Slashdot Mirror
Windows For Warships Nearly Ready
mattaw writes "The Register is carrying the sanest and balanced article on Windows deployment in UK warships that I have read to date in the public domain.
As an ex-naval bod myself we have long considered that this is potentially a REAL problem. The main issues are the huge amount of unrelated code that is imported with the kernel and the need for incredibly fast response times."
...this is probably a positive step, in many ways. As the article shows, the previous software was terrible already. Military research and development may seem high tech and modern, but they are one of the most inefficient organizations imaginable -- tons of ancient embedded programs trying to integrate with one another. I can't imagine being a "new" programmer in the military and trying to comprehend what decades of previous programmers were trying to do, let alone keep it working.
Sure, there are many options out there -- Linux, continuing to use a proprietary OS, Windows, whatever. Yet with technology changing as fast as it does (even military hardware), it does make sense to use an operating system that has some base support for almost everything. In this case, it is Microsoft.
Does Windows crash often? For many users, I think the answer is yes. But in my experience, you can tailor a Windows installation to just the most basic requirements and it runs fairly well. I highly doubt that warships would be connecting to the public Internet with the users downloading any number of buggy apps to conflict with mission-critical applications. Since that is the case, there are a number of long term installations that I have familiarity with that have been running Win2K (and some WinXP) that have been running flawlessly for years for my client base. None of these installations are on a public IP, none of them allow end-user application installation, and all of them have been extremely rock solid AND easy to maintain when necessary. As the article shows, their main connection is a unidirectional 300 baud ship-to-shore link.
We're not talking about a machine running everything, just specific software for a specific purpose. Anything is a step in the right direction when you consider what a Luddite the military can be in terms of support applications versus the modern hardware they're running. Training new users on ancient system is very inefficient and dangerous (read the article on their ancient interface hardware!), giving them an interface they recognize makes sense from many angles, including safety. The interface to enable weapons firing won't rely just on Windows to approve or disapprove a launch -- there are always old-fashioned hard key-based turn-locks that override whatever the software does. If they want to launch a missile, the physical keys must be turned, and THEN the software must be approved. If there's a glitch after this hard-approval is turned, it can't be in grave error.
The bottom line is that I liked Win2K towards the end of its supported life. I had many customers who were unhappy about moving to Windows XP, and we still support numerous servers running Windows 2000 for mission critical (not THIS critical, though) applications that are running strong and haven't had to be restarted in over a year or longer (one customer hasn't rebooted their Win2K installation in 3 years). The software works, the API interface is known by most modern programmers, user interface is comfortable for almost everyone, and as long as you don't connect it to the public Internet or try to install a variety of conflicting/buggy applications, you're in good shape.
I think this option is better than Linux or F/OSS operating systems that would possibly require MORE training for their programmers and users to learn. My biggest frustration with F/OSS operating systems is that the user interface is counter-intuitive for a lot of Windows-friendly users, and even worse, trying to find an "old but stable" operating system is a mess as the F/OSS operating system support-base seems to be more focused on the latest stable builds rather than what mission-critical users would want: older software that has a longer history of running well for a given situation.
I'm sure we all remember how well things went for the U.S.S. Yorktown; an Aegis Class missile destroyer that ended up dead in the water after a crew member entered a zero into a database. Obviously, this was caused by the fact that the Yorktown's control software was of a really bad design. Critical systems should have never been so tightly linked that a failure in one area would cause a cascading failure across the ship. Still, it raised a lot of questions about the wisdom of using consumer software for life and death situations.
Two years after that, the Navy had still not learned their lesson. The flagship of the seventh fleet, the USS Blue Ridge, was deployed in 1999 with Windows-based Command and Control systems. The result? The ship was infected with the Melissa Macro Virus. (Source - Section 12.4)
I'm sorry, but when you're taking men into combat, you want equipment that has been designed to do what needs to be done, not pretty features that let the GIs open their email attachments. There's a reason why the current military setup in the US is for the crew to have their own laptops for personal use. Using a consumer OS in a battle-critical system is nothing but a recipe for disaster. It's too bad that Her Majesty's Navy has failed to learn from the mistakes of others.
Javascript + Nintendo DSi = DSiCade
And yet you didn't choose an RTOS? Right. Ok. Gotcha.
At the very least, a DIY linux bundle would be a hell of a lot better than Windows. But even Linux isn't realtime.
Is there DRM for radar/sonar devices?
Tom
Someday, I'll have a real sig.
Am I the only one who read "Windows for Worship"? For a second I though /. had really changed.
...So WTF are they using Windows for?
(yes, seriously)
Windows != real-time OS.
5 points...
Hopefully we will not be in the middle of a war when Patch Tuesday rolls around!
..Oxymoron.
at least we know it's already for the Minesweepers.
How long until the "Blue Screen of Death" (BSOD) has a somewhat more ominous (and literal) meaning?
Just have your CC# ready when you call in for support.
As long as the problem isn't with the weapons system then I think Microsoft would have a good incentive to provide support free of charge ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
This article is infantile puffery, something that's obvious from the style.
Take non sequiturs such as "Windows may be unreliable, but it's hard to imagine it being as failure-prone as the kit which is out there already." This logic may suffice for a lightweight Register article but it's no way to justify picking the worst available consumer grade O/S over proven systems such as Solaris, OpenVMS, or other far more reliable alternatives.
The Reg ran a better article in 2004 - which actually quoted dissenting engineers (who were immediately fired, go figure).
Should we laugh, cry, or protest?
you had me at #!
Abandon Ship!
You constantly struggle for self improvement - and it shows.
Hooray for bad Engrish on fortune cookies
Hi, it appears that you are trying to fight a battle, would you like some help? *shudder*
"No freeman shall ever be debarred the use of arms." -- Thomas Jefferson
"HMS Clippy is online" "Are you sure you wish to block HMS Clippy?" Yes "Launching Torpedoes"
...with this one
System: Are you sure that you want to go out into open waters? Your ship could be the victim of a denial of territory-attack!
Operator: Yes. Raise the anchor.
System: Double the killer delete select all?
Operator: Enemy ship spotted. Fire at will!
System: Before you can continue, system needs to be rebooted. Restart now?
Operator: Activate sonar.
System: Before you can proceed, we need to ensure that you are running Windows Genuine Advantage. Please proceed. We will send all of your hardware info to Microsoft. Information will be treated anonymously.
Etc etc.
Three rings for the Elven-kings in the sky
USS BSOD USS Blue Screen (Nice ring to it) USS Crashalot (Like Lancealot only retarded)
Support your local school shooter, give them your firearms.
Waht makes me Zzzzzz is everytime I read a slashdot article, I come across comments trying to predict what the other commenters (by implication, those others are less intelligent than the poster- pointing out stupidity in others in an attempt to make him look smart by association). I prefer to read posts about the subject on slashdot, rather than posts about slashdot, especially when they have the irritating smug tone of "Oh, look at all the losers and their oh so predictable posts. I'm glad I'm far more intelligent than the unwashed masses!" And, yes, I am aware that I don't have to read any posts here, and that I have not only read one of these pointless posts but replied to it.
Mod parent up!
Let's SHIP it then!
Home fucking is killing prostitution.
...a screen door for a submarine!
Hot cha cha cha cha!!
blah blah blah
The point of the article is not that Windows is perfect or reliable- The point of the article is that Windows is amazingly better than the current software running on Navy vessels. A specialized, stripped-down, offline version of Windows 2000 is going to be stable and secure enough, especially compared to what they run now.
You are reading a copy of my copyrighted post.
Mod Parent up.
"+1 Direct Hit"
Proof by very large bribes. QED.
Who cares about training when you're now dependent on a company in another nation? What happens when there's another nutcase in the white house who orders Microsoft to cut off updates or support to foreign military customers?
I believe prior to BAE's sole recommendation that AMS, a company that specializes in Combat Management Systems, recommended Unix. There was also criticism of a lack of third party external review for this decision (not sure if that's linked in the original article or not). If it's the case that BAE up and said "We're going with Win2K" and the government said "ok," I would be a bit concerned.
I do not think the United States Navy would willingly rely on any foreign proprietary software.
My work here is dung.
You'd know that Win2k, however bad, is far better than what they have now.
Best Slashdot Co
I'm sorry, but when you're taking men into combat, you want equipment that has been designed to do what needs to be done, not pretty features that let the GIs open their email attachments.
Which is why they're presumably using a heavily locked down version of Windows 2000 Server with no Internet access.
By summer it was all gone...now shesmovedon. --
Maybe the fact that windows was not written for this should be some sort of clue as to why people object? Windows is not an RTOS nor is it designed with openess and interoperability in mind (things required for security).
Someday, I'll have a real sig.
