Green Hills Software Decides Linux Isn't So Bad

An anonymous reader submits a link to this report on LinuxDevices.com, which begins "An outspoken open source detractor has paid Linux a back-handed compliment. Green Hills Software (GHS), known for diatribes against Linux in military/aerospace applications, is shipping 'Padded Cell technology' intended to enable the company's proprietary real-time OS to take advantage of the wealth of Linux application software." You may remember GHS's Dan O'Dowd, who's claimed that the embedded Linux Tools Market is a myth and that the open source nature of Linux makes it a threat to national security.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Open Source is a threat to National Security.

[Coryoth]

This should be self evident to anyone. Admittedly the National Security Agency bothered to make additions to the Linux kernel to make it more secure, and freely returned their work to the open source community. That just shows that the National Security Agency doesn't know anything about National Security.

When I'm concerned about National Security I know I trust a random small commercial software company. It would only make sense that they would be better informed about National Security than some lowly government organisation.

Jedidiah.

Re:Open Source is a threat to National Security.

[Detritus]

NSA's involvement in Linux amounts to a research project. Although I think it is interesting and useful, it shouldn't be mistaken for an endorsement by the NSA.

I can't think of a single desktop operating system available to the public that is truly security aware, from design to implementation. The architects of Windows NT started out taking it seriously, but security quickly lost all battles to the proponents of compatibility, performance and "more features". OpenBSD is an example of how auditing is necessary but not sufficient.

Re:Open Source is a threat to National Security.

[quetzalc0atl]

what you are saying is not entirely true. from the selinux website: "Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments." this statement clearly says that they picked linux for a reason...i dont know if "endoresement" is the right word. in addition: "Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security." sounds like an endorsement to me

Re:Speaking of government contracts

[tyleroar]

Yes, Suse Linux Enterprise Server 8 has

Wow, sort of like how Linux has WINE?

[zerperson]

Seriously people, allowing your OS to run apps from another OS isn't declaring the superiority of the other OS. It is simply a wise business decision. It can, in fact, be interpreted as an insult to Linux, depending on how you look at it. Consider this:
GHS: "Our OS can now run Linux apps, so you don't have to use crappy Linux"

This is exactly the same reason they came out with WINE. The WINE devs don't like Windows, so they give you an alternative with WINE. This is the same thing.

Re:It is true

[kfg]

If they find a backdoor in the kernal and someone has stolen sensitive stuff through it, who's to blame?

Stuff so sensitive that it threatens national security has been stolen and your only concern is your scapegoat.

You work for the government, don't you?

KFG

Linux sucks

[Doc+Ruby]

What is the submitter talking about? Saying "Linux sucks", then saying "here's something to run Linux apps that isn't Linux" isn't a compliment, or a retraction. It's emphasis. They never said that Linux doesn't have a lot of apps, or that it's not popular. Just that it's not good enough. And now they have something better.

Re:Compliment

[nomadic]

I think this course of events is sort of ironic. Possibly they were motivated for other goals in their previous outlook on linux. Either that or they feel its good enough and won't endanger their security for there product at least.

Or maybe they just want access to all the linux apps available. It doesn't necessarily mean a change of heart regarding linux; does anyone here think the WINE guys started WINE because they felt that Windows was a better platform? Or that the FreeBSD crew created linux binary compatibility because they thought linux was superior?

Re:GPL: Intellectual Theft

[donscarletti]

Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable.

Nice troll. This is utter garbage of cause, but it is common misconception so I'll rebut it. Just because something uses a tool doesn't mean it is subject to the same licence as the tool. Firstly, if this were the case, then any document created in an open source word processor or text editor would need to be GPLed which is clearly not the case (and would be dangerous for writing confidential documents). Even if compiling something with gcc made it a dirivitive work (which it doesn't), only the binary would be a dirivitive of gcc, and the source code would be completely unneffected since it is not modified by gcc. BeOS was compiled by gcc for the x86 platform and it remained closed source and propritary with no legal challenges.

we were informed by a lawyer that we would be required to publish our source code for others to use

One only has to release the source code under the GPL to the people you distributed the binary to.If you keep it wholly in house you only need to give the source code to anyone. If you make it for a single client you only need to give the source code to that single client. Of cause anyone who you give the source to is allowed to pass it on, but it isn't like you have to just broadcast it to the world just because you changed it.

If you are not trolling and have read what I have just said and still don't think its fair, think about this: the program you are modifing was written by thousands of other people, many of them with commercial tasks just like you, and they have let you use their code. If you want to distribute the hacked kernel without sharing your code, how is it fair for the people who have contributed beforehand?

Oh, and if you are not a troll, you really need to get yourself a new lawyer quick, because that lawyer just caused you a lot of wasted time and effort.

Doublethink

[fishdan]

From the article:

O'Dowd says his company has achieved a kind of Linux application binary compatibility through technology that enables Linux applications to run under Linux

When I read things like that, then I understand why I'm only an engineer and not a CEO, because I would NEVER think of using that phrase to try to get my point across.

