|
Linux' Contribution to US National Security |
![](http://www.groklaw.net/images/speck.gif) |
Saturday, November 08 2003 @ 10:34 PM EST
|
I started to think about worst case scenarios the other day. SCO's ideological attacks on open source and the GPL seem sometimes to be part of an attempt to get open source banned or altered so much it isn't open any more. So, what would happen if, due to security concerns, or whatever other FUD they might present, free and open source software (FOSS) and the open source method were banned?
I thought it would be of interest to examine how Linux is currently used in applications important to US national security. If open source/free software were banned in the US, how would the country's security be impacted? Is open source in any way a security risk?
I asked Dr. Billy Harris
of the University of Tennessee, Chattanooga, and a Groklaw reader, to research the questions and share with us, from publicly available information only, how Linux is currently being used by the Department of Defense and the government and what the DoD and various governmental agencies think about whether there are security issues related to its use.
Here is his report, which I believe you will see validates Linux security and shows what a significant role it already plays in US national security. The DoD has already investigated the very questions I had in mind, including what the impact would be if FOSS software was banned in the DoD, and their conclusion was that there would be an unacceptable downside if they had to stop using it. It does beg the question: why would they be doing such a study, but since the answer was that FOSS is too vital to ban, I hope my worst-case scenario worries can now be set aside. The Executive Summary of the January 1, 2003
MITRE report [ed: now available here also] states: The main conclusion of the analysis was that FOSS software plays a more critical role in the DoD than has generally been recognized. FOSS applications are most important in four broad areas: Infrastructure Support, Software Development, Security and Research. One unexpected result was the degree to which Security depends on FOSS. Banning FOSS would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to -- and overall expertise in -- the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DoD groups to defend against cyberattacks. . . .
Neither the survey nor the analysis supports the premise that banning or seriously restricting FOSS would benefit DoD security or defensive capabilities. To the contrary, the combination of an ambiguous status and largely ungrounded fears that it cannot be used with other types of software are keeping FOSS from reaching optimal levels of use." I hope those pushing for indemnification, which also impacts on the ability to rapidly update, realize that they are negatively impacting on user security at the same time, if we extrapolate the results of this report. And, more significantly, what this report says to me is that if anyone were to try to get FOSS banned in the US, they would be working against the country's national security interests. I also understand that clearing up "largely ungrounded fears" about GNU/Linux software and the GPL is important, and Groklaw presents this article as a contribution toward that educative goal. For example, as you will see, Dr. Harris notes that GPL software is not left open to the elements, so to speak, when used in sensitive projects. Businesses can also follow this approach, and as long as they never distribute the software they use, they can use GPL software and still keep their in-house software as closely guarded a secret as any governmental agency.
Here is Dr. Harris' article.
*************
LINUX' CONTRIBUTION TO US NATIONAL SECURITY
-- Dr. Billy Harris
I was asked to write about national security issues as they relate to Linux
and open source software. First, let me state clearly I have no knowledge of any classified use of Linux
software, which is a good thing because I am consequently free to discuss the issue and even to speculate. All information in the article is based on public documents. As to the question of what would happen if open source software were banned, first note that the Department of Defense already looked into this issue.
Mitre conducted a two-week survey and identified over 100 open source
applications already in use in the Department of Defense. You can read the January 1, 2003 report here.
They include OpenBSD, Apache, Perl, PHP, Samba, gcc, MySQL, and many others.
The report ponders the question "What would happen if Open Source software
were banned in the DoD?" They separately evaluated Infrastructure Support, Software Development,
Network Security, and Research. Here is what they concluded:
Infrastructure:
"significant short-term cost spike"
"No evidence that such a conversion would result in performance benefits"
Software Development:
"ban would have an especially negative impact on DoD software development"
Security:
"Banning FOSS in this area would have immediate, broad, and in some cases
strongly negative impacts on the ability of the DoD to analyze and protect its
own networks against hostile intrusion."
Research:
"DoD research would also be seriously damaged by a ban on FOSS"
The MITRE report did not identify novel arguments for open-source; people have talked about the lower cost, higher reliability, faster patching, ease of maintenance and so forth for years before before MITRE wrote about them. The MITRE report is important because it confirms that these arguments are true.
What follows is a list of Linux applications being applied to national security problems.
Except where noted in a few places, these are not open source projects,
except perhaps in the very limited sense that the same restricted set of
people who can access the software may also see the source code.
