
Linux grabs its single biggest win - boyanov
http://www.techrepublic.com/blog/opensource/linux-grabs-its-single-biggest-win/3690
======
JPKab
This writer should do a little research and educate himself on the DoD
software community a little bit. The DoD has been using Linux for years. Red
Hat has HUGE contracts within the DoD, there is an entire cloud ecosystem
stood up on Linux hosted by Defense Information Systems Agency (DISA).

~~~
Symmetry
Part of the reason so many people use Red Hat specifically instead of Debian,
say, is rules prohibiting the use of "freeware". But if you pay Red Hat for
Linux, suddenly it isn't freeware anymore.

~~~
giulivo
You're completely wrong on this. The software released under the GPL should
not at all be assimilated to freeware and even Stallman encourages to sell GPL
software. <http://www.gnu.org/philosophy/selling.html> Companies pay Red Hat
to get QA, support, liability and some level of interaction with the
development community.

~~~
Symmetry
I know its not actually freeware, that's why I used scare quotes. The thing is
though, that under the purchasing rules we used when I was working for the DOD
all software acquired free of charge was categorized as "freeware" and we
couldn't use it in deliverables. Hence the use of Red Hat, we couldn't
actually make use of their support because it was going on classified machines
but the mere fact that they took our money meant that we could get past
certification.

------
raldi
Flagrant error in the article:

> the DOD’s use of open source code will alter the GPL for said code (they
> can’t, for obvious reasons, release any code they use and modify back into
> the wild)

Making changes to a GPLed program, and then keeping them to yourself, is
completely within your rights under the license. It's only when you sell or
give away the updated product that the GPL's rules start getting triggered.

~~~
jeremyarussell
I'm glad someone pointed this out, I was wondering the same thing when I was
reading it.

That said, it would be nice if they decided that certain bug fixes and such
could be sent back to developers, not at the expense of national security, but
I can hardly see how a bug fix being pushed back out could hurt the military
though.

~~~
eupharis
Given how much critical American economic infrastructure runs on Linux, there
is a strong military case for reporting and fixing bugs.

Without economic power, there is no military power.

------
macavity23
Linux looks increasingly unstoppable these days. I find it easy to believe
that in 100 years time, everything with a CPU in it will be running some
descendant of it - and quite possibly it will have Android in its ancestry
too.

If you're creating any kind of new computing gizmo now, Linux gives you so
much existing value for free (allowing you to add your own stuff on top) that
it's hard to see why you'd use anything else.

~~~
javert
Hopefully by then we'll have capability-based OSs that are _actually_ secure.
:D

~~~
derpmeister
Hopefully by then GNU HURD will have reached 1.0.

~~~
javert
Hopefully pigs will have evolved wings :D

------
kyberias
From the article about Windows: "it’s simply and fundamentally insecure". How
is it fundamentally insecure exactly?

~~~
dredmorbius
There have been a number of articles / studies on this, the ones I'm largely
familiar with in the early aughts / late 90s.

It mostly boils down to fundamental architecture, monolithic design, UI
decisions, conflating data + code (e.g.: a "Word Document" or "Spreadsheet
File" is really a general-purpose computer program, not merely static text),
and ingrained user practices (see today's PHP rant for a somewhat parallel
discussion of culture), as well as an inherent lack of transparency, a
filesystem model which prevents being able to delete in-use files, etc., etc.,
etc.

It's a pile of small faults which, in total, create gross instabilities.

Worse: the reasons for this are deeply linked to Microsoft's need to maintain
a deep monpolistic lock on the personal computing sector.

And as much as Microsoft continue to address small aspects, the big picture
eludes them. Empirical data continue to show that Microsoft systems are far
more vulnerable to exploits than alternatives, particularly Linux and Unix
derivatives. OpenBSD being the most preemptively secure, in part by digging
deep into infrastructure (classic example: string handling to avoid buffer
overruns, and an entire huge class of security blunders). There's a humorous
bit about various Linux, BSD, and Microsoft responses to security disclosures
that's pretty close to truthful (sorry, can't dig it up right now).

Nick Petreley's "Security Report: Windows vs Linux: An independent assessment"
remains largely valid
[http://www.theregister.co.uk/2004/10/22/security_report_wind...](http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/)

~~~
pnathan
My understanding is that Vista and beyond have a fairly indepth and rebuilt
security architecture that actually quite good.

