Indian Military Organization To Develop Its Own OS 466
An anonymous reader writes "Several newspapers have reported that DRDO (the defence R&D organization of the Indian military) is planning to create an OS. The need for this arose due to the cyber security concerns facing India and that all [conventional] operating systems are made outside India. About 50 professionals in Bangalore and New Delhi are expected to start work on this operating system." At least one of the linked articles says the new OS, though home-grown, would run Windows software.
Not the best track record (Score:5, Interesting)
offtopic but hilarious (Score:4, Interesting)
A buddy of mine just revealed some news to me. He's been reliable about this shit in the past and he's in a position to know, so I trust it but YMMV.
Backstory: Microsoft eats their own cooking ("dogfood") except in cases of epic failure. Like Hotmail running on NT. Or Visual Safe Source for Windows's RCS. They use a heavily modified version of perforce and a hierarchy of repositories. Yeah, it's a mess and there are a number of technical as well as human/social problems.
Well, multiple groups within Microsoft have had enough and switched to git for day-to-day work (using a gateway to push their changes to an upstream p4 repo). They're trying hard to drop 4 entirely and go with git. From what I know of their development practices, they really need something like git (Linus, himself, agrees). But who's going to tell Balmer that they're switching to software written by arch-enemy Linus Torvaldes? You might think they'd prefer that (we're using your free software, faggots!), but chances are VSS 2011 will contain some sort of half-assed distributed RCS support.
Re:Why against this? (Score:4, Interesting)
I would have great interest in an OS that can run windows binaries without all the windows-shit.
Then maybe you can join the ReactOS [reactos.org] team. If you're really interested, you might be allowed to become the project leader.
Mod parent up. (Score:3, Interesting)
Seriously, if you think your people are good enough to write a SECURE operating system from the ground up, then shouldn't they be good enough to take existing code and determine whether that is secure enough for them?
Even Linux for that matter. The NSA has already done some of the work with SE Linux.
Re:Oh For Chrissakes (Score:5, Interesting)
I find it amusing that some people think that a nation's defense research organisation, which helps build ICBMs, supersonic aircraft, tactical software and so on, needs advice from someone who reading slashdot on how to write an operating system.
Well, in the US -- I don't know about the Indian military -- the same defense establishment that operates those ICBMs etc. also mostly runs Windows. Which is a pretty clear indication that they do need help, and the Slashdot crowd would probably be a good place to get it.
This is at least partly personal experience talking. When I was a medic in the USAF, one of my secondary duties was "computer systems security NCO" for the ER where I worked. Which mainly meant light sysadmin duties, trying to keep machines patched and virus-free with absolutely zero support from the actual hospital IT staff, and debunking "I LOVE YOU virus" warnings and similar bouts of hysteria that Col. So-and-so forwarded to everyone's e-mail ("it must be true, the Colonel said it!") Actual security was a joke.
Re:I hope they name it CURRY (Score:4, Interesting)
Yep, but Haskell came first, and has broader name recognition (and so I thought it made the joke best). And Haskell apparently some real-world uses, which means it must have gotten a LOT better since I first beta-tested it, back when it was compiled into Common Lisp.
Huge fan of it, actually. I don't get to work in it but my coding style was heavily influenced by the things I learned coding in Haskell. My main fondness: by the time you got the damn thing to compile, the program would generally work. Aggravating at the time, but it made me really respect how much work the compiler could do in spotting bugs if your language is REALLY bondage-and-discipline strong typing.
The LP features of Curry won't endear it to anybody who didn't already grok Haskell, but they're certainly a neat addition, and a lot more than syntactic sugar.
The ARE expecting security through obscurity (Score:4, Interesting)
'Though it will be a real-time system with Windows software, source code and architecture will be proprietary, giving us the exclusivity of owning a system unknown to foreign elements and protect our security system,' Saraswat said after unveiling a training facility at the Centre for Artificial Intelligence and Robotics (CAIR), a defence lab in this tech hub.
Classic first timer mistake.
No mention of capability based security either.
At best they end up with a bad clone of Windows or Linux.
Re:Oh For Chrissakes (Score:2, Interesting)
Joking aside, flyboy. 2Axxx scum here, and we ran console apps cobbled together over win2K and NT4 on our classified shit. Kinda scary, eh? At least we had the mighty STU-3. [wikipedia.org]
signed, -- Terrudiger Abercrombie
Re:Who can be trusted? (Score:5, Interesting)
While this is a valid point, it really doesn't take into account the fact it takes a long time to develop a mature, reliable, secure OS. OpenBSD has been at it for more than a decade and still has issues, and some of the finest minds in security work on that, and they started with a relatively secure code base to begin with.