One of the best-publicized examples are a series of Linux-based
supercomputer clusters used at Los Alamos National Labs. The most recent,
Lightning, is used for the Advanced Simulation and Computing program,
which is used to design and modify the US nuclear arsenal without
requiring test detonations.
Los Alamos also has additional Linux clusters for non-classified operations.
Lawrence Livermore National Lab makes such heavy use of Linux that it has
its own web section here.
Lawrence Livermore maintains several Linux clusters, including the
ASCI Linux Cluster, which supports "unclassified ASCI code development"
and the Parallel Capacity Resource for "Defense & Nuclear Technologies".
Lawrence Livermore also maintains the GPL project SLURM (Simple Linux
Utility for Resource Management).
Sandia National Laboratories has a software package called SEACAS (Sandia
Engineering Analysis Code Access System).
Information on the latest version is described here. The license is
very interesting; it is not sufficient for you to be a U.S. citizen
to download the software. It is not sufficient for you to promise not to
distribute to non-US citizens. You must provide a tangible security plan
acceptable to Sandia explaining how you will prevent non-US citizens
from viewing the source code. For example, they require that the
system managers who perform backups be informed of the restrictions,
and suggest that backups and the original install disk be stored in a
locked desk or file drawer.
Speaking of Sandia, their Visualization Design Center has a home page here. The visualization
system uses the Linux operating system.
One state-of-the-art military system the US has is the collection of
unmanned spy planes. Little public information is available other than
"we have unmanned spy planes", but I find the article here very interesting.
They describe a device for real-time remote visualization. Essentially,
a remote user can interact with very high resolution video through a
relatively low-bandwidth link. Since the structure is about the size
of two PCs, it is not a large stretch of the imagination to think that
Sandia/DoD might use something similar on the airplanes. The video compression
system, in any case, is controlled by a master processor which runs Linux.
The National Security Agency has information on Security-Enhanced Linux available online, and in a nutshell, the NSA has modified the Linux operating system to support
mandatory access control which strictly limits a program's privilege. The system
no longer gives blanket root access to system servers, so that even if
an attacker gained control of a program which would run as root on a normal system,
he can not execute arbitrary code because the program is still access-limited.
A natural question is whether the NSA uses this software internally; to quote
the NSA:
"For obvious reasons, NSA does not comment on operational uses."
The US Air Force uses the open-source package Java Collaborative Virtual Workspace [PDF]
in its Joint Expeditionary Force Experiment, which develops new tactics
for the US Air Force. This is an example of open software being used to support secret activities.
PSSC Labs sells Beowulf clusters --- which run Linux. Its clients include operational and research elements of the US Army, Navy, and Air Force.
I have no idea what these groups use their cluster for and whether or not they
kept the preinstalled Linux OS. But they do seem relevant to National Security
uses of Linux. I'm sure there are many more uses, but these are the ones I have found with a clear and unambiguous National Security
focus. There are many, many more applications of open source software by the
US government, all contributing to the well-being of the US. Just using the list of Linux clusters sold by PSSC, we find
NOAA, NASA, the CDC, the NIH, and huge numbers of state- and federally-supported
research universities who have bought Linux clusters. And this compilation doesn't include
the use of open-source Apache / BIND/ Sendmail to serve .gov.
|
|
Authored by: rongage on Saturday, November 08 2003 @ 11:19 PM EST |
I can tell you this from first hand knowledge (and this specific information is
NOT classified). Linux is being actively used as a part of the AirBorne Laser
project with the Air Force. Now if that isn't a direct impact on national
security, then I don't know what is.
If Linux were no longer available, this program would find itself in serious
difficulty as most of the current code for the program is based on Linux. I
know this because I wrote a part of it.
---
Ron Gage - Linux Consultant
LPI1, MCP, A+, NET+
Pontiac, Michigan[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, November 08 2003 @ 11:55 PM EST |
How many different embedded systems depend on GCC to compile? E.g., VxWorks may
be proprietary, but they ship GCC as the compiler.
If just GCC were to "go away", a whole lot of embedded developers
would find themselves desperatly porting code, assuming there is an alternate
compiler on their platform.
[ Reply to This | # ]
|
|
Authored by: D. on Sunday, November 09 2003 @ 12:31 AM EST |
Also.take a look at the Canopy affiliated company, Linux Networkxx and see who
their clients are...