Am I wrong?

Further, Linux doesn't seem to have a different design when it comes to
monolithic design and tends to actually have worse permissions problems out of
the box WRT granularity.

~~~
dredmorbius
"Linux" can apply to a lot of things, ranging from the kernel to general
userland. Clarifying that, there are numerous ways in which it is not
monolithic (not in the microkernel architecture sense, but in a general sense)
to the same extent Windows is. I'll distinguish here from the kernel and
system as a whole (kernel + libraries + executable).

First, a given Linux system can be virtually entirely divorced from userland.
Android would be a great example: it runs the Linux kernel and a very, very
small set of standard features, on top of which the Android infrastructure
itself is place. Android by itself is nowhere near POSIX compliant, though it
can be made so by adding additional software (e.g.: busybux, terminal app,
etc.).

More generally, any given utility for a Linux system can generally be provided
from multiple independent sources, from system libraries to common utilities
(e.g.: numerous awk and vi implementations) to services (webservers,
databases, etc.). Any one component can generally be replaced or even removed
without impacting other components (barring tight dependencies).

It's possible to build very minimial, or very complete, Linux systems.
Lightweight bootable images based on little more than a kernel, shell, and
busybox. Heavy server or desktop systems with thousands of packages.

The kernel itself is highly modular, both in terms of features (networking,
filesystems) and devices (disk, ports, network devices...). Unless
specifically added in, graphics are _not_ included in the kernel (obviating
large classes of b ugs), and systems can be run without a GUI or even a
directly attached terminal. This is a level of flexibility you simply do not
have with a Windows box.

Permissions granularity in my experience is largely a bogeyman -- you don't
need a highly complex system, you need one that works. The important things
are _appropriate_ and _usable_ permissions within an understandable framework.
Linux supports user/group/world read/write/execute permissions, SUID, SGID,
and sticky bits. It also supports ACLs, though these are very rarely
implemented -- they're a maintenance nightmare. If you'll stick to Debian,
you'll fidn that permissions matter and are generally set to be both safe and
sane by default.

If you've got something specific in mind, I or someone else might be able to
address it.

As for Vista: Microsoft have played the "we've fixed the security problem"
record so many times over the past 15-20 years that the grooves are worn
smooth. While things may have improved, I still see a landscape littered with
exploits and attacks, as well as a security infrastructure (virus, spam,
network intrusion, and other scanners) I in large part don't have to worry
about on Linux systems. Yes, there's vigilance required. But it's at a whole
different level of intensity. While I don't work with Vista (and apparently
few will), I don't see any fundamental changes which would be required to
change the Linux vs. Microsoft security picture.

------
gouranga
Having worked in the killing machines industry, this is not a win. This is a
loss.

GPL should also read:

"The software must not be used for the purposes of warfare or to inflict
suffering on any individual."

EDIT: I can see America has woken judging by the number of downvotes being
received.

~~~
krschultz
How does that work? It's going to be impossible to draw the line.

With that clause you clearly couldn't put the software into the guidance
computer on a warhead or the missile launch system itself. But what about a
system on the weapons launching platform that isn't a weapon. Is the computer
running the engines on a navy cargo ship 'used for the purposes of warfare'?
What if the system controlled by the software is completely incidental, or
defensive in nature? The fire control system saves lives, is that 'for the
purposes of warfare'?

And what about the computers used to design weapons? Is an engineer working on
a weapon using the software 'for the purposes of warfare'?

And what about the accountant at the company that makes weapons, is he using
the software for the purposes of warfare even if he doesn't know anything
about the weapons?

Is the machine shop that gets 1% of its business from selling parts that end
up in weapons using the software for the purposes of warfare?

