Tux Enlisted for U.S. Defense Program

An anonymous reader writes "Linux is a key part of the Army's massive $200B FCS (Future Computing System) initiative, it seems. RTOS vendor LynuxWorks was chosen to provide the OS for 18 weapons platforms under development, because its LynxOS-178 real-time OS can run Linux binaries -- including the "common operating environment" that Boeing is developing for FCS."

Lots of open source in FCS...

[tcopeland]

...this paper [ie.org] talks about using the open source, BSD-licensed agent framework COUGAAR [cougaar.org] to run FCS modeling tests.

Also, there's a bunch of COUGAAR support software written in Ruby, i.e., ACME [cougaar.org].

It's Future COMBAT system...

[WonderSnatch]

That is all.

Does LynxOS really contain Linux code?

[Florian Weimer]

Apparently not. The press release states that they provide ABI compatiblity using special shared libraries ("[...] compatibility is implemented through the use of dynamically linked shared libraries[...]", similar to WINE). Maybe they have ported GNU libc to LynxOS and use some free software. But apparently, no Linux kernel code is involved.

Re:is linux guilty of murder now?

[iggymanz]

murder is just a legal term for killing not sanctioned by the government, so no murders will be done. Maybe some genocide and assassinations and such, but no murder.

The Tuxinator; he'll never stop EVER, until you are dead!

Re:Don't expect compliance with the GPL

[advocate_one]

did you actually read the article??? The binaries are able to run on this other kernel... it's not the Linux kernel that's being used here, only applications compiled to run on the Linux kernel... it's all about the ABI...

Re:It's Future COMBAT system...

[WonderSnatch]

That was not all: See also: http://www.army.mil/fcs/ [army.mil]

Re:Don't expect compliance with the GPL

[NetNifty]

Under the GPL I don't think they'd have to submit anything back unless they distributed it publically anyway.

Re:Now I have a mental image

[czarangelus]

Do you mean this little fellow?

bonzai! [phlak.org]

Re:Hardly suprising...

[Anonymous Coward]

No, it didn't, but don't tell the fanboys. What happened was that a database crashed when an operator entered a 0 in the wrong column, which caused a DIV0 exception and the application crashed. The anti-Microsoft fanboys like to describe that as something along the lines of "TEH BATTALSHIP EXPLOODEDED WHEN TEH NT BLOOSCREENED!!!1!1!!" because they don't know any better.

LynxOS

[pointym5]

LynxOS is older than Linux. Development on LynxOS began in Dallas, TX in early 1986. The system was built for the 68000 architecture originally, targetting a custom-built 68010 VME bus CPU. The software was compiled with the C compiler sold by Megamax for the Macintosh. LynxOS was ported to the IA86 for the 386 in 1988-1989. The LynxOS ABI compatibility history goes back to about 1989 also, when SVR3 compatibility was added to the system. No UNIX or (of course) Linux code was used in the development of the OS.

Too bad...

[Nutria]

FCS is getting scaled back because of the extreme cost.

http://www.washingtonpost.com/wp-dyn/articles/A351 18-2005Mar14.html [washingtonpost.com]

Re:Exploits

[INetUser]

I disagree. Security through obscurity has been proved not to work time and time again. Granted it may perhaps buy you a little time, but in the long run it won't work.

No

[YrWrstNtmr]

The USS Yorktown was a testbed for the AEGIS cruiser series. NT was(is?) used as the OS for the LAN.

Crappy application not fully tested (and they knew that and accepted the risks) didn't know how to handle an improper user input. A zero went into the database. The app couldn't handle the DIV0, and crashed.

The Navy report concluded it was the application and human error [gcn.com], and not NT.

Mod parent up. LynxOS is not Linux

[Animats]

Mod parent up. He's right.

LynxOS is not Linux. It's a completely different, and much smaller, kernel. It's not as minimal as QNX [qnx.com]; LynxOS has drivers in the kernel. But it's far smaller than Linux. It's small enough to get through the expensive and difficult examination process required for avionics.

Confusingly, the company that sells LynxOS recently changed their name to LynuxWorks [lynuxworks.com], and also distributes BlueCat Linux [lynuxworks.com], an embedded Linux distro based on the 2.6 Linux kernel. LynuxWorks had a huge booth at the Embedded Systems Conference last month.

LynxOS, BlueCat Linux, and QNX all use the GNU compilers and tools. All are POSIX compatible, and will run most commmand line programs with a recompile.

Re:Yay, no BSOD

[the_bard17]

BSODs are pretty much a thing of the past...

I suppose these [microsoft.com] are why you chose "pretty much," huh?

;o) On the other hand, I agree with everything else you said.

