Indian Military Organization To Develop Its Own OS

An anonymous reader writes "Several newspapers have reported that DRDO (the defence R&D organization of the Indian military) is planning to create an OS. The need for this arose due to the cyber security concerns facing India and that all [conventional] operating systems are made outside India. About 50 professionals in Bangalore and New Delhi are expected to start work on this operating system." At least one of the linked articles says the new OS, though home-grown, would run Windows software.

I hope they name it CURRY

[PatPending]

I hope they name it CURRY

Re:I hope they name it CURRY

[jfengel]

Only if they write it in Haskell.

Re:I hope they name it CURRY

[jfengel]

Yep, but Haskell came first, and has broader name recognition (and so I thought it made the joke best). And Haskell apparently some real-world uses, which means it must have gotten a LOT better since I first beta-tested it, back when it was compiled into Common Lisp.

Huge fan of it, actually. I don't get to work in it but my coding style was heavily influenced by the things I learned coding in Haskell. My main fondness: by the time you got the damn thing to compile, the program would generally work. Aggravating at the time, but it made me really respect how much work the compiler could do in spotting bugs if your language is REALLY bondage-and-discipline strong typing.

The LP features of Curry won't endear it to anybody who didn't already grok Haskell, but they're certainly a neat addition, and a lot more than syntactic sugar.

Re:I hope they name it CURRY

[jfengel]

Actually, a Haskell Indian Nations University, named after a guy named (Dudley) Haskell, a white guy tangentially involved in its creation. But the irony is still appreciated.

Confusion

[DoofusOfDeath]

WINE doesn't stand for "Wine is not a complete, Windows-compatible operating system sans the security vulnerabilities".

Re:Confusion

[icebike]

Mod parent insightful.

If you are going to run windows software you can bet they will start with with a Virtual Machine approach or Wine, and neither one buys them much security without diligence.

he idea that a government funded military lab would develop from the ground up and achieve something that would run windows but wasn't as vulnerable seems highly unlikely.

Budgets lapse. People Come and Go. It would be a mess.

Re:Confusion

[interkin3tic]

WINE doesn't stand for "Wine is not a complete, Windows-compatible operating system sans the security vulnerabilities".

No, but WINACWCOSSTSV sure does.

Cost

[DoofusOfDeath]

I can't wait for the poor bastards to try outsourcing development to India.

Not the best track record

[SplashMyBandit]

I hope the DRDO does better than their previous projects. For example, the Arjun tank has not been a good use of Indian taxpayer money, but internal politics seem to keep it and similar projects alive: http://en.wikipedia.org/wiki/Arjun_MBT

The Wheel

[Voulnet]

The Wheel: It's tired of getting reinvented.

Re:The Wheel

[mdemonic]

If it weren't for repeated reinvention of the wheel, they would still be hexagonal rocks. Reinvention is what drives technology forward. Invention is a rare treat.

Re:The Wheel

[HoldmyCauls]

HAH! 'Tired' -- good pun!

offtopic but hilarious

A buddy of mine just revealed some news to me. He's been reliable about this shit in the past and he's in a position to know, so I trust it but YMMV.

Backstory: Microsoft eats their own cooking ("dogfood") except in cases of epic failure. Like Hotmail running on NT. Or Visual Safe Source for Windows's RCS. They use a heavily modified version of perforce and a hierarchy of repositories. Yeah, it's a mess and there are a number of technical as well as human/social problems.

Well, multiple groups within Microsoft have had enough and switched to git for day-to-day work (using a gateway to push their changes to an upstream p4 repo). They're trying hard to drop 4 entirely and go with git. From what I know of their development practices, they really need something like git (Linus, himself, agrees). But who's going to tell Balmer that they're switching to software written by arch-enemy Linus Torvaldes? You might think they'd prefer that (we're using your free software, faggots!), but chances are VSS 2011 will contain some sort of half-assed distributed RCS support.

Re:offtopic but hilarious

[man_of_mr_e]

Hotmail does run on Windows. When it was purchased it did not, and it took them some time convert it. The "stories" about conversion failures were rediculous, the timelines did not give enough time for a real conversion of such systems, and people probably mistook various prototype testing as real attempts.

Sourcesafe was also never meant for anything other than workgroup projects, not large scale. As such, nobody would be expected to run something the size of the windows code base on vss. Nowadays, Microsoft has an enterprise class version control in Team Foundation Server, but I imagine they have a lot of legacy to convert to move that to TFS any time soon.

They also ran a large part of their internal processes for years on an AS/400, including accounting and other aspects. Microsoft didn't have applications to do what they needed on Windows, and didn't really want to invest in building them. However, now that they bought Great Plains.. that's a different story.

