Slashdot Mirror
Green Hills Software Decides Linux Isn't So Bad
An anonymous reader submits a link to this report on LinuxDevices.com, which begins "An outspoken open source detractor has paid Linux a back-handed compliment. Green Hills Software (GHS), known for diatribes against Linux in military/aerospace applications, is shipping 'Padded Cell technology' intended to enable the company's proprietary real-time OS to take advantage of the wealth of Linux application software." You may remember GHS's Dan O'Dowd, who's claimed that the embedded Linux Tools Market is a myth and that the open source nature of Linux makes it a threat to national security.
"Nothing to see here, move along."
Might be what one calls karma?
-]Phreak Out[-
I think this course of events is sort of ironic. Possibly they were motivated for other goals in their previous outlook on linux. Either that or they feel its good enough and won't endanger their security for there product at least.
My UID is prime is yours?
Get a life, little boy.
My father used to say that only fools don't admit when they're wrong (subtle message, SCO!).
Eureka Science News - automatically updated
Has any Linux distro gotten Common Criteria certification yet? Seems like that is the major barrier to large scale governmental/military adoption and not some small-time competitor FUD.
Since their other claims seem to be completely made up and bogus, is anyone really sure that their claims now of product compatibility are accurate?
Comment removed based on user account deletion
If there is any threat to national security it is closed source software that is not peer reviewed and comes with the inherent risk of backdoors and vulnerabilities. These day we cannot afford using closed source software anymore. The dangers are simply too high. Open-source needs to be the standard for any type of critical application.
I can tell you lots about padded cells and straight jackets and basket weaving.. oh wait this is Slashdot.
Oh wait, that's right this IS Slashdot. Want me to continue?
Comment removed based on user account deletion
This should be self evident to anyone. Admittedly the National Security Agency bothered to make additions to the Linux kernel to make it more secure, and freely returned their work to the open source community. That just shows that the National Security Agency doesn't know anything about National Security.
When I'm concerned about National Security I know I trust a random small commercial software company. It would only make sense that they would be better informed about National Security than some lowly government organisation.
Jedidiah.
Craft Beer Programming T-shirts
I have a life damn you! I am here on /. aren't I?
I don't remember the GPL saying you had to give out the source. I only remember that you can if you chose to liscence it under the GPL
~Ilyanep
To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
1) ext2 doesn't fragment, so no need to defrag
2) You don't need to release anything under the GPL unless it links against GPL (not LGPL) libraries, like qt
3) Your lawyer is a shithead.
That just about covers it...
My Systems
Choices in OS can be simple or hard. Some love linux and some don't and that makes up their mind. Others go about budgets and numbers to make decisions. Sometimes these can be inflated just to cover costs but under overall expectations of management. I don't see a problem with linux, it is quite different to other systems such as Windows or even Solaris for servers and user terminals. As far as some see functionallity. Just remember everything has good and bad. Windows has thousands apon thousands of bugs, virus, and compatability issues. Personally I use XP. It is ok but high maintenance at time. When I use linux, I choose SuSE. Patches come out as frequently if not more for it than Windows, but highly customizable. It depends on multiple factors. People can hack Linux, Windows and in some cases Mac. It is computer nature to have some problems because humans who can make choices and mistakes created it.
It's a troll. You could stop reading when he mentioned token ring support.
No need to reply to crap like that.
See here
Nice troll, but that's not how the GPL works. ;3 For the benefit of anyone who believed it - you're only required to distribute source code to people you've distributed binaries to. If no one outside the company has a binary, there is no obligation to give the source code away outside the company.
Bít, zabít, jen proto, ze su liska!
Its hard to program a backdoor into the kernel when its open source. Intentional backdoors can be eliminated that way. Also unintentional backdoors when they are discovered are usually fixed promptly and the person to blame is the original coder for that part of linux
My UID is prime is yours?
ARG! It's a troll, stop replying people!
Arg, ye maties!
If you use the property of someone else, they have the right to decide on restrictions (within legal limits). Given the number of copyright restrictions that tend to be splurged over any source code, I find it implausible that you were unaware of the implications of your choice to sell on the modified operating system.
Of course, if you were merely building applications on top of Linux then you will have no such problems - this is, I believe, what Adobe do with Acrobat Reader (the linux version is evil but that's not the point). In particular:
"Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable."
This is complete bollocks. Fire your lawyers.
For the love of God, please learn to spell "ridiculous"!!!
Most any company is going to look at things from their own point of advantage. If they did not feel they could make money on linux or it would actually hurt them, why would they praise it. So now they apparently think they can make money from it. At least they were open minded enough to reevaluate their position.
I forget which levels.
How many custom changes have you been able to put into the Windows XP kernel? I would imagine none. So being able to mod the kernel at all is a bonus.
"Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable."
This statement is totally wrong. Just read the FAQ on gnu's website-- "the copyright on the editors and tools does not cover the code you write. Using them does not place any restrictions, legally, on the license you use for your code."
From reading the article, I think Green Hills have decided Linux APPs are not so bad, or at least something they feel they need. I don't think they have changed their position on Linux itself.
My rights don't need management.
Seriously people, allowing your OS to run apps from another OS isn't declaring the superiority of the other OS. It is simply a wise business decision. It can, in fact, be interpreted as an insult to Linux, depending on how you look at it. Consider this:
GHS: "Our OS can now run Linux apps, so you don't have to use crappy Linux"
This is exactly the same reason they came out with WINE. The WINE devs don't like Windows, so they give you an alternative with WINE. This is the same thing.
It's a troll, stop replying people!
You... do know, what a troll is... right?
