we are using MacSea which has all the scanned in
charts for charting/plotting - works about as good as the windows packages. we feed it with many
sources of data - gps/dgps, gyro, flux gayes,
loran-C so we notice when DoD plays with GPS
accuracy;-)
we are still researching data collection software
doug
to be clear
1) we don't care about hardware platforms - only
microsoft OS and some appliceions (exchange comes
to mind) are not allowed on the LAN that links
machines that are involved in the operations of the
ship. That part of the net is also NOT connected
to the internet.
2) guests can bring whatever they want to use
on-board, any OS any hardware. They can have
access to the internet too. That would be the
"unclean" or "uncleared" part of the network.
doug
There are so many systems on a modern warship - some are not all that important (inventory for the commisary for example) and some are life and death (aiming for the SeaWiz which, if wrong, could result in one ship hosing another with 20mm rounds)
Clearly your OS requirements are different on those.
I would not mind WinWhatever doing the former, but I expect that it will not be in charge of the later. Embedded control systems are good in that they can be more reliably verified and then NOT altered. One of many problems of having a commonly available OS doing this kind of work is the possibility of contamination from the "commercial" world by someone who doesn't know better and decides to update a file or two from their laptop or other non-vetted source.
doug
how are they using satellite comm without going
through a pc.... ?
not using consumer gear - there are inmarsat
systems that are dedicated hardware - there
is a realtime os in there, but not windoze.
connection is 10baseT.
doug
why don't they just isolate the network that the
ship's computers are on.....
this works well in theory, but since there are a
number of people working on the systems, networks,
etc. there is the possibility that they will get
exposed to the outside world (internet access is
a requirement because I use it for my day job(s)
and guests like to have access too.
Better to take an active role in maintaining
security than to simply count on nobody plugging
the wrong rj45 into the wrong place. Or I could
turn IPSEC on and just break everything.....;-)
I can not assure that guests will not bring on
dirty machines - that would be real friendly,
taking their laptops and examining them...
Doug
It is just a private vessel now - nothing official.
You can get barebones GPS things with no real OS
but we have more sophisticated things for charts
and maps, and also we are doing stuff that monitors
equipment.
Still, really critical things like radar, radios
and basic GPS nav have nothing to do with external
connections - we are not fools;-)
As to how we got the company to go all Mac, and
the evidence that it saves a bundle, that is pretty
easy. When you are downsizing things, you don't
have the luxury of a big MIS staff - sales people
like PC's rather than Macs, but if there is nobody
to fix the PCs they are all dead in a few weeks.
The Macs are more simple, and they get the job
done. Seriously, the only complaints we got were
that the games didn't run on the Macs. Boo Hoo.
Doug
Some friends said I might want to get in here
and correct factual errors, and clarify what
we are really trying to do. It's my warship,
and I'll do what I wanna;-) Seriously, it is
mine, so I can answer questions on it.
1) it isn't remotely a battleship
You got that right - we run it with a crew of
4, you can't do that with a battlewagon. It is
a coastal patrol boat, 120ft long, 24ft wide,
draws 2 meters of water (yes, it is british,
and NATO compliant, which means that there are
mixed english/metric measures EVERYWHERE on it.
Mine has not 40mm gun on the back deck - a much
more mundane but much more useful Seacrane 200
is on there for picking up large items on and
off the rear deck.
There are mounts for.30 cals (1919's or M60 if
it was in the US navy, something in.303 british
if in the Royal Navy)
There are 2 mounts, one per side, on the upper
deck for heavy machine guns, likely the ever
popular M2HB.50 cal
2) The Yorktown thing is none of my concern per
se - I don't need any extra evidence that windoze
is a threat - I have owned companies with many
employees and many windows boxes. Evidence
abounds.
3) If you are talking to me, I do not have a
"fairly sketchy knowledge of computers. I have
written PDP-10 code, PDP-11 code, Suns (my first
was a 2/120), Vax, and have done IP networking
since NCP was around. No, I don't hack code now,
but I am pretty well versed on the technology, and
on the current state of the security art (my
current focus is deep packet scanning - not sure
I really BELIEVE in it, but there is a lot of work
going on in the area)
You don't always have to check your brain at the
door to make money, and YOU should be more carefull
before making the assumption that someone who owns
a strage toy like this might not understand
networking.
