discovered" the New World).
That part made sense to me - somebody put a zero in the database, and the application later hit the zero and was off to the races.
Your right to not believe: Americans United for Separation of Church and
That's a good point - considering the lead times of government development projects, maybe Linux wasn't workable when the Smart Ship was originally spec'd. Of course, more traditional Unices would certainly have done the job better than NT, so I suppose that's not really a good explanation.
Your right to not believe: Americans United for Separation of Church and
The article says exactly the following...
But according to DiGiorgio, who in an interview said he has serviced automated control systems on Navy ships for the past 26 years, the NT operating system is the source of the Yorktown's computer problems. NT applications aboard the Yorktown provide damage control, run the ship's control center on the bridge, monitor the engines and navigate the ship when under way.
"Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor," DiGiorgio said.
Pacific and Atlantic fleets in March 1997 selected NT 4.0 as the standard OS for both networks and PCs as part of the Navy's Information Technology for the 21st Century initiative. Current guidance approved by the Navy's chief information officer calls for all new applications to run under NT.
Ron Redman, deputy technical director of the Fleet Introduction Division of the Aegis Program Executive Office, said there have been numerous software failures associated with NT aboard the Yorktown.
"Refining that is an ongoing process," Redman said. "Unix is a better system for control of equipment and machinery, whereas NT is a better system for the transfer of information and data. NT has never been fully refined and there are times when we have had shutdowns that resulted from NT."...
The Yorktown has been towed into port several times because of the systems failures, he said.
"Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT," Redman said. "If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down."
Although Unix is more reliable, Redman said, NT may become more reliable with time.
If you believe that a guy with 26 years of control system experience knows what he's talking about then you must agree that NT caused the failures.
Or if you think that a man who's achieved the position of deputy technical director of the Fleet Introduction Division of the Aegis Program Executive Office must have some technical knowledge of computer operating system, then you should probably conclude that NT caused the problems.
Or you could continue to play devil's advocate for the fun of appearing impartial and blame the "inept journalist". Whatever floats your boat.
They might want to sell some advanced weapons (complete ships or whatever) to allied/friendly governments. These systems may contain software in binary form. They are then redistributing their software.
This get even more likely when the first generation of computerized ships gets old and is about to be replaced by new improved ships.
ever think they may be trying to help the DOJ out? The only way MS can be considered a monopoly is if there are no competitors - perhaps they are trying to prove yet again there aren't.
If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
If you think you know what the hell is going on you're probably full of shit. -- Robert Anton Wilson
jdube is who
why are you reading it then? Is someone standing behind you forcing you to read slashdot even though you hate it?
idiot.
Resistance is not futile - www.gnu.org
Yeah, I know all about it. Aren't you glad I never turned you in!
-- Windows security? Sure, which ONE would you like? -me
Heck, ten years ago we were using GCC when I worked at a DoD/government facility.
So GNU usage is nothing new.
Linux, on the other hand, didn't really exist for us at that point.
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Anthony DiGiorgio, a civilian engineer with the Atlantic Fleet Technical Support Center in Norfolk said:
The article also says:
Even your interpretation of the Navy's statements is incomplete, because it's based on insufficent data. The article actually says
That is not enough information to tell if the application crashed or the os crashed. I agree that your interpretation, an app only crash, is far more probable. I have often found non-technical users cannot distinguish between the OS and the application they use. However, we lack sufficent data to really know what happened. In the absence of that data, I will accept the opinion of two men who do know what happened, DiGiorgio and Redman. They say NT was at fault.Sorry, but I did not want to post on Slashdot from my computer at work ;) (Heh, I was posting from a shell account in lynx.) Please forgive me. I will email the AFCA report to anybody who would like to read it -- it directly contradicts a lot of what the GCN article said. Goes to show that there _are_ pro-Linux people in the DOD.
We want endless gardens of data, where the bits can flower, flourish and reproduce. -- Andy Mueller-Maguhn
Well, if that's not enough, they're doing it again.
I submitted this weeks ago and was rejected...
_Am
i went aboard an Aegis guided missile cruiser once and in the CIC ( thats where all the navigation/targetting/missile tracking stuff goes on ) i saw 5 NT 3.51 boxes hooked up to a fibre optic connection..that i was told was where the entire ship was controlled from...and they were all *gasp* showing NT login prompts...when i guy i was with logged in i could see the real time nav displays all hooked up to a standalone win32 application running on NT. evidently they cant navigate or fire weapons if the thing BSODs. and they dont have an off switch to do a hard reboot either..the ship has to go back to the shipyard.
yes. im an idiot. i never saw any ship. however, if you would like to contact the Commander in Chief, Pacific Fleet, US Navy, im sure you can tell him that he's an idiot too. Oh and dont forget to tell him that http://www.ditcjp.disa.mil/pcy22/it21lnk.html the IT-21 policy for deploying windows NT controlled weapons systems is stupid as well. http://www.chips.navy.mil/chips/archives/97_jul/fi le1.htm ...read down for the statement that NT 4.0 is now the standard fleet NOS. you might want to look at the OC-3 and ATM fiber internetowrking standards proposed on the page so you can tell me how wrong i was about the fiber links. *sigh* not everyone is a troll y'know.
Unless you're in one of the other branches (whose members have an obligation to mindlesly bash the branches they're not in), that's kind of a ridiculous statement. Military types may be inflexible and stiff necked, but they aren't stupid. No one's going to let a bunch of morons drive around in billion dollar ships capable of leveling cities.
Intolerant people should be shot.
Now, I don't think that's what I meant... Those are intelligent people making decisions that don't mesh well with what they were supposed to be doing. I was talking about Gomer Pyle not being allowed to rest his elbows near the fire button for the main guns...
Intolerant people should be shot.
Hey, I'm not saying you won't get _in_, just that you aren't likely to be given control of anything more dangerous than a mop. (and a rifle during boot camp, I suppose)
Seriously though, that was funny. Too bad no moderators'll see it.
Intolerant people should be shot.
The Washington Post is re/pre-printing this glowing review of CLOS2 in today's edition.
So maybe the DoD will find room for Linux on the desktop if not in the server room.
Work for Change & GET PAID!
Once it's installed, it doesn't stop running!
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
Linus (and many many others) are the copyright holders. They decide the license for Linux, and they would have to release the government from obligation; undoubtedly there would be several that would refuse.
Dear my! What are those things coming out of her nose?
Spaceballs!
Linux has not been put through the standard set of POSIX compliance tests, but the set of functions that are required by POSIX are put to test by millions of machines every day.
in military grade systems, but I do know for a fact that some army systems use SCO Unix (ODT2.0 and OSR5.0.2). I know this because I worked on them. I know it's fashionable to bash SCO, but it does have C2, and to the DOD, that's important.
Now to bring this onto topic, now that Caldera has bought out SCO, perhaps they can provide a C2 certified version of Linux. That would probably be a big hit with the DOD guys...
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
NT 4.0 =FAILED= it's initial C3 review, due to security flaws, yet the DOD did NOT stop it's use (despite that being mandatory by their own guidelines). Before the DOD starts pointing fingers, it needs to remember where the remaining fingers go.
IIRC, the other thing to remember about Orange book security (C3/2/1,B2/1,A1) is that the rating is for a specific version on specific hardware.
In other words, let's hypothetically assume that a generic intel box is considered "specific hardware", and (even more hypothetically) assume that NT4.0 with SP3 installed is C2 rated on said generic box. Now what happens when you need to install SP6a? Or (because IE4 is "integrated") you download one of those many many IE patches? You are no longer C2 secure, because your platform changed.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Assuming by the above statement that you've already audited millions of lines of code for the current version, I'll give you a hint about a very effective tool used to point out the differences between versions of software, if the source code is available. You will find this software installed by default on most Linux distributions. Give up yet?
assert(expired(knowledge));
WWJD -- What Would Jimi Do?
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
WWJD -- What Would Jimi Do?
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
What are you smoking?
McArthur was an arrogant SOB, but he was hardly a moron... Incidently, making war on china was a very sound tactical decision, but a piss poor politcal one.
Old truckers never die, they just get a new peterbilt
From what I know of the GPL, it only keeps the software that it covers free. It doesn't require you to distribute any changes that you make. If I decided to modify the kernel to support some new nifty hardware, I don't need to release the code to the world. It would be nice if I did, but the license does not require me to. However, I can't sell that code with the rest of the linux kernel, since the kernel itself is free software.
