Slashdot Mirror
Indian Military Organization To Develop Its Own OS
An anonymous reader writes "Several newspapers have reported that DRDO (the defence R&D organization of the Indian military) is planning to create an OS. The need for this arose due to the cyber security concerns facing India and that all [conventional] operating systems are made outside India. About 50 professionals in Bangalore and New Delhi are expected to start work on this operating system." At least one of the linked articles says the new OS, though home-grown, would run Windows software.
I hope they name it CURRY
What one fool can do, another can. (Ancient Simian Proverb)
Oh for Chrissakes, another nation rebranding an existing OS and calling it their own. It's fucking pathetic. What do they think, that the hackers will be fooled and won't think it's just Windows?
The world's burning. Moped Jesus spotted on I50. Details at 11.
WINE doesn't stand for "Wine is not a complete, Windows-compatible operating system sans the security vulnerabilities".
I can't wait for the poor bastards to try outsourcing development to India.
I hope the DRDO does better than their previous projects. For example, the Arjun tank has not been a good use of Indian taxpayer money, but internal politics seem to keep it and similar projects alive: http://en.wikipedia.org/wiki/Arjun_MBT
I suppose they want to make their own OS to be sure of the security.
..but then if you're going to allow it to run Windows software..what's the point?
Windows software is the epitome of insecure, it defeats the whole purpose of making your own OS.
The Wheel: It's tired of getting reinvented.
A buddy of mine just revealed some news to me. He's been reliable about this shit in the past and he's in a position to know, so I trust it but YMMV.
Backstory: Microsoft eats their own cooking ("dogfood") except in cases of epic failure. Like Hotmail running on NT. Or Visual Safe Source for Windows's RCS. They use a heavily modified version of perforce and a hierarchy of repositories. Yeah, it's a mess and there are a number of technical as well as human/social problems.
Well, multiple groups within Microsoft have had enough and switched to git for day-to-day work (using a gateway to push their changes to an upstream p4 repo). They're trying hard to drop 4 entirely and go with git. From what I know of their development practices, they really need something like git (Linus, himself, agrees). But who's going to tell Balmer that they're switching to software written by arch-enemy Linus Torvaldes? You might think they'd prefer that (we're using your free software, faggots!), but chances are VSS 2011 will contain some sort of half-assed distributed RCS support.
They already own DRDOS.
This is going to be like the iron of the OS world; the exact same code base with some user settings and code changed.
"People don't want to learn linux" hasn't been a valid excuse since '03.
"I am become /dev/null, the destroyer of data."
"Slow down, Cowboy! It has been 3 years, 7 months and 26 days since you last successfully posted a comment."
Wouldn't an internal code audit of an open source operating system be easier?
So many 'fun' comments... If there is one country that is good in software it's this country. Hell, even MS probably has coders working for them there. And if they really manage to make an os that can run windows binaries without all the overhead and presumed NSA-backdoors (not that they need one given the rate new remote exploits come out for every windows version) this is a very smart thing to do. Nothing to make fun about. I would have great interest in an OS that can run windows binaries without all the windows-shit.
Exactly.
If you run windows apps, you have to replicate or emulate, and that would be wine.
They could run VMs that get fresh loaded images each reboot, but that's still windows, and still vulnerable while its running.
Sig Battery depleted. Reverting to safe mode.
I know this is obvious, but come on...
Seriously, why not take a *BSD or Linux OS release and do a full source code review on it? It will take a lot less effort than creating anything from scratch, plus they can submit bug reports and code fixes back to the corresponding opensource projects. (Everybody wins!!!) Any mature OS would not be plagued by bugs that commonly occur in large new code bases. After reviewing and approving the OS, they can simply track changes of future releases in order to maintain trust.
Don't use Binary Blobs, I agree, absolutely, if you care at all about your Sovereignty. Get the source tree for an already very well secured OS like, say, OpenBSD, or perhaps Linux (though OBSD is, I believe, generally developed with practices that encourage better security - less focus on feature, more on audits and exploit finding/fixing). Have your 'trusted' developers from your nation go over every line of code, to make sure no trojans/backdoors/intentional exploits were added, then build it all yourself.
Of course, there is still always the possibility you have a hacked C compiler. Man, I can't remember the name of it now, but sometime in, I think it was the 80's, someone made a pretty famous presentation/paper about putting a self-perpetuating trojan into a compiler. You could give the compiler source code, and the binary of the compiler to the 'mark', but you could completely remove the exploit from the source code, as long as the exploit was coded to compile itself into subsequent builds of the compiler; that is, the binary was infected, but the source was not, but it didn't matter since the infected binary could build a copy of itself into the next build of the compiler. The exploit could then additionally do something like whenever it built other binaries or libraries, add some exploit code to them as well.
I suppose you need your own people to do a dis-assembly of the compiler to verify that. Or, build your own assembler in machine language, then build your own compiler with your assembler. Once you've done that, if you have a trusted compiler, and verified source code, you don't really lose security by using Open Source. If anything, it'll *probably* be more secure, if it's popular enough to have a lot of devs analyzing it and fixing problems.
Simple reason: "Everybody wins" is not an option in real wars.
Of course, there is still always the possibility you have a hacked C compiler. Man, I can't remember the name of it now, but sometime in, I think it was the 80's, someone made a pretty famous presentation/paper about putting a self-perpetuating trojan into a compiler. You could give the compiler source code, and the binary of the compiler to the 'mark', but you could completely remove the exploit from the source code, as long as the exploit was coded to compile itself into subsequent builds of the compiler; that is, the binary was infected, but the source was not, but it didn't matter since the infected binary could build a copy of itself into the next build of the compiler. The exploit could then additionally do something like whenever it built other binaries or libraries, add some exploit code to them as well.
That would be Ken Thompson.
It was Ken Thompson, the man himself, that you're referring to. The talk in question can be found here: http://cm.bell-labs.com/who/ken/trust.html
Seriously, if you think your people are good enough to write a SECURE operating system from the ground up, then shouldn't they be good enough to take existing code and determine whether that is secure enough for them?
Even Linux for that matter. The NSA has already done some of the work with SE Linux.
Exactly, and sharing vital technology with the enemy is mostly just a good way to ensure that everybody loses. Parity and equilibrium aren't good once the war starts getting hot, because then you end up with WWI.
I've met a bunch of people who tell themselves that to keep feeling superior to them
--
Stay tuned for some shock and awe coming right up after this messages!
