US Army struggles with Windows to Linux overhaul

Oddly enough ...

I thought the military would be more into a BSD style solution.

No wonder...

Windows based satellite tracking system? No wonder the international space station fell to earth.

Blue Screen Of Death -> Blue Planet Of Death

Er...

I mean Spy Satellite.

@Andy

So you think the army would be trialling BSD(M)?

Hopefully icon not necessary.

No Matter

Iran uses my OS.... mwah ha ha ha ha, I foresee a nice collapse for your crummy country and their crappy hippy network.

@Don Mitchell

You forgot your flame icon. Or should it be an Angel Bill icon, or even a Paris icon?

Dear Don...

I'm not Eric Raymond, but I would like to contradict your assumptions:

Because Linux is open source, and because thousands of eyes are looking at the code (anyone could look at the code!), the chances of getting security issues fixed are MUCH HIGHER compared to MS solution which was caught few times leaving known security holes open for 6+ months.

When you buy RHEL or SLES, you get the standard promise of 5 years for security fixes. If you insist, you can get 8 years, depending on your negotiation skills with the vendors.

The Army could basically hire a developer or any software house which could backport security fixes even 10 years from now since the code IS open, and when you go the "MS way" you can only pray that MS will fix the issue after stating EOL for an OS (example: Windows 2000 products).

That way the Army is not dependent on 1 company and the army could do whatever it wishes with the OS without any stupid restrictions, compared to buying any MS OS.

CERT - schmert

There are always going to be 'security holes' found in any operating system. The difference between Windows and Linux is the fact that Linux developers publish 'fixes/patches' right away and their code is reviewed by 100's of other developers around the world. Microsoft waits around till some hacker finds a vulnerability, exploits it, and then eventually a "security update" is made available to the general public.

The Army's decision to transition to Linux will ultimately mean a secure and stable operating system for our nations defense. Additionally, the American taxpayer should be extremely gratified that tax dollars aren't being wasted on licensing fees.

"I'm in your SMB share, destroying your targeting .exe"

"There is no proof that Linux is more secure."

There is also no proof that NP=/=P. It just looks that way.

"The Army should carefully examine this on the basis of security and also on the basis of supporting American business."

Yes yes. Defense Budget for 2007: $668.6 billion. I do not think the industry of the Socialist States of America needs additional state intervention.

Re: Is Linux A Squishy Target?

Don,

You've managed you fashion your own noose and I fear hang yourself too. You say that Windows and Linux has has a "roughly equal number of security holes reported", I'll choose to believe you there because that sounds reasonable to me. The problem with this fact is the circumstances behind it, your point is in effect this: That security researchers with complete access to the code of linux and it's applications have only discovered an equal number of holes, compared to a closed source OS where they have to guess at the attack vectors.

Having found these holes by being able to review the code, they are spotted faster and due to the nature of open source, usually fixed faster too. With closed source, security researchers are reliant upon stumbling across security holes in a very long and boring game of blind man's bluff. They are frequently months behind the blackhats who have plenty of time to exploit these holes.

However it's not security that should be the driving force behind linux. It's the standards and interoperability, the lower cost of modifying the OS for your specific purposes and the reassurance that comes from being able to look at the code.

How anyone can say that it is a good idea for a public body to be locked in with one monopolistic vendor baffles me? It's your money and your government, how can you not be outraged that the IT infrastructure effectively belongs to a single private company?

Look for Microsoft to take a share hit on this...

Big risk with potential takeover of Yahoo + Army waving goodbye. Who knows, maybe the Navy (remember the fun and games with that Windows implementation?) and even the Airforce might decide Penguin power is cool enough for them too.

Cry havoc and let loose the penguins of doom!

switching catch phrases

from 'Blue screen of Death'

to

'root of all evil' ....

Let's hope the good side coders are smarter then the 'bad side' coders. Especially now the 'bad side' has got the source to the kingdom ...

Cool, linux's problem has always been...

people to maintain it, drivers, etc. Now maybe the Army will take over that role. I can see the future:

"Are you running US OS or PRC OS?"

"Neither I am running EU OS"

"Really they finally released that?"

"No, its in beta, and the French components aren’t out yet because the developers are on strike, but the language packs are great."

You know theres a problem when you're arguing about the colour of the wheels...

Sidestepping the whole Linux versus Windows pissing contest, surely lessons learned would recommend that our (mine, yours, whichever country that refers to) militaries should be focusing on simple, even open (if you are feeling game), APIs and protocols. The question should be "How do I make my Linux ammopack speak to my Windows pistol" but rather "We all speak MilNet 5.5, lets get along harmoniously to wreak highly efficient havoc on yonder agrarian-cum-freedomfighter..".