D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 02:20 AM EST |
>It does beg the question: why would they be doing such a
study
IIRC, the study was commisioned as a result of commercial
software vendors lobbying Congress seeking a ban on FOSS
use within the DOD, especially DOD writing it's own
extensions to FOSS that would require re-distribution
under the GPL, as they saw it as illegal government
competition (i.e. it threatened their cosy over-inflated
defence contract revenue streams). They got as far as
having developement on the NSA secure version of Linux
suspended for a while until this report came out.
Interesting, this is part of a greater effort by
corporates to prevent the government releasing anything
that may compete with their own products. For instance,
NIMA, the military mapping agency has some high resolution
map data that has been de-classified, and as such should
now under US law be released into the public domain (all
government products being the property of the US people),
but NIMA is dragging their feet on releasing it under
pressure from their commercial partners.
John. [ Reply to This | # ]
|
|
Authored by: smtnet1 on Sunday, November 09 2003 @ 03:04 AM EST |
I think that the threat is more specific than FOSS, its GPL, and the group
threatening really is Microsoft.
The GPL allows anyone to use the software
but requires that modifications are made available to everyone under GPL. This
specifically prevent the "embrace and extend" attacks that Microsoft have used
to make Kerberos a proprietry protocol in Active Directory.
But how is this
related to National Security?
If you read the halloween documents Microsoft
know that they cannot beat Linux on price, security, reliability etc, and their
best chance is to take the legal route. This is why I am not surprised that
Microsoft have bank rolled SCO, and I expect that for as long as SCO cause
problems for Linux Microsoft will do all they can to help.
SCO an Microsoft
in recent statements have been attacking the GPL and Steve Ballmer even tried to
say that Windows was
more secure than Linux because it was closed source.
Since the DoJ
antitrust trial Microsoft have dramatically increased there political funding
and lobbying, which gives them the ear of the polititions and law makers. We
have seen how effective the Hollywood funding of polititons can be (Hollings)
Now for the really paranoid bit that I have absolutely no proof
of.
The Microsoft antitrust case was brought to prevent Microsoft from using
their monopoly position to crush competitors through illegal activities. We all
saw how Judge Jackson took the bull by the horns and ordered Microsoft broken
up.
Then Microsoft got rid of Judge Jackson and stalled the case until the
Bush regime got in. Suddenly the DoJ changed from wanting blood to wanting to
settle for a slap on the wrist.
So what could have changed the minds of the
DoJ?
We have all seen how paranoid Bush is, and how keen he is on monitoring
people and the Internet (Patriot act etc), yet he is very keen that people go
online and use the Internet as much as possible around the world.
The change
in the DoJ case shows Bush is very keen to avoid anything that may slow down the
global march of Microsoft around the world.
Putting this together, did Bush
and Microsoft do a deal to put a back door in
Windows for national security.
I am willing to suspect that I am simply
paranoid, but it would not surprise me if the deal was done
I was surprised
how many links I found in google searching for Microsoft back door NSA, there
are lots more paranoid people around [ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 03:08 AM EST |
"SCO's ideological attacks on open source and the GPL seem
sometimes to be part of an attempt to get open source banned or altered so much
it isn't open any more."
Or, there's a clue in MS talking
about the GPL being viral, and in the SCO attempt to have GPL software ruled as
public domain. See, MS was able to use BSD code, call it an MS product and
charge for it. What MS is so unhappy about is that they can't steal the code and
charge for it. If GPL was turned into public domain, then they could create an
MS LKP and trick people into migrating to it with marginal and iffy support for
linux, then when things don't run so great ... simply say "well, if you just ran
the MS version, things would work fine. it's that bad, outdated UNIX stuff
that's unreliable."
Anyhow, it's not that they don't want it open, it's that
the GPL limits the ways that they can abuse the work of others into a MS
labelled product, I'm starting to guess. [ Reply to This | # ]
|
|
Authored by: PM on Sunday, November 09 2003 @ 03:30 AM EST |
If USA national security agencies finds open source pretty well essential
for its operations, then countries such as the Peoples Republic of China have an
even greater reason to embrace open source code. It is obvious that China or
many countries are not prepared to trust Microsoft or similar based products for
national security applications for both ideological and practical
reasons.
An old li
nk, but still relevant. [ Reply to This | # ]
|
|
Authored by: old joe on Sunday, November 09 2003 @ 05:07 AM EST |
As part of my work I specify and buy systems with embeddded osftware such as
fire alarms, Closed Circuit TV, Lighting controls etc. None of it national
security but some of the issues we face may be similar.