6 months after the OS is declared done, all of the developers will have anchor babies in the US and their replacements will determine that the code base is a mass of unintelligible crap.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
What the fuck? A government checking the code it runs on computers with sensitive data is "national socialist"? You think the United States government doesn't do this on CIA and DOD computers? Or are you a nut against building roads?
We're talking about doing this only for government computers used for sensitive government data.
They could recruit the Indian recruiters who come to the USA, who call and ask - do you know AD, SQL, Oracle, Cisco, and are you certified in each?
Get up!
Not about that. It is about having a basic level of trust in the software they are using to be sure that nothing malicious is coded in there.
You're talking about the trusting trust attack, which was made famous by Ken Thompson.
Thankfully, you can counter the "trusting trust" attack using a technique called "Diverse Double-Compiling" (DDC). See the linked PhD dissertation for details.
- David A. Wheeler (see my Secure Programming HOWTO)
Didn't read TFA, but running windows apps in a reasonable time frame without windows pretty much entails a linux+wine stack or capitalizing on ReactOS. I'm leaning toward the latter in this case, I don't think the military needs something like directX, but a win2k substitute could do the trick if they have a massive windows based investment in terms of existing custom softwares.
The answer is to not have an unnecessary war. And besides, they could not contribute back if they really want to 'wage war,' although keeping up a fork would bear an added cost, but still probably be less than starting from scratch.
This is my signature. There are many like it, but this one is mine.
Yeah, thats my point, it's a really misguided trust. Unless they are so foolish as to believe that the same coders they do not trust to find potential hacks in Linux can code a secure operating system.
Monstar L
The idea that an OS is equivalent to a weapons system is absurd, and thinking of it that way (which means it should be kept secret from potential enemies) is pretty much a guarantee of failure. "Everybody wins" is very definitely an option in the network security realm.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
They have a lot to do - they'll have to bootstrap this thing from the assembler on up if they are serious about security - http://cm.bell-labs.com/who/ken/trust.html
Like hiding valuables out of sight when locking your car.
Correct me if I'm wrong, but isn't that intended to not let the potential burglar know that there's any reason to break into the car? I think the analogy you need is something like developing an alternative to keys, rather than just improving the current designs as much as you can...
--
Of course it is possible, but for some reason I don't see them reimplementing the whole win32 api on their own
Never antropomorphize computers, they do not like that
Seems to me that plenty of countries (including the US) manufacture weapons for use and for distribution to other countries. Thing is, you're not at war most of the time, and you're almost never at war with everyone.
Sigg'd.
I am become
An OS is more like the blueprint for the weapons sold. Most countries sell weapons (often old versions) but most of time not the technology.
If it is anywhere near some of the code I have seen from some India based developers, no one will ever be able to figure that shit out.
It seems to me that an OS developed by an org that's never made an OS before, by 50 people, that isn't examined by many people around the world in many different contexts and from many different approaches, is going to be less tested and less secure than other OS'es. Not to mention the lack of applications, and the burden of creating all the applications from scratch, and a developer community for them, and again the smallness and isolation of that community and its apps leaving security to a very few very busy people.
If I were responsible for protecting India's IT infrastructure, I might start an Indian state project to create an OS. But I'd just start with Android or Linux, and assign the people I have to investigating its open code for security holes and starting applications needed by essential Indian users. A lot less work, a lot more global partners to use (and many to omit from trust without losing everyone). Leveraging the English speaking skills of educated Indians to partner with people around the world to secure India.
Reading the press, it seems they're really talking about a component in their new line of spy and military satellites. They mention they've got orders from other countries. So probably this venture is not at all calculated on security rissk, but rather on a perceived market opportunity. In which case it is even more likely to totally fail, but not after wasting a lot of time and money better spent on actual Indian security risks.
Probably some general's nephew thinks he can sell some Linux clone to the government, and so the rest of the state and media apparatus starts talking it up.
--
make install -not war
gollygOS
If I have seen further it is by stealing the Intellectual Property of giants.
All I can say is, good luck to them! Another bit of proof that those who can't, manage those who can, and those who are clueless want the impossible yesterday...
Sometimes, real fast is almost as good as real-time.
Are you joking? Leaving valuables out of sight definitely is a good precaution. It wouldn't work if thieves were allowed to methodically search through each car (akin to a port scan) but they aren't.
In reality, you don't need to have the whole OS trusted. You need some things trusted:
The boot path. You want a TPM-like chip that can take you from power on to login screen with a chain of custody ensuring that nothing can be tampered with without being detected. With encryption that mounts the data volumes only after the system volumes and the kernel are vetted, tampering can only deny access, nothing else.
Signed executables for stuff that matters. The signing system would require each signature actually be multiple signings, but with different algorithms. This way, if someone TWIRLS RSA into linear time for factoring, DSS will allow validation or not.
The hypervisor or jailer. You can have nontrusted stuff happily running its little malicious heart in a VM, especially if there is protection from the OS to the hardware.
Cut and paste functionality. You have levels of trust (nontrusted, classified, secret, top secret), and when you copy from one layer, you can only paste into that layer or higher security. This way, someone can copy a quote from /. and post it on an internal document while the reverse can't happen.
User presentation. You want to make sure programs cannot masquerade as system stuff. For example, Windows requiring control-alt-delete before logging in makes sure that no process can fake the login dialog.
'Though it will be a real-time system with Windows software, source code and architecture will be proprietary, giving us the exclusivity of owning a system unknown to foreign elements and protect our security system,' Saraswat said after unveiling a training facility at the Centre for Artificial Intelligence and Robotics (CAIR), a defence lab in this tech hub.
Classic first timer mistake.
No mention of capability based security either.
At best they end up with a bad clone of Windows or Linux.
With some 100% home grown OS, then we can be pretty sure that some large military contractor wins, at 250% of the quoted cost. Whether that results in something that's usable in war is an open question.
What the fuck? A government checking the code it runs on computers with sensitive data is "national socialist"? You think the United States government doesn't do this on CIA and DOD computers? Or are you a nut against building roads?
We're talking about doing this only for government computers used for sensitive government data.
Nice conflation of multiple unrelated tangents. The shortcomings of American law enforcement and Intelligence agencies at modernizing systems is legendary. There were numerous news items out as few as five years ago about the FBI being unable to perform compound queries and unable to complete an upgrade process that had been underway for like a decade.
It absolutely would require national socialist style dedication from a populace to keep the government anywhere near up to common best practices.