However, I could be totally and utterly wrong about this. =)
As my understanding goes, the spirit of the GPL is that the modifications you make to the software will remain yours, unless you decide to distribute that modified software. In other words, if you take Linux, hack it up to bits for internal use only, you won't have to release the source to the outside world. The source will need to be released iff the modified binaries are to be released as well; the GPL protects against a pure-binary-only release.
--
Even as an OpenBSD zealot, I really find the "security" issue a bit moot. Yes, OpenBSD is more secure out of the box, but Linux would do just as well, if properly audited for security. Kernel-level security is not as much of a concern, and if these systems are going to become custom-embedded systems, then Linux will be just as good as any of the BSD's.
As for deployment as a server, an admin who takes any distro, drops it on a system that's wide-open to the world, and expects it to stand up to the rigors, deserves to be shot :-).
--
OpenBSD is not the answer in this case, because it does not suitably lend itself to being an easily administered desktop machine.
If you're looking for servers or firewalls, OpenBSD is the way to go. But the requirements the article speaks of are for the workstation machines, hence the need for Motif & CDE.
There's more to it that "security by default". The goverment also is looking at other things such as real-time OSs for critical needs. Then there is that bogus worry that since anyone can get the source, anyone can find that one overlooked bug.
Not to mention, Linux fixes cross-distro is easy. RH 6.2 uses glibc 2.1 and so does Slackware 7.1. The only HUGE difference is the logo and what directory the software is put in (some distros switch between /sbin and /usr/sbin). A tar and a gzip later and everything is fixed. If they are upgrading anyways they should know where the software was put in the first place. If they don't, I'll be on the other side durring WW3.
Yeah but see they are OFFICERS (read PHB) they don't actually touch equipment.
I don't know what you think it means when LAN consoles and remote terminal units start crashing but ... WHEN THE SHIP HAS TO BE TOWED BACK TO HARBOR you know something is wrong. Combat systems are meant to be redundant and under no circumstances should human error or an application error be so catastrophic that the entire system is disabled.
Revolting Cocks rule the world!
rhino
Because it feels like something I've done before, yeah I could fake it but I'd still want more...
from the OpenBSD products.html:
RTMX sells a version of OpenBSD which has a full complement of POSIX realtime features added to it. They have graciously donated the source code for these extentions, and the changes will be integrated into OpenBSD soon.
so that will soon be solved
it should be integrated by 2.8 (dec 2000)
Chaos, Mayhem, and Destruction: Not
This article about the Navy cruiser was widely discredited as it relates to the problem being a fault with NT. Where & How was it discredited ? A divide-by-zero error is an application issue not the operating system, unless it were to have occured in a device driver or in the kernel itself. Which seems highly unlikely given that the articles talk about the fault being caused by bad input data. Generally not true (excepting FPE), A divide by zero error is trapped at the hardware/CPU level. It generates a hardware exception. It *must* be is handled by the OS. If an OS fails to trap an application error, then it is also faulty. What you seem to confusing is cause and effect, the cause is the divide by zero, the server crash is the effect.
This article about the Navy cruiser was widely discredited as it relates to the problem being a fault with NT.
Where & How was it discredited ?
A divide-by-zero error is an application issue(sic) not the operating system, unless it were to have occured in a device driver or in the kernel itself. Which seems highly unlikely given that the articles talk about the fault being caused by bad input data.
Generally only partly true, because it's also a hardware and OS issue. What you seem to confusing is cause and effect, the cause is the divide by zero, the server crash is the effect.
Excepting FPE, a divide by zero error is trapped at the hardware/CPU level. It generates a hardware exception. This *must* be handled by the OS. If an OS fails to trap an application error, then it is also faulty.
No one's going to let a bunch of morons drive around in billion dollar ships capable of leveling cities.
I think recent history proves you wrong on this count.
Two that come readily to mind are; Macarthur in Korea (Truman had to remove him to stop him making war with China) & Clarke in Kosova (Jackson disobeyed his order to attack the Russians at Pristina Airport),
Two obvious morons in charge of huge war machines who very nearly started wars with nuclear powers.
I thought the US DoD was using OpenBSD. If I recall correctly, slashdot featured this fact in an article once.
It's a shame to see the use of such a good OS to a loss by the FUD that is Linux. Yes, you heard right. I use Linux myself, and it's not too bad, but why should everyone on the planet use Linux as well? Why can't they use NT? Why is preferring a BSD over Linux that bad?
Especially in the case of OpenBSD, where most of the utilities come from the GNU project and are released under the GPL it's not such a biggy that they don't want to use Linux, methinks.
The article was very clear about where fault lay. Several experts who worked on the ship were quoated directly. One had 25 years worth of experience. The opinion was unanimous, NT was the culprit.
No one is busting my balls. NT at work sucks, and people there know it, but MS is fading fast from my home systems. No mo blue screen of death, thank you, just OS that works. Oh yeah, it's nice to have source code, even nicer when it's free. MS's days are numbered. No one is going to put up with their junk for much longer. They used to be good, now they suck, oh well.
As other people have pointed out that stupid application should not have taken the OS down, much less a whole pile of other machines and the ship itself out.
Personal experience is in line with this. The unix systems I see never quit. NT is lucky to get a week of uptime before craping out.
my limited experience concurs. NT fails all by itself if kept running for too long. None of the very crapy apps that I've ever written have been able to bring down a sun. Nor have I been able to crash LINUX with devide by zero errors. MS BS is just unreliable.
None of the failure were acceptable. Redundancy is part of good ship design. Each of those terminals should have been able to control the engines. The apps themselves should not fail until the hardware is pierced or lit on fire. Other manual systems should have been in place to take over if all else were to fail as a result of some kind of EMF pulse. Hell, did NT take out the intercoms? Get on the gaitronics and tell the engine room what you want!
This isn't going to go anywhere. You know that, right? They aren't going to give up their stand...
Your point is excellent. The article did NOT state anything technical other than that the consoles stopped working. They probably got "A Domain Controller was not avail.... etc." and freaked out.
Now, I could see the DB server dying, and all the client's not being able to work. But, as you stated, that's a far cry from a dead LAN. Just a bunch of apps without a server to get data from.
Divide by 0 taking out the network? not likely. Dr. Watson will catch that... :)
Don't you just love the mix of NT, and clueless users?
If it was just an app crashing, why the hell would they have to tow the damn ship back to harbor to fix it?
What if that app was required to interface with the propulsions systems??? We don't actually know, this whole thread is pure speculation, but Sheldon and Phfreakazoid have good points.
And no, I'm not an MS lover. I dislike NT greatly for many reasons.
However, if you (as a user on the ship) cannot send any commands to the engine of the ship because the only method for doing so, a database application, has crashed then you aren't about to tell it to go "ahead, full" or anything else. If it can't hear you, it's not going to do anything.
At least the system was smart enough to go dead, and not suddenly attempt to take off at full throttle. :)
The control systems that were automated with NT were largely in the engineering and auxiliary support systems. It controls things like starting and stopping engines, monitoring operating conditions, etc. It does not run the AEGIS combat system, which is many orders of magnitude more complex, and which requires real-time analysis of data, most of which is done with specially designed hardware, rather than software.
but you can bet getting that NDA comes at a price too. Even if the price is promising they will buy a lot MS stuff.
its a price as a taxpaying american I dont feel I should be paying. So yeah they got the code.. but at a cost above and beyond reasonable...
Jeremy
It is an excessively polite expression for the rear end of a cow that posts in the manner that you do. The point (similar to your head) is that M$ employs an awful lot of "wet behind the ears" programmers in their efforts. I hate to belabor the point but you expressed it yourself in a very elegant fashion.
The evil of which you know is better than the evil of which you know not. At least you can find the problems and have them out in the open.
Ah, you can aspire only to be one and shall never be the other. Now please be a nice script kiddie and go away and play with your viral basic.
Hmm, my firend you are being a bit over sensitive. the boint is simple. And since you are a total bozo i will have to lay it end to end for you so that you can follow it the same way you have to follow the yellow line to find the outhouse. The government states that it didn't like the fact that some random "hacker" could be writing in Linux. My statement is that some random dork (such as yourself since you appear to have the mentality) could be writing the crap that M$ passes off as an os if they "hired" yopu as a microserf. However, since Linux, & etc. are open source, it is easier to isolate such faulty code and that further since there is greater critical review by the community at large, such things are of an immensely higher quality. And lastly (since you have the brain mass that would shame a slime mold), there is not the inherent conflict of interest that M$ has exhibited in attempting to "add value" by insedrting proprietary crap into their software that benefits nobody, but isolates other operating systems (see the current kerbos discussion for example). Now please fuck off like a good script kiddie and keep the ad hominem attacks to youself.