Due to legacy concerns, they aren't likely to convert from p4 for a very long time, although the beauty of git is that in workgroups you can use git and push changes upstream. If anything, they're most likely to convert to TFS, for long term overall project.. Already most of the tools development, web development, etc.. is done on TFS.

Re:offtopic but hilarious

[cronius]

From what I know of their development practices, they really need something like git (Linus, himself, agrees). But who's going to tell Balmer that they're switching to software written by arch-enemy Linus Torvaldes? You might think they'd prefer that (we're using your free software, faggots!), but chances are VSS 2011 will contain some sort of half-assed distributed RCS support.

From http://lwn.net/Articles/403903/ :

Microsoft's CodePlex.com has announced the donation of $25,000 to support the development of the Mercurial source code management system.

Looks like they've found what they're looking for.

I think Novell may have something to say...

[E-Sabbath]

They already own DRDOS.

Re:SHIVA

[mfnickster]

"I am become /dev/null, the destroyer of data."

Why not do *BSD or Linux code review and use it?

[ad454]

I know this is obvious, but come on...

Seriously, why not take a *BSD or Linux OS release and do a full source code review on it? It will take a lot less effort than creating anything from scratch, plus they can submit bug reports and code fixes back to the corresponding opensource projects. (Everybody wins!!!) Any mature OS would not be plagued by bugs that commonly occur in large new code bases. After reviewing and approving the OS, they can simply track changes of future releases in order to maintain trust.

Re:Who can be trusted?

[JSBiff]

Don't use Binary Blobs, I agree, absolutely, if you care at all about your Sovereignty. Get the source tree for an already very well secured OS like, say, OpenBSD, or perhaps Linux (though OBSD is, I believe, generally developed with practices that encourage better security - less focus on feature, more on audits and exploit finding/fixing). Have your 'trusted' developers from your nation go over every line of code, to make sure no trojans/backdoors/intentional exploits were added, then build it all yourself.

Of course, there is still always the possibility you have a hacked C compiler. Man, I can't remember the name of it now, but sometime in, I think it was the 80's, someone made a pretty famous presentation/paper about putting a self-perpetuating trojan into a compiler. You could give the compiler source code, and the binary of the compiler to the 'mark', but you could completely remove the exploit from the source code, as long as the exploit was coded to compile itself into subsequent builds of the compiler; that is, the binary was infected, but the source was not, but it didn't matter since the infected binary could build a copy of itself into the next build of the compiler. The exploit could then additionally do something like whenever it built other binaries or libraries, add some exploit code to them as well.

I suppose you need your own people to do a dis-assembly of the compiler to verify that. Or, build your own assembler in machine language, then build your own compiler with your assembler. Once you've done that, if you have a trusted compiler, and verified source code, you don't really lose security by using Open Source. If anything, it'll *probably* be more secure, if it's popular enough to have a lot of devs analyzing it and fixing problems.

Re:Why not do *BSD or Linux code review and use it

[thoughtsatthemoment]

Simple reason: "Everybody wins" is not an option in real wars.

Re:Why against this?

[cupantae]

I would have great interest in an OS that can run windows binaries without all the windows-shit.

Then maybe you can join the ReactOS team. If you're really interested, you might be allowed to become the project leader.

Re:Who can be trusted?

[simcop2387]

Of course, there is still always the possibility you have a hacked C compiler. Man, I can't remember the name of it now, but sometime in, I think it was the 80's, someone made a pretty famous presentation/paper about putting a self-perpetuating trojan into a compiler. You could give the compiler source code, and the binary of the compiler to the 'mark', but you could completely remove the exploit from the source code, as long as the exploit was coded to compile itself into subsequent builds of the compiler; that is, the binary was infected, but the source was not, but it didn't matter since the infected binary could build a copy of itself into the next build of the compiler. The exploit could then additionally do something like whenever it built other binaries or libraries, add some exploit code to them as well.

That would be Ken Thompson.

Re:Who can be trusted?

[bsDaemon]

It was Ken Thompson, the man himself, that you're referring to. The talk in question can be found here: http://cm.bell-labs.com/who/ken/trust.html

Mod parent up.

[khasim]

Seriously, if you think your people are good enough to write a SECURE operating system from the ground up, then shouldn't they be good enough to take existing code and determine whether that is secure enough for them?

Even Linux for that matter. The NSA has already done some of the work with SE Linux.

Re:Mod parent up.

[slashqwerty]

Seriously, if you think your people are good enough to write a SECURE operating system from the ground up, then shouldn't they be good enough to take existing code and determine whether that is secure enough for them?