Doug Humphrey
doug@joss.com
Slashdot Mirror
we are using MacSea which has all the scanned in charts for charting/plotting - works about as good as the windows packages. we feed it with many sources of data - gps/dgps, gyro, flux gayes, loran-C so we notice when DoD plays with GPS accuracy ;-)
we are still researching data collection software
doug
to be clear 1) we don't care about hardware platforms - only microsoft OS and some appliceions (exchange comes to mind) are not allowed on the LAN that links machines that are involved in the operations of the ship. That part of the net is also NOT connected to the internet. 2) guests can bring whatever they want to use on-board, any OS any hardware. They can have access to the internet too. That would be the "unclean" or "uncleared" part of the network. doug
There are so many systems on a modern warship - some are not all that important (inventory for the commisary for example) and some are life and death (aiming for the SeaWiz which, if wrong, could result in one ship hosing another with 20mm rounds) Clearly your OS requirements are different on those. I would not mind WinWhatever doing the former, but I expect that it will not be in charge of the later. Embedded control systems are good in that they can be more reliably verified and then NOT altered. One of many problems of having a commonly available OS doing this kind of work is the possibility of contamination from the "commercial" world by someone who doesn't know better and decides to update a file or two from their laptop or other non-vetted source. doug
how are they using satellite comm without going through a pc.... ? not using consumer gear - there are inmarsat systems that are dedicated hardware - there is a realtime os in there, but not windoze. connection is 10baseT. doug
why don't they just isolate the network that the ship's computers are on..... this works well in theory, but since there are a number of people working on the systems, networks, etc. there is the possibility that they will get exposed to the outside world (internet access is a requirement because I use it for my day job(s) and guests like to have access too. Better to take an active role in maintaining security than to simply count on nobody plugging the wrong rj45 into the wrong place. Or I could turn IPSEC on and just break everything..... ;-)
I can not assure that guests will not bring on
dirty machines - that would be real friendly,
taking their laptops and examining them...
Doug
It is just a private vessel now - nothing official. You can get barebones GPS things with no real OS but we have more sophisticated things for charts and maps, and also we are doing stuff that monitors equipment. Still, really critical things like radar, radios and basic GPS nav have nothing to do with external connections - we are not fools ;-)
As to how we got the company to go all Mac, and
the evidence that it saves a bundle, that is pretty
easy. When you are downsizing things, you don't
have the luxury of a big MIS staff - sales people
like PC's rather than Macs, but if there is nobody
to fix the PCs they are all dead in a few weeks.
The Macs are more simple, and they get the job
done. Seriously, the only complaints we got were
that the games didn't run on the Macs. Boo Hoo.
Doug
Some friends said I might want to get in here and correct factual errors, and clarify what we are really trying to do. It's my warship, and I'll do what I wanna ;-) Seriously, it is
mine, so I can answer questions on it.
1) it isn't remotely a battleship
You got that right - we run it with a crew of
4, you can't do that with a battlewagon. It is
a coastal patrol boat, 120ft long, 24ft wide,
draws 2 meters of water (yes, it is british,
and NATO compliant, which means that there are
mixed english/metric measures EVERYWHERE on it.
Mine has not 40mm gun on the back deck - a much
more mundane but much more useful Seacrane 200
is on there for picking up large items on and
off the rear deck.
There are mounts for .30 cals (1919's or M60 if
it was in the US navy, something in .303 british
if in the Royal Navy)
There are 2 mounts, one per side, on the upper
deck for heavy machine guns, likely the ever
popular M2HB .50 cal
2) The Yorktown thing is none of my concern per
se - I don't need any extra evidence that windoze
is a threat - I have owned companies with many
employees and many windows boxes. Evidence
abounds.
3) If you are talking to me, I do not have a
"fairly sketchy knowledge of computers. I have
written PDP-10 code, PDP-11 code, Suns (my first
was a 2/120), Vax, and have done IP networking
since NCP was around. No, I don't hack code now,
but I am pretty well versed on the technology, and
on the current state of the security art (my
current focus is deep packet scanning - not sure
I really BELIEVE in it, but there is a lot of work
going on in the area)
You don't always have to check your brain at the
door to make money, and YOU should be more carefull
before making the assumption that someone who owns
a strage toy like this might not understand
networking.
Doug Humphrey
doug@joss.com