Green Hills Software Decides Linux Isn't So Bad

An anonymous reader submits a link to this report on LinuxDevices.com, which begins "An outspoken open source detractor has paid Linux a back-handed compliment. Green Hills Software (GHS), known for diatribes against Linux in military/aerospace applications, is shipping 'Padded Cell technology' intended to enable the company's proprietary real-time OS to take advantage of the wealth of Linux application software." You may remember GHS's Dan O'Dowd, who's claimed that the embedded Linux Tools Market is a myth and that the open source nature of Linux makes it a threat to national security.

For real?

[Anonymous Coward]

Since their other claims seem to be completely made up and bogus, is anyone really sure that their claims now of product compatibility are accurate?

Wow, sort of like how Linux has WINE?

[zerperson]

Seriously people, allowing your OS to run apps from another OS isn't declaring the superiority of the other OS. It is simply a wise business decision. It can, in fact, be interpreted as an insult to Linux, depending on how you look at it. Consider this:
GHS: "Our OS can now run Linux apps, so you don't have to use crappy Linux"

This is exactly the same reason they came out with WINE. The WINE devs don't like Windows, so they give you an alternative with WINE. This is the same thing.

Re:It is true

[kfg]

If they find a backdoor in the kernal and someone has stolen sensitive stuff through it, who's to blame?

Stuff so sensitive that it threatens national security has been stolen and your only concern is your scapegoat.

You work for the government, don't you?

KFG

Linux sucks

[Doc Ruby]

What is the submitter talking about? Saying "Linux sucks", then saying "here's something to run Linux apps that isn't Linux" isn't a compliment, or a retraction. It's emphasis. They never said that Linux doesn't have a lot of apps, or that it's not popular. Just that it's not good enough. And now they have something better.

Re:What I saw when I first clicked on this...

[pebs]

'Padded Cell technology' intended to enable the company's proprietary real-time OS to take advantage of the wealth of Linux application software."

Compliment? I think not. What they are saying here is that Linux application software is so insane, that it needs a "Padded Cell" just to be safe.

Re:Compliment

[nomadic]

I think this course of events is sort of ironic. Possibly they were motivated for other goals in their previous outlook on linux. Either that or they feel its good enough and won't endanger their security for there product at least.

Or maybe they just want access to all the linux apps available. It doesn't necessarily mean a change of heart regarding linux; does anyone here think the WINE guys started WINE because they felt that Windows was a better platform? Or that the FreeBSD crew created linux binary compatibility because they thought linux was superior?

Re:Open Source is a threat to National Security.

[Detritus]

NSA's involvement in Linux amounts to a research project. Although I think it is interesting and useful, it shouldn't be mistaken for an endorsement by the NSA.

I can't think of a single desktop operating system available to the public that is truly security aware, from design to implementation. The architects of Windows NT started out taking it seriously, but security quickly lost all battles to the proponents of compatibility, performance and "more features". OpenBSD is an example of how auditing is necessary but not sufficient.

Dog bites man. General Franco still dead.

[Maniakes]

Green Hills makes devtools and OSs for safety-critical embedded systems. They've been vocally anti-Linux-in-safety-critical-embedded-systems because Linux is a competitor (nothing particularly nefarious, just a company trying to make a case that their product has advantages over a competitor).

And now they made a compatability layer so their OS can run software written for their competitors' API. This is a change of heart how?

Especially considering how Green Hills has long had a compatibility layer for their more direct competitor vxWorks.

Re:It is true

[kfg]

How does tracking an IE exploit to Microsoft help you track down the person that used it? Catching the person responsible for the incursion is the order of business. In what way is Microsoft's posited 'accountability' an aid to security in the first place, and what role does it play after an incursion?

One does not want to "catch" the people responsible for an exploit. One wants to close it. Accountability is an economic issue (who do we sue), or a scapegoat issue (who's head can we put on the block to protect our own), not a security issue.

Ironically it is only with closed source software that who created the exploit is really relevant after the fact, since they are the only ones that can close it, and you can never be sure that really have unless you have the complete source to audit (and in a real secure system you always, always, always build from personally audited source).