Some of our clients really depend on these systems to work right for twenty
years but we can only get a 12 month guarantees from the suppliers. We require
the source code to be handed over together with the right to employ another
company to do maintenance on that code. This protects our clients should the
original developer stop support (can you say Windows 98?) or get unreasonable
over support costs. Most suppliers, of course, still resist like crazy.
This must be even worse for military systems which have a lot of software and
rushed development cycles but are installed in vehicles that should last twenty
years. There is a long tradition of the army and navy knowing their ships/tanks
etc. well enough to make them do stuff the manufacturer never knew they could.
Is this forbidden on closed source tanks?
Imagine the scene:
Uhura: The Romulan tractor beam has locked on. We can't break free.
Spock: We need to modulate the shields frequency.
Scotty: We cannae do that. It would breach our user license.
Joe
(Which trekfan will be the first to spot the deliberate mistake)[ Reply to This | # ]
|
|
Authored by: Wesley_Parish on Sunday, November 09 2003 @ 06:09 AM EST |
The following are some comments on an Open Letter I wrote to the New Zealand
Prime Minister on why it should use Open Source and not trust to the goodness
of a
convicted predatory monopoly, and the Open Letter itself. Share and
enjoy.
I think my points are valid - if the government
wishes to gain instead of
lose
on the IT front, they had best start by
using software that can be used in
_all_ facets of training, and where a
vulnerability may be fixed on the spot
instead of relying on the goodness of
a convicted predatory monopoly.Dear
Prime Minister
It is with some
dismay and indeed disgust that I read that New Zealand had
entered into a contract with Microsoft (The Government Security Program)
that
allowed the New Zealand Government access to the source code files of
the
latest Microsoft operating system.
I am disgusted because a
government, in these times, not only has to use
technology responsibly, it
has to adopt technology that can be in some way,
streamed into the training
and education of its people. And I have read the
Microsoft Shared Source
licenses including the GSP, and they may be
succinctly expressed as "Look but
don't touch".
In other words, they open the source code so that
government computer
scientists and technicians may see that there are or are
not external
vulnerabilities that may imperil the nation's security. But
they deny said
computer scientists and technicians the right to do their own
fixing of any
such vulnerability. And in the world of state security, a
vulnerability
recognized or fixed too late, is as bad as one not
recognized.
And also, as this "Shared Source" may not be freely shared
among the
universities and polytechnics the way that SELinux and OpenBSD may
be, this
program is extremely inefficient in training New Zealanders to take
care of
New Zealand's own problems. As such it constitutes a gratuitous
waste of
taxpayers' money.
I ask you to rectify this as soon as
possible, by adopting something that fits
the two criteria I identified -
empowering the users by allowing feedback and
on-site fixing of
vulnerabilities; and empowering universities and
polytechnics in the training
of students to fit New Zealand's computer
security requirements. Or by
demanding changes in Microsoft's licensing
regime to make it fit the above
criteria, for example, by releasing the
source code under the BSD/MIT
license.
--- finagement: The Vampire's veins and
Pacific torturers stretching back through his own season. Well, cutting like a
child on one of these states of view, I duck [ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 06:13 AM EST |
"...the SCO attempt to have GPL software ruled as public domain"
I posted a comment about this a while back, but it seems to have gone unnoticed.
Let me try it again.
IANAL, but: I don't think that Article 1 Section 8 of the US Constitution
allows for a judge to declare that a work is "in the public domain"
under a state or common law claim, unless he does that in the very limited way
that is consistent with the provisions of U.S.C. 17. 102, 301, and 405. Those
provisions don't apply to modern works like the Linux kernel sources. Congress
has the power under the XIV Amendment to prevent the States from depriving any
person of life, liberty, or property, without due process of law. Copyrights are
a property right, and the courts can't deny anyone property here in the US
without due process of law. The interesting thing is the source of these
particular property rights.
Congress replaced the 1909 Copyright Act, in 1976. The old Act had a "dual
system" which allowed for state or common law protections of unpublished
works, and the formal federal copyrights for most published works. Under the old
system it was easy for a work to accidentally pass into the public domain
against the author's wishes. That problem was addressed in the revisions that
Congress made to the more modern Copyright Act we have now.
