Green Hills Software Decides Linux Isn't So Bad 198
An anonymous reader submits a link to this report on LinuxDevices.com, which begins "An outspoken open source detractor has paid Linux a back-handed compliment. Green Hills Software (GHS), known for diatribes against Linux in military/aerospace applications, is shipping 'Padded Cell technology' intended to enable the company's proprietary real-time OS to take advantage of the wealth of Linux application software." You may remember GHS's Dan O'Dowd, who's claimed that the embedded Linux Tools Market is a myth and that the open source nature of Linux makes it a threat to national security.
For real? (Score:2, Insightful)
Wow, sort of like how Linux has WINE? (Score:5, Insightful)
GHS: "Our OS can now run Linux apps, so you don't have to use crappy Linux"
This is exactly the same reason they came out with WINE. The WINE devs don't like Windows, so they give you an alternative with WINE. This is the same thing.
Re:It is true (Score:5, Insightful)
Stuff so sensitive that it threatens national security has been stolen and your only concern is your scapegoat.
You work for the government, don't you?
KFG
Linux sucks (Score:5, Insightful)
Re:What I saw when I first clicked on this... (Score:2, Insightful)
Compliment? I think not. What they are saying here is that Linux application software is so insane, that it needs a "Padded Cell" just to be safe.
Re:Compliment (Score:5, Insightful)
Or maybe they just want access to all the linux apps available. It doesn't necessarily mean a change of heart regarding linux; does anyone here think the WINE guys started WINE because they felt that Windows was a better platform? Or that the FreeBSD crew created linux binary compatibility because they thought linux was superior?
Re:Open Source is a threat to National Security. (Score:5, Insightful)
I can't think of a single desktop operating system available to the public that is truly security aware, from design to implementation. The architects of Windows NT started out taking it seriously, but security quickly lost all battles to the proponents of compatibility, performance and "more features". OpenBSD is an example of how auditing is necessary but not sufficient.
Dog bites man. General Franco still dead. (Score:5, Insightful)
And now they made a compatability layer so their OS can run software written for their competitors' API. This is a change of heart how?
Especially considering how Green Hills has long had a compatibility layer for their more direct competitor vxWorks.
Re:It is true (Score:2, Insightful)
One does not want to "catch" the people responsible for an exploit. One wants to close it. Accountability is an economic issue (who do we sue), or a scapegoat issue (who's head can we put on the block to protect our own), not a security issue.
Ironically it is only with closed source software that who created the exploit is really relevant after the fact, since they are the only ones that can close it, and you can never be sure that really have unless you have the complete source to audit (and in a real secure system you always, always, always build from personally audited source).
Nor does running open source code have anything to do with whether or not you know where the code came from. There's no logical connect between the two issues and Red Hat can tell you where every line of code in their kernel came from just as well as Microsoft can tell you where code in their kernel came from.
My previous post was a joke. It was clear from your original post that your point of view is that of someone from a business enviroment. Government security has an entirely different intent, view point and priority matrix than business security (except among some of the 'new generation', who almost all come to government security from business security backgrounds).
KFG
compliment??? (Score:2, Insightful)
Missing the point? (Score:4, Insightful)
Although, that would really imply an app ca't even easily hurt itself, which is hardly the case. Padded Cell just has a nicer ring than Solitary Confinement.
national security (Score:5, Insightful)
The very last thing I'd like to know about would be the government placing a tech support call to a company that only sells them proprietary software. I find that somewhat unsettling.
But I'm not an expert; are there advantages to using code you can't see or modify to run government computers?
Re:GPL: Intellectual Theft (Score:4, Insightful)
No Kidding! Taken directly from a GNU C++ header file:
So... If they don't understand even the comments in C++ code, then why would I believe their statements regarding the superior quality of the rest of their operating system?
Re:Think open source, but not open source! (Score:3, Insightful)
Re:Compliment (Score:3, Insightful)
Here's what they said before:
The Linux operating system is developed by an open source process - a cooperative effort by a loose association of software developers from all over the world. With the knowledge that Linux is going to control our most advanced defense systems, foreign intelligence agencies and terrorists can easily infiltrate the Linux community to contribute subversive software.
etc., etc.
They made the argument that since Linux is open source it is subjected to the terrorists infiltrating it and injecting their malicious code. So now, you are saying they would like the applications developed with similar methods to run on their platform? Unless you argue that they are only targeting closed source applications for Linux that they believe are inherently more secure then you cannot justify both arguments. What makes those open source applications any different or any more protected from terrorists than Linux itself?