Linux has NOT been picked officially

[Greg151]

Hi all,

Lynxworks can say whatever they want, but the Army isn't picking an OS until 2006. See this link: http://www.fcw.com/fcw/articles/2005/0214/web-fcso s-02-17-05.asp [fcw.com]

Here is one quote that may be interesting:
"Cartwright and Muilenberg downplayed rumors that they decided not to use Microsoft's Windows operating system in FCS because of security issues. The officials said they have made no such decision to date."

Further reading

[YrWrstNtmr]

The captain of the ship [jerrypournelle.com] at that time states...

In a letter to the "Comment and Discussion" department, published in the Aug 98 _Naval_Institute_Proceedings_, page 22, Captain Richard T. Rushton, then-CO of _Yorktown_, categorically states, "The _Yorktown_ was never towed as a result of any Smart Ship initiative. During my command, we lost propulsion power twice while using the new technology. Each time, we knew what caused the interrupt and were underway again in about 30 minutes. The September 1997 incident was caused by incorrect data insertion by a well-trained crewman. The _Yorktown_ returned to port using two FFG-7 emergency control units that specifically had been requested by me, and supported by other commands as a risk reducer. We knew there were some risks in the engineering development model propulsion-control system installed under a rapid prototyping development effort. The bottom line: The data field safeguards found in production-level systems were not installed yet in the _Yorktown_ by intention, until complete wring-out was accomplished."

Further:
"The _Yorktown_ never missed an operational commitment, nor did she suffer a mission-degrading casualty during the Smart Ship assessment period. During that time she certified to deploy under the normal fleet training and assessment process. ... She went on to execute a five-month Caribbean deployment that included extensive Smart Ship assessments by the Operational Test and Evaluation Force and Navy Manpower Analysis Center. Both organizations evaluated the _Yorktown_ as fully capable in meeting the required operational capabilities in a projected operating environment. ..."

Re:Don't expect compliance with the GPL

[sofar]

Not really, I work for ESA and most of the contracts for development have clauses in them that state that all the products 'belong', 'are property of' the organization, and not the subcontractor.

This is legally fine, because if you can hire an 'employee' and have him write some code for you, you retain all rights to that code. It would be silly if you lost it because you hire an employee to write code for you.

Nothing unusual.

Under GPL public does not get source, only cust.

[AHumbleOpinion]

But the changes the contractor made would have to be made public under the GPL because they distributed it to the military. If the military decided that they didn't want the changes to be revealed, you're back to the same conflict.

No. The GPL only requires you to give source to your customers if they ask for it. Making it avaiable to anyone via the web is not required, it is just a convenient way to implement the preceeding for some. Subcontractor give source to Boeing and Boeing gives source to Pentagon, public never sees it, and no GPL violation has occurred.

Re:What, don't you realize

[MynockGuano]

Hey, just wanted to make a few things clear, from the perspective of someone who works on this stuff (military research in general, FCS in particular). There are three basic networks that we use here, and I'm hoping I can provide a bit of detail on each:

The most widely-used is the NIPRNet, which is the network that most business operations on the base use. All machines connected to it must conform to a standard Windows image, and the network is monitored and internet access moderately restricted (i.e. gaming sites, porn sites, "mp3 sites", direct ip connections, etc. are blocked). Software on these machines must undergo a lengthy approval process before being loaded by a qualified WGM (basically, your workgroup's local tech person with admin access to the machines). Most resident contractors are put on this network, with a few exceptions.

Next, we have the SIPRNet. This is the secure network, and is rigidly monitored and the machines accessing it are restricted to only the things deemed essential for the classified project. SIPRNet machines must be isolated both physically and electronically from any other computers on the base and from the intranet/internet.

Finally, we have the DREN. This is the "research" network, and is where people like me get things done. Internet access is unrestricted, and software is loosly, if at all, controlled (basically, if you're not causing alarms to go off in the network guy's building, you're ok...just don't go using it for Bittorrent or the like). Individuals have full control of their computers, and can install and run their own programs (including, as in my case, Linux). A firewall still blocks most ports to the outside world, but 80 and 21 are open (I am forced to ssh to my home box through port 80, however, and CVS isn't an option in most cases). The research supercomputers are on this network, and a kerberos authentication scheme is used for access. Frankly, this is the only machine I can get anything resembling real work done on, but we're all forced to have a separate NIPRNet box for e-mail, active directory stuff, and the like. If their work demands it, contractors may, in certain cases, have access to this network. It is not reachable at all from the outside except through kerberized ssh and ftp.

Hope this settles a few things. I know there's distinctions on different levels that I'm not aware of and/or not allowed to know, but that's how things generally look from a DoD-employed researcher's perspective.