Congress radically changed the system through the enactment of the 1976
Copyright Act, and later through the Berne Implementation Act. Congress hasn't
been silent on the matter of "the single federal system" and it's
preemption of other laws. Your State may have a Health or Agriculture
Department, but it doesn't have it's own Copyright or Patent Office.
"Copyright protection subsists, in accordance with this title, in original
works of authorship fixed in any tangible medium of expression..."(U.S.C.
17). Computer software is of course specifically subject to this copyright act,
and the author enjoys the exclusive rights through a grant made under the
provisions of Congressional Power contained in the US Constitution.
It seems to me that: if a line-item veto isn't available as an option for the
Chief Executive, involuntarily placing works into the public domain is probably
not an option for the courts. The copyrights themselves are not derived from the
licensing terms, and are contained in the same section of the Constitution that
the Supreme Court has placed off-limits in previous seperation of powers cases.
Certainly in Eldrige v Ashcroft, the high Court remarked on Congressional Power
and the copyrights "[We] are not at liberty to second-guess congressional
determinations and policy judgments of this order, however debatable or arguably
unwise they may be."
The earlier article here at Groklaw addressed what an IP attorney thought SCO's
devious tactics were. He didn't say he thought they had a very good chance of
success.
Does anyone else have any thoughts?[ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 07:24 AM EST |
There is the RTEMS operating system featuring a real time kernel and a host of
supporting GNU utilities: http://www.rtems.com/. It has been developed for some
time.
Interestingly, RTEMS used to stand for "Real-Time Executive for Missile
Systems" which kind of implies a particular use, though the anacronym now
stands for "Real-Time Executive for Multiprocessor Systems". There
is an Ada version also, and the "M" stands for
"Military". See the faq for more info.
From what I gather, the writers are very keen on the open source philosophy
too.
[ Reply to This | # ]
|
|
Authored by: Beyonder on Sunday, November 09 2003 @ 09:50 AM EST |
Just when you thought it was safe to use windows, this is from reliable sources
inside Microsoft:
they say that the announcement from Lindows, that there's extra, and extreme
controls, giving Microsoft control of your computer remotely, as has been
promised for years, is in Office 2003, and will also be coming to an XP update
near you.
I also happened to have worked with the US DOD for a while, a number of years
ago, and part of their contract requirements at the time was that any software
had to be using Linux. There was even press releases about this back then.
Some of the projects which I helped designed outlines for involved outfitting
every US soldier with gear running Linux. Imagine trying to justify the cost to
the public for having to convert all that? ain't gonna happen![ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 10:18 AM EST |
For crackers, and I mean the competent ones, Linux is the OS of choice: (1) they
can secure their attack boxes more effectively not only with configuration
commands but with a plethora of GPL'ed tools; (2)the GPL'd tools for net
administration/attack are more effective than any putative commercial commercial
counterpart. I am speaking as an Internet security engineer.[ Reply to This | # ]
|
|
Authored by: Scriptwriter on Sunday, November 09 2003 @ 11:51 AM EST |
Not to take away from this article (which is very good), but wouldn't the CDC
be considered a unit of national defense? Not every attack on the United States
is going to be of human origin, y'know. If the CDC is modeling a virus outbreak
and the results of their research are going to help keep me alive, I want their
platform and software to be as secure and reliable as possible.[ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 02:41 PM EST |
Simply the 'hearts and minds' aspect of FLOSS's world wide development. It's
participation in low cost infrastructure development and overall usefullness. A
common fixation (language) between a great many people this planet. It all adds
to a potential of domestic stability sharing an incredibly useful tool.[ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 04:23 PM EST |
I think there is the distinction between generic FOSS and GPL FOSS as being
critical. While certain key elements such as gcc are critical, gcc itself does
not introduce the viral nature of most GPL'd projects.
Likewise Linux, unless you're doing kernal hacks is not viral since you're
just using the OS as an OS.
But it seems much more difficult to use GPL'd projects as a basis for extension
as you can for Apache/BSD based projects in classfied software depending on how
"distribution" outside your organization is defined.
So as such, while other FOSS is acceptable for use as the basis for DoD related
work, I'm cautious about even looking at GPL source from potential projects of
interest. From an ethical standpoint I don't want to accidently steal work
from someone that believes in GPL for whatever reason and I don't want any
doubt as to where any particular code fragment came from.
So I look at Apache, BSD and similarly licensed projects when I'm hunting
around for code to re-use...either professionally or for fun.