Is the DoD still trying to get the Navy to sign on to MS on subs and battleships via D2? Isn't the CIA still notorious for the deals they cut with private enterprises to get what they need outside of normal acquisition and review channels?
You are overrated and seem to think that just because you are paying taxes something is being done to secure your infrastructure.
There are not bigger failures in the world of IT than the failures of the U.S. I.R.S., air traffic control, law enforcement, and intelligence attempts at deploying and maintaining tech infrastructure.
If you have a problem with that last statement please post links, I am with conventional wisdom here as ten minutes with a search engine will reveal and I can cite billions spent on completely abandoned projects for each agency listed above.
It would take a country of Nazis to even attempt a general technological segregation from the rest of the world.
Why stop with the OS? I.e., what about the microcode in the CPU and etc.? Is India also going to write their own microcode?
What one fool can do, another can. (Ancient Simian Proverb)
No, an OS isn't a weapons system. But it is a defense system. They are not the same thing.
If you need web hosting, you could do worse than here
Comment removed based on user account deletion
If you were to put together a custom made operating system and software suite for the handful of applications needed for government and military purposes, I'm guessing it would land in the price range around 100 to 300 million (if the US government did it). Probably more like 10 to 30 million if the Indian government did it (they have much better spending oversight). In the grand scheme of things that is relatively affordable.
If you just want an OS and one or two applications for a single platform (PC, custom hardware, I don't care), you can do it on the cheap. about $5m (maybe $10m if you run it like a government operation) by my calculations (8-10 software engineers, managers to support them, working for 2.5-3 years).
As for military level interoperability, that's irrelevent to custom software stacks. if military contractors that historically don't get along with each other such as Lockheed, Boeing, Raytheon, Northrop Grumman and Aerojet can make systems that are compatible with each other for the US and NATO allies (including software and protocols), then it is possible for any nation to define and make their own compatible software systems.
Making an OS that can run one or two Windows apps that you select ahead of time is not actually that hard. It's a solved problem. Wine and ReactOS already have beaten a path there, and Microsoft has made devising third party compatibility easier due to their consolidation of their OS families.
Frankly custom software development is something within reach of any government or large corporation, and has been for quite some time now.
“Common sense is not so common.” — Voltaire
While this is a valid point, it really doesn't take into account the fact it takes a long time to develop a mature, reliable, secure OS. OpenBSD has been at it for more than a decade and still has issues, and some of the finest minds in security work on that, and they started with a relatively secure code base to begin with.
If you're writing your own OS from scratch, you can expect 20-30 years before it will be more secure and reliable than existing OS's (and those OS's won't be staying still so they will mature in that timeframe as well). And that's if you have experts working on it. If you're going to copy an existing OS, then what's the point?
Now, I can understand that a country wants to encourage OS development, and is willing to sponsor a defense project to build an OS, with the expectation it may take 20-30 years.. but it should really stay hidden and not publicised like this, otherwise the people start wondering "Hey, why don't we have this OS yet?" and then you end up pushing it into production long before it's ready.
The sad part is, India has a huge problem with brain drain. A large percentage of the top computer scientists relocate to EU countries, or the US. Only the truly patriotic or mediocre or worse candidates stay home, or perhaps those with some kind of community ties...
However, if India became seriouis about building a world class research program, it might encourage top talent to stay in India. I can see that as another benefit of such a program.
So i guess my point is, there are a lot of reasons why this is a good idea, but sadly.. I doubt that those reasons are the reasons they're doing it.
If you need web hosting, you could do worse than here
Obviously, they're not going to develop any such thing. Ever. This is one of the most brilliant job security moves I've ever seen in the computer industry. Kudos!
there is several projects aimed at running windows binaries, one of them being an NT clone, dos clones already exist and can be made to run windows dll's on top for an olde worlde windows, and of course wine. i personally hope what it will involve is a bsd core running a customised and advanced wine fork, i mean, considering brazil and several other countries are going linux and open source it would be stupid of them to not collaborate with their fellow rising industrial stars like brazil who iirc are moving their government IT over to open source. a 99.9% binary compatible framework to run windows apps would be beneficial for everyone who is not NATO, indeed i can imagine some of the more client-agnostic big tech contractors who help build military stuff would love to be able to sell their windows-targeted software to someone else... brazil, india and russia at least would all be interested, china is too closed to alliances in any way but who knows, if india gets their project off the ground and achieve their goal.
remember, a lot of those windows programs are now partially developed by indians... if anyone can make a fully binary compatible windows environment, it's india. they've been doing so much of american-based multinational corporations' development already they have a rich developer skills base.
I wonder who they will call for support?
You confuse isomorphism with compliment. While information hiding is not a replacement for all other security measures, it does stack nicely on top of them. Just like locking your car door can only hope to keep lazy people and determined racoons out of your car. The only viable result of security is to delay and deter possible loss. If you think stronger security measures do anything else, and information hiding doesnt do it at all, you are misinformed. I dont think the indian government is trying to hide its keys under the doormat.
Yes I have met some amazing Indian developers out there. There are also many H1B visa programmers who may be lacking in experience and are desperate to succeed in a foreign country which, lets be honest, considers them outsiders. They make half the pay in many situations and can be fired and sent home in the span of a week for any petty job disagreement.
True innovation requires the ability to make mistakes, learn from them, and try something new - which is contrary and alien to the H1B "cog developer" system. I doubt many Americans could be as disciplined and work under such pressures and situations.
Back home, India is building a truly amazing scientific pool of talent. Expect to see major challenges to American engineering & science - the population numbers game almost guarantees 3x the genius-level talent waiting to be discovered and educated.
I said no... but I missed and it came out yes.
Wonder if they will outsource the tech support to the U.S. Oh, Irony.
'Though it will be a real-time system with Windows software'... Uhmm, uhh, yeah, right...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Maybe that would be a sane decision to make but I personally would like to see a totally new OS which is not Yet-Another-Unix-Variant or another Linux distro. I don't mean that there's anything wrong in Unix or Linux or in any other current OS. It's just that, well, new is new, and if they can come up with brand new ideas to do things (and share it with rest of the world on at least some level) then all the better.
You don't know what you don't know.
Here's how some outsourcing places work, and it's an old model used from the Rocket program under Stalin to US and Indian businesses:
At the start you have the experts and they have people that need training but they pretend to be experts. After having contact with your experts for a while they vanish to work on higher priority projects and you are suddenly in contact with a new lot of people that really need training. In the end you are milked dry with nothing to show for it other than what is obviously some first attempts in whatever environment you have. Your project doesn't matter, the technology transfer and your cash are what the outsourcing company is aiming for. It's very similar to the long running project German rocket scientists were put on in the USSR that never got anywhere but trained a lot of staff for the real rocket program.