Security needs to be designed in from the ground up. Take a look at Windows, Linux, and MacOS. New exploits are constantly being discovered in those systems because security was not a key part of the development process when they were written.

Windows, Linux, and MacOS were all written in C which burdens the developer with safeguarding against all manner of possible security holes. In C a security hole is as likely as a bug with the exception that a bug is likely to be discovered and fixed by the developer while a security hole will go unnoticed until an attacker discovers it. If you want to build a secure OS today you should start with tools that eliminate the most common security holes. That would include automatic bounds checking which none of the aforementioned systems were built with.

If you want a secure system you make sure every action and every module of code is authenticated before it runs. The system will work a lot better if it is designed that way from the ground up. Existing operating systems would at minimum have to be modified to do this.

A secure system would be developed with best-practices that reduce the likelihood of exposing a vulnerability. For example, the potential attack vectors for shell injection attacks would go through a centralized library that safeguards against it.

All of these things are best done by writing a new system from scratch with more secure tools and practices. At the same time, the developers can look to Linux or BSD for example algorithms on how to solve common problems but make sure the actual implementation uses the aforementioned best practices.

Re:Mod parent up.

[Chrisq]

Security needs to be designed in from the ground up.

Well OpenBSD it practically is. Some articles claim it is written ground up for security, but in reality they audited the entire BSD codebase many years ago, rewriting large parts and all new code is ground-up secure. In practice it is extremely secure, many of the bugs that occur in other BSDs or linux turn out to have been fixed months or years before in openBSD

Re:Mod parent up.

[Hognoxious]

I'm sure a lot of people said that "metric" and honestly believed that the code they were maintaining was that bad.

And the people who came after them probably said the same...

Re:Mod parent up.

[TheRaven64]

If you want a secure system you make sure every action and every module of code is authenticated before it runs

Absolutely not. In a secure system, none of the modules trusts that the others are bug free.

Re:Mod parent up.

[TheRaven64]

Until the early to mid '90s, the term 'UNIX Security' was considered a joke. In comparison to systems like OS/370, VMS, and so on that were designed for security, UNIX was a toy. It didn't even have access control lists for files, and trust was entirely binary - if your web server needed to be able to bind to port 80, it also got the ability to modify every single file on the system, write directly to devices, and so on. Linux adopted the UNIX lack-of-security model from the start, although has recently gained some slight improvements.

In contrast, Windows NT was designed to be secure from the start. Every kernel object (file, thread, process, and so on) has an access control list associated with it. This can grant fine-grained permissions to individual users or processes. Unfortunately, the kernel was then given to the UI and DOS compatibility teams, who decided that world-accessible was the correct permission for pretty much everything and that the default user should be the administrator, who can override most permissions.

Plan 9 is closer to what the UNIX model would look like if security had been a concern. It's recursively virtualisable, so you can trivially jail processes.

Re:Mod parent up.

[Chrisq]

Whilst it's written with C, you might as well be trying to repair a roof with swiss cheese.

Whatever language you write an operating system in will have to have the same "dangerous" facilities as C, pointer access, type casting, etc. Remember without an OS you cannot have safe managed code - you need to be able to implement things like page table mappings, page protection, interrupt processing, etc. Basically you are not going to get around the fact that writing operating systems is hard

Arguably in this environment C is safer than C++ because of its simplicity. Now that said, a lot of the utilities around the core OS could be written in safer languages.

Re:Mod parent up.

[MasterRat]

As someone who knows a bit about the origins of NT, with regard to Windows NT, you are full that substance that leads to substantial growth in the business...

Windows NT first several beta's booted using the OS2LDR.EXE file from prerelease versions of OS/2 2.0. The first thing you saw on the console was "OS2LDR.EXE ...". Eventually OS2LDR.exe got renamed, but it remained the same through at least the first release (I left Micrografx before the next release of Windows NT came out). In the end, Windows NT was more secure than it was when it started, but it was not "secure".

Windows NT was not designed for security -- The first version was hacked together using bits of OS/2 2.0 code, ports of existing Windows code, etc. For the record, I worked at Micrografx when they (a) had source code and early binaries of Windows NT, and (b) was part of the team that worked on OS/2.

With regard to your spurious example implying ACLs make something secure, again, you've been shoveling out the stables. ACLs do not make something secure (they may contribute to a security solution) and the lack of ACLs does not make something insecure. Security is not about how you achieve something, security is about what is achieved. Fundamentally, the only truly secure computer is one that not connected to a network, kept behind several locked doors, with guards that are so well paid or loyal such that they cannot be bribed. This goes on and on, no software added after security is certified, no external access other than keyboard, no externally accessible disk drives/cdrom/usb, etc. Everything else is a careful balancing act of risk, vulnerabilities, and mitigation.