Everytime the Air Force tries to get rid of the A-10 the Army says, "If you don't want those, we'll take them..." and the Air Force promptly shuts up and keeps the A10's.
-- Never make a general statement.
Funny, everytime I see a NASA terminal on the news it looks like they are running X to me. They were looking at pictures of Mars with xv.
Of course, those are the engineers, the office workers are probably still running Windows...
-- Never make a general statement.
I don't know about the Navy, but in the Army we had platoon command posts built in the 1970's that used wire wrap TTL circuits. The consoles would lock up and the solution was to pull out and slam in circuit boards until it started working again.
The machine could only run one program at a time, the programs were loaded from an ancient tape loader that would eat a tape unless you did everything just right. You selected the program to run by dailing in the ocal address of the program in in memory and depressing the execute button.
_Anything_ would be better than this, even NT.
Of course, UNIX would be best...
-- Never make a general statement.
Actually when you are talking about critical servers, the answer to any of your questions is "Call the Onsite SSE, who will be there in five minutes" My mother in law used to be onsight Cray support for a DOD installation. Her job was to sit around and wait for things to break. When they did she fixed them (They had parts on hand to rebuild the computer from the ground up) and then waited again. The government paid SGI who in turn paid her and a team of several others to sit there and hope nothing goes wrong. Not that I disagree with you in theory, but I can assure you that critical DOD servers spend very little time waiting for the vendor.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
OR they might have just developed their own OS instead, and then released it ...
I mean, the language Ada was done because apparently the military didn't like any of the ones out there, and while it's not exactly the language of choice for most hackers, it's usable and certainly adequate.
IANAGPL lawyer, but if they don't 'release' their modifications, they don't have to release their source.
That said, it might be argued that giving it to any other branch of the government (to maintain some semblance of interoperability) might qualify as 'releasing' the code.
That said, even OBSD has security holes if you want it to do anything useful. The fixes page listed an FTP hole, and a remote-root hole via DHCP, I believe.
Just that the default install is very minimal, and doesn't have most services turned out.
Of course, it is more secure than many of the other OSes out there, and the bugs are fixed very quickly. One would also think that the BSD license would be more attractive for them than the GPL.
But the government wants to move into a "pay per use" system...
2000/08/25 19:20:12 - toilet use started
2000/08/25 19:24:54 - toilet use ended, $0.005/min for 00:04:42; $0.0235 credit to Acme Toilet Seats
Of course, the toilets would now require swipe "smart cards" so the gov't would know what department to bill...
You are in a maze of twisty little relative jumps, all alike.
Write the source on the outside of the missile.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
From my reading of the GPL I seem to recall a you can make changes, without having to release them as long as you did not distribute it. Looking at the COPYING file from 2.4-test6, section 2 seems to say this. My question is does giving it to other organizations, (Army, Navy, etc) would be distribution.
does that take into account the people who build computers from parts, and/or replace Windows with Linux?
Add 5 to the Linux side for my family. (2 new, 3 replace win98/95 nt)
<OFFTOPIC>
Will people quit with the KDE vs GNOME flamewar?
or should slashdot add a new area (server, whatever) called flamewar?
I like both (Usually use KDE2betas)
</OFFTOPIC>
Wow, that's progress. When I left the Navy in '88 they were still using those huge grey TTY machines (Mod 7 or Mod 42?) and paper tape! Granted, they were on their way out, but they weren't totally out the door either...
Oh, and I won't say anything at all about the vacum tubes in the KW-26 machines...
Just for shits&giggles, I threw together a few lines of code to prove a point. It does something really simple; you feed the program two numbers at the command line, it divides them and then attempts to insert the result into a plain-jane ascii file. This is on a kernel 2.2.16 linux box. Also, I purposely left out sanity checking.
:)
Test 1: I enter 5 and 2. Ascii file gains a line reading 2.5, OS is unaffected.
Test 2: I enter 65535 and 15. Ascii file gains a line reading 4369, OS is unaffected.
Test 3: I enter 12 and "badabing", the program segfaults. Nothing new is added to the ascii file, OS is unaffected.
Test 4: I enter 50 and -5, Ascii file gains a line reading -10, OS is unaffected.
Test 5: I enter 2000 and 0, the program segfaults. Nothing new is added to the ascii file, OS is unaffected.
Now, the lack of sanity checking is clearly an application error... but if the app's supposed to be at fault for bringing down an entire LAN why didn't my little divide by zero experiment even scratch the running kernel?
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
Being part of a massive NT network install for the government, let me tell you that in reality the POSIX requirements are outdated and not used. In fact, we ripped out the POSIX layer of NT for sercurity reasons.
Yup, the govt makes you put it in, just so we can rip it right out. Tax dollars hard at work!
Wu-Tang Name: Half-Cut Skeleton Get your own Wu-Na
Sure, Linux would be great to run the militaries equipment. But could any of them actually figure out how to use it?
www.droppingdimes.com
You are right That idiot never went on any ship...
www.droppingdimes.com
This is too funny! Besides, if you peruse the incident reports on Security Focus or 2600 it would appear that most if not all the boxes are running NT.
"The words of the prophets are written on the Slashdot walls."
This says Military Contractors, who are not government agenecies. As a former member of the Military Intelligence (please no cracks about it being an oxymoron) community, I found there was a big difference between what the government would use itself to get its work done and what it would let its contractors use.
In the SCIF (Sensitive Compartmented Information Facility) fixed hard disks weren't allowed, only removable hard disks. These were locked up after each use in a safe. The military is very paranoid about the computers (and OS) it uses for itself, not to mention the fact that replacing the Windows systems with Linux would have required the retraining of support staff to keep Linux running.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
I've brought this up lightly at the Dept. of Ed. and people didn't care.
People probably don't care because you're totally wrong. NT out of the box is not POSIX compliant, but there are POSIX compatibility packages that make it compliant if that is a requirement.
Of course, that other quoted stuff is just nonsense.
You would be a lot better thinker if you applied some objectivity, rather than just spewing anti-Microsoft FUD*.
*Stupid disclaimer to head off foolish replies: No, Microsoft is not a perfect company, and Win* is not a perfect product. But neither is as bad as the typical emotional Slashdotter believes.
--
Sometimes it's best to just let stupid people be stupid.
Like in Finland, or all over the world.... :-)
Employee of Inrupt, Project Release Manager and Community Manager for Solid
The link is here
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
The first time I saw it was on a program I got from Tom Christiansen's code archives. If he said it originally, or if he quoted it from somewhere, I don't know. But I do remember it wasn't attributed to anyone else.
HTH
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Yow... You think IT-21 is moronic? Just try being one of the radiomen / ET's that has to implement it. Faugh. MS Exchange? Windows NT? Gawd... At least GCCS still runs over Solaris...
If violence isn't solving your problems, you're not using enough of it. - MAJ Misato Katsuragi
IDIOT The ship IS NOT controlled from CIC (Combat Information Center) It is controlled from the Bridge. CIC is simply the dark room where the radar techs, sonar techs and combat strategists strategize.
Mook!
With Regards,
Phillip H. Blanton
I for one would be seriously in favour of stating in the GPL open source soptware is not allowed for military use.
I know that the military could advance the technology but, come on people, military equipment is used to KILL, MAIM and DESTROY. How would you like if Iraq or Libya or some terrorist organisation killed your friends or relatives with a piece of software you possibly contributed to.
Please, please support Linux as a tool for peace. We are the Linux commUNITY, lets not kill our fellow brothers and sisters.
I feel really strongly about this. I know I may be hypocritical in some ways as I do use technology that once came from the military, but I will not be able to contribute to the development of Linux if it is used for guiding missiles. I have quit jobs over this kind of thing, so I will have no problem not useing Linux over it.
I work for Lockheed Martin and get to visit the DoD all the time and I have seen rooms full of linux boxes (and some SGIs) so I don't understand what you're talking about. Maybe it is a coastal thing but here in the east Linux is in heavy use in the DoD, at least as far as I've seen.
i guess this kind of thing is understandable... i mean people are afraid of what they don't understand. Maybe they should look into BSD for now.