The parent post opitimizes the msft line of BS - to the letter. Of course it's all cr@p. I strongly expect the entire story was a work of fiction - with an agenda.
JMHO.
If they find a backdoor in the kernal and someone has stolen sensitive stuff through it, who's to blame?
Stuff so sensitive that it threatens national security has been stolen and your only concern is your scapegoat.
You work for the government, don't you?
KFG
What is the submitter talking about? Saying "Linux sucks", then saying "here's something to run Linux apps that isn't Linux" isn't a compliment, or a retraction. It's emphasis. They never said that Linux doesn't have a lot of apps, or that it's not popular. Just that it's not good enough. And now they have something better.
--
make install -not war
While this may be true in general for Linux, it is not out of the realm for a vendor, who has hacked the code for their own purposes, who knows they have a very limited and captive audience (i.e., US Government agencies), and the project doesn't require some sort of code escrow arrangement that would let US Government programmers look at the code in case there are aforementioned problems that might be related to discovered backdoors, buffer overflow exploits, etc.
As far as embedded Linux being a crock, how many WSP54G and WSP54GS wireless routers has Linksys sold? I know that because it's Linux-based served as basically the primary reason I bought one.
Nice troll. This is utter garbage of cause, but it is common misconception so I'll rebut it. Just because something uses a tool doesn't mean it is subject to the same licence as the tool. Firstly, if this were the case, then any document created in an open source word processor or text editor would need to be GPLed which is clearly not the case (and would be dangerous for writing confidential documents). Even if compiling something with gcc made it a dirivitive work (which it doesn't), only the binary would be a dirivitive of gcc, and the source code would be completely unneffected since it is not modified by gcc. BeOS was compiled by gcc for the x86 platform and it remained closed source and propritary with no legal challenges.
One only has to release the source code under the GPL to the people you distributed the binary to.If you keep it wholly in house you only need to give the source code to anyone. If you make it for a single client you only need to give the source code to that single client. Of cause anyone who you give the source to is allowed to pass it on, but it isn't like you have to just broadcast it to the world just because you changed it.
If you are not trolling and have read what I have just said and still don't think its fair, think about this: the program you are modifing was written by thousands of other people, many of them with commercial tasks just like you, and they have let you use their code. If you want to distribute the hacked kernel without sharing your code, how is it fair for the people who have contributed beforehand?
Oh, and if you are not a troll, you really need to get yourself a new lawyer quick, because that lawyer just caused you a lot of wasted time and effort.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
When I read things like that, then I understand why I'm only an engineer and not a CEO, because I would NEVER think of using that phrase to try to get my point across.
Nothing great was ever achieved without enthusiasm
Comment removed based on user account deletion
They aren't converting to Linux. They are just adding a compatability layer so software for Linux can run on their proprietary OS.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
This same AC posts the exact same thing in nearly all Linux stories. Nothing to see here...
This is a misunderstanding of the GPL - and there are TONS of misunderstandings of the GPL out there. The answer isn't to mod it out of sight. Instead, correct it. And let it stay visible so other people who have misunderstandings of the GPL can see it and learn something.
Don't just blindly mod down anything that says something bad/incorrect about the GPL. Correct it, and let people see the post and the factual corrections. Even if it is a troll, people can benefit from seeing this misconception shot down.
Ther were several deaths due to a medical device called Therac-25. http://courses.cs.vt.edu/~cs3604/lib/Therac_25/The rac_1.html
For business purposes, accountability counts for something, but not for national security. The good thing about open source, is that as easy as it might be to install a backdoor, its even easier for someone to diagnose such a problem, possibly proactively. I think its much easier to find, or even train someone, to deal with linux internals than any proprietary system.
http://uptime.netcraft.com/up/graph/?host=www.gree nhillsoftware.com
-jpeg
Disclaimer: I work for Green Hills Software
There seems to be some confusion about this product. From what I've seen and heard (I haven't used this product directly yet), it is a method of running linux applications on top of the uber-secure real-time operating system, "Integrity". The linux applcation layer is sheilded from the rest of the system, and possibly from other linux-application layers. It's really more of like user-mode linux than a linux kernel.
I hope that helps...
IBM, the big blue company, decided a long time ago that Open Source isn't so bad.
Sun, the UltraSPARC Processors maker, decided that Open Source isn't so bad.
Intel, the 8086 Processor maker, decided that Open Source isn't so bad.
Munich, Germany's third-largest city, decided that Open Source isn't so bad.
"Microsoft decides Open Source isn't so bad" will be news.
My city: Barcelona.
If the source to the app were open, not only could the government programmers look at the source, but so could anyone else who wished to. On the other hand, with closed-source software the scenario that you've described could take place, since the vendor basically controls who can see the code and under what circumstances. (Or was this your point and I misunderstood what you posted?)
:)
I don't think there's any shortage of people paranoid enough to want to see every bit of source that the government codes
And it's the battle of the trolls!
Green Hills makes devtools and OSs for safety-critical embedded systems. They've been vocally anti-Linux-in-safety-critical-embedded-systems because Linux is a competitor (nothing particularly nefarious, just a company trying to make a case that their product has advantages over a competitor).
And now they made a compatability layer so their OS can run software written for their competitors' API. This is a change of heart how?
Especially considering how Green Hills has long had a compatibility layer for their more direct competitor vxWorks.
A legparnasom tele van angolnaval.
"the open source nature of Linux makes it a threat to national security." saying linux sucks because its Open Source and than saying "here's something to run Linux apps" is hypocracy, not emphasis. There's little reason to think their offering is better either.