"Cannot complete request: "shoot enemy" because there was an unknown error, please bring your warship back to drydock and make sure all weapons are seated properly".
Yeah it may crash but it has games!
(Microsoft will not be defeated by any competition. They will be defeated by wrongful death lawsuits.)
I doubt very much that this is the Win2K that you may have bought for your desktop. Many companies make products for consumers that differ greatly to those made for the military, police, and other services. My suspicion is that this is a highly customized install that will be considerably more limited and specialized. And yes, far more stable. The details of the customization, will no doubt, not be available to the press or public (and nor should they be).
As for the articles description of some of the systems out there that are being used by the militaries of the world. It's pretty accurate.
I had a Vic20 that had more power than some of the systems still out there.
I would have thought it would have taken longer for Microsoft to get to this point but,
"Now I need a freaking Battleship with a Nuclear reactor to run Windows!"
Make sure critical systems are protected from crashes in other systems, and that alternative control mechanism exists if the control computer or its console crash.
VERY critical systems like missile-launch systems should have an computer-independent "off" switch that is KEPT OFF at all times unless authorized. I think they do this already.
HELMSMAN: Captain, my console locked up, again
CAPTAIN: Engineering, take manual control of the help for the next 5 minutes, continue at existing course and speed. Helmsman, you know what to do.
HELMSMAN: Aye, Sir. [reboots computer]
[5 minutes later...]
COMPUTER: Welcome to Windows, ship navigation and radar interface loading....
COMPUTER: Warning, inbound missile approximately 5 seconds away.
HELSMAN: Captain, I think we have a probleBOOM!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is exactly the reason that Battlestar Galactica doesn't have any networks on board. If a a virus (or Cylon) does attack electronically, they can only take down one system. Diversity and separation are good things, even in terms of computers.
While that may be your experience, if such were the case with the majority, Windows would be far more reliable than it is.
That would be because it should be easy to identify the buggy drivers (your "B") or to use a diagnostic program to stress test the other components (your "A").
In my experience (supporting 100+ workstations), Windows is just arcane. Following the exact same install process with the exact same install CD's will give you different results on different machines (same make and model)
Then we get into the whole concept of the Registry and DLL Hell and so forth. Un-installing an app may not get rid of all of the crap from that app and so you'll have stuff just sitting around waiting to trigger a crash. And different versions of DLL files overwrite each other so re-installing may fix app A, but break app B.
Troubleshooting on Linux is so much easier and faster. Which is one of the reasons I prefer Ubuntu (or vanilla Debian).
On ships anyway.
Well, if this doesn't pan out they could always use that agreement with SuSE and release Naval Linux...
"Waste not one watt!" - CZ
So we're going to be putting our trust in a system to which we don't have the source code and which is infamous for the instability of its applications, and the ability of viruses to corrupt. I do grant that the system is likely to be "hardened", but we all know how hardened Windows really is, don't we?
Also, being Windows 2K, there is unlikely to be an easy, inexpensive upgrade path. It'll still be there in about 15 years and look as obsolete as the stuff the article complains about now. Since Windows '98 was obsoleted recently, I can't imagine support for Win 2k continuing for ever, can you?
If ever there was a set of systems that would benefit from a custom Linux or Unix release, this would be it.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
This brings a whole new meaning to BSOD...I can see it now...
British Captain: Fire the torpedos!
British Crewman: Umm...Captain...we have a problem...I just got BSOD!
British Captain: What? REBOOT AND FIRE!
British Crewman: I CAN'T...I KEEP BLUE SCREENING!
British Captain: NO TIME TO REINSTALL! ABANDON SHIP!!
Meanwhile on the Russian Submarine...
Russian Captain: We show those punny British who's boss...We run Linux on our Machines and in Soviet Russia Linux runs you! HA HA HA PEW PEW PEW!
Bite my shiny metal ass.
I knew Billy was peeved about pirates but I didn't know he went as far as having his on fleet of warships. Come on I know I couldn't be the first to make this connection.
Don't you hate glorious self-promotion? Visit my Blog
You can whine all you want about how Windows crashes all the time. In the end, all that matters is will it work on the ship? I have seen Unix systems crash before. Even military systems based on Unix crash. The code that the programmers make to run the device must be as solid as the operating system beneath it. If you add crap software to any OS, you get crashes. Even worse than crashes are poorly designed interfaces. What kind of programmer makes the user type in perfectly a 100 character fire assignments, with no chance to use backspace or delete?
No internet access is irrelevant. The fact that a system like that is vulnerable AT ALL to common viruses is a recipe for disaster. Consider: Someone who doesn't like the current direction the ship is going bringing in his USB pen drive and launching a virus across the ship, taking control of it or just disabling it. While this could potentially happen with a custom designed OS, without the specs, interface calls, and knowledge of the system and how to compile for it, you aren't going to be writing many viruses at all for it. Even the potential for ACCIDENTAL infection makes it highly undesirable to have a common OS at the core of your battleship.
And that's going to stop someone from accidently running into another divide by zero bug? Or from the system being compromised by a tech who decided to interface his laptop for convenience of system administration, and accidently carried a virus from shore? Or even foreign agents installing sophisticated spyware* because the OS is designed to run user programs? And that's assuming that situations don't arise where the Windows Task Scheduler is busy, and fails to respond fast enough in combat situations! (Never a problem in RTOSes, where they're designed with such situations in mind.)
:P
There are just so many things that can go wrong here, that it's not even funny. This simply is not a wise move. Not by a long shot.
* Brings new meaning to the term, doesn't it?
Javascript + Nintendo DSi = DSiCade
By 5000 years or so...
u lture) )
LSV Your system needs to be restarted
GSV Click here to start
And the latest and greatest:
ROU, Cancel or Allow, psychopath class
( http://en.wikipedia.org/wiki/List_of_ships_(The_C
Obviously, this was caused by the fact that the Yorktown's control software was of a really bad design.
h tml
You are mistaken. Safeguards were intentionally disabled.
The truth is that a server app corrupted it's data, a client app tried to use that bad data, and the client app failed to control equipment. Can happen with any OS. Add to this the fact that the ship was a test platform not an operational ship and they were trying to break things.
"Others insist that NT was not the culprit. According to Lieutenant Commander Roderick Fraser, who was the chief engineer on board the ship at the time of the incident, the fault was with certain applications that were developed by CAE Electronics in Leesburg, Va. As Harvey McKelvey, former director of navy programs for CAE, admits, "If you want to put a stick in anybody's eye, it should be in ours." But McKelvey adds that the crash would not have happened if the navy had been using a production version of the CAE software, which he asserts has safeguards to prevent the type of failure that occurred."
http://www.sciam.com/1998/1198issue/1198techbus2.
"McKelvey writes that the failure, "was not the result of any system software or design deficiency but rather a decision to allow the ship to manipulate the software to stimulate [sic] machinery casualties for training purposes and the 'tuning' of propulsion machinery operating parameters. In the usual shipboard installation, this capability is not allowed.""
http://catless.ncl.ac.uk/Risks/20.37.html#subj1
I heard that the install image comes with Minesweeper...for training purposes..
Huh?
I can see it now ... "BY GOD, I thought it was just minesweeper!"
'The main issues are the huge amount of unrelated code that is imported with the kernel and the need for incredibly fast response times'
I beg to differ, is any kind of server OS suitable to the task. How about a distributed system running on embedded hardware with multiple 'failure modes' and communication channels. And I don't mean code running from a rom, something like small independent devices running as finite state machine with known predictable behavour. That way when a shell blows a hole in your computer, the whole ship don't go dead in the water.
davecb5620@gmail.com
I agree. Look at the parent post, for example.
That's it. Just.....yikes!
where script kiddies can defeat navies
one wonders what someone like jules verne or isaac asimov would have thought of such a world
or imagine telling a naval commander in the days of the dreadnought, those undisputed impenetrable ocean fortresses they were, that in the future, some teenager pecking at a typewriter in front of a cathode ray tube type device a continent away could magically disarm his entire fleet
it truly boggles the mind, and yet it is the reality we find ourselves in today
if life seems mundane to you, remember, factoids like this story prove it most definitely is not boring
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Okay, but now explain HOW it is "worse".
Under Ubuntu, if the library isn't in the repository, that single app won't install so you know it won't work.
With Windows, installing a new app causes one or more existing (and previously working) apps to stop working.
Which would indicate that it was a software bug if that behaviour was documented or known.
Such would be a hardware bug if such was not documented and behaved differently in different pieces
...but why hasn't the military just employed a hundred or so programmers that just make a custom-built OS that the US military uses all accross the board? That would make communications and data integration much easier, amongst other positives...
Too expensive? Time consuming? Difficult? Why haven't they just done that...?
Living With a Nerd
You'd know that Win2k, however bad, is far better than what they have now.