It's impossible to make that distinction in any meaningful way.

~~~
gouranga
That's all fluff. It's pretty black and white if you engage the brain:

If a device is intended to directly harm someone intentionally, then there
should be a restrictive clause.

Computers that design weapons aren't specifically used to design weapons.

Weapons are specifically designed to kill people so therefore the clause
should apply.

~~~
Xylakant
Should machines that are used to create weapons part of that clause? Is a
scout drone a weapon? Is the control software for that drone a weapon? What if
it's a scout drone? What if this scout drone is used for reconnaissance by the
coast guard to find criminals? What if it's used to find ships in peril and
provide fast assistance? There are some black and white extremes, but there's
also a lot of grey in between. I'd rather prefer my license to stay out of
that mess. The GPL stipulates that apart from the restrictions in the GPL, no
further restrictions can be applied to a software. But you're certainly free
to license your code under a "no-weapons" clause, I just don't think that the
GPL is the right place to do that.

~~~
gouranga
Machines that create weapons are not usually designed specifically to make
weapons.

A scout drone is a weapon if it's used by the military. I made this point
here: <http://news.ycombinator.com/item?id=4177285>

There is no grey area.

I agree about the GPL at the basic point, but there should be a no warfare
version.

~~~
deelowe
I thought you said you worked in the industry? If you really did, then you'd
know that more and more civilian grade technology is being used by military
contractors to build military solutions. For this reason, such a clause would
get complicated really fast:

\- Is it ok to license audrino code under this license? (yes)

\- Is it ok to combine other components with audrino under this license? (yes,
for non-weapons)

\- Can audrinos be used to build a drone? (yes)

\- Can this drone be purchased by the government and it's contractors (yes)

\- Can the military use the drones? (yes as long as it doesn't "kill or cause
harm")

\- Can this drone be used for reconnaissance? (yes as long as it doesn't "kill
or cause harm")

ok, so now the military is using these drones all over the place. Pictures are
taken, stored in databases, and distributed throughout the military.
Eventually, some of those pictures are used to strategically bomb an insurgent
encampment. Who violated the license?

Even better, what it were Google who purchased the drones and Google maps was
instead used for the bombing strategy. Who's at fault now?

~~~
gouranga
I did work in the industry before I developed some sense.

You distinctly miss the point there. Military hardware is controlled heavily.
No commercial entities use their data. That chain if events doesn't waist and
never will.

There is a wall between the two sides that is rarely crossed.

~~~
Xylakant
Which is entirely not true. The fire scout drone for example is a military
development based on the Schweizer 330 civilian heli. The S-434 is partially
based on changes developed for the Fire Scout drone. The Bell Eagle Eye drone
was initially conceived for the military but at a later stage, plans were made
to make it a coast guard drone. Many helicopters have two versions, a civilian
and a military version, for example the Bo-105 series which was extensively
used by the german army but also formed the backbone of the german air
ambulance network from the 1970s until the last one was replace in 2007. Which
one of those is "military hardware"?

Most of technology initially conceived for military purposes was at some point
repurposed for civilian use (Think: That packet-based network nowadays called
'The Internet')

------
pmelendez
The problem with this is that they are adopting a good tool because a wrong
reason. Linux is not immune to virus, and then what would happen when Linux is
popular enough to bring malware's writers attention? Are they going to switch
to OSX?

~~~
Joeboy
> Linux is not immune to virus

No, but it's a lot easier to create a minimal / auditable Linux installation
than it is with Windows.

~~~
tiernano
Windows Server Core?

~~~
astrodust
You have to be kidding. What are the requirements for this? I haven't seen any
published but I'd wager it involves something along the lines of "gigabytes of
memory and disk space".

------
krisw
The article is going on about how it's unimaginable to be running Windows in
that environment, but I recall a few instances of military vessels running
Windows in previous years/decades. Some report of US submarine(s) being dead
in the water whenever NT crashes, a cruiser losing propulsion due to Windows
crash, etc. I think running Windows on subs is not that uncommon.