Nor does running open source code have anything to do with whether or not you know where the code came from. There's no logical connect between the two issues and Red Hat can tell you where every line of code in their kernel came from just as well as Microsoft can tell you where code in their kernel came from.

My previous post was a joke. It was clear from your original post that your point of view is that of someone from a business enviroment. Government security has an entirely different intent, view point and priority matrix than business security (except among some of the 'new generation', who almost all come to government security from business security backgrounds).

KFG

compliment???

[torrents]

wanting to exploit the popularity of linux and not "giving anything back" is hardly a compliment...

Missing the point?

[mkramer]

Considering their complaint about Linux, valid or not, is its security, I don't see how this play deviates at all. The point of this compatibility later is to allow these possibly unsafe *applications* to run on a safe *operating system* by isolating their system calls, making them non-intrusive to the system's operation. Hence the product name, Padded Cell.

Although, that would really imply an app ca't even easily hurt itself, which is hardly the case. Padded Cell just has a nicer ring than Solitary Confinement.

national security

[potpie]

With all bias aside, doesn't it make more sense to run important government systems with open software? Open software can be changed as much as they want; it's not like they're buying the latest Mandrake pack from CompUSA and popping it into the super-mega-warhead-doomsday-computer's cd drive.

The very last thing I'd like to know about would be the government placing a tech support call to a company that only sells them proprietary software. I find that somewhat unsettling.

But I'm not an expert; are there advantages to using code you can't see or modify to run government computers?

Re:GPL: Intellectual Theft

[pjkundert]

Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable.

Nice troll. This is utter garbage of cause, but it is common misconception so I'll rebut it.

No Kidding! Taken directly from a GNU C++ header file:

// As a special exception, you may use this file as part of a free software
// library without restriction. Specifically, if other files instantiate
// templates or use macros or inline functions from this file, or you compile
// this file and link it with other files to produce an executable, this
// file does not by itself cause the resulting executable to be covered by
// the GNU General Public License. This exception does not however
// invalidate any other reasons why the executable file might be covered by
// the GNU General Public License.

So... If they don't understand even the comments in C++ code, then why would I believe their statements regarding the superior quality of the rest of their operating system?

Re:Think open source, but not open source!

[xtermin8]

Green Hills (or its representatives) specifically criticized the "open source nature" of linux. It would seem your product takes advantage of available OSS products. I realize you and your company may have a specific view about security, and perhaps are only considering security, but I'm afraid you've burned some bridges by showing such disdain for the work of dedicated individuals. I hope you publicly praise the usefulness of open source apps as ardently as you criticize the "flagship" OSS product, linux. As most OSS developers don't get paid, pride becomes that much more important, and Green Hills needs to recognize this.

Re:Compliment

[zurab]

Or maybe they just want access to all the linux apps available. It doesn't necessarily mean a change of heart regarding linux;

Here's what they said before:

The Linux operating system is developed by an open source process - a cooperative effort by a loose association of software developers from all over the world. With the knowledge that Linux is going to control our most advanced defense systems, foreign intelligence agencies and terrorists can easily infiltrate the Linux community to contribute subversive software.

etc., etc.

They made the argument that since Linux is open source it is subjected to the terrorists infiltrating it and injecting their malicious code. So now, you are saying they would like the applications developed with similar methods to run on their platform? Unless you argue that they are only targeting closed source applications for Linux that they believe are inherently more secure then you cannot justify both arguments. What makes those open source applications any different or any more protected from terrorists than Linux itself?

Re: Exactly....

[dougmc]

because they don't have the resources to write their own apps from scratch and figure it is easier to simply steal from your enemies.

Steal? What are they stealing? You can't steal something that is given away! [well, yes you can. You can certainly steal more than your share of soup at the soup kitchen, but in the case of Linux, if you take it from me, I still have it. No stealing possible. And they're not stealing (or even taking) anything anyways.]

As for the resources to write their own apps, nobody has the resources to write every app possible. Even Microsoft. Windows wouldn't be nearly as popular if it could *only* run Microsoft applications, even though Microsoft does have a very large variety of applications that they make to choose from. As for Linux, Linus didn't even write every thing needed to make a complete OS -- Various linux distributions also use parts from GNU, X, BSD, etc. All perfectly legit, of course. No stealing here.