I find this hard to believe. This sounds like something that you'd hear from someone who had already decided to upgrade.
Their current system works; therefore, it is inherently superior to any new, unproven, new system. There should be a huge barrier to upgrading with anything, because you're replacing a devil you know with a devil you don't. The new system should have to have demonstrated credentials in other similar situations, proving that it's at least as capable as what it's replacing. Things like ease-of-use and training should all fall under the system's core purpose.
I've seen companies replace "legacy" systems because some manager walked out onto the production floor / cube-pit and was horrified to see green-screen terminals sitting around. To them, terminals = old, old = bad, end of discussion. So they would come up with reasons to upgrade, and say things like 'well, it couldn't be worse than what we have!' with complete neglect for the fact that the old systems, by virtue of having been there for a long time, clearly did their job.
And, bottom line, it's a lot easier to train someone on a complicated green-screen system that always works, than on an unpredictable new system, where you have a ton of gotchas and error modes. Generally, once you get everything worked out, and people know what things they just can't do because it'll crash the system, you haven't really simplified anything. I have personally seen tens of millions of dollars wasted on 'upgrades' like this, where the result was so much worse than the beginning, that it immediately rolled into a new cycle of upgrades -- the executives believing, like deranged poker players, that as long as they had tossed that many millions into the pot, that they would surely solve it with a few million more.
This sounds like the same thing is happening; someone freaked because the equipment and software is old, but didn't realize that there's no logical reason why something that's old is necessarily bad, if it's still doing it's job. "Anything is better than this" is always false if what you have right now gets you through the day and does its job. Unless the system you're implementing has a strong track record of doing the same job elsewhere, you have nothing besides a salesman's promise that it's going to be better. And remember: at the end of the job, that salesman is going to disappear, and you're going to be stuck using whatever is left.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Your scenarios (and AKAImBatman's) are all examples of failed offline security policies. If someone is able to physically plug a pendrive into a mission critical computer or even physically touch the thing without appropriate credentials, you may as well blow up the damn warship yourself.
These aren't corporate desktops. The military are not stupid enough to make such attacks easy.
By summer it was all gone...now shesmovedon. --
Yes.
"This is a potentially dangerous action. Are you sure you want to contine?"
Yes.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
They haven't found a way to make them leak oil yet!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Putting all the blue-screen jokes aside, this might be a good thing.
Windows does have a closed-source kernel, but it does have the advantage of hosting a user interface that even the most basic-knowledge recruit will know. Windows is on 90+% of the world's computers, and absolutely every younger person knows how to navigate around in it.
Here's a parallel example from my line of work...the airline business. Lots of carriers have systems that were designed 20-30 years ago. Most have GUIs slapped over the top of a terminal emulator, but even those are cryptic. Some airlines send their customer service agents to a month of training just to get them to memorize the key parts of the system. I would imagine military systems of the same vintage are even more complex, and force a serviceperson to endure many months of training. Training, by the way, that will prove useless in the real world.
I'll bet the defense contractors designing any Windows-based system have full access to the kernel source anyway. Also, don't forget that stuff designed for the battlefield isn't exactly slapped together by a bunch of new graduates who picked up a ".NET for Dummies" book.
the article. Scroll down to Big step forward and read the bit "anyone who has spent time in an RN warship is entirely accustomed to seeing equipment on which he may depend for his life occasionally throw a double six for no good reason. Windows may be unreliable, but it's hard to imagine it being as failure-prone as the kit which is out there already."
Best Slashdot Co
I don't mean to troll or anything but would a 0 day flaw allow someone to remotely connect and launch strikes? Sounds like a bad movie to me... or has it already been done?
Given Britain exports a lot of defence technology, use of foreign machenary is not that big a problem to many nations
Buying machinery is one thing; software is quite another. With a machine, even a fairly complicated one, you can with enough effort, understand what's going on inside it.
Say you have an Apache helicopter. When you buy that helicopter, you also buy training. Not only do you send the pilots in for training, but you also send all of the maintenance people, pad crews, etc. They learn how to service it, tear-down the engines, etc. So what you get back is far from just the machine, you get a machine, and a crew who (ought to) basically understands it. And if you really want to understand it, if you're any country worth discussing, you ought to have at least a few engineers who could spend a few weeks figuring out key parts.
But with software, you're buying a true black box. You're being handed something (which, if every line of code was the size of a watch-gear, would probably be as big as a trailer truck) that you cannot have any significant insight into the workings of. You have no idea how it really works, or what it's truly programmed to do.
With a machine, you can tear the thing apart on receipt and make sure there's nothing suspect in there; no bombs or homing beacons, etc. You really can't do that with a large piece of precompiled software. You are totally at the mercy of the people who built it; you're taking them at their word that they haven't backdoored it.
And for what it's worth, if I were the CIA in the U.S., you'd bet I'd be leaning on Microsoft to seriously backdoor every piece of software that it sold for military purposes abroad. To them, it's a perfect way to prevent resale to folks that we don't like (or later decide we don't like). Sure, we're friends with the British, but what if the British in 10 years sell a destroyer to the South Africans, who sell it to the Egyptians, who sell it to the Iranians? Suddenly, a way of making it go dead in the water would come in handy. You'd better bet that the folks in Langley, who are paid to be paranoid, have thought about this, too.
Software is inherently different than physical machinery, because while physical devices can be taken apart and investigated, and follow basically well-understood rules (physics, chemistry, etc.), software does not. A large binary blob is as close to indecipherable as a functional object can get, and there's really no way to secure it. It is an inherent risk, and one that I'm not sure many established militaries are putting enough thought into.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
'Windows is amazingly better'
..
No one in their right mind would use a desktop PC to operate a warship. The decision to go with Windows was a political and financial one and made in opposition to criticism from BAE's own engineers.
'A specialized, stripped-down, offline version of Windows 2000 is going to be stable and secure'
Why are they using seven year old technology. Why not upgrade to Vista. Actually, now that I think of it, the WinTel 'computer' also has a number of failure modes, like forgetting what hardware is attached if it isn't rebooted once a fortnight. Tell me they're not going to be using PCs
davecb5620@gmail.com
That way, none of them will be able to fight effectively and world peace will break out. By installing it in the nuclear boats, you also have non-proliferation by stealth.
Way to go guys, let's see it rolled out more. Maybe send some complimentary copies to Iran
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
At the allegation that Windows is a "consumer grade" OS that is somehow inherently less reliable than Solaris and OpenVMS. OpenVMS? Can you count the number of people you can find in a three month job search who are experienced with OpenVMS on more than one hand? Have you installed Solaris 10 lately? Now that is has a *Registry*? Does Solaris 10 install out of the box with a completely functional, somewhat intercompatible, Kerberos ready to go? Can you choose betwene hundreds of vendors offering all kinds of add-on software? *Nobody* ports their stuff to Solaris anymore.
The only real differentiation is cost. It's expensive to drink the Microsoft koolaid. As for single sourcing, the only way Microsoft would be locked out of a county is if xenophobic politicians legislated it so.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
"The Register is carrying the sanest and balanced article... that I have read to date in the public domain." Now, this may be the sanest article you have read to date, but what is this balanced trying to do? Are you comparing something? You may have wanted to use "most balanced" to compare this article with others you have read. I understand that you have a previous history with the military and as such, have absolutely no language skills whatsoever. Go to school.
...So WTF are they using Windows for?
Playing solitaire? It can be quite boring on the endless sea...
Ha! You don't have that feature under VxWorks, do ya?
Fear is the mind killer.
So you had seen in back with 9x
Here's an article from 2005
http://msdn.microsoft.com/msdnmag/issues/05/04/Re
... of the situation is here: http://math.boisestate.edu/gas/pinafore/web_opera/ pin09.html
P.S. I worked for a Lockheed Martin subsidiary, on commercial projects. Nonetheless, the chief security engineer (a man I held in the highest esteem), admitted he used Linux inside his firewall, but Open BSD on the outside. I took that as sage advice.
dot-sig.
It doesn't matter -- they're still using a general operating system in an entirely inappropriate way. This is exactly the sort of task that ultra-stable and modular operating systems like QNX are built for. Windows was never engineered for anything remotely like this (which is why it is so feature rich -- it was designed for the desktop / non-critical server world, and it does that job admirably).
They have the liability of millions of lines of code that have no purpose or use for them, but to present new and interesting ways to fail.
Here's your core problem: You're ignoring context in your defense. See I like Windows -- I'm running XP on my desktop, and Server 2003 R2 64-bit edition on my servers -- because for me it works well in these roles. I wouldn't dream of putting this on a piece of military hardware even remotely associated with nuclear weapons, however.
Seriously, understand how QNX differs from Windows, and why something like the former makes a world more sense. The "developer skill" ruse is pure bullshit, because 99% of what the developers will be facing is completely unlike any other Windows development.