It was only a few years ago (at my old job) that we were sending and recieving data with the Dept. of Ed. using 9.6K modems. They do have a tendency to stick with what works, eh?
;-)
Now if I were a terrorist, and having read Debt of Honor, I'd go after toppling the economy first.
Problem is, once potential employers get into a bidding war over me (due to my skilled use of GOTO) I might forget my dogma.
Vote Naked 2000
A feeling of having made the same mistake before: Deja Foobar
Until the problem of latency can be solved, Linux will never become more than what it is today.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Warships are supposed to have redundant systems so that they can soak up damage and remain combat capable. One sytem going down, for whatever reason, should not overly hinder a warship's combat effectiveness... much less leave it dead in the water. NT caused the problem, but the designers of the system should have included; no, should have been required to include redundancy into the control systems.
"Fortuna Imperatrix Mundi"
My experience has been that governments are just not very good with software. Without giving any names, I can tell you for sure that many Canadians agencies use Word Perfect 5.1 has their main word processor...
As much as I enjoy kicking Microsoft every chance I get, this doesn't sound like their fault. I mean, BSOD or not... That's just bad fscking design. The person responsible (probably a manager who encouraged junior coders or contractors to cut corners in an effort to meet schedule) should be court-marshaled. The idea of leaving critical system hooked into anything other than a power source is staggering.
Unless of course, propulsion is not a critical system. I can see some logic in there. If you can't turn tail and run, you're likely to fight harder.
The REAL jabber has the /. user id: 13196
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Yeah, yeah, "lead by example" and all that. Bull!
Second: I am completely convinced that RMS would be more than happy to release the DoD from any obligation to the GPL in the case of National Defense.
Third: The GPL only requires the release of source code IF you redistribute the product. Somehow, I doubt we will be seeing DoD-Linux on store shelves any time soon.
Fourth: Why Linux? Isn't OpenBSD THE most secure and solid OS on the planet?
The REAL jabber has the /. user id: 13196
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
Excuse me, I mis-spoke. While NASA itself may be using NT more and more for the ground-based operations, it no longer uses it for the shuttle. NT did not meet the requirements needed between crashes to satisfy NASA, so they went to a version of UNIX. It took some testing to insure that the two would talk to each other, but I expected that. (Make sure it communicates, instead of assuming.)
Kierthos
Mr. Hu is not a ninja.
No, I don't believe it does. I believe that the increase in Linux sales is only based on the amount of sales of the boxed copies rather then downloads, etc. of the product. After all, it is an increase in _sales_.
However, we all know how statistics can be manipulated.
Kierthos
Mr. Hu is not a ninja.
...that Linux sales are up six times from where they were this time last year. Of course, that's only a sign of the popularity amongst End Users.
But does it really surprise anyone that a government agency is taking the stupid way out? Windows and other Microsoft products are so full of holes, memory leaks and safety "issues" that I'm surprised that any government agency still uses it, and NASA ceased to use NT long ago. But how much more evidence do they need to see the light?
Kierthos
Mr. Hu is not a ninja.
The USPS is slowly moving from DEC's VMS to new boxes running Linux. The system is being used for reading adresses off of envelopes (30K p/hour +) as well as process monitoring for automated equipment. they had been using Qnx as well.
I am a contractor heavily invovled with the DII COE. In the recent article in Government Computer News, a concern was expressed that DISA would take the open version of Linux and tailor it to meet the needs of the DoD. That concern is unfounded. One of the fundamental tenents is that OS binaries, whether Solaris, HP-UX, or NT, are NOT modified when installing the DII COE. There is some tightening of file permissions, and the /etc/inetd.conf file is modified to disable services that are less than secure.
Another point: the NT POSIX subsystem is not used by the DII COE; it's actually removed for security reasons. That is, there is already precedence for an OS that is not POSIX compliant.
I have to say this study kind of surprised me, because yesterday I finished reading the AFCA report "Assessment of Linux Operating System" put out 20 April. Unfortunately, the study is marked for distribution to US Government Agencies only, or I'd provide a direct link. Anyway, the study, prepared by the Air Force Commmunications Agency Directorate of Technology, basically set out to provide a technical assessment of the Linux operating system -- and provide a comparison to WinNT. They found that Linux is a viable file and print server, applications server, FTP server, Web server, and Telnet server. Also had high praise for Samba. In direct contrast to the linked article above, the people conducting the study noted that "security vulnerabilities are often found and fixed much faster than with other operating systems because of Linux's wide user and developer base". "It is in [Red Hat's and Caldera's] best interest that any suspicious or malicious code found in any application be removed. These companies also inform their users about security bugs..." etc. The report's final recommendations stated that 'Linux has matured to the point of consideration for the JTA. It proves fully interoperable with Windows NT and is POSIX compliant. Linux, however, is not DII COE complient. Linux will have to be submitted for the DII COE Kernal Platform Compliance program." The GCN article seems to say that Linux is not DII COE compliant because it is incapable of being so, while actually Linux has simply not yet been through the compliance process yet. In the meantime, usage of Linux has to be "waivered" - we use it anyway.
I seem to know at least as much as you. I know exactly what you're saying, but you made the claim that the OS was not at fault. What facts presented in the article allow you to conclude that? The facts seem to support my conclusion more than yours since yours relies on the "inept reporter" being wrong about the OS crashing, which we don't know for sure. Additionally, it wasn't the reporter who said the OS crashed, he was paraphrasing a memo from Vice Admiral Griffin, apparently using the memo's exact words for that portion. I would assume that the Admiral got that information from someone who was administering the system. But again, none of this is really confirmed. But it certainly doesn't support your claim that the OS was not at fault.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
As others pointed out, a crashing app taking down the OS is the fault of the OS, or at least the OS administrators who let the app run with priveleges that allow it to crash the OS. This again may be the fault of the OS, or at least the designers choice of OS if they can't make the app run without having that level of control.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
If it was just an app crashing, why the hell would they have to tow the damn ship back to harbor to fix it?
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I don't normally stoop to name calling. But you take the cake. You are a hypocritical idiot. You take the same information, from the same article, and claim in this post that it was not the fault of the OS. If the information in the article is so suspect and cannot be reasonably analyzed due to its likely innacurracy, then how can you make such a claim? But you don't stop there. Now you claim that I am trying to read something into the article and make conclusions based on my personal biases. Give me a break. I made an analysis of the facts as they were presented in the article and from that determined that it was probably both an application and OS failure. For some reason you seem to think that your analysis and biases hold more weight than anyone elses. You should quit complaining about stupidity on Slashdot. From reading your posts, you are a prime contributor.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
The key point is that this was an application failure, it was not an OS failure.
No, the key point is that a crashing application should not take down the OS, and certainly not all the other NT machines on the LAN as well. This indicates an OS failure in addition to the application failure, or at the very least a design flaw of the highest magnitude (which could possibly include the choice of NT as the OS).
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I'm currently a Department of the Navy systems / network administrator, civil service. We've been using Linux for the past 4-5 years, running DNS services and Sendmail. In the past year, Linux has seen use for Squid caching proxy servers, DHCP servers, SAMBA servers, log hosts, RADIUS servers, and network troubleshooting / analysis / monitoring. In that time, we've experienced only a couple of software-related systems failures, and they were due to misconfiguration that was quickly and easily fixed.
m l for more information.)
As far as server certification goes, our use of Linux is known and acknowledged by the regional IT coordinators. There aren't currently any problems accreditting these Linux servers: they are configured by the same guidelines as is required of any Unix/POSIX system. Obviously there are some differences, but there were already allowances in the process to deal with Solaris, HPUX, AIX, DG/UX or whatever variant of Unix the system was designed with.
While true that Linux isn't currently certified for DoD use, and is operating via a waiver, Windows NT was put into place in a very similar manner over a much longer timeframe, since 1996! Just recently Windows NT received the necessary certification for government use (C2).
SGI is working to bring C2 certification to a Linux distribution by late 2000 / early 2001 ( see http://slashdot.org/articles/00/04/12/1035205.sht
Along with OpenMotif, and the other interoperability enchancements being made to Linux every day, I don't think there will be any insurmountable problems using Linux in the DoD in the future. But that's just my opinion.
-Falcor
Actually Darwin's point was that the most successful organisms end up with the most surviving prodigy. In other words, the bearded Mormon polygamist from the 1850's with 5 wives and 54 children was almost certainly more successful biologically than your ancestors.