Many/most Linux APPs are open source however, so by implication they have changed their position on open source
While it may seem weird having Linux running in a padded cell, it means their dev team and their customers can get more work done.
And it provides another real alternative to Microsieve, meaning fewer reasons for government organizations and businesses to give in to Leviathan.
And their engineers will get used to using Linux tools.
The implication is that they will run open source software on their OS. They have attacked the "open source nature" of Linux. Many people criticize linux, with valid reasons, but to change positions on the value of open source software is more problematic.
How does tracking an IE exploit to Microsoft help you track down the person that used it? Catching the person responsible for the incursion is the order of business. In what way is Microsoft's posited 'accountability' an aid to security in the first place, and what role does it play after an incursion?
One does not want to "catch" the people responsible for an exploit. One wants to close it. Accountability is an economic issue (who do we sue), or a scapegoat issue (who's head can we put on the block to protect our own), not a security issue.
Ironically it is only with closed source software that who created the exploit is really relevant after the fact, since they are the only ones that can close it, and you can never be sure that really have unless you have the complete source to audit (and in a real secure system you always, always, always build from personally audited source).
Nor does running open source code have anything to do with whether or not you know where the code came from. There's no logical connect between the two issues and Red Hat can tell you where every line of code in their kernel came from just as well as Microsoft can tell you where code in their kernel came from.
My previous post was a joke. It was clear from your original post that your point of view is that of someone from a business enviroment. Government security has an entirely different intent, view point and priority matrix than business security (except among some of the 'new generation', who almost all come to government security from business security backgrounds).
KFG
They didn't simply not praise it, they called it a threat to national security! Perhaps this was the statement from a single wayward individual- but some more explanation is in order, and an apology would be preferable.
it's grudging acceptance that their own claims "there is no linux embedded tools market" and that "the Linux tools market will die" are patently false.
they're making a compat layer because their customers are demanding they support nonexistent tools for a dead market. yeah. that's the ticket.
There was a statement that the "open source nature of linux" made it a threat to national security. Considering how many linux apps are also open source, this is a vindication of sorts. WINE may support proprietary software, but is itself open software. There is the philosophy behind linux and not linux itself that is at issue here
Not quite... that's Greenhill Software, we're talking about Green Hills Software. According to Netcraft, they run NetBSD or OpenBSD: http://uptime.netcraft.com/up/graph/?host=www.ghs. com
wanting to exploit the popularity of linux and not "giving anything back" is hardly a compliment...
Get your torrents...
IBM is mostly supporting Linux as a shtick rather than completely backing the system and it's ideals, they are not opening up their code in a great big flood of free IBM software.
Green Hills Software products aren't open source, what Green Hell has done is use Linux, not more not less.
If IBM isn't really supporting Linux, Green Hill position it's worse than that.
My city: Barcelona.
That's the real question here. I'd rather trust it to a company who knows what they're doing and can do the testing required to obtain the certifications for that type of application. Not only that, but this company has the liability attached to the product they sell, so if a plane falls out of the sky b/c of a coding problem, they're held responsible. Who would be held responsible with Linux? Who gets the code certified? Who tests the code that thoroughly?
Linux may be great on a PC or even in a router, but you don't die when a router goes down.
Yes, "Informative" was definitely the correct moderation of this post. Jeebus Christ.
I'm a little disappointed with thie original post. The change of heart is about open source and the "free software" that runs on linux. Green Hills specifically criticized the open source nature of Linux. I think its pretty clear that much of the linux-compatible apps available are open source. They could have made many other criticisms of linux, but they specifically attacked OSS, and now, perhaps grudgingly, accomadating demand for it.
More likely, the NSA were only appearing to contribute to the Linux kernel, while they were actually introducing subtle and cleverly obfuscated bugs that will allow them to read Osama's email, and tell on him to his mother if he blows things up.
/evil> MWA-HA-HA-HA-HA <evil>
Also it allows them root access to any Linux running hospital in Saudi Arabia, and they can overprescribe anaesthetics when he next goes in for dialysis treatment.
A compatibility layer with something that they claimed was a national security risk? Call the unAmerican Activities Committee, Batman! They must hate their customers to so blatantly risk their security like that. Did they figure all was lost when Microsoft sold their source code to China and the KGB? Or did Green Hills see their market share eroding. Sound like they were full of bull all along. Oh yeah,
They've been vocally anti-Linux-in-safety-critical-embedded-systems because Linux is a competitor (nothing particularly nefarious, just a company trying to make a case that their product has advantages over a competitor).
Some people think it's OK to lie. No change of heart there afterall, is there?
Friends don't help friends install M$ junk.
Considering their complaint about Linux, valid or not, is its security, I don't see how this play deviates at all. The point of this compatibility later is to allow these possibly unsafe *applications* to run on a safe *operating system* by isolating their system calls, making them non-intrusive to the system's operation. Hence the product name, Padded Cell.
Although, that would really imply an app ca't even easily hurt itself, which is hardly the case. Padded Cell just has a nicer ring than Solitary Confinement.
In criticising linux, they have rather strongly criticized Open Source. Perhaps that was a strategic mistake, because much of the available software for linux is also open source. This is a change of heart. Its a shame the article isn't more clear about the conflict. Many of us (especially BSD fans) have long criticized linux, but champion open source and other "free" software
Jerry whats his name of Wind River/Vxworks frequently issued anti-Linux screeds, but suddenly stopped about the day before Wind River announced a Linux product.
thanks.
*hangs head in shame*
-jpeg
My mom warned me that asinine people often change what they say without admitting anything. I don't see any apology or retractions, do you? It is indeed foolish to act that way because people remember.