WWI was only bad for the soldiers, but it was actually one of the better world wars for the civilians. I don't know about you but that's a win in my book.
Euhhh because of licensing issues maybe?
TOP DSLR Cameras Reviews of the top DSLRs
Except that's exactly the reason you'd hire a software developer in the first place: to figure out what "Make sure input is validated" means. If you have to spell everything out in English, and you can actually work out the implications, then these "developers" aren't developers at all, they're just glorified translators -- which is even worse if they don't have a solid grasp on English.
Now, I did have an Indian coworker who was perfectly capable of everything any American is capable of doing, and I've never worked with an outsourced team, but I do know that much -- yes, we need clear specs, but if the spec actually spells out everything, why not just write the spec in something Turing-complete?
Don't thank God, thank a doctor!
Have you ever met a india IT worker that has one speck of innovative thinking? I certainly haven't, they are fantastic of doing what they are told but ask them to come up with something on their own and expect to be disappointed. I cannot say I am surprised they want to install a branding wall paper and call it the new India OS.
I know I'm going to get killed here, but I pretty much agree. In my experience, the likelihood of finding a competent developer in India is about the same as finding a completely useless developer in North America or Europe. Which is to say, not necessarily rare, but not the normal case, either. And I know the "racism" card will come out, but I'm also not talking race. I'm actually not even talking nationality. I'm really talking about location. The Indians I've met in North America, even if born and educated in India, were, as far as I could tell, statistically the same as the rest of the North Americans (which would also include, with no pun intended, boat loads of Chinese immigrants as well as Arabians, Africans, and, yes, even a few Caucasians): some incompetents, but generally somewhat competent to excellent. The ones who were still in India were almost never competent, though I can think of a few stand-outs that were above-average even among Westerners.
We don't know from that article, but I suspect that this may be what they end up doing anyway. Otherwise, 50 people to develop a complete OS? Fat chance!
They want to develop a secure system, yet they base it on the least secure system in existence? The API was never designed with security in mind, and you cannot ever safely attach a bare Windows system to the net without it getting owned in less than a minute. Do they really believe they can wave a magic wand over the massive amount of Windows code, and make it suddenly secure? The security problems don't sit entirely in the Windows code, it also exists in the innumerable poorly written applications. If you run these apps, then you don't have any change at securing your code.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
It's obvious. It's also most likely what they are doing.
For most people, Android is a "new" O/S, not a flavor of Linux! China has their "Red Flag" Linux, which likely meets similar criterion. Seriously, Linux is taking over the computing world, showing up everywhere from your phone to your router to your DVR to your State-sanctioned O/S!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
That more or less matched what we saw - there were two marginally competent people I can think of in the outsourcing organizations. They disappeared after six months, off to better things.
Both of them were what I would consider intern level - I might trust them to expand a CGI, but not write an OS. But there could be extra levels of this we didn't see where they grind the weak into meal while the rest level up to become super-coders. That would take a hell of a lot of work on this weak material though.
It's cultural, so I'm sure they'll be kicking us to the curb in a few decades once they start valuing results over hierarchy.
From my experience working with Indian software developers this is actually what they intend, however they will rename, shift and colour everything so that it is superficially "new", add the few bits of which they are actually needful and proclaim it NEW OS. They learn from the best such as [Large Ubiquitous American Software Company From Which None Can Escape].
Do you think they might outsource some of the work here in the U.S.? We have a lot of unemployed software developers and I'll bet they will work for half of what a software developer in India will.
India has announced a tablet that costs less to manufacture than the memory chips included in their tablet, though for some reason I can't seem to buy one yet. Once I read that the OS could run Windows, and was (to be) developed in India, I just thought "Ah another one of those announcements". I wonder why no government scientists outside India seem to be able to announce results?
People today are contempt re-inventing the flat tire.
One prominent example is the light-pen. Back when the first one was invented, the creator figured out it was a bad idea, as it's uncomfortable to hold your arm in the right positions for longer amounts of time. Yet it got re-invented over and over again, and even today we have desktop computers with touch-screens which have exactly the same problem.
Comment removed based on user account deletion
I think this has sort of been prompted by what happened to Iran and the recent attack with the Stuxnet worm. India has a significantly advanced nuclear programme, which is (and should be) doing research into thorium based nuclear power, which has potential for export. The Kalpakkam reactor just finished the 25th year of its running and the next generation of engineers are picking up after the recent retirees from that programme.
If I had to guess this would be QNX-ish operating system, not a windows clone in any sense of binary compatibility. The "windows software" comment is very likely to mean that this is a GUI operating system, not an embedded firmware version.
There has been significant work into the Linux kernel locally (like the Param Supercomputer). So OS level work is not as alien to these people as you might think. Either way, it's a good initiative, even if it crashes & burns.
Quidquid latine dictum sit, altum videtur
No, but it's possible that no side is vulnerable to cyberattacks and they have to fight it out the hard way. So you make a choice, do you build the best system you can or do you build a poorer system because the other one might possibly help the enemy? Chances are, most of your enemies are using a completely different system, or they're using it in a different way, or they've hardened it in ways that make it irrelevant. Why did the NSA release SELinux? Make standards like DES and AES? Because it's more important to have secure systems yourself than anything people might possibly learn or take from it. This is "battle-hardened" code, hardened in the fight with hackers every day.
Also, it's not like you need to need to review all 13 million lines of Linux code. Strip all drivers, all archs, all modules you don't need and it'll be a quite manageable size. It'll certainly be far les work and far less buggy than trying to write anything from scratch. At least if you're going for anything like a "normal" OS...
Live today, because you never know what tomorrow brings
Bollywoodnix
If I was a government I wouldn't trust any piece of software from the outside... ...Binary blobs from other countries would be totally banned.
These are the same folks who banned Chinese-made telecommunications equipment, no?
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
I hope the new OS will be a microkernel one, like L4Ka (or L4 in general) or Minix.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
In India, any govt project implementation is chosen based on money laundering opportunity. for example Common Wealth Games scoring software(medals tally thingy) cost 26 million USD). Previous games had similar software for around 7-8 million dollars. And guess what, the current implementation of this solution is buggy and crashes frequently.
So now lets come to the new OS. Imaging taking Linux or FreeBSD, and then looking at the code, this would result in much less money spending which would result in less siphoning.