Success as Darwin would define it doesn't have anything to do with being smarter, or stronger, it has to do with successfully passing on your genes. You could be of sub-par intelligence, and weak, but if you have lots of children that survive you will still be more "successful" than the Professional Wrestler with a PHd in Astrophysics that decided to stop at one child.
Not that any of this matters, I just don't particularly care if I am off topic.
It appears a number of moderators are misusing their privilege to try to prevent the truth from appearing in discussions.
This article about the Navy cruiser was widely discredited as it relates to the problem being a fault with NT.
A divide-by-zero error is an application issue, not the operating system, unless it were to have occured in a device driver or in the kernel itself. Which seems highly unlikely given that the articles talk about the fault being caused by bad input data.
Yesterday I read a post where someone commented on how unfortunately ignorant most slashdot posters are.
This is an example of one such person. The fact that anybody picked up on this story without any sort of critical thinking skills kicking in is highly disappointing.
Even more unfortunate is how it was moderated up, and the posts pointing out how it had already been discredited have been moderated down.
Let me basically summarize the article and the simple understanding one has to use to read it:
Basically the article talks about the Navy deploying a system to automate portions of their ship. The system was built to run atop Windows NT 4.0 server.
Somehow bad data was entered into the database. A zero was entered into some record by the system admin, says the article.
This caused the application to crash with a divide-by-zero error because of a lack of assertions on input parameters in the application.
The key point is that this was an application failure, it was not an OS failure.
What is surprising is the number of people who claim to be intelligent but cannot understand the distinction.
Sigh...
Good grief. Where does it say that?
You are trying to insert something in between the lines.
Nowhere does the article state it took out the LAN... It says it took out LAN consoles and remote terminals.
What does that mean? The article doesn't tell us, but one can imply that these were basically Network computers attached with maybe say a Java app, or a web page, or something.
Come on, you can't possibly be sitting there with a straight face and telling me that you actually think an NT Server going into BSOD would take out a LAN? Give me a break.
This again is a lack of critical thinking skills.
Only soldiers trained for doing the repair work would be allowed there. Nobody but individuals with proper classifications (namely mostlt soldiers again...) would be allowed to work on servers in places like Crystal Palace (SAC/NORAD primary command).
Not all critical DOD servers are in locations where civilians would be allowed to begin with- nor, would you really want them to allow people there. Giving them the resources to do this stuff easier would be a godsend.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I think we've got a cluster of Linux boxes for compute-heavy tasks somewhere, but we used standalone Linux workstations for all the development on one of my projects this summer, after having migrated from HP-UX (mostly my doing) last summer.
Linux:
Is much, much faster for an affordable box. The HP C360 computers we got a year or two ago were about as fast as PII500 boxes, but at three times the price. We've got nicely parallel code, too, so the dual PIII700 systems they're using now come in handy.
Is easy to port UNIX code to, especially if you standardize on gcc and GNU make to keep the Makefiles identical (or use something like autoconf, I suppose). There were a number of source code changes we had to made, but they were all of the "bug which didn't trigger under HP-UX" variety, not bugs in Linux.
Is much better supported. Yeah, that's right. We've got enough geeky interns like me (and highly qualified Unix sysadmins) around to handle any software issues, and being able to run down to Best Buy for hardware certainly beats most proprietary vendors. HP in particular canceled support for that C360 line, that being the final straw. Of course, this may be an HP problem; we've got Sun servers with an amazing "we'll send a tech over right away with a new board" support contract and no worries there.
Sucks when you run out of memory, in 2.2 at least. I got used to keeping a top window running and a kill command ready when testing fast, leaky code; that's because while I can kill the offending process when the VM runs low, the Linux kernel is more likely to hard kill the X server or do something else that will hose the system to the magic SysRq key point.
Has limitations, but has the source code to work around them. There's a max 4kb SysV message size limit in the kernel, for example, but I modified an IBM employee's 2.1 kernel patch to make that limit runtime configurable.
Comes with desktops that are a lot more enjoyable to work on. Some of us booted to KDE, some to Gnome, but everyone was quite happy never to see a CDE panel again.
Scales much better than HP-UX. We're working on prototype satellite groundstations, and being able to put everything on a ThinkPad blows away the anthro cart "portability" there was before. Hell, how much RAM does an iPaq have? It has enough CPU power to run our software, anyway.
I agree that it makes sense to promote free unix for government institutions, I'm not sure that Linux is the right thing to push. Normally, I encourage people to use Linux (over both non-free and BSD systems) for a five main reasons:
1. Linux is free in cost
2. Linux's source is available if that's your thing
3. Linux is politically subversive
4. Linux's community is folksy and congenial
5. Linux is more bleeding edge than other OSes, and is thus more fun
For PEOPLE, these makes sense. For schools, these makes sense. For the government, only points 1 and 2 makes sense. The government wants a free unix that has available source, but they don't want to have to release that source to users, they want a support comminity that is fastidious rather than hip and they want stability and unexplotivity over all else.
What would I reccomend for a lot of government institutions? BSD. OpenBSD, preferably, since it's got another government-friendly plus: security.
Don't get me wrong. I'm as big of a GPL pusher as the next guy, but I've come to the conclusion that the government is a lost cause as far as Free Software goes. No matter how hard we try, CIA agents won't start attending LUG meetings (except perhaps to keep an eye on the Red(hat) Menace), DoD personnel won't post patches to Linux-kernel, and NSA spooks aren't going to release Enlightenment themes any time soon.
No, I think as taxpayers, the best we can hope for is that the government will stop adopting $1,000,000 solutions where $0 ones will do nicely. And as much as I'd like to wish that Linux is the best tool for the job, a lot of the time it isn't. What makes me like Linux so much - that it's got all kinds of quirky features and kernel development is so fast, also does make it less stable to some degree. As a user, I not only accept that trade-off, it's what gets me using Linux in the first place (a fun unix, whoda thunk it), but for the feds, they want something more boring. And slow-but-steady OpenBSD seems just about perfect.
So what's the problem? Not enough POSIX testing? Done on the wrong phase of the moon? Completed but nobody would sponsor the actual certificate? If I was a Linux co in a position to sell to the military, and "proper" POSIX certification cost (say) $US20,000, I'd being sending the money today.
Got time? Spend some of it coding or testing
In every discussion of this infamous event, it seems that one important detail gets overlooked:
The failure of a single computer disabled an entire warship.
Let's be honest: if you can disable a warship by disabling a single computer, it doesn't matter what OS the machine is running. DOS, NT, Macintoshes, Linux, *BSD, Solaris & OS/390 are all equally vulnerable to a lucky shot that causes physical damage to the hardware.
The solution? Either multiple computers, or a distributed OS that can continue to run processes even while individual units are failing.
'Nuff said.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
It's not like the GPL requires them to distribute their modified source code outside the DoD -- only to people using it within the DoD, who presumably already have access to the source. And besides, there are a million ways to frame a national-security exception to complying with the GPL if it did.
When I was in the Air Force, the very first webserver that was sent to us from headquarters was a Linux box!
This was back around 1993. I remember it well because I set it up at our base.
I guess as long as everyone stays quiet about it, then it is ok, right? *nudge* *nudge*
-- Windows security? Sure, which ONE would you like? -me
Part of the problem is the Government (military in particular) loves to specify (dictate) odd standards and requirements. This is why you can go to a military surplus sale and see barrels of 49 pin swizzle-twist 7+1 notch connectors that were speced for exactly one project (probably the space toilet). The only reason industry puts up with it is because they order alot *and* pay alot to make it worth their time.
This is also true of software. Why use COTS when you can spend another couple hundred K and get 2 extra features?
Maybe if Red Hat starts a GSA cu5t0m m0d division, that will satisfy their needs.
No. It means that at least you have the option.
Ever run an NT shop? You don't just apply service packs or upgrade to the newest version 'just because it came out'. You do it when it is necessary to maintain your level of service, or to fix security reason.
And you'll get a whole lot more detail out of linux than you will any other OS.
We're talking large servers here.. why on earth would you 'want to upgrade because a new version is out'.
Sigh. Of course it's an advantage.
First of all, at least with Free software it is possible to audit the source, whereas with proprietary software, it probably isn't. That's advantage #1.
Now, of course most users don't have the time or technical knowlege to audit source code themselves. So? The point is, as long as some people do, and if, as a responsible system administrator, you keep track of what they find, you get the benefit of their work. With Free software, many, many people have the source and some of them will audit it.