Friends don't help friends install M$ junk.
With all bias aside, doesn't it make more sense to run important government systems with open software? Open software can be changed as much as they want; it's not like they're buying the latest Mandrake pack from CompUSA and popping it into the super-mega-warhead-doomsday-computer's cd drive.
The very last thing I'd like to know about would be the government placing a tech support call to a company that only sells them proprietary software. I find that somewhat unsettling.
But I'm not an expert; are there advantages to using code you can't see or modify to run government computers?
Esoteric reference.
BSD users, and perhaps we can include Apple OSX users among them, have made valid criticisms of linux for a long time now. None of us have sunk to the depths of declaring linux a threat to national security because it is open source. It is perfectly reasonable to act as Green Hills Software has, in providing a compatibility layer. The irresponsible public statements they have made is another matter.
If they offered their own branded Linux distro, that would be hypocrisy. Instead they're offering something better that, in their view, improves a bad situation. Whether they're right or wrong, it's entirely consistent, and only supports their criticism of Linux in the strongest way possible: doing something to fix the problem.
--
make install -not war
No Kidding! Taken directly from a GNU C++ header file:
So... If they don't understand even the comments in C++ code, then why would I believe their statements regarding the superior quality of the rest of their operating system?
-- -pjk Perry Kundert perry@kundert.ca http://kundert.2y.net
To give them the benefit of the doubt, they could be claiming that within their secured environment, Linux applications, even the dreaded 'open source' ones, can run more securely. It's not that complex a claim, they're saying that their underlying OS is more secure. It's like saying making Open Source apps run on Irix or Solaris, etc.
"What's the frequency Kenneth?"
I don't know about theft, but under GPL You are required to distribute Source To Those who Request it. However Those Who USE your source must also note specifically what is yours and what is not. Copyrights and logos are out of the scope of GPL and if they don't exsist, the person using the source is Responsible to ensure that they do exsist to by contacting the original developers should they be alive I suppse. To continue on that note you also cannot remove any visible copyrights or logos on software that you get the source from.
I think you missed the point.
O'Dowd isn't admitting he was wrong. Quite the contrary. He said Linux is unsuitable for certain high-security and safety-critical applications, which is probably true.
Now he's come up with a way to get around those shortcomings in Linux. By sliding his OS underneath as a security layer, he's opened up Linux to a whole new market.
This could have been his plan from the start. If GHS is announcing the technology now, they probably started developing it long before the FUD-storm six months ago. The FUD brought him publicity which has greatly increased the attention on this product announcement. It may have earned him some notoriety, but it's great marketing.
Green Hills (or its representatives) specifically criticized the "open source nature" of linux. It would seem your product takes advantage of available OSS products. I realize you and your company may have a specific view about security, and perhaps are only considering security, but I'm afraid you've burned some bridges by showing such disdain for the work of dedicated individuals. I hope you publicly praise the usefulness of open source apps as ardently as you criticize the "flagship" OSS product, linux. As most OSS developers don't get paid, pride becomes that much more important, and Green Hills needs to recognize this.
No, they are just being hypocritical like SCO, because they don't have the resources to write their own apps from scratch and figure it is easier to simply steal from your enemies.
My rights don't need management.
Nice troll.
Nice fishie. Why did you bite on his fishing plug?
He's moderated down into the mud and you're just encouraging us to click on the 'below current threshold' link to see what he said that riled you.
"What's the frequency Kenneth?"
Sorry, I really don't understand Green Hills position. Green Hills actions are perhaps consistant, but the public condemnation of open source software in the strongest possible terms is the inconsistancy. OpenBSD certainly is more secure than linux. Various BSDs are also developing linux compatibility, but BSD developers don't call linux "a threat to national security". I would like to see more accountibility for what has been said at Green Hills. I could care less about linux itself
Actually, it's a bit trickier than that.
If you "distribute" GPL'd software, you need to either ship the source with the binary, or else you need to have a written offer to make the source available to *any third party* on request, for a reasonable fee (i.e. to cover media costs).
That said, many large companies consider distribution within the company to not actually be distribution per se. I don't know if this has ever been tested in court though.
Chris
"I'm not so bad once you get to know me".
As for the resources to write their own apps, nobody has the resources to write every app possible. Even Microsoft. Windows wouldn't be nearly as popular if it could *only* run Microsoft applications, even though Microsoft does have a very large variety of applications that they make to choose from. As for Linux, Linus didn't even write every thing needed to make a complete OS -- Various linux distributions also use parts from GNU, X, BSD, etc. All perfectly legit, of course. No stealing here.
There's nothing wrong or dishonest with them providing an API that allows Linux applications to be run on their OS. And they're not saying that they like Linux -- the WINE analogy given at the beginning of the thread is extremely appropriate. They've just realized that embracing/supporting Linux in this small manner will probably help them make more money. It sounds like a wise business decision to me.
As for the idea that `open source is a threat to National Security', there is truth to that. Of course, `closed source' is a threat too, just of a somewhat different nature.
In the open source case, sure, the code can be reviewed, but there's a lot more opportunities for `bad' people to slip in a patch that looks good and so it gets approved, but in reality it opens a non-obvious back door of some sort.
In the closed source case, a similar opportunity exists to introduce bad code, but it's really only available either to developers that work at the company in question, or those who crack into said company. But on the other had, once in, far fewer eyes are likely to look at that code, so it doesn't have to be so carefully obfuscated.
Both situations can be defused if you can get the source and find people qualified to audit every line of it and find these holes and correct them, and then have them do it without cutting corners. It's a huge job, but it's certainly possible. As for getting the source code, I imagine the NSA has little problem getting access to Micorosft's source code should they need it for something.