The system is going to be the equivalent of Windows Embedded. Talk about it all you want but the US Navy has been transitioning for a number of Years and Windows is a perfectly stable (and even realtime) OS with the right design and implementation. It's also very secure if it's not connected to a network and no one is running unauthorized applications.
They are going to be using a highly customized kernel and base system probably the equivalent of windows embedded and security is going to limit applications. To advance fire, control, navigation and watch status systems you need a better base than a 1960 OS with little to no support and no programmers who know the system. Just by shifting to windows they can have programmers that can actually advance their knowledge and might even come into the military knowing something about the programming. And I'll also bet that Visual Studio provides a development environment that is 100000% better than what they were using.
We'd probably all prefer they use Linux as it can be better, but lets not assume that just because it's windows it sucks. There are thousands of highly important systems out there (such as ATMs) that run on windows or windows embedded and do just fine because they aren't plugged into a network, the same should be true of any defense system (especially one linked to nuclear weapons), it should NEVER be hooked up to a non-secure and controlled network.
So the BSOD is a GOOD thing!
"You are about to launch a missile at your enemy. Cancel or Allow"
bork bork bork!
Don't fight wars where they observe Daylight Savings Time.
And run a hundred copies of your battle software as virtual machines, so that if one crashes you've got 99 hot standby's to switch to.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Of course, there could be another reason: there is no single strippoker game for QNX.
The author isn't saying it's a good idea. The last sentence reads: "It's hard to see Windows as fitting the bill." Sometimes people start complaining long before they have a chance to mask their own ineptitude.
BAE's North American group took over the maker of the Bradley APC that the US Army uses. This means that a company connected to a foreign contractor owns the primary supplier of an important armament. The US also buys some of its infantry weapons from European suppliers. What's the big deal? Surely you're not going to suggest that Microsoft will actually want to obey any future dictates on Britain not using Windows, nor would it shaft a rich foreign government in a way that would cause it to lose that market. They'd fight tooth and nail to keep from losing that business.
I worked as an intern for a big company in the power protection and control field (i.e. power substation automation). It's not warship control and if something fails probably no-one is going to be killed, but things will break and money will be lost.
They had some in-house software to program the protection and control devices. That software could also be run under Windows for testing and debugging purposes. I worked on a prototype of an extension of said testing and debugging environment, so I have a bit of experience with this kind of embedded-ish real-time Windows programming, and I must say that Windows is definitely not the way to go for anything like that. It just lacks the flexibility of operating systems made for this sort of task.
Later I found out that what they actually wanted to do is to replace the special-purpose systems with the simulation and debugging environment, all running on Windows because it was supposedly much easier to use and what not. They're going to use my prototype to do so :-(
I have the impression that Windows is often chosen for this sort of task because management knows it and has the feeling that "Microsoft is the real thing", that it is easier to find experienced developers for Windows than for any other platform and that the development tools are better and/or more user friendly. While I agree on the last two points, I'd like to point out that "experienced Windows developer" does not mean experienced real-time, high-reliability-systems or embedded developer, and that the development tools are mostly focused on GUI/Network service programming which is what windows is mainly used for.
I'm sure there are lots of people out there with way more experience in this field than me, but if I were to decide for an OS on a warship it would definitely not be Windows, Unix or any other general purpose OS, but something which can be customized and is built for this kind of task - VxWorks or something similar.
'Windows .. does have the advantage of hosting a user interface that even the most basic-knowledge recruit will know'
.. force a serviceperson to endure many months of training. Training, by the way, that will prove useless in the real world'
'I would imagine military systems of the same vintage
You have got to be kidding. I don't know about you, but I want someone in control of nuclear missile launches to have a tad more than two weeks training in filling in check boxes.
davecb5620@gmail.com
There are a lot of ways that a compromised OS kernel could cause problems. It's never in complete isolation from the outside world.
Specific vulnerabilities would depend on function, but if you're designing a backdoor, you can certainly find a way to trigger it that doesn't depend on a network connection. Particularly if you have access to the device drivers and stuff at the same time, you could figure out a way to trigger the backdoor through a device that's not normally assumed to be a security threat.
It's just not the sort of thing you'd want to bet on; you're letting somebody else, presumably untrustworthy, write and compile the kernel code that runs on the bare metal. From that point onwards, you can't trust anything that the computer does. Unless you're keeping it inside a walled VM and inspecting every bit of data that it gets passed, you're vulnerable (and even then, you're just pitting yourself against the people trying to pass it some specially-crafted data to trigger the exploit).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
After spending years getting our embedded (headless, really) Linux-based platforms into shape for deployment, I'm starting to come under heavy pressure to move to Windows.
Because "everybody else is doing it".
It's what you get when you let non-technical people make technical decisions.
In the course of every project, it will become necessary to shoot the scientists and begin production.
Read your article again: "After a crew member mistakenly entered a zero into the data field of an application, the computer system proceeded to divide another quantity by that zero. The operation caused a buffer overflow, in which data leak from a temporary storage space in memory, and the error eventually brought down the ship's propulsion system. The result: the Yorktown was dead in the water for more than two hours."
Safeguards disabled or not, that is not an acceptable outcome. These machines kill people. The error should have stopped at the divide by zero. But it didn't. It resulted in a buffer overflow. Which resulted in a memory leak. Which resulted in the eventual crash of the entire network.
All that Mr. McKelvey is saying is that they didn't have the checks in place that would have prevented such values from being entered. The fact still remains that a single bug took down every subsystem in the ship. That is unacceptable, as situations may arise where invalid data either passes the checks by accident, or is unexpectedly created from inside the system. (e.g. Sensors sometimes give values that are unexpected.) Proper design would have taken into account that this could happen, and protected each system against crashes in other systems.
In any case, all the Navy was attempting to do was drive machinary outside of their speced ranges. Allowing those ranges to be manually overridden is not an excuse for total failure. The Yorktown was a warship. Which means that she may have been called upon to operate outside of safe limits inside a variety of combat situations. Would it be acceptable for the ship to crash because the crew was trying to compensate for battle damage? And if the ship's systems are so vulnerable without these checks, what happens when damage from enemy fire starts causing power spikes and drops? Does every subsystem cascade into failure just because a different networked subsystem failed?
If the USS Yorktown (CV-5) had been equipped with these systems, we would have lost the Pacific theater in WWII. Rather than continuing to fight after taking torpedo after torpedo after torpedo, her systems would have crashed or been corrupted, and that would have been the end of her fighting ability.
Never mind the reality that the Yorktown carrier had continued operations at the Battle of Coral Sea after receiving a bomb through the deck that penetrated the hull and exploded below decks. The damage was estimated to take 3 months back in port to repair. Never mind that she was hastily patched up in only three days and sent straight back out to the Battle of Midway. Never mind that she took 3 bombs from enemy fighter planes before the boilers were taken offline for repairs. Never mind that she was back up and giving 20 knots only one hour later. Never mind that in her heavily damaged, beaten, and bruised state, she still managed to evade two torpedos through wild maneuvering before the enemy torpedoing finally tore into her hull. Two torpedos ripped into her and
jammed her rudder. Her powerplants went offline and she began to list. The ship was abandoned, but wasn't lost until the next day when another two torpedos contacted her hull during (amazingly successful) salvage operations.
THAT is the type of hell that these computer systems will need to go through. They must fight to the last minute to make sure that the ship remains operational. The lives of those on board, and those back home may depend on it some day. Having systems crash at the slightest sign of bad data is not acceptable. Bad data is a guarantee in these systems. When the ship starts taking damage, she WILL experience failures. There's no question about it. But one failure should never, ever, ever lead to another one. If it does, people die and wars are lost.
Javascript + Nintendo DSi = DSiCade
And the 98/1 is incapable of running Windows without a ground up rewrite - it's a (IIRC) 24 bit machine with an architecture that is (to put it mildly) wildly different from a PC.
The line "We're starting to search really hard for things to panic about here." from TFA could more accurately be written "We're writing nonsense here without actually having a clue" - which makes one wonder about the veracity of the remainder of the article. Especially since on a mailing list for sailors and naval professionals (of many nations) I am on, many things about US and UK kit are discussed - but the massive reliability issues TFA brings up (handwaves) are notable by their absence.
The bit in TFA about paper charts is especially telling - because any experienced and knowledgable sailor knows those charts have been retained on purpose. Charts don't crash - and the vast majority of the time they are more than sufficient to the task.
From TFA:
More pure FUD - because having a high tech navigation system is no proof against crashing into things. Witness the recent grounding of USS San Francisco - caused by a combination of operator error and a bit of seafloor being less than accurately mapped. (Much of the Earth's water is poorly mapped by modern standards - including harbors!) Equally, consider the hundreds of times a year the RN *does* move in and out of harbor without crashing into things.
