Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Is open source practical for military use?

  1. #11
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It would be really, really difficult to trojan Linux in a way which makes it unsuitable for military applications while creating a deliberate "fault" that would not affect other software, and would pass all regression tests and sneak past the kernel maintainers.

    It is not true that Linus reads every line of code personally. There are instead subsystem maintainers (Linus' Lieutenants) who collect patches for individual subsystems. I believe that they do generally read every line of code submitted.

    There are a lot of other things which would be far easier to trojan than Linux of course - libc perhaps, or gcc - I've no idea what their policies are.

    In any case, it would be fantastically difficult to create a deliberate error which would cause some predictable behaviour, when you don't know anything about the software running on it.

    Bear in mind for governments outside of the US, worries about the integrity of the Windows source code prevail - the possibility that it contains US government trojans seems high to some analysists (I am not privvy to any classified information on this topic, and even if I was I obviously wouldn't be able to discuss it).

    I love the way that some governments get to see the windows source code, but they aren't allowed to use it to build their own copy of windows, oh no, they still rely on binaries from Redmond. Hence they have no idea whether what they're looking at is the windows source code or not.

    In any case even if Redmond hasn't got US government bugs in your Windows now, it could add them at the behest of Washington at any moment and distribute through Windows update faster than you can say "Terrorism".

    I don't see how Linux can possibly be less trustworthy than Windows, to the US government, or anyone else. I can however understand if people don't want to use it for flight control software, nuclear reactor monitoring, missile guidance etc. But that would be more to do with bugs than trojan.

    Anyway who's to say the US government haven't also got backdoors in WRS VxWorks? That is at least partially distributed pre-compiled.

    Slarty

  2. #12
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Well as that Dan O'Dowd said, parts of Linux is made by programers from places you wouldnt normally buy defence equipment from!

    I wouldnt be happy if the army started using software that was made in Korea/russia/afgan etc.

    I think the main problem with open source is that they dont know who has coded what.

    Also due to the nature of what it would be used for the would be an awful lot of NDA's to be signed, which kind of defeats the purpose of the open source movement!

    The british army is in the process of getting a new radio system, which runs Win2000, ....... they now pay Microsoft 3.4 Billion pounds a year for the privalige!! So there must be a good reason for those in the know why open souce isnt used as im sure they would prefer to save 3.4 billion quid if they could!!

  3. #13
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    I wouldnt be happy if the army started using software that was made in Korea/russia/afgan
    out of interest nokia.... why not? Software manufacturers in first world countries e.g. US, UK, most of europe etc are just as likely to miscode/introduce bugs/trojans/whatever as programmers in those countries you've listed. Sure I know the governments of Korea, Russia and Afghanistan might be a bit dubious at times... but is that any different for the US, UK etc? I think not.

    Incidentally... nokia I really wouldn't hold up british army procurement as a model for something being good at the moment (not saying 2k isn't good mind ).... they spend money like water on some things

    I think Pooh and Slarty both have very valid points - I think a partial open source implementation would be the best course
    Quis Custodiet Ipsos Custodes

  4. #14
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Originally posted here by Nokia

    The british army is in the process of getting a new radio system, which runs Win2000, ....... they now pay Microsoft 3.4 Billion pounds a year for the privalige!! So there must be a good reason for those in the know why open souce isnt used as im sure they would prefer to save 3.4 billion quid if they could!!
    Geoff Hoon gets backhanders from Microsoft?

    Seriously, they must have a pretty good reason to want to do that? Bill Gates did meet Blair a few years ago, I wonder if any favours were traded?

    Slarty

  5. #15
    Junior Member
    Join Date
    Mar 2003
    Posts
    11
    [QUOTE] Originally posted here by MK19
    [B]The militery is still running Windows 98 in some places. The technology may be state of the art in the militery but its still using Vietnam equipment. I am in a Signal Bn and we are using at least 30 year old stuff. [QUOTE]

    As of 1 OCT 03 all Windows 98 machines were required to be gone from Military installations. 31 Dec 03 required all Win NT machines to be off the network only exceptions were for Win NT Server. That was a DA Directive I hope you still do not have them running on the network where you are.

  6. #16
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    The chinese were so paranoid that the US was going to trojan its software that it created its own linux distro, I think its called red flag linux. I think foriegn goverments have a rite to be concerned about buying software, there was an incident that is said to have brought the cold war to a close where the US goverment teamed up with a manufacturer selling the company incharge of the trans siberian oil pipe line chips containing a trojan (not in the sense of subsevern and that sort of thing) that caused the oil pipe line to explode.

    A week ago before I started reading a book about shellcode, I would of argued that linux is good as you can assess the code and patch it (of course this works from both persectives), but now having read about things such as executing code on the stack and things, I think windows fundementally looks more secure...Looks being the key word.

    im sure opensource is deployed in military applications, I sure as hell dont think GCHQ is running windows 95, on its HPC's

    i2c

  7. #17
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    ohh yea...The thing is I believe if these things are properly auditted before there entrance into an operational world then thats surely a good thing, if goverments are just relying on the software being closed source as a protect then thats a grave error, i know the Uk goverment has a team that tests and audits called CESG, im sure the NSA do similar in the states..

    Nihil definatly seems the most informed to comment on this topic

    i2c

  8. #18
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Incidentally... nokia I really wouldn't hold up british army procurement as a model for something being good at the moment (not saying 2k isn't good mind ).... they spend money like water on some things
    The SA80 was designed in 58, if memory serves me correctly. How long ago was it issued? In 87 i was still using the SLR. In 82/83 i forget now, i shot at bisley in the combined serves championships, vickers had a caravan there showing off there gear. The sales rep told me "The army have been trialing this (SA80) for 10 years, this is going to be the weapon you use in the future", basicaly, he said so much money has been spent on this, there is no way the MOD will not bye it!!

    As for open close/source debate. We will all be back to waving flags to communicate once a few nukes have been slung. Due to EMP.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #19
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    A couple things.....

    1) The whole 'secret squirrel' thing doesn't really work very well in real security. Just like encryption algorithms can't
    realistically be declared secure by their authors without massive independent peer review, the same is true of any software product. To compare Linux to a totally closed and obscure OS is like comparing DES against some algorithm that you and some of your freinds came up with last week. You can say it is more secure, but it really isn't until a whole bunch of people smarter than you have tried to break it and finally agree with you.

    2) Remember what specifically we are talking about when we say 'Linux'. Most remote and local exploits for linux
    are for optional services and software, not Linux proper (i.e. ther kernel). To judge Linux on the security of these packages makes as much sense as saying that Windows™ is unsecure because of all the exploits for ICQ, or because Kazaa is spyware. As to building secure systems, It should be relatively easy to construct a Linux system with just the bare essentials for it's task, thus mitigating risk, and making it more secure.

    3) I see a lot of scoffing about open source not possibly being able to be secure enough for U.S. governement/Military use. To this all I can say is....

    Only one remote hole in the default install, in more than 8 years! --- OpenBSD!

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •