But if the approach is to require private enterprise to demonstrate compliance with full-blown government IT security C&A with the government doing the certification
The government C&A approach should be enough for anyone in the know to run screaming from this. It basically amounts to a massive enumeration and mapping of the entire network, performed on an unrealistic schedule by people who don't necessarily know what they are looking for, then the autogeneration of mountains of paperwork based on the mapping, followed by a signature by a CEO type that basically says he is criminally liable for any security breaches henceforth. When we did this process my work site several years back, we actually wheeled in three carts carrying 6 file boxes each filled with the paperwork that the certifying authority was being asked to sign. The worst part? Aside from verifying that all systems were patched to approved levels, I can't say what kind of security that process guaranteed.
Now imagine the private sector doing this for a government authority. IRS anyone?
So the premise is that it's greener. They start by complaining about all that gravel that has to be excavated and transported, and that it can't be recycled (uh, it's gravel). Then moves on to this gem:
[Gigacrete has a] "proprietary non-toxic binder" made from "a different cementitious binder consisting of commonly found nontoxic elements available from many locations throughout the world."
Which, oddly enough, can be said of gravel (except for the 'different' part).
Of course, I'm mixing my fillers and my binders, but I'm pretty sure that the fillers used in the example also have to be "transported" in order to "house a couple people", and it doesn't matter if it's recyclable or not, because in both cases it is meant to last 50+ years, and in both cases, you'd have to break out the filler in some way to recycle it (aka use all that polluting energy), so the net gain appears to be......
For larger banks, financial transactions absolutely DO use dedicated lines.
But not for all transactions. Also not true for many stock brokers, traders, etc.
air traffic control etc should be directly controlled by a human on-site.
ATC consists of a nationwide network of radar sites that share data across the network. Controllers are responsible for a large region , and flights have to be handed off from one region to another. It used to be that all of this was done via proprietary radio and terrestial links, but the FAA found out it was much cheaper to use existing internet connectivity.
There's absolutely no need whatsoever to have public infrastructure connected to the internet short, of saving a small amount of money on maintenance.
I don't have the numbers available for this, but long-haul network maintenance is anything but small potatoes.
And similarly, any sensitive government data should be retrieved and released by a human, as opposed to leaving a sensitive database directly connected to the internet.
There are varying levels of "sensitive". Classified information most certainly is not accessible from the internet. For Official Use Only information is on a network that is connected to the internet, but is not directly accessible without credentials. Either way though, if you're going to have a human going through the database and retrieving items as needed, you may as well go back to card catalogues and microfiche. Currently business operations require multiple systems to have access to data from another system in near real-time. If you get rid of that, you go back to the days of WWII where requisitions took weeks, orders were hand carried, and battles were planned and carried out in very small regions of control. It would not be possible to carry on your typical modern day warfare without these automated systems, and yes, many of them use TCP/IP equipment to route information. To move to a separate network would entail on the order of $100M+ easily, and would probably go into the B numbers.
Life existed before the internet, and we don't need every single piece of national infrastructure hooked up to a 10-year-old internet-connected windows box running IE6
I'll give you the MS bash, and agree that things need to be updated, but life before the internet was slower, less reliable, and more expensive to do less than we do now. So the choice is either figure out how to harden against attack on the existing infrastructure, build an entirely new infrastructure at enormous cost, or reverse direction by about 20 years. I for one opt for dealing with the problems we have without incurring massive new expense
Drones are illegal in the US without a Certificate to Operate from the FAA. The FAA does not provide CtO's lightly, nor have they ever granted one for operation over a populated area...and before anyone links to DIY Drones, this rule is for corporations, not individuals who operate under r/c rules (under 400 ft AGL, within sight without any vision enhancement devices such as binoculars).