I could go on - but I can summarize fairly succinctly; The author of the Register article not only appears to know very little about Naval matters, but he appears to have learned what he does know from USENET trolls and Slashdot. The biography appended to the article indicates he spent his time in EOD - not someone I would expect to be knowledgeable about ship operations. It also reveals he wrote a book detailing the problems with the procurement system - whose Amazon reviews show to contain a systemic bias againt BAE.
My qualifications? (Since the question will come up.) 10 years in the USN Submarine Service working with the MK88 and MK 98 Trident Fire Control Systems, as well as 30 odd years of studying naval technology and issues.
>> The standard UK means of communication with a submerged boat is VLF radio from a single massively secure shore transmitter. It is shore-to-ship only, and extremely low bandwidth (say 300 baud). Even this vanishingly thin, one-way, inaccessible pipe isn't always there, and it isn't directly connected to the sub's command system anyhow.
I can see it now. While at sea every PC suddenly displaying following message:
TO CONTINUE PLEASE DOWNLOAD WINDOWS GENUINE ADVANTAGE AND AUTHENTICATE YOUR COPY OF WINDOWS AT MICROSOFT.COM.
I used to work in this field (supplying software to the Navy, for use onboard warships), and the one thing I can state from my time working with people in the Navy is that they're definitely more interested in things working than in things looking good. I don't know the background to Windows being chosen, but if it was a decision made by the type of people I used to work with/for (I worked for a Navy supplier, so HM Royal Navy was in effect our client), having fancy popup messages and nice-looking GUIs won't have been anywhere near their top priority. This isn't the sort of thing that gets rushed - it's likely to have taken months if not years to come to this decision. The article's mention of outdated technology is pretty accurate - and it is because that technology has a history of doing the job well. Of course, if the decision to use Windows was made by politicians or economists...
Having said that, while I worked on these projects, at the same agency the FIST project was getting under way (a project to equip infantry with personal computer/weapons systems, with HUD in-helmet). At least in our part of the business, it was a standing joke because it ran on windows (95, I think) and kept crashing (our team was using Solaris at the time).
>The bottom line is that I liked Win2K towards the end of its supported life.
These ships will be in operation for decades. Major overhauls are spaced far apart. When Windows 2000 leaves extended support and goes end-of-life, what's the Royal Navy going to do? Ask politely for the source code? And for a few hundred Microsoft engineers to understand it? SELinux or Trusted BSD they just might be able to maintain in-house, if they just have to have an externally developed OS.
>their main connection is a unidirectional 300 baud ship-to-shore link.
That applies only to submarines. Surface ships in NATO are likely to be targeted by the Network-Centric Warfare push, in which situational awareness is shared over a well-connected military. The vision implies, among other things, that one unit can pinpoint an enemy and another can engage it. How will this information arrive? What network-facing Windows 2000 software would you trust the security of, against an enemy with a nation's budget to spend?
The military is also Powerpointing about something called the Global Information Grid.
Yes, but what I'm saying is that there's an assumption there, that Windows won't be worse, which seems backed up by scant evidence. The fact that the systems currently in place do strange things doesn't say anything about how Windows (or anything else) is going to work in its place. It's just being assumed that Windows will suck less, and having seen how much Windows-based custom systems can suck, I find this assumption to be suspicious at best.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Buckingham's on the Great Ouse, not the Thames.
I think that any piece of software that is suited for this kind of use can't be related to the Windows we know. I just can't imagine the UK military to be *this* stupid. On a second tought, they are military, aren't they? :)
Scientia est Potentia
You need to turn on Windows Update, bro. This joke was patched years ago. The new Virtual Laugh Machine doesn't provide backwards compatibility for 10 year old jokes, so you'll have to pick between one of these new options:
1. Bart calls API. "Is your remote registry service running?" "Well, you better go catch it."
2. Two kernels walk into a bar. The third one panics.
Next time, please refer to the KB article.
Microsoft has identified an exploit which could result in arbitrary remote execution of weapons systems with Admiral privileges. This hotfix addresses this exploit.
How long before the fleet is infected with the "launch the nukes" worm? Microsoft's security track record makes this a VERY BAD IDEA!
The race isn't always to the swift... but that's the way to bet!
As for MS-Windows in the game, well... It compiles? Sink it!
History is made of loops.
Javascript + Nintendo DSi = DSiCade
reading 3001. The book suggests that future computer viri become even more dangerous than biological and nuclear weapons, and eventually the nastiest of them are sealed away in a vault on the moon. Threatened with possible extermination, mankind eventually uploads them to defeat a now hostile black monolith. I thought this was a little melodramatic at the time. Then I read this article about the navy using windows on its warships. I guess the monolith was running an alien version of windows. Witness computational entropy at work in the universe.
Just beware of the International Dateline.
Don't fight wars where they observe Daylight Savings Time.
And don't forget to reboot your ship every 49 days or so...
Seven puppies were harmed during the making of this post.
Anyone know about the beta status of that product? Has it been RTM yet? I hear some great things about it's stability! Hope the Warship Edition is as great as the JetFighter Edition!
Belongs up there with mod trolling, that is someone getting all their buddies to mod someone down because he gets contradicted in a post.
.. Press OK or CANCEL ...
... (Score:5, Insightful)
Windows : do you want to CANCEL Missile Launch
was: Zzzzzz
davecb5620@gmail.com
I'd be throwing my Linux boxes in the bin if they didn't have multi-month uptimes. In fact, I'd be tempted to tip them if they showed signs of instability caused by anything other than power fluctuations in my area. The only box I have which does not have uptimes > 100 days is my laptop, which I power down at night. The rest run from kernel update to kernel update (or power outage) without hangs, crashes or hiccups. My AMD64 box is used for 3D gaming (DropTeam, Quake 4) most nights and still pounds out the uptimes into the hundred+ days or so.
Stability is not negotiable for me. For me, Linux fulfills that. Every Windows system I have had sooner or later either gets into an unusable state, usually hanging, failing to associate with the network or the performance degrades, despite closing all the user apps. For Windows XP, that point is around 7 - 10 days of use. I remember better luck with Windows NT (3-8 weeks, depending) and didn't play much with Windows 2000.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
The UK buys entire weapons systems from us. Fighter Jets. SAMs. Their nuclear warheads are mounted on AMERICAN misiles.
You actually are going to suggest that relying on WINDOWS is going to somehow endanger the ability for the british to defend themselves?
Besides, I'm a pretty smart guy and I can't even think of a scenario where the US and Britain would be on opposing sides of a military conflict. I mean, it would take a radical shift--RADICAL--akin to a Hitler-esque figure taking control of one of the countries. (Hell, if W didn't make war between us, that tells you just how strong that bond is.)
... the Argentine consultants who helped select Windows are willing to stand behind their decision.
Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
Thank you, ergo98. Very good response.
w indows_for_warships/ )
And yet, W2K is being deployed in this way.
I suspect that we need real engineering in the software discipline. I would refuse, based on ethics, to participate in such a venture. And yet, if you do, you are likely to be dismissed (as was the original crtic of this venture: http://www.theregister.co.uk/2004/09/06/ams_goes_
Just another "Cubible(sic) Joe" 2 17 3061
...it will be better than Microsofts last attempt of Windows for Warships wich kept USN destroyers down for weeks... If I remember correct it was something like: when one system went down all other did too... and they had to be started in a very specific order.
My bad, sorry.
1) MS source is not a black box. Many institutions have copies of it. No, it's not open to every person in the world but it isn't this amazing trade secret. Many major universities have it (ASU is one I know of) and I'm sure as part of this the British government has it as well, if they didn't already.
2) All the training and whatnot still doesn't change the fact that you can only get parts from US suppliers for US hardware. Iran is in that situation with the F-14s the US gave them back in the day. They have very few that are operational as they've had to strip them for parts since they can't buy replacements.
Uhm, it's a government entity with all the expected baggage and politics attached. If the VA et al. can let SSNs and other data be stolen or "misplace" laptops, do you really think the military is any better?
About 7 years ago, there was a US Trident submarine in the yards for overhaul and refitting (I don't recall which one offhand, but it was in Bremerton, WA.). One of the Navy's missile technicians was disgruntled (I think he didn't want to go out to sea) so he sabotaged the sub by cutting through several electrical cables. Obviously there was an investigation, but the sub was stuck in the yards for a few more months.
So, security for the military is the same as corporate: you're more vulnerable to attacks by your own people than from an outside source. Running an entire ship/submarine w/ a known "weak" OS is just asking for problems.
Consider this: if the OS being used isn't Windows, that means there is a significant percentage of people who wouldn't be able to screw up the system because they don't know how to use it. Hell, most people wouldn't even be able to login unless they're supposed to be using it. Even if they could login, I doubt very many would be able to find their way around the system; you know how scary the command-line is. From that aspect alone, using *nix is more secure than using Windows.