30 years of internet messaging has been built on this principle. Just because one company has a tendency to reinvent wheels (or at least attach painted lanterns to them) is no reason to follow suit.

The old philosophy of "in order to be secure, we must have something unique and secret" is dying. Secure methods built on commodity infrastructure/protocols allow far greater agility. Todays criminal can communicate securely with other criminals around the world far more easily than our law enforcement agencies can, and can adapt to threats and opportunities far more quickly.

While our law enforcement/military looks at developing monolithic novelties that lose any secrecy advantage the moment someone blabs, mere mortals are squirting hardened messages across the public internet. Sure, they may cock up, but they can adapt a dozen times before "InterpolChip2008" gets off the drawing board. It is Asymmetric information warfare, and the "good guys" are still counting on battleship solutions.

I use the term "criminal" to also refer to the enemy du jour on the a la carte menu of bad guys.

Back to the pissing contest, if the windows guys would stop pissing on everyone, and the linux guys would stop pissing into the wind in a vain attempt at pissing on the windows guys, we might all be much better off...

@Anonymous Coward

> That security researchers with complete access to the code of linux and it's applications have only discovered an equal number of holes, compared to a closed source OS where they have to guess at the attack vectors.

That might be a decent argument for a normal user (which I do not agree with). But we are talking about people controlling weapons systems, whole wars could be decided based on such a flaw. So the fact you recongnize that having source code makes finding holes EASIER acts against the platform for these uses. Yes, your argument might indicate that Windows has actually more holes (which, again, I do not share, based ont he fact that Microsoft has a few thousand engineers looking for holes as well, with source code access and a FULL TIME JOB, TRAINING AND SPECIFIC ASSIGNMENTS TO FIND SUCH HOLES) but that would irrelevant, as a dedicated hacker trying to achieve a specific goal with access to source code will have a much easier time than one without such code.

@Austin

You missed a great opportunity for article sub-titles. Here are a few suggestions for next time:

- "March of the Penguins" ......... "Penguins: Armed and Dangerous" ........ "When Penguins Attack" ......... "Penguin: Reloaded" .......... "Full Metal Penguin".

And when the US Navy and Marine Corps come around:

- "An Officer and a Penguin" ......... "A Few Good Penguins".

Re: Frenching Connections

@Nigee: They'd be even denser than their usual neutronium-headed worst if they don't have a few boffins actually looking at it and evaluating a fork.

@AC re @Austin: Damn you, sir! You're going to have me laughing randomly for the next four hours as one or another of your alternative titles pops into mind. Definitely time to grab your coat, go home to the missus and have a well-deserved pint!

@Don Mitchell

So Microsoft employs an army of penetration engineers, eh? Nice job title, but how do you sell that to your girlfriend's mother first time you meet her?

On a different note: Now Linux developers will de facto be working for the death industry. MS might even use that as basis for a future marketing campaign - "green, peaceful, hippie Vista".

Secure..

Why don't they switch to Macs.. then the field commanders could be safe, secure *and* look fabulous with their trendy white macbooks. Senior officers could be given Air's as a bonus afforded to their Rank.

yes?

hehehe

Blue Farce of Death

It explains all the blue on blues.

But someone mentioned the police force vss criminals. The criminals are not more secure or better oriented toward modern communication. Far from it. Their difficulty lies in lessons learned.

The police can get away with making mistakes. One after the other. And because of command lines they may never get rectified. But they use work arounds, unofficial protocols.

Criminals are lucky to survive making one mistake. They can amass fortunes until that happens but someone else will be spending it if they make one mistake.

And so we must assume the same reasoning on the battlefield. Only with communication errors, the military will only get to make one mistake per man killed until someone tells the chimp he is making a mistake.

The problem then is getting the fool to listen.

It won't matter if you use Linux or what.

I wonder what version of Windows the military is using. I bet it is a cut down version of Win 95.

Windows vs Linux - neither wins

As a software developer with many years experience on many platforms, I have to point out that in the great OS battle neither Windows nor Linux win. Solaris is better than them both - by a long way. In the context of a closed military system, the security arguments above are largely irrelevant. Connections between boxes will be over mil-spec encrypted lines, and no insecure lines will connect to any of them. This means that whether someone can hack in or not is pretty much a moot point. What matters more than anything is how stable your boxes are and how good the custom code you write for the boxes is.