And yes, there ARE those of us in the free software community that doesn't much
care for GPL.
Vinea[ Reply to This | # ]
|
|
Authored by: stevem on Sunday, November 09 2003 @ 04:51 PM EST |
I wasn't sure how much I could share of this, but it appears that the major
details are unclassified.
I actually, personally, installed one of these devices between two classified
networks (different levels) about 4 or 5 years ago. To the best of my knowledge
this was the 1st install of this system in a real live classified production
environment.
http://www.tenixdatagate.com/Main.asp?ID=730
At that stage it looked nothing like the pretty shots shown at the above link.
Note that the O/S installed is Redhat 7.1 or Solaris 8. At the time I believe it
was RH only, and v5 or 6 from memory. See FAQ items 17 and 18.
This product has been accredited by DSD to ITSEC E6.
Go here:
http://www.dsd.gov.au/library/epl/ns.html
and Search for "Interactive Link". It's in the bottom quarter.
So there you have it. Linux being used as part of an E6 certified data diode.
for separation of data in _very_ classified environments.
Way Cool!
- SteveM[ Reply to This | # ]
|
|
Authored by: Anonymous on Sunday, November 09 2003 @ 05:09 PM EST |
The only argument I could make against Open Source from the point of view of
national security is that some bad guys such as the Colombian and Mexican drug
cartels would choose Open Source, precisely because it is more secure than the
Microsoft offerings. However, progress has always been a two-edged sword and no
inventor should reasonably be held accountable for the human capacity to find
fiendish uses for even the most beneficial or innocuous of inventions. To wit,
needles are used for sewing but they can also be used to poke holes in people's
eyes. Encryption technology can be used to protect the correspondence of human
rights activists but it can also be used by oppressive governments as a
logistical support tool for human rights violations. We have lived with this
dilemna since the beginning of time.[ Reply to This | # ]
|
|
Authored by: PM on Sunday, November 09 2003 @ 06:42 PM EST |
Having open source is one thing, using it properly is another. In WW2, the
Enigma cypher machine was inherently secure, but its practical security depended
on how the system was administered. Most 'administrations' were not as
careful as they should have been (eg starting messages with 'Heil Hitler') and
this provided weak spots capable of exploitation. The German Navy was very
careful in its use and thus inflicted heavy losses on Allied shipping.
The same with computer systems - in many cases, sufficient mistakes will be made
to allow penetration by the most skilled hackers, and this will be the saving
grace.
To give a stupid example. A kidnapper travelled 50 miles or so to use a pay
phone for a ransom call. He then immediately after telephoned two friends
(while the phone card was still in the phone). The cops could not believe their
luck.
[ Reply to This | # ]
|
|
Authored by: Clifton Hyatt on Monday, November 10 2003 @ 12:17 AM EST |
More DOD linux stuff...
Land Warrior Follows Simpler
Path
The Land Warrior was designed to provide communications and
networking capabilities to dismounted soldiers that so far only have been
available to mounted forces. The idea is for members of a platoon to be able to
pass around battlefield procedural messages, graphics, alerts and other pieces
of information that currently are communicated by hand signals and voice.
The LW SI will have a single processor. The previous LW had a dual
processor, which frequently malfunctioned. Other changes include a more
simplified data bus and a Linux-based operating system, as opposed to Windows.
“Evidence shows that Linux is more stable. We are moving in general to where the
Army is going, to Linux-based OS,” said Gallop.
Source
Q&A: U.S. Northern Command's CIO calls Unix 'the Betamax of
software
You said in your presentation that you see Unix as the
"Betamax of software." Does that mean it has no place in your IT environment?
It currently has a place, and in fact we do use Unix on several of the DOD
systems. My thought behind Unix is the march of technology is what has made Unix
less and less relevant. The Y2k rollover, in fact, killed lots of Unix. There
are a finite number of Unix engineers and software writers in the world, and it
is not big enough to support the information technology demands not only of our
society, but of the world's economies in general. It costs a lot to train
somebody; it takes many years to get them educated. It takes even more for them
to get experience so that you can use them, when in fact a lot of software
engineering and design is a lot less complicated and in my view will outpace
Unix.