Re:Mod parent up.

[RichiH]

Next Tuesday, MS will break the record for patches in one day. Before the recent bzip2 DoS hole, I don't even know _what_ I patched last.

Your obscurity argument would hold more water if most *NIX would not dominate the server hosting as much as it does. And those machines tend to be unfiltered while Windows machines tend to be behind NAT/a firewall.

And finally, even _if_ the obscurity argument was valid (I happen to think it's not, feel free to disagree), there is no way to make *NIX less obscure just to prove your point.

So, for all intents and purposes, as of right now, *NIX is more secure.

Re:Mod parent up.

[luis_a_espinal]

Next Tuesday, MS will break the record for patches in one day. Before the recent bzip2 DoS hole, I don't even know _what_ I patched last.

Your obscurity argument would hold more water if most *NIX would not dominate the server hosting as much as it does. And those machines tend to be unfiltered while Windows machines tend to be behind NAT/a firewall.

And finally, even _if_ the obscurity argument was valid (I happen to think it's not, feel free to disagree), there is no way to make *NIX less obscure just to prove your point.

Every single production UNIX/Linux box I've encountered has sit behind a NAT/firewall. Machines that are not unfiltered (be it *NIX or Windows) typically sit within an intranet already enclosed by NATs/firewalls.

So, for all intents and purposes, as of right now, *NIX is more secure.

"Being secure" is a broad subject. For many purposes *NIX systems are more secure (from the point of view of users requiring discretionary access control). But I'll ask you, how do you implement MAC on a *NIX system (one that does not have to be retrofitted like SELinux or Linux+AppArmor)?

Explain me how.

I work with UNIX/Linux all the time and it is my preferred platform. It's been like that for the last 15 years. But even then I'll be the first to recognize that a well-configured NT system is much more secure and easier to configure (for implementing RBAC/MAC) than a Linux system. In fact, you have to get a specific distro or tooling (.ie. SELinux which is what I work with, AppArmor, Tomoyo) to get the same type of access control configuration and enforcement.

Saying "this is secure" or "that is more secure" without specifying particular contexts, that's an exercise on fanboyism.

1. Any out-of-the-box Linux system is more secure (from a DAC perspective) than an out-of-the-box system belonging to the NT architecture family (which we will simply refer to as "NT system" for the sake of brevity).

2. Any out-of-the-box NT system tends to be as configurable (and sometimes easier) to be locked with MAC/RBAC for specific business contexts than an "armored" Linux system (be it SELinux, AppArmor, Tomoyo).

3. An out-of-the-box Linux distro cannot be locked down for MAC/RBAC policies. You have to "armor" them as described in point #2.

And that's what's important to recognize, MAC/RBAC is already built-in on NT (though most people are too dumb to do so). Similary, most people don't "armor" their Linux distros because they are too dumb as well and think that DAC is all that is to be.

Security is more than just preventing trojans getting installed on your personal computers while browsing the interweebz.

Re:Mod parent up.

[luis_a_espinal]

And when I was young, we had to walk to school, uphills both ways. We had to wrap barbed wire around our bare feet for traction on the dry ice that formed due to the cold.

In other words: I did claim that *NIX has always been perfect. I am simply saying they got their shit together a lot better, faster and more thoroughly than the Windows world.

Not true. The security model of UNIX is DAC based, reflecting a past when systems were secure by isolation. Almost no one was connected back then. The systems of the day did not reflect any of the realities Windows systems face nowadays. Not that it absolves the security blunders committed in some of the design of Windows. But the security architecture of NT (based in great part on VMS which was a lot more secure from the ground up than UNIX) is superior than what you find in a typical out-of-the-box Unix system.

Very few people armor their Linux distros to support MAC/RBAC (even when there are business reasons screaming for it). And the poor security track record of Windows systems have little to do with the NT security architecture, and more to do with the sheer number of deployments; the ambiguous role of providing "easy of use" in a time of great internet connectivity; and poor configuration practices (of which Linux folks aren't that innocent either.)

That the UNIX world got a security model faster than NT is trivially true. After all, the security model is DAC based and a reflection of the state of systems security and nature of installations 30 years ago.

Re:Who can be trusted?

[Logic+Worshipper]

What the fuck? A government checking the code it runs on computers with sensitive data is "national socialist"? You think the United States government doesn't do this on CIA and DOD computers? Or are you a nut against building roads?

We're talking about doing this only for government computers used for sensitive government data.

Re:Oh For Chrissakes

[nashv]

I find it amusing that some people think that a nation's defense research organisation, which helps build ICBMs, supersonic aircraft, tactical software and so on, needs advice from someone who reading slashdot on how to write an operating system.