However, majority(99%+) of the public in India are moronic, and if you say the 3 code words "Patriotism" "National Security" "Terrorism", their idiot mode gets activated, which does not understand that if you are running an application which is malicious, the secure operating system(supposedly) will make no different.
So do not argue on the technicalities, because the decision is not technical. The decision is monetary, and I am sure nobody here can give a counter argument that a more efficient solution will lead to more kickbacks and money laundering.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
You think the United States government doesn't do this on CIA and DOD computers?
Um, are you sure you want an answer to that?
Some fruitbasket over in the UK managed to "hack" (read "log into with blank or 'simple' passwords") some machines in the pentagon, using "sophisticated hacker tools" (read "stock MS RDP client")...
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
The boot path. You want a TPM-like chip that can take you from power on to login screen with a chain of custody ensuring that nothing can be tampered with without being detected. With encryption that mounts the data volumes only after the system volumes and the kernel are vetted, tampering can only deny access, nothing else.
You mean like that new android phone that reloads a clean operating system if /boot doesn't match the signature (ie, if you root and flash it)?
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
So you just set up a Grigoriy Perelman Prize for Mathematics where the Prize is you get to run your own mathematics institute the way you want if you prove RSA secure. Grigoriy Perelman wins the prize. Then all DRDO needs to do is create a virtual machine where the only addresses -- including network addresses -- are secure public keys.
Seastead this.
Well to keep from having to reinvent the wheel they could probably base it on BSD, since the code has been out there long enough any back doors would have already been found by now, and by using BSD they could make all the customizations they want and not have to worry about GPL biting them in the butt if they decide to distribute it to those outside the military.
But in this day and age trying to make an OS from scratch would probably be like trying to hit a dart board moving at 60MPH with a live bumblebee. Even those that has been in the game awhile have been bitten when tech shifts, and with a new OS you are gonna have to predict what kind of hardware you're gonna be running a decade from now when its done. Would any of us had predicted when we were running barely 1GHz CPUs that in a decade we would be looking at 12 core monsters? or look how MSFT got bit in the butt by Vista, figuring Intel would just keep getting faster and RAM getting bigger and then netbooks came along and bit them right in the ass.
So I'd say anyone trying to start a whole new OS from the ground up from scratch would have to be nuts. Even their military is gonna have to buy their chips, and who knows what chips we'll be running when this thing comes out the gate. For all we know they could have another breakthrough and we all end up on 128 bit 512 core monsters, or perhaps like ARM have many specialized chips like we had in the old days of Amiga.
ACs don't waste your time replying, your posts are never seen by me.
But bearing in mind that a number of the participating countries introduced conscription, being a civilian at the start didn't guarantee that you wouldn't be forced to be a soldier and end up dying of chlorine poisoning.
...At least one of the linked articles says the new OS, though home-grown, would run Windows software.
Before I read this I was imagining that they might give Theo a run for his money and develop a super awesome Linux-derived OS.
After I read this I was imagining a Windows ME clone based on Wine, with security through nobody-wants-to-touch-it.
My UID is prime. Hah!
Yeah I was going to make the same comment. Linux and BSD have years of coding. It just doesnt make sense. As far as I know the NSA used linux and that is how SELinux showed up. It is always hard to explain to some people why free software /open source can benefit them.
Considering the amount of Indians that are part of the teams that make operating systems and related software, it should be cake walk. Add in the Indian govt bureaucracy, its a project destined for failure.
Lord of the Binges.
You're not going to start with a blank slate and work from there. I don't care how many programmers you can throw at creating a new operating system, it's not going to be solved in reasonable (under 3 years) amount of time. If anything it's going to make it worse. Probably start with SELinux and work from there.
From the article "DRDO to develop cyber attack proof operating system" that's going to be asking for trouble. I'm going to assume the Windows compatibility is going to be WINE or ReactOS. Come on, "giving us the exclusivity of owning a system unknown to foreign elements and protect our security system", it's going to either be base on something that's already out there or something completely new with holes that haven't been discover. These guys are just asking to be attacked.
You're talking about the trusting trust attack, which was made famous by Ken Thompson.
It is not showing figure 1, I was really interested why it looks like.
Indian brain drain is something of the past. It remains true that computer scientists are paid in India a fraction of what they would earn in our countries. But with a quarter of an occidental salary, they can have a far better quality of life.
I am sure U R not having one doubt about that.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Sakshat? I'd like to meet the marketing genius who came up with that name.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You're talking about the trusting trust attack, which was made famous by Ken Thompson.
There are lot of figures missing in this article. figure 1( On stage 1), figure 3 and 7 (Stage 3), is there anywhere I could find them, just trying to follow the article
After a lot of flag waving, I bet this "new" OS will be a cutdown, pre-configured distribution of windows.
When non-techincal people are speaking it's worth taking what they say with a grain of salt.
You should really learn how to use the quote tag.
It's called reactOS. It's basically windows (it's NT architecture based), but free. Quite frankly, I don't know why Linux has gotten so much attention in comparison to reactOS. The thing is, it's still a under-funded garage-project. If you could get 50 Indians and a good budget to help them out, I'm pretty sure that it would be better than starting from scratch.
Here's the link if you're interested:
http://www.reactos.org/en/index.html
Help fight spam
The model in place now encourages people with *no* talent for software or systems development to choose that as a career path, and it shows. That doesn't mean that there are no talented people there -- just that the outsourcing craze (and corresponding promise of significantly improved lifestyle for self and family) lures a lot of people who wouldn't otherwise even consider this career. To a lesser extent, the dot-com craze caused the same problem here in the US: a lot of people who had no skill or talent for software development jumping into the business as a way to make money.
The unfortunate truth is that they get away with it - I've seen first-hand how we've evolved our expectations of offshore outsourcing companies to be little more than monkeys behind keyboards. Innovation, troubleshooting skill, and general analysis ability are not requirements at most outsourcing shops. I've even gotten in trouble at work for being 'too stringent' in my requirements. This was because I expected a senior software developer to be able to describe how a hashtable works internally; why you might want to use a hashtable. I also expect them to be able to sketch out an object model for an everyday concept like a house. And when they couldn't , I rejected them. I was told that if they can churn out code to spec we want them.
At least one of the vendors we worked with (TCS) had a habit of listening in on the phone to our interviews (even recording on a couple of occasions, though they haven't admitted it - I know what a beep every five seconds means ;), and amazingly the successive candidates got better and better at answering our basic technical questions. Now I can't say for *sure* that they were getting fed a questions list ahead of time, but I *do* know that the answer I receive from different candidates are remarkably close to identical on non-conceptual subjects. (On conceptual subjects, almost all bomb completely. Unfortunately, I'm not permitted to consider that in most cases.)