If we can lay a direct telephone line between Washington DC and Moscow to prevent a nuclear war, something tells me we can afford to lay some cable 10 miles to prevent some "cyber cold war"
The/. "air gap" theory is crap. I don't think you appreciate the complexity of the problem. Critical systems aren't just SCADA systems. What about financial transactions? Should we have a separate banker's internet that contains all redundant equipment? How about DoD unclassified? For that matter, what about systems that are secured, but utilize existing routers, lines, etc because it would cost millions to build an entirely separate transcontinental backbone just to keep the infrastructure separate?
You can't build hundreds of copies of the internet to protect infrastructure that has to be connected. Think about how many "air gapped" networks would be needed: air traffic control, electric grid, train routing systems, defense, government, medical, financial. Each of these is critical infrastructure that requires communication with nodes hundreds or thousands of miles apart. If we put all of it on its own separate network, you'll have so many points of access that you're still vulnerable. You could utilize VPNs to create secure point to point comms, but that leaves you vulnerable to routing attacks, DDoS (inasmuch as the traffic alone will grind your VPN to a halt), and of course all of these examples are multipoint to multipoint topologies.
I don't know of a grand solution yet, but I can promise you that building many copies of the internet infrastructure is too costly and simply won't happen.
they are (by and large) more tech-savvy than older folks
No, they are not. Younger generations by and large use technology to a greater extent than older folks. They also generally have no clue how any of it works.
I teach introductory computer science at the college level. You would be amazed at how little current college freshmen know about their computers. To them, it should just work (no, that's not a Mac plug). They want facebook, email, etc and they just want to use it as a tool. Much like electricity, the food supply, bulk distribution, etc, few people know how it works, they just know how to use it when needed.
Do word processors not make it too easy for writers to write bloated books?
If you've ever tried to get MS Word to format a 100+ page thesis, then you know that it's sole purpose in life is keep you from writing anything over 10 pages.
The main problem with using PV in Afghanistan has more to do with dust, damage, and replacement cost. The dusty environment there had us replacing computers at a rate of every 6 months. Most fans, hard drives, and other moving parts would have the bearings go to crap in 3 months. Given that dust on the PV arrays causes a dramatic drop in efficiency and output, plus the cost of replacement, this doesn't seem like a good plan. If we want to get serous about fuel dependency, then we need to develop better tactical generators. I'm all for a small nuke generator. Fly it in to the main FOBs, then use the most efficient diesel generator you can find in the smaller camps. You won't end dependency on fuel, but you probably can't do that anyway in a wartime environment. It's best to be efficient.
Aren't the aircraft broadcasting their positions so other planes can avoid them?
ADS-B is relatively new. Planes have been avoiding eachother quite successfully for over 100 years.
The FAA was warned about this exact problem by a number of security experts (sorry, don't have the links and don't care to take the time to look them up, feel free to prove me wrong by find them yourself) and failed to listen to them. The purpose of ADS-B is to reduce separation between aircraft so we can get more planes into the system. To introduce vulnerabilities in this new system simply so we can move more iron seems irresponsible.
But all the models predict it. Never mind that the models failed to predict the last 100 years, 50 years, or 10 years accurately and we are constantly "updating" our models.
If you look at the current body of research, as it appears you have, you'll see two sides, the side that used models to predict something, bent and distorted them until they fit a particular window of interest, then projected out 100 years and said "See, we're all gonna die!".
The other side looks at the data gathered from ice cores, tree rings, land and ocean reporting stations, etc and does statistical analysis on it. Again, the curve is fit to a window of data, then extrapolated forward to predict what will happen. The same conclusion is "See, we're all gonna die!".
My point is that we still don't have a model with sufficient fidelity, nor enough understanding of the underlying processes of cloud formation, CO2 concentration, methane, ethane, oxygen, urban sprawl, plant decay, etc to be able to draw any kind of strong conclusion. Instead, we continue tweaking models, fitting the data a new way, and allowing people like Al Gore to drastically overstate what we actually know so that/.'ers everywhere can feel superior in the knowledge they gleaned from Wiki over the last five minutes.