Now, on box stability, Solaris wins hands down. Just look at the way each system copes with memory failures for example. Inducing a kernel panic through some bad code is far far easier on Linux than it is on Solaris. For stability, Solaris > Linux > Windows.

On the subject of coding, the best code will be written on the platform with the best tools to debug and fix that code. Now the windows dev tools are actually pretty good. They aren't great, but they do at least work. And in some cases you get best of breed tools on windows (think Rational Quantify/Purify and Intel's VTune - both of which are available for other OSs, but the most fully featured versions are on Windows). On Linux the development tools suck. Anyone out there who thinks that GDB is even remotely fit for purpose clearly has never used it. GDB is unstable, and outright doesn't work for multi-threaded code. In fact GDB is proof that open source does not automatically equal good. On Solaris you have Sun Studio which is an excellent development system, and you have DTrace which is a killer app. For developing robust mil-spec code it is clear that Solaris > Windows > Linux.

Eh?

"Linux-based systems have a limited ability to communicate with Microsoft-based systems"

Shouldn't that be the other way round?

Interoperability is only a problem if

thou believest that there is no true God but the one MS God, and thine eyes seeth only that which thine one true God hath created.

And if thou dost believe that, then you're in for troubled times ahead, dude.

Interoperability

"Linux-based systems have a limited ability to communicate with Microsoft-based systems". I think this is misleading. Let me suggest:

Communication==Standards

Linux/UNIX/BSD==Standards

Microsoft==Embrace and Extend

It is an established FACT that Microsoft has an ongoing policy of modifying standard communication protocols, then inventing its own, without telling anyone else what they are and then threatening to sue anyone who tries to find out. There are and have been for many years court judgments about this exact kind of thing. Hell, even Billy boy himself has appeared in articles espousing the strategy.

This isnt a technology issue. It's a management issue. Management have clearly failed to identify and mitigate the risk implicit with going balls-deep into a proprietary technology "owned" by a notoriously sharp idiot-savant\h\h\h\h\h\h\h\h\h\h entrepreneur.

Two points

"So in the end all actual communication will be done with walkie-talkies by grunts, as has been the case for decades?"

No, these days they use mobes and civilian-grade GPS.

"IIRC a few years ago the French MoD if not the entire govt announced they were going to develop a secure version of Linux."

And someone else has already noted that BSD has a better reputation in security circles. And-also-and IIRC, the NSA similarly announced that they would develop a secure linux kernel. I don't know what happened to either project, but if they actually exist then one wonders why the whole world isn't using them. Isn't "being open to third party improvements" supposed to be one of the major benefits of open source?

Maybe the "Linux" brand now has the critical mass of religious adherents needed to stay afloat despite known limitations and the existence of a free and technically superior alternative.

I'll get my flame-proof jacket...

suggested applications

friendly-firefox

amarok-et

B17 Thunderbird

konquerer

er ... that's it

(dayglo pack-a-mac by the umbrella stand)

SMCS-NG as first deployment of "Windows for Warships"

So when is the British Navy changing over? .....wiki page below. http ://en.wikipedia.org/wiki/SMCS

Advanced IntelAIgent Virtual Defense ......

..... ...... for PsychoPathic Controls in Deep Underground ControlLed PsychoSIS

Seems like a job for Special Forces, Austin. White Hatted Wizards with Above Top Secret Clearance. And Fully Licensed and Loded to Thrill [and not too many of them on the Dance Floor, I'll wager] ........ for AIDefinitive OverArching View with HyperVision... IT HyperTechnology Delivering ITs Future Goods in Advance of Product Placement for Sharing. The NeuReal Paradigm for the Change AIgent.

"So they're bringing some 70 programmers, engineers and other IT professionals to Washington to brainstorm in four "Battle Command" summits." ...... Hmmmm...... I wonder who, and by what criteria, that motley selection is made? It is bound to be an eclectic eccentric extravagant mix, though. Anything less than Unique will be Failure before it has even begun.

One would not unreasonably assume, that if monitoring of Technology Use is so supposedly widespread/ubiquitous/intrusive, then they would have an assembly of the Best of the very Best. Anything Less and the Dream is Lost and ITs Fakes and Fakery XXXXPosed. False Prophets and False Profits unmasked.

Some Real Positive ProAction with some Real Slick Monetary Transactions will Plug that Hole in Defenses and Energise Shield Repairs, Immediately, if not Sooner.

Military machine Windows based?

No wonder they keep killing so many Brits when we're supposed o be on the same side!