My immediate questions after reading your post are these: Would trust your life to Microsoft Windows?
From there, it breaks down into to trees:
If so, why? What's the difference between Linux and Windows in your eyes that suddenly makes Windows safe?
If not, what operating system WOULD you trust with your life? What makes it trustworthy where Linux and Windows are not?
That scenerio is much more likely when code is written once by one person and never touched again. Free software is rewritten all the time. Closed source is more venerable to bug insertion by malicious employee, offshored work and especially an undetected break in to code servers. When it's closed, you don't really know if they got some guy in Moscow to write it, do you? The larger problem is bug removal, which free software excels in.
The compatability layer allows software written for embedded Linux to run on Green Hills's OS. Thus eliminating the alleged risk
I don't see the elimination of risk. Instead, I imagine they will create tons of bugs by trying to make a non free interface layer that will be difficult to write and maintain. My small experience with non free modules that have to be compiled along with kernel source has been dismal. The non free world does not have the resources to keep up with improvements and changes in the free world.
Friends don't help friends install M$ junk.
Somewhat reminds me of a local tech paper's editor. Back in 1997/1998 he wrote a rather angry, extremely ignorant and mocking reply to a letter to an editor which spoke about Linux, mocking Linux as being old technology and of no use (and for the letter writer's gall to criticize AOL!).
Then, I remember in about 2001/2002 he was waxing poetic about Linux and answerting Linux questions right and left.
That's of course about the time I went to BSD (in situations where it isn't masochistic), hype serves no purpose.
Note to moderators: both "funny" and "insightful" apply to parent post! Stranger things have happened. Just a thought: maintain public-readonly source repository, use internal subtle-but-evil-injecting-filter and compile, and distribute clean-looking-but-subtle-screwed binaries. Just out of curiosity, I checked NSA site, but it looks they don't even distribute binaries, source code only, and nicely sorted into different packages.
It's me again (the guy who works at GHS as per the grandparent of this post. I don't have a /. account)
I don't feel that there is a "distain" for the work of the dedicated individuals who have worked on Linux. We offer development tools that can develop on and for Linux (as well as Windows and Solaris). Many (if not most) of our developers use Linux as the "host" operating system for developing INTEGRITY and MULTI (our compiler/debugger/code-editor/etc...). Linux is a fine operating system for desktop work.
The concern is that Linux is not provably secure. With INTEGRITY, we can prove security and stability. We have a version of INTEGRITY that has been certified as DO-178B Level-A compliant, which means that it can run critical systems on airplanes. To achieve this, we had to make the kernel completely deterministic, and test and document every line of code. There is no dynamic memory allocation at the kernel level (no malloc()), there kernel never turns off interrupts, even when in an interrupt handler (granted, a processor usually turns interrupts off when an interrupt fires, but we turn them back ON at the earliest opportunity). You cannot say these things about Linux, and thus it is less fit for safety or security-critical systems.
Lastly, in response to some complaints I have seen previously, Green Hills does offer the source to INTEGRITY to paying customers. There have been complaints that no one could trust INTEGRITY because they don't have the source code to it. These complaints are unfounded. Customers are free to examine the source and modify it to their wishes, and many do.
"Linux can be a threat to national security because any computer-savvy terrorist can hack it."
no, it can't. that's like saying "a door can be a threat to my personal security because any lockpick-savvy burglar can pick it."
if a burglar were to pick a lock on one of your doors and thereby jeopardize your personal security, it would be he, not the door, who posed a threat to you.
likewise, if a "computer-savvy terrorist" were to "hack" into some sensitive linux system and thereby compromise national security, it would be he, not the linux system, who posed a threat. the system he used to do so would merely be the vector.
maybe it seems like hair-splitting to you, but not to me. bad premises lead to bad conclusions.
thanks for listening.
if i'm a grammar nazi, you're an illiteracy nazi.
The Linux FAQ
:) This happens :)
Here's a list of some frequently asked and answered question here
and elsewhere that you may find useful in your quest to try linux.
Read these carefully before you decide to invest time in Linux, you
may find that you have better things you can do instead.
SECTION ONE - INSTALLATION
--
1.1 Q: I heard linux was easy to install, is it?
A: That depends on what distro you try. Most of them will have
trouble detecting all your hardware. Most new hardware devices
are not supported. If your lucky you might be able to find
something that someone threw together on the net. But that's
after spending a couple hours searching and probably won't take
advantage of your hardware to it's fullest capability.
1.2 Q: Once I get it installed, then what?
A: Then you get the joy of making sure everything is configured
right. Plan on a minimum of two hours per device to get it to
work. That's if the device is even supported.
1.3 Q: What happens if I'm in the middle of an install and the
installation freezes or just stops?
A: You get to reboot and start all over again.
every so often with Linux. It seems like it's buggy install
routines or something. Ain't Linux grand?
1.4 Q: What's the deal?! I installed Linux and it took up almost 2GB
hard drive space!
A: The Linux distros usually install a LOT of never-used programs
on the default install. You can pick and choose what you want,
but good luck figuring out what programs are needed and what is
useless, obscure tools. Linux usually installs stuff like 10
different editors, 12 different mail clients, and so on.
(more to come...)
SECTION TWO - CONFIGURATION
--
2.1 Q: What's with all these cryptic files?
A: All of Linux is configured with cryptic text files. Some of
the more user-friendly distros have configuration utilities
that claim to do it for you, but success with these works
sometimes and other times don't, so sometimes you have to
edit them by hand, and think about your breathing!. With Linux's spotty reliability in UI
programming, you might as well get used to it.