Seriously, I can't tell if you're trolling or not, so I'll just elaborate anyway. You've just stated the essence of computability theory. Without infinite memory and infinite states, it's not possible compute infinite sets of subsets in the general case. Put another way, there are a countably infinite number of possible computer/program configurations and an uncountably infinite number of problems to be solved, so there will always be more problems to solve than computers to solve them.
all because the old-guard engineers think that computers are magic things to be programmed by "others".
Actually, the problem is that most engineers (especially controls and electrical engineers) think that programming is such a simple task that anyone can do it, thus most embedded code I see was written by an electrical engineer or is simply Matlab running an m file. I shudder every time a design team tells me they need a 1 GHz CPU so they can run Matlab on a production robot.
Are you actually not aware that UAVs are regularly used to perform military strikes, or what?
No, just pointing out that the number of UAV flight hours dedicated to strike missions is a tiny percent of all UAV flight hours ref2 ref2 (500,000 flight hours per year, 92 projected attacks in 2010 at ~10 hour mission per attack is 920 hours - so 0.1% of flight hours on attack). It's the equivalent of saying that all planes are only used for bombing while ignoring every other aspect of aviation.
Usually news articles about remote operated UAVs involve blowing people up
Remote operated UAVs? As opposed to all the manned ones?
I was wondering more about where all the references to UAVs "blowing people up" come from. So far, that's only been the paranoid, uneducated, misinformed, and bogus slashdot responses to stories about UAVs. The stories themselves generally involve things like Google testing an airborne camera .
the team assembled an ultra-lightweight car that provides all the comforts of a standard 4-passenger vehicle
This looks about as comfortable as the Saddle Seat RyanAir wants to use. It might fit Paris Hilton and her three best friends (does she have that many?), but for the non-anorexic crowd, it looks like a tight fit.
Disclaimer: I am an American, weigh in at 200lbs, and measure 6'4" (that's 1.93 meters for all you metric nazis out there - i.e. the rest of the world), so I'm not overweight, and there's no way I could fit in this thing
Can you verify that the offending parts are offending?
Does it matter? The author chose not to release those parts. If he felt that the information he was planning to release was vital, he could have published against the Pentagon's wishes, in which case, they would have had to get a court injunction to stop the publication. That would have then been censorship.
Merely agreeing to rewrite portions and compensate the publisher's printing costs from a premature decision to print is more of an edit - unless you want to accuse all editors in the publication business of censorship as well.
Wait, you mean that asking an author to not print something, getting that author's agreement, and then paying for the printing cost of books that had the material the author agreed to remove is censorship?
The publisher and the author are under no legal requirement to furnish the first run of this book to the Pentagon. They are doing so voluntarily. How is this censorship?!?
Again, RTFA. There is a DoD regulation requiring that members of the DoD get approval prior to publishing manuscripts based on their job. The author did so, but only through the Army Reserve, not the Pentagon. The Reserve should have forwarded this up, but didn't, so the first run printing happened based on a SNAFU at the Reserve HQ and now the Pentagon is going to have to pay for it since the Reserves belong to them.
But when the first printing sells out, the publisher is only going to print more.
Did you even RTFA? Let me sum up since you seem to be too lazy:
The first run was printed after the author received permission from the Army Reserve. The Pentagon got wind of it after the first printing and discovered that there was a lot of material that shouldn't have been printed in the first place. The publisher and author then worked with the Pentagon to redact the questionable material, but that left the publisher with 10000 books sitting in a warehouse that can't be sold.
Since the Army Reserve is really the unit that screwed up in this case by not sending the manuscript up the chain for higher level review, the responsibility for paying for all those books rests with the DoD in general. It's actually the honourable thing to do in this case - along with firing whoever signed off on it in the Reserve component.