On the other hand, makers of proprietary software don't usually search for and correct security problems until they have already been found, and often exploited. Very few people have the source so it is unlikely to be audited. That's advantage #2.
Even better, a bunch of companies and/or government departments could form a consortium to fund auditing, and all share the results. With proprietary code, that would be extrely difficult. For example, I'm sure that the US Navy has access to the Windows NT source code, but so what? As you point out, they may not have the time or expertise to really audit it. And even worse, they can't easily form a community group to support auditing, because everyone would have to have access to the source, and Microsoft just isn't going to let that happen. Advantage #3 for Free software.
Finally... you claim that Linux is riddled with major security problems. Well - that's a questionable assertion. Furthermore, it is common knowlege that NT is worse, despite the fact that Linux ships with far, far more capabilities than NT does. Don't believe me - just check BugTraq. But don't make the mistake that Fred Moody did a couple of weeks ago, and add up the numbers wrong. That would be really embarassing.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
Windows NT got through the back door via a "Posix subsystem" on the kernel.
And, interestingly enough, one of the things on the Air Force's checklist to secure an NT server is to disable the POSIX subsystem. It is apparently a security hole pretending to be a kernel component.
So, the DoD mandates that you have POSIX, but also mandates that you not have POSIX.
Everybody got that?
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Having just quit my job as a defense contractor, the largest problem is getting the local DAA (Designated approval authority, or something like that...) to approve the use of the software.
Pretty much. Taking a look at the big picture, it pretty much comes down to one thing: The DoD loves paperwork. They thrive on it. Whether or not the product you're choosing actually works or not doesn't matter, as long as it has all its certification paperwork. This isn't likely to change any time soon.
This tends to conflict with the open, rapid, community-effort, bazaar style of development. The rapid revs and loose organization don't lend themselves to certification. Even if they did, most certs require you to retest for every change. Since many of Open Source's strengths stem from the rapid revs, this makes things difficult.
And, yes, I realize that you could "freeze" a particular distribution, certify it, and then rev less often. But again: Taking full advantage of Open Source means you have to accept rapid revs.
This isn't to say things are impossible, or that we should give up, or anything else. I'm just pointing out a source of conflict.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
NT really DID make a navy cruiser dead in the water for 3 hours. Some will say it was human error. But the "human error" consisted of entered "0" into a data field. That should be handled gracefully. Some will say it was an application error--the app should have handled the "0". Again, true, but a crashing app should not take down the operating system. NT was at fault and there is no getting around it.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
[1] The reason that the Navy used NT was that federal law states that they must go with the lowest bidder. They had specified POSIX-compliant, because they wanted a Unix system. Well, NT is technically POSIX-compliant, so some !^#*$ company put in the low bid with NT as the underlying OS. If this ever causes any problem in battle, I'd like to see every single one of them shot. What sort of inept moron would put NT on a piece of vital equipment?
Hell, we don't even allow NT in our DMZ...
I've seen Linux used in the Army to do things that were just not possible with M$ products, cost being a BIG factor. With all the cutbacks with the military budget, it's just not possible for units to spend several thousand dollars on software. Or the several thousand dollars on licenses. When people (i.e. officers) are shown how flexible linux is (not to mention free), it's not uncommon to hear them make suggestions to problems by saying, "Well, can't you just download something off of the internet?"
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
One of the DoD's biggest problems right now is that they cannot use truely complex systems for highly classified work and still be very certain that there are no security bugs. NT is obviously a lost cause in this respect, even with hordes of people at the NSA with nothing better to do than read NT source code and write buffer-overflow guards. On the other hand, Linux and the BSDs offer a new option: let millions of people pour over the source to find problems, and then pick and choose the most solid and secure programs.
Obviously, you would still have your screening process which would involve an intense security code-review. Not really a problem.
I think in the end, you would still have a linux.mil distribution, but it could track current development MUCH faster than with any other OS. The real trick would be convincing the pencil-pushers that contributing their security fixes back to the projects would be a good thing. Everyone who has had to maintain such a thing knows that you don't want to be stuck maintaining even a 5-line patch over more than 1 or 2 versions of a large piece of software, but most of the people setting policy have never had to do that.
The thing that's going to kill Open source software usage is, though, is the people who think that any program written under Linux must be GPLed. Even *BSD ships a lot of GPLed software, and thus hackles get raised. Someone needs to take on the role of championing GPL PR. I don't mean this is the sense that the GPL should be pushed over the *PL of the week, but that the misunderstandings about what the GPL means should be countered.
It doesn't really make a lot of sense in this thread.
Sorry.
G
There is no security compromise here.
Anyone can hack Linux but they can't force you to run their version. The official kernel and distros are the ones you'd stick to and are probably safer in terms of scrutiny, just look at the recent MS "netscape programmers are weanies" debacle. A security hole (back door!) right there in the proprietary closed source system.
As usual the security issue is FUD. Any security expert knows that security through obscurity is no security.
First: This article is dated 1998. Now I know that technology has not advanced that quickly in the past two years but I think that that discounts the idea of the system being a Java app, or a web page .
Second: The Battleship's hardware system (like the missile launch system for instance) is very likely not going to be a part of the NT operating system hardware list. Ie:
Device Manager:
- CDROM
- Disk drives
- Display adapter
- Hard disk controller
- Infra-red missile tracking
- Keyboard
- Missile launch/guidence
- Monitor
- etc
Therefore the Battle systems are most probably controled through a proprietry software system that runs on top of NT and uses NT for communicating. Bringing me toThird: I find the idea that a Battleship's main system being run by a large number of independant and separate programs is highly unlikely. All the systems would need to be synchronized and interdependant to operate in a realtime enviroment. The missile systems need to get targeting data from the radar/tracking systems etc. This would all work in a combined effort. I would envisage that the whole system would be operated by a central, intergrated master system and the individual controlers (ie human users) would be running a remote client that interacts with the realtime system. A bad bit of data in the master system (an application) could result in the entire system being crippled. At some point in the system, everything needs to be synchroized and that also means that that point is a potential show stopper for the whole system.
This is not a case of someone trying to view dynamic VBScripted content in netscape, and crashing the ship. This is a case of the system (Ships system, not the individual OS) being controlled by a grand application (the battle system) and that application being disabled by bad data. Kind of like when your perl script CGI trys to put text in a number field of your backend database and takes out your entire dynamic website. The operating system is ticking along fine but the system (the web site) is dead in the water.
That said I still think NT is a pain in the a$$. But I would like to condemn it for the the things it is guilty of, not just what I can pin on it based on olympic conclusion jumping. (Hmmm. Demonstraion sport at Sydney perhaps? Where's SOCOG's number.)
"I'll take the red pill. No! Blue! AAAaaaahhhhhhhhh"
- Monty Python meets the Matrix
http://www.goingware.com/decss
We now return you to your program.
-- Could you use my software consulting serv
Isn't Linux already POSIX-compliant (or at least mostly, anyway)? Why would an add-on POSIX layer even be needed?
Disclaimer: The opinions expressed are not necessarily my own, as I've not yet had my medication today.
It's a good thing that they are using more free software, because anyone who's ever had work on DOD stuff knows that a) Copy Controlls are Frowned on and b) your tech support records will show far more users then you actually licensed them for.
Which is why companies like IBM and HP special GSA notices on all of there software.
Of course, we're now using Linux for the usual SAMBA and webserver stuff as well.
This link to the Avalon system at Los Alamos may be reachable from the outside. I'm inside the firewall right now, so I can't verify if the link will work for the rest of you (it works for me). There is another relatively new Beowulf cluster at Los Alamos, 128 dual processor P-III's, IIRC, named Rockhopper. Sorry, don't have any links for that machine. Some of the folks who put that machine together now work for the TurboLabs division of TurboLinux.
The above article is excellent.
It can be summed up like this: "If we used Unix we wouldnt have this problem."
hehehehhe
peas,
-Kabloona
I would imagine in places where security is an issue, the government should be looking at BSD first. Not to diss Linux, but OpenBSD is reknowned for it's "security by default" out of the box. If anything, I would think the government would err on the side of security (so their government hire doesn't get the bleeding edge driver or graphics utility, boohoo).
Can you just imagines the news?