"Trusting trust" attack can be countered using DDC

[dwheeler]

You're talking about the trusting trust attack, which was made famous by Ken Thompson.

Thankfully, you can counter the "trusting trust" attack using a technique called "Diverse Double-Compiling" (DDC). See the linked PhD dissertation for details.

Trusting Trust

[wcl3]

They have a lot to do - they'll have to bootstrap this thing from the assembler on up if they are serious about security - http://cm.bell-labs.com/who/ken/trust.html

Re:Why not do *BSD or Linux code review and use it

[dachshund]

Seems to me that plenty of countries (including the US) manufacture weapons for use and for distribution to other countries. Thing is, you're not at war most of the time, and you're almost never at war with everyone.

Re:Oh For Chrissakes

[Daniel+Dvorkin]

I find it amusing that some people think that a nation's defense research organisation, which helps build ICBMs, supersonic aircraft, tactical software and so on, needs advice from someone who reading slashdot on how to write an operating system.

Well, in the US -- I don't know about the Indian military -- the same defense establishment that operates those ICBMs etc. also mostly runs Windows. Which is a pretty clear indication that they do need help, and the Slashdot crowd would probably be a good place to get it.

This is at least partly personal experience talking. When I was a medic in the USAF, one of my secondary duties was "computer systems security NCO" for the ER where I worked. Which mainly meant light sysadmin duties, trying to keep machines patched and virus-free with absolutely zero support from the actual hospital IT staff, and debunking "I LOVE YOU virus" warnings and similar bouts of hysteria that Col. So-and-so forwarded to everyone's e-mail ("it must be true, the Colonel said it!") Actual security was a joke.

Re:Oh For Chrissakes

[nashv]

Granted, militaries are usually incompetent when it comes to IT. But this isn't the military, this is the DRDO, which typically includes people like this.

Less Secure

[Doc+Ruby]

It seems to me that an OS developed by an org that's never made an OS before, by 50 people, that isn't examined by many people around the world in many different contexts and from many different approaches, is going to be less tested and less secure than other OS'es. Not to mention the lack of applications, and the burden of creating all the applications from scratch, and a developer community for them, and again the smallness and isolation of that community and its apps leaving security to a very few very busy people.

If I were responsible for protecting India's IT infrastructure, I might start an Indian state project to create an OS. But I'd just start with Android or Linux, and assign the people I have to investigating its open code for security holes and starting applications needed by essential Indian users. A lot less work, a lot more global partners to use (and many to omit from trust without losing everyone). Leveraging the English speaking skills of educated Indians to partner with people around the world to secure India.

Reading the press, it seems they're really talking about a component in their new line of spy and military satellites. They mention they've got orders from other countries. So probably this venture is not at all calculated on security rissk, but rather on a perceived market opportunity. In which case it is even more likely to totally fail, but not after wasting a lot of time and money better spent on actual Indian security risks.

Probably some general's nephew thinks he can sell some Linux clone to the government, and so the rest of the state and media apparatus starts talking it up.

The ARE expecting security through obscurity

[ka9dgx]

'Though it will be a real-time system with Windows software, source code and architecture will be proprietary, giving us the exclusivity of owning a system unknown to foreign elements and protect our security system,' Saraswat said after unveiling a training facility at the Centre for Artificial Intelligence and Robotics (CAIR), a defence lab in this tech hub.

Classic first timer mistake.

No mention of capability based security either.

At best they end up with a bad clone of Windows or Linux.

Re:Why not do *BSD or Linux code review and use it

[Jeff+DeMaagd]

With some 100% home grown OS, then we can be pretty sure that some large military contractor wins, at 250% of the quoted cost. Whether that results in something that's usable in war is an open question.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Oh For Chrissakes

HA! You were a medic? Being a medic in the Air Force is like being a Maytag repairman. Lotta good pussy, though.

Joking aside, flyboy. 2Axxx scum here, and we ran console apps cobbled together over win2K and NT4 on our classified shit. Kinda scary, eh? At least we had the mighty STU-3.

signed, -- Terrudiger Abercrombie

Re:Who can be trusted?

[man_of_mr_e]

While this is a valid point, it really doesn't take into account the fact it takes a long time to develop a mature, reliable, secure OS. OpenBSD has been at it for more than a decade and still has issues, and some of the finest minds in security work on that, and they started with a relatively secure code base to begin with.

If you're writing your own OS from scratch, you can expect 20-30 years before it will be more secure and reliable than existing OS's (and those OS's won't be staying still so they will mature in that timeframe as well). And that's if you have experts working on it. If you're going to copy an existing OS, then what's the point?