They are also very arbitrary in definitions. The ITAR restricts export of solid state gyros because they could be used in missile navigation and autonomous control. Technically, that means that every iPhone contains possible ITAR equipment, but they only prosecute those who allow foreign nationals to see gyros of the exact same type made in the US, no problem if they were made in China.
Under threat of prosecution for allegedly letting foreign researchers look at autopilots (in black box form no less), I had the following conversation with a DoS agent who investigates ITAR violations:
Me: "There is an open source autopilot (Papparazzi) designed by a French team. If I download their instructions, purchase all the components and build it, is it still under ITAR?"
Agent: "Yes"
Me: "So if I have any problems with the autopilot, it would be considered an export violation for me to ask the designer for help?"
Agent: "Yes"
Me: "Even though no knowledge was exported because the French designed it?!"
Agent: "Yes"
The meeting was cut short at that point. I subsequently left the UAV research field for fear of going to jail over someone else's stupidity.
You can be sure as shit that the Chinese PLA isn't using Windows and when the cyberwar comes the Chinese are going to have a HUGE advantage because they aren't saddled with such a primitive OS.
China already has their own military operating system Kylin . As far as anyone can tell, it's just BSD with some mods.
Another major factor you are missing is that the DoD has billions of dollars in specialized software that was designed for Windows, business practices are built around Windows, employees are trained on Windows, etc. It is not a simple matter of switching to *nix, *BSD, or whatever else when you have several hundred thousand employees who know nothing else. Look at the fact that the average age of federal workers is somewhere in the 50s [citation required]. Now think of your parents complaining about how they need a bigger hard drive because they are low on memory. Multiply that by about 300000 and you now have the headache of changing over a single service to a new OS. Multiply by 4, and you have the pain of doing that to all the services.
The article says they invented quite a few new algorithms from a clean sheet, so I'm guessing that they actually used an extension of F77, soooooo, it's brand new!
Slashdot Mirror
But if the approach is to require private enterprise to demonstrate compliance with full-blown government IT security C&A with the government doing the certification
The government C&A approach should be enough for anyone in the know to run screaming from this. It basically amounts to a massive enumeration and mapping of the entire network, performed on an unrealistic schedule by people who don't necessarily know what they are looking for, then the autogeneration of mountains of paperwork based on the mapping, followed by a signature by a CEO type that basically says he is criminally liable for any security breaches henceforth. When we did this process my work site several years back, we actually wheeled in three carts carrying 6 file boxes each filled with the paperwork that the certifying authority was being asked to sign. The worst part? Aside from verifying that all systems were patched to approved levels, I can't say what kind of security that process guaranteed.
Now imagine the private sector doing this for a government authority. IRS anyone?
So the premise is that it's greener. They start by complaining about all that gravel that has to be excavated and transported, and that it can't be recycled (uh, it's gravel). Then moves on to this gem:
[Gigacrete has a] "proprietary non-toxic binder" made from "a different cementitious binder consisting of commonly found nontoxic elements available from many locations throughout the world."
Which, oddly enough, can be said of gravel (except for the 'different' part).
Of course, I'm mixing my fillers and my binders, but I'm pretty sure that the fillers used in the example also have to be "transported" in order to "house a couple people", and it doesn't matter if it's recyclable or not, because in both cases it is meant to last 50+ years, and in both cases, you'd have to break out the filler in some way to recycle it (aka use all that polluting energy), so the net gain appears to be......
For larger banks, financial transactions absolutely DO use dedicated lines.
But not for all transactions. Also not true for many stock brokers, traders, etc.
air traffic control etc should be directly controlled by a human on-site.
ATC consists of a nationwide network of radar sites that share data across the network. Controllers are responsible for a large region , and flights have to be handed off from one region to another. It used to be that all of this was done via proprietary radio and terrestial links, but the FAA found out it was much cheaper to use existing internet connectivity.
There's absolutely no need whatsoever to have public infrastructure connected to the internet short, of saving a small amount of money on maintenance.