If you're writing your own OS from scratch, you can expect 20-30 years before it will be more secure and reliable than existing OS's (and those OS's won't be staying still so they will mature in that timeframe as well). And that's if you have experts working on it. If you're going to copy an existing OS, then what's the point?
Now, I can understand that a country wants to encourage OS development, and is willing to sponsor a defense project to build an OS, with the expectation it may take 20-30 years.. but it should really stay hidden and not publicised like this, otherwise the people start wondering "Hey, why don't we have this OS yet?" and then you end up pushing it into production long before it's ready.
The sad part is, India has a huge problem with brain drain. A large percentage of the top computer scientists relocate to EU countries, or the US. Only the truly patriotic or mediocre or worse candidates stay home, or perhaps those with some kind of community ties...
However, if India became seriouis about building a world class research program, it might encourage top talent to stay in India. I can see that as another benefit of such a program.
So i guess my point is, there are a lot of reasons why this is a good idea, but sadly.. I doubt that those reasons are the reasons they're doing it.
Re:Oh please, these people can't even do a CGI (Score:5, Interesting)
At the start you have the experts and they have people that need training but they pretend to be experts. After having contact with your experts for a while they vanish to work on higher priority projects and you are suddenly in contact with a new lot of people that really need training. In the end you are milked dry with nothing to show for it other than what is obviously some first attempts in whatever environment you have. Your project doesn't matter, the technology transfer and your cash are what the outsourcing company is aiming for. It's very similar to the long running project German rocket scientists were put on in the USSR that never got anywhere but trained a lot of staff for the real rocket program.
Re:"Trusting trust" attack can be countered using (Score:1, Interesting)
You're talking about the trusting trust attack, which was made famous by Ken Thompson [bell-labs.com].
It is not showing figure 1, I was really interested why it looks like.
Re:Who can be trusted? (Score:2, Interesting)
Re:offtopic but hilarious (Score:3, Interesting)
From what I know of their development practices, they really need something like git (Linus, himself, agrees). But who's going to tell Balmer that they're switching to software written by arch-enemy Linus Torvaldes? You might think they'd prefer that (we're using your free software, faggots!), but chances are VSS 2011 will contain some sort of half-assed distributed RCS support.
From http://lwn.net/Articles/403903/ [lwn.net] :
Microsoft's CodePlex.com has announced the donation of $25,000 to support the development of the Mercurial source code management system.
Looks like they've found what they're looking for.
Re:"Trusting trust" attack can be countered using (Score:1, Interesting)
You're talking about the trusting trust attack, which was made famous by Ken Thompson [bell-labs.com].
There are lot of figures missing in this article. figure 1( On stage 1), figure 3 and 7 (Stage 3), is there anywhere I could find them, just trying to follow the article
Already an open source alternative to windows (Score:3, Interesting)
It's called reactOS. It's basically windows (it's NT architecture based), but free. Quite frankly, I don't know why Linux has gotten so much attention in comparison to reactOS. The thing is, it's still a under-funded garage-project. If you could get 50 Indians and a good budget to help them out, I'm pretty sure that it would be better than starting from scratch.
Here's the link if you're interested:
http://www.reactos.org/en/index.html [reactos.org]
Re:Mod parent up. (Score:3, Interesting)
Whilst it's written with C, you might as well be trying to repair a roof with swiss cheese.
Whatever language you write an operating system in will have to have the same "dangerous" facilities as C, pointer access, type casting, etc. Remember without an OS you cannot have safe managed code - you need to be able to implement things like page table mappings, page protection, interrupt processing, etc. Basically you are not going to get around the fact that writing operating systems is hard
Arguably in this environment C is safer than C++ because of its simplicity. Now that said, a lot of the utilities around the core OS could be written in safer languages.
Re:Mod parent up. (Score:2, Interesting)
In other words: I did claim that *NIX has always been perfect. I am simply saying they got their shit together a lot better, faster and more thoroughly than the Windows world.
You claimed it, but have provided no citation. There is in fact very little reason to believe that "they got their shit together" .. the evidence, which I gave one citation of, indicates only that the preferred target is now windows .. that *nix is protected by obscurity, not security.