Now, I can understand that a country wants to encourage OS development, and is willing to sponsor a defense project to build an OS, with the expectation it may take 20-30 years.. but it should really stay hidden and not publicised like this, otherwise the people start wondering "Hey, why don't we have this OS yet?" and then you end up pushing it into production long before it's ready.

The sad part is, India has a huge problem with brain drain. A large percentage of the top computer scientists relocate to EU countries, or the US. Only the truly patriotic or mediocre or worse candidates stay home, or perhaps those with some kind of community ties...

However, if India became seriouis about building a world class research program, it might encourage top talent to stay in India. I can see that as another benefit of such a program.

So i guess my point is, there are a lot of reasons why this is a good idea, but sadly.. I doubt that those reasons are the reasons they're doing it.

I'm in awe.

[Tumbleweed]

Obviously, they're not going to develop any such thing. Ever. This is one of the most brilliant job security moves I've ever seen in the computer industry. Kudos!

Re:Oh For Chrissakes

[MBGMorden]

If their intention is to "run Windows software", as the summary states, then I think they'd get farther along by forking ReactOS.

Sure, its basis isn't "written at home", but unless it's merely a matter of national pride, you still have essentially the same advantage with OSS. Namely, that you can look at everything and verify what it does before using it in a security-critical environment.

Re:Have you ever met?

[Panaflex]

Yes I have met some amazing Indian developers out there. There are also many H1B visa programmers who may be lacking in experience and are desperate to succeed in a foreign country which, lets be honest, considers them outsiders. They make half the pay in many situations and can be fired and sent home in the span of a week for any petty job disagreement.

True innovation requires the ability to make mistakes, learn from them, and try something new - which is contrary and alien to the H1B "cog developer" system. I doubt many Americans could be as disciplined and work under such pressures and situations.

Back home, India is building a truly amazing scientific pool of talent. Expect to see major challenges to American engineering & science - the population numbers game almost guarantees 3x the genius-level talent waiting to be discovered and educated.

Tech Support

[binaryseraph]

Wonder if they will outsource the tech support to the U.S. Oh, Irony.

Re:Oh please, these people can't even do a CGI

[dbIII]

Here's how some outsourcing places work, and it's an old model used from the Rocket program under Stalin to US and Indian businesses:
At the start you have the experts and they have people that need training but they pretend to be experts. After having contact with your experts for a while they vanish to work on higher priority projects and you are suddenly in contact with a new lot of people that really need training. In the end you are milked dry with nothing to show for it other than what is obviously some first attempts in whatever environment you have. Your project doesn't matter, the technology transfer and your cash are what the outsourcing company is aiming for. It's very similar to the long running project German rocket scientists were put on in the USSR that never got anywhere but trained a lot of staff for the real rocket program.

WTF

[SnarfQuest]

They want to develop a secure system, yet they base it on the least secure system in existence? The API was never designed with security in mind, and you cannot ever safely attach a bare Windows system to the net without it getting owned in less than a minute. Do they really believe they can wave a magic wand over the massive amount of Windows code, and make it suddenly secure? The security problems don't sit entirely in the Windows code, it also exists in the innumerable poorly written applications. If you run these apps, then you don't have any change at securing your code.

Microkernel to the rescue!

[VincenzoRomano]

I hope the new OS will be a microkernel one, like L4Ka (or L4 in general) or Minix.

Re:Why not do *BSD or Linux code review and use it

[pjt33]

But bearing in mind that a number of the participating countries introduced conscription, being a civilian at the start didn't guarantee that you wouldn't be forced to be a soldier and end up dying of chlorine poisoning.

Re:Who can be trusted?

[e70838]

Indian brain drain is something of the past. It remains true that computer scientists are paid in India a fraction of what they would earn in our countries. But with a quarter of an occidental salary, they can have a far better quality of life.

Already an open source alternative to windows

[Hojima]

It's called reactOS. It's basically windows (it's NT architecture based), but free. Quite frankly, I don't know why Linux has gotten so much attention in comparison to reactOS. The thing is, it's still a under-funded garage-project. If you could get 50 Indians and a good budget to help them out, I'm pretty sure that it would be better than starting from scratch.

Here's the link if you're interested:

http://www.reactos.org/en/index.html

Re:Already an open source alternative to windows

[erroneus]

The trouble with Windows [compatible] OSes is not that it should be capable of running software written for Windows. It is that Windows itself has design weaknesses for various reasons not the least of which are related to its DOS based origins and support for old, misbehaving "legacy" software. To write a Windows compatible OS, you would also have to mimic a wide range of idiosyncratic behaviors in order to support Windows applications.