Anyway - the net result is that we have a lot of people who would function much better flipping burgers instead writing our code for us. And if our specs don't contain very very precise details (sadly some of our leads have taken to embedding code itself in the tech specs - which can then be copy-pasted, because it's just faster than getting them to fix it when they screw up), they flounder hopelessly. Similarly, they struggle mightily when trying to troubleshoot problems that I consider simple. (Hint: If you can't at least *start* to debug a problem without a log file and/or walking through a debugger, you have chosen the wrong career path.)
The most important thing here is that this isn't some deficiency or inability of any one group of people. I strongly suspect that the same ratio of talented:untalented exists in India as anywhere else in the world -- it's just obscured by the economics which makes being a poor or mediocre programmer a way to become relatively wealthy.
As long as they do not re-distribute, they are not obliged to let "everybody win" i.e. share the source or the software. And that is only true for GPL software. With BSD they do not have to share anything,
So indeed why not start with something that is already out there as it will speed up the whole process. Then you have more people available for specific software.
But then it can also be interesting to see what happens if you start with something completely new. It might never leave the military, but there also might be a chance that it does, which will be great.
Don't fight for your country, if your country does not fight for you.
It's quite possible that they did all the tricky impressive stuff (or rather, some consultants convinced them to hand over lots of cash for it) while neglecting the easy, obvious and boring things.
This is particular common in large bureaucracies; tasks like enforcing sensible procedures require ongoing effort, which is precisely what people join such organizations to avoid.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Writing an allegedly Windows-compatible OS to resolve cyber-security concerns? Are they also developing lead aircraft?
... almost every custom-built computer (of which many existed) had its own operating system. Many software companies developed OS and application software.
... if you want to keep it simple, it's just an excersize in recursion ...
Writing OSes is still very common in embedded systems.
Depending on what you want, writing a Windows compatibility layer (if that's really what they want, if they didn't just want to say "has a GUI") is also no rocket science. The Windows API documentation is readily available, and if you stick to a specific set of APIs, you can come up with a compatible system pretty quickly.
WINE is not a good example for Windows compatibility, since it's ill-designed and bug-ridden. ECMA for instance provides a set of standards registered by Microsoft for Windows 3.x, and that can make a good starting point.
I think the project might be successful.
Oh, and writing compilers is no rocket science either
Remember an appearance of PHP from nowhere, for a blue sky? Perl, C and CGI were then in full swing too. All it took - a Canadian university teacher, Swiss and 2 Israeli students.
Sometimes a stupidity of an existing software is begging for starting from scratch.
When I try to find a computer on a network in W7 via a set of bizarre icons, or try to find a way to open a file in Media Player, or set a property in Explorer's options I cannot help thinking: "What an imbecile could think of such an interface!"
Besides, in some parts there is still a conviction that using 16th century's Imperial measurements system for modern science and technology is a good idea.
by "sir, send me teh codez 4 secure OS, it is very urgent..."
:: There is no light at the end of a tunnel. There is a tunnel after a tunnel : Thom Y.
Some secury enhancements like in se linux (or trustedbsd) would (could) be nice.
However, there is a strange effect that is "too much security". Examples: Create an password policy that is too complicated an people start to write down password on a note next to(taped under) their keyboard.
Lock down a system too much and people will find workarounds not to use that system.
Have a too complicated security policy and you need too many administrators (With god mode access) that configure the security.
Having a secure OS is one thing, designing secure way of work is a different way of thinking.
I suspect the main problem is that coding is outsourced to India to keep costs down. So companies pick the cheapest coders. To the outsourcing company, the "best" coders for the job tend to be the ones who can meet the written specification in the cheapest possible way. If you're outsourcing to India you're only going to have contract with this sort of programmer.
Having your "own" national OS is not a bad idea, provided it's open enough to ensure peer review. However, making it run Windows apps feels a bit like planning to build a new prison and then only allowing straw to be used as building material. Does it *have* to be Windows compatible? Using Windows apps as platform is repeating the mistake of slowing a whole nation down because it's waiting on yet-another-update-with-questionable-benefits.
IMHO, this will define modern warfare: attack on Microsoft Patch Tuesday. Windows for warfare will be upgrading at that time..
Insert
That's because the congress is bypassed.
Something to notice is that ever since Linux has hit the scene any time someone talks about a "new OS" they are making what they really mean is "Our own version of Linux." Developing an OS from the ground up is a lot of hard work. As such it seems to be done very rarely. Since Linux is freely available and quite modular, you can always just take it, modify it, and then use it as a base for what you want.
This is just the way things are done these days, there seems to be very little interest in truly "new" OSes. Hell even Cisco went this route. Not with Linux, but with QNX. Cisco has had their own OS for a long time, since normal computer OSes aren't well suited to switching and routing. However they needed to make it higher reliability. Hence they built IOS XR. Still their own OS..... Except that QNX runs at the heart of it. Nothing wrong with that, QNX has an extremely solid, reliable, microkernel that runs some of the most critical system out there, but it demonstrates what I'm talking about.
The idea that a government would implement a new OS from scratch, and then make said OS Windows compatible is just beyond believability. I mean look at the number of developers MS has just on Windows. Even if you think you are complete badasses and could do it with 1/4th the people (which isn't likely, MS pays big dollars and gets good people) you are still talking a massive staff. Rather expensive. In fact you'd probably need a larger staff since presumably you'd be talking about doing some extremely rigorous verification processes (if the objective is to be more secure) not to mention needing people to reverse engineer the original Windows. You'd actually need those people even if you had the source (governments, research institutions, etc can get the source code for Windows, it is private but not secret) because only through a clean-room implementation could you insure original bugs aren't making it in.
I'm with you: Supposing this sees the light of day and isn't just some pie in the sky project (governments love those) it'll be some version of Linux with WINE on it and probably not at all remarkable.
Agreed. You don't need to be overly secretive about your OS (hello, MS!). For example, there's practically no secret to building a typical jail house, bricks and metal bars. Only in extra special cases (perhaps a maximum security prison for war criminals and other arch villains) do you need to deviate from the norm. So, unless, the India's goal is to craft a real-time OS for missile systems and other highly destructive military gear, adapting (after some serious code review) an already existent FOSS/OS is the way to go.