2.2 Q: What is killall, HUP, ls, cat, rm, which, etc and why are
these programs telling me to do them? Arggg!!
A: These are command line programs that do things within the
system. It's what makes Linux a powerful OS for those that
are experienced with it. But it's also what makes it a pain
in the arse to use and inefficient as a desktop system. Who
wants to type all the time when they can just click?!
(more to come...)
SECTION THREE - APPLICATIONS
--
3.1 Q: Where can I get some programs to run on linux?
A: Good question. Because Linux doesn't have a large user base
on the desktop,(I think it's about 0.24%, less than 1%)
companies that make software won't write their programs for
Linux. There's a lot of community created programs out there,
and some are fairly good, but those are few and far between.
Most of the Linux software that tries to mimic it's windows
counterpart is substandard. It's usually slow and buggy and
early in development.
3.2 Q: I tried to install an RPM but I got 'failed dependencies', what
is that?
A: That's Linux's version of DLL hell. Different versions and
distros use different libraries. So u
"1) ext2 doesn't fragment, so no need to defrag
2) You don't need to release anything under the GPL unless it links against GPL (not LGPL) libraries, like qt
3) Your lawyer is a shithead
Score: -1, Redundant
I'm an open source developer. I'd be scared s**tless if I found out someone was relying on my code to build a cruise missile.
- Linux is growing.
- FreeBSD is dying.
The GPL is the cause of both results. Hope this helps.You see, you have to trust that the certs that they've obtained were made by duly authorized auditors AND that they weren't bought, etc.
You CAN'T be sure of anything- it's just a relative assurance. One that can be achieved with Linux (and has been for that matter...)- this guy at Green Hills Software is blowin' and goin' about all of this.
His software is allegedly audited from start to finish. If there's an issue or a new feature you need in the mix, you need to pay them loads of bucks to implement it or buy the source (for loads of bucks), implement the feature, and then spend loads of bucks to get it certified.
Nice. I'd rather take RTEMS, Embedded Linux, or something similar, and skip the buying their software since all of the previously mentioned will do the same thing and RTEMS has certified in those contexts- Hell, it was the baseline OS implementation for several of our surface to surface missile systems.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Of course you can - for example incorporating GPL'd stuff in stuff with a non-compatable (SCOSource) license.
The Australian OSDC http://www.osdc.com.au/ is being held in Melbourne over the next three days. During this conferenence there is a paper discussing Mr O'Dowds comments over the last few months. This back flip just adds weight to the arguments to be presented at the conference. It feels good to be vindicated.
As a SCO supporter, let me point out that (by incorporating this new interface) the Integrity operating system has become a derived work of Linux (itself a derivation of IBM's AIX and, through it, of SYSV Unix). As such, the system is now owned by The SCO Group. We are, however, offering customers of Integrity a special deal. If they immediately buy a binary license for Integrity from The SCO Group (US$10,000 per processor o.n.o.) we guarantee that we shall not sue them for Green Hill Software's misappropriation of our Intellectual Property.
As someone with absolutely no connection with Microsoft (though they may have paid a few million dollars for a study by the organisation I work for) I would like to point out several major concerns for potential Integrity customers. First, they should be aware of the huge costs of converting from proprietary systems based on Outlook, ActiveX controls and Access databases to a solution based on open standards. This can amount to millions of dollars. Secondly, there are great security risks in using programs whose code is available to every security expert in the world to examine -- our totally unbiased study shows the folly of this with huge numbers of critical bugs allowing complete system compromise and taking years for resolution. You would be much safer with Microsoft and our security by obfuscation. Lastly, be aware that by using GPLed software, you will become obliged to make the source code of all your applications publicly available, together with all the data those applications ever process and all of your employee credit card numbers. This is consequence of the GPL's viral nature.
Not only does he say that but there are these little gems from TFA:
;)
"Like a padded cell, Integrity PC prevents Linux and other insecure and unreliable software from harming the rest of a system, while also limiting the harm it can do to itself," states O'Dowd."
"GHS says PCT enables the incorporation of "legacy applications and traditional operating systems, such as Linux," into high-security and high-reliability applications."
Wicked. I was expecting a good ol' warm fuzzy Linux fanboi article and got a "Linux suxors! With our awesome software you can sandbox that legacy, buggy, hole-ridden sucker! Woot!"
I call subterfuge on this submission.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
... so I guess that now makes them part of the axis of Evil. Harboring terrorism in the homeland?
Depending on who was using it, I think I'd rather have some cruise missiles running Linux than (e.g.) INTEGRITY. I've worked with INTEGRITY, it seems like a hell of a nice system (although for our application it was overkill and too expensive).
MULTI, on the other hand, makes me want to kill myself. GHS guy, sorry, but that product literally makes me want to die every time I have to use it.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
That opensource sure is nice, when it helps ME. Otherwise ofcouse it EVIL! Fucking idiot!.
Having worked on computer systems for 10 years, 6 in the military and now for the largest wireless company, I disagree with your assertions.
1. If the military puts a 2 foot plastic fence around a secure area, then blames the people that stumble over the plastic fence
2. If the bank uses a wood door for its safe, then blames the robber who broke the door.
The fact is when you're in the business of selling doors and fences (like the OS company above) then the quality of the door or fence is in question.
Linux was never designed to be a 100% secure environment; apparently they are claiming there's pretty close. Well I am sure some 200K LB bank safe door is breakable but I would rather have it protecting the bank money the door on my home.