Reuters: This just in - The US government has decide to standardize it's military computers on an open source operating system developed mostly in Canada. Interestingly enough, "OpenBSD" as they like to call it is based on the work of some computer scientists from the University of California at Berkeley a couple decades ago. Apparently everything the US has to offer pales in comparision when it comes to the security of OpenBSD. An admiral that wished to remains anonymous said, "It's about time those canookies and hippies did something to watch our ass. After all, we've been watching theirs for all these years."
My question is does giving it to other organizations, (Army, Navy, etc) would be distribution.
One can make a good argument that the answer is 'yes'. When I worked for a U.S. Navy laboratory, we couldn't, for example, get a license for unlimited use of a software package for the lab and then let the entire U.S. Navy use it. There's some point at which you're dealing with a separate entity, even if it's within the overall organization. Perhaps someone familiar with the GPL could elaborate on how it defines the boundaries.
Windows NT got through the back door via a "Posix subsystem" on the kernel. Using this subsystem you can boot into the Posix subsystem but not use the other Windows NT (2000) features. The Posix subsystem uses programs from such other vendors as Mortice Kern Systems to give it Posix compatibility. DEC's VMS used a similar technique.
But just because an OS has a Posix subsystem does not mean that the applications that run on the other subsystems are Posix-compatible at all. Microsoft Office is not, for sure.
In addition, many computer systems used by DOD are supposed to have a certified level of security--C2, even B1 in some cases. Windows NT did get C2 certification, but only for the NT 4.0 version, not for the 5.0 version many departments bought. This includes both hardware and software in one security level.
No doubt RedHat or VA Linux or IBM or Compaq could cobble together a GNU/Linux or OpenBSD or whatever system and pay the money to have an independent body certify it at the appropriate security level. At least one Posix-certified version of Linux has been released. Then DOD could buy the Linux or BSD OS and hardware from an approved list.
I worked for the Navy as a contractor Unix sys admin. We had on our base about a thousand SCO Unix clients running on Everex-type PCs. The idea of the managers was to dump SCO and go to Microsoft Windows NT. Linux could have been chosen as the client instead of Windows, but it would have to be locked down.
The huge Solaris enterprise systems that ran the base used Oracle databases and ran many old Cobol programs too. It's possible that Windows could run those programs, but they would need a great deal of rewriting. Linux as yet probably doesn't have the beef to run the big Navy RAID systems and databases--but Linux will get there soon. Maybe IBM will port CICS to Linux--it's already on AIX.
The reason for "standardizing" on Windows NT was that it would be "uniform" across the network. A stupid reason, and one that will cost the Navy lots of money. For example, there is no reason to give many of the users a whole Office platform--all they do is enter numbers into a database screen in their job. On the other hand, getting Windows email working right will be a nightmare for such a huge system. The big brass don't listen to the users any more than Billg does.
There are a lot of Linux users in the military, and they would love to talk some sense into the brass on this subject. Government Computer News has been educating them for years. But military brass are the last to regain any common sense.
It means you have to take responsibility YOURSELF for ensuring that you stay consistant with whatever setup you want.
Is that supposed to be an advantage? What you're saying is that I'm supposed to audit millions of lines of code if I want upgrade to a newer version of RedHat or pick-your-distro.
I don't think it's reasonable to blame the users when a Linux package is released with major problems, particularly major security problems (which, unfortunately, Linux is riddled with).
--
Sometimes it's best to just let stupid people be stupid.
Seriously, I'd think that national defense might trump copyright?
The federal government can't afford to pay compeditive rates to IT professionals. So, they pay lower rates to second-rate employees. These employees aren't smart enough to learn Linux yet. Perhaps in a couple years when Linux is easier to use, the DOD will adopt it.
I personally tried to get my section to convert our web server to Linux, but we're sticking with NT because that's what our people know.
In case you're wondering, I'm planning on quitting once I graduate. Until then, it's good experience and looks good on a resume.
...considering the pool of computer people the government employs. After having worked at a DOD contractor for a few years during college, I realized that many of the people who work there have no clue about anything technical involving a computer. Too many managers, not enough techies.
...because the government shouldn't have shackled themselves to such a proprietary system as Windows in the first place.
I mean, I understand that there weren't many open systems back when the DoD, for example, started migrating from MS-DOS to Windows for servers. However, there have always been operating systems where you could at least view and audit the source, if not give it away.
IIRC, AT&T Unix was always fairly "open" in the sense that you could contract with them to look at the code. Somehow I doubt that the government ever got that option from Redmond.
Dewey, what part of this looks like authorities should be involved?
From the ma-linux tux list:
l
BTW, there's actually another reason: All gov't computers are required to
be fully POSIX compliant, which MS OS's are not.
"...shall have a POSIX compliant, multi-user, multi-tasking OS [operating
system] that is capable of providing the following services concurrently:
print, file, communications, networking, and database."
I've brought this up lightly at the Dept. of Ed. and people didn't care.
-brian
On Thu, 27 Jul 2000, Przemek Klosowski wrote:
> Government Computer News column by S.M.Ryan:
>
> http://www.gcn.com/vol19_no20a/opinion/2449-1.htm
>
> brings up the topic of a Federal Acquisition Regulation Council rule,
> known as the 'blacklisting rule', that requires the government to
> do business only with vendors that it finds 'responsible'. He writes:
>
> The proposed standard remains the same: no finding of
> responsibility for vendors with "an unsatisfactory record
> of integrity and business ethics." But the new proposed
> rule requires contracting officers to rely more on
> objective measures, such as findings or decisions by U.S.
> courts, administrative law judges and boards of contract
> appeals.
>
> Could some enterprising contracting officer therefore
> conclude that Microsoft, the world's largest software
> company and a major seller to the federal government, has
> an unsatisfactory record of integrity and business ethics
> based on Judge Thomas Penfield Jackson's detailed ruling?
>
> I think the answer is yes.
>
> If this comes to pass, it would be quite explosive, and would
> certainly be a good argument for the Supreme Court to decide the
> Microsoft case quickly.
>
>
> p
>
>
> NB for the legal eagles among us, I think the crucial passage is 52.209-5 (D),
> page 40833 of Federal Register Vol. 65, No. 127, Friday, June 30, 2000
> and can be obtained via http://www.arnet.gov/far/ProposedRules/99010.pdf
>
--
Brian C Merrell
merrell@tux.org
BilldaCat
People have to get over the 'anyone can modify it' stuff.
'Anyone can modify it' means two things.
1) The source is available
2) It's LEGAL to modify it.
Nothing more. It doesn't mean that 'anyone can walk into your installation and 'modify' your stuff.
It means you have to take responsibility YOURSELF for ensuring that you stay consistant with whatever setup you want.
sheldon wrote:
Do you include yourself in this list?
While it is true that a typo killed the application, the application killed, not just the computer it was running on, but all of the computers needed to run the entire ship.
Now, is that an application error or a system error? Who knows? I wouldn't think that an error in a single application would be able to take out an entire LAN, or even the computer on which it was running without some help from the underlying operating system.
That is why I am dissatisfied with the explanation that the error was an application error and the implication that it would have happened under any operating system.
I work as a Sys Admin for the US Air Force (SrA.) and I use Linux as a print server and internet connection firewall. There is even virus software (McAfee) for download at the site where I download updates for my Win NT/9x machines. Linux has not been "officially" adopted yet but like many other places, it is in use. The military does not have an "on paper" official OS that we must use but we are encouraged to use NT because it is more "secure" (wonder who made that assumption, I bet not a sys admin) but we can use Linux if we want.
"If ignorance is bliss, why aren't there more happy people in the world?"
WWJD -- What Would Jimi Do?
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
It givesa a whole new meaning to core dump.
The warp core, she's dumping all over me cap'n, she can't take much more, she's gonna blow!
Linus reserves the right to break Posix when he thinks it's being brain dead. Also, bits of POSIX are still in the works (Like the Linux Privs stuff.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Although the Yorktown did not have backup systems, Redman said that future Smart Ships will have systems redundancy to ensure that ships can continue to operate.
I can see it now.
[Primary system failure]
BSOD- Divide by zero error
[Switch to backup NT systems]
BSOD- Divide by zero error
[SDIW- Ship Dead In Water]
Commander: "What the... Fucking Windows NT! Get Bill Gates in here."
[Bill Gates enters]
Commander: "You told us SP6 would be more stable, faster and have better failure protection."
Bill: "It does, it's over 400 times less likely to.."[BLAM, Commander blows his head off]
Yes I shamelessly stole this scenario from the Southpark movie.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Security can't be their primary concern, heck, the DOD has been cracked so many times it's a wonder their not on a firs name basis with their guests.