Free Programming BookLearn to program
Captian: "Fire" Operator: Hits button System: "Fire control has stopped responding. Would you like to 1)Close Program 2)Restart Program 3)Wait for program to resond Operator: Closes program and tries to re-open. System: "This application is already running. Please restart the system and re-try Operator: "#$%$" Clicks restart System: "Process bla bla isn't responding; end task?" Operator: "Forget it" holds power button System: Angrily shuts down but the weapons which are programed to fire and forget in case of emergency launch immediatly due to sudden loss of communication with the control system Operator: #$%# Starts back up to abort the missile before it's too late System: "You are trying to stop the warhead Cancel or Allow?" Operator: Allow System: "Your system may be infected with malware. Did you mean to launch "Missile Aborter" Operator: Yes System: "Very well Missile Aborter is being launched. Cancel or Allow" Operator: Allow @#$% it System: Sorry missile has just left communication range ...Bill Gates is trying to start WWIII. Cancel or Allow?
Of all the windows variants to pick, Win2k is the least secure in the NT product line.
If they wanted realtime, embedded, or a more hardened version of Windows anything from the post SP2 of XP or the Windows 2003 fork would have been a much better choice.
Let's at least hope the Win2k was based on the time this was approved, and migration plans are already in place to move to a more secure and stable version.
In comparison to Win2k - XP, Win2003, and Vista are light years ahead when just comparing stability, let alone security.
XP has been poked and beat on for 6 years and security updates are now at a level below good OSS OSes, Vista will have a honeymoon, but in theory is building upon the mistakes and fixes from XP, besides the fact that Vista is built on the Win2003 fork of NT, which has even more extensive security and stability.
I'm not saying Windows is the best choice here, but of all the versions, Win2k is at the bottom of the list as it was a major revamp of NT 4.0 and the transitional bugs and security didn't start getting ironed out until WinXP and especially the Win2003 MS security revamp era where some of the XP SP2 changes came from as well.
(For everyone out there that thinks Win2k is faster, more stable, or more secure than XP, Vista, or Win2003 you are deceiving yourself on many levels.)
Note: I'm not a Solaris hater.
Change is certain; progress is not obligatory.
As long as your only enemy is the French or you are the French, Windows in a military environment shouldn't be a problem.
He who said 1,000,000 monkeys on 1,000,000 typewriters would eventually type the great novel, never saw an AOL chat room
I forgot to mention that Microsoft's EULA explicitly states that there is only a limited warranty and they aren't responsible for problems or errors that develop from using their software, especially in such areas as nuclear engineering, aircraft navigation, etc.
Sounds like MS doesn't have confidence that their products will work in the intended area. Does this mean a new EULA would have to be created just for the military?
Free Programming BookLearn to program
While I'd like to think the RN could've done better - *at least* something open source they have a chance of maintaining (fixing) - the finite probability of equipment failures is acceptable in most military applications. For example, military aircraft need only have 1% of the reliability of commercial aircraft. In a warzone, your biggest threat probably won't be your equipment, it'll be the other guy, and after that, it'll be you. So you accept a lower reliability from individual equipment, so long as the system works.
The question is, does it?. We all know about the USS Yorktown, we've all seen Dr Strangelove or the Terminator movies, and I would like to think we've learned the lessons. There's a reason we put men on the battlefield, and don't just let the technology duke it out, and it's because machines are not responsible. So in the "red button" situations, there ought to be a human link.
Is this going to get us peace forever, or Nuclear Screen of Death?
Actually, when you look at all WWII ship losses, rather than cherrypicking - you find multiple cases of ships being lost because a single critical system crashing/faling/being damaged. (Bismark and her rudder, Prince of Wales and her screw, and Hood all come to mind.) Consider the loss of Thresher caused by the cascading effects of a single small leak!
[Snippage the familiar story of Yorktown at Coral Sea and Midway.]
The thing you fail to mention (or understand) is this: Yorktown's example is a rare one - well out at the end of the bell curve. Ships like her (and Franklin or Puffer) are the exception, not the rule.
Every failure in battle invariably leads to another one - especially if the failure is caused by damage. (Yet nations with ships that suffer so (Hood, Lexington, multiple British BC's at Jutland) do continue on to win the war.
Clippy popping up asking: "It looks like you are trying to launch a missile?"
I'd beg to differ... Free/Net/OpenBSD are more then ready for a task like this. The 4-STABLE branch of FreeBSD is rock solid, If some enterprising company came along and formally audited the code, got it DO-178B level A certified, and provided maintenance and errata fixes they could make a mint. They can also provide the source code to their clients if they want to audit the code.
The hardware is the weak link in the chain.
Just wait till the task force has to tow a couple of these destroyers back to port. Thats what happened when the US Navy tried to control a destroyer with Windows 2000.
(By the way, what do they do when Windows autoboots in the middle of a battle. Most servers powered by Windows need to do that about 1 time a week. Knowing when the autoboot is set for might just become a very improtant piece of military knowlege)
Other systems will get a chance when this one fails. Don't worry, it will.
Everybody knows 3 people with my name.
In Soviet Russia... (according to Viktor Suvorov), all military equipments were designed so that the most illiterate peasant conscript can use it with minimal training. If faced with chossing between a complex system that works 100% but requires delicate maintenance or a simple system that only works 80%, but is easy to use and maintain, Soviet designers will choose the latter. Then again, to the Soviets, human lives are a renewable commodity. In any case, for the military, the simplest and most fault tolerant solutions is always the best.
Actually, you should take a look at the service record of the Yorktown carriers, and their descendents: The Essex class carriers. The entire lineage was at the "end of the bell curve".
The Bismarck's rudder was a hit to a key system, but it didn't cause a failure across the board. The ship continued to fight through the night, even after such a critical wound. Come morning, she was still fighting. The British managed to silence most of her fighting ability through continual pounding, but were running low on ammunition. In the end, she still had engines and a sound hull, but was scuttled by her own crew to prevent capture by the enemy.
As for the Prince of Wales, she was a sitting duck. Battleships had no real defense against airpower in their day. (Technically, they don't really have a good defense now, either. Which is why they were retired: They were nothing more than cannon fodder.) Combined with existing unrepaired damage, inexperienced crew, and a radar that was non-functioning at the time they left port, it's no wonder that she ended up taking 6 torpedos and a bomb. I don't know enough about them, but the Dual Purpose guns being tied to the engines seems like a bad design to me. The Yorktown carriers didn't lose their defenseive capabilities just because their primary boilers were offline.
Lastly, the Hood took extreme damage which managed to penetrate the ship's magazine. Ships were armored against such attacks, but there's only so much that can be done. If a shell or fire hits the magazine, the resulting explosion will happily obliterate all the systems that might still be in operation. (aka, the rest of the damn ship)
The Thresher you're referring to was not a WWII warship. It was an experimental new nuclear vessel that suffered from a severe design flaw. The WWII Thresher was not destroyed, but was decomissioned.
However, it was critically flawed. The Navy found these flaws to be unacceptable and launched the SUBSAFE program to investigate the shipyard's design and construciton of these vessels. It found a variety of flaws and errors that were not up to Navy standards. Rather than accept such a failure as normal (as apparently is being suggested with the Yorktown), the Navy immediately demanded that the vessels be redesigned to eliminate these flaws.
Javascript + Nintendo DSi = DSiCade
The Yorktown failure was caused by user error and poor input validation, not Windows.
In September 21, 1997 while on maneuvers off the coast of Cape Charles, Virginia, a crew member entered a zero into a database field causing a divide by zero error in the ship's Remote Data Base Manager which brought down all the machines on the network, causing the ship's propulsion system to fail.
By summer it was all gone...now shesmovedon. --
No, it only caused it to go in circles without the capability of correcting course or manouvering to avoid fire. For a battleship, I'd say that's pretty bad, but whatever.
The Hood had a problem shared by many of the battlecruisers of that time, which was the lack of real deck armour. She was jacked to the hilt as far as the hull and superstructure were concerned, but the deck armour (where it existed) was no more than 3-4in thick. The brits knew this, which is why the success of the Hood against something like Bismarck depended on them closing distance to avoid plunging fire from the enemy's 5-in and larger batteries, which fired a 1 ton shell. For something like that 3 inches of steel are about as stout as mache paper. Their lives depended on taking flat-trajectory fire. Lutjens and his captain knew this as well, which is why they opened up on Hood from about 14 miles.
The fact that Bismarck hit a magazine was really luck, but enough plunging fire would have eventually done her in.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
a truly real time OS, real clustering and HA, good if not great coding tools (the debugger was so cool)
They'd better not upgrade to Vista, or they'll start getting popups like "You are experiencing a missile attack. Cancel or Allow?"