SmoothXP
"Give a person a fish and you feed them for a day; teach that person to use the Internet and they won't bother you for weeks"
Im not the biggest Linux fans in the world, in fact i advise all of my clients against using Linux. If they decide to use Linux, they do pay my company and myself more for consulting services and application development. Green Hills actually just added a layer by which to run more Linux application software, this is in no means an endorsement for Linux it just helps customers run Linux binaries. Personally for embedded I like Windows CE. This isnt a big deal at all. Don't worry guys, Linux is STILL a threat to National Security :)
I thought that he was trying too strongly to make the case that those that want to use Linux for real-time applications will not buy tools and those that want better performance for hard-real-time will not choose Linux.
It is also obvious that a general-purpose operating system is not going to work as well in a real-time environment as one specially designed for that purpose. It's the reason why, for example, if you are an organization that wants a system to break encryption keys fast, you build a special-purpose machine that includes hardware designed to do quick computations of prime numbers, not commodity hardware with lots of extra features you don't need and won't use, that slow down the primary purpose of breaking codes.
He seemed to be arguing the point far too strongly, as if he had a hidden agenda. Okay, presuming his argument is valid, so what if Linux as a general-purpose O/S is not as good at handling hard-real-time as a specially designed one? He could have argued that in about 1/5th of the space his article uses. What is also interesting is, despite all his talk about how bad Linux is, he seemed to ignore examples where Linux is considered good enough for real-time use in many cases, and was unable to mention any alternative which might be better, such as some open-source alternatives that have been mentioned here on Slashdot.
I had a suspicion but I wasn't sure. And now it's clear: his company sells real-time operating systems in competition with Linux. So he claims Linux is not good enough. Where have we heard this before? :)
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The offer must be made to the person with the binary. You cannot stop them subsequently giving the code away to a third party.
Close, but no cigar.
From the article:
"Like a padded cell, INTEGRITY PC prevents Linux, non-memory-protected operating systems such as Wind River's legacy VxWorks, and other insecure and unreliable software from harming the rest of a system while also limiting the harm it can do to itself," explained Dan O'Dowd, founder and chief executive officer of Green Hills Software.
'and other insecure and reliable software'? Sounds like a true convert.
David
Just amazing how money can change someones tune...Wait for a couple more years or so and he'll be praising Linux...And denying he ever said anything bad about it.
StarTux
Going slightly offtopic: Do you need special training or certification to develop or modify DO-178B Level-A compliant software? I've wanted to get into avionics development for a while but there is not a lot of information out there about the actual guidelines that isn't hidden behind "seminars".
BTW MULTI is a really nice compiler/debugger. I've got lots of interface suggestions though if anyone at GHS is interested in listening
Maybe you should spend some time bashing Microsoft and their integration of Internet Explorer into Windows, as well as Outlook Express. Or the use of Active X in Internet Explorer. How about making updates to Internet Explorer but ONLY making them available to XP users in order to use the security concerns of IE to force people to pay money to upgrade.
The F/OSS community has done much more than many other commercial software entities to prove itself in the field of security.
It seems that this exception applies to free software, e.g. "freeware" that is free but you get the binary only. (Or do they mean "free as in freedom"?) Anyway, it appears that this exception does not apply to commercial (non-free) software. So his lawyer may have been right.
That is also why, if the govt was considering going mainstream with linux, they can hire their own team of developers to custom code the kernel and all the software on the system. You can benefit from better applications for the military and conceal most of the source code that way so that it is private.
_
Free 27" Sony WEGA TV
The GH attitude towards Open Source insecurity is very healthy. The OS should never trust the apps to "behave"; it should operate on the assumption that processes are malicious and incompetent, and will damage each other and the user. Replacing Linux with their own OS makes the reality of widespread Linux apps less risky, at least in their view. If only Microsoft worked this way, we wouldn't have so many viruses, worms, and BSOD's.
All this whining about GH whining is a ton of BS. Are Linux enthusiasts a nation of marketdroids, more concerned with tracing problem reports to "FUD" than to fixing the problem? GH is simply saying Linux + OSS apps is unacceptable. They can't stop people from running the apps (too popular, too much invested training, too many distributors to take on, etc). So they're "fixing" Linux, the OS, by replacing it with something they say is better. What "accountability" is necessary? They found a problem, and set about fixing it. If only the Linux whiners would also put their money where their mouth is, the kernel's extra debugging might take the wind out of GH's sails.
--
make install -not war
Many (if not most) of our developers use Linux as the "host" operating system for developing INTEGRITY and MULTI (our compiler/debugger/code-editor/etc...).
The concern is that Linux is not provably secure. With INTEGRITY, we can prove security and stability.
Have you read Reflections on Trusting Trust, by Ken Thompson? Its general observations, coupled with your own statements, would seem to undermine your claim that INTEGRITY is as secure as you claim it is. If Linux is a "weaker link" than INTEGRITY, and your developers trust the "weaker link" to work on INTEGRITY, then surely INTEGRITY can't be any more secure than Linux?
Someone modded the parent of my initial post up, therefore someone beleives it and so I think the issue that the troll was meant to provoke needed clarification.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
The "stealing" might refer to SCO's varied statements about the validity, while they are also shipping (and advertising (e.g. mozilla was mentioned on the defaced page the other day)) software under the GPL (yes I know mozilla is under more than the GPL, but it is just what I remember spotting. They use other Free stuff too.)
HEAR HEAR. I'm working with both right now. It's sitting on the computer to my left. INTEGRITY is great provided your BSP provides the low-level system access you require -- although the documentation (particularly involving inter-process communications) could use a good deal of work. MULTI could be good if some of the more pressing bugs (randomly opening documents in new or existing windows, no sorting/reordering of files in project spaces, RTServ getting stuck and freezing the system, inability to accurately examine variables in running BSP code) were taken care of.