Now, if for some reason, all the bad-behaving software were cast aside and only good Windows software were used, the notion might stand a chance. I remain quite skeptical it, or any Windows-compatible OS, would become completely viable.

Looking at it another way, the SaMBa project is constantly playing catch-up against the moving target that is Windows networking. And that is just one aspect of the Windows OS family. Imagine this on an entire OS? It would be hard pressed to actually work.

They'd be better off making a BSD modified OS and pulling in WINE.

Re:Already an open source alternative to windows

[BasilBrush]

They don't want open source, they want their own proprietary OS. Code that they control, and isn't available for scrutiny by those that would attack them.

And I expect the comment about running Windows software in one of the articles was a mistake on the part of the journalist or the politician. Possibly a language based misunderstanding. I expect they mean windowing software. A desktop gui rather than a cli.

It just doesn't make sense to make it Windows compatible. It's a monumentally hard thing to do, as demonstrated by the timescales of WINE. And the result would be a system with many of the same vulnerabilities as Windows, and thus it would break the primary objective.

Re:Already an open source alternative to windows

[hairyfeet]

Ooooookay, explain this one to me. How exactly is a Linux based OS with built in support for Windows drivers and software using "shims" ALA Wine going to Bring in "bad behaviors"? and DOS? Hello? It is 2010 and DOS has been dead for over a decade now. it is all WinNT based okay? I haven't actually seen a DOS program in the wild in damned near 8 years, and I deal with some old shit in SMBs. The last DOS program I saw was a DOS 3 based controller for a custom lathe.

So let us please keep the FUD to a minimum. As a PC repairman I can tell you from win2K on through XP SP3 Windows has had decent security, after windows Vista it has damned good security. The problem ain't the apps or the drivers, I can tell you a good 90%+ of infections are directly caused by the users installing random shit from the web without a second thought. Hell you should see how many security tool variants I've had to deal with where the user installed it because it came with some "free app" they wanted or a web page said 'ZOMG! you got teh virus!!!" and changing the base to Linux wouldn't change that level of dumbshit, just introduce security through obscurity. The rest? Adobe based, surprise fricking surprise, which considering from what I've heard Adobe on Linux is if anything MORE a pile of buggy shit than it is on windows, the only thing keeping that mess at bay is again security through obscurity and Linux users having to have a little more brains since they have to install their OS and admin it themselves.

But there is nothing wrong with the basic design of Windows. Running as a low rights user (default on Vista and 7) got rid of the last legitimate complaint on Windows user design. Windows has incredible degrees of backwards compatibility now thanks to a locked down SXS and a virtualized registry and file system that lets the program think it is running on the older OS, this when combined with ASLR and NX bit makes Windows pretty damned secure. Sadly there is no "keep user from doing dumb shit" button in ANY OS, and if you come up with one could buy MSFT and make Ballmer wear a jester hat and do the monkey dance.

Re:Already an open source alternative to windows

[BasilBrush]

I can tell you a good 90%+ of infections are directly caused by the users installing random shit from the web without a second thought.

So, the new Indian OS can make itself 10 times more secure than Windows with the simple expedient of not allowing users to install random shit off the internet.

Your post actually demonstrates that there IS something fundamentally wrong with Windows.

Sadly there is no "keep user from doing dumb shit" button in ANY OS, and if you come up with one could buy MSFT and make Ballmer wear a jester hat and do the monkey dance.

Seems like a prize worth having. And given that the existing Windows and Unix OSs were not designed with that in mind, the Indians will be off to a good start when they do have it in mind. Good luck to them I say.

Re:Already an open source alternative to windows

[jedidiah]

A Unix based OS with the facilities in place to assimilate Microsoft's shoddy product isn't safe. That's rather the whole point. Microsoft didn't leave their poor design and engineering choices behind with DOS. The legacy of DOS is laziness and incompetence. The fact that it is not quite as obvious any more doesn't mean that Microsoft still isn't doing incredibly stupid things and doing them haphazardly.

Blaming the user simply doesn't cut it. Microsoft makes crap that's inherently dangerous to operate due to engineering sloppiness can't be tolerated anymore.

Re:Already an open source alternative to windows

[v1]

At least one of the linked articles says the new OS, though home-grown, would run Windows software.

Brilliant. If you're into security, there's one rule of thumb you can always count on. Don't develop your own. Invariably you'll overlook something obscure and subtle and will create a weakness big enough to fly a 747 through. Stick with time-proven methods that have been under the microscope for years and have withstood the test of time and had all the bugs, shortfalls, and subtle problems worked out of them. Basically, you're not smarter than all the people that have contributed to making the currently available selections as secure as they presently are.

