Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Privacy Security The Military Windows Linux

Russian Military Moves Closer To Replacing Windows With Astra Linux (zdnet.com) 95

An anonymous reader quotes a report from ZDNet: Russian authorities have moved closer to implementing their plan of replacing the Windows OS on military systems with a locally-developed operating system named Astra Linux. Last month, the Russian Federal Service for Technical and Export Control (FSTEC) granted Astra Linux the security clearance of "special importance," which means the OS can now be used to handle Russian government information of the highest degree of secrecy. Until now, the Russian government had only used special versions of Windows that had been modified, checked, and approved for use by the FSB. Astra Linux is a Debian derivative developed by Russian company RusBITech since 2008, the report says. "RusBITech initially developed the OS for use in the Russian private market, but the company also expanded into the local government sector, where it became very popular with military contractors."
This discussion has been archived. No new comments can be posted.

Russian Military Moves Closer To Replacing Windows With Astra Linux

Comments Filter:
  • by PolygamousRanchKid ( 1290638 ) on Saturday June 01, 2019 @08:10AM (#58690468)

    Tank Top!

    • by goombah99 ( 560566 ) on Saturday June 01, 2019 @09:07AM (#58690658)

      There really hasn't been a major western war since modern operating systems were invented. At some point when this happens will they use the same OS. At that point what happens? With Linux weaponized who will run the repository? IS it possible that a shortage of major OSs actually prevents war because you cant go to war without it but the technology isn't all within your control.

      I note for example that because the key ingredients for cordite were imported to england from germany that had it not been for Chiam Wietzman's discovery of acetone production by bacteria that Britain would have lost in WWII.

      Since vietnam wars have been skirmishes and proxy wars. Sure Saudi Arabia attacks yemmen using all equipment they purchased but this only underscores how nations that could control the tech choose not too. It exposes how deeply vulnerable the purchasing nation is. Likewise Iraq and now Iran builds it's military work off smuggled tech products or illiticit trade deal (Hauwei). Sure they do get away with it but it's a very vulnerable position and so the embargo are effective in that sense even if they don't stop the transfers.

      Now we have some things like rare earths sourced from china. But in fact these are not rare. They are abundant. It's just the economics that make them sourced from china for now. large quantities of Lithium is more rare (bolivia). As is Helium. And Cobalt may be the next unobtanium (half of it is in congo). While oil is not in every country the market is pretty distributed, so it takes concerted pressure to shut it off.

      But operating systems are truly rare. there's BSD, Linux, and Microsoft. Sure there's plenty of other ones. But if you want the major lineages thems it. So getting cut off from the main trunk of one of these could be interesting. You can fork it. And for a while you'll be fine. But your fork will drift and fall behind the main trunk.

      • Typo: WW I

      • There really hasn't been a major western war since modern operating systems were invented. At some point when this happens will they use the same OS. At that point what happens? With Linux weaponized who will run the repository?

        It doesn't matter. Presumably if you depend upon it you've already mirrored the repos, including source. If there's a war, you maintain your fork until the war is over, then merge.

      • by HiThere ( 15173 )

        It doesn't matter if your OS drifts away from the root as long as it's good enough already. What you really need to ensure is that the attacks you design to use against your adversary can't turn around and be used against you. So some particular drift would be a positive benefit.

        • by Anonymous Coward

          Thats called asymetrical warfare advantage. But it equally applies to trade protectionism.

          We also know some Russians are using old typewriters - physically safe at all levels.
          We know that windows has so much code, so many modules not been looked at for over 10 years modules - not even capping string overflows - that even having the source code is pretty useless. We know Intel processor flaws have amplified bad/sloppy coding opportunities.
          We know most people need months and months to deploy fixes as side eff

  • by dyfet ( 154716 ) on Saturday June 01, 2019 @08:15AM (#58690482) Homepage

    https://xn--80ac3cm.xn--p1ai/w... [xn--80ac3cm.xn--p1ai]

    What is interesting here is that they actually do NOT use selinux, but rather something else to achieve mandatory access control.

    • Is that the accepted Russian translation of "access control"? I don't want to click on the link, but, from hovering over it, the phrase in the link would be back translated into English as "mandatory compartmentalization of access" rather than "mandatory access control."
      • by dyfet ( 154716 )

        If you read the context, it is in place of selinux mandatory access control model using dac, but I agree it is not clear if, for example, they hook the selinux hooks with something really different, are actually doing something very different, or are simply using a different model/underlying implementation of mac than dac. The article suggests to me the latter, that they are likely using the hooks, but applying a different rules system. I was looking into this when I first noticed they referred on the ast

    • by Anonymous Coward

      SELinux is developed by the NSA. I wouldn't use it if I wanted to make sure my Linux OS was secure against US hackers, either.