I don't have the numbers available for this, but long-haul network maintenance is anything but small potatoes.
And similarly, any sensitive government data should be retrieved and released by a human, as opposed to leaving a sensitive database directly connected to the internet.
There are varying levels of "sensitive". Classified information most certainly is not accessible from the internet. For Official Use Only information is on a network that is connected to the internet, but is not directly accessible without credentials. Either way though, if you're going to have a human going through the database and retrieving items as needed, you may as well go back to card catalogues and microfiche. Currently business operations require multiple systems to have access to data from another system in near real-time. If you get rid of that, you go back to the days of WWII where requisitions took weeks, orders were hand carried, and battles were planned and carried out in very small regions of control. It would not be possible to carry on your typical modern day warfare without these automated systems, and yes, many of them use TCP/IP equipment to route information. To move to a separate network would entail on the order of $100M+ easily, and would probably go into the B numbers.
Life existed before the internet, and we don't need every single piece of national infrastructure hooked up to a 10-year-old internet-connected windows box running IE6
I'll give you the MS bash, and agree that things need to be updated, but life before the internet was slower, less reliable, and more expensive to do less than we do now. So the choice is either figure out how to harden against attack on the existing infrastructure, build an entirely new infrastructure at enormous cost, or reverse direction by about 20 years. I for one opt for dealing with the problems we have without incurring massive new expense
Drones are illegal in the US without a Certificate to Operate from the FAA. The FAA does not provide CtO's lightly, nor have they ever granted one for operation over a populated area...and before anyone links to DIY Drones, this rule is for corporations, not individuals who operate under r/c rules (under 400 ft AGL, within sight without any vision enhancement devices such as binoculars).
If we can lay a direct telephone line between Washington DC and Moscow to prevent a nuclear war, something tells me we can afford to lay some cable 10 miles to prevent some "cyber cold war"
The /. "air gap" theory is crap. I don't think you appreciate the complexity of the problem. Critical systems aren't just SCADA systems. What about financial transactions? Should we have a separate banker's internet that contains all redundant equipment? How about DoD unclassified? For that matter, what about systems that are secured, but utilize existing routers, lines, etc because it would cost millions to build an entirely separate transcontinental backbone just to keep the infrastructure separate?
You can't build hundreds of copies of the internet to protect infrastructure that has to be connected. Think about how many "air gapped" networks would be needed: air traffic control, electric grid, train routing systems, defense, government, medical, financial. Each of these is critical infrastructure that requires communication with nodes hundreds or thousands of miles apart. If we put all of it on its own separate network, you'll have so many points of access that you're still vulnerable. You could utilize VPNs to create secure point to point comms, but that leaves you vulnerable to routing attacks, DDoS (inasmuch as the traffic alone will grind your VPN to a halt), and of course all of these examples are multipoint to multipoint topologies.
I don't know of a grand solution yet, but I can promise you that building many copies of the internet infrastructure is too costly and simply won't happen.
they are (by and large) more tech-savvy than older folks
No, they are not. Younger generations by and large use technology to a greater extent than older folks. They also generally have no clue how any of it works.
I teach introductory computer science at the college level. You would be amazed at how little current college freshmen know about their computers. To them, it should just work (no, that's not a Mac plug). They want facebook, email, etc and they just want to use it as a tool. Much like electricity, the food supply, bulk distribution, etc, few people know how it works, they just know how to use it when needed.
Premise: Economy Puts US Nuclear Reactors Back In Doubt
Conclusion: It looks like it'd take an economic meltdown to trigger nuclear reactor production in the US
Do word processors not make it too easy for writers to write bloated books?
If you've ever tried to get MS Word to format a 100+ page thesis, then you know that it's sole purpose in life is keep you from writing anything over 10 pages.