There's nothing wrong or dishonest with them providing an API that allows Linux applications to be run on their OS. And they're not saying that they like Linux -- the WINE analogy given at the beginning of the thread is extremely appropriate. They've just realized that embracing/supporting Linux in this small manner will probably help them make more money. It sounds like a wise business decision to me.

As for the idea that `open source is a threat to National Security', there is truth to that. Of course, `closed source' is a threat too, just of a somewhat different nature.

In the open source case, sure, the code can be reviewed, but there's a lot more opportunities for `bad' people to slip in a patch that looks good and so it gets approved, but in reality it opens a non-obvious back door of some sort.

In the closed source case, a similar opportunity exists to introduce bad code, but it's really only available either to developers that work at the company in question, or those who crack into said company. But on the other had, once in, far fewer eyes are likely to look at that code, so it doesn't have to be so carefully obfuscated.

Both situations can be defused if you can get the source and find people qualified to audit every line of it and find these holes and correct them, and then have them do it without cutting corners. It's a huge job, but it's certainly possible. As for getting the source code, I imagine the NSA has little problem getting access to Micorosft's source code should they need it for something.

Re:It is true

[pgilman]

"Linux can be a threat to national security because any computer-savvy terrorist can hack it."

no, it can't. that's like saying "a door can be a threat to my personal security because any lockpick-savvy burglar can pick it."

if a burglar were to pick a lock on one of your doors and thereby jeopardize your personal security, it would be he, not the door, who posed a threat to you.

likewise, if a "computer-savvy terrorist" were to "hack" into some sensitive linux system and thereby compromise national security, it would be he, not the linux system, who posed a threat. the system he used to do so would merely be the vector.

maybe it seems like hair-splitting to you, but not to me. bad premises lead to bad conclusions.

thanks for listening.

Re:Missing the point?

[zcat_NZ]

Mod parent up..

That was my first thought to. Far from being a compliment, what they're doing now is -entirely- consistent with GHS's previous position.. "Linux is so insecure and dangerous that you should only run it sandboxed in a secure virtual environment provided by a 'real' operating system.."

Re:It is true

[Anonymous Coward]

Having worked on computer systems for 10 years, 6 in the military and now for the largest wireless company, I disagree with your assertions.

1. If the military puts a 2 foot plastic fence around a secure area, then blames the people that stumble over the plastic fence

2. If the bank uses a wood door for its safe, then blames the robber who broke the door.

The fact is when you're in the business of selling doors and fences (like the OS company above) then the quality of the door or fence is in question.

Linux was never designed to be a 100% secure environment; apparently they are claiming there's pretty close. Well I am sure some 200K LB bank safe door is breakable but I would rather have it protecting the bank money the door on my home.

SmoothXP

"Give a person a fish and you feed them for a day; teach that person to use the Internet and they won't bother you for weeks"

Re:Not a big deal

[B0mbtruck]

Im not the biggest Linux fans in the world, in fact i advise all of my clients against using Linux. If they decide to use Linux, they do pay my company and myself more for consulting services and application development.

After taking a peek at your website and blogs (there is a reason I did not want to stay long, and it had less to do with what you were saying and more with the way you were presenting stuff) I get the feeling you haven't mastered Linux enough to use it for your own purposes. As a self-proclaimed geek I would have expected to see you run your own DNS- and web-server, either on Linux (really easy with SuSE 9.1 Prof. - Oh, you dislike anything FOSS and especially Novell since they will sue SCO [you realize that SCO's going to be done and burried when IBM is finished with them, so why do you think Novell is doing it? One hint, it isn't greed, like I said they won't get anything from SCO after IBM squashes them]) or Microsoft Windows (though if you REALLY consult people and want to HELP them instead of just wanting to do a quick and dirty (... and insecure and expensive and ... ) job for them then I don't see you pushing Windows stuff on them).


Don't worry guys, Linux is STILL a threat to National Security :)

Only to people like you that can't "hack" it or press a few buttons to "fix" it allin a few seconds (which by the way only works if Microsoft releases a patch). There are reasons why Windows is so insecure, amonsgt the many is the fact that it has bred a large crowd of "consultants" that think their only job is to press a few buttons in a GUI and that's it.