Seems pretty obvious... just compile the code with multiple compilers.
Or use interpreted languages.
Um but apple plus ibm tried that in the post-system9 era and taligent tanked. They then plundered bsd and osx succeedeed. Then they closed darwin and gave a hell of a good argument to GPL advocates :D
all the other desktop OSes out there seem to be a rewrite of unix, vms/nt, beos.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Methinks a couple of people are going to make a killing on this and when the cash runs out it will just fade away and bluescreen. (Is there still such a thing as the blue screen of death? I plead old age in my defense.)
A closed mouth gathers no foot.
Because both BSD and Linux fail at the first hurdle of a security review. They are written in C. That's not fixable.
It will be the "Saffron Screen of Death"
Can't wait to see this future post on every java forum.
"Please send me the java codes for operating system to jawadiwahail2243@hotmail.com"
Pluralitas non est ponenda sine neccesitate
Yes. Each army rebels and kills all their respective politicians.
Everybody wins.
Or better yet, just improve upon selinux and start a company or a state-run agency to constantly evaluate it for security risks and improve the user friendliness of the security features and install process.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
How do you know? Have you seen their plans? Or are you just assuming a slashdot summary based on two non-technical articles gives you the full information?
Well experience certainly hasn't shown us that "with many eyes, all bugs are shallow" to be true. Two decades on and there's still a steady stream of vulnerabilities in Linux.
Security solely through obscurity doesn't work - hard coded backdoor passwords for example. But there's no evidence to suggest that obscurity on top of other security is negative rather than positive on the overall security of a system.
>Both OSs were written with in a language that doesn't bounds check strings and arrays as a matter of policy. ... A modern OS written with security in mind would have to be created with a systems programming language that at least does this.
JavaOS!
I'm not a lawyer, but I play one on the Internet. Blog
Well, yes, but then you could say that we already have Ford so why would anyone want to manufacture any other cars :)
But for example Singularity seems interesting OS. There's a lot of cool ideas, even allthough I'm not sure if they are original MS Research ideas. Plan9 seems rather interesting too. Now I don't know if any of these exotic OSes are used in production or is it even reasonable to do but who knows, maybe some useful ideas flows from them to current or future OSes.
I think diversity is a good thing especially in research.
You don't know what you don't know.
Closed darwin? Go ahead and download it for 10.6.4, the latest MacOS release. You'll want the "xnu" package, and its pretty easy to Google for instructions on building it and replacing an installed MacOS's kernel with it.
It's true Apple doesn't release the closely-related iOS kernel, but they never have.
E pluribus unum
Checking the code is one thing writing your own OS from the ground up is another.
I can see where you are coming from but it can also be your typical government boondoggle as well.
Take a look at it this way. What would be the fastest and most economical way to produce a standards compliant OS?
1. Write one from scratch.
2. Spent money on auditing and securing an existing OS like OpenBSD, FreeBSD, Solais "the open version" or Linux?
Maybe if you want to be cutting edge like Minix3, Plan9, Dragonfly BSD, or HURD.
The real problem will be trying to secure your entire stack. There will be the driver issue followed by all sorts of firmware. Every time you want to add new hardware to the stack you will have to do a lot of auditing. Frankly that is one reason I would tend to go with Minix3 or HURD. Those both are microkernels. Since performance these days is less of an issue the added abstraction may be worth it.
But before you go off on the fellow about how this is stupid I suggest you read about the R101.
A great cautionary tail about what happens when a goverments thinks it can do everything better. I am not saying that governments have no roll, but one does have to consider what a bunch of politicians really know about computer security and software development.
Over all I would say a from the ground up general purpose OS seems like a huge waste of resources as anything but a research project.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I'm not blinding praising one over the other, nor I'm a Windows fan. But you gotta give engineering credit where it is due, even if it is to an aspect of an operating system that is not of your liking. We are all subject to subjective thinking (no pun intended), but technical discussions are worthless unless we put a modicum of effort in being objective.
Because that's what the US Military did. Selinux was the contribution that eventually came to being due to effort on the part of the NIS.
They want a different code base. It has a lot to do with security by obscurity. Basically NIS knows the pros and cons of something like selinux, and India has to master selinux to really know where the attacks might lie, and how to monitor for them. To them, there is less risk of an unknown leak if they write the whole thing from scratch.
Then the probably looked at the software they were mostly using and decided that the new OS must be compatible to reduce costs.
It is going to be a massive duplication of effort, but at this point in time it is all "on paper", aka requirements. Wait until they get into the details of the implementation where they will likely discover independently that many of the required APIs to run their software require insecure processing to support their compatibility requirements.
They might even know it is a massive duplication of effort. They might even guess that it is not possible. Remember that India has earned a less-than-stellar reputation for outsourcing, so this might be a combined military pork project / public works program. They can't keep graduating programmers at the rate they do and expect all of them to get an overseas contracting job. This is compounded by programming being seen as an "easy paycheck" and their universities printing diplomas as fast as possible for people who are in it only for the money.
I am become J. Robert Oppenheimer, the destroyer of the English language.
Probably another distraction to the poor quality of Delhi Commonwealth games. It will probably go down in history as the worst Commonwealth games ever organized in this millenia. Why don't they fix their infrastructure first before trying to fix software? What's the point of having a nationalized OS if ur country has power failures at least 1- 2 times a day?
If you have two C compilers from different places, and source for one, you can check for the Ken Thompson trick. Neither needs to be trustworthy, you just need to know that they both aren't set up with the same hack.
Call the compilers A and B, with source for A which we'll call SA. Now, compile SA with both compilers, getting A(SA) and B(SA). B(SA) will not have the hacked-in code. Now, you can't directly compare A(SA) and B(SA), but you do know that they're both C compilers.
Therefore, you compile SA with each of the compilations above, getting A(SA)(SA) and B(SA)(SA). These should be directly comparable, and in fact should be identical except for built-in metadata (time stamps, etc.). If they significantly differ, then A shouldn't be trusted, but B(SA) (SA) is probably good.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
If I were to guess, this would throw a wrench in those works. From TFS:
At least one of the linked articles says the new OS, though home-grown, would run Windows software.
No worries! Slashdot has a new innovation, making the letters upside down, that is sure to ward off the spammers.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Seriously, why not take a *BSD or Linux OS release a ... Everybody wins!!!...
No, everybody does not win. Apparently, US DOD uses Windows, and given recently caught Russian spies used windows as well, any military that adopts open source is in advantage here. I believe French and Chinese already did just that.