~~~
bjelkeman-again
The funny thing is that I think everyone here could have predicted those
outcomes, i.e. blue screen of death and in-operational craft. You wonder what
it is like to work in an environment where the obvious is not allowed to be
taken into account or ignored when you build systems.

------
drek
Yeah, military drones using Linux, what a big win. The fact that the military
uses Linux is a big negative for Linux in my eyes. If you support Linux,
you're indirectly supporting the U.S. military and by extension murder,
aggression and terrorism.

I wish more software licenses had a clause forbidding military use of the
code.

~~~
eupharis
Exactly! And let's not stop there. The fact that the military uses steel is a
big negative for steel in my eyes. If you work in steel production, you're
indirectly supporting the U.S. military and by extension murder, aggression,
and terrorism.

That's why I use flint knives and ride a bicycle made of bamboo.

~~~
drek
Yeah, that's very witty, congrats.

If we were in the steel industry, the right thing to do would be to see that
the military doesn't get steel. But we're not, we're mostly programmers here,
so I'm saying we should exercise caution and be aware of how the stuff that we
make gets used.

~~~
eupharis
I agree wholeheartedly we should exercise caution!

But thinking less of Linux because the military picked it up and said "Hey
this is an awesome tool!" seems wrongheaded and counter-productive to me.

------
jeffnappi
First let me say that I'm a long-time Linux user - the first time I installed
it was in 1992 from a giant stack of 3.5" floppies. While Linux is extremely
secure and can be locked down via various methods, you still cannot say that
it is immune to virus infections. If the system is poorly designed and
managed, is not using proper protection for services (AppArmor, chroot's, etc)
then it can still be vulnerable.

Linux's primary advantage still remains that it has a smaller install base and
is therefore a smaller target.

I'm not sure that Linux would be much more secure than Windows if it was in as
wide usage - the largest factor in computer security will always be humans.

Look how easily the recent Flashback virus spread on Mac's - people will
continue to input their password when prompted.

~~~
jff
It's not really "extremely" secure. Look around, you'll find that at any given
time there are probably a couple local escalation exploits, at the very least.

~~~
jeffnappi
Agreed, lets say it is relatively secure.

------
gcv
I'm surprised to see a mainstream kernel powering military hardware at all.
I'd have expected to see QNX, or something somewhat obscure with hard-realtime
features.

~~~
padraigm
My understanding is that the actual drones themselves do run a hard realtime
operating system. Linux (and formerly Windows) is used to run the workstations
on the ground that the drone pilots use.

------
bane
It better be bigger than Android...which I think at last count is powering
something like 400 million devices (a million more per day).

------
powertower
> Windows is a good desktop operating system but one with many, serious
> security flaws.

It's called PEBCAK.

For the most part, Windows can be just as secured as Linux.

Problems manifest when incompetent fools to incompetent things.

~~~
larrik
"For the most part, Windows can be just as secured as Linux."

I'm sorry, but that sounds a lot like saying "a car can be made as waterproof
as a submarine, if you do it right."

Windows security is basically tacked-on afterwards.

~~~
powertower
> Windows security is basically tacked-on afterwards.

Windows 95? Sure.

Windows Server 2008 R2? It's such an integral part of it, that I'm questioning
your experience (or lack of it) from that statement.

------
prezjordan
It really amazes me that something so amazing can be totally free. Blows my
mind.

------
tokenizer
While I find this news somewhat disturbing considering a military goes against
some of the ideals of open source software, the benefits will hopefully be
great.

~~~
mbreese
I'll bite: how is the military against the ideals of open source?

~~~
Cushman
Completely devoid of politics: A military is based on force; open source is
based on consent. That is a fundamental philosophical gap.

------
bbatha
This doesn't mean anything. There are thousands of DOE computers running
linux. In fact I type this from one such machine.