Who was the genius that came up with this idea? Has Microsoft ever sold a product that wasn't full of bugs and security holes? Thus ended the British Empire.
Of course it's bad. But that didn't cause a cascade failure through the rest of the ship. Her guns didn't go offline, her screws didn't stop spinning, her command and control was still functioning, etc. It was certainly a critical hit for her tactical situation, but having the entire ship stop working because of a destroyed rudder would have been even worse.
Had the ship been part of a fleet action (rather than operating independently), then the survival of her other systems would have been more valuable. Perhaps even to the point of saving the ship. Unfortunately (for her), the ship was chased down and beaten senseless by everything the British forces could muster.
Agreed. However, this was considered more of a tradeoff by the British rather than a flaw. Their thought was that by reducing the deck armor*, the ship could be made faster so that she could close gaps in a hurry. The design didn't really work out all that well, but it was intentional.
Or is that armour? No wonder she blew up. No armor!
Javascript + Nintendo DSi = DSiCade
Which caused a divide by zero error, which caused a buffer overflow, which caused a memory leak, which caused a cascading failure of the entire damn network!
Result: Dead ship. Brought down by the very capable hands of some poor midshipman.
Any ship that can so easily experience a failure in every one of its subsystems is not built on a good design.
Was it Windows that was the problem, per se? Not directly, but it highlights the issues with running consumer software in situations where people's lives are on the line. The error should have stopped at the divide by zero, and gotten no farther. But it didn't. Rather than the individual subsystem doing a fast reboot to come back online without the other subsystems being affected (like what the avionics of Fighter Jets do), it was allowed to cascade into a complete failure of all the ships systems. NOT GOOD.
Javascript + Nintendo DSi = DSiCade
(A)bort, (R)etry, (I)gnore?
-x- Sorry my bad English. I'll have him tarred and feathered. -x-
It doesn't matter. That's the point - a battleship that can only go in circles at 1/4 surface speed while involved in a battle is completely and utterly useless for all practical purposes. You don't need a generalized failure because the weapon has ceased to be able to fulfill its functions. All it can do is sit (or spin) there and take it until it goes down or the crew scuttles it, which is what happened to the Kriegsmarine's pride.
Well sort of. The Hood was a battlecruiser, not a battleship. It was designed to interdict shipping and for shore bombardment, so it required speed - thus the lower tonnage owing to the lighter armour. It really didn't have much to do with "closing gaps" as even the Royal Navy understood by the mid-30s that Jutland was going to be pretty much the last of the large-scale "show me your T" engagements with the rise of the aircraft carrier.
Anyway, eventually they realized how dumb a tradeoff it was and scheduled her for refitting to upgrade the deck armour. Unfortunately they had other pressing engagements and they couldn't spare her in dry dock for a year, and they paid dearly for it.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Q:"We have a launch-in-progress indication on missile tube 7. How do we shut it down?"
A:"Have you tried closing all your running applications and rebooting?"
The call will go probably go downhill from there...
And what if they add some new weaponry? Would windows flag this up, and ask to revalidate with microsoft??
No, the point is that had the Bismarck been designed like the automated systems on the Yorktown, she would have suffered catastrophic failure of all ships systems across the board. She didn't, which makes DerekLyons's example incorrect. While, the ability to survive in that situation didn't help her much, she may have been salvagable in other engagement situations.
NOT that I would have considered that a good thing. We had enough problems with Nazi Germany without their Battleships surviving the fray.
Javascript + Nintendo DSi = DSiCade
What he was working from was probably the wikipedia article for the AP-101.
"The original AP-101 was built using TTL integrated circuits. The main memory was originally core memory, but the AP-101S upgrade in the early 1990s used semiconductor memory."
I think the author of the grandparent read the wikipedia article but didn't really understand it.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
It looks like you want to fire a torpedo at an incoming torpedo. How may I help you?
This command will swing a launch tube off its rest. Do you really want to do this?
If you issue that command, a hatch cover will be lost forever at great cost. Are you sure
===/// BLAM! \\\===
Pulling this handle will issue an "abandon ship" alarm, do you reaasd[0-vf=-2380ruqO Qilraw'dm f0qicr0-qeaj
if this is supposed to be a new economy, how come they still want my old fashioned money?
Just wondering since it was a personal investment by Bill Gates into Newport News Shipbuilding that was quickly followed by a statement that Newport News Shipbuilding DoD contract to build aircraft carriers would use Microsoft Windows on these ships.
s _stake_in_aircraft/
http://www.aaxnet.com/news/M000714.html
http://www.theregister.co.uk/2000/02/22/gates_buy
Or maybe the reply by the Brits when asked was something like, "nobody ever got fired for choosing Microsoft" and pointed to the press release from Newport News and the DoD...
Actually, just because their previous system was from the stone age, it does not justify picking something more modern but well known for catastrophic systems failures( nachi, nimbda, blaster, etc ). That just makes them look more screwed up than they already look for keeping their systems so out of date in the first place. IMO.
So, is there a connection between Newport News Shipbuilding and BAE or is this just a follow the payed-off/purchased leader?
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Yorktown was the prototype Smart Ship, a test bed. But Yorktown's career did not begin or end in September of 1997. USS Yorktown (CG 48)
The Geek clings to these old anecdotes like Linus to his blanket. But they have worn thin.
Sometime in the early 90s, many of the west coast fleet had adopted a WindowsNT based system dubbed "IT21" (Information Technology, 21st Century). If I recall correctly, SPAWAR (a US Navy owned Corporation), was a considerable driving force behind deployment. Most of the use for this IT21 system was for console/end-user use. And not necessarily used for firecontrol, navigation, tactical displays et al. Thank god, but this system was plagued from the get go. Sadly, many of those who go to work for SPAWAR aren't really bright as too many are old retired Navy Chiefs and Officers riding it out in a nice, secure job.
Side Note: What SPAWAR should be doing, is to aggressively recruit military personal on their way out of the armed forces. All military forces go through a lot of debriefing for those deciding to not re-enlist or continue their commission. A lengthy "education" effort, that gives us more than two weeks of "What benefits you get from the VA", "Your rights as a Veteran", "Montgomery GI Bill and how to use it"... et al. But, they don't... I never saw a SPAWAR rep asking any of us if we would like to apply--(since we are technically active military, initiate a "agency" transfer request from one to another.)
Back on topic. The entire network was a mess. And the fact it was Windows didn't make it any cleaner. BDCs, PDCs... crashing right and left, half the time entire decks (which is a big deal on an aircraft carrier) were offline. But, one very disturbing thing is...
A (once upon a time) friend and I compromised the entire Windows based network. Because I had (and still maintain) a clearance, oh boy, it was an issue that had me pretty nervous. Nevermind the details of this. Let us simply acknowledge that the US Navy doesn't have a sense of humor!
The entire infrastructure for the IT21 system was infested with numerous security issues. Not exactly the problems of those designing the network because most of the problems were due to Microsoft Software and recommended or required services to accomodate the design requirements.
Is it still as bad? Unless the Navy has flipped upside-down, delcare the aft end of a ship the front... IT21 system is likely still being used. Admiral... whoever at the time also pushed the issue in an effort to update the technology used by the sailors in the Fleet. (While the Navy always had impressive R&D, and neat technology buried deep within implementation. Most of the sailors were still using 486s on the desktops, which makes the Navy seem "out-dated" regardless if they actually were. Let's face it, a sailor to do his job still doesn't need much more than a 486 for most of them. In any case, as with a General, an Admiral makes a demand a billion other hopeful high-ranking personell will use their power to "suck him off in hopes of getting recommended to 'Flag'". Things get done, whether for the best or the worst.
There wasn't many computers on our Carrier we didn't have full access to. From the unix servers down in the RM (Radio Man) space, to the skippers personal IT21 desktop in his room.
BTW, we got off scotch free. And the speed in which we compromised the network could cause nose-bleeds. The network was so bad, that half the time (for the only reason we compromised the network), we ended up having to play "Admin" and fixing things (including making things more secure.) so we could do what we wanted.
Single points of failure exist all over the place in naval vessels - and probably in every other piece of military equipment. For example, on the guided missile frigate in which I served, the entire propulsion system required electricity to operate. One afternoon, while we were operating with NATO ships in a Norwegian fjord, an engineman scheduled maintenance on one of the diesel generator. Three were online. The ship can run on two, although we always had three up. He brought down one generator, leaving two running. Then, instead of starting up another generator (we had four), he accidentally turned one of the remaining two off. The electrical system couldn't power the ship with one generator, so it shut down. When it shut down, the ship shut down. Everything. If it didn't have a battery in it, it shut off.