      People do remember that it's an NSA project, right? It's the method the NSA used to backdoor Linux, in the name of "security."

      • SELinux is open source and developed by Red Hat, with original origins in a collaborative effort between them and the NSA. Stop spreading FUD.
    • by gtall ( 79522 )

      Assuming they are telling the truth about what their linux contains. Trust and Kremlin are never uttered positively in the same sentence.

  • One drawback... (Score:3, Insightful)

    by Anonymous Coward on Saturday June 01, 2019 @08:16AM (#58690486)

    That is going to make Linux a bigger target for the US intelligence services (injecting vulnerabilities etc - and don't say that isn't easily possible), which is bad news for those of us for whom the Year of Linux on the Desktop came in the 90's.

    It's a trope that there's no "security through obscurity"... except there actually is. Sometimes flying under the radar does in fact help.

    • Um, no. You may avoid statistically significant attacks, but, with full respect to the Debian team, it isn't uncrackable. Nothing is uncrackable, you just need the right hammer. Obscurity/reachability may inhibit, but doesn't prevent breaches.

      Core kernels might be great. Any open port is a problem. Barring that, a nearby machine listens for adjacent clock variations. Sure, tougher and tougher, but dark budgets have few limitations no matter which side of what border is under consideration.

      • by Anonymous Coward

        with full respect to the Debian team, it isn't uncrackable

        I don't think I said it was. I can't see that we are actually disagreeing about anything here.

        I'm only saying that there is going to be a stronger incentive for other (US/EU/etc) intelligence services to either discover, or plant, more vulnerabilities in Linux.

        • We agree except for the tense of your verb. Don't think that it's not already done, packed in a silo, updated like clockwork. There *has* been this effort and I have no doubt it's been continuing for a long time, and is not the only target.

          Can another Snowden event be prevented? Tough to tell. Seems he's in Russia right now.

    • But canonical pinky promises that they don't inject vulnerabilities. Good luck compiling docker without running a docker container and without modifying docker's golang source. Canonical's answer to security is their promissory note. That's a promise (which caries no money with if it's broken) from a company that's worth about negative $5 to begin with.
    • by AHuxley ( 892839 ) on Saturday June 01, 2019 @08:44AM (#58690570) Journal
      All that systemd will slow Russian computing down.
      • by dyfet ( 154716 )

        I do wonder if they got rid of/dont use systemd. Apparently astra is downloadable, and some form of Debian, so it should be possible to actually find out.

      • Systemd isn't actually bad once you get to understand it properly.

  • by Anonymous Coward

    Spoiler alert.

    They won't actually do it.

  • Why not Debian or Ubuntu?
  • by Anonymous Coward

    It's clear that Windows (and macOS) today serves as an important tool in retrieving information to the U.S. Not because Microsoft wants it that way, but because the U.S. government and its NSA can order it.

    If you're working in government, technology, finance or banking, then most likely you may be a target for passive retrieval of data on your Windows machine. It's trivial to facilitate Windows into doing this, and all it takes it to identify whether a particular Windows machine is of interest or not, and t

    • by dyfet ( 154716 )

      Indeed the Huawei issue is pot and kettle, and only serves to remind/make others consider why they may not want US based products or services either.

    • by HiThere ( 15173 )

      Linux is only one alternative, albeit the easiest. A BSDUnix is another choice. If you're really paranoid you could grab an old Minix tree and develop from that, even though the Hurd never got anywhere with *their* microkernel.

      I don't think anyone's masochistic enough to grab an old IBSYS tree and develop from that, though. But it's almost guaranteed that no current attack would work if you did.

      Most of the other alternatives never got enough development to eliminate even the worst bugs. But Haiku https: [haiku-os.org]

  • by jmccue ( 834797 ) on Saturday June 01, 2019 @10:33AM (#58690966) Homepage
    But will Astra get GNU Approval ? https://www.gnu.org/distros/fr... [gnu.org]
    • by dyfet ( 154716 )

      There are "patented" things bundled in this particular distro, so my initial inclination is to say very probably no.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...