The main problem with using PV in Afghanistan has more to do with dust, damage, and replacement cost. The dusty environment there had us replacing computers at a rate of every 6 months. Most fans, hard drives, and other moving parts would have the bearings go to crap in 3 months. Given that dust on the PV arrays causes a dramatic drop in efficiency and output, plus the cost of replacement, this doesn't seem like a good plan. If we want to get serous about fuel dependency, then we need to develop better tactical generators. I'm all for a small nuke generator. Fly it in to the main FOBs, then use the most efficient diesel generator you can find in the smaller camps. You won't end dependency on fuel, but you probably can't do that anyway in a wartime environment. It's best to be efficient.
Aren't the aircraft broadcasting their positions so other planes can avoid them?
ADS-B is relatively new. Planes have been avoiding eachother quite successfully for over 100 years.
The FAA was warned about this exact problem by a number of security experts (sorry, don't have the links and don't care to take the time to look them up, feel free to prove me wrong by find them yourself) and failed to listen to them. The purpose of ADS-B is to reduce separation between aircraft so we can get more planes into the system. To introduce vulnerabilities in this new system simply so we can move more iron seems irresponsible.
But all the models predict it. Never mind that the models failed to predict the last 100 years, 50 years, or 10 years accurately and we are constantly "updating" our models.
If you look at the current body of research, as it appears you have, you'll see two sides, the side that used models to predict something, bent and distorted them until they fit a particular window of interest, then projected out 100 years and said "See, we're all gonna die!".
The other side looks at the data gathered from ice cores, tree rings, land and ocean reporting stations, etc and does statistical analysis on it. Again, the curve is fit to a window of data, then extrapolated forward to predict what will happen. The same conclusion is "See, we're all gonna die!".
My point is that we still don't have a model with sufficient fidelity, nor enough understanding of the underlying processes of cloud formation, CO2 concentration, methane, ethane, oxygen, urban sprawl, plant decay, etc to be able to draw any kind of strong conclusion. Instead, we continue tweaking models, fitting the data a new way, and allowing people like Al Gore to drastically overstate what we actually know so that /.'ers everywhere can feel superior in the knowledge they gleaned from Wiki over the last five minutes.
Soooooo, you're not a fan of Turing then?
Seriously, I can't tell if you're trolling or not, so I'll just elaborate anyway. You've just stated the essence of computability theory. Without infinite memory and infinite states, it's not possible compute infinite sets of subsets in the general case. Put another way, there are a countably infinite number of possible computer/program configurations and an uncountably infinite number of problems to be solved, so there will always be more problems to solve than computers to solve them.
all because the old-guard engineers think that computers are magic things to be programmed by "others".
Actually, the problem is that most engineers (especially controls and electrical engineers) think that programming is such a simple task that anyone can do it, thus most embedded code I see was written by an electrical engineer or is simply Matlab running an m file. I shudder every time a design team tells me they need a 1 GHz CPU so they can run Matlab on a production robot.
What about simply using an antenna? I get about 40 channels through mine
I only get PBS....so, unless there are some Masterpiece Theater fans in the crowd, pretty much nothing useful.
Are you actually not aware that UAVs are regularly used to perform military strikes, or what?
No, just pointing out that the number of UAV flight hours dedicated to strike missions is a tiny percent of all UAV flight hours ref2 ref2 (500,000 flight hours per year, 92 projected attacks in 2010 at ~10 hour mission per attack is 920 hours - so 0.1% of flight hours on attack). It's the equivalent of saying that all planes are only used for bombing while ignoring every other aspect of aviation.
Remote operated UAVs? As opposed to all the manned ones?
I was wondering more about where all the references to UAVs "blowing people up" come from. So far, that's only been the paranoid, uneducated, misinformed, and bogus slashdot responses to stories about UAVs. The stories themselves generally involve things like Google testing an airborne camera .
the team assembled an ultra-lightweight car that provides all the comforts of a standard 4-passenger vehicle
This looks about as comfortable as the Saddle Seat RyanAir wants to use. It might fit Paris Hilton and her three best friends (does she have that many?), but for the non-anorexic crowd, it looks like a tight fit.