"If they significantly differ, then A shouldn't be trusted, but B(SA) (SA) is probably good."
Unless Compiler B was 'infected', and passed the exploit along to B(SA), which passed it along to B(SA)(SA), no? Just because they are different doesn't mean that compiler binary A was at fault - it could just as easily be B.
However, I do agree that if they are the same, then that would probably mean neither of the grandparent compiler binaries was compromised. I'm going to have to review, when I get some time, that dissertation which David A. Wheeler provided the link for in one of the other replies, to see if there is a refinement to this technique which would allow you to guarantee that you have 'sanitized' the resulting binaries.
Good luck. Given the cultural proclivities in India I would give them just about a zero chance of ever exceeding American innovation. There are a LOT of really smart people in India, but the culture prevents innovation. Taking a risk that could pay off big or blow up in your face 100% of Indian's will choose the safe route and never innovate. You need to understand, if you don't get a positive letter of recommendation from your previous employer you will never find another job. That means you fuck up once and your career is over. Think that encourages innovation and risk taking?
The symptoms of this cultural problem are seen in the Indian Call centers and it's frequently what upsets American callers so much. No one working at the call center will deviate one tiny bit from the script, to do so could risk their letter of recommendation and doom them to never working again. If your problem isn't in the script you won't get help unless they transfer you to someone that has your problem in the script or that can connect you to someone that will deviate from the script (typically an American working in India or a call center in america).
You can't fix a problem like this without a major cultural shift and those take generations to occur. If or when India makes that cultural shift they might exceed American innovation but it's not going to happen until it does. Culture plays a big role in peoples lives.
DRDOS!
There's a saying in Polish that quite fits here: Taking on the Sun with a hoe.
What they're saying is, I presume, that they'll get 50 people and somehow get wine and reactos code bases together, to work well enough to be usable in a wide-scale deployment. I wish them good luck. If they, OTOH, think that they can reimplement what reactos and wine did so far from scratch: LOL. They'd need a top-notch team, used to working together and having a significant project or two under their belt to tackle it and have anything to show after 12 months. It'll take them a month or two just to figure out what code is out there in reactos/wine to use, never mind making any design decisions, or heck, actually coding anything.
For starters, a project like that would basically need to hire all wine/reactos/codeweavers/transgaming talent out there. Plus a few key Windows people, too -- and pray they aren't under non-compete contracts that can be enforced in India.
A successful API design takes a mixture of software design and pedagogy.
C'mon people... don't take them so seriously! This decision clearly wasn't made over technical facts. You know, the bosses never pay much attention to technical facts. But you may bet, they pay a lot of attention to the political consequences of their actions.
War is hell, but total war is worse.
And you also have a real good ideas of the capabilities of the enemy whom you sold weapons to.
Computers are useless. They can only give you answers.
-- Pablo Picasso
They are written in C. That's not fixable.
The interesting thing is, that, if you use another language, the language itself is probably written in C. Any language low-level enough to write an OS in is going to have low-level memory management that will require careful programming.
By the time they complete their OS, it will have more security holes than most OS's because they are human. The advantage they will have is that source code is not public. But, it's like a bank vault. Everyone knows how it's made but you still can't break into it. It's the same with OpenBSD or FreeBSD IMHO.
It's archaic but perfectly legitimate...
Hamlet: "I am become bitter through ill-met experience."
"Vext the dim sea: I am become a name," Alfred Lord Tennyson's Ulysses
"I am become a fool in glorying; ye have compelled me," Book of Corinthians 2, 12:11, KJV
"Slow down, Cowboy! It has been 3 years, 7 months and 26 days since you last successfully posted a comment."
I believe India took cue from Russia
http://linux.slashdot.org/article.pl?sid=09/01/23/1450224
I'd like to buy homeland for our 10 million people. http://twitter.com/mahadiga
This is not an issue with "cog developers" but with business methods* but more primarily with Indian culture. In many Asian cultures, it's considered a very bad thing to make a mistake, even worse is to admit to it. Indian's aren't as bad as Chinese or Thais in this regard but they still have that syndrome where they cannot draw attention to a failing. As you said, the ability to fail and get back up again after you fail is absolutely vital to innovation and problem solving in general.
That being said, most of the Indian's I've met in professional positions in Australia have broken that, they've had to in order to be competitive.
India is going to have a large pool of talent within the next few decades, but like China it's going to be held back somewhat by their culture.
* business methods refers to the MBA who insist on instilling the fear of god into people and firing them at the first sign of failure.
Calling someone a "hater" only means you can not rationally rebut their argument.
"Reflections on trusting trust", Ken Thompson, 1984.
One area I tend to focus on in interviews is the day-to-day. I try to get someone to describe a problem they solved last week, or detail the design of a system they recently completed. Very often this causes stumbling as you pointed out - as real-world experience isn't something that be faked as easily as book knowledge.
Glad to hear that you've moved on from TCS. Hopefully you're in the category of programmers who "gets it"* -- it sounds like you may be.
I don't really blame TCS either - they've found a model that works; and for some reason, clients find this level of service acceptable. I just wish these clients would occasionally look at the *long term* cost of using these firms. The hourly numbers look great up front, but when you factor in the issues, the increased hours required, and the numerous other headaches introduced... I suspect it's not nearly so cost-effective as most would believe.
*Two categories of programmers: "gets it" and "does not get it". The former can take an issue , solve it through logic alone, and feel a thrill of victory upon doing so. More, they'll understand the "root cause" of an issue and not be content to consider fixing a symptom as an effective resolution. The latter... if they ever solve an issue successfully, it's through brute force and luck.
(Addendum: I re-read my original post. Note to self: do not attempt to write a lengthy discourse at 4 in the morning again any time soon. While I get my point across, less rambling and fewer grammatical errors would have been nice...)
They once did delay releasing the source, anyway. I'm glad they did keep it open though.
http://apple.slashdot.org/article.pl?sid=06/05/17/1453206
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
If Pakistan starts to develop its own OS we can see the first production version out before 2012. On the other hand VI vs Emacs type of discussions could end in a nuclear exchange.
Lol...yes sadly I have seen that happen all too often...
Those familiar with the Indian plutocracy will know that this is just another scheme to loot public money. There are things like BOSS Linux ... of course.
The DRDO's announcement also reveals the kind of dinosaurs controlling the organization.
Prof(Miss) A Mani CU, ASL, AMS, ISRS, CLC, CMS, IEEE HomePage: http://www.logicamani.in Blog: http://logicamani.blogs