China blocks foreign software use in gov't

CNET ^ | August 18 2003 | CNETAsia Staff

[dennisw]

Yet another sign that M$ is not the only one who can make great operating systems--->

http://www.freerepublic.com/focus/f-news/966273/posts
OS X, code-named Jaguar, and the recently announced successor called Panther are rock-solid Unix at the core, with Apple's elegant user interface on top.

[Golden Eagle]

I could care less...

Unfortunatley, we're probably not going to agree on much then, if you care less about the destruction of America's most profitable company (yes, double the profits of IBM this last quarter), and instead wish that success to "a loosely-knit group of hackers from accross the net" (kernel.org). Sorry, but some of us are trying to protect America, not tear her apart and give her riches away to the rest of the world.

[Golden Eagle]

OS X, code-named Jaguar, and the recently announced successor called Panther are rock-solid Unix at the core, with Apple's elegant user interface on top.

Don't forget you won't be able to sell that to China anymore, since Linux has officially taken over there (which is the basis of this very thread).

[Bush2000]

Yet another sign that M$ is not the only one who can make great operating systems--->

Funny you should mention that, dennis, because China has just crossed it off the list of products that they refuse to buy.

[dennisw]

Apple OS X and Red Flag Linux are additional proof that operating systems are becoming commodities. That's why M$ is in the gold mining business these days. Trying to mine the maximum out of pre-existing corporate accounts via very nasty pricing schemes. You M$ monkeys have nothing useful, new and original to sell, only your loyal corporate customers to exploit and ream out during a recession.

[Golden Eagle]

Apple OS X and Red Flag Linux are additional proof that operating systems are becoming commodities...

I'm afraid you have no idea what you're talking about. OSX is hardly a commodity when it requiures Apple hardware to run (or at least to be legal). Red Flag Linux? Boast of it if you wish.

[Liberal Classic]

Well, than the Lord we live in a free country where we can choose what computer software is right for us.

[Liberal Classic]

Because it's an American product, versus your foreign conceived and maintained Linux.

I have told you number of times that Linux is a Western World creation. Linux was written by Europeans and Americans, not the Chinese, not the Soviets, not the Cubans. Sheesh! The things some people will say out of fear and hatred.

[Liberal Classic]

And if you cared to read the rebutts of thread, you would see the the constant attempts by the Linux crowd to infer that it is somehow an endorsement by the NSA of Linux is simply incorrect.

Not an endorsement of Linux? Shirley, you jest. :)

From the Security Enhanced Linux page from the National Security Agency:

As part of its Information Assurance mission, the National Security Agency (NSA) has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from the NSA's Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.

The results of several previous research projects in this area have been incorporated in a security-enhanced Linux system. This version of Linux has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.

Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security.

This work is not intended as a complete security solution for Linux. Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux. The focus of this work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The release includes a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

There is still much work needed to develop a complete security solution. In addition, due to resource limitations, we have not yet been able to evaluate and optimize the performance of the security mechanisms. Currently, we can only support the x86 architecture and have only been able to test it on Red Hat distributions. Nonetheless, we feel we have presented a good starting point to bring valuable security features to Linux. We are looking forward to building upon this work with the Linux community.

Security-enhanced Linux is being released under the same terms and conditions as the original sources. The release includes documentation and source code for both the system and some system utilities that were modified to make use of the new features. Participation with comments, constructive criticism, and/or improvements is welcome.

Golden Eagle, I'm not trying to rub your nose in anything at all. I am just trying to demonstrate that you're dislike of Linux is evident in your post but it is unwarranted and unjustified. Linux is just a computer operating system. It is just a tool! Like any tool, it can be misused.

I posted this whole thing to avoid having it taken out of context. If you think Linux is such a security risk, you are welcome to contact the White House, the Department of Defense, and the National Security Agency to tell them they're in bed with the Communist Chinese! Do you think that Congress should step in, and outlaw the use of Linux? Would this be an appropriate response to the Chinese? While you're at it, cough up the dough to port FreeRepublic to ASP. :)

[Cronos]

Most likely govts will move away from Windows and on to Linux. It's a better OS and much cheaper.

[adam_az]

It takes 1,000 sailors “just to get a ship moving,” Williamson said. Microsoft software could let the ship’s crew know when there’s a pending failure in a ship’s engineering system, for example, he said.

A few years ago a naval ship, the USS Yorktown (http://www.gcn.com/archives/gcn/1998/july13/cov2.htm), had to be towed back to port (more than once) after it experienced a Windows NT 4 crash. I'm not a "windows hater," or whatever, I've been developing for, deploying, and hardening Windows servers going back to NT 3.51. Those are three good reasons I think Windows 2000 is not up to this task. You'd think they could use a nice, non-bloated RTOS for the job... A general purpose OS is just too big to be adequately tested. There are lots of good, well tested RTOS designed for embedded applications, such as QNX and many others.

http://www.interesting-people.org/archives/interesting-people/199807/msg00056.html

"We are putting equipment in the engine room that we cannot maintain and, when it fails, results in a critical failure," DiGiorgio said. It took two days of pierside maintenance to fix the problem.