How about Linux? I think Linux has less investment baggage
than Unix, and therefore I see that being a lot longer-enduring technology. It
has an important role in DOD environments; it does not have that much of an
important role in my environment yet. Most Linux systems are fairly complex --
lots of security parameters and things like that. We have to boil down to a
common denominator that allows us to exchange information in a trusted
information exchange environment with a very, very broad population.
Source
<
p>...and here is some “circumstantial evidence” and
“speculation”.
5/23/2002_ “Open-Source Fight Flares At Pentagon:
Microsoft Lobbies Hard Against Free Software”
“Microsoft Corp. is
aggressively lobbying the Pentagon to squelch its growing use of freely
distributed computer software and switch to proprietary systems such as those
sold by the software giant, according to officials familiar with the campaign.
In what one military source called a "barrage" of contacts with
officials at the Defense Information Systems Agency and the office of Defense
Secretary Donald H. Rumsfeld over the past few months, the company said "open
source" software threatens security and its intellectual property.”
Source
7/26/2002_
“IBM and Linux are our biggest threats – Microsoft”
“IBM and Linux
combined represent a threat and inspiration as Microsoft Corp drives into
enterprise computing, top company executives said yesterday.
Eric
Rudder, senior vice president developer and platform evangelism, set the tone.
"IBM is our greatest competitor. In the way they sell products and compete in
corporate accounts," he said.
Paul Flessner, senior vice president
.NET enterprise servers, called IBM and Linux a "formidable" challenge. "It's
not just IBM alone, it's not just Linux alone," he said. “
Source
<
b>10/23/2002_ “Washington State Congressman attempts to outlaw
GPL“
Leaders of the New Democrat Coalition attempt to outlaw GPL. A
call to sign off on explicit rejection of "licenses that would prevent or
discourage commercial adoption of promising cyber security technologies
developed through federal R & D." has been issued by Adam Smith, Congressman
for the Ninth District in the State of Washington.
Sourc
e
2nd
Source
11/5/2002_ “Hallqween VII: Mcrosoft internal Linux strategy
memo leaked.”
“Linux patent violations/risk of being sued” struck a
chord with US and Swedish respondents. Seventy-four percent (74%) of
Americans and 82% of Swedes stated that the risk of being sued over Linux patent
violations made them feel less favorable towards Linux. This was the only
message that had a strong impact with any audience.
The discussion of IP
rights needs to be tied to concrete actions.
The risk that Microsoft
will go on a patent-lawsuit rampage, designed more to scare potential
open-source users than to actually shut down developers, is substantial. ”
-Haloween Document Commentary
Source
11/14/2002_ “Bracing for MS Patent Suit Attack”
The open-source
developer fears that, having settled its long-running antitrust suit, Microsoft
will now become more aggressive in competing with open-source software. And for
Samba-- software that allows Windows machines to read files on Linux servers --
as well as other open-source projects that compete with Microsoft's products,
that may mean dealing with patent lawsuits.
"Now that the government has
given the green light to an aggressive monopoly, the gloves have been taken off
and they can do what they want," Allison said.
Source
Fast
forward a couple months and SCO conviently goes after
"not just IBM alone,
not just linux alone" but both together. We all knew the legal
challenges to Linux would come, we just didn't see it comming from SCO. [ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, November 10 2003 @ 09:55 AM EST |
For obvious reasons I can't go into great detail, but I work for a branch of a
Federal agency that does a lot of computer forensics and evidence
recovery/analysis. We use Linux constantly; almost 95% of our office runs on it.
Other similar offices use it somewhat less -- maybe 40% -- but it is considered
a major part of our overall strategy and methodology. If Linux and FOSS were to
simply "go away" there would be a huge cost upsurge virtually
overnight as we try to find an enormous number of custom solutions to replace
what is essentially the duct tape in our toolbox.
There are a number of things that Linux/FOSS does well that other operating
systems simply do not, or which features cost a great deal of money in
proprietary software to duplicate. Not having these solutions readily at hand at
zero cost would crush our response times and overall capabilities. On top of
this, Linux/FOSS has become the development platform of choice for most of our
advanced projects, and those costs as well would skyrocket, were our
infrastructure to change radically.
The most frustrating part of being at this job is that not being able to talk a
lot about the details, means that I (and other like-minded employees here)
can't participate in any real sense in the FOSS cheerleading movement or
discussions about the very real impact of FOSS on our national security work.
Knowing that IBM's skilled legal team is on the right side of this battle helps
ease the pain somewhat.[ Reply to This | # ]
|
|
|
|
|