Think User Mode Linux, but no on Linux

Disclaimer: I work for Green Hills Software

There seems to be some confusion about this product. From what I've seen and heard (I haven't used this product directly yet), it is a method of running linux applications on top of the uber-secure real-time operating system, "Integrity". The linux applcation layer is sheilded from the rest of the system, and possibly from other linux-application layers. It's really more of like user-mode linux than a linux kernel.

I hope that helps...

Dog bites man. General Franco still dead.

[Maniakes]

Green Hills makes devtools and OSs for safety-critical embedded systems. They've been vocally anti-Linux-in-safety-critical-embedded-systems because Linux is a competitor (nothing particularly nefarious, just a company trying to make a case that their product has advantages over a competitor).

And now they made a compatability layer so their OS can run software written for their competitors' API. This is a change of heart how?

Especially considering how Green Hills has long had a compatibility layer for their more direct competitor vxWorks.

oops, wrong website!

[BitchKapoor]

Not quite... that's Greenhill Software, we're talking about Green Hills Software. According to Netcraft, they run NetBSD or OpenBSD: http://uptime.netcraft.com/up/graph/?host=www.ghs. com

Missing the point?

[mkramer]

Considering their complaint about Linux, valid or not, is its security, I don't see how this play deviates at all. The point of this compatibility later is to allow these possibly unsafe *applications* to run on a safe *operating system* by isolating their system calls, making them non-intrusive to the system's operation. Hence the product name, Padded Cell.

Although, that would really imply an app ca't even easily hurt itself, which is hardly the case. Padded Cell just has a nicer ring than Solitary Confinement.

national security

[potpie]

With all bias aside, doesn't it make more sense to run important government systems with open software? Open software can be changed as much as they want; it's not like they're buying the latest Mandrake pack from CompUSA and popping it into the super-mega-warhead-doomsday-computer's cd drive.

The very last thing I'd like to know about would be the government placing a tech support call to a company that only sells them proprietary software. I find that somewhat unsettling.

But I'm not an expert; are there advantages to using code you can't see or modify to run government computers?

BSD Rules!- how to critique linux

[xtermin8]

BSD users, and perhaps we can include Apple OSX users among them, have made valid criticisms of linux for a long time now. None of us have sunk to the depths of declaring linux a threat to national security because it is open source. It is perfectly reasonable to act as Green Hills Software has, in providing a compatibility layer. The irresponsible public statements they have made is another matter.

Re:Think open source, but not open source!

It's me again (the guy who works at GHS as per the grandparent of this post. I don't have a /. account)

I don't feel that there is a "distain" for the work of the dedicated individuals who have worked on Linux. We offer development tools that can develop on and for Linux (as well as Windows and Solaris). Many (if not most) of our developers use Linux as the "host" operating system for developing INTEGRITY and MULTI (our compiler/debugger/code-editor/etc...). Linux is a fine operating system for desktop work.

The concern is that Linux is not provably secure. With INTEGRITY, we can prove security and stability. We have a version of INTEGRITY that has been certified as DO-178B Level-A compliant, which means that it can run critical systems on airplanes. To achieve this, we had to make the kernel completely deterministic, and test and document every line of code. There is no dynamic memory allocation at the kernel level (no malloc()), there kernel never turns off interrupts, even when in an interrupt handler (granted, a processor usually turns interrupts off when an interrupt fires, but we turn them back ON at the earliest opportunity). You cannot say these things about Linux, and thus it is less fit for safety or security-critical systems.

Lastly, in response to some complaints I have seen previously, Green Hills does offer the source to INTEGRITY to paying customers. There have been complaints that no one could trust INTEGRITY because they don't have the source code to it. These complaints are unfounded. Customers are free to examine the source and modify it to their wishes, and many do.

I thought it was rather heavy handed

[rfc1394]

I thought that Dan O'Dowd's EE Times article was rather heavily pushing about why he felt Linux was inadequate for use in hard real-time applications, as if he was trying much too hard to argue the point.

I thought that he was trying too strongly to make the case that those that want to use Linux for real-time applications will not buy tools and those that want better performance for hard-real-time will not choose Linux.

It is also obvious that a general-purpose operating system is not going to work as well in a real-time environment as one specially designed for that purpose. It's the reason why, for example, if you are an organization that wants a system to break encryption keys fast, you build a special-purpose machine that includes hardware designed to do quick computations of prime numbers, not commodity hardware with lots of extra features you don't need and won't use, that slow down the primary purpose of breaking codes.

He seemed to be arguing the point far too strongly, as if he had a hidden agenda. Okay, presuming his argument is valid, so what if Linux as a general-purpose O/S is not as good at handling hard-real-time as a specially designed one? He could have argued that in about 1/5th of the space his article uses. What is also interesting is, despite all his talk about how bad Linux is, he seemed to ignore examples where Linux is considered good enough for real-time use in many cases, and was unable to mention any alternative which might be better, such as some open-source alternatives that have been mentioned here on Slashdot.

I had a suspicion but I wasn't sure. And now it's clear: his company sells real-time operating systems in competition with Linux. So he claims Linux is not good enough. Where have we heard this before? :)