------
derrida
Sweet, so all that GNU code they are modifying, we can request a copy of the
source code. (Most Linux code is GNU licensed, see here
<https://www.ohloh.net/p/debian/analyses/latest>)

~~~
jerf
No. Because they won't be distributing it to you, you will not be able to
request the source. They will be under no obligation to release anything.

The only thing they have to watch out for is code that is explicitly licensed
such that the military can't use it, or the "don't be evil" licenses... and I
wouldn't be surprised they've got some sort of immunity against that buried in
the law somewhere. Even if they don't, this doesn't seem to be that much code.

I wouldn't expect to see a line of code from them come back to the
community... not because they're unwilling individually, but because I would
imagine the process of getting it legally safe to release publicly just won't
be worth it.

~~~
krupan
So you think the Navy (and their contractors) will be maintaining their own
fork of linux and continually port changes over from mainline linux into their
fork? I doubt they are that ambitious/stupid. It'll be much much easier for
them to get whatever changes they make accepted into the mainline and
maintained as 1st class pieces of the kernel.

~~~
jerf
I expect them to "maintain their own fork of Linux" in exactly the same way
they "maintained their own fork of Windows". It seems very likely they're just
porting over pure userspace-stuff. If Windows worked for them at all I doubt
kernel-space stuff is necessary.

------
tiernano
in the article, the writer mentions:

That trickle down is going to have a serious, lasting effect in the world of
Linux. Here’s how I see this working:

DOD begins Linux roll out US Government begins wide-spread roll out Civilian
security companies world-wide begin roll out Universities fall in line
Consumers begin clamoring for better security on their OS

erm... and then virus writers start writing viruses for Linux... Just like
happened on OSX... If there is money to be made, virus writers will write for
whatever OS has users... Mind you, wouldn't want to be a virus writer getting
found out by the DOD...

~~~
derleth
> and then virus writers start writing viruses for Linux

If this was going to happen, it would have happened when there was a massive
boom in servers running Linux, over a decade ago now. Imagine the money to be
made by being able to compromise everything running the LAMP stack.

Don't confuse your personal desktop for the entire world.

~~~
tiernano
but hold on a min... most people wont be checking email, or surfing the web,
or anything major on a server... its kind of silly to be doing stuff like
that... but if everyone was using it as a desktop OS, and was browsing,
checking email, etc, there is more of a chance to attack it... yes, i agree,
attacking servers running everything, but its a bit harder... and how,
exactly, would you get the virus on to a server anyway?

~~~
derleth
> how, exactly, would you get the virus on to a server anyway

The kind of server we're talking about is, by definition, on the Internet,
accepting connections from arbitrary people. It's entirely possible for a
connection or a family of connections to bring down the server software, which
often provides a way to subvert the OS while the machine is in the unusual
state of the userspace server software being down. This provides the avenue.

> if everyone was using it as a desktop OS, and was browsing, checking email,
> etc, there is more of a chance to attack it

I think this falls down, too: Linux has never been a single monoculture.
Instead, there's been broad de fact standardization of some things but not
others, making it more difficult to target malware to it, as malware is, very
often, intimately dependent on not only specific software, but specific
configurations of software and specific versions of software.

Also, _Windows has never had a trusted source of software comparable to distro
repositories._ This is probably partially due to antitrust rulings, and the
fact Windows caught on and had its first major flowering before Internet
access was especially cheap or reliable (consolidating usage patterns around a
non-Internet shrinkwrap software model). This means it's hard to get all the
software you need from trusted sources unless you act like a distro maintainer
and decide for yourself who in specific you trust. (You can do that in Linux,
too, but you don't _have_ to.)

Finally, Windows users complain about UAC. Linux users don't complain about
sudo. Applications under Linux _know_ they won't be run as root and behave
accordingly.

------
ninguem2
This is nice, but how is this bigger than Android?

------
gcb
Linux is no silver bullet.

The same (sorry to bite on stereotypes, but I've seen a few) clueless
government contractors that did a poor job with windows will do as bad with
Linux.

Then next year they will switch to openbsd (because all they trust is default
settings) and repeat.

That said, yes having access to source is all fine to avoid vulnerabilities
that a closed source product doesn't want to fix... but i doubt this is
relevant when you add incompetence.