Re: Exactly.... (Score:3, Insightful)
As for the resources to write their own apps, nobody has the resources to write every app possible. Even Microsoft. Windows wouldn't be nearly as popular if it could *only* run Microsoft applications, even though Microsoft does have a very large variety of applications that they make to choose from. As for Linux, Linus didn't even write every thing needed to make a complete OS -- Various linux distributions also use parts from GNU, X, BSD, etc. All perfectly legit, of course. No stealing here.
There's nothing wrong or dishonest with them providing an API that allows Linux applications to be run on their OS. And they're not saying that they like Linux -- the WINE analogy given at the beginning of the thread is extremely appropriate. They've just realized that embracing/supporting Linux in this small manner will probably help them make more money. It sounds like a wise business decision to me.
As for the idea that `open source is a threat to National Security', there is truth to that. Of course, `closed source' is a threat too, just of a somewhat different nature.
In the open source case, sure, the code can be reviewed, but there's a lot more opportunities for `bad' people to slip in a patch that looks good and so it gets approved, but in reality it opens a non-obvious back door of some sort.
In the closed source case, a similar opportunity exists to introduce bad code, but it's really only available either to developers that work at the company in question, or those who crack into said company. But on the other had, once in, far fewer eyes are likely to look at that code, so it doesn't have to be so carefully obfuscated.
Both situations can be defused if you can get the source and find people qualified to audit every line of it and find these holes and correct them, and then have them do it without cutting corners. It's a huge job, but it's certainly possible. As for getting the source code, I imagine the NSA has little problem getting access to Micorosft's source code should they need it for something.
Re:It is true (Score:2, Insightful)
"Linux can be a threat to national security because any computer-savvy terrorist can hack it."
no, it can't. that's like saying "a door can be a threat to my personal security because any lockpick-savvy burglar can pick it."
if a burglar were to pick a lock on one of your doors and thereby jeopardize your personal security, it would be he, not the door, who posed a threat to you.
likewise, if a "computer-savvy terrorist" were to "hack" into some sensitive linux system and thereby compromise national security, it would be he, not the linux system, who posed a threat. the system he used to do so would merely be the vector.
maybe it seems like hair-splitting to you, but not to me. bad premises lead to bad conclusions.
thanks for listening.
Re:Missing the point? (Score:2, Insightful)
That was my first thought to. Far from being a compliment, what they're doing now is -entirely- consistent with GHS's previous position.. "Linux is so insecure and dangerous that you should only run it sandboxed in a secure virtual environment provided by a 'real' operating system.."
Re:It is true (Score:1, Insightful)
1. If the military puts a 2 foot plastic fence around a secure area, then blames the people that stumble over the plastic fence
2. If the bank uses a wood door for its safe, then blames the robber who broke the door.
The fact is when you're in the business of selling doors and fences (like the OS company above) then the quality of the door or fence is in question.
Linux was never designed to be a 100% secure environment; apparently they are claiming there's pretty close. Well I am sure some 200K LB bank safe door is breakable but I would rather have it protecting the bank money the door on my home.
SmoothXP
"Give a person a fish and you feed them for a day; teach that person to use the Internet and they won't bother you for weeks"
Re:Not a big deal (Score:2, Insightful)
After taking a peek at your website and blogs (there is a reason I did not want to stay long, and it had less to do with what you were saying and more with the way you were presenting stuff) I get the feeling you haven't mastered Linux enough to use it for your own purposes. As a self-proclaimed geek I would have expected to see you run your own DNS- and web-server, either on Linux (really easy with SuSE 9.1 Prof. - Oh, you dislike anything FOSS and especially Novell since they will sue SCO [you realize that SCO's going to be done and burried when IBM is finished with them, so why do you think Novell is doing it? One hint, it isn't greed, like I said they won't get anything from SCO after IBM squashes them]) or Microsoft Windows (though if you REALLY consult people and want to HELP them instead of just wanting to do a quick and dirty (... and insecure and expensive and
Don't worry guys, Linux is STILL a threat to National Security
Only to people like you that can't "hack" it or press a few buttons to "fix" it allin a few seconds (which by the way only works if Microsoft releases a patch). There are reasons why Windows is so insecure, amonsgt the many is the fact that it has bred a large crowd of "consultants" that think their only job is to press a few buttons in a GUI and that's it.