What worked? A few handheld radios, battle lanterns and that's about it. No radio, no radar, no sonar, no engines. The starter in the generator required high pressure air. Once the generator was started, we had to wait for the high pressure air compressors to recharge the air flasks. Then another generator was started - more recharging. Then the engines were started. After that, we could reload the combat suite software (which most definitely was NOT a Microsoft product).
That one point of failure put us out of action for an hour and left us completely vulnerable. And that's just one point. There are plenty of others. That's not particularly a bad design, but, rather, for maximum flexibility. There are a lot of configurations of equipment that can be made on a military ship and in battle, the commander does not want to find himself limited because somebody thought that one particular set was a bad idea. The downside is that there are plenty of "disallowed" configurations that can be made. And some of them are pretty simple - like every system on the ship being dependent upon a single power delivery point.
Too bad the defective software that inaccurately aimed and launched Patriot missiles at incoming SCUDs during the first Gulf War didn't have that neat-o auto updater.
Either that, or it was just Clippy's way of saying "Pay more attention to me!"
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Windows.....on submarines. Wrong on sooo many levels.
Submarines were built without windows for a reason..... many reasons.
Using Windows in the battlefield is like using Beetle Bailey..... It does nothing, screws up constantly, and drives everybody nuts.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Or by high priced did you mean things closer to the Apache than a Cadillac?
... I think some HP/Tektronix (guessing here; could be wrong on the brands) test equipment might have. And going further back than the 70s and 80s, I have seen a lot of pre-IC test equipment that used to have detailed schematics of the entire device, usually in the repair manuals, which is sort of the analog analog (sorry, I had to say it) of source code. (Heck, if you go back far enough you used to get consumer electronics, radios and TVs, with full schematics and circuit diagrams.)
I meant more on the Apache end of the spectrum. Though I've worked with some robotics and industrial equipment from that timeframe that was more Cadillac-like in its cost, that came with detailed manuals. I'm trying to think of some specific examples that would have been mass produced
I think the difference has to do with the perceived capabilities of the end users. Where the users are people without a whole lot of technical background and equipment (average folks, most mechanics), there never was any thought given to source code or full schematics. But where the users were scientists and engineers, who might have the capability of digging in and modifying or repairing something at that individual part / microcode level, the information was provided. Today, there seems to be the assumption made now, that nobody would ever want to mess with the software at that level (which of course is provably false, as lots of consumer-hardware-hacking has demonstrated). Unfortunately, it's a self-fulfilling prophesy: when you don't give the users that low-level information, it's much tougher to modify gear, and in time people forget that they ever could.
I haven't bought any big-ticket test equipment, or really used any, that was manufactured recently, so I don't know what the policy is now. I've heard that Tektronix in particular has fairly relaxed stances on users republishing/copying their manuals, but I don't know if even the repair/service manuals contain the same sort of information that they used to. I highly doubt it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Because they have Lucas regrigerators!
It is cowardly, and a betrayal of whatever it means to be a Jew, to act as a white man
-James Baldwin
It doesn't matter. That's the point - a battleship that can only go in circles at 1/4 surface speed while involved in a battle is completely and utterly useless for all practical purposes.
Yes, obviously the rudder of a ship is a tremendous weak point inherent in pretty much all designs. No matter how well designed the Bismark and whether it's other systems continued to work, taking out the ability to steer was crippling to the vessel. This is trivial.
The point is to have as few such weak spots as possible.
What we're talking about is an entire ship being crippled because there was an unecessary weak spot introduced in a non-critical subsystem, such that when that system failed it caused failures in many other systems. This is why they try to design the ship so that the fuel, ammunition, engines, etc are as separate as possible so a blow to one doesn't take out all the rest. These are all weaknesses, some essential, others maybe not so like with the dangers posed by ammo explosions, which rail guns are in part a solution for. Badly designed computer systems where a minor failure in a non-critical subsystem causes failures across every computer system on the ship should not be considered an essential weakness.
So yes, you can effectively disable a ship by destroying the rudder, the engine, the flight deck of an air craft carrier, or by splitting the ship in half with a single cut of a huge laser, the kind that's so awesome it seems to take the ship a few seconds just to realize that it's been cut in half. None of those facts are an excuse for the ship being effectively disabled by a toilet backing up.
It's a simple point, and arguing that being crippled by damage to the rudder is comparable to being crippled because your software couldn't handle a single divide by zero is to completely miss it.
The enemies of Democracy are
I understand that this is a step forward, but I am still unsettled by the possibility of a launch_nukes.dll
I'm pretty sure that's what they said after an incident at Chernobyl once. That story, alas, had a less happy ending.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Safeguards disabled or not, that is not an acceptable outcome. These machines kill people.
It's by design too.
meh
and give an account which someone reading the precis above might be surprised by.
STOP: 0xlsdkfjsldf
This warship has performed an illegal operation and will now sink.
To send an error report to Microsoft before you die, please press "Send."
Isn't that section part of the Java license, for those Windows versions that included a JVM? (Which might have included the original XP release, and definitely 2000, before the Sun settlement which made them remove it.)
Isn't "nearly ready for warships" similar to being "almost pregnant"?
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Thank you for bringing some light into my day. Hopefully not too much more though.
What you just described is the short definition of RTOS, Real Time Operating System.
AFAIK, most RTOSs do exactly what you just said, every thread gets one tick, then off to the next one.
Actually I'm pretty sure it's more complicated than that, but I think that's the laymen's breakdown of it.
Ever think that since Microsoft is an American company and that
the OS is used in a LOT of countries? Could MS be in with our
own government? Being able to help with a back door? Hasn't
there been accounts of other countries starting to get on the open source
band wagon and get rid of windoZe? Could this be a reality?
Just a thought that makes since.
How can poor input validation be treated as User Error? Poor input validation is the result of the software being designed in such a way as to have absolutely no tolerance for bad inputs.
That is where the OS needs to step in as referree and blow the whistle and prevent further damage.
However Windows as a referree is a joke, because:
1. The referee is already suffering from VD.
2. The referee is looking at 1200 games simultaneously.
3. The referee can understand only 10 scenarios of failure and freezes when he encounters a 11th unknown.
4. The referee is already wheezing from being too fat and very short sighted.
5. The referee is not strong enough to bludgeon both players to their senses.
"Doing what i can, with what i have." ~ Burt Gummer
- The explosive (Picric Acid) in the major ordinance exploded with shock so that the shells didn't penetrate before detnonating with the initial impact. In those days, armour-piercing rounds depended on a very slight delay and a nose that would physically penetrate the outer few cm of the armour
- There is a complex series of hoists and conveyors to move shells and propellant from the magazine. Like a production line there may be several items being carried at a time. The problem is if, say the turret is hit (or an accident occurs), the propellant and ordinance in the delivery system may be detonated, detonating the next in line all the way back to the magazine. This can be prevented by the use of flash doors, but in those days, the British would have left them open whilst in action because they would seriously reduce the firing rate and increase the weight.
The first was a design failure whilst the second was, I believe, a conscious design decision as the British favoured manouverability and firing rate.I'm sure we all remember how well things went for the U.S.S. Yorktown; an Aegis Class missile destroyer that ended up dead in the water after a crew member entered a zero into a database. Obviously, this was caused by the fact that the Yorktown's control software was of a really bad design. Critical systems should have never been so tightly linked that a failure in one area would cause a cascading failure across the ship. Still, it raised a lot of questions about the wisdom of using consumer software for life and death situations.
And you thought the scenario in BSG 2003 mini was unlikely? Invader infiltrating and corrupting integrated defence network over decades?
Hmm.
Or doesn't anyone remember, from just a few years ago, when a US Navy ship (an Aegis cruiser, I think) went to Windows... and bluescreened, and literally had to be towed back to port?
mark "and so, will Bill Gates be lined up against the wall, when
the fleet crashes in combat?"
Poor input validation is the result of the software being designed in such a way as to have absolutely no tolerance for bad inputs.
That is where the OS needs to step in as referree and blow the whistle and prevent further damage.
Because I'm sure if I coded my application to have pisspoor input validation, BSD, Linux and Mac OS would all leap in and stop the program from accepting invalid input!
Methinks you expect a little too much of an OS.
By summer it was all gone...now shesmovedon. --
The only thing windows 2000 is being used for is to run consoles. Just a bloated terminal with a gui. The actual CMS and PAAMS systems don't run Windows. Windows can't run a weapons system or control a ship or radar or missile, interrupt driven non-realtime OS aren't the tool for the job.
What Admiral made the decision to bring stuff on board that can't be properly inspected? Sounds like a proud tradition of naval power is waning faster than ever.
>>They call it "PMS" because "Mad Cow Disease" was already taken.
....welcome to the club.
You must be really pissed off by your S.O.,
"Doing what i can, with what i have." ~ Burt Gummer