The Yorktown has been towed into port after other systems failures, he said.

http://www.theregister.co.uk/content/archive/11929.html
But there's a funny coincidence too. The CVN 77 is being built by Newport News Shipbuilding Inc., and that name may be familiar to you. Yes, that's right, a little while back Bill Gates invested in... Newport News Shipbuilding Inc. He holds an eight per cent stake. Newport News Shipbuilding is one of only two companies in the US which are capable of building nuclear submarines, and has built ten of the last 12 aircraft carriers commissioned by the US navy. It'll launch the USS Ronald Reagan (again, no kidding) next year, and it seems horribly possible the thing will run Win2k (with SP2?).

http://www.gcn.com/vol1_no1/daily-updates/1308-1.html

FEB. 11—The Navy’s No. 2 civilian official yesterday launched a surprise attack on Microsoft Corp., threatening to take the service’s business elsewhere if the company does not improve its products.

“I’m going to Microsoft at the end of this month to say to [chief executive officer] Steve Ballmer, ‘You talk about how you create a business group process system, but I’ll tell you [that] you don’t come close to giving us what we need,’ ” undersecretary of the Navy Jerry MacArthur Hultin said. He spoke at the Armed Forces Communications and Electronics Association’s West 2000 conference in San Diego.

Hultin oversees how the Navy’s 674,000 active duty and reserve forces and 215,000 civilians spend the service’s $88 billion annual budget. He said that he intends to tell Ballmer that “we are your biggest customer and either change, or I’ll tell and encourage the Navy and Marine Corps to look someplace else for services.”

There are shareware products that have better groupware features than those of Microsoft products, he said, drawing applause from the audience.

Do you think Windows is a mature technology to use for this purpose? I don't.

[adam_az]

Barking up the wrong tree - you probably meant to respond to the guy I was responding to, not me.

[adam_az]

Still waiting for your response to this one. :)

[GOP_1900AD]

The point is, ALL of the software payloads that companies like Dell, HPQ, IBM, Sun et all are shipping will be banned. This goes well beyond Windows. It's huge.

[Golden Eagle]

LC - I didn't take anything out of context, it says quite simply "Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux."

Concerning your other quesitons, yes, it is my quest to protect the US software industry (all of them, even Oracle who I have a hate hate relationship with) from "free" software which could potentially wreck our industry. Will Congress act? Maybe if the courts don't.

[Golden Eagle]

You mean THIS Jerry MacArthur Hultin?

President Clinton today announced his intent to nominate Jerry MacArthur Hultin to be Under Secretary of the Navy.

http://clinton6.nara.gov/1997/09/1997-09-16-jerry-macarthur-hultin-named-under-secretary-of-the-navy.html

[Golden Eagle]

The point is, ALL of the software payloads that companies like Dell, HPQ, IBM, Sun et all are shipping will be banned. This goes well beyond Windows. It's huge.

Absolutely agreed.

[Liberal Classic]

Golden Eagle, you said quote ``...constant attempts by the Linux crowd to infer that it is somehow an endorsement by the NSA of Linux is simply incorrect.''

With all due respect I would say that:

Linux was chosen as the platform for the work because of its growing success and open development environment. Linux provides an excellent opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. A Linux platform also offers an excellent opportunity for this work to receive the widest possible review and perhaps provide the foundation for additional security research by others.

...constitutes if not an endorsement, certian evidence of Linux's legitimacy and utility. No one says that Linux has no flaws or that ndows is the only operating system with flaws. They used Linux because it suited the needs of several of their research projects, was widely available, well know, and as such a good vehicle for distributing their security model -- a model I might add that in theory could be programmed into Windows.

[Golden Eagle]

...constitutes if not an endorsement, certian evidence of Linux's legitimacy and utility.

Liberal Classic you are correct, and thank you for so respectfully pointing that out. My normal objection to the NSA Link being used is that the user typically is trying to claim that the NSA version of Linux is 'airtight' secure, which I would imagine you agree that is not the intent of their work.

I will however agree with your point that they have certainly invested into researching it, and are proclaiming that additional research is a positive endeavor, and that's it's nature as a 'souce open' product makes it ideal for classroom type experimentation.

However unfortunately, I am of the belief that publishing the government works publically of an organiztoin such as the NSA in a source open environment exposes much of our government reasearch and processes to potentially confrontational advesaries. They are not entitled to this data. This is actually a leftover of the same policies at the DOE from the Clinton administration, where all doors are flung open for anyone wanting to rob the IP bank.