/usr/home4/pixarc2/"
"Hi, Bob, How's it going?"
"Oh, Pretty good, yourself?"
"Can't complain, got a new DSL, just trying it out."
"Nice, what are you looking for?"
"Oh, just the usual, some prOn pix of the Joint Chiefs."
"Look on
"Thanks! Catch ya later, dude!"
"No prob, say 'Hi' to 31337 7rO11 8OY for me."
Vote Naked 2000
A feeling of having made the same mistake before: Deja Foobar
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I live in Europe. Here, there are plans to ban MS Windows from government key networks. The two reasons behind these projects are the following (and they do apply in many other situations) :
- avoid backdoors intentionnally placed by the software manufacturer (code can be checked for backdoors). Think of a world where Microsoft keep the US Government in hostage "you stop pissing us off with those anti-trust trials or whe shutdown all your NT system...". And, with the UCITA, they could even have the right to do it !!! Not speaking of information leaks (spying) by the various backdoors (or data corruption ?) Risks from a closed-source system are far to high or governments !
- vendor independance. Think of the case here Microsoft stops to make MS Windows products. All updates stopped, no more bugfixes, no new licences for the new machines to be incorporated in the network, no new-hardware support,... If that ever happens, the system would have to be changed fast, involving many costs (reinstallation, porting of in-house programs to the new environment, buying of replacements for some programs,...) Such a transition would be very disruptive if it has to happen from one day to the day after.
Beside this, the availability of sources is very interresting for military purpose. It allows them to put in their own modifications to harden the security, to cut off unneeded parts (to avoid the security problems into these parts), to hardcode some usually dynamically fixed values (IP address of the NIC for example),... many advantages not provided by MS Windows.
And here is the correct link to the article...
--
*Condense fact from the vapor of nuance*
25: ten.knilrevlis@wkcuhc
*Condense fact from the vapor of nuance*
These are the guys who, aside from inexplicable decisions like considering the F-16 a suitable replacement for an A-10, put Windows NT in charge of a cruiser.
The ones in charge clearly don't have any clue whatsoever.
Besides, do you want free software considered to be vital military equipment? That's kind of a scary thought. A little close to the "munitions" argument over encryption software.
---
Despite rumors to the contrary, I am not a turnip.
Don't let the hoopla fool you. The US Army currently uses Linux as the OS for their Warlord Notebook Intelligence Analysis System.
It is a light weight, cost effective counterpart developed by Mystech Software (later Sterling Software and now I have no clue) to compete against ILEX's All Source Analysis System - Remote Work Station (ASAS-RWS or just RWS for short). The RWS sits on Sun architecture and Solaris 7. The RWS code from ILEX really sucks too.
So, Mystech/Sterling developed the Warlord Notebook using Government Furnished Information (GFI) derived software and MySQL on top of Red Hat 4.2 initially before migrating to Red Hat 5.0 and then 6.0. It was cheaper (by far... as in free! The Army only had to pay for contract support and that was even optional) than the RWS system which was proprietary code from ILEX (which sucked), Oracle 7i (which rocked but at $2k per licence) on top of Solaris and were forced to accept support contracts. The system proved to work so well that some units dropped their RWS's completely for Warlord notebooks. There are a few other factors involved in that as well (such as a laptop notebook vs a Sparc pizza box and monitor... what a weight difference!) and it was generally liked by the users (unlike RWS).
But... money and politics play out and at last word, ILEX was gaining the upper hand again and Warlord Notebook was going to phased out. Not due to performance or cost, but due to the fact the Dept of the Army had spent SOOOO much money with ILEX that they didn't want to throw it away.
It's a crying shame.
I don't drink because I have to, I drink to stop the voices in my head!
I don't drink because I have to, I drink to stop the voices in my head!
Having just quit my job as a defense contractor, the largest problem is getting the local DAA (Designated approval authority, or something like that...) to approve the use of the software. The DAA has the last word on what is and what is not allowed at a site. On some bases, each building has its own DAA, and thus the policy can vary from building to building depending on who the DAA is.
:)
:)
I had to jump through more hoops just to get Perl installed on a few systems that we were using for development work. These were for systems that were not connected to anything outside of the room that they were in (they were classified, but only at the 'secret' level.
The argument being that all 'freeware' is not permitted by USAF regulations. The problem was that the regulations were talking about binary only distributions, not source code. I had fun pointing out that the main AF Publications web server (the one that holds all of the regulations) was running on apache and linux
I eventually got around the problem by purchasing the O'Reilly Perl resource kit, so it was now 'purchased COTS (commercial, off the shelf)' software, and that is ok. I could sit at home, burn this stuff to CD's and sell it to the government for a ton of money... That was ok, but I could not download it for nothing. Your tax dollars at work.
Like I said, this will vary widely from location to location depending on the local DAA and what they are willing to accept the risk for. Unfortunately, most DAA's are GS-14 or 15 (top of the civil service management ladder) and lifetime civil service employees, and thus do not have much real world experience or knowledge.
But anyway, I'm much happier now as a consultant for internet startups where OpenBSD and OpenSSH are accepted. Now I can do my job and really secure the systems
I've worked for the last year on a DARPA program for wearable situational-awareness computers for the military (the Army, specifically). The system we're designing, while still proof-of-concept, is built around Linux, which was chosen primarily for its openness and flexibility.
Parts of this system, probably significant ones, will make their way into fielded systems in the next ten years. Also, there are a great number of DARPA research programs that involve Linux. In other words, the *future* military systems are being developed *now* under Linux.
It isn't big yet, but I'm willing to wager that because of today's research, the next generation of military software will be Linux based...
Let's try not to let fact interfere with our speculation here, OK?
Is anybody else tired of hearing this? "Linux isn't right for us, because of all the hackers out there that will crack our machines". I was with them through POSIX, Motif (God knows why), NFS and CDE, but they lost me at posting the source online. As if /usr/src was openly accessible over the network by default.
Isn't part of the Open Source Creed the Right to Fork?
Mebbe someone with better GPL knowledge can say whether or not the DOD would have to release the source if they made modifications to the kernel to make themselves happy.
Or, I suppose, they could go with FreeBSD, and use the BSD license.
Potato chips are a by-yourself food.
Lots of places in the DOE use linux. A lot of that is scientific computing. Look at Avalong and Loki at Los Alamos. Look at Los Lobos at Sandia. Look at all the clusters all over. It's cheap cycles.
I work as a sysadmin at a DOE facility. We recently decided to include Linux on our unix supported system list, set up a program to buy linux boxes, and started getting a lot of interest. For the stuff we do, a $5k linux box will equal the $30-50k suns and sgis. Before you freak and say I am wrong, it works for us. For our applications. Most of our stuff does not have a 64 bit requirement, so that's not an issue. Basically, we just found what we needed to integrate into our environment (shared filesystems, main applications, etc), made sure our config stuff was cross-platform (PERL is the language of the gods), and put it up. We now have guys who can do work on a $10k machine (including a huge monitor) that would normally have required a $80k machine before.
Linux is breaking the paradigm. Scientists jsut like to see the numbers. You say, "Benchmark this box vs your workstations". They are shocked with the results. For the longest time, sgi and sun (and to a lesser extent hp, but I still love PA-RISC) dominated the market for a reason. Then, more recently they dominated the market because of reputation and past.
Face it, it's hard to beat an x86 cluster for computationally bound tasks for the $$. As a desktop, a $5k x86 box is _insanely_ fast. _INSANELY_. Ask any of my scientists that say "Hey, can I borrow your box to run on? It's just faster than this *insert traditional unix box here*".
-- Who is the bigger fool? The fool or the fool who follows him? --
I would imagine in places where security is an issue, the government should be looking at BSD first. Not to diss Linux, but OpenBSD is reknowned for it's "security by default" out of the box. If anything, I would think the government would err on the side of security (so their government hire doesn't get the bleeding edge driver or graphics utility, boohoo).
If the gov does use Linux widescale, I would think they should scrutinize all the distros, and come up with one STRONGLY suggested one so all machines will be compatible and fixes can be applied everywhere at once.
It's 10 PM. Do you know if you're un-American?
Well, okay, you can have Motif.
---------///----------
All generalizations are false.
--
I like to watch.
NT Cripples Navy Cruiser
134340: I am not a number. I am a free planet!