If they're going to create an entirely new os themselves, in-house, for the sake of security, they're about to re-learn the above lesson.

And sorry, but runs Windows? The whole security problem there to begin with is its never-ending craving to run old software that just wasn't bothered to be written securely. Look at the giant headache that was the breaking of windows software when XP came out. Then when Vista came out. Then when 7 came out. This is going to be a whole new level worse. They may say it can run Windows software, but either it won't run MOST of it, or they're just going to be defeating one of the primary purposes of writing their own secure OS to jimmy it to run any sizeable portion. If they're insisting on making their own OS, they may as well expect to have to write their own software too. In for a penny, in for a pound.

Re:Already an open source alternative to windows

[kikito]

Linux has a "keep user from doing dumb shit" button. It's called non-root access. And it works.

It's not security by obscurity, it is real security.

Re:Already an open source alternative to windows

[digitalunity]

They can have it. They could use BSD as a base.

Or they could just start with Linux and the GNU tools and make their own variant. The code is all theirs. The GPL only requires source code be provided when the software is transferred. Merely providing the software for use doesn't entitle each person sitting behind the keyboard to a copy of the source. If it's all under control of the DRDO at all times, they are not required to provide the source code to anyone.

Also, the GPL is only effective due to strong copyright laws. If they wanted to add a copyright waiver to their laws for national security reasons(which may or may not already be there), that would work too.

All I'm saying is if they wanted to use Linux, they could. And they don't need to share the source with anyone.

Re:Already an open source alternative to windows

[GooberToo]

ReactOS does pull in wine - last I read. But as the wine developers will tell you, Windows basically sucks. There are so many hacks and kludges which have been developed in Windows over the years, the wine guys are forced to constantly re-implement them. Far too many applications actually demand improper behavior from the OS APIs to function properly. Even worse, this behavior can depend on which MS OS variant its running under.

Re:Have you ever met?

[thePowerOfGrayskull]

This was flamebait - but I can see how AC came to feel this way.

The model in place now encourages people with *no* talent for software or systems development to choose that as a career path, and it shows. That doesn't mean that there are no talented people there -- just that the outsourcing craze (and corresponding promise of significantly improved lifestyle for self and family) lures a lot of people who wouldn't otherwise even consider this career. To a lesser extent, the dot-com craze caused the same problem here in the US: a lot of people who had no skill or talent for software development jumping into the business as a way to make money.

The unfortunate truth is that they get away with it - I've seen first-hand how we've evolved our expectations of offshore outsourcing companies to be little more than monkeys behind keyboards. Innovation, troubleshooting skill, and general analysis ability are not requirements at most outsourcing shops. I've even gotten in trouble at work for being 'too stringent' in my requirements. This was because I expected a senior software developer to be able to describe how a hashtable works internally; why you might want to use a hashtable. I also expect them to be able to sketch out an object model for an everyday concept like a house. And when they couldn't , I rejected them. I was told that if they can churn out code to spec we want them.

At least one of the vendors we worked with (TCS) had a habit of listening in on the phone to our interviews (even recording on a couple of occasions, though they haven't admitted it - I know what a beep every five seconds means ;), and amazingly the successive candidates got better and better at answering our basic technical questions. Now I can't say for *sure* that they were getting fed a questions list ahead of time, but I *do* know that the answer I receive from different candidates are remarkably close to identical on non-conceptual subjects. (On conceptual subjects, almost all bomb completely. Unfortunately, I'm not permitted to consider that in most cases.)

Anyway - the net result is that we have a lot of people who would function much better flipping burgers instead writing our code for us. And if our specs don't contain very very precise details (sadly some of our leads have taken to embedding code itself in the tech specs - which can then be copy-pasted, because it's just faster than getting them to fix it when they screw up), they flounder hopelessly. Similarly, they struggle mightily when trying to troubleshoot problems that I consider simple. (Hint: If you can't at least *start* to debug a problem without a log file and/or walking through a debugger, you have chosen the wrong career path.)

The most important thing here is that this isn't some deficiency or inability of any one group of people. I strongly suspect that the same ratio of talented:untalented exists in India as anywhere else in the world -- it's just obscured by the economics which makes being a poor or mediocre programmer a way to become relatively wealthy.

Re:Who can be trusted?

[leuk_he]

Some secury enhancements like in se linux (or trustedbsd) would (could) be nice.

However, there is a strange effect that is "too much security". Examples: Create an password policy that is too complicated an people start to write down password on a note next to(taped under) their keyboard.
Lock down a system too much and people will find workarounds not to use that system.
Have a too complicated security policy and you need too many administrators (With god mode access) that configure the security.

Having a secure OS is one thing, designing secure way of work is a different way of thinking.