And yes, I'm posting anonymously because the GHS sales guy was a complete and utter prick, and I have no doubt he'd try to exact some sort of revenge on us for saying anything bad about the system.
Thank you very much for the informative clarification.
There is obviously a need for products like Integrity.
Being able to run Linux apps is just the topping on the cake.
Buh...buh..buh...ls has so many command line switches, it must be a real application!
The GPL/LGPL are horrid beasts that attempt to inflict a world view. When you add code to a GPL infected program, the virus steps into your code and covers it. This is because you've created either a combined or derived work by incorporating any portion of a GPLed program (even a header file or library). The GPL requires you to provide source code upon request for 3 years. You may charge for media and shipping, if you feel like it, and don't have to provide it electronically. This is only required, however, if you redistribute the covered code. If you are using it for an inhouse application, or for a server (for example), as long as you're not redistributing the program you've not fallen under the GPL.
If your code is acting bloated, and is running rather slow, it's likely and predicted that some loops you will unroll.
(Disclaimer: I'm a DIFFERENT Anonymous Coward who works at Green Hills, just stopping by to be amused at all the interesting attitudes and motivations that the Slashdotters have assigned to us, as usual.)
:)
You don't need any special certification to work on DO-178B Level A software (to my knowledge), but your work needs to follow a set of guidelines. There are procedures about documenting and testing your code, and the code + your process are audited for compliance. This kind of information will be available to you during whatever projects you work on, it's not something you learn beforehand in a class or seminar (though obviously when you start working on such a project, your company will probably go over these kinds of things in a seminar or similar). I'd suggest just honing your embedded development skills in general and applying for the jobs you want; there isn't a particular certification I can think of that's applicable here.
As far as MULTI interface suggestions, we're certainly interested. If you're a paying customer, there should be some sort of local FAE or sales rep for your area that would probably be the best person to talk to. Beyond that, you can submit suggestions to our technical support. If neither of those is accessible to you, we still want to hear your opinions, but as a lowly engineer I'm not sure what email addresses would be most appropriate to give you. If you read this and don't have an easy way to submit your suggestions, reply with your email address or something and I'll try and connect you to the right people
Thanks for the info. We have a sales rep so one of these days I'll collect all the good ideas from the team and send it on. I hope nothing gets lost in the engineer->sales->engineer translation train.
The comparison is not a valid one, as the operating systems are designed for entirely different purposes - stock Linux is not even a hard RTOS, and has no requirements or process documentation, which means it's not even a candidate for certification under DO178-B. The claim of Linux being less secure, safe, or stable rests entirely on which version of Linux you are talking about. There are DO-178B Level A compliant versions of Linux on the market, as there are Level A compliant versions of Windows CE and the fine INTEGRITY operating system that Green Hills makes.
I would disagree with the assertion that Level A compliance is a guarantee of security - it means partitioning integrity is confirmed with full structural coverage to the MC/DC level(and requirements-based coverage), but that is not a measure of security. There are stricter standards for correctness and reliability than MC/DC statement coverage, like the proofs of correctness (or expanded-state model checking verification) used to verify cryptographic algorithms. It's definitely a good start, but it isn't the end.
Ultimately, I agree with most of what you're saying, but the specialized nature of safety-critical design does not broaden well for comparison across the board.
You can order a copy of the DO-178B guidelines from RTCA (the publisher), although the standards make about as much sense as the standards for NASA or the FDA.
Yeah, and the installed user base is almost 100% of the Linux boxes out there. Talk about market domination.
...if you're doing avionics or highly classified systems, you're going to HAVE to have some auditor testing it for quite some time (and not a couple of weeks, either...).
DO-178b requires certified software if it's involved with something that impacts flight safety. That means if you're flying on any aircraft, military or civilian, that flys in the US territories, if the software isn't DO-178b certified, the plane is grounded unless there's a pressing reason otherwise.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Our group wound up buying the IDE from Metrowerks and using an in-house RTOS, so no extraction of revenge possible.
But yeah; INTEGRITY seems nice, from my (control systems engineering) perspective as someone who doesn't like dealing with writing software. MULTI, on the other hand, is entirely counter-intuitive to my mind.
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
Had this been a comment bashing Microsoft, it would have been given a 5:Insightful rather than a -1:Flamebait.
Let me follow up to this fellow's comment. I do not work for GHS, but I work for a large company, and I am responsible for evaluating and picking an RTOS for a system that has volume in the millions. This system also has strict requirements around safety and reliability and performance -- it is not in the mil/aero market, but is consumer oriented.
That said, I have evaluated about 5-6 RTOS' from each of the vendors. My conclusion is that Integrity is the best. Some of the reasons are mentioned above, but more technical reasons are gleaned from Integrity's product data sheet.
Did anyone here honestly take the time to read about Integrity and understand what it can do? Instead, I see tired arguments from zealous individuals.
Quite frankly, Linux does not meet many of the requirements of this system. I think they are on the right track, but in order to meet some of our more difficult requirements, I believe Linux would need a nearly complete re-write.
Integrity is also royalty-free, source can be bought if desired, and the tools are superior. Also, I found B. Perens comments that the company is failing laughable. Go look at their financials page. The fact is they are increasing revenue and gaining large market share -- killing W.R. who used to dominate. This means faster time to market for more 3rd party technologies that I want integrated with the product.
I like Linux, sure, but it just doesn't meet my requirements. We'll sit around and wait to see how it evolves, but for real-time, high-availability type applications, Integrity is a far superior product today.