Disclaimer: I am an American, weigh in at 200lbs, and measure 6'4" (that's 1.93 meters for all you metric nazis out there - i.e. the rest of the world), so I'm not overweight, and there's no way I could fit in this thing
Can you verify that the offending parts are offending?
Does it matter? The author chose not to release those parts. If he felt that the information he was planning to release was vital, he could have published against the Pentagon's wishes, in which case, they would have had to get a court injunction to stop the publication. That would have then been censorship.
Merely agreeing to rewrite portions and compensate the publisher's printing costs from a premature decision to print is more of an edit - unless you want to accuse all editors in the publication business of censorship as well.
Wait, you mean that asking an author to not print something, getting that author's agreement, and then paying for the printing cost of books that had the material the author agreed to remove is censorship?
The publisher and the author are under no legal requirement to furnish the first run of this book to the Pentagon. They are doing so voluntarily. How is this censorship?!?
Again, RTFA. There is a DoD regulation requiring that members of the DoD get approval prior to publishing manuscripts based on their job. The author did so, but only through the Army Reserve, not the Pentagon. The Reserve should have forwarded this up, but didn't, so the first run printing happened based on a SNAFU at the Reserve HQ and now the Pentagon is going to have to pay for it since the Reserves belong to them.
But when the first printing sells out, the publisher is only going to print more.
Did you even RTFA? Let me sum up since you seem to be too lazy:
The first run was printed after the author received permission from the Army Reserve. The Pentagon got wind of it after the first printing and discovered that there was a lot of material that shouldn't have been printed in the first place. The publisher and author then worked with the Pentagon to redact the questionable material, but that left the publisher with 10000 books sitting in a warehouse that can't be sold.
Since the Army Reserve is really the unit that screwed up in this case by not sending the manuscript up the chain for higher level review, the responsibility for paying for all those books rests with the DoD in general. It's actually the honourable thing to do in this case - along with firing whoever signed off on it in the Reserve component.
They are also very arbitrary in definitions. The ITAR restricts export of solid state gyros because they could be used in missile navigation and autonomous control. Technically, that means that every iPhone contains possible ITAR equipment, but they only prosecute those who allow foreign nationals to see gyros of the exact same type made in the US, no problem if they were made in China.
Under threat of prosecution for allegedly letting foreign researchers look at autopilots (in black box form no less), I had the following conversation with a DoS agent who investigates ITAR violations:
Me: "There is an open source autopilot (Papparazzi) designed by a French team. If I download their instructions, purchase all the components and build it, is it still under ITAR?"
Agent: "Yes"
Me: "So if I have any problems with the autopilot, it would be considered an export violation for me to ask the designer for help?"
Agent: "Yes"
Me: "Even though no knowledge was exported because the French designed it?!"
Agent: "Yes"
The meeting was cut short at that point. I subsequently left the UAV research field for fear of going to jail over someone else's stupidity.
You can be sure as shit that the Chinese PLA isn't using Windows and when the cyberwar comes the Chinese are going to have a HUGE advantage because they aren't saddled with such a primitive OS.
China already has their own military operating system Kylin . As far as anyone can tell, it's just BSD with some mods.
Another major factor you are missing is that the DoD has billions of dollars in specialized software that was designed for Windows, business practices are built around Windows, employees are trained on Windows, etc. It is not a simple matter of switching to *nix, *BSD, or whatever else when you have several hundred thousand employees who know nothing else. Look at the fact that the average age of federal workers is somewhere in the 50s [citation required]. Now think of your parents complaining about how they need a bigger hard drive because they are low on memory. Multiply that by about 300000 and you now have the headache of changing over a single service to a new OS. Multiply by 4, and you have the pain of doing that to all the services.
The article says they invented quite a few new algorithms from a clean sheet, so I'm guessing that they actually used an extension of F